From no-reply at appveyor.com Tue Nov 1 00:43:29 2016 From: no-reply at appveyor.com (AppVeyor) Date: Tue, 01 Nov 2016 00:43:29 +0000 Subject: [openssl-commits] Build completed: openssl OpenSSL_1_0_2-stable.6080 Message-ID: <20161101004328.3685.32466.1B51C49E@appveyor.com> An HTML attachment was scrubbed... URL: From builds at travis-ci.org Tue Nov 1 00:21:41 2016 From: builds at travis-ci.org (Travis CI) Date: Tue, 01 Nov 2016 00:21:41 +0000 Subject: [openssl-commits] Errored: openssl/openssl#6730 (master - ca1574c) In-Reply-To: Message-ID: <5817e01786840_33f9f44c985b01434251@fba90f69-21dc-49cd-b19a-e666f968e060.mail> Build Update for openssl/openssl ------------------------------------- Build: #6730 Status: Errored Duration: 58 minutes and 19 seconds Commit: ca1574c (master) Author: Rich Salz Message: Disable MDC2 by default. Reviewed-by: Tim Hudson Reviewed-by: Matt Caswell View the changeset: https://github.com/openssl/openssl/compare/be1f4812111a...ca1574cec205 View the full build log and details: https://travis-ci.org/openssl/openssl/builds/172078916 -- You can configure recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications -------------- next part -------------- An HTML attachment was scrubbed... URL: From builds at travis-ci.org Tue Nov 1 12:45:03 2016 From: builds at travis-ci.org (Travis CI) Date: Tue, 01 Nov 2016 12:45:03 +0000 Subject: [openssl-commits] Passed: FdaSilvaYY/openssl#2265 (style_n_nit's - e64d94b) In-Reply-To: Message-ID: <58188e4e8f8ab_33fc70418e45c4459a8@8091d62c-0133-44b6-9f00-e68807a6f934.mail> Build Update for FdaSilvaYY/openssl ------------------------------------- Build: #2265 Status: Passed Duration: 40 minutes and 20 seconds Commit: e64d94b (style_n_nit's) Author: FdaSilvaYY Message: Fix some style and indent issue View the changeset: https://github.com/FdaSilvaYY/openssl/compare/fd4799cbcf90...e64d94bc9dff View the full build log and details: https://travis-ci.org/FdaSilvaYY/openssl/builds/172261411 -- You can configure recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications -------------- next part -------------- An HTML attachment was scrubbed... URL: From rsalz at openssl.org Tue Nov 1 14:43:08 2016 From: rsalz at openssl.org (Rich Salz) Date: Tue, 01 Nov 2016 14:43:08 +0000 Subject: [openssl-commits] [openssl] master update Message-ID: <1478011388.151115.22193.nullmailer@dev.openssl.org> The branch master has been updated via 42e22c7c4f16d647fc586264c1cd30a18801e3d0 (commit) from f46661de7806b5bae507d17185bda2bafd6c20d8 (commit) - Log ----------------------------------------------------------------- commit 42e22c7c4f16d647fc586264c1cd30a18801e3d0 Author: Rich Salz Date: Tue Nov 1 10:28:16 2016 -0400 Revert "Disable MDC2 by default." This reverts commit ca1574cec20589885000d039eed3a9375fb29a0d. Not suitabled for a minor release as it breaks the ABI. Reviewed-by: Richard Levitte ----------------------------------------------------------------------- Summary of changes: .travis.yml | 8 ++++---- CHANGES | 3 +-- Configure | 1 - INSTALL | 4 ++-- 4 files changed, 7 insertions(+), 9 deletions(-) diff --git a/.travis.yml b/.travis.yml index 6336a6f..d044309 100644 --- a/.travis.yml +++ b/.travis.yml @@ -28,7 +28,7 @@ compiler: env: - CONFIG_OPTS="" DESTDIR="_install" - - CONFIG_OPTS="--debug no-shared enable-crypto-mdebug enable-rc5 enable-md2 enable-mdc2" + - CONFIG_OPTS="--debug no-shared enable-crypto-mdebug enable-rc5 enable-md2" - CONFIG_OPTS="no-pic --strict-warnings" BUILDONLY="yes" - CONFIG_OPTS="no-engine no-shared --strict-warnings" BUILDONLY="yes" - CONFIG_OPTS="no-stdio --strict-warnings" BUILDONLY="yes" @@ -37,7 +37,7 @@ matrix: include: - os: linux compiler: gcc - env: CONFIG_OPTS="--debug --coverage no-asm enable-rc5 enable-md2 enable-mdc2 enable-ec_nistp_64_gcc_128 enable-ssl3 enable-ssl3-method enable-nextprotoneg enable-weak-ssl-ciphers" COVERALLS="yes" + env: CONFIG_OPTS="--debug --coverage no-asm enable-rc5 enable-md2 enable-ec_nistp_64_gcc_128 enable-ssl3 enable-ssl3-method enable-nextprotoneg enable-weak-ssl-ciphers" COVERALLS="yes" - os: linux compiler: clang-3.6 env: CONFIG_OPTS="enable-msan" @@ -46,10 +46,10 @@ matrix: env: CONFIG_OPTS="no-asm enable-ubsan enable-rc5 enable-md2 enable-ssl3 enable-ssl3-method enable-nextprotoneg -fno-sanitize=alignment" - os: linux compiler: clang-3.6 - env: CONFIG_OPTS="no-asm enable-asan enable-rc5 enable-md2 enable-mdc2" + env: CONFIG_OPTS="no-asm enable-asan enable-rc5 enable-md2" - os: linux compiler: gcc-5 - env: CONFIG_OPTS="no-asm enable-ubsan enable-rc5 enable-md2 enable-mdc2 -DPEDANTIC" + env: CONFIG_OPTS="no-asm enable-ubsan enable-rc5 enable-md2 -DPEDANTIC" - os: linux compiler: i686-w64-mingw32-gcc env: CONFIG_OPTS="no-stdio" BUILDONLY="yes" diff --git a/CHANGES b/CHANGES index 17d444f..dfff36f 100644 --- a/CHANGES +++ b/CHANGES @@ -4,8 +4,7 @@ Changes between 1.1.0a and 1.1.1 [xx XXX xxxx] - *) MDC2 is now disabled by default. - [Rich Salz] + *) *) 'openssl passwd' can now produce SHA256 and SHA512 based output, using the algorithm defined in diff --git a/Configure b/Configure index 7eb1769..2da2a1a 100755 --- a/Configure +++ b/Configure @@ -433,7 +433,6 @@ our %disabled = ( # "what" => "comment" "fuzz-afl" => "default", "heartbeats" => "default", "md2" => "default", - "mdc2" => "default", "msan" => "default", "rc5" => "default", "sctp" => "default", diff --git a/INSTALL b/INSTALL index 2fd80d8..44b3a1c 100644 --- a/INSTALL +++ b/INSTALL @@ -474,12 +474,12 @@ enable- Build with support for the specified algorithm, where - is one of: md2, mdc2, or rc5. + is one of: md2 or rc5. no- Build without support for the specified algorithm, where is one of: bf, blake2, camellia, cast, chacha, cmac, - des, dh, dsa, ecdh, ecdsa, idea, md4, ocb, poly1305, + des, dh, dsa, ecdh, ecdsa, idea, md4, mdc2, ocb, poly1305, rc2, rc4, rmd160, scrypt, seed or whirlpool. The "ripemd" algorithm is deprecated and if used is synonymous with rmd160. From builds at travis-ci.org Tue Nov 1 15:02:59 2016 From: builds at travis-ci.org (Travis CI) Date: Tue, 01 Nov 2016 15:02:59 +0000 Subject: [openssl-commits] Passed: ekasper/openssl#48 (0073-test-check-semi - 0cbadd0) In-Reply-To: Message-ID: <5818aea390f16_33fe982689efc5910fb@9470764e-860a-4e25-8257-f381a4cef6c6.mail> Build Update for ekasper/openssl ------------------------------------- Build: #48 Status: Passed Duration: 45 minutes and 41 seconds Commit: 0cbadd0 (0073-test-check-semi) Author: Emilia Kasper Message: TEST_check macro: don't end with semi View the changeset: https://github.com/ekasper/openssl/compare/a3a0b4105709^...0cbadd0ec63f View the full build log and details: https://travis-ci.org/ekasper/openssl/builds/172298848 -- You can configure recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications -------------- next part -------------- An HTML attachment was scrubbed... URL: From rsalz at openssl.org Tue Nov 1 16:36:23 2016 From: rsalz at openssl.org (Rich Salz) Date: Tue, 01 Nov 2016 16:36:23 +0000 Subject: [openssl-commits] [openssl] master update Message-ID: <1478018183.650591.5013.nullmailer@dev.openssl.org> The branch master has been updated via e4d94269a5a41594852dc60716500580f1d47cef (commit) from 42e22c7c4f16d647fc586264c1cd30a18801e3d0 (commit) - Log ----------------------------------------------------------------- commit e4d94269a5a41594852dc60716500580f1d47cef Author: Benjamin Kaduk Date: Mon Sep 26 15:30:42 2016 -0500 Fix grammar-o in CONTRIBUTING Reviewed-by: Richard Levitte Reviewed-by: Matt Caswell Reviewed-by: Rich Salz (Merged from https://github.com/openssl/openssl/pull/1625) ----------------------------------------------------------------------- Summary of changes: CONTRIBUTING | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/CONTRIBUTING b/CONTRIBUTING index eb17609..1eebaf3 100644 --- a/CONTRIBUTING +++ b/CONTRIBUTING @@ -1,4 +1,4 @@ -HOW TO CONTRIBUTE TO PATCHES OpenSSL +HOW TO CONTRIBUTE PATCHES TO OpenSSL ------------------------------------ (Please visit https://www.openssl.org/community/getting-started.html for From rsalz at openssl.org Tue Nov 1 16:36:46 2016 From: rsalz at openssl.org (Rich Salz) Date: Tue, 01 Nov 2016 16:36:46 +0000 Subject: [openssl-commits] [openssl] OpenSSL_1_1_0-stable update Message-ID: <1478018206.472703.5812.nullmailer@dev.openssl.org> The branch OpenSSL_1_1_0-stable has been updated via dd365d3685d47095ea16193342dbc805bcd5fef0 (commit) from 32ee80362c2e79ca47b02bd2cd4f22259bf66798 (commit) - Log ----------------------------------------------------------------- commit dd365d3685d47095ea16193342dbc805bcd5fef0 Author: Benjamin Kaduk Date: Mon Sep 26 15:30:42 2016 -0500 Fix grammar-o in CONTRIBUTING Reviewed-by: Richard Levitte Reviewed-by: Matt Caswell Reviewed-by: Rich Salz (Merged from https://github.com/openssl/openssl/pull/1625) (cherry picked from commit e4d94269a5a41594852dc60716500580f1d47cef) ----------------------------------------------------------------------- Summary of changes: CONTRIBUTING | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/CONTRIBUTING b/CONTRIBUTING index eb17609..1eebaf3 100644 --- a/CONTRIBUTING +++ b/CONTRIBUTING @@ -1,4 +1,4 @@ -HOW TO CONTRIBUTE TO PATCHES OpenSSL +HOW TO CONTRIBUTE PATCHES TO OpenSSL ------------------------------------ (Please visit https://www.openssl.org/community/getting-started.html for From rsalz at openssl.org Tue Nov 1 16:36:56 2016 From: rsalz at openssl.org (Rich Salz) Date: Tue, 01 Nov 2016 16:36:56 +0000 Subject: [openssl-commits] [openssl] OpenSSL_1_0_2-stable update Message-ID: <1478018216.025141.6509.nullmailer@dev.openssl.org> The branch OpenSSL_1_0_2-stable has been updated via e0223754740307fe1dae291120c9071aa52897f2 (commit) from 787b2dcc2fec8fa5b5c91c64dd06da850e9ea347 (commit) - Log ----------------------------------------------------------------- commit e0223754740307fe1dae291120c9071aa52897f2 Author: Benjamin Kaduk Date: Mon Sep 26 15:30:42 2016 -0500 Fix grammar-o in CONTRIBUTING Reviewed-by: Richard Levitte Reviewed-by: Matt Caswell Reviewed-by: Rich Salz (Merged from https://github.com/openssl/openssl/pull/1625) (cherry picked from commit e4d94269a5a41594852dc60716500580f1d47cef) ----------------------------------------------------------------------- Summary of changes: CONTRIBUTING | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/CONTRIBUTING b/CONTRIBUTING index 7cc3850..f734d77 100644 --- a/CONTRIBUTING +++ b/CONTRIBUTING @@ -1,4 +1,4 @@ -HOW TO CONTRIBUTE TO PATCHES OpenSSL +HOW TO CONTRIBUTE PATCHES TO OpenSSL ------------------------------------ (Please visit https://www.openssl.org/community/getting-started.html for From rsalz at openssl.org Tue Nov 1 16:37:05 2016 From: rsalz at openssl.org (Rich Salz) Date: Tue, 01 Nov 2016 16:37:05 +0000 Subject: [openssl-commits] [openssl] OpenSSL_1_0_1-stable update Message-ID: <1478018225.612727.7246.nullmailer@dev.openssl.org> The branch OpenSSL_1_0_1-stable has been updated via 649fdbd278c03d943410d35e991fc716e29469fb (commit) from a100602d58b0a2cfba1c0419470e637bb5fd227d (commit) - Log ----------------------------------------------------------------- commit 649fdbd278c03d943410d35e991fc716e29469fb Author: Benjamin Kaduk Date: Mon Sep 26 15:30:42 2016 -0500 Fix grammar-o in CONTRIBUTING Reviewed-by: Richard Levitte Reviewed-by: Matt Caswell Reviewed-by: Rich Salz (Merged from https://github.com/openssl/openssl/pull/1625) (cherry picked from commit e4d94269a5a41594852dc60716500580f1d47cef) ----------------------------------------------------------------------- Summary of changes: CONTRIBUTING | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/CONTRIBUTING b/CONTRIBUTING index 7cc3850..f734d77 100644 --- a/CONTRIBUTING +++ b/CONTRIBUTING @@ -1,4 +1,4 @@ -HOW TO CONTRIBUTE TO PATCHES OpenSSL +HOW TO CONTRIBUTE PATCHES TO OpenSSL ------------------------------------ (Please visit https://www.openssl.org/community/getting-started.html for From kurt at openssl.org Tue Nov 1 18:26:03 2016 From: kurt at openssl.org (Kurt Roeckx) Date: Tue, 01 Nov 2016 18:26:03 +0000 Subject: [openssl-commits] [openssl] master update Message-ID: <1478024763.828316.9545.nullmailer@dev.openssl.org> The branch master has been updated via ba7407002d899b614d4728da9004594f947ff3da (commit) from e4d94269a5a41594852dc60716500580f1d47cef (commit) - Log ----------------------------------------------------------------- commit ba7407002d899b614d4728da9004594f947ff3da Author: Mike Aizatsky Date: Wed Oct 26 13:56:39 2016 -0700 [fuzzers] do not fail fuzzers with empty input Reviewed-by: Kurt Roeckx Reviewed-by: Rich Salz GH: #1788 ----------------------------------------------------------------------- Summary of changes: fuzz/cms.c | 6 +++++- fuzz/server.c | 12 +++++++++--- 2 files changed, 14 insertions(+), 4 deletions(-) diff --git a/fuzz/cms.c b/fuzz/cms.c index f97173a..94390e7 100644 --- a/fuzz/cms.c +++ b/fuzz/cms.c @@ -22,8 +22,12 @@ int FuzzerInitialize(int *argc, char ***argv) { int FuzzerTestOneInput(const uint8_t *buf, size_t len) { CMS_ContentInfo *i; - BIO *in = BIO_new(BIO_s_mem()); + BIO *in; + if (!len) { + return 0; + } + in = BIO_new(BIO_s_mem()); OPENSSL_assert((size_t)BIO_write(in, buf, len) == len); i = d2i_CMS_bio(in, NULL); CMS_ContentInfo_free(i); diff --git a/fuzz/server.c b/fuzz/server.c index 0076306..35449d8 100644 --- a/fuzz/server.c +++ b/fuzz/server.c @@ -217,6 +217,12 @@ int FuzzerInitialize(int *argc, char ***argv) { } int FuzzerTestOneInput(const uint8_t *buf, size_t len) { + SSL *server; + BIO *in; + BIO *out; + if (!len) { + return 0; + } /* TODO: make this work for OpenSSL. There's a PREDICT define that may do * the job. * TODO: use the ossltest engine (optionally?) to disable crypto checks. @@ -224,9 +230,9 @@ int FuzzerTestOneInput(const uint8_t *buf, size_t len) { */ /* This only fuzzes the initial flow from the client so far. */ - SSL *server = SSL_new(ctx); - BIO *in = BIO_new(BIO_s_mem()); - BIO *out = BIO_new(BIO_s_mem()); + server = SSL_new(ctx); + in = BIO_new(BIO_s_mem()); + out = BIO_new(BIO_s_mem()); SSL_set_bio(server, in, out); SSL_set_accept_state(server); OPENSSL_assert((size_t)BIO_write(in, buf, len) == len); From rsalz at openssl.org Tue Nov 1 19:44:01 2016 From: rsalz at openssl.org (Rich Salz) Date: Tue, 01 Nov 2016 19:44:01 +0000 Subject: [openssl-commits] [openssl] master update Message-ID: <1478029441.658740.3356.nullmailer@dev.openssl.org> The branch master has been updated via b50052dbe822271c9d7b2559a38a127fca87e4ab (commit) from ba7407002d899b614d4728da9004594f947ff3da (commit) - Log ----------------------------------------------------------------- commit b50052dbe822271c9d7b2559a38a127fca87e4ab Author: Todd Short Date: Tue Mar 31 16:20:03 2015 -0400 Add SSL_CTX_set1_cert_store() For convenience, combine getting a new ref for the new SSL_CTX with assigning the store and freeing the old one. Reviewed-by: Matt Caswell Reviewed-by: Rich Salz (Merged from https://github.com/openssl/openssl/pull/1755) ----------------------------------------------------------------------- Summary of changes: doc/man3/SSL_CTX_set_cert_store.pod | 18 +++++++++++++++++- doc/man7/ssl.pod | 2 ++ include/openssl/ssl.h | 1 + ssl/ssl_lib.c | 7 +++++++ util/libssl.num | 1 + 5 files changed, 28 insertions(+), 1 deletion(-) diff --git a/doc/man3/SSL_CTX_set_cert_store.pod b/doc/man3/SSL_CTX_set_cert_store.pod index 7f7a794..28e855f 100644 --- a/doc/man3/SSL_CTX_set_cert_store.pod +++ b/doc/man3/SSL_CTX_set_cert_store.pod @@ -2,13 +2,14 @@ =head1 NAME -SSL_CTX_set_cert_store, SSL_CTX_get_cert_store - manipulate X509 certificate verification storage +SSL_CTX_set_cert_store, SSL_CTX_set1_cert_store, SSL_CTX_get_cert_store - manipulate X509 certificate verification storage =head1 SYNOPSIS #include void SSL_CTX_set_cert_store(SSL_CTX *ctx, X509_STORE *store); + void SSL_CTX_set1_cert_store(SSL_CTX *ctx, X509_STORE *store); X509_STORE *SSL_CTX_get_cert_store(const SSL_CTX *ctx); =head1 DESCRIPTION @@ -17,6 +18,10 @@ SSL_CTX_set_cert_store() sets/replaces the certificate verification storage of B to/with B. If another X509_STORE object is currently set in B, it will be X509_STORE_free()ed. +SSL_CTX_set1_cert_store() sets/replaces the certificate verification storage +of B to/with B. The B's reference count is incremented. +If another X509_STORE object is currently set in B, it will be X509_STORE_free()ed. + SSL_CTX_get_cert_store() returns a pointer to the current certificate verification storage. @@ -42,6 +47,15 @@ L family of functions. This document must therefore be updated when documentation about the X509_STORE object and its handling becomes available. +SSL_CTX_set_cert_store() does not increment the B's reference +count, so it should not be used to assign an X509_STORE that is owned +by another SSL_CTX. + +To share X509_STOREs between two SSL_CTXs, use SSL_CTX_get_cert_store() +to get the X509_STORE from the first SSL_CTX, and then use +SSL_CTX_set1_cert_store() to assign to the second SSL_CTX and +increment the reference count of the X509_STORE. + =head1 RESTRICTIONS The X509_STORE structure used by an SSL_CTX is used for verifying peer @@ -53,6 +67,8 @@ functions such as SSL_CTX_set1_verify_cert_store() instead. SSL_CTX_set_cert_store() does not return diagnostic output. +SSL_CTX_set1_cert_store() does not return diagnostic output. + SSL_CTX_get_cert_store() returns the current setting. =head1 SEE ALSO diff --git a/doc/man7/ssl.pod b/doc/man7/ssl.pod index b67edbc..ce163f4 100644 --- a/doc/man7/ssl.pod +++ b/doc/man7/ssl.pod @@ -320,6 +320,8 @@ protocol context defined in the B structure. =item void B(SSL_CTX *ctx, X509_STORE *cs); +=item void B(SSL_CTX *ctx, X509_STORE *cs); + =item void B(SSL_CTX *ctx, int (*cb)(), char *arg) =item int B(SSL_CTX *ctx, char *str); diff --git a/include/openssl/ssl.h b/include/openssl/ssl.h index 7e626e0..20013db 100644 --- a/include/openssl/ssl.h +++ b/include/openssl/ssl.h @@ -1308,6 +1308,7 @@ __owur long SSL_CTX_set_timeout(SSL_CTX *ctx, long t); __owur long SSL_CTX_get_timeout(const SSL_CTX *ctx); __owur X509_STORE *SSL_CTX_get_cert_store(const SSL_CTX *); void SSL_CTX_set_cert_store(SSL_CTX *, X509_STORE *); +void SSL_CTX_set1_cert_store(SSL_CTX *, X509_STORE *); __owur int SSL_want(const SSL *s); __owur int SSL_clear(SSL *s); diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c index bd0fbf8..8bf872b 100644 --- a/ssl/ssl_lib.c +++ b/ssl/ssl_lib.c @@ -3553,6 +3553,13 @@ void SSL_CTX_set_cert_store(SSL_CTX *ctx, X509_STORE *store) ctx->cert_store = store; } +void SSL_CTX_set1_cert_store(SSL_CTX *ctx, X509_STORE *store) +{ + if (store != NULL) + X509_STORE_up_ref(store); + SSL_CTX_set_cert_store(ctx, store); +} + int SSL_want(const SSL *s) { return (s->rwstate); diff --git a/util/libssl.num b/util/libssl.num index 200629f..7e00479 100644 --- a/util/libssl.num +++ b/util/libssl.num @@ -403,3 +403,4 @@ SSL_dane_clear_flags 403 1_1_0 EXIST::FUNCTION: SSL_SESSION_get0_cipher 404 1_1_0 EXIST::FUNCTION: SSL_SESSION_get0_id_context 405 1_1_0 EXIST::FUNCTION: SSL_SESSION_set1_id 406 1_1_0 EXIST::FUNCTION: +SSL_CTX_set1_cert_store 407 1_1_1 EXIST::FUNCTION: From levitte at openssl.org Wed Nov 2 00:59:07 2016 From: levitte at openssl.org (Richard Levitte) Date: Wed, 02 Nov 2016 00:59:07 +0000 Subject: [openssl-commits] [openssl] master update Message-ID: <1478048347.191140.1012.nullmailer@dev.openssl.org> The branch master has been updated via 5e28b1c1e048eef600dc49820934a5e1531186d4 (commit) from b50052dbe822271c9d7b2559a38a127fca87e4ab (commit) - Log ----------------------------------------------------------------- commit 5e28b1c1e048eef600dc49820934a5e1531186d4 Author: Richard Levitte Date: Wed Nov 2 00:09:03 2016 +0100 Secure our notification email. Forks will have to define their own Reviewed-by: Rich Salz (Merged from https://github.com/openssl/openssl/pull/1821) ----------------------------------------------------------------------- Summary of changes: .travis.yml | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/.travis.yml b/.travis.yml index d044309..235e309 100644 --- a/.travis.yml +++ b/.travis.yml @@ -127,5 +127,4 @@ after_success: notifications: email: - - openssl-commits at openssl.org - + secure: "xeGNgWO7aoaDgRvcZubposqMsj36aU8c6F0oHfw+rUqltCQ14IgYCUwzocmR2O+Pa7B3Cx5VjMfBFHbQaajZsfod8vu7g+aGq/zkjwbhsr/SR4dljJjFJXLGZjIalm9KgP6KInmVDuINfCqP+MHIY5lZkNI7DMcyHDhVc5nSKvCXV7xTDNgmstvh8rB/z51WfHDqGqfBtiuK5FDNxmvYK8OFJ5W94Lu9LDlizcxwK3GAj7arOui7Z5w8bQ6p4seUE3IvJL1Zbj0pZHxvNb6Zeb2Pn8QF1qLlN8YmBktD4aiw0ce4wYRiL87uLgcOxZY7SVXtv2XYFIYWapU/FKjCqa6vK93V/H9eZWEIYNMKnN3wXm2beqVdnKek3OeGJ8v0y7MbSfuLfRtBqbTSNYnpU1Zuo4MQAvHvEPuwCAYkYQajOSRplMH5sULFKptuVqNtOMfjL8jHb8AEoL1acYIk43ydxeYrzzas4fqgCDJ52573/u0RNdF1lkQBLkuM365OB8VRqtpnoxcdEIY/qBc/8TzZ24fxyrs5qdHFcxGSgpN2EP6cJMqpvkemnCNSdhxUqfzm22N7a3O8+4LFSBGOnHto/PwdsvF/01yGYL0LoZTnoO1i6x7AMJPBh+eyDU0ZjGhj/msjmqeb9C8vRqQ+1WjHrIS1iqCD0Czib8tUPD4=" From levitte at openssl.org Wed Nov 2 01:03:00 2016 From: levitte at openssl.org (Richard Levitte) Date: Wed, 02 Nov 2016 01:03:00 +0000 Subject: [openssl-commits] [openssl] OpenSSL_1_0_2-stable update Message-ID: <1478048580.586929.10426.nullmailer@dev.openssl.org> The branch OpenSSL_1_0_2-stable has been updated via ba2bf831c0f0b3468acbd433957f4c46c20cf43d (commit) from e0223754740307fe1dae291120c9071aa52897f2 (commit) - Log ----------------------------------------------------------------- commit ba2bf831c0f0b3468acbd433957f4c46c20cf43d Author: Richard Levitte Date: Wed Nov 2 00:09:03 2016 +0100 Secure our notification email. Forks will have to define their own Reviewed-by: Rich Salz (Merged from https://github.com/openssl/openssl/pull/1821) (cherry picked from commit 5e28b1c1e048eef600dc49820934a5e1531186d4) ----------------------------------------------------------------------- Summary of changes: .travis.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.travis.yml b/.travis.yml index c46716b..995e517 100644 --- a/.travis.yml +++ b/.travis.yml @@ -57,4 +57,4 @@ script: notifications: email: - - openssl-commits at openssl.org + secure: "xeGNgWO7aoaDgRvcZubposqMsj36aU8c6F0oHfw+rUqltCQ14IgYCUwzocmR2O+Pa7B3Cx5VjMfBFHbQaajZsfod8vu7g+aGq/zkjwbhsr/SR4dljJjFJXLGZjIalm9KgP6KInmVDuINfCqP+MHIY5lZkNI7DMcyHDhVc5nSKvCXV7xTDNgmstvh8rB/z51WfHDqGqfBtiuK5FDNxmvYK8OFJ5W94Lu9LDlizcxwK3GAj7arOui7Z5w8bQ6p4seUE3IvJL1Zbj0pZHxvNb6Zeb2Pn8QF1qLlN8YmBktD4aiw0ce4wYRiL87uLgcOxZY7SVXtv2XYFIYWapU/FKjCqa6vK93V/H9eZWEIYNMKnN3wXm2beqVdnKek3OeGJ8v0y7MbSfuLfRtBqbTSNYnpU1Zuo4MQAvHvEPuwCAYkYQajOSRplMH5sULFKptuVqNtOMfjL8jHb8AEoL1acYIk43ydxeYrzzas4fqgCDJ52573/u0RNdF1lkQBLkuM365OB8VRqtpnoxcdEIY/qBc/8TzZ24fxyrs5qdHFcxGSgpN2EP6cJMqpvkemnCNSdhxUqfzm22N7a3O8+4LFSBGOnHto/PwdsvF/01yGYL0LoZTnoO1i6x7AMJPBh+eyDU0ZjGhj/msjmqeb9C8vRqQ+1WjHrIS1iqCD0Czib8tUPD4=" From levitte at openssl.org Wed Nov 2 01:03:05 2016 From: levitte at openssl.org (Richard Levitte) Date: Wed, 02 Nov 2016 01:03:05 +0000 Subject: [openssl-commits] [openssl] OpenSSL_1_1_0-stable update Message-ID: <1478048585.187469.11061.nullmailer@dev.openssl.org> The branch OpenSSL_1_1_0-stable has been updated via a95a0219a887611ad8e246e33c086255df771072 (commit) from dd365d3685d47095ea16193342dbc805bcd5fef0 (commit) - Log ----------------------------------------------------------------- commit a95a0219a887611ad8e246e33c086255df771072 Author: Richard Levitte Date: Wed Nov 2 00:09:03 2016 +0100 Secure our notification email. Forks will have to define their own Reviewed-by: Rich Salz (Merged from https://github.com/openssl/openssl/pull/1821) (cherry picked from commit 5e28b1c1e048eef600dc49820934a5e1531186d4) ----------------------------------------------------------------------- Summary of changes: .travis.yml | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/.travis.yml b/.travis.yml index f15ca6b..be03abc 100644 --- a/.travis.yml +++ b/.travis.yml @@ -134,5 +134,4 @@ after_success: notifications: email: - - openssl-commits at openssl.org - + secure: "xeGNgWO7aoaDgRvcZubposqMsj36aU8c6F0oHfw+rUqltCQ14IgYCUwzocmR2O+Pa7B3Cx5VjMfBFHbQaajZsfod8vu7g+aGq/zkjwbhsr/SR4dljJjFJXLGZjIalm9KgP6KInmVDuINfCqP+MHIY5lZkNI7DMcyHDhVc5nSKvCXV7xTDNgmstvh8rB/z51WfHDqGqfBtiuK5FDNxmvYK8OFJ5W94Lu9LDlizcxwK3GAj7arOui7Z5w8bQ6p4seUE3IvJL1Zbj0pZHxvNb6Zeb2Pn8QF1qLlN8YmBktD4aiw0ce4wYRiL87uLgcOxZY7SVXtv2XYFIYWapU/FKjCqa6vK93V/H9eZWEIYNMKnN3wXm2beqVdnKek3OeGJ8v0y7MbSfuLfRtBqbTSNYnpU1Zuo4MQAvHvEPuwCAYkYQajOSRplMH5sULFKptuVqNtOMfjL8jHb8AEoL1acYIk43ydxeYrzzas4fqgCDJ52573/u0RNdF1lkQBLkuM365OB8VRqtpnoxcdEIY/qBc/8TzZ24fxyrs5qdHFcxGSgpN2EP6cJMqpvkemnCNSdhxUqfzm22N7a3O8+4LFSBGOnHto/PwdsvF/01yGYL0LoZTnoO1i6x7AMJPBh+eyDU0ZjGhj/msjmqeb9C8vRqQ+1WjHrIS1iqCD0Czib8tUPD4=" From levitte at openssl.org Wed Nov 2 01:04:25 2016 From: levitte at openssl.org (Richard Levitte) Date: Wed, 02 Nov 2016 01:04:25 +0000 Subject: [openssl-commits] [openssl] OpenSSL_1_0_1-stable update Message-ID: <1478048665.985824.12426.nullmailer@dev.openssl.org> The branch OpenSSL_1_0_1-stable has been updated via 9fca473bf23f50a9fc940cd16c3edf69e753ea75 (commit) from 649fdbd278c03d943410d35e991fc716e29469fb (commit) - Log ----------------------------------------------------------------- commit 9fca473bf23f50a9fc940cd16c3edf69e753ea75 Author: Richard Levitte Date: Wed Nov 2 00:09:03 2016 +0100 Secure our notification email. Forks will have to define their own Reviewed-by: Rich Salz (Merged from https://github.com/openssl/openssl/pull/1821) (cherry picked from commit 5e28b1c1e048eef600dc49820934a5e1531186d4) ----------------------------------------------------------------------- Summary of changes: .travis.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.travis.yml b/.travis.yml index ad05909..828627a 100644 --- a/.travis.yml +++ b/.travis.yml @@ -54,7 +54,7 @@ script: notifications: recipient: - - openssl-commits at openssl.org + secure: "xeGNgWO7aoaDgRvcZubposqMsj36aU8c6F0oHfw+rUqltCQ14IgYCUwzocmR2O+Pa7B3Cx5VjMfBFHbQaajZsfod8vu7g+aGq/zkjwbhsr/SR4dljJjFJXLGZjIalm9KgP6KInmVDuINfCqP+MHIY5lZkNI7DMcyHDhVc5nSKvCXV7xTDNgmstvh8rB/z51WfHDqGqfBtiuK5FDNxmvYK8OFJ5W94Lu9LDlizcxwK3GAj7arOui7Z5w8bQ6p4seUE3IvJL1Zbj0pZHxvNb6Zeb2Pn8QF1qLlN8YmBktD4aiw0ce4wYRiL87uLgcOxZY7SVXtv2XYFIYWapU/FKjCqa6vK93V/H9eZWEIYNMKnN3wXm2beqVdnKek3OeGJ8v0y7MbSfuLfRtBqbTSNYnpU1Zuo4MQAvHvEPuwCAYkYQajOSRplMH5sULFKptuVqNtOMfjL8jHb8AEoL1acYIk43ydxeYrzzas4fqgCDJ52573/u0RNdF1lkQBLkuM365OB8VRqtpnoxcdEIY/qBc/8TzZ24fxyrs5qdHFcxGSgpN2EP6cJMqpvkemnCNSdhxUqfzm22N7a3O8+4LFSBGOnHto/PwdsvF/01yGYL0LoZTnoO1i6x7AMJPBh+eyDU0ZjGhj/msjmqeb9C8vRqQ+1WjHrIS1iqCD0Czib8tUPD4=" email: on_success: change on_failure: always From emilia at openssl.org Wed Nov 2 10:34:51 2016 From: emilia at openssl.org (Emilia Kasper) Date: Wed, 02 Nov 2016 10:34:51 +0000 Subject: [openssl-commits] [openssl] master update Message-ID: <1478082891.220323.31161.nullmailer@dev.openssl.org> The branch master has been updated via ffd3d0ef34aac46c06379cc50d38c5c0324c3d4c (commit) from 5e28b1c1e048eef600dc49820934a5e1531186d4 (commit) - Log ----------------------------------------------------------------- commit ffd3d0ef34aac46c06379cc50d38c5c0324c3d4c Author: Emilia Kasper Date: Tue Nov 1 15:12:32 2016 +0100 TEST_check macro: don't end with semi Reviewed-by: Rich Salz ----------------------------------------------------------------------- Summary of changes: test/testutil.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/test/testutil.h b/test/testutil.h index 14b7b09..68d202a 100644 --- a/test/testutil.h +++ b/test/testutil.h @@ -108,4 +108,4 @@ int strings_equal(const char *desc, const char *s1, const char *s2); ERR_print_errors_fp(stderr); \ OPENSSL_assert(!#condition); \ } \ - } while (0); + } while (0) From matt at openssl.org Wed Nov 2 13:10:42 2016 From: matt at openssl.org (Matt Caswell) Date: Wed, 02 Nov 2016 13:10:42 +0000 Subject: [openssl-commits] [openssl] master update Message-ID: <1478092242.504250.7657.nullmailer@dev.openssl.org> The branch master has been updated via 2abacef13ab19b842a9217d6c464b4001980c0f6 (commit) via 84a68336581b7d25fefe693bf92b5b3751f4b5f6 (commit) via 0ced42e050e602dc9d5fea36250ab8335f8ab156 (commit) via 582a17d662d123eafbb70c9eaaa140a2559b7cdb (commit) from ffd3d0ef34aac46c06379cc50d38c5c0324c3d4c (commit) - Log ----------------------------------------------------------------- commit 2abacef13ab19b842a9217d6c464b4001980c0f6 Author: Matt Caswell Date: Mon Oct 31 10:00:45 2016 +0000 Convert a big "if" into a "switch" Reviewed-by: Rich Salz commit 84a68336581b7d25fefe693bf92b5b3751f4b5f6 Author: Matt Caswell Date: Sun Oct 30 08:38:52 2016 +0000 Update Configure to know about tls1_3 Also we disable TLS1.3 by default (use enable-tls1_3 to re-enable). This is because this is a WIP and will not be interoperable with any other TLS1.3 implementation. Finally, we fix some tests that started failing when TLS1.3 was disabled by default. Reviewed-by: Rich Salz commit 0ced42e050e602dc9d5fea36250ab8335f8ab156 Author: Matt Caswell Date: Wed Nov 2 11:52:22 2016 +0000 Use ciphersuite id when matching if we've got one When matching a ciphersuite if we are given an id, make sure we use it otherwise we will match another ciphersuite which is identical except for the TLS version. Reviewed-by: Rich Salz commit 582a17d662d123eafbb70c9eaaa140a2559b7cdb Author: Matt Caswell Date: Fri Oct 21 17:39:33 2016 +0100 Add the SSL_METHOD for TLSv1.3 and all other base changes required Includes addition of the various options to s_server/s_client. Also adds one of the new TLS1.3 ciphersuites. This isn't "real" TLS1.3!! It's identical to TLS1.2 apart from the protocol and the ciphersuite...and the ciphersuite is just a renamed TLS1.2 one (not a "real" TLS1.3 ciphersuite). Reviewed-by: Rich Salz ----------------------------------------------------------------------- Summary of changes: Configure | 6 +- INSTALL | 6 + apps/apps.h | 6 +- apps/ciphers.c | 8 + apps/s_cb.c | 2 + apps/s_client.c | 11 +- apps/s_server.c | 11 +- doc/man1/ciphers.pod | 6 + doc/man1/s_client.pod | 4 +- doc/man1/s_server.pod | 6 +- doc/man3/SSL_CONF_cmd.pod | 11 +- doc/man3/SSL_CTX_new.pod | 12 +- doc/man3/SSL_CTX_set_min_proto_version.pod | 4 +- doc/man3/SSL_CTX_set_options.pod | 4 +- include/openssl/ssl.h | 3 +- include/openssl/tls1.h | 13 +- ssl/methods.c | 18 + ssl/s3_lib.c | 15 + ssl/ssl_ciph.c | 2 + ssl/ssl_conf.c | 4 + ssl/ssl_lib.c | 31 +- ssl/ssl_locl.h | 4 + ssl/ssl_sess.c | 3 + ssl/statem/statem_lib.c | 9 +- ssl/t1_lib.c | 20 + ssl/t1_trce.c | 2 + test/cipherlist_test.c | 6 +- test/recipes/80-test_ssl_new.t | 3 +- test/recipes/80-test_ssl_old.t | 30 +- test/ssl-tests/02-protocol-version.conf | 11143 ++++++++++++++++++++++++--- test/ssl-tests/13-fragmentation.conf | 6 + test/ssl-tests/13-fragmentation.conf.in | 6 + test/ssl-tests/14-curves.conf | 29 + test/ssl-tests/14-curves.conf.in | 4 +- test/ssl-tests/protocol_version.pm | 27 +- test/ssl_test_ctx.c | 1 + test/ssltest_old.c | 24 +- util/TLSProxy/Proxy.pm | 4 +- 38 files changed, 10238 insertions(+), 1266 deletions(-) diff --git a/Configure b/Configure index 2da2a1a..958ac5c 100755 --- a/Configure +++ b/Configure @@ -318,7 +318,7 @@ $config{sdirs} = [ ]; # Known TLS and DTLS protocols -my @tls = qw(ssl3 tls1 tls1_1 tls1_2); +my @tls = qw(ssl3 tls1 tls1_1 tls1_2 tls1_3); my @dtls = qw(dtls1 dtls1_2); # Explicitly known options that are possible to disable. They can @@ -440,6 +440,8 @@ our %disabled = ( # "what" => "comment" "ssl3" => "default", "ssl3-method" => "default", "ubsan" => "default", + #TODO(TLS1.3): Temporarily disabled while this is a WIP + "tls1_3" => "default", "unit-test" => "default", "weak-ssl-ciphers" => "default", "zlib" => "default", @@ -476,7 +478,7 @@ my @disable_cascades = ( sub { $disabled{rsa} && ($disabled{dsa} || $disabled{dh}) && ($disabled{ecdsa} || $disabled{ecdh}); } - => [ "tls1", "tls1_1", "tls1_2", + => [ "tls1", "tls1_1", "tls1_2", "tls1_3", "dtls1", "dtls1_2" ], "tls" => [ @tls ], diff --git a/INSTALL b/INSTALL index 44b3a1c..a393225 100644 --- a/INSTALL +++ b/INSTALL @@ -457,6 +457,12 @@ specific configuration, e.g. "-m32" to build x86 code on an x64 system. + enable-tls1_3 + TODO(TLS1.3): Make this enabled by default + Build support for TLS1.3. Note: This is a WIP feature and + does not currently interoperate with other TLS1.3 + implementations! Use with caution!! + no- Don't build support for negotiating the specified SSL/TLS protocol (one of ssl, ssl3, tls, tls1, tls1_1, tls1_2, dtls, diff --git a/apps/apps.h b/apps/apps.h index 9dc4737..d9f7c08 100644 --- a/apps/apps.h +++ b/apps/apps.h @@ -210,7 +210,7 @@ int set_cert_times(X509 *x, const char *startdate, const char *enddate, # define OPT_S_ENUM \ OPT_S__FIRST=3000, \ OPT_S_NOSSL3, OPT_S_NOTLS1, OPT_S_NOTLS1_1, OPT_S_NOTLS1_2, \ - OPT_S_BUGS, OPT_S_NO_COMP, OPT_S_NOTICKET, \ + OPT_S_NOTLS1_3, OPT_S_BUGS, OPT_S_NO_COMP, OPT_S_NOTICKET, \ OPT_S_SERVERPREF, OPT_S_LEGACYRENEG, OPT_S_LEGACYCONN, \ OPT_S_ONRESUMP, OPT_S_NOLEGACYCONN, OPT_S_STRICT, OPT_S_SIGALGS, \ OPT_S_CLIENTSIGALGS, OPT_S_CURVES, OPT_S_NAMEDCURVE, OPT_S_CIPHER, \ @@ -222,6 +222,7 @@ int set_cert_times(X509 *x, const char *startdate, const char *enddate, {"no_tls1", OPT_S_NOTLS1, '-', "Just disable TLSv1"}, \ {"no_tls1_1", OPT_S_NOTLS1_1, '-', "Just disable TLSv1.1" }, \ {"no_tls1_2", OPT_S_NOTLS1_2, '-', "Just disable TLSv1.2"}, \ + {"no_tls1_3", OPT_S_NOTLS1_3, '-', "Just disable TLSv1.3"}, \ {"bugs", OPT_S_BUGS, '-', "Turn on SSL bug compatibility"}, \ {"no_comp", OPT_S_NO_COMP, '-', "Disable SSL/TLS compression (default)" }, \ {"comp", OPT_S_COMP, '-', "Use SSL/TLS-level compression" }, \ @@ -259,6 +260,7 @@ int set_cert_times(X509 *x, const char *startdate, const char *enddate, case OPT_S_NOTLS1: \ case OPT_S_NOTLS1_1: \ case OPT_S_NOTLS1_2: \ + case OPT_S_NOTLS1_3: \ case OPT_S_BUGS: \ case OPT_S_NO_COMP: \ case OPT_S_COMP: \ @@ -279,7 +281,7 @@ int set_cert_times(X509 *x, const char *startdate, const char *enddate, #define IS_NO_PROT_FLAG(o) \ (o == OPT_S_NOSSL3 || o == OPT_S_NOTLS1 || o == OPT_S_NOTLS1_1 \ - || o == OPT_S_NOTLS1_2) + || o == OPT_S_NOTLS1_2 || o == OPT_S_NOTLS1_3) /* * Option parsing. diff --git a/apps/ciphers.c b/apps/ciphers.c index 7b99757..531bf8d 100644 --- a/apps/ciphers.c +++ b/apps/ciphers.c @@ -21,6 +21,7 @@ typedef enum OPTION_choice { OPT_TLS1, OPT_TLS1_1, OPT_TLS1_2, + OPT_TLS1_3, OPT_PSK, OPT_SRP, OPT_V, OPT_UPPER_V, OPT_S @@ -43,6 +44,9 @@ const OPTIONS ciphers_options[] = { #ifndef OPENSSL_NO_TLS1_2 {"tls1_2", OPT_TLS1_2, '-', "TLS1.2 mode"}, #endif +#ifndef OPENSSL_NO_TLS1_3 + {"tls1_3", OPT_TLS1_3, '-', "TLS1.3 mode"}, +#endif #ifndef OPENSSL_NO_SSL_TRACE {"stdname", OPT_STDNAME, '-', "Show standard cipher names"}, #endif @@ -135,6 +139,10 @@ int ciphers_main(int argc, char **argv) min_version = TLS1_2_VERSION; max_version = TLS1_2_VERSION; break; + case OPT_TLS1_3: + min_version = TLS1_3_VERSION; + max_version = TLS1_3_VERSION; + break; case OPT_PSK: #ifndef OPENSSL_NO_PSK psk = 1; diff --git a/apps/s_cb.c b/apps/s_cb.c index 9535f12..c37b9a1 100644 --- a/apps/s_cb.c +++ b/apps/s_cb.c @@ -453,6 +453,7 @@ static STRINT_PAIR ssl_versions[] = { {"TLS 1.0", TLS1_VERSION}, {"TLS 1.1", TLS1_1_VERSION}, {"TLS 1.2", TLS1_2_VERSION}, + {"TLS 1.3", TLS1_3_VERSION}, {"DTLS 1.0", DTLS1_VERSION}, {"DTLS 1.0 (bad)", DTLS1_BAD_VER}, {NULL} @@ -522,6 +523,7 @@ void msg_cb(int write_p, int version, int content_type, const void *buf, version == TLS1_VERSION || version == TLS1_1_VERSION || version == TLS1_2_VERSION || + version == TLS1_3_VERSION || version == DTLS1_VERSION || version == DTLS1_BAD_VER) { switch (content_type) { case 20: diff --git a/apps/s_client.c b/apps/s_client.c index 55803e9..a407303 100644 --- a/apps/s_client.c +++ b/apps/s_client.c @@ -539,7 +539,7 @@ typedef enum OPTION_choice { OPT_SRP_MOREGROUPS, #endif OPT_SSL3, OPT_SSL_CONFIG, - OPT_TLS1_2, OPT_TLS1_1, OPT_TLS1, OPT_DTLS, OPT_DTLS1, + OPT_TLS1_3, OPT_TLS1_2, OPT_TLS1_1, OPT_TLS1, OPT_DTLS, OPT_DTLS1, OPT_DTLS1_2, OPT_TIMEOUT, OPT_MTU, OPT_KEYFORM, OPT_PASS, OPT_CERT_CHAIN, OPT_CAPATH, OPT_NOCAPATH, OPT_CHAINCAPATH, OPT_VERIFYCAPATH, @@ -680,6 +680,9 @@ const OPTIONS s_client_options[] = { #ifndef OPENSSL_NO_TLS1_2 {"tls1_2", OPT_TLS1_2, '-', "Just use TLSv1.2"}, #endif +#ifndef OPENSSL_NO_TLS1_3 + {"tls1_3", OPT_TLS1_3, '-', "Just use TLSv1.3"}, +#endif #ifndef OPENSSL_NO_DTLS {"dtls", OPT_DTLS, '-', "Use any version of DTLS"}, {"timeout", OPT_TIMEOUT, '-', @@ -762,7 +765,7 @@ static const OPT_PAIR services[] = { #define IS_PROT_FLAG(o) \ (o == OPT_SSL3 || o == OPT_TLS1 || o == OPT_TLS1_1 || o == OPT_TLS1_2 \ - || o == OPT_DTLS || o == OPT_DTLS1 || o == OPT_DTLS1_2) + || o == OPT_TLS1_3 || o == OPT_DTLS || o == OPT_DTLS1 || o == OPT_DTLS1_2) /* Free |*dest| and optionally set it to a copy of |source|. */ static void freeandcopy(char **dest, const char *source) @@ -1156,6 +1159,10 @@ int s_client_main(int argc, char **argv) min_version = SSL3_VERSION; max_version = SSL3_VERSION; break; + case OPT_TLS1_3: + min_version = TLS1_3_VERSION; + max_version = TLS1_3_VERSION; + break; case OPT_TLS1_2: min_version = TLS1_2_VERSION; max_version = TLS1_2_VERSION; diff --git a/apps/s_server.c b/apps/s_server.c index d32b9df..24841c5 100644 --- a/apps/s_server.c +++ b/apps/s_server.c @@ -669,7 +669,7 @@ typedef enum OPTION_choice { OPT_NO_RESUME_EPHEMERAL, OPT_PSK_HINT, OPT_PSK, OPT_SRPVFILE, OPT_SRPUSERSEED, OPT_REV, OPT_WWW, OPT_UPPER_WWW, OPT_HTTP, OPT_ASYNC, OPT_SSL_CONFIG, OPT_SPLIT_SEND_FRAG, OPT_MAX_PIPELINES, OPT_READ_BUF, - OPT_SSL3, OPT_TLS1_2, OPT_TLS1_1, OPT_TLS1, OPT_DTLS, OPT_DTLS1, + OPT_SSL3, OPT_TLS1_3, OPT_TLS1_2, OPT_TLS1_1, OPT_TLS1, OPT_DTLS, OPT_DTLS1, OPT_DTLS1_2, OPT_TIMEOUT, OPT_MTU, OPT_LISTEN, OPT_ID_PREFIX, OPT_RAND, OPT_SERVERNAME, OPT_SERVERNAME_FATAL, OPT_CERT2, OPT_KEY2, OPT_NEXTPROTONEG, OPT_ALPN, @@ -834,6 +834,9 @@ const OPTIONS s_server_options[] = { #ifndef OPENSSL_NO_TLS1_2 {"tls1_2", OPT_TLS1_2, '-', "just talk TLSv1.2"}, #endif +#ifndef OPENSSL_NO_TLS1_3 + {"tls1_3", OPT_TLS1_3, '-', "just talk TLSv1.3"}, +#endif #ifndef OPENSSL_NO_DTLS {"dtls", OPT_DTLS, '-', "Use any DTLS version"}, {"timeout", OPT_TIMEOUT, '-', "Enable timeouts"}, @@ -868,7 +871,7 @@ const OPTIONS s_server_options[] = { #define IS_PROT_FLAG(o) \ (o == OPT_SSL3 || o == OPT_TLS1 || o == OPT_TLS1_1 || o == OPT_TLS1_2 \ - || o == OPT_DTLS || o == OPT_DTLS1 || o == OPT_DTLS1_2) + || o == OPT_TLS1_3 || o == OPT_DTLS || o == OPT_DTLS1 || o == OPT_DTLS1_2) int s_server_main(int argc, char *argv[]) { @@ -1321,6 +1324,10 @@ int s_server_main(int argc, char *argv[]) min_version = SSL3_VERSION; max_version = SSL3_VERSION; break; + case OPT_TLS1_3: + min_version = TLS1_3_VERSION; + max_version = TLS1_3_VERSION; + break; case OPT_TLS1_2: min_version = TLS1_2_VERSION; max_version = TLS1_2_VERSION; diff --git a/doc/man1/ciphers.pod b/doc/man1/ciphers.pod index c392077..30f5721 100644 --- a/doc/man1/ciphers.pod +++ b/doc/man1/ciphers.pod @@ -15,6 +15,7 @@ B B [B<-tls1>] [B<-tls1_1>] [B<-tls1_2>] +[B<-tls1_3>] [B<-s>] [B<-psk>] [B<-srp>] @@ -69,6 +70,11 @@ L. Like B<-v>, but include the official cipher suite values in hex. +=item B<-tls1_3> + +In combination with the B<-s> option, list the ciphers which would be used if +TLSv1.3 were negotiated. + =item B<-tls1_2> In combination with the B<-s> option, list the ciphers which would be used if diff --git a/doc/man1/s_client.pod b/doc/man1/s_client.pod index 4a2a280..4f21ea4 100644 --- a/doc/man1/s_client.pod +++ b/doc/man1/s_client.pod @@ -68,10 +68,12 @@ B B [B<-tls1>] [B<-tls1_1>] [B<-tls1_2>] +[B<-tls1_3>] [B<-no_ssl3>] [B<-no_tls1>] [B<-no_tls1_1>] [B<-no_tls1_2>] +[B<-no_tls1_3>] [B<-dtls>] [B<-dtls1>] [B<-dtls1_2>] @@ -336,7 +338,7 @@ Use the PSK key B when using a PSK cipher suite. The key is given as a hexadecimal number without leading 0x, for example -psk 1a2b3c4d. -=item B<-ssl3>, B<-tls1>, B<-tls1_1>, B<-tls1_2>, B<-no_ssl3>, B<-no_tls1>, B<-no_tls1_1>, B<-no_tls1_2> +=item B<-ssl3>, B<-tls1>, B<-tls1_1>, B<-tls1_2>, B<-tls1_3>, B<-no_ssl3>, B<-no_tls1>, B<-no_tls1_1>, B<-no_tls1_2>, B<-no_tls1_3> These options require or disable the use of the specified SSL or TLS protocols. By default B will negotiate the highest mutually supported protocol diff --git a/doc/man1/s_server.pod b/doc/man1/s_server.pod index b0d7888..b6c5659 100644 --- a/doc/man1/s_server.pod +++ b/doc/man1/s_server.pod @@ -69,6 +69,9 @@ B B [B<-quiet>] [B<-ssl3>] [B<-tls1>] +[B<-tls1_1>] +[B<-tls1_2>] +[B<-tls1_3>] [B<-dtls>] [B<-dtls1>] [B<-dtls1_2>] @@ -81,6 +84,7 @@ B B [B<-no_tls1>] [B<-no_tls1_1>] [B<-no_tls1_2>] +[B<-no_tls1_3>] [B<-no_dhe>] [B<-bugs>] [B<-comp>] @@ -295,7 +299,7 @@ Use the PSK key B when using a PSK cipher suite. The key is given as a hexadecimal number without leading 0x, for example -psk 1a2b3c4d. -=item B<-ssl2>, B<-ssl3>, B<-tls1>, B<-tls1_1>, B<-tls1_2>, B<-no_ssl2>, B<-no_ssl3>, B<-no_tls1>, B<-no_tls1_1>, B<-no_tls1_2> +=item B<-ssl2>, B<-ssl3>, B<-tls1>, B<-tls1_1>, B<-tls1_2>, B<-tls1_3>, B<-no_ssl2>, B<-no_ssl3>, B<-no_tls1>, B<-no_tls1_1>, B<-no_tls1_2>, B<-no_tls1_3> These options require or disable the use of the specified SSL or TLS protocols. By default B will negotiate the highest mutually supported protocol diff --git a/doc/man3/SSL_CONF_cmd.pod b/doc/man3/SSL_CONF_cmd.pod index d8c0e9b..60b80d3 100644 --- a/doc/man3/SSL_CONF_cmd.pod +++ b/doc/man3/SSL_CONF_cmd.pod @@ -121,12 +121,13 @@ if specified. To restrict the supported protocol versions use these commands rather than the deprecated alternative commands below. -=item B<-no_ssl3>, B<-no_tls1>, B<-no_tls1_1>, B<-no_tls1_2> +=item B<-no_ssl3>, B<-no_tls1>, B<-no_tls1_1>, B<-no_tls1_2>, B<-no_tls1_3> -Disables protocol support for SSLv3, TLSv1.0, TLSv1.1 or TLSv1.2 by setting the -corresponding options B, B, B -and B respectively. -These options are deprecated, instead use B<-min_protocol> and B<-max_protocol>. +Disables protocol support for SSLv3, TLSv1.0, TLSv1.1, TLSv1.2 or TLSv1.3 by +setting the corresponding options B, B, +B, B and B +respectively. These options are deprecated, instead use B<-min_protocol> and +B<-max_protocol>. =item B<-bugs> diff --git a/doc/man3/SSL_CTX_new.pod b/doc/man3/SSL_CTX_new.pod index 29387d3..512fca8 100644 --- a/doc/man3/SSL_CTX_new.pod +++ b/doc/man3/SSL_CTX_new.pod @@ -156,12 +156,12 @@ and be able to negotiate with all possible clients, but to only allow newer protocols like TLS 1.0, TLS 1.1 or TLS 1.2. The list of protocols available can also be limited using the -B, B, B and -B options of the L or -L functions, but this approach is not recommended. -Clients should avoid creating "holes" in the set of protocols they support. -When disabling a protocol, make sure that you also disable either all previous -or all subsequent protocol versions. +B, B, B, +B and B options of the +L or L functions, but this approach +is not recommended. Clients should avoid creating "holes" in the set of +protocols they support. When disabling a protocol, make sure that you also +disable either all previous or all subsequent protocol versions. In clients, when a protocol version is disabled without disabling I previous protocol versions, the effect is to also disable all subsequent protocol versions. diff --git a/doc/man3/SSL_CTX_set_min_proto_version.pod b/doc/man3/SSL_CTX_set_min_proto_version.pod index 3e9fe80..5996d48 100644 --- a/doc/man3/SSL_CTX_set_min_proto_version.pod +++ b/doc/man3/SSL_CTX_set_min_proto_version.pod @@ -29,8 +29,8 @@ versions down to the lowest version, or up to the highest version supported by the library, respectively. Currently supported versions are B, B, -B, B for TLS and B, -B for DTLS. +B, B, B for TLS and +B, B for DTLS. =head1 RETURN VALUES diff --git a/doc/man3/SSL_CTX_set_options.pod b/doc/man3/SSL_CTX_set_options.pod index 63609f3..921c812 100644 --- a/doc/man3/SSL_CTX_set_options.pod +++ b/doc/man3/SSL_CTX_set_options.pod @@ -155,9 +155,9 @@ own preferences. =item SSL_OP_NO_SSLv3, SSL_OP_NO_TLSv1, SSL_OP_NO_TLSv1_1, -SSL_OP_NO_TLSv1_2, SSL_OP_NO_DTLSv1, SSL_OP_NO_DTLSv1_2 +SSL_OP_NO_TLSv1_2, SSL_OP_NO_TLSv1_3, SSL_OP_NO_DTLSv1, SSL_OP_NO_DTLSv1_2 -These options turn off the SSLv3, TLSv1, TLSv1.1 or TLSv1.2 protocol +These options turn off the SSLv3, TLSv1, TLSv1.1, TLSv1.2 or TLSv1.3 protocol versions with TLS or the DTLSv1, DTLSv1.2 versions with DTLS, respectively. As of OpenSSL 1.1.0, these options are deprecated, use diff --git a/include/openssl/ssl.h b/include/openssl/ssl.h index 20013db..f0aa306 100644 --- a/include/openssl/ssl.h +++ b/include/openssl/ssl.h @@ -343,12 +343,13 @@ typedef int (*custom_ext_parse_cb) (SSL *s, unsigned int ext_type, # define SSL_OP_NO_TLSv1 0x04000000U # define SSL_OP_NO_TLSv1_2 0x08000000U # define SSL_OP_NO_TLSv1_1 0x10000000U +# define SSL_OP_NO_TLSv1_3 0x20000000U # define SSL_OP_NO_DTLSv1 0x04000000U # define SSL_OP_NO_DTLSv1_2 0x08000000U # define SSL_OP_NO_SSL_MASK (SSL_OP_NO_SSLv3|\ - SSL_OP_NO_TLSv1|SSL_OP_NO_TLSv1_1|SSL_OP_NO_TLSv1_2) + SSL_OP_NO_TLSv1|SSL_OP_NO_TLSv1_1|SSL_OP_NO_TLSv1_2|SSL_OP_NO_TLSv1_3) # define SSL_OP_NO_DTLS_MASK (SSL_OP_NO_DTLSv1|SSL_OP_NO_DTLSv1_2) diff --git a/include/openssl/tls1.h b/include/openssl/tls1.h index 23e382c..3f7e749 100644 --- a/include/openssl/tls1.h +++ b/include/openssl/tls1.h @@ -65,7 +65,8 @@ extern "C" { # define TLS1_VERSION 0x0301 # define TLS1_1_VERSION 0x0302 # define TLS1_2_VERSION 0x0303 -# define TLS_MAX_VERSION TLS1_2_VERSION +# define TLS1_3_VERSION 0x0304 +# define TLS_MAX_VERSION TLS1_3_VERSION /* Special value for method supporting multiple versions */ # define TLS_ANY_VERSION 0x10000 @@ -599,6 +600,9 @@ SSL_CTX_callback_ctrl(ssl,SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB,(void (*)(void))cb) # define TLS1_CK_DHE_PSK_WITH_CHACHA20_POLY1305 0x0300CCAD # define TLS1_CK_RSA_PSK_WITH_CHACHA20_POLY1305 0x0300CCAE +/* TLS v1.3 ciphersuites */ +# define TLS1_3_CK_AES_128_GCM_SHA256 0x03000D01 + /* * XXX Backward compatibility alert: Older versions of OpenSSL gave some DHE * ciphers names with "EDH" instead of "DHE". Going forward, we should be @@ -868,6 +872,13 @@ SSL_CTX_callback_ctrl(ssl,SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB,(void (*)(void))cb) # define TLS1_TXT_DHE_PSK_WITH_CHACHA20_POLY1305 "DHE-PSK-CHACHA20-POLY1305" # define TLS1_TXT_RSA_PSK_WITH_CHACHA20_POLY1305 "RSA-PSK-CHACHA20-POLY1305" +/* TLSv1.3 ciphersuites */ +/* + * TODO(TLS1.3): Review the naming scheme for TLSv1.3 ciphers and also the + * cipherstring selection process for these ciphers + */ +# define TLS1_3_TXT_AES_128_GCM_SHA256 "TLS13-AES-128-GCM-SHA256" + # define TLS_CT_RSA_SIGN 1 # define TLS_CT_DSS_SIGN 2 # define TLS_CT_RSA_FIXED_DH 3 diff --git a/ssl/methods.c b/ssl/methods.c index c846143..f0926b7 100644 --- a/ssl/methods.c +++ b/ssl/methods.c @@ -19,6 +19,12 @@ IMPLEMENT_tls_meth_func(TLS_ANY_VERSION, 0, 0, TLS_method, ossl_statem_accept, ossl_statem_connect, TLSv1_2_enc_data) +#ifndef OPENSSL_NO_TLS1_3_METHOD +IMPLEMENT_tls_meth_func(TLS1_3_VERSION, 0, SSL_OP_NO_TLSv1_3, + tlsv1_3_method, + ossl_statem_accept, + ossl_statem_connect, TLSv1_3_enc_data) +#endif #ifndef OPENSSL_NO_TLS1_2_METHOD IMPLEMENT_tls_meth_func(TLS1_2_VERSION, 0, SSL_OP_NO_TLSv1_2, tlsv1_2_method, @@ -46,6 +52,12 @@ IMPLEMENT_tls_meth_func(TLS_ANY_VERSION, 0, 0, TLS_server_method, ossl_statem_accept, ssl_undefined_function, TLSv1_2_enc_data) +#ifndef OPENSSL_NO_TLS1_3_METHOD +IMPLEMENT_tls_meth_func(TLS1_3_VERSION, 0, SSL_OP_NO_TLSv1_3, + tlsv1_3_server_method, + ossl_statem_accept, + ssl_undefined_function, TLSv1_3_enc_data) +#endif #ifndef OPENSSL_NO_TLS1_2_METHOD IMPLEMENT_tls_meth_func(TLS1_2_VERSION, 0, SSL_OP_NO_TLSv1_2, tlsv1_2_server_method, @@ -75,6 +87,12 @@ IMPLEMENT_tls_meth_func(TLS_ANY_VERSION, 0, 0, TLS_client_method, ssl_undefined_function, ossl_statem_connect, TLSv1_2_enc_data) +#ifndef OPENSSL_NO_TLS1_3_METHOD +IMPLEMENT_tls_meth_func(TLS1_3_VERSION, 0, SSL_OP_NO_TLSv1_3, + tlsv1_3_client_method, + ssl_undefined_function, + ossl_statem_connect, TLSv1_3_enc_data) +#endif #ifndef OPENSSL_NO_TLS1_2_METHOD IMPLEMENT_tls_meth_func(TLS1_2_VERSION, 0, SSL_OP_NO_TLSv1_2, tlsv1_2_client_method, diff --git a/ssl/s3_lib.c b/ssl/s3_lib.c index d19b97a..ffdb454 100644 --- a/ssl/s3_lib.c +++ b/ssl/s3_lib.c @@ -834,6 +834,21 @@ static SSL_CIPHER ssl3_ciphers[] = { 256, 256, }, + { + 1, + TLS1_3_TXT_AES_128_GCM_SHA256, + TLS1_3_CK_AES_128_GCM_SHA256, + SSL_kRSA, + SSL_aRSA, + SSL_AES128GCM, + SSL_AEAD, + TLS1_3_VERSION, TLS1_3_VERSION, + 0, 0, + SSL_HIGH, + SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, + 128, + 128, + }, #ifndef OPENSSL_NO_EC { diff --git a/ssl/ssl_ciph.c b/ssl/ssl_ciph.c index 0d46509..adccbfc 100644 --- a/ssl/ssl_ciph.c +++ b/ssl/ssl_ciph.c @@ -859,6 +859,8 @@ static void ssl_cipher_apply_rule(uint32_t cipher_id, uint32_t alg_mkey, cp->algorithm_enc, cp->algorithm_mac, cp->min_tls, cp->algo_strength); #endif + if (cipher_id != 0 && (cipher_id != cp->id)) + continue; if (alg_mkey && !(alg_mkey & cp->algorithm_mkey)) continue; if (alg_auth && !(alg_auth & cp->algorithm_auth)) diff --git a/ssl/ssl_conf.c b/ssl/ssl_conf.c index 3957946..63687b5 100644 --- a/ssl/ssl_conf.c +++ b/ssl/ssl_conf.c @@ -257,6 +257,7 @@ static int cmd_Protocol(SSL_CONF_CTX *cctx, const char *value) SSL_FLAG_TBL_INV("TLSv1", SSL_OP_NO_TLSv1), SSL_FLAG_TBL_INV("TLSv1.1", SSL_OP_NO_TLSv1_1), SSL_FLAG_TBL_INV("TLSv1.2", SSL_OP_NO_TLSv1_2), + SSL_FLAG_TBL_INV("TLSv1.3", SSL_OP_NO_TLSv1_3), SSL_FLAG_TBL_INV("DTLSv1", SSL_OP_NO_DTLSv1), SSL_FLAG_TBL_INV("DTLSv1.2", SSL_OP_NO_DTLSv1_2) }; @@ -282,6 +283,7 @@ static int protocol_from_string(const char *value) {"TLSv1", TLS1_VERSION}, {"TLSv1.1", TLS1_1_VERSION}, {"TLSv1.2", TLS1_2_VERSION}, + {"TLSv1.3", TLS1_3_VERSION}, {"DTLSv1", DTLS1_VERSION}, {"DTLSv1.2", DTLS1_2_VERSION} }; @@ -526,6 +528,7 @@ static const ssl_conf_cmd_tbl ssl_conf_cmds[] = { SSL_CONF_CMD_SWITCH("no_tls1", 0), SSL_CONF_CMD_SWITCH("no_tls1_1", 0), SSL_CONF_CMD_SWITCH("no_tls1_2", 0), + SSL_CONF_CMD_SWITCH("no_tls1_3", 0), SSL_CONF_CMD_SWITCH("bugs", 0), SSL_CONF_CMD_SWITCH("no_comp", 0), SSL_CONF_CMD_SWITCH("comp", 0), @@ -583,6 +586,7 @@ static const ssl_switch_tbl ssl_cmd_switches[] = { {SSL_OP_NO_TLSv1, 0}, /* no_tls1 */ {SSL_OP_NO_TLSv1_1, 0}, /* no_tls1_1 */ {SSL_OP_NO_TLSv1_2, 0}, /* no_tls1_2 */ + {SSL_OP_NO_TLSv1_3, 0}, /* no_tls1_3 */ {SSL_OP_ALL, 0}, /* bugs */ {SSL_OP_NO_COMPRESSION, 0}, /* no_comp */ {SSL_OP_NO_COMPRESSION, SSL_TFLAG_INV}, /* comp */ diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c index 8bf872b..67eee74 100644 --- a/ssl/ssl_lib.c +++ b/ssl/ssl_lib.c @@ -3072,22 +3072,35 @@ const SSL_METHOD *ssl_bad_method(int ver) const char *ssl_protocol_to_string(int version) { - if (version == TLS1_2_VERSION) + switch(version) + { + case TLS1_3_VERSION: + return "TLSv1.3"; + + case TLS1_2_VERSION: return "TLSv1.2"; - else if (version == TLS1_1_VERSION) + + case TLS1_1_VERSION: return "TLSv1.1"; - else if (version == TLS1_VERSION) + + case TLS1_VERSION: return "TLSv1"; - else if (version == SSL3_VERSION) + + case SSL3_VERSION: return "SSLv3"; - else if (version == DTLS1_BAD_VER) + + case DTLS1_BAD_VER: return "DTLSv0.9"; - else if (version == DTLS1_VERSION) + + case DTLS1_VERSION: return "DTLSv1"; - else if (version == DTLS1_2_VERSION) + + case DTLS1_2_VERSION: return "DTLSv1.2"; - else - return ("unknown"); + + default: + return "unknown"; + } } const char *SSL_get_version(const SSL *s) diff --git a/ssl/ssl_locl.h b/ssl/ssl_locl.h index 8a7e1a9..d5a6fe2 100644 --- a/ssl/ssl_locl.h +++ b/ssl/ssl_locl.h @@ -1641,6 +1641,9 @@ __owur const SSL_METHOD *tlsv1_1_client_method(void); __owur const SSL_METHOD *tlsv1_2_method(void); __owur const SSL_METHOD *tlsv1_2_server_method(void); __owur const SSL_METHOD *tlsv1_2_client_method(void); +__owur const SSL_METHOD *tlsv1_3_method(void); +__owur const SSL_METHOD *tlsv1_3_server_method(void); +__owur const SSL_METHOD *tlsv1_3_client_method(void); __owur const SSL_METHOD *dtlsv1_method(void); __owur const SSL_METHOD *dtlsv1_server_method(void); __owur const SSL_METHOD *dtlsv1_client_method(void); @@ -1652,6 +1655,7 @@ __owur const SSL_METHOD *dtlsv1_2_client_method(void); extern const SSL3_ENC_METHOD TLSv1_enc_data; extern const SSL3_ENC_METHOD TLSv1_1_enc_data; extern const SSL3_ENC_METHOD TLSv1_2_enc_data; +extern const SSL3_ENC_METHOD TLSv1_3_enc_data; extern const SSL3_ENC_METHOD SSLv3_enc_data; extern const SSL3_ENC_METHOD DTLSv1_enc_data; extern const SSL3_ENC_METHOD DTLSv1_2_enc_data; diff --git a/ssl/ssl_sess.c b/ssl/ssl_sess.c index eee1ca1..e0ec918 100644 --- a/ssl/ssl_sess.c +++ b/ssl/ssl_sess.c @@ -320,6 +320,9 @@ int ssl_get_new_session(SSL *s, int session) } else if (s->version == TLS1_2_VERSION) { ss->ssl_version = TLS1_2_VERSION; ss->session_id_length = SSL3_SSL_SESSION_ID_LENGTH; + } else if (s->version == TLS1_3_VERSION) { + ss->ssl_version = TLS1_3_VERSION; + ss->session_id_length = SSL3_SSL_SESSION_ID_LENGTH; } else if (s->version == DTLS1_BAD_VER) { ss->ssl_version = DTLS1_BAD_VER; ss->session_id_length = SSL3_SSL_SESSION_ID_LENGTH; diff --git a/ssl/statem/statem_lib.c b/ssl/statem/statem_lib.c index c185d7c..a3d8d1e 100644 --- a/ssl/statem/statem_lib.c +++ b/ssl/statem/statem_lib.c @@ -647,11 +647,16 @@ typedef struct { const SSL_METHOD *(*smeth) (void); } version_info; -#if TLS_MAX_VERSION != TLS1_2_VERSION -# error Code needs update for TLS_method() support beyond TLS1_2_VERSION. +#if TLS_MAX_VERSION != TLS1_3_VERSION +# error Code needs update for TLS_method() support beyond TLS1_3_VERSION. #endif static const version_info tls_version_table[] = { +#ifndef OPENSSL_NO_TLS1_3 + {TLS1_3_VERSION, tlsv1_3_client_method, tlsv1_3_server_method}, +#else + {TLS1_3_VERSION, NULL, NULL}, +#endif #ifndef OPENSSL_NO_TLS1_2 {TLS1_2_VERSION, tlsv1_2_client_method, tlsv1_2_server_method}, #else diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c index 87ebbf3..e19f93d 100644 --- a/ssl/t1_lib.c +++ b/ssl/t1_lib.c @@ -84,6 +84,26 @@ SSL3_ENC_METHOD const TLSv1_2_enc_data = { ssl3_handshake_write }; +SSL3_ENC_METHOD const TLSv1_3_enc_data = { + tls1_enc, + tls1_mac, + tls1_setup_key_block, + tls1_generate_master_secret, + tls1_change_cipher_state, + tls1_final_finish_mac, + TLS1_FINISH_MAC_LENGTH, + TLS_MD_CLIENT_FINISH_CONST, TLS_MD_CLIENT_FINISH_CONST_SIZE, + TLS_MD_SERVER_FINISH_CONST, TLS_MD_SERVER_FINISH_CONST_SIZE, + tls1_alert_code, + tls1_export_keying_material, + SSL_ENC_FLAG_EXPLICIT_IV | SSL_ENC_FLAG_SIGALGS | SSL_ENC_FLAG_SHA256_PRF + | SSL_ENC_FLAG_TLS1_2_CIPHERS, + SSL3_HM_HEADER_LENGTH, + ssl3_set_handshake_header, + tls_close_construct_packet, + ssl3_handshake_write +}; + long tls1_default_timeout(void) { /* diff --git a/ssl/t1_trce.c b/ssl/t1_trce.c index 4577f03..ab5d2da 100644 --- a/ssl/t1_trce.c +++ b/ssl/t1_trce.c @@ -61,6 +61,7 @@ static ssl_trace_tbl ssl_version_tbl[] = { {TLS1_VERSION, "TLS 1.0"}, {TLS1_1_VERSION, "TLS 1.1"}, {TLS1_2_VERSION, "TLS 1.2"}, + {TLS1_3_VERSION, "TLS 1.3"}, {DTLS1_VERSION, "DTLS 1.0"}, {DTLS1_2_VERSION, "DTLS 1.2"}, {DTLS1_BAD_VER, "DTLS 1.0 (bad)"} @@ -422,6 +423,7 @@ static ssl_trace_tbl ssl_ciphers_tbl[] = { {0xCCAC, "TLS_ECDHE_PSK_WITH_CHACHA20_POLY1305"}, {0xCCAD, "TLS_DHE_PSK_WITH_CHACHA20_POLY1305"}, {0xCCAE, "TLS_RSA_PSK_WITH_CHACHA20_POLY1305"}, + {0x0D01, "TLS_AES_128_GCM_SHA256"}, {0xFEFE, "SSL_RSA_FIPS_WITH_DES_CBC_SHA"}, {0xFEFF, "SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA"}, }; diff --git a/test/cipherlist_test.c b/test/cipherlist_test.c index d6556e0..70ebd83 100644 --- a/test/cipherlist_test.c +++ b/test/cipherlist_test.c @@ -107,10 +107,14 @@ static const uint32_t default_ciphers_in_order[] = { #ifndef OPENSSL_NO_TLS1_2 TLS1_CK_RSA_WITH_AES_256_GCM_SHA384, TLS1_CK_RSA_WITH_AES_128_GCM_SHA256, +#endif +#ifndef OPENSSL_NO_TLS1_3 + TLS1_3_CK_AES_128_GCM_SHA256, +#endif +#ifndef OPENSSL_NO_TLS1_2 TLS1_CK_RSA_WITH_AES_256_SHA256, TLS1_CK_RSA_WITH_AES_128_SHA256, #endif - TLS1_CK_RSA_WITH_AES_256_SHA, TLS1_CK_RSA_WITH_AES_128_SHA, }; diff --git a/test/recipes/80-test_ssl_new.t b/test/recipes/80-test_ssl_new.t index 54e32bb..1e92907 100644 --- a/test/recipes/80-test_ssl_new.t +++ b/test/recipes/80-test_ssl_new.t @@ -34,7 +34,8 @@ plan tests => 18; # = scalar @conf_srcs # Some test results depend on the configuration of enabled protocols. We only # verify generated sources in the default configuration. my $is_default_tls = (disabled("ssl3") && !disabled("tls1") && - !disabled("tls1_1") && !disabled("tls1_2")); + !disabled("tls1_1") && !disabled("tls1_2") && + disabled("tls1_3")); my $is_default_dtls = (!disabled("dtls1") && !disabled("dtls1_2")); diff --git a/test/recipes/80-test_ssl_old.t b/test/recipes/80-test_ssl_old.t index ff1a50a..d413de3 100644 --- a/test/recipes/80-test_ssl_old.t +++ b/test/recipes/80-test_ssl_old.t @@ -21,10 +21,10 @@ setup("test_ssl"); $ENV{CTLOG_FILE} = srctop_file("test", "ct", "log_list.conf"); my ($no_rsa, $no_dsa, $no_dh, $no_ec, $no_srp, $no_psk, - $no_ssl3, $no_tls1, $no_tls1_1, $no_tls1_2, + $no_ssl3, $no_tls1, $no_tls1_1, $no_tls1_2, $no_tls1_3, $no_dtls, $no_dtls1, $no_dtls1_2, $no_ct) = anydisabled qw/rsa dsa dh ec srp psk - ssl3 tls1 tls1_1 tls1_2 + ssl3 tls1 tls1_1 tls1_2 tls1_3 dtls dtls1 dtls1_2 ct/; my $no_anytls = alldisabled(available_protocols("tls")); my $no_anydtls = alldisabled(available_protocols("dtls")); @@ -446,6 +446,7 @@ sub testssl { my @protocols = (); # FIXME: I feel unsure about the following line, is that really just TLSv1.2, or is it all of the SSLv3/TLS protocols? + push(@protocols, "TLSv1.3") unless $no_tls1_3; push(@protocols, "TLSv1.2") unless $no_tls1_2; push(@protocols, "SSLv3") unless $no_ssl3; my $protocolciphersuitcount = 0; @@ -463,22 +464,27 @@ sub testssl { # The count of protocols is because in addition to the ciphersuits # we got above, we're running a weak DH test for each protocol - plan tests => $protocolciphersuitcount + scalar(@protocols); - - foreach my $protocol (@protocols) { - note "Testing ciphersuites for $protocol"; - foreach my $cipher (@{$ciphersuites{$protocol}}) { - ok(run(test([@ssltest, @exkeys, "-cipher", $cipher, - $protocol eq "SSLv3" ? ("-ssl3") : ()])), - "Testing $cipher"); - } + plan tests => $protocolciphersuitcount + scalar(@protocols); + + foreach my $protocol (@protocols) { + note "Testing ciphersuites for $protocol"; + my $flag = ""; + if ($protocol eq "SSLv3") { + $flag = "-ssl3"; + } elsif ($protocol eq "TLSv1.2") { + $flag = "-tls1_2"; + } + foreach my $cipher (@{$ciphersuites{$protocol}}) { + ok(run(test([@ssltest, @exkeys, "-cipher", $cipher, $flag])), + "Testing $cipher"); + } is(run(test([@ssltest, "-s_cipher", "EDH", "-c_cipher", 'EDH:@SECLEVEL=1', "-dhe512", $protocol eq "SSLv3" ? ("-ssl3") : ()])), 0, "testing connection with weak DH, expecting failure"); - } + } }; subtest 'RSA/(EC)DHE/PSK tests' => sub { diff --git a/test/ssl-tests/02-protocol-version.conf b/test/ssl-tests/02-protocol-version.conf index cb89dbc..d5e0779 100644 --- a/test/ssl-tests/02-protocol-version.conf +++ b/test/ssl-tests/02-protocol-version.conf @@ -1,6 +1,6 @@ # Generated with generate_ssl_tests.pl -num_tests = 361 +num_tests = 676 test-0 = 0-version-negotiation test-1 = 1-version-negotiation @@ -363,6 +363,321 @@ test-357 = 357-version-negotiation test-358 = 358-version-negotiation test-359 = 359-version-negotiation test-360 = 360-version-negotiation +test-361 = 361-version-negotiation +test-362 = 362-version-negotiation +test-363 = 363-version-negotiation +test-364 = 364-version-negotiation +test-365 = 365-version-negotiation +test-366 = 366-version-negotiation +test-367 = 367-version-negotiation +test-368 = 368-version-negotiation +test-369 = 369-version-negotiation +test-370 = 370-version-negotiation +test-371 = 371-version-negotiation +test-372 = 372-version-negotiation +test-373 = 373-version-negotiation +test-374 = 374-version-negotiation +test-375 = 375-version-negotiation +test-376 = 376-version-negotiation +test-377 = 377-version-negotiation +test-378 = 378-version-negotiation +test-379 = 379-version-negotiation +test-380 = 380-version-negotiation +test-381 = 381-version-negotiation +test-382 = 382-version-negotiation +test-383 = 383-version-negotiation +test-384 = 384-version-negotiation +test-385 = 385-version-negotiation +test-386 = 386-version-negotiation +test-387 = 387-version-negotiation +test-388 = 388-version-negotiation +test-389 = 389-version-negotiation +test-390 = 390-version-negotiation +test-391 = 391-version-negotiation +test-392 = 392-version-negotiation +test-393 = 393-version-negotiation +test-394 = 394-version-negotiation +test-395 = 395-version-negotiation +test-396 = 396-version-negotiation +test-397 = 397-version-negotiation +test-398 = 398-version-negotiation +test-399 = 399-version-negotiation +test-400 = 400-version-negotiation +test-401 = 401-version-negotiation +test-402 = 402-version-negotiation +test-403 = 403-version-negotiation +test-404 = 404-version-negotiation +test-405 = 405-version-negotiation +test-406 = 406-version-negotiation +test-407 = 407-version-negotiation +test-408 = 408-version-negotiation +test-409 = 409-version-negotiation +test-410 = 410-version-negotiation +test-411 = 411-version-negotiation +test-412 = 412-version-negotiation +test-413 = 413-version-negotiation +test-414 = 414-version-negotiation +test-415 = 415-version-negotiation +test-416 = 416-version-negotiation +test-417 = 417-version-negotiation +test-418 = 418-version-negotiation +test-419 = 419-version-negotiation +test-420 = 420-version-negotiation +test-421 = 421-version-negotiation +test-422 = 422-version-negotiation +test-423 = 423-version-negotiation +test-424 = 424-version-negotiation +test-425 = 425-version-negotiation +test-426 = 426-version-negotiation +test-427 = 427-version-negotiation +test-428 = 428-version-negotiation +test-429 = 429-version-negotiation +test-430 = 430-version-negotiation +test-431 = 431-version-negotiation +test-432 = 432-version-negotiation +test-433 = 433-version-negotiation +test-434 = 434-version-negotiation +test-435 = 435-version-negotiation +test-436 = 436-version-negotiation +test-437 = 437-version-negotiation +test-438 = 438-version-negotiation +test-439 = 439-version-negotiation +test-440 = 440-version-negotiation +test-441 = 441-version-negotiation +test-442 = 442-version-negotiation +test-443 = 443-version-negotiation +test-444 = 444-version-negotiation +test-445 = 445-version-negotiation +test-446 = 446-version-negotiation +test-447 = 447-version-negotiation +test-448 = 448-version-negotiation +test-449 = 449-version-negotiation +test-450 = 450-version-negotiation +test-451 = 451-version-negotiation +test-452 = 452-version-negotiation +test-453 = 453-version-negotiation +test-454 = 454-version-negotiation +test-455 = 455-version-negotiation +test-456 = 456-version-negotiation +test-457 = 457-version-negotiation +test-458 = 458-version-negotiation +test-459 = 459-version-negotiation +test-460 = 460-version-negotiation +test-461 = 461-version-negotiation +test-462 = 462-version-negotiation +test-463 = 463-version-negotiation +test-464 = 464-version-negotiation +test-465 = 465-version-negotiation +test-466 = 466-version-negotiation +test-467 = 467-version-negotiation +test-468 = 468-version-negotiation +test-469 = 469-version-negotiation +test-470 = 470-version-negotiation +test-471 = 471-version-negotiation +test-472 = 472-version-negotiation +test-473 = 473-version-negotiation +test-474 = 474-version-negotiation +test-475 = 475-version-negotiation +test-476 = 476-version-negotiation +test-477 = 477-version-negotiation +test-478 = 478-version-negotiation +test-479 = 479-version-negotiation +test-480 = 480-version-negotiation +test-481 = 481-version-negotiation +test-482 = 482-version-negotiation +test-483 = 483-version-negotiation +test-484 = 484-version-negotiation +test-485 = 485-version-negotiation +test-486 = 486-version-negotiation +test-487 = 487-version-negotiation +test-488 = 488-version-negotiation +test-489 = 489-version-negotiation +test-490 = 490-version-negotiation +test-491 = 491-version-negotiation +test-492 = 492-version-negotiation +test-493 = 493-version-negotiation +test-494 = 494-version-negotiation +test-495 = 495-version-negotiation +test-496 = 496-version-negotiation +test-497 = 497-version-negotiation +test-498 = 498-version-negotiation +test-499 = 499-version-negotiation +test-500 = 500-version-negotiation +test-501 = 501-version-negotiation +test-502 = 502-version-negotiation +test-503 = 503-version-negotiation +test-504 = 504-version-negotiation +test-505 = 505-version-negotiation +test-506 = 506-version-negotiation +test-507 = 507-version-negotiation +test-508 = 508-version-negotiation +test-509 = 509-version-negotiation +test-510 = 510-version-negotiation +test-511 = 511-version-negotiation +test-512 = 512-version-negotiation +test-513 = 513-version-negotiation +test-514 = 514-version-negotiation +test-515 = 515-version-negotiation +test-516 = 516-version-negotiation +test-517 = 517-version-negotiation +test-518 = 518-version-negotiation +test-519 = 519-version-negotiation +test-520 = 520-version-negotiation +test-521 = 521-version-negotiation +test-522 = 522-version-negotiation +test-523 = 523-version-negotiation +test-524 = 524-version-negotiation +test-525 = 525-version-negotiation +test-526 = 526-version-negotiation +test-527 = 527-version-negotiation +test-528 = 528-version-negotiation +test-529 = 529-version-negotiation +test-530 = 530-version-negotiation +test-531 = 531-version-negotiation +test-532 = 532-version-negotiation +test-533 = 533-version-negotiation +test-534 = 534-version-negotiation +test-535 = 535-version-negotiation +test-536 = 536-version-negotiation +test-537 = 537-version-negotiation +test-538 = 538-version-negotiation +test-539 = 539-version-negotiation +test-540 = 540-version-negotiation +test-541 = 541-version-negotiation +test-542 = 542-version-negotiation +test-543 = 543-version-negotiation +test-544 = 544-version-negotiation +test-545 = 545-version-negotiation +test-546 = 546-version-negotiation +test-547 = 547-version-negotiation +test-548 = 548-version-negotiation +test-549 = 549-version-negotiation +test-550 = 550-version-negotiation +test-551 = 551-version-negotiation +test-552 = 552-version-negotiation +test-553 = 553-version-negotiation +test-554 = 554-version-negotiation +test-555 = 555-version-negotiation +test-556 = 556-version-negotiation +test-557 = 557-version-negotiation +test-558 = 558-version-negotiation +test-559 = 559-version-negotiation +test-560 = 560-version-negotiation +test-561 = 561-version-negotiation +test-562 = 562-version-negotiation +test-563 = 563-version-negotiation +test-564 = 564-version-negotiation +test-565 = 565-version-negotiation +test-566 = 566-version-negotiation +test-567 = 567-version-negotiation +test-568 = 568-version-negotiation +test-569 = 569-version-negotiation +test-570 = 570-version-negotiation +test-571 = 571-version-negotiation +test-572 = 572-version-negotiation +test-573 = 573-version-negotiation +test-574 = 574-version-negotiation +test-575 = 575-version-negotiation +test-576 = 576-version-negotiation +test-577 = 577-version-negotiation +test-578 = 578-version-negotiation +test-579 = 579-version-negotiation +test-580 = 580-version-negotiation +test-581 = 581-version-negotiation +test-582 = 582-version-negotiation +test-583 = 583-version-negotiation +test-584 = 584-version-negotiation +test-585 = 585-version-negotiation +test-586 = 586-version-negotiation +test-587 = 587-version-negotiation +test-588 = 588-version-negotiation +test-589 = 589-version-negotiation +test-590 = 590-version-negotiation +test-591 = 591-version-negotiation +test-592 = 592-version-negotiation +test-593 = 593-version-negotiation +test-594 = 594-version-negotiation +test-595 = 595-version-negotiation +test-596 = 596-version-negotiation +test-597 = 597-version-negotiation +test-598 = 598-version-negotiation +test-599 = 599-version-negotiation +test-600 = 600-version-negotiation +test-601 = 601-version-negotiation +test-602 = 602-version-negotiation +test-603 = 603-version-negotiation +test-604 = 604-version-negotiation +test-605 = 605-version-negotiation +test-606 = 606-version-negotiation +test-607 = 607-version-negotiation +test-608 = 608-version-negotiation +test-609 = 609-version-negotiation +test-610 = 610-version-negotiation +test-611 = 611-version-negotiation +test-612 = 612-version-negotiation +test-613 = 613-version-negotiation +test-614 = 614-version-negotiation +test-615 = 615-version-negotiation +test-616 = 616-version-negotiation +test-617 = 617-version-negotiation +test-618 = 618-version-negotiation +test-619 = 619-version-negotiation +test-620 = 620-version-negotiation +test-621 = 621-version-negotiation +test-622 = 622-version-negotiation +test-623 = 623-version-negotiation +test-624 = 624-version-negotiation +test-625 = 625-version-negotiation +test-626 = 626-version-negotiation +test-627 = 627-version-negotiation +test-628 = 628-version-negotiation +test-629 = 629-version-negotiation +test-630 = 630-version-negotiation +test-631 = 631-version-negotiation +test-632 = 632-version-negotiation +test-633 = 633-version-negotiation +test-634 = 634-version-negotiation +test-635 = 635-version-negotiation +test-636 = 636-version-negotiation +test-637 = 637-version-negotiation +test-638 = 638-version-negotiation +test-639 = 639-version-negotiation +test-640 = 640-version-negotiation +test-641 = 641-version-negotiation +test-642 = 642-version-negotiation +test-643 = 643-version-negotiation +test-644 = 644-version-negotiation +test-645 = 645-version-negotiation +test-646 = 646-version-negotiation +test-647 = 647-version-negotiation +test-648 = 648-version-negotiation +test-649 = 649-version-negotiation +test-650 = 650-version-negotiation +test-651 = 651-version-negotiation +test-652 = 652-version-negotiation +test-653 = 653-version-negotiation +test-654 = 654-version-negotiation +test-655 = 655-version-negotiation +test-656 = 656-version-negotiation +test-657 = 657-version-negotiation +test-658 = 658-version-negotiation +test-659 = 659-version-negotiation +test-660 = 660-version-negotiation +test-661 = 661-version-negotiation +test-662 = 662-version-negotiation +test-663 = 663-version-negotiation +test-664 = 664-version-negotiation +test-665 = 665-version-negotiation +test-666 = 666-version-negotiation +test-667 = 667-version-negotiation +test-668 = 668-version-negotiation +test-669 = 669-version-negotiation +test-670 = 670-version-negotiation +test-671 = 671-version-negotiation +test-672 = 672-version-negotiation +test-673 = 673-version-negotiation +test-674 = 674-version-negotiation +test-675 = 675-version-negotiation # =========================================================== [0-version-negotiation] @@ -475,6 +790,7 @@ client = 4-version-negotiation-client [4-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT +MaxProtocol = TLSv1.3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [4-version-negotiation-client] @@ -499,8 +815,6 @@ client = 5-version-negotiation-client [5-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = SSLv3 -MinProtocol = SSLv3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [5-version-negotiation-client] @@ -525,7 +839,7 @@ client = 6-version-negotiation-client [6-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = TLSv1 +MaxProtocol = SSLv3 MinProtocol = SSLv3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem @@ -551,7 +865,7 @@ client = 7-version-negotiation-client [7-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = TLSv1.1 +MaxProtocol = TLSv1 MinProtocol = SSLv3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem @@ -577,7 +891,7 @@ client = 8-version-negotiation-client [8-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = TLSv1.2 +MaxProtocol = TLSv1.1 MinProtocol = SSLv3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem @@ -603,6 +917,7 @@ client = 9-version-negotiation-client [9-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT +MaxProtocol = TLSv1.2 MinProtocol = SSLv3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem @@ -628,8 +943,8 @@ client = 10-version-negotiation-client [10-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = TLSv1 -MinProtocol = TLSv1 +MaxProtocol = TLSv1.3 +MinProtocol = SSLv3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [10-version-negotiation-client] @@ -654,8 +969,7 @@ client = 11-version-negotiation-client [11-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = TLSv1.1 -MinProtocol = TLSv1 +MinProtocol = SSLv3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [11-version-negotiation-client] @@ -680,7 +994,7 @@ client = 12-version-negotiation-client [12-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = TLSv1.2 +MaxProtocol = TLSv1 MinProtocol = TLSv1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem @@ -706,6 +1020,7 @@ client = 13-version-negotiation-client [13-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT +MaxProtocol = TLSv1.1 MinProtocol = TLSv1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem @@ -731,8 +1046,8 @@ client = 14-version-negotiation-client [14-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = TLSv1.1 -MinProtocol = TLSv1.1 +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [14-version-negotiation-client] @@ -757,8 +1072,8 @@ client = 15-version-negotiation-client [15-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = TLSv1.2 -MinProtocol = TLSv1.1 +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [15-version-negotiation-client] @@ -783,7 +1098,7 @@ client = 16-version-negotiation-client [16-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MinProtocol = TLSv1.1 +MinProtocol = TLSv1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [16-version-negotiation-client] @@ -808,8 +1123,8 @@ client = 17-version-negotiation-client [17-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = TLSv1.2 -MinProtocol = TLSv1.2 +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1.1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [17-version-negotiation-client] @@ -834,7 +1149,8 @@ client = 18-version-negotiation-client [18-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MinProtocol = TLSv1.2 +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [18-version-negotiation-client] @@ -859,17 +1175,18 @@ client = 19-version-negotiation-client [19-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = SSLv3 +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [19-version-negotiation-client] CipherString = DEFAULT -MaxProtocol = TLSv1 +MaxProtocol = SSLv3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-19] -ExpectedResult = ServerFail +ExpectedResult = InternalError # =========================================================== @@ -884,18 +1201,17 @@ client = 20-version-negotiation-client [20-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = TLSv1 +MinProtocol = TLSv1.1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [20-version-negotiation-client] CipherString = DEFAULT -MaxProtocol = TLSv1 +MaxProtocol = SSLv3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-20] -ExpectedProtocol = TLSv1 -ExpectedResult = Success +ExpectedResult = InternalError # =========================================================== @@ -910,18 +1226,18 @@ client = 21-version-negotiation-client [21-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = TLSv1.1 +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.2 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [21-version-negotiation-client] CipherString = DEFAULT -MaxProtocol = TLSv1 +MaxProtocol = SSLv3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-21] -ExpectedProtocol = TLSv1 -ExpectedResult = Success +ExpectedResult = InternalError # =========================================================== @@ -936,18 +1252,18 @@ client = 22-version-negotiation-client [22-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = TLSv1.2 +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.2 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [22-version-negotiation-client] CipherString = DEFAULT -MaxProtocol = TLSv1 +MaxProtocol = SSLv3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-22] -ExpectedProtocol = TLSv1 -ExpectedResult = Success +ExpectedResult = InternalError # =========================================================== @@ -962,17 +1278,17 @@ client = 23-version-negotiation-client [23-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT +MinProtocol = TLSv1.2 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [23-version-negotiation-client] CipherString = DEFAULT -MaxProtocol = TLSv1 +MaxProtocol = SSLv3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-23] -ExpectedProtocol = TLSv1 -ExpectedResult = Success +ExpectedResult = InternalError # =========================================================== @@ -987,18 +1303,18 @@ client = 24-version-negotiation-client [24-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = SSLv3 -MinProtocol = SSLv3 +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [24-version-negotiation-client] CipherString = DEFAULT -MaxProtocol = TLSv1 +MaxProtocol = SSLv3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-24] -ExpectedResult = ServerFail +ExpectedResult = InternalError # =========================================================== @@ -1013,19 +1329,17 @@ client = 25-version-negotiation-client [25-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = TLSv1 -MinProtocol = SSLv3 +MinProtocol = TLSv1.3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [25-version-negotiation-client] CipherString = DEFAULT -MaxProtocol = TLSv1 +MaxProtocol = SSLv3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-25] -ExpectedProtocol = TLSv1 -ExpectedResult = Success +ExpectedResult = InternalError # =========================================================== @@ -1040,8 +1354,7 @@ client = 26-version-negotiation-client [26-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = TLSv1.1 -MinProtocol = SSLv3 +MaxProtocol = SSLv3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [26-version-negotiation-client] @@ -1051,8 +1364,7 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-26] -ExpectedProtocol = TLSv1 -ExpectedResult = Success +ExpectedResult = ServerFail # =========================================================== @@ -1067,8 +1379,7 @@ client = 27-version-negotiation-client [27-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = TLSv1.2 -MinProtocol = SSLv3 +MaxProtocol = TLSv1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [27-version-negotiation-client] @@ -1094,7 +1405,7 @@ client = 28-version-negotiation-client [28-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MinProtocol = SSLv3 +MaxProtocol = TLSv1.1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [28-version-negotiation-client] @@ -1120,8 +1431,7 @@ client = 29-version-negotiation-client [29-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = TLSv1 -MinProtocol = TLSv1 +MaxProtocol = TLSv1.2 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [29-version-negotiation-client] @@ -1147,8 +1457,7 @@ client = 30-version-negotiation-client [30-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = TLSv1.1 -MinProtocol = TLSv1 +MaxProtocol = TLSv1.3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [30-version-negotiation-client] @@ -1174,8 +1483,6 @@ client = 31-version-negotiation-client [31-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = TLSv1.2 -MinProtocol = TLSv1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [31-version-negotiation-client] @@ -1201,7 +1508,8 @@ client = 32-version-negotiation-client [32-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MinProtocol = TLSv1 +MaxProtocol = SSLv3 +MinProtocol = SSLv3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [32-version-negotiation-client] @@ -1211,8 +1519,7 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-32] -ExpectedProtocol = TLSv1 -ExpectedResult = Success +ExpectedResult = ServerFail # =========================================================== @@ -1227,8 +1534,8 @@ client = 33-version-negotiation-client [33-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = TLSv1.1 -MinProtocol = TLSv1.1 +MaxProtocol = TLSv1 +MinProtocol = SSLv3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [33-version-negotiation-client] @@ -1238,7 +1545,8 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-33] -ExpectedResult = ServerFail +ExpectedProtocol = TLSv1 +ExpectedResult = Success # =========================================================== @@ -1253,8 +1561,8 @@ client = 34-version-negotiation-client [34-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = TLSv1.2 -MinProtocol = TLSv1.1 +MaxProtocol = TLSv1.1 +MinProtocol = SSLv3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [34-version-negotiation-client] @@ -1264,7 +1572,8 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-34] -ExpectedResult = ServerFail +ExpectedProtocol = TLSv1 +ExpectedResult = Success # =========================================================== @@ -1279,7 +1588,8 @@ client = 35-version-negotiation-client [35-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MinProtocol = TLSv1.1 +MaxProtocol = TLSv1.2 +MinProtocol = SSLv3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [35-version-negotiation-client] @@ -1289,7 +1599,8 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-35] -ExpectedResult = ServerFail +ExpectedProtocol = TLSv1 +ExpectedResult = Success # =========================================================== @@ -1304,8 +1615,8 @@ client = 36-version-negotiation-client [36-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = TLSv1.2 -MinProtocol = TLSv1.2 +MaxProtocol = TLSv1.3 +MinProtocol = SSLv3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [36-version-negotiation-client] @@ -1315,7 +1626,8 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-36] -ExpectedResult = ServerFail +ExpectedProtocol = TLSv1 +ExpectedResult = Success # =========================================================== @@ -1330,7 +1642,7 @@ client = 37-version-negotiation-client [37-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MinProtocol = TLSv1.2 +MinProtocol = SSLv3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [37-version-negotiation-client] @@ -1340,7 +1652,8 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-37] -ExpectedResult = ServerFail +ExpectedProtocol = TLSv1 +ExpectedResult = Success # =========================================================== @@ -1355,17 +1668,19 @@ client = 38-version-negotiation-client [38-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = SSLv3 +MaxProtocol = TLSv1 +MinProtocol = TLSv1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [38-version-negotiation-client] CipherString = DEFAULT -MaxProtocol = TLSv1.1 +MaxProtocol = TLSv1 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-38] -ExpectedResult = ServerFail +ExpectedProtocol = TLSv1 +ExpectedResult = Success # =========================================================== @@ -1380,12 +1695,13 @@ client = 39-version-negotiation-client [39-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = TLSv1 +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [39-version-negotiation-client] CipherString = DEFAULT -MaxProtocol = TLSv1.1 +MaxProtocol = TLSv1 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer @@ -1406,17 +1722,18 @@ client = 40-version-negotiation-client [40-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = TLSv1.1 +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [40-version-negotiation-client] CipherString = DEFAULT -MaxProtocol = TLSv1.1 +MaxProtocol = TLSv1 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-40] -ExpectedProtocol = TLSv1.1 +ExpectedProtocol = TLSv1 ExpectedResult = Success @@ -1432,17 +1749,18 @@ client = 41-version-negotiation-client [41-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = TLSv1.2 +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [41-version-negotiation-client] CipherString = DEFAULT -MaxProtocol = TLSv1.1 +MaxProtocol = TLSv1 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-41] -ExpectedProtocol = TLSv1.1 +ExpectedProtocol = TLSv1 ExpectedResult = Success @@ -1458,16 +1776,17 @@ client = 42-version-negotiation-client [42-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT +MinProtocol = TLSv1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [42-version-negotiation-client] CipherString = DEFAULT -MaxProtocol = TLSv1.1 +MaxProtocol = TLSv1 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-42] -ExpectedProtocol = TLSv1.1 +ExpectedProtocol = TLSv1 ExpectedResult = Success @@ -1483,13 +1802,13 @@ client = 43-version-negotiation-client [43-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = SSLv3 -MinProtocol = SSLv3 +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1.1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [43-version-negotiation-client] CipherString = DEFAULT -MaxProtocol = TLSv1.1 +MaxProtocol = TLSv1 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer @@ -1509,19 +1828,18 @@ client = 44-version-negotiation-client [44-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = TLSv1 -MinProtocol = SSLv3 +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [44-version-negotiation-client] CipherString = DEFAULT -MaxProtocol = TLSv1.1 +MaxProtocol = TLSv1 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-44] -ExpectedProtocol = TLSv1 -ExpectedResult = Success +ExpectedResult = ServerFail # =========================================================== @@ -1536,19 +1854,18 @@ client = 45-version-negotiation-client [45-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = TLSv1.1 -MinProtocol = SSLv3 +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [45-version-negotiation-client] CipherString = DEFAULT -MaxProtocol = TLSv1.1 +MaxProtocol = TLSv1 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-45] -ExpectedProtocol = TLSv1.1 -ExpectedResult = Success +ExpectedResult = ServerFail # =========================================================== @@ -1563,19 +1880,17 @@ client = 46-version-negotiation-client [46-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = TLSv1.2 -MinProtocol = SSLv3 +MinProtocol = TLSv1.1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [46-version-negotiation-client] CipherString = DEFAULT -MaxProtocol = TLSv1.1 +MaxProtocol = TLSv1 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-46] -ExpectedProtocol = TLSv1.1 -ExpectedResult = Success +ExpectedResult = ServerFail # =========================================================== @@ -1590,18 +1905,18 @@ client = 47-version-negotiation-client [47-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MinProtocol = SSLv3 +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.2 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [47-version-negotiation-client] CipherString = DEFAULT -MaxProtocol = TLSv1.1 +MaxProtocol = TLSv1 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-47] -ExpectedProtocol = TLSv1.1 -ExpectedResult = Success +ExpectedResult = ServerFail # =========================================================== @@ -1616,19 +1931,18 @@ client = 48-version-negotiation-client [48-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = TLSv1 -MinProtocol = TLSv1 +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.2 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [48-version-negotiation-client] CipherString = DEFAULT -MaxProtocol = TLSv1.1 +MaxProtocol = TLSv1 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-48] -ExpectedProtocol = TLSv1 -ExpectedResult = Success +ExpectedResult = ServerFail # =========================================================== @@ -1643,19 +1957,17 @@ client = 49-version-negotiation-client [49-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = TLSv1.1 -MinProtocol = TLSv1 +MinProtocol = TLSv1.2 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [49-version-negotiation-client] CipherString = DEFAULT -MaxProtocol = TLSv1.1 +MaxProtocol = TLSv1 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-49] -ExpectedProtocol = TLSv1.1 -ExpectedResult = Success +ExpectedResult = ServerFail # =========================================================== @@ -1670,19 +1982,18 @@ client = 50-version-negotiation-client [50-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = TLSv1.2 -MinProtocol = TLSv1 +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [50-version-negotiation-client] CipherString = DEFAULT -MaxProtocol = TLSv1.1 +MaxProtocol = TLSv1 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-50] -ExpectedProtocol = TLSv1.1 -ExpectedResult = Success +ExpectedResult = ServerFail # =========================================================== @@ -1697,18 +2008,17 @@ client = 51-version-negotiation-client [51-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MinProtocol = TLSv1 +MinProtocol = TLSv1.3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [51-version-negotiation-client] CipherString = DEFAULT -MaxProtocol = TLSv1.1 +MaxProtocol = TLSv1 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-51] -ExpectedProtocol = TLSv1.1 -ExpectedResult = Success +ExpectedResult = ServerFail # =========================================================== @@ -1723,8 +2033,7 @@ client = 52-version-negotiation-client [52-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = TLSv1.1 -MinProtocol = TLSv1.1 +MaxProtocol = SSLv3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [52-version-negotiation-client] @@ -1734,8 +2043,7 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-52] -ExpectedProtocol = TLSv1.1 -ExpectedResult = Success +ExpectedResult = ServerFail # =========================================================== @@ -1750,8 +2058,7 @@ client = 53-version-negotiation-client [53-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = TLSv1.2 -MinProtocol = TLSv1.1 +MaxProtocol = TLSv1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [53-version-negotiation-client] @@ -1761,7 +2068,7 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-53] -ExpectedProtocol = TLSv1.1 +ExpectedProtocol = TLSv1 ExpectedResult = Success @@ -1777,7 +2084,7 @@ client = 54-version-negotiation-client [54-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MinProtocol = TLSv1.1 +MaxProtocol = TLSv1.1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [54-version-negotiation-client] @@ -1804,7 +2111,6 @@ client = 55-version-negotiation-client Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT MaxProtocol = TLSv1.2 -MinProtocol = TLSv1.2 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [55-version-negotiation-client] @@ -1814,7 +2120,8 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-55] -ExpectedResult = ServerFail +ExpectedProtocol = TLSv1.1 +ExpectedResult = Success # =========================================================== @@ -1829,7 +2136,7 @@ client = 56-version-negotiation-client [56-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MinProtocol = TLSv1.2 +MaxProtocol = TLSv1.3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [56-version-negotiation-client] @@ -1839,7 +2146,8 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-56] -ExpectedResult = ServerFail +ExpectedProtocol = TLSv1.1 +ExpectedResult = Success # =========================================================== @@ -1854,17 +2162,17 @@ client = 57-version-negotiation-client [57-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = SSLv3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [57-version-negotiation-client] CipherString = DEFAULT -MaxProtocol = TLSv1.2 +MaxProtocol = TLSv1.1 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-57] -ExpectedResult = ServerFail +ExpectedProtocol = TLSv1.1 +ExpectedResult = Success # =========================================================== @@ -1879,18 +2187,18 @@ client = 58-version-negotiation-client [58-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = TLSv1 +MaxProtocol = SSLv3 +MinProtocol = SSLv3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [58-version-negotiation-client] CipherString = DEFAULT -MaxProtocol = TLSv1.2 +MaxProtocol = TLSv1.1 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-58] -ExpectedProtocol = TLSv1 -ExpectedResult = Success +ExpectedResult = ServerFail # =========================================================== @@ -1905,17 +2213,18 @@ client = 59-version-negotiation-client [59-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = TLSv1.1 +MaxProtocol = TLSv1 +MinProtocol = SSLv3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [59-version-negotiation-client] CipherString = DEFAULT -MaxProtocol = TLSv1.2 +MaxProtocol = TLSv1.1 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-59] -ExpectedProtocol = TLSv1.1 +ExpectedProtocol = TLSv1 ExpectedResult = Success @@ -1931,17 +2240,18 @@ client = 60-version-negotiation-client [60-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = TLSv1.2 +MaxProtocol = TLSv1.1 +MinProtocol = SSLv3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [60-version-negotiation-client] CipherString = DEFAULT -MaxProtocol = TLSv1.2 +MaxProtocol = TLSv1.1 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-60] -ExpectedProtocol = TLSv1.2 +ExpectedProtocol = TLSv1.1 ExpectedResult = Success @@ -1957,16 +2267,18 @@ client = 61-version-negotiation-client [61-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = SSLv3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [61-version-negotiation-client] CipherString = DEFAULT -MaxProtocol = TLSv1.2 +MaxProtocol = TLSv1.1 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-61] -ExpectedProtocol = TLSv1.2 +ExpectedProtocol = TLSv1.1 ExpectedResult = Success @@ -1982,18 +2294,19 @@ client = 62-version-negotiation-client [62-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = SSLv3 +MaxProtocol = TLSv1.3 MinProtocol = SSLv3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [62-version-negotiation-client] CipherString = DEFAULT -MaxProtocol = TLSv1.2 +MaxProtocol = TLSv1.1 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-62] -ExpectedResult = ServerFail +ExpectedProtocol = TLSv1.1 +ExpectedResult = Success # =========================================================== @@ -2008,18 +2321,17 @@ client = 63-version-negotiation-client [63-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = TLSv1 MinProtocol = SSLv3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [63-version-negotiation-client] CipherString = DEFAULT -MaxProtocol = TLSv1.2 +MaxProtocol = TLSv1.1 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-63] -ExpectedProtocol = TLSv1 +ExpectedProtocol = TLSv1.1 ExpectedResult = Success @@ -2035,18 +2347,18 @@ client = 64-version-negotiation-client [64-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = TLSv1.1 -MinProtocol = SSLv3 +MaxProtocol = TLSv1 +MinProtocol = TLSv1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [64-version-negotiation-client] CipherString = DEFAULT -MaxProtocol = TLSv1.2 +MaxProtocol = TLSv1.1 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-64] -ExpectedProtocol = TLSv1.1 +ExpectedProtocol = TLSv1 ExpectedResult = Success @@ -2062,18 +2374,18 @@ client = 65-version-negotiation-client [65-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = TLSv1.2 -MinProtocol = SSLv3 +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [65-version-negotiation-client] CipherString = DEFAULT -MaxProtocol = TLSv1.2 +MaxProtocol = TLSv1.1 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-65] -ExpectedProtocol = TLSv1.2 +ExpectedProtocol = TLSv1.1 ExpectedResult = Success @@ -2089,17 +2401,18 @@ client = 66-version-negotiation-client [66-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MinProtocol = SSLv3 +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [66-version-negotiation-client] CipherString = DEFAULT -MaxProtocol = TLSv1.2 +MaxProtocol = TLSv1.1 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-66] -ExpectedProtocol = TLSv1.2 +ExpectedProtocol = TLSv1.1 ExpectedResult = Success @@ -2115,18 +2428,18 @@ client = 67-version-negotiation-client [67-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = TLSv1 +MaxProtocol = TLSv1.3 MinProtocol = TLSv1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [67-version-negotiation-client] CipherString = DEFAULT -MaxProtocol = TLSv1.2 +MaxProtocol = TLSv1.1 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-67] -ExpectedProtocol = TLSv1 +ExpectedProtocol = TLSv1.1 ExpectedResult = Success @@ -2142,13 +2455,12 @@ client = 68-version-negotiation-client [68-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = TLSv1.1 MinProtocol = TLSv1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [68-version-negotiation-client] CipherString = DEFAULT -MaxProtocol = TLSv1.2 +MaxProtocol = TLSv1.1 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer @@ -2169,18 +2481,18 @@ client = 69-version-negotiation-client [69-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = TLSv1.2 -MinProtocol = TLSv1 +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1.1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [69-version-negotiation-client] CipherString = DEFAULT -MaxProtocol = TLSv1.2 +MaxProtocol = TLSv1.1 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-69] -ExpectedProtocol = TLSv1.2 +ExpectedProtocol = TLSv1.1 ExpectedResult = Success @@ -2196,17 +2508,18 @@ client = 70-version-negotiation-client [70-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MinProtocol = TLSv1 +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [70-version-negotiation-client] CipherString = DEFAULT -MaxProtocol = TLSv1.2 +MaxProtocol = TLSv1.1 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-70] -ExpectedProtocol = TLSv1.2 +ExpectedProtocol = TLSv1.1 ExpectedResult = Success @@ -2222,13 +2535,13 @@ client = 71-version-negotiation-client [71-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = TLSv1.1 +MaxProtocol = TLSv1.3 MinProtocol = TLSv1.1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [71-version-negotiation-client] CipherString = DEFAULT -MaxProtocol = TLSv1.2 +MaxProtocol = TLSv1.1 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer @@ -2249,18 +2562,17 @@ client = 72-version-negotiation-client [72-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = TLSv1.2 MinProtocol = TLSv1.1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [72-version-negotiation-client] CipherString = DEFAULT -MaxProtocol = TLSv1.2 +MaxProtocol = TLSv1.1 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-72] -ExpectedProtocol = TLSv1.2 +ExpectedProtocol = TLSv1.1 ExpectedResult = Success @@ -2276,18 +2588,18 @@ client = 73-version-negotiation-client [73-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MinProtocol = TLSv1.1 +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.2 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [73-version-negotiation-client] CipherString = DEFAULT -MaxProtocol = TLSv1.2 +MaxProtocol = TLSv1.1 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-73] -ExpectedProtocol = TLSv1.2 -ExpectedResult = Success +ExpectedResult = ServerFail # =========================================================== @@ -2302,19 +2614,18 @@ client = 74-version-negotiation-client [74-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = TLSv1.2 +MaxProtocol = TLSv1.3 MinProtocol = TLSv1.2 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [74-version-negotiation-client] CipherString = DEFAULT -MaxProtocol = TLSv1.2 +MaxProtocol = TLSv1.1 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-74] -ExpectedProtocol = TLSv1.2 -ExpectedResult = Success +ExpectedResult = ServerFail # =========================================================== @@ -2334,13 +2645,12 @@ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [75-version-negotiation-client] CipherString = DEFAULT -MaxProtocol = TLSv1.2 +MaxProtocol = TLSv1.1 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-75] -ExpectedProtocol = TLSv1.2 -ExpectedResult = Success +ExpectedResult = ServerFail # =========================================================== @@ -2355,11 +2665,13 @@ client = 76-version-negotiation-client [76-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = SSLv3 +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [76-version-negotiation-client] CipherString = DEFAULT +MaxProtocol = TLSv1.1 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer @@ -2379,17 +2691,17 @@ client = 77-version-negotiation-client [77-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = TLSv1 +MinProtocol = TLSv1.3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [77-version-negotiation-client] CipherString = DEFAULT +MaxProtocol = TLSv1.1 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-77] -ExpectedProtocol = TLSv1 -ExpectedResult = Success +ExpectedResult = ServerFail # =========================================================== @@ -2404,17 +2716,17 @@ client = 78-version-negotiation-client [78-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = TLSv1.1 +MaxProtocol = SSLv3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [78-version-negotiation-client] CipherString = DEFAULT +MaxProtocol = TLSv1.2 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-78] -ExpectedProtocol = TLSv1.1 -ExpectedResult = Success +ExpectedResult = ServerFail # =========================================================== @@ -2429,16 +2741,17 @@ client = 79-version-negotiation-client [79-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = TLSv1.2 +MaxProtocol = TLSv1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [79-version-negotiation-client] CipherString = DEFAULT +MaxProtocol = TLSv1.2 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-79] -ExpectedProtocol = TLSv1.2 +ExpectedProtocol = TLSv1 ExpectedResult = Success @@ -2454,15 +2767,17 @@ client = 80-version-negotiation-client [80-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT +MaxProtocol = TLSv1.1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [80-version-negotiation-client] CipherString = DEFAULT +MaxProtocol = TLSv1.2 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-80] -ExpectedProtocol = TLSv1.2 +ExpectedProtocol = TLSv1.1 ExpectedResult = Success @@ -2478,17 +2793,18 @@ client = 81-version-negotiation-client [81-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = SSLv3 -MinProtocol = SSLv3 +MaxProtocol = TLSv1.2 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [81-version-negotiation-client] CipherString = DEFAULT +MaxProtocol = TLSv1.2 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-81] -ExpectedResult = ServerFail +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success # =========================================================== @@ -2503,17 +2819,17 @@ client = 82-version-negotiation-client [82-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = TLSv1 -MinProtocol = SSLv3 +MaxProtocol = TLSv1.3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [82-version-negotiation-client] CipherString = DEFAULT +MaxProtocol = TLSv1.2 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-82] -ExpectedProtocol = TLSv1 +ExpectedProtocol = TLSv1.2 ExpectedResult = Success @@ -2529,17 +2845,16 @@ client = 83-version-negotiation-client [83-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = TLSv1.1 -MinProtocol = SSLv3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [83-version-negotiation-client] CipherString = DEFAULT +MaxProtocol = TLSv1.2 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-83] -ExpectedProtocol = TLSv1.1 +ExpectedProtocol = TLSv1.2 ExpectedResult = Success @@ -2555,18 +2870,18 @@ client = 84-version-negotiation-client [84-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = TLSv1.2 +MaxProtocol = SSLv3 MinProtocol = SSLv3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [84-version-negotiation-client] CipherString = DEFAULT +MaxProtocol = TLSv1.2 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-84] -ExpectedProtocol = TLSv1.2 -ExpectedResult = Success +ExpectedResult = ServerFail # =========================================================== @@ -2581,16 +2896,18 @@ client = 85-version-negotiation-client [85-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT +MaxProtocol = TLSv1 MinProtocol = SSLv3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [85-version-negotiation-client] CipherString = DEFAULT +MaxProtocol = TLSv1.2 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-85] -ExpectedProtocol = TLSv1.2 +ExpectedProtocol = TLSv1 ExpectedResult = Success @@ -2606,17 +2923,18 @@ client = 86-version-negotiation-client [86-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = TLSv1 -MinProtocol = TLSv1 +MaxProtocol = TLSv1.1 +MinProtocol = SSLv3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [86-version-negotiation-client] CipherString = DEFAULT +MaxProtocol = TLSv1.2 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-86] -ExpectedProtocol = TLSv1 +ExpectedProtocol = TLSv1.1 ExpectedResult = Success @@ -2632,17 +2950,18 @@ client = 87-version-negotiation-client [87-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = TLSv1.1 -MinProtocol = TLSv1 +MaxProtocol = TLSv1.2 +MinProtocol = SSLv3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [87-version-negotiation-client] CipherString = DEFAULT +MaxProtocol = TLSv1.2 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-87] -ExpectedProtocol = TLSv1.1 +ExpectedProtocol = TLSv1.2 ExpectedResult = Success @@ -2658,12 +2977,13 @@ client = 88-version-negotiation-client [88-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = TLSv1.2 -MinProtocol = TLSv1 +MaxProtocol = TLSv1.3 +MinProtocol = SSLv3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [88-version-negotiation-client] CipherString = DEFAULT +MaxProtocol = TLSv1.2 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer @@ -2684,11 +3004,12 @@ client = 89-version-negotiation-client [89-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MinProtocol = TLSv1 +MinProtocol = SSLv3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [89-version-negotiation-client] CipherString = DEFAULT +MaxProtocol = TLSv1.2 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer @@ -2709,17 +3030,18 @@ client = 90-version-negotiation-client [90-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = TLSv1.1 -MinProtocol = TLSv1.1 +MaxProtocol = TLSv1 +MinProtocol = TLSv1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [90-version-negotiation-client] CipherString = DEFAULT +MaxProtocol = TLSv1.2 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-90] -ExpectedProtocol = TLSv1.1 +ExpectedProtocol = TLSv1 ExpectedResult = Success @@ -2735,17 +3057,18 @@ client = 91-version-negotiation-client [91-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = TLSv1.2 -MinProtocol = TLSv1.1 +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [91-version-negotiation-client] CipherString = DEFAULT +MaxProtocol = TLSv1.2 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-91] -ExpectedProtocol = TLSv1.2 +ExpectedProtocol = TLSv1.1 ExpectedResult = Success @@ -2761,11 +3084,13 @@ client = 92-version-negotiation-client [92-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MinProtocol = TLSv1.1 +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [92-version-negotiation-client] CipherString = DEFAULT +MaxProtocol = TLSv1.2 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer @@ -2786,12 +3111,13 @@ client = 93-version-negotiation-client [93-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = TLSv1.2 -MinProtocol = TLSv1.2 +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [93-version-negotiation-client] CipherString = DEFAULT +MaxProtocol = TLSv1.2 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer @@ -2812,11 +3138,12 @@ client = 94-version-negotiation-client [94-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MinProtocol = TLSv1.2 +MinProtocol = TLSv1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [94-version-negotiation-client] CipherString = DEFAULT +MaxProtocol = TLSv1.2 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer @@ -2837,18 +3164,19 @@ client = 95-version-negotiation-client [95-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = SSLv3 +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1.1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [95-version-negotiation-client] CipherString = DEFAULT -MaxProtocol = SSLv3 -MinProtocol = SSLv3 +MaxProtocol = TLSv1.2 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-95] -ExpectedResult = InternalError +ExpectedProtocol = TLSv1.1 +ExpectedResult = Success # =========================================================== @@ -2863,18 +3191,19 @@ client = 96-version-negotiation-client [96-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = TLSv1 +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [96-version-negotiation-client] CipherString = DEFAULT -MaxProtocol = SSLv3 -MinProtocol = SSLv3 +MaxProtocol = TLSv1.2 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-96] -ExpectedResult = InternalError +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success # =========================================================== @@ -2889,18 +3218,19 @@ client = 97-version-negotiation-client [97-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = TLSv1.1 +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [97-version-negotiation-client] CipherString = DEFAULT -MaxProtocol = SSLv3 -MinProtocol = SSLv3 +MaxProtocol = TLSv1.2 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-97] -ExpectedResult = InternalError +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success # =========================================================== @@ -2915,18 +3245,18 @@ client = 98-version-negotiation-client [98-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [98-version-negotiation-client] CipherString = DEFAULT -MaxProtocol = SSLv3 -MinProtocol = SSLv3 +MaxProtocol = TLSv1.2 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-98] -ExpectedResult = InternalError +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success # =========================================================== @@ -2941,17 +3271,19 @@ client = 99-version-negotiation-client [99-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.2 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [99-version-negotiation-client] CipherString = DEFAULT -MaxProtocol = SSLv3 -MinProtocol = SSLv3 +MaxProtocol = TLSv1.2 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-99] -ExpectedResult = InternalError +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success # =========================================================== @@ -2966,19 +3298,19 @@ client = 100-version-negotiation-client [100-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = SSLv3 -MinProtocol = SSLv3 +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.2 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [100-version-negotiation-client] CipherString = DEFAULT -MaxProtocol = SSLv3 -MinProtocol = SSLv3 +MaxProtocol = TLSv1.2 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-100] -ExpectedResult = InternalError +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success # =========================================================== @@ -2993,19 +3325,18 @@ client = 101-version-negotiation-client [101-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = TLSv1 -MinProtocol = SSLv3 +MinProtocol = TLSv1.2 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [101-version-negotiation-client] CipherString = DEFAULT -MaxProtocol = SSLv3 -MinProtocol = SSLv3 +MaxProtocol = TLSv1.2 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-101] -ExpectedResult = InternalError +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success # =========================================================== @@ -3020,19 +3351,18 @@ client = 102-version-negotiation-client [102-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = TLSv1.1 -MinProtocol = SSLv3 +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [102-version-negotiation-client] CipherString = DEFAULT -MaxProtocol = SSLv3 -MinProtocol = SSLv3 +MaxProtocol = TLSv1.2 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-102] -ExpectedResult = InternalError +ExpectedResult = ServerFail # =========================================================== @@ -3047,19 +3377,17 @@ client = 103-version-negotiation-client [103-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = TLSv1.2 -MinProtocol = SSLv3 +MinProtocol = TLSv1.3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [103-version-negotiation-client] CipherString = DEFAULT -MaxProtocol = SSLv3 -MinProtocol = SSLv3 +MaxProtocol = TLSv1.2 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-103] -ExpectedResult = InternalError +ExpectedResult = ServerFail # =========================================================== @@ -3074,18 +3402,17 @@ client = 104-version-negotiation-client [104-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MinProtocol = SSLv3 +MaxProtocol = SSLv3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [104-version-negotiation-client] CipherString = DEFAULT -MaxProtocol = SSLv3 -MinProtocol = SSLv3 +MaxProtocol = TLSv1.3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-104] -ExpectedResult = InternalError +ExpectedResult = ServerFail # =========================================================== @@ -3101,18 +3428,17 @@ client = 105-version-negotiation-client Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT MaxProtocol = TLSv1 -MinProtocol = TLSv1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [105-version-negotiation-client] CipherString = DEFAULT -MaxProtocol = SSLv3 -MinProtocol = SSLv3 +MaxProtocol = TLSv1.3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-105] -ExpectedResult = InternalError +ExpectedProtocol = TLSv1 +ExpectedResult = Success # =========================================================== @@ -3128,18 +3454,17 @@ client = 106-version-negotiation-client Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT MaxProtocol = TLSv1.1 -MinProtocol = TLSv1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [106-version-negotiation-client] CipherString = DEFAULT -MaxProtocol = SSLv3 -MinProtocol = SSLv3 +MaxProtocol = TLSv1.3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-106] -ExpectedResult = InternalError +ExpectedProtocol = TLSv1.1 +ExpectedResult = Success # =========================================================== @@ -3155,18 +3480,17 @@ client = 107-version-negotiation-client Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT MaxProtocol = TLSv1.2 -MinProtocol = TLSv1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [107-version-negotiation-client] CipherString = DEFAULT -MaxProtocol = SSLv3 -MinProtocol = SSLv3 +MaxProtocol = TLSv1.3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-107] -ExpectedResult = InternalError +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success # =========================================================== @@ -3181,18 +3505,18 @@ client = 108-version-negotiation-client [108-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MinProtocol = TLSv1 +MaxProtocol = TLSv1.3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [108-version-negotiation-client] CipherString = DEFAULT -MaxProtocol = SSLv3 -MinProtocol = SSLv3 +MaxProtocol = TLSv1.3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-108] -ExpectedResult = InternalError +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success # =========================================================== @@ -3207,19 +3531,17 @@ client = 109-version-negotiation-client [109-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = TLSv1.1 -MinProtocol = TLSv1.1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [109-version-negotiation-client] CipherString = DEFAULT -MaxProtocol = SSLv3 -MinProtocol = SSLv3 +MaxProtocol = TLSv1.3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-109] -ExpectedResult = InternalError +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success # =========================================================== @@ -3234,19 +3556,18 @@ client = 110-version-negotiation-client [110-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = TLSv1.2 -MinProtocol = TLSv1.1 +MaxProtocol = SSLv3 +MinProtocol = SSLv3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [110-version-negotiation-client] CipherString = DEFAULT -MaxProtocol = SSLv3 -MinProtocol = SSLv3 +MaxProtocol = TLSv1.3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-110] -ExpectedResult = InternalError +ExpectedResult = ServerFail # =========================================================== @@ -3261,18 +3582,19 @@ client = 111-version-negotiation-client [111-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MinProtocol = TLSv1.1 +MaxProtocol = TLSv1 +MinProtocol = SSLv3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [111-version-negotiation-client] CipherString = DEFAULT -MaxProtocol = SSLv3 -MinProtocol = SSLv3 +MaxProtocol = TLSv1.3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-111] -ExpectedResult = InternalError +ExpectedProtocol = TLSv1 +ExpectedResult = Success # =========================================================== @@ -3287,19 +3609,19 @@ client = 112-version-negotiation-client [112-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = TLSv1.2 -MinProtocol = TLSv1.2 +MaxProtocol = TLSv1.1 +MinProtocol = SSLv3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [112-version-negotiation-client] CipherString = DEFAULT -MaxProtocol = SSLv3 -MinProtocol = SSLv3 +MaxProtocol = TLSv1.3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-112] -ExpectedResult = InternalError +ExpectedProtocol = TLSv1.1 +ExpectedResult = Success # =========================================================== @@ -3314,18 +3636,19 @@ client = 113-version-negotiation-client [113-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MinProtocol = TLSv1.2 +MaxProtocol = TLSv1.2 +MinProtocol = SSLv3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [113-version-negotiation-client] CipherString = DEFAULT -MaxProtocol = SSLv3 -MinProtocol = SSLv3 +MaxProtocol = TLSv1.3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-113] -ExpectedResult = InternalError +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success # =========================================================== @@ -3340,18 +3663,19 @@ client = 114-version-negotiation-client [114-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = SSLv3 +MaxProtocol = TLSv1.3 +MinProtocol = SSLv3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [114-version-negotiation-client] CipherString = DEFAULT -MaxProtocol = TLSv1 -MinProtocol = SSLv3 +MaxProtocol = TLSv1.3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-114] -ExpectedResult = ServerFail +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success # =========================================================== @@ -3366,18 +3690,17 @@ client = 115-version-negotiation-client [115-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = TLSv1 +MinProtocol = SSLv3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [115-version-negotiation-client] CipherString = DEFAULT -MaxProtocol = TLSv1 -MinProtocol = SSLv3 +MaxProtocol = TLSv1.3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-115] -ExpectedProtocol = TLSv1 +ExpectedProtocol = TLSv1.2 ExpectedResult = Success @@ -3393,13 +3716,13 @@ client = 116-version-negotiation-client [116-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = TLSv1.1 +MaxProtocol = TLSv1 +MinProtocol = TLSv1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [116-version-negotiation-client] CipherString = DEFAULT -MaxProtocol = TLSv1 -MinProtocol = SSLv3 +MaxProtocol = TLSv1.3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer @@ -3420,18 +3743,18 @@ client = 117-version-negotiation-client [117-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = TLSv1.2 +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [117-version-negotiation-client] CipherString = DEFAULT -MaxProtocol = TLSv1 -MinProtocol = SSLv3 +MaxProtocol = TLSv1.3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-117] -ExpectedProtocol = TLSv1 +ExpectedProtocol = TLSv1.1 ExpectedResult = Success @@ -3447,17 +3770,18 @@ client = 118-version-negotiation-client [118-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [118-version-negotiation-client] CipherString = DEFAULT -MaxProtocol = TLSv1 -MinProtocol = SSLv3 +MaxProtocol = TLSv1.3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-118] -ExpectedProtocol = TLSv1 +ExpectedProtocol = TLSv1.2 ExpectedResult = Success @@ -3473,19 +3797,19 @@ client = 119-version-negotiation-client [119-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = SSLv3 -MinProtocol = SSLv3 +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [119-version-negotiation-client] CipherString = DEFAULT -MaxProtocol = TLSv1 -MinProtocol = SSLv3 +MaxProtocol = TLSv1.3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-119] -ExpectedResult = ServerFail +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success # =========================================================== @@ -3500,19 +3824,17 @@ client = 120-version-negotiation-client [120-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = TLSv1 -MinProtocol = SSLv3 +MinProtocol = TLSv1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [120-version-negotiation-client] CipherString = DEFAULT -MaxProtocol = TLSv1 -MinProtocol = SSLv3 +MaxProtocol = TLSv1.3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-120] -ExpectedProtocol = TLSv1 +ExpectedProtocol = TLSv1.2 ExpectedResult = Success @@ -3529,18 +3851,17 @@ client = 121-version-negotiation-client Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT MaxProtocol = TLSv1.1 -MinProtocol = SSLv3 +MinProtocol = TLSv1.1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [121-version-negotiation-client] CipherString = DEFAULT -MaxProtocol = TLSv1 -MinProtocol = SSLv3 +MaxProtocol = TLSv1.3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-121] -ExpectedProtocol = TLSv1 +ExpectedProtocol = TLSv1.1 ExpectedResult = Success @@ -3557,18 +3878,17 @@ client = 122-version-negotiation-client Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT MaxProtocol = TLSv1.2 -MinProtocol = SSLv3 +MinProtocol = TLSv1.1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [122-version-negotiation-client] CipherString = DEFAULT -MaxProtocol = TLSv1 -MinProtocol = SSLv3 +MaxProtocol = TLSv1.3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-122] -ExpectedProtocol = TLSv1 +ExpectedProtocol = TLSv1.2 ExpectedResult = Success @@ -3584,18 +3904,18 @@ client = 123-version-negotiation-client [123-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MinProtocol = SSLv3 +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [123-version-negotiation-client] CipherString = DEFAULT -MaxProtocol = TLSv1 -MinProtocol = SSLv3 +MaxProtocol = TLSv1.3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-123] -ExpectedProtocol = TLSv1 +ExpectedProtocol = TLSv1.2 ExpectedResult = Success @@ -3611,19 +3931,17 @@ client = 124-version-negotiation-client [124-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = TLSv1 -MinProtocol = TLSv1 +MinProtocol = TLSv1.1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [124-version-negotiation-client] CipherString = DEFAULT -MaxProtocol = TLSv1 -MinProtocol = SSLv3 +MaxProtocol = TLSv1.3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-124] -ExpectedProtocol = TLSv1 +ExpectedProtocol = TLSv1.2 ExpectedResult = Success @@ -3639,19 +3957,18 @@ client = 125-version-negotiation-client [125-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = TLSv1.1 -MinProtocol = TLSv1 +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.2 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [125-version-negotiation-client] CipherString = DEFAULT -MaxProtocol = TLSv1 -MinProtocol = SSLv3 +MaxProtocol = TLSv1.3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-125] -ExpectedProtocol = TLSv1 +ExpectedProtocol = TLSv1.2 ExpectedResult = Success @@ -3667,19 +3984,18 @@ client = 126-version-negotiation-client [126-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = TLSv1.2 -MinProtocol = TLSv1 +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.2 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [126-version-negotiation-client] CipherString = DEFAULT -MaxProtocol = TLSv1 -MinProtocol = SSLv3 +MaxProtocol = TLSv1.3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-126] -ExpectedProtocol = TLSv1 +ExpectedProtocol = TLSv1.2 ExpectedResult = Success @@ -3695,18 +4011,17 @@ client = 127-version-negotiation-client [127-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MinProtocol = TLSv1 +MinProtocol = TLSv1.2 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [127-version-negotiation-client] CipherString = DEFAULT -MaxProtocol = TLSv1 -MinProtocol = SSLv3 +MaxProtocol = TLSv1.3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-127] -ExpectedProtocol = TLSv1 +ExpectedProtocol = TLSv1.2 ExpectedResult = Success @@ -3722,14 +4037,13 @@ client = 128-version-negotiation-client [128-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = TLSv1.1 -MinProtocol = TLSv1.1 +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [128-version-negotiation-client] CipherString = DEFAULT -MaxProtocol = TLSv1 -MinProtocol = SSLv3 +MaxProtocol = TLSv1.3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer @@ -3749,14 +4063,12 @@ client = 129-version-negotiation-client [129-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = TLSv1.2 -MinProtocol = TLSv1.1 +MinProtocol = TLSv1.3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [129-version-negotiation-client] CipherString = DEFAULT -MaxProtocol = TLSv1 -MinProtocol = SSLv3 +MaxProtocol = TLSv1.3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer @@ -3776,13 +4088,11 @@ client = 130-version-negotiation-client [130-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MinProtocol = TLSv1.1 +MaxProtocol = SSLv3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [130-version-negotiation-client] CipherString = DEFAULT -MaxProtocol = TLSv1 -MinProtocol = SSLv3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer @@ -3802,19 +4112,17 @@ client = 131-version-negotiation-client [131-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = TLSv1.2 -MinProtocol = TLSv1.2 +MaxProtocol = TLSv1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [131-version-negotiation-client] CipherString = DEFAULT -MaxProtocol = TLSv1 -MinProtocol = SSLv3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-131] -ExpectedResult = ServerFail +ExpectedProtocol = TLSv1 +ExpectedResult = Success # =========================================================== @@ -3829,18 +4137,17 @@ client = 132-version-negotiation-client [132-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MinProtocol = TLSv1.2 +MaxProtocol = TLSv1.1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [132-version-negotiation-client] CipherString = DEFAULT -MaxProtocol = TLSv1 -MinProtocol = SSLv3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-132] -ExpectedResult = ServerFail +ExpectedProtocol = TLSv1.1 +ExpectedResult = Success # =========================================================== @@ -3855,18 +4162,17 @@ client = 133-version-negotiation-client [133-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = SSLv3 +MaxProtocol = TLSv1.2 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [133-version-negotiation-client] CipherString = DEFAULT -MaxProtocol = TLSv1.1 -MinProtocol = SSLv3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-133] -ExpectedResult = ServerFail +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success # =========================================================== @@ -3881,18 +4187,16 @@ client = 134-version-negotiation-client [134-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = TLSv1 +MaxProtocol = TLSv1.3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [134-version-negotiation-client] CipherString = DEFAULT -MaxProtocol = TLSv1.1 -MinProtocol = SSLv3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-134] -ExpectedProtocol = TLSv1 +ExpectedProtocol = TLSv1.2 ExpectedResult = Success @@ -3908,18 +4212,15 @@ client = 135-version-negotiation-client [135-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = TLSv1.1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [135-version-negotiation-client] CipherString = DEFAULT -MaxProtocol = TLSv1.1 -MinProtocol = SSLv3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-135] -ExpectedProtocol = TLSv1.1 +ExpectedProtocol = TLSv1.2 ExpectedResult = Success @@ -3935,19 +4236,17 @@ client = 136-version-negotiation-client [136-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = TLSv1.2 +MaxProtocol = SSLv3 +MinProtocol = SSLv3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [136-version-negotiation-client] CipherString = DEFAULT -MaxProtocol = TLSv1.1 -MinProtocol = SSLv3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-136] -ExpectedProtocol = TLSv1.1 -ExpectedResult = Success +ExpectedResult = ServerFail # =========================================================== @@ -3962,17 +4261,17 @@ client = 137-version-negotiation-client [137-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT +MaxProtocol = TLSv1 +MinProtocol = SSLv3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [137-version-negotiation-client] CipherString = DEFAULT -MaxProtocol = TLSv1.1 -MinProtocol = SSLv3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-137] -ExpectedProtocol = TLSv1.1 +ExpectedProtocol = TLSv1 ExpectedResult = Success @@ -3988,19 +4287,18 @@ client = 138-version-negotiation-client [138-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = SSLv3 +MaxProtocol = TLSv1.1 MinProtocol = SSLv3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [138-version-negotiation-client] CipherString = DEFAULT -MaxProtocol = TLSv1.1 -MinProtocol = SSLv3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-138] -ExpectedResult = ServerFail +ExpectedProtocol = TLSv1.1 +ExpectedResult = Success # =========================================================== @@ -4015,19 +4313,17 @@ client = 139-version-negotiation-client [139-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = TLSv1 +MaxProtocol = TLSv1.2 MinProtocol = SSLv3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [139-version-negotiation-client] CipherString = DEFAULT -MaxProtocol = TLSv1.1 -MinProtocol = SSLv3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-139] -ExpectedProtocol = TLSv1 +ExpectedProtocol = TLSv1.2 ExpectedResult = Success @@ -4043,19 +4339,17 @@ client = 140-version-negotiation-client [140-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = TLSv1.1 +MaxProtocol = TLSv1.3 MinProtocol = SSLv3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [140-version-negotiation-client] CipherString = DEFAULT -MaxProtocol = TLSv1.1 -MinProtocol = SSLv3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-140] -ExpectedProtocol = TLSv1.1 +ExpectedProtocol = TLSv1.2 ExpectedResult = Success @@ -4071,19 +4365,16 @@ client = 141-version-negotiation-client [141-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = TLSv1.2 MinProtocol = SSLv3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [141-version-negotiation-client] CipherString = DEFAULT -MaxProtocol = TLSv1.1 -MinProtocol = SSLv3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-141] -ExpectedProtocol = TLSv1.1 +ExpectedProtocol = TLSv1.2 ExpectedResult = Success @@ -4099,18 +4390,17 @@ client = 142-version-negotiation-client [142-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MinProtocol = SSLv3 +MaxProtocol = TLSv1 +MinProtocol = TLSv1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [142-version-negotiation-client] CipherString = DEFAULT -MaxProtocol = TLSv1.1 -MinProtocol = SSLv3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-142] -ExpectedProtocol = TLSv1.1 +ExpectedProtocol = TLSv1 ExpectedResult = Success @@ -4126,19 +4416,17 @@ client = 143-version-negotiation-client [143-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = TLSv1 +MaxProtocol = TLSv1.1 MinProtocol = TLSv1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [143-version-negotiation-client] CipherString = DEFAULT -MaxProtocol = TLSv1.1 -MinProtocol = SSLv3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-143] -ExpectedProtocol = TLSv1 +ExpectedProtocol = TLSv1.1 ExpectedResult = Success @@ -4154,19 +4442,17 @@ client = 144-version-negotiation-client [144-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = TLSv1.1 +MaxProtocol = TLSv1.2 MinProtocol = TLSv1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [144-version-negotiation-client] CipherString = DEFAULT -MaxProtocol = TLSv1.1 -MinProtocol = SSLv3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-144] -ExpectedProtocol = TLSv1.1 +ExpectedProtocol = TLSv1.2 ExpectedResult = Success @@ -4182,19 +4468,17 @@ client = 145-version-negotiation-client [145-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = TLSv1.2 +MaxProtocol = TLSv1.3 MinProtocol = TLSv1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [145-version-negotiation-client] CipherString = DEFAULT -MaxProtocol = TLSv1.1 -MinProtocol = SSLv3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-145] -ExpectedProtocol = TLSv1.1 +ExpectedProtocol = TLSv1.2 ExpectedResult = Success @@ -4215,13 +4499,11 @@ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [146-version-negotiation-client] CipherString = DEFAULT -MaxProtocol = TLSv1.1 -MinProtocol = SSLv3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-146] -ExpectedProtocol = TLSv1.1 +ExpectedProtocol = TLSv1.2 ExpectedResult = Success @@ -4243,8 +4525,6 @@ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [147-version-negotiation-client] CipherString = DEFAULT -MaxProtocol = TLSv1.1 -MinProtocol = SSLv3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer @@ -4271,13 +4551,11 @@ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [148-version-negotiation-client] CipherString = DEFAULT -MaxProtocol = TLSv1.1 -MinProtocol = SSLv3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-148] -ExpectedProtocol = TLSv1.1 +ExpectedProtocol = TLSv1.2 ExpectedResult = Success @@ -4293,18 +4571,17 @@ client = 149-version-negotiation-client [149-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT +MaxProtocol = TLSv1.3 MinProtocol = TLSv1.1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [149-version-negotiation-client] CipherString = DEFAULT -MaxProtocol = TLSv1.1 -MinProtocol = SSLv3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-149] -ExpectedProtocol = TLSv1.1 +ExpectedProtocol = TLSv1.2 ExpectedResult = Success @@ -4320,19 +4597,17 @@ client = 150-version-negotiation-client [150-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = TLSv1.2 -MinProtocol = TLSv1.2 +MinProtocol = TLSv1.1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [150-version-negotiation-client] CipherString = DEFAULT -MaxProtocol = TLSv1.1 -MinProtocol = SSLv3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-150] -ExpectedResult = ServerFail +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success # =========================================================== @@ -4347,18 +4622,18 @@ client = 151-version-negotiation-client [151-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT +MaxProtocol = TLSv1.2 MinProtocol = TLSv1.2 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [151-version-negotiation-client] CipherString = DEFAULT -MaxProtocol = TLSv1.1 -MinProtocol = SSLv3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-151] -ExpectedResult = ServerFail +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success # =========================================================== @@ -4373,18 +4648,18 @@ client = 152-version-negotiation-client [152-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = SSLv3 +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.2 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [152-version-negotiation-client] CipherString = DEFAULT -MaxProtocol = TLSv1.2 -MinProtocol = SSLv3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-152] -ExpectedResult = ServerFail +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success # =========================================================== @@ -4399,18 +4674,16 @@ client = 153-version-negotiation-client [153-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = TLSv1 +MinProtocol = TLSv1.2 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [153-version-negotiation-client] CipherString = DEFAULT -MaxProtocol = TLSv1.2 -MinProtocol = SSLv3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-153] -ExpectedProtocol = TLSv1 +ExpectedProtocol = TLSv1.2 ExpectedResult = Success @@ -4426,19 +4699,17 @@ client = 154-version-negotiation-client [154-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = TLSv1.1 +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [154-version-negotiation-client] CipherString = DEFAULT -MaxProtocol = TLSv1.2 -MinProtocol = SSLv3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-154] -ExpectedProtocol = TLSv1.1 -ExpectedResult = Success +ExpectedResult = ServerFail # =========================================================== @@ -4453,19 +4724,16 @@ client = 155-version-negotiation-client [155-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [155-version-negotiation-client] CipherString = DEFAULT -MaxProtocol = TLSv1.2 -MinProtocol = SSLv3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-155] -ExpectedProtocol = TLSv1.2 -ExpectedResult = Success +ExpectedResult = ServerFail # =========================================================== @@ -4480,18 +4748,18 @@ client = 156-version-negotiation-client [156-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT +MaxProtocol = SSLv3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [156-version-negotiation-client] CipherString = DEFAULT -MaxProtocol = TLSv1.2 +MaxProtocol = SSLv3 MinProtocol = SSLv3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-156] -ExpectedProtocol = TLSv1.2 -ExpectedResult = Success +ExpectedResult = InternalError # =========================================================== @@ -4506,19 +4774,18 @@ client = 157-version-negotiation-client [157-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = SSLv3 -MinProtocol = SSLv3 +MaxProtocol = TLSv1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [157-version-negotiation-client] CipherString = DEFAULT -MaxProtocol = TLSv1.2 +MaxProtocol = SSLv3 MinProtocol = SSLv3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-157] -ExpectedResult = ServerFail +ExpectedResult = InternalError # =========================================================== @@ -4533,20 +4800,18 @@ client = 158-version-negotiation-client [158-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = TLSv1 -MinProtocol = SSLv3 +MaxProtocol = TLSv1.1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [158-version-negotiation-client] CipherString = DEFAULT -MaxProtocol = TLSv1.2 +MaxProtocol = SSLv3 MinProtocol = SSLv3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-158] -ExpectedProtocol = TLSv1 -ExpectedResult = Success +ExpectedResult = InternalError # =========================================================== @@ -4561,20 +4826,18 @@ client = 159-version-negotiation-client [159-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = TLSv1.1 -MinProtocol = SSLv3 +MaxProtocol = TLSv1.2 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [159-version-negotiation-client] CipherString = DEFAULT -MaxProtocol = TLSv1.2 +MaxProtocol = SSLv3 MinProtocol = SSLv3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-159] -ExpectedProtocol = TLSv1.1 -ExpectedResult = Success +ExpectedResult = InternalError # =========================================================== @@ -4589,20 +4852,18 @@ client = 160-version-negotiation-client [160-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = TLSv1.2 -MinProtocol = SSLv3 +MaxProtocol = TLSv1.3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [160-version-negotiation-client] CipherString = DEFAULT -MaxProtocol = TLSv1.2 +MaxProtocol = SSLv3 MinProtocol = SSLv3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-160] -ExpectedProtocol = TLSv1.2 -ExpectedResult = Success +ExpectedResult = InternalError # =========================================================== @@ -4617,19 +4878,17 @@ client = 161-version-negotiation-client [161-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MinProtocol = SSLv3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [161-version-negotiation-client] CipherString = DEFAULT -MaxProtocol = TLSv1.2 +MaxProtocol = SSLv3 MinProtocol = SSLv3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-161] -ExpectedProtocol = TLSv1.2 -ExpectedResult = Success +ExpectedResult = InternalError # =========================================================== @@ -4644,20 +4903,19 @@ client = 162-version-negotiation-client [162-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = TLSv1 -MinProtocol = TLSv1 +MaxProtocol = SSLv3 +MinProtocol = SSLv3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [162-version-negotiation-client] CipherString = DEFAULT -MaxProtocol = TLSv1.2 +MaxProtocol = SSLv3 MinProtocol = SSLv3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-162] -ExpectedProtocol = TLSv1 -ExpectedResult = Success +ExpectedResult = InternalError # =========================================================== @@ -4672,20 +4930,19 @@ client = 163-version-negotiation-client [163-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = TLSv1.1 -MinProtocol = TLSv1 +MaxProtocol = TLSv1 +MinProtocol = SSLv3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [163-version-negotiation-client] CipherString = DEFAULT -MaxProtocol = TLSv1.2 +MaxProtocol = SSLv3 MinProtocol = SSLv3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-163] -ExpectedProtocol = TLSv1.1 -ExpectedResult = Success +ExpectedResult = InternalError # =========================================================== @@ -4700,20 +4957,19 @@ client = 164-version-negotiation-client [164-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = TLSv1.2 -MinProtocol = TLSv1 +MaxProtocol = TLSv1.1 +MinProtocol = SSLv3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [164-version-negotiation-client] CipherString = DEFAULT -MaxProtocol = TLSv1.2 +MaxProtocol = SSLv3 MinProtocol = SSLv3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-164] -ExpectedProtocol = TLSv1.2 -ExpectedResult = Success +ExpectedResult = InternalError # =========================================================== @@ -4728,19 +4984,19 @@ client = 165-version-negotiation-client [165-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MinProtocol = TLSv1 +MaxProtocol = TLSv1.2 +MinProtocol = SSLv3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [165-version-negotiation-client] CipherString = DEFAULT -MaxProtocol = TLSv1.2 +MaxProtocol = SSLv3 MinProtocol = SSLv3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-165] -ExpectedProtocol = TLSv1.2 -ExpectedResult = Success +ExpectedResult = InternalError # =========================================================== @@ -4755,20 +5011,19 @@ client = 166-version-negotiation-client [166-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = TLSv1.1 -MinProtocol = TLSv1.1 +MaxProtocol = TLSv1.3 +MinProtocol = SSLv3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [166-version-negotiation-client] CipherString = DEFAULT -MaxProtocol = TLSv1.2 +MaxProtocol = SSLv3 MinProtocol = SSLv3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-166] -ExpectedProtocol = TLSv1.1 -ExpectedResult = Success +ExpectedResult = InternalError # =========================================================== @@ -4783,20 +5038,18 @@ client = 167-version-negotiation-client [167-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = TLSv1.2 -MinProtocol = TLSv1.1 +MinProtocol = SSLv3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [167-version-negotiation-client] CipherString = DEFAULT -MaxProtocol = TLSv1.2 +MaxProtocol = SSLv3 MinProtocol = SSLv3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-167] -ExpectedProtocol = TLSv1.2 -ExpectedResult = Success +ExpectedResult = InternalError # =========================================================== @@ -4811,19 +5064,19 @@ client = 168-version-negotiation-client [168-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MinProtocol = TLSv1.1 +MaxProtocol = TLSv1 +MinProtocol = TLSv1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [168-version-negotiation-client] CipherString = DEFAULT -MaxProtocol = TLSv1.2 +MaxProtocol = SSLv3 MinProtocol = SSLv3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-168] -ExpectedProtocol = TLSv1.2 -ExpectedResult = Success +ExpectedResult = InternalError # =========================================================== @@ -4838,20 +5091,19 @@ client = 169-version-negotiation-client [169-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = TLSv1.2 -MinProtocol = TLSv1.2 +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [169-version-negotiation-client] CipherString = DEFAULT -MaxProtocol = TLSv1.2 +MaxProtocol = SSLv3 MinProtocol = SSLv3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-169] -ExpectedProtocol = TLSv1.2 -ExpectedResult = Success +ExpectedResult = InternalError # =========================================================== @@ -4866,19 +5118,19 @@ client = 170-version-negotiation-client [170-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MinProtocol = TLSv1.2 +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [170-version-negotiation-client] CipherString = DEFAULT -MaxProtocol = TLSv1.2 +MaxProtocol = SSLv3 MinProtocol = SSLv3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-170] -ExpectedProtocol = TLSv1.2 -ExpectedResult = Success +ExpectedResult = InternalError # =========================================================== @@ -4893,17 +5145,19 @@ client = 171-version-negotiation-client [171-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = SSLv3 +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [171-version-negotiation-client] CipherString = DEFAULT +MaxProtocol = SSLv3 MinProtocol = SSLv3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-171] -ExpectedResult = ServerFail +ExpectedResult = InternalError # =========================================================== @@ -4918,18 +5172,18 @@ client = 172-version-negotiation-client [172-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = TLSv1 +MinProtocol = TLSv1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [172-version-negotiation-client] CipherString = DEFAULT +MaxProtocol = SSLv3 MinProtocol = SSLv3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-172] -ExpectedProtocol = TLSv1 -ExpectedResult = Success +ExpectedResult = InternalError # =========================================================== @@ -4945,17 +5199,18 @@ client = 173-version-negotiation-client Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT MaxProtocol = TLSv1.1 +MinProtocol = TLSv1.1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [173-version-negotiation-client] CipherString = DEFAULT +MaxProtocol = SSLv3 MinProtocol = SSLv3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-173] -ExpectedProtocol = TLSv1.1 -ExpectedResult = Success +ExpectedResult = InternalError # =========================================================== @@ -4971,17 +5226,18 @@ client = 174-version-negotiation-client Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [174-version-negotiation-client] CipherString = DEFAULT +MaxProtocol = SSLv3 MinProtocol = SSLv3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-174] -ExpectedProtocol = TLSv1.2 -ExpectedResult = Success +ExpectedResult = InternalError # =========================================================== @@ -4996,17 +5252,19 @@ client = 175-version-negotiation-client [175-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [175-version-negotiation-client] CipherString = DEFAULT +MaxProtocol = SSLv3 MinProtocol = SSLv3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-175] -ExpectedProtocol = TLSv1.2 -ExpectedResult = Success +ExpectedResult = InternalError # =========================================================== @@ -5021,18 +5279,18 @@ client = 176-version-negotiation-client [176-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = SSLv3 -MinProtocol = SSLv3 +MinProtocol = TLSv1.1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [176-version-negotiation-client] CipherString = DEFAULT +MaxProtocol = SSLv3 MinProtocol = SSLv3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-176] -ExpectedResult = ServerFail +ExpectedResult = InternalError # =========================================================== @@ -5047,19 +5305,19 @@ client = 177-version-negotiation-client [177-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = TLSv1 -MinProtocol = SSLv3 +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.2 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [177-version-negotiation-client] CipherString = DEFAULT +MaxProtocol = SSLv3 MinProtocol = SSLv3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-177] -ExpectedProtocol = TLSv1 -ExpectedResult = Success +ExpectedResult = InternalError # =========================================================== @@ -5074,19 +5332,19 @@ client = 178-version-negotiation-client [178-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = TLSv1.1 -MinProtocol = SSLv3 +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.2 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [178-version-negotiation-client] CipherString = DEFAULT +MaxProtocol = SSLv3 MinProtocol = SSLv3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-178] -ExpectedProtocol = TLSv1.1 -ExpectedResult = Success +ExpectedResult = InternalError # =========================================================== @@ -5101,19 +5359,18 @@ client = 179-version-negotiation-client [179-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = TLSv1.2 -MinProtocol = SSLv3 +MinProtocol = TLSv1.2 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [179-version-negotiation-client] CipherString = DEFAULT +MaxProtocol = SSLv3 MinProtocol = SSLv3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-179] -ExpectedProtocol = TLSv1.2 -ExpectedResult = Success +ExpectedResult = InternalError # =========================================================== @@ -5128,18 +5385,19 @@ client = 180-version-negotiation-client [180-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MinProtocol = SSLv3 +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [180-version-negotiation-client] CipherString = DEFAULT +MaxProtocol = SSLv3 MinProtocol = SSLv3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-180] -ExpectedProtocol = TLSv1.2 -ExpectedResult = Success +ExpectedResult = InternalError # =========================================================== @@ -5154,19 +5412,18 @@ client = 181-version-negotiation-client [181-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = TLSv1 -MinProtocol = TLSv1 +MinProtocol = TLSv1.3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [181-version-negotiation-client] CipherString = DEFAULT +MaxProtocol = SSLv3 MinProtocol = SSLv3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-181] -ExpectedProtocol = TLSv1 -ExpectedResult = Success +ExpectedResult = InternalError # =========================================================== @@ -5181,19 +5438,18 @@ client = 182-version-negotiation-client [182-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = TLSv1.1 -MinProtocol = TLSv1 +MaxProtocol = SSLv3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [182-version-negotiation-client] CipherString = DEFAULT +MaxProtocol = TLSv1 MinProtocol = SSLv3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-182] -ExpectedProtocol = TLSv1.1 -ExpectedResult = Success +ExpectedResult = ServerFail # =========================================================== @@ -5208,18 +5464,18 @@ client = 183-version-negotiation-client [183-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = TLSv1.2 -MinProtocol = TLSv1 +MaxProtocol = TLSv1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [183-version-negotiation-client] CipherString = DEFAULT +MaxProtocol = TLSv1 MinProtocol = SSLv3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-183] -ExpectedProtocol = TLSv1.2 +ExpectedProtocol = TLSv1 ExpectedResult = Success @@ -5235,17 +5491,18 @@ client = 184-version-negotiation-client [184-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MinProtocol = TLSv1 +MaxProtocol = TLSv1.1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [184-version-negotiation-client] CipherString = DEFAULT +MaxProtocol = TLSv1 MinProtocol = SSLv3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-184] -ExpectedProtocol = TLSv1.2 +ExpectedProtocol = TLSv1 ExpectedResult = Success @@ -5261,18 +5518,18 @@ client = 185-version-negotiation-client [185-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = TLSv1.1 -MinProtocol = TLSv1.1 +MaxProtocol = TLSv1.2 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [185-version-negotiation-client] CipherString = DEFAULT +MaxProtocol = TLSv1 MinProtocol = SSLv3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-185] -ExpectedProtocol = TLSv1.1 +ExpectedProtocol = TLSv1 ExpectedResult = Success @@ -5288,18 +5545,18 @@ client = 186-version-negotiation-client [186-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = TLSv1.2 -MinProtocol = TLSv1.1 +MaxProtocol = TLSv1.3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [186-version-negotiation-client] CipherString = DEFAULT +MaxProtocol = TLSv1 MinProtocol = SSLv3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-186] -ExpectedProtocol = TLSv1.2 +ExpectedProtocol = TLSv1 ExpectedResult = Success @@ -5315,17 +5572,17 @@ client = 187-version-negotiation-client [187-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MinProtocol = TLSv1.1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [187-version-negotiation-client] CipherString = DEFAULT +MaxProtocol = TLSv1 MinProtocol = SSLv3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-187] -ExpectedProtocol = TLSv1.2 +ExpectedProtocol = TLSv1 ExpectedResult = Success @@ -5341,19 +5598,19 @@ client = 188-version-negotiation-client [188-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = TLSv1.2 -MinProtocol = TLSv1.2 +MaxProtocol = SSLv3 +MinProtocol = SSLv3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [188-version-negotiation-client] CipherString = DEFAULT +MaxProtocol = TLSv1 MinProtocol = SSLv3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-188] -ExpectedProtocol = TLSv1.2 -ExpectedResult = Success +ExpectedResult = ServerFail # =========================================================== @@ -5368,17 +5625,19 @@ client = 189-version-negotiation-client [189-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MinProtocol = TLSv1.2 +MaxProtocol = TLSv1 +MinProtocol = SSLv3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [189-version-negotiation-client] CipherString = DEFAULT +MaxProtocol = TLSv1 MinProtocol = SSLv3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-189] -ExpectedProtocol = TLSv1.2 +ExpectedProtocol = TLSv1 ExpectedResult = Success @@ -5394,18 +5653,20 @@ client = 190-version-negotiation-client [190-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = SSLv3 +MaxProtocol = TLSv1.1 +MinProtocol = SSLv3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [190-version-negotiation-client] CipherString = DEFAULT MaxProtocol = TLSv1 -MinProtocol = TLSv1 +MinProtocol = SSLv3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-190] -ExpectedResult = ServerFail +ExpectedProtocol = TLSv1 +ExpectedResult = Success # =========================================================== @@ -5420,13 +5681,14 @@ client = 191-version-negotiation-client [191-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = TLSv1 +MaxProtocol = TLSv1.2 +MinProtocol = SSLv3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [191-version-negotiation-client] CipherString = DEFAULT MaxProtocol = TLSv1 -MinProtocol = TLSv1 +MinProtocol = SSLv3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer @@ -5447,13 +5709,14 @@ client = 192-version-negotiation-client [192-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = TLSv1.1 +MaxProtocol = TLSv1.3 +MinProtocol = SSLv3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [192-version-negotiation-client] CipherString = DEFAULT MaxProtocol = TLSv1 -MinProtocol = TLSv1 +MinProtocol = SSLv3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer @@ -5474,13 +5737,13 @@ client = 193-version-negotiation-client [193-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = TLSv1.2 +MinProtocol = SSLv3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [193-version-negotiation-client] CipherString = DEFAULT MaxProtocol = TLSv1 -MinProtocol = TLSv1 +MinProtocol = SSLv3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer @@ -5501,12 +5764,14 @@ client = 194-version-negotiation-client [194-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT +MaxProtocol = TLSv1 +MinProtocol = TLSv1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [194-version-negotiation-client] CipherString = DEFAULT MaxProtocol = TLSv1 -MinProtocol = TLSv1 +MinProtocol = SSLv3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer @@ -5527,19 +5792,20 @@ client = 195-version-negotiation-client [195-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = SSLv3 -MinProtocol = SSLv3 +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [195-version-negotiation-client] CipherString = DEFAULT MaxProtocol = TLSv1 -MinProtocol = TLSv1 +MinProtocol = SSLv3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-195] -ExpectedResult = ServerFail +ExpectedProtocol = TLSv1 +ExpectedResult = Success # =========================================================== @@ -5554,14 +5820,14 @@ client = 196-version-negotiation-client [196-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = TLSv1 -MinProtocol = SSLv3 +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [196-version-negotiation-client] CipherString = DEFAULT MaxProtocol = TLSv1 -MinProtocol = TLSv1 +MinProtocol = SSLv3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer @@ -5582,14 +5848,14 @@ client = 197-version-negotiation-client [197-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = TLSv1.1 -MinProtocol = SSLv3 +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [197-version-negotiation-client] CipherString = DEFAULT MaxProtocol = TLSv1 -MinProtocol = TLSv1 +MinProtocol = SSLv3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer @@ -5610,14 +5876,13 @@ client = 198-version-negotiation-client [198-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = TLSv1.2 -MinProtocol = SSLv3 +MinProtocol = TLSv1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [198-version-negotiation-client] CipherString = DEFAULT MaxProtocol = TLSv1 -MinProtocol = TLSv1 +MinProtocol = SSLv3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer @@ -5638,19 +5903,19 @@ client = 199-version-negotiation-client [199-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MinProtocol = SSLv3 +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1.1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [199-version-negotiation-client] CipherString = DEFAULT MaxProtocol = TLSv1 -MinProtocol = TLSv1 +MinProtocol = SSLv3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-199] -ExpectedProtocol = TLSv1 -ExpectedResult = Success +ExpectedResult = ServerFail # =========================================================== @@ -5665,20 +5930,19 @@ client = 200-version-negotiation-client [200-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = TLSv1 -MinProtocol = TLSv1 +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [200-version-negotiation-client] CipherString = DEFAULT MaxProtocol = TLSv1 -MinProtocol = TLSv1 +MinProtocol = SSLv3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-200] -ExpectedProtocol = TLSv1 -ExpectedResult = Success +ExpectedResult = ServerFail # =========================================================== @@ -5693,20 +5957,19 @@ client = 201-version-negotiation-client [201-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = TLSv1.1 -MinProtocol = TLSv1 +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [201-version-negotiation-client] CipherString = DEFAULT MaxProtocol = TLSv1 -MinProtocol = TLSv1 +MinProtocol = SSLv3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-201] -ExpectedProtocol = TLSv1 -ExpectedResult = Success +ExpectedResult = ServerFail # =========================================================== @@ -5721,20 +5984,18 @@ client = 202-version-negotiation-client [202-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = TLSv1.2 -MinProtocol = TLSv1 +MinProtocol = TLSv1.1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [202-version-negotiation-client] CipherString = DEFAULT MaxProtocol = TLSv1 -MinProtocol = TLSv1 +MinProtocol = SSLv3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-202] -ExpectedProtocol = TLSv1 -ExpectedResult = Success +ExpectedResult = ServerFail # =========================================================== @@ -5749,19 +6010,19 @@ client = 203-version-negotiation-client [203-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MinProtocol = TLSv1 +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.2 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [203-version-negotiation-client] CipherString = DEFAULT MaxProtocol = TLSv1 -MinProtocol = TLSv1 +MinProtocol = SSLv3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-203] -ExpectedProtocol = TLSv1 -ExpectedResult = Success +ExpectedResult = ServerFail # =========================================================== @@ -5776,14 +6037,14 @@ client = 204-version-negotiation-client [204-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = TLSv1.1 -MinProtocol = TLSv1.1 +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.2 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [204-version-negotiation-client] CipherString = DEFAULT MaxProtocol = TLSv1 -MinProtocol = TLSv1 +MinProtocol = SSLv3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer @@ -5803,14 +6064,13 @@ client = 205-version-negotiation-client [205-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = TLSv1.2 -MinProtocol = TLSv1.1 +MinProtocol = TLSv1.2 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [205-version-negotiation-client] CipherString = DEFAULT MaxProtocol = TLSv1 -MinProtocol = TLSv1 +MinProtocol = SSLv3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer @@ -5830,13 +6090,14 @@ client = 206-version-negotiation-client [206-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MinProtocol = TLSv1.1 +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [206-version-negotiation-client] CipherString = DEFAULT MaxProtocol = TLSv1 -MinProtocol = TLSv1 +MinProtocol = SSLv3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer @@ -5856,14 +6117,13 @@ client = 207-version-negotiation-client [207-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = TLSv1.2 -MinProtocol = TLSv1.2 +MinProtocol = TLSv1.3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [207-version-negotiation-client] CipherString = DEFAULT MaxProtocol = TLSv1 -MinProtocol = TLSv1 +MinProtocol = SSLv3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer @@ -5883,13 +6143,13 @@ client = 208-version-negotiation-client [208-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MinProtocol = TLSv1.2 +MaxProtocol = SSLv3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [208-version-negotiation-client] CipherString = DEFAULT -MaxProtocol = TLSv1 -MinProtocol = TLSv1 +MaxProtocol = TLSv1.1 +MinProtocol = SSLv3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer @@ -5909,18 +6169,19 @@ client = 209-version-negotiation-client [209-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = SSLv3 +MaxProtocol = TLSv1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [209-version-negotiation-client] CipherString = DEFAULT MaxProtocol = TLSv1.1 -MinProtocol = TLSv1 +MinProtocol = SSLv3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-209] -ExpectedResult = ServerFail +ExpectedProtocol = TLSv1 +ExpectedResult = Success # =========================================================== @@ -5935,18 +6196,18 @@ client = 210-version-negotiation-client [210-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = TLSv1 +MaxProtocol = TLSv1.1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [210-version-negotiation-client] CipherString = DEFAULT MaxProtocol = TLSv1.1 -MinProtocol = TLSv1 +MinProtocol = SSLv3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-210] -ExpectedProtocol = TLSv1 +ExpectedProtocol = TLSv1.1 ExpectedResult = Success @@ -5962,13 +6223,13 @@ client = 211-version-negotiation-client [211-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = TLSv1.1 +MaxProtocol = TLSv1.2 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [211-version-negotiation-client] CipherString = DEFAULT MaxProtocol = TLSv1.1 -MinProtocol = TLSv1 +MinProtocol = SSLv3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer @@ -5989,13 +6250,13 @@ client = 212-version-negotiation-client [212-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = TLSv1.2 +MaxProtocol = TLSv1.3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [212-version-negotiation-client] CipherString = DEFAULT MaxProtocol = TLSv1.1 -MinProtocol = TLSv1 +MinProtocol = SSLv3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer @@ -6021,7 +6282,7 @@ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [213-version-negotiation-client] CipherString = DEFAULT MaxProtocol = TLSv1.1 -MinProtocol = TLSv1 +MinProtocol = SSLv3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer @@ -6049,7 +6310,7 @@ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [214-version-negotiation-client] CipherString = DEFAULT MaxProtocol = TLSv1.1 -MinProtocol = TLSv1 +MinProtocol = SSLv3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer @@ -6076,7 +6337,7 @@ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [215-version-negotiation-client] CipherString = DEFAULT MaxProtocol = TLSv1.1 -MinProtocol = TLSv1 +MinProtocol = SSLv3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer @@ -6104,7 +6365,7 @@ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [216-version-negotiation-client] CipherString = DEFAULT MaxProtocol = TLSv1.1 -MinProtocol = TLSv1 +MinProtocol = SSLv3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer @@ -6132,7 +6393,7 @@ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [217-version-negotiation-client] CipherString = DEFAULT MaxProtocol = TLSv1.1 -MinProtocol = TLSv1 +MinProtocol = SSLv3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer @@ -6153,13 +6414,14 @@ client = 218-version-negotiation-client [218-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT +MaxProtocol = TLSv1.3 MinProtocol = SSLv3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [218-version-negotiation-client] CipherString = DEFAULT MaxProtocol = TLSv1.1 -MinProtocol = TLSv1 +MinProtocol = SSLv3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer @@ -6180,19 +6442,18 @@ client = 219-version-negotiation-client [219-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = TLSv1 -MinProtocol = TLSv1 +MinProtocol = SSLv3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [219-version-negotiation-client] CipherString = DEFAULT MaxProtocol = TLSv1.1 -MinProtocol = TLSv1 +MinProtocol = SSLv3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-219] -ExpectedProtocol = TLSv1 +ExpectedProtocol = TLSv1.1 ExpectedResult = Success @@ -6208,19 +6469,19 @@ client = 220-version-negotiation-client [220-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = TLSv1.1 +MaxProtocol = TLSv1 MinProtocol = TLSv1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [220-version-negotiation-client] CipherString = DEFAULT MaxProtocol = TLSv1.1 -MinProtocol = TLSv1 +MinProtocol = SSLv3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-220] -ExpectedProtocol = TLSv1.1 +ExpectedProtocol = TLSv1 ExpectedResult = Success @@ -6236,14 +6497,14 @@ client = 221-version-negotiation-client [221-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = TLSv1.2 +MaxProtocol = TLSv1.1 MinProtocol = TLSv1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [221-version-negotiation-client] CipherString = DEFAULT MaxProtocol = TLSv1.1 -MinProtocol = TLSv1 +MinProtocol = SSLv3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer @@ -6264,13 +6525,14 @@ client = 222-version-negotiation-client [222-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT +MaxProtocol = TLSv1.2 MinProtocol = TLSv1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [222-version-negotiation-client] CipherString = DEFAULT MaxProtocol = TLSv1.1 -MinProtocol = TLSv1 +MinProtocol = SSLv3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer @@ -6291,14 +6553,14 @@ client = 223-version-negotiation-client [223-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = TLSv1.1 -MinProtocol = TLSv1.1 +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [223-version-negotiation-client] CipherString = DEFAULT MaxProtocol = TLSv1.1 -MinProtocol = TLSv1 +MinProtocol = SSLv3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer @@ -6319,14 +6581,13 @@ client = 224-version-negotiation-client [224-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = TLSv1.2 -MinProtocol = TLSv1.1 +MinProtocol = TLSv1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [224-version-negotiation-client] CipherString = DEFAULT MaxProtocol = TLSv1.1 -MinProtocol = TLSv1 +MinProtocol = SSLv3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer @@ -6347,13 +6608,14 @@ client = 225-version-negotiation-client [225-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT +MaxProtocol = TLSv1.1 MinProtocol = TLSv1.1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [225-version-negotiation-client] CipherString = DEFAULT MaxProtocol = TLSv1.1 -MinProtocol = TLSv1 +MinProtocol = SSLv3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer @@ -6375,18 +6637,19 @@ client = 226-version-negotiation-client Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT MaxProtocol = TLSv1.2 -MinProtocol = TLSv1.2 +MinProtocol = TLSv1.1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [226-version-negotiation-client] CipherString = DEFAULT MaxProtocol = TLSv1.1 -MinProtocol = TLSv1 +MinProtocol = SSLv3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-226] -ExpectedResult = ServerFail +ExpectedProtocol = TLSv1.1 +ExpectedResult = Success # =========================================================== @@ -6401,18 +6664,20 @@ client = 227-version-negotiation-client [227-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MinProtocol = TLSv1.2 +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [227-version-negotiation-client] CipherString = DEFAULT MaxProtocol = TLSv1.1 -MinProtocol = TLSv1 +MinProtocol = SSLv3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-227] -ExpectedResult = ServerFail +ExpectedProtocol = TLSv1.1 +ExpectedResult = Success # =========================================================== @@ -6427,18 +6692,19 @@ client = 228-version-negotiation-client [228-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = SSLv3 +MinProtocol = TLSv1.1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [228-version-negotiation-client] CipherString = DEFAULT -MaxProtocol = TLSv1.2 -MinProtocol = TLSv1 +MaxProtocol = TLSv1.1 +MinProtocol = SSLv3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-228] -ExpectedResult = ServerFail +ExpectedProtocol = TLSv1.1 +ExpectedResult = Success # =========================================================== @@ -6453,19 +6719,19 @@ client = 229-version-negotiation-client [229-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = TLSv1 +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.2 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [229-version-negotiation-client] CipherString = DEFAULT -MaxProtocol = TLSv1.2 -MinProtocol = TLSv1 +MaxProtocol = TLSv1.1 +MinProtocol = SSLv3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-229] -ExpectedProtocol = TLSv1 -ExpectedResult = Success +ExpectedResult = ServerFail # =========================================================== @@ -6480,19 +6746,19 @@ client = 230-version-negotiation-client [230-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = TLSv1.1 +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.2 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [230-version-negotiation-client] CipherString = DEFAULT -MaxProtocol = TLSv1.2 -MinProtocol = TLSv1 +MaxProtocol = TLSv1.1 +MinProtocol = SSLv3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-230] -ExpectedProtocol = TLSv1.1 -ExpectedResult = Success +ExpectedResult = ServerFail # =========================================================== @@ -6507,19 +6773,18 @@ client = 231-version-negotiation-client [231-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.2 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [231-version-negotiation-client] CipherString = DEFAULT -MaxProtocol = TLSv1.2 -MinProtocol = TLSv1 +MaxProtocol = TLSv1.1 +MinProtocol = SSLv3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-231] -ExpectedProtocol = TLSv1.2 -ExpectedResult = Success +ExpectedResult = ServerFail # =========================================================== @@ -6534,18 +6799,19 @@ client = 232-version-negotiation-client [232-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [232-version-negotiation-client] CipherString = DEFAULT -MaxProtocol = TLSv1.2 -MinProtocol = TLSv1 +MaxProtocol = TLSv1.1 +MinProtocol = SSLv3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-232] -ExpectedProtocol = TLSv1.2 -ExpectedResult = Success +ExpectedResult = ServerFail # =========================================================== @@ -6560,14 +6826,13 @@ client = 233-version-negotiation-client [233-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = SSLv3 -MinProtocol = SSLv3 +MinProtocol = TLSv1.3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [233-version-negotiation-client] CipherString = DEFAULT -MaxProtocol = TLSv1.2 -MinProtocol = TLSv1 +MaxProtocol = TLSv1.1 +MinProtocol = SSLv3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer @@ -6587,20 +6852,18 @@ client = 234-version-negotiation-client [234-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = TLSv1 -MinProtocol = SSLv3 +MaxProtocol = SSLv3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [234-version-negotiation-client] CipherString = DEFAULT MaxProtocol = TLSv1.2 -MinProtocol = TLSv1 +MinProtocol = SSLv3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-234] -ExpectedProtocol = TLSv1 -ExpectedResult = Success +ExpectedResult = ServerFail # =========================================================== @@ -6615,19 +6878,18 @@ client = 235-version-negotiation-client [235-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = TLSv1.1 -MinProtocol = SSLv3 +MaxProtocol = TLSv1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [235-version-negotiation-client] CipherString = DEFAULT MaxProtocol = TLSv1.2 -MinProtocol = TLSv1 +MinProtocol = SSLv3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-235] -ExpectedProtocol = TLSv1.1 +ExpectedProtocol = TLSv1 ExpectedResult = Success @@ -6643,19 +6905,18 @@ client = 236-version-negotiation-client [236-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = TLSv1.2 -MinProtocol = SSLv3 +MaxProtocol = TLSv1.1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [236-version-negotiation-client] CipherString = DEFAULT MaxProtocol = TLSv1.2 -MinProtocol = TLSv1 +MinProtocol = SSLv3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-236] -ExpectedProtocol = TLSv1.2 +ExpectedProtocol = TLSv1.1 ExpectedResult = Success @@ -6671,13 +6932,13 @@ client = 237-version-negotiation-client [237-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MinProtocol = SSLv3 +MaxProtocol = TLSv1.2 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [237-version-negotiation-client] CipherString = DEFAULT MaxProtocol = TLSv1.2 -MinProtocol = TLSv1 +MinProtocol = SSLv3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer @@ -6698,19 +6959,18 @@ client = 238-version-negotiation-client [238-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = TLSv1 -MinProtocol = TLSv1 +MaxProtocol = TLSv1.3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [238-version-negotiation-client] CipherString = DEFAULT MaxProtocol = TLSv1.2 -MinProtocol = TLSv1 +MinProtocol = SSLv3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-238] -ExpectedProtocol = TLSv1 +ExpectedProtocol = TLSv1.2 ExpectedResult = Success @@ -6726,19 +6986,17 @@ client = 239-version-negotiation-client [239-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = TLSv1.1 -MinProtocol = TLSv1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [239-version-negotiation-client] CipherString = DEFAULT MaxProtocol = TLSv1.2 -MinProtocol = TLSv1 +MinProtocol = SSLv3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-239] -ExpectedProtocol = TLSv1.1 +ExpectedProtocol = TLSv1.2 ExpectedResult = Success @@ -6754,20 +7012,19 @@ client = 240-version-negotiation-client [240-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = TLSv1.2 -MinProtocol = TLSv1 +MaxProtocol = SSLv3 +MinProtocol = SSLv3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [240-version-negotiation-client] CipherString = DEFAULT MaxProtocol = TLSv1.2 -MinProtocol = TLSv1 +MinProtocol = SSLv3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-240] -ExpectedProtocol = TLSv1.2 -ExpectedResult = Success +ExpectedResult = ServerFail # =========================================================== @@ -6782,18 +7039,19 @@ client = 241-version-negotiation-client [241-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MinProtocol = TLSv1 +MaxProtocol = TLSv1 +MinProtocol = SSLv3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [241-version-negotiation-client] CipherString = DEFAULT MaxProtocol = TLSv1.2 -MinProtocol = TLSv1 +MinProtocol = SSLv3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-241] -ExpectedProtocol = TLSv1.2 +ExpectedProtocol = TLSv1 ExpectedResult = Success @@ -6810,13 +7068,13 @@ client = 242-version-negotiation-client Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT MaxProtocol = TLSv1.1 -MinProtocol = TLSv1.1 +MinProtocol = SSLv3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [242-version-negotiation-client] CipherString = DEFAULT MaxProtocol = TLSv1.2 -MinProtocol = TLSv1 +MinProtocol = SSLv3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer @@ -6838,13 +7096,13 @@ client = 243-version-negotiation-client Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT MaxProtocol = TLSv1.2 -MinProtocol = TLSv1.1 +MinProtocol = SSLv3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [243-version-negotiation-client] CipherString = DEFAULT MaxProtocol = TLSv1.2 -MinProtocol = TLSv1 +MinProtocol = SSLv3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer @@ -6865,13 +7123,14 @@ client = 244-version-negotiation-client [244-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MinProtocol = TLSv1.1 +MaxProtocol = TLSv1.3 +MinProtocol = SSLv3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [244-version-negotiation-client] CipherString = DEFAULT MaxProtocol = TLSv1.2 -MinProtocol = TLSv1 +MinProtocol = SSLv3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer @@ -6892,14 +7151,13 @@ client = 245-version-negotiation-client [245-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = TLSv1.2 -MinProtocol = TLSv1.2 +MinProtocol = SSLv3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [245-version-negotiation-client] CipherString = DEFAULT MaxProtocol = TLSv1.2 -MinProtocol = TLSv1 +MinProtocol = SSLv3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer @@ -6920,18 +7178,19 @@ client = 246-version-negotiation-client [246-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MinProtocol = TLSv1.2 +MaxProtocol = TLSv1 +MinProtocol = TLSv1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [246-version-negotiation-client] CipherString = DEFAULT MaxProtocol = TLSv1.2 -MinProtocol = TLSv1 +MinProtocol = SSLv3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-246] -ExpectedProtocol = TLSv1.2 +ExpectedProtocol = TLSv1 ExpectedResult = Success @@ -6947,17 +7206,20 @@ client = 247-version-negotiation-client [247-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = SSLv3 +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [247-version-negotiation-client] CipherString = DEFAULT -MinProtocol = TLSv1 +MaxProtocol = TLSv1.2 +MinProtocol = SSLv3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-247] -ExpectedResult = ServerFail +ExpectedProtocol = TLSv1.1 +ExpectedResult = Success # =========================================================== @@ -6972,17 +7234,19 @@ client = 248-version-negotiation-client [248-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = TLSv1 +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [248-version-negotiation-client] CipherString = DEFAULT -MinProtocol = TLSv1 +MaxProtocol = TLSv1.2 +MinProtocol = SSLv3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-248] -ExpectedProtocol = TLSv1 +ExpectedProtocol = TLSv1.2 ExpectedResult = Success @@ -6998,17 +7262,19 @@ client = 249-version-negotiation-client [249-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = TLSv1.1 +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [249-version-negotiation-client] CipherString = DEFAULT -MinProtocol = TLSv1 +MaxProtocol = TLSv1.2 +MinProtocol = SSLv3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-249] -ExpectedProtocol = TLSv1.1 +ExpectedProtocol = TLSv1.2 ExpectedResult = Success @@ -7024,12 +7290,13 @@ client = 250-version-negotiation-client [250-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = TLSv1.2 +MinProtocol = TLSv1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [250-version-negotiation-client] CipherString = DEFAULT -MinProtocol = TLSv1 +MaxProtocol = TLSv1.2 +MinProtocol = SSLv3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer @@ -7050,16 +7317,19 @@ client = 251-version-negotiation-client [251-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1.1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [251-version-negotiation-client] CipherString = DEFAULT -MinProtocol = TLSv1 +MaxProtocol = TLSv1.2 +MinProtocol = SSLv3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-251] -ExpectedProtocol = TLSv1.2 +ExpectedProtocol = TLSv1.1 ExpectedResult = Success @@ -7075,18 +7345,20 @@ client = 252-version-negotiation-client [252-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = SSLv3 -MinProtocol = SSLv3 +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [252-version-negotiation-client] CipherString = DEFAULT -MinProtocol = TLSv1 +MaxProtocol = TLSv1.2 +MinProtocol = SSLv3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-252] -ExpectedResult = ServerFail +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success # =========================================================== @@ -7101,18 +7373,19 @@ client = 253-version-negotiation-client [253-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = TLSv1 -MinProtocol = SSLv3 +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [253-version-negotiation-client] CipherString = DEFAULT -MinProtocol = TLSv1 +MaxProtocol = TLSv1.2 +MinProtocol = SSLv3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-253] -ExpectedProtocol = TLSv1 +ExpectedProtocol = TLSv1.2 ExpectedResult = Success @@ -7128,18 +7401,18 @@ client = 254-version-negotiation-client [254-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = TLSv1.1 -MinProtocol = SSLv3 +MinProtocol = TLSv1.1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [254-version-negotiation-client] CipherString = DEFAULT -MinProtocol = TLSv1 +MaxProtocol = TLSv1.2 +MinProtocol = SSLv3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-254] -ExpectedProtocol = TLSv1.1 +ExpectedProtocol = TLSv1.2 ExpectedResult = Success @@ -7156,12 +7429,13 @@ client = 255-version-negotiation-client Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT MaxProtocol = TLSv1.2 -MinProtocol = SSLv3 +MinProtocol = TLSv1.2 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [255-version-negotiation-client] CipherString = DEFAULT -MinProtocol = TLSv1 +MaxProtocol = TLSv1.2 +MinProtocol = SSLv3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer @@ -7182,12 +7456,14 @@ client = 256-version-negotiation-client [256-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MinProtocol = SSLv3 +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.2 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [256-version-negotiation-client] CipherString = DEFAULT -MinProtocol = TLSv1 +MaxProtocol = TLSv1.2 +MinProtocol = SSLv3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer @@ -7208,18 +7484,18 @@ client = 257-version-negotiation-client [257-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = TLSv1 -MinProtocol = TLSv1 +MinProtocol = TLSv1.2 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [257-version-negotiation-client] CipherString = DEFAULT -MinProtocol = TLSv1 +MaxProtocol = TLSv1.2 +MinProtocol = SSLv3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-257] -ExpectedProtocol = TLSv1 +ExpectedProtocol = TLSv1.2 ExpectedResult = Success @@ -7235,19 +7511,19 @@ client = 258-version-negotiation-client [258-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = TLSv1.1 -MinProtocol = TLSv1 +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [258-version-negotiation-client] CipherString = DEFAULT -MinProtocol = TLSv1 +MaxProtocol = TLSv1.2 +MinProtocol = SSLv3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-258] -ExpectedProtocol = TLSv1.1 -ExpectedResult = Success +ExpectedResult = ServerFail # =========================================================== @@ -7262,19 +7538,18 @@ client = 259-version-negotiation-client [259-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = TLSv1.2 -MinProtocol = TLSv1 +MinProtocol = TLSv1.3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [259-version-negotiation-client] CipherString = DEFAULT -MinProtocol = TLSv1 +MaxProtocol = TLSv1.2 +MinProtocol = SSLv3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-259] -ExpectedProtocol = TLSv1.2 -ExpectedResult = Success +ExpectedResult = ServerFail # =========================================================== @@ -7289,18 +7564,18 @@ client = 260-version-negotiation-client [260-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MinProtocol = TLSv1 +MaxProtocol = SSLv3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [260-version-negotiation-client] CipherString = DEFAULT -MinProtocol = TLSv1 +MaxProtocol = TLSv1.3 +MinProtocol = SSLv3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-260] -ExpectedProtocol = TLSv1.2 -ExpectedResult = Success +ExpectedResult = ServerFail # =========================================================== @@ -7315,18 +7590,18 @@ client = 261-version-negotiation-client [261-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = TLSv1.1 -MinProtocol = TLSv1.1 +MaxProtocol = TLSv1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [261-version-negotiation-client] CipherString = DEFAULT -MinProtocol = TLSv1 +MaxProtocol = TLSv1.3 +MinProtocol = SSLv3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-261] -ExpectedProtocol = TLSv1.1 +ExpectedProtocol = TLSv1 ExpectedResult = Success @@ -7342,18 +7617,18 @@ client = 262-version-negotiation-client [262-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = TLSv1.2 -MinProtocol = TLSv1.1 +MaxProtocol = TLSv1.1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [262-version-negotiation-client] CipherString = DEFAULT -MinProtocol = TLSv1 +MaxProtocol = TLSv1.3 +MinProtocol = SSLv3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-262] -ExpectedProtocol = TLSv1.2 +ExpectedProtocol = TLSv1.1 ExpectedResult = Success @@ -7369,12 +7644,13 @@ client = 263-version-negotiation-client [263-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MinProtocol = TLSv1.1 +MaxProtocol = TLSv1.2 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [263-version-negotiation-client] CipherString = DEFAULT -MinProtocol = TLSv1 +MaxProtocol = TLSv1.3 +MinProtocol = SSLv3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer @@ -7395,13 +7671,13 @@ client = 264-version-negotiation-client [264-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = TLSv1.2 -MinProtocol = TLSv1.2 +MaxProtocol = TLSv1.3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [264-version-negotiation-client] CipherString = DEFAULT -MinProtocol = TLSv1 +MaxProtocol = TLSv1.3 +MinProtocol = SSLv3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer @@ -7422,12 +7698,12 @@ client = 265-version-negotiation-client [265-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MinProtocol = TLSv1.2 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [265-version-negotiation-client] CipherString = DEFAULT -MinProtocol = TLSv1 +MaxProtocol = TLSv1.3 +MinProtocol = SSLv3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer @@ -7449,12 +7725,13 @@ client = 266-version-negotiation-client Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT MaxProtocol = SSLv3 +MinProtocol = SSLv3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [266-version-negotiation-client] CipherString = DEFAULT -MaxProtocol = TLSv1.1 -MinProtocol = TLSv1.1 +MaxProtocol = TLSv1.3 +MinProtocol = SSLv3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer @@ -7475,17 +7752,19 @@ client = 267-version-negotiation-client Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT MaxProtocol = TLSv1 +MinProtocol = SSLv3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [267-version-negotiation-client] CipherString = DEFAULT -MaxProtocol = TLSv1.1 -MinProtocol = TLSv1.1 +MaxProtocol = TLSv1.3 +MinProtocol = SSLv3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-267] -ExpectedResult = ClientFail +ExpectedProtocol = TLSv1 +ExpectedResult = Success # =========================================================== @@ -7501,12 +7780,13 @@ client = 268-version-negotiation-client Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT MaxProtocol = TLSv1.1 +MinProtocol = SSLv3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [268-version-negotiation-client] CipherString = DEFAULT -MaxProtocol = TLSv1.1 -MinProtocol = TLSv1.1 +MaxProtocol = TLSv1.3 +MinProtocol = SSLv3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer @@ -7528,17 +7808,18 @@ client = 269-version-negotiation-client Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT MaxProtocol = TLSv1.2 +MinProtocol = SSLv3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [269-version-negotiation-client] CipherString = DEFAULT -MaxProtocol = TLSv1.1 -MinProtocol = TLSv1.1 +MaxProtocol = TLSv1.3 +MinProtocol = SSLv3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-269] -ExpectedProtocol = TLSv1.1 +ExpectedProtocol = TLSv1.2 ExpectedResult = Success @@ -7554,17 +7835,19 @@ client = 270-version-negotiation-client [270-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = SSLv3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [270-version-negotiation-client] CipherString = DEFAULT -MaxProtocol = TLSv1.1 -MinProtocol = TLSv1.1 +MaxProtocol = TLSv1.3 +MinProtocol = SSLv3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-270] -ExpectedProtocol = TLSv1.1 +ExpectedProtocol = TLSv1.2 ExpectedResult = Success @@ -7580,19 +7863,19 @@ client = 271-version-negotiation-client [271-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = SSLv3 MinProtocol = SSLv3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [271-version-negotiation-client] CipherString = DEFAULT -MaxProtocol = TLSv1.1 -MinProtocol = TLSv1.1 +MaxProtocol = TLSv1.3 +MinProtocol = SSLv3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-271] -ExpectedResult = ServerFail +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success # =========================================================== @@ -7608,18 +7891,19 @@ client = 272-version-negotiation-client Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT MaxProtocol = TLSv1 -MinProtocol = SSLv3 +MinProtocol = TLSv1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [272-version-negotiation-client] CipherString = DEFAULT -MaxProtocol = TLSv1.1 -MinProtocol = TLSv1.1 +MaxProtocol = TLSv1.3 +MinProtocol = SSLv3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-272] -ExpectedResult = ClientFail +ExpectedProtocol = TLSv1 +ExpectedResult = Success # =========================================================== @@ -7635,13 +7919,13 @@ client = 273-version-negotiation-client Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT MaxProtocol = TLSv1.1 -MinProtocol = SSLv3 +MinProtocol = TLSv1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [273-version-negotiation-client] CipherString = DEFAULT -MaxProtocol = TLSv1.1 -MinProtocol = TLSv1.1 +MaxProtocol = TLSv1.3 +MinProtocol = SSLv3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer @@ -7663,18 +7947,18 @@ client = 274-version-negotiation-client Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT MaxProtocol = TLSv1.2 -MinProtocol = SSLv3 +MinProtocol = TLSv1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [274-version-negotiation-client] CipherString = DEFAULT -MaxProtocol = TLSv1.1 -MinProtocol = TLSv1.1 +MaxProtocol = TLSv1.3 +MinProtocol = SSLv3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-274] -ExpectedProtocol = TLSv1.1 +ExpectedProtocol = TLSv1.2 ExpectedResult = Success @@ -7690,18 +7974,19 @@ client = 275-version-negotiation-client [275-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MinProtocol = SSLv3 +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [275-version-negotiation-client] CipherString = DEFAULT -MaxProtocol = TLSv1.1 -MinProtocol = TLSv1.1 +MaxProtocol = TLSv1.3 +MinProtocol = SSLv3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-275] -ExpectedProtocol = TLSv1.1 +ExpectedProtocol = TLSv1.2 ExpectedResult = Success @@ -7717,19 +8002,19 @@ client = 276-version-negotiation-client [276-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = TLSv1 MinProtocol = TLSv1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [276-version-negotiation-client] CipherString = DEFAULT -MaxProtocol = TLSv1.1 -MinProtocol = TLSv1.1 +MaxProtocol = TLSv1.3 +MinProtocol = SSLv3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-276] -ExpectedResult = ClientFail +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success # =========================================================== @@ -7745,13 +8030,13 @@ client = 277-version-negotiation-client Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT MaxProtocol = TLSv1.1 -MinProtocol = TLSv1 +MinProtocol = TLSv1.1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [277-version-negotiation-client] CipherString = DEFAULT -MaxProtocol = TLSv1.1 -MinProtocol = TLSv1.1 +MaxProtocol = TLSv1.3 +MinProtocol = SSLv3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer @@ -7773,18 +8058,18 @@ client = 278-version-negotiation-client Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT MaxProtocol = TLSv1.2 -MinProtocol = TLSv1 +MinProtocol = TLSv1.1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [278-version-negotiation-client] CipherString = DEFAULT -MaxProtocol = TLSv1.1 -MinProtocol = TLSv1.1 +MaxProtocol = TLSv1.3 +MinProtocol = SSLv3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-278] -ExpectedProtocol = TLSv1.1 +ExpectedProtocol = TLSv1.2 ExpectedResult = Success @@ -7800,18 +8085,19 @@ client = 279-version-negotiation-client [279-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MinProtocol = TLSv1 +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [279-version-negotiation-client] CipherString = DEFAULT -MaxProtocol = TLSv1.1 -MinProtocol = TLSv1.1 +MaxProtocol = TLSv1.3 +MinProtocol = SSLv3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-279] -ExpectedProtocol = TLSv1.1 +ExpectedProtocol = TLSv1.2 ExpectedResult = Success @@ -7827,19 +8113,18 @@ client = 280-version-negotiation-client [280-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = TLSv1.1 MinProtocol = TLSv1.1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [280-version-negotiation-client] CipherString = DEFAULT -MaxProtocol = TLSv1.1 -MinProtocol = TLSv1.1 +MaxProtocol = TLSv1.3 +MinProtocol = SSLv3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-280] -ExpectedProtocol = TLSv1.1 +ExpectedProtocol = TLSv1.2 ExpectedResult = Success @@ -7856,18 +8141,18 @@ client = 281-version-negotiation-client Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT MaxProtocol = TLSv1.2 -MinProtocol = TLSv1.1 +MinProtocol = TLSv1.2 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [281-version-negotiation-client] CipherString = DEFAULT -MaxProtocol = TLSv1.1 -MinProtocol = TLSv1.1 +MaxProtocol = TLSv1.3 +MinProtocol = SSLv3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-281] -ExpectedProtocol = TLSv1.1 +ExpectedProtocol = TLSv1.2 ExpectedResult = Success @@ -7883,18 +8168,19 @@ client = 282-version-negotiation-client [282-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MinProtocol = TLSv1.1 +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.2 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [282-version-negotiation-client] CipherString = DEFAULT -MaxProtocol = TLSv1.1 -MinProtocol = TLSv1.1 +MaxProtocol = TLSv1.3 +MinProtocol = SSLv3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-282] -ExpectedProtocol = TLSv1.1 +ExpectedProtocol = TLSv1.2 ExpectedResult = Success @@ -7910,19 +8196,19 @@ client = 283-version-negotiation-client [283-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = TLSv1.2 MinProtocol = TLSv1.2 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [283-version-negotiation-client] CipherString = DEFAULT -MaxProtocol = TLSv1.1 -MinProtocol = TLSv1.1 +MaxProtocol = TLSv1.3 +MinProtocol = SSLv3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-283] -ExpectedResult = ServerFail +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success # =========================================================== @@ -7937,13 +8223,14 @@ client = 284-version-negotiation-client [284-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MinProtocol = TLSv1.2 +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [284-version-negotiation-client] CipherString = DEFAULT -MaxProtocol = TLSv1.1 -MinProtocol = TLSv1.1 +MaxProtocol = TLSv1.3 +MinProtocol = SSLv3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer @@ -7963,13 +8250,13 @@ client = 285-version-negotiation-client [285-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = SSLv3 +MinProtocol = TLSv1.3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [285-version-negotiation-client] CipherString = DEFAULT -MaxProtocol = TLSv1.2 -MinProtocol = TLSv1.1 +MaxProtocol = TLSv1.3 +MinProtocol = SSLv3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer @@ -7989,18 +8276,17 @@ client = 286-version-negotiation-client [286-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = TLSv1 +MaxProtocol = SSLv3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [286-version-negotiation-client] CipherString = DEFAULT -MaxProtocol = TLSv1.2 -MinProtocol = TLSv1.1 +MinProtocol = SSLv3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-286] -ExpectedResult = ClientFail +ExpectedResult = ServerFail # =========================================================== @@ -8015,18 +8301,17 @@ client = 287-version-negotiation-client [287-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = TLSv1.1 +MaxProtocol = TLSv1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [287-version-negotiation-client] CipherString = DEFAULT -MaxProtocol = TLSv1.2 -MinProtocol = TLSv1.1 +MinProtocol = SSLv3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-287] -ExpectedProtocol = TLSv1.1 +ExpectedProtocol = TLSv1 ExpectedResult = Success @@ -8042,18 +8327,17 @@ client = 288-version-negotiation-client [288-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = TLSv1.2 +MaxProtocol = TLSv1.1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [288-version-negotiation-client] CipherString = DEFAULT -MaxProtocol = TLSv1.2 -MinProtocol = TLSv1.1 +MinProtocol = SSLv3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-288] -ExpectedProtocol = TLSv1.2 +ExpectedProtocol = TLSv1.1 ExpectedResult = Success @@ -8069,12 +8353,12 @@ client = 289-version-negotiation-client [289-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT +MaxProtocol = TLSv1.2 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [289-version-negotiation-client] CipherString = DEFAULT -MaxProtocol = TLSv1.2 -MinProtocol = TLSv1.1 +MinProtocol = SSLv3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer @@ -8095,19 +8379,18 @@ client = 290-version-negotiation-client [290-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = SSLv3 -MinProtocol = SSLv3 +MaxProtocol = TLSv1.3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [290-version-negotiation-client] CipherString = DEFAULT -MaxProtocol = TLSv1.2 -MinProtocol = TLSv1.1 +MinProtocol = SSLv3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-290] -ExpectedResult = ServerFail +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success # =========================================================== @@ -8122,19 +8405,17 @@ client = 291-version-negotiation-client [291-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = TLSv1 -MinProtocol = SSLv3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [291-version-negotiation-client] CipherString = DEFAULT -MaxProtocol = TLSv1.2 -MinProtocol = TLSv1.1 +MinProtocol = SSLv3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-291] -ExpectedResult = ClientFail +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success # =========================================================== @@ -8149,20 +8430,18 @@ client = 292-version-negotiation-client [292-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = TLSv1.1 +MaxProtocol = SSLv3 MinProtocol = SSLv3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [292-version-negotiation-client] CipherString = DEFAULT -MaxProtocol = TLSv1.2 -MinProtocol = TLSv1.1 +MinProtocol = SSLv3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-292] -ExpectedProtocol = TLSv1.1 -ExpectedResult = Success +ExpectedResult = ServerFail # =========================================================== @@ -8177,19 +8456,18 @@ client = 293-version-negotiation-client [293-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = TLSv1.2 +MaxProtocol = TLSv1 MinProtocol = SSLv3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [293-version-negotiation-client] CipherString = DEFAULT -MaxProtocol = TLSv1.2 -MinProtocol = TLSv1.1 +MinProtocol = SSLv3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-293] -ExpectedProtocol = TLSv1.2 +ExpectedProtocol = TLSv1 ExpectedResult = Success @@ -8205,18 +8483,18 @@ client = 294-version-negotiation-client [294-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT +MaxProtocol = TLSv1.1 MinProtocol = SSLv3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [294-version-negotiation-client] CipherString = DEFAULT -MaxProtocol = TLSv1.2 -MinProtocol = TLSv1.1 +MinProtocol = SSLv3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-294] -ExpectedProtocol = TLSv1.2 +ExpectedProtocol = TLSv1.1 ExpectedResult = Success @@ -8232,19 +8510,19 @@ client = 295-version-negotiation-client [295-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = TLSv1 -MinProtocol = TLSv1 +MaxProtocol = TLSv1.2 +MinProtocol = SSLv3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [295-version-negotiation-client] CipherString = DEFAULT -MaxProtocol = TLSv1.2 -MinProtocol = TLSv1.1 +MinProtocol = SSLv3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-295] -ExpectedResult = ClientFail +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success # =========================================================== @@ -8259,19 +8537,18 @@ client = 296-version-negotiation-client [296-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = TLSv1.1 -MinProtocol = TLSv1 +MaxProtocol = TLSv1.3 +MinProtocol = SSLv3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [296-version-negotiation-client] CipherString = DEFAULT -MaxProtocol = TLSv1.2 -MinProtocol = TLSv1.1 +MinProtocol = SSLv3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-296] -ExpectedProtocol = TLSv1.1 +ExpectedProtocol = TLSv1.2 ExpectedResult = Success @@ -8287,14 +8564,12 @@ client = 297-version-negotiation-client [297-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = TLSv1.2 -MinProtocol = TLSv1 +MinProtocol = SSLv3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [297-version-negotiation-client] CipherString = DEFAULT -MaxProtocol = TLSv1.2 -MinProtocol = TLSv1.1 +MinProtocol = SSLv3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer @@ -8315,18 +8590,18 @@ client = 298-version-negotiation-client [298-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT +MaxProtocol = TLSv1 MinProtocol = TLSv1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [298-version-negotiation-client] CipherString = DEFAULT -MaxProtocol = TLSv1.2 -MinProtocol = TLSv1.1 +MinProtocol = SSLv3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-298] -ExpectedProtocol = TLSv1.2 +ExpectedProtocol = TLSv1 ExpectedResult = Success @@ -8343,13 +8618,12 @@ client = 299-version-negotiation-client Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT MaxProtocol = TLSv1.1 -MinProtocol = TLSv1.1 +MinProtocol = TLSv1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [299-version-negotiation-client] CipherString = DEFAULT -MaxProtocol = TLSv1.2 -MinProtocol = TLSv1.1 +MinProtocol = SSLv3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer @@ -8371,13 +8645,12 @@ client = 300-version-negotiation-client Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT MaxProtocol = TLSv1.2 -MinProtocol = TLSv1.1 +MinProtocol = TLSv1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [300-version-negotiation-client] CipherString = DEFAULT -MaxProtocol = TLSv1.2 -MinProtocol = TLSv1.1 +MinProtocol = SSLv3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer @@ -8398,13 +8671,13 @@ client = 301-version-negotiation-client [301-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MinProtocol = TLSv1.1 +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [301-version-negotiation-client] CipherString = DEFAULT -MaxProtocol = TLSv1.2 -MinProtocol = TLSv1.1 +MinProtocol = SSLv3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer @@ -8425,14 +8698,12 @@ client = 302-version-negotiation-client [302-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = TLSv1.2 -MinProtocol = TLSv1.2 +MinProtocol = TLSv1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [302-version-negotiation-client] CipherString = DEFAULT -MaxProtocol = TLSv1.2 -MinProtocol = TLSv1.1 +MinProtocol = SSLv3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer @@ -8453,18 +8724,18 @@ client = 303-version-negotiation-client [303-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MinProtocol = TLSv1.2 +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1.1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [303-version-negotiation-client] CipherString = DEFAULT -MaxProtocol = TLSv1.2 -MinProtocol = TLSv1.1 +MinProtocol = SSLv3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-303] -ExpectedProtocol = TLSv1.2 +ExpectedProtocol = TLSv1.1 ExpectedResult = Success @@ -8480,18 +8751,20 @@ client = 304-version-negotiation-client [304-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = SSLv3 +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [304-version-negotiation-client] CipherString = DEFAULT -MinProtocol = TLSv1.1 +MinProtocol = SSLv3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-304] -ExpectedResult = ServerFail - +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + # =========================================================== @@ -8505,17 +8778,19 @@ client = 305-version-negotiation-client [305-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = TLSv1 +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [305-version-negotiation-client] CipherString = DEFAULT -MinProtocol = TLSv1.1 +MinProtocol = SSLv3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-305] -ExpectedResult = ClientFail +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success # =========================================================== @@ -8530,17 +8805,17 @@ client = 306-version-negotiation-client [306-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = TLSv1.1 +MinProtocol = TLSv1.1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [306-version-negotiation-client] CipherString = DEFAULT -MinProtocol = TLSv1.1 +MinProtocol = SSLv3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-306] -ExpectedProtocol = TLSv1.1 +ExpectedProtocol = TLSv1.2 ExpectedResult = Success @@ -8557,11 +8832,12 @@ client = 307-version-negotiation-client Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.2 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [307-version-negotiation-client] CipherString = DEFAULT -MinProtocol = TLSv1.1 +MinProtocol = SSLv3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer @@ -8582,11 +8858,13 @@ client = 308-version-negotiation-client [308-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.2 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [308-version-negotiation-client] CipherString = DEFAULT -MinProtocol = TLSv1.1 +MinProtocol = SSLv3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer @@ -8607,18 +8885,18 @@ client = 309-version-negotiation-client [309-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = SSLv3 -MinProtocol = SSLv3 +MinProtocol = TLSv1.2 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [309-version-negotiation-client] CipherString = DEFAULT -MinProtocol = TLSv1.1 +MinProtocol = SSLv3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-309] -ExpectedResult = ServerFail +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success # =========================================================== @@ -8633,18 +8911,18 @@ client = 310-version-negotiation-client [310-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = TLSv1 -MinProtocol = SSLv3 +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [310-version-negotiation-client] CipherString = DEFAULT -MinProtocol = TLSv1.1 +MinProtocol = SSLv3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-310] -ExpectedResult = ClientFail +ExpectedResult = ServerFail # =========================================================== @@ -8659,19 +8937,17 @@ client = 311-version-negotiation-client [311-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = TLSv1.1 -MinProtocol = SSLv3 +MinProtocol = TLSv1.3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [311-version-negotiation-client] CipherString = DEFAULT -MinProtocol = TLSv1.1 +MinProtocol = SSLv3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-311] -ExpectedProtocol = TLSv1.1 -ExpectedResult = Success +ExpectedResult = ServerFail # =========================================================== @@ -8686,19 +8962,18 @@ client = 312-version-negotiation-client [312-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = TLSv1.2 -MinProtocol = SSLv3 +MaxProtocol = SSLv3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [312-version-negotiation-client] CipherString = DEFAULT -MinProtocol = TLSv1.1 +MaxProtocol = TLSv1 +MinProtocol = TLSv1 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-312] -ExpectedProtocol = TLSv1.2 -ExpectedResult = Success +ExpectedResult = ServerFail # =========================================================== @@ -8713,17 +8988,18 @@ client = 313-version-negotiation-client [313-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MinProtocol = SSLv3 +MaxProtocol = TLSv1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [313-version-negotiation-client] CipherString = DEFAULT -MinProtocol = TLSv1.1 +MaxProtocol = TLSv1 +MinProtocol = TLSv1 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-313] -ExpectedProtocol = TLSv1.2 +ExpectedProtocol = TLSv1 ExpectedResult = Success @@ -8739,18 +9015,19 @@ client = 314-version-negotiation-client [314-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = TLSv1 -MinProtocol = TLSv1 +MaxProtocol = TLSv1.1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [314-version-negotiation-client] CipherString = DEFAULT -MinProtocol = TLSv1.1 +MaxProtocol = TLSv1 +MinProtocol = TLSv1 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-314] -ExpectedResult = ClientFail +ExpectedProtocol = TLSv1 +ExpectedResult = Success # =========================================================== @@ -8765,18 +9042,18 @@ client = 315-version-negotiation-client [315-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = TLSv1.1 -MinProtocol = TLSv1 +MaxProtocol = TLSv1.2 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [315-version-negotiation-client] CipherString = DEFAULT -MinProtocol = TLSv1.1 +MaxProtocol = TLSv1 +MinProtocol = TLSv1 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-315] -ExpectedProtocol = TLSv1.1 +ExpectedProtocol = TLSv1 ExpectedResult = Success @@ -8792,18 +9069,18 @@ client = 316-version-negotiation-client [316-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = TLSv1.2 -MinProtocol = TLSv1 +MaxProtocol = TLSv1.3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [316-version-negotiation-client] CipherString = DEFAULT -MinProtocol = TLSv1.1 +MaxProtocol = TLSv1 +MinProtocol = TLSv1 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-316] -ExpectedProtocol = TLSv1.2 +ExpectedProtocol = TLSv1 ExpectedResult = Success @@ -8819,17 +9096,17 @@ client = 317-version-negotiation-client [317-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MinProtocol = TLSv1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [317-version-negotiation-client] CipherString = DEFAULT -MinProtocol = TLSv1.1 +MaxProtocol = TLSv1 +MinProtocol = TLSv1 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-317] -ExpectedProtocol = TLSv1.2 +ExpectedProtocol = TLSv1 ExpectedResult = Success @@ -8845,19 +9122,19 @@ client = 318-version-negotiation-client [318-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = TLSv1.1 -MinProtocol = TLSv1.1 +MaxProtocol = SSLv3 +MinProtocol = SSLv3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [318-version-negotiation-client] CipherString = DEFAULT -MinProtocol = TLSv1.1 +MaxProtocol = TLSv1 +MinProtocol = TLSv1 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-318] -ExpectedProtocol = TLSv1.1 -ExpectedResult = Success +ExpectedResult = ServerFail # =========================================================== @@ -8872,18 +9149,19 @@ client = 319-version-negotiation-client [319-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = TLSv1.2 -MinProtocol = TLSv1.1 +MaxProtocol = TLSv1 +MinProtocol = SSLv3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [319-version-negotiation-client] CipherString = DEFAULT -MinProtocol = TLSv1.1 +MaxProtocol = TLSv1 +MinProtocol = TLSv1 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-319] -ExpectedProtocol = TLSv1.2 +ExpectedProtocol = TLSv1 ExpectedResult = Success @@ -8899,17 +9177,19 @@ client = 320-version-negotiation-client [320-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MinProtocol = TLSv1.1 +MaxProtocol = TLSv1.1 +MinProtocol = SSLv3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [320-version-negotiation-client] CipherString = DEFAULT -MinProtocol = TLSv1.1 +MaxProtocol = TLSv1 +MinProtocol = TLSv1 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-320] -ExpectedProtocol = TLSv1.2 +ExpectedProtocol = TLSv1 ExpectedResult = Success @@ -8926,17 +9206,18 @@ client = 321-version-negotiation-client Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT MaxProtocol = TLSv1.2 -MinProtocol = TLSv1.2 +MinProtocol = SSLv3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [321-version-negotiation-client] CipherString = DEFAULT -MinProtocol = TLSv1.1 +MaxProtocol = TLSv1 +MinProtocol = TLSv1 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-321] -ExpectedProtocol = TLSv1.2 +ExpectedProtocol = TLSv1 ExpectedResult = Success @@ -8952,17 +9233,19 @@ client = 322-version-negotiation-client [322-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MinProtocol = TLSv1.2 +MaxProtocol = TLSv1.3 +MinProtocol = SSLv3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [322-version-negotiation-client] CipherString = DEFAULT -MinProtocol = TLSv1.1 +MaxProtocol = TLSv1 +MinProtocol = TLSv1 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-322] -ExpectedProtocol = TLSv1.2 +ExpectedProtocol = TLSv1 ExpectedResult = Success @@ -8978,18 +9261,19 @@ client = 323-version-negotiation-client [323-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = SSLv3 +MinProtocol = SSLv3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [323-version-negotiation-client] CipherString = DEFAULT -MaxProtocol = TLSv1.2 -MinProtocol = TLSv1.2 +MaxProtocol = TLSv1 +MinProtocol = TLSv1 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-323] -ExpectedResult = ServerFail +ExpectedProtocol = TLSv1 +ExpectedResult = Success # =========================================================== @@ -9005,17 +9289,19 @@ client = 324-version-negotiation-client Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT MaxProtocol = TLSv1 +MinProtocol = TLSv1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [324-version-negotiation-client] CipherString = DEFAULT -MaxProtocol = TLSv1.2 -MinProtocol = TLSv1.2 +MaxProtocol = TLSv1 +MinProtocol = TLSv1 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-324] -ExpectedResult = ClientFail +ExpectedProtocol = TLSv1 +ExpectedResult = Success # =========================================================== @@ -9031,17 +9317,19 @@ client = 325-version-negotiation-client Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT MaxProtocol = TLSv1.1 +MinProtocol = TLSv1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [325-version-negotiation-client] CipherString = DEFAULT -MaxProtocol = TLSv1.2 -MinProtocol = TLSv1.2 +MaxProtocol = TLSv1 +MinProtocol = TLSv1 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-325] -ExpectedResult = ClientFail +ExpectedProtocol = TLSv1 +ExpectedResult = Success # =========================================================== @@ -9057,17 +9345,18 @@ client = 326-version-negotiation-client Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT MaxProtocol = TLSv1.2 +MinProtocol = TLSv1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [326-version-negotiation-client] CipherString = DEFAULT -MaxProtocol = TLSv1.2 -MinProtocol = TLSv1.2 +MaxProtocol = TLSv1 +MinProtocol = TLSv1 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-326] -ExpectedProtocol = TLSv1.2 +ExpectedProtocol = TLSv1 ExpectedResult = Success @@ -9083,17 +9372,19 @@ client = 327-version-negotiation-client [327-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [327-version-negotiation-client] CipherString = DEFAULT -MaxProtocol = TLSv1.2 -MinProtocol = TLSv1.2 +MaxProtocol = TLSv1 +MinProtocol = TLSv1 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-327] -ExpectedProtocol = TLSv1.2 +ExpectedProtocol = TLSv1 ExpectedResult = Success @@ -9109,19 +9400,19 @@ client = 328-version-negotiation-client [328-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = SSLv3 -MinProtocol = SSLv3 +MinProtocol = TLSv1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [328-version-negotiation-client] CipherString = DEFAULT -MaxProtocol = TLSv1.2 -MinProtocol = TLSv1.2 +MaxProtocol = TLSv1 +MinProtocol = TLSv1 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-328] -ExpectedResult = ServerFail +ExpectedProtocol = TLSv1 +ExpectedResult = Success # =========================================================== @@ -9136,19 +9427,19 @@ client = 329-version-negotiation-client [329-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = TLSv1 -MinProtocol = SSLv3 +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1.1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [329-version-negotiation-client] CipherString = DEFAULT -MaxProtocol = TLSv1.2 -MinProtocol = TLSv1.2 +MaxProtocol = TLSv1 +MinProtocol = TLSv1 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-329] -ExpectedResult = ClientFail +ExpectedResult = ServerFail # =========================================================== @@ -9163,19 +9454,19 @@ client = 330-version-negotiation-client [330-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = TLSv1.1 -MinProtocol = SSLv3 +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [330-version-negotiation-client] CipherString = DEFAULT -MaxProtocol = TLSv1.2 -MinProtocol = TLSv1.2 +MaxProtocol = TLSv1 +MinProtocol = TLSv1 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-330] -ExpectedResult = ClientFail +ExpectedResult = ServerFail # =========================================================== @@ -9190,20 +9481,19 @@ client = 331-version-negotiation-client [331-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = TLSv1.2 -MinProtocol = SSLv3 +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [331-version-negotiation-client] CipherString = DEFAULT -MaxProtocol = TLSv1.2 -MinProtocol = TLSv1.2 +MaxProtocol = TLSv1 +MinProtocol = TLSv1 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-331] -ExpectedProtocol = TLSv1.2 -ExpectedResult = Success +ExpectedResult = ServerFail # =========================================================== @@ -9218,19 +9508,18 @@ client = 332-version-negotiation-client [332-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MinProtocol = SSLv3 +MinProtocol = TLSv1.1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [332-version-negotiation-client] CipherString = DEFAULT -MaxProtocol = TLSv1.2 -MinProtocol = TLSv1.2 +MaxProtocol = TLSv1 +MinProtocol = TLSv1 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-332] -ExpectedProtocol = TLSv1.2 -ExpectedResult = Success +ExpectedResult = ServerFail # =========================================================== @@ -9245,19 +9534,19 @@ client = 333-version-negotiation-client [333-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = TLSv1 -MinProtocol = TLSv1 +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.2 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [333-version-negotiation-client] CipherString = DEFAULT -MaxProtocol = TLSv1.2 -MinProtocol = TLSv1.2 +MaxProtocol = TLSv1 +MinProtocol = TLSv1 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-333] -ExpectedResult = ClientFail +ExpectedResult = ServerFail # =========================================================== @@ -9272,19 +9561,19 @@ client = 334-version-negotiation-client [334-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = TLSv1.1 -MinProtocol = TLSv1 +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.2 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [334-version-negotiation-client] CipherString = DEFAULT -MaxProtocol = TLSv1.2 -MinProtocol = TLSv1.2 +MaxProtocol = TLSv1 +MinProtocol = TLSv1 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-334] -ExpectedResult = ClientFail +ExpectedResult = ServerFail # =========================================================== @@ -9299,20 +9588,18 @@ client = 335-version-negotiation-client [335-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = TLSv1.2 -MinProtocol = TLSv1 +MinProtocol = TLSv1.2 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [335-version-negotiation-client] CipherString = DEFAULT -MaxProtocol = TLSv1.2 -MinProtocol = TLSv1.2 +MaxProtocol = TLSv1 +MinProtocol = TLSv1 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-335] -ExpectedProtocol = TLSv1.2 -ExpectedResult = Success +ExpectedResult = ServerFail # =========================================================== @@ -9327,19 +9614,19 @@ client = 336-version-negotiation-client [336-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MinProtocol = TLSv1 +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [336-version-negotiation-client] CipherString = DEFAULT -MaxProtocol = TLSv1.2 -MinProtocol = TLSv1.2 +MaxProtocol = TLSv1 +MinProtocol = TLSv1 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-336] -ExpectedProtocol = TLSv1.2 -ExpectedResult = Success +ExpectedResult = ServerFail # =========================================================== @@ -9354,19 +9641,18 @@ client = 337-version-negotiation-client [337-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = TLSv1.1 -MinProtocol = TLSv1.1 +MinProtocol = TLSv1.3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [337-version-negotiation-client] CipherString = DEFAULT -MaxProtocol = TLSv1.2 -MinProtocol = TLSv1.2 +MaxProtocol = TLSv1 +MinProtocol = TLSv1 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-337] -ExpectedResult = ClientFail +ExpectedResult = ServerFail # =========================================================== @@ -9381,20 +9667,18 @@ client = 338-version-negotiation-client [338-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = TLSv1.2 -MinProtocol = TLSv1.1 +MaxProtocol = SSLv3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [338-version-negotiation-client] CipherString = DEFAULT -MaxProtocol = TLSv1.2 -MinProtocol = TLSv1.2 +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-338] -ExpectedProtocol = TLSv1.2 -ExpectedResult = Success +ExpectedResult = ServerFail # =========================================================== @@ -9409,18 +9693,18 @@ client = 339-version-negotiation-client [339-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MinProtocol = TLSv1.1 +MaxProtocol = TLSv1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [339-version-negotiation-client] CipherString = DEFAULT -MaxProtocol = TLSv1.2 -MinProtocol = TLSv1.2 +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-339] -ExpectedProtocol = TLSv1.2 +ExpectedProtocol = TLSv1 ExpectedResult = Success @@ -9436,19 +9720,18 @@ client = 340-version-negotiation-client [340-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = TLSv1.2 -MinProtocol = TLSv1.2 +MaxProtocol = TLSv1.1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [340-version-negotiation-client] CipherString = DEFAULT -MaxProtocol = TLSv1.2 -MinProtocol = TLSv1.2 +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-340] -ExpectedProtocol = TLSv1.2 +ExpectedProtocol = TLSv1.1 ExpectedResult = Success @@ -9464,18 +9747,18 @@ client = 341-version-negotiation-client [341-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MinProtocol = TLSv1.2 +MaxProtocol = TLSv1.2 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [341-version-negotiation-client] CipherString = DEFAULT -MaxProtocol = TLSv1.2 -MinProtocol = TLSv1.2 +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-341] -ExpectedProtocol = TLSv1.2 +ExpectedProtocol = TLSv1.1 ExpectedResult = Success @@ -9491,17 +9774,19 @@ client = 342-version-negotiation-client [342-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = SSLv3 +MaxProtocol = TLSv1.3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [342-version-negotiation-client] CipherString = DEFAULT -MinProtocol = TLSv1.2 +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-342] -ExpectedResult = ServerFail +ExpectedProtocol = TLSv1.1 +ExpectedResult = Success # =========================================================== @@ -9516,17 +9801,18 @@ client = 343-version-negotiation-client [343-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = TLSv1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [343-version-negotiation-client] CipherString = DEFAULT -MinProtocol = TLSv1.2 +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-343] -ExpectedResult = ClientFail +ExpectedProtocol = TLSv1.1 +ExpectedResult = Success # =========================================================== @@ -9541,17 +9827,19 @@ client = 344-version-negotiation-client [344-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = TLSv1.1 +MaxProtocol = SSLv3 +MinProtocol = SSLv3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [344-version-negotiation-client] CipherString = DEFAULT -MinProtocol = TLSv1.2 +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-344] -ExpectedResult = ClientFail +ExpectedResult = ServerFail # =========================================================== @@ -9566,17 +9854,19 @@ client = 345-version-negotiation-client [345-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = TLSv1.2 +MaxProtocol = TLSv1 +MinProtocol = SSLv3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [345-version-negotiation-client] CipherString = DEFAULT -MinProtocol = TLSv1.2 +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-345] -ExpectedProtocol = TLSv1.2 +ExpectedProtocol = TLSv1 ExpectedResult = Success @@ -9592,16 +9882,19 @@ client = 346-version-negotiation-client [346-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = SSLv3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [346-version-negotiation-client] CipherString = DEFAULT -MinProtocol = TLSv1.2 +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-346] -ExpectedProtocol = TLSv1.2 +ExpectedProtocol = TLSv1.1 ExpectedResult = Success @@ -9617,18 +9910,20 @@ client = 347-version-negotiation-client [347-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = SSLv3 +MaxProtocol = TLSv1.2 MinProtocol = SSLv3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [347-version-negotiation-client] CipherString = DEFAULT -MinProtocol = TLSv1.2 +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-347] -ExpectedResult = ServerFail +ExpectedProtocol = TLSv1.1 +ExpectedResult = Success # =========================================================== @@ -9643,18 +9938,20 @@ client = 348-version-negotiation-client [348-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = TLSv1 +MaxProtocol = TLSv1.3 MinProtocol = SSLv3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [348-version-negotiation-client] CipherString = DEFAULT -MinProtocol = TLSv1.2 +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-348] -ExpectedResult = ClientFail +ExpectedProtocol = TLSv1.1 +ExpectedResult = Success # =========================================================== @@ -9669,18 +9966,19 @@ client = 349-version-negotiation-client [349-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = TLSv1.1 MinProtocol = SSLv3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [349-version-negotiation-client] CipherString = DEFAULT -MinProtocol = TLSv1.2 +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-349] -ExpectedResult = ClientFail +ExpectedProtocol = TLSv1.1 +ExpectedResult = Success # =========================================================== @@ -9695,18 +9993,19 @@ client = 350-version-negotiation-client [350-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = TLSv1.2 -MinProtocol = SSLv3 +MaxProtocol = TLSv1 +MinProtocol = TLSv1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [350-version-negotiation-client] CipherString = DEFAULT -MinProtocol = TLSv1.2 +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-350] -ExpectedProtocol = TLSv1.2 +ExpectedProtocol = TLSv1 ExpectedResult = Success @@ -9722,17 +10021,19 @@ client = 351-version-negotiation-client [351-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MinProtocol = SSLv3 +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [351-version-negotiation-client] CipherString = DEFAULT -MinProtocol = TLSv1.2 +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-351] -ExpectedProtocol = TLSv1.2 +ExpectedProtocol = TLSv1.1 ExpectedResult = Success @@ -9748,18 +10049,20 @@ client = 352-version-negotiation-client [352-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = TLSv1 +MaxProtocol = TLSv1.2 MinProtocol = TLSv1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [352-version-negotiation-client] CipherString = DEFAULT -MinProtocol = TLSv1.2 +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-352] -ExpectedResult = ClientFail +ExpectedProtocol = TLSv1.1 +ExpectedResult = Success # =========================================================== @@ -9774,18 +10077,20 @@ client = 353-version-negotiation-client [353-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = TLSv1.1 +MaxProtocol = TLSv1.3 MinProtocol = TLSv1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [353-version-negotiation-client] CipherString = DEFAULT -MinProtocol = TLSv1.2 +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-353] -ExpectedResult = ClientFail +ExpectedProtocol = TLSv1.1 +ExpectedResult = Success # =========================================================== @@ -9800,18 +10105,18 @@ client = 354-version-negotiation-client [354-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = TLSv1.2 MinProtocol = TLSv1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [354-version-negotiation-client] CipherString = DEFAULT -MinProtocol = TLSv1.2 +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-354] -ExpectedProtocol = TLSv1.2 +ExpectedProtocol = TLSv1.1 ExpectedResult = Success @@ -9827,17 +10132,19 @@ client = 355-version-negotiation-client [355-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MinProtocol = TLSv1 +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1.1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [355-version-negotiation-client] CipherString = DEFAULT -MinProtocol = TLSv1.2 +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-355] -ExpectedProtocol = TLSv1.2 +ExpectedProtocol = TLSv1.1 ExpectedResult = Success @@ -9853,18 +10160,20 @@ client = 356-version-negotiation-client [356-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = TLSv1.1 +MaxProtocol = TLSv1.2 MinProtocol = TLSv1.1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [356-version-negotiation-client] CipherString = DEFAULT -MinProtocol = TLSv1.2 +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-356] -ExpectedResult = ClientFail +ExpectedProtocol = TLSv1.1 +ExpectedResult = Success # =========================================================== @@ -9879,18 +10188,19 @@ client = 357-version-negotiation-client [357-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = TLSv1.2 +MaxProtocol = TLSv1.3 MinProtocol = TLSv1.1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [357-version-negotiation-client] CipherString = DEFAULT -MinProtocol = TLSv1.2 +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-357] -ExpectedProtocol = TLSv1.2 +ExpectedProtocol = TLSv1.1 ExpectedResult = Success @@ -9911,12 +10221,13 @@ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [358-version-negotiation-client] CipherString = DEFAULT -MinProtocol = TLSv1.2 +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-358] -ExpectedProtocol = TLSv1.2 +ExpectedProtocol = TLSv1.1 ExpectedResult = Success @@ -9938,13 +10249,13 @@ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [359-version-negotiation-client] CipherString = DEFAULT -MinProtocol = TLSv1.2 +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-359] -ExpectedProtocol = TLSv1.2 -ExpectedResult = Success +ExpectedResult = ServerFail # =========================================================== @@ -9959,17 +10270,8457 @@ client = 360-version-negotiation-client [360-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT +MaxProtocol = TLSv1.3 MinProtocol = TLSv1.2 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [360-version-negotiation-client] CipherString = DEFAULT -MinProtocol = TLSv1.2 +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-360] -ExpectedProtocol = TLSv1.2 -ExpectedResult = Success +ExpectedResult = ServerFail + + +# =========================================================== + +[361-version-negotiation] +ssl_conf = 361-version-negotiation-ssl + +[361-version-negotiation-ssl] +server = 361-version-negotiation-server +client = 361-version-negotiation-client + +[361-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MinProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[361-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-361] +ExpectedResult = ServerFail + + +# =========================================================== + +[362-version-negotiation] +ssl_conf = 362-version-negotiation-ssl + +[362-version-negotiation-ssl] +server = 362-version-negotiation-server +client = 362-version-negotiation-client + +[362-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[362-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-362] +ExpectedResult = ServerFail + + +# =========================================================== + +[363-version-negotiation] +ssl_conf = 363-version-negotiation-ssl + +[363-version-negotiation-ssl] +server = 363-version-negotiation-server +client = 363-version-negotiation-client + +[363-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MinProtocol = TLSv1.3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[363-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-363] +ExpectedResult = ServerFail + + +# =========================================================== + +[364-version-negotiation] +ssl_conf = 364-version-negotiation-ssl + +[364-version-negotiation-ssl] +server = 364-version-negotiation-server +client = 364-version-negotiation-client + +[364-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[364-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-364] +ExpectedResult = ServerFail + + +# =========================================================== + +[365-version-negotiation] +ssl_conf = 365-version-negotiation-ssl + +[365-version-negotiation-ssl] +server = 365-version-negotiation-server +client = 365-version-negotiation-client + +[365-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[365-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-365] +ExpectedProtocol = TLSv1 +ExpectedResult = Success + + +# =========================================================== + +[366-version-negotiation] +ssl_conf = 366-version-negotiation-ssl + +[366-version-negotiation-ssl] +server = 366-version-negotiation-server +client = 366-version-negotiation-client + +[366-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[366-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-366] +ExpectedProtocol = TLSv1.1 +ExpectedResult = Success + + +# =========================================================== + +[367-version-negotiation] +ssl_conf = 367-version-negotiation-ssl + +[367-version-negotiation-ssl] +server = 367-version-negotiation-server +client = 367-version-negotiation-client + +[367-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[367-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-367] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[368-version-negotiation] +ssl_conf = 368-version-negotiation-ssl + +[368-version-negotiation-ssl] +server = 368-version-negotiation-server +client = 368-version-negotiation-client + +[368-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[368-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-368] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[369-version-negotiation] +ssl_conf = 369-version-negotiation-ssl + +[369-version-negotiation-ssl] +server = 369-version-negotiation-server +client = 369-version-negotiation-client + +[369-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[369-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-369] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[370-version-negotiation] +ssl_conf = 370-version-negotiation-ssl + +[370-version-negotiation-ssl] +server = 370-version-negotiation-server +client = 370-version-negotiation-client + +[370-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = SSLv3 +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[370-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-370] +ExpectedResult = ServerFail + + +# =========================================================== + +[371-version-negotiation] +ssl_conf = 371-version-negotiation-ssl + +[371-version-negotiation-ssl] +server = 371-version-negotiation-server +client = 371-version-negotiation-client + +[371-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1 +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[371-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-371] +ExpectedProtocol = TLSv1 +ExpectedResult = Success + + +# =========================================================== + +[372-version-negotiation] +ssl_conf = 372-version-negotiation-ssl + +[372-version-negotiation-ssl] +server = 372-version-negotiation-server +client = 372-version-negotiation-client + +[372-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[372-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-372] +ExpectedProtocol = TLSv1.1 +ExpectedResult = Success + + +# =========================================================== + +[373-version-negotiation] +ssl_conf = 373-version-negotiation-ssl + +[373-version-negotiation-ssl] +server = 373-version-negotiation-server +client = 373-version-negotiation-client + +[373-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[373-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-373] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[374-version-negotiation] +ssl_conf = 374-version-negotiation-ssl + +[374-version-negotiation-ssl] +server = 374-version-negotiation-server +client = 374-version-negotiation-client + +[374-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[374-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-374] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[375-version-negotiation] +ssl_conf = 375-version-negotiation-ssl + +[375-version-negotiation-ssl] +server = 375-version-negotiation-server +client = 375-version-negotiation-client + +[375-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[375-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-375] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[376-version-negotiation] +ssl_conf = 376-version-negotiation-ssl + +[376-version-negotiation-ssl] +server = 376-version-negotiation-server +client = 376-version-negotiation-client + +[376-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1 +MinProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[376-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-376] +ExpectedProtocol = TLSv1 +ExpectedResult = Success + + +# =========================================================== + +[377-version-negotiation] +ssl_conf = 377-version-negotiation-ssl + +[377-version-negotiation-ssl] +server = 377-version-negotiation-server +client = 377-version-negotiation-client + +[377-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[377-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-377] +ExpectedProtocol = TLSv1.1 +ExpectedResult = Success + + +# =========================================================== + +[378-version-negotiation] +ssl_conf = 378-version-negotiation-ssl + +[378-version-negotiation-ssl] +server = 378-version-negotiation-server +client = 378-version-negotiation-client + +[378-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[378-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-378] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[379-version-negotiation] +ssl_conf = 379-version-negotiation-ssl + +[379-version-negotiation-ssl] +server = 379-version-negotiation-server +client = 379-version-negotiation-client + +[379-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[379-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-379] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[380-version-negotiation] +ssl_conf = 380-version-negotiation-ssl + +[380-version-negotiation-ssl] +server = 380-version-negotiation-server +client = 380-version-negotiation-client + +[380-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MinProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[380-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-380] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[381-version-negotiation] +ssl_conf = 381-version-negotiation-ssl + +[381-version-negotiation-ssl] +server = 381-version-negotiation-server +client = 381-version-negotiation-client + +[381-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1.1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[381-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-381] +ExpectedProtocol = TLSv1.1 +ExpectedResult = Success + + +# =========================================================== + +[382-version-negotiation] +ssl_conf = 382-version-negotiation-ssl + +[382-version-negotiation-ssl] +server = 382-version-negotiation-server +client = 382-version-negotiation-client + +[382-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[382-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-382] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[383-version-negotiation] +ssl_conf = 383-version-negotiation-ssl + +[383-version-negotiation-ssl] +server = 383-version-negotiation-server +client = 383-version-negotiation-client + +[383-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[383-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-383] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[384-version-negotiation] +ssl_conf = 384-version-negotiation-ssl + +[384-version-negotiation-ssl] +server = 384-version-negotiation-server +client = 384-version-negotiation-client + +[384-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MinProtocol = TLSv1.1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[384-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-384] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[385-version-negotiation] +ssl_conf = 385-version-negotiation-ssl + +[385-version-negotiation-ssl] +server = 385-version-negotiation-server +client = 385-version-negotiation-client + +[385-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[385-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-385] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[386-version-negotiation] +ssl_conf = 386-version-negotiation-ssl + +[386-version-negotiation-ssl] +server = 386-version-negotiation-server +client = 386-version-negotiation-client + +[386-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[386-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-386] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[387-version-negotiation] +ssl_conf = 387-version-negotiation-ssl + +[387-version-negotiation-ssl] +server = 387-version-negotiation-server +client = 387-version-negotiation-client + +[387-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MinProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[387-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-387] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[388-version-negotiation] +ssl_conf = 388-version-negotiation-ssl + +[388-version-negotiation-ssl] +server = 388-version-negotiation-server +client = 388-version-negotiation-client + +[388-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[388-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-388] +ExpectedResult = ServerFail + + +# =========================================================== + +[389-version-negotiation] +ssl_conf = 389-version-negotiation-ssl + +[389-version-negotiation-ssl] +server = 389-version-negotiation-server +client = 389-version-negotiation-client + +[389-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MinProtocol = TLSv1.3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[389-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-389] +ExpectedResult = ServerFail + + +# =========================================================== + +[390-version-negotiation] +ssl_conf = 390-version-negotiation-ssl + +[390-version-negotiation-ssl] +server = 390-version-negotiation-server +client = 390-version-negotiation-client + +[390-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[390-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-390] +ExpectedResult = ServerFail + + +# =========================================================== + +[391-version-negotiation] +ssl_conf = 391-version-negotiation-ssl + +[391-version-negotiation-ssl] +server = 391-version-negotiation-server +client = 391-version-negotiation-client + +[391-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[391-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-391] +ExpectedProtocol = TLSv1 +ExpectedResult = Success + + +# =========================================================== + +[392-version-negotiation] +ssl_conf = 392-version-negotiation-ssl + +[392-version-negotiation-ssl] +server = 392-version-negotiation-server +client = 392-version-negotiation-client + +[392-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[392-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-392] +ExpectedProtocol = TLSv1.1 +ExpectedResult = Success + + +# =========================================================== + +[393-version-negotiation] +ssl_conf = 393-version-negotiation-ssl + +[393-version-negotiation-ssl] +server = 393-version-negotiation-server +client = 393-version-negotiation-client + +[393-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[393-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-393] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[394-version-negotiation] +ssl_conf = 394-version-negotiation-ssl + +[394-version-negotiation-ssl] +server = 394-version-negotiation-server +client = 394-version-negotiation-client + +[394-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[394-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-394] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[395-version-negotiation] +ssl_conf = 395-version-negotiation-ssl + +[395-version-negotiation-ssl] +server = 395-version-negotiation-server +client = 395-version-negotiation-client + +[395-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[395-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-395] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[396-version-negotiation] +ssl_conf = 396-version-negotiation-ssl + +[396-version-negotiation-ssl] +server = 396-version-negotiation-server +client = 396-version-negotiation-client + +[396-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = SSLv3 +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[396-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-396] +ExpectedResult = ServerFail + + +# =========================================================== + +[397-version-negotiation] +ssl_conf = 397-version-negotiation-ssl + +[397-version-negotiation-ssl] +server = 397-version-negotiation-server +client = 397-version-negotiation-client + +[397-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1 +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[397-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-397] +ExpectedProtocol = TLSv1 +ExpectedResult = Success + + +# =========================================================== + +[398-version-negotiation] +ssl_conf = 398-version-negotiation-ssl + +[398-version-negotiation-ssl] +server = 398-version-negotiation-server +client = 398-version-negotiation-client + +[398-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[398-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-398] +ExpectedProtocol = TLSv1.1 +ExpectedResult = Success + + +# =========================================================== + +[399-version-negotiation] +ssl_conf = 399-version-negotiation-ssl + +[399-version-negotiation-ssl] +server = 399-version-negotiation-server +client = 399-version-negotiation-client + +[399-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[399-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-399] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[400-version-negotiation] +ssl_conf = 400-version-negotiation-ssl + +[400-version-negotiation-ssl] +server = 400-version-negotiation-server +client = 400-version-negotiation-client + +[400-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[400-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-400] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[401-version-negotiation] +ssl_conf = 401-version-negotiation-ssl + +[401-version-negotiation-ssl] +server = 401-version-negotiation-server +client = 401-version-negotiation-client + +[401-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[401-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-401] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[402-version-negotiation] +ssl_conf = 402-version-negotiation-ssl + +[402-version-negotiation-ssl] +server = 402-version-negotiation-server +client = 402-version-negotiation-client + +[402-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1 +MinProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[402-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-402] +ExpectedProtocol = TLSv1 +ExpectedResult = Success + + +# =========================================================== + +[403-version-negotiation] +ssl_conf = 403-version-negotiation-ssl + +[403-version-negotiation-ssl] +server = 403-version-negotiation-server +client = 403-version-negotiation-client + +[403-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[403-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-403] +ExpectedProtocol = TLSv1.1 +ExpectedResult = Success + + +# =========================================================== + +[404-version-negotiation] +ssl_conf = 404-version-negotiation-ssl + +[404-version-negotiation-ssl] +server = 404-version-negotiation-server +client = 404-version-negotiation-client + +[404-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[404-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-404] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[405-version-negotiation] +ssl_conf = 405-version-negotiation-ssl + +[405-version-negotiation-ssl] +server = 405-version-negotiation-server +client = 405-version-negotiation-client + +[405-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[405-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-405] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[406-version-negotiation] +ssl_conf = 406-version-negotiation-ssl + +[406-version-negotiation-ssl] +server = 406-version-negotiation-server +client = 406-version-negotiation-client + +[406-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MinProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[406-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-406] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[407-version-negotiation] +ssl_conf = 407-version-negotiation-ssl + +[407-version-negotiation-ssl] +server = 407-version-negotiation-server +client = 407-version-negotiation-client + +[407-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1.1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[407-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-407] +ExpectedProtocol = TLSv1.1 +ExpectedResult = Success + + +# =========================================================== + +[408-version-negotiation] +ssl_conf = 408-version-negotiation-ssl + +[408-version-negotiation-ssl] +server = 408-version-negotiation-server +client = 408-version-negotiation-client + +[408-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[408-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-408] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[409-version-negotiation] +ssl_conf = 409-version-negotiation-ssl + +[409-version-negotiation-ssl] +server = 409-version-negotiation-server +client = 409-version-negotiation-client + +[409-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[409-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-409] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[410-version-negotiation] +ssl_conf = 410-version-negotiation-ssl + +[410-version-negotiation-ssl] +server = 410-version-negotiation-server +client = 410-version-negotiation-client + +[410-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MinProtocol = TLSv1.1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[410-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-410] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[411-version-negotiation] +ssl_conf = 411-version-negotiation-ssl + +[411-version-negotiation-ssl] +server = 411-version-negotiation-server +client = 411-version-negotiation-client + +[411-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[411-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-411] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[412-version-negotiation] +ssl_conf = 412-version-negotiation-ssl + +[412-version-negotiation-ssl] +server = 412-version-negotiation-server +client = 412-version-negotiation-client + +[412-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[412-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-412] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[413-version-negotiation] +ssl_conf = 413-version-negotiation-ssl + +[413-version-negotiation-ssl] +server = 413-version-negotiation-server +client = 413-version-negotiation-client + +[413-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MinProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[413-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-413] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[414-version-negotiation] +ssl_conf = 414-version-negotiation-ssl + +[414-version-negotiation-ssl] +server = 414-version-negotiation-server +client = 414-version-negotiation-client + +[414-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[414-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-414] +ExpectedResult = ServerFail + + +# =========================================================== + +[415-version-negotiation] +ssl_conf = 415-version-negotiation-ssl + +[415-version-negotiation-ssl] +server = 415-version-negotiation-server +client = 415-version-negotiation-client + +[415-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MinProtocol = TLSv1.3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[415-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-415] +ExpectedResult = ServerFail + + +# =========================================================== + +[416-version-negotiation] +ssl_conf = 416-version-negotiation-ssl + +[416-version-negotiation-ssl] +server = 416-version-negotiation-server +client = 416-version-negotiation-client + +[416-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[416-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-416] +ExpectedResult = ServerFail + + +# =========================================================== + +[417-version-negotiation] +ssl_conf = 417-version-negotiation-ssl + +[417-version-negotiation-ssl] +server = 417-version-negotiation-server +client = 417-version-negotiation-client + +[417-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[417-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-417] +ExpectedProtocol = TLSv1 +ExpectedResult = Success + + +# =========================================================== + +[418-version-negotiation] +ssl_conf = 418-version-negotiation-ssl + +[418-version-negotiation-ssl] +server = 418-version-negotiation-server +client = 418-version-negotiation-client + +[418-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[418-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-418] +ExpectedProtocol = TLSv1.1 +ExpectedResult = Success + + +# =========================================================== + +[419-version-negotiation] +ssl_conf = 419-version-negotiation-ssl + +[419-version-negotiation-ssl] +server = 419-version-negotiation-server +client = 419-version-negotiation-client + +[419-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[419-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-419] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[420-version-negotiation] +ssl_conf = 420-version-negotiation-ssl + +[420-version-negotiation-ssl] +server = 420-version-negotiation-server +client = 420-version-negotiation-client + +[420-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[420-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-420] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[421-version-negotiation] +ssl_conf = 421-version-negotiation-ssl + +[421-version-negotiation-ssl] +server = 421-version-negotiation-server +client = 421-version-negotiation-client + +[421-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[421-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-421] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[422-version-negotiation] +ssl_conf = 422-version-negotiation-ssl + +[422-version-negotiation-ssl] +server = 422-version-negotiation-server +client = 422-version-negotiation-client + +[422-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = SSLv3 +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[422-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-422] +ExpectedResult = ServerFail + + +# =========================================================== + +[423-version-negotiation] +ssl_conf = 423-version-negotiation-ssl + +[423-version-negotiation-ssl] +server = 423-version-negotiation-server +client = 423-version-negotiation-client + +[423-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1 +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[423-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-423] +ExpectedProtocol = TLSv1 +ExpectedResult = Success + + +# =========================================================== + +[424-version-negotiation] +ssl_conf = 424-version-negotiation-ssl + +[424-version-negotiation-ssl] +server = 424-version-negotiation-server +client = 424-version-negotiation-client + +[424-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[424-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-424] +ExpectedProtocol = TLSv1.1 +ExpectedResult = Success + + +# =========================================================== + +[425-version-negotiation] +ssl_conf = 425-version-negotiation-ssl + +[425-version-negotiation-ssl] +server = 425-version-negotiation-server +client = 425-version-negotiation-client + +[425-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[425-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-425] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[426-version-negotiation] +ssl_conf = 426-version-negotiation-ssl + +[426-version-negotiation-ssl] +server = 426-version-negotiation-server +client = 426-version-negotiation-client + +[426-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[426-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-426] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[427-version-negotiation] +ssl_conf = 427-version-negotiation-ssl + +[427-version-negotiation-ssl] +server = 427-version-negotiation-server +client = 427-version-negotiation-client + +[427-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[427-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-427] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[428-version-negotiation] +ssl_conf = 428-version-negotiation-ssl + +[428-version-negotiation-ssl] +server = 428-version-negotiation-server +client = 428-version-negotiation-client + +[428-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1 +MinProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[428-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-428] +ExpectedProtocol = TLSv1 +ExpectedResult = Success + + +# =========================================================== + +[429-version-negotiation] +ssl_conf = 429-version-negotiation-ssl + +[429-version-negotiation-ssl] +server = 429-version-negotiation-server +client = 429-version-negotiation-client + +[429-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[429-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-429] +ExpectedProtocol = TLSv1.1 +ExpectedResult = Success + + +# =========================================================== + +[430-version-negotiation] +ssl_conf = 430-version-negotiation-ssl + +[430-version-negotiation-ssl] +server = 430-version-negotiation-server +client = 430-version-negotiation-client + +[430-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[430-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-430] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[431-version-negotiation] +ssl_conf = 431-version-negotiation-ssl + +[431-version-negotiation-ssl] +server = 431-version-negotiation-server +client = 431-version-negotiation-client + +[431-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[431-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-431] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[432-version-negotiation] +ssl_conf = 432-version-negotiation-ssl + +[432-version-negotiation-ssl] +server = 432-version-negotiation-server +client = 432-version-negotiation-client + +[432-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MinProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[432-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-432] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[433-version-negotiation] +ssl_conf = 433-version-negotiation-ssl + +[433-version-negotiation-ssl] +server = 433-version-negotiation-server +client = 433-version-negotiation-client + +[433-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1.1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[433-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-433] +ExpectedProtocol = TLSv1.1 +ExpectedResult = Success + + +# =========================================================== + +[434-version-negotiation] +ssl_conf = 434-version-negotiation-ssl + +[434-version-negotiation-ssl] +server = 434-version-negotiation-server +client = 434-version-negotiation-client + +[434-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[434-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-434] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[435-version-negotiation] +ssl_conf = 435-version-negotiation-ssl + +[435-version-negotiation-ssl] +server = 435-version-negotiation-server +client = 435-version-negotiation-client + +[435-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[435-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-435] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[436-version-negotiation] +ssl_conf = 436-version-negotiation-ssl + +[436-version-negotiation-ssl] +server = 436-version-negotiation-server +client = 436-version-negotiation-client + +[436-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MinProtocol = TLSv1.1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[436-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-436] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[437-version-negotiation] +ssl_conf = 437-version-negotiation-ssl + +[437-version-negotiation-ssl] +server = 437-version-negotiation-server +client = 437-version-negotiation-client + +[437-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[437-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-437] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[438-version-negotiation] +ssl_conf = 438-version-negotiation-ssl + +[438-version-negotiation-ssl] +server = 438-version-negotiation-server +client = 438-version-negotiation-client + +[438-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[438-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-438] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[439-version-negotiation] +ssl_conf = 439-version-negotiation-ssl + +[439-version-negotiation-ssl] +server = 439-version-negotiation-server +client = 439-version-negotiation-client + +[439-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MinProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[439-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-439] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[440-version-negotiation] +ssl_conf = 440-version-negotiation-ssl + +[440-version-negotiation-ssl] +server = 440-version-negotiation-server +client = 440-version-negotiation-client + +[440-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[440-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-440] +ExpectedResult = ServerFail + + +# =========================================================== + +[441-version-negotiation] +ssl_conf = 441-version-negotiation-ssl + +[441-version-negotiation-ssl] +server = 441-version-negotiation-server +client = 441-version-negotiation-client + +[441-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MinProtocol = TLSv1.3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[441-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-441] +ExpectedResult = ServerFail + + +# =========================================================== + +[442-version-negotiation] +ssl_conf = 442-version-negotiation-ssl + +[442-version-negotiation-ssl] +server = 442-version-negotiation-server +client = 442-version-negotiation-client + +[442-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[442-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-442] +ExpectedResult = ServerFail + + +# =========================================================== + +[443-version-negotiation] +ssl_conf = 443-version-negotiation-ssl + +[443-version-negotiation-ssl] +server = 443-version-negotiation-server +client = 443-version-negotiation-client + +[443-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[443-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-443] +ExpectedResult = ClientFail + + +# =========================================================== + +[444-version-negotiation] +ssl_conf = 444-version-negotiation-ssl + +[444-version-negotiation-ssl] +server = 444-version-negotiation-server +client = 444-version-negotiation-client + +[444-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[444-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-444] +ExpectedProtocol = TLSv1.1 +ExpectedResult = Success + + +# =========================================================== + +[445-version-negotiation] +ssl_conf = 445-version-negotiation-ssl + +[445-version-negotiation-ssl] +server = 445-version-negotiation-server +client = 445-version-negotiation-client + +[445-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[445-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-445] +ExpectedProtocol = TLSv1.1 +ExpectedResult = Success + + +# =========================================================== + +[446-version-negotiation] +ssl_conf = 446-version-negotiation-ssl + +[446-version-negotiation-ssl] +server = 446-version-negotiation-server +client = 446-version-negotiation-client + +[446-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[446-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-446] +ExpectedProtocol = TLSv1.1 +ExpectedResult = Success + + +# =========================================================== + +[447-version-negotiation] +ssl_conf = 447-version-negotiation-ssl + +[447-version-negotiation-ssl] +server = 447-version-negotiation-server +client = 447-version-negotiation-client + +[447-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[447-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-447] +ExpectedProtocol = TLSv1.1 +ExpectedResult = Success + + +# =========================================================== + +[448-version-negotiation] +ssl_conf = 448-version-negotiation-ssl + +[448-version-negotiation-ssl] +server = 448-version-negotiation-server +client = 448-version-negotiation-client + +[448-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = SSLv3 +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[448-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-448] +ExpectedResult = ServerFail + + +# =========================================================== + +[449-version-negotiation] +ssl_conf = 449-version-negotiation-ssl + +[449-version-negotiation-ssl] +server = 449-version-negotiation-server +client = 449-version-negotiation-client + +[449-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1 +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[449-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-449] +ExpectedResult = ClientFail + + +# =========================================================== + +[450-version-negotiation] +ssl_conf = 450-version-negotiation-ssl + +[450-version-negotiation-ssl] +server = 450-version-negotiation-server +client = 450-version-negotiation-client + +[450-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[450-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-450] +ExpectedProtocol = TLSv1.1 +ExpectedResult = Success + + +# =========================================================== + +[451-version-negotiation] +ssl_conf = 451-version-negotiation-ssl + +[451-version-negotiation-ssl] +server = 451-version-negotiation-server +client = 451-version-negotiation-client + +[451-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[451-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-451] +ExpectedProtocol = TLSv1.1 +ExpectedResult = Success + + +# =========================================================== + +[452-version-negotiation] +ssl_conf = 452-version-negotiation-ssl + +[452-version-negotiation-ssl] +server = 452-version-negotiation-server +client = 452-version-negotiation-client + +[452-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[452-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-452] +ExpectedProtocol = TLSv1.1 +ExpectedResult = Success + + +# =========================================================== + +[453-version-negotiation] +ssl_conf = 453-version-negotiation-ssl + +[453-version-negotiation-ssl] +server = 453-version-negotiation-server +client = 453-version-negotiation-client + +[453-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[453-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-453] +ExpectedProtocol = TLSv1.1 +ExpectedResult = Success + + +# =========================================================== + +[454-version-negotiation] +ssl_conf = 454-version-negotiation-ssl + +[454-version-negotiation-ssl] +server = 454-version-negotiation-server +client = 454-version-negotiation-client + +[454-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1 +MinProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[454-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-454] +ExpectedResult = ClientFail + + +# =========================================================== + +[455-version-negotiation] +ssl_conf = 455-version-negotiation-ssl + +[455-version-negotiation-ssl] +server = 455-version-negotiation-server +client = 455-version-negotiation-client + +[455-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[455-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-455] +ExpectedProtocol = TLSv1.1 +ExpectedResult = Success + + +# =========================================================== + +[456-version-negotiation] +ssl_conf = 456-version-negotiation-ssl + +[456-version-negotiation-ssl] +server = 456-version-negotiation-server +client = 456-version-negotiation-client + +[456-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[456-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-456] +ExpectedProtocol = TLSv1.1 +ExpectedResult = Success + + +# =========================================================== + +[457-version-negotiation] +ssl_conf = 457-version-negotiation-ssl + +[457-version-negotiation-ssl] +server = 457-version-negotiation-server +client = 457-version-negotiation-client + +[457-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[457-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-457] +ExpectedProtocol = TLSv1.1 +ExpectedResult = Success + + +# =========================================================== + +[458-version-negotiation] +ssl_conf = 458-version-negotiation-ssl + +[458-version-negotiation-ssl] +server = 458-version-negotiation-server +client = 458-version-negotiation-client + +[458-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MinProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[458-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-458] +ExpectedProtocol = TLSv1.1 +ExpectedResult = Success + + +# =========================================================== + +[459-version-negotiation] +ssl_conf = 459-version-negotiation-ssl + +[459-version-negotiation-ssl] +server = 459-version-negotiation-server +client = 459-version-negotiation-client + +[459-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1.1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[459-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-459] +ExpectedProtocol = TLSv1.1 +ExpectedResult = Success + + +# =========================================================== + +[460-version-negotiation] +ssl_conf = 460-version-negotiation-ssl + +[460-version-negotiation-ssl] +server = 460-version-negotiation-server +client = 460-version-negotiation-client + +[460-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[460-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-460] +ExpectedProtocol = TLSv1.1 +ExpectedResult = Success + + +# =========================================================== + +[461-version-negotiation] +ssl_conf = 461-version-negotiation-ssl + +[461-version-negotiation-ssl] +server = 461-version-negotiation-server +client = 461-version-negotiation-client + +[461-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[461-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-461] +ExpectedProtocol = TLSv1.1 +ExpectedResult = Success + + +# =========================================================== + +[462-version-negotiation] +ssl_conf = 462-version-negotiation-ssl + +[462-version-negotiation-ssl] +server = 462-version-negotiation-server +client = 462-version-negotiation-client + +[462-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MinProtocol = TLSv1.1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[462-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-462] +ExpectedProtocol = TLSv1.1 +ExpectedResult = Success + + +# =========================================================== + +[463-version-negotiation] +ssl_conf = 463-version-negotiation-ssl + +[463-version-negotiation-ssl] +server = 463-version-negotiation-server +client = 463-version-negotiation-client + +[463-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[463-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-463] +ExpectedResult = ServerFail + + +# =========================================================== + +[464-version-negotiation] +ssl_conf = 464-version-negotiation-ssl + +[464-version-negotiation-ssl] +server = 464-version-negotiation-server +client = 464-version-negotiation-client + +[464-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[464-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-464] +ExpectedResult = ServerFail + + +# =========================================================== + +[465-version-negotiation] +ssl_conf = 465-version-negotiation-ssl + +[465-version-negotiation-ssl] +server = 465-version-negotiation-server +client = 465-version-negotiation-client + +[465-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MinProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[465-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-465] +ExpectedResult = ServerFail + + +# =========================================================== + +[466-version-negotiation] +ssl_conf = 466-version-negotiation-ssl + +[466-version-negotiation-ssl] +server = 466-version-negotiation-server +client = 466-version-negotiation-client + +[466-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[466-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-466] +ExpectedResult = ServerFail + + +# =========================================================== + +[467-version-negotiation] +ssl_conf = 467-version-negotiation-ssl + +[467-version-negotiation-ssl] +server = 467-version-negotiation-server +client = 467-version-negotiation-client + +[467-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MinProtocol = TLSv1.3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[467-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-467] +ExpectedResult = ServerFail + + +# =========================================================== + +[468-version-negotiation] +ssl_conf = 468-version-negotiation-ssl + +[468-version-negotiation-ssl] +server = 468-version-negotiation-server +client = 468-version-negotiation-client + +[468-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[468-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-468] +ExpectedResult = ServerFail + + +# =========================================================== + +[469-version-negotiation] +ssl_conf = 469-version-negotiation-ssl + +[469-version-negotiation-ssl] +server = 469-version-negotiation-server +client = 469-version-negotiation-client + +[469-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[469-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-469] +ExpectedResult = ClientFail + + +# =========================================================== + +[470-version-negotiation] +ssl_conf = 470-version-negotiation-ssl + +[470-version-negotiation-ssl] +server = 470-version-negotiation-server +client = 470-version-negotiation-client + +[470-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[470-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-470] +ExpectedProtocol = TLSv1.1 +ExpectedResult = Success + + +# =========================================================== + +[471-version-negotiation] +ssl_conf = 471-version-negotiation-ssl + +[471-version-negotiation-ssl] +server = 471-version-negotiation-server +client = 471-version-negotiation-client + +[471-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[471-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-471] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[472-version-negotiation] +ssl_conf = 472-version-negotiation-ssl + +[472-version-negotiation-ssl] +server = 472-version-negotiation-server +client = 472-version-negotiation-client + +[472-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[472-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-472] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[473-version-negotiation] +ssl_conf = 473-version-negotiation-ssl + +[473-version-negotiation-ssl] +server = 473-version-negotiation-server +client = 473-version-negotiation-client + +[473-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[473-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-473] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[474-version-negotiation] +ssl_conf = 474-version-negotiation-ssl + +[474-version-negotiation-ssl] +server = 474-version-negotiation-server +client = 474-version-negotiation-client + +[474-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = SSLv3 +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[474-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-474] +ExpectedResult = ServerFail + + +# =========================================================== + +[475-version-negotiation] +ssl_conf = 475-version-negotiation-ssl + +[475-version-negotiation-ssl] +server = 475-version-negotiation-server +client = 475-version-negotiation-client + +[475-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1 +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[475-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-475] +ExpectedResult = ClientFail + + +# =========================================================== + +[476-version-negotiation] +ssl_conf = 476-version-negotiation-ssl + +[476-version-negotiation-ssl] +server = 476-version-negotiation-server +client = 476-version-negotiation-client + +[476-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[476-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-476] +ExpectedProtocol = TLSv1.1 +ExpectedResult = Success + + +# =========================================================== + +[477-version-negotiation] +ssl_conf = 477-version-negotiation-ssl + +[477-version-negotiation-ssl] +server = 477-version-negotiation-server +client = 477-version-negotiation-client + +[477-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[477-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-477] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[478-version-negotiation] +ssl_conf = 478-version-negotiation-ssl + +[478-version-negotiation-ssl] +server = 478-version-negotiation-server +client = 478-version-negotiation-client + +[478-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[478-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-478] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[479-version-negotiation] +ssl_conf = 479-version-negotiation-ssl + +[479-version-negotiation-ssl] +server = 479-version-negotiation-server +client = 479-version-negotiation-client + +[479-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[479-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-479] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[480-version-negotiation] +ssl_conf = 480-version-negotiation-ssl + +[480-version-negotiation-ssl] +server = 480-version-negotiation-server +client = 480-version-negotiation-client + +[480-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1 +MinProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[480-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-480] +ExpectedResult = ClientFail + + +# =========================================================== + +[481-version-negotiation] +ssl_conf = 481-version-negotiation-ssl + +[481-version-negotiation-ssl] +server = 481-version-negotiation-server +client = 481-version-negotiation-client + +[481-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[481-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-481] +ExpectedProtocol = TLSv1.1 +ExpectedResult = Success + + +# =========================================================== + +[482-version-negotiation] +ssl_conf = 482-version-negotiation-ssl + +[482-version-negotiation-ssl] +server = 482-version-negotiation-server +client = 482-version-negotiation-client + +[482-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[482-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-482] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[483-version-negotiation] +ssl_conf = 483-version-negotiation-ssl + +[483-version-negotiation-ssl] +server = 483-version-negotiation-server +client = 483-version-negotiation-client + +[483-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[483-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-483] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[484-version-negotiation] +ssl_conf = 484-version-negotiation-ssl + +[484-version-negotiation-ssl] +server = 484-version-negotiation-server +client = 484-version-negotiation-client + +[484-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MinProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[484-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-484] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[485-version-negotiation] +ssl_conf = 485-version-negotiation-ssl + +[485-version-negotiation-ssl] +server = 485-version-negotiation-server +client = 485-version-negotiation-client + +[485-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1.1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[485-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-485] +ExpectedProtocol = TLSv1.1 +ExpectedResult = Success + + +# =========================================================== + +[486-version-negotiation] +ssl_conf = 486-version-negotiation-ssl + +[486-version-negotiation-ssl] +server = 486-version-negotiation-server +client = 486-version-negotiation-client + +[486-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[486-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-486] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[487-version-negotiation] +ssl_conf = 487-version-negotiation-ssl + +[487-version-negotiation-ssl] +server = 487-version-negotiation-server +client = 487-version-negotiation-client + +[487-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[487-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-487] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[488-version-negotiation] +ssl_conf = 488-version-negotiation-ssl + +[488-version-negotiation-ssl] +server = 488-version-negotiation-server +client = 488-version-negotiation-client + +[488-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MinProtocol = TLSv1.1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[488-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-488] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[489-version-negotiation] +ssl_conf = 489-version-negotiation-ssl + +[489-version-negotiation-ssl] +server = 489-version-negotiation-server +client = 489-version-negotiation-client + +[489-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[489-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-489] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[490-version-negotiation] +ssl_conf = 490-version-negotiation-ssl + +[490-version-negotiation-ssl] +server = 490-version-negotiation-server +client = 490-version-negotiation-client + +[490-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[490-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-490] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[491-version-negotiation] +ssl_conf = 491-version-negotiation-ssl + +[491-version-negotiation-ssl] +server = 491-version-negotiation-server +client = 491-version-negotiation-client + +[491-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MinProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[491-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-491] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[492-version-negotiation] +ssl_conf = 492-version-negotiation-ssl + +[492-version-negotiation-ssl] +server = 492-version-negotiation-server +client = 492-version-negotiation-client + +[492-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[492-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-492] +ExpectedResult = ServerFail + + +# =========================================================== + +[493-version-negotiation] +ssl_conf = 493-version-negotiation-ssl + +[493-version-negotiation-ssl] +server = 493-version-negotiation-server +client = 493-version-negotiation-client + +[493-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MinProtocol = TLSv1.3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[493-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-493] +ExpectedResult = ServerFail + + +# =========================================================== + +[494-version-negotiation] +ssl_conf = 494-version-negotiation-ssl + +[494-version-negotiation-ssl] +server = 494-version-negotiation-server +client = 494-version-negotiation-client + +[494-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[494-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-494] +ExpectedResult = ServerFail + + +# =========================================================== + +[495-version-negotiation] +ssl_conf = 495-version-negotiation-ssl + +[495-version-negotiation-ssl] +server = 495-version-negotiation-server +client = 495-version-negotiation-client + +[495-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[495-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-495] +ExpectedResult = ClientFail + + +# =========================================================== + +[496-version-negotiation] +ssl_conf = 496-version-negotiation-ssl + +[496-version-negotiation-ssl] +server = 496-version-negotiation-server +client = 496-version-negotiation-client + +[496-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[496-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-496] +ExpectedProtocol = TLSv1.1 +ExpectedResult = Success + + +# =========================================================== + +[497-version-negotiation] +ssl_conf = 497-version-negotiation-ssl + +[497-version-negotiation-ssl] +server = 497-version-negotiation-server +client = 497-version-negotiation-client + +[497-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[497-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-497] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[498-version-negotiation] +ssl_conf = 498-version-negotiation-ssl + +[498-version-negotiation-ssl] +server = 498-version-negotiation-server +client = 498-version-negotiation-client + +[498-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[498-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-498] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[499-version-negotiation] +ssl_conf = 499-version-negotiation-ssl + +[499-version-negotiation-ssl] +server = 499-version-negotiation-server +client = 499-version-negotiation-client + +[499-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[499-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-499] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[500-version-negotiation] +ssl_conf = 500-version-negotiation-ssl + +[500-version-negotiation-ssl] +server = 500-version-negotiation-server +client = 500-version-negotiation-client + +[500-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = SSLv3 +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[500-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-500] +ExpectedResult = ServerFail + + +# =========================================================== + +[501-version-negotiation] +ssl_conf = 501-version-negotiation-ssl + +[501-version-negotiation-ssl] +server = 501-version-negotiation-server +client = 501-version-negotiation-client + +[501-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1 +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[501-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-501] +ExpectedResult = ClientFail + + +# =========================================================== + +[502-version-negotiation] +ssl_conf = 502-version-negotiation-ssl + +[502-version-negotiation-ssl] +server = 502-version-negotiation-server +client = 502-version-negotiation-client + +[502-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[502-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-502] +ExpectedProtocol = TLSv1.1 +ExpectedResult = Success + + +# =========================================================== + +[503-version-negotiation] +ssl_conf = 503-version-negotiation-ssl + +[503-version-negotiation-ssl] +server = 503-version-negotiation-server +client = 503-version-negotiation-client + +[503-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[503-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-503] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[504-version-negotiation] +ssl_conf = 504-version-negotiation-ssl + +[504-version-negotiation-ssl] +server = 504-version-negotiation-server +client = 504-version-negotiation-client + +[504-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[504-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-504] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[505-version-negotiation] +ssl_conf = 505-version-negotiation-ssl + +[505-version-negotiation-ssl] +server = 505-version-negotiation-server +client = 505-version-negotiation-client + +[505-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[505-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-505] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[506-version-negotiation] +ssl_conf = 506-version-negotiation-ssl + +[506-version-negotiation-ssl] +server = 506-version-negotiation-server +client = 506-version-negotiation-client + +[506-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1 +MinProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[506-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-506] +ExpectedResult = ClientFail + + +# =========================================================== + +[507-version-negotiation] +ssl_conf = 507-version-negotiation-ssl + +[507-version-negotiation-ssl] +server = 507-version-negotiation-server +client = 507-version-negotiation-client + +[507-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[507-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-507] +ExpectedProtocol = TLSv1.1 +ExpectedResult = Success + + +# =========================================================== + +[508-version-negotiation] +ssl_conf = 508-version-negotiation-ssl + +[508-version-negotiation-ssl] +server = 508-version-negotiation-server +client = 508-version-negotiation-client + +[508-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[508-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-508] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[509-version-negotiation] +ssl_conf = 509-version-negotiation-ssl + +[509-version-negotiation-ssl] +server = 509-version-negotiation-server +client = 509-version-negotiation-client + +[509-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[509-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-509] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[510-version-negotiation] +ssl_conf = 510-version-negotiation-ssl + +[510-version-negotiation-ssl] +server = 510-version-negotiation-server +client = 510-version-negotiation-client + +[510-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MinProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[510-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-510] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[511-version-negotiation] +ssl_conf = 511-version-negotiation-ssl + +[511-version-negotiation-ssl] +server = 511-version-negotiation-server +client = 511-version-negotiation-client + +[511-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1.1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[511-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-511] +ExpectedProtocol = TLSv1.1 +ExpectedResult = Success + + +# =========================================================== + +[512-version-negotiation] +ssl_conf = 512-version-negotiation-ssl + +[512-version-negotiation-ssl] +server = 512-version-negotiation-server +client = 512-version-negotiation-client + +[512-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[512-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-512] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[513-version-negotiation] +ssl_conf = 513-version-negotiation-ssl + +[513-version-negotiation-ssl] +server = 513-version-negotiation-server +client = 513-version-negotiation-client + +[513-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[513-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-513] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[514-version-negotiation] +ssl_conf = 514-version-negotiation-ssl + +[514-version-negotiation-ssl] +server = 514-version-negotiation-server +client = 514-version-negotiation-client + +[514-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MinProtocol = TLSv1.1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[514-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-514] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[515-version-negotiation] +ssl_conf = 515-version-negotiation-ssl + +[515-version-negotiation-ssl] +server = 515-version-negotiation-server +client = 515-version-negotiation-client + +[515-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[515-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-515] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[516-version-negotiation] +ssl_conf = 516-version-negotiation-ssl + +[516-version-negotiation-ssl] +server = 516-version-negotiation-server +client = 516-version-negotiation-client + +[516-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[516-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-516] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[517-version-negotiation] +ssl_conf = 517-version-negotiation-ssl + +[517-version-negotiation-ssl] +server = 517-version-negotiation-server +client = 517-version-negotiation-client + +[517-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MinProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[517-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-517] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[518-version-negotiation] +ssl_conf = 518-version-negotiation-ssl + +[518-version-negotiation-ssl] +server = 518-version-negotiation-server +client = 518-version-negotiation-client + +[518-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[518-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-518] +ExpectedResult = ServerFail + + +# =========================================================== + +[519-version-negotiation] +ssl_conf = 519-version-negotiation-ssl + +[519-version-negotiation-ssl] +server = 519-version-negotiation-server +client = 519-version-negotiation-client + +[519-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MinProtocol = TLSv1.3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[519-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-519] +ExpectedResult = ServerFail + + +# =========================================================== + +[520-version-negotiation] +ssl_conf = 520-version-negotiation-ssl + +[520-version-negotiation-ssl] +server = 520-version-negotiation-server +client = 520-version-negotiation-client + +[520-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[520-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-520] +ExpectedResult = ServerFail + + +# =========================================================== + +[521-version-negotiation] +ssl_conf = 521-version-negotiation-ssl + +[521-version-negotiation-ssl] +server = 521-version-negotiation-server +client = 521-version-negotiation-client + +[521-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[521-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-521] +ExpectedResult = ClientFail + + +# =========================================================== + +[522-version-negotiation] +ssl_conf = 522-version-negotiation-ssl + +[522-version-negotiation-ssl] +server = 522-version-negotiation-server +client = 522-version-negotiation-client + +[522-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[522-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-522] +ExpectedProtocol = TLSv1.1 +ExpectedResult = Success + + +# =========================================================== + +[523-version-negotiation] +ssl_conf = 523-version-negotiation-ssl + +[523-version-negotiation-ssl] +server = 523-version-negotiation-server +client = 523-version-negotiation-client + +[523-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[523-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-523] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[524-version-negotiation] +ssl_conf = 524-version-negotiation-ssl + +[524-version-negotiation-ssl] +server = 524-version-negotiation-server +client = 524-version-negotiation-client + +[524-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[524-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-524] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[525-version-negotiation] +ssl_conf = 525-version-negotiation-ssl + +[525-version-negotiation-ssl] +server = 525-version-negotiation-server +client = 525-version-negotiation-client + +[525-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[525-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-525] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[526-version-negotiation] +ssl_conf = 526-version-negotiation-ssl + +[526-version-negotiation-ssl] +server = 526-version-negotiation-server +client = 526-version-negotiation-client + +[526-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = SSLv3 +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[526-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-526] +ExpectedResult = ServerFail + + +# =========================================================== + +[527-version-negotiation] +ssl_conf = 527-version-negotiation-ssl + +[527-version-negotiation-ssl] +server = 527-version-negotiation-server +client = 527-version-negotiation-client + +[527-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1 +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[527-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-527] +ExpectedResult = ClientFail + + +# =========================================================== + +[528-version-negotiation] +ssl_conf = 528-version-negotiation-ssl + +[528-version-negotiation-ssl] +server = 528-version-negotiation-server +client = 528-version-negotiation-client + +[528-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[528-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-528] +ExpectedProtocol = TLSv1.1 +ExpectedResult = Success + + +# =========================================================== + +[529-version-negotiation] +ssl_conf = 529-version-negotiation-ssl + +[529-version-negotiation-ssl] +server = 529-version-negotiation-server +client = 529-version-negotiation-client + +[529-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[529-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-529] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[530-version-negotiation] +ssl_conf = 530-version-negotiation-ssl + +[530-version-negotiation-ssl] +server = 530-version-negotiation-server +client = 530-version-negotiation-client + +[530-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[530-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-530] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[531-version-negotiation] +ssl_conf = 531-version-negotiation-ssl + +[531-version-negotiation-ssl] +server = 531-version-negotiation-server +client = 531-version-negotiation-client + +[531-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[531-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-531] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[532-version-negotiation] +ssl_conf = 532-version-negotiation-ssl + +[532-version-negotiation-ssl] +server = 532-version-negotiation-server +client = 532-version-negotiation-client + +[532-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1 +MinProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[532-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-532] +ExpectedResult = ClientFail + + +# =========================================================== + +[533-version-negotiation] +ssl_conf = 533-version-negotiation-ssl + +[533-version-negotiation-ssl] +server = 533-version-negotiation-server +client = 533-version-negotiation-client + +[533-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[533-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-533] +ExpectedProtocol = TLSv1.1 +ExpectedResult = Success + + +# =========================================================== + +[534-version-negotiation] +ssl_conf = 534-version-negotiation-ssl + +[534-version-negotiation-ssl] +server = 534-version-negotiation-server +client = 534-version-negotiation-client + +[534-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[534-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-534] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[535-version-negotiation] +ssl_conf = 535-version-negotiation-ssl + +[535-version-negotiation-ssl] +server = 535-version-negotiation-server +client = 535-version-negotiation-client + +[535-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[535-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-535] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[536-version-negotiation] +ssl_conf = 536-version-negotiation-ssl + +[536-version-negotiation-ssl] +server = 536-version-negotiation-server +client = 536-version-negotiation-client + +[536-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MinProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[536-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-536] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[537-version-negotiation] +ssl_conf = 537-version-negotiation-ssl + +[537-version-negotiation-ssl] +server = 537-version-negotiation-server +client = 537-version-negotiation-client + +[537-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1.1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[537-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-537] +ExpectedProtocol = TLSv1.1 +ExpectedResult = Success + + +# =========================================================== + +[538-version-negotiation] +ssl_conf = 538-version-negotiation-ssl + +[538-version-negotiation-ssl] +server = 538-version-negotiation-server +client = 538-version-negotiation-client + +[538-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[538-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-538] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[539-version-negotiation] +ssl_conf = 539-version-negotiation-ssl + +[539-version-negotiation-ssl] +server = 539-version-negotiation-server +client = 539-version-negotiation-client + +[539-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[539-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-539] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[540-version-negotiation] +ssl_conf = 540-version-negotiation-ssl + +[540-version-negotiation-ssl] +server = 540-version-negotiation-server +client = 540-version-negotiation-client + +[540-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MinProtocol = TLSv1.1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[540-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-540] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[541-version-negotiation] +ssl_conf = 541-version-negotiation-ssl + +[541-version-negotiation-ssl] +server = 541-version-negotiation-server +client = 541-version-negotiation-client + +[541-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[541-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-541] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[542-version-negotiation] +ssl_conf = 542-version-negotiation-ssl + +[542-version-negotiation-ssl] +server = 542-version-negotiation-server +client = 542-version-negotiation-client + +[542-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[542-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-542] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[543-version-negotiation] +ssl_conf = 543-version-negotiation-ssl + +[543-version-negotiation-ssl] +server = 543-version-negotiation-server +client = 543-version-negotiation-client + +[543-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MinProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[543-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-543] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[544-version-negotiation] +ssl_conf = 544-version-negotiation-ssl + +[544-version-negotiation-ssl] +server = 544-version-negotiation-server +client = 544-version-negotiation-client + +[544-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[544-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-544] +ExpectedResult = ServerFail + + +# =========================================================== + +[545-version-negotiation] +ssl_conf = 545-version-negotiation-ssl + +[545-version-negotiation-ssl] +server = 545-version-negotiation-server +client = 545-version-negotiation-client + +[545-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MinProtocol = TLSv1.3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[545-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-545] +ExpectedResult = ServerFail + + +# =========================================================== + +[546-version-negotiation] +ssl_conf = 546-version-negotiation-ssl + +[546-version-negotiation-ssl] +server = 546-version-negotiation-server +client = 546-version-negotiation-client + +[546-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[546-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-546] +ExpectedResult = ServerFail + + +# =========================================================== + +[547-version-negotiation] +ssl_conf = 547-version-negotiation-ssl + +[547-version-negotiation-ssl] +server = 547-version-negotiation-server +client = 547-version-negotiation-client + +[547-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[547-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-547] +ExpectedResult = ClientFail + + +# =========================================================== + +[548-version-negotiation] +ssl_conf = 548-version-negotiation-ssl + +[548-version-negotiation-ssl] +server = 548-version-negotiation-server +client = 548-version-negotiation-client + +[548-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[548-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-548] +ExpectedResult = ClientFail + + +# =========================================================== + +[549-version-negotiation] +ssl_conf = 549-version-negotiation-ssl + +[549-version-negotiation-ssl] +server = 549-version-negotiation-server +client = 549-version-negotiation-client + +[549-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[549-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-549] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[550-version-negotiation] +ssl_conf = 550-version-negotiation-ssl + +[550-version-negotiation-ssl] +server = 550-version-negotiation-server +client = 550-version-negotiation-client + +[550-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[550-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-550] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[551-version-negotiation] +ssl_conf = 551-version-negotiation-ssl + +[551-version-negotiation-ssl] +server = 551-version-negotiation-server +client = 551-version-negotiation-client + +[551-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[551-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-551] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[552-version-negotiation] +ssl_conf = 552-version-negotiation-ssl + +[552-version-negotiation-ssl] +server = 552-version-negotiation-server +client = 552-version-negotiation-client + +[552-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = SSLv3 +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[552-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-552] +ExpectedResult = ServerFail + + +# =========================================================== + +[553-version-negotiation] +ssl_conf = 553-version-negotiation-ssl + +[553-version-negotiation-ssl] +server = 553-version-negotiation-server +client = 553-version-negotiation-client + +[553-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1 +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[553-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-553] +ExpectedResult = ClientFail + + +# =========================================================== + +[554-version-negotiation] +ssl_conf = 554-version-negotiation-ssl + +[554-version-negotiation-ssl] +server = 554-version-negotiation-server +client = 554-version-negotiation-client + +[554-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[554-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-554] +ExpectedResult = ClientFail + + +# =========================================================== + +[555-version-negotiation] +ssl_conf = 555-version-negotiation-ssl + +[555-version-negotiation-ssl] +server = 555-version-negotiation-server +client = 555-version-negotiation-client + +[555-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[555-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-555] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[556-version-negotiation] +ssl_conf = 556-version-negotiation-ssl + +[556-version-negotiation-ssl] +server = 556-version-negotiation-server +client = 556-version-negotiation-client + +[556-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[556-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-556] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[557-version-negotiation] +ssl_conf = 557-version-negotiation-ssl + +[557-version-negotiation-ssl] +server = 557-version-negotiation-server +client = 557-version-negotiation-client + +[557-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[557-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-557] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[558-version-negotiation] +ssl_conf = 558-version-negotiation-ssl + +[558-version-negotiation-ssl] +server = 558-version-negotiation-server +client = 558-version-negotiation-client + +[558-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1 +MinProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[558-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-558] +ExpectedResult = ClientFail + + +# =========================================================== + +[559-version-negotiation] +ssl_conf = 559-version-negotiation-ssl + +[559-version-negotiation-ssl] +server = 559-version-negotiation-server +client = 559-version-negotiation-client + +[559-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[559-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-559] +ExpectedResult = ClientFail + + +# =========================================================== + +[560-version-negotiation] +ssl_conf = 560-version-negotiation-ssl + +[560-version-negotiation-ssl] +server = 560-version-negotiation-server +client = 560-version-negotiation-client + +[560-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[560-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-560] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[561-version-negotiation] +ssl_conf = 561-version-negotiation-ssl + +[561-version-negotiation-ssl] +server = 561-version-negotiation-server +client = 561-version-negotiation-client + +[561-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[561-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-561] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[562-version-negotiation] +ssl_conf = 562-version-negotiation-ssl + +[562-version-negotiation-ssl] +server = 562-version-negotiation-server +client = 562-version-negotiation-client + +[562-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MinProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[562-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-562] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[563-version-negotiation] +ssl_conf = 563-version-negotiation-ssl + +[563-version-negotiation-ssl] +server = 563-version-negotiation-server +client = 563-version-negotiation-client + +[563-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1.1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[563-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-563] +ExpectedResult = ClientFail + + +# =========================================================== + +[564-version-negotiation] +ssl_conf = 564-version-negotiation-ssl + +[564-version-negotiation-ssl] +server = 564-version-negotiation-server +client = 564-version-negotiation-client + +[564-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[564-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-564] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[565-version-negotiation] +ssl_conf = 565-version-negotiation-ssl + +[565-version-negotiation-ssl] +server = 565-version-negotiation-server +client = 565-version-negotiation-client + +[565-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[565-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-565] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[566-version-negotiation] +ssl_conf = 566-version-negotiation-ssl + +[566-version-negotiation-ssl] +server = 566-version-negotiation-server +client = 566-version-negotiation-client + +[566-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MinProtocol = TLSv1.1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[566-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-566] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[567-version-negotiation] +ssl_conf = 567-version-negotiation-ssl + +[567-version-negotiation-ssl] +server = 567-version-negotiation-server +client = 567-version-negotiation-client + +[567-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[567-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-567] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[568-version-negotiation] +ssl_conf = 568-version-negotiation-ssl + +[568-version-negotiation-ssl] +server = 568-version-negotiation-server +client = 568-version-negotiation-client + +[568-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[568-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-568] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[569-version-negotiation] +ssl_conf = 569-version-negotiation-ssl + +[569-version-negotiation-ssl] +server = 569-version-negotiation-server +client = 569-version-negotiation-client + +[569-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MinProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[569-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-569] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[570-version-negotiation] +ssl_conf = 570-version-negotiation-ssl + +[570-version-negotiation-ssl] +server = 570-version-negotiation-server +client = 570-version-negotiation-client + +[570-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[570-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-570] +ExpectedResult = ServerFail + + +# =========================================================== + +[571-version-negotiation] +ssl_conf = 571-version-negotiation-ssl + +[571-version-negotiation-ssl] +server = 571-version-negotiation-server +client = 571-version-negotiation-client + +[571-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MinProtocol = TLSv1.3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[571-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-571] +ExpectedResult = ServerFail + + +# =========================================================== + +[572-version-negotiation] +ssl_conf = 572-version-negotiation-ssl + +[572-version-negotiation-ssl] +server = 572-version-negotiation-server +client = 572-version-negotiation-client + +[572-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[572-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-572] +ExpectedResult = ServerFail + + +# =========================================================== + +[573-version-negotiation] +ssl_conf = 573-version-negotiation-ssl + +[573-version-negotiation-ssl] +server = 573-version-negotiation-server +client = 573-version-negotiation-client + +[573-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[573-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-573] +ExpectedResult = ClientFail + + +# =========================================================== + +[574-version-negotiation] +ssl_conf = 574-version-negotiation-ssl + +[574-version-negotiation-ssl] +server = 574-version-negotiation-server +client = 574-version-negotiation-client + +[574-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[574-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-574] +ExpectedResult = ClientFail + + +# =========================================================== + +[575-version-negotiation] +ssl_conf = 575-version-negotiation-ssl + +[575-version-negotiation-ssl] +server = 575-version-negotiation-server +client = 575-version-negotiation-client + +[575-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[575-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-575] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[576-version-negotiation] +ssl_conf = 576-version-negotiation-ssl + +[576-version-negotiation-ssl] +server = 576-version-negotiation-server +client = 576-version-negotiation-client + +[576-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[576-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-576] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[577-version-negotiation] +ssl_conf = 577-version-negotiation-ssl + +[577-version-negotiation-ssl] +server = 577-version-negotiation-server +client = 577-version-negotiation-client + +[577-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[577-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-577] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[578-version-negotiation] +ssl_conf = 578-version-negotiation-ssl + +[578-version-negotiation-ssl] +server = 578-version-negotiation-server +client = 578-version-negotiation-client + +[578-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = SSLv3 +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[578-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-578] +ExpectedResult = ServerFail + + +# =========================================================== + +[579-version-negotiation] +ssl_conf = 579-version-negotiation-ssl + +[579-version-negotiation-ssl] +server = 579-version-negotiation-server +client = 579-version-negotiation-client + +[579-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1 +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[579-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-579] +ExpectedResult = ClientFail + + +# =========================================================== + +[580-version-negotiation] +ssl_conf = 580-version-negotiation-ssl + +[580-version-negotiation-ssl] +server = 580-version-negotiation-server +client = 580-version-negotiation-client + +[580-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[580-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-580] +ExpectedResult = ClientFail + + +# =========================================================== + +[581-version-negotiation] +ssl_conf = 581-version-negotiation-ssl + +[581-version-negotiation-ssl] +server = 581-version-negotiation-server +client = 581-version-negotiation-client + +[581-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[581-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-581] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[582-version-negotiation] +ssl_conf = 582-version-negotiation-ssl + +[582-version-negotiation-ssl] +server = 582-version-negotiation-server +client = 582-version-negotiation-client + +[582-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[582-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-582] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[583-version-negotiation] +ssl_conf = 583-version-negotiation-ssl + +[583-version-negotiation-ssl] +server = 583-version-negotiation-server +client = 583-version-negotiation-client + +[583-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[583-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-583] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[584-version-negotiation] +ssl_conf = 584-version-negotiation-ssl + +[584-version-negotiation-ssl] +server = 584-version-negotiation-server +client = 584-version-negotiation-client + +[584-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1 +MinProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[584-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-584] +ExpectedResult = ClientFail + + +# =========================================================== + +[585-version-negotiation] +ssl_conf = 585-version-negotiation-ssl + +[585-version-negotiation-ssl] +server = 585-version-negotiation-server +client = 585-version-negotiation-client + +[585-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[585-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-585] +ExpectedResult = ClientFail + + +# =========================================================== + +[586-version-negotiation] +ssl_conf = 586-version-negotiation-ssl + +[586-version-negotiation-ssl] +server = 586-version-negotiation-server +client = 586-version-negotiation-client + +[586-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[586-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-586] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[587-version-negotiation] +ssl_conf = 587-version-negotiation-ssl + +[587-version-negotiation-ssl] +server = 587-version-negotiation-server +client = 587-version-negotiation-client + +[587-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[587-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-587] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[588-version-negotiation] +ssl_conf = 588-version-negotiation-ssl + +[588-version-negotiation-ssl] +server = 588-version-negotiation-server +client = 588-version-negotiation-client + +[588-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MinProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[588-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-588] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[589-version-negotiation] +ssl_conf = 589-version-negotiation-ssl + +[589-version-negotiation-ssl] +server = 589-version-negotiation-server +client = 589-version-negotiation-client + +[589-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1.1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[589-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-589] +ExpectedResult = ClientFail + + +# =========================================================== + +[590-version-negotiation] +ssl_conf = 590-version-negotiation-ssl + +[590-version-negotiation-ssl] +server = 590-version-negotiation-server +client = 590-version-negotiation-client + +[590-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[590-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-590] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[591-version-negotiation] +ssl_conf = 591-version-negotiation-ssl + +[591-version-negotiation-ssl] +server = 591-version-negotiation-server +client = 591-version-negotiation-client + +[591-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[591-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-591] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[592-version-negotiation] +ssl_conf = 592-version-negotiation-ssl + +[592-version-negotiation-ssl] +server = 592-version-negotiation-server +client = 592-version-negotiation-client + +[592-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MinProtocol = TLSv1.1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[592-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-592] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[593-version-negotiation] +ssl_conf = 593-version-negotiation-ssl + +[593-version-negotiation-ssl] +server = 593-version-negotiation-server +client = 593-version-negotiation-client + +[593-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[593-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-593] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[594-version-negotiation] +ssl_conf = 594-version-negotiation-ssl + +[594-version-negotiation-ssl] +server = 594-version-negotiation-server +client = 594-version-negotiation-client + +[594-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[594-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-594] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[595-version-negotiation] +ssl_conf = 595-version-negotiation-ssl + +[595-version-negotiation-ssl] +server = 595-version-negotiation-server +client = 595-version-negotiation-client + +[595-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MinProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[595-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-595] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[596-version-negotiation] +ssl_conf = 596-version-negotiation-ssl + +[596-version-negotiation-ssl] +server = 596-version-negotiation-server +client = 596-version-negotiation-client + +[596-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[596-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-596] +ExpectedResult = ServerFail + + +# =========================================================== + +[597-version-negotiation] +ssl_conf = 597-version-negotiation-ssl + +[597-version-negotiation-ssl] +server = 597-version-negotiation-server +client = 597-version-negotiation-client + +[597-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MinProtocol = TLSv1.3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[597-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-597] +ExpectedResult = ServerFail + + +# =========================================================== + +[598-version-negotiation] +ssl_conf = 598-version-negotiation-ssl + +[598-version-negotiation-ssl] +server = 598-version-negotiation-server +client = 598-version-negotiation-client + +[598-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[598-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-598] +ExpectedResult = ServerFail + + +# =========================================================== + +[599-version-negotiation] +ssl_conf = 599-version-negotiation-ssl + +[599-version-negotiation-ssl] +server = 599-version-negotiation-server +client = 599-version-negotiation-client + +[599-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[599-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-599] +ExpectedResult = ClientFail + + +# =========================================================== + +[600-version-negotiation] +ssl_conf = 600-version-negotiation-ssl + +[600-version-negotiation-ssl] +server = 600-version-negotiation-server +client = 600-version-negotiation-client + +[600-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[600-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-600] +ExpectedResult = ClientFail + + +# =========================================================== + +[601-version-negotiation] +ssl_conf = 601-version-negotiation-ssl + +[601-version-negotiation-ssl] +server = 601-version-negotiation-server +client = 601-version-negotiation-client + +[601-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[601-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-601] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[602-version-negotiation] +ssl_conf = 602-version-negotiation-ssl + +[602-version-negotiation-ssl] +server = 602-version-negotiation-server +client = 602-version-negotiation-client + +[602-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[602-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-602] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[603-version-negotiation] +ssl_conf = 603-version-negotiation-ssl + +[603-version-negotiation-ssl] +server = 603-version-negotiation-server +client = 603-version-negotiation-client + +[603-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[603-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-603] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[604-version-negotiation] +ssl_conf = 604-version-negotiation-ssl + +[604-version-negotiation-ssl] +server = 604-version-negotiation-server +client = 604-version-negotiation-client + +[604-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = SSLv3 +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[604-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-604] +ExpectedResult = ServerFail + + +# =========================================================== + +[605-version-negotiation] +ssl_conf = 605-version-negotiation-ssl + +[605-version-negotiation-ssl] +server = 605-version-negotiation-server +client = 605-version-negotiation-client + +[605-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1 +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[605-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-605] +ExpectedResult = ClientFail + + +# =========================================================== + +[606-version-negotiation] +ssl_conf = 606-version-negotiation-ssl + +[606-version-negotiation-ssl] +server = 606-version-negotiation-server +client = 606-version-negotiation-client + +[606-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[606-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-606] +ExpectedResult = ClientFail + + +# =========================================================== + +[607-version-negotiation] +ssl_conf = 607-version-negotiation-ssl + +[607-version-negotiation-ssl] +server = 607-version-negotiation-server +client = 607-version-negotiation-client + +[607-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[607-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-607] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[608-version-negotiation] +ssl_conf = 608-version-negotiation-ssl + +[608-version-negotiation-ssl] +server = 608-version-negotiation-server +client = 608-version-negotiation-client + +[608-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[608-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-608] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[609-version-negotiation] +ssl_conf = 609-version-negotiation-ssl + +[609-version-negotiation-ssl] +server = 609-version-negotiation-server +client = 609-version-negotiation-client + +[609-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[609-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-609] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[610-version-negotiation] +ssl_conf = 610-version-negotiation-ssl + +[610-version-negotiation-ssl] +server = 610-version-negotiation-server +client = 610-version-negotiation-client + +[610-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1 +MinProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[610-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-610] +ExpectedResult = ClientFail + + +# =========================================================== + +[611-version-negotiation] +ssl_conf = 611-version-negotiation-ssl + +[611-version-negotiation-ssl] +server = 611-version-negotiation-server +client = 611-version-negotiation-client + +[611-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[611-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-611] +ExpectedResult = ClientFail + + +# =========================================================== + +[612-version-negotiation] +ssl_conf = 612-version-negotiation-ssl + +[612-version-negotiation-ssl] +server = 612-version-negotiation-server +client = 612-version-negotiation-client + +[612-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[612-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-612] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[613-version-negotiation] +ssl_conf = 613-version-negotiation-ssl + +[613-version-negotiation-ssl] +server = 613-version-negotiation-server +client = 613-version-negotiation-client + +[613-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[613-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-613] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[614-version-negotiation] +ssl_conf = 614-version-negotiation-ssl + +[614-version-negotiation-ssl] +server = 614-version-negotiation-server +client = 614-version-negotiation-client + +[614-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MinProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[614-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-614] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[615-version-negotiation] +ssl_conf = 615-version-negotiation-ssl + +[615-version-negotiation-ssl] +server = 615-version-negotiation-server +client = 615-version-negotiation-client + +[615-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1.1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[615-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-615] +ExpectedResult = ClientFail + + +# =========================================================== + +[616-version-negotiation] +ssl_conf = 616-version-negotiation-ssl + +[616-version-negotiation-ssl] +server = 616-version-negotiation-server +client = 616-version-negotiation-client + +[616-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[616-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-616] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[617-version-negotiation] +ssl_conf = 617-version-negotiation-ssl + +[617-version-negotiation-ssl] +server = 617-version-negotiation-server +client = 617-version-negotiation-client + +[617-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[617-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-617] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[618-version-negotiation] +ssl_conf = 618-version-negotiation-ssl + +[618-version-negotiation-ssl] +server = 618-version-negotiation-server +client = 618-version-negotiation-client + +[618-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MinProtocol = TLSv1.1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[618-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-618] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[619-version-negotiation] +ssl_conf = 619-version-negotiation-ssl + +[619-version-negotiation-ssl] +server = 619-version-negotiation-server +client = 619-version-negotiation-client + +[619-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[619-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-619] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[620-version-negotiation] +ssl_conf = 620-version-negotiation-ssl + +[620-version-negotiation-ssl] +server = 620-version-negotiation-server +client = 620-version-negotiation-client + +[620-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[620-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-620] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[621-version-negotiation] +ssl_conf = 621-version-negotiation-ssl + +[621-version-negotiation-ssl] +server = 621-version-negotiation-server +client = 621-version-negotiation-client + +[621-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MinProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[621-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-621] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[622-version-negotiation] +ssl_conf = 622-version-negotiation-ssl + +[622-version-negotiation-ssl] +server = 622-version-negotiation-server +client = 622-version-negotiation-client + +[622-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[622-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-622] +ExpectedResult = ServerFail + + +# =========================================================== + +[623-version-negotiation] +ssl_conf = 623-version-negotiation-ssl + +[623-version-negotiation-ssl] +server = 623-version-negotiation-server +client = 623-version-negotiation-client + +[623-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MinProtocol = TLSv1.3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[623-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-623] +ExpectedResult = ServerFail + + +# =========================================================== + +[624-version-negotiation] +ssl_conf = 624-version-negotiation-ssl + +[624-version-negotiation-ssl] +server = 624-version-negotiation-server +client = 624-version-negotiation-client + +[624-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[624-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-624] +ExpectedResult = InternalError + + +# =========================================================== + +[625-version-negotiation] +ssl_conf = 625-version-negotiation-ssl + +[625-version-negotiation-ssl] +server = 625-version-negotiation-server +client = 625-version-negotiation-client + +[625-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[625-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-625] +ExpectedResult = InternalError + + +# =========================================================== + +[626-version-negotiation] +ssl_conf = 626-version-negotiation-ssl + +[626-version-negotiation-ssl] +server = 626-version-negotiation-server +client = 626-version-negotiation-client + +[626-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[626-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-626] +ExpectedResult = InternalError + + +# =========================================================== + +[627-version-negotiation] +ssl_conf = 627-version-negotiation-ssl + +[627-version-negotiation-ssl] +server = 627-version-negotiation-server +client = 627-version-negotiation-client + +[627-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[627-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-627] +ExpectedResult = InternalError + + +# =========================================================== + +[628-version-negotiation] +ssl_conf = 628-version-negotiation-ssl + +[628-version-negotiation-ssl] +server = 628-version-negotiation-server +client = 628-version-negotiation-client + +[628-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[628-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-628] +ExpectedResult = InternalError + + +# =========================================================== + +[629-version-negotiation] +ssl_conf = 629-version-negotiation-ssl + +[629-version-negotiation-ssl] +server = 629-version-negotiation-server +client = 629-version-negotiation-client + +[629-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[629-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-629] +ExpectedResult = InternalError + + +# =========================================================== + +[630-version-negotiation] +ssl_conf = 630-version-negotiation-ssl + +[630-version-negotiation-ssl] +server = 630-version-negotiation-server +client = 630-version-negotiation-client + +[630-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = SSLv3 +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[630-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-630] +ExpectedResult = InternalError + + +# =========================================================== + +[631-version-negotiation] +ssl_conf = 631-version-negotiation-ssl + +[631-version-negotiation-ssl] +server = 631-version-negotiation-server +client = 631-version-negotiation-client + +[631-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1 +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[631-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-631] +ExpectedResult = InternalError + + +# =========================================================== + +[632-version-negotiation] +ssl_conf = 632-version-negotiation-ssl + +[632-version-negotiation-ssl] +server = 632-version-negotiation-server +client = 632-version-negotiation-client + +[632-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[632-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-632] +ExpectedResult = InternalError + + +# =========================================================== + +[633-version-negotiation] +ssl_conf = 633-version-negotiation-ssl + +[633-version-negotiation-ssl] +server = 633-version-negotiation-server +client = 633-version-negotiation-client + +[633-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[633-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-633] +ExpectedResult = InternalError + + +# =========================================================== + +[634-version-negotiation] +ssl_conf = 634-version-negotiation-ssl + +[634-version-negotiation-ssl] +server = 634-version-negotiation-server +client = 634-version-negotiation-client + +[634-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[634-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-634] +ExpectedResult = InternalError + + +# =========================================================== + +[635-version-negotiation] +ssl_conf = 635-version-negotiation-ssl + +[635-version-negotiation-ssl] +server = 635-version-negotiation-server +client = 635-version-negotiation-client + +[635-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[635-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-635] +ExpectedResult = InternalError + + +# =========================================================== + +[636-version-negotiation] +ssl_conf = 636-version-negotiation-ssl + +[636-version-negotiation-ssl] +server = 636-version-negotiation-server +client = 636-version-negotiation-client + +[636-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1 +MinProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[636-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-636] +ExpectedResult = InternalError + + +# =========================================================== + +[637-version-negotiation] +ssl_conf = 637-version-negotiation-ssl + +[637-version-negotiation-ssl] +server = 637-version-negotiation-server +client = 637-version-negotiation-client + +[637-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[637-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-637] +ExpectedResult = InternalError + + +# =========================================================== + +[638-version-negotiation] +ssl_conf = 638-version-negotiation-ssl + +[638-version-negotiation-ssl] +server = 638-version-negotiation-server +client = 638-version-negotiation-client + +[638-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[638-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-638] +ExpectedResult = InternalError + + +# =========================================================== + +[639-version-negotiation] +ssl_conf = 639-version-negotiation-ssl + +[639-version-negotiation-ssl] +server = 639-version-negotiation-server +client = 639-version-negotiation-client + +[639-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[639-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-639] +ExpectedResult = InternalError + + +# =========================================================== + +[640-version-negotiation] +ssl_conf = 640-version-negotiation-ssl + +[640-version-negotiation-ssl] +server = 640-version-negotiation-server +client = 640-version-negotiation-client + +[640-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MinProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[640-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-640] +ExpectedResult = InternalError + + +# =========================================================== + +[641-version-negotiation] +ssl_conf = 641-version-negotiation-ssl + +[641-version-negotiation-ssl] +server = 641-version-negotiation-server +client = 641-version-negotiation-client + +[641-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1.1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[641-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-641] +ExpectedResult = InternalError + + +# =========================================================== + +[642-version-negotiation] +ssl_conf = 642-version-negotiation-ssl + +[642-version-negotiation-ssl] +server = 642-version-negotiation-server +client = 642-version-negotiation-client + +[642-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[642-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-642] +ExpectedResult = InternalError + + +# =========================================================== + +[643-version-negotiation] +ssl_conf = 643-version-negotiation-ssl + +[643-version-negotiation-ssl] +server = 643-version-negotiation-server +client = 643-version-negotiation-client + +[643-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[643-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-643] +ExpectedResult = InternalError + + +# =========================================================== + +[644-version-negotiation] +ssl_conf = 644-version-negotiation-ssl + +[644-version-negotiation-ssl] +server = 644-version-negotiation-server +client = 644-version-negotiation-client + +[644-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MinProtocol = TLSv1.1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[644-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-644] +ExpectedResult = InternalError + + +# =========================================================== + +[645-version-negotiation] +ssl_conf = 645-version-negotiation-ssl + +[645-version-negotiation-ssl] +server = 645-version-negotiation-server +client = 645-version-negotiation-client + +[645-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[645-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-645] +ExpectedResult = InternalError + + +# =========================================================== + +[646-version-negotiation] +ssl_conf = 646-version-negotiation-ssl + +[646-version-negotiation-ssl] +server = 646-version-negotiation-server +client = 646-version-negotiation-client + +[646-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[646-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-646] +ExpectedResult = InternalError + + +# =========================================================== + +[647-version-negotiation] +ssl_conf = 647-version-negotiation-ssl + +[647-version-negotiation-ssl] +server = 647-version-negotiation-server +client = 647-version-negotiation-client + +[647-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MinProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[647-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-647] +ExpectedResult = InternalError + + +# =========================================================== + +[648-version-negotiation] +ssl_conf = 648-version-negotiation-ssl + +[648-version-negotiation-ssl] +server = 648-version-negotiation-server +client = 648-version-negotiation-client + +[648-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[648-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-648] +ExpectedResult = InternalError + + +# =========================================================== + +[649-version-negotiation] +ssl_conf = 649-version-negotiation-ssl + +[649-version-negotiation-ssl] +server = 649-version-negotiation-server +client = 649-version-negotiation-client + +[649-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MinProtocol = TLSv1.3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[649-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-649] +ExpectedResult = InternalError + + +# =========================================================== + +[650-version-negotiation] +ssl_conf = 650-version-negotiation-ssl + +[650-version-negotiation-ssl] +server = 650-version-negotiation-server +client = 650-version-negotiation-client + +[650-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[650-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = TLSv1.3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-650] +ExpectedResult = InternalError + + +# =========================================================== + +[651-version-negotiation] +ssl_conf = 651-version-negotiation-ssl + +[651-version-negotiation-ssl] +server = 651-version-negotiation-server +client = 651-version-negotiation-client + +[651-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[651-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = TLSv1.3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-651] +ExpectedResult = InternalError + + +# =========================================================== + +[652-version-negotiation] +ssl_conf = 652-version-negotiation-ssl + +[652-version-negotiation-ssl] +server = 652-version-negotiation-server +client = 652-version-negotiation-client + +[652-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[652-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = TLSv1.3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-652] +ExpectedResult = InternalError + + +# =========================================================== + +[653-version-negotiation] +ssl_conf = 653-version-negotiation-ssl + +[653-version-negotiation-ssl] +server = 653-version-negotiation-server +client = 653-version-negotiation-client + +[653-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[653-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = TLSv1.3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-653] +ExpectedResult = InternalError + + +# =========================================================== + +[654-version-negotiation] +ssl_conf = 654-version-negotiation-ssl + +[654-version-negotiation-ssl] +server = 654-version-negotiation-server +client = 654-version-negotiation-client + +[654-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[654-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = TLSv1.3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-654] +ExpectedResult = InternalError + + +# =========================================================== + +[655-version-negotiation] +ssl_conf = 655-version-negotiation-ssl + +[655-version-negotiation-ssl] +server = 655-version-negotiation-server +client = 655-version-negotiation-client + +[655-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[655-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = TLSv1.3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-655] +ExpectedResult = InternalError + + +# =========================================================== + +[656-version-negotiation] +ssl_conf = 656-version-negotiation-ssl + +[656-version-negotiation-ssl] +server = 656-version-negotiation-server +client = 656-version-negotiation-client + +[656-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = SSLv3 +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[656-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = TLSv1.3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-656] +ExpectedResult = InternalError + + +# =========================================================== + +[657-version-negotiation] +ssl_conf = 657-version-negotiation-ssl + +[657-version-negotiation-ssl] +server = 657-version-negotiation-server +client = 657-version-negotiation-client + +[657-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1 +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[657-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = TLSv1.3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-657] +ExpectedResult = InternalError + + +# =========================================================== + +[658-version-negotiation] +ssl_conf = 658-version-negotiation-ssl + +[658-version-negotiation-ssl] +server = 658-version-negotiation-server +client = 658-version-negotiation-client + +[658-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[658-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = TLSv1.3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-658] +ExpectedResult = InternalError + + +# =========================================================== + +[659-version-negotiation] +ssl_conf = 659-version-negotiation-ssl + +[659-version-negotiation-ssl] +server = 659-version-negotiation-server +client = 659-version-negotiation-client + +[659-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[659-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = TLSv1.3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-659] +ExpectedResult = InternalError + + +# =========================================================== + +[660-version-negotiation] +ssl_conf = 660-version-negotiation-ssl + +[660-version-negotiation-ssl] +server = 660-version-negotiation-server +client = 660-version-negotiation-client + +[660-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[660-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = TLSv1.3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-660] +ExpectedResult = InternalError + + +# =========================================================== + +[661-version-negotiation] +ssl_conf = 661-version-negotiation-ssl + +[661-version-negotiation-ssl] +server = 661-version-negotiation-server +client = 661-version-negotiation-client + +[661-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[661-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = TLSv1.3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-661] +ExpectedResult = InternalError + + +# =========================================================== + +[662-version-negotiation] +ssl_conf = 662-version-negotiation-ssl + +[662-version-negotiation-ssl] +server = 662-version-negotiation-server +client = 662-version-negotiation-client + +[662-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1 +MinProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[662-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = TLSv1.3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-662] +ExpectedResult = InternalError + + +# =========================================================== + +[663-version-negotiation] +ssl_conf = 663-version-negotiation-ssl + +[663-version-negotiation-ssl] +server = 663-version-negotiation-server +client = 663-version-negotiation-client + +[663-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[663-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = TLSv1.3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-663] +ExpectedResult = InternalError + + +# =========================================================== + +[664-version-negotiation] +ssl_conf = 664-version-negotiation-ssl + +[664-version-negotiation-ssl] +server = 664-version-negotiation-server +client = 664-version-negotiation-client + +[664-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[664-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = TLSv1.3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-664] +ExpectedResult = InternalError + + +# =========================================================== + +[665-version-negotiation] +ssl_conf = 665-version-negotiation-ssl + +[665-version-negotiation-ssl] +server = 665-version-negotiation-server +client = 665-version-negotiation-client + +[665-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[665-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = TLSv1.3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-665] +ExpectedResult = InternalError + + +# =========================================================== + +[666-version-negotiation] +ssl_conf = 666-version-negotiation-ssl + +[666-version-negotiation-ssl] +server = 666-version-negotiation-server +client = 666-version-negotiation-client + +[666-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MinProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[666-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = TLSv1.3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-666] +ExpectedResult = InternalError + + +# =========================================================== + +[667-version-negotiation] +ssl_conf = 667-version-negotiation-ssl + +[667-version-negotiation-ssl] +server = 667-version-negotiation-server +client = 667-version-negotiation-client + +[667-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1.1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[667-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = TLSv1.3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-667] +ExpectedResult = InternalError + + +# =========================================================== + +[668-version-negotiation] +ssl_conf = 668-version-negotiation-ssl + +[668-version-negotiation-ssl] +server = 668-version-negotiation-server +client = 668-version-negotiation-client + +[668-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[668-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = TLSv1.3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-668] +ExpectedResult = InternalError + + +# =========================================================== + +[669-version-negotiation] +ssl_conf = 669-version-negotiation-ssl + +[669-version-negotiation-ssl] +server = 669-version-negotiation-server +client = 669-version-negotiation-client + +[669-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[669-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = TLSv1.3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-669] +ExpectedResult = InternalError + + +# =========================================================== + +[670-version-negotiation] +ssl_conf = 670-version-negotiation-ssl + +[670-version-negotiation-ssl] +server = 670-version-negotiation-server +client = 670-version-negotiation-client + +[670-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MinProtocol = TLSv1.1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[670-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = TLSv1.3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-670] +ExpectedResult = InternalError + + +# =========================================================== + +[671-version-negotiation] +ssl_conf = 671-version-negotiation-ssl + +[671-version-negotiation-ssl] +server = 671-version-negotiation-server +client = 671-version-negotiation-client + +[671-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[671-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = TLSv1.3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-671] +ExpectedResult = InternalError + + +# =========================================================== + +[672-version-negotiation] +ssl_conf = 672-version-negotiation-ssl + +[672-version-negotiation-ssl] +server = 672-version-negotiation-server +client = 672-version-negotiation-client + +[672-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[672-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = TLSv1.3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-672] +ExpectedResult = InternalError + + +# =========================================================== + +[673-version-negotiation] +ssl_conf = 673-version-negotiation-ssl + +[673-version-negotiation-ssl] +server = 673-version-negotiation-server +client = 673-version-negotiation-client + +[673-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MinProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[673-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = TLSv1.3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-673] +ExpectedResult = InternalError + + +# =========================================================== + +[674-version-negotiation] +ssl_conf = 674-version-negotiation-ssl + +[674-version-negotiation-ssl] +server = 674-version-negotiation-server +client = 674-version-negotiation-client + +[674-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[674-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = TLSv1.3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-674] +ExpectedResult = InternalError + + +# =========================================================== + +[675-version-negotiation] +ssl_conf = 675-version-negotiation-ssl + +[675-version-negotiation-ssl] +server = 675-version-negotiation-server +client = 675-version-negotiation-client + +[675-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MinProtocol = TLSv1.3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[675-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = TLSv1.3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-675] +ExpectedResult = InternalError diff --git a/test/ssl-tests/13-fragmentation.conf b/test/ssl-tests/13-fragmentation.conf index 4c1e9e2..14aec20 100644 --- a/test/ssl-tests/13-fragmentation.conf +++ b/test/ssl-tests/13-fragmentation.conf @@ -267,6 +267,7 @@ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [10-large-app-data-aes-sha1-multibuffer-client] CipherString = AES128-SHA +MaxProtocol = TLSv1.2 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer @@ -291,6 +292,7 @@ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [11-large-app-data-aes-sha2-multibuffer-client] CipherString = AES128-SHA256 +MaxProtocol = TLSv1.2 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer @@ -315,6 +317,7 @@ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [12-large-app-data-aes-sha1-multibuffer-odd-fragment-client] CipherString = AES128-SHA +MaxProtocol = TLSv1.2 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer @@ -339,6 +342,7 @@ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [13-large-app-data-aes-sha2-multibuffer-odd-fragment-client] CipherString = AES128-SHA256 +MaxProtocol = TLSv1.2 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer @@ -363,6 +367,7 @@ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [14-small-app-data-aes-sha1-multibuffer-client] CipherString = AES128-SHA +MaxProtocol = TLSv1.2 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer @@ -387,6 +392,7 @@ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [15-small-app-data-aes-sha2-multibuffer-client] CipherString = AES128-SHA256 +MaxProtocol = TLSv1.2 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer diff --git a/test/ssl-tests/13-fragmentation.conf.in b/test/ssl-tests/13-fragmentation.conf.in index 645163c..ae6446e 100644 --- a/test/ssl-tests/13-fragmentation.conf.in +++ b/test/ssl-tests/13-fragmentation.conf.in @@ -114,6 +114,7 @@ our @tests = ( server => { }, client => { CipherString => "AES128-SHA", + MaxProtocol => "TLSv1.2" }, test => { ApplicationData => 1024 * 1024, @@ -125,6 +126,7 @@ our @tests = ( server => { }, client => { CipherString => "AES128-SHA256", + MaxProtocol => "TLSv1.2" }, test => { ApplicationData => 1024 * 1024, @@ -136,6 +138,7 @@ our @tests = ( server => { }, client => { CipherString => "AES128-SHA", + MaxProtocol => "TLSv1.2" }, test => { ApplicationData => 1024 * 1024 + 3, @@ -147,6 +150,7 @@ our @tests = ( server => { }, client => { CipherString => "AES128-SHA256", + MaxProtocol => "TLSv1.2" }, test => { ApplicationData => 1024 * 1024 - 3, @@ -161,6 +165,7 @@ our @tests = ( server => { }, client => { CipherString => "AES128-SHA", + MaxProtocol => "TLSv1.2" }, test => { ApplicationData => 4 * 1024, @@ -172,6 +177,7 @@ our @tests = ( server => { }, client => { CipherString => "AES128-SHA256", + MaxProtocol => "TLSv1.2" }, test => { ApplicationData => 4 * 1024, diff --git a/test/ssl-tests/14-curves.conf b/test/ssl-tests/14-curves.conf index d4c19c7..17d00b5 100644 --- a/test/ssl-tests/14-curves.conf +++ b/test/ssl-tests/14-curves.conf @@ -44,6 +44,7 @@ client = 0-curve-sect163k1-client Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT Curves = sect163k1 +MaxProtocol = TLSv1.2 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [0-curve-sect163k1-client] @@ -69,6 +70,7 @@ client = 1-curve-sect163r1-client Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT Curves = sect163r1 +MaxProtocol = TLSv1.2 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [1-curve-sect163r1-client] @@ -94,6 +96,7 @@ client = 2-curve-sect163r2-client Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT Curves = sect163r2 +MaxProtocol = TLSv1.2 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [2-curve-sect163r2-client] @@ -119,6 +122,7 @@ client = 3-curve-sect193r1-client Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT Curves = sect193r1 +MaxProtocol = TLSv1.2 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [3-curve-sect193r1-client] @@ -144,6 +148,7 @@ client = 4-curve-sect193r2-client Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT Curves = sect193r2 +MaxProtocol = TLSv1.2 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [4-curve-sect193r2-client] @@ -169,6 +174,7 @@ client = 5-curve-sect233k1-client Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT Curves = sect233k1 +MaxProtocol = TLSv1.2 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [5-curve-sect233k1-client] @@ -194,6 +200,7 @@ client = 6-curve-sect233r1-client Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT Curves = sect233r1 +MaxProtocol = TLSv1.2 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [6-curve-sect233r1-client] @@ -219,6 +226,7 @@ client = 7-curve-sect239k1-client Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT Curves = sect239k1 +MaxProtocol = TLSv1.2 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [7-curve-sect239k1-client] @@ -244,6 +252,7 @@ client = 8-curve-sect283k1-client Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT Curves = sect283k1 +MaxProtocol = TLSv1.2 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [8-curve-sect283k1-client] @@ -269,6 +278,7 @@ client = 9-curve-sect283r1-client Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT Curves = sect283r1 +MaxProtocol = TLSv1.2 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [9-curve-sect283r1-client] @@ -294,6 +304,7 @@ client = 10-curve-sect409k1-client Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT Curves = sect409k1 +MaxProtocol = TLSv1.2 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [10-curve-sect409k1-client] @@ -319,6 +330,7 @@ client = 11-curve-sect409r1-client Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT Curves = sect409r1 +MaxProtocol = TLSv1.2 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [11-curve-sect409r1-client] @@ -344,6 +356,7 @@ client = 12-curve-sect571k1-client Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT Curves = sect571k1 +MaxProtocol = TLSv1.2 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [12-curve-sect571k1-client] @@ -369,6 +382,7 @@ client = 13-curve-sect571r1-client Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT Curves = sect571r1 +MaxProtocol = TLSv1.2 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [13-curve-sect571r1-client] @@ -394,6 +408,7 @@ client = 14-curve-secp160k1-client Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT Curves = secp160k1 +MaxProtocol = TLSv1.2 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [14-curve-secp160k1-client] @@ -419,6 +434,7 @@ client = 15-curve-secp160r1-client Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT Curves = secp160r1 +MaxProtocol = TLSv1.2 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [15-curve-secp160r1-client] @@ -444,6 +460,7 @@ client = 16-curve-secp160r2-client Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT Curves = secp160r2 +MaxProtocol = TLSv1.2 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [16-curve-secp160r2-client] @@ -469,6 +486,7 @@ client = 17-curve-secp192k1-client Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT Curves = secp192k1 +MaxProtocol = TLSv1.2 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [17-curve-secp192k1-client] @@ -494,6 +512,7 @@ client = 18-curve-prime192v1-client Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT Curves = prime192v1 +MaxProtocol = TLSv1.2 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [18-curve-prime192v1-client] @@ -519,6 +538,7 @@ client = 19-curve-secp224k1-client Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT Curves = secp224k1 +MaxProtocol = TLSv1.2 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [19-curve-secp224k1-client] @@ -544,6 +564,7 @@ client = 20-curve-secp224r1-client Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT Curves = secp224r1 +MaxProtocol = TLSv1.2 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [20-curve-secp224r1-client] @@ -569,6 +590,7 @@ client = 21-curve-secp256k1-client Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT Curves = secp256k1 +MaxProtocol = TLSv1.2 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [21-curve-secp256k1-client] @@ -594,6 +616,7 @@ client = 22-curve-prime256v1-client Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT Curves = prime256v1 +MaxProtocol = TLSv1.2 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [22-curve-prime256v1-client] @@ -619,6 +642,7 @@ client = 23-curve-secp384r1-client Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT Curves = secp384r1 +MaxProtocol = TLSv1.2 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [23-curve-secp384r1-client] @@ -644,6 +668,7 @@ client = 24-curve-secp521r1-client Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT Curves = secp521r1 +MaxProtocol = TLSv1.2 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [24-curve-secp521r1-client] @@ -669,6 +694,7 @@ client = 25-curve-brainpoolP256r1-client Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT Curves = brainpoolP256r1 +MaxProtocol = TLSv1.2 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [25-curve-brainpoolP256r1-client] @@ -694,6 +720,7 @@ client = 26-curve-brainpoolP384r1-client Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT Curves = brainpoolP384r1 +MaxProtocol = TLSv1.2 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [26-curve-brainpoolP384r1-client] @@ -719,6 +746,7 @@ client = 27-curve-brainpoolP512r1-client Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT Curves = brainpoolP512r1 +MaxProtocol = TLSv1.2 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [27-curve-brainpoolP512r1-client] @@ -744,6 +772,7 @@ client = 28-curve-X25519-client Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT Curves = X25519 +MaxProtocol = TLSv1.2 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [28-curve-X25519-client] diff --git a/test/ssl-tests/14-curves.conf.in b/test/ssl-tests/14-curves.conf.in index f39ff7d..dec2be2 100644 --- a/test/ssl-tests/14-curves.conf.in +++ b/test/ssl-tests/14-curves.conf.in @@ -27,7 +27,9 @@ sub generate_tests() { push @tests, { name => "curve-${curve}", server => { - "Curves" => $curve + "Curves" => $curve, + # TODO(TLS1.3): Can we get this to work for TLSv1.3? + "MaxProtocol" => "TLSv1.2" }, client => { "CipherString" => "ECDHE", diff --git a/test/ssl-tests/protocol_version.pm b/test/ssl-tests/protocol_version.pm index c711362..9abcaae 100644 --- a/test/ssl-tests/protocol_version.pm +++ b/test/ssl-tests/protocol_version.pm @@ -20,12 +20,12 @@ use OpenSSL::Test; use OpenSSL::Test::Utils qw/anydisabled alldisabled/; setup("no_test_here"); -my @tls_protocols = ("SSLv3", "TLSv1", "TLSv1.1", "TLSv1.2"); +my @tls_protocols = ("SSLv3", "TLSv1", "TLSv1.1", "TLSv1.2", "TLSv1.3"); # undef stands for "no limit". -my @min_tls_protocols = (undef, "SSLv3", "TLSv1", "TLSv1.1", "TLSv1.2"); -my @max_tls_protocols = ("SSLv3", "TLSv1", "TLSv1.1", "TLSv1.2", undef); +my @min_tls_protocols = (undef, "SSLv3", "TLSv1", "TLSv1.1", "TLSv1.2", "TLSv1.3"); +my @max_tls_protocols = ("SSLv3", "TLSv1", "TLSv1.1", "TLSv1.2", "TLSv1.3", undef); -my @is_tls_disabled = anydisabled("ssl3", "tls1", "tls1_1", "tls1_2"); +my @is_tls_disabled = anydisabled("ssl3", "tls1", "tls1_1", "tls1_2", "tls1_3"); my $min_tls_enabled; my $max_tls_enabled; @@ -74,7 +74,7 @@ foreach my $i (0..$#dtls_protocols) { sub no_tests { my ($dtls) = @_; return $dtls ? alldisabled("dtls1", "dtls1_2") : - alldisabled("ssl3", "tls1", "tls1_1", "tls1_2"); + alldisabled("ssl3", "tls1", "tls1_1", "tls1_2", "tls1_3"); } sub generate_version_tests { @@ -137,6 +137,7 @@ sub generate_resumption_tests { my @protocols = $dtls ? @dtls_protocols : @tls_protocols; my $min_enabled = $dtls ? $min_dtls_enabled : $min_tls_enabled; + my $max_enabled = $dtls ? $max_dtls_enabled : $max_tls_enabled; if (no_tests($dtls)) { return; @@ -146,10 +147,10 @@ sub generate_resumption_tests { my @client_tests = (); # Obtain the first session against a fixed-version server/client. - foreach my $original_protocol($min_enabled..$#protocols) { + foreach my $original_protocol($min_enabled..$max_enabled) { # Upgrade or downgrade the server/client max version support and test # that it upgrades, downgrades or resumes the session as well. - foreach my $resume_protocol($min_enabled..$#protocols) { + foreach my $resume_protocol($min_enabled..$max_enabled) { my $resumption_expected; # We should only resume on exact version match. if ($original_protocol eq $resume_protocol) { @@ -234,9 +235,15 @@ sub expected_result { # Server doesn't support the client range. return ("ServerFail", undef); } elsif ($c_min > $s_max) { - # Server will try with a version that is lower than the lowest - # supported client version. - return ("ClientFail", undef); + my @prots = @$protocols; + if ($prots[$c_min] eq "TLSv1.3") { + # Client won't have sent any ciphersuite the server recognises + return ("ServerFail", undef); + } else { + # Server will try with a version that is lower than the lowest + # supported client version. + return ("ClientFail", undef); + } } else { # Server and client ranges overlap. my $max_common = $s_max < $c_max ? $s_max : $c_max; diff --git a/test/ssl_test_ctx.c b/test/ssl_test_ctx.c index 0a528d8..e8f2943 100644 --- a/test/ssl_test_ctx.c +++ b/test/ssl_test_ctx.c @@ -152,6 +152,7 @@ const char *ssl_alert_name(int alert) /********************/ static const test_enum ssl_protocols[] = { + {"TLSv1.3", TLS1_3_VERSION}, {"TLSv1.2", TLS1_2_VERSION}, {"TLSv1.1", TLS1_1_VERSION}, {"TLSv1", TLS1_VERSION}, diff --git a/test/ssltest_old.c b/test/ssltest_old.c index 6a5cd70..356359d 100644 --- a/test/ssltest_old.c +++ b/test/ssltest_old.c @@ -886,6 +886,7 @@ static int protocol_from_string(const char *value) {"tls1", TLS1_VERSION}, {"tls1.1", TLS1_1_VERSION}, {"tls1.2", TLS1_2_VERSION}, + {"tls1.3", TLS1_3_VERSION}, {"dtls1", DTLS1_VERSION}, {"dtls1.2", DTLS1_2_VERSION}}; size_t i; @@ -958,7 +959,7 @@ int main(int argc, char *argv[]) int badop = 0; enum { BIO_MEM, BIO_PAIR, BIO_IPV4, BIO_IPV6 } bio_type = BIO_MEM; int force = 0; - int dtls1 = 0, dtls12 = 0, dtls = 0, tls1 = 0, ssl3 = 0, ret = 1; + int dtls1 = 0, dtls12 = 0, dtls = 0, tls1 = 0, tls1_2 = 0, ssl3 = 0, ret = 1; int client_auth = 0; int server_auth = 0, i; struct app_verify_arg app_verify_arg = @@ -1123,7 +1124,9 @@ int main(int argc, char *argv[]) min_version = TLS1_VERSION; } #endif - else if (strcmp(*argv, "-tls1") == 0) { + else if (strcmp(*argv, "-tls1_2") == 0) { + tls1_2 = 1; + } else if (strcmp(*argv, "-tls1") == 0) { tls1 = 1; } else if (strcmp(*argv, "-ssl3") == 0) { ssl3 = 1; @@ -1329,8 +1332,8 @@ int main(int argc, char *argv[]) goto end; } - if (ssl3 + tls1 + dtls + dtls1 + dtls12 > 1) { - fprintf(stderr, "At most one of -ssl3, -tls1, -dtls, -dtls1 or -dtls12 should " + if (ssl3 + tls1 + tls1_2 + dtls + dtls1 + dtls12 > 1) { + fprintf(stderr, "At most one of -ssl3, -tls1, -tls1_2, -dtls, -dtls1 or -dtls12 should " "be requested.\n"); EXIT(1); } @@ -1345,6 +1348,11 @@ int main(int argc, char *argv[]) no_protocol = 1; else #endif +#ifdef OPENSSL_NO_TLS1_2 + if (tls1_2) + no_protocol = 1; + else +#endif #if defined(OPENSSL_NO_DTLS) || defined(OPENSSL_NO_DTLS1) if (dtls1) no_protocol = 1; @@ -1369,10 +1377,11 @@ int main(int argc, char *argv[]) goto end; } - if (!ssl3 && !tls1 && !dtls && !dtls1 && !dtls12 && number > 1 && !reuse && !force) { + if (!ssl3 && !tls1 && !tls1_2 && !dtls && !dtls1 && !dtls12 && number > 1 + && !reuse && !force) { fprintf(stderr, "This case cannot work. Use -f to perform " "the test anyway (and\n-d to see what happens), " - "or add one of -ssl3, -tls1, -dtls, -dtls1, -dtls12, -reuse\n" + "or add one of -ssl3, -tls1, -tls1_2, -dtls, -dtls1, -dtls12, -reuse\n" "to avoid protocol mismatch.\n"); EXIT(1); } @@ -1435,6 +1444,9 @@ int main(int argc, char *argv[]) } else if (tls1) { min_version = TLS1_VERSION; max_version = TLS1_VERSION; + } else if (tls1_2) { + min_version = TLS1_2_VERSION; + max_version = TLS1_2_VERSION; } #endif #ifndef OPENSSL_NO_DTLS diff --git a/util/TLSProxy/Proxy.pm b/util/TLSProxy/Proxy.pm index eeb83ed..c15019d 100644 --- a/util/TLSProxy/Proxy.pm +++ b/util/TLSProxy/Proxy.pm @@ -147,8 +147,10 @@ sub start or die "Failed to redirect stdout: $!"; open(STDERR, ">&STDOUT"); } + # TODO(TLS1.3): Temporarily disabled for TLS1.3...no shared cipher + # because the TLS1.3 ciphersuites are not compatible with ossltest my $execcmd = $self->execute - ." s_server -no_comp -rev -engine ossltest -accept " + ." s_server -no_tls1_3 -no_comp -rev -engine ossltest -accept " .($self->server_port) ." -cert ".$self->cert." -naccept ".$self->serverconnects; if ($self->ciphers ne "") { From matt at openssl.org Wed Nov 2 13:48:58 2016 From: matt at openssl.org (Matt Caswell) Date: Wed, 02 Nov 2016 13:48:58 +0000 Subject: [openssl-commits] [openssl] master update Message-ID: <1478094538.860578.10876.nullmailer@dev.openssl.org> The branch master has been updated via ca0b75ade0e89d1d3782ed6b1a4ae0fab72251ec (commit) via 837e591d42ae499c89930a7277005c5034a12b04 (commit) via aad22ba2c6172508f70263bcf53f6af6257c8b14 (commit) from 2abacef13ab19b842a9217d6c464b4001980c0f6 (commit) - Log ----------------------------------------------------------------- commit ca0b75ade0e89d1d3782ed6b1a4ae0fab72251ec Author: Matt Caswell Date: Tue Nov 1 18:28:19 2016 +0000 Fix some style issues in ossltest Based on feedback received Reviewed-by: Rich Salz commit 837e591d42ae499c89930a7277005c5034a12b04 Author: Matt Caswell Date: Fri Oct 28 15:57:12 2016 +0100 Enable TLSProxy to talk TLS1.3 Now that ossltest knows about a TLS1.3 cipher we can now do TLS1.3 in TLSProxy Reviewed-by: Rich Salz commit aad22ba2c6172508f70263bcf53f6af6257c8b14 Author: Matt Caswell Date: Thu Oct 27 18:32:36 2016 +0100 Make sure ossltest engine works with TLS1.3 This might need more changes once we do a "real" TLS1.3 ciphersuite. But it should do for now. Reviewed-by: Rich Salz ----------------------------------------------------------------------- Summary of changes: engines/e_ossltest.c | 83 +++++++++++++++++++++++++++++++++++- test/recipes/70-test_sslcbcpadding.t | 1 + test/recipes/70-test_sslrecords.t | 9 ++++ util/TLSProxy/Proxy.pm | 8 ++-- util/TLSProxy/Record.pm | 27 +++++++----- 5 files changed, 111 insertions(+), 17 deletions(-) diff --git a/engines/e_ossltest.c b/engines/e_ossltest.c index b4c83cb..afa5edf 100644 --- a/engines/e_ossltest.c +++ b/engines/e_ossltest.c @@ -226,7 +226,7 @@ static int ossltest_ciphers(ENGINE *, const EVP_CIPHER **, const int **, int); static int ossltest_cipher_nids[] = { - NID_aes_128_cbc, 0 + NID_aes_128_cbc, NID_aes_128_gcm, 0 }; /* AES128 */ @@ -235,6 +235,12 @@ int ossltest_aes128_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, const unsigned char *iv, int enc); int ossltest_aes128_cbc_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, size_t inl); +int ossltest_aes128_gcm_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, + const unsigned char *iv, int enc); +int ossltest_aes128_gcm_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, + const unsigned char *in, size_t inl); +static int ossltest_aes128_gcm_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg, + void *ptr); static EVP_CIPHER *_hidden_aes_128_cbc = NULL; static const EVP_CIPHER *ossltest_aes_128_cbc(void) @@ -258,9 +264,40 @@ static const EVP_CIPHER *ossltest_aes_128_cbc(void) } return _hidden_aes_128_cbc; } +static EVP_CIPHER *_hidden_aes_128_gcm = NULL; + +#define AES_GCM_FLAGS (EVP_CIPH_FLAG_DEFAULT_ASN1 \ + | EVP_CIPH_CUSTOM_IV | EVP_CIPH_FLAG_CUSTOM_CIPHER \ + | EVP_CIPH_ALWAYS_CALL_INIT | EVP_CIPH_CTRL_INIT \ + | EVP_CIPH_CUSTOM_COPY |EVP_CIPH_FLAG_AEAD_CIPHER \ + | EVP_CIPH_GCM_MODE) + +static const EVP_CIPHER *ossltest_aes_128_gcm(void) +{ + if (_hidden_aes_128_gcm == NULL + && ((_hidden_aes_128_gcm = EVP_CIPHER_meth_new(NID_aes_128_gcm, + 1 /* block size */, + 16 /* key len */)) == NULL + || !EVP_CIPHER_meth_set_iv_length(_hidden_aes_128_gcm,12) + || !EVP_CIPHER_meth_set_flags(_hidden_aes_128_gcm, AES_GCM_FLAGS) + || !EVP_CIPHER_meth_set_init(_hidden_aes_128_gcm, + ossltest_aes128_gcm_init_key) + || !EVP_CIPHER_meth_set_do_cipher(_hidden_aes_128_gcm, + ossltest_aes128_gcm_cipher) + || !EVP_CIPHER_meth_set_ctrl(_hidden_aes_128_gcm, + ossltest_aes128_gcm_ctrl) + || !EVP_CIPHER_meth_set_impl_ctx_size(_hidden_aes_128_gcm, + EVP_CIPHER_impl_ctx_size(EVP_aes_128_gcm())))) { + EVP_CIPHER_meth_free(_hidden_aes_128_gcm); + _hidden_aes_128_gcm = NULL; + } + return _hidden_aes_128_gcm; +} + static void destroy_ciphers(void) { EVP_CIPHER_meth_free(_hidden_aes_128_cbc); + EVP_CIPHER_meth_free(_hidden_aes_128_gcm); _hidden_aes_128_cbc = NULL; } @@ -389,6 +426,9 @@ static int ossltest_ciphers(ENGINE *e, const EVP_CIPHER **cipher, case NID_aes_128_cbc: *cipher = ossltest_aes_128_cbc(); break; + case NID_aes_128_gcm: + *cipher = ossltest_aes_128_gcm(); + break; default: ok = 0; *cipher = NULL; @@ -566,3 +606,44 @@ int ossltest_aes128_cbc_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, return ret; } + +int ossltest_aes128_gcm_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, + const unsigned char *iv, int enc) +{ + return EVP_CIPHER_meth_get_init(EVP_aes_128_gcm()) (ctx, key, iv, enc); +} + + +int ossltest_aes128_gcm_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, + const unsigned char *in, size_t inl) +{ + const size_t datalen = inl - EVP_GCM_TLS_EXPLICIT_IV_LEN + - EVP_GCM_TLS_TAG_LEN; + unsigned char *tmpbuf = OPENSSL_malloc(datalen); + + if (tmpbuf == NULL) + return -1; + + /* Remember what we were asked to encrypt */ + memcpy(tmpbuf, in + EVP_GCM_TLS_EXPLICIT_IV_LEN, datalen); + + /* Go through the motions of encrypting it */ + EVP_CIPHER_meth_get_do_cipher(EVP_aes_128_gcm())(ctx, out, in, inl); + + /* + * Throw it all away and just use the plaintext as the output with empty + * IV and tag + */ + memset(out, 0, inl); + memcpy(out + EVP_GCM_TLS_EXPLICIT_IV_LEN, tmpbuf, datalen); + OPENSSL_free(tmpbuf); + + return 1; +} + +static int ossltest_aes128_gcm_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg, + void *ptr) +{ + /* Pass the ctrl down */ + return EVP_CIPHER_meth_get_ctrl(EVP_aes_128_gcm())(ctx, type, arg, ptr); +} diff --git a/test/recipes/70-test_sslcbcpadding.t b/test/recipes/70-test_sslcbcpadding.t index fdaa466..22825a0 100644 --- a/test/recipes/70-test_sslcbcpadding.t +++ b/test/recipes/70-test_sslcbcpadding.t @@ -40,6 +40,7 @@ my @test_offsets = (0, 128, 254, 255); # Test that maximally-padded records are accepted. my $bad_padding_offset = -1; +$proxy->serverflags("-tls1_2"); $proxy->start() or plan skip_all => "Unable to start up Proxy for tests"; plan tests => 1 + scalar(@test_offsets); ok(TLSProxy::Message->success(), "Maximally-padded record test"); diff --git a/test/recipes/70-test_sslrecords.t b/test/recipes/70-test_sslrecords.t index d1c8d3a..fc9b59f 100644 --- a/test/recipes/70-test_sslrecords.t +++ b/test/recipes/70-test_sslrecords.t @@ -37,6 +37,7 @@ my $proxy = TLSProxy::Proxy->new( #Test 1: Injecting out of context empty records should fail my $content_type = TLSProxy::Record::RT_APPLICATION_DATA; my $inject_recs_num = 1; +$proxy->serverflags("-tls1_2"); $proxy->start() or plan skip_all => "Unable to start up Proxy for tests"; plan tests => 9; ok(TLSProxy::Message->fail(), "Out of context empty records test"); @@ -44,6 +45,7 @@ ok(TLSProxy::Message->fail(), "Out of context empty records test"); #Test 2: Injecting in context empty records should succeed $proxy->clear(); $content_type = TLSProxy::Record::RT_HANDSHAKE; +$proxy->serverflags("-tls1_2"); $proxy->start(); ok(TLSProxy::Message->success(), "In context empty records test"); @@ -51,6 +53,7 @@ ok(TLSProxy::Message->success(), "In context empty records test"); $proxy->clear(); #We allow 32 consecutive in context empty records $inject_recs_num = 33; +$proxy->serverflags("-tls1_2"); $proxy->start(); ok(TLSProxy::Message->fail(), "Too many in context empty records test"); @@ -59,6 +62,7 @@ ok(TLSProxy::Message->fail(), "Too many in context empty records test"); # alert, i.e. this will look like a disorderly close $proxy->clear(); $proxy->filter(\&add_frag_alert_filter); +$proxy->serverflags("-tls1_2"); $proxy->start(); ok(!TLSProxy::Message->end(), "Fragmented alert records test"); @@ -75,6 +79,7 @@ use constant { my $sslv2testtype = TLSV1_2_IN_SSLV2; $proxy->clear(); $proxy->filter(\&add_sslv2_filter); +$proxy->serverflags("-tls1_2"); $proxy->start(); ok(TLSProxy::Message->success(), "TLSv1.2 in SSLv2 ClientHello test"); @@ -83,6 +88,7 @@ ok(TLSProxy::Message->success(), "TLSv1.2 in SSLv2 ClientHello test"); # protocol so we don't even send an alert in this case. $sslv2testtype = SSLV2_IN_SSLV2; $proxy->clear(); +$proxy->serverflags("-tls1_2"); $proxy->start(); ok(!TLSProxy::Message->end(), "SSLv2 in SSLv2 ClientHello test"); @@ -91,6 +97,7 @@ ok(!TLSProxy::Message->end(), "SSLv2 in SSLv2 ClientHello test"); # reasons $sslv2testtype = FRAGMENTED_IN_TLSV1_2; $proxy->clear(); +$proxy->serverflags("-tls1_2"); $proxy->start(); ok(TLSProxy::Message->success(), "Fragmented ClientHello in TLSv1.2 test"); @@ -98,6 +105,7 @@ ok(TLSProxy::Message->success(), "Fragmented ClientHello in TLSv1.2 test"); # record; and another TLS1.2 record. This isn't allowed so should fail $sslv2testtype = FRAGMENTED_IN_SSLV2; $proxy->clear(); +$proxy->serverflags("-tls1_2"); $proxy->start(); ok(TLSProxy::Message->fail(), "Fragmented ClientHello in TLSv1.2/SSLv2 test"); @@ -105,6 +113,7 @@ ok(TLSProxy::Message->fail(), "Fragmented ClientHello in TLSv1.2/SSLv2 test"); # fail because an SSLv2 ClientHello must be the first record. $sslv2testtype = ALERT_BEFORE_SSLV2; $proxy->clear(); +$proxy->serverflags("-tls1_2"); $proxy->start(); ok(TLSProxy::Message->fail(), "Alert before SSLv2 ClientHello test"); sub add_empty_recs_filter diff --git a/util/TLSProxy/Proxy.pm b/util/TLSProxy/Proxy.pm index c15019d..16fd094 100644 --- a/util/TLSProxy/Proxy.pm +++ b/util/TLSProxy/Proxy.pm @@ -48,7 +48,7 @@ sub new cert => $cert, debug => $debug, cipherc => "", - ciphers => "AES128-SHA", + ciphers => "AES128-SHA:TLS13-AES-128-GCM-SHA256", flight => 0, record_list => [], message_list => [], @@ -113,7 +113,7 @@ sub clear my $self = shift; $self->clearClient; - $self->{ciphers} = "AES128-SHA"; + $self->{ciphers} = "AES128-SHA:TLS13-AES-128-GCM-SHA256"; $self->{serverflags} = ""; $self->{serverconnects} = 1; $self->{serverpid} = 0; @@ -147,10 +147,8 @@ sub start or die "Failed to redirect stdout: $!"; open(STDERR, ">&STDOUT"); } - # TODO(TLS1.3): Temporarily disabled for TLS1.3...no shared cipher - # because the TLS1.3 ciphersuites are not compatible with ossltest my $execcmd = $self->execute - ." s_server -no_tls1_3 -no_comp -rev -engine ossltest -accept " + ." s_server -no_comp -rev -engine ossltest -accept " .($self->server_port) ." -cert ".$self->cert." -naccept ".$self->serverconnects; if ($self->ciphers ne "") { diff --git a/util/TLSProxy/Record.pm b/util/TLSProxy/Record.pm index 423bad3..93a3a4b 100644 --- a/util/TLSProxy/Record.pm +++ b/util/TLSProxy/Record.pm @@ -107,7 +107,7 @@ sub get_records if (($server && $server_ccs_seen) || (!$server && $client_ccs_seen)) { - if ($etm) { + if ($version != VERS_TLS_1_3() && $etm) { $record->decryptETM(); } else { $record->decrypt(); @@ -221,22 +221,27 @@ sub decryptETM sub decrypt() { my ($self) = shift; - + my $mactaglen = 20; my $data = $self->data; - if($self->version >= VERS_TLS_1_1()) { - #TLS1.1+ has an explicit IV. Throw it away + #Throw away any IVs + if ($self->version >= VERS_TLS_1_3()) { + #8 bytes for a GCM IV + $data = substr($data, 8); + $mactaglen = 16; + } elsif ($self->version >= VERS_TLS_1_1()) { + #16 bytes for a standard IV $data = substr($data, 16); - } - #Find out what the padding byte is - my $padval = unpack("C", substr($data, length($data) - 1)); + #Find out what the padding byte is + my $padval = unpack("C", substr($data, length($data) - 1)); - #Throw away the padding - $data = substr($data, 0, length($data) - ($padval + 1)); + #Throw away the padding + $data = substr($data, 0, length($data) - ($padval + 1)); + } - #Throw away the MAC (assumes MAC is 20 bytes for now. FIXME) - $data = substr($data, 0, length($data) - 20); + #Throw away the MAC or TAG + $data = substr($data, 0, length($data) - $mactaglen); $self->decrypt_data($data); $self->decrypt_len(length($data)); From matt at openssl.org Wed Nov 2 14:03:05 2016 From: matt at openssl.org (Matt Caswell) Date: Wed, 02 Nov 2016 14:03:05 +0000 Subject: [openssl-commits] [openssl] master update Message-ID: <1478095385.307812.13247.nullmailer@dev.openssl.org> The branch master has been updated via 8aefa08cfbc7db7cc10765ee9684090e37983f45 (commit) via 02e22dd444c46728008a7c17e0758327f1c31e67 (commit) via 542dd9c58712201a46a5519ee02e878792bbcb72 (commit) via 045bd04706d2a798d5fb4b3ccf7fd56e6e09b082 (commit) from ca0b75ade0e89d1d3782ed6b1a4ae0fab72251ec (commit) - Log ----------------------------------------------------------------- commit 8aefa08cfbc7db7cc10765ee9684090e37983f45 Author: David Woodhouse Date: Sun Oct 23 17:03:56 2016 +0100 Add documentation for DTLS_get_data_mtu() Reviewed-by: Rich Salz Reviewed-by: Matt Caswell commit 02e22dd444c46728008a7c17e0758327f1c31e67 Author: David Woodhouse Date: Wed Oct 12 16:13:31 2016 +0100 Add test cases for DTLS_get_data_mtu() Reviewed-by: Rich Salz Reviewed-by: Matt Caswell commit 542dd9c58712201a46a5519ee02e878792bbcb72 Author: David Woodhouse Date: Thu Oct 6 11:44:29 2016 +0100 Add unit test for ssl_cipher_get_overhead() Reviewed-by: Rich Salz Reviewed-by: Matt Caswell commit 045bd04706d2a798d5fb4b3ccf7fd56e6e09b082 Author: David Woodhouse Date: Thu Oct 6 00:44:59 2016 +0100 Add DTLS_get_data_mtu() function We add ssl_cipher_get_overhead() as an internal function, to avoid having too much ciphersuite-specific knowledge in DTLS_get_data_mtu() itself. It's going to need adjustment for TLSv1.3... but then again, so is fairly much *all* of the SSL_CIPHER handling. This bit is in the noise. Reviewed-by: Rich Salz Reviewed-by: Matt Caswell ----------------------------------------------------------------------- Summary of changes: doc/man3/DTLS_get_data_mtu.pod | 36 ++++ include/openssl/ssl.h | 2 + ssl/d1_lib.c | 36 ++++ ssl/ssl_ciph.c | 52 ++++++ ssl/ssl_locl.h | 3 + test/build.info | 13 +- test/cipher_overhead_test.c | 33 ++++ test/dtls_mtu_test.c | 190 +++++++++++++++++++++ .../{70-test_bad_dtls.t => 80-test_dtls_mtu.t} | 9 +- .../{70-test_wpacket.t => 90-test_overhead.t} | 4 +- util/libssl.num | 1 + 11 files changed, 372 insertions(+), 7 deletions(-) create mode 100644 doc/man3/DTLS_get_data_mtu.pod create mode 100644 test/cipher_overhead_test.c create mode 100644 test/dtls_mtu_test.c copy test/recipes/{70-test_bad_dtls.t => 80-test_dtls_mtu.t} (64%) copy test/recipes/{70-test_wpacket.t => 90-test_overhead.t} (83%) diff --git a/doc/man3/DTLS_get_data_mtu.pod b/doc/man3/DTLS_get_data_mtu.pod new file mode 100644 index 0000000..ab71472 --- /dev/null +++ b/doc/man3/DTLS_get_data_mtu.pod @@ -0,0 +1,36 @@ +=pod + +=head1 NAME + +DTLS_get_data_mtu - Get maximum data payload size + +=head1 SYNOPSIS + + #include + + size_t DTLS_get_data_mtu(const SSL *ssl); + +=head1 DESCRIPTION + +This function obtains the maximum data payload size for the established +DTLS connection B, based on the DTLS record MTU and the overhead +of the DTLS record header, encryption and authentication currently in use. + +=head1 RETURN VALUES + +Returns the maximum data payload size on success, or 0 on failure. + +=head1 HISTORY + +This function was added in OpenSSL 1.1.1 + +=head1 COPYRIGHT + +Copyright 2016 The OpenSSL Project Authors. All Rights Reserved. + +Licensed under the OpenSSL license (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +L. + +=cut diff --git a/include/openssl/ssl.h b/include/openssl/ssl.h index f0aa306..7b40b37 100644 --- a/include/openssl/ssl.h +++ b/include/openssl/ssl.h @@ -1630,6 +1630,8 @@ __owur const SSL_METHOD *DTLS_method(void); /* DTLS 1.0 and 1.2 */ __owur const SSL_METHOD *DTLS_server_method(void); /* DTLS 1.0 and 1.2 */ __owur const SSL_METHOD *DTLS_client_method(void); /* DTLS 1.0 and 1.2 */ +__owur size_t DTLS_get_data_mtu(const SSL *s); + __owur STACK_OF(SSL_CIPHER) *SSL_get_ciphers(const SSL *s); __owur STACK_OF(SSL_CIPHER) *SSL_CTX_get_ciphers(const SSL_CTX *ctx); __owur STACK_OF(SSL_CIPHER) *SSL_get_client_ciphers(const SSL *s); diff --git a/ssl/d1_lib.c b/ssl/d1_lib.c index 112c699..e7a6650 100644 --- a/ssl/d1_lib.c +++ b/ssl/d1_lib.c @@ -1088,3 +1088,39 @@ unsigned int dtls1_min_mtu(SSL *s) { return dtls1_link_min_mtu() - BIO_dgram_get_mtu_overhead(SSL_get_wbio(s)); } + +size_t DTLS_get_data_mtu(const SSL *s) +{ + size_t mac_overhead, int_overhead, blocksize, ext_overhead; + const SSL_CIPHER *ciph = SSL_get_current_cipher(s); + size_t mtu = s->d1->mtu; + + if (ciph == NULL) + return 0; + + if (!ssl_cipher_get_overhead(ciph, &mac_overhead, &int_overhead, + &blocksize, &ext_overhead)) + return 0; + + if (SSL_USE_ETM(s)) + ext_overhead += mac_overhead; + else + int_overhead += mac_overhead; + + /* Subtract external overhead (e.g. IV/nonce, separate MAC) */ + if (ext_overhead + DTLS1_RT_HEADER_LENGTH >= mtu) + return 0; + mtu -= ext_overhead + DTLS1_RT_HEADER_LENGTH; + + /* Round encrypted payload down to cipher block size (for CBC etc.) + * No check for overflow since 'mtu % blocksize' cannot exceed mtu. */ + if (blocksize) + mtu -= (mtu % blocksize); + + /* Subtract internal overhead (e.g. CBC padding len byte) */ + if (int_overhead >= mtu) + return 0; + mtu -= int_overhead; + + return mtu; +} diff --git a/ssl/ssl_ciph.c b/ssl/ssl_ciph.c index adccbfc..acc1840 100644 --- a/ssl/ssl_ciph.c +++ b/ssl/ssl_ciph.c @@ -1947,3 +1947,55 @@ int SSL_CIPHER_is_aead(const SSL_CIPHER *c) { return (c->algorithm_mac & SSL_AEAD) ? 1 : 0; } + +int ssl_cipher_get_overhead(const SSL_CIPHER *c, size_t *mac_overhead, + size_t *int_overhead, size_t *blocksize, + size_t *ext_overhead) +{ + size_t mac = 0, in = 0, blk = 0, out = 0; + + /* Some hard-coded numbers for the CCM/Poly1305 MAC overhead + * because there are no handy #defines for those. */ + if (c->algorithm_enc & SSL_AESGCM) { + out = EVP_GCM_TLS_EXPLICIT_IV_LEN + EVP_GCM_TLS_TAG_LEN; + } else if (c->algorithm_enc & (SSL_AES128CCM | SSL_AES256CCM)) { + out = EVP_CCM_TLS_EXPLICIT_IV_LEN + 16; + } else if (c->algorithm_enc & (SSL_AES128CCM8 | SSL_AES256CCM8)) { + out = EVP_CCM_TLS_EXPLICIT_IV_LEN + 8; + } else if (c->algorithm_enc & SSL_CHACHA20POLY1305) { + out = 16; + } else if (c->algorithm_mac & SSL_AEAD) { + /* We're supposed to have handled all the AEAD modes above */ + return 0; + } else { + /* Non-AEAD modes. Calculate MAC/cipher overhead separately */ + int digest_nid = SSL_CIPHER_get_digest_nid(c); + const EVP_MD *e_md = EVP_get_digestbynid(digest_nid); + + if (e_md == NULL) + return 0; + + mac = EVP_MD_size(e_md); + if (c->algorithm_enc != SSL_eNULL) { + int cipher_nid = SSL_CIPHER_get_cipher_nid(c); + const EVP_CIPHER *e_ciph = EVP_get_cipherbynid(cipher_nid); + + /* If it wasn't AEAD or SSL_eNULL, we expect it to be a + known CBC cipher. */ + if (e_ciph == NULL || + EVP_CIPHER_mode(e_ciph) != EVP_CIPH_CBC_MODE) + return 0; + + in = 1; /* padding length byte */ + out = EVP_CIPHER_iv_length(e_ciph); + blk = EVP_CIPHER_block_size(e_ciph); + } + } + + *mac_overhead = mac; + *int_overhead = in; + *blocksize = blk; + *ext_overhead = out; + + return 1; +} diff --git a/ssl/ssl_locl.h b/ssl/ssl_locl.h index d5a6fe2..1cf27b9 100644 --- a/ssl/ssl_locl.h +++ b/ssl/ssl_locl.h @@ -1817,6 +1817,9 @@ __owur int ssl_cipher_get_evp(const SSL_SESSION *s, const EVP_CIPHER **enc, const EVP_MD **md, int *mac_pkey_type, int *mac_secret_size, SSL_COMP **comp, int use_etm); +__owur int ssl_cipher_get_overhead(const SSL_CIPHER *c, size_t *mac_overhead, + size_t *int_overhead, size_t *blocksize, + size_t *ext_overhead); __owur int ssl_cipher_get_cert_index(const SSL_CIPHER *c); __owur const SSL_CIPHER *ssl_get_cipher_by_char(SSL *ssl, const unsigned char *ptr); diff --git a/test/build.info b/test/build.info index 013a0c6..5246969 100644 --- a/test/build.info +++ b/test/build.info @@ -275,11 +275,22 @@ IF[{- !$disabled{tests} -}] INCLUDE[bio_enc_test]=../include DEPEND[bio_enc_test]=../libcrypto + IF[{- !$disabled{psk} -}] + PROGRAMS_NO_INST=dtls_mtu_test + SOURCE[dtls_mtu_test]=dtls_mtu_test.c ssltestlib.c + INCLUDE[dtls_mtu_test]=.. ../include + DEPEND[dtls_mtu_test]=../libcrypto ../libssl + ENDIF + IF[{- $disabled{shared} -}] - PROGRAMS_NO_INST=wpackettest + PROGRAMS_NO_INST=wpackettest cipher_overhead_test SOURCE[wpackettest]=wpackettest.c testutil.c INCLUDE[wpackettest]=../include DEPEND[wpackettest]=../libcrypto ../libssl + + SOURCE[cipher_overhead_test]=cipher_overhead_test.c + INCLUDE[cipher_overhead_test]=.. ../include + DEPEND[cipher_overhead_test]=../libcrypto ../libssl ENDIF ENDIF diff --git a/test/cipher_overhead_test.c b/test/cipher_overhead_test.c new file mode 100644 index 0000000..8c262b3 --- /dev/null +++ b/test/cipher_overhead_test.c @@ -0,0 +1,33 @@ +/* + * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#include + +#include "../ssl/ssl_locl.h" + +int main(void) +{ + int i, n = ssl3_num_ciphers(); + const SSL_CIPHER *ciph; + size_t mac, in, blk, ex; + + for (i = 0; i < n; i++) { + ciph = ssl3_get_cipher(i); + if (!ciph->min_dtls) + continue; + if (!ssl_cipher_get_overhead(ciph, &mac, &in, &blk, &ex)) { + printf("Error getting overhead for %s\n", ciph->name); + exit(1); + } else { + printf("Cipher %s: %"OSSLzu" %"OSSLzu" %"OSSLzu" %"OSSLzu"\n", + ciph->name, mac, in, blk, ex); + } + } + exit(0); +} diff --git a/test/dtls_mtu_test.c b/test/dtls_mtu_test.c new file mode 100644 index 0000000..df1013a --- /dev/null +++ b/test/dtls_mtu_test.c @@ -0,0 +1,190 @@ +/* + * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#include +#include + +#include +#include +#include + +#include "ssltestlib.h" + +/* for SSL_USE_ETM() */ +#include "../ssl/ssl_locl.h" + +static int debug = 0; + +static unsigned int clnt_psk_callback(SSL *ssl, const char *hint, + char *ident, unsigned int max_ident_len, + unsigned char *psk, + unsigned int max_psk_len) +{ + snprintf(ident, max_ident_len, "psk"); + + if (max_psk_len > 20) + max_psk_len = 20; + memset(psk, 0x5a, max_psk_len); + + return max_psk_len; +} + +static unsigned int srvr_psk_callback(SSL *ssl, const char *identity, + unsigned char *psk, + unsigned int max_psk_len) +{ + if (max_psk_len > 20) + max_psk_len = 20; + memset(psk, 0x5a, max_psk_len); + return max_psk_len; +} + +static int mtu_test(SSL_CTX *ctx, const char *cs, int no_etm) +{ + SSL *srvr_ssl = NULL, *clnt_ssl = NULL; + BIO *sc_bio = NULL; + int i; + size_t s; + size_t mtus[30]; + unsigned char buf[600]; + int rv = 0; + + memset(buf, 0x5a, sizeof(buf)); + + if (create_ssl_objects(ctx, ctx, &srvr_ssl, &clnt_ssl, NULL, NULL) != 1) + goto out; + + if (no_etm) + SSL_set_options(srvr_ssl, SSL_OP_NO_ENCRYPT_THEN_MAC); + + if (SSL_set_cipher_list(srvr_ssl, cs) != 1 || + SSL_set_cipher_list(clnt_ssl, cs) != 1) { + ERR_print_errors_fp(stdout); + goto out; + } + sc_bio = SSL_get_rbio(srvr_ssl); + + if (create_ssl_connection(clnt_ssl, srvr_ssl) != 1) + goto out; + + if (debug) + printf("Channel established\n"); + + /* For record MTU values between 500 and 539, call DTLS_get_data_mtu() + * to query the payload MTU which will fit. */ + for (i = 0; i < 30; i++) { + SSL_set_mtu(clnt_ssl, 500 + i); + mtus[i] = DTLS_get_data_mtu(clnt_ssl); + if (debug) + printf("%s%s payload MTU for record mtu %d = %"OSSLzu"\n", + cs, no_etm ? "-noEtM":"", 500 + i, mtus[i]); + if (mtus[i] == 0) { + fprintf(stderr, + "payload MTU failed with record MTU %d for %s\n", + 500 + i, cs); + goto out; + } + } + + /* Now get out of the way */ + SSL_set_mtu(clnt_ssl, 1000); + + /* Now for all values in the range of payload MTUs, send + * a payload of that size and see what actual record size + * we end up with. */ + for (s = mtus[0]; s <= mtus[29]; s++) { + size_t reclen; + if (SSL_write(clnt_ssl, buf, s) != (int)s) { + ERR_print_errors_fp(stdout); + goto out; + } + reclen = BIO_read(sc_bio, buf, sizeof(buf)); + if (debug) + printf("record %"OSSLzu" for payload %"OSSLzu"\n", reclen, s); + + for (i = 0; i < 30; i++) { + /* DTLS_get_data_mtu() with record MTU 500+i returned mtus[i] ... */ + + if (s <= mtus[i] && reclen > (size_t)(500 + i)) { + /* We sent a packet smaller than or equal to mtus[j] and + * that made a record *larger* than the record MTU 500+j! */ + fprintf(stderr, + "%s: Payload MTU %"OSSLzu" reported for record MTU %d\n" + "but sending a payload of %"OSSLzu" made a record of %"OSSLzu"(too large)\n", + cs, mtus[i], 500 + i, s, reclen); + goto out; + } + if (s > mtus[i] && reclen <= (size_t)(500 + i)) { + /* We sent a *larger* packet than mtus[i] and that *still* + * fits within the record MTU 500+i, so DTLS_get_data_mtu() + * was overly pessimistic. */ + fprintf(stderr, + "%s: Payload MTU %"OSSLzu" reported for record MTU %d\n" + "but sending a payload of %"OSSLzu" made a record of %"OSSLzu" (too small)\n", + cs, mtus[i], 500 + i, s, reclen); + goto out; + } + } + } + rv = 1; + if (SSL_USE_ETM(clnt_ssl)) + rv = 2; + out: + SSL_free(clnt_ssl); + SSL_free(srvr_ssl); + return rv; +} + +int main(void) +{ + SSL_CTX *ctx = SSL_CTX_new(DTLS_method()); + STACK_OF(SSL_CIPHER) *ciphers; + int i, rv = 0; + + SSL_CTX_set_psk_server_callback(ctx, srvr_psk_callback); + SSL_CTX_set_psk_client_callback(ctx, clnt_psk_callback); + SSL_CTX_set_security_level(ctx, 0); + + /* We only care about iterating over each enc/mac; we don't + * want to repeat the test for each auth/kx variant. + * So keep life simple and only do (non-DH) PSK. */ + if (!SSL_CTX_set_cipher_list(ctx, "PSK")) { + fprintf(stderr, "Failed to set PSK cipher list\n"); + goto out; + } + + ciphers = SSL_CTX_get_ciphers(ctx); + for (i = 0; i < sk_SSL_CIPHER_num(ciphers); i++) { + const SSL_CIPHER *cipher = sk_SSL_CIPHER_value(ciphers, i); + const char *cipher_name = SSL_CIPHER_get_name(cipher); + + /* As noted above, only one test for each enc/mac variant. */ + if (strncmp(cipher_name, "PSK-", 4)) + continue; + + rv = mtu_test(ctx, cipher_name, 0); + if (!rv) + break; + + printf("DTLS MTU test OK for %s\n", cipher_name); + if (rv == 1) + continue; + + /* mtu_test() returns 2 if it used Encrypt-then-MAC */ + rv = mtu_test(ctx, cipher_name, 1); + if (!rv) + break; + + printf("DTLS MTU test OK for %s without Encrypt-then-MAC\n", cipher_name); + } + out: + SSL_CTX_free(ctx); + + return !rv; +} diff --git a/test/recipes/70-test_bad_dtls.t b/test/recipes/80-test_dtls_mtu.t similarity index 64% copy from test/recipes/70-test_bad_dtls.t copy to test/recipes/80-test_dtls_mtu.t index a20db77..86d7de0 100644 --- a/test/recipes/70-test_bad_dtls.t +++ b/test/recipes/80-test_dtls_mtu.t @@ -10,11 +10,12 @@ use OpenSSL::Test; use OpenSSL::Test::Utils; -setup("test_bad_dtls"); +my $test_name = "test_dtls_mtu"; +setup($test_name); -plan skip_all => "DTLSv1 is not supported by this OpenSSL build" - if disabled("dtls1"); +plan skip_all => "$test_name needs DTLS and PSK support enabled" + if disabled("dtls1_2") || disabled("psk"); plan tests => 1; -ok(run(test(["bad_dtls_test"])), "running bad_dtls_test"); +ok(run(test(["dtls_mtu_test"])), "running dtls_mtu_test"); diff --git a/test/recipes/70-test_wpacket.t b/test/recipes/90-test_overhead.t similarity index 83% copy from test/recipes/70-test_wpacket.t copy to test/recipes/90-test_overhead.t index 9170122..a9311bf 100644 --- a/test/recipes/70-test_wpacket.t +++ b/test/recipes/90-test_overhead.t @@ -10,11 +10,11 @@ use OpenSSL::Test; use OpenSSL::Test::Utils; -setup("test_wpacket"); +setup("test_overhead"); plan skip_all => "Only supported in no-shared builds" if !disabled("shared"); plan tests => 1; -ok(run(test(["wpackettest"]))); +ok(run(test(["cipher_overhead_test"])), "running cipher_overhead_test"); diff --git a/util/libssl.num b/util/libssl.num index 7e00479..9f44b38 100644 --- a/util/libssl.num +++ b/util/libssl.num @@ -404,3 +404,4 @@ SSL_SESSION_get0_cipher 404 1_1_0 EXIST::FUNCTION: SSL_SESSION_get0_id_context 405 1_1_0 EXIST::FUNCTION: SSL_SESSION_set1_id 406 1_1_0 EXIST::FUNCTION: SSL_CTX_set1_cert_store 407 1_1_1 EXIST::FUNCTION: +DTLS_get_data_mtu 408 1_1_1 EXIST::FUNCTION: From matt at openssl.org Wed Nov 2 16:54:35 2016 From: matt at openssl.org (Matt Caswell) Date: Wed, 02 Nov 2016 16:54:35 +0000 Subject: [openssl-commits] [openssl] master update Message-ID: <1478105675.166182.15566.nullmailer@dev.openssl.org> The branch master has been updated via 7856332e8c14fd1da1811a9d0afde243dd0f4669 (commit) via a7faa6da317887e14e8e28254a83555983ed6ca7 (commit) from 8aefa08cfbc7db7cc10765ee9684090e37983f45 (commit) - Log ----------------------------------------------------------------- commit 7856332e8c14fd1da1811a9d0afde243dd0f4669 Author: Matt Caswell Date: Wed Nov 2 10:44:15 2016 +0000 Add a read_ahead test This test checks that read_ahead works correctly when dealing with large records. Reviewed-by: Richard Levitte commit a7faa6da317887e14e8e28254a83555983ed6ca7 Author: Matt Caswell Date: Wed Nov 2 10:34:12 2016 +0000 Fix read_ahead The function ssl3_read_n() takes a parameter |clearold| which, if set, causes any old data in the read buffer to be forgotten, and any unread data to be moved to the start of the buffer. This is supposed to happen when we first read the record header. However, the data move was only taking place if there was not already sufficient data in the buffer to satisfy the request. If read_ahead is set then the record header could be in the buffer already from when we read the preceding record. So with read_ahead we can get into a situation where even though |clearold| is set, the data does not get moved to the start of the read buffer when we read the record header. This means there is insufficient room in the read buffer to consume the rest of the record body, resulting in an internal error. This commit moves the |clearold| processing to earlier in ssl3_read_n() to ensure that it always takes place. Reviewed-by: Richard Levitte ----------------------------------------------------------------------- Summary of changes: ssl/record/rec_layer_s3.c | 24 ++++++++++++------------ test/sslapitest.c | 26 +++++++++++++++++++++++--- 2 files changed, 35 insertions(+), 15 deletions(-) diff --git a/ssl/record/rec_layer_s3.c b/ssl/record/rec_layer_s3.c index 9c8c23c..4535f89 100644 --- a/ssl/record/rec_layer_s3.c +++ b/ssl/record/rec_layer_s3.c @@ -241,6 +241,18 @@ int ssl3_read_n(SSL *s, int n, int max, int extend, int clearold) /* ... now we can act as if 'extend' was set */ } + len = s->rlayer.packet_length; + pkt = rb->buf + align; + /* + * Move any available bytes to front of buffer: 'len' bytes already + * pointed to by 'packet', 'left' extra ones at the end + */ + if (s->rlayer.packet != pkt && clearold == 1) { + memmove(pkt, s->rlayer.packet, len + left); + s->rlayer.packet = pkt; + rb->offset = len + align; + } + /* * For DTLS/UDP reads should not span multiple packets because the read * operation returns the whole packet at once (as long as it fits into @@ -263,18 +275,6 @@ int ssl3_read_n(SSL *s, int n, int max, int extend, int clearold) /* else we need to read more data */ - len = s->rlayer.packet_length; - pkt = rb->buf + align; - /* - * Move any available bytes to front of buffer: 'len' bytes already - * pointed to by 'packet', 'left' extra ones at the end - */ - if (s->rlayer.packet != pkt && clearold == 1) { /* len > 0 */ - memmove(pkt, s->rlayer.packet, len + left); - s->rlayer.packet = pkt; - rb->offset = len + align; - } - if (n > (int)(rb->len - rb->offset)) { /* does not happen */ SSLerr(SSL_F_SSL3_READ_N, ERR_R_INTERNAL_ERROR); return -1; diff --git a/test/sslapitest.c b/test/sslapitest.c index 4d22d8e..a78b060 100644 --- a/test/sslapitest.c +++ b/test/sslapitest.c @@ -31,7 +31,7 @@ static X509 *ocspcert = NULL; #define NUM_EXTRA_CERTS 40 static int execute_test_large_message(const SSL_METHOD *smeth, - const SSL_METHOD *cmeth) + const SSL_METHOD *cmeth, int read_ahead) { SSL_CTX *cctx = NULL, *sctx = NULL; SSL *clientssl = NULL, *serverssl = NULL; @@ -59,6 +59,14 @@ static int execute_test_large_message(const SSL_METHOD *smeth, goto end; } + if(read_ahead) { + /* + * Test that read_ahead works correctly when dealing with large + * records + */ + SSL_CTX_set_read_ahead(cctx, 1); + } + /* * We assume the supplied certificate is big enough so that if we add * NUM_EXTRA_CERTS it will make the overall message large enough. The @@ -105,14 +113,25 @@ static int execute_test_large_message(const SSL_METHOD *smeth, static int test_large_message_tls(void) { - return execute_test_large_message(TLS_server_method(), TLS_client_method()); + return execute_test_large_message(TLS_server_method(), TLS_client_method(), + 0); +} + +static int test_large_message_tls_read_ahead(void) +{ + return execute_test_large_message(TLS_server_method(), TLS_client_method(), + 1); } #ifndef OPENSSL_NO_DTLS static int test_large_message_dtls(void) { + /* + * read_ahead is not relevant to DTLS because DTLS always acts as if + * read_ahead is set. + */ return execute_test_large_message(DTLS_server_method(), - DTLS_client_method()); + DTLS_client_method(), 0); } #endif @@ -863,6 +882,7 @@ int main(int argc, char *argv[]) CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON); ADD_TEST(test_large_message_tls); + ADD_TEST(test_large_message_tls_read_ahead); #ifndef OPENSSL_NO_DTLS ADD_TEST(test_large_message_dtls); #endif From matt at openssl.org Wed Nov 2 16:54:47 2016 From: matt at openssl.org (Matt Caswell) Date: Wed, 02 Nov 2016 16:54:47 +0000 Subject: [openssl-commits] [openssl] OpenSSL_1_1_0-stable update Message-ID: <1478105687.763498.16309.nullmailer@dev.openssl.org> The branch OpenSSL_1_1_0-stable has been updated via 3f99bfed678b09110fda82bc6896fd45eb0b376c (commit) via 0f6c9d73cb1e1027c67d993a669719e351c25cfc (commit) from a95a0219a887611ad8e246e33c086255df771072 (commit) - Log ----------------------------------------------------------------- commit 3f99bfed678b09110fda82bc6896fd45eb0b376c Author: Matt Caswell Date: Wed Nov 2 10:44:15 2016 +0000 Add a read_ahead test This test checks that read_ahead works correctly when dealing with large records. Reviewed-by: Richard Levitte (cherry picked from commit 7856332e8c14fd1da1811a9d0afde243dd0f4669) commit 0f6c9d73cb1e1027c67d993a669719e351c25cfc Author: Matt Caswell Date: Wed Nov 2 10:34:12 2016 +0000 Fix read_ahead The function ssl3_read_n() takes a parameter |clearold| which, if set, causes any old data in the read buffer to be forgotten, and any unread data to be moved to the start of the buffer. This is supposed to happen when we first read the record header. However, the data move was only taking place if there was not already sufficient data in the buffer to satisfy the request. If read_ahead is set then the record header could be in the buffer already from when we read the preceding record. So with read_ahead we can get into a situation where even though |clearold| is set, the data does not get moved to the start of the read buffer when we read the record header. This means there is insufficient room in the read buffer to consume the rest of the record body, resulting in an internal error. This commit moves the |clearold| processing to earlier in ssl3_read_n() to ensure that it always takes place. Reviewed-by: Richard Levitte (cherry picked from commit a7faa6da317887e14e8e28254a83555983ed6ca7) ----------------------------------------------------------------------- Summary of changes: ssl/record/rec_layer_s3.c | 24 ++++++++++++------------ test/sslapitest.c | 26 +++++++++++++++++++++++--- 2 files changed, 35 insertions(+), 15 deletions(-) diff --git a/ssl/record/rec_layer_s3.c b/ssl/record/rec_layer_s3.c index 9c8c23c..4535f89 100644 --- a/ssl/record/rec_layer_s3.c +++ b/ssl/record/rec_layer_s3.c @@ -241,6 +241,18 @@ int ssl3_read_n(SSL *s, int n, int max, int extend, int clearold) /* ... now we can act as if 'extend' was set */ } + len = s->rlayer.packet_length; + pkt = rb->buf + align; + /* + * Move any available bytes to front of buffer: 'len' bytes already + * pointed to by 'packet', 'left' extra ones at the end + */ + if (s->rlayer.packet != pkt && clearold == 1) { + memmove(pkt, s->rlayer.packet, len + left); + s->rlayer.packet = pkt; + rb->offset = len + align; + } + /* * For DTLS/UDP reads should not span multiple packets because the read * operation returns the whole packet at once (as long as it fits into @@ -263,18 +275,6 @@ int ssl3_read_n(SSL *s, int n, int max, int extend, int clearold) /* else we need to read more data */ - len = s->rlayer.packet_length; - pkt = rb->buf + align; - /* - * Move any available bytes to front of buffer: 'len' bytes already - * pointed to by 'packet', 'left' extra ones at the end - */ - if (s->rlayer.packet != pkt && clearold == 1) { /* len > 0 */ - memmove(pkt, s->rlayer.packet, len + left); - s->rlayer.packet = pkt; - rb->offset = len + align; - } - if (n > (int)(rb->len - rb->offset)) { /* does not happen */ SSLerr(SSL_F_SSL3_READ_N, ERR_R_INTERNAL_ERROR); return -1; diff --git a/test/sslapitest.c b/test/sslapitest.c index 495bf26..90326d9 100644 --- a/test/sslapitest.c +++ b/test/sslapitest.c @@ -33,7 +33,7 @@ static X509 *ocspcert = NULL; #define NUM_EXTRA_CERTS 40 static int execute_test_large_message(const SSL_METHOD *smeth, - const SSL_METHOD *cmeth) + const SSL_METHOD *cmeth, int read_ahead) { SSL_CTX *cctx = NULL, *sctx = NULL; SSL *clientssl = NULL, *serverssl = NULL; @@ -61,6 +61,14 @@ static int execute_test_large_message(const SSL_METHOD *smeth, goto end; } + if(read_ahead) { + /* + * Test that read_ahead works correctly when dealing with large + * records + */ + SSL_CTX_set_read_ahead(cctx, 1); + } + /* * We assume the supplied certificate is big enough so that if we add * NUM_EXTRA_CERTS it will make the overall message large enough. The @@ -107,14 +115,25 @@ static int execute_test_large_message(const SSL_METHOD *smeth, static int test_large_message_tls(void) { - return execute_test_large_message(TLS_server_method(), TLS_client_method()); + return execute_test_large_message(TLS_server_method(), TLS_client_method(), + 0); +} + +static int test_large_message_tls_read_ahead(void) +{ + return execute_test_large_message(TLS_server_method(), TLS_client_method(), + 1); } #ifndef OPENSSL_NO_DTLS static int test_large_message_dtls(void) { + /* + * read_ahead is not relevant to DTLS because DTLS always acts as if + * read_ahead is set. + */ return execute_test_large_message(DTLS_server_method(), - DTLS_client_method()); + DTLS_client_method(), 0); } #endif @@ -867,6 +886,7 @@ int main(int argc, char *argv[]) CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON); ADD_TEST(test_large_message_tls); + ADD_TEST(test_large_message_tls_read_ahead); #ifndef OPENSSL_NO_DTLS ADD_TEST(test_large_message_dtls); #endif From matt at openssl.org Wed Nov 2 17:06:46 2016 From: matt at openssl.org (Matt Caswell) Date: Wed, 02 Nov 2016 17:06:46 +0000 Subject: [openssl-commits] [openssl] OpenSSL_1_0_2-stable update Message-ID: <1478106406.560950.22684.nullmailer@dev.openssl.org> The branch OpenSSL_1_0_2-stable has been updated via ad69a30323cbc6723c2387d6ce546a51b10c42d0 (commit) from ba2bf831c0f0b3468acbd433957f4c46c20cf43d (commit) - Log ----------------------------------------------------------------- commit ad69a30323cbc6723c2387d6ce546a51b10c42d0 Author: Matt Caswell Date: Wed Nov 2 15:36:06 2016 +0000 Fix heartbeat_test The heartbeat_test reaches into the internals of libssl and calls some internal functions. It then checks the return value to check its what it expected. However commit fa4c37457 changed the return value of these internal functions, and now the test is failing. The solution is to update the test to look for the new return value. Reviewed-by: Richard Levitte ----------------------------------------------------------------------- Summary of changes: ssl/heartbeat_test.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/ssl/heartbeat_test.c b/ssl/heartbeat_test.c index 7623c36..493bf0c 100644 --- a/ssl/heartbeat_test.c +++ b/ssl/heartbeat_test.c @@ -278,7 +278,7 @@ static int test_dtls1_not_bleeding() fixture.payload = &payload_buf[0]; fixture.sent_payload_len = payload_buf_len; - fixture.expected_return_value = 0; + fixture.expected_return_value = -1; fixture.expected_payload_len = payload_buf_len; fixture.expected_return_payload = "Not bleeding, sixteen spaces of padding"; @@ -301,7 +301,7 @@ static int test_dtls1_not_bleeding_empty_payload() fixture.payload = &payload_buf[0]; fixture.sent_payload_len = payload_buf_len; - fixture.expected_return_value = 0; + fixture.expected_return_value = -1; fixture.expected_payload_len = payload_buf_len; fixture.expected_return_payload = ""; EXECUTE_HEARTBEAT_TEST(); @@ -370,7 +370,7 @@ static int test_tls1_not_bleeding() fixture.payload = &payload_buf[0]; fixture.sent_payload_len = payload_buf_len; - fixture.expected_return_value = 0; + fixture.expected_return_value = -1; fixture.expected_payload_len = payload_buf_len; fixture.expected_return_payload = "Not bleeding, sixteen spaces of padding"; @@ -393,7 +393,7 @@ static int test_tls1_not_bleeding_empty_payload() fixture.payload = &payload_buf[0]; fixture.sent_payload_len = payload_buf_len; - fixture.expected_return_value = 0; + fixture.expected_return_value = -1; fixture.expected_payload_len = payload_buf_len; fixture.expected_return_payload = ""; EXECUTE_HEARTBEAT_TEST(); From rsalz at openssl.org Wed Nov 2 17:10:45 2016 From: rsalz at openssl.org (Rich Salz) Date: Wed, 02 Nov 2016 17:10:45 +0000 Subject: [openssl-commits] [openssl] master update Message-ID: <1478106645.030878.25143.nullmailer@dev.openssl.org> The branch master has been updated via fe2582a224e35585274198ef2d2983f3afa84f1e (commit) from 7856332e8c14fd1da1811a9d0afde243dd0f4669 (commit) - Log ----------------------------------------------------------------- commit fe2582a224e35585274198ef2d2983f3afa84f1e Author: Sergey Bronnikov Date: Fri Oct 28 22:52:50 2016 +0400 Fix link to LibFuzzer CLA: trivial Reviewed-by: Kurt Roeckx Reviewed-by: Rich Salz (Merged from https://github.com/openssl/openssl/pull/1801) ----------------------------------------------------------------------- Summary of changes: fuzz/README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/fuzz/README.md b/fuzz/README.md index 138af0d..c5a1ba9 100644 --- a/fuzz/README.md +++ b/fuzz/README.md @@ -3,7 +3,7 @@ LibFuzzer ========= -Or, how to fuzz OpenSSL with [libfuzzer](llvm.org/docs/LibFuzzer.html). +Or, how to fuzz OpenSSL with [libfuzzer](http://llvm.org/docs/LibFuzzer.html). Starting from a vanilla+OpenSSH server Ubuntu install. From rsalz at openssl.org Wed Nov 2 17:11:20 2016 From: rsalz at openssl.org (Rich Salz) Date: Wed, 02 Nov 2016 17:11:20 +0000 Subject: [openssl-commits] [openssl] OpenSSL_1_1_0-stable update Message-ID: <1478106680.677797.25977.nullmailer@dev.openssl.org> The branch OpenSSL_1_1_0-stable has been updated via 0d72c6c66f13d42ddf9766989a3a333e77314bd0 (commit) from 3f99bfed678b09110fda82bc6896fd45eb0b376c (commit) - Log ----------------------------------------------------------------- commit 0d72c6c66f13d42ddf9766989a3a333e77314bd0 Author: Sergey Bronnikov Date: Fri Oct 28 22:52:50 2016 +0400 Fix link to LibFuzzer CLA: trivial Reviewed-by: Kurt Roeckx Reviewed-by: Rich Salz (Merged from https://github.com/openssl/openssl/pull/1801) (cherry picked from commit fe2582a224e35585274198ef2d2983f3afa84f1e) ----------------------------------------------------------------------- Summary of changes: fuzz/README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/fuzz/README.md b/fuzz/README.md index 138af0d..c5a1ba9 100644 --- a/fuzz/README.md +++ b/fuzz/README.md @@ -3,7 +3,7 @@ LibFuzzer ========= -Or, how to fuzz OpenSSL with [libfuzzer](llvm.org/docs/LibFuzzer.html). +Or, how to fuzz OpenSSL with [libfuzzer](http://llvm.org/docs/LibFuzzer.html). Starting from a vanilla+OpenSSH server Ubuntu install. From levitte at openssl.org Wed Nov 2 17:14:08 2016 From: levitte at openssl.org (Richard Levitte) Date: Wed, 02 Nov 2016 17:14:08 +0000 Subject: [openssl-commits] [openssl] master update Message-ID: <1478106848.983517.27678.nullmailer@dev.openssl.org> The branch master has been updated via 2c4a3f938ca378d2017275d299f02512b232ceaf (commit) from fe2582a224e35585274198ef2d2983f3afa84f1e (commit) - Log ----------------------------------------------------------------- commit 2c4a3f938ca378d2017275d299f02512b232ceaf Author: Richard Levitte Date: Tue Nov 1 15:03:38 2016 +0100 Test recipes: remove duplicate OpenSSL::Test usage Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/1815) ----------------------------------------------------------------------- Summary of changes: test/recipes/70-test_asyncio.t | 1 - test/recipes/80-test_dtls.t | 1 - test/recipes/90-test_sslapi.t | 1 - 3 files changed, 3 deletions(-) diff --git a/test/recipes/70-test_asyncio.t b/test/recipes/70-test_asyncio.t index c26f757..3c15c3d 100644 --- a/test/recipes/70-test_asyncio.t +++ b/test/recipes/70-test_asyncio.t @@ -7,7 +7,6 @@ # https://www.openssl.org/source/license.html -use OpenSSL::Test; use OpenSSL::Test::Utils; use OpenSSL::Test qw/:DEFAULT srctop_file/; diff --git a/test/recipes/80-test_dtls.t b/test/recipes/80-test_dtls.t index 008c817..f4a2dc0 100644 --- a/test/recipes/80-test_dtls.t +++ b/test/recipes/80-test_dtls.t @@ -6,7 +6,6 @@ # in the file LICENSE in the source distribution or at # https://www.openssl.org/source/license.html -use OpenSSL::Test; use OpenSSL::Test::Utils; use OpenSSL::Test qw/:DEFAULT srctop_file/; diff --git a/test/recipes/90-test_sslapi.t b/test/recipes/90-test_sslapi.t index ec525a1..efaae3b 100644 --- a/test/recipes/90-test_sslapi.t +++ b/test/recipes/90-test_sslapi.t @@ -7,7 +7,6 @@ # https://www.openssl.org/source/license.html -use OpenSSL::Test; use OpenSSL::Test::Utils; use OpenSSL::Test qw/:DEFAULT srctop_file/; From levitte at openssl.org Wed Nov 2 17:14:54 2016 From: levitte at openssl.org (Richard Levitte) Date: Wed, 02 Nov 2016 17:14:54 +0000 Subject: [openssl-commits] [openssl] OpenSSL_1_1_0-stable update Message-ID: <1478106894.632709.28656.nullmailer@dev.openssl.org> The branch OpenSSL_1_1_0-stable has been updated via bfca0515b6977cba7b50215fc6d7d88250c9ca38 (commit) from 0d72c6c66f13d42ddf9766989a3a333e77314bd0 (commit) - Log ----------------------------------------------------------------- commit bfca0515b6977cba7b50215fc6d7d88250c9ca38 Author: Richard Levitte Date: Tue Nov 1 15:03:38 2016 +0100 Test recipes: remove duplicate OpenSSL::Test usage Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/1815) (cherry picked from commit 2c4a3f938ca378d2017275d299f02512b232ceaf) ----------------------------------------------------------------------- Summary of changes: test/recipes/70-test_asyncio.t | 1 - test/recipes/80-test_dtls.t | 1 - test/recipes/90-test_sslapi.t | 1 - 3 files changed, 3 deletions(-) diff --git a/test/recipes/70-test_asyncio.t b/test/recipes/70-test_asyncio.t index c26f757..3c15c3d 100644 --- a/test/recipes/70-test_asyncio.t +++ b/test/recipes/70-test_asyncio.t @@ -7,7 +7,6 @@ # https://www.openssl.org/source/license.html -use OpenSSL::Test; use OpenSSL::Test::Utils; use OpenSSL::Test qw/:DEFAULT srctop_file/; diff --git a/test/recipes/80-test_dtls.t b/test/recipes/80-test_dtls.t index 008c817..f4a2dc0 100644 --- a/test/recipes/80-test_dtls.t +++ b/test/recipes/80-test_dtls.t @@ -6,7 +6,6 @@ # in the file LICENSE in the source distribution or at # https://www.openssl.org/source/license.html -use OpenSSL::Test; use OpenSSL::Test::Utils; use OpenSSL::Test qw/:DEFAULT srctop_file/; diff --git a/test/recipes/90-test_sslapi.t b/test/recipes/90-test_sslapi.t index ec525a1..efaae3b 100644 --- a/test/recipes/90-test_sslapi.t +++ b/test/recipes/90-test_sslapi.t @@ -7,7 +7,6 @@ # https://www.openssl.org/source/license.html -use OpenSSL::Test; use OpenSSL::Test::Utils; use OpenSSL::Test qw/:DEFAULT srctop_file/; From matt at openssl.org Wed Nov 2 23:31:51 2016 From: matt at openssl.org (Matt Caswell) Date: Wed, 02 Nov 2016 23:31:51 +0000 Subject: [openssl-commits] [openssl] master update Message-ID: <1478129511.172733.18236.nullmailer@dev.openssl.org> The branch master has been updated via ce95f3b724f71f42dd57af4a0a8e2f571deaf94d (commit) via 1f3e70a450364e3152973380ea4d3bb6694f3980 (commit) via 436a2a0179416d2cc22b678b63e50c2638384d5f (commit) from 2c4a3f938ca378d2017275d299f02512b232ceaf (commit) - Log ----------------------------------------------------------------- commit ce95f3b724f71f42dd57af4a0a8e2f571deaf94d Author: Matt Caswell Date: Wed Nov 2 22:23:16 2016 +0000 Add a CHANGES entry for the unrecognised record type change Reviewed-by: Tim Hudson commit 1f3e70a450364e3152973380ea4d3bb6694f3980 Author: Matt Caswell Date: Wed Nov 2 09:41:37 2016 +0000 Add a test for unrecognised record types We should fail if we receive an unrecognised record type Reviewed-by: Tim Hudson commit 436a2a0179416d2cc22b678b63e50c2638384d5f Author: Matt Caswell Date: Wed Nov 2 09:14:51 2016 +0000 Fail if an unrecognised record type is received TLS1.0 and TLS1.1 say you SHOULD ignore unrecognised record types, but TLS 1.2 says you MUST send an unexpected message alert. We swap to the TLS 1.2 behaviour for all protocol versions to prevent issues where no progress is being made and the peer continually sends unrecognised record types, using up resources processing them. Issue reported by ??? Reviewed-by: Tim Hudson ----------------------------------------------------------------------- Summary of changes: CHANGES | 6 ++++- ssl/record/rec_layer_s3.c | 12 ++++------ test/recipes/70-test_sslrecords.t | 48 ++++++++++++++++++++++++++++++++++++++- util/TLSProxy/Record.pm | 6 +++-- 4 files changed, 61 insertions(+), 11 deletions(-) diff --git a/CHANGES b/CHANGES index dfff36f..ba661db 100644 --- a/CHANGES +++ b/CHANGES @@ -4,7 +4,11 @@ Changes between 1.1.0a and 1.1.1 [xx XXX xxxx] - *) + *) OpenSSL now fails if it receives an unrecognised record type in TLS1.0 + or TLS1.1. Previously this only happened in SSLv3 and TLS1.2. This is to + prevent issues where no progress is being made and the peer continually + sends unrecognised record types, using up resources processing them. + [Matt Caswell] *) 'openssl passwd' can now produce SHA256 and SHA512 based output, using the algorithm defined in diff --git a/ssl/record/rec_layer_s3.c b/ssl/record/rec_layer_s3.c index 4535f89..28de7c3 100644 --- a/ssl/record/rec_layer_s3.c +++ b/ssl/record/rec_layer_s3.c @@ -1463,14 +1463,12 @@ int ssl3_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf, switch (SSL3_RECORD_get_type(rr)) { default: /* - * TLS up to v1.1 just ignores unknown message types: TLS v1.2 give - * an unexpected message alert. + * TLS 1.0 and 1.1 say you SHOULD ignore unrecognised record types, but + * TLS 1.2 says you MUST send an unexpected message alert. We use the + * TLS 1.2 behaviour for all protocol versions to prevent issues where + * no progress is being made and the peer continually sends unrecognised + * record types, using up resources processing them. */ - if (s->version >= TLS1_VERSION && s->version <= TLS1_1_VERSION) { - SSL3_RECORD_set_length(rr, 0); - SSL3_RECORD_set_read(rr); - goto start; - } al = SSL_AD_UNEXPECTED_MESSAGE; SSLerr(SSL_F_SSL3_READ_BYTES, SSL_R_UNEXPECTED_RECORD); goto f_err; diff --git a/test/recipes/70-test_sslrecords.t b/test/recipes/70-test_sslrecords.t index fc9b59f..b282dbd 100644 --- a/test/recipes/70-test_sslrecords.t +++ b/test/recipes/70-test_sslrecords.t @@ -39,7 +39,11 @@ my $content_type = TLSProxy::Record::RT_APPLICATION_DATA; my $inject_recs_num = 1; $proxy->serverflags("-tls1_2"); $proxy->start() or plan skip_all => "Unable to start up Proxy for tests"; -plan tests => 9; +my $num_tests = 10; +if (!disabled("tls1_1")) { + $num_tests++; +} +plan tests => $num_tests; ok(TLSProxy::Message->fail(), "Out of context empty records test"); #Test 2: Injecting in context empty records should succeed @@ -116,6 +120,23 @@ $proxy->clear(); $proxy->serverflags("-tls1_2"); $proxy->start(); ok(TLSProxy::Message->fail(), "Alert before SSLv2 ClientHello test"); + +#Unregcognised record type tests + +#Test 10: Sending an unrecognised record type in TLS1.2 should fail +$proxy->clear(); +$proxy->filter(\&add_unknown_record_type); +$proxy->start(); +ok(TLSProxy::Message->fail(), "Unrecognised record type in TLS1.2"); + +#Test 11: Sending an unrecognised record type in TLS1.1 should fail +if (!disabled("tls1_1")) { + $proxy->clear(); + $proxy->clientflags("-tls1_1"); + $proxy->start(); + ok(TLSProxy::Message->fail(), "Unrecognised record type in TLS1.1"); +} + sub add_empty_recs_filter { my $proxy = shift; @@ -342,3 +363,28 @@ sub add_sslv2_filter } } + +sub add_unknown_record_type +{ + my $proxy = shift; + + # We'll change a record after the initial version neg has taken place + if ($proxy->flight != 2) { + return; + } + + my $lastrec = ${$proxy->record_list}[-1]; + my $record = TLSProxy::Record->new( + 2, + TLSProxy::Record::RT_UNKNOWN, + $lastrec->version(), + 1, + 0, + 1, + 1, + "X", + "X" + ); + + unshift @{$proxy->record_list}, $record; +} diff --git a/util/TLSProxy/Record.pm b/util/TLSProxy/Record.pm index 93a3a4b..106fa74 100644 --- a/util/TLSProxy/Record.pm +++ b/util/TLSProxy/Record.pm @@ -22,14 +22,16 @@ use constant { RT_APPLICATION_DATA => 23, RT_HANDSHAKE => 22, RT_ALERT => 21, - RT_CCS => 20 + RT_CCS => 20, + RT_UNKNOWN => 100 }; my %record_type = ( RT_APPLICATION_DATA, "APPLICATION DATA", RT_HANDSHAKE, "HANDSHAKE", RT_ALERT, "ALERT", - RT_CCS, "CCS" + RT_CCS, "CCS", + RT_UNKNOWN, "UNKNOWN" ); use constant { From matt at openssl.org Wed Nov 2 23:32:07 2016 From: matt at openssl.org (Matt Caswell) Date: Wed, 02 Nov 2016 23:32:07 +0000 Subject: [openssl-commits] [openssl] OpenSSL_1_1_0-stable update Message-ID: <1478129527.318673.19044.nullmailer@dev.openssl.org> The branch OpenSSL_1_1_0-stable has been updated via 717f4026d593119cf493b3c1e045462c540f4cb3 (commit) via e4815a0bd2bcb00abea63f651284100028e3436c (commit) via 77cd04bd27397161faa4ad0b211727bfd97e6a67 (commit) from bfca0515b6977cba7b50215fc6d7d88250c9ca38 (commit) - Log ----------------------------------------------------------------- commit 717f4026d593119cf493b3c1e045462c540f4cb3 Author: Matt Caswell Date: Wed Nov 2 22:23:16 2016 +0000 Add a CHANGES entry for the unrecognised record type change Reviewed-by: Tim Hudson (cherry picked from commit ce95f3b724f71f42dd57af4a0a8e2f571deaf94d) commit e4815a0bd2bcb00abea63f651284100028e3436c Author: Matt Caswell Date: Wed Nov 2 09:41:37 2016 +0000 Add a test for unrecognised record types We should fail if we receive an unrecognised record type Reviewed-by: Tim Hudson (cherry picked from commit 1f3e70a450364e3152973380ea4d3bb6694f3980) commit 77cd04bd27397161faa4ad0b211727bfd97e6a67 Author: Matt Caswell Date: Wed Nov 2 09:14:51 2016 +0000 Fail if an unrecognised record type is received TLS1.0 and TLS1.1 say you SHOULD ignore unrecognised record types, but TLS 1.2 says you MUST send an unexpected message alert. We swap to the TLS 1.2 behaviour for all protocol versions to prevent issues where no progress is being made and the peer continually sends unrecognised record types, using up resources processing them. Issue reported by ??? Reviewed-by: Tim Hudson (cherry picked from commit 436a2a0179416d2cc22b678b63e50c2638384d5f) ----------------------------------------------------------------------- Summary of changes: CHANGES | 6 ++++- ssl/record/rec_layer_s3.c | 12 ++++------ test/recipes/70-test_sslrecords.t | 48 ++++++++++++++++++++++++++++++++++++++- util/TLSProxy/Record.pm | 6 +++-- 4 files changed, 61 insertions(+), 11 deletions(-) diff --git a/CHANGES b/CHANGES index 9fc2b99..b04cf9c 100644 --- a/CHANGES +++ b/CHANGES @@ -4,7 +4,11 @@ Changes between 1.1.0b and 1.1.0c [xx XXX xxxx] - *) + *) OpenSSL now fails if it receives an unrecognised record type in TLS1.0 + or TLS1.1. Previously this only happened in SSLv3 and TLS1.2. This is to + prevent issues where no progress is being made and the peer continually + sends unrecognised record types, using up resources processing them. + [Matt Caswell] *) Removed automatic addition of RPATH in shared libraries and executables, as this was a remainder from OpenSSL 1.0.x and isn't needed any more. diff --git a/ssl/record/rec_layer_s3.c b/ssl/record/rec_layer_s3.c index 4535f89..28de7c3 100644 --- a/ssl/record/rec_layer_s3.c +++ b/ssl/record/rec_layer_s3.c @@ -1463,14 +1463,12 @@ int ssl3_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf, switch (SSL3_RECORD_get_type(rr)) { default: /* - * TLS up to v1.1 just ignores unknown message types: TLS v1.2 give - * an unexpected message alert. + * TLS 1.0 and 1.1 say you SHOULD ignore unrecognised record types, but + * TLS 1.2 says you MUST send an unexpected message alert. We use the + * TLS 1.2 behaviour for all protocol versions to prevent issues where + * no progress is being made and the peer continually sends unrecognised + * record types, using up resources processing them. */ - if (s->version >= TLS1_VERSION && s->version <= TLS1_1_VERSION) { - SSL3_RECORD_set_length(rr, 0); - SSL3_RECORD_set_read(rr); - goto start; - } al = SSL_AD_UNEXPECTED_MESSAGE; SSLerr(SSL_F_SSL3_READ_BYTES, SSL_R_UNEXPECTED_RECORD); goto f_err; diff --git a/test/recipes/70-test_sslrecords.t b/test/recipes/70-test_sslrecords.t index d1c8d3a..d3702f2 100644 --- a/test/recipes/70-test_sslrecords.t +++ b/test/recipes/70-test_sslrecords.t @@ -38,7 +38,11 @@ my $proxy = TLSProxy::Proxy->new( my $content_type = TLSProxy::Record::RT_APPLICATION_DATA; my $inject_recs_num = 1; $proxy->start() or plan skip_all => "Unable to start up Proxy for tests"; -plan tests => 9; +my $num_tests = 10; +if (!disabled("tls1_1")) { + $num_tests++; +} +plan tests => $num_tests; ok(TLSProxy::Message->fail(), "Out of context empty records test"); #Test 2: Injecting in context empty records should succeed @@ -107,6 +111,23 @@ $sslv2testtype = ALERT_BEFORE_SSLV2; $proxy->clear(); $proxy->start(); ok(TLSProxy::Message->fail(), "Alert before SSLv2 ClientHello test"); + +#Unregcognised record type tests + +#Test 10: Sending an unrecognised record type in TLS1.2 should fail +$proxy->clear(); +$proxy->filter(\&add_unknown_record_type); +$proxy->start(); +ok(TLSProxy::Message->fail(), "Unrecognised record type in TLS1.2"); + +#Test 11: Sending an unrecognised record type in TLS1.1 should fail +if (!disabled("tls1_1")) { + $proxy->clear(); + $proxy->clientflags("-tls1_1"); + $proxy->start(); + ok(TLSProxy::Message->fail(), "Unrecognised record type in TLS1.1"); +} + sub add_empty_recs_filter { my $proxy = shift; @@ -333,3 +354,28 @@ sub add_sslv2_filter } } + +sub add_unknown_record_type +{ + my $proxy = shift; + + # We'll change a record after the initial version neg has taken place + if ($proxy->flight != 2) { + return; + } + + my $lastrec = ${$proxy->record_list}[-1]; + my $record = TLSProxy::Record->new( + 2, + TLSProxy::Record::RT_UNKNOWN, + $lastrec->version(), + 1, + 0, + 1, + 1, + "X", + "X" + ); + + unshift @{$proxy->record_list}, $record; +} diff --git a/util/TLSProxy/Record.pm b/util/TLSProxy/Record.pm index 423bad3..a75d8cd 100644 --- a/util/TLSProxy/Record.pm +++ b/util/TLSProxy/Record.pm @@ -22,14 +22,16 @@ use constant { RT_APPLICATION_DATA => 23, RT_HANDSHAKE => 22, RT_ALERT => 21, - RT_CCS => 20 + RT_CCS => 20, + RT_UNKNOWN => 100 }; my %record_type = ( RT_APPLICATION_DATA, "APPLICATION DATA", RT_HANDSHAKE, "HANDSHAKE", RT_ALERT, "ALERT", - RT_CCS, "CCS" + RT_CCS, "CCS", + RT_UNKNOWN, "UNKNOWN" ); use constant { From matt at openssl.org Wed Nov 2 23:32:22 2016 From: matt at openssl.org (Matt Caswell) Date: Wed, 02 Nov 2016 23:32:22 +0000 Subject: [openssl-commits] [openssl] OpenSSL_1_0_2-stable update Message-ID: <1478129542.391433.19895.nullmailer@dev.openssl.org> The branch OpenSSL_1_0_2-stable has been updated via 563a34e18eb34f86fb26944724d4aa21ebaea850 (commit) via f1185392189641014dca94f3fe7834bccb5f4c16 (commit) from ad69a30323cbc6723c2387d6ce546a51b10c42d0 (commit) - Log ----------------------------------------------------------------- commit 563a34e18eb34f86fb26944724d4aa21ebaea850 Author: Matt Caswell Date: Wed Nov 2 22:27:22 2016 +0000 Add a CHANGES entry for the unrecognised record type change Reviewed-by: Tim Hudson commit f1185392189641014dca94f3fe7834bccb5f4c16 Author: Matt Caswell Date: Wed Nov 2 22:26:17 2016 +0000 Fail if an unrecognised record type is received TLS1.0 and TLS1.1 say you SHOULD ignore unrecognised record types, but TLS 1.2 says you MUST send an unexpected message alert. We swap to the TLS 1.2 behaviour for all protocol versions to prevent issues where no progress is being made and the peer continually sends unrecognised record types, using up resources processing them. Issue reported by ??? Reviewed-by: Tim Hudson ----------------------------------------------------------------------- Summary of changes: CHANGES | 6 +++++- ssl/s3_pkt.c | 13 +++++-------- 2 files changed, 10 insertions(+), 9 deletions(-) diff --git a/CHANGES b/CHANGES index 009b7ef..1fbe3b3 100644 --- a/CHANGES +++ b/CHANGES @@ -4,7 +4,11 @@ Changes between 1.0.2j and 1.0.2k [xx XXX xxxx] - *) + *) OpenSSL now fails if it receives an unrecognised record type in TLS1.0 + or TLS1.1. Previously this only happened in SSLv3 and TLS1.2. This is to + prevent issues where no progress is being made and the peer continually + sends unrecognised record types, using up resources processing them. + [Matt Caswell] Changes between 1.0.2i and 1.0.2j [26 Sep 2016] diff --git a/ssl/s3_pkt.c b/ssl/s3_pkt.c index 7e3a7b4..cb74d46 100644 --- a/ssl/s3_pkt.c +++ b/ssl/s3_pkt.c @@ -1605,16 +1605,13 @@ int ssl3_read_bytes(SSL *s, int type, unsigned char *buf, int len, int peek) switch (rr->type) { default: -#ifndef OPENSSL_NO_TLS /* - * TLS up to v1.1 just ignores unknown message types: TLS v1.2 give - * an unexpected message alert. + * TLS 1.0 and 1.1 say you SHOULD ignore unrecognised record types, but + * TLS 1.2 says you MUST send an unexpected message alert. We use the + * TLS 1.2 behaviour for all protocol versions to prevent issues where + * no progress is being made and the peer continually sends unrecognised + * record types, using up resources processing them. */ - if (s->version >= TLS1_VERSION && s->version <= TLS1_1_VERSION) { - rr->length = 0; - goto start; - } -#endif al = SSL_AD_UNEXPECTED_MESSAGE; SSLerr(SSL_F_SSL3_READ_BYTES, SSL_R_UNEXPECTED_RECORD); goto f_err; From matt at openssl.org Wed Nov 2 23:40:17 2016 From: matt at openssl.org (Matt Caswell) Date: Wed, 02 Nov 2016 23:40:17 +0000 Subject: [openssl-commits] [openssl] master update Message-ID: <1478130017.068227.23858.nullmailer@dev.openssl.org> The branch master has been updated via 2b59d1beaad43d9cf8eb916a437db63bc8ce1d3a (commit) via b6d5ba1a9f004d637acac18ae3519fe063b6b5e1 (commit) via b987d748e46d4ec19a45e5ec9e890a9003a361d6 (commit) via 5836780f436e03be231ff245f04f2f9f2f0ede91 (commit) via b39eda7ee69a9277c722f8789736e00dc680cda6 (commit) via cb6ea61c161e88aa0268c77f308469a67b2ec063 (commit) from ce95f3b724f71f42dd57af4a0a8e2f571deaf94d (commit) - Log ----------------------------------------------------------------- commit 2b59d1beaad43d9cf8eb916a437db63bc8ce1d3a Author: Matt Caswell Date: Fri Oct 28 11:03:22 2016 +0100 Implement GET_MODULE_HANDLE_EX_FLAG_PIN for windows Rather than leaking a reference, just call GetModuleHandleEx and pin the module on Windows. Reviewed-by: Tim Hudson commit b6d5ba1a9f004d637acac18ae3519fe063b6b5e1 Author: Matt Caswell Date: Tue Oct 18 15:11:57 2016 +0100 Link using -znodelete Instead of deliberately leaking a reference to ourselves, use nodelete which does this more neatly. Only for Linux at the moment. Reviewed-by: Tim Hudson commit b987d748e46d4ec19a45e5ec9e890a9003a361d6 Author: Matt Caswell Date: Tue Oct 18 14:16:35 2016 +0100 Add a test to dynamically load and unload the libraries This should demonstrate that the atexit() handling is working properly (or at least not crashing) on process exit. Reviewed-by: Tim Hudson commit 5836780f436e03be231ff245f04f2f9f2f0ede91 Author: Matt Caswell Date: Tue Oct 18 14:13:25 2016 +0100 Ensure that libcrypto and libssl do not unload until the process exits Because we use atexit() to cleanup after ourselves, this will cause a problem if we have been dynamically loaded and then unloaded again: the atexit() handler may no longer be there. Most modern atexit() implementations can handle this, however there are still difficulties if libssl gets unloaded before libcrypto, because of the atexit() callback that libcrypto makes to libssl. The most robust solution seems to be to ensure that libcrypto and libssl never unload. This is done by simply deliberately leaking a dlopen() reference to them. Reviewed-by: Tim Hudson commit b39eda7ee69a9277c722f8789736e00dc680cda6 Author: Matt Caswell Date: Sat Oct 15 16:01:40 2016 +0100 Add a DSO_dsobyaddr() function This works the same way as DSO_pathbyaddr() but instead returns a ptr to the DSO that contains the provided symbol. Reviewed-by: Tim Hudson commit cb6ea61c161e88aa0268c77f308469a67b2ec063 Author: Matt Caswell Date: Sat Oct 15 15:23:03 2016 +0100 Partial revert of 3d8b2ec42 to add back DSO_pathbyaddr Commit 3d8b2ec42 removed various unused functions. However now we need to use one of them! This commit resurrects DSO_pathbyaddr(). We're not going to resurrect the Windows version though because what we need to achieve can be done a different way on Windows. Reviewed-by: Tim Hudson ----------------------------------------------------------------------- Summary of changes: Configurations/10-main.conf | 25 ++-- crypto/dso/dso_dl.c | 34 ++++++ crypto/dso/dso_dlfcn.c | 34 ++++++ crypto/dso/dso_err.c | 2 + crypto/dso/dso_lib.c | 35 +++++- crypto/dso/dso_locl.h | 2 + crypto/dso/dso_vms.c | 4 +- crypto/dso/dso_win32.c | 1 + crypto/init.c | 70 +++++++++++ include/internal/dso.h | 24 ++++ test/build.info | 6 + test/recipes/90-test_shlibload.t | 37 ++++++ test/shlibloadtest.c | 243 +++++++++++++++++++++++++++++++++++++++ util/libcrypto.num | 2 + 14 files changed, 503 insertions(+), 16 deletions(-) create mode 100644 test/recipes/90-test_shlibload.t create mode 100644 test/shlibloadtest.c diff --git a/Configurations/10-main.conf b/Configurations/10-main.conf index 9b4c78f..b77efbf 100644 --- a/Configurations/10-main.conf +++ b/Configurations/10-main.conf @@ -632,7 +632,8 @@ sub vms_info { thread_scheme => "pthreads", dso_scheme => "dlfcn", shared_target => "linux-shared", - shared_cflag => "-fPIC", + shared_cflag => "-fPIC -DOPENSSL_USE_NODELETE", + shared_ldflag => "-znodelete", shared_extension => ".so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", }, "linux-generic64" => { @@ -648,14 +649,14 @@ sub vms_info { inherit_from => [ "linux-generic64", asm("ppc64_asm") ], cflags => add("-m64 -DB_ENDIAN"), perlasm_scheme => "linux64", - shared_ldflag => "-m64", + shared_ldflag => add("-m64"), multilib => "64", }, "linux-ppc64le" => { inherit_from => [ "linux-generic64", asm("ppc64_asm") ], cflags => add("-m64 -DL_ENDIAN"), perlasm_scheme => "linux64le", - shared_ldflag => "-m64", + shared_ldflag => add("-m64"), }, "linux-armv4" => { @@ -711,7 +712,7 @@ sub vms_info { inherit_from => [ "linux-generic32", asm("mips32_asm") ], cflags => add("-mabi=32 -DBN_DIV3W"), perlasm_scheme => "o32", - shared_ldflag => "-mabi=32", + shared_ldflag => add("-mabi=32"), }, # mips32 and mips64 below refer to contemporary MIPS Architecture # specifications, MIPS32 and MIPS64, rather than to kernel bitness. @@ -720,14 +721,14 @@ sub vms_info { cflags => add("-mabi=n32 -DBN_DIV3W"), bn_ops => "SIXTY_FOUR_BIT RC4_CHAR", perlasm_scheme => "n32", - shared_ldflag => "-mabi=n32", + shared_ldflag => add("-mabi=n32"), multilib => "32", }, "linux64-mips64" => { inherit_from => [ "linux-generic64", asm("mips64_asm") ], cflags => add("-mabi=64 -DBN_DIV3W"), perlasm_scheme => "64", - shared_ldflag => "-mabi=64", + shared_ldflag => add("-mabi=64"), multilib => "64", }, @@ -754,7 +755,7 @@ sub vms_info { cflags => add("-m64 -DL_ENDIAN"), bn_ops => "SIXTY_FOUR_BIT_LONG", perlasm_scheme => "elf", - shared_ldflag => "-m64", + shared_ldflag => add("-m64"), multilib => "64", }, "linux-x86_64-clang" => { @@ -781,7 +782,7 @@ sub vms_info { inherit_from => [ "linux-generic64", asm("s390x_asm") ], cflags => add("-m64 -DB_ENDIAN"), perlasm_scheme => "64", - shared_ldflag => "-m64", + shared_ldflag => add("-m64"), multilib => "64", }, "linux32-s390x" => { @@ -805,7 +806,7 @@ sub vms_info { cflags => add("-m31 -Wa,-mzarch -DB_ENDIAN"), bn_asm_src => sub { my $r=join(" ", at _); $r=~s|asm/s390x\.S|bn_asm.c|; $r; }, perlasm_scheme => "31", - shared_ldflag => "-m31", + shared_ldflag => add("-m31"), multilib => "/highgprs", }, @@ -821,14 +822,14 @@ sub vms_info { # but -Wa,-Av8plus should do the trick no matter what. inherit_from => [ "linux-generic32", asm("sparcv9_asm") ], cflags => add("-m32 -mcpu=ultrasparc -Wa,-Av8plus -DB_ENDIAN -DBN_DIV2W"), - shared_ldflag => "-m32", + shared_ldflag => add("-m32"), }, "linux64-sparcv9" => { # GCC 3.1 is a requirement inherit_from => [ "linux-generic64", asm("sparcv9_asm") ], cflags => add("-m64 -mcpu=ultrasparc -DB_ENDIAN"), bn_ops => "BN_LLONG RC4_CHAR", - shared_ldflag => "-m64", + shared_ldflag => add("-m64"), multilib => "64", }, @@ -857,7 +858,7 @@ sub vms_info { dso_scheme => "dlfcn", shared_target => "linux-shared", shared_cflag => "--pic", - shared_ldflag => "-z --sysv --shared", + shared_ldflag => add("-z --sysv --shared"), shared_extension => ".so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", ranlib => "true", }, diff --git a/crypto/dso/dso_dl.c b/crypto/dso/dso_dl.c index bc29fb2..d80bf56 100644 --- a/crypto/dso/dso_dl.c +++ b/crypto/dso/dso_dl.c @@ -22,6 +22,7 @@ static DSO_FUNC_TYPE dl_bind_func(DSO *dso, const char *symname); static char *dl_name_converter(DSO *dso, const char *filename); static char *dl_merger(DSO *dso, const char *filespec1, const char *filespec2); +static int dl_pathbyaddr(void *addr, char *path, int sz); static void *dl_globallookup(const char *name); static DSO_METHOD dso_meth_dl = { @@ -34,6 +35,7 @@ static DSO_METHOD dso_meth_dl = { dl_merger, NULL, /* init */ NULL, /* finish */ + dl_pathbyaddr, dl_globallookup }; @@ -235,6 +237,38 @@ static char *dl_name_converter(DSO *dso, const char *filename) return (translated); } +static int dl_pathbyaddr(void *addr, char *path, int sz) +{ + struct shl_descriptor inf; + int i, len; + + if (addr == NULL) { + union { + int (*f) (void *, char *, int); + void *p; + } t = { + dl_pathbyaddr + }; + addr = t.p; + } + + for (i = -1; shl_get_r(i, &inf) == 0; i++) { + if (((size_t)addr >= inf.tstart && (size_t)addr < inf.tend) || + ((size_t)addr >= inf.dstart && (size_t)addr < inf.dend)) { + len = (int)strlen(inf.filename); + if (sz <= 0) + return len + 1; + if (len >= sz) + len = sz - 1; + memcpy(path, inf.filename, len); + path[len++] = 0; + return len; + } + } + + return -1; +} + static void *dl_globallookup(const char *name) { void *ret; diff --git a/crypto/dso/dso_dlfcn.c b/crypto/dso/dso_dlfcn.c index 624052b..a4b0cdd 100644 --- a/crypto/dso/dso_dlfcn.c +++ b/crypto/dso/dso_dlfcn.c @@ -44,6 +44,7 @@ static DSO_FUNC_TYPE dlfcn_bind_func(DSO *dso, const char *symname); static char *dlfcn_name_converter(DSO *dso, const char *filename); static char *dlfcn_merger(DSO *dso, const char *filespec1, const char *filespec2); +static int dlfcn_pathbyaddr(void *addr, char *path, int sz); static void *dlfcn_globallookup(const char *name); static DSO_METHOD dso_meth_dlfcn = { @@ -56,6 +57,7 @@ static DSO_METHOD dso_meth_dlfcn = { dlfcn_merger, NULL, /* init */ NULL, /* finish */ + dlfcn_pathbyaddr, dlfcn_globallookup }; @@ -306,6 +308,38 @@ static int dladdr(void *address, Dl_info *dl) } # endif /* __sgi */ +static int dlfcn_pathbyaddr(void *addr, char *path, int sz) +{ +# ifdef HAVE_DLINFO + Dl_info dli; + int len; + + if (addr == NULL) { + union { + int (*f) (void *, char *, int); + void *p; + } t = { + dlfcn_pathbyaddr + }; + addr = t.p; + } + + if (dladdr(addr, &dli)) { + len = (int)strlen(dli.dli_fname); + if (sz <= 0) + return len + 1; + if (len >= sz) + len = sz - 1; + memcpy(path, dli.dli_fname, len); + path[len++] = 0; + return len; + } + + ERR_add_error_data(2, "dlfcn_pathbyaddr(): ", dlerror()); +# endif + return -1; +} + static void *dlfcn_globallookup(const char *name) { void *ret = NULL, *handle = dlopen(NULL, RTLD_LAZY); diff --git a/crypto/dso/dso_err.c b/crypto/dso/dso_err.c index a180580..07588d5 100644 --- a/crypto/dso/dso_err.c +++ b/crypto/dso/dso_err.c @@ -38,6 +38,7 @@ static ERR_STRING_DATA DSO_str_functs[] = { {ERR_FUNC(DSO_F_DSO_LOAD), "DSO_load"}, {ERR_FUNC(DSO_F_DSO_MERGE), "DSO_merge"}, {ERR_FUNC(DSO_F_DSO_NEW_METHOD), "DSO_new_method"}, + {ERR_FUNC(DSO_F_DSO_PATHBYADDR), "DSO_pathbyaddr"}, {ERR_FUNC(DSO_F_DSO_SET_FILENAME), "DSO_set_filename"}, {ERR_FUNC(DSO_F_DSO_UP_REF), "DSO_up_ref"}, {ERR_FUNC(DSO_F_VMS_BIND_SYM), "vms_bind_sym"}, @@ -50,6 +51,7 @@ static ERR_STRING_DATA DSO_str_functs[] = { {ERR_FUNC(DSO_F_WIN32_LOAD), "win32_load"}, {ERR_FUNC(DSO_F_WIN32_MERGER), "win32_merger"}, {ERR_FUNC(DSO_F_WIN32_NAME_CONVERTER), "win32_name_converter"}, + {ERR_FUNC(DSO_F_WIN32_PATHBYADDR), "win32_pathbyaddr"}, {ERR_FUNC(DSO_F_WIN32_SPLITTER), "win32_splitter"}, {ERR_FUNC(DSO_F_WIN32_UNLOAD), "win32_unload"}, {0, NULL} diff --git a/crypto/dso/dso_lib.c b/crypto/dso/dso_lib.c index bea8776..52816df 100644 --- a/crypto/dso/dso_lib.c +++ b/crypto/dso/dso_lib.c @@ -73,9 +73,11 @@ int DSO_free(DSO *dso) return 1; REF_ASSERT_ISNT(i < 0); - if ((dso->meth->dso_unload != NULL) && !dso->meth->dso_unload(dso)) { - DSOerr(DSO_F_DSO_FREE, DSO_R_UNLOAD_FAILED); - return 0; + if ((dso->flags & DSO_FLAG_NO_UNLOAD_ON_FREE) == 0) { + if ((dso->meth->dso_unload != NULL) && !dso->meth->dso_unload(dso)) { + DSOerr(DSO_F_DSO_FREE, DSO_R_UNLOAD_FAILED); + return 0; + } } if ((dso->meth->finish != NULL) && !dso->meth->finish(dso)) { @@ -304,6 +306,33 @@ char *DSO_convert_filename(DSO *dso, const char *filename) return (result); } +int DSO_pathbyaddr(void *addr, char *path, int sz) +{ + DSO_METHOD *meth = default_DSO_meth; + if (meth == NULL) + meth = DSO_METHOD_openssl(); + if (meth->pathbyaddr == NULL) { + DSOerr(DSO_F_DSO_PATHBYADDR, DSO_R_UNSUPPORTED); + return -1; + } + return (*meth->pathbyaddr) (addr, path, sz); +} + +DSO *DSO_dsobyaddr(void *addr, int flags) +{ + DSO *ret = NULL; + char *filename = NULL; + int len = DSO_pathbyaddr(addr, NULL, 0); + + filename = OPENSSL_malloc(len); + if (filename != NULL + && DSO_pathbyaddr(addr, filename, len) == len) + ret = DSO_load(NULL, filename, NULL, flags); + + OPENSSL_free(filename); + return ret; +} + void *DSO_global_lookup(const char *name) { DSO_METHOD *meth = default_DSO_meth; diff --git a/crypto/dso/dso_locl.h b/crypto/dso/dso_locl.h index 1976787..fbfad05 100644 --- a/crypto/dso/dso_locl.h +++ b/crypto/dso/dso_locl.h @@ -99,6 +99,8 @@ struct dso_meth_st { /* [De]Initialisation handlers. */ int (*init) (DSO *dso); int (*finish) (DSO *dso); + /* Return pathname of the module containing location */ + int (*pathbyaddr) (void *addr, char *path, int sz); /* Perform global symbol lookup, i.e. among *all* modules */ void *(*globallookup) (const char *symname); }; diff --git a/crypto/dso/dso_vms.c b/crypto/dso/dso_vms.c index 2e0d84c..e3c157b 100644 --- a/crypto/dso/dso_vms.c +++ b/crypto/dso/dso_vms.c @@ -50,7 +50,9 @@ static DSO_METHOD dso_meth_vms = { vms_name_converter, vms_merger, NULL, /* init */ - NULL /* finish */ + NULL, /* finish */ + NULL, /* pathbyaddr */ + NULL /* globallookup */ }; /* diff --git a/crypto/dso/dso_win32.c b/crypto/dso/dso_win32.c index 4ac6e71..4a4c34a 100644 --- a/crypto/dso/dso_win32.c +++ b/crypto/dso/dso_win32.c @@ -77,6 +77,7 @@ static DSO_METHOD dso_meth_win32 = { win32_merger, NULL, /* init */ NULL, /* finish */ + NULL, /* pathbyaddr */ win32_globallookup }; diff --git a/crypto/init.c b/crypto/init.c index 93ec7bb..4363bee 100644 --- a/crypto/init.c +++ b/crypto/init.c @@ -23,6 +23,7 @@ #include #include #include +#include static int stopped = 0; @@ -79,6 +80,34 @@ DEFINE_RUN_ONCE_STATIC(ossl_init_base) return 0; OPENSSL_cpuid_setup(); base_inited = 1; + +#ifndef OPENSSL_USE_NODELETE +# ifdef DSO_WIN32 + { + HMODULE handle = NULL; + BOOL ret; + + /* We don't use the DSO route for WIN32 because there is a better way */ + ret = GetModuleHandleEx(GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS + | GET_MODULE_HANDLE_EX_FLAG_PIN, + (void *)&base_inited, &handle); + + return (ret == TRUE) ? 1 : 0; + } +# else + /* + * Deliberately leak a reference to ourselves. This will force the library + * to remain loaded until the atexit() handler is run a process exit. + */ + { + DSO *dso = NULL; + + dso = DSO_dsobyaddr(&base_inited, DSO_FLAG_NO_UNLOAD_ON_FREE); + DSO_free(dso); + } +# endif +#endif + return 1; } @@ -575,6 +604,47 @@ int OPENSSL_atexit(void (*handler)(void)) { OPENSSL_INIT_STOP *newhand; +#ifndef OPENSSL_USE_NODELETE + { + union { + void *sym; + void (*func)(void); + } handlersym; + + handlersym.func = handler; +# ifdef DSO_WIN32 + { + HMODULE handle = NULL; + BOOL ret; + + /* + * We don't use the DSO route for WIN32 because there is a better + * way + */ + ret = GetModuleHandleEx(GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS + | GET_MODULE_HANDLE_EX_FLAG_PIN, + handlersym.sym, &handle); + + if (!ret) + return 0; + } +# else + /* + * Deliberately leak a reference to the handler. This will force the + * library/code containing the handler to remain loaded until we run the + * atexit handler. If -znodelete has been used then this is + * unneccessary. + */ + { + DSO *dso = NULL; + + dso = DSO_dsobyaddr(handlersym.sym, DSO_FLAG_NO_UNLOAD_ON_FREE); + DSO_free(dso); + } +# endif + } +#endif + newhand = OPENSSL_malloc(sizeof(*newhand)); if (newhand == NULL) return 0; diff --git a/include/internal/dso.h b/include/internal/dso.h index 79d98f4..6acd501 100644 --- a/include/internal/dso.h +++ b/include/internal/dso.h @@ -43,6 +43,11 @@ extern "C" { # define DSO_FLAG_NAME_TRANSLATION_EXT_ONLY 0x02 /* + * Don't unload the DSO when we call DSO_free() + */ +# define DSO_FLAG_NO_UNLOAD_ON_FREE 0x04 + +/* * This flag loads the library with public symbols. Meaning: The exported * symbols of this library are public to all libraries loaded after this * library. At the moment only implemented in unix. @@ -131,6 +136,23 @@ DSO_FUNC_TYPE DSO_bind_func(DSO *dso, const char *symname); DSO_METHOD *DSO_METHOD_openssl(void); /* + * This function writes null-terminated pathname of DSO module containing + * 'addr' into 'sz' large caller-provided 'path' and returns the number of + * characters [including trailing zero] written to it. If 'sz' is 0 or + * negative, 'path' is ignored and required amount of charachers [including + * trailing zero] to accommodate pathname is returned. If 'addr' is NULL, then + * pathname of cryptolib itself is returned. Negative or zero return value + * denotes error. + */ +int DSO_pathbyaddr(void *addr, char *path, int sz); + +/* + * Like DSO_pathbyaddr() but instead returns a handle to the DSO for the symbol + * or NULL on error. + */ +DSO *DSO_dsobyaddr(void *addr, int flags); + +/* * This function should be used with caution! It looks up symbols in *all* * loaded modules and if module gets unloaded by somebody else attempt to * dereference the pointer is doomed to have fatal consequences. Primary @@ -171,6 +193,7 @@ int ERR_load_DSO_strings(void); # define DSO_F_DSO_LOAD 112 # define DSO_F_DSO_MERGE 132 # define DSO_F_DSO_NEW_METHOD 113 +# define DSO_F_DSO_PATHBYADDR 105 # define DSO_F_DSO_SET_FILENAME 129 # define DSO_F_DSO_UP_REF 114 # define DSO_F_VMS_BIND_SYM 115 @@ -183,6 +206,7 @@ int ERR_load_DSO_strings(void); # define DSO_F_WIN32_LOAD 120 # define DSO_F_WIN32_MERGER 134 # define DSO_F_WIN32_NAME_CONVERTER 125 +# define DSO_F_WIN32_PATHBYADDR 109 # define DSO_F_WIN32_SPLITTER 136 # define DSO_F_WIN32_UNLOAD 121 diff --git a/test/build.info b/test/build.info index 5246969..818d073 100644 --- a/test/build.info +++ b/test/build.info @@ -282,6 +282,12 @@ IF[{- !$disabled{tests} -}] DEPEND[dtls_mtu_test]=../libcrypto ../libssl ENDIF + IF[{- !disabled{shared} -}] + PROGRAMS_NO_INST=shlibloadtest + SOURCE[shlibloadtest]=shlibloadtest.c + INCLUDE[shlibloadtest]=../include + ENDIF + IF[{- $disabled{shared} -}] PROGRAMS_NO_INST=wpackettest cipher_overhead_test SOURCE[wpackettest]=wpackettest.c testutil.c diff --git a/test/recipes/90-test_shlibload.t b/test/recipes/90-test_shlibload.t new file mode 100644 index 0000000..dc35613 --- /dev/null +++ b/test/recipes/90-test_shlibload.t @@ -0,0 +1,37 @@ +#! /usr/bin/env perl +# Copyright 2016 The OpenSSL Project Authors. All Rights Reserved. +# +# Licensed under the OpenSSL license (the "License"). You may not use +# this file except in compliance with the License. You can obtain a copy +# in the file LICENSE in the source distribution or at +# https://www.openssl.org/source/license.html + + +use OpenSSL::Test qw/:DEFAULT bldtop_dir/; +use OpenSSL::Test::Utils; + +#Load configdata.pm + +BEGIN { + setup("test_shlibload"); +} +use lib bldtop_dir('.'); +use configdata; + +plan skip_all => "Test only supported in a shared build" if disabled("shared"); + +plan tests => 3; + +ok(run(test(["shlibloadtest", "-crypto_first", + $unified_info{sharednames}->{libcrypto}, + $unified_info{sharednames}->{libssl}])), + "running shlibloadtest -crypto_first"); +ok(run(test(["shlibloadtest", "-ssl_first", + $unified_info{sharednames}->{libcrypto}, + $unified_info{sharednames}->{libssl}])), + "running shlibloadtest -ssl_first"); +ok(run(test(["shlibloadtest", "-just_crypto", + $unified_info{sharednames}->{libcrypto}, + $unified_info{sharednames}->{libssl}])), + "running shlibloadtest -just_crypto"); + diff --git a/test/shlibloadtest.c b/test/shlibloadtest.c new file mode 100644 index 0000000..be1e784 --- /dev/null +++ b/test/shlibloadtest.c @@ -0,0 +1,243 @@ +/* + * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#include +#include +#include +#include + +#define SSL_CTX_NEW "SSL_CTX_new" +#define SSL_CTX_FREE "SSL_CTX_free" +#define TLS_METHOD "TLS_method" + +#define ERR_GET_ERROR "ERR_get_error" +#define OPENSSL_VERSION_NUM_FUNC "OpenSSL_version_num" + +typedef struct ssl_ctx_st SSL_CTX; +typedef struct ssl_method_st SSL_METHOD; +typedef const SSL_METHOD * (*TLS_method_t)(void); +typedef SSL_CTX * (*SSL_CTX_new_t)(const SSL_METHOD *meth); +typedef void (*SSL_CTX_free_t)(SSL_CTX *); + +typedef unsigned long (*ERR_get_error_t)(void); +typedef unsigned long (*OpenSSL_version_num_t)(void); + +TLS_method_t TLS_method; +SSL_CTX_new_t SSL_CTX_new; +SSL_CTX_free_t SSL_CTX_free; + +ERR_get_error_t ERR_get_error; +OpenSSL_version_num_t OpenSSL_version_num; + + +#ifdef DSO_DLFCN + +# include + +typedef void * SHLIB; +typedef void * SHLIB_SYM; + +# define SHARED_LIBRARY_SUFFIX ".so" + +static int shlib_load(char *filename, SHLIB *lib) +{ + char *tmpfile; + size_t filenamelen = strlen(filename); + + /* Total length = base filename len + suffix len + 1 for NULL terminator */ + tmpfile = malloc(filenamelen + sizeof(SHARED_LIBRARY_SUFFIX) + 1); + if (tmpfile == NULL) + return 0; + strcpy(tmpfile, filename); + strcpy(tmpfile + filenamelen, SHARED_LIBRARY_SUFFIX); + + *lib = dlopen(tmpfile, RTLD_GLOBAL | RTLD_LAZY); + free(tmpfile); + + if (*lib == NULL) + return 0; + + return 1; +} + +static int shlib_sym(SHLIB lib, const char *symname, SHLIB_SYM *sym) +{ + *sym = dlsym(lib, symname); + + return *sym != NULL; +} + +static int shlib_close(SHLIB lib) +{ + if (dlclose(lib) != 0) + return 0; + + return 1; +} + +#elif defined(DSO_WIN32) + +# include + +typedef HINSTANCE SHLIB; +typedef void * SHLIB_SYM; + +static int shlib_load(char *filename, SHLIB *lib) +{ + *lib = LoadLibraryA(filename); + if (*lib == NULL) + return 0; + + return 1; +} + +static int shlib_sym(SHLIB lib, const char *symname, SHLIB_SYM *sym) +{ + *sym = (SHLIB_SYM)GetProcAddress(lib, symname); + + return *sym != NULL; +} + +static int shlib_close(SHLIB lib) +{ + if (FreeLibrary(lib) == 0) + return 0; + + return 1; +} + +#endif + +/* The test is only currently implemented for DSO_DLFCN and DSO_WIN32 */ +#if defined(DSO_DLFCN) || defined(DSO_WIN32) + +# define CRYPTO_FIRST_OPT "-crypto_first" +# define SSL_FIRST_OPT "-ssl_first" +# define JUST_CRYPTO_OPT "-just_crypto" + +enum test_types_en { + CRYPTO_FIRST, + SSL_FIRST, + JUST_CRYPTO +}; + +int main(int argc, char **argv) +{ + SHLIB ssllib, cryptolib; + SSL_CTX *ctx; + union { + void (*func) (void); + SHLIB_SYM sym; + } tls_method_sym, ssl_ctx_new_sym, ssl_ctx_free_sym, err_get_error_sym, + openssl_version_num_sym; + enum test_types_en test_type; + int i; + + if (argc != 4) { + printf("Unexpected number of arguments\n"); + return 1; + } + + if (strcmp(argv[1], CRYPTO_FIRST_OPT) == 0) { + test_type = CRYPTO_FIRST; + } else if (strcmp(argv[1], SSL_FIRST_OPT) == 0) { + test_type = SSL_FIRST; + } else if (strcmp(argv[1], JUST_CRYPTO_OPT) == 0) { + test_type = JUST_CRYPTO; + } else { + printf("Unrecognised argument\n"); + return 1; + } + + for (i = 0; i < 2; i++) { + if ((i == 0 && (test_type == CRYPTO_FIRST + || test_type == JUST_CRYPTO)) + || (i == 1 && test_type == SSL_FIRST)) { + if (!shlib_load(argv[2], &cryptolib)) { + printf("Unable to load libcrypto\n"); + return 1; + } + } + if ((i == 0 && test_type == SSL_FIRST) + || (i == 1 && test_type == CRYPTO_FIRST)) { + if (!shlib_load(argv[3], &ssllib)) { + printf("Unable to load libssl\n"); + return 1; + } + } + } + + if (test_type != JUST_CRYPTO) { + if (!shlib_sym(ssllib, TLS_METHOD, &tls_method_sym.sym) + || !shlib_sym(ssllib, SSL_CTX_NEW, &ssl_ctx_new_sym.sym) + || !shlib_sym(ssllib, SSL_CTX_FREE, &ssl_ctx_free_sym.sym)) { + printf("Unable to load ssl symbols\n"); + return 1; + } + + TLS_method = (TLS_method_t)tls_method_sym.func; + SSL_CTX_new = (SSL_CTX_new_t)ssl_ctx_new_sym.func; + SSL_CTX_free = (SSL_CTX_free_t)ssl_ctx_free_sym.func; + + ctx = SSL_CTX_new(TLS_method()); + if (ctx == NULL) { + printf("Unable to create SSL_CTX\n"); + return 1; + } + SSL_CTX_free(ctx); + } + + if (!shlib_sym(cryptolib, ERR_GET_ERROR, &err_get_error_sym.sym) + || !shlib_sym(cryptolib, OPENSSL_VERSION_NUM_FUNC, + &openssl_version_num_sym.sym)) { + printf("Unable to load crypto symbols\n"); + return 1; + } + + ERR_get_error = (ERR_get_error_t)err_get_error_sym.func; + OpenSSL_version_num = (OpenSSL_version_num_t)openssl_version_num_sym.func; + + if (ERR_get_error() != 0) { + printf("Unexpected error in error queue\n"); + return 1; + } + + if (OpenSSL_version_num() != OPENSSL_VERSION_NUMBER) { + printf("Unexpected library version loaded\n"); + return 1; + } + + for (i = 0; i < 2; i++) { + if ((i == 0 && test_type == CRYPTO_FIRST) + || (i == 1 && test_type == SSL_FIRST)) { + if (!shlib_close(ssllib)) { + printf("Unable to close libssl\n"); + return 1; + } + } + if ((i == 0 && (test_type == SSL_FIRST + || test_type == JUST_CRYPTO)) + || (i == 1 && test_type == CRYPTO_FIRST)) { + if (!shlib_close(cryptolib)) { + printf("Unable to close libcrypto\n"); + return 1; + } + } + } + + printf("Success\n"); + return 0; +} +#else +int main(void) +{ + printf("Test not implemented on this platform\n"); + return 0; +} +#endif diff --git a/util/libcrypto.num b/util/libcrypto.num index e04580c..0b4190b 100644 --- a/util/libcrypto.num +++ b/util/libcrypto.num @@ -4216,3 +4216,5 @@ BIO_meth_get_read_ex 4166 1_1_1 EXIST::FUNCTION: BIO_write_ex 4167 1_1_1 EXIST::FUNCTION: BIO_meth_get_write_ex 4168 1_1_1 EXIST::FUNCTION: BIO_meth_set_write_ex 4169 1_1_1 EXIST::FUNCTION: +DSO_pathbyaddr 4170 1_1_0c EXIST::FUNCTION: +DSO_dsobyaddr 4171 1_1_0c EXIST::FUNCTION: From matt at openssl.org Wed Nov 2 23:40:29 2016 From: matt at openssl.org (Matt Caswell) Date: Wed, 02 Nov 2016 23:40:29 +0000 Subject: [openssl-commits] [openssl] OpenSSL_1_1_0-stable update Message-ID: <1478130029.780145.24666.nullmailer@dev.openssl.org> The branch OpenSSL_1_1_0-stable has been updated via 2e6b83f608b7a4b315146895ac911e8c06d40db1 (commit) via 848dc9619049f6aaad91b367eed309d987009e5e (commit) via 389d4655b143bc6d495ca6c48809aac8f4356e01 (commit) via 4af9f7fe79ff82b90c16969b7e5871435056377b (commit) via f722f18e1a3560c13bd018711a30acca73c8d619 (commit) via 93558bf5190226494d3b549397fbf94214846d0d (commit) from 717f4026d593119cf493b3c1e045462c540f4cb3 (commit) - Log ----------------------------------------------------------------- commit 2e6b83f608b7a4b315146895ac911e8c06d40db1 Author: Matt Caswell Date: Fri Oct 28 11:03:22 2016 +0100 Implement GET_MODULE_HANDLE_EX_FLAG_PIN for windows Rather than leaking a reference, just call GetModuleHandleEx and pin the module on Windows. Reviewed-by: Tim Hudson (cherry picked from commit 2b59d1beaad43d9cf8eb916a437db63bc8ce1d3a) commit 848dc9619049f6aaad91b367eed309d987009e5e Author: Matt Caswell Date: Tue Oct 18 15:11:57 2016 +0100 Link using -znodelete Instead of deliberately leaking a reference to ourselves, use nodelete which does this more neatly. Only for Linux at the moment. Reviewed-by: Tim Hudson (cherry picked from commit b6d5ba1a9f004d637acac18ae3519fe063b6b5e1) commit 389d4655b143bc6d495ca6c48809aac8f4356e01 Author: Matt Caswell Date: Tue Oct 18 14:16:35 2016 +0100 Add a test to dynamically load and unload the libraries This should demonstrate that the atexit() handling is working properly (or at least not crashing) on process exit. Reviewed-by: Tim Hudson (cherry picked from commit b987d748e46d4ec19a45e5ec9e890a9003a361d6) commit 4af9f7fe79ff82b90c16969b7e5871435056377b Author: Matt Caswell Date: Tue Oct 18 14:13:25 2016 +0100 Ensure that libcrypto and libssl do not unload until the process exits Because we use atexit() to cleanup after ourselves, this will cause a problem if we have been dynamically loaded and then unloaded again: the atexit() handler may no longer be there. Most modern atexit() implementations can handle this, however there are still difficulties if libssl gets unloaded before libcrypto, because of the atexit() callback that libcrypto makes to libssl. The most robust solution seems to be to ensure that libcrypto and libssl never unload. This is done by simply deliberately leaking a dlopen() reference to them. Reviewed-by: Tim Hudson (cherry picked from commit 5836780f436e03be231ff245f04f2f9f2f0ede91) commit f722f18e1a3560c13bd018711a30acca73c8d619 Author: Matt Caswell Date: Sat Oct 15 16:01:40 2016 +0100 Add a DSO_dsobyaddr() function This works the same way as DSO_pathbyaddr() but instead returns a ptr to the DSO that contains the provided symbol. Reviewed-by: Tim Hudson (cherry picked from commit b39eda7ee69a9277c722f8789736e00dc680cda6) commit 93558bf5190226494d3b549397fbf94214846d0d Author: Matt Caswell Date: Sat Oct 15 15:23:03 2016 +0100 Partial revert of 3d8b2ec42 to add back DSO_pathbyaddr Commit 3d8b2ec42 removed various unused functions. However now we need to use one of them! This commit resurrects DSO_pathbyaddr(). We're not going to resurrect the Windows version though because what we need to achieve can be done a different way on Windows. Reviewed-by: Tim Hudson (cherry picked from commit cb6ea61c161e88aa0268c77f308469a67b2ec063) ----------------------------------------------------------------------- Summary of changes: Configurations/10-main.conf | 25 ++-- crypto/dso/dso_dl.c | 34 ++++++ crypto/dso/dso_dlfcn.c | 34 ++++++ crypto/dso/dso_err.c | 2 + crypto/dso/dso_lib.c | 35 +++++- crypto/dso/dso_locl.h | 2 + crypto/dso/dso_vms.c | 4 +- crypto/dso/dso_win32.c | 1 + crypto/init.c | 70 +++++++++++ include/internal/dso.h | 23 ++++ test/build.info | 6 + test/recipes/90-test_shlibload.t | 37 ++++++ test/shlibloadtest.c | 243 +++++++++++++++++++++++++++++++++++++++ util/libcrypto.num | 2 + 14 files changed, 502 insertions(+), 16 deletions(-) create mode 100644 test/recipes/90-test_shlibload.t create mode 100644 test/shlibloadtest.c diff --git a/Configurations/10-main.conf b/Configurations/10-main.conf index adb40e3..c80d02f 100644 --- a/Configurations/10-main.conf +++ b/Configurations/10-main.conf @@ -631,7 +631,8 @@ sub vms_info { thread_scheme => "pthreads", dso_scheme => "dlfcn", shared_target => "linux-shared", - shared_cflag => "-fPIC", + shared_cflag => "-fPIC -DOPENSSL_USE_NODELETE", + shared_ldflag => "-znodelete", shared_extension => ".so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", }, "linux-generic64" => { @@ -647,14 +648,14 @@ sub vms_info { inherit_from => [ "linux-generic64", asm("ppc64_asm") ], cflags => add("-m64 -DB_ENDIAN"), perlasm_scheme => "linux64", - shared_ldflag => "-m64", + shared_ldflag => add("-m64"), multilib => "64", }, "linux-ppc64le" => { inherit_from => [ "linux-generic64", asm("ppc64_asm") ], cflags => add("-m64 -DL_ENDIAN"), perlasm_scheme => "linux64le", - shared_ldflag => "-m64", + shared_ldflag => add("-m64"), }, "linux-armv4" => { @@ -710,7 +711,7 @@ sub vms_info { inherit_from => [ "linux-generic32", asm("mips32_asm") ], cflags => add("-mabi=32 -DBN_DIV3W"), perlasm_scheme => "o32", - shared_ldflag => "-mabi=32", + shared_ldflag => add("-mabi=32"), }, # mips32 and mips64 below refer to contemporary MIPS Architecture # specifications, MIPS32 and MIPS64, rather than to kernel bitness. @@ -719,14 +720,14 @@ sub vms_info { cflags => add("-mabi=n32 -DBN_DIV3W"), bn_ops => "SIXTY_FOUR_BIT RC4_CHAR", perlasm_scheme => "n32", - shared_ldflag => "-mabi=n32", + shared_ldflag => add("-mabi=n32"), multilib => "32", }, "linux64-mips64" => { inherit_from => [ "linux-generic64", asm("mips64_asm") ], cflags => add("-mabi=64 -DBN_DIV3W"), perlasm_scheme => "64", - shared_ldflag => "-mabi=64", + shared_ldflag => add("-mabi=64"), multilib => "64", }, @@ -753,7 +754,7 @@ sub vms_info { cflags => add("-m64 -DL_ENDIAN"), bn_ops => "SIXTY_FOUR_BIT_LONG", perlasm_scheme => "elf", - shared_ldflag => "-m64", + shared_ldflag => add("-m64"), multilib => "64", }, "linux-x86_64-clang" => { @@ -779,7 +780,7 @@ sub vms_info { inherit_from => [ "linux-generic64", asm("s390x_asm") ], cflags => add("-m64 -DB_ENDIAN"), perlasm_scheme => "64", - shared_ldflag => "-m64", + shared_ldflag => add("-m64"), multilib => "64", }, "linux32-s390x" => { @@ -803,7 +804,7 @@ sub vms_info { cflags => add("-m31 -Wa,-mzarch -DB_ENDIAN"), bn_asm_src => sub { my $r=join(" ", at _); $r=~s|asm/s390x\.S|bn_asm.c|; $r; }, perlasm_scheme => "31", - shared_ldflag => "-m31", + shared_ldflag => add("-m31"), multilib => "/highgprs", }, @@ -819,14 +820,14 @@ sub vms_info { # but -Wa,-Av8plus should do the trick no matter what. inherit_from => [ "linux-generic32", asm("sparcv9_asm") ], cflags => add("-m32 -mcpu=ultrasparc -Wa,-Av8plus -DB_ENDIAN -DBN_DIV2W"), - shared_ldflag => "-m32", + shared_ldflag => add("-m32"), }, "linux64-sparcv9" => { # GCC 3.1 is a requirement inherit_from => [ "linux-generic64", asm("sparcv9_asm") ], cflags => add("-m64 -mcpu=ultrasparc -DB_ENDIAN"), bn_ops => "BN_LLONG RC4_CHAR", - shared_ldflag => "-m64", + shared_ldflag => add("-m64"), multilib => "64", }, @@ -855,7 +856,7 @@ sub vms_info { dso_scheme => "dlfcn", shared_target => "linux-shared", shared_cflag => "--pic", - shared_ldflag => "-z --sysv --shared", + shared_ldflag => add("-z --sysv --shared"), shared_extension => ".so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", ranlib => "true", }, diff --git a/crypto/dso/dso_dl.c b/crypto/dso/dso_dl.c index bc29fb2..d80bf56 100644 --- a/crypto/dso/dso_dl.c +++ b/crypto/dso/dso_dl.c @@ -22,6 +22,7 @@ static DSO_FUNC_TYPE dl_bind_func(DSO *dso, const char *symname); static char *dl_name_converter(DSO *dso, const char *filename); static char *dl_merger(DSO *dso, const char *filespec1, const char *filespec2); +static int dl_pathbyaddr(void *addr, char *path, int sz); static void *dl_globallookup(const char *name); static DSO_METHOD dso_meth_dl = { @@ -34,6 +35,7 @@ static DSO_METHOD dso_meth_dl = { dl_merger, NULL, /* init */ NULL, /* finish */ + dl_pathbyaddr, dl_globallookup }; @@ -235,6 +237,38 @@ static char *dl_name_converter(DSO *dso, const char *filename) return (translated); } +static int dl_pathbyaddr(void *addr, char *path, int sz) +{ + struct shl_descriptor inf; + int i, len; + + if (addr == NULL) { + union { + int (*f) (void *, char *, int); + void *p; + } t = { + dl_pathbyaddr + }; + addr = t.p; + } + + for (i = -1; shl_get_r(i, &inf) == 0; i++) { + if (((size_t)addr >= inf.tstart && (size_t)addr < inf.tend) || + ((size_t)addr >= inf.dstart && (size_t)addr < inf.dend)) { + len = (int)strlen(inf.filename); + if (sz <= 0) + return len + 1; + if (len >= sz) + len = sz - 1; + memcpy(path, inf.filename, len); + path[len++] = 0; + return len; + } + } + + return -1; +} + static void *dl_globallookup(const char *name) { void *ret; diff --git a/crypto/dso/dso_dlfcn.c b/crypto/dso/dso_dlfcn.c index 624052b..a4b0cdd 100644 --- a/crypto/dso/dso_dlfcn.c +++ b/crypto/dso/dso_dlfcn.c @@ -44,6 +44,7 @@ static DSO_FUNC_TYPE dlfcn_bind_func(DSO *dso, const char *symname); static char *dlfcn_name_converter(DSO *dso, const char *filename); static char *dlfcn_merger(DSO *dso, const char *filespec1, const char *filespec2); +static int dlfcn_pathbyaddr(void *addr, char *path, int sz); static void *dlfcn_globallookup(const char *name); static DSO_METHOD dso_meth_dlfcn = { @@ -56,6 +57,7 @@ static DSO_METHOD dso_meth_dlfcn = { dlfcn_merger, NULL, /* init */ NULL, /* finish */ + dlfcn_pathbyaddr, dlfcn_globallookup }; @@ -306,6 +308,38 @@ static int dladdr(void *address, Dl_info *dl) } # endif /* __sgi */ +static int dlfcn_pathbyaddr(void *addr, char *path, int sz) +{ +# ifdef HAVE_DLINFO + Dl_info dli; + int len; + + if (addr == NULL) { + union { + int (*f) (void *, char *, int); + void *p; + } t = { + dlfcn_pathbyaddr + }; + addr = t.p; + } + + if (dladdr(addr, &dli)) { + len = (int)strlen(dli.dli_fname); + if (sz <= 0) + return len + 1; + if (len >= sz) + len = sz - 1; + memcpy(path, dli.dli_fname, len); + path[len++] = 0; + return len; + } + + ERR_add_error_data(2, "dlfcn_pathbyaddr(): ", dlerror()); +# endif + return -1; +} + static void *dlfcn_globallookup(const char *name) { void *ret = NULL, *handle = dlopen(NULL, RTLD_LAZY); diff --git a/crypto/dso/dso_err.c b/crypto/dso/dso_err.c index a180580..07588d5 100644 --- a/crypto/dso/dso_err.c +++ b/crypto/dso/dso_err.c @@ -38,6 +38,7 @@ static ERR_STRING_DATA DSO_str_functs[] = { {ERR_FUNC(DSO_F_DSO_LOAD), "DSO_load"}, {ERR_FUNC(DSO_F_DSO_MERGE), "DSO_merge"}, {ERR_FUNC(DSO_F_DSO_NEW_METHOD), "DSO_new_method"}, + {ERR_FUNC(DSO_F_DSO_PATHBYADDR), "DSO_pathbyaddr"}, {ERR_FUNC(DSO_F_DSO_SET_FILENAME), "DSO_set_filename"}, {ERR_FUNC(DSO_F_DSO_UP_REF), "DSO_up_ref"}, {ERR_FUNC(DSO_F_VMS_BIND_SYM), "vms_bind_sym"}, @@ -50,6 +51,7 @@ static ERR_STRING_DATA DSO_str_functs[] = { {ERR_FUNC(DSO_F_WIN32_LOAD), "win32_load"}, {ERR_FUNC(DSO_F_WIN32_MERGER), "win32_merger"}, {ERR_FUNC(DSO_F_WIN32_NAME_CONVERTER), "win32_name_converter"}, + {ERR_FUNC(DSO_F_WIN32_PATHBYADDR), "win32_pathbyaddr"}, {ERR_FUNC(DSO_F_WIN32_SPLITTER), "win32_splitter"}, {ERR_FUNC(DSO_F_WIN32_UNLOAD), "win32_unload"}, {0, NULL} diff --git a/crypto/dso/dso_lib.c b/crypto/dso/dso_lib.c index bea8776..52816df 100644 --- a/crypto/dso/dso_lib.c +++ b/crypto/dso/dso_lib.c @@ -73,9 +73,11 @@ int DSO_free(DSO *dso) return 1; REF_ASSERT_ISNT(i < 0); - if ((dso->meth->dso_unload != NULL) && !dso->meth->dso_unload(dso)) { - DSOerr(DSO_F_DSO_FREE, DSO_R_UNLOAD_FAILED); - return 0; + if ((dso->flags & DSO_FLAG_NO_UNLOAD_ON_FREE) == 0) { + if ((dso->meth->dso_unload != NULL) && !dso->meth->dso_unload(dso)) { + DSOerr(DSO_F_DSO_FREE, DSO_R_UNLOAD_FAILED); + return 0; + } } if ((dso->meth->finish != NULL) && !dso->meth->finish(dso)) { @@ -304,6 +306,33 @@ char *DSO_convert_filename(DSO *dso, const char *filename) return (result); } +int DSO_pathbyaddr(void *addr, char *path, int sz) +{ + DSO_METHOD *meth = default_DSO_meth; + if (meth == NULL) + meth = DSO_METHOD_openssl(); + if (meth->pathbyaddr == NULL) { + DSOerr(DSO_F_DSO_PATHBYADDR, DSO_R_UNSUPPORTED); + return -1; + } + return (*meth->pathbyaddr) (addr, path, sz); +} + +DSO *DSO_dsobyaddr(void *addr, int flags) +{ + DSO *ret = NULL; + char *filename = NULL; + int len = DSO_pathbyaddr(addr, NULL, 0); + + filename = OPENSSL_malloc(len); + if (filename != NULL + && DSO_pathbyaddr(addr, filename, len) == len) + ret = DSO_load(NULL, filename, NULL, flags); + + OPENSSL_free(filename); + return ret; +} + void *DSO_global_lookup(const char *name) { DSO_METHOD *meth = default_DSO_meth; diff --git a/crypto/dso/dso_locl.h b/crypto/dso/dso_locl.h index 1976787..fbfad05 100644 --- a/crypto/dso/dso_locl.h +++ b/crypto/dso/dso_locl.h @@ -99,6 +99,8 @@ struct dso_meth_st { /* [De]Initialisation handlers. */ int (*init) (DSO *dso); int (*finish) (DSO *dso); + /* Return pathname of the module containing location */ + int (*pathbyaddr) (void *addr, char *path, int sz); /* Perform global symbol lookup, i.e. among *all* modules */ void *(*globallookup) (const char *symname); }; diff --git a/crypto/dso/dso_vms.c b/crypto/dso/dso_vms.c index 90d387e..b9a98dd 100644 --- a/crypto/dso/dso_vms.c +++ b/crypto/dso/dso_vms.c @@ -50,7 +50,9 @@ static DSO_METHOD dso_meth_vms = { vms_name_converter, vms_merger, NULL, /* init */ - NULL /* finish */ + NULL, /* finish */ + NULL, /* pathbyaddr */ + NULL /* globallookup */ }; /* diff --git a/crypto/dso/dso_win32.c b/crypto/dso/dso_win32.c index 4ac6e71..4a4c34a 100644 --- a/crypto/dso/dso_win32.c +++ b/crypto/dso/dso_win32.c @@ -77,6 +77,7 @@ static DSO_METHOD dso_meth_win32 = { win32_merger, NULL, /* init */ NULL, /* finish */ + NULL, /* pathbyaddr */ win32_globallookup }; diff --git a/crypto/init.c b/crypto/init.c index 7423ecc..a939cb1 100644 --- a/crypto/init.c +++ b/crypto/init.c @@ -23,6 +23,7 @@ #include #include #include +#include static int stopped = 0; @@ -79,6 +80,34 @@ DEFINE_RUN_ONCE_STATIC(ossl_init_base) return 0; OPENSSL_cpuid_setup(); base_inited = 1; + +#ifndef OPENSSL_USE_NODELETE +# ifdef DSO_WIN32 + { + HMODULE handle = NULL; + BOOL ret; + + /* We don't use the DSO route for WIN32 because there is a better way */ + ret = GetModuleHandleEx(GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS + | GET_MODULE_HANDLE_EX_FLAG_PIN, + (void *)&base_inited, &handle); + + return (ret == TRUE) ? 1 : 0; + } +# else + /* + * Deliberately leak a reference to ourselves. This will force the library + * to remain loaded until the atexit() handler is run a process exit. + */ + { + DSO *dso = NULL; + + dso = DSO_dsobyaddr(&base_inited, DSO_FLAG_NO_UNLOAD_ON_FREE); + DSO_free(dso); + } +# endif +#endif + return 1; } @@ -575,6 +604,47 @@ int OPENSSL_atexit(void (*handler)(void)) { OPENSSL_INIT_STOP *newhand; +#ifndef OPENSSL_USE_NODELETE + { + union { + void *sym; + void (*func)(void); + } handlersym; + + handlersym.func = handler; +# ifdef DSO_WIN32 + { + HMODULE handle = NULL; + BOOL ret; + + /* + * We don't use the DSO route for WIN32 because there is a better + * way + */ + ret = GetModuleHandleEx(GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS + | GET_MODULE_HANDLE_EX_FLAG_PIN, + handlersym.sym, &handle); + + if (!ret) + return 0; + } +# else + /* + * Deliberately leak a reference to the handler. This will force the + * library/code containing the handler to remain loaded until we run the + * atexit handler. If -znodelete has been used then this is + * unneccessary. + */ + { + DSO *dso = NULL; + + dso = DSO_dsobyaddr(handlersym.sym, DSO_FLAG_NO_UNLOAD_ON_FREE); + DSO_free(dso); + } +# endif + } +#endif + newhand = OPENSSL_malloc(sizeof(*newhand)); if (newhand == NULL) return 0; diff --git a/include/internal/dso.h b/include/internal/dso.h index 970beeb..f5de8a2 100644 --- a/include/internal/dso.h +++ b/include/internal/dso.h @@ -43,6 +43,10 @@ extern "C" { # define DSO_FLAG_NAME_TRANSLATION_EXT_ONLY 0x02 /* + * Don't unload the DSO when we call DSO_free() + */ +# define DSO_FLAG_NO_UNLOAD_ON_FREE 0x04 +/* * The following flag controls the translation of symbol names to upper case. * This is currently only being implemented for OpenVMS. */ @@ -137,6 +141,23 @@ DSO_FUNC_TYPE DSO_bind_func(DSO *dso, const char *symname); DSO_METHOD *DSO_METHOD_openssl(void); /* + * This function writes null-terminated pathname of DSO module containing + * 'addr' into 'sz' large caller-provided 'path' and returns the number of + * characters [including trailing zero] written to it. If 'sz' is 0 or + * negative, 'path' is ignored and required amount of charachers [including + * trailing zero] to accommodate pathname is returned. If 'addr' is NULL, then + * pathname of cryptolib itself is returned. Negative or zero return value + * denotes error. + */ +int DSO_pathbyaddr(void *addr, char *path, int sz); + +/* + * Like DSO_pathbyaddr() but instead returns a handle to the DSO for the symbol + * or NULL on error. + */ +DSO *DSO_dsobyaddr(void *addr, int flags); + +/* * This function should be used with caution! It looks up symbols in *all* * loaded modules and if module gets unloaded by somebody else attempt to * dereference the pointer is doomed to have fatal consequences. Primary @@ -177,6 +198,7 @@ int ERR_load_DSO_strings(void); # define DSO_F_DSO_LOAD 112 # define DSO_F_DSO_MERGE 132 # define DSO_F_DSO_NEW_METHOD 113 +# define DSO_F_DSO_PATHBYADDR 105 # define DSO_F_DSO_SET_FILENAME 129 # define DSO_F_DSO_UP_REF 114 # define DSO_F_VMS_BIND_SYM 115 @@ -189,6 +211,7 @@ int ERR_load_DSO_strings(void); # define DSO_F_WIN32_LOAD 120 # define DSO_F_WIN32_MERGER 134 # define DSO_F_WIN32_NAME_CONVERTER 125 +# define DSO_F_WIN32_PATHBYADDR 109 # define DSO_F_WIN32_SPLITTER 136 # define DSO_F_WIN32_UNLOAD 121 diff --git a/test/build.info b/test/build.info index b8fc431..e3a961d 100644 --- a/test/build.info +++ b/test/build.info @@ -274,6 +274,12 @@ IF[{- !$disabled{tests} -}] SOURCE[bio_enc_test]=bio_enc_test.c INCLUDE[bio_enc_test]=../include DEPEND[bio_enc_test]=../libcrypto + + IF[{- !disabled{shared} -}] + PROGRAMS_NO_INST=shlibloadtest + SOURCE[shlibloadtest]=shlibloadtest.c + INCLUDE[shlibloadtest]=../include + ENDIF ENDIF {- diff --git a/test/recipes/90-test_shlibload.t b/test/recipes/90-test_shlibload.t new file mode 100644 index 0000000..dc35613 --- /dev/null +++ b/test/recipes/90-test_shlibload.t @@ -0,0 +1,37 @@ +#! /usr/bin/env perl +# Copyright 2016 The OpenSSL Project Authors. All Rights Reserved. +# +# Licensed under the OpenSSL license (the "License"). You may not use +# this file except in compliance with the License. You can obtain a copy +# in the file LICENSE in the source distribution or at +# https://www.openssl.org/source/license.html + + +use OpenSSL::Test qw/:DEFAULT bldtop_dir/; +use OpenSSL::Test::Utils; + +#Load configdata.pm + +BEGIN { + setup("test_shlibload"); +} +use lib bldtop_dir('.'); +use configdata; + +plan skip_all => "Test only supported in a shared build" if disabled("shared"); + +plan tests => 3; + +ok(run(test(["shlibloadtest", "-crypto_first", + $unified_info{sharednames}->{libcrypto}, + $unified_info{sharednames}->{libssl}])), + "running shlibloadtest -crypto_first"); +ok(run(test(["shlibloadtest", "-ssl_first", + $unified_info{sharednames}->{libcrypto}, + $unified_info{sharednames}->{libssl}])), + "running shlibloadtest -ssl_first"); +ok(run(test(["shlibloadtest", "-just_crypto", + $unified_info{sharednames}->{libcrypto}, + $unified_info{sharednames}->{libssl}])), + "running shlibloadtest -just_crypto"); + diff --git a/test/shlibloadtest.c b/test/shlibloadtest.c new file mode 100644 index 0000000..be1e784 --- /dev/null +++ b/test/shlibloadtest.c @@ -0,0 +1,243 @@ +/* + * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#include +#include +#include +#include + +#define SSL_CTX_NEW "SSL_CTX_new" +#define SSL_CTX_FREE "SSL_CTX_free" +#define TLS_METHOD "TLS_method" + +#define ERR_GET_ERROR "ERR_get_error" +#define OPENSSL_VERSION_NUM_FUNC "OpenSSL_version_num" + +typedef struct ssl_ctx_st SSL_CTX; +typedef struct ssl_method_st SSL_METHOD; +typedef const SSL_METHOD * (*TLS_method_t)(void); +typedef SSL_CTX * (*SSL_CTX_new_t)(const SSL_METHOD *meth); +typedef void (*SSL_CTX_free_t)(SSL_CTX *); + +typedef unsigned long (*ERR_get_error_t)(void); +typedef unsigned long (*OpenSSL_version_num_t)(void); + +TLS_method_t TLS_method; +SSL_CTX_new_t SSL_CTX_new; +SSL_CTX_free_t SSL_CTX_free; + +ERR_get_error_t ERR_get_error; +OpenSSL_version_num_t OpenSSL_version_num; + + +#ifdef DSO_DLFCN + +# include + +typedef void * SHLIB; +typedef void * SHLIB_SYM; + +# define SHARED_LIBRARY_SUFFIX ".so" + +static int shlib_load(char *filename, SHLIB *lib) +{ + char *tmpfile; + size_t filenamelen = strlen(filename); + + /* Total length = base filename len + suffix len + 1 for NULL terminator */ + tmpfile = malloc(filenamelen + sizeof(SHARED_LIBRARY_SUFFIX) + 1); + if (tmpfile == NULL) + return 0; + strcpy(tmpfile, filename); + strcpy(tmpfile + filenamelen, SHARED_LIBRARY_SUFFIX); + + *lib = dlopen(tmpfile, RTLD_GLOBAL | RTLD_LAZY); + free(tmpfile); + + if (*lib == NULL) + return 0; + + return 1; +} + +static int shlib_sym(SHLIB lib, const char *symname, SHLIB_SYM *sym) +{ + *sym = dlsym(lib, symname); + + return *sym != NULL; +} + +static int shlib_close(SHLIB lib) +{ + if (dlclose(lib) != 0) + return 0; + + return 1; +} + +#elif defined(DSO_WIN32) + +# include + +typedef HINSTANCE SHLIB; +typedef void * SHLIB_SYM; + +static int shlib_load(char *filename, SHLIB *lib) +{ + *lib = LoadLibraryA(filename); + if (*lib == NULL) + return 0; + + return 1; +} + +static int shlib_sym(SHLIB lib, const char *symname, SHLIB_SYM *sym) +{ + *sym = (SHLIB_SYM)GetProcAddress(lib, symname); + + return *sym != NULL; +} + +static int shlib_close(SHLIB lib) +{ + if (FreeLibrary(lib) == 0) + return 0; + + return 1; +} + +#endif + +/* The test is only currently implemented for DSO_DLFCN and DSO_WIN32 */ +#if defined(DSO_DLFCN) || defined(DSO_WIN32) + +# define CRYPTO_FIRST_OPT "-crypto_first" +# define SSL_FIRST_OPT "-ssl_first" +# define JUST_CRYPTO_OPT "-just_crypto" + +enum test_types_en { + CRYPTO_FIRST, + SSL_FIRST, + JUST_CRYPTO +}; + +int main(int argc, char **argv) +{ + SHLIB ssllib, cryptolib; + SSL_CTX *ctx; + union { + void (*func) (void); + SHLIB_SYM sym; + } tls_method_sym, ssl_ctx_new_sym, ssl_ctx_free_sym, err_get_error_sym, + openssl_version_num_sym; + enum test_types_en test_type; + int i; + + if (argc != 4) { + printf("Unexpected number of arguments\n"); + return 1; + } + + if (strcmp(argv[1], CRYPTO_FIRST_OPT) == 0) { + test_type = CRYPTO_FIRST; + } else if (strcmp(argv[1], SSL_FIRST_OPT) == 0) { + test_type = SSL_FIRST; + } else if (strcmp(argv[1], JUST_CRYPTO_OPT) == 0) { + test_type = JUST_CRYPTO; + } else { + printf("Unrecognised argument\n"); + return 1; + } + + for (i = 0; i < 2; i++) { + if ((i == 0 && (test_type == CRYPTO_FIRST + || test_type == JUST_CRYPTO)) + || (i == 1 && test_type == SSL_FIRST)) { + if (!shlib_load(argv[2], &cryptolib)) { + printf("Unable to load libcrypto\n"); + return 1; + } + } + if ((i == 0 && test_type == SSL_FIRST) + || (i == 1 && test_type == CRYPTO_FIRST)) { + if (!shlib_load(argv[3], &ssllib)) { + printf("Unable to load libssl\n"); + return 1; + } + } + } + + if (test_type != JUST_CRYPTO) { + if (!shlib_sym(ssllib, TLS_METHOD, &tls_method_sym.sym) + || !shlib_sym(ssllib, SSL_CTX_NEW, &ssl_ctx_new_sym.sym) + || !shlib_sym(ssllib, SSL_CTX_FREE, &ssl_ctx_free_sym.sym)) { + printf("Unable to load ssl symbols\n"); + return 1; + } + + TLS_method = (TLS_method_t)tls_method_sym.func; + SSL_CTX_new = (SSL_CTX_new_t)ssl_ctx_new_sym.func; + SSL_CTX_free = (SSL_CTX_free_t)ssl_ctx_free_sym.func; + + ctx = SSL_CTX_new(TLS_method()); + if (ctx == NULL) { + printf("Unable to create SSL_CTX\n"); + return 1; + } + SSL_CTX_free(ctx); + } + + if (!shlib_sym(cryptolib, ERR_GET_ERROR, &err_get_error_sym.sym) + || !shlib_sym(cryptolib, OPENSSL_VERSION_NUM_FUNC, + &openssl_version_num_sym.sym)) { + printf("Unable to load crypto symbols\n"); + return 1; + } + + ERR_get_error = (ERR_get_error_t)err_get_error_sym.func; + OpenSSL_version_num = (OpenSSL_version_num_t)openssl_version_num_sym.func; + + if (ERR_get_error() != 0) { + printf("Unexpected error in error queue\n"); + return 1; + } + + if (OpenSSL_version_num() != OPENSSL_VERSION_NUMBER) { + printf("Unexpected library version loaded\n"); + return 1; + } + + for (i = 0; i < 2; i++) { + if ((i == 0 && test_type == CRYPTO_FIRST) + || (i == 1 && test_type == SSL_FIRST)) { + if (!shlib_close(ssllib)) { + printf("Unable to close libssl\n"); + return 1; + } + } + if ((i == 0 && (test_type == SSL_FIRST + || test_type == JUST_CRYPTO)) + || (i == 1 && test_type == CRYPTO_FIRST)) { + if (!shlib_close(cryptolib)) { + printf("Unable to close libcrypto\n"); + return 1; + } + } + } + + printf("Success\n"); + return 0; +} +#else +int main(void) +{ + printf("Test not implemented on this platform\n"); + return 0; +} +#endif diff --git a/util/libcrypto.num b/util/libcrypto.num index db6732e..a16cc9f 100644 --- a/util/libcrypto.num +++ b/util/libcrypto.num @@ -4206,3 +4206,5 @@ ECPARAMETERS_new 4156 1_1_0 EXIST::FUNCTION:EC OCSP_RESPID_set_by_name 4157 1_1_0a EXIST::FUNCTION:OCSP OCSP_RESPID_set_by_key 4158 1_1_0a EXIST::FUNCTION:OCSP OCSP_RESPID_match 4159 1_1_0a EXIST::FUNCTION:OCSP +DSO_pathbyaddr 4170 1_1_0c EXIST::FUNCTION: +DSO_dsobyaddr 4171 1_1_0c EXIST::FUNCTION: From no-reply at appveyor.com Wed Nov 2 23:51:37 2016 From: no-reply at appveyor.com (AppVeyor) Date: Wed, 02 Nov 2016 23:51:37 +0000 Subject: [openssl-commits] Build failed: openssl 1.0.1558 Message-ID: <20161102235136.22336.52800.743B04BD@appveyor.com> An HTML attachment was scrubbed... URL: From no-reply at appveyor.com Wed Nov 2 23:54:12 2016 From: no-reply at appveyor.com (AppVeyor) Date: Wed, 02 Nov 2016 23:54:12 +0000 Subject: [openssl-commits] Build failed: openssl 1.0.1559 Message-ID: <20161102235412.22364.37514.0280DDFB@appveyor.com> An HTML attachment was scrubbed... URL: From builds at travis-ci.org Thu Nov 3 01:31:39 2016 From: builds at travis-ci.org (Travis CI) Date: Thu, 03 Nov 2016 01:31:39 +0000 Subject: [openssl-commits] Errored: openssl/openssl#6783 (OpenSSL_1_0_2-stable - ad69a30) In-Reply-To: Message-ID: <581a937f2b1f8_33fe4960cdacc37506e@a9e3f969-7f8c-4440-b40e-f5350197ac58.mail> Build Update for openssl/openssl ------------------------------------- Build: #6783 Status: Errored Duration: 1 hour, 54 minutes, and 31 seconds Commit: ad69a30 (OpenSSL_1_0_2-stable) Author: Matt Caswell Message: Fix heartbeat_test The heartbeat_test reaches into the internals of libssl and calls some internal functions. It then checks the return value to check its what it expected. However commit fa4c37457 changed the return value of these internal functions, and now the test is failing. The solution is to update the test to look for the new return value. Reviewed-by: Richard Levitte View the changeset: https://github.com/openssl/openssl/compare/ba2bf831c0f0...ad69a30323cb View the full build log and details: https://travis-ci.org/openssl/openssl/builds/172683285 -- You can configure recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications -------------- next part -------------- An HTML attachment was scrubbed... URL: From builds at travis-ci.org Thu Nov 3 03:11:56 2016 From: builds at travis-ci.org (Travis CI) Date: Thu, 03 Nov 2016 03:11:56 +0000 Subject: [openssl-commits] Errored: openssl/openssl#6786 (master - 2c4a3f9) In-Reply-To: Message-ID: <581aaaffc162f_33f9c15f6e8c02966cc@7ae2358b-3783-4987-8918-d1efac148eca.mail> Build Update for openssl/openssl ------------------------------------- Build: #6786 Status: Errored Duration: 42 minutes and 47 seconds Commit: 2c4a3f9 (master) Author: Richard Levitte Message: Test recipes: remove duplicate OpenSSL::Test usage Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/1815) View the changeset: https://github.com/openssl/openssl/compare/fe2582a224e3...2c4a3f938ca3 View the full build log and details: https://travis-ci.org/openssl/openssl/builds/172685403 -- You can configure recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications -------------- next part -------------- An HTML attachment was scrubbed... URL: From kurt at openssl.org Thu Nov 3 04:14:44 2016 From: kurt at openssl.org (Kurt Roeckx) Date: Thu, 03 Nov 2016 04:14:44 +0000 Subject: [openssl-commits] [openssl] master update Message-ID: <1478146484.225508.30575.nullmailer@dev.openssl.org> The branch master has been updated via ea6199ea91ac59ae53686335e436d554cdacd2dc (commit) from 2b59d1beaad43d9cf8eb916a437db63bc8ce1d3a (commit) - Log ----------------------------------------------------------------- commit ea6199ea91ac59ae53686335e436d554cdacd2dc Author: Kurt Roeckx Date: Wed Nov 2 20:45:46 2016 +0100 conf fuzzer: also check for an empty file Reviewed-by: Tim Hudson Reviewed-by: Rich Salz GH: #1828 ----------------------------------------------------------------------- Summary of changes: fuzz/conf.c | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/fuzz/conf.c b/fuzz/conf.c index a76068d..30b13c8 100644 --- a/fuzz/conf.c +++ b/fuzz/conf.c @@ -20,10 +20,15 @@ int FuzzerInitialize(int *argc, char ***argv) { } int FuzzerTestOneInput(const uint8_t *buf, size_t len) { - CONF *conf = NCONF_new(NULL); - BIO *in = BIO_new(BIO_s_mem()); + CONF *conf; + BIO *in; long eline; + if (len == 0) + return 0; + + conf = NCONF_new(NULL); + in = BIO_new(BIO_s_mem()); OPENSSL_assert((size_t)BIO_write(in, buf, len) == len); NCONF_load_bio(conf, in, &eline); NCONF_free(conf); From kurt at openssl.org Thu Nov 3 04:18:23 2016 From: kurt at openssl.org (Kurt Roeckx) Date: Thu, 03 Nov 2016 04:18:23 +0000 Subject: [openssl-commits] [openssl] OpenSSL_1_1_0-stable update Message-ID: <1478146703.149799.32538.nullmailer@dev.openssl.org> The branch OpenSSL_1_1_0-stable has been updated via 3a3f9ed140b0e1feeed1b9655091c270df05332f (commit) via a1aa0386081c4be6e020f1b84a55056ae9f6ad04 (commit) from 2e6b83f608b7a4b315146895ac911e8c06d40db1 (commit) - Log ----------------------------------------------------------------- commit 3a3f9ed140b0e1feeed1b9655091c270df05332f Author: Kurt Roeckx Date: Wed Nov 2 20:45:46 2016 +0100 conf fuzzer: also check for an empty file Reviewed-by: Tim Hudson Reviewed-by: Rich Salz GH: #1828 (cherry picked from commit ea6199ea91ac59ae53686335e436d554cdacd2dc) commit a1aa0386081c4be6e020f1b84a55056ae9f6ad04 Author: Mike Aizatsky Date: Wed Oct 26 13:56:39 2016 -0700 [fuzzers] do not fail fuzzers with empty input Reviewed-by: Kurt Roeckx Reviewed-by: Rich Salz GH: #1788 (cherry picked from commit ba7407002d899b614d4728da9004594f947ff3da) ----------------------------------------------------------------------- Summary of changes: fuzz/cms.c | 6 +++++- fuzz/conf.c | 9 +++++++-- fuzz/server.c | 12 +++++++++--- 3 files changed, 21 insertions(+), 6 deletions(-) diff --git a/fuzz/cms.c b/fuzz/cms.c index f97173a..94390e7 100644 --- a/fuzz/cms.c +++ b/fuzz/cms.c @@ -22,8 +22,12 @@ int FuzzerInitialize(int *argc, char ***argv) { int FuzzerTestOneInput(const uint8_t *buf, size_t len) { CMS_ContentInfo *i; - BIO *in = BIO_new(BIO_s_mem()); + BIO *in; + if (!len) { + return 0; + } + in = BIO_new(BIO_s_mem()); OPENSSL_assert((size_t)BIO_write(in, buf, len) == len); i = d2i_CMS_bio(in, NULL); CMS_ContentInfo_free(i); diff --git a/fuzz/conf.c b/fuzz/conf.c index a76068d..30b13c8 100644 --- a/fuzz/conf.c +++ b/fuzz/conf.c @@ -20,10 +20,15 @@ int FuzzerInitialize(int *argc, char ***argv) { } int FuzzerTestOneInput(const uint8_t *buf, size_t len) { - CONF *conf = NCONF_new(NULL); - BIO *in = BIO_new(BIO_s_mem()); + CONF *conf; + BIO *in; long eline; + if (len == 0) + return 0; + + conf = NCONF_new(NULL); + in = BIO_new(BIO_s_mem()); OPENSSL_assert((size_t)BIO_write(in, buf, len) == len); NCONF_load_bio(conf, in, &eline); NCONF_free(conf); diff --git a/fuzz/server.c b/fuzz/server.c index 0076306..35449d8 100644 --- a/fuzz/server.c +++ b/fuzz/server.c @@ -217,6 +217,12 @@ int FuzzerInitialize(int *argc, char ***argv) { } int FuzzerTestOneInput(const uint8_t *buf, size_t len) { + SSL *server; + BIO *in; + BIO *out; + if (!len) { + return 0; + } /* TODO: make this work for OpenSSL. There's a PREDICT define that may do * the job. * TODO: use the ossltest engine (optionally?) to disable crypto checks. @@ -224,9 +230,9 @@ int FuzzerTestOneInput(const uint8_t *buf, size_t len) { */ /* This only fuzzes the initial flow from the client so far. */ - SSL *server = SSL_new(ctx); - BIO *in = BIO_new(BIO_s_mem()); - BIO *out = BIO_new(BIO_s_mem()); + server = SSL_new(ctx); + in = BIO_new(BIO_s_mem()); + out = BIO_new(BIO_s_mem()); SSL_set_bio(server, in, out); SSL_set_accept_state(server); OPENSSL_assert((size_t)BIO_write(in, buf, len) == len); From builds at travis-ci.org Thu Nov 3 05:19:15 2016 From: builds at travis-ci.org (Travis CI) Date: Thu, 03 Nov 2016 05:19:15 +0000 Subject: [openssl-commits] Errored: FdaSilvaYY/openssl#2280 (fix_set_dup_exdata - 8393ad5) In-Reply-To: Message-ID: <581ac8d317a05_33fe49801711c4920e7@a9e3f969-7f8c-4440-b40e-f5350197ac58.mail> Build Update for FdaSilvaYY/openssl ------------------------------------- Build: #2280 Status: Errored Duration: 1 minute and 55 seconds Commit: 8393ad5 (fix_set_dup_exdata) Author: FdaSilvaYY Message: Fix possible malloc failure inside CRYPTO_dup_ex_data() Fix related docs. View the changeset: https://github.com/FdaSilvaYY/openssl/compare/49bd9973a8e2...8393ad57f3bd View the full build log and details: https://travis-ci.org/FdaSilvaYY/openssl/builds/172718128 -- You can configure recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications -------------- next part -------------- An HTML attachment was scrubbed... URL: From builds at travis-ci.org Thu Nov 3 10:17:46 2016 From: builds at travis-ci.org (Travis CI) Date: Thu, 03 Nov 2016 10:17:46 +0000 Subject: [openssl-commits] Broken: openssl/openssl#6804 (master - 2b59d1b) In-Reply-To: Message-ID: <581b0ecd24798_33f9c15d9eb4453105e@7ae2358b-3783-4987-8918-d1efac148eca.mail> Build Update for openssl/openssl ------------------------------------- Build: #6804 Status: Broken Duration: 32 minutes and 34 seconds Commit: 2b59d1b (master) Author: Matt Caswell Message: Implement GET_MODULE_HANDLE_EX_FLAG_PIN for windows Rather than leaking a reference, just call GetModuleHandleEx and pin the module on Windows. Reviewed-by: Tim Hudson View the changeset: https://github.com/openssl/openssl/compare/ce95f3b724f7...2b59d1beaad4 View the full build log and details: https://travis-ci.org/openssl/openssl/builds/172797523 -- You can configure recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications -------------- next part -------------- An HTML attachment was scrubbed... URL: From builds at travis-ci.org Thu Nov 3 10:40:50 2016 From: builds at travis-ci.org (Travis CI) Date: Thu, 03 Nov 2016 10:40:50 +0000 Subject: [openssl-commits] Broken: openssl/openssl#6805 (OpenSSL_1_1_0-stable - 2e6b83f) In-Reply-To: Message-ID: <581b14329f524_33fdc83d8cb481254426@3184019c-f60d-4c99-a0ce-3663992bb922.mail> Build Update for openssl/openssl ------------------------------------- Build: #6805 Status: Broken Duration: 37 minutes and 46 seconds Commit: 2e6b83f (OpenSSL_1_1_0-stable) Author: Matt Caswell Message: Implement GET_MODULE_HANDLE_EX_FLAG_PIN for windows Rather than leaking a reference, just call GetModuleHandleEx and pin the module on Windows. Reviewed-by: Tim Hudson (cherry picked from commit 2b59d1beaad43d9cf8eb916a437db63bc8ce1d3a) View the changeset: https://github.com/openssl/openssl/compare/717f4026d593...2e6b83f608b7 View the full build log and details: https://travis-ci.org/openssl/openssl/builds/172797565 -- You can configure recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications -------------- next part -------------- An HTML attachment was scrubbed... URL: From builds at travis-ci.org Thu Nov 3 11:29:30 2016 From: builds at travis-ci.org (Travis CI) Date: Thu, 03 Nov 2016 11:29:30 +0000 Subject: [openssl-commits] Failed: openssl/openssl#6807 (master - ea6199e) In-Reply-To: Message-ID: <581b1f99f29ae_33f9c160e1e786010d0@7ae2358b-3783-4987-8918-d1efac148eca.mail> Build Update for openssl/openssl ------------------------------------- Build: #6807 Status: Failed Duration: 35 minutes and 50 seconds Commit: ea6199e (master) Author: Kurt Roeckx Message: conf fuzzer: also check for an empty file Reviewed-by: Tim Hudson Reviewed-by: Rich Salz GH: #1828 View the changeset: https://github.com/openssl/openssl/compare/2b59d1beaad4...ea6199ea91ac View the full build log and details: https://travis-ci.org/openssl/openssl/builds/172835518 -- You can configure recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications -------------- next part -------------- An HTML attachment was scrubbed... URL: From builds at travis-ci.org Thu Nov 3 11:53:46 2016 From: builds at travis-ci.org (Travis CI) Date: Thu, 03 Nov 2016 11:53:46 +0000 Subject: [openssl-commits] Broken: openssl/openssl#6808 (OpenSSL_1_1_0-stable - 3a3f9ed) In-Reply-To: Message-ID: <581b254a4252d_33f9b2b58859429379f@40a337e2-63a6-48ad-9e75-ad447ce15e27.mail> Build Update for openssl/openssl ------------------------------------- Build: #6808 Status: Broken Duration: 27 minutes and 8 seconds Commit: 3a3f9ed (OpenSSL_1_1_0-stable) Author: Kurt Roeckx Message: conf fuzzer: also check for an empty file Reviewed-by: Tim Hudson Reviewed-by: Rich Salz GH: #1828 (cherry picked from commit ea6199ea91ac59ae53686335e436d554cdacd2dc) View the changeset: https://github.com/openssl/openssl/compare/2e6b83f608b7...3a3f9ed140b0 View the full build log and details: https://travis-ci.org/openssl/openssl/builds/172835978 -- You can configure recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications -------------- next part -------------- An HTML attachment was scrubbed... URL: From levitte at openssl.org Thu Nov 3 12:10:26 2016 From: levitte at openssl.org (Richard Levitte) Date: Thu, 03 Nov 2016 12:10:26 +0000 Subject: [openssl-commits] [openssl] master update Message-ID: <1478175026.351632.13939.nullmailer@dev.openssl.org> The branch master has been updated via 9c89c8460a4dcf828a22e2dfc279b5ea8a80ec60 (commit) from ea6199ea91ac59ae53686335e436d554cdacd2dc (commit) - Log ----------------------------------------------------------------- commit 9c89c8460a4dcf828a22e2dfc279b5ea8a80ec60 Author: Richard Levitte Date: Thu Nov 3 11:31:12 2016 +0100 test/build.info: typo, $ missing Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/1832) ----------------------------------------------------------------------- Summary of changes: test/build.info | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/test/build.info b/test/build.info index 818d073..aa9b933 100644 --- a/test/build.info +++ b/test/build.info @@ -282,7 +282,7 @@ IF[{- !$disabled{tests} -}] DEPEND[dtls_mtu_test]=../libcrypto ../libssl ENDIF - IF[{- !disabled{shared} -}] + IF[{- !$disabled{shared} -}] PROGRAMS_NO_INST=shlibloadtest SOURCE[shlibloadtest]=shlibloadtest.c INCLUDE[shlibloadtest]=../include From levitte at openssl.org Thu Nov 3 12:16:22 2016 From: levitte at openssl.org (Richard Levitte) Date: Thu, 03 Nov 2016 12:16:22 +0000 Subject: [openssl-commits] [openssl] master update Message-ID: <1478175382.753874.15810.nullmailer@dev.openssl.org> The branch master has been updated via 7280a5d332e880adbc73e03086ab070f8effdce7 (commit) via 59cec20e783917b706b84c1ab8527cd3362f205d (commit) via 97f1e97114822a04a7720b817a789cc9d2553e2b (commit) via f12d6273a508b9bc8eaee4d87918fe0401d747f2 (commit) via 7dc60ba7c8314109a1eeef3c801c8c41a7ebbeff (commit) via f2ae2348cef7cdc9bc7bcff8f5cf19384bad45fd (commit) via 2c1661714856f75ebd17b2a881c913a08f0103b1 (commit) via bbdec3f24727d86a223d5af12f4e30f5723ce2fc (commit) via b5b7c61fe337e2b5be931f42ce6f827ff344f3f6 (commit) via ab6e147c49f2382d2c30e313dd99aa23f66bc563 (commit) via aeac218372239752e79769da8f7d1db16d87307d (commit) from 9c89c8460a4dcf828a22e2dfc279b5ea8a80ec60 (commit) - Log ----------------------------------------------------------------- commit 7280a5d332e880adbc73e03086ab070f8effdce7 Author: Richard Levitte Date: Fri Oct 28 21:41:12 2016 +0200 Clean away remaining 'selftest' code All of these don't compile cleanly any more, probably haven't for quite some time Reviewed-by: Emilia K?sper (Merged from https://github.com/openssl/openssl/pull/1789) commit 59cec20e783917b706b84c1ab8527cd3362f205d Author: Richard Levitte Date: Thu Oct 27 23:25:09 2016 +0200 Finally, add a test recipe for the internal tests Reviewed-by: Emilia K?sper (Merged from https://github.com/openssl/openssl/pull/1789) commit 97f1e97114822a04a7720b817a789cc9d2553e2b Author: Richard Levitte Date: Thu Oct 27 22:18:50 2016 +0200 Convert mdc2 test print to internal test Reviewed-by: Emilia K?sper (Merged from https://github.com/openssl/openssl/pull/1789) commit f12d6273a508b9bc8eaee4d87918fe0401d747f2 Author: Richard Levitte Date: Thu Oct 27 21:42:45 2016 +0200 Convert x509 selftests to internal test Reviewed-by: Emilia K?sper (Merged from https://github.com/openssl/openssl/pull/1789) commit 7dc60ba7c8314109a1eeef3c801c8c41a7ebbeff Author: Richard Levitte Date: Fri Oct 28 01:32:33 2016 +0200 Add a HEADER_MODES_H guard in include/openssl/modes.h Reviewed-by: Emilia K?sper (Merged from https://github.com/openssl/openssl/pull/1789) commit f2ae2348cef7cdc9bc7bcff8f5cf19384bad45fd Author: Richard Levitte Date: Thu Oct 27 19:57:41 2016 +0200 Convert modes selftests (cts128 and gcm128) to internal test Reviewed-by: Emilia K?sper (Merged from https://github.com/openssl/openssl/pull/1789) commit 2c1661714856f75ebd17b2a881c913a08f0103b1 Author: Richard Levitte Date: Wed Oct 26 23:12:48 2016 +0200 Convert asn1 selftests (a_strnid and ameth_lib) into internal test Reviewed-by: Emilia K?sper (Merged from https://github.com/openssl/openssl/pull/1789) commit bbdec3f24727d86a223d5af12f4e30f5723ce2fc Author: Richard Levitte Date: Wed Oct 26 22:31:29 2016 +0200 VMS: ignore multiply defined symbols when linking programs The Unix and Windows linkers appear to simply ignore if any symbol is defined multiple times in different object files and libraries. The VMS linker, on the other hand, warns about it, loud and clear. It will still create the executable, but does so screaming. So we complicate things by saving the linker output, look through all the errors and warnings, and if they are only made up of %LINK-W-MULDEF, we let it pass, otherwise we output the linker output and raise the same exit code we got from the linker. Reviewed-by: Emilia K?sper (Merged from https://github.com/openssl/openssl/pull/1789) commit b5b7c61fe337e2b5be931f42ce6f827ff344f3f6 Author: Richard Levitte Date: Thu Oct 27 08:44:36 2016 +0200 Explain the deal with internal test programs Reviewed-by: Emilia K?sper (Merged from https://github.com/openssl/openssl/pull/1789) commit ab6e147c49f2382d2c30e313dd99aa23f66bc563 Author: Richard Levitte Date: Tue Oct 25 12:40:32 2016 +0200 Allow indented comments in build.info Reviewed-by: Emilia K?sper (Merged from https://github.com/openssl/openssl/pull/1789) commit aeac218372239752e79769da8f7d1db16d87307d Author: Richard Levitte Date: Wed Oct 26 00:25:44 2016 +0200 Convert poly1305 selftest into internal test Reviewed-by: Emilia K?sper (Merged from https://github.com/openssl/openssl/pull/1789) ----------------------------------------------------------------------- Summary of changes: Configurations/descrip.mms.tmpl | 35 +- Configure | 2 +- crypto/asn1/a_strnid.c | 77 +- crypto/asn1/ameth_lib.c | 42 +- crypto/asn1/standard_methods.h | 40 + crypto/asn1/tbl_standard.h | 57 ++ crypto/evp/p5_crpt2.c | 12 - crypto/mdc2/mdc2dgst.c | 21 - crypto/modes/cts128.c | 193 ----- crypto/modes/gcm128.c | 636 -------------- crypto/objects/obj_xref.c | 27 - crypto/poly1305/poly1305.c | 507 +----------- crypto/poly1305/poly1305_local.h | 27 + crypto/rc2/tab.c | 93 --- crypto/x509v3/standard_exts.h | 77 ++ crypto/x509v3/tabtest.c | 42 - crypto/x509v3/v3_lib.c | 68 +- crypto/x509v3/v3conf.c | 79 -- crypto/x509v3/v3prin.c | 50 -- include/openssl/modes.h | 17 +- test/asn1_internal_test.c | 152 ++++ test/build.info | 80 ++ test/mdc2_internal_test.c | 95 +++ test/modes_internal_test.c | 1085 ++++++++++++++++++++++++ test/poly1305_internal_test.c | 1701 ++++++++++++++++++++++++++++++++++++++ test/recipes/03-test_internal.t | 31 + test/x509_internal_test.c | 100 +++ 27 files changed, 3495 insertions(+), 1851 deletions(-) create mode 100644 crypto/asn1/standard_methods.h create mode 100644 crypto/asn1/tbl_standard.h create mode 100644 crypto/poly1305/poly1305_local.h delete mode 100644 crypto/rc2/tab.c create mode 100644 crypto/x509v3/standard_exts.h delete mode 100644 crypto/x509v3/tabtest.c delete mode 100644 crypto/x509v3/v3conf.c delete mode 100644 crypto/x509v3/v3prin.c create mode 100644 test/asn1_internal_test.c create mode 100644 test/mdc2_internal_test.c create mode 100644 test/modes_internal_test.c create mode 100644 test/poly1305_internal_test.c create mode 100644 test/recipes/03-test_internal.t create mode 100644 test/x509_internal_test.c diff --git a/Configurations/descrip.mms.tmpl b/Configurations/descrip.mms.tmpl index 95262fe..3d221f5 100644 --- a/Configurations/descrip.mms.tmpl +++ b/Configurations/descrip.mms.tmpl @@ -751,13 +751,46 @@ EOF $x =~ s|(\.OLB)|$1/LIB|; "WRITE OPT_FILE \"$x\"" } @deps) || "\@ !"; + # The linking commands looks a bit complex, but it's for good reason. + # When you link, say, foo.obj, bar.obj and libsomething.exe/share, and + # bar.obj happens to have a symbol that also exists in libsomething.exe, + # the linker will warn about it, loudly, and will then choose to pick + # the first copy encountered (the one in bar.obj in this example). + # On Unix and on Windows, the corresponding maneuvre goes through + # silently with the same effect. + # With some test programs, made for checking the internals of OpenSSL, + # we do this kind of linking deliberately, picking a few specific object + # files from within [.crypto] or [.ssl] so we can reach symbols that are + # otherwise unreachable (since the shareable images only exports the + # symbols listed in [.util]*.num), and then with the shared libraries + # themselves. So we need to silence the warning about multiply defined + # symbols, to mimic the way linking work on Unix and Windows, and so + # the build isn't interrupted (MMS stops when warnings are signaled, + # by default), and so someone building doesn't have to worry where it + # isn't necessary. If there are other warnings, however, we show them + # and let it break the build. return <<"EOF"; $bin.EXE : $deps OPEN/WRITE/SHARE=READ OPT_FILE $bin.OPT $write_opt1 $write_opt2 CLOSE OPT_FILE - LINK/EXEC=$bin.EXE \$(LDFLAGS) $bin.OPT/OPT \$(EX_LIBS) + - pipe SPAWN/WAIT/NOLOG/OUT=$bin.LINKLOG - + LINK/EXEC=$bin.EXE \$(LDFLAGS) $bin.OPT/OPT \$(EX_LIBS) ; - + link_status = \$status ; link_severity = link_status .AND. 7 + @ search_severity = 1 + -@ IF link_severity .EQ. 0 THEN - + pipe SEARCH $bin.LINKLOG "%","-"/MATCH=AND | - + SPAWN/WAIT/NOLOG/OUT=NLA0: - + SEARCH SYS\$INPUT: "-W-MULDEF,"/MATCH=NOR ; - + search_severity = \$severity + @ ! search_severity is 3 when the last search didn't find any matching + @ ! string: %SEARCH-I-NOMATCHES, no strings matched + -@ IF search_severity .NE. 3 .OR. link_severity .NE. 1 THEN - + TYPE $bin.LINKLOG + -@ DELETE $bin.LINKLOG;* + @ IF search_severity .NE. 3 .OR. link_severity .NE. 1 THEN - + SPAWN/WAIT/NOLOG EXIT 'link_status' - PURGE $bin.EXE,$bin.OPT EOF } diff --git a/Configure b/Configure index 958ac5c..884f7bd 100755 --- a/Configure +++ b/Configure @@ -1592,7 +1592,7 @@ if ($builder eq "unified") { || $target_kind eq $target{build_file}."(".$builder_platform.")"); } }, - qr/^(?:#.*|\s*)$/ => sub { }, + qr/^\s*(?:#.*)?$/ => sub { }, "OTHERWISE" => sub { die "Something wrong with this line:\n$_\nat $sourced/$f" }, "BEFORE" => sub { if ($buildinfo_debug) { diff --git a/crypto/asn1/a_strnid.c b/crypto/asn1/a_strnid.c index 53832c8..ce8a646 100644 --- a/crypto/asn1/a_strnid.c +++ b/crypto/asn1/a_strnid.c @@ -106,53 +106,7 @@ ASN1_STRING *ASN1_STRING_set_by_NID(ASN1_STRING **out, * Now the tables and helper functions for the string table: */ -/* size limits: this stuff is taken straight from RFC3280 */ - -#define ub_name 32768 -#define ub_common_name 64 -#define ub_locality_name 128 -#define ub_state_name 128 -#define ub_organization_name 64 -#define ub_organization_unit_name 64 -#define ub_title 64 -#define ub_email_address 128 -#define ub_serial_number 64 - -/* From RFC4524 */ - -#define ub_rfc822_mailbox 256 - -/* This table must be kept in NID order */ - -static const ASN1_STRING_TABLE tbl_standard[] = { - {NID_commonName, 1, ub_common_name, DIRSTRING_TYPE, 0}, - {NID_countryName, 2, 2, B_ASN1_PRINTABLESTRING, STABLE_NO_MASK}, - {NID_localityName, 1, ub_locality_name, DIRSTRING_TYPE, 0}, - {NID_stateOrProvinceName, 1, ub_state_name, DIRSTRING_TYPE, 0}, - {NID_organizationName, 1, ub_organization_name, DIRSTRING_TYPE, 0}, - {NID_organizationalUnitName, 1, ub_organization_unit_name, DIRSTRING_TYPE, - 0}, - {NID_pkcs9_emailAddress, 1, ub_email_address, B_ASN1_IA5STRING, - STABLE_NO_MASK}, - {NID_pkcs9_unstructuredName, 1, -1, PKCS9STRING_TYPE, 0}, - {NID_pkcs9_challengePassword, 1, -1, PKCS9STRING_TYPE, 0}, - {NID_pkcs9_unstructuredAddress, 1, -1, DIRSTRING_TYPE, 0}, - {NID_givenName, 1, ub_name, DIRSTRING_TYPE, 0}, - {NID_surname, 1, ub_name, DIRSTRING_TYPE, 0}, - {NID_initials, 1, ub_name, DIRSTRING_TYPE, 0}, - {NID_serialNumber, 1, ub_serial_number, B_ASN1_PRINTABLESTRING, - STABLE_NO_MASK}, - {NID_friendlyName, -1, -1, B_ASN1_BMPSTRING, STABLE_NO_MASK}, - {NID_name, 1, ub_name, DIRSTRING_TYPE, 0}, - {NID_dnQualifier, -1, -1, B_ASN1_PRINTABLESTRING, STABLE_NO_MASK}, - {NID_domainComponent, 1, -1, B_ASN1_IA5STRING, STABLE_NO_MASK}, - {NID_ms_csp_name, -1, -1, B_ASN1_BMPSTRING, STABLE_NO_MASK}, - {NID_rfc822Mailbox, 1, ub_rfc822_mailbox, B_ASN1_IA5STRING, - STABLE_NO_MASK}, - {NID_INN, 1, 12, B_ASN1_NUMERICSTRING, STABLE_NO_MASK}, - {NID_OGRN, 1, 13, B_ASN1_NUMERICSTRING, STABLE_NO_MASK}, - {NID_SNILS, 1, 11, B_ASN1_NUMERICSTRING, STABLE_NO_MASK} -}; +#include "tbl_standard.h" static int sk_table_cmp(const ASN1_STRING_TABLE *const *a, const ASN1_STRING_TABLE *const *b) @@ -256,32 +210,3 @@ static void st_free(ASN1_STRING_TABLE *tbl) if (tbl->flags & STABLE_FLAGS_MALLOC) OPENSSL_free(tbl); } - - -#ifdef STRING_TABLE_TEST - -main() -{ - ASN1_STRING_TABLE *tmp; - int i, last_nid = -1; - - for (tmp = tbl_standard, i = 0; i < OSSL_NELEM(tbl_standard); i++, tmp++) { - if (tmp->nid < last_nid) { - last_nid = 0; - break; - } - last_nid = tmp->nid; - } - - if (last_nid != 0) { - printf("Table order OK\n"); - exit(0); - } - - for (tmp = tbl_standard, i = 0; i < OSSL_NELEM(tbl_standard); i++, tmp++) - printf("Index %d, NID %d, Name=%s\n", i, tmp->nid, - OBJ_nid2ln(tmp->nid)); - -} - -#endif diff --git a/crypto/asn1/ameth_lib.c b/crypto/asn1/ameth_lib.c index cfde49a..c677917 100644 --- a/crypto/asn1/ameth_lib.c +++ b/crypto/asn1/ameth_lib.c @@ -15,51 +15,11 @@ #include "internal/asn1_int.h" #include "internal/evp_int.h" -/* Keep this sorted in type order !! */ -static const EVP_PKEY_ASN1_METHOD *standard_methods[] = { -#ifndef OPENSSL_NO_RSA - &rsa_asn1_meths[0], - &rsa_asn1_meths[1], -#endif -#ifndef OPENSSL_NO_DH - &dh_asn1_meth, -#endif -#ifndef OPENSSL_NO_DSA - &dsa_asn1_meths[0], - &dsa_asn1_meths[1], - &dsa_asn1_meths[2], - &dsa_asn1_meths[3], - &dsa_asn1_meths[4], -#endif -#ifndef OPENSSL_NO_EC - &eckey_asn1_meth, -#endif - &hmac_asn1_meth, -#ifndef OPENSSL_NO_CMAC - &cmac_asn1_meth, -#endif -#ifndef OPENSSL_NO_DH - &dhx_asn1_meth, -#endif -#ifndef OPENSSL_NO_EC - &ecx25519_asn1_meth -#endif -}; +#include "standard_methods.h" typedef int sk_cmp_fn_type(const char *const *a, const char *const *b); static STACK_OF(EVP_PKEY_ASN1_METHOD) *app_methods = NULL; -#ifdef TEST -void main() -{ - int i; - for (i = 0; i < OSSL_NELEM(standard_methods); i++) - fprintf(stderr, "Number %d id=%d (%s)\n", i, - standard_methods[i]->pkey_id, - OBJ_nid2sn(standard_methods[i]->pkey_id)); -} -#endif - DECLARE_OBJ_BSEARCH_CMP_FN(const EVP_PKEY_ASN1_METHOD *, const EVP_PKEY_ASN1_METHOD *, ameth); diff --git a/crypto/asn1/standard_methods.h b/crypto/asn1/standard_methods.h new file mode 100644 index 0000000..5b8f9dd --- /dev/null +++ b/crypto/asn1/standard_methods.h @@ -0,0 +1,40 @@ +/* + * Copyright 2006-2016 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +/* Keep this sorted in type order !! */ +static const EVP_PKEY_ASN1_METHOD *standard_methods[] = { +#ifndef OPENSSL_NO_RSA + &rsa_asn1_meths[0], + &rsa_asn1_meths[1], +#endif +#ifndef OPENSSL_NO_DH + &dh_asn1_meth, +#endif +#ifndef OPENSSL_NO_DSA + &dsa_asn1_meths[0], + &dsa_asn1_meths[1], + &dsa_asn1_meths[2], + &dsa_asn1_meths[3], + &dsa_asn1_meths[4], +#endif +#ifndef OPENSSL_NO_EC + &eckey_asn1_meth, +#endif + &hmac_asn1_meth, +#ifndef OPENSSL_NO_CMAC + &cmac_asn1_meth, +#endif +#ifndef OPENSSL_NO_DH + &dhx_asn1_meth, +#endif +#ifndef OPENSSL_NO_EC + &ecx25519_asn1_meth +#endif +}; + diff --git a/crypto/asn1/tbl_standard.h b/crypto/asn1/tbl_standard.h new file mode 100644 index 0000000..7fb04f8 --- /dev/null +++ b/crypto/asn1/tbl_standard.h @@ -0,0 +1,57 @@ +/* + * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +/* size limits: this stuff is taken straight from RFC3280 */ + +#define ub_name 32768 +#define ub_common_name 64 +#define ub_locality_name 128 +#define ub_state_name 128 +#define ub_organization_name 64 +#define ub_organization_unit_name 64 +#define ub_title 64 +#define ub_email_address 128 +#define ub_serial_number 64 + +/* From RFC4524 */ + +#define ub_rfc822_mailbox 256 + +/* This table must be kept in NID order */ + +static const ASN1_STRING_TABLE tbl_standard[] = { + {NID_commonName, 1, ub_common_name, DIRSTRING_TYPE, 0}, + {NID_countryName, 2, 2, B_ASN1_PRINTABLESTRING, STABLE_NO_MASK}, + {NID_localityName, 1, ub_locality_name, DIRSTRING_TYPE, 0}, + {NID_stateOrProvinceName, 1, ub_state_name, DIRSTRING_TYPE, 0}, + {NID_organizationName, 1, ub_organization_name, DIRSTRING_TYPE, 0}, + {NID_organizationalUnitName, 1, ub_organization_unit_name, DIRSTRING_TYPE, + 0}, + {NID_pkcs9_emailAddress, 1, ub_email_address, B_ASN1_IA5STRING, + STABLE_NO_MASK}, + {NID_pkcs9_unstructuredName, 1, -1, PKCS9STRING_TYPE, 0}, + {NID_pkcs9_challengePassword, 1, -1, PKCS9STRING_TYPE, 0}, + {NID_pkcs9_unstructuredAddress, 1, -1, DIRSTRING_TYPE, 0}, + {NID_givenName, 1, ub_name, DIRSTRING_TYPE, 0}, + {NID_surname, 1, ub_name, DIRSTRING_TYPE, 0}, + {NID_initials, 1, ub_name, DIRSTRING_TYPE, 0}, + {NID_serialNumber, 1, ub_serial_number, B_ASN1_PRINTABLESTRING, + STABLE_NO_MASK}, + {NID_friendlyName, -1, -1, B_ASN1_BMPSTRING, STABLE_NO_MASK}, + {NID_name, 1, ub_name, DIRSTRING_TYPE, 0}, + {NID_dnQualifier, -1, -1, B_ASN1_PRINTABLESTRING, STABLE_NO_MASK}, + {NID_domainComponent, 1, -1, B_ASN1_IA5STRING, STABLE_NO_MASK}, + {NID_ms_csp_name, -1, -1, B_ASN1_BMPSTRING, STABLE_NO_MASK}, + {NID_rfc822Mailbox, 1, ub_rfc822_mailbox, B_ASN1_IA5STRING, + STABLE_NO_MASK}, + {NID_INN, 1, 12, B_ASN1_NUMERICSTRING, STABLE_NO_MASK}, + {NID_OGRN, 1, 13, B_ASN1_NUMERICSTRING, STABLE_NO_MASK}, + {NID_SNILS, 1, 11, B_ASN1_NUMERICSTRING, STABLE_NO_MASK} +}; + diff --git a/crypto/evp/p5_crpt2.c b/crypto/evp/p5_crpt2.c index 2e45aa3..024996f 100644 --- a/crypto/evp/p5_crpt2.c +++ b/crypto/evp/p5_crpt2.c @@ -129,18 +129,6 @@ int PKCS5_PBKDF2_HMAC_SHA1(const char *pass, int passlen, keylen, out); } -# ifdef DO_TEST -main() -{ - unsigned char out[4]; - unsigned char salt[] = { 0x12, 0x34, 0x56, 0x78 }; - PKCS5_PBKDF2_HMAC_SHA1("password", -1, salt, 4, 5, 4, out); - fprintf(stderr, "Out %02X %02X %02X %02X\n", - out[0], out[1], out[2], out[3]); -} - -# endif - /* * Now the key derivation function itself. This is a bit evil because it has * to check the ASN1 parameters are valid: and there are quite a few of diff --git a/crypto/mdc2/mdc2dgst.c b/crypto/mdc2/mdc2dgst.c index 37d99f4..14233b9 100644 --- a/crypto/mdc2/mdc2dgst.c +++ b/crypto/mdc2/mdc2dgst.c @@ -124,24 +124,3 @@ int MDC2_Final(unsigned char *md, MDC2_CTX *c) memcpy(&(md[MDC2_BLOCK]), (char *)c->hh, MDC2_BLOCK); return 1; } - -#undef TEST - -#ifdef TEST -main() -{ - unsigned char md[MDC2_DIGEST_LENGTH]; - int i; - MDC2_CTX c; - static char *text = "Now is the time for all "; - - MDC2_Init(&c); - MDC2_Update(&c, text, strlen(text)); - MDC2_Final(&(md[0]), &c); - - for (i = 0; i < MDC2_DIGEST_LENGTH; i++) - printf("%02X", md[i]); - printf("\n"); -} - -#endif diff --git a/crypto/modes/cts128.c b/crypto/modes/cts128.c index 77ec994..93826a1 100644 --- a/crypto/modes/cts128.c +++ b/crypto/modes/cts128.c @@ -328,196 +328,3 @@ size_t CRYPTO_nistcts128_decrypt(const unsigned char *in, unsigned char *out, #endif return 16 + len + residue; } - -#if defined(SELFTEST) -# include -# include - -/* test vectors from RFC 3962 */ -static const unsigned char test_key[16] = "chicken teriyaki"; -static const unsigned char test_input[64] = - "I would like the" " General Gau's C" - "hicken, please, " "and wonton soup."; -static const unsigned char test_iv[16] = - { 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 }; - -static const unsigned char vector_17[17] = { - 0xc6, 0x35, 0x35, 0x68, 0xf2, 0xbf, 0x8c, 0xb4, - 0xd8, 0xa5, 0x80, 0x36, 0x2d, 0xa7, 0xff, 0x7f, - 0x97 -}; - -static const unsigned char vector_31[31] = { - 0xfc, 0x00, 0x78, 0x3e, 0x0e, 0xfd, 0xb2, 0xc1, - 0xd4, 0x45, 0xd4, 0xc8, 0xef, 0xf7, 0xed, 0x22, - 0x97, 0x68, 0x72, 0x68, 0xd6, 0xec, 0xcc, 0xc0, - 0xc0, 0x7b, 0x25, 0xe2, 0x5e, 0xcf, 0xe5 -}; - -static const unsigned char vector_32[32] = { - 0x39, 0x31, 0x25, 0x23, 0xa7, 0x86, 0x62, 0xd5, - 0xbe, 0x7f, 0xcb, 0xcc, 0x98, 0xeb, 0xf5, 0xa8, - 0x97, 0x68, 0x72, 0x68, 0xd6, 0xec, 0xcc, 0xc0, - 0xc0, 0x7b, 0x25, 0xe2, 0x5e, 0xcf, 0xe5, 0x84 -}; - -static const unsigned char vector_47[47] = { - 0x97, 0x68, 0x72, 0x68, 0xd6, 0xec, 0xcc, 0xc0, - 0xc0, 0x7b, 0x25, 0xe2, 0x5e, 0xcf, 0xe5, 0x84, - 0xb3, 0xff, 0xfd, 0x94, 0x0c, 0x16, 0xa1, 0x8c, - 0x1b, 0x55, 0x49, 0xd2, 0xf8, 0x38, 0x02, 0x9e, - 0x39, 0x31, 0x25, 0x23, 0xa7, 0x86, 0x62, 0xd5, - 0xbe, 0x7f, 0xcb, 0xcc, 0x98, 0xeb, 0xf5 -}; - -static const unsigned char vector_48[48] = { - 0x97, 0x68, 0x72, 0x68, 0xd6, 0xec, 0xcc, 0xc0, - 0xc0, 0x7b, 0x25, 0xe2, 0x5e, 0xcf, 0xe5, 0x84, - 0x9d, 0xad, 0x8b, 0xbb, 0x96, 0xc4, 0xcd, 0xc0, - 0x3b, 0xc1, 0x03, 0xe1, 0xa1, 0x94, 0xbb, 0xd8, - 0x39, 0x31, 0x25, 0x23, 0xa7, 0x86, 0x62, 0xd5, - 0xbe, 0x7f, 0xcb, 0xcc, 0x98, 0xeb, 0xf5, 0xa8 -}; - -static const unsigned char vector_64[64] = { - 0x97, 0x68, 0x72, 0x68, 0xd6, 0xec, 0xcc, 0xc0, - 0xc0, 0x7b, 0x25, 0xe2, 0x5e, 0xcf, 0xe5, 0x84, - 0x39, 0x31, 0x25, 0x23, 0xa7, 0x86, 0x62, 0xd5, - 0xbe, 0x7f, 0xcb, 0xcc, 0x98, 0xeb, 0xf5, 0xa8, - 0x48, 0x07, 0xef, 0xe8, 0x36, 0xee, 0x89, 0xa5, - 0x26, 0x73, 0x0d, 0xbc, 0x2f, 0x7b, 0xc8, 0x40, - 0x9d, 0xad, 0x8b, 0xbb, 0x96, 0xc4, 0xcd, 0xc0, - 0x3b, 0xc1, 0x03, 0xe1, 0xa1, 0x94, 0xbb, 0xd8 -}; - -static AES_KEY encks, decks; - -void test_vector(const unsigned char *vector, size_t len) -{ - unsigned char iv[sizeof(test_iv)]; - unsigned char cleartext[64], ciphertext[64]; - size_t tail; - - printf("vector_%d\n", len); - fflush(stdout); - - if ((tail = len % 16) == 0) - tail = 16; - tail += 16; - - /* test block-based encryption */ - memcpy(iv, test_iv, sizeof(test_iv)); - CRYPTO_cts128_encrypt_block(test_input, ciphertext, len, &encks, iv, - (block128_f) AES_encrypt); - if (memcmp(ciphertext, vector, len)) - fprintf(stderr, "output_%d mismatch\n", len), exit(1); - if (memcmp(iv, vector + len - tail, sizeof(iv))) - fprintf(stderr, "iv_%d mismatch\n", len), exit(1); - - /* test block-based decryption */ - memcpy(iv, test_iv, sizeof(test_iv)); - CRYPTO_cts128_decrypt_block(ciphertext, cleartext, len, &decks, iv, - (block128_f) AES_decrypt); - if (memcmp(cleartext, test_input, len)) - fprintf(stderr, "input_%d mismatch\n", len), exit(2); - if (memcmp(iv, vector + len - tail, sizeof(iv))) - fprintf(stderr, "iv_%d mismatch\n", len), exit(2); - - /* test streamed encryption */ - memcpy(iv, test_iv, sizeof(test_iv)); - CRYPTO_cts128_encrypt(test_input, ciphertext, len, &encks, iv, - (cbc128_f) AES_cbc_encrypt); - if (memcmp(ciphertext, vector, len)) - fprintf(stderr, "output_%d mismatch\n", len), exit(3); - if (memcmp(iv, vector + len - tail, sizeof(iv))) - fprintf(stderr, "iv_%d mismatch\n", len), exit(3); - - /* test streamed decryption */ - memcpy(iv, test_iv, sizeof(test_iv)); - CRYPTO_cts128_decrypt(ciphertext, cleartext, len, &decks, iv, - (cbc128_f) AES_cbc_encrypt); - if (memcmp(cleartext, test_input, len)) - fprintf(stderr, "input_%d mismatch\n", len), exit(4); - if (memcmp(iv, vector + len - tail, sizeof(iv))) - fprintf(stderr, "iv_%d mismatch\n", len), exit(4); -} - -void test_nistvector(const unsigned char *vector, size_t len) -{ - unsigned char iv[sizeof(test_iv)]; - unsigned char cleartext[64], ciphertext[64], nistvector[64]; - size_t tail; - - printf("nistvector_%d\n", len); - fflush(stdout); - - if ((tail = len % 16) == 0) - tail = 16; - - len -= 16 + tail; - memcpy(nistvector, vector, len); - /* flip two last blocks */ - memcpy(nistvector + len, vector + len + 16, tail); - memcpy(nistvector + len + tail, vector + len, 16); - len += 16 + tail; - tail = 16; - - /* test block-based encryption */ - memcpy(iv, test_iv, sizeof(test_iv)); - CRYPTO_nistcts128_encrypt_block(test_input, ciphertext, len, &encks, iv, - (block128_f) AES_encrypt); - if (memcmp(ciphertext, nistvector, len)) - fprintf(stderr, "output_%d mismatch\n", len), exit(1); - if (memcmp(iv, nistvector + len - tail, sizeof(iv))) - fprintf(stderr, "iv_%d mismatch\n", len), exit(1); - - /* test block-based decryption */ - memcpy(iv, test_iv, sizeof(test_iv)); - CRYPTO_nistcts128_decrypt_block(ciphertext, cleartext, len, &decks, iv, - (block128_f) AES_decrypt); - if (memcmp(cleartext, test_input, len)) - fprintf(stderr, "input_%d mismatch\n", len), exit(2); - if (memcmp(iv, nistvector + len - tail, sizeof(iv))) - fprintf(stderr, "iv_%d mismatch\n", len), exit(2); - - /* test streamed encryption */ - memcpy(iv, test_iv, sizeof(test_iv)); - CRYPTO_nistcts128_encrypt(test_input, ciphertext, len, &encks, iv, - (cbc128_f) AES_cbc_encrypt); - if (memcmp(ciphertext, nistvector, len)) - fprintf(stderr, "output_%d mismatch\n", len), exit(3); - if (memcmp(iv, nistvector + len - tail, sizeof(iv))) - fprintf(stderr, "iv_%d mismatch\n", len), exit(3); - - /* test streamed decryption */ - memcpy(iv, test_iv, sizeof(test_iv)); - CRYPTO_nistcts128_decrypt(ciphertext, cleartext, len, &decks, iv, - (cbc128_f) AES_cbc_encrypt); - if (memcmp(cleartext, test_input, len)) - fprintf(stderr, "input_%d mismatch\n", len), exit(4); - if (memcmp(iv, nistvector + len - tail, sizeof(iv))) - fprintf(stderr, "iv_%d mismatch\n", len), exit(4); -} - -int main() -{ - AES_set_encrypt_key(test_key, 128, &encks); - AES_set_decrypt_key(test_key, 128, &decks); - - test_vector(vector_17, sizeof(vector_17)); - test_vector(vector_31, sizeof(vector_31)); - test_vector(vector_32, sizeof(vector_32)); - test_vector(vector_47, sizeof(vector_47)); - test_vector(vector_48, sizeof(vector_48)); - test_vector(vector_64, sizeof(vector_64)); - - test_nistvector(vector_17, sizeof(vector_17)); - test_nistvector(vector_31, sizeof(vector_31)); - test_nistvector(vector_32, sizeof(vector_32)); - test_nistvector(vector_47, sizeof(vector_47)); - test_nistvector(vector_48, sizeof(vector_48)); - test_nistvector(vector_64, sizeof(vector_64)); - - return 0; -} -#endif diff --git a/crypto/modes/gcm128.c b/crypto/modes/gcm128.c index df9f654..7dead28 100644 --- a/crypto/modes/gcm128.c +++ b/crypto/modes/gcm128.c @@ -1664,639 +1664,3 @@ void CRYPTO_gcm128_release(GCM128_CONTEXT *ctx) { OPENSSL_clear_free(ctx, sizeof(*ctx)); } - -#if defined(SELFTEST) -# include -# include - -/* Test Case 1 */ -static const u8 K1[16], *P1 = NULL, *A1 = NULL, IV1[12], *C1 = NULL; -static const u8 T1[] = { - 0x58, 0xe2, 0xfc, 0xce, 0xfa, 0x7e, 0x30, 0x61, - 0x36, 0x7f, 0x1d, 0x57, 0xa4, 0xe7, 0x45, 0x5a -}; - -/* Test Case 2 */ -# define K2 K1 -# define A2 A1 -# define IV2 IV1 -static const u8 P2[16]; -static const u8 C2[] = { - 0x03, 0x88, 0xda, 0xce, 0x60, 0xb6, 0xa3, 0x92, - 0xf3, 0x28, 0xc2, 0xb9, 0x71, 0xb2, 0xfe, 0x78 -}; - -static const u8 T2[] = { - 0xab, 0x6e, 0x47, 0xd4, 0x2c, 0xec, 0x13, 0xbd, - 0xf5, 0x3a, 0x67, 0xb2, 0x12, 0x57, 0xbd, 0xdf -}; - -/* Test Case 3 */ -# define A3 A2 -static const u8 K3[] = { - 0xfe, 0xff, 0xe9, 0x92, 0x86, 0x65, 0x73, 0x1c, - 0x6d, 0x6a, 0x8f, 0x94, 0x67, 0x30, 0x83, 0x08 -}; - -static const u8 P3[] = { - 0xd9, 0x31, 0x32, 0x25, 0xf8, 0x84, 0x06, 0xe5, - 0xa5, 0x59, 0x09, 0xc5, 0xaf, 0xf5, 0x26, 0x9a, - 0x86, 0xa7, 0xa9, 0x53, 0x15, 0x34, 0xf7, 0xda, - 0x2e, 0x4c, 0x30, 0x3d, 0x8a, 0x31, 0x8a, 0x72, - 0x1c, 0x3c, 0x0c, 0x95, 0x95, 0x68, 0x09, 0x53, - 0x2f, 0xcf, 0x0e, 0x24, 0x49, 0xa6, 0xb5, 0x25, - 0xb1, 0x6a, 0xed, 0xf5, 0xaa, 0x0d, 0xe6, 0x57, - 0xba, 0x63, 0x7b, 0x39, 0x1a, 0xaf, 0xd2, 0x55 -}; - -static const u8 IV3[] = { - 0xca, 0xfe, 0xba, 0xbe, 0xfa, 0xce, 0xdb, 0xad, - 0xde, 0xca, 0xf8, 0x88 -}; - -static const u8 C3[] = { - 0x42, 0x83, 0x1e, 0xc2, 0x21, 0x77, 0x74, 0x24, - 0x4b, 0x72, 0x21, 0xb7, 0x84, 0xd0, 0xd4, 0x9c, - 0xe3, 0xaa, 0x21, 0x2f, 0x2c, 0x02, 0xa4, 0xe0, - 0x35, 0xc1, 0x7e, 0x23, 0x29, 0xac, 0xa1, 0x2e, - 0x21, 0xd5, 0x14, 0xb2, 0x54, 0x66, 0x93, 0x1c, - 0x7d, 0x8f, 0x6a, 0x5a, 0xac, 0x84, 0xaa, 0x05, - 0x1b, 0xa3, 0x0b, 0x39, 0x6a, 0x0a, 0xac, 0x97, - 0x3d, 0x58, 0xe0, 0x91, 0x47, 0x3f, 0x59, 0x85 -}; - -static const u8 T3[] = { - 0x4d, 0x5c, 0x2a, 0xf3, 0x27, 0xcd, 0x64, 0xa6, - 0x2c, 0xf3, 0x5a, 0xbd, 0x2b, 0xa6, 0xfa, 0xb4 -}; - -/* Test Case 4 */ -# define K4 K3 -# define IV4 IV3 -static const u8 P4[] = { - 0xd9, 0x31, 0x32, 0x25, 0xf8, 0x84, 0x06, 0xe5, - 0xa5, 0x59, 0x09, 0xc5, 0xaf, 0xf5, 0x26, 0x9a, - 0x86, 0xa7, 0xa9, 0x53, 0x15, 0x34, 0xf7, 0xda, - 0x2e, 0x4c, 0x30, 0x3d, 0x8a, 0x31, 0x8a, 0x72, - 0x1c, 0x3c, 0x0c, 0x95, 0x95, 0x68, 0x09, 0x53, - 0x2f, 0xcf, 0x0e, 0x24, 0x49, 0xa6, 0xb5, 0x25, - 0xb1, 0x6a, 0xed, 0xf5, 0xaa, 0x0d, 0xe6, 0x57, - 0xba, 0x63, 0x7b, 0x39 -}; - -static const u8 A4[] = { - 0xfe, 0xed, 0xfa, 0xce, 0xde, 0xad, 0xbe, 0xef, - 0xfe, 0xed, 0xfa, 0xce, 0xde, 0xad, 0xbe, 0xef, - 0xab, 0xad, 0xda, 0xd2 -}; - -static const u8 C4[] = { - 0x42, 0x83, 0x1e, 0xc2, 0x21, 0x77, 0x74, 0x24, - 0x4b, 0x72, 0x21, 0xb7, 0x84, 0xd0, 0xd4, 0x9c, - 0xe3, 0xaa, 0x21, 0x2f, 0x2c, 0x02, 0xa4, 0xe0, - 0x35, 0xc1, 0x7e, 0x23, 0x29, 0xac, 0xa1, 0x2e, - 0x21, 0xd5, 0x14, 0xb2, 0x54, 0x66, 0x93, 0x1c, - 0x7d, 0x8f, 0x6a, 0x5a, 0xac, 0x84, 0xaa, 0x05, - 0x1b, 0xa3, 0x0b, 0x39, 0x6a, 0x0a, 0xac, 0x97, - 0x3d, 0x58, 0xe0, 0x91 -}; - -static const u8 T4[] = { - 0x5b, 0xc9, 0x4f, 0xbc, 0x32, 0x21, 0xa5, 0xdb, - 0x94, 0xfa, 0xe9, 0x5a, 0xe7, 0x12, 0x1a, 0x47 -}; - -/* Test Case 5 */ -# define K5 K4 -# define P5 P4 -# define A5 A4 -static const u8 IV5[] = { - 0xca, 0xfe, 0xba, 0xbe, 0xfa, 0xce, 0xdb, 0xad -}; - -static const u8 C5[] = { - 0x61, 0x35, 0x3b, 0x4c, 0x28, 0x06, 0x93, 0x4a, - 0x77, 0x7f, 0xf5, 0x1f, 0xa2, 0x2a, 0x47, 0x55, - 0x69, 0x9b, 0x2a, 0x71, 0x4f, 0xcd, 0xc6, 0xf8, - 0x37, 0x66, 0xe5, 0xf9, 0x7b, 0x6c, 0x74, 0x23, - 0x73, 0x80, 0x69, 0x00, 0xe4, 0x9f, 0x24, 0xb2, - 0x2b, 0x09, 0x75, 0x44, 0xd4, 0x89, 0x6b, 0x42, - 0x49, 0x89, 0xb5, 0xe1, 0xeb, 0xac, 0x0f, 0x07, - 0xc2, 0x3f, 0x45, 0x98 -}; - -static const u8 T5[] = { - 0x36, 0x12, 0xd2, 0xe7, 0x9e, 0x3b, 0x07, 0x85, - 0x56, 0x1b, 0xe1, 0x4a, 0xac, 0xa2, 0xfc, 0xcb -}; - -/* Test Case 6 */ -# define K6 K5 -# define P6 P5 -# define A6 A5 -static const u8 IV6[] = { - 0x93, 0x13, 0x22, 0x5d, 0xf8, 0x84, 0x06, 0xe5, - 0x55, 0x90, 0x9c, 0x5a, 0xff, 0x52, 0x69, 0xaa, - 0x6a, 0x7a, 0x95, 0x38, 0x53, 0x4f, 0x7d, 0xa1, - 0xe4, 0xc3, 0x03, 0xd2, 0xa3, 0x18, 0xa7, 0x28, - 0xc3, 0xc0, 0xc9, 0x51, 0x56, 0x80, 0x95, 0x39, - 0xfc, 0xf0, 0xe2, 0x42, 0x9a, 0x6b, 0x52, 0x54, - 0x16, 0xae, 0xdb, 0xf5, 0xa0, 0xde, 0x6a, 0x57, - 0xa6, 0x37, 0xb3, 0x9b -}; - -static const u8 C6[] = { - 0x8c, 0xe2, 0x49, 0x98, 0x62, 0x56, 0x15, 0xb6, - 0x03, 0xa0, 0x33, 0xac, 0xa1, 0x3f, 0xb8, 0x94, - 0xbe, 0x91, 0x12, 0xa5, 0xc3, 0xa2, 0x11, 0xa8, - 0xba, 0x26, 0x2a, 0x3c, 0xca, 0x7e, 0x2c, 0xa7, - 0x01, 0xe4, 0xa9, 0xa4, 0xfb, 0xa4, 0x3c, 0x90, - 0xcc, 0xdc, 0xb2, 0x81, 0xd4, 0x8c, 0x7c, 0x6f, - 0xd6, 0x28, 0x75, 0xd2, 0xac, 0xa4, 0x17, 0x03, - 0x4c, 0x34, 0xae, 0xe5 -}; - -static const u8 T6[] = { - 0x61, 0x9c, 0xc5, 0xae, 0xff, 0xfe, 0x0b, 0xfa, - 0x46, 0x2a, 0xf4, 0x3c, 0x16, 0x99, 0xd0, 0x50 -}; - -/* Test Case 7 */ -static const u8 K7[24], *P7 = NULL, *A7 = NULL, IV7[12], *C7 = NULL; -static const u8 T7[] = { - 0xcd, 0x33, 0xb2, 0x8a, 0xc7, 0x73, 0xf7, 0x4b, - 0xa0, 0x0e, 0xd1, 0xf3, 0x12, 0x57, 0x24, 0x35 -}; - -/* Test Case 8 */ -# define K8 K7 -# define IV8 IV7 -# define A8 A7 -static const u8 P8[16]; -static const u8 C8[] = { - 0x98, 0xe7, 0x24, 0x7c, 0x07, 0xf0, 0xfe, 0x41, - 0x1c, 0x26, 0x7e, 0x43, 0x84, 0xb0, 0xf6, 0x00 -}; - -static const u8 T8[] = { - 0x2f, 0xf5, 0x8d, 0x80, 0x03, 0x39, 0x27, 0xab, - 0x8e, 0xf4, 0xd4, 0x58, 0x75, 0x14, 0xf0, 0xfb -}; - -/* Test Case 9 */ -# define A9 A8 -static const u8 K9[] = { - 0xfe, 0xff, 0xe9, 0x92, 0x86, 0x65, 0x73, 0x1c, - 0x6d, 0x6a, 0x8f, 0x94, 0x67, 0x30, 0x83, 0x08, - 0xfe, 0xff, 0xe9, 0x92, 0x86, 0x65, 0x73, 0x1c -}; - -static const u8 P9[] = { - 0xd9, 0x31, 0x32, 0x25, 0xf8, 0x84, 0x06, 0xe5, - 0xa5, 0x59, 0x09, 0xc5, 0xaf, 0xf5, 0x26, 0x9a, - 0x86, 0xa7, 0xa9, 0x53, 0x15, 0x34, 0xf7, 0xda, - 0x2e, 0x4c, 0x30, 0x3d, 0x8a, 0x31, 0x8a, 0x72, - 0x1c, 0x3c, 0x0c, 0x95, 0x95, 0x68, 0x09, 0x53, - 0x2f, 0xcf, 0x0e, 0x24, 0x49, 0xa6, 0xb5, 0x25, - 0xb1, 0x6a, 0xed, 0xf5, 0xaa, 0x0d, 0xe6, 0x57, - 0xba, 0x63, 0x7b, 0x39, 0x1a, 0xaf, 0xd2, 0x55 -}; - -static const u8 IV9[] = { - 0xca, 0xfe, 0xba, 0xbe, 0xfa, 0xce, 0xdb, 0xad, - 0xde, 0xca, 0xf8, 0x88 -}; - -static const u8 C9[] = { - 0x39, 0x80, 0xca, 0x0b, 0x3c, 0x00, 0xe8, 0x41, - 0xeb, 0x06, 0xfa, 0xc4, 0x87, 0x2a, 0x27, 0x57, - 0x85, 0x9e, 0x1c, 0xea, 0xa6, 0xef, 0xd9, 0x84, - 0x62, 0x85, 0x93, 0xb4, 0x0c, 0xa1, 0xe1, 0x9c, - 0x7d, 0x77, 0x3d, 0x00, 0xc1, 0x44, 0xc5, 0x25, - 0xac, 0x61, 0x9d, 0x18, 0xc8, 0x4a, 0x3f, 0x47, - 0x18, 0xe2, 0x44, 0x8b, 0x2f, 0xe3, 0x24, 0xd9, - 0xcc, 0xda, 0x27, 0x10, 0xac, 0xad, 0xe2, 0x56 -}; - -static const u8 T9[] = { - 0x99, 0x24, 0xa7, 0xc8, 0x58, 0x73, 0x36, 0xbf, - 0xb1, 0x18, 0x02, 0x4d, 0xb8, 0x67, 0x4a, 0x14 -}; - -/* Test Case 10 */ -# define K10 K9 -# define IV10 IV9 -static const u8 P10[] = { - 0xd9, 0x31, 0x32, 0x25, 0xf8, 0x84, 0x06, 0xe5, - 0xa5, 0x59, 0x09, 0xc5, 0xaf, 0xf5, 0x26, 0x9a, - 0x86, 0xa7, 0xa9, 0x53, 0x15, 0x34, 0xf7, 0xda, - 0x2e, 0x4c, 0x30, 0x3d, 0x8a, 0x31, 0x8a, 0x72, - 0x1c, 0x3c, 0x0c, 0x95, 0x95, 0x68, 0x09, 0x53, - 0x2f, 0xcf, 0x0e, 0x24, 0x49, 0xa6, 0xb5, 0x25, - 0xb1, 0x6a, 0xed, 0xf5, 0xaa, 0x0d, 0xe6, 0x57, - 0xba, 0x63, 0x7b, 0x39 -}; - -static const u8 A10[] = { - 0xfe, 0xed, 0xfa, 0xce, 0xde, 0xad, 0xbe, 0xef, - 0xfe, 0xed, 0xfa, 0xce, 0xde, 0xad, 0xbe, 0xef, - 0xab, 0xad, 0xda, 0xd2 -}; - -static const u8 C10[] = { - 0x39, 0x80, 0xca, 0x0b, 0x3c, 0x00, 0xe8, 0x41, - 0xeb, 0x06, 0xfa, 0xc4, 0x87, 0x2a, 0x27, 0x57, - 0x85, 0x9e, 0x1c, 0xea, 0xa6, 0xef, 0xd9, 0x84, - 0x62, 0x85, 0x93, 0xb4, 0x0c, 0xa1, 0xe1, 0x9c, - 0x7d, 0x77, 0x3d, 0x00, 0xc1, 0x44, 0xc5, 0x25, - 0xac, 0x61, 0x9d, 0x18, 0xc8, 0x4a, 0x3f, 0x47, - 0x18, 0xe2, 0x44, 0x8b, 0x2f, 0xe3, 0x24, 0xd9, - 0xcc, 0xda, 0x27, 0x10 -}; - -static const u8 T10[] = { - 0x25, 0x19, 0x49, 0x8e, 0x80, 0xf1, 0x47, 0x8f, - 0x37, 0xba, 0x55, 0xbd, 0x6d, 0x27, 0x61, 0x8c -}; - -/* Test Case 11 */ -# define K11 K10 -# define P11 P10 -# define A11 A10 -static const u8 IV11[] = { 0xca, 0xfe, 0xba, 0xbe, 0xfa, 0xce, 0xdb, 0xad }; - -static const u8 C11[] = { - 0x0f, 0x10, 0xf5, 0x99, 0xae, 0x14, 0xa1, 0x54, - 0xed, 0x24, 0xb3, 0x6e, 0x25, 0x32, 0x4d, 0xb8, - 0xc5, 0x66, 0x63, 0x2e, 0xf2, 0xbb, 0xb3, 0x4f, - 0x83, 0x47, 0x28, 0x0f, 0xc4, 0x50, 0x70, 0x57, - 0xfd, 0xdc, 0x29, 0xdf, 0x9a, 0x47, 0x1f, 0x75, - 0xc6, 0x65, 0x41, 0xd4, 0xd4, 0xda, 0xd1, 0xc9, - 0xe9, 0x3a, 0x19, 0xa5, 0x8e, 0x8b, 0x47, 0x3f, - 0xa0, 0xf0, 0x62, 0xf7 -}; - -static const u8 T11[] = { - 0x65, 0xdc, 0xc5, 0x7f, 0xcf, 0x62, 0x3a, 0x24, - 0x09, 0x4f, 0xcc, 0xa4, 0x0d, 0x35, 0x33, 0xf8 -}; - -/* Test Case 12 */ -# define K12 K11 -# define P12 P11 -# define A12 A11 -static const u8 IV12[] = { - 0x93, 0x13, 0x22, 0x5d, 0xf8, 0x84, 0x06, 0xe5, - 0x55, 0x90, 0x9c, 0x5a, 0xff, 0x52, 0x69, 0xaa, - 0x6a, 0x7a, 0x95, 0x38, 0x53, 0x4f, 0x7d, 0xa1, - 0xe4, 0xc3, 0x03, 0xd2, 0xa3, 0x18, 0xa7, 0x28, - 0xc3, 0xc0, 0xc9, 0x51, 0x56, 0x80, 0x95, 0x39, - 0xfc, 0xf0, 0xe2, 0x42, 0x9a, 0x6b, 0x52, 0x54, - 0x16, 0xae, 0xdb, 0xf5, 0xa0, 0xde, 0x6a, 0x57, - 0xa6, 0x37, 0xb3, 0x9b -}; - -static const u8 C12[] = { - 0xd2, 0x7e, 0x88, 0x68, 0x1c, 0xe3, 0x24, 0x3c, - 0x48, 0x30, 0x16, 0x5a, 0x8f, 0xdc, 0xf9, 0xff, - 0x1d, 0xe9, 0xa1, 0xd8, 0xe6, 0xb4, 0x47, 0xef, - 0x6e, 0xf7, 0xb7, 0x98, 0x28, 0x66, 0x6e, 0x45, - 0x81, 0xe7, 0x90, 0x12, 0xaf, 0x34, 0xdd, 0xd9, - 0xe2, 0xf0, 0x37, 0x58, 0x9b, 0x29, 0x2d, 0xb3, - 0xe6, 0x7c, 0x03, 0x67, 0x45, 0xfa, 0x22, 0xe7, - 0xe9, 0xb7, 0x37, 0x3b -}; - -static const u8 T12[] = { - 0xdc, 0xf5, 0x66, 0xff, 0x29, 0x1c, 0x25, 0xbb, - 0xb8, 0x56, 0x8f, 0xc3, 0xd3, 0x76, 0xa6, 0xd9 -}; - -/* Test Case 13 */ -static const u8 K13[32], *P13 = NULL, *A13 = NULL, IV13[12], *C13 = NULL; -static const u8 T13[] = { - 0x53, 0x0f, 0x8a, 0xfb, 0xc7, 0x45, 0x36, 0xb9, - 0xa9, 0x63, 0xb4, 0xf1, 0xc4, 0xcb, 0x73, 0x8b -}; - -/* Test Case 14 */ -# define K14 K13 -# define A14 A13 -static const u8 P14[16], IV14[12]; -static const u8 C14[] = { - 0xce, 0xa7, 0x40, 0x3d, 0x4d, 0x60, 0x6b, 0x6e, - 0x07, 0x4e, 0xc5, 0xd3, 0xba, 0xf3, 0x9d, 0x18 -}; - -static const u8 T14[] = { - 0xd0, 0xd1, 0xc8, 0xa7, 0x99, 0x99, 0x6b, 0xf0, - 0x26, 0x5b, 0x98, 0xb5, 0xd4, 0x8a, 0xb9, 0x19 -}; - -/* Test Case 15 */ -# define A15 A14 -static const u8 K15[] = { - 0xfe, 0xff, 0xe9, 0x92, 0x86, 0x65, 0x73, 0x1c, - 0x6d, 0x6a, 0x8f, 0x94, 0x67, 0x30, 0x83, 0x08, - 0xfe, 0xff, 0xe9, 0x92, 0x86, 0x65, 0x73, 0x1c, - 0x6d, 0x6a, 0x8f, 0x94, 0x67, 0x30, 0x83, 0x08 -}; - -static const u8 P15[] = { - 0xd9, 0x31, 0x32, 0x25, 0xf8, 0x84, 0x06, 0xe5, - 0xa5, 0x59, 0x09, 0xc5, 0xaf, 0xf5, 0x26, 0x9a, - 0x86, 0xa7, 0xa9, 0x53, 0x15, 0x34, 0xf7, 0xda, - 0x2e, 0x4c, 0x30, 0x3d, 0x8a, 0x31, 0x8a, 0x72, - 0x1c, 0x3c, 0x0c, 0x95, 0x95, 0x68, 0x09, 0x53, - 0x2f, 0xcf, 0x0e, 0x24, 0x49, 0xa6, 0xb5, 0x25, - 0xb1, 0x6a, 0xed, 0xf5, 0xaa, 0x0d, 0xe6, 0x57, - 0xba, 0x63, 0x7b, 0x39, 0x1a, 0xaf, 0xd2, 0x55 -}; - -static const u8 IV15[] = { - 0xca, 0xfe, 0xba, 0xbe, 0xfa, 0xce, 0xdb, 0xad, - 0xde, 0xca, 0xf8, 0x88 -}; - -static const u8 C15[] = { - 0x52, 0x2d, 0xc1, 0xf0, 0x99, 0x56, 0x7d, 0x07, - 0xf4, 0x7f, 0x37, 0xa3, 0x2a, 0x84, 0x42, 0x7d, - 0x64, 0x3a, 0x8c, 0xdc, 0xbf, 0xe5, 0xc0, 0xc9, - 0x75, 0x98, 0xa2, 0xbd, 0x25, 0x55, 0xd1, 0xaa, - 0x8c, 0xb0, 0x8e, 0x48, 0x59, 0x0d, 0xbb, 0x3d, - 0xa7, 0xb0, 0x8b, 0x10, 0x56, 0x82, 0x88, 0x38, - 0xc5, 0xf6, 0x1e, 0x63, 0x93, 0xba, 0x7a, 0x0a, - 0xbc, 0xc9, 0xf6, 0x62, 0x89, 0x80, 0x15, 0xad -}; - -static const u8 T15[] = { - 0xb0, 0x94, 0xda, 0xc5, 0xd9, 0x34, 0x71, 0xbd, - 0xec, 0x1a, 0x50, 0x22, 0x70, 0xe3, 0xcc, 0x6c -}; - -/* Test Case 16 */ -# define K16 K15 -# define IV16 IV15 -static const u8 P16[] = { - 0xd9, 0x31, 0x32, 0x25, 0xf8, 0x84, 0x06, 0xe5, - 0xa5, 0x59, 0x09, 0xc5, 0xaf, 0xf5, 0x26, 0x9a, - 0x86, 0xa7, 0xa9, 0x53, 0x15, 0x34, 0xf7, 0xda, - 0x2e, 0x4c, 0x30, 0x3d, 0x8a, 0x31, 0x8a, 0x72, - 0x1c, 0x3c, 0x0c, 0x95, 0x95, 0x68, 0x09, 0x53, - 0x2f, 0xcf, 0x0e, 0x24, 0x49, 0xa6, 0xb5, 0x25, - 0xb1, 0x6a, 0xed, 0xf5, 0xaa, 0x0d, 0xe6, 0x57, - 0xba, 0x63, 0x7b, 0x39 -}; - -static const u8 A16[] = { - 0xfe, 0xed, 0xfa, 0xce, 0xde, 0xad, 0xbe, 0xef, - 0xfe, 0xed, 0xfa, 0xce, 0xde, 0xad, 0xbe, 0xef, - 0xab, 0xad, 0xda, 0xd2 -}; - -static const u8 C16[] = { - 0x52, 0x2d, 0xc1, 0xf0, 0x99, 0x56, 0x7d, 0x07, - 0xf4, 0x7f, 0x37, 0xa3, 0x2a, 0x84, 0x42, 0x7d, - 0x64, 0x3a, 0x8c, 0xdc, 0xbf, 0xe5, 0xc0, 0xc9, - 0x75, 0x98, 0xa2, 0xbd, 0x25, 0x55, 0xd1, 0xaa, - 0x8c, 0xb0, 0x8e, 0x48, 0x59, 0x0d, 0xbb, 0x3d, - 0xa7, 0xb0, 0x8b, 0x10, 0x56, 0x82, 0x88, 0x38, - 0xc5, 0xf6, 0x1e, 0x63, 0x93, 0xba, 0x7a, 0x0a, - 0xbc, 0xc9, 0xf6, 0x62 -}; - -static const u8 T16[] = { - 0x76, 0xfc, 0x6e, 0xce, 0x0f, 0x4e, 0x17, 0x68, - 0xcd, 0xdf, 0x88, 0x53, 0xbb, 0x2d, 0x55, 0x1b -}; - -/* Test Case 17 */ -# define K17 K16 -# define P17 P16 -# define A17 A16 -static const u8 IV17[] = { 0xca, 0xfe, 0xba, 0xbe, 0xfa, 0xce, 0xdb, 0xad }; - -static const u8 C17[] = { - 0xc3, 0x76, 0x2d, 0xf1, 0xca, 0x78, 0x7d, 0x32, - 0xae, 0x47, 0xc1, 0x3b, 0xf1, 0x98, 0x44, 0xcb, - 0xaf, 0x1a, 0xe1, 0x4d, 0x0b, 0x97, 0x6a, 0xfa, - 0xc5, 0x2f, 0xf7, 0xd7, 0x9b, 0xba, 0x9d, 0xe0, - 0xfe, 0xb5, 0x82, 0xd3, 0x39, 0x34, 0xa4, 0xf0, - 0x95, 0x4c, 0xc2, 0x36, 0x3b, 0xc7, 0x3f, 0x78, - 0x62, 0xac, 0x43, 0x0e, 0x64, 0xab, 0xe4, 0x99, - 0xf4, 0x7c, 0x9b, 0x1f -}; - -static const u8 T17[] = { - 0x3a, 0x33, 0x7d, 0xbf, 0x46, 0xa7, 0x92, 0xc4, - 0x5e, 0x45, 0x49, 0x13, 0xfe, 0x2e, 0xa8, 0xf2 -}; - -/* Test Case 18 */ -# define K18 K17 -# define P18 P17 -# define A18 A17 -static const u8 IV18[] = { - 0x93, 0x13, 0x22, 0x5d, 0xf8, 0x84, 0x06, 0xe5, - 0x55, 0x90, 0x9c, 0x5a, 0xff, 0x52, 0x69, 0xaa, - 0x6a, 0x7a, 0x95, 0x38, 0x53, 0x4f, 0x7d, 0xa1, - 0xe4, 0xc3, 0x03, 0xd2, 0xa3, 0x18, 0xa7, 0x28, - 0xc3, 0xc0, 0xc9, 0x51, 0x56, 0x80, 0x95, 0x39, - 0xfc, 0xf0, 0xe2, 0x42, 0x9a, 0x6b, 0x52, 0x54, - 0x16, 0xae, 0xdb, 0xf5, 0xa0, 0xde, 0x6a, 0x57, - 0xa6, 0x37, 0xb3, 0x9b -}; - -static const u8 C18[] = { - 0x5a, 0x8d, 0xef, 0x2f, 0x0c, 0x9e, 0x53, 0xf1, - 0xf7, 0x5d, 0x78, 0x53, 0x65, 0x9e, 0x2a, 0x20, - 0xee, 0xb2, 0xb2, 0x2a, 0xaf, 0xde, 0x64, 0x19, - 0xa0, 0x58, 0xab, 0x4f, 0x6f, 0x74, 0x6b, 0xf4, - 0x0f, 0xc0, 0xc3, 0xb7, 0x80, 0xf2, 0x44, 0x45, - 0x2d, 0xa3, 0xeb, 0xf1, 0xc5, 0xd8, 0x2c, 0xde, - 0xa2, 0x41, 0x89, 0x97, 0x20, 0x0e, 0xf8, 0x2e, - 0x44, 0xae, 0x7e, 0x3f -}; - -static const u8 T18[] = { - 0xa4, 0x4a, 0x82, 0x66, 0xee, 0x1c, 0x8e, 0xb0, - 0xc8, 0xb5, 0xd4, 0xcf, 0x5a, 0xe9, 0xf1, 0x9a -}; - -/* Test Case 19 */ -# define K19 K1 -# define P19 P1 -# define IV19 IV1 -# define C19 C1 -static const u8 A19[] = { - 0xd9, 0x31, 0x32, 0x25, 0xf8, 0x84, 0x06, 0xe5, - 0xa5, 0x59, 0x09, 0xc5, 0xaf, 0xf5, 0x26, 0x9a, - 0x86, 0xa7, 0xa9, 0x53, 0x15, 0x34, 0xf7, 0xda, - 0x2e, 0x4c, 0x30, 0x3d, 0x8a, 0x31, 0x8a, 0x72, - 0x1c, 0x3c, 0x0c, 0x95, 0x95, 0x68, 0x09, 0x53, - 0x2f, 0xcf, 0x0e, 0x24, 0x49, 0xa6, 0xb5, 0x25, - 0xb1, 0x6a, 0xed, 0xf5, 0xaa, 0x0d, 0xe6, 0x57, - 0xba, 0x63, 0x7b, 0x39, 0x1a, 0xaf, 0xd2, 0x55, - 0x52, 0x2d, 0xc1, 0xf0, 0x99, 0x56, 0x7d, 0x07, - 0xf4, 0x7f, 0x37, 0xa3, 0x2a, 0x84, 0x42, 0x7d, - 0x64, 0x3a, 0x8c, 0xdc, 0xbf, 0xe5, 0xc0, 0xc9, - 0x75, 0x98, 0xa2, 0xbd, 0x25, 0x55, 0xd1, 0xaa, - 0x8c, 0xb0, 0x8e, 0x48, 0x59, 0x0d, 0xbb, 0x3d, - 0xa7, 0xb0, 0x8b, 0x10, 0x56, 0x82, 0x88, 0x38, - 0xc5, 0xf6, 0x1e, 0x63, 0x93, 0xba, 0x7a, 0x0a, - 0xbc, 0xc9, 0xf6, 0x62, 0x89, 0x80, 0x15, 0xad -}; - -static const u8 T19[] = { - 0x5f, 0xea, 0x79, 0x3a, 0x2d, 0x6f, 0x97, 0x4d, - 0x37, 0xe6, 0x8e, 0x0c, 0xb8, 0xff, 0x94, 0x92 -}; - -/* Test Case 20 */ -# define K20 K1 -# define A20 A1 -/* this results in 0xff in counter LSB */ -static const u8 IV20[64] = { 0xff, 0xff, 0xff, 0xff }; - -static const u8 P20[288]; -static const u8 C20[] = { - 0x56, 0xb3, 0x37, 0x3c, 0xa9, 0xef, 0x6e, 0x4a, - 0x2b, 0x64, 0xfe, 0x1e, 0x9a, 0x17, 0xb6, 0x14, - 0x25, 0xf1, 0x0d, 0x47, 0xa7, 0x5a, 0x5f, 0xce, - 0x13, 0xef, 0xc6, 0xbc, 0x78, 0x4a, 0xf2, 0x4f, - 0x41, 0x41, 0xbd, 0xd4, 0x8c, 0xf7, 0xc7, 0x70, - 0x88, 0x7a, 0xfd, 0x57, 0x3c, 0xca, 0x54, 0x18, - 0xa9, 0xae, 0xff, 0xcd, 0x7c, 0x5c, 0xed, 0xdf, - 0xc6, 0xa7, 0x83, 0x97, 0xb9, 0xa8, 0x5b, 0x49, - 0x9d, 0xa5, 0x58, 0x25, 0x72, 0x67, 0xca, 0xab, - 0x2a, 0xd0, 0xb2, 0x3c, 0xa4, 0x76, 0xa5, 0x3c, - 0xb1, 0x7f, 0xb4, 0x1c, 0x4b, 0x8b, 0x47, 0x5c, - 0xb4, 0xf3, 0xf7, 0x16, 0x50, 0x94, 0xc2, 0x29, - 0xc9, 0xe8, 0xc4, 0xdc, 0x0a, 0x2a, 0x5f, 0xf1, - 0x90, 0x3e, 0x50, 0x15, 0x11, 0x22, 0x13, 0x76, - 0xa1, 0xcd, 0xb8, 0x36, 0x4c, 0x50, 0x61, 0xa2, - 0x0c, 0xae, 0x74, 0xbc, 0x4a, 0xcd, 0x76, 0xce, - 0xb0, 0xab, 0xc9, 0xfd, 0x32, 0x17, 0xef, 0x9f, - 0x8c, 0x90, 0xbe, 0x40, 0x2d, 0xdf, 0x6d, 0x86, - 0x97, 0xf4, 0xf8, 0x80, 0xdf, 0xf1, 0x5b, 0xfb, - 0x7a, 0x6b, 0x28, 0x24, 0x1e, 0xc8, 0xfe, 0x18, - 0x3c, 0x2d, 0x59, 0xe3, 0xf9, 0xdf, 0xff, 0x65, - 0x3c, 0x71, 0x26, 0xf0, 0xac, 0xb9, 0xe6, 0x42, - 0x11, 0xf4, 0x2b, 0xae, 0x12, 0xaf, 0x46, 0x2b, - 0x10, 0x70, 0xbe, 0xf1, 0xab, 0x5e, 0x36, 0x06, - 0x87, 0x2c, 0xa1, 0x0d, 0xee, 0x15, 0xb3, 0x24, - 0x9b, 0x1a, 0x1b, 0x95, 0x8f, 0x23, 0x13, 0x4c, - 0x4b, 0xcc, 0xb7, 0xd0, 0x32, 0x00, 0xbc, 0xe4, - 0x20, 0xa2, 0xf8, 0xeb, 0x66, 0xdc, 0xf3, 0x64, - 0x4d, 0x14, 0x23, 0xc1, 0xb5, 0x69, 0x90, 0x03, - 0xc1, 0x3e, 0xce, 0xf4, 0xbf, 0x38, 0xa3, 0xb6, - 0x0e, 0xed, 0xc3, 0x40, 0x33, 0xba, 0xc1, 0x90, - 0x27, 0x83, 0xdc, 0x6d, 0x89, 0xe2, 0xe7, 0x74, - 0x18, 0x8a, 0x43, 0x9c, 0x7e, 0xbc, 0xc0, 0x67, - 0x2d, 0xbd, 0xa4, 0xdd, 0xcf, 0xb2, 0x79, 0x46, - 0x13, 0xb0, 0xbe, 0x41, 0x31, 0x5e, 0xf7, 0x78, - 0x70, 0x8a, 0x70, 0xee, 0x7d, 0x75, 0x16, 0x5c -}; - -static const u8 T20[] = { - 0x8b, 0x30, 0x7f, 0x6b, 0x33, 0x28, 0x6d, 0x0a, - 0xb0, 0x26, 0xa9, 0xed, 0x3f, 0xe1, 0xe8, 0x5f -}; - -# define TEST_CASE(n) do { \ - u8 out[sizeof(P##n)]; \ - AES_set_encrypt_key(K##n,sizeof(K##n)*8,&key); \ - CRYPTO_gcm128_init(&ctx,&key,(block128_f)AES_encrypt); \ - CRYPTO_gcm128_setiv(&ctx,IV##n,sizeof(IV##n)); \ - memset(out,0,sizeof(out)); \ - if (A##n) CRYPTO_gcm128_aad(&ctx,A##n,sizeof(A##n)); \ - if (P##n) CRYPTO_gcm128_encrypt(&ctx,P##n,out,sizeof(out)); \ - if (CRYPTO_gcm128_finish(&ctx,T##n,16) || \ - (C##n && memcmp(out,C##n,sizeof(out)))) \ - ret++, printf ("encrypt test#%d failed.\n",n); \ - CRYPTO_gcm128_setiv(&ctx,IV##n,sizeof(IV##n)); \ - memset(out,0,sizeof(out)); \ - if (A##n) CRYPTO_gcm128_aad(&ctx,A##n,sizeof(A##n)); \ - if (C##n) CRYPTO_gcm128_decrypt(&ctx,C##n,out,sizeof(out)); \ - if (CRYPTO_gcm128_finish(&ctx,T##n,16) || \ - (P##n && memcmp(out,P##n,sizeof(out)))) \ - ret++, printf ("decrypt test#%d failed.\n",n); \ - } while(0) - -int main() -{ - GCM128_CONTEXT ctx; - AES_KEY key; - int ret = 0; - - TEST_CASE(1); - TEST_CASE(2); - TEST_CASE(3); - TEST_CASE(4); - TEST_CASE(5); - TEST_CASE(6); - TEST_CASE(7); - TEST_CASE(8); - TEST_CASE(9); - TEST_CASE(10); - TEST_CASE(11); - TEST_CASE(12); - TEST_CASE(13); - TEST_CASE(14); - TEST_CASE(15); - TEST_CASE(16); - TEST_CASE(17); - TEST_CASE(18); - TEST_CASE(19); - TEST_CASE(20); - -# ifdef OPENSSL_CPUID_OBJ - { - size_t start, stop, gcm_t, ctr_t, OPENSSL_rdtsc(); - union { - u64 u; - u8 c[1024]; - } buf; - int i; - - AES_set_encrypt_key(K1, sizeof(K1) * 8, &key); - CRYPTO_gcm128_init(&ctx, &key, (block128_f) AES_encrypt); - CRYPTO_gcm128_setiv(&ctx, IV1, sizeof(IV1)); - - CRYPTO_gcm128_encrypt(&ctx, buf.c, buf.c, sizeof(buf)); - start = OPENSSL_rdtsc(); - CRYPTO_gcm128_encrypt(&ctx, buf.c, buf.c, sizeof(buf)); - gcm_t = OPENSSL_rdtsc() - start; - - CRYPTO_ctr128_encrypt(buf.c, buf.c, sizeof(buf), - &key, ctx.Yi.c, ctx.EKi.c, &ctx.mres, - (block128_f) AES_encrypt); - start = OPENSSL_rdtsc(); - CRYPTO_ctr128_encrypt(buf.c, buf.c, sizeof(buf), - &key, ctx.Yi.c, ctx.EKi.c, &ctx.mres, - (block128_f) AES_encrypt); - ctr_t = OPENSSL_rdtsc() - start; - - printf("%.2f-%.2f=%.2f\n", - gcm_t / (double)sizeof(buf), - ctr_t / (double)sizeof(buf), - (gcm_t - ctr_t) / (double)sizeof(buf)); -# ifdef GHASH - { - void (*gcm_ghash_p) (u64 Xi[2], const u128 Htable[16], - const u8 *inp, size_t len) = ctx.ghash; - - GHASH((&ctx), buf.c, sizeof(buf)); - start = OPENSSL_rdtsc(); - for (i = 0; i < 100; ++i) - GHASH((&ctx), buf.c, sizeof(buf)); - gcm_t = OPENSSL_rdtsc() - start; - printf("%.2f\n", gcm_t / (double)sizeof(buf) / (double)i); - } -# endif - } -# endif - - return ret; -} -#endif diff --git a/crypto/objects/obj_xref.c b/crypto/objects/obj_xref.c index 627f5bc..9a558a2 100644 --- a/crypto/objects/obj_xref.c +++ b/crypto/objects/obj_xref.c @@ -136,30 +136,3 @@ void OBJ_sigid_free(void) sk_nid_triple_free(sigx_app); sigx_app = NULL; } - -#ifdef OBJ_XREF_TEST - -main() -{ - int n1, n2, n3; - - int i, rv; -# ifdef OBJ_XREF_TEST2 - for (i = 0; i < OSSL_NELEM(sigoid_srt); i++) { - OBJ_add_sigid(sigoid_srt[i][0], sigoid_srt[i][1], sigoid_srt[i][2]); - } -# endif - - for (i = 0; i < OSSL_NELEM(sigoid_srt); i++) { - n1 = sigoid_srt[i][0]; - rv = OBJ_find_sigid_algs(n1, &n2, &n3); - printf("Forward: %d, %s %s %s\n", rv, - OBJ_nid2ln(n1), OBJ_nid2ln(n2), OBJ_nid2ln(n3)); - n1 = 0; - rv = OBJ_find_sigid_by_algs(&n1, n2, n3); - printf("Reverse: %d, %s %s %s\n", rv, - OBJ_nid2ln(n1), OBJ_nid2ln(n2), OBJ_nid2ln(n3)); - } -} - -#endif diff --git a/crypto/poly1305/poly1305.c b/crypto/poly1305/poly1305.c index eec4d67..ab4fa83 100644 --- a/crypto/poly1305/poly1305.c +++ b/crypto/poly1305/poly1305.c @@ -12,25 +12,7 @@ #include #include "internal/poly1305.h" - -typedef void (*poly1305_blocks_f) (void *ctx, const unsigned char *inp, - size_t len, unsigned int padbit); -typedef void (*poly1305_emit_f) (void *ctx, unsigned char mac[16], - const unsigned int nonce[4]); - -struct poly1305_context { - double opaque[24]; /* large enough to hold internal state, declared - * 'double' to ensure at least 64-bit invariant - * alignment across all platforms and - * configurations */ - unsigned int nonce[4]; - unsigned char data[POLY1305_BLOCK_SIZE]; - size_t num; - struct { - poly1305_blocks_f blocks; - poly1305_emit_f emit; - } func; -}; +#include "poly1305_local.h" size_t Poly1305_ctx_size () { @@ -548,490 +530,3 @@ void Poly1305_Final(POLY1305 *ctx, unsigned char mac[16]) /* zero out the state */ OPENSSL_cleanse(ctx, sizeof(*ctx)); } - -#ifdef SELFTEST -#include - -struct poly1305_test { - const char *inputhex; - const char *keyhex; - const char *outhex; -}; - -static const struct poly1305_test poly1305_tests[] = { - /* - * RFC7539 - */ - { - "43727970746f6772617068696320466f72756d2052657365617263682047726f" - "7570", - "85d6be7857556d337f4452fe42d506a8""0103808afb0db2fd4abff6af4149f51b", - "a8061dc1305136c6c22b8baf0c0127a9" - }, - /* - * test vectors from "The Poly1305-AES message-authentication code" - */ - { - "f3f6", - "851fc40c3467ac0be05cc20404f3f700""580b3b0f9447bb1e69d095b5928b6dbc", - "f4c633c3044fc145f84f335cb81953de" - }, - { - "", - "a0f3080000f46400d0c7e9076c834403""dd3fab2251f11ac759f0887129cc2ee7", - "dd3fab2251f11ac759f0887129cc2ee7" - }, - { - "663cea190ffb83d89593f3f476b6bc24d7e679107ea26adb8caf6652d0656136", - "48443d0bb0d21109c89a100b5ce2c208""83149c69b561dd88298a1798b10716ef", - "0ee1c16bb73f0f4fd19881753c01cdbe" - }, - { - "ab0812724a7f1e342742cbed374d94d136c6b8795d45b3819830f2c04491faf0" - "990c62e48b8018b2c3e4a0fa3134cb67fa83e158c994d961c4cb21095c1bf9", - "12976a08c4426d0ce8a82407c4f48207""80f8c20aa71202d1e29179cbcb555a57", - "5154ad0d2cb26e01274fc51148491f1b" - }, - /* - * self-generated vectors exercise "significant" lengths, such that - * are handled by different code paths - */ - { - "ab0812724a7f1e342742cbed374d94d136c6b8795d45b3819830f2c04491faf0" - "990c62e48b8018b2c3e4a0fa3134cb67fa83e158c994d961c4cb21095c1bf9af", - "12976a08c4426d0ce8a82407c4f48207""80f8c20aa71202d1e29179cbcb555a57", - "812059a5da198637cac7c4a631bee466" - }, - { - "ab0812724a7f1e342742cbed374d94d136c6b8795d45b3819830f2c04491faf0" - "990c62e48b8018b2c3e4a0fa3134cb67", - "12976a08c4426d0ce8a82407c4f48207""80f8c20aa71202d1e29179cbcb555a57", - "5b88d7f6228b11e2e28579a5c0c1f761" - }, - { - "ab0812724a7f1e342742cbed374d94d136c6b8795d45b3819830f2c04491faf0" - "990c62e48b8018b2c3e4a0fa3134cb67fa83e158c994d961c4cb21095c1bf9af" - "663cea190ffb83d89593f3f476b6bc24d7e679107ea26adb8caf6652d0656136", - "12976a08c4426d0ce8a82407c4f48207""80f8c20aa71202d1e29179cbcb555a57", - "bbb613b2b6d753ba07395b916aaece15" - }, - { - "ab0812724a7f1e342742cbed374d94d136c6b8795d45b3819830f2c04491faf0" - "990c62e48b8018b2c3e4a0fa3134cb67fa83e158c994d961c4cb21095c1bf9af" - "48443d0bb0d21109c89a100b5ce2c20883149c69b561dd88298a1798b10716ef" - "663cea190ffb83d89593f3f476b6bc24", - "12976a08c4426d0ce8a82407c4f48207""80f8c20aa71202d1e29179cbcb555a57", - "c794d7057d1778c4bbee0a39b3d97342" - }, - { - "ab0812724a7f1e342742cbed374d94d136c6b8795d45b3819830f2c04491faf0" - "990c62e48b8018b2c3e4a0fa3134cb67fa83e158c994d961c4cb21095c1bf9af" - "48443d0bb0d21109c89a100b5ce2c20883149c69b561dd88298a1798b10716ef" - "663cea190ffb83d89593f3f476b6bc24d7e679107ea26adb8caf6652d0656136", - "12976a08c4426d0ce8a82407c4f48207""80f8c20aa71202d1e29179cbcb555a57", - "ffbcb9b371423152d7fca5ad042fbaa9" - }, - { - "ab0812724a7f1e342742cbed374d94d136c6b8795d45b3819830f2c04491faf0" - "990c62e48b8018b2c3e4a0fa3134cb67fa83e158c994d961c4cb21095c1bf9af" - "48443d0bb0d21109c89a100b5ce2c20883149c69b561dd88298a1798b10716ef" - "663cea190ffb83d89593f3f476b6bc24d7e679107ea26adb8caf6652d0656136" - "812059a5da198637cac7c4a631bee466", - "12976a08c4426d0ce8a82407c4f48207""80f8c20aa71202d1e29179cbcb555a57", - "069ed6b8ef0f207b3e243bb1019fe632" - }, - { - "ab0812724a7f1e342742cbed374d94d136c6b8795d45b3819830f2c04491faf0" - "990c62e48b8018b2c3e4a0fa3134cb67fa83e158c994d961c4cb21095c1bf9af" - "48443d0bb0d21109c89a100b5ce2c20883149c69b561dd88298a1798b10716ef" - "663cea190ffb83d89593f3f476b6bc24d7e679107ea26adb8caf6652d0656136" - "812059a5da198637cac7c4a631bee4665b88d7f6228b11e2e28579a5c0c1f761", - "12976a08c4426d0ce8a82407c4f48207""80f8c20aa71202d1e29179cbcb555a57", - "cca339d9a45fa2368c2c68b3a4179133" - }, - { - "ab0812724a7f1e342742cbed374d94d136c6b8795d45b3819830f2c04491faf0" - "990c62e48b8018b2c3e4a0fa3134cb67fa83e158c994d961c4cb21095c1bf9af" - "48443d0bb0d21109c89a100b5ce2c20883149c69b561dd88298a1798b10716ef" - "663cea190ffb83d89593f3f476b6bc24d7e679107ea26adb8caf6652d0656136" - "812059a5da198637cac7c4a631bee4665b88d7f6228b11e2e28579a5c0c1f761" - "ab0812724a7f1e342742cbed374d94d136c6b8795d45b3819830f2c04491faf0" - "990c62e48b8018b2c3e4a0fa3134cb67fa83e158c994d961c4cb21095c1bf9af" - "48443d0bb0d21109c89a100b5ce2c20883149c69b561dd88298a1798b10716ef" - "663cea190ffb83d89593f3f476b6bc24d7e679107ea26adb8caf6652d0656136", - "12976a08c4426d0ce8a82407c4f48207""80f8c20aa71202d1e29179cbcb555a57", - "53f6e828a2f0fe0ee815bf0bd5841a34" - }, - { - "ab0812724a7f1e342742cbed374d94d136c6b8795d45b3819830f2c04491faf0" - "990c62e48b8018b2c3e4a0fa3134cb67fa83e158c994d961c4cb21095c1bf9af" - "48443d0bb0d21109c89a100b5ce2c20883149c69b561dd88298a1798b10716ef" - "663cea190ffb83d89593f3f476b6bc24d7e679107ea26adb8caf6652d0656136" - "812059a5da198637cac7c4a631bee4665b88d7f6228b11e2e28579a5c0c1f761" - "ab0812724a7f1e342742cbed374d94d136c6b8795d45b3819830f2c04491faf0" - "990c62e48b8018b2c3e4a0fa3134cb67fa83e158c994d961c4cb21095c1bf9af" - "48443d0bb0d21109c89a100b5ce2c20883149c69b561dd88298a1798b10716ef" - "663cea190ffb83d89593f3f476b6bc24d7e679107ea26adb8caf6652d0656136" - "812059a5da198637cac7c4a631bee4665b88d7f6228b11e2e28579a5c0c1f761", - "12976a08c4426d0ce8a82407c4f48207""80f8c20aa71202d1e29179cbcb555a57", - "b846d44e9bbd53cedffbfbb6b7fa4933" - }, - /* - * 4th power of the key spills to 131th bit in SIMD key setup - */ - { - "ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff" - "ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff" - "ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff" - "ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff" - "ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff" - "ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff" - "ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff" - "ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff", - "ad628107e8351d0f2c231a05dc4a4106""00000000000000000000000000000000", - "07145a4c02fe5fa32036de68fabe9066" - }, - { - /* - * poly1305_ieee754.c failed this in final stage - */ - "842364e156336c0998b933a6237726180d9e3fdcbde4cd5d17080fc3beb49614" - "d7122c037463ff104d73f19c12704628d417c4c54a3fe30d3c3d7714382d43b0" - "382a50a5dee54be844b076e8df88201a1cd43b90eb21643fa96f39b518aa8340" - "c942ff3c31baf7c9bdbf0f31ae3fa096bf8c63030609829fe72e179824890bc8" - "e08c315c1cce2a83144dbbff09f74e3efc770b54d0984a8f19b14719e6363564" - "1d6b1eedf63efbf080e1783d32445412114c20de0b837a0dfa33d6b82825fff4" - "4c9a70ea54ce47f07df698e6b03323b53079364a5fc3e9dd034392bdde86dccd" - "da94321c5e44060489336cb65bf3989c36f7282c2f5d2b882c171e74", - "95d5c005503e510d8cd0aa072c4a4d06""6eabc52d11653df47fbf63ab198bcc26", - "f248312e578d9d58f8b7bb4d19105431" - }, - /* - * AVX2 in poly1305-x86.pl failed this with 176+32 split - */ - { - "248ac31085b6c2adaaa38259a0d7192c5c35d1bb4ef39ad94c38d1c82479e2dd" - "2159a077024b0589bc8a20101b506f0a1ad0bbab76e83a83f1b94be6beae74e8" - "74cab692c5963a75436b776121ec9f62399a3e66b2d22707dae81933b6277f3c" - "8516bcbe26dbbd86f373103d7cf4cad1888c952118fbfbd0d7b4bedc4ae4936a" - "ff91157e7aa47c54442ea78d6ac251d324a0fbe49d89cc3521b66d16e9c66a37" - "09894e4eb0a4eedc4ae19468e66b81f2" - "71351b1d921ea551047abcc6b87a901fde7db79fa1818c11336dbc07244a40eb", - "000102030405060708090a0b0c0d0e0f""00000000000000000000000000000000", - "bc939bc5281480fa99c6d68c258ec42f" - }, - /* - * test vectors from Google - */ - { - "", - "c8afaac331ee372cd6082de134943b17""4710130e9f6fea8d72293850a667d86c", - "4710130e9f6fea8d72293850a667d86c", - }, - { - "48656c6c6f20776f726c6421", - "746869732069732033322d6279746520""6b657920666f7220506f6c7931333035", - "a6f745008f81c916a20dcc74eef2b2f0" - }, - { - "0000000000000000000000000000000000000000000000000000000000000000", - "746869732069732033322d6279746520""6b657920666f7220506f6c7931333035", - "49ec78090e481ec6c26b33b91ccc0307" - }, - { - "89dab80b7717c1db5db437860a3f70218e93e1b8f461fb677f16f35f6f87e2a9" - "1c99bc3a47ace47640cc95c345be5ecca5a3523c35cc01893af0b64a62033427" - "0372ec12482d1b1e363561698a578b359803495bb4e2ef1930b17a5190b580f1" - "41300df30adbeca28f6427a8bc1a999fd51c554a017d095d8c3e3127daf9f595", - "2d773be37adb1e4d683bf0075e79c4ee""037918535a7f99ccb7040fb5f5f43aea", - "c85d15ed44c378d6b00e23064c7bcd51" - }, - { - "000000000000000b1703030200000000" - "06db1f1f368d696a810a349c0c714c9a5e7850c2407d721acded95e018d7a852" - "66a6e1289cdb4aeb18da5ac8a2b0026d24a59ad485227f3eaedbb2e7e35e1c66" - "cd60f9abf716dcc9ac42682dd7dab287a7024c4eefc321cc0574e16793e37cec" - "03c5bda42b54c114a80b57af26416c7be742005e20855c73e21dc8e2edc9d435" - "cb6f6059280011c270b71570051c1c9b3052126620bc1e2730fa066c7a509d53" - "c60e5ae1b40aa6e39e49669228c90eecb4a50db32a50bc49e90b4f4b359a1dfd" - "11749cd3867fcf2fb7bb6cd4738f6a4ad6f7ca5058f7618845af9f020f6c3b96" - "7b8f4cd4a91e2813b507ae66f2d35c18284f7292186062e10fd5510d18775351" - "ef334e7634ab4743f5b68f49adcab384d3fd75f7390f4006ef2a295c8c7a076a" - "d54546cd25d2107fbe1436c840924aaebe5b370893cd63d1325b8616fc481088" - "6bc152c53221b6df373119393255ee72bcaa880174f1717f9184fa91646f17a2" - "4ac55d16bfddca9581a92eda479201f0edbf633600d6066d1ab36d5d2415d713" - "51bbcd608a25108d25641992c1f26c531cf9f90203bc4cc19f5927d834b0a471" - "16d3884bbb164b8ec883d1ac832e56b3918a98601a08d171881541d594db399c" - "6ae6151221745aec814c45b0b05b565436fd6f137aa10a0c0b643761dbd6f9a9" - "dcb99b1a6e690854ce0769cde39761d82fcdec15f0d92d7d8e94ade8eb83fbe0", - "99e5822dd4173c995e3dae0ddefb9774""3fde3b080134b39f76e9bf8d0e88d546", - "2637408fe13086ea73f971e3425e2820" - }, - /* - * test vectors from Hanno B?ck - */ - { - "cccccccccccccccccccccccccccccccccccccccccccccccccc80cccccccccccc" - "cccccccccccccccccccccccccccccccccccccccccccccccccccccccccecccccc" - "ccccccccccccccccccccccccccccccc5cccccccccccccccccccccccccccccccc" - "cccccccccce3cccccccccccccccccccccccccccccccccccccccccccccccccccc" - "ccccccccaccccccccccccccccccccce6cccccccccc000000afcccccccccccccc" - "ccccfffffff50000000000000000000000000000000000000000000000000000" - "00ffffffe7000000000000000000000000000000000000000000000000000000" - "0000000000000000000000000000000000000000000000000000719205a8521d" - "fc", - "7f1b0264000000000000000000000000""0000000000000000cccccccccccccccc", - "8559b876eceed66eb37798c0457baff9" - }, - { - "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa0000000000" - "00000000800264", - "e0001600000000000000000000000000""0000aaaaaaaaaaaaaaaaaaaaaaaaaaaa", - "00bd1258978e205444c9aaaa82006fed" - }, - { - "02fc", - "0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c""0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c", - "06120c0c0c0c0c0c0c0c0c0c0c0c0c0c" - }, - { - "7b7b7b7b7b7b7b7b7b7b7b7b7b7b7b7b7b7b7b7b7b7b7b7b7b7b7b7b7b7b7b7b" - "7b7b7b7b7b7b7a7b7b7b7b7b7b7b7b7b7b7b7b7b7b7b7b7b7b7b7b7b7b7b7b7b" - "7b7b5c7b7b7b7b7b7b7b7b7b7b7b7b7b7b7b7b7b7b7b7b7b7b7b7b7b7b7b7b7b" - "7b7b7b7b7b7b7b7b7b7b7b7b7b7b7b7b7b7b7b7b6e7b007b7b7b7b7b7b7b7b7b" - "7b7b7b7b7b7b7b7b7b7b7b7b7b7b7b7b7b7b7b7a7b7b7b7b7b7b7b7b7b7b7b7b" - "7b7b7b7b7b7b7b7b7b7b7b7b7b7b7b5c7b7b7b7b7b7b7b7b7b7b7b7b7b7b7b7b" - "7b7b7b7b7b7b7b7b7b7b7b7b7b7b7b7b7b7b7b7b7b7b7b7b7b7b7b7b7b7b7b7b" - "7b6e7b001300000000b300000000000000000000000000000000000000000000" - "f20000000000000000000000000000000000002000efff000900000000000000" - "0000000000100000000009000000640000000000000000000000001300000000" - "b300000000000000000000000000000000000000000000f20000000000000000" - "000000000000000000002000efff00090000000000000000007a000010000000" - "000900000064000000000000000000000000000000000000000000000000fc", - "00ff0000000000000000000000000000""00000000001e00000000000000007b7b", - "33205bbf9e9f8f7212ab9e2ab9b7e4a5" - }, - { - "7777777777777777777777777777777777777777777777777777777777777777" - "7777777777777777777777777777777777777777777777777777777777777777" - "777777777777777777777777ffffffe9e9acacacacacacacacacacac0000acac" - "ec0100acacac2caca2acacacacacacacacacacac64f2", - "0000007f0000007f0100002000000000""0000cf77777777777777777777777777", - "02ee7c8c546ddeb1a467e4c3981158b9" - }, - /* - * test vectors from Andrew Moon - */ - { /* nacl */ - "8e993b9f48681273c29650ba32fc76ce48332ea7164d96a4476fb8c531a1186a" - "c0dfc17c98dce87b4da7f011ec48c97271d2c20f9b928fe2270d6fb863d51738" - "b48eeee314a7cc8ab932164548e526ae90224368517acfeabd6bb3732bc0e9da" - "99832b61ca01b6de56244a9e88d5f9b37973f622a43d14a6599b1f654cb45a74" - "e355a5", - "eea6a7251c1e72916d11c2cb214d3c25""2539121d8e234e652d651fa4c8cff880", - "f3ffc7703f9400e52a7dfb4b3d3305d9" - }, - { /* wrap 2^130-5 */ - "ffffffffffffffffffffffffffffffff", - "02000000000000000000000000000000""00000000000000000000000000000000", - "03000000000000000000000000000000" - }, - { /* wrap 2^128 */ - "02000000000000000000000000000000", - "02000000000000000000000000000000""ffffffffffffffffffffffffffffffff", - "03000000000000000000000000000000" - }, - { /* limb carry */ - "fffffffffffffffffffffffffffffffff0ffffffffffffffffffffffffffffff" - "11000000000000000000000000000000", - "01000000000000000000000000000000""00000000000000000000000000000000", - "05000000000000000000000000000000" - }, - { /* 2^130-5 */ - "fffffffffffffffffffffffffffffffffbfefefefefefefefefefefefefefefe" - "01010101010101010101010101010101", - "01000000000000000000000000000000""00000000000000000000000000000000", - "00000000000000000000000000000000" - }, - { /* 2^130-6 */ - "fdffffffffffffffffffffffffffffff", - "02000000000000000000000000000000""00000000000000000000000000000000", - "faffffffffffffffffffffffffffffff" - }, - { /* 5*H+L reduction intermediate */ - "e33594d7505e43b900000000000000003394d7505e4379cd0100000000000000" - "0000000000000000000000000000000001000000000000000000000000000000", - "01000000000000000400000000000000""00000000000000000000000000000000", - "14000000000000005500000000000000" - }, - { /* 5*H+L reduction final */ - "e33594d7505e43b900000000000000003394d7505e4379cd0100000000000000" - "00000000000000000000000000000000", - "01000000000000000400000000000000""00000000000000000000000000000000", - "13000000000000000000000000000000" - } -}; - -static unsigned char hex_digit(char h) -{ - int i = OPENSSL_hexchar2int(h); - - if (i < 0) - abort(); - return i; -} - -static void hex_decode(unsigned char *out, const char *hex) -{ - size_t j = 0; - - while (*hex != 0) { - unsigned char v = hex_digit(*hex++); - v <<= 4; - v |= hex_digit(*hex++); - out[j++] = v; - } -} - -static void hexdump(unsigned char *a, size_t len) -{ - size_t i; - - for (i = 0; i < len; i++) - printf("%02x", a[i]); -} - -int main() -{ - static const unsigned num_tests = - sizeof(poly1305_tests) / sizeof(struct poly1305_test); - unsigned i; - unsigned char key[32], out[16], expected[16]; - POLY1305 poly1305; - - for (i = 0; i < num_tests; i++) { - const struct poly1305_test *test = &poly1305_tests[i]; - unsigned char *in; - size_t inlen = strlen(test->inputhex); - - if (strlen(test->keyhex) != sizeof(key) * 2 || - strlen(test->outhex) != sizeof(out) * 2 || (inlen & 1) == 1) - return 1; - - inlen /= 2; - - hex_decode(key, test->keyhex); - hex_decode(expected, test->outhex); - - in = malloc(inlen); - - hex_decode(in, test->inputhex); - - Poly1305_Init(&poly1305, key); - Poly1305_Update(&poly1305, in, inlen); - Poly1305_Final(&poly1305, out); - - if (memcmp(out, expected, sizeof(expected)) != 0) { - printf("Poly1305 test #%d failed.\n", i); - printf("got: "); - hexdump(out, sizeof(out)); - printf("\nexpected: "); - hexdump(expected, sizeof(expected)); - printf("\n"); - return 1; - } - - if (inlen > 16) { - Poly1305_Init(&poly1305, key); - Poly1305_Update(&poly1305, in, 1); - Poly1305_Update(&poly1305, in+1, inlen-1); - Poly1305_Final(&poly1305, out); - - if (memcmp(out, expected, sizeof(expected)) != 0) { - printf("Poly1305 test #%d/1+(N-1) failed.\n", i); - printf("got: "); - hexdump(out, sizeof(out)); - printf("\nexpected: "); - hexdump(expected, sizeof(expected)); - printf("\n"); - return 1; - } - } - - if (inlen > 32) { - size_t half = inlen / 2; - - Poly1305_Init(&poly1305, key); - Poly1305_Update(&poly1305, in, half); - Poly1305_Update(&poly1305, in+half, inlen-half); - Poly1305_Final(&poly1305, out); - - if (memcmp(out, expected, sizeof(expected)) != 0) { - printf("Poly1305 test #%d/2 failed.\n", i); - printf("got: "); - hexdump(out, sizeof(out)); - printf("\nexpected: "); - hexdump(expected, sizeof(expected)); - printf("\n"); - return 1; - } - - for (half = 16; half < inlen; half += 16) { - Poly1305_Init(&poly1305, key); - Poly1305_Update(&poly1305, in, half); - Poly1305_Update(&poly1305, in+half, inlen-half); - Poly1305_Final(&poly1305, out); - - if (memcmp(out, expected, sizeof(expected)) != 0) { - printf("Poly1305 test #%d/%d+%d failed.\n", - i, half, inlen-half); - printf("got: "); - hexdump(out, sizeof(out)); - printf("\nexpected: "); - hexdump(expected, sizeof(expected)); - printf("\n"); - return 1; - } - } - } - - free(in); - } - - printf("PASS\n"); - -# ifdef OPENSSL_CPUID_OBJ - { - unsigned char buf[8192]; - unsigned long long stopwatch; - unsigned long long OPENSSL_rdtsc(); - - memset (buf,0x55,sizeof(buf)); - memset (key,0xAA,sizeof(key)); - - Poly1305_Init(&poly1305, key); - - for (i=0;i<100000;i++) - Poly1305_Update(&poly1305,buf,sizeof(buf)); - - stopwatch = OPENSSL_rdtsc(); - for (i=0;i<10000;i++) - Poly1305_Update(&poly1305,buf,sizeof(buf)); - stopwatch = OPENSSL_rdtsc() - stopwatch; - - printf("%g\n",stopwatch/(double)(i*sizeof(buf))); - - stopwatch = OPENSSL_rdtsc(); - for (i=0;i<10000;i++) { - Poly1305_Init(&poly1305, key); - Poly1305_Update(&poly1305,buf,16); - Poly1305_Final(&poly1305,buf); - } - stopwatch = OPENSSL_rdtsc() - stopwatch; - - printf("%g\n",stopwatch/(double)(i)); - } -# endif - return 0; -} -#endif diff --git a/crypto/poly1305/poly1305_local.h b/crypto/poly1305/poly1305_local.h new file mode 100644 index 0000000..6d4d9dc --- /dev/null +++ b/crypto/poly1305/poly1305_local.h @@ -0,0 +1,27 @@ +/* + * Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +typedef void (*poly1305_blocks_f) (void *ctx, const unsigned char *inp, + size_t len, unsigned int padbit); +typedef void (*poly1305_emit_f) (void *ctx, unsigned char mac[16], + const unsigned int nonce[4]); + +struct poly1305_context { + double opaque[24]; /* large enough to hold internal state, declared + * 'double' to ensure at least 64-bit invariant + * alignment across all platforms and + * configurations */ + unsigned int nonce[4]; + unsigned char data[POLY1305_BLOCK_SIZE]; + size_t num; + struct { + poly1305_blocks_f blocks; + poly1305_emit_f emit; + } func; +}; diff --git a/crypto/rc2/tab.c b/crypto/rc2/tab.c deleted file mode 100644 index bc95dc4..0000000 --- a/crypto/rc2/tab.c +++ /dev/null @@ -1,93 +0,0 @@ -/* - * Copyright 1998-2016 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the OpenSSL license (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#include - -unsigned char ebits_to_num[256] = { - 0xbd, 0x56, 0xea, 0xf2, 0xa2, 0xf1, 0xac, 0x2a, - 0xb0, 0x93, 0xd1, 0x9c, 0x1b, 0x33, 0xfd, 0xd0, - 0x30, 0x04, 0xb6, 0xdc, 0x7d, 0xdf, 0x32, 0x4b, - 0xf7, 0xcb, 0x45, 0x9b, 0x31, 0xbb, 0x21, 0x5a, - 0x41, 0x9f, 0xe1, 0xd9, 0x4a, 0x4d, 0x9e, 0xda, - 0xa0, 0x68, 0x2c, 0xc3, 0x27, 0x5f, 0x80, 0x36, - 0x3e, 0xee, 0xfb, 0x95, 0x1a, 0xfe, 0xce, 0xa8, - 0x34, 0xa9, 0x13, 0xf0, 0xa6, 0x3f, 0xd8, 0x0c, - 0x78, 0x24, 0xaf, 0x23, 0x52, 0xc1, 0x67, 0x17, - 0xf5, 0x66, 0x90, 0xe7, 0xe8, 0x07, 0xb8, 0x60, - 0x48, 0xe6, 0x1e, 0x53, 0xf3, 0x92, 0xa4, 0x72, - 0x8c, 0x08, 0x15, 0x6e, 0x86, 0x00, 0x84, 0xfa, - 0xf4, 0x7f, 0x8a, 0x42, 0x19, 0xf6, 0xdb, 0xcd, - 0x14, 0x8d, 0x50, 0x12, 0xba, 0x3c, 0x06, 0x4e, - 0xec, 0xb3, 0x35, 0x11, 0xa1, 0x88, 0x8e, 0x2b, - 0x94, 0x99, 0xb7, 0x71, 0x74, 0xd3, 0xe4, 0xbf, - 0x3a, 0xde, 0x96, 0x0e, 0xbc, 0x0a, 0xed, 0x77, - 0xfc, 0x37, 0x6b, 0x03, 0x79, 0x89, 0x62, 0xc6, - 0xd7, 0xc0, 0xd2, 0x7c, 0x6a, 0x8b, 0x22, 0xa3, - 0x5b, 0x05, 0x5d, 0x02, 0x75, 0xd5, 0x61, 0xe3, - 0x18, 0x8f, 0x55, 0x51, 0xad, 0x1f, 0x0b, 0x5e, - 0x85, 0xe5, 0xc2, 0x57, 0x63, 0xca, 0x3d, 0x6c, - 0xb4, 0xc5, 0xcc, 0x70, 0xb2, 0x91, 0x59, 0x0d, - 0x47, 0x20, 0xc8, 0x4f, 0x58, 0xe0, 0x01, 0xe2, - 0x16, 0x38, 0xc4, 0x6f, 0x3b, 0x0f, 0x65, 0x46, - 0xbe, 0x7e, 0x2d, 0x7b, 0x82, 0xf9, 0x40, 0xb5, - 0x1d, 0x73, 0xf8, 0xeb, 0x26, 0xc7, 0x87, 0x97, - 0x25, 0x54, 0xb1, 0x28, 0xaa, 0x98, 0x9d, 0xa5, - 0x64, 0x6d, 0x7a, 0xd4, 0x10, 0x81, 0x44, 0xef, - 0x49, 0xd6, 0xae, 0x2e, 0xdd, 0x76, 0x5c, 0x2f, - 0xa7, 0x1c, 0xc9, 0x09, 0x69, 0x9a, 0x83, 0xcf, - 0x29, 0x39, 0xb9, 0xe9, 0x4c, 0xff, 0x43, 0xab, -}; - -unsigned char num_to_ebits[256] = { - 0x5d, 0xbe, 0x9b, 0x8b, 0x11, 0x99, 0x6e, 0x4d, - 0x59, 0xf3, 0x85, 0xa6, 0x3f, 0xb7, 0x83, 0xc5, - 0xe4, 0x73, 0x6b, 0x3a, 0x68, 0x5a, 0xc0, 0x47, - 0xa0, 0x64, 0x34, 0x0c, 0xf1, 0xd0, 0x52, 0xa5, - 0xb9, 0x1e, 0x96, 0x43, 0x41, 0xd8, 0xd4, 0x2c, - 0xdb, 0xf8, 0x07, 0x77, 0x2a, 0xca, 0xeb, 0xef, - 0x10, 0x1c, 0x16, 0x0d, 0x38, 0x72, 0x2f, 0x89, - 0xc1, 0xf9, 0x80, 0xc4, 0x6d, 0xae, 0x30, 0x3d, - 0xce, 0x20, 0x63, 0xfe, 0xe6, 0x1a, 0xc7, 0xb8, - 0x50, 0xe8, 0x24, 0x17, 0xfc, 0x25, 0x6f, 0xbb, - 0x6a, 0xa3, 0x44, 0x53, 0xd9, 0xa2, 0x01, 0xab, - 0xbc, 0xb6, 0x1f, 0x98, 0xee, 0x9a, 0xa7, 0x2d, - 0x4f, 0x9e, 0x8e, 0xac, 0xe0, 0xc6, 0x49, 0x46, - 0x29, 0xf4, 0x94, 0x8a, 0xaf, 0xe1, 0x5b, 0xc3, - 0xb3, 0x7b, 0x57, 0xd1, 0x7c, 0x9c, 0xed, 0x87, - 0x40, 0x8c, 0xe2, 0xcb, 0x93, 0x14, 0xc9, 0x61, - 0x2e, 0xe5, 0xcc, 0xf6, 0x5e, 0xa8, 0x5c, 0xd6, - 0x75, 0x8d, 0x62, 0x95, 0x58, 0x69, 0x76, 0xa1, - 0x4a, 0xb5, 0x55, 0x09, 0x78, 0x33, 0x82, 0xd7, - 0xdd, 0x79, 0xf5, 0x1b, 0x0b, 0xde, 0x26, 0x21, - 0x28, 0x74, 0x04, 0x97, 0x56, 0xdf, 0x3c, 0xf0, - 0x37, 0x39, 0xdc, 0xff, 0x06, 0xa4, 0xea, 0x42, - 0x08, 0xda, 0xb4, 0x71, 0xb0, 0xcf, 0x12, 0x7a, - 0x4e, 0xfa, 0x6c, 0x1d, 0x84, 0x00, 0xc8, 0x7f, - 0x91, 0x45, 0xaa, 0x2b, 0xc2, 0xb1, 0x8f, 0xd5, - 0xba, 0xf2, 0xad, 0x19, 0xb2, 0x67, 0x36, 0xf7, - 0x0f, 0x0a, 0x92, 0x7d, 0xe3, 0x9d, 0xe9, 0x90, - 0x3e, 0x23, 0x27, 0x66, 0x13, 0xec, 0x81, 0x15, - 0xbd, 0x22, 0xbf, 0x9f, 0x7e, 0xa9, 0x51, 0x4b, - 0x4c, 0xfb, 0x02, 0xd3, 0x70, 0x86, 0x31, 0xe7, - 0x3b, 0x05, 0x03, 0x54, 0x60, 0x48, 0x65, 0x18, - 0xd2, 0xcd, 0x5f, 0x32, 0x88, 0x0e, 0x35, 0xfd, -}; - -main() -{ - int i, j; - - for (i = 0; i < 256; i++) { - for (j = 0; j < 256; j++) - if (ebits_to_num[j] == i) { - printf("0x%02x,", j); - break; - } - } -} diff --git a/crypto/x509v3/standard_exts.h b/crypto/x509v3/standard_exts.h new file mode 100644 index 0000000..05e0869 --- /dev/null +++ b/crypto/x509v3/standard_exts.h @@ -0,0 +1,77 @@ +/* + * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +/* + * This table will be searched using OBJ_bsearch so it *must* kept in order + * of the ext_nid values. + */ + +static const X509V3_EXT_METHOD *standard_exts[] = { + &v3_nscert, + &v3_ns_ia5_list[0], + &v3_ns_ia5_list[1], + &v3_ns_ia5_list[2], + &v3_ns_ia5_list[3], + &v3_ns_ia5_list[4], + &v3_ns_ia5_list[5], + &v3_ns_ia5_list[6], + &v3_skey_id, + &v3_key_usage, + &v3_pkey_usage_period, + &v3_alt[0], + &v3_alt[1], + &v3_bcons, + &v3_crl_num, + &v3_cpols, + &v3_akey_id, + &v3_crld, + &v3_ext_ku, + &v3_delta_crl, + &v3_crl_reason, +#ifndef OPENSSL_NO_OCSP + &v3_crl_invdate, +#endif + &v3_sxnet, + &v3_info, +#ifndef OPENSSL_NO_RFC3779 + &v3_addr, + &v3_asid, +#endif +#ifndef OPENSSL_NO_OCSP + &v3_ocsp_nonce, + &v3_ocsp_crlid, + &v3_ocsp_accresp, + &v3_ocsp_nocheck, + &v3_ocsp_acutoff, + &v3_ocsp_serviceloc, +#endif + &v3_sinfo, + &v3_policy_constraints, +#ifndef OPENSSL_NO_OCSP + &v3_crl_hold, +#endif + &v3_pci, + &v3_name_constraints, + &v3_policy_mappings, + &v3_inhibit_anyp, + &v3_idp, + &v3_alt[2], + &v3_freshest_crl, +#ifndef OPENSSL_NO_CT + &v3_ct_scts[0], + &v3_ct_scts[1], + &v3_ct_scts[2], +#endif + &v3_tls_feature, +}; + +/* Number of standard extensions */ + +#define STANDARD_EXTENSION_COUNT OSSL_NELEM(standard_exts) + diff --git a/crypto/x509v3/tabtest.c b/crypto/x509v3/tabtest.c deleted file mode 100644 index a33a63a..0000000 --- a/crypto/x509v3/tabtest.c +++ /dev/null @@ -1,42 +0,0 @@ -/* - * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the OpenSSL license (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -/* - * Simple program to check the ext_dat.h is correct and print out problems if - * it is not. - */ - -#include - -#include - -#include "ext_dat.h" - -main() -{ - int i, prev = -1, bad = 0; - X509V3_EXT_METHOD **tmp; - i = OSSL_NELEM(standard_exts); - if (i != STANDARD_EXTENSION_COUNT) - fprintf(stderr, "Extension number invalid expecting %d\n", i); - tmp = standard_exts; - for (i = 0; i < STANDARD_EXTENSION_COUNT; i++, tmp++) { - if ((*tmp)->ext_nid < prev) - bad = 1; - prev = (*tmp)->ext_nid; - - } - if (bad) { - tmp = standard_exts; - fprintf(stderr, "Extensions out of order!\n"); - for (i = 0; i < STANDARD_EXTENSION_COUNT; i++, tmp++) - printf("%d : %s\n", (*tmp)->ext_nid, OBJ_nid2sn((*tmp)->ext_nid)); - } else - fprintf(stderr, "Order OK\n"); -} diff --git a/crypto/x509v3/v3_lib.c b/crypto/x509v3/v3_lib.c index a3ca720..d905800 100644 --- a/crypto/x509v3/v3_lib.c +++ b/crypto/x509v3/v3_lib.c @@ -47,73 +47,7 @@ DECLARE_OBJ_BSEARCH_CMP_FN(const X509V3_EXT_METHOD *, IMPLEMENT_OBJ_BSEARCH_CMP_FN(const X509V3_EXT_METHOD *, const X509V3_EXT_METHOD *, ext); -/* - * This table will be searched using OBJ_bsearch so it *must* kept in order - * of the ext_nid values. - */ - -static const X509V3_EXT_METHOD *standard_exts[] = { - &v3_nscert, - &v3_ns_ia5_list[0], - &v3_ns_ia5_list[1], - &v3_ns_ia5_list[2], - &v3_ns_ia5_list[3], - &v3_ns_ia5_list[4], - &v3_ns_ia5_list[5], - &v3_ns_ia5_list[6], - &v3_skey_id, - &v3_key_usage, - &v3_pkey_usage_period, - &v3_alt[0], - &v3_alt[1], - &v3_bcons, - &v3_crl_num, - &v3_cpols, - &v3_akey_id, - &v3_crld, - &v3_ext_ku, - &v3_delta_crl, - &v3_crl_reason, -#ifndef OPENSSL_NO_OCSP - &v3_crl_invdate, -#endif - &v3_sxnet, - &v3_info, -#ifndef OPENSSL_NO_RFC3779 - &v3_addr, - &v3_asid, -#endif -#ifndef OPENSSL_NO_OCSP - &v3_ocsp_nonce, - &v3_ocsp_crlid, - &v3_ocsp_accresp, - &v3_ocsp_nocheck, - &v3_ocsp_acutoff, - &v3_ocsp_serviceloc, -#endif - &v3_sinfo, - &v3_policy_constraints, -#ifndef OPENSSL_NO_OCSP - &v3_crl_hold, -#endif - &v3_pci, - &v3_name_constraints, - &v3_policy_mappings, - &v3_inhibit_anyp, - &v3_idp, - &v3_alt[2], - &v3_freshest_crl, -#ifndef OPENSSL_NO_CT - &v3_ct_scts[0], - &v3_ct_scts[1], - &v3_ct_scts[2], -#endif - &v3_tls_feature, -}; - -/* Number of standard extensions */ - -#define STANDARD_EXTENSION_COUNT OSSL_NELEM(standard_exts) +#include "standard_exts.h" const X509V3_EXT_METHOD *X509V3_EXT_get_nid(int nid) { diff --git a/crypto/x509v3/v3conf.c b/crypto/x509v3/v3conf.c deleted file mode 100644 index 966ab90..0000000 --- a/crypto/x509v3/v3conf.c +++ /dev/null @@ -1,79 +0,0 @@ -/* - * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the OpenSSL license (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#include -#include "internal/cryptlib.h" -#include -#include -#include -#include - -/* Test application to add extensions from a config file */ - -int main(int argc, char **argv) -{ - LHASH *conf; - X509 *cert; - FILE *inf; - char *conf_file; - int i; - int count; - X509_EXTENSION *ext; - X509V3_add_standard_extensions(); - ERR_load_crypto_strings(); - if (!argv[1]) { - fprintf(stderr, "Usage: v3conf cert.pem [file.cnf]\n"); - exit(1); - } - conf_file = argv[2]; - if (!conf_file) - conf_file = "test.cnf"; - conf = CONF_load(NULL, "test.cnf", NULL); - if (!conf) { - fprintf(stderr, "Error opening Config file %s\n", conf_file); - ERR_print_errors_fp(stderr); - exit(1); - } - - inf = fopen(argv[1], "r"); - if (!inf) { - fprintf(stderr, "Can't open certificate file %s\n", argv[1]); - exit(1); - } - cert = PEM_read_X509(inf, NULL, NULL); - if (!cert) { - fprintf(stderr, "Error reading certificate file %s\n", argv[1]); - exit(1); - } - fclose(inf); - - sk_pop_free(cert->cert_info->extensions, X509_EXTENSION_free); - cert->cert_info->extensions = NULL; - - if (!X509V3_EXT_add_conf(conf, NULL, "test_section", cert)) { - fprintf(stderr, "Error adding extensions\n"); - ERR_print_errors_fp(stderr); - exit(1); - } - - count = X509_get_ext_count(cert); - printf("%d extensions\n", count); - for (i = 0; i < count; i++) { - ext = X509_get_ext(cert, i); - printf("%s", OBJ_nid2ln(OBJ_obj2nid(ext->object))); - if (ext->critical) - printf(",critical:\n"); - else - printf(":\n"); - X509V3_EXT_print_fp(stdout, ext, 0, 0); - printf("\n"); - - } - return 0; -} diff --git a/crypto/x509v3/v3prin.c b/crypto/x509v3/v3prin.c deleted file mode 100644 index 7431a4e..0000000 --- a/crypto/x509v3/v3prin.c +++ /dev/null @@ -1,50 +0,0 @@ -/* - * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the OpenSSL license (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#include -#include -#include -#include -#include - -int main(int argc, char **argv) -{ - X509 *cert; - FILE *inf; - int i, count; - X509_EXTENSION *ext; - - X509V3_add_standard_extensions(); - ERR_load_crypto_strings(); - if (!argv[1]) { - fprintf(stderr, "Usage v3prin cert.pem\n"); - exit(1); - } - if ((inf = fopen(argv[1], "r")) == NULL) { - fprintf(stderr, "Can't open %s\n", argv[1]); - exit(1); - } - if ((cert = PEM_read_X509(inf, NULL, NULL)) == NULL) { - fprintf(stderr, "Can't read certificate %s\n", argv[1]); - ERR_print_errors_fp(stderr); - exit(1); - } - fclose(inf); - count = X509_get_ext_count(cert); - printf("%d extensions\n", count); - for (i = 0; i < count; i++) { - ext = X509_get_ext(cert, i); - printf("%s\n", OBJ_nid2ln(OBJ_obj2nid(ext->object))); - if (!X509V3_EXT_print_fp(stdout, ext, 0, 0)) - ERR_print_errors_fp(stderr); - printf("\n"); - - } - return 0; -} diff --git a/include/openssl/modes.h b/include/openssl/modes.h index a04c6a5..d544f98 100644 --- a/include/openssl/modes.h +++ b/include/openssl/modes.h @@ -7,11 +7,14 @@ * https://www.openssl.org/source/license.html */ -#include +#ifndef HEADER_MODES_H +# define HEADER_MODES_H -#ifdef __cplusplus +# include + +# ifdef __cplusplus extern "C" { -#endif +# endif typedef void (*block128_f) (const unsigned char in[16], unsigned char out[16], const void *key); @@ -166,7 +169,7 @@ size_t CRYPTO_128_unwrap_pad(void *key, const unsigned char *icv, unsigned char *out, const unsigned char *in, size_t inlen, block128_f block); -#ifndef OPENSSL_NO_OCB +# ifndef OPENSSL_NO_OCB typedef struct ocb128_context OCB128_CONTEXT; typedef void (*ocb128_f) (const unsigned char *in, unsigned char *out, @@ -196,8 +199,10 @@ int CRYPTO_ocb128_finish(OCB128_CONTEXT *ctx, const unsigned char *tag, size_t len); int CRYPTO_ocb128_tag(OCB128_CONTEXT *ctx, unsigned char *tag, size_t len); void CRYPTO_ocb128_cleanup(OCB128_CONTEXT *ctx); -#endif /* OPENSSL_NO_OCB */ +# endif /* OPENSSL_NO_OCB */ -#ifdef __cplusplus +# ifdef __cplusplus } +# endif + #endif diff --git a/test/asn1_internal_test.c b/test/asn1_internal_test.c new file mode 100644 index 0000000..fc0ac20 --- /dev/null +++ b/test/asn1_internal_test.c @@ -0,0 +1,152 @@ +/* + * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +/* Internal tests for the asn1 module */ + +#include +#include + +#include +#include +#include +#include "testutil.h" +#include "e_os.h" + +typedef struct { + const char *test_case_name; + const char *test_section; +} SIMPLE_FIXTURE; + +/********************************************************************** + * + * Test of a_strnid's tbl_standard + * + ***/ + +static SIMPLE_FIXTURE setup_tbl_standard(const char *const test_case_name) +{ + SIMPLE_FIXTURE fixture; + fixture.test_case_name = test_case_name; + return fixture; +} + +#include "../crypto/asn1/tbl_standard.h" + +static int execute_tbl_standard(SIMPLE_FIXTURE fixture) +{ + const ASN1_STRING_TABLE *tmp; + int last_nid = -1; + size_t i; + + for (tmp = tbl_standard, i = 0; i < OSSL_NELEM(tbl_standard); i++, tmp++) { + if (tmp->nid < last_nid) { + last_nid = 0; + break; + } + last_nid = tmp->nid; + } + + if (last_nid != 0) { + fprintf(stderr, "%s: Table order OK\n", fixture.test_section); + return 1; + } + + for (tmp = tbl_standard, i = 0; i < OSSL_NELEM(tbl_standard); i++, tmp++) + fprintf(stderr, "%s: Index %" OSSLzu ", NID %d, Name=%s\n", + fixture.test_section, i, tmp->nid, OBJ_nid2ln(tmp->nid)); + + return 0; +} + +static void teardown_tbl_standard(SIMPLE_FIXTURE fixture) +{ + ERR_print_errors_fp(stderr); +} + +/********************************************************************** + * + * Test of ameth_lib's standard_methods + * + ***/ + +static SIMPLE_FIXTURE setup_standard_methods(const char *const test_case_name) +{ + SIMPLE_FIXTURE fixture; + fixture.test_case_name = test_case_name; + return fixture; +} + +#include "internal/asn1_int.h" +#include "../crypto/asn1/standard_methods.h" + +static int execute_standard_methods(SIMPLE_FIXTURE fixture) +{ + const EVP_PKEY_ASN1_METHOD **tmp; + int last_pkey_id = -1; + size_t i; + + for (tmp = standard_methods, i = 0; i < OSSL_NELEM(standard_methods); + i++, tmp++) { + if ((*tmp)->pkey_id < last_pkey_id) { + last_pkey_id = 0; + break; + } + last_pkey_id = (*tmp)->pkey_id; + } + + if (last_pkey_id != 0) { + fprintf(stderr, "%s: Table order OK\n", fixture.test_section); + return 1; + } + + for (tmp = standard_methods, i = 0; i < OSSL_NELEM(standard_methods); + i++, tmp++) + fprintf(stderr, "%s: Index %" OSSLzu ", pkey ID %d, Name=%s\n", + fixture.test_section, i, (*tmp)->pkey_id, + OBJ_nid2sn((*tmp)->pkey_id)); + + return 0; +} + +static void teardown_standard_methods(SIMPLE_FIXTURE fixture) +{ + ERR_print_errors_fp(stderr); +} + +/********************************************************************** + * + * Test driver + * + ***/ + +static struct { + const char *section; + SIMPLE_FIXTURE (*setup)(const char *const test_case_name); + int (*execute)(SIMPLE_FIXTURE); + void (*teardown)(SIMPLE_FIXTURE); +} tests[] = { + {"asn1 tlb_standard", setup_tbl_standard, execute_tbl_standard, + teardown_tbl_standard}, + {"asn1 standard_methods", setup_standard_methods, execute_standard_methods, + teardown_standard_methods} +}; + +static int drive_tests(int idx) +{ + SETUP_TEST_FIXTURE(SIMPLE_FIXTURE, tests[idx].setup); + fixture.test_section = tests[idx].section; + EXECUTE_TEST(tests[idx].execute, tests[idx].teardown); +} + +int main(int argc, char **argv) +{ + ADD_ALL_TESTS(drive_tests, OSSL_NELEM(tests)); + + return run_tests(argv[0]); +} diff --git a/test/build.info b/test/build.info index aa9b933..46403ea 100644 --- a/test/build.info +++ b/test/build.info @@ -298,6 +298,86 @@ IF[{- !$disabled{tests} -}] INCLUDE[cipher_overhead_test]=.. ../include DEPEND[cipher_overhead_test]=../libcrypto ../libssl ENDIF + + # Internal test programs. These are essentially a collection of internal + # test routines. Because they sometimes need to reach internal symbols that + # aren't available through the shared library (at least on Linux, Solaris, + # Windows and VMS, where the exported symbols are those listed in util/*.num), + # these programs may be built on files directly picked from inside crypto/ + # or ssl/, to test using symbols that exist in those specific files. These + # programs will also be linked with libcrypto / libssl, so we don't pick + # out more specific files than necessary. + # This might mean we have multiply defined symbols, but since linking is + # ordered with object files first and libraries after, the symbols from the + # object files will be chosen before those in the libraries. This is handled + # properly by all linkers. + # Note that when building with static libraries, none of those extra files + # are needed, since all symbols are available anyway, regardless of what's + # listed in util/*.num. + PROGRAMS_NO_INST=asn1_internal_test modes_internal_test x509_internal_test + IF[{- !$disabled{mdc2} -}] + PROGRAMS_NO_INST=mdc2_internal_test + ENDIF + IF[{- !$disabled{poly1305} -}] + PROGRAMS_NO_INST=poly1305_internal_test + ENDIF + + SOURCE[poly1305_internal_test]=poly1305_internal_test.c testutil.c + IF[{- !$disabled{shared} -}] + SOURCE[poly1305_internal_test]= ../crypto/poly1305/poly1305.c \ + {- $target{poly1305_asm_src} ? "../crypto/poly1305/".$target{poly1305_asm_src} : "" -} \ + {- $target{cpuid_asm_src} ? "../crypto/".$target{cpuid_asm_src} : "" -} \ + ../crypto/cryptlib.c + ENDIF + INCLUDE[poly1305_internal_test]=.. ../include ../crypto/include + DEPEND[poly1305_internal_test]=../libcrypto + + SOURCE[asn1_internal_test]=asn1_internal_test.c testutil.c + IF[{- !$disabled{shared} -}] + SOURCE[asn1_internal_test]= ../crypto/asn1/a_strnid.c \ + ../crypto/rsa/rsa_ameth.c ../crypto/dsa/dsa_ameth.c \ + ../crypto/dh/dh_ameth.c ../crypto/ec/ec_ameth.c \ + ../crypto/hmac/hm_ameth.c ../crypto/cmac/cm_ameth.c \ + ../crypto/ec/ecx_meth.c ../crypto/ec/curve25519.c + ENDIF + INCLUDE[asn1_internal_test]=.. ../include ../crypto/include + DEPEND[asn1_internal_test]=../libcrypto + + SOURCE[modes_internal_test]=modes_internal_test.c testutil.c + IF[{- !$disabled{shared} -}] + SOURCE[modes_internal_test]= {- $target{cpuid_asm_src} + ? "../crypto/".$target{cpuid_asm_src} + : "" -} \ + ../crypto/cryptlib.c + ENDIF + INCLUDE[modes_internal_test]=.. ../include + DEPEND[modes_internal_test]=../libcrypto + + # The reason for the huge amount of directly included x509v3 files + # is that a table that is checked by x509_internal_test refers to + # structures that are spread all over those files. + SOURCE[x509_internal_test]=x509_internal_test.c testutil.c + IF[{- !$disabled{shared} -}] + SOURCE[x509_internal_test]= ../crypto/x509v3/v3_bitst.c \ + ../crypto/x509v3/v3_ia5.c ../crypto/x509v3/v3_skey.c \ + ../crypto/x509v3/v3_pku.c ../crypto/x509v3/v3_alt.c \ + ../crypto/x509v3/v3_bcons.c ../crypto/x509v3/v3_int.c \ + ../crypto/x509v3/v3_cpols.c ../crypto/x509v3/v3_akey.c \ + ../crypto/x509v3/v3_crld.c ../crypto/x509v3/v3_utl.c \ + ../crypto/x509v3/v3_extku.c ../crypto/x509v3/v3_enum.c \ + ../crypto/x509v3/v3_sxnet.c ../crypto/x509v3/v3_info.c \ + ../crypto/x509v3/v3_addr.c ../crypto/x509v3/v3_asid.c \ + ../crypto/x509v3/v3_pcons.c ../crypto/x509v3/v3_pmaps.c \ + ../crypto/x509v3/v3_pci.c ../crypto/x509v3/v3_ncons.c \ + ../crypto/x509v3/v3_tlsf.c ../crypto/ocsp/v3_ocsp.c \ + ../crypto/ct/ct_x509v3.c ../crypto/asn1/a_strex.c + ENDIF + INCLUDE[x509_internal_test]=.. ../include + DEPEND[x509_internal_test]=../libcrypto + + SOURCE[mdc2_internal_test]=mdc2_internal_test.c testutil.c + INCLUDE[mdc2_internal_test]=.. ../include + DEPEND[mdc2_internal_test]=../libcrypto ENDIF {- diff --git a/test/mdc2_internal_test.c b/test/mdc2_internal_test.c new file mode 100644 index 0000000..7f6a95c --- /dev/null +++ b/test/mdc2_internal_test.c @@ -0,0 +1,95 @@ +/* + * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +/* Internal tests for the mdc2 module */ + +#include +#include + +#include +#include "testutil.h" +#include "e_os.h" + +typedef struct { + const char *input; + const unsigned char expected[MDC2_DIGEST_LENGTH]; +} TESTDATA; + +typedef struct { + const char *case_name; + int num; + const TESTDATA *data; +} SIMPLE_FIXTURE; + +/********************************************************************** + * + * Test of mdc2 internal functions + * + ***/ + +static SIMPLE_FIXTURE setup_mdc2(const char *const test_case_name) +{ + SIMPLE_FIXTURE fixture; + fixture.case_name = test_case_name; + return fixture; +} + +static int execute_mdc2(SIMPLE_FIXTURE fixture) +{ + unsigned char md[MDC2_DIGEST_LENGTH]; + MDC2_CTX c; + + MDC2_Init(&c); + MDC2_Update(&c, (const unsigned char *)fixture.data->input, + strlen(fixture.data->input)); + MDC2_Final(&(md[0]), &c); + + if (memcmp(fixture.data->expected, md, MDC2_DIGEST_LENGTH)) { + fprintf(stderr, "mdc2 test %d: unexpected output\n", fixture.num); + return 0; + } + + return 1; +} + +static void teardown_mdc2(SIMPLE_FIXTURE fixture) +{ + ERR_print_errors_fp(stderr); +} + +/********************************************************************** + * + * Test driver + * + ***/ + +static TESTDATA tests[] = { + { + "Now is the time for all ", + { + 0x42, 0xE5, 0x0C, 0xD2, 0x24, 0xBA, 0xCE, 0xBA, + 0x76, 0x0B, 0xDD, 0x2B, 0xD4, 0x09, 0x28, 0x1A + } + } +}; + +static int drive_tests(int idx) +{ + SETUP_TEST_FIXTURE(SIMPLE_FIXTURE, setup_mdc2); + fixture.num = idx; + fixture.data = &tests[idx]; + EXECUTE_TEST(execute_mdc2, teardown_mdc2); +} + +int main(int argc, char **argv) +{ + ADD_ALL_TESTS(drive_tests, OSSL_NELEM(tests)); + + return run_tests(argv[0]); +} diff --git a/test/modes_internal_test.c b/test/modes_internal_test.c new file mode 100644 index 0000000..a1ed8c7 --- /dev/null +++ b/test/modes_internal_test.c @@ -0,0 +1,1085 @@ +/* + * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +/* Internal tests for the modes module */ + +#include +#include + +#include +#include +#include "../crypto/modes/modes_lcl.h" +#include "testutil.h" +#include "e_os.h" + +typedef struct { + size_t size; + const unsigned char *data; +} SIZED_DATA; + +/********************************************************************** + * + * Test of cts128 + * + ***/ + +typedef struct { + const char *case_name; + int num; + const AES_KEY *encrypt_key_schedule; + const AES_KEY *decrypt_key_schedule; + const unsigned char *input; + SIZED_DATA iv; + const SIZED_DATA *vector; +} CTS128_FIXTURE; + +static CTS128_FIXTURE setup_cts128(const char *const test_case_name) +{ + CTS128_FIXTURE fixture; + fixture.case_name = test_case_name; + return fixture; +} + +static int execute_cts128(CTS128_FIXTURE fixture) +{ + const unsigned char *test_iv = fixture.iv.data; + size_t test_iv_len = fixture.iv.size; + const unsigned char *vector = fixture.vector->data; + size_t len = fixture.vector->size; + const unsigned char *test_input = fixture.input; + const AES_KEY *encrypt_key_schedule = fixture.encrypt_key_schedule; + const AES_KEY *decrypt_key_schedule = fixture.decrypt_key_schedule; + unsigned char iv[16]; + unsigned char cleartext[64], ciphertext[64]; + size_t tail; + + fprintf(stderr, "vector_%" OSSLzu "\n", len); + fflush(stdout); + + if ((tail = len % 16) == 0) + tail = 16; + tail += 16; + + /* test block-based encryption */ + memcpy(iv, test_iv, test_iv_len); + CRYPTO_cts128_encrypt_block(test_input, ciphertext, len, + encrypt_key_schedule, iv, + (block128_f)AES_encrypt); + if (memcmp(ciphertext, vector, len)) { + fprintf(stderr, "block encrypt: output_%" OSSLzu " mismatch\n", len); + return 0; + } + if (memcmp(iv, vector + len - tail, sizeof(iv))) { + fprintf(stderr, "block encrypt: iv_%" OSSLzu " mismatch\n", len); + return 0; + } + + /* test block-based decryption */ + memcpy(iv, test_iv, test_iv_len); + CRYPTO_cts128_decrypt_block(ciphertext, cleartext, len, + decrypt_key_schedule, iv, + (block128_f)AES_decrypt); + if (memcmp(cleartext, test_input, len)) { + fprintf(stderr, "block decrypt: input_%" OSSLzu " mismatch\n", len); + return 0; + } + if (memcmp(iv, vector + len - tail, sizeof(iv))) { + fprintf(stderr, "block decrypt: iv_%" OSSLzu " mismatch\n", len); + return 0; + } + + /* test streamed encryption */ + memcpy(iv, test_iv, test_iv_len); + CRYPTO_cts128_encrypt(test_input, ciphertext, len, encrypt_key_schedule, + iv, (cbc128_f) AES_cbc_encrypt); + if (memcmp(ciphertext, vector, len)) { + fprintf(stderr, "stream encrypt: output_%" OSSLzu " mismatch\n", len); + return 0; + } + if (memcmp(iv, vector + len - tail, sizeof(iv))) { + fprintf(stderr, "stream encrypt: iv_%" OSSLzu " mismatch\n", len); + return 0; + } + + /* test streamed decryption */ + memcpy(iv, test_iv, test_iv_len); + CRYPTO_cts128_decrypt(ciphertext, cleartext, len, decrypt_key_schedule, iv, + (cbc128_f)AES_cbc_encrypt); + if (memcmp(cleartext, test_input, len)) { + fprintf(stderr, "stream decrypt: input_%" OSSLzu " mismatch\n", len); + return 0; + } + if (memcmp(iv, vector + len - tail, sizeof(iv))) { + fprintf(stderr, "stream decrypt: iv_%" OSSLzu " mismatch\n", len); + return 0; + } + + return 1; +} + +static int execute_cts128_nist(CTS128_FIXTURE fixture) +{ + const unsigned char *test_iv = fixture.iv.data; + size_t test_iv_len = fixture.iv.size; + const unsigned char *vector = fixture.vector->data; + size_t len = fixture.vector->size; + const unsigned char *test_input = fixture.input; + const AES_KEY *encrypt_key_schedule = fixture.encrypt_key_schedule; + const AES_KEY *decrypt_key_schedule = fixture.decrypt_key_schedule; + unsigned char iv[16]; + unsigned char cleartext[64], ciphertext[64], nistvector[64]; + size_t tail; + + fprintf(stderr, "nistvector_%" OSSLzu "\n", len); + fflush(stdout); + + if ((tail = len % 16) == 0) + tail = 16; + + len -= 16 + tail; + memcpy(nistvector, vector, len); + /* flip two last blocks */ + memcpy(nistvector + len, vector + len + 16, tail); + memcpy(nistvector + len + tail, vector + len, 16); + len += 16 + tail; + tail = 16; + + /* test block-based encryption */ + memcpy(iv, test_iv, test_iv_len); + CRYPTO_nistcts128_encrypt_block(test_input, ciphertext, len, + encrypt_key_schedule, iv, + (block128_f)AES_encrypt); + if (memcmp(ciphertext, nistvector, len)) { + fprintf(stderr, "output_%" OSSLzu " mismatch\n", len); + return 0; + } + if (memcmp(iv, nistvector + len - tail, sizeof(iv))) { + fprintf(stderr, "iv_%" OSSLzu " mismatch\n", len); + return 0; + } + + /* test block-based decryption */ + memcpy(iv, test_iv, test_iv_len); + CRYPTO_nistcts128_decrypt_block(ciphertext, cleartext, len, + decrypt_key_schedule, iv, + (block128_f)AES_decrypt); + if (memcmp(cleartext, test_input, len)) { + fprintf(stderr, "input_%" OSSLzu " mismatch\n", len); + return 0; + } + if (memcmp(iv, nistvector + len - tail, sizeof(iv))) { + fprintf(stderr, "iv_%" OSSLzu " mismatch\n", len); + return 0; + } + + /* test streamed encryption */ + memcpy(iv, test_iv, test_iv_len); + CRYPTO_nistcts128_encrypt(test_input, ciphertext, len, + encrypt_key_schedule, iv, + (cbc128_f)AES_cbc_encrypt); + if (memcmp(ciphertext, nistvector, len)) { + fprintf(stderr, "output_%" OSSLzu " mismatch\n", len); + return 0; + } + if (memcmp(iv, nistvector + len - tail, sizeof(iv))) { + fprintf(stderr, "iv_%" OSSLzu " mismatch\n", len); + return 0; + } + + /* test streamed decryption */ + memcpy(iv, test_iv, test_iv_len); + CRYPTO_nistcts128_decrypt(ciphertext, cleartext, len, decrypt_key_schedule, + iv, (cbc128_f)AES_cbc_encrypt); + if (memcmp(cleartext, test_input, len)) { + fprintf(stderr, "input_%" OSSLzu " mismatch\n", len); + return 0; + } + if (memcmp(iv, nistvector + len - tail, sizeof(iv))) { + fprintf(stderr, "iv_%" OSSLzu " mismatch\n", len); + return 0; + } + + return 1; +} + +static void teardown_cts128(CTS128_FIXTURE fixture) +{ + ERR_print_errors_fp(stderr); +} + +/********************************************************************** + * + * Test of gcm128 + * + ***/ + +typedef struct { + const char *case_name; + int num; + SIZED_DATA K; + SIZED_DATA IV; + SIZED_DATA A; + SIZED_DATA P; + SIZED_DATA C; + SIZED_DATA T; +} GCM128_FIXTURE; + +static GCM128_FIXTURE setup_gcm128(const char *const test_case_name) +{ + GCM128_FIXTURE fixture; + fixture.case_name = test_case_name; + return fixture; +} + +static int execute_gcm128(GCM128_FIXTURE fixture) +{ + unsigned char out[512]; + SIZED_DATA *K = &fixture.K; + SIZED_DATA *IV = &fixture.IV; + SIZED_DATA *A = &fixture.A; + SIZED_DATA *P = &fixture.P; + SIZED_DATA *C = &fixture.C; + SIZED_DATA *T = &fixture.T; + int n = fixture.num; + GCM128_CONTEXT ctx; + AES_KEY key; + int err = 0; + + AES_set_encrypt_key(K->data, K->size * 8, &key); + + CRYPTO_gcm128_init(&ctx, &key, (block128_f)AES_encrypt); + CRYPTO_gcm128_setiv(&ctx, IV->data, IV->size); + memset(out, 0, P->size); + if (A->data) + CRYPTO_gcm128_aad(&ctx, A->data, A->size); + if (P->data) + CRYPTO_gcm128_encrypt( &ctx, P->data, out, P->size); + if (CRYPTO_gcm128_finish(&ctx, T->data, 16) + || (C->data && memcmp(out, C->data, P->size))) + err++, fprintf(stderr, "encrypt test#%d failed.\n", n); + + CRYPTO_gcm128_setiv(&ctx, IV->data, IV->size); + memset(out, 0, P->size); + if (A->data) + CRYPTO_gcm128_aad(&ctx, A->data, A->size); + if (C->data) + CRYPTO_gcm128_decrypt(&ctx, C->data, out, P->size); + if (CRYPTO_gcm128_finish(&ctx, T->data, 16) + || (P->data && memcmp(out, P->data, P->size))) + err++, fprintf(stderr, "decrypt test#%d failed.\n", n); + + return err == 0; +} + +static void teardown_gcm128(GCM128_FIXTURE fixture) +{ + ERR_print_errors_fp(stderr); +} + +static void benchmark_gcm128(const unsigned char *K, size_t Klen, + const unsigned char *IV, size_t IVlen) +{ +#ifdef OPENSSL_CPUID_OBJ + GCM128_CONTEXT ctx; + AES_KEY key; + size_t start, gcm_t, ctr_t, OPENSSL_rdtsc(); + union { + u64 u; + u8 c[1024]; + } buf; + + AES_set_encrypt_key(K, Klen * 8, &key); + CRYPTO_gcm128_init(&ctx, &key, (block128_f) AES_encrypt); + CRYPTO_gcm128_setiv(&ctx, IV, IVlen); + + CRYPTO_gcm128_encrypt(&ctx, buf.c, buf.c, sizeof(buf)); + start = OPENSSL_rdtsc(); + CRYPTO_gcm128_encrypt(&ctx, buf.c, buf.c, sizeof(buf)); + gcm_t = OPENSSL_rdtsc() - start; + + CRYPTO_ctr128_encrypt(buf.c, buf.c, sizeof(buf), + &key, ctx.Yi.c, ctx.EKi.c, &ctx.mres, + (block128_f) AES_encrypt); + start = OPENSSL_rdtsc(); + CRYPTO_ctr128_encrypt(buf.c, buf.c, sizeof(buf), + &key, ctx.Yi.c, ctx.EKi.c, &ctx.mres, + (block128_f) AES_encrypt); + ctr_t = OPENSSL_rdtsc() - start; + + printf("%.2f-%.2f=%.2f\n", + gcm_t / (double)sizeof(buf), + ctr_t / (double)sizeof(buf), + (gcm_t - ctr_t) / (double)sizeof(buf)); +# ifdef GHASH + { + void (*gcm_ghash_p) (u64 Xi[2], const u128 Htable[16], + const u8 *inp, size_t len) = ctx.ghash; + + GHASH((&ctx), buf.c, sizeof(buf)); + start = OPENSSL_rdtsc(); + for (i = 0; i < 100; ++i) + GHASH((&ctx), buf.c, sizeof(buf)); + gcm_t = OPENSSL_rdtsc() - start; + printf("%.2f\n", gcm_t / (double)sizeof(buf) / (double)i); + } +# endif +#else + fprintf(stderr, + "Benchmarking of modes isn't available on this platform\n"); +#endif +} + +/********************************************************************** + * + * Test driver + * + ***/ + +/* cts128 test vectors from RFC 3962 */ +static const unsigned char cts128_test_key[16] = "chicken teriyaki"; +static const unsigned char cts128_test_input[64] = + "I would like the" " General Gau's C" + "hicken, please, " "and wonton soup."; +static const unsigned char cts128_test_iv[] = + { 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 }; + +static const unsigned char vector_17[17] = { + 0xc6, 0x35, 0x35, 0x68, 0xf2, 0xbf, 0x8c, 0xb4, + 0xd8, 0xa5, 0x80, 0x36, 0x2d, 0xa7, 0xff, 0x7f, + 0x97 +}; + +static const unsigned char vector_31[31] = { + 0xfc, 0x00, 0x78, 0x3e, 0x0e, 0xfd, 0xb2, 0xc1, + 0xd4, 0x45, 0xd4, 0xc8, 0xef, 0xf7, 0xed, 0x22, + 0x97, 0x68, 0x72, 0x68, 0xd6, 0xec, 0xcc, 0xc0, + 0xc0, 0x7b, 0x25, 0xe2, 0x5e, 0xcf, 0xe5 +}; + +static const unsigned char vector_32[32] = { + 0x39, 0x31, 0x25, 0x23, 0xa7, 0x86, 0x62, 0xd5, + 0xbe, 0x7f, 0xcb, 0xcc, 0x98, 0xeb, 0xf5, 0xa8, + 0x97, 0x68, 0x72, 0x68, 0xd6, 0xec, 0xcc, 0xc0, + 0xc0, 0x7b, 0x25, 0xe2, 0x5e, 0xcf, 0xe5, 0x84 +}; + +static const unsigned char vector_47[47] = { + 0x97, 0x68, 0x72, 0x68, 0xd6, 0xec, 0xcc, 0xc0, + 0xc0, 0x7b, 0x25, 0xe2, 0x5e, 0xcf, 0xe5, 0x84, + 0xb3, 0xff, 0xfd, 0x94, 0x0c, 0x16, 0xa1, 0x8c, + 0x1b, 0x55, 0x49, 0xd2, 0xf8, 0x38, 0x02, 0x9e, + 0x39, 0x31, 0x25, 0x23, 0xa7, 0x86, 0x62, 0xd5, + 0xbe, 0x7f, 0xcb, 0xcc, 0x98, 0xeb, 0xf5 +}; + +static const unsigned char vector_48[48] = { + 0x97, 0x68, 0x72, 0x68, 0xd6, 0xec, 0xcc, 0xc0, + 0xc0, 0x7b, 0x25, 0xe2, 0x5e, 0xcf, 0xe5, 0x84, + 0x9d, 0xad, 0x8b, 0xbb, 0x96, 0xc4, 0xcd, 0xc0, + 0x3b, 0xc1, 0x03, 0xe1, 0xa1, 0x94, 0xbb, 0xd8, + 0x39, 0x31, 0x25, 0x23, 0xa7, 0x86, 0x62, 0xd5, + 0xbe, 0x7f, 0xcb, 0xcc, 0x98, 0xeb, 0xf5, 0xa8 +}; + +static const unsigned char vector_64[64] = { + 0x97, 0x68, 0x72, 0x68, 0xd6, 0xec, 0xcc, 0xc0, + 0xc0, 0x7b, 0x25, 0xe2, 0x5e, 0xcf, 0xe5, 0x84, + 0x39, 0x31, 0x25, 0x23, 0xa7, 0x86, 0x62, 0xd5, + 0xbe, 0x7f, 0xcb, 0xcc, 0x98, 0xeb, 0xf5, 0xa8, + 0x48, 0x07, 0xef, 0xe8, 0x36, 0xee, 0x89, 0xa5, + 0x26, 0x73, 0x0d, 0xbc, 0x2f, 0x7b, 0xc8, 0x40, + 0x9d, 0xad, 0x8b, 0xbb, 0x96, 0xc4, 0xcd, 0xc0, + 0x3b, 0xc1, 0x03, 0xe1, 0xa1, 0x94, 0xbb, 0xd8 +}; + +#define CTS128_TEST_VECTOR(len) \ + { \ + sizeof(vector_##len), vector_##len \ + } +static const SIZED_DATA cts128_vectors[] = { + CTS128_TEST_VECTOR(17), + CTS128_TEST_VECTOR(31), + CTS128_TEST_VECTOR(32), + CTS128_TEST_VECTOR(47), + CTS128_TEST_VECTOR(48), + CTS128_TEST_VECTOR(64), +}; + +static AES_KEY *cts128_encrypt_key_schedule() +{ + static int init_key = 1; + static AES_KEY ks; + + if (init_key) { + AES_set_encrypt_key(cts128_test_key, 128, &ks); + init_key = 0; + } + return &ks; +} + +static AES_KEY *cts128_decrypt_key_schedule() +{ + static int init_key = 1; + static AES_KEY ks; + + if (init_key) { + AES_set_decrypt_key(cts128_test_key, 128, &ks); + init_key = 0; + } + return &ks; +} + +static int drive_cts128_tests(int idx) +{ + SETUP_TEST_FIXTURE(CTS128_FIXTURE, setup_cts128); + fixture.num = idx; + fixture.encrypt_key_schedule = cts128_encrypt_key_schedule(); + fixture.decrypt_key_schedule = cts128_decrypt_key_schedule(); + fixture.input = cts128_test_input; + fixture.iv.size = sizeof(cts128_test_iv); + fixture.iv.data = cts128_test_iv; + fixture.vector = &cts128_vectors[idx]; + EXECUTE_TEST(execute_cts128, teardown_cts128); +} + +static int drive_cts128_nist_tests(int idx) +{ + SETUP_TEST_FIXTURE(CTS128_FIXTURE, setup_cts128); + fixture.num = idx; + fixture.encrypt_key_schedule = cts128_encrypt_key_schedule(); + fixture.decrypt_key_schedule = cts128_decrypt_key_schedule(); + fixture.input = cts128_test_input; + fixture.iv.size = sizeof(cts128_test_iv); + fixture.iv.data = cts128_test_iv; + fixture.vector = &cts128_vectors[idx]; + EXECUTE_TEST(execute_cts128_nist, teardown_cts128); +} + +/* Test Case 1 */ +static const u8 K1[16], P1[] = { 0 }, A1[] = { 0 }, IV1[12], C1[] = { 0 }; +static const u8 T1[] = { + 0x58, 0xe2, 0xfc, 0xce, 0xfa, 0x7e, 0x30, 0x61, + 0x36, 0x7f, 0x1d, 0x57, 0xa4, 0xe7, 0x45, 0x5a +}; + +/* Test Case 2 */ +# define K2 K1 +# define A2 A1 +# define IV2 IV1 +static const u8 P2[16]; +static const u8 C2[] = { + 0x03, 0x88, 0xda, 0xce, 0x60, 0xb6, 0xa3, 0x92, + 0xf3, 0x28, 0xc2, 0xb9, 0x71, 0xb2, 0xfe, 0x78 +}; + +static const u8 T2[] = { + 0xab, 0x6e, 0x47, 0xd4, 0x2c, 0xec, 0x13, 0xbd, + 0xf5, 0x3a, 0x67, 0xb2, 0x12, 0x57, 0xbd, 0xdf +}; + +/* Test Case 3 */ +# define A3 A2 +static const u8 K3[] = { + 0xfe, 0xff, 0xe9, 0x92, 0x86, 0x65, 0x73, 0x1c, + 0x6d, 0x6a, 0x8f, 0x94, 0x67, 0x30, 0x83, 0x08 +}; + +static const u8 P3[] = { + 0xd9, 0x31, 0x32, 0x25, 0xf8, 0x84, 0x06, 0xe5, + 0xa5, 0x59, 0x09, 0xc5, 0xaf, 0xf5, 0x26, 0x9a, + 0x86, 0xa7, 0xa9, 0x53, 0x15, 0x34, 0xf7, 0xda, + 0x2e, 0x4c, 0x30, 0x3d, 0x8a, 0x31, 0x8a, 0x72, + 0x1c, 0x3c, 0x0c, 0x95, 0x95, 0x68, 0x09, 0x53, + 0x2f, 0xcf, 0x0e, 0x24, 0x49, 0xa6, 0xb5, 0x25, + 0xb1, 0x6a, 0xed, 0xf5, 0xaa, 0x0d, 0xe6, 0x57, + 0xba, 0x63, 0x7b, 0x39, 0x1a, 0xaf, 0xd2, 0x55 +}; + +static const u8 IV3[] = { + 0xca, 0xfe, 0xba, 0xbe, 0xfa, 0xce, 0xdb, 0xad, + 0xde, 0xca, 0xf8, 0x88 +}; + +static const u8 C3[] = { + 0x42, 0x83, 0x1e, 0xc2, 0x21, 0x77, 0x74, 0x24, + 0x4b, 0x72, 0x21, 0xb7, 0x84, 0xd0, 0xd4, 0x9c, + 0xe3, 0xaa, 0x21, 0x2f, 0x2c, 0x02, 0xa4, 0xe0, + 0x35, 0xc1, 0x7e, 0x23, 0x29, 0xac, 0xa1, 0x2e, + 0x21, 0xd5, 0x14, 0xb2, 0x54, 0x66, 0x93, 0x1c, + 0x7d, 0x8f, 0x6a, 0x5a, 0xac, 0x84, 0xaa, 0x05, + 0x1b, 0xa3, 0x0b, 0x39, 0x6a, 0x0a, 0xac, 0x97, + 0x3d, 0x58, 0xe0, 0x91, 0x47, 0x3f, 0x59, 0x85 +}; + +static const u8 T3[] = { + 0x4d, 0x5c, 0x2a, 0xf3, 0x27, 0xcd, 0x64, 0xa6, + 0x2c, 0xf3, 0x5a, 0xbd, 0x2b, 0xa6, 0xfa, 0xb4 +}; + +/* Test Case 4 */ +# define K4 K3 +# define IV4 IV3 +static const u8 P4[] = { + 0xd9, 0x31, 0x32, 0x25, 0xf8, 0x84, 0x06, 0xe5, + 0xa5, 0x59, 0x09, 0xc5, 0xaf, 0xf5, 0x26, 0x9a, + 0x86, 0xa7, 0xa9, 0x53, 0x15, 0x34, 0xf7, 0xda, + 0x2e, 0x4c, 0x30, 0x3d, 0x8a, 0x31, 0x8a, 0x72, + 0x1c, 0x3c, 0x0c, 0x95, 0x95, 0x68, 0x09, 0x53, + 0x2f, 0xcf, 0x0e, 0x24, 0x49, 0xa6, 0xb5, 0x25, + 0xb1, 0x6a, 0xed, 0xf5, 0xaa, 0x0d, 0xe6, 0x57, + 0xba, 0x63, 0x7b, 0x39 +}; + +static const u8 A4[] = { + 0xfe, 0xed, 0xfa, 0xce, 0xde, 0xad, 0xbe, 0xef, + 0xfe, 0xed, 0xfa, 0xce, 0xde, 0xad, 0xbe, 0xef, + 0xab, 0xad, 0xda, 0xd2 +}; + +static const u8 C4[] = { + 0x42, 0x83, 0x1e, 0xc2, 0x21, 0x77, 0x74, 0x24, + 0x4b, 0x72, 0x21, 0xb7, 0x84, 0xd0, 0xd4, 0x9c, + 0xe3, 0xaa, 0x21, 0x2f, 0x2c, 0x02, 0xa4, 0xe0, + 0x35, 0xc1, 0x7e, 0x23, 0x29, 0xac, 0xa1, 0x2e, + 0x21, 0xd5, 0x14, 0xb2, 0x54, 0x66, 0x93, 0x1c, + 0x7d, 0x8f, 0x6a, 0x5a, 0xac, 0x84, 0xaa, 0x05, + 0x1b, 0xa3, 0x0b, 0x39, 0x6a, 0x0a, 0xac, 0x97, + 0x3d, 0x58, 0xe0, 0x91 +}; + +static const u8 T4[] = { + 0x5b, 0xc9, 0x4f, 0xbc, 0x32, 0x21, 0xa5, 0xdb, + 0x94, 0xfa, 0xe9, 0x5a, 0xe7, 0x12, 0x1a, 0x47 +}; + +/* Test Case 5 */ +# define K5 K4 +# define P5 P4 +# define A5 A4 +static const u8 IV5[] = { + 0xca, 0xfe, 0xba, 0xbe, 0xfa, 0xce, 0xdb, 0xad +}; + +static const u8 C5[] = { + 0x61, 0x35, 0x3b, 0x4c, 0x28, 0x06, 0x93, 0x4a, + 0x77, 0x7f, 0xf5, 0x1f, 0xa2, 0x2a, 0x47, 0x55, + 0x69, 0x9b, 0x2a, 0x71, 0x4f, 0xcd, 0xc6, 0xf8, + 0x37, 0x66, 0xe5, 0xf9, 0x7b, 0x6c, 0x74, 0x23, + 0x73, 0x80, 0x69, 0x00, 0xe4, 0x9f, 0x24, 0xb2, + 0x2b, 0x09, 0x75, 0x44, 0xd4, 0x89, 0x6b, 0x42, + 0x49, 0x89, 0xb5, 0xe1, 0xeb, 0xac, 0x0f, 0x07, + 0xc2, 0x3f, 0x45, 0x98 +}; + +static const u8 T5[] = { + 0x36, 0x12, 0xd2, 0xe7, 0x9e, 0x3b, 0x07, 0x85, + 0x56, 0x1b, 0xe1, 0x4a, 0xac, 0xa2, 0xfc, 0xcb +}; + +/* Test Case 6 */ +# define K6 K5 +# define P6 P5 +# define A6 A5 +static const u8 IV6[] = { + 0x93, 0x13, 0x22, 0x5d, 0xf8, 0x84, 0x06, 0xe5, + 0x55, 0x90, 0x9c, 0x5a, 0xff, 0x52, 0x69, 0xaa, + 0x6a, 0x7a, 0x95, 0x38, 0x53, 0x4f, 0x7d, 0xa1, + 0xe4, 0xc3, 0x03, 0xd2, 0xa3, 0x18, 0xa7, 0x28, + 0xc3, 0xc0, 0xc9, 0x51, 0x56, 0x80, 0x95, 0x39, + 0xfc, 0xf0, 0xe2, 0x42, 0x9a, 0x6b, 0x52, 0x54, + 0x16, 0xae, 0xdb, 0xf5, 0xa0, 0xde, 0x6a, 0x57, + 0xa6, 0x37, 0xb3, 0x9b +}; + +static const u8 C6[] = { + 0x8c, 0xe2, 0x49, 0x98, 0x62, 0x56, 0x15, 0xb6, + 0x03, 0xa0, 0x33, 0xac, 0xa1, 0x3f, 0xb8, 0x94, + 0xbe, 0x91, 0x12, 0xa5, 0xc3, 0xa2, 0x11, 0xa8, + 0xba, 0x26, 0x2a, 0x3c, 0xca, 0x7e, 0x2c, 0xa7, + 0x01, 0xe4, 0xa9, 0xa4, 0xfb, 0xa4, 0x3c, 0x90, + 0xcc, 0xdc, 0xb2, 0x81, 0xd4, 0x8c, 0x7c, 0x6f, + 0xd6, 0x28, 0x75, 0xd2, 0xac, 0xa4, 0x17, 0x03, + 0x4c, 0x34, 0xae, 0xe5 +}; + +static const u8 T6[] = { + 0x61, 0x9c, 0xc5, 0xae, 0xff, 0xfe, 0x0b, 0xfa, + 0x46, 0x2a, 0xf4, 0x3c, 0x16, 0x99, 0xd0, 0x50 +}; + +/* Test Case 7 */ +static const u8 K7[24], P7[] = { 0 }, A7[] = { 0 }, IV7[12], C7[] = { 0 }; +static const u8 T7[] = { + 0xcd, 0x33, 0xb2, 0x8a, 0xc7, 0x73, 0xf7, 0x4b, + 0xa0, 0x0e, 0xd1, 0xf3, 0x12, 0x57, 0x24, 0x35 +}; + +/* Test Case 8 */ +# define K8 K7 +# define IV8 IV7 +# define A8 A7 +static const u8 P8[16]; +static const u8 C8[] = { + 0x98, 0xe7, 0x24, 0x7c, 0x07, 0xf0, 0xfe, 0x41, + 0x1c, 0x26, 0x7e, 0x43, 0x84, 0xb0, 0xf6, 0x00 +}; + +static const u8 T8[] = { + 0x2f, 0xf5, 0x8d, 0x80, 0x03, 0x39, 0x27, 0xab, + 0x8e, 0xf4, 0xd4, 0x58, 0x75, 0x14, 0xf0, 0xfb +}; + +/* Test Case 9 */ +# define A9 A8 +static const u8 K9[] = { + 0xfe, 0xff, 0xe9, 0x92, 0x86, 0x65, 0x73, 0x1c, + 0x6d, 0x6a, 0x8f, 0x94, 0x67, 0x30, 0x83, 0x08, + 0xfe, 0xff, 0xe9, 0x92, 0x86, 0x65, 0x73, 0x1c +}; + +static const u8 P9[] = { + 0xd9, 0x31, 0x32, 0x25, 0xf8, 0x84, 0x06, 0xe5, + 0xa5, 0x59, 0x09, 0xc5, 0xaf, 0xf5, 0x26, 0x9a, + 0x86, 0xa7, 0xa9, 0x53, 0x15, 0x34, 0xf7, 0xda, + 0x2e, 0x4c, 0x30, 0x3d, 0x8a, 0x31, 0x8a, 0x72, + 0x1c, 0x3c, 0x0c, 0x95, 0x95, 0x68, 0x09, 0x53, + 0x2f, 0xcf, 0x0e, 0x24, 0x49, 0xa6, 0xb5, 0x25, + 0xb1, 0x6a, 0xed, 0xf5, 0xaa, 0x0d, 0xe6, 0x57, + 0xba, 0x63, 0x7b, 0x39, 0x1a, 0xaf, 0xd2, 0x55 +}; + +static const u8 IV9[] = { + 0xca, 0xfe, 0xba, 0xbe, 0xfa, 0xce, 0xdb, 0xad, + 0xde, 0xca, 0xf8, 0x88 +}; + +static const u8 C9[] = { + 0x39, 0x80, 0xca, 0x0b, 0x3c, 0x00, 0xe8, 0x41, + 0xeb, 0x06, 0xfa, 0xc4, 0x87, 0x2a, 0x27, 0x57, + 0x85, 0x9e, 0x1c, 0xea, 0xa6, 0xef, 0xd9, 0x84, + 0x62, 0x85, 0x93, 0xb4, 0x0c, 0xa1, 0xe1, 0x9c, + 0x7d, 0x77, 0x3d, 0x00, 0xc1, 0x44, 0xc5, 0x25, + 0xac, 0x61, 0x9d, 0x18, 0xc8, 0x4a, 0x3f, 0x47, + 0x18, 0xe2, 0x44, 0x8b, 0x2f, 0xe3, 0x24, 0xd9, + 0xcc, 0xda, 0x27, 0x10, 0xac, 0xad, 0xe2, 0x56 +}; + +static const u8 T9[] = { + 0x99, 0x24, 0xa7, 0xc8, 0x58, 0x73, 0x36, 0xbf, + 0xb1, 0x18, 0x02, 0x4d, 0xb8, 0x67, 0x4a, 0x14 +}; + +/* Test Case 10 */ +# define K10 K9 +# define IV10 IV9 +static const u8 P10[] = { + 0xd9, 0x31, 0x32, 0x25, 0xf8, 0x84, 0x06, 0xe5, + 0xa5, 0x59, 0x09, 0xc5, 0xaf, 0xf5, 0x26, 0x9a, + 0x86, 0xa7, 0xa9, 0x53, 0x15, 0x34, 0xf7, 0xda, + 0x2e, 0x4c, 0x30, 0x3d, 0x8a, 0x31, 0x8a, 0x72, + 0x1c, 0x3c, 0x0c, 0x95, 0x95, 0x68, 0x09, 0x53, + 0x2f, 0xcf, 0x0e, 0x24, 0x49, 0xa6, 0xb5, 0x25, + 0xb1, 0x6a, 0xed, 0xf5, 0xaa, 0x0d, 0xe6, 0x57, + 0xba, 0x63, 0x7b, 0x39 +}; + +static const u8 A10[] = { + 0xfe, 0xed, 0xfa, 0xce, 0xde, 0xad, 0xbe, 0xef, + 0xfe, 0xed, 0xfa, 0xce, 0xde, 0xad, 0xbe, 0xef, + 0xab, 0xad, 0xda, 0xd2 +}; + +static const u8 C10[] = { + 0x39, 0x80, 0xca, 0x0b, 0x3c, 0x00, 0xe8, 0x41, + 0xeb, 0x06, 0xfa, 0xc4, 0x87, 0x2a, 0x27, 0x57, + 0x85, 0x9e, 0x1c, 0xea, 0xa6, 0xef, 0xd9, 0x84, + 0x62, 0x85, 0x93, 0xb4, 0x0c, 0xa1, 0xe1, 0x9c, + 0x7d, 0x77, 0x3d, 0x00, 0xc1, 0x44, 0xc5, 0x25, + 0xac, 0x61, 0x9d, 0x18, 0xc8, 0x4a, 0x3f, 0x47, + 0x18, 0xe2, 0x44, 0x8b, 0x2f, 0xe3, 0x24, 0xd9, + 0xcc, 0xda, 0x27, 0x10 +}; + +static const u8 T10[] = { + 0x25, 0x19, 0x49, 0x8e, 0x80, 0xf1, 0x47, 0x8f, + 0x37, 0xba, 0x55, 0xbd, 0x6d, 0x27, 0x61, 0x8c +}; + +/* Test Case 11 */ +# define K11 K10 +# define P11 P10 +# define A11 A10 +static const u8 IV11[] = { 0xca, 0xfe, 0xba, 0xbe, 0xfa, 0xce, 0xdb, 0xad }; + +static const u8 C11[] = { + 0x0f, 0x10, 0xf5, 0x99, 0xae, 0x14, 0xa1, 0x54, + 0xed, 0x24, 0xb3, 0x6e, 0x25, 0x32, 0x4d, 0xb8, + 0xc5, 0x66, 0x63, 0x2e, 0xf2, 0xbb, 0xb3, 0x4f, + 0x83, 0x47, 0x28, 0x0f, 0xc4, 0x50, 0x70, 0x57, + 0xfd, 0xdc, 0x29, 0xdf, 0x9a, 0x47, 0x1f, 0x75, + 0xc6, 0x65, 0x41, 0xd4, 0xd4, 0xda, 0xd1, 0xc9, + 0xe9, 0x3a, 0x19, 0xa5, 0x8e, 0x8b, 0x47, 0x3f, + 0xa0, 0xf0, 0x62, 0xf7 +}; + +static const u8 T11[] = { + 0x65, 0xdc, 0xc5, 0x7f, 0xcf, 0x62, 0x3a, 0x24, + 0x09, 0x4f, 0xcc, 0xa4, 0x0d, 0x35, 0x33, 0xf8 +}; + +/* Test Case 12 */ +# define K12 K11 +# define P12 P11 +# define A12 A11 +static const u8 IV12[] = { + 0x93, 0x13, 0x22, 0x5d, 0xf8, 0x84, 0x06, 0xe5, + 0x55, 0x90, 0x9c, 0x5a, 0xff, 0x52, 0x69, 0xaa, + 0x6a, 0x7a, 0x95, 0x38, 0x53, 0x4f, 0x7d, 0xa1, + 0xe4, 0xc3, 0x03, 0xd2, 0xa3, 0x18, 0xa7, 0x28, + 0xc3, 0xc0, 0xc9, 0x51, 0x56, 0x80, 0x95, 0x39, + 0xfc, 0xf0, 0xe2, 0x42, 0x9a, 0x6b, 0x52, 0x54, + 0x16, 0xae, 0xdb, 0xf5, 0xa0, 0xde, 0x6a, 0x57, + 0xa6, 0x37, 0xb3, 0x9b +}; + +static const u8 C12[] = { + 0xd2, 0x7e, 0x88, 0x68, 0x1c, 0xe3, 0x24, 0x3c, + 0x48, 0x30, 0x16, 0x5a, 0x8f, 0xdc, 0xf9, 0xff, + 0x1d, 0xe9, 0xa1, 0xd8, 0xe6, 0xb4, 0x47, 0xef, + 0x6e, 0xf7, 0xb7, 0x98, 0x28, 0x66, 0x6e, 0x45, + 0x81, 0xe7, 0x90, 0x12, 0xaf, 0x34, 0xdd, 0xd9, + 0xe2, 0xf0, 0x37, 0x58, 0x9b, 0x29, 0x2d, 0xb3, + 0xe6, 0x7c, 0x03, 0x67, 0x45, 0xfa, 0x22, 0xe7, + 0xe9, 0xb7, 0x37, 0x3b +}; + +static const u8 T12[] = { + 0xdc, 0xf5, 0x66, 0xff, 0x29, 0x1c, 0x25, 0xbb, + 0xb8, 0x56, 0x8f, 0xc3, 0xd3, 0x76, 0xa6, 0xd9 +}; + +/* Test Case 13 */ +static const u8 K13[32], P13[] = { 0 }, A13[] = { 0 }, IV13[12], C13[] = { 0 }; +static const u8 T13[] = { + 0x53, 0x0f, 0x8a, 0xfb, 0xc7, 0x45, 0x36, 0xb9, + 0xa9, 0x63, 0xb4, 0xf1, 0xc4, 0xcb, 0x73, 0x8b +}; + +/* Test Case 14 */ +# define K14 K13 +# define A14 A13 +static const u8 P14[16], IV14[12]; +static const u8 C14[] = { + 0xce, 0xa7, 0x40, 0x3d, 0x4d, 0x60, 0x6b, 0x6e, + 0x07, 0x4e, 0xc5, 0xd3, 0xba, 0xf3, 0x9d, 0x18 +}; + +static const u8 T14[] = { + 0xd0, 0xd1, 0xc8, 0xa7, 0x99, 0x99, 0x6b, 0xf0, + 0x26, 0x5b, 0x98, 0xb5, 0xd4, 0x8a, 0xb9, 0x19 +}; + +/* Test Case 15 */ +# define A15 A14 +static const u8 K15[] = { + 0xfe, 0xff, 0xe9, 0x92, 0x86, 0x65, 0x73, 0x1c, + 0x6d, 0x6a, 0x8f, 0x94, 0x67, 0x30, 0x83, 0x08, + 0xfe, 0xff, 0xe9, 0x92, 0x86, 0x65, 0x73, 0x1c, + 0x6d, 0x6a, 0x8f, 0x94, 0x67, 0x30, 0x83, 0x08 +}; + +static const u8 P15[] = { + 0xd9, 0x31, 0x32, 0x25, 0xf8, 0x84, 0x06, 0xe5, + 0xa5, 0x59, 0x09, 0xc5, 0xaf, 0xf5, 0x26, 0x9a, + 0x86, 0xa7, 0xa9, 0x53, 0x15, 0x34, 0xf7, 0xda, + 0x2e, 0x4c, 0x30, 0x3d, 0x8a, 0x31, 0x8a, 0x72, + 0x1c, 0x3c, 0x0c, 0x95, 0x95, 0x68, 0x09, 0x53, + 0x2f, 0xcf, 0x0e, 0x24, 0x49, 0xa6, 0xb5, 0x25, + 0xb1, 0x6a, 0xed, 0xf5, 0xaa, 0x0d, 0xe6, 0x57, + 0xba, 0x63, 0x7b, 0x39, 0x1a, 0xaf, 0xd2, 0x55 +}; + +static const u8 IV15[] = { + 0xca, 0xfe, 0xba, 0xbe, 0xfa, 0xce, 0xdb, 0xad, + 0xde, 0xca, 0xf8, 0x88 +}; + +static const u8 C15[] = { + 0x52, 0x2d, 0xc1, 0xf0, 0x99, 0x56, 0x7d, 0x07, + 0xf4, 0x7f, 0x37, 0xa3, 0x2a, 0x84, 0x42, 0x7d, + 0x64, 0x3a, 0x8c, 0xdc, 0xbf, 0xe5, 0xc0, 0xc9, + 0x75, 0x98, 0xa2, 0xbd, 0x25, 0x55, 0xd1, 0xaa, + 0x8c, 0xb0, 0x8e, 0x48, 0x59, 0x0d, 0xbb, 0x3d, + 0xa7, 0xb0, 0x8b, 0x10, 0x56, 0x82, 0x88, 0x38, + 0xc5, 0xf6, 0x1e, 0x63, 0x93, 0xba, 0x7a, 0x0a, + 0xbc, 0xc9, 0xf6, 0x62, 0x89, 0x80, 0x15, 0xad +}; + +static const u8 T15[] = { + 0xb0, 0x94, 0xda, 0xc5, 0xd9, 0x34, 0x71, 0xbd, + 0xec, 0x1a, 0x50, 0x22, 0x70, 0xe3, 0xcc, 0x6c +}; + +/* Test Case 16 */ +# define K16 K15 +# define IV16 IV15 +static const u8 P16[] = { + 0xd9, 0x31, 0x32, 0x25, 0xf8, 0x84, 0x06, 0xe5, + 0xa5, 0x59, 0x09, 0xc5, 0xaf, 0xf5, 0x26, 0x9a, + 0x86, 0xa7, 0xa9, 0x53, 0x15, 0x34, 0xf7, 0xda, + 0x2e, 0x4c, 0x30, 0x3d, 0x8a, 0x31, 0x8a, 0x72, + 0x1c, 0x3c, 0x0c, 0x95, 0x95, 0x68, 0x09, 0x53, + 0x2f, 0xcf, 0x0e, 0x24, 0x49, 0xa6, 0xb5, 0x25, + 0xb1, 0x6a, 0xed, 0xf5, 0xaa, 0x0d, 0xe6, 0x57, + 0xba, 0x63, 0x7b, 0x39 +}; + +static const u8 A16[] = { + 0xfe, 0xed, 0xfa, 0xce, 0xde, 0xad, 0xbe, 0xef, + 0xfe, 0xed, 0xfa, 0xce, 0xde, 0xad, 0xbe, 0xef, + 0xab, 0xad, 0xda, 0xd2 +}; + +static const u8 C16[] = { + 0x52, 0x2d, 0xc1, 0xf0, 0x99, 0x56, 0x7d, 0x07, + 0xf4, 0x7f, 0x37, 0xa3, 0x2a, 0x84, 0x42, 0x7d, + 0x64, 0x3a, 0x8c, 0xdc, 0xbf, 0xe5, 0xc0, 0xc9, + 0x75, 0x98, 0xa2, 0xbd, 0x25, 0x55, 0xd1, 0xaa, + 0x8c, 0xb0, 0x8e, 0x48, 0x59, 0x0d, 0xbb, 0x3d, + 0xa7, 0xb0, 0x8b, 0x10, 0x56, 0x82, 0x88, 0x38, + 0xc5, 0xf6, 0x1e, 0x63, 0x93, 0xba, 0x7a, 0x0a, + 0xbc, 0xc9, 0xf6, 0x62 +}; + +static const u8 T16[] = { + 0x76, 0xfc, 0x6e, 0xce, 0x0f, 0x4e, 0x17, 0x68, + 0xcd, 0xdf, 0x88, 0x53, 0xbb, 0x2d, 0x55, 0x1b +}; + +/* Test Case 17 */ +# define K17 K16 +# define P17 P16 +# define A17 A16 +static const u8 IV17[] = { 0xca, 0xfe, 0xba, 0xbe, 0xfa, 0xce, 0xdb, 0xad }; + +static const u8 C17[] = { + 0xc3, 0x76, 0x2d, 0xf1, 0xca, 0x78, 0x7d, 0x32, + 0xae, 0x47, 0xc1, 0x3b, 0xf1, 0x98, 0x44, 0xcb, + 0xaf, 0x1a, 0xe1, 0x4d, 0x0b, 0x97, 0x6a, 0xfa, + 0xc5, 0x2f, 0xf7, 0xd7, 0x9b, 0xba, 0x9d, 0xe0, + 0xfe, 0xb5, 0x82, 0xd3, 0x39, 0x34, 0xa4, 0xf0, + 0x95, 0x4c, 0xc2, 0x36, 0x3b, 0xc7, 0x3f, 0x78, + 0x62, 0xac, 0x43, 0x0e, 0x64, 0xab, 0xe4, 0x99, + 0xf4, 0x7c, 0x9b, 0x1f +}; + +static const u8 T17[] = { + 0x3a, 0x33, 0x7d, 0xbf, 0x46, 0xa7, 0x92, 0xc4, + 0x5e, 0x45, 0x49, 0x13, 0xfe, 0x2e, 0xa8, 0xf2 +}; + +/* Test Case 18 */ +# define K18 K17 +# define P18 P17 +# define A18 A17 +static const u8 IV18[] = { + 0x93, 0x13, 0x22, 0x5d, 0xf8, 0x84, 0x06, 0xe5, + 0x55, 0x90, 0x9c, 0x5a, 0xff, 0x52, 0x69, 0xaa, + 0x6a, 0x7a, 0x95, 0x38, 0x53, 0x4f, 0x7d, 0xa1, + 0xe4, 0xc3, 0x03, 0xd2, 0xa3, 0x18, 0xa7, 0x28, + 0xc3, 0xc0, 0xc9, 0x51, 0x56, 0x80, 0x95, 0x39, + 0xfc, 0xf0, 0xe2, 0x42, 0x9a, 0x6b, 0x52, 0x54, + 0x16, 0xae, 0xdb, 0xf5, 0xa0, 0xde, 0x6a, 0x57, + 0xa6, 0x37, 0xb3, 0x9b +}; + +static const u8 C18[] = { + 0x5a, 0x8d, 0xef, 0x2f, 0x0c, 0x9e, 0x53, 0xf1, + 0xf7, 0x5d, 0x78, 0x53, 0x65, 0x9e, 0x2a, 0x20, + 0xee, 0xb2, 0xb2, 0x2a, 0xaf, 0xde, 0x64, 0x19, + 0xa0, 0x58, 0xab, 0x4f, 0x6f, 0x74, 0x6b, 0xf4, + 0x0f, 0xc0, 0xc3, 0xb7, 0x80, 0xf2, 0x44, 0x45, + 0x2d, 0xa3, 0xeb, 0xf1, 0xc5, 0xd8, 0x2c, 0xde, + 0xa2, 0x41, 0x89, 0x97, 0x20, 0x0e, 0xf8, 0x2e, + 0x44, 0xae, 0x7e, 0x3f +}; + +static const u8 T18[] = { + 0xa4, 0x4a, 0x82, 0x66, 0xee, 0x1c, 0x8e, 0xb0, + 0xc8, 0xb5, 0xd4, 0xcf, 0x5a, 0xe9, 0xf1, 0x9a +}; + +/* Test Case 19 */ +# define K19 K1 +# define P19 P1 +# define IV19 IV1 +# define C19 C1 +static const u8 A19[] = { + 0xd9, 0x31, 0x32, 0x25, 0xf8, 0x84, 0x06, 0xe5, + 0xa5, 0x59, 0x09, 0xc5, 0xaf, 0xf5, 0x26, 0x9a, + 0x86, 0xa7, 0xa9, 0x53, 0x15, 0x34, 0xf7, 0xda, + 0x2e, 0x4c, 0x30, 0x3d, 0x8a, 0x31, 0x8a, 0x72, + 0x1c, 0x3c, 0x0c, 0x95, 0x95, 0x68, 0x09, 0x53, + 0x2f, 0xcf, 0x0e, 0x24, 0x49, 0xa6, 0xb5, 0x25, + 0xb1, 0x6a, 0xed, 0xf5, 0xaa, 0x0d, 0xe6, 0x57, + 0xba, 0x63, 0x7b, 0x39, 0x1a, 0xaf, 0xd2, 0x55, + 0x52, 0x2d, 0xc1, 0xf0, 0x99, 0x56, 0x7d, 0x07, + 0xf4, 0x7f, 0x37, 0xa3, 0x2a, 0x84, 0x42, 0x7d, + 0x64, 0x3a, 0x8c, 0xdc, 0xbf, 0xe5, 0xc0, 0xc9, + 0x75, 0x98, 0xa2, 0xbd, 0x25, 0x55, 0xd1, 0xaa, + 0x8c, 0xb0, 0x8e, 0x48, 0x59, 0x0d, 0xbb, 0x3d, + 0xa7, 0xb0, 0x8b, 0x10, 0x56, 0x82, 0x88, 0x38, + 0xc5, 0xf6, 0x1e, 0x63, 0x93, 0xba, 0x7a, 0x0a, + 0xbc, 0xc9, 0xf6, 0x62, 0x89, 0x80, 0x15, 0xad +}; + +static const u8 T19[] = { + 0x5f, 0xea, 0x79, 0x3a, 0x2d, 0x6f, 0x97, 0x4d, + 0x37, 0xe6, 0x8e, 0x0c, 0xb8, 0xff, 0x94, 0x92 +}; + +/* Test Case 20 */ +# define K20 K1 +# define A20 A1 +/* this results in 0xff in counter LSB */ +static const u8 IV20[64] = { 0xff, 0xff, 0xff, 0xff }; + +static const u8 P20[288]; +static const u8 C20[] = { + 0x56, 0xb3, 0x37, 0x3c, 0xa9, 0xef, 0x6e, 0x4a, + 0x2b, 0x64, 0xfe, 0x1e, 0x9a, 0x17, 0xb6, 0x14, + 0x25, 0xf1, 0x0d, 0x47, 0xa7, 0x5a, 0x5f, 0xce, + 0x13, 0xef, 0xc6, 0xbc, 0x78, 0x4a, 0xf2, 0x4f, + 0x41, 0x41, 0xbd, 0xd4, 0x8c, 0xf7, 0xc7, 0x70, + 0x88, 0x7a, 0xfd, 0x57, 0x3c, 0xca, 0x54, 0x18, + 0xa9, 0xae, 0xff, 0xcd, 0x7c, 0x5c, 0xed, 0xdf, + 0xc6, 0xa7, 0x83, 0x97, 0xb9, 0xa8, 0x5b, 0x49, + 0x9d, 0xa5, 0x58, 0x25, 0x72, 0x67, 0xca, 0xab, + 0x2a, 0xd0, 0xb2, 0x3c, 0xa4, 0x76, 0xa5, 0x3c, + 0xb1, 0x7f, 0xb4, 0x1c, 0x4b, 0x8b, 0x47, 0x5c, + 0xb4, 0xf3, 0xf7, 0x16, 0x50, 0x94, 0xc2, 0x29, + 0xc9, 0xe8, 0xc4, 0xdc, 0x0a, 0x2a, 0x5f, 0xf1, + 0x90, 0x3e, 0x50, 0x15, 0x11, 0x22, 0x13, 0x76, + 0xa1, 0xcd, 0xb8, 0x36, 0x4c, 0x50, 0x61, 0xa2, + 0x0c, 0xae, 0x74, 0xbc, 0x4a, 0xcd, 0x76, 0xce, + 0xb0, 0xab, 0xc9, 0xfd, 0x32, 0x17, 0xef, 0x9f, + 0x8c, 0x90, 0xbe, 0x40, 0x2d, 0xdf, 0x6d, 0x86, + 0x97, 0xf4, 0xf8, 0x80, 0xdf, 0xf1, 0x5b, 0xfb, + 0x7a, 0x6b, 0x28, 0x24, 0x1e, 0xc8, 0xfe, 0x18, + 0x3c, 0x2d, 0x59, 0xe3, 0xf9, 0xdf, 0xff, 0x65, + 0x3c, 0x71, 0x26, 0xf0, 0xac, 0xb9, 0xe6, 0x42, + 0x11, 0xf4, 0x2b, 0xae, 0x12, 0xaf, 0x46, 0x2b, + 0x10, 0x70, 0xbe, 0xf1, 0xab, 0x5e, 0x36, 0x06, + 0x87, 0x2c, 0xa1, 0x0d, 0xee, 0x15, 0xb3, 0x24, + 0x9b, 0x1a, 0x1b, 0x95, 0x8f, 0x23, 0x13, 0x4c, + 0x4b, 0xcc, 0xb7, 0xd0, 0x32, 0x00, 0xbc, 0xe4, + 0x20, 0xa2, 0xf8, 0xeb, 0x66, 0xdc, 0xf3, 0x64, + 0x4d, 0x14, 0x23, 0xc1, 0xb5, 0x69, 0x90, 0x03, + 0xc1, 0x3e, 0xce, 0xf4, 0xbf, 0x38, 0xa3, 0xb6, + 0x0e, 0xed, 0xc3, 0x40, 0x33, 0xba, 0xc1, 0x90, + 0x27, 0x83, 0xdc, 0x6d, 0x89, 0xe2, 0xe7, 0x74, + 0x18, 0x8a, 0x43, 0x9c, 0x7e, 0xbc, 0xc0, 0x67, + 0x2d, 0xbd, 0xa4, 0xdd, 0xcf, 0xb2, 0x79, 0x46, + 0x13, 0xb0, 0xbe, 0x41, 0x31, 0x5e, 0xf7, 0x78, + 0x70, 0x8a, 0x70, 0xee, 0x7d, 0x75, 0x16, 0x5c +}; + +static const u8 T20[] = { + 0x8b, 0x30, 0x7f, 0x6b, 0x33, 0x28, 0x6d, 0x0a, + 0xb0, 0x26, 0xa9, 0xed, 0x3f, 0xe1, 0xe8, 0x5f +}; + +#define GCM128_TEST_VECTOR(n) \ + { \ + {sizeof(K##n), K##n}, \ + {sizeof(IV##n), IV##n}, \ + {sizeof(A##n), A##n}, \ + {sizeof(P##n), P##n}, \ + {sizeof(C##n), C##n}, \ + {sizeof(T##n), T##n} \ + } +static struct gcm128_data { + const SIZED_DATA K; + const SIZED_DATA IV; + const SIZED_DATA A; + const SIZED_DATA P; + const SIZED_DATA C; + const SIZED_DATA T; +} gcm128_vectors[] = { + GCM128_TEST_VECTOR(1), + GCM128_TEST_VECTOR(2), + GCM128_TEST_VECTOR(3), + GCM128_TEST_VECTOR(4), + GCM128_TEST_VECTOR(5), + GCM128_TEST_VECTOR(6), + GCM128_TEST_VECTOR(7), + GCM128_TEST_VECTOR(8), + GCM128_TEST_VECTOR(9), + GCM128_TEST_VECTOR(10), + GCM128_TEST_VECTOR(11), + GCM128_TEST_VECTOR(12), + GCM128_TEST_VECTOR(13), + GCM128_TEST_VECTOR(14), + GCM128_TEST_VECTOR(15), + GCM128_TEST_VECTOR(16), + GCM128_TEST_VECTOR(17), + GCM128_TEST_VECTOR(18), + GCM128_TEST_VECTOR(19), + GCM128_TEST_VECTOR(20) +}; + +static int drive_gcm128_tests(int idx) +{ + SETUP_TEST_FIXTURE(GCM128_FIXTURE, setup_gcm128); + fixture.num = idx; + fixture.K.size = gcm128_vectors[idx].K.size; + fixture.K.data = fixture.K.size == 1 ? NULL : gcm128_vectors[idx].K.data; + fixture.IV.size = gcm128_vectors[idx].IV.size; + fixture.IV.data = fixture.IV.size == 1 ? NULL : gcm128_vectors[idx].IV.data; + fixture.A.size = gcm128_vectors[idx].A.size; + fixture.A.data = fixture.A.size == 1 ? NULL : gcm128_vectors[idx].A.data; + fixture.P.size = gcm128_vectors[idx].P.size; + fixture.P.data = fixture.P.size == 1 ? NULL : gcm128_vectors[idx].P.data; + fixture.C.size = gcm128_vectors[idx].C.size; + fixture.C.data = fixture.C.size == 1 ? NULL : gcm128_vectors[idx].C.data; + fixture.T.size = gcm128_vectors[idx].T.size; + fixture.T.data = fixture.T.size == 1 ? NULL : gcm128_vectors[idx].T.data; + EXECUTE_TEST(execute_gcm128, teardown_gcm128); +} + +int main(int argc, char **argv) +{ + int result = 0; + int iter_argv; + int benchmark = 0; + + for (iter_argv = 1; iter_argv < argc; iter_argv++) { + if (strcmp(argv[iter_argv], "-b") == 0) + benchmark = 1; + else if (strcmp(argv[iter_argv], "-h") == 0) + goto help; + } + + ADD_ALL_TESTS(drive_cts128_tests, OSSL_NELEM(cts128_vectors)); + ADD_ALL_TESTS(drive_cts128_nist_tests, OSSL_NELEM(cts128_vectors)); + ADD_ALL_TESTS(drive_gcm128_tests, OSSL_NELEM(gcm128_vectors)); + + result = run_tests(argv[0]); + + if (benchmark) + benchmark_gcm128(K1, sizeof(K1), IV1, sizeof(IV1)); + + return result; + + help: + printf("-h\tThis help\n"); + printf("-b\tBenchmark gcm128 in addition to the tests\n"); + + return 0; +} diff --git a/test/poly1305_internal_test.c b/test/poly1305_internal_test.c new file mode 100644 index 0000000..e5e7457 --- /dev/null +++ b/test/poly1305_internal_test.c @@ -0,0 +1,1701 @@ +/* + * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +/* Internal tests for the poly1305 module */ + +#include +#include + +#include "testutil.h" +#include "internal/poly1305.h" +#include "../crypto/poly1305/poly1305_local.h" +#include "e_os.h" + +typedef struct { + size_t size; + const unsigned char data[1024]; +} SIZED_DATA; + +typedef struct { + SIZED_DATA input; + SIZED_DATA key; + SIZED_DATA expected; +} TESTDATA; + +typedef struct { + const char *test_case_name; + int test_num; + const TESTDATA *test_data; +} SIMPLE_FIXTURE; + +/********************************************************************** + * + * Test of poly1305 internal functions + * + ***/ + +static SIMPLE_FIXTURE setup_poly1305(const char *const test_case_name) +{ + SIMPLE_FIXTURE fixture; + fixture.test_case_name = test_case_name; + return fixture; +} + +/* TODO : hex decoder / encoder should be implemented in testutil.c */ +static void hexdump(const unsigned char *a, size_t len) +{ + size_t i; + + for (i = 0; i < len; i++) + fprintf(stderr, "%02x", a[i]); +} + +static int execute_poly1305(SIMPLE_FIXTURE fixture) +{ + POLY1305 poly1305; + unsigned int i = fixture.test_num; + const TESTDATA *test = fixture.test_data; + const unsigned char *in = test->input.data; + size_t inlen = test->input.size; + const unsigned char *key = test->key.data; + const unsigned char *expected = test->expected.data; + size_t expectedlen = test->expected.size; + unsigned char out[16]; + + if (expectedlen != sizeof(out)) + return 0; + + Poly1305_Init(&poly1305, key); + Poly1305_Update(&poly1305, in, inlen); + Poly1305_Final(&poly1305, out); + + if (memcmp(out, expected, expectedlen) != 0) { + fprintf(stderr, "Poly1305 test #%d failed.\n", i); + fprintf(stderr, "got: "); + hexdump(out, sizeof(out)); + fprintf(stderr, "\nexpected: "); + hexdump(expected, expectedlen); + fprintf(stderr, "\n"); + return 0; + } + + if (inlen > 16) { + Poly1305_Init(&poly1305, key); + Poly1305_Update(&poly1305, in, 1); + Poly1305_Update(&poly1305, in+1, inlen-1); + Poly1305_Final(&poly1305, out); + + if (memcmp(out, expected, expectedlen) != 0) { + fprintf(stderr, "Poly1305 test #%d/1+(N-1) failed.\n", i); + fprintf(stderr, "got: "); + hexdump(out, sizeof(out)); + fprintf(stderr, "\nexpected: "); + hexdump(expected, expectedlen); + fprintf(stderr, "\n"); + return 0; + } + } + + if (inlen > 32) { + size_t half = inlen / 2; + + Poly1305_Init(&poly1305, key); + Poly1305_Update(&poly1305, in, half); + Poly1305_Update(&poly1305, in+half, inlen-half); + Poly1305_Final(&poly1305, out); + + if (memcmp(out, expected, expectedlen) != 0) { + fprintf(stderr, "Poly1305 test #%d/2 failed.\n", i); + fprintf(stderr, "got: "); + hexdump(out, sizeof(out)); + fprintf(stderr, "\nexpected: "); + hexdump(expected, expectedlen); + fprintf(stderr, "\n"); + return 0; + } + + for (half = 16; half < inlen; half += 16) { + Poly1305_Init(&poly1305, key); + Poly1305_Update(&poly1305, in, half); + Poly1305_Update(&poly1305, in+half, inlen-half); + Poly1305_Final(&poly1305, out); + + if (memcmp(out, expected, expectedlen) != 0) { + fprintf(stderr, "Poly1305 test #%d/%" OSSLzu "+%" OSSLzu " failed.\n", + i, half, inlen-half); + fprintf(stderr, "got: "); + hexdump(out, sizeof(out)); + fprintf(stderr, "\nexpected: "); + hexdump(expected, expectedlen); + fprintf(stderr, "\n"); + return 0; + } + } + } + + return 1; +} + +static void teardown_poly1305(SIMPLE_FIXTURE fixture) +{ + ERR_print_errors_fp(stderr); +} + +static void benchmark_poly1305() +{ +# ifdef OPENSSL_CPUID_OBJ + POLY1305 poly1305; + unsigned char key[32]; + unsigned char buf[8192]; + unsigned long long stopwatch; + unsigned long long OPENSSL_rdtsc(); + unsigned int i; + + memset (buf,0x55,sizeof(buf)); + memset (key,0xAA,sizeof(key)); + + Poly1305_Init(&poly1305, key); + + for (i=0;i<100000;i++) + Poly1305_Update(&poly1305,buf,sizeof(buf)); + + stopwatch = OPENSSL_rdtsc(); + for (i=0;i<10000;i++) + Poly1305_Update(&poly1305,buf,sizeof(buf)); + stopwatch = OPENSSL_rdtsc() - stopwatch; + + printf("%g\n",stopwatch/(double)(i*sizeof(buf))); + + stopwatch = OPENSSL_rdtsc(); + for (i=0;i<10000;i++) { + Poly1305_Init(&poly1305, key); + Poly1305_Update(&poly1305,buf,16); + Poly1305_Final(&poly1305,buf); + } + stopwatch = OPENSSL_rdtsc() - stopwatch; + + printf("%g\n",stopwatch/(double)(i)); +# else + fprintf(stderr, + "Benchmarking of poly1305 isn't available on this platform\n"); +# endif +} + +/********************************************************************** + * + * Test driver + * + ***/ + +static TESTDATA tests[] = { + /* + * RFC7539 + */ + { + { + 34, + { + 0x43, 0x72, 0x79, 0x70, 0x74, 0x6f, 0x67, 0x72, + 0x61, 0x70, 0x68, 0x69, 0x63, 0x20, 0x46, 0x6f, + 0x72, 0x75, 0x6d, 0x20, 0x52, 0x65, 0x73, 0x65, + 0x61, 0x72, 0x63, 0x68, 0x20, 0x47, 0x72, 0x6f, + + 0x75, 0x70 + } + }, + { + 32, + { + 0x85, 0xd6, 0xbe, 0x78, 0x57, 0x55, 0x6d, 0x33, + 0x7f, 0x44, 0x52, 0xfe, 0x42, 0xd5, 0x06, 0xa8, + 0x01, 0x03, 0x80, 0x8a, 0xfb, 0x0d, 0xb2, 0xfd, + 0x4a, 0xbf, 0xf6, 0xaf, 0x41, 0x49, 0xf5, 0x1b + } + }, + { + 16, + { + 0xa8, 0x06, 0x1d, 0xc1, 0x30, 0x51, 0x36, 0xc6, + 0xc2, 0x2b, 0x8b, 0xaf, 0x0c, 0x01, 0x27, 0xa9 + } + } + }, + /* + * test vectors from "The Poly1305-AES message-authentication code" + */ + { + { + 2, + { + 0xf3, 0xf6 + } + }, + { + 32, + { + 0x85, 0x1f, 0xc4, 0x0c, 0x34, 0x67, 0xac, 0x0b, + 0xe0, 0x5c, 0xc2, 0x04, 0x04, 0xf3, 0xf7, 0x00, + 0x58, 0x0b, 0x3b, 0x0f, 0x94, 0x47, 0xbb, 0x1e, + 0x69, 0xd0, 0x95, 0xb5, 0x92, 0x8b, 0x6d, 0xbc + } + }, + { + 16, + { + 0xf4, 0xc6, 0x33, 0xc3, 0x04, 0x4f, 0xc1, 0x45, + 0xf8, 0x4f, 0x33, 0x5c, 0xb8, 0x19, 0x53, 0xde + } + } + }, + { + { + 0, + { + 0 + } + }, + { + 32, + { + 0xa0, 0xf3, 0x08, 0x00, 0x00, 0xf4, 0x64, 0x00, + 0xd0, 0xc7, 0xe9, 0x07, 0x6c, 0x83, 0x44, 0x03, + 0xdd, 0x3f, 0xab, 0x22, 0x51, 0xf1, 0x1a, 0xc7, + 0x59, 0xf0, 0x88, 0x71, 0x29, 0xcc, 0x2e, 0xe7 + } + }, + { + 16, + { + 0xdd, 0x3f, 0xab, 0x22, 0x51, 0xf1, 0x1a, 0xc7, + 0x59, 0xf0, 0x88, 0x71, 0x29, 0xcc, 0x2e, 0xe7 + } + } + }, + { + { + 32, + { + 0x66, 0x3c, 0xea, 0x19, 0x0f, 0xfb, 0x83, 0xd8, + 0x95, 0x93, 0xf3, 0xf4, 0x76, 0xb6, 0xbc, 0x24, + 0xd7, 0xe6, 0x79, 0x10, 0x7e, 0xa2, 0x6a, 0xdb, + 0x8c, 0xaf, 0x66, 0x52, 0xd0, 0x65, 0x61, 0x36 + } + }, + { + 32, + { + 0x48, 0x44, 0x3d, 0x0b, 0xb0, 0xd2, 0x11, 0x09, + 0xc8, 0x9a, 0x10, 0x0b, 0x5c, 0xe2, 0xc2, 0x08, + 0x83, 0x14, 0x9c, 0x69, 0xb5, 0x61, 0xdd, 0x88, + 0x29, 0x8a, 0x17, 0x98, 0xb1, 0x07, 0x16, 0xef + } + }, + { + 16, + { + 0x0e, 0xe1, 0xc1, 0x6b, 0xb7, 0x3f, 0x0f, 0x4f, + 0xd1, 0x98, 0x81, 0x75, 0x3c, 0x01, 0xcd, 0xbe + } + } + }, + { + { + 63, + { + 0xab, 0x08, 0x12, 0x72, 0x4a, 0x7f, 0x1e, 0x34, + 0x27, 0x42, 0xcb, 0xed, 0x37, 0x4d, 0x94, 0xd1, + 0x36, 0xc6, 0xb8, 0x79, 0x5d, 0x45, 0xb3, 0x81, + 0x98, 0x30, 0xf2, 0xc0, 0x44, 0x91, 0xfa, 0xf0, + + 0x99, 0x0c, 0x62, 0xe4, 0x8b, 0x80, 0x18, 0xb2, + 0xc3, 0xe4, 0xa0, 0xfa, 0x31, 0x34, 0xcb, 0x67, + 0xfa, 0x83, 0xe1, 0x58, 0xc9, 0x94, 0xd9, 0x61, + 0xc4, 0xcb, 0x21, 0x09, 0x5c, 0x1b, 0xf9 + } + }, + { + 32, + { + 0x12, 0x97, 0x6a, 0x08, 0xc4, 0x42, 0x6d, 0x0c, + 0xe8, 0xa8, 0x24, 0x07, 0xc4, 0xf4, 0x82, 0x07, + 0x80, 0xf8, 0xc2, 0x0a, 0xa7, 0x12, 0x02, 0xd1, + 0xe2, 0x91, 0x79, 0xcb, 0xcb, 0x55, 0x5a, 0x57 + } + }, + { + 16, + { + 0x51, 0x54, 0xad, 0x0d, 0x2c, 0xb2, 0x6e, 0x01, + 0x27, 0x4f, 0xc5, 0x11, 0x48, 0x49, 0x1f, 0x1b + } + }, + }, + /* + * self-generated vectors exercise "significant" lengths, such that + * are handled by different code paths + */ + { + { + 64, + { + 0xab, 0x08, 0x12, 0x72, 0x4a, 0x7f, 0x1e, 0x34, + 0x27, 0x42, 0xcb, 0xed, 0x37, 0x4d, 0x94, 0xd1, + 0x36, 0xc6, 0xb8, 0x79, 0x5d, 0x45, 0xb3, 0x81, + 0x98, 0x30, 0xf2, 0xc0, 0x44, 0x91, 0xfa, 0xf0, + + 0x99, 0x0c, 0x62, 0xe4, 0x8b, 0x80, 0x18, 0xb2, + 0xc3, 0xe4, 0xa0, 0xfa, 0x31, 0x34, 0xcb, 0x67, + 0xfa, 0x83, 0xe1, 0x58, 0xc9, 0x94, 0xd9, 0x61, + 0xc4, 0xcb, 0x21, 0x09, 0x5c, 0x1b, 0xf9, 0xaf + } + }, + { + 32, + { + 0x12, 0x97, 0x6a, 0x08, 0xc4, 0x42, 0x6d, 0x0c, + 0xe8, 0xa8, 0x24, 0x07, 0xc4, 0xf4, 0x82, 0x07, + 0x80, 0xf8, 0xc2, 0x0a, 0xa7, 0x12, 0x02, 0xd1, + 0xe2, 0x91, 0x79, 0xcb, 0xcb, 0x55, 0x5a, 0x57 + } + }, + { + 16, + { + 0x81, 0x20, 0x59, 0xa5, 0xda, 0x19, 0x86, 0x37, + 0xca, 0xc7, 0xc4, 0xa6, 0x31, 0xbe, 0xe4, 0x66 + } + }, + }, + { + { + 48, + { + 0xab, 0x08, 0x12, 0x72, 0x4a, 0x7f, 0x1e, 0x34, + 0x27, 0x42, 0xcb, 0xed, 0x37, 0x4d, 0x94, 0xd1, + 0x36, 0xc6, 0xb8, 0x79, 0x5d, 0x45, 0xb3, 0x81, + 0x98, 0x30, 0xf2, 0xc0, 0x44, 0x91, 0xfa, 0xf0, + + 0x99, 0x0c, 0x62, 0xe4, 0x8b, 0x80, 0x18, 0xb2, + 0xc3, 0xe4, 0xa0, 0xfa, 0x31, 0x34, 0xcb, 0x67 + } + }, + { + 32, + { + 0x12, 0x97, 0x6a, 0x08, 0xc4, 0x42, 0x6d, 0x0c, + 0xe8, 0xa8, 0x24, 0x07, 0xc4, 0xf4, 0x82, 0x07, + 0x80, 0xf8, 0xc2, 0x0a, 0xa7, 0x12, 0x02, 0xd1, + 0xe2, 0x91, 0x79, 0xcb, 0xcb, 0x55, 0x5a, 0x57 + + } + }, + { + 16, + { + 0x5b, 0x88, 0xd7, 0xf6, 0x22, 0x8b, 0x11, 0xe2, + 0xe2, 0x85, 0x79, 0xa5, 0xc0, 0xc1, 0xf7, 0x61 + } + }, + }, + { + { + 96, + { + 0xab, 0x08, 0x12, 0x72, 0x4a, 0x7f, 0x1e, 0x34, + 0x27, 0x42, 0xcb, 0xed, 0x37, 0x4d, 0x94, 0xd1, + 0x36, 0xc6, 0xb8, 0x79, 0x5d, 0x45, 0xb3, 0x81, + 0x98, 0x30, 0xf2, 0xc0, 0x44, 0x91, 0xfa, 0xf0, + + 0x99, 0x0c, 0x62, 0xe4, 0x8b, 0x80, 0x18, 0xb2, + 0xc3, 0xe4, 0xa0, 0xfa, 0x31, 0x34, 0xcb, 0x67, + 0xfa, 0x83, 0xe1, 0x58, 0xc9, 0x94, 0xd9, 0x61, + 0xc4, 0xcb, 0x21, 0x09, 0x5c, 0x1b, 0xf9, 0xaf, + + 0x66, 0x3c, 0xea, 0x19, 0x0f, 0xfb, 0x83, 0xd8, + 0x95, 0x93, 0xf3, 0xf4, 0x76, 0xb6, 0xbc, 0x24, + 0xd7, 0xe6, 0x79, 0x10, 0x7e, 0xa2, 0x6a, 0xdb, + 0x8c, 0xaf, 0x66, 0x52, 0xd0, 0x65, 0x61, 0x36 + } + }, + { + 32, + { + 0x12, 0x97, 0x6a, 0x08, 0xc4, 0x42, 0x6d, 0x0c, + 0xe8, 0xa8, 0x24, 0x07, 0xc4, 0xf4, 0x82, 0x07, + 0x80, 0xf8, 0xc2, 0x0a, 0xa7, 0x12, 0x02, 0xd1, + 0xe2, 0x91, 0x79, 0xcb, 0xcb, 0x55, 0x5a, 0x57 + } + }, + { + 16, + { + 0xbb, 0xb6, 0x13, 0xb2, 0xb6, 0xd7, 0x53, 0xba, + 0x07, 0x39, 0x5b, 0x91, 0x6a, 0xae, 0xce, 0x15 + } + }, + }, + { + { + 112, + { + 0xab, 0x08, 0x12, 0x72, 0x4a, 0x7f, 0x1e, 0x34, + 0x27, 0x42, 0xcb, 0xed, 0x37, 0x4d, 0x94, 0xd1, + 0x36, 0xc6, 0xb8, 0x79, 0x5d, 0x45, 0xb3, 0x81, + 0x98, 0x30, 0xf2, 0xc0, 0x44, 0x91, 0xfa, 0xf0, + + 0x99, 0x0c, 0x62, 0xe4, 0x8b, 0x80, 0x18, 0xb2, + 0xc3, 0xe4, 0xa0, 0xfa, 0x31, 0x34, 0xcb, 0x67, + 0xfa, 0x83, 0xe1, 0x58, 0xc9, 0x94, 0xd9, 0x61, + 0xc4, 0xcb, 0x21, 0x09, 0x5c, 0x1b, 0xf9, 0xaf, + + 0x48, 0x44, 0x3d, 0x0b, 0xb0, 0xd2, 0x11, 0x09, + 0xc8, 0x9a, 0x10, 0x0b, 0x5c, 0xe2, 0xc2, 0x08, + 0x83, 0x14, 0x9c, 0x69, 0xb5, 0x61, 0xdd, 0x88, + 0x29, 0x8a, 0x17, 0x98, 0xb1, 0x07, 0x16, 0xef, + + 0x66, 0x3c, 0xea, 0x19, 0x0f, 0xfb, 0x83, 0xd8, + 0x95, 0x93, 0xf3, 0xf4, 0x76, 0xb6, 0xbc, 0x24 + } + }, + { + 32, + { + 0x12, 0x97, 0x6a, 0x08, 0xc4, 0x42, 0x6d, 0x0c, + 0xe8, 0xa8, 0x24, 0x07, 0xc4, 0xf4, 0x82, 0x07, + 0x80, 0xf8, 0xc2, 0x0a, 0xa7, 0x12, 0x02, 0xd1, + 0xe2, 0x91, 0x79, 0xcb, 0xcb, 0x55, 0x5a, 0x57 + } + }, + { + 16, + { + 0xc7, 0x94, 0xd7, 0x05, 0x7d, 0x17, 0x78, 0xc4, + 0xbb, 0xee, 0x0a, 0x39, 0xb3, 0xd9, 0x73, 0x42 + } + }, + }, + { + { + 128, + { + 0xab, 0x08, 0x12, 0x72, 0x4a, 0x7f, 0x1e, 0x34, + 0x27, 0x42, 0xcb, 0xed, 0x37, 0x4d, 0x94, 0xd1, + 0x36, 0xc6, 0xb8, 0x79, 0x5d, 0x45, 0xb3, 0x81, + 0x98, 0x30, 0xf2, 0xc0, 0x44, 0x91, 0xfa, 0xf0, + + 0x99, 0x0c, 0x62, 0xe4, 0x8b, 0x80, 0x18, 0xb2, + 0xc3, 0xe4, 0xa0, 0xfa, 0x31, 0x34, 0xcb, 0x67, + 0xfa, 0x83, 0xe1, 0x58, 0xc9, 0x94, 0xd9, 0x61, + 0xc4, 0xcb, 0x21, 0x09, 0x5c, 0x1b, 0xf9, 0xaf, + + 0x48, 0x44, 0x3d, 0x0b, 0xb0, 0xd2, 0x11, 0x09, + 0xc8, 0x9a, 0x10, 0x0b, 0x5c, 0xe2, 0xc2, 0x08, + 0x83, 0x14, 0x9c, 0x69, 0xb5, 0x61, 0xdd, 0x88, + 0x29, 0x8a, 0x17, 0x98, 0xb1, 0x07, 0x16, 0xef, + + 0x66, 0x3c, 0xea, 0x19, 0x0f, 0xfb, 0x83, 0xd8, + 0x95, 0x93, 0xf3, 0xf4, 0x76, 0xb6, 0xbc, 0x24, + 0xd7, 0xe6, 0x79, 0x10, 0x7e, 0xa2, 0x6a, 0xdb, + 0x8c, 0xaf, 0x66, 0x52, 0xd0, 0x65, 0x61, 0x36 + } + }, + { + 32, + { + 0x12, 0x97, 0x6a, 0x08, 0xc4, 0x42, 0x6d, 0x0c, + 0xe8, 0xa8, 0x24, 0x07, 0xc4, 0xf4, 0x82, 0x07, + 0x80, 0xf8, 0xc2, 0x0a, 0xa7, 0x12, 0x02, 0xd1, + 0xe2, 0x91, 0x79, 0xcb, 0xcb, 0x55, 0x5a, 0x57 + } + }, + { + 16, + { + 0xff, 0xbc, 0xb9, 0xb3, 0x71, 0x42, 0x31, 0x52, + 0xd7, 0xfc, 0xa5, 0xad, 0x04, 0x2f, 0xba, 0xa9 + } + }, + }, + { + { + 144, + { + 0xab, 0x08, 0x12, 0x72, 0x4a, 0x7f, 0x1e, 0x34, + 0x27, 0x42, 0xcb, 0xed, 0x37, 0x4d, 0x94, 0xd1, + 0x36, 0xc6, 0xb8, 0x79, 0x5d, 0x45, 0xb3, 0x81, + 0x98, 0x30, 0xf2, 0xc0, 0x44, 0x91, 0xfa, 0xf0, + + 0x99, 0x0c, 0x62, 0xe4, 0x8b, 0x80, 0x18, 0xb2, + 0xc3, 0xe4, 0xa0, 0xfa, 0x31, 0x34, 0xcb, 0x67, + 0xfa, 0x83, 0xe1, 0x58, 0xc9, 0x94, 0xd9, 0x61, + 0xc4, 0xcb, 0x21, 0x09, 0x5c, 0x1b, 0xf9, 0xaf, + + 0x48, 0x44, 0x3d, 0x0b, 0xb0, 0xd2, 0x11, 0x09, + 0xc8, 0x9a, 0x10, 0x0b, 0x5c, 0xe2, 0xc2, 0x08, + 0x83, 0x14, 0x9c, 0x69, 0xb5, 0x61, 0xdd, 0x88, + 0x29, 0x8a, 0x17, 0x98, 0xb1, 0x07, 0x16, 0xef, + + 0x66, 0x3c, 0xea, 0x19, 0x0f, 0xfb, 0x83, 0xd8, + 0x95, 0x93, 0xf3, 0xf4, 0x76, 0xb6, 0xbc, 0x24, + 0xd7, 0xe6, 0x79, 0x10, 0x7e, 0xa2, 0x6a, 0xdb, + 0x8c, 0xaf, 0x66, 0x52, 0xd0, 0x65, 0x61, 0x36, + + 0x81, 0x20, 0x59, 0xa5, 0xda, 0x19, 0x86, 0x37, + 0xca, 0xc7, 0xc4, 0xa6, 0x31, 0xbe, 0xe4, 0x66 + } + }, + { + 32, + { + 0x12, 0x97, 0x6a, 0x08, 0xc4, 0x42, 0x6d, 0x0c, + 0xe8, 0xa8, 0x24, 0x07, 0xc4, 0xf4, 0x82, 0x07, + 0x80, 0xf8, 0xc2, 0x0a, 0xa7, 0x12, 0x02, 0xd1, + 0xe2, 0x91, 0x79, 0xcb, 0xcb, 0x55, 0x5a, 0x57 + } + }, + { + 16, + { + 0x06, 0x9e, 0xd6, 0xb8, 0xef, 0x0f, 0x20, 0x7b, + 0x3e, 0x24, 0x3b, 0xb1, 0x01, 0x9f, 0xe6, 0x32 + } + }, + }, + { + { + 160, + { + 0xab, 0x08, 0x12, 0x72, 0x4a, 0x7f, 0x1e, 0x34, + 0x27, 0x42, 0xcb, 0xed, 0x37, 0x4d, 0x94, 0xd1, + 0x36, 0xc6, 0xb8, 0x79, 0x5d, 0x45, 0xb3, 0x81, + 0x98, 0x30, 0xf2, 0xc0, 0x44, 0x91, 0xfa, 0xf0, + + 0x99, 0x0c, 0x62, 0xe4, 0x8b, 0x80, 0x18, 0xb2, + 0xc3, 0xe4, 0xa0, 0xfa, 0x31, 0x34, 0xcb, 0x67, + 0xfa, 0x83, 0xe1, 0x58, 0xc9, 0x94, 0xd9, 0x61, + 0xc4, 0xcb, 0x21, 0x09, 0x5c, 0x1b, 0xf9, 0xaf, + + 0x48, 0x44, 0x3d, 0x0b, 0xb0, 0xd2, 0x11, 0x09, + 0xc8, 0x9a, 0x10, 0x0b, 0x5c, 0xe2, 0xc2, 0x08, + 0x83, 0x14, 0x9c, 0x69, 0xb5, 0x61, 0xdd, 0x88, + 0x29, 0x8a, 0x17, 0x98, 0xb1, 0x07, 0x16, 0xef, + + 0x66, 0x3c, 0xea, 0x19, 0x0f, 0xfb, 0x83, 0xd8, + 0x95, 0x93, 0xf3, 0xf4, 0x76, 0xb6, 0xbc, 0x24, + 0xd7, 0xe6, 0x79, 0x10, 0x7e, 0xa2, 0x6a, 0xdb, + 0x8c, 0xaf, 0x66, 0x52, 0xd0, 0x65, 0x61, 0x36, + + 0x81, 0x20, 0x59, 0xa5, 0xda, 0x19, 0x86, 0x37, + 0xca, 0xc7, 0xc4, 0xa6, 0x31, 0xbe, 0xe4, 0x66, + 0x5b, 0x88, 0xd7, 0xf6, 0x22, 0x8b, 0x11, 0xe2, + 0xe2, 0x85, 0x79, 0xa5, 0xc0, 0xc1, 0xf7, 0x61 + } + }, + { + 32, + { + 0x12, 0x97, 0x6a, 0x08, 0xc4, 0x42, 0x6d, 0x0c, + 0xe8, 0xa8, 0x24, 0x07, 0xc4, 0xf4, 0x82, 0x07, + 0x80, 0xf8, 0xc2, 0x0a, 0xa7, 0x12, 0x02, 0xd1, + 0xe2, 0x91, 0x79, 0xcb, 0xcb, 0x55, 0x5a, 0x57 + } + }, + { + 16, + { + 0xcc, 0xa3, 0x39, 0xd9, 0xa4, 0x5f, 0xa2, 0x36, + 0x8c, 0x2c, 0x68, 0xb3, 0xa4, 0x17, 0x91, 0x33 + } + }, + }, + { + { + 288, + { + 0xab, 0x08, 0x12, 0x72, 0x4a, 0x7f, 0x1e, 0x34, + 0x27, 0x42, 0xcb, 0xed, 0x37, 0x4d, 0x94, 0xd1, + 0x36, 0xc6, 0xb8, 0x79, 0x5d, 0x45, 0xb3, 0x81, + 0x98, 0x30, 0xf2, 0xc0, 0x44, 0x91, 0xfa, 0xf0, + + 0x99, 0x0c, 0x62, 0xe4, 0x8b, 0x80, 0x18, 0xb2, + 0xc3, 0xe4, 0xa0, 0xfa, 0x31, 0x34, 0xcb, 0x67, + 0xfa, 0x83, 0xe1, 0x58, 0xc9, 0x94, 0xd9, 0x61, + 0xc4, 0xcb, 0x21, 0x09, 0x5c, 0x1b, 0xf9, 0xaf, + + 0x48, 0x44, 0x3d, 0x0b, 0xb0, 0xd2, 0x11, 0x09, + 0xc8, 0x9a, 0x10, 0x0b, 0x5c, 0xe2, 0xc2, 0x08, + 0x83, 0x14, 0x9c, 0x69, 0xb5, 0x61, 0xdd, 0x88, + 0x29, 0x8a, 0x17, 0x98, 0xb1, 0x07, 0x16, 0xef, + + 0x66, 0x3c, 0xea, 0x19, 0x0f, 0xfb, 0x83, 0xd8, + 0x95, 0x93, 0xf3, 0xf4, 0x76, 0xb6, 0xbc, 0x24, + 0xd7, 0xe6, 0x79, 0x10, 0x7e, 0xa2, 0x6a, 0xdb, + 0x8c, 0xaf, 0x66, 0x52, 0xd0, 0x65, 0x61, 0x36, + + 0x81, 0x20, 0x59, 0xa5, 0xda, 0x19, 0x86, 0x37, + 0xca, 0xc7, 0xc4, 0xa6, 0x31, 0xbe, 0xe4, 0x66, + 0x5b, 0x88, 0xd7, 0xf6, 0x22, 0x8b, 0x11, 0xe2, + 0xe2, 0x85, 0x79, 0xa5, 0xc0, 0xc1, 0xf7, 0x61, + + 0xab, 0x08, 0x12, 0x72, 0x4a, 0x7f, 0x1e, 0x34, + 0x27, 0x42, 0xcb, 0xed, 0x37, 0x4d, 0x94, 0xd1, + 0x36, 0xc6, 0xb8, 0x79, 0x5d, 0x45, 0xb3, 0x81, + 0x98, 0x30, 0xf2, 0xc0, 0x44, 0x91, 0xfa, 0xf0, + + 0x99, 0x0c, 0x62, 0xe4, 0x8b, 0x80, 0x18, 0xb2, + 0xc3, 0xe4, 0xa0, 0xfa, 0x31, 0x34, 0xcb, 0x67, + 0xfa, 0x83, 0xe1, 0x58, 0xc9, 0x94, 0xd9, 0x61, + 0xc4, 0xcb, 0x21, 0x09, 0x5c, 0x1b, 0xf9, 0xaf, + + 0x48, 0x44, 0x3d, 0x0b, 0xb0, 0xd2, 0x11, 0x09, + 0xc8, 0x9a, 0x10, 0x0b, 0x5c, 0xe2, 0xc2, 0x08, + 0x83, 0x14, 0x9c, 0x69, 0xb5, 0x61, 0xdd, 0x88, + 0x29, 0x8a, 0x17, 0x98, 0xb1, 0x07, 0x16, 0xef, + + 0x66, 0x3c, 0xea, 0x19, 0x0f, 0xfb, 0x83, 0xd8, + 0x95, 0x93, 0xf3, 0xf4, 0x76, 0xb6, 0xbc, 0x24, + 0xd7, 0xe6, 0x79, 0x10, 0x7e, 0xa2, 0x6a, 0xdb, + 0x8c, 0xaf, 0x66, 0x52, 0xd0, 0x65, 0x61, 0x36 + } + }, + { + 32, + { + 0x12, 0x97, 0x6a, 0x08, 0xc4, 0x42, 0x6d, 0x0c, + 0xe8, 0xa8, 0x24, 0x07, 0xc4, 0xf4, 0x82, 0x07, + 0x80, 0xf8, 0xc2, 0x0a, 0xa7, 0x12, 0x02, 0xd1, + 0xe2, 0x91, 0x79, 0xcb, 0xcb, 0x55, 0x5a, 0x57 + } + }, + { + 16, + { + 0x53, 0xf6, 0xe8, 0x28, 0xa2, 0xf0, 0xfe, 0x0e, + 0xe8, 0x15, 0xbf, 0x0b, 0xd5, 0x84, 0x1a, 0x34 + } + }, + }, + { + { + 320, + { + 0xab, 0x08, 0x12, 0x72, 0x4a, 0x7f, 0x1e, 0x34, + 0x27, 0x42, 0xcb, 0xed, 0x37, 0x4d, 0x94, 0xd1, + 0x36, 0xc6, 0xb8, 0x79, 0x5d, 0x45, 0xb3, 0x81, + 0x98, 0x30, 0xf2, 0xc0, 0x44, 0x91, 0xfa, 0xf0, + + 0x99, 0x0c, 0x62, 0xe4, 0x8b, 0x80, 0x18, 0xb2, + 0xc3, 0xe4, 0xa0, 0xfa, 0x31, 0x34, 0xcb, 0x67, + 0xfa, 0x83, 0xe1, 0x58, 0xc9, 0x94, 0xd9, 0x61, + 0xc4, 0xcb, 0x21, 0x09, 0x5c, 0x1b, 0xf9, 0xaf, + + 0x48, 0x44, 0x3d, 0x0b, 0xb0, 0xd2, 0x11, 0x09, + 0xc8, 0x9a, 0x10, 0x0b, 0x5c, 0xe2, 0xc2, 0x08, + 0x83, 0x14, 0x9c, 0x69, 0xb5, 0x61, 0xdd, 0x88, + 0x29, 0x8a, 0x17, 0x98, 0xb1, 0x07, 0x16, 0xef, + + 0x66, 0x3c, 0xea, 0x19, 0x0f, 0xfb, 0x83, 0xd8, + 0x95, 0x93, 0xf3, 0xf4, 0x76, 0xb6, 0xbc, 0x24, + 0xd7, 0xe6, 0x79, 0x10, 0x7e, 0xa2, 0x6a, 0xdb, + 0x8c, 0xaf, 0x66, 0x52, 0xd0, 0x65, 0x61, 0x36, + + 0x81, 0x20, 0x59, 0xa5, 0xda, 0x19, 0x86, 0x37, + 0xca, 0xc7, 0xc4, 0xa6, 0x31, 0xbe, 0xe4, 0x66, + 0x5b, 0x88, 0xd7, 0xf6, 0x22, 0x8b, 0x11, 0xe2, + 0xe2, 0x85, 0x79, 0xa5, 0xc0, 0xc1, 0xf7, 0x61, + + 0xab, 0x08, 0x12, 0x72, 0x4a, 0x7f, 0x1e, 0x34, + 0x27, 0x42, 0xcb, 0xed, 0x37, 0x4d, 0x94, 0xd1, + 0x36, 0xc6, 0xb8, 0x79, 0x5d, 0x45, 0xb3, 0x81, + 0x98, 0x30, 0xf2, 0xc0, 0x44, 0x91, 0xfa, 0xf0, + + 0x99, 0x0c, 0x62, 0xe4, 0x8b, 0x80, 0x18, 0xb2, + 0xc3, 0xe4, 0xa0, 0xfa, 0x31, 0x34, 0xcb, 0x67, + 0xfa, 0x83, 0xe1, 0x58, 0xc9, 0x94, 0xd9, 0x61, + 0xc4, 0xcb, 0x21, 0x09, 0x5c, 0x1b, 0xf9, 0xaf, + + 0x48, 0x44, 0x3d, 0x0b, 0xb0, 0xd2, 0x11, 0x09, + 0xc8, 0x9a, 0x10, 0x0b, 0x5c, 0xe2, 0xc2, 0x08, + 0x83, 0x14, 0x9c, 0x69, 0xb5, 0x61, 0xdd, 0x88, + 0x29, 0x8a, 0x17, 0x98, 0xb1, 0x07, 0x16, 0xef, + + 0x66, 0x3c, 0xea, 0x19, 0x0f, 0xfb, 0x83, 0xd8, + 0x95, 0x93, 0xf3, 0xf4, 0x76, 0xb6, 0xbc, 0x24, + 0xd7, 0xe6, 0x79, 0x10, 0x7e, 0xa2, 0x6a, 0xdb, + 0x8c, 0xaf, 0x66, 0x52, 0xd0, 0x65, 0x61, 0x36, + + 0x81, 0x20, 0x59, 0xa5, 0xda, 0x19, 0x86, 0x37, + 0xca, 0xc7, 0xc4, 0xa6, 0x31, 0xbe, 0xe4, 0x66, + 0x5b, 0x88, 0xd7, 0xf6, 0x22, 0x8b, 0x11, 0xe2, + 0xe2, 0x85, 0x79, 0xa5, 0xc0, 0xc1, 0xf7, 0x61 + } + }, + { + 32, + { + 0x12, 0x97, 0x6a, 0x08, 0xc4, 0x42, 0x6d, 0x0c, + 0xe8, 0xa8, 0x24, 0x07, 0xc4, 0xf4, 0x82, 0x07, + 0x80, 0xf8, 0xc2, 0x0a, 0xa7, 0x12, 0x02, 0xd1, + 0xe2, 0x91, 0x79, 0xcb, 0xcb, 0x55, 0x5a, 0x57 + } + }, + { + 16, + { + 0xb8, 0x46, 0xd4, 0x4e, 0x9b, 0xbd, 0x53, 0xce, + 0xdf, 0xfb, 0xfb, 0xb6, 0xb7, 0xfa, 0x49, 0x33 + } + }, + }, + /* + * 4th power of the key spills to 131th bit in SIMD key setup + */ + { + { + 256, + { + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff + } + }, + { + 32, + { + 0xad, 0x62, 0x81, 0x07, 0xe8, 0x35, 0x1d, 0x0f, + 0x2c, 0x23, 0x1a, 0x05, 0xdc, 0x4a, 0x41, 0x06, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 + } + }, + { + 16, + { + 0x07, 0x14, 0x5a, 0x4c, 0x02, 0xfe, 0x5f, 0xa3, + 0x20, 0x36, 0xde, 0x68, 0xfa, 0xbe, 0x90, 0x66 + } + }, + }, + /* + * poly1305_ieee754.c failed this in final stage + */ + { + { + 252, + { + 0x84, 0x23, 0x64, 0xe1, 0x56, 0x33, 0x6c, 0x09, + 0x98, 0xb9, 0x33, 0xa6, 0x23, 0x77, 0x26, 0x18, + 0x0d, 0x9e, 0x3f, 0xdc, 0xbd, 0xe4, 0xcd, 0x5d, + 0x17, 0x08, 0x0f, 0xc3, 0xbe, 0xb4, 0x96, 0x14, + + 0xd7, 0x12, 0x2c, 0x03, 0x74, 0x63, 0xff, 0x10, + 0x4d, 0x73, 0xf1, 0x9c, 0x12, 0x70, 0x46, 0x28, + 0xd4, 0x17, 0xc4, 0xc5, 0x4a, 0x3f, 0xe3, 0x0d, + 0x3c, 0x3d, 0x77, 0x14, 0x38, 0x2d, 0x43, 0xb0, + + 0x38, 0x2a, 0x50, 0xa5, 0xde, 0xe5, 0x4b, 0xe8, + 0x44, 0xb0, 0x76, 0xe8, 0xdf, 0x88, 0x20, 0x1a, + 0x1c, 0xd4, 0x3b, 0x90, 0xeb, 0x21, 0x64, 0x3f, + 0xa9, 0x6f, 0x39, 0xb5, 0x18, 0xaa, 0x83, 0x40, + + 0xc9, 0x42, 0xff, 0x3c, 0x31, 0xba, 0xf7, 0xc9, + 0xbd, 0xbf, 0x0f, 0x31, 0xae, 0x3f, 0xa0, 0x96, + 0xbf, 0x8c, 0x63, 0x03, 0x06, 0x09, 0x82, 0x9f, + 0xe7, 0x2e, 0x17, 0x98, 0x24, 0x89, 0x0b, 0xc8, + + 0xe0, 0x8c, 0x31, 0x5c, 0x1c, 0xce, 0x2a, 0x83, + 0x14, 0x4d, 0xbb, 0xff, 0x09, 0xf7, 0x4e, 0x3e, + 0xfc, 0x77, 0x0b, 0x54, 0xd0, 0x98, 0x4a, 0x8f, + 0x19, 0xb1, 0x47, 0x19, 0xe6, 0x36, 0x35, 0x64, + + 0x1d, 0x6b, 0x1e, 0xed, 0xf6, 0x3e, 0xfb, 0xf0, + 0x80, 0xe1, 0x78, 0x3d, 0x32, 0x44, 0x54, 0x12, + 0x11, 0x4c, 0x20, 0xde, 0x0b, 0x83, 0x7a, 0x0d, + 0xfa, 0x33, 0xd6, 0xb8, 0x28, 0x25, 0xff, 0xf4, + + 0x4c, 0x9a, 0x70, 0xea, 0x54, 0xce, 0x47, 0xf0, + 0x7d, 0xf6, 0x98, 0xe6, 0xb0, 0x33, 0x23, 0xb5, + 0x30, 0x79, 0x36, 0x4a, 0x5f, 0xc3, 0xe9, 0xdd, + 0x03, 0x43, 0x92, 0xbd, 0xde, 0x86, 0xdc, 0xcd, + + 0xda, 0x94, 0x32, 0x1c, 0x5e, 0x44, 0x06, 0x04, + 0x89, 0x33, 0x6c, 0xb6, 0x5b, 0xf3, 0x98, 0x9c, + 0x36, 0xf7, 0x28, 0x2c, 0x2f, 0x5d, 0x2b, 0x88, + 0x2c, 0x17, 0x1e, 0x74 + } + }, + { + 32, + { + 0x95, 0xd5, 0xc0, 0x05, 0x50, 0x3e, 0x51, 0x0d, + 0x8c, 0xd0, 0xaa, 0x07, 0x2c, 0x4a, 0x4d, 0x06, + 0x6e, 0xab, 0xc5, 0x2d, 0x11, 0x65, 0x3d, 0xf4, + 0x7f, 0xbf, 0x63, 0xab, 0x19, 0x8b, 0xcc, 0x26 + } + }, + { + 16, + { + 0xf2, 0x48, 0x31, 0x2e, 0x57, 0x8d, 0x9d, 0x58, + 0xf8, 0xb7, 0xbb, 0x4d, 0x19, 0x10, 0x54, 0x31 + } + }, + }, + /* + * AVX2 in poly1305-x86.pl failed this with 176+32 split + */ + { + { + 208, + { + 0x24, 0x8a, 0xc3, 0x10, 0x85, 0xb6, 0xc2, 0xad, + 0xaa, 0xa3, 0x82, 0x59, 0xa0, 0xd7, 0x19, 0x2c, + 0x5c, 0x35, 0xd1, 0xbb, 0x4e, 0xf3, 0x9a, 0xd9, + 0x4c, 0x38, 0xd1, 0xc8, 0x24, 0x79, 0xe2, 0xdd, + + 0x21, 0x59, 0xa0, 0x77, 0x02, 0x4b, 0x05, 0x89, + 0xbc, 0x8a, 0x20, 0x10, 0x1b, 0x50, 0x6f, 0x0a, + 0x1a, 0xd0, 0xbb, 0xab, 0x76, 0xe8, 0x3a, 0x83, + 0xf1, 0xb9, 0x4b, 0xe6, 0xbe, 0xae, 0x74, 0xe8, + + 0x74, 0xca, 0xb6, 0x92, 0xc5, 0x96, 0x3a, 0x75, + 0x43, 0x6b, 0x77, 0x61, 0x21, 0xec, 0x9f, 0x62, + 0x39, 0x9a, 0x3e, 0x66, 0xb2, 0xd2, 0x27, 0x07, + 0xda, 0xe8, 0x19, 0x33, 0xb6, 0x27, 0x7f, 0x3c, + + 0x85, 0x16, 0xbc, 0xbe, 0x26, 0xdb, 0xbd, 0x86, + 0xf3, 0x73, 0x10, 0x3d, 0x7c, 0xf4, 0xca, 0xd1, + 0x88, 0x8c, 0x95, 0x21, 0x18, 0xfb, 0xfb, 0xd0, + 0xd7, 0xb4, 0xbe, 0xdc, 0x4a, 0xe4, 0x93, 0x6a, + + 0xff, 0x91, 0x15, 0x7e, 0x7a, 0xa4, 0x7c, 0x54, + 0x44, 0x2e, 0xa7, 0x8d, 0x6a, 0xc2, 0x51, 0xd3, + 0x24, 0xa0, 0xfb, 0xe4, 0x9d, 0x89, 0xcc, 0x35, + 0x21, 0xb6, 0x6d, 0x16, 0xe9, 0xc6, 0x6a, 0x37, + + 0x09, 0x89, 0x4e, 0x4e, 0xb0, 0xa4, 0xee, 0xdc, + 0x4a, 0xe1, 0x94, 0x68, 0xe6, 0x6b, 0x81, 0xf2, + + 0x71, 0x35, 0x1b, 0x1d, 0x92, 0x1e, 0xa5, 0x51, + 0x04, 0x7a, 0xbc, 0xc6, 0xb8, 0x7a, 0x90, 0x1f, + 0xde, 0x7d, 0xb7, 0x9f, 0xa1, 0x81, 0x8c, 0x11, + 0x33, 0x6d, 0xbc, 0x07, 0x24, 0x4a, 0x40, 0xeb + } + }, + { + 32, + { + 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, + 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 + } + }, + { + 16, + { + 0xbc, 0x93, 0x9b, 0xc5, 0x28, 0x14, 0x80, 0xfa, + 0x99, 0xc6, 0xd6, 0x8c, 0x25, 0x8e, 0xc4, 0x2f + } + }, + }, + /* + * test vectors from Google + */ + { + { + 0, + { + 0x00, + } + }, + { + 32, + { + 0xc8, 0xaf, 0xaa, 0xc3, 0x31, 0xee, 0x37, 0x2c, + 0xd6, 0x08, 0x2d, 0xe1, 0x34, 0x94, 0x3b, 0x17, + 0x47, 0x10, 0x13, 0x0e, 0x9f, 0x6f, 0xea, 0x8d, + 0x72, 0x29, 0x38, 0x50, 0xa6, 0x67, 0xd8, 0x6c + } + }, + { + 16, + { + 0x47, 0x10, 0x13, 0x0e, 0x9f, 0x6f, 0xea, 0x8d, + 0x72, 0x29, 0x38, 0x50, 0xa6, 0x67, 0xd8, 0x6c + } + }, + }, + { + { + 12, + { + 0x48, 0x65, 0x6c, 0x6c, 0x6f, 0x20, 0x77, 0x6f, + 0x72, 0x6c, 0x64, 0x21 + } + }, + { + 32, + { + 0x74, 0x68, 0x69, 0x73, 0x20, 0x69, 0x73, 0x20, + 0x33, 0x32, 0x2d, 0x62, 0x79, 0x74, 0x65, 0x20, + 0x6b, 0x65, 0x79, 0x20, 0x66, 0x6f, 0x72, 0x20, + 0x50, 0x6f, 0x6c, 0x79, 0x31, 0x33, 0x30, 0x35 + } + }, + { + 16, + { + 0xa6, 0xf7, 0x45, 0x00, 0x8f, 0x81, 0xc9, 0x16, + 0xa2, 0x0d, 0xcc, 0x74, 0xee, 0xf2, 0xb2, 0xf0 + } + }, + }, + { + { + 32, + { + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 + } + }, + { + 32, + { + 0x74, 0x68, 0x69, 0x73, 0x20, 0x69, 0x73, 0x20, + 0x33, 0x32, 0x2d, 0x62, 0x79, 0x74, 0x65, 0x20, + 0x6b, 0x65, 0x79, 0x20, 0x66, 0x6f, 0x72, 0x20, + 0x50, 0x6f, 0x6c, 0x79, 0x31, 0x33, 0x30, 0x35 + } + }, + { + 16, + { + 0x49, 0xec, 0x78, 0x09, 0x0e, 0x48, 0x1e, 0xc6, + 0xc2, 0x6b, 0x33, 0xb9, 0x1c, 0xcc, 0x03, 0x07 + } + }, + }, + { + { + 128, + { + 0x89, 0xda, 0xb8, 0x0b, 0x77, 0x17, 0xc1, 0xdb, + 0x5d, 0xb4, 0x37, 0x86, 0x0a, 0x3f, 0x70, 0x21, + 0x8e, 0x93, 0xe1, 0xb8, 0xf4, 0x61, 0xfb, 0x67, + 0x7f, 0x16, 0xf3, 0x5f, 0x6f, 0x87, 0xe2, 0xa9, + + 0x1c, 0x99, 0xbc, 0x3a, 0x47, 0xac, 0xe4, 0x76, + 0x40, 0xcc, 0x95, 0xc3, 0x45, 0xbe, 0x5e, 0xcc, + 0xa5, 0xa3, 0x52, 0x3c, 0x35, 0xcc, 0x01, 0x89, + 0x3a, 0xf0, 0xb6, 0x4a, 0x62, 0x03, 0x34, 0x27, + + 0x03, 0x72, 0xec, 0x12, 0x48, 0x2d, 0x1b, 0x1e, + 0x36, 0x35, 0x61, 0x69, 0x8a, 0x57, 0x8b, 0x35, + 0x98, 0x03, 0x49, 0x5b, 0xb4, 0xe2, 0xef, 0x19, + 0x30, 0xb1, 0x7a, 0x51, 0x90, 0xb5, 0x80, 0xf1, + + 0x41, 0x30, 0x0d, 0xf3, 0x0a, 0xdb, 0xec, 0xa2, + 0x8f, 0x64, 0x27, 0xa8, 0xbc, 0x1a, 0x99, 0x9f, + 0xd5, 0x1c, 0x55, 0x4a, 0x01, 0x7d, 0x09, 0x5d, + 0x8c, 0x3e, 0x31, 0x27, 0xda, 0xf9, 0xf5, 0x95 + } + }, + { + 32, + { + 0x2d, 0x77, 0x3b, 0xe3, 0x7a, 0xdb, 0x1e, 0x4d, + 0x68, 0x3b, 0xf0, 0x07, 0x5e, 0x79, 0xc4, 0xee, + 0x03, 0x79, 0x18, 0x53, 0x5a, 0x7f, 0x99, 0xcc, + 0xb7, 0x04, 0x0f, 0xb5, 0xf5, 0xf4, 0x3a, 0xea + } + }, + { + 16, + { + 0xc8, 0x5d, 0x15, 0xed, 0x44, 0xc3, 0x78, 0xd6, + 0xb0, 0x0e, 0x23, 0x06, 0x4c, 0x7b, 0xcd, 0x51 + } + }, + }, + { + { + 528, + { + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x0b, + 0x17, 0x03, 0x03, 0x02, 0x00, 0x00, 0x00, 0x00, + + 0x06, 0xdb, 0x1f, 0x1f, 0x36, 0x8d, 0x69, 0x6a, + 0x81, 0x0a, 0x34, 0x9c, 0x0c, 0x71, 0x4c, 0x9a, + 0x5e, 0x78, 0x50, 0xc2, 0x40, 0x7d, 0x72, 0x1a, + 0xcd, 0xed, 0x95, 0xe0, 0x18, 0xd7, 0xa8, 0x52, + + 0x66, 0xa6, 0xe1, 0x28, 0x9c, 0xdb, 0x4a, 0xeb, + 0x18, 0xda, 0x5a, 0xc8, 0xa2, 0xb0, 0x02, 0x6d, + 0x24, 0xa5, 0x9a, 0xd4, 0x85, 0x22, 0x7f, 0x3e, + 0xae, 0xdb, 0xb2, 0xe7, 0xe3, 0x5e, 0x1c, 0x66, + + 0xcd, 0x60, 0xf9, 0xab, 0xf7, 0x16, 0xdc, 0xc9, + 0xac, 0x42, 0x68, 0x2d, 0xd7, 0xda, 0xb2, 0x87, + 0xa7, 0x02, 0x4c, 0x4e, 0xef, 0xc3, 0x21, 0xcc, + 0x05, 0x74, 0xe1, 0x67, 0x93, 0xe3, 0x7c, 0xec, + + 0x03, 0xc5, 0xbd, 0xa4, 0x2b, 0x54, 0xc1, 0x14, + 0xa8, 0x0b, 0x57, 0xaf, 0x26, 0x41, 0x6c, 0x7b, + 0xe7, 0x42, 0x00, 0x5e, 0x20, 0x85, 0x5c, 0x73, + 0xe2, 0x1d, 0xc8, 0xe2, 0xed, 0xc9, 0xd4, 0x35, + + 0xcb, 0x6f, 0x60, 0x59, 0x28, 0x00, 0x11, 0xc2, + 0x70, 0xb7, 0x15, 0x70, 0x05, 0x1c, 0x1c, 0x9b, + 0x30, 0x52, 0x12, 0x66, 0x20, 0xbc, 0x1e, 0x27, + 0x30, 0xfa, 0x06, 0x6c, 0x7a, 0x50, 0x9d, 0x53, + + 0xc6, 0x0e, 0x5a, 0xe1, 0xb4, 0x0a, 0xa6, 0xe3, + 0x9e, 0x49, 0x66, 0x92, 0x28, 0xc9, 0x0e, 0xec, + 0xb4, 0xa5, 0x0d, 0xb3, 0x2a, 0x50, 0xbc, 0x49, + 0xe9, 0x0b, 0x4f, 0x4b, 0x35, 0x9a, 0x1d, 0xfd, + + 0x11, 0x74, 0x9c, 0xd3, 0x86, 0x7f, 0xcf, 0x2f, + 0xb7, 0xbb, 0x6c, 0xd4, 0x73, 0x8f, 0x6a, 0x4a, + 0xd6, 0xf7, 0xca, 0x50, 0x58, 0xf7, 0x61, 0x88, + 0x45, 0xaf, 0x9f, 0x02, 0x0f, 0x6c, 0x3b, 0x96, + + 0x7b, 0x8f, 0x4c, 0xd4, 0xa9, 0x1e, 0x28, 0x13, + 0xb5, 0x07, 0xae, 0x66, 0xf2, 0xd3, 0x5c, 0x18, + 0x28, 0x4f, 0x72, 0x92, 0x18, 0x60, 0x62, 0xe1, + 0x0f, 0xd5, 0x51, 0x0d, 0x18, 0x77, 0x53, 0x51, + + 0xef, 0x33, 0x4e, 0x76, 0x34, 0xab, 0x47, 0x43, + 0xf5, 0xb6, 0x8f, 0x49, 0xad, 0xca, 0xb3, 0x84, + 0xd3, 0xfd, 0x75, 0xf7, 0x39, 0x0f, 0x40, 0x06, + 0xef, 0x2a, 0x29, 0x5c, 0x8c, 0x7a, 0x07, 0x6a, + + 0xd5, 0x45, 0x46, 0xcd, 0x25, 0xd2, 0x10, 0x7f, + 0xbe, 0x14, 0x36, 0xc8, 0x40, 0x92, 0x4a, 0xae, + 0xbe, 0x5b, 0x37, 0x08, 0x93, 0xcd, 0x63, 0xd1, + 0x32, 0x5b, 0x86, 0x16, 0xfc, 0x48, 0x10, 0x88, + + 0x6b, 0xc1, 0x52, 0xc5, 0x32, 0x21, 0xb6, 0xdf, + 0x37, 0x31, 0x19, 0x39, 0x32, 0x55, 0xee, 0x72, + 0xbc, 0xaa, 0x88, 0x01, 0x74, 0xf1, 0x71, 0x7f, + 0x91, 0x84, 0xfa, 0x91, 0x64, 0x6f, 0x17, 0xa2, + + 0x4a, 0xc5, 0x5d, 0x16, 0xbf, 0xdd, 0xca, 0x95, + 0x81, 0xa9, 0x2e, 0xda, 0x47, 0x92, 0x01, 0xf0, + 0xed, 0xbf, 0x63, 0x36, 0x00, 0xd6, 0x06, 0x6d, + 0x1a, 0xb3, 0x6d, 0x5d, 0x24, 0x15, 0xd7, 0x13, + + 0x51, 0xbb, 0xcd, 0x60, 0x8a, 0x25, 0x10, 0x8d, + 0x25, 0x64, 0x19, 0x92, 0xc1, 0xf2, 0x6c, 0x53, + 0x1c, 0xf9, 0xf9, 0x02, 0x03, 0xbc, 0x4c, 0xc1, + 0x9f, 0x59, 0x27, 0xd8, 0x34, 0xb0, 0xa4, 0x71, + + 0x16, 0xd3, 0x88, 0x4b, 0xbb, 0x16, 0x4b, 0x8e, + 0xc8, 0x83, 0xd1, 0xac, 0x83, 0x2e, 0x56, 0xb3, + 0x91, 0x8a, 0x98, 0x60, 0x1a, 0x08, 0xd1, 0x71, + 0x88, 0x15, 0x41, 0xd5, 0x94, 0xdb, 0x39, 0x9c, + + 0x6a, 0xe6, 0x15, 0x12, 0x21, 0x74, 0x5a, 0xec, + 0x81, 0x4c, 0x45, 0xb0, 0xb0, 0x5b, 0x56, 0x54, + 0x36, 0xfd, 0x6f, 0x13, 0x7a, 0xa1, 0x0a, 0x0c, + 0x0b, 0x64, 0x37, 0x61, 0xdb, 0xd6, 0xf9, 0xa9, + + 0xdc, 0xb9, 0x9b, 0x1a, 0x6e, 0x69, 0x08, 0x54, + 0xce, 0x07, 0x69, 0xcd, 0xe3, 0x97, 0x61, 0xd8, + 0x2f, 0xcd, 0xec, 0x15, 0xf0, 0xd9, 0x2d, 0x7d, + 0x8e, 0x94, 0xad, 0xe8, 0xeb, 0x83, 0xfb, 0xe0 + } + }, + { + 32, + { + 0x99, 0xe5, 0x82, 0x2d, 0xd4, 0x17, 0x3c, 0x99, + 0x5e, 0x3d, 0xae, 0x0d, 0xde, 0xfb, 0x97, 0x74, + 0x3f, 0xde, 0x3b, 0x08, 0x01, 0x34, 0xb3, 0x9f, + 0x76, 0xe9, 0xbf, 0x8d, 0x0e, 0x88, 0xd5, 0x46 + } + }, + { + 16, + { + 0x26, 0x37, 0x40, 0x8f, 0xe1, 0x30, 0x86, 0xea, + 0x73, 0xf9, 0x71, 0xe3, 0x42, 0x5e, 0x28, 0x20 + } + }, + }, + /* + * test vectors from Hanno B?ck + */ + { + { + 257, + { + 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, + 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, + 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, + 0xcc, 0x80, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, + + 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, + 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, + 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, + 0xcc, 0xcc, 0xcc, 0xcc, 0xce, 0xcc, 0xcc, 0xcc, + + 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, + 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xc5, + 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, + 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, + + 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xe3, 0xcc, 0xcc, + 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, + 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, + 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, + + 0xcc, 0xcc, 0xcc, 0xcc, 0xac, 0xcc, 0xcc, 0xcc, + 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xe6, + 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x00, 0x00, 0x00, + 0xaf, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, + + 0xcc, 0xcc, 0xff, 0xff, 0xff, 0xf5, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + + 0x00, 0xff, 0xff, 0xff, 0xe7, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x71, 0x92, 0x05, 0xa8, 0x52, 0x1d, + + 0xfc + } + }, + { + 32, + { + 0x7f, 0x1b, 0x02, 0x64, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc + } + }, + { + 16, + { + 0x85, 0x59, 0xb8, 0x76, 0xec, 0xee, 0xd6, 0x6e, + 0xb3, 0x77, 0x98, 0xc0, 0x45, 0x7b, 0xaf, 0xf9 + } + }, + }, + { + { + 39, + { + 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, + 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, + 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, + 0xaa, 0xaa, 0xaa, 0x00, 0x00, 0x00, 0x00, 0x00, + + 0x00, 0x00, 0x00, 0x00, 0x80, 0x02, 0x64 + } + }, + { + 32, + { + 0xe0, 0x00, 0x16, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, + 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa + } + }, + { + 16, + { + 0x00, 0xbd, 0x12, 0x58, 0x97, 0x8e, 0x20, 0x54, + 0x44, 0xc9, 0xaa, 0xaa, 0x82, 0x00, 0x6f, 0xed + } + }, + }, + { + { + 2, + { + 0x02, 0xfc + } + }, + { + 32, + { + 0x0c, 0x0c, 0x0c, 0x0c, 0x0c, 0x0c, 0x0c, 0x0c, + 0x0c, 0x0c, 0x0c, 0x0c, 0x0c, 0x0c, 0x0c, 0x0c, + 0x0c, 0x0c, 0x0c, 0x0c, 0x0c, 0x0c, 0x0c, 0x0c, + 0x0c, 0x0c, 0x0c, 0x0c, 0x0c, 0x0c, 0x0c, 0x0c + } + }, + { + 16, + { + 0x06, 0x12, 0x0c, 0x0c, 0x0c, 0x0c, 0x0c, 0x0c, + 0x0c, 0x0c, 0x0c, 0x0c, 0x0c, 0x0c, 0x0c, 0x0c + } + }, + }, + { + { + 415, + { + 0x7b, 0x7b, 0x7b, 0x7b, 0x7b, 0x7b, 0x7b, 0x7b, + 0x7b, 0x7b, 0x7b, 0x7b, 0x7b, 0x7b, 0x7b, 0x7b, + 0x7b, 0x7b, 0x7b, 0x7b, 0x7b, 0x7b, 0x7b, 0x7b, + 0x7b, 0x7b, 0x7b, 0x7b, 0x7b, 0x7b, 0x7b, 0x7b, + + 0x7b, 0x7b, 0x7b, 0x7b, 0x7b, 0x7b, 0x7a, 0x7b, + 0x7b, 0x7b, 0x7b, 0x7b, 0x7b, 0x7b, 0x7b, 0x7b, + 0x7b, 0x7b, 0x7b, 0x7b, 0x7b, 0x7b, 0x7b, 0x7b, + 0x7b, 0x7b, 0x7b, 0x7b, 0x7b, 0x7b, 0x7b, 0x7b, + + 0x7b, 0x7b, 0x5c, 0x7b, 0x7b, 0x7b, 0x7b, 0x7b, + 0x7b, 0x7b, 0x7b, 0x7b, 0x7b, 0x7b, 0x7b, 0x7b, + 0x7b, 0x7b, 0x7b, 0x7b, 0x7b, 0x7b, 0x7b, 0x7b, + 0x7b, 0x7b, 0x7b, 0x7b, 0x7b, 0x7b, 0x7b, 0x7b, + + 0x7b, 0x7b, 0x7b, 0x7b, 0x7b, 0x7b, 0x7b, 0x7b, + 0x7b, 0x7b, 0x7b, 0x7b, 0x7b, 0x7b, 0x7b, 0x7b, + 0x7b, 0x7b, 0x7b, 0x7b, 0x6e, 0x7b, 0x00, 0x7b, + 0x7b, 0x7b, 0x7b, 0x7b, 0x7b, 0x7b, 0x7b, 0x7b, + + 0x7b, 0x7b, 0x7b, 0x7b, 0x7b, 0x7b, 0x7b, 0x7b, + 0x7b, 0x7b, 0x7b, 0x7b, 0x7b, 0x7b, 0x7b, 0x7b, + 0x7b, 0x7b, 0x7b, 0x7a, 0x7b, 0x7b, 0x7b, 0x7b, + 0x7b, 0x7b, 0x7b, 0x7b, 0x7b, 0x7b, 0x7b, 0x7b, + + 0x7b, 0x7b, 0x7b, 0x7b, 0x7b, 0x7b, 0x7b, 0x7b, + 0x7b, 0x7b, 0x7b, 0x7b, 0x7b, 0x7b, 0x7b, 0x5c, + 0x7b, 0x7b, 0x7b, 0x7b, 0x7b, 0x7b, 0x7b, 0x7b, + 0x7b, 0x7b, 0x7b, 0x7b, 0x7b, 0x7b, 0x7b, 0x7b, + + 0x7b, 0x7b, 0x7b, 0x7b, 0x7b, 0x7b, 0x7b, 0x7b, + 0x7b, 0x7b, 0x7b, 0x7b, 0x7b, 0x7b, 0x7b, 0x7b, + 0x7b, 0x7b, 0x7b, 0x7b, 0x7b, 0x7b, 0x7b, 0x7b, + 0x7b, 0x7b, 0x7b, 0x7b, 0x7b, 0x7b, 0x7b, 0x7b, + + 0x7b, 0x6e, 0x7b, 0x00, 0x13, 0x00, 0x00, 0x00, + 0x00, 0xb3, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + + 0xf2, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x20, 0x00, 0xef, 0xff, 0x00, + 0x09, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + + 0x00, 0x00, 0x00, 0x00, 0x00, 0x10, 0x00, 0x00, + 0x00, 0x00, 0x09, 0x00, 0x00, 0x00, 0x64, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x13, 0x00, 0x00, 0x00, 0x00, + + 0xb3, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xf2, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x20, 0x00, 0xef, 0xff, 0x00, 0x09, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x7a, 0x00, 0x00, 0x10, 0x00, 0x00, 0x00, + + 0x00, 0x09, 0x00, 0x00, 0x00, 0x64, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xfc + } + }, + { + 32, + { + 0x00, 0xff, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x1e, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x7b, 0x7b + } + }, + { + 16, + { + 0x33, 0x20, 0x5b, 0xbf, 0x9e, 0x9f, 0x8f, 0x72, + 0x12, 0xab, 0x9e, 0x2a, 0xb9, 0xb7, 0xe4, 0xa5 + } + }, + }, + { + { + 118, + { + 0x77, 0x77, 0x77, 0x77, 0x77, 0x77, 0x77, 0x77, + 0x77, 0x77, 0x77, 0x77, 0x77, 0x77, 0x77, 0x77, + 0x77, 0x77, 0x77, 0x77, 0x77, 0x77, 0x77, 0x77, + 0x77, 0x77, 0x77, 0x77, 0x77, 0x77, 0x77, 0x77, + + 0x77, 0x77, 0x77, 0x77, 0x77, 0x77, 0x77, 0x77, + 0x77, 0x77, 0x77, 0x77, 0x77, 0x77, 0x77, 0x77, + 0x77, 0x77, 0x77, 0x77, 0x77, 0x77, 0x77, 0x77, + 0x77, 0x77, 0x77, 0x77, 0x77, 0x77, 0x77, 0x77, + + 0x77, 0x77, 0x77, 0x77, 0x77, 0x77, 0x77, 0x77, + 0x77, 0x77, 0x77, 0x77, 0xff, 0xff, 0xff, 0xe9, + 0xe9, 0xac, 0xac, 0xac, 0xac, 0xac, 0xac, 0xac, + 0xac, 0xac, 0xac, 0xac, 0x00, 0x00, 0xac, 0xac, + + 0xec, 0x01, 0x00, 0xac, 0xac, 0xac, 0x2c, 0xac, + 0xa2, 0xac, 0xac, 0xac, 0xac, 0xac, 0xac, 0xac, + 0xac, 0xac, 0xac, 0xac, 0x64, 0xf2 + } + }, + { + 32, + { + 0x00, 0x00, 0x00, 0x7f, 0x00, 0x00, 0x00, 0x7f, + 0x01, 0x00, 0x00, 0x20, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0xcf, 0x77, 0x77, 0x77, 0x77, 0x77, + 0x77, 0x77, 0x77, 0x77, 0x77, 0x77, 0x77, 0x77 + } + }, + { + 16, + { + 0x02, 0xee, 0x7c, 0x8c, 0x54, 0x6d, 0xde, 0xb1, + 0xa4, 0x67, 0xe4, 0xc3, 0x98, 0x11, 0x58, 0xb9 + } + }, + }, + /* + * test vectors from Andrew Moon + */ + { /* nacl */ + { + 131, + { + 0x8e, 0x99, 0x3b, 0x9f, 0x48, 0x68, 0x12, 0x73, + 0xc2, 0x96, 0x50, 0xba, 0x32, 0xfc, 0x76, 0xce, + 0x48, 0x33, 0x2e, 0xa7, 0x16, 0x4d, 0x96, 0xa4, + 0x47, 0x6f, 0xb8, 0xc5, 0x31, 0xa1, 0x18, 0x6a, + + 0xc0, 0xdf, 0xc1, 0x7c, 0x98, 0xdc, 0xe8, 0x7b, + 0x4d, 0xa7, 0xf0, 0x11, 0xec, 0x48, 0xc9, 0x72, + 0x71, 0xd2, 0xc2, 0x0f, 0x9b, 0x92, 0x8f, 0xe2, + 0x27, 0x0d, 0x6f, 0xb8, 0x63, 0xd5, 0x17, 0x38, + + 0xb4, 0x8e, 0xee, 0xe3, 0x14, 0xa7, 0xcc, 0x8a, + 0xb9, 0x32, 0x16, 0x45, 0x48, 0xe5, 0x26, 0xae, + 0x90, 0x22, 0x43, 0x68, 0x51, 0x7a, 0xcf, 0xea, + 0xbd, 0x6b, 0xb3, 0x73, 0x2b, 0xc0, 0xe9, 0xda, + + 0x99, 0x83, 0x2b, 0x61, 0xca, 0x01, 0xb6, 0xde, + 0x56, 0x24, 0x4a, 0x9e, 0x88, 0xd5, 0xf9, 0xb3, + 0x79, 0x73, 0xf6, 0x22, 0xa4, 0x3d, 0x14, 0xa6, + 0x59, 0x9b, 0x1f, 0x65, 0x4c, 0xb4, 0x5a, 0x74, + + 0xe3, 0x55, 0xa5 + } + }, + { + 32, + { + 0xee, 0xa6, 0xa7, 0x25, 0x1c, 0x1e, 0x72, 0x91, + 0x6d, 0x11, 0xc2, 0xcb, 0x21, 0x4d, 0x3c, 0x25, + 0x25, 0x39, 0x12, 0x1d, 0x8e, 0x23, 0x4e, 0x65, + 0x2d, 0x65, 0x1f, 0xa4, 0xc8, 0xcf, 0xf8, 0x80 + } + }, + { + 16, + { + 0xf3, 0xff, 0xc7, 0x70, 0x3f, 0x94, 0x00, 0xe5, + 0x2a, 0x7d, 0xfb, 0x4b, 0x3d, 0x33, 0x05, 0xd9 + } + }, + }, + { /* wrap 2^130-5 */ + { + 16, + { + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff + } + }, + { + 32, + { + 0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 + } + }, + { + 16, + { + 0x03, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 + } + }, + }, + { /* wrap 2^128 */ + { + 16, + { + 0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 + } + }, + { + 32, + { + 0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff + } + }, + { + 16, + { + 0x03, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 + } + }, + }, + { /* limb carry */ + { + 48, + { + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xf0, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + + 0x11, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 + } + }, + { + 32, + { + 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 + } + }, + { + 16, + { + 0x05, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 + } + }, + }, + { /* 2^130-5 */ + { + 48, + { + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xfb, 0xfe, 0xfe, 0xfe, 0xfe, 0xfe, 0xfe, 0xfe, + 0xfe, 0xfe, 0xfe, 0xfe, 0xfe, 0xfe, 0xfe, 0xfe, + + 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, + 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01 + } + }, + { + 32, + { + 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 + } + }, + { + 16, + { + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 + + } + }, + }, + { /* 2^130-6 */ + { + 16, + { + 0xfd, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff + } + }, + { + 32, + { + 0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 + } + }, + { + 16, + { + 0xfa, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff + } + }, + }, + { /* 5*H+L reduction intermediate */ + { + 64, + { + 0xe3, 0x35, 0x94, 0xd7, 0x50, 0x5e, 0x43, 0xb9, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x33, 0x94, 0xd7, 0x50, 0x5e, 0x43, 0x79, 0xcd, + 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 + } + }, + { + 32, + { + 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x04, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 + } + }, + { + 16, + { + 0x14, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x55, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 + } + }, + }, + { /* 5*H+L reduction final */ + { + 48, + { + 0xe3, 0x35, 0x94, 0xd7, 0x50, 0x5e, 0x43, 0xb9, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x33, 0x94, 0xd7, 0x50, 0x5e, 0x43, 0x79, 0xcd, + 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 + + } + }, + { + 32, + { + 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x04, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 + } + }, + { + 16, + { + 0x13, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 + } + } + } +}; + +static int drive_tests(int idx) +{ + SETUP_TEST_FIXTURE(SIMPLE_FIXTURE, setup_poly1305); + fixture.test_num = idx; + fixture.test_data = &tests[idx]; + EXECUTE_TEST(execute_poly1305, teardown_poly1305); +} + +int main(int argc, char **argv) +{ + int result = 0; + int iter_argv; + int benchmark = 0; + + for (iter_argv = 1; iter_argv < argc; iter_argv++) { + if (strcmp(argv[iter_argv], "-b") == 0) + benchmark = 1; + else if (strcmp(argv[iter_argv], "-h") == 0) + goto help; + } + + ADD_ALL_TESTS(drive_tests, OSSL_NELEM(tests)); + + result = run_tests(argv[0]); + + if (benchmark) + benchmark_poly1305(); + + return result; + + help: + printf("-h\tThis help\n"); + printf("-b\tBenchmark in addition to the tests\n"); + + return 0; +} diff --git a/test/recipes/03-test_internal.t b/test/recipes/03-test_internal.t new file mode 100644 index 0000000..5c7e897 --- /dev/null +++ b/test/recipes/03-test_internal.t @@ -0,0 +1,31 @@ +#! /usr/bin/env perl +# Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved. +# +# Licensed under the OpenSSL license (the "License"). You may not use +# this file except in compliance with the License. You can obtain a copy +# in the file LICENSE in the source distribution or at +# https://www.openssl.org/source/license.html + +use strict; +use OpenSSL::Test qw/:DEFAULT bldtop_file/; +use OpenSSL::Test::Utils; + +setup("test_internal"); + +my %known_internal_tests = + ( mdc2_internal_test => !disabled("mdc2"), + poly1305_internal_test => !disabled("poly1305"), + modes_internal_test => 1, + asn1_internal_test => 1, + x509_internal_test => 1 ); + +plan tests => scalar keys %known_internal_tests; + +foreach (keys %known_internal_tests) { + SKIP: + { + skip "Skipping $_, it's disabled in this configuration", 1 + unless $known_internal_tests{$_}; + ok(run(test([$_])), "Running $_"); + } +} diff --git a/test/x509_internal_test.c b/test/x509_internal_test.c new file mode 100644 index 0000000..76cc2ed --- /dev/null +++ b/test/x509_internal_test.c @@ -0,0 +1,100 @@ +/* + * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +/* Internal tests for the x509 and x509v3 modules */ + +#include +#include + +#include +#include +#include "testutil.h" +#include "e_os.h" + +typedef struct { + const char *test_case_name; + const char *test_section; +} SIMPLE_FIXTURE; + +/********************************************************************** + * + * Test of x509v3 + * + ***/ + +static SIMPLE_FIXTURE setup_standard_exts(const char *const test_case_name) +{ + SIMPLE_FIXTURE fixture; + fixture.test_case_name = test_case_name; + return fixture; +} + +#include "../crypto/x509v3/ext_dat.h" +#include "../crypto/x509v3/standard_exts.h" + +static int execute_standard_exts(SIMPLE_FIXTURE fixture) +{ + size_t i; + int prev = -1, good = 1; + const X509V3_EXT_METHOD **tmp; + + tmp = standard_exts; + for (i = 0; i < OSSL_NELEM(standard_exts); i++, tmp++) { + if ((*tmp)->ext_nid < prev) + good = 0; + prev = (*tmp)->ext_nid; + + } + if (!good) { + tmp = standard_exts; + fprintf(stderr, "Extensions out of order!\n"); + for (i = 0; i < STANDARD_EXTENSION_COUNT; i++, tmp++) + fprintf(stderr, "%d : %s\n", (*tmp)->ext_nid, + OBJ_nid2sn((*tmp)->ext_nid)); + } else { + fprintf(stderr, "Order OK\n"); + } + + return good; +} + +static void teardown_standard_exts(SIMPLE_FIXTURE fixture) +{ + ERR_print_errors_fp(stderr); +} + +/********************************************************************** + * + * Test driver + * + ***/ + +static struct { + const char *section; + SIMPLE_FIXTURE (*setup)(const char *const test_case_name); + int (*execute)(SIMPLE_FIXTURE); + void (*teardown)(SIMPLE_FIXTURE); +} tests[] = { + {"standard_exts", setup_standard_exts, execute_standard_exts, + teardown_standard_exts}, +}; + +static int drive_tests(int idx) +{ + SETUP_TEST_FIXTURE(SIMPLE_FIXTURE, tests[idx].setup); + fixture.test_section = tests[idx].section; + EXECUTE_TEST(tests[idx].execute, tests[idx].teardown); +} + +int main(int argc, char **argv) +{ + ADD_ALL_TESTS(drive_tests, OSSL_NELEM(tests)); + + return run_tests(argv[0]); +} From openssl.sanity at gmail.com Thu Nov 3 13:24:44 2016 From: openssl.sanity at gmail.com (openssl.sanity at gmail.com) Date: Thu, 3 Nov 2016 13:24:44 +0000 (UTC) Subject: [openssl-commits] Build failed in Jenkins: master_ppc64 #1037 Message-ID: <1101008198.7.1478179484280.JavaMail.jenkins@ossl-sanity.cisco.com> See Changes: [Richard Levitte] test/build.info: typo, $ missing [Richard Levitte] Convert poly1305 selftest into internal test [Richard Levitte] Allow indented comments in build.info [Richard Levitte] Explain the deal with internal test programs [Richard Levitte] VMS: ignore multiply defined symbols when linking programs [Richard Levitte] Convert asn1 selftests (a_strnid and ameth_lib) into internal test [Richard Levitte] Convert modes selftests (cts128 and gcm128) to internal test [Richard Levitte] Add a HEADER_MODES_H guard in include/openssl/modes.h [Richard Levitte] Convert x509 selftests to internal test [Richard Levitte] Convert mdc2 test print to internal test [Richard Levitte] Finally, add a test recipe for the internal tests [Richard Levitte] Clean away remaining 'selftest' code ------------------------------------------ [...truncated 2178 lines...] link_app.linux-shared make[2]: Entering directory ` LD_LIBRARY_PATH=.: powerpc64-linux-gcc -DDSO_DLFCN -DHAVE_DLFCN_H -DNDEBUG -DOPENSSL_THREADS -DOPENSSL_NO_STATIC_ENGINE -DOPENSSL_PIC -DOPENSSL_BN_ASM_MONT -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DAES_ASM -DVPAES_ASM -DECP_NISTZ256_ASM -DPOLY1305_ASM -DOPENSSLDIR="/usr/local/ssl" -DENGINESDIR="/usr/local/lib64/engines-1.1" -Wall -O3 -pthread -m64 -DB_ENDIAN -o test/dtls_mtu_test test/dtls_mtu_test.o test/ssltestlib.o -L. -lssl -L. -lcrypto -ldl make[2]: Leaving directory ` powerpc64-linux-gcc -Iinclude -Itest -DDSO_DLFCN -DHAVE_DLFCN_H -DNDEBUG -DOPENSSL_THREADS -DOPENSSL_NO_STATIC_ENGINE -DOPENSSL_PIC -DOPENSSL_BN_ASM_MONT -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DAES_ASM -DVPAES_ASM -DECP_NISTZ256_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib64/engines-1.1\"" -Wall -O3 -pthread -m64 -DB_ENDIAN -MMD -MF test/dtlstest.d.tmp -MT test/dtlstest.o -c -o test/dtlstest.o test/dtlstest.c rm -f test/dtlstest make -f ./Makefile.shared -e \ PERL="/usr/bin/perl" SRCDIR=. \ APPNAME=test/dtlstest OBJECTS="test/dtlstest.o test/ssltestlib.o test/testutil.o" \ LIBDEPS=' '" -L. -lssl -L. -lcrypto"' -ldl ' \ CC='powerpc64-linux-gcc' CFLAGS='-DDSO_DLFCN -DHAVE_DLFCN_H -DNDEBUG -DOPENSSL_THREADS -DOPENSSL_NO_STATIC_ENGINE -DOPENSSL_PIC -DOPENSSL_BN_ASM_MONT -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DAES_ASM -DVPAES_ASM -DECP_NISTZ256_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib64/engines-1.1\"" -Wall -O3 -pthread -m64 -DB_ENDIAN ' \ LDFLAGS='' \ link_app.linux-shared make[2]: Entering directory ` LD_LIBRARY_PATH=.: powerpc64-linux-gcc -DDSO_DLFCN -DHAVE_DLFCN_H -DNDEBUG -DOPENSSL_THREADS -DOPENSSL_NO_STATIC_ENGINE -DOPENSSL_PIC -DOPENSSL_BN_ASM_MONT -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DAES_ASM -DVPAES_ASM -DECP_NISTZ256_ASM -DPOLY1305_ASM -DOPENSSLDIR="/usr/local/ssl" -DENGINESDIR="/usr/local/lib64/engines-1.1" -Wall -O3 -pthread -m64 -DB_ENDIAN -o test/dtlstest test/dtlstest.o test/ssltestlib.o test/testutil.o -L. -lssl -L. -lcrypto -ldl make[2]: Leaving directory ` powerpc64-linux-gcc -I. -Iinclude -DDSO_DLFCN -DHAVE_DLFCN_H -DNDEBUG -DOPENSSL_THREADS -DOPENSSL_NO_STATIC_ENGINE -DOPENSSL_PIC -DOPENSSL_BN_ASM_MONT -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DAES_ASM -DVPAES_ASM -DECP_NISTZ256_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib64/engines-1.1\"" -Wall -O3 -pthread -m64 -DB_ENDIAN -MMD -MF test/dtlsv1listentest.d.tmp -MT test/dtlsv1listentest.o -c -o test/dtlsv1listentest.o test/dtlsv1listentest.c rm -f test/dtlsv1listentest make -f ./Makefile.shared -e \ PERL="/usr/bin/perl" SRCDIR=. \ APPNAME=test/dtlsv1listentest OBJECTS="test/dtlsv1listentest.o" \ LIBDEPS=' '" -L. -lssl -L. -lcrypto"' -ldl ' \ CC='powerpc64-linux-gcc' CFLAGS='-DDSO_DLFCN -DHAVE_DLFCN_H -DNDEBUG -DOPENSSL_THREADS -DOPENSSL_NO_STATIC_ENGINE -DOPENSSL_PIC -DOPENSSL_BN_ASM_MONT -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DAES_ASM -DVPAES_ASM -DECP_NISTZ256_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib64/engines-1.1\"" -Wall -O3 -pthread -m64 -DB_ENDIAN ' \ LDFLAGS='' \ link_app.linux-shared make[2]: Entering directory ` LD_LIBRARY_PATH=.: powerpc64-linux-gcc -DDSO_DLFCN -DHAVE_DLFCN_H -DNDEBUG -DOPENSSL_THREADS -DOPENSSL_NO_STATIC_ENGINE -DOPENSSL_PIC -DOPENSSL_BN_ASM_MONT -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DAES_ASM -DVPAES_ASM -DECP_NISTZ256_ASM -DPOLY1305_ASM -DOPENSSLDIR="/usr/local/ssl" -DENGINESDIR="/usr/local/lib64/engines-1.1" -Wall -O3 -pthread -m64 -DB_ENDIAN -o test/dtlsv1listentest test/dtlsv1listentest.o -L. -lssl -L. -lcrypto -ldl make[2]: Leaving directory ` powerpc64-linux-gcc -Iinclude -DDSO_DLFCN -DHAVE_DLFCN_H -DNDEBUG -DOPENSSL_THREADS -DOPENSSL_NO_STATIC_ENGINE -DOPENSSL_PIC -DOPENSSL_BN_ASM_MONT -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DAES_ASM -DVPAES_ASM -DECP_NISTZ256_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib64/engines-1.1\"" -Wall -O3 -pthread -m64 -DB_ENDIAN -MMD -MF test/ecdhtest.d.tmp -MT test/ecdhtest.o -c -o test/ecdhtest.o test/ecdhtest.c rm -f test/ecdhtest make -f ./Makefile.shared -e \ PERL="/usr/bin/perl" SRCDIR=. \ APPNAME=test/ecdhtest OBJECTS="test/ecdhtest.o" \ LIBDEPS=' '" -L. -lcrypto"' -ldl ' \ CC='powerpc64-linux-gcc' CFLAGS='-DDSO_DLFCN -DHAVE_DLFCN_H -DNDEBUG -DOPENSSL_THREADS -DOPENSSL_NO_STATIC_ENGINE -DOPENSSL_PIC -DOPENSSL_BN_ASM_MONT -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DAES_ASM -DVPAES_ASM -DECP_NISTZ256_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib64/engines-1.1\"" -Wall -O3 -pthread -m64 -DB_ENDIAN ' \ LDFLAGS='' \ link_app.linux-shared make[2]: Entering directory ` LD_LIBRARY_PATH=.: powerpc64-linux-gcc -DDSO_DLFCN -DHAVE_DLFCN_H -DNDEBUG -DOPENSSL_THREADS -DOPENSSL_NO_STATIC_ENGINE -DOPENSSL_PIC -DOPENSSL_BN_ASM_MONT -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DAES_ASM -DVPAES_ASM -DECP_NISTZ256_ASM -DPOLY1305_ASM -DOPENSSLDIR="/usr/local/ssl" -DENGINESDIR="/usr/local/lib64/engines-1.1" -Wall -O3 -pthread -m64 -DB_ENDIAN -o test/ecdhtest test/ecdhtest.o -L. -lcrypto -ldl make[2]: Leaving directory ` powerpc64-linux-gcc -Iinclude -DDSO_DLFCN -DHAVE_DLFCN_H -DNDEBUG -DOPENSSL_THREADS -DOPENSSL_NO_STATIC_ENGINE -DOPENSSL_PIC -DOPENSSL_BN_ASM_MONT -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DAES_ASM -DVPAES_ASM -DECP_NISTZ256_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib64/engines-1.1\"" -Wall -O3 -pthread -m64 -DB_ENDIAN -MMD -MF test/ecdsatest.d.tmp -MT test/ecdsatest.o -c -o test/ecdsatest.o test/ecdsatest.c rm -f test/ecdsatest make -f ./Makefile.shared -e \ PERL="/usr/bin/perl" SRCDIR=. \ APPNAME=test/ecdsatest OBJECTS="test/ecdsatest.o" \ LIBDEPS=' '" -L. -lcrypto"' -ldl ' \ CC='powerpc64-linux-gcc' CFLAGS='-DDSO_DLFCN -DHAVE_DLFCN_H -DNDEBUG -DOPENSSL_THREADS -DOPENSSL_NO_STATIC_ENGINE -DOPENSSL_PIC -DOPENSSL_BN_ASM_MONT -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DAES_ASM -DVPAES_ASM -DECP_NISTZ256_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib64/engines-1.1\"" -Wall -O3 -pthread -m64 -DB_ENDIAN ' \ LDFLAGS='' \ link_app.linux-shared make[2]: Entering directory ` LD_LIBRARY_PATH=.: powerpc64-linux-gcc -DDSO_DLFCN -DHAVE_DLFCN_H -DNDEBUG -DOPENSSL_THREADS -DOPENSSL_NO_STATIC_ENGINE -DOPENSSL_PIC -DOPENSSL_BN_ASM_MONT -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DAES_ASM -DVPAES_ASM -DECP_NISTZ256_ASM -DPOLY1305_ASM -DOPENSSLDIR="/usr/local/ssl" -DENGINESDIR="/usr/local/lib64/engines-1.1" -Wall -O3 -pthread -m64 -DB_ENDIAN -o test/ecdsatest test/ecdsatest.o -L. -lcrypto -ldl make[2]: Leaving directory ` powerpc64-linux-gcc -Iinclude -DDSO_DLFCN -DHAVE_DLFCN_H -DNDEBUG -DOPENSSL_THREADS -DOPENSSL_NO_STATIC_ENGINE -DOPENSSL_PIC -DOPENSSL_BN_ASM_MONT -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DAES_ASM -DVPAES_ASM -DECP_NISTZ256_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib64/engines-1.1\"" -Wall -O3 -pthread -m64 -DB_ENDIAN -MMD -MF test/ectest.d.tmp -MT test/ectest.o -c -o test/ectest.o test/ectest.c rm -f test/ectest make -f ./Makefile.shared -e \ PERL="/usr/bin/perl" SRCDIR=. \ APPNAME=test/ectest OBJECTS="test/ectest.o" \ LIBDEPS=' '" -L. -lcrypto"' -ldl ' \ CC='powerpc64-linux-gcc' CFLAGS='-DDSO_DLFCN -DHAVE_DLFCN_H -DNDEBUG -DOPENSSL_THREADS -DOPENSSL_NO_STATIC_ENGINE -DOPENSSL_PIC -DOPENSSL_BN_ASM_MONT -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DAES_ASM -DVPAES_ASM -DECP_NISTZ256_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib64/engines-1.1\"" -Wall -O3 -pthread -m64 -DB_ENDIAN ' \ LDFLAGS='' \ link_app.linux-shared make[2]: Entering directory ` LD_LIBRARY_PATH=.: powerpc64-linux-gcc -DDSO_DLFCN -DHAVE_DLFCN_H -DNDEBUG -DOPENSSL_THREADS -DOPENSSL_NO_STATIC_ENGINE -DOPENSSL_PIC -DOPENSSL_BN_ASM_MONT -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DAES_ASM -DVPAES_ASM -DECP_NISTZ256_ASM -DPOLY1305_ASM -DOPENSSLDIR="/usr/local/ssl" -DENGINESDIR="/usr/local/lib64/engines-1.1" -Wall -O3 -pthread -m64 -DB_ENDIAN -o test/ectest test/ectest.o -L. -lcrypto -ldl make[2]: Leaving directory ` powerpc64-linux-gcc -Iinclude -DDSO_DLFCN -DHAVE_DLFCN_H -DNDEBUG -DOPENSSL_THREADS -DOPENSSL_NO_STATIC_ENGINE -DOPENSSL_PIC -DOPENSSL_BN_ASM_MONT -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DAES_ASM -DVPAES_ASM -DECP_NISTZ256_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib64/engines-1.1\"" -Wall -O3 -pthread -m64 -DB_ENDIAN -MMD -MF test/enginetest.d.tmp -MT test/enginetest.o -c -o test/enginetest.o test/enginetest.c rm -f test/enginetest make -f ./Makefile.shared -e \ PERL="/usr/bin/perl" SRCDIR=. \ APPNAME=test/enginetest OBJECTS="test/enginetest.o" \ LIBDEPS=' '" -L. -lcrypto"' -ldl ' \ CC='powerpc64-linux-gcc' CFLAGS='-DDSO_DLFCN -DHAVE_DLFCN_H -DNDEBUG -DOPENSSL_THREADS -DOPENSSL_NO_STATIC_ENGINE -DOPENSSL_PIC -DOPENSSL_BN_ASM_MONT -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DAES_ASM -DVPAES_ASM -DECP_NISTZ256_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib64/engines-1.1\"" -Wall -O3 -pthread -m64 -DB_ENDIAN ' \ LDFLAGS='' \ link_app.linux-shared make[2]: Entering directory ` LD_LIBRARY_PATH=.: powerpc64-linux-gcc -DDSO_DLFCN -DHAVE_DLFCN_H -DNDEBUG -DOPENSSL_THREADS -DOPENSSL_NO_STATIC_ENGINE -DOPENSSL_PIC -DOPENSSL_BN_ASM_MONT -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DAES_ASM -DVPAES_ASM -DECP_NISTZ256_ASM -DPOLY1305_ASM -DOPENSSLDIR="/usr/local/ssl" -DENGINESDIR="/usr/local/lib64/engines-1.1" -Wall -O3 -pthread -m64 -DB_ENDIAN -o test/enginetest test/enginetest.o -L. -lcrypto -ldl make[2]: Leaving directory ` powerpc64-linux-gcc -Iinclude -DDSO_DLFCN -DHAVE_DLFCN_H -DNDEBUG -DOPENSSL_THREADS -DOPENSSL_NO_STATIC_ENGINE -DOPENSSL_PIC -DOPENSSL_BN_ASM_MONT -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DAES_ASM -DVPAES_ASM -DECP_NISTZ256_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib64/engines-1.1\"" -Wall -O3 -pthread -m64 -DB_ENDIAN -MMD -MF test/evp_extra_test.d.tmp -MT test/evp_extra_test.o -c -o test/evp_extra_test.o test/evp_extra_test.c rm -f test/evp_extra_test make -f ./Makefile.shared -e \ PERL="/usr/bin/perl" SRCDIR=. \ APPNAME=test/evp_extra_test OBJECTS="test/evp_extra_test.o" \ LIBDEPS=' '" -L. -lcrypto"' -ldl ' \ CC='powerpc64-linux-gcc' CFLAGS='-DDSO_DLFCN -DHAVE_DLFCN_H -DNDEBUG -DOPENSSL_THREADS -DOPENSSL_NO_STATIC_ENGINE -DOPENSSL_PIC -DOPENSSL_BN_ASM_MONT -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DAES_ASM -DVPAES_ASM -DECP_NISTZ256_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib64/engines-1.1\"" -Wall -O3 -pthread -m64 -DB_ENDIAN ' \ LDFLAGS='' \ link_app.linux-shared make[2]: Entering directory ` LD_LIBRARY_PATH=.: powerpc64-linux-gcc -DDSO_DLFCN -DHAVE_DLFCN_H -DNDEBUG -DOPENSSL_THREADS -DOPENSSL_NO_STATIC_ENGINE -DOPENSSL_PIC -DOPENSSL_BN_ASM_MONT -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DAES_ASM -DVPAES_ASM -DECP_NISTZ256_ASM -DPOLY1305_ASM -DOPENSSLDIR="/usr/local/ssl" -DENGINESDIR="/usr/local/lib64/engines-1.1" -Wall -O3 -pthread -m64 -DB_ENDIAN -o test/evp_extra_test test/evp_extra_test.o -L. -lcrypto -ldl make[2]: Leaving directory ` powerpc64-linux-gcc -Iinclude -DDSO_DLFCN -DHAVE_DLFCN_H -DNDEBUG -DOPENSSL_THREADS -DOPENSSL_NO_STATIC_ENGINE -DOPENSSL_PIC -DOPENSSL_BN_ASM_MONT -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DAES_ASM -DVPAES_ASM -DECP_NISTZ256_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib64/engines-1.1\"" -Wall -O3 -pthread -m64 -DB_ENDIAN -MMD -MF test/evp_test.d.tmp -MT test/evp_test.o -c -o test/evp_test.o test/evp_test.c rm -f test/evp_test make -f ./Makefile.shared -e \ PERL="/usr/bin/perl" SRCDIR=. \ APPNAME=test/evp_test OBJECTS="test/evp_test.o" \ LIBDEPS=' '" -L. -lcrypto"' -ldl ' \ CC='powerpc64-linux-gcc' CFLAGS='-DDSO_DLFCN -DHAVE_DLFCN_H -DNDEBUG -DOPENSSL_THREADS -DOPENSSL_NO_STATIC_ENGINE -DOPENSSL_PIC -DOPENSSL_BN_ASM_MONT -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DAES_ASM -DVPAES_ASM -DECP_NISTZ256_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib64/engines-1.1\"" -Wall -O3 -pthread -m64 -DB_ENDIAN ' \ LDFLAGS='' \ link_app.linux-shared make[2]: Entering directory ` LD_LIBRARY_PATH=.: powerpc64-linux-gcc -DDSO_DLFCN -DHAVE_DLFCN_H -DNDEBUG -DOPENSSL_THREADS -DOPENSSL_NO_STATIC_ENGINE -DOPENSSL_PIC -DOPENSSL_BN_ASM_MONT -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DAES_ASM -DVPAES_ASM -DECP_NISTZ256_ASM -DPOLY1305_ASM -DOPENSSLDIR="/usr/local/ssl" -DENGINESDIR="/usr/local/lib64/engines-1.1" -Wall -O3 -pthread -m64 -DB_ENDIAN -o test/evp_test test/evp_test.o -L. -lcrypto -ldl make[2]: Leaving directory ` powerpc64-linux-gcc -Iinclude -DDSO_DLFCN -DHAVE_DLFCN_H -DNDEBUG -DOPENSSL_THREADS -DOPENSSL_NO_STATIC_ENGINE -DOPENSSL_PIC -DOPENSSL_BN_ASM_MONT -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DAES_ASM -DVPAES_ASM -DECP_NISTZ256_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib64/engines-1.1\"" -Wall -O3 -pthread -m64 -DB_ENDIAN -MMD -MF test/exptest.d.tmp -MT test/exptest.o -c -o test/exptest.o test/exptest.c rm -f test/exptest make -f ./Makefile.shared -e \ PERL="/usr/bin/perl" SRCDIR=. \ APPNAME=test/exptest OBJECTS="test/exptest.o" \ LIBDEPS=' '" -L. -lcrypto"' -ldl ' \ CC='powerpc64-linux-gcc' CFLAGS='-DDSO_DLFCN -DHAVE_DLFCN_H -DNDEBUG -DOPENSSL_THREADS -DOPENSSL_NO_STATIC_ENGINE -DOPENSSL_PIC -DOPENSSL_BN_ASM_MONT -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DAES_ASM -DVPAES_ASM -DECP_NISTZ256_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib64/engines-1.1\"" -Wall -O3 -pthread -m64 -DB_ENDIAN ' \ LDFLAGS='' \ link_app.linux-shared make[2]: Entering directory ` LD_LIBRARY_PATH=.: powerpc64-linux-gcc -DDSO_DLFCN -DHAVE_DLFCN_H -DNDEBUG -DOPENSSL_THREADS -DOPENSSL_NO_STATIC_ENGINE -DOPENSSL_PIC -DOPENSSL_BN_ASM_MONT -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DAES_ASM -DVPAES_ASM -DECP_NISTZ256_ASM -DPOLY1305_ASM -DOPENSSLDIR="/usr/local/ssl" -DENGINESDIR="/usr/local/lib64/engines-1.1" -Wall -O3 -pthread -m64 -DB_ENDIAN -o test/exptest test/exptest.o -L. -lcrypto -ldl make[2]: Leaving directory ` powerpc64-linux-gcc -Iinclude -DDSO_DLFCN -DHAVE_DLFCN_H -DNDEBUG -DOPENSSL_THREADS -DOPENSSL_NO_STATIC_ENGINE -DOPENSSL_PIC -DOPENSSL_BN_ASM_MONT -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DAES_ASM -DVPAES_ASM -DECP_NISTZ256_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib64/engines-1.1\"" -Wall -O3 -pthread -m64 -DB_ENDIAN -MMD -MF test/gmdifftest.d.tmp -MT test/gmdifftest.o -c -o test/gmdifftest.o test/gmdifftest.c rm -f test/gmdifftest make -f ./Makefile.shared -e \ PERL="/usr/bin/perl" SRCDIR=. \ APPNAME=test/gmdifftest OBJECTS="test/gmdifftest.o" \ LIBDEPS=' '" -L. -lcrypto"' -ldl ' \ CC='powerpc64-linux-gcc' CFLAGS='-DDSO_DLFCN -DHAVE_DLFCN_H -DNDEBUG -DOPENSSL_THREADS -DOPENSSL_NO_STATIC_ENGINE -DOPENSSL_PIC -DOPENSSL_BN_ASM_MONT -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DAES_ASM -DVPAES_ASM -DECP_NISTZ256_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib64/engines-1.1\"" -Wall -O3 -pthread -m64 -DB_ENDIAN ' \ LDFLAGS='' \ link_app.linux-shared make[2]: Entering directory ` LD_LIBRARY_PATH=.: powerpc64-linux-gcc -DDSO_DLFCN -DHAVE_DLFCN_H -DNDEBUG -DOPENSSL_THREADS -DOPENSSL_NO_STATIC_ENGINE -DOPENSSL_PIC -DOPENSSL_BN_ASM_MONT -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DAES_ASM -DVPAES_ASM -DECP_NISTZ256_ASM -DPOLY1305_ASM -DOPENSSLDIR="/usr/local/ssl" -DENGINESDIR="/usr/local/lib64/engines-1.1" -Wall -O3 -pthread -m64 -DB_ENDIAN -o test/gmdifftest test/gmdifftest.o -L. -lcrypto -ldl make[2]: Leaving directory ` powerpc64-linux-gcc -I. -Iinclude -DDSO_DLFCN -DHAVE_DLFCN_H -DNDEBUG -DOPENSSL_THREADS -DOPENSSL_NO_STATIC_ENGINE -DOPENSSL_PIC -DOPENSSL_BN_ASM_MONT -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DAES_ASM -DVPAES_ASM -DECP_NISTZ256_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib64/engines-1.1\"" -Wall -O3 -pthread -m64 -DB_ENDIAN -MMD -MF test/heartbeat_test.d.tmp -MT test/heartbeat_test.o -c -o test/heartbeat_test.o test/heartbeat_test.c rm -f test/heartbeat_test make -f ./Makefile.shared -e \ PERL="/usr/bin/perl" SRCDIR=. \ APPNAME=test/heartbeat_test OBJECTS="test/heartbeat_test.o test/testutil.o" \ LIBDEPS=' '" -L. -lssl -L. -lcrypto"' -ldl ' \ CC='powerpc64-linux-gcc' CFLAGS='-DDSO_DLFCN -DHAVE_DLFCN_H -DNDEBUG -DOPENSSL_THREADS -DOPENSSL_NO_STATIC_ENGINE -DOPENSSL_PIC -DOPENSSL_BN_ASM_MONT -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DAES_ASM -DVPAES_ASM -DECP_NISTZ256_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib64/engines-1.1\"" -Wall -O3 -pthread -m64 -DB_ENDIAN ' \ LDFLAGS='' \ link_app.linux-shared make[2]: Entering directory ` LD_LIBRARY_PATH=.: powerpc64-linux-gcc -DDSO_DLFCN -DHAVE_DLFCN_H -DNDEBUG -DOPENSSL_THREADS -DOPENSSL_NO_STATIC_ENGINE -DOPENSSL_PIC -DOPENSSL_BN_ASM_MONT -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DAES_ASM -DVPAES_ASM -DECP_NISTZ256_ASM -DPOLY1305_ASM -DOPENSSLDIR="/usr/local/ssl" -DENGINESDIR="/usr/local/lib64/engines-1.1" -Wall -O3 -pthread -m64 -DB_ENDIAN -o test/heartbeat_test test/heartbeat_test.o test/testutil.o -L. -lssl -L. -lcrypto -ldl make[2]: Leaving directory ` powerpc64-linux-gcc -Iinclude -DDSO_DLFCN -DHAVE_DLFCN_H -DNDEBUG -DOPENSSL_THREADS -DOPENSSL_NO_STATIC_ENGINE -DOPENSSL_PIC -DOPENSSL_BN_ASM_MONT -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DAES_ASM -DVPAES_ASM -DECP_NISTZ256_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib64/engines-1.1\"" -Wall -O3 -pthread -m64 -DB_ENDIAN -MMD -MF test/hmactest.d.tmp -MT test/hmactest.o -c -o test/hmactest.o test/hmactest.c rm -f test/hmactest make -f ./Makefile.shared -e \ PERL="/usr/bin/perl" SRCDIR=. \ APPNAME=test/hmactest OBJECTS="test/hmactest.o" \ LIBDEPS=' '" -L. -lcrypto"' -ldl ' \ CC='powerpc64-linux-gcc' CFLAGS='-DDSO_DLFCN -DHAVE_DLFCN_H -DNDEBUG -DOPENSSL_THREADS -DOPENSSL_NO_STATIC_ENGINE -DOPENSSL_PIC -DOPENSSL_BN_ASM_MONT -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DAES_ASM -DVPAES_ASM -DECP_NISTZ256_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib64/engines-1.1\"" -Wall -O3 -pthread -m64 -DB_ENDIAN ' \ LDFLAGS='' \ link_app.linux-shared make[2]: Entering directory ` LD_LIBRARY_PATH=.: powerpc64-linux-gcc -DDSO_DLFCN -DHAVE_DLFCN_H -DNDEBUG -DOPENSSL_THREADS -DOPENSSL_NO_STATIC_ENGINE -DOPENSSL_PIC -DOPENSSL_BN_ASM_MONT -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DAES_ASM -DVPAES_ASM -DECP_NISTZ256_ASM -DPOLY1305_ASM -DOPENSSLDIR="/usr/local/ssl" -DENGINESDIR="/usr/local/lib64/engines-1.1" -Wall -O3 -pthread -m64 -DB_ENDIAN -o test/hmactest test/hmactest.o -L. -lcrypto -ldl make[2]: Leaving directory ` powerpc64-linux-gcc -Iinclude -DDSO_DLFCN -DHAVE_DLFCN_H -DNDEBUG -DOPENSSL_THREADS -DOPENSSL_NO_STATIC_ENGINE -DOPENSSL_PIC -DOPENSSL_BN_ASM_MONT -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DAES_ASM -DVPAES_ASM -DECP_NISTZ256_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib64/engines-1.1\"" -Wall -O3 -pthread -m64 -DB_ENDIAN -MMD -MF test/ideatest.d.tmp -MT test/ideatest.o -c -o test/ideatest.o test/ideatest.c rm -f test/ideatest make -f ./Makefile.shared -e \ PERL="/usr/bin/perl" SRCDIR=. \ APPNAME=test/ideatest OBJECTS="test/ideatest.o" \ LIBDEPS=' '" -L. -lcrypto"' -ldl ' \ CC='powerpc64-linux-gcc' CFLAGS='-DDSO_DLFCN -DHAVE_DLFCN_H -DNDEBUG -DOPENSSL_THREADS -DOPENSSL_NO_STATIC_ENGINE -DOPENSSL_PIC -DOPENSSL_BN_ASM_MONT -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DAES_ASM -DVPAES_ASM -DECP_NISTZ256_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib64/engines-1.1\"" -Wall -O3 -pthread -m64 -DB_ENDIAN ' \ LDFLAGS='' \ link_app.linux-shared make[2]: Entering directory ` LD_LIBRARY_PATH=.: powerpc64-linux-gcc -DDSO_DLFCN -DHAVE_DLFCN_H -DNDEBUG -DOPENSSL_THREADS -DOPENSSL_NO_STATIC_ENGINE -DOPENSSL_PIC -DOPENSSL_BN_ASM_MONT -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DAES_ASM -DVPAES_ASM -DECP_NISTZ256_ASM -DPOLY1305_ASM -DOPENSSLDIR="/usr/local/ssl" -DENGINESDIR="/usr/local/lib64/engines-1.1" -Wall -O3 -pthread -m64 -DB_ENDIAN -o test/ideatest test/ideatest.o -L. -lcrypto -ldl make[2]: Leaving directory ` powerpc64-linux-gcc -I. -Iinclude -DDSO_DLFCN -DHAVE_DLFCN_H -DNDEBUG -DOPENSSL_THREADS -DOPENSSL_NO_STATIC_ENGINE -DOPENSSL_PIC -DOPENSSL_BN_ASM_MONT -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DAES_ASM -DVPAES_ASM -DECP_NISTZ256_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib64/engines-1.1\"" -Wall -O3 -pthread -m64 -DB_ENDIAN -MMD -MF test/igetest.d.tmp -MT test/igetest.o -c -o test/igetest.o test/igetest.c rm -f test/igetest make -f ./Makefile.shared -e \ PERL="/usr/bin/perl" SRCDIR=. \ APPNAME=test/igetest OBJECTS="test/igetest.o" \ LIBDEPS=' '" -L. -lcrypto"' -ldl ' \ CC='powerpc64-linux-gcc' CFLAGS='-DDSO_DLFCN -DHAVE_DLFCN_H -DNDEBUG -DOPENSSL_THREADS -DOPENSSL_NO_STATIC_ENGINE -DOPENSSL_PIC -DOPENSSL_BN_ASM_MONT -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DAES_ASM -DVPAES_ASM -DECP_NISTZ256_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib64/engines-1.1\"" -Wall -O3 -pthread -m64 -DB_ENDIAN ' \ LDFLAGS='' \ link_app.linux-shared make[2]: Entering directory ` LD_LIBRARY_PATH=.: powerpc64-linux-gcc -DDSO_DLFCN -DHAVE_DLFCN_H -DNDEBUG -DOPENSSL_THREADS -DOPENSSL_NO_STATIC_ENGINE -DOPENSSL_PIC -DOPENSSL_BN_ASM_MONT -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DAES_ASM -DVPAES_ASM -DECP_NISTZ256_ASM -DPOLY1305_ASM -DOPENSSLDIR="/usr/local/ssl" -DENGINESDIR="/usr/local/lib64/engines-1.1" -Wall -O3 -pthread -m64 -DB_ENDIAN -o test/igetest test/igetest.o -L. -lcrypto -ldl make[2]: Leaving directory ` powerpc64-linux-gcc -Iinclude -DDSO_DLFCN -DHAVE_DLFCN_H -DNDEBUG -DOPENSSL_THREADS -DOPENSSL_NO_STATIC_ENGINE -DOPENSSL_PIC -DOPENSSL_BN_ASM_MONT -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DAES_ASM -DVPAES_ASM -DECP_NISTZ256_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib64/engines-1.1\"" -Wall -O3 -pthread -m64 -DB_ENDIAN -MMD -MF test/md2test.d.tmp -MT test/md2test.o -c -o test/md2test.o test/md2test.c rm -f test/md2test make -f ./Makefile.shared -e \ PERL="/usr/bin/perl" SRCDIR=. \ APPNAME=test/md2test OBJECTS="test/md2test.o" \ LIBDEPS=' '" -L. -lcrypto"' -ldl ' \ CC='powerpc64-linux-gcc' CFLAGS='-DDSO_DLFCN -DHAVE_DLFCN_H -DNDEBUG -DOPENSSL_THREADS -DOPENSSL_NO_STATIC_ENGINE -DOPENSSL_PIC -DOPENSSL_BN_ASM_MONT -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DAES_ASM -DVPAES_ASM -DECP_NISTZ256_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib64/engines-1.1\"" -Wall -O3 -pthread -m64 -DB_ENDIAN ' \ LDFLAGS='' \ link_app.linux-shared make[2]: Entering directory ` LD_LIBRARY_PATH=.: powerpc64-linux-gcc -DDSO_DLFCN -DHAVE_DLFCN_H -DNDEBUG -DOPENSSL_THREADS -DOPENSSL_NO_STATIC_ENGINE -DOPENSSL_PIC -DOPENSSL_BN_ASM_MONT -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DAES_ASM -DVPAES_ASM -DECP_NISTZ256_ASM -DPOLY1305_ASM -DOPENSSLDIR="/usr/local/ssl" -DENGINESDIR="/usr/local/lib64/engines-1.1" -Wall -O3 -pthread -m64 -DB_ENDIAN -o test/md2test test/md2test.o -L. -lcrypto -ldl make[2]: Leaving directory ` powerpc64-linux-gcc -Iinclude -DDSO_DLFCN -DHAVE_DLFCN_H -DNDEBUG -DOPENSSL_THREADS -DOPENSSL_NO_STATIC_ENGINE -DOPENSSL_PIC -DOPENSSL_BN_ASM_MONT -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DAES_ASM -DVPAES_ASM -DECP_NISTZ256_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib64/engines-1.1\"" -Wall -O3 -pthread -m64 -DB_ENDIAN -MMD -MF test/md4test.d.tmp -MT test/md4test.o -c -o test/md4test.o test/md4test.c rm -f test/md4test make -f ./Makefile.shared -e \ PERL="/usr/bin/perl" SRCDIR=. \ APPNAME=test/md4test OBJECTS="test/md4test.o" \ LIBDEPS=' '" -L. -lcrypto"' -ldl ' \ CC='powerpc64-linux-gcc' CFLAGS='-DDSO_DLFCN -DHAVE_DLFCN_H -DNDEBUG -DOPENSSL_THREADS -DOPENSSL_NO_STATIC_ENGINE -DOPENSSL_PIC -DOPENSSL_BN_ASM_MONT -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DAES_ASM -DVPAES_ASM -DECP_NISTZ256_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib64/engines-1.1\"" -Wall -O3 -pthread -m64 -DB_ENDIAN ' \ LDFLAGS='' \ link_app.linux-shared make[2]: Entering directory ` LD_LIBRARY_PATH=.: powerpc64-linux-gcc -DDSO_DLFCN -DHAVE_DLFCN_H -DNDEBUG -DOPENSSL_THREADS -DOPENSSL_NO_STATIC_ENGINE -DOPENSSL_PIC -DOPENSSL_BN_ASM_MONT -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DAES_ASM -DVPAES_ASM -DECP_NISTZ256_ASM -DPOLY1305_ASM -DOPENSSLDIR="/usr/local/ssl" -DENGINESDIR="/usr/local/lib64/engines-1.1" -Wall -O3 -pthread -m64 -DB_ENDIAN -o test/md4test test/md4test.o -L. -lcrypto -ldl make[2]: Leaving directory ` powerpc64-linux-gcc -Iinclude -DDSO_DLFCN -DHAVE_DLFCN_H -DNDEBUG -DOPENSSL_THREADS -DOPENSSL_NO_STATIC_ENGINE -DOPENSSL_PIC -DOPENSSL_BN_ASM_MONT -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DAES_ASM -DVPAES_ASM -DECP_NISTZ256_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib64/engines-1.1\"" -Wall -O3 -pthread -m64 -DB_ENDIAN -MMD -MF test/md5test.d.tmp -MT test/md5test.o -c -o test/md5test.o test/md5test.c rm -f test/md5test make -f ./Makefile.shared -e \ PERL="/usr/bin/perl" SRCDIR=. \ APPNAME=test/md5test OBJECTS="test/md5test.o" \ LIBDEPS=' '" -L. -lcrypto"' -ldl ' \ CC='powerpc64-linux-gcc' CFLAGS='-DDSO_DLFCN -DHAVE_DLFCN_H -DNDEBUG -DOPENSSL_THREADS -DOPENSSL_NO_STATIC_ENGINE -DOPENSSL_PIC -DOPENSSL_BN_ASM_MONT -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DAES_ASM -DVPAES_ASM -DECP_NISTZ256_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib64/engines-1.1\"" -Wall -O3 -pthread -m64 -DB_ENDIAN ' \ LDFLAGS='' \ link_app.linux-shared make[2]: Entering directory ` LD_LIBRARY_PATH=.: powerpc64-linux-gcc -DDSO_DLFCN -DHAVE_DLFCN_H -DNDEBUG -DOPENSSL_THREADS -DOPENSSL_NO_STATIC_ENGINE -DOPENSSL_PIC -DOPENSSL_BN_ASM_MONT -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DAES_ASM -DVPAES_ASM -DECP_NISTZ256_ASM -DPOLY1305_ASM -DOPENSSLDIR="/usr/local/ssl" -DENGINESDIR="/usr/local/lib64/engines-1.1" -Wall -O3 -pthread -m64 -DB_ENDIAN -o test/md5test test/md5test.o -L. -lcrypto -ldl make[2]: Leaving directory ` powerpc64-linux-gcc -I. -Iinclude -DDSO_DLFCN -DHAVE_DLFCN_H -DNDEBUG -DOPENSSL_THREADS -DOPENSSL_NO_STATIC_ENGINE -DOPENSSL_PIC -DOPENSSL_BN_ASM_MONT -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DAES_ASM -DVPAES_ASM -DECP_NISTZ256_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib64/engines-1.1\"" -Wall -O3 -pthread -m64 -DB_ENDIAN -MMD -MF test/mdc2_internal_test.d.tmp -MT test/mdc2_internal_test.o -c -o test/mdc2_internal_test.o test/mdc2_internal_test.c rm -f test/mdc2_internal_test make -f ./Makefile.shared -e \ PERL="/usr/bin/perl" SRCDIR=. \ APPNAME=test/mdc2_internal_test OBJECTS="test/mdc2_internal_test.o test/testutil.o" \ LIBDEPS=' '" -L. -lcrypto"' -ldl ' \ CC='powerpc64-linux-gcc' CFLAGS='-DDSO_DLFCN -DHAVE_DLFCN_H -DNDEBUG -DOPENSSL_THREADS -DOPENSSL_NO_STATIC_ENGINE -DOPENSSL_PIC -DOPENSSL_BN_ASM_MONT -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DAES_ASM -DVPAES_ASM -DECP_NISTZ256_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib64/engines-1.1\"" -Wall -O3 -pthread -m64 -DB_ENDIAN ' \ LDFLAGS='' \ link_app.linux-shared make[2]: Entering directory ` LD_LIBRARY_PATH=.: powerpc64-linux-gcc -DDSO_DLFCN -DHAVE_DLFCN_H -DNDEBUG -DOPENSSL_THREADS -DOPENSSL_NO_STATIC_ENGINE -DOPENSSL_PIC -DOPENSSL_BN_ASM_MONT -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DAES_ASM -DVPAES_ASM -DECP_NISTZ256_ASM -DPOLY1305_ASM -DOPENSSLDIR="/usr/local/ssl" -DENGINESDIR="/usr/local/lib64/engines-1.1" -Wall -O3 -pthread -m64 -DB_ENDIAN -o test/mdc2_internal_test test/mdc2_internal_test.o test/testutil.o -L. -lcrypto -ldl make[2]: Leaving directory ` powerpc64-linux-gcc -Iinclude -DDSO_DLFCN -DHAVE_DLFCN_H -DNDEBUG -DOPENSSL_THREADS -DOPENSSL_NO_STATIC_ENGINE -DOPENSSL_PIC -DOPENSSL_BN_ASM_MONT -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DAES_ASM -DVPAES_ASM -DECP_NISTZ256_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib64/engines-1.1\"" -Wall -O3 -pthread -m64 -DB_ENDIAN -MMD -MF test/mdc2test.d.tmp -MT test/mdc2test.o -c -o test/mdc2test.o test/mdc2test.c rm -f test/mdc2test make -f ./Makefile.shared -e \ PERL="/usr/bin/perl" SRCDIR=. \ APPNAME=test/mdc2test OBJECTS="test/mdc2test.o" \ LIBDEPS=' '" -L. -lcrypto"' -ldl ' \ CC='powerpc64-linux-gcc' CFLAGS='-DDSO_DLFCN -DHAVE_DLFCN_H -DNDEBUG -DOPENSSL_THREADS -DOPENSSL_NO_STATIC_ENGINE -DOPENSSL_PIC -DOPENSSL_BN_ASM_MONT -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DAES_ASM -DVPAES_ASM -DECP_NISTZ256_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib64/engines-1.1\"" -Wall -O3 -pthread -m64 -DB_ENDIAN ' \ LDFLAGS='' \ link_app.linux-shared make[2]: Entering directory ` LD_LIBRARY_PATH=.: powerpc64-linux-gcc -DDSO_DLFCN -DHAVE_DLFCN_H -DNDEBUG -DOPENSSL_THREADS -DOPENSSL_NO_STATIC_ENGINE -DOPENSSL_PIC -DOPENSSL_BN_ASM_MONT -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DAES_ASM -DVPAES_ASM -DECP_NISTZ256_ASM -DPOLY1305_ASM -DOPENSSLDIR="/usr/local/ssl" -DENGINESDIR="/usr/local/lib64/engines-1.1" -Wall -O3 -pthread -m64 -DB_ENDIAN -o test/mdc2test test/mdc2test.o -L. -lcrypto -ldl make[2]: Leaving directory ` powerpc64-linux-gcc -Iinclude -DDSO_DLFCN -DHAVE_DLFCN_H -DNDEBUG -DOPENSSL_THREADS -DOPENSSL_NO_STATIC_ENGINE -DOPENSSL_PIC -DOPENSSL_BN_ASM_MONT -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DAES_ASM -DVPAES_ASM -DECP_NISTZ256_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib64/engines-1.1\"" -Wall -O3 -pthread -m64 -DB_ENDIAN -MMD -MF test/memleaktest.d.tmp -MT test/memleaktest.o -c -o test/memleaktest.o test/memleaktest.c rm -f test/memleaktest make -f ./Makefile.shared -e \ PERL="/usr/bin/perl" SRCDIR=. \ APPNAME=test/memleaktest OBJECTS="test/memleaktest.o" \ LIBDEPS=' '" -L. -lcrypto"' -ldl ' \ CC='powerpc64-linux-gcc' CFLAGS='-DDSO_DLFCN -DHAVE_DLFCN_H -DNDEBUG -DOPENSSL_THREADS -DOPENSSL_NO_STATIC_ENGINE -DOPENSSL_PIC -DOPENSSL_BN_ASM_MONT -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DAES_ASM -DVPAES_ASM -DECP_NISTZ256_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib64/engines-1.1\"" -Wall -O3 -pthread -m64 -DB_ENDIAN ' \ LDFLAGS='' \ link_app.linux-shared make[2]: Entering directory ` LD_LIBRARY_PATH=.: powerpc64-linux-gcc -DDSO_DLFCN -DHAVE_DLFCN_H -DNDEBUG -DOPENSSL_THREADS -DOPENSSL_NO_STATIC_ENGINE -DOPENSSL_PIC -DOPENSSL_BN_ASM_MONT -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DAES_ASM -DVPAES_ASM -DECP_NISTZ256_ASM -DPOLY1305_ASM -DOPENSSLDIR="/usr/local/ssl" -DENGINESDIR="/usr/local/lib64/engines-1.1" -Wall -O3 -pthread -m64 -DB_ENDIAN -o test/memleaktest test/memleaktest.o -L. -lcrypto -ldl make[2]: Leaving directory ` powerpc64-linux-gcc -I. -Iinclude -DDSO_DLFCN -DHAVE_DLFCN_H -DNDEBUG -DOPENSSL_THREADS -DOPENSSL_NO_STATIC_ENGINE -DOPENSSL_PIC -DOPENSSL_BN_ASM_MONT -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DAES_ASM -DVPAES_ASM -DECP_NISTZ256_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib64/engines-1.1\"" -Wall -O3 -pthread -m64 -DB_ENDIAN -MMD -MF test/modes_internal_test.d.tmp -MT test/modes_internal_test.o -c -o test/modes_internal_test.o test/modes_internal_test.c make[1]: *** No rule to make target `test/ppccap.c', needed by `test/ppccap.o'. Stop. make[1]: Leaving directory ` make: *** [all] Error 2 Build step 'Execute shell' marked build as failure From builds at travis-ci.org Thu Nov 3 13:28:54 2016 From: builds at travis-ci.org (Travis CI) Date: Thu, 03 Nov 2016 13:28:54 +0000 Subject: [openssl-commits] Still Failing: openssl/openssl#6812 (master - 9c89c84) In-Reply-To: Message-ID: <581b3b99e4269_33f9b2b58cb3039817b@40a337e2-63a6-48ad-9e75-ad447ce15e27.mail> Build Update for openssl/openssl ------------------------------------- Build: #6812 Status: Still Failing Duration: 34 minutes and 19 seconds Commit: 9c89c84 (master) Author: Richard Levitte Message: test/build.info: typo, $ missing Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/1832) View the changeset: https://github.com/openssl/openssl/compare/ea6199ea91ac...9c89c8460a4d View the full build log and details: https://travis-ci.org/openssl/openssl/builds/172921418 -- You can configure recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications -------------- next part -------------- An HTML attachment was scrubbed... URL: From builds at travis-ci.org Thu Nov 3 13:56:21 2016 From: builds at travis-ci.org (Travis CI) Date: Thu, 03 Nov 2016 13:56:21 +0000 Subject: [openssl-commits] Still Failing: openssl/openssl#6813 (master - 7280a5d) In-Reply-To: Message-ID: <581b420597060_33f9b2b58c004429521@40a337e2-63a6-48ad-9e75-ad447ce15e27.mail> Build Update for openssl/openssl ------------------------------------- Build: #6813 Status: Still Failing Duration: 38 minutes and 4 seconds Commit: 7280a5d (master) Author: Richard Levitte Message: Clean away remaining 'selftest' code All of these don't compile cleanly any more, probably haven't for quite some time Reviewed-by: Emilia K?sper (Merged from https://github.com/openssl/openssl/pull/1789) View the changeset: https://github.com/openssl/openssl/compare/9c89c8460a4d...7280a5d332e8 View the full build log and details: https://travis-ci.org/openssl/openssl/builds/172922974 -- You can configure recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications -------------- next part -------------- An HTML attachment was scrubbed... URL: From levitte at openssl.org Thu Nov 3 14:35:29 2016 From: levitte at openssl.org (Richard Levitte) Date: Thu, 03 Nov 2016 14:35:29 +0000 Subject: [openssl-commits] [openssl] OpenSSL_1_1_0-stable update Message-ID: <1478183729.047017.21867.nullmailer@dev.openssl.org> The branch OpenSSL_1_1_0-stable has been updated via f1ec9c07fe3631bce5b7c538224c080339c8fc6e (commit) from 3a3f9ed140b0e1feeed1b9655091c270df05332f (commit) - Log ----------------------------------------------------------------- commit f1ec9c07fe3631bce5b7c538224c080339c8fc6e Author: Richard Levitte Date: Thu Nov 3 11:31:12 2016 +0100 test/build.info: typo, $ missing Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/1832) (cherry picked from commit 9c89c8460a4dcf828a22e2dfc279b5ea8a80ec60) ----------------------------------------------------------------------- Summary of changes: test/build.info | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/test/build.info b/test/build.info index e3a961d..8d96097 100644 --- a/test/build.info +++ b/test/build.info @@ -275,7 +275,7 @@ IF[{- !$disabled{tests} -}] INCLUDE[bio_enc_test]=../include DEPEND[bio_enc_test]=../libcrypto - IF[{- !disabled{shared} -}] + IF[{- !$disabled{shared} -}] PROGRAMS_NO_INST=shlibloadtest SOURCE[shlibloadtest]=shlibloadtest.c INCLUDE[shlibloadtest]=../include From levitte at openssl.org Thu Nov 3 14:35:58 2016 From: levitte at openssl.org (Richard Levitte) Date: Thu, 03 Nov 2016 14:35:58 +0000 Subject: [openssl-commits] [openssl] master update Message-ID: <1478183758.921809.22992.nullmailer@dev.openssl.org> The branch master has been updated via 075e9da055454ec5586962b43d9923e44bdcb313 (commit) from 7280a5d332e880adbc73e03086ab070f8effdce7 (commit) - Log ----------------------------------------------------------------- commit 075e9da055454ec5586962b43d9923e44bdcb313 Author: Richard Levitte Date: Thu Nov 3 15:26:00 2016 +0100 Clang doesn't like -znodelete, make it a linker flag instead gcc is kinder, it silently passes quite a few flags to ld, while clang is stricter and wants them prefixed with -Wl, Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/1836) ----------------------------------------------------------------------- Summary of changes: Configurations/10-main.conf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Configurations/10-main.conf b/Configurations/10-main.conf index b77efbf..4c65984 100644 --- a/Configurations/10-main.conf +++ b/Configurations/10-main.conf @@ -633,7 +633,7 @@ sub vms_info { dso_scheme => "dlfcn", shared_target => "linux-shared", shared_cflag => "-fPIC -DOPENSSL_USE_NODELETE", - shared_ldflag => "-znodelete", + shared_ldflag => "-Wl,-znodelete", shared_extension => ".so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", }, "linux-generic64" => { From levitte at openssl.org Thu Nov 3 14:36:35 2016 From: levitte at openssl.org (Richard Levitte) Date: Thu, 03 Nov 2016 14:36:35 +0000 Subject: [openssl-commits] [openssl] OpenSSL_1_1_0-stable update Message-ID: <1478183795.654477.24008.nullmailer@dev.openssl.org> The branch OpenSSL_1_1_0-stable has been updated via 22173a40b2192d9ecd2180b750833fd40d66534a (commit) from f1ec9c07fe3631bce5b7c538224c080339c8fc6e (commit) - Log ----------------------------------------------------------------- commit 22173a40b2192d9ecd2180b750833fd40d66534a Author: Richard Levitte Date: Thu Nov 3 15:26:00 2016 +0100 Clang doesn't like -znodelete, make it a linker flag instead gcc is kinder, it silently passes quite a few flags to ld, while clang is stricter and wants them prefixed with -Wl, Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/1836) (cherry picked from commit 075e9da055454ec5586962b43d9923e44bdcb313) ----------------------------------------------------------------------- Summary of changes: Configurations/10-main.conf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Configurations/10-main.conf b/Configurations/10-main.conf index c80d02f..ffa5d38 100644 --- a/Configurations/10-main.conf +++ b/Configurations/10-main.conf @@ -632,7 +632,7 @@ sub vms_info { dso_scheme => "dlfcn", shared_target => "linux-shared", shared_cflag => "-fPIC -DOPENSSL_USE_NODELETE", - shared_ldflag => "-znodelete", + shared_ldflag => "-Wl,-znodelete", shared_extension => ".so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", }, "linux-generic64" => { From openssl.sanity at gmail.com Thu Nov 3 15:24:45 2016 From: openssl.sanity at gmail.com (openssl.sanity at gmail.com) Date: Thu, 3 Nov 2016 15:24:45 +0000 (UTC) Subject: [openssl-commits] Build failed in Jenkins: master_ppc64 #1038 In-Reply-To: <1101008198.7.1478179484280.JavaMail.jenkins@ossl-sanity.cisco.com> References: <1101008198.7.1478179484280.JavaMail.jenkins@ossl-sanity.cisco.com> Message-ID: <1231746374.8.1478186685029.JavaMail.jenkins@ossl-sanity.cisco.com> See Changes: [Richard Levitte] Clang doesn't like -znodelete, make it a linker flag instead ------------------------------------------ [...truncated 2178 lines...] link_app.linux-shared make[2]: Entering directory ` LD_LIBRARY_PATH=.: powerpc64-linux-gcc -DDSO_DLFCN -DHAVE_DLFCN_H -DNDEBUG -DOPENSSL_THREADS -DOPENSSL_NO_STATIC_ENGINE -DOPENSSL_PIC -DOPENSSL_BN_ASM_MONT -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DAES_ASM -DVPAES_ASM -DECP_NISTZ256_ASM -DPOLY1305_ASM -DOPENSSLDIR="/usr/local/ssl" -DENGINESDIR="/usr/local/lib64/engines-1.1" -Wall -O3 -pthread -m64 -DB_ENDIAN -o test/dtls_mtu_test test/dtls_mtu_test.o test/ssltestlib.o -L. -lssl -L. -lcrypto -ldl make[2]: Leaving directory ` powerpc64-linux-gcc -Iinclude -Itest -DDSO_DLFCN -DHAVE_DLFCN_H -DNDEBUG -DOPENSSL_THREADS -DOPENSSL_NO_STATIC_ENGINE -DOPENSSL_PIC -DOPENSSL_BN_ASM_MONT -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DAES_ASM -DVPAES_ASM -DECP_NISTZ256_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib64/engines-1.1\"" -Wall -O3 -pthread -m64 -DB_ENDIAN -MMD -MF test/dtlstest.d.tmp -MT test/dtlstest.o -c -o test/dtlstest.o test/dtlstest.c rm -f test/dtlstest make -f ./Makefile.shared -e \ PERL="/usr/bin/perl" SRCDIR=. \ APPNAME=test/dtlstest OBJECTS="test/dtlstest.o test/ssltestlib.o test/testutil.o" \ LIBDEPS=' '" -L. -lssl -L. -lcrypto"' -ldl ' \ CC='powerpc64-linux-gcc' CFLAGS='-DDSO_DLFCN -DHAVE_DLFCN_H -DNDEBUG -DOPENSSL_THREADS -DOPENSSL_NO_STATIC_ENGINE -DOPENSSL_PIC -DOPENSSL_BN_ASM_MONT -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DAES_ASM -DVPAES_ASM -DECP_NISTZ256_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib64/engines-1.1\"" -Wall -O3 -pthread -m64 -DB_ENDIAN ' \ LDFLAGS='' \ link_app.linux-shared make[2]: Entering directory ` LD_LIBRARY_PATH=.: powerpc64-linux-gcc -DDSO_DLFCN -DHAVE_DLFCN_H -DNDEBUG -DOPENSSL_THREADS -DOPENSSL_NO_STATIC_ENGINE -DOPENSSL_PIC -DOPENSSL_BN_ASM_MONT -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DAES_ASM -DVPAES_ASM -DECP_NISTZ256_ASM -DPOLY1305_ASM -DOPENSSLDIR="/usr/local/ssl" -DENGINESDIR="/usr/local/lib64/engines-1.1" -Wall -O3 -pthread -m64 -DB_ENDIAN -o test/dtlstest test/dtlstest.o test/ssltestlib.o test/testutil.o -L. -lssl -L. -lcrypto -ldl make[2]: Leaving directory ` powerpc64-linux-gcc -I. -Iinclude -DDSO_DLFCN -DHAVE_DLFCN_H -DNDEBUG -DOPENSSL_THREADS -DOPENSSL_NO_STATIC_ENGINE -DOPENSSL_PIC -DOPENSSL_BN_ASM_MONT -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DAES_ASM -DVPAES_ASM -DECP_NISTZ256_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib64/engines-1.1\"" -Wall -O3 -pthread -m64 -DB_ENDIAN -MMD -MF test/dtlsv1listentest.d.tmp -MT test/dtlsv1listentest.o -c -o test/dtlsv1listentest.o test/dtlsv1listentest.c rm -f test/dtlsv1listentest make -f ./Makefile.shared -e \ PERL="/usr/bin/perl" SRCDIR=. \ APPNAME=test/dtlsv1listentest OBJECTS="test/dtlsv1listentest.o" \ LIBDEPS=' '" -L. -lssl -L. -lcrypto"' -ldl ' \ CC='powerpc64-linux-gcc' CFLAGS='-DDSO_DLFCN -DHAVE_DLFCN_H -DNDEBUG -DOPENSSL_THREADS -DOPENSSL_NO_STATIC_ENGINE -DOPENSSL_PIC -DOPENSSL_BN_ASM_MONT -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DAES_ASM -DVPAES_ASM -DECP_NISTZ256_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib64/engines-1.1\"" -Wall -O3 -pthread -m64 -DB_ENDIAN ' \ LDFLAGS='' \ link_app.linux-shared make[2]: Entering directory ` LD_LIBRARY_PATH=.: powerpc64-linux-gcc -DDSO_DLFCN -DHAVE_DLFCN_H -DNDEBUG -DOPENSSL_THREADS -DOPENSSL_NO_STATIC_ENGINE -DOPENSSL_PIC -DOPENSSL_BN_ASM_MONT -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DAES_ASM -DVPAES_ASM -DECP_NISTZ256_ASM -DPOLY1305_ASM -DOPENSSLDIR="/usr/local/ssl" -DENGINESDIR="/usr/local/lib64/engines-1.1" -Wall -O3 -pthread -m64 -DB_ENDIAN -o test/dtlsv1listentest test/dtlsv1listentest.o -L. -lssl -L. -lcrypto -ldl make[2]: Leaving directory ` powerpc64-linux-gcc -Iinclude -DDSO_DLFCN -DHAVE_DLFCN_H -DNDEBUG -DOPENSSL_THREADS -DOPENSSL_NO_STATIC_ENGINE -DOPENSSL_PIC -DOPENSSL_BN_ASM_MONT -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DAES_ASM -DVPAES_ASM -DECP_NISTZ256_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib64/engines-1.1\"" -Wall -O3 -pthread -m64 -DB_ENDIAN -MMD -MF test/ecdhtest.d.tmp -MT test/ecdhtest.o -c -o test/ecdhtest.o test/ecdhtest.c rm -f test/ecdhtest make -f ./Makefile.shared -e \ PERL="/usr/bin/perl" SRCDIR=. \ APPNAME=test/ecdhtest OBJECTS="test/ecdhtest.o" \ LIBDEPS=' '" -L. -lcrypto"' -ldl ' \ CC='powerpc64-linux-gcc' CFLAGS='-DDSO_DLFCN -DHAVE_DLFCN_H -DNDEBUG -DOPENSSL_THREADS -DOPENSSL_NO_STATIC_ENGINE -DOPENSSL_PIC -DOPENSSL_BN_ASM_MONT -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DAES_ASM -DVPAES_ASM -DECP_NISTZ256_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib64/engines-1.1\"" -Wall -O3 -pthread -m64 -DB_ENDIAN ' \ LDFLAGS='' \ link_app.linux-shared make[2]: Entering directory ` LD_LIBRARY_PATH=.: powerpc64-linux-gcc -DDSO_DLFCN -DHAVE_DLFCN_H -DNDEBUG -DOPENSSL_THREADS -DOPENSSL_NO_STATIC_ENGINE -DOPENSSL_PIC -DOPENSSL_BN_ASM_MONT -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DAES_ASM -DVPAES_ASM -DECP_NISTZ256_ASM -DPOLY1305_ASM -DOPENSSLDIR="/usr/local/ssl" -DENGINESDIR="/usr/local/lib64/engines-1.1" -Wall -O3 -pthread -m64 -DB_ENDIAN -o test/ecdhtest test/ecdhtest.o -L. -lcrypto -ldl make[2]: Leaving directory ` powerpc64-linux-gcc -Iinclude -DDSO_DLFCN -DHAVE_DLFCN_H -DNDEBUG -DOPENSSL_THREADS -DOPENSSL_NO_STATIC_ENGINE -DOPENSSL_PIC -DOPENSSL_BN_ASM_MONT -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DAES_ASM -DVPAES_ASM -DECP_NISTZ256_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib64/engines-1.1\"" -Wall -O3 -pthread -m64 -DB_ENDIAN -MMD -MF test/ecdsatest.d.tmp -MT test/ecdsatest.o -c -o test/ecdsatest.o test/ecdsatest.c rm -f test/ecdsatest make -f ./Makefile.shared -e \ PERL="/usr/bin/perl" SRCDIR=. \ APPNAME=test/ecdsatest OBJECTS="test/ecdsatest.o" \ LIBDEPS=' '" -L. -lcrypto"' -ldl ' \ CC='powerpc64-linux-gcc' CFLAGS='-DDSO_DLFCN -DHAVE_DLFCN_H -DNDEBUG -DOPENSSL_THREADS -DOPENSSL_NO_STATIC_ENGINE -DOPENSSL_PIC -DOPENSSL_BN_ASM_MONT -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DAES_ASM -DVPAES_ASM -DECP_NISTZ256_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib64/engines-1.1\"" -Wall -O3 -pthread -m64 -DB_ENDIAN ' \ LDFLAGS='' \ link_app.linux-shared make[2]: Entering directory ` LD_LIBRARY_PATH=.: powerpc64-linux-gcc -DDSO_DLFCN -DHAVE_DLFCN_H -DNDEBUG -DOPENSSL_THREADS -DOPENSSL_NO_STATIC_ENGINE -DOPENSSL_PIC -DOPENSSL_BN_ASM_MONT -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DAES_ASM -DVPAES_ASM -DECP_NISTZ256_ASM -DPOLY1305_ASM -DOPENSSLDIR="/usr/local/ssl" -DENGINESDIR="/usr/local/lib64/engines-1.1" -Wall -O3 -pthread -m64 -DB_ENDIAN -o test/ecdsatest test/ecdsatest.o -L. -lcrypto -ldl make[2]: Leaving directory ` powerpc64-linux-gcc -Iinclude -DDSO_DLFCN -DHAVE_DLFCN_H -DNDEBUG -DOPENSSL_THREADS -DOPENSSL_NO_STATIC_ENGINE -DOPENSSL_PIC -DOPENSSL_BN_ASM_MONT -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DAES_ASM -DVPAES_ASM -DECP_NISTZ256_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib64/engines-1.1\"" -Wall -O3 -pthread -m64 -DB_ENDIAN -MMD -MF test/ectest.d.tmp -MT test/ectest.o -c -o test/ectest.o test/ectest.c rm -f test/ectest make -f ./Makefile.shared -e \ PERL="/usr/bin/perl" SRCDIR=. \ APPNAME=test/ectest OBJECTS="test/ectest.o" \ LIBDEPS=' '" -L. -lcrypto"' -ldl ' \ CC='powerpc64-linux-gcc' CFLAGS='-DDSO_DLFCN -DHAVE_DLFCN_H -DNDEBUG -DOPENSSL_THREADS -DOPENSSL_NO_STATIC_ENGINE -DOPENSSL_PIC -DOPENSSL_BN_ASM_MONT -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DAES_ASM -DVPAES_ASM -DECP_NISTZ256_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib64/engines-1.1\"" -Wall -O3 -pthread -m64 -DB_ENDIAN ' \ LDFLAGS='' \ link_app.linux-shared make[2]: Entering directory ` LD_LIBRARY_PATH=.: powerpc64-linux-gcc -DDSO_DLFCN -DHAVE_DLFCN_H -DNDEBUG -DOPENSSL_THREADS -DOPENSSL_NO_STATIC_ENGINE -DOPENSSL_PIC -DOPENSSL_BN_ASM_MONT -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DAES_ASM -DVPAES_ASM -DECP_NISTZ256_ASM -DPOLY1305_ASM -DOPENSSLDIR="/usr/local/ssl" -DENGINESDIR="/usr/local/lib64/engines-1.1" -Wall -O3 -pthread -m64 -DB_ENDIAN -o test/ectest test/ectest.o -L. -lcrypto -ldl make[2]: Leaving directory ` powerpc64-linux-gcc -Iinclude -DDSO_DLFCN -DHAVE_DLFCN_H -DNDEBUG -DOPENSSL_THREADS -DOPENSSL_NO_STATIC_ENGINE -DOPENSSL_PIC -DOPENSSL_BN_ASM_MONT -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DAES_ASM -DVPAES_ASM -DECP_NISTZ256_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib64/engines-1.1\"" -Wall -O3 -pthread -m64 -DB_ENDIAN -MMD -MF test/enginetest.d.tmp -MT test/enginetest.o -c -o test/enginetest.o test/enginetest.c rm -f test/enginetest make -f ./Makefile.shared -e \ PERL="/usr/bin/perl" SRCDIR=. \ APPNAME=test/enginetest OBJECTS="test/enginetest.o" \ LIBDEPS=' '" -L. -lcrypto"' -ldl ' \ CC='powerpc64-linux-gcc' CFLAGS='-DDSO_DLFCN -DHAVE_DLFCN_H -DNDEBUG -DOPENSSL_THREADS -DOPENSSL_NO_STATIC_ENGINE -DOPENSSL_PIC -DOPENSSL_BN_ASM_MONT -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DAES_ASM -DVPAES_ASM -DECP_NISTZ256_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib64/engines-1.1\"" -Wall -O3 -pthread -m64 -DB_ENDIAN ' \ LDFLAGS='' \ link_app.linux-shared make[2]: Entering directory ` LD_LIBRARY_PATH=.: powerpc64-linux-gcc -DDSO_DLFCN -DHAVE_DLFCN_H -DNDEBUG -DOPENSSL_THREADS -DOPENSSL_NO_STATIC_ENGINE -DOPENSSL_PIC -DOPENSSL_BN_ASM_MONT -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DAES_ASM -DVPAES_ASM -DECP_NISTZ256_ASM -DPOLY1305_ASM -DOPENSSLDIR="/usr/local/ssl" -DENGINESDIR="/usr/local/lib64/engines-1.1" -Wall -O3 -pthread -m64 -DB_ENDIAN -o test/enginetest test/enginetest.o -L. -lcrypto -ldl make[2]: Leaving directory ` powerpc64-linux-gcc -Iinclude -DDSO_DLFCN -DHAVE_DLFCN_H -DNDEBUG -DOPENSSL_THREADS -DOPENSSL_NO_STATIC_ENGINE -DOPENSSL_PIC -DOPENSSL_BN_ASM_MONT -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DAES_ASM -DVPAES_ASM -DECP_NISTZ256_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib64/engines-1.1\"" -Wall -O3 -pthread -m64 -DB_ENDIAN -MMD -MF test/evp_extra_test.d.tmp -MT test/evp_extra_test.o -c -o test/evp_extra_test.o test/evp_extra_test.c rm -f test/evp_extra_test make -f ./Makefile.shared -e \ PERL="/usr/bin/perl" SRCDIR=. \ APPNAME=test/evp_extra_test OBJECTS="test/evp_extra_test.o" \ LIBDEPS=' '" -L. -lcrypto"' -ldl ' \ CC='powerpc64-linux-gcc' CFLAGS='-DDSO_DLFCN -DHAVE_DLFCN_H -DNDEBUG -DOPENSSL_THREADS -DOPENSSL_NO_STATIC_ENGINE -DOPENSSL_PIC -DOPENSSL_BN_ASM_MONT -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DAES_ASM -DVPAES_ASM -DECP_NISTZ256_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib64/engines-1.1\"" -Wall -O3 -pthread -m64 -DB_ENDIAN ' \ LDFLAGS='' \ link_app.linux-shared make[2]: Entering directory ` LD_LIBRARY_PATH=.: powerpc64-linux-gcc -DDSO_DLFCN -DHAVE_DLFCN_H -DNDEBUG -DOPENSSL_THREADS -DOPENSSL_NO_STATIC_ENGINE -DOPENSSL_PIC -DOPENSSL_BN_ASM_MONT -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DAES_ASM -DVPAES_ASM -DECP_NISTZ256_ASM -DPOLY1305_ASM -DOPENSSLDIR="/usr/local/ssl" -DENGINESDIR="/usr/local/lib64/engines-1.1" -Wall -O3 -pthread -m64 -DB_ENDIAN -o test/evp_extra_test test/evp_extra_test.o -L. -lcrypto -ldl make[2]: Leaving directory ` powerpc64-linux-gcc -Iinclude -DDSO_DLFCN -DHAVE_DLFCN_H -DNDEBUG -DOPENSSL_THREADS -DOPENSSL_NO_STATIC_ENGINE -DOPENSSL_PIC -DOPENSSL_BN_ASM_MONT -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DAES_ASM -DVPAES_ASM -DECP_NISTZ256_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib64/engines-1.1\"" -Wall -O3 -pthread -m64 -DB_ENDIAN -MMD -MF test/evp_test.d.tmp -MT test/evp_test.o -c -o test/evp_test.o test/evp_test.c rm -f test/evp_test make -f ./Makefile.shared -e \ PERL="/usr/bin/perl" SRCDIR=. \ APPNAME=test/evp_test OBJECTS="test/evp_test.o" \ LIBDEPS=' '" -L. -lcrypto"' -ldl ' \ CC='powerpc64-linux-gcc' CFLAGS='-DDSO_DLFCN -DHAVE_DLFCN_H -DNDEBUG -DOPENSSL_THREADS -DOPENSSL_NO_STATIC_ENGINE -DOPENSSL_PIC -DOPENSSL_BN_ASM_MONT -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DAES_ASM -DVPAES_ASM -DECP_NISTZ256_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib64/engines-1.1\"" -Wall -O3 -pthread -m64 -DB_ENDIAN ' \ LDFLAGS='' \ link_app.linux-shared make[2]: Entering directory ` LD_LIBRARY_PATH=.: powerpc64-linux-gcc -DDSO_DLFCN -DHAVE_DLFCN_H -DNDEBUG -DOPENSSL_THREADS -DOPENSSL_NO_STATIC_ENGINE -DOPENSSL_PIC -DOPENSSL_BN_ASM_MONT -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DAES_ASM -DVPAES_ASM -DECP_NISTZ256_ASM -DPOLY1305_ASM -DOPENSSLDIR="/usr/local/ssl" -DENGINESDIR="/usr/local/lib64/engines-1.1" -Wall -O3 -pthread -m64 -DB_ENDIAN -o test/evp_test test/evp_test.o -L. -lcrypto -ldl make[2]: Leaving directory ` powerpc64-linux-gcc -Iinclude -DDSO_DLFCN -DHAVE_DLFCN_H -DNDEBUG -DOPENSSL_THREADS -DOPENSSL_NO_STATIC_ENGINE -DOPENSSL_PIC -DOPENSSL_BN_ASM_MONT -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DAES_ASM -DVPAES_ASM -DECP_NISTZ256_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib64/engines-1.1\"" -Wall -O3 -pthread -m64 -DB_ENDIAN -MMD -MF test/exptest.d.tmp -MT test/exptest.o -c -o test/exptest.o test/exptest.c rm -f test/exptest make -f ./Makefile.shared -e \ PERL="/usr/bin/perl" SRCDIR=. \ APPNAME=test/exptest OBJECTS="test/exptest.o" \ LIBDEPS=' '" -L. -lcrypto"' -ldl ' \ CC='powerpc64-linux-gcc' CFLAGS='-DDSO_DLFCN -DHAVE_DLFCN_H -DNDEBUG -DOPENSSL_THREADS -DOPENSSL_NO_STATIC_ENGINE -DOPENSSL_PIC -DOPENSSL_BN_ASM_MONT -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DAES_ASM -DVPAES_ASM -DECP_NISTZ256_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib64/engines-1.1\"" -Wall -O3 -pthread -m64 -DB_ENDIAN ' \ LDFLAGS='' \ link_app.linux-shared make[2]: Entering directory ` LD_LIBRARY_PATH=.: powerpc64-linux-gcc -DDSO_DLFCN -DHAVE_DLFCN_H -DNDEBUG -DOPENSSL_THREADS -DOPENSSL_NO_STATIC_ENGINE -DOPENSSL_PIC -DOPENSSL_BN_ASM_MONT -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DAES_ASM -DVPAES_ASM -DECP_NISTZ256_ASM -DPOLY1305_ASM -DOPENSSLDIR="/usr/local/ssl" -DENGINESDIR="/usr/local/lib64/engines-1.1" -Wall -O3 -pthread -m64 -DB_ENDIAN -o test/exptest test/exptest.o -L. -lcrypto -ldl make[2]: Leaving directory ` powerpc64-linux-gcc -Iinclude -DDSO_DLFCN -DHAVE_DLFCN_H -DNDEBUG -DOPENSSL_THREADS -DOPENSSL_NO_STATIC_ENGINE -DOPENSSL_PIC -DOPENSSL_BN_ASM_MONT -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DAES_ASM -DVPAES_ASM -DECP_NISTZ256_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib64/engines-1.1\"" -Wall -O3 -pthread -m64 -DB_ENDIAN -MMD -MF test/gmdifftest.d.tmp -MT test/gmdifftest.o -c -o test/gmdifftest.o test/gmdifftest.c rm -f test/gmdifftest make -f ./Makefile.shared -e \ PERL="/usr/bin/perl" SRCDIR=. \ APPNAME=test/gmdifftest OBJECTS="test/gmdifftest.o" \ LIBDEPS=' '" -L. -lcrypto"' -ldl ' \ CC='powerpc64-linux-gcc' CFLAGS='-DDSO_DLFCN -DHAVE_DLFCN_H -DNDEBUG -DOPENSSL_THREADS -DOPENSSL_NO_STATIC_ENGINE -DOPENSSL_PIC -DOPENSSL_BN_ASM_MONT -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DAES_ASM -DVPAES_ASM -DECP_NISTZ256_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib64/engines-1.1\"" -Wall -O3 -pthread -m64 -DB_ENDIAN ' \ LDFLAGS='' \ link_app.linux-shared make[2]: Entering directory ` LD_LIBRARY_PATH=.: powerpc64-linux-gcc -DDSO_DLFCN -DHAVE_DLFCN_H -DNDEBUG -DOPENSSL_THREADS -DOPENSSL_NO_STATIC_ENGINE -DOPENSSL_PIC -DOPENSSL_BN_ASM_MONT -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DAES_ASM -DVPAES_ASM -DECP_NISTZ256_ASM -DPOLY1305_ASM -DOPENSSLDIR="/usr/local/ssl" -DENGINESDIR="/usr/local/lib64/engines-1.1" -Wall -O3 -pthread -m64 -DB_ENDIAN -o test/gmdifftest test/gmdifftest.o -L. -lcrypto -ldl make[2]: Leaving directory ` powerpc64-linux-gcc -I. -Iinclude -DDSO_DLFCN -DHAVE_DLFCN_H -DNDEBUG -DOPENSSL_THREADS -DOPENSSL_NO_STATIC_ENGINE -DOPENSSL_PIC -DOPENSSL_BN_ASM_MONT -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DAES_ASM -DVPAES_ASM -DECP_NISTZ256_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib64/engines-1.1\"" -Wall -O3 -pthread -m64 -DB_ENDIAN -MMD -MF test/heartbeat_test.d.tmp -MT test/heartbeat_test.o -c -o test/heartbeat_test.o test/heartbeat_test.c rm -f test/heartbeat_test make -f ./Makefile.shared -e \ PERL="/usr/bin/perl" SRCDIR=. \ APPNAME=test/heartbeat_test OBJECTS="test/heartbeat_test.o test/testutil.o" \ LIBDEPS=' '" -L. -lssl -L. -lcrypto"' -ldl ' \ CC='powerpc64-linux-gcc' CFLAGS='-DDSO_DLFCN -DHAVE_DLFCN_H -DNDEBUG -DOPENSSL_THREADS -DOPENSSL_NO_STATIC_ENGINE -DOPENSSL_PIC -DOPENSSL_BN_ASM_MONT -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DAES_ASM -DVPAES_ASM -DECP_NISTZ256_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib64/engines-1.1\"" -Wall -O3 -pthread -m64 -DB_ENDIAN ' \ LDFLAGS='' \ link_app.linux-shared make[2]: Entering directory ` LD_LIBRARY_PATH=.: powerpc64-linux-gcc -DDSO_DLFCN -DHAVE_DLFCN_H -DNDEBUG -DOPENSSL_THREADS -DOPENSSL_NO_STATIC_ENGINE -DOPENSSL_PIC -DOPENSSL_BN_ASM_MONT -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DAES_ASM -DVPAES_ASM -DECP_NISTZ256_ASM -DPOLY1305_ASM -DOPENSSLDIR="/usr/local/ssl" -DENGINESDIR="/usr/local/lib64/engines-1.1" -Wall -O3 -pthread -m64 -DB_ENDIAN -o test/heartbeat_test test/heartbeat_test.o test/testutil.o -L. -lssl -L. -lcrypto -ldl make[2]: Leaving directory ` powerpc64-linux-gcc -Iinclude -DDSO_DLFCN -DHAVE_DLFCN_H -DNDEBUG -DOPENSSL_THREADS -DOPENSSL_NO_STATIC_ENGINE -DOPENSSL_PIC -DOPENSSL_BN_ASM_MONT -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DAES_ASM -DVPAES_ASM -DECP_NISTZ256_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib64/engines-1.1\"" -Wall -O3 -pthread -m64 -DB_ENDIAN -MMD -MF test/hmactest.d.tmp -MT test/hmactest.o -c -o test/hmactest.o test/hmactest.c rm -f test/hmactest make -f ./Makefile.shared -e \ PERL="/usr/bin/perl" SRCDIR=. \ APPNAME=test/hmactest OBJECTS="test/hmactest.o" \ LIBDEPS=' '" -L. -lcrypto"' -ldl ' \ CC='powerpc64-linux-gcc' CFLAGS='-DDSO_DLFCN -DHAVE_DLFCN_H -DNDEBUG -DOPENSSL_THREADS -DOPENSSL_NO_STATIC_ENGINE -DOPENSSL_PIC -DOPENSSL_BN_ASM_MONT -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DAES_ASM -DVPAES_ASM -DECP_NISTZ256_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib64/engines-1.1\"" -Wall -O3 -pthread -m64 -DB_ENDIAN ' \ LDFLAGS='' \ link_app.linux-shared make[2]: Entering directory ` LD_LIBRARY_PATH=.: powerpc64-linux-gcc -DDSO_DLFCN -DHAVE_DLFCN_H -DNDEBUG -DOPENSSL_THREADS -DOPENSSL_NO_STATIC_ENGINE -DOPENSSL_PIC -DOPENSSL_BN_ASM_MONT -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DAES_ASM -DVPAES_ASM -DECP_NISTZ256_ASM -DPOLY1305_ASM -DOPENSSLDIR="/usr/local/ssl" -DENGINESDIR="/usr/local/lib64/engines-1.1" -Wall -O3 -pthread -m64 -DB_ENDIAN -o test/hmactest test/hmactest.o -L. -lcrypto -ldl make[2]: Leaving directory ` powerpc64-linux-gcc -Iinclude -DDSO_DLFCN -DHAVE_DLFCN_H -DNDEBUG -DOPENSSL_THREADS -DOPENSSL_NO_STATIC_ENGINE -DOPENSSL_PIC -DOPENSSL_BN_ASM_MONT -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DAES_ASM -DVPAES_ASM -DECP_NISTZ256_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib64/engines-1.1\"" -Wall -O3 -pthread -m64 -DB_ENDIAN -MMD -MF test/ideatest.d.tmp -MT test/ideatest.o -c -o test/ideatest.o test/ideatest.c rm -f test/ideatest make -f ./Makefile.shared -e \ PERL="/usr/bin/perl" SRCDIR=. \ APPNAME=test/ideatest OBJECTS="test/ideatest.o" \ LIBDEPS=' '" -L. -lcrypto"' -ldl ' \ CC='powerpc64-linux-gcc' CFLAGS='-DDSO_DLFCN -DHAVE_DLFCN_H -DNDEBUG -DOPENSSL_THREADS -DOPENSSL_NO_STATIC_ENGINE -DOPENSSL_PIC -DOPENSSL_BN_ASM_MONT -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DAES_ASM -DVPAES_ASM -DECP_NISTZ256_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib64/engines-1.1\"" -Wall -O3 -pthread -m64 -DB_ENDIAN ' \ LDFLAGS='' \ link_app.linux-shared make[2]: Entering directory ` LD_LIBRARY_PATH=.: powerpc64-linux-gcc -DDSO_DLFCN -DHAVE_DLFCN_H -DNDEBUG -DOPENSSL_THREADS -DOPENSSL_NO_STATIC_ENGINE -DOPENSSL_PIC -DOPENSSL_BN_ASM_MONT -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DAES_ASM -DVPAES_ASM -DECP_NISTZ256_ASM -DPOLY1305_ASM -DOPENSSLDIR="/usr/local/ssl" -DENGINESDIR="/usr/local/lib64/engines-1.1" -Wall -O3 -pthread -m64 -DB_ENDIAN -o test/ideatest test/ideatest.o -L. -lcrypto -ldl make[2]: Leaving directory ` powerpc64-linux-gcc -I. -Iinclude -DDSO_DLFCN -DHAVE_DLFCN_H -DNDEBUG -DOPENSSL_THREADS -DOPENSSL_NO_STATIC_ENGINE -DOPENSSL_PIC -DOPENSSL_BN_ASM_MONT -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DAES_ASM -DVPAES_ASM -DECP_NISTZ256_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib64/engines-1.1\"" -Wall -O3 -pthread -m64 -DB_ENDIAN -MMD -MF test/igetest.d.tmp -MT test/igetest.o -c -o test/igetest.o test/igetest.c rm -f test/igetest make -f ./Makefile.shared -e \ PERL="/usr/bin/perl" SRCDIR=. \ APPNAME=test/igetest OBJECTS="test/igetest.o" \ LIBDEPS=' '" -L. -lcrypto"' -ldl ' \ CC='powerpc64-linux-gcc' CFLAGS='-DDSO_DLFCN -DHAVE_DLFCN_H -DNDEBUG -DOPENSSL_THREADS -DOPENSSL_NO_STATIC_ENGINE -DOPENSSL_PIC -DOPENSSL_BN_ASM_MONT -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DAES_ASM -DVPAES_ASM -DECP_NISTZ256_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib64/engines-1.1\"" -Wall -O3 -pthread -m64 -DB_ENDIAN ' \ LDFLAGS='' \ link_app.linux-shared make[2]: Entering directory ` LD_LIBRARY_PATH=.: powerpc64-linux-gcc -DDSO_DLFCN -DHAVE_DLFCN_H -DNDEBUG -DOPENSSL_THREADS -DOPENSSL_NO_STATIC_ENGINE -DOPENSSL_PIC -DOPENSSL_BN_ASM_MONT -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DAES_ASM -DVPAES_ASM -DECP_NISTZ256_ASM -DPOLY1305_ASM -DOPENSSLDIR="/usr/local/ssl" -DENGINESDIR="/usr/local/lib64/engines-1.1" -Wall -O3 -pthread -m64 -DB_ENDIAN -o test/igetest test/igetest.o -L. -lcrypto -ldl make[2]: Leaving directory ` powerpc64-linux-gcc -Iinclude -DDSO_DLFCN -DHAVE_DLFCN_H -DNDEBUG -DOPENSSL_THREADS -DOPENSSL_NO_STATIC_ENGINE -DOPENSSL_PIC -DOPENSSL_BN_ASM_MONT -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DAES_ASM -DVPAES_ASM -DECP_NISTZ256_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib64/engines-1.1\"" -Wall -O3 -pthread -m64 -DB_ENDIAN -MMD -MF test/md2test.d.tmp -MT test/md2test.o -c -o test/md2test.o test/md2test.c rm -f test/md2test make -f ./Makefile.shared -e \ PERL="/usr/bin/perl" SRCDIR=. \ APPNAME=test/md2test OBJECTS="test/md2test.o" \ LIBDEPS=' '" -L. -lcrypto"' -ldl ' \ CC='powerpc64-linux-gcc' CFLAGS='-DDSO_DLFCN -DHAVE_DLFCN_H -DNDEBUG -DOPENSSL_THREADS -DOPENSSL_NO_STATIC_ENGINE -DOPENSSL_PIC -DOPENSSL_BN_ASM_MONT -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DAES_ASM -DVPAES_ASM -DECP_NISTZ256_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib64/engines-1.1\"" -Wall -O3 -pthread -m64 -DB_ENDIAN ' \ LDFLAGS='' \ link_app.linux-shared make[2]: Entering directory ` LD_LIBRARY_PATH=.: powerpc64-linux-gcc -DDSO_DLFCN -DHAVE_DLFCN_H -DNDEBUG -DOPENSSL_THREADS -DOPENSSL_NO_STATIC_ENGINE -DOPENSSL_PIC -DOPENSSL_BN_ASM_MONT -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DAES_ASM -DVPAES_ASM -DECP_NISTZ256_ASM -DPOLY1305_ASM -DOPENSSLDIR="/usr/local/ssl" -DENGINESDIR="/usr/local/lib64/engines-1.1" -Wall -O3 -pthread -m64 -DB_ENDIAN -o test/md2test test/md2test.o -L. -lcrypto -ldl make[2]: Leaving directory ` powerpc64-linux-gcc -Iinclude -DDSO_DLFCN -DHAVE_DLFCN_H -DNDEBUG -DOPENSSL_THREADS -DOPENSSL_NO_STATIC_ENGINE -DOPENSSL_PIC -DOPENSSL_BN_ASM_MONT -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DAES_ASM -DVPAES_ASM -DECP_NISTZ256_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib64/engines-1.1\"" -Wall -O3 -pthread -m64 -DB_ENDIAN -MMD -MF test/md4test.d.tmp -MT test/md4test.o -c -o test/md4test.o test/md4test.c rm -f test/md4test make -f ./Makefile.shared -e \ PERL="/usr/bin/perl" SRCDIR=. \ APPNAME=test/md4test OBJECTS="test/md4test.o" \ LIBDEPS=' '" -L. -lcrypto"' -ldl ' \ CC='powerpc64-linux-gcc' CFLAGS='-DDSO_DLFCN -DHAVE_DLFCN_H -DNDEBUG -DOPENSSL_THREADS -DOPENSSL_NO_STATIC_ENGINE -DOPENSSL_PIC -DOPENSSL_BN_ASM_MONT -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DAES_ASM -DVPAES_ASM -DECP_NISTZ256_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib64/engines-1.1\"" -Wall -O3 -pthread -m64 -DB_ENDIAN ' \ LDFLAGS='' \ link_app.linux-shared make[2]: Entering directory ` LD_LIBRARY_PATH=.: powerpc64-linux-gcc -DDSO_DLFCN -DHAVE_DLFCN_H -DNDEBUG -DOPENSSL_THREADS -DOPENSSL_NO_STATIC_ENGINE -DOPENSSL_PIC -DOPENSSL_BN_ASM_MONT -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DAES_ASM -DVPAES_ASM -DECP_NISTZ256_ASM -DPOLY1305_ASM -DOPENSSLDIR="/usr/local/ssl" -DENGINESDIR="/usr/local/lib64/engines-1.1" -Wall -O3 -pthread -m64 -DB_ENDIAN -o test/md4test test/md4test.o -L. -lcrypto -ldl make[2]: Leaving directory ` powerpc64-linux-gcc -Iinclude -DDSO_DLFCN -DHAVE_DLFCN_H -DNDEBUG -DOPENSSL_THREADS -DOPENSSL_NO_STATIC_ENGINE -DOPENSSL_PIC -DOPENSSL_BN_ASM_MONT -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DAES_ASM -DVPAES_ASM -DECP_NISTZ256_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib64/engines-1.1\"" -Wall -O3 -pthread -m64 -DB_ENDIAN -MMD -MF test/md5test.d.tmp -MT test/md5test.o -c -o test/md5test.o test/md5test.c rm -f test/md5test make -f ./Makefile.shared -e \ PERL="/usr/bin/perl" SRCDIR=. \ APPNAME=test/md5test OBJECTS="test/md5test.o" \ LIBDEPS=' '" -L. -lcrypto"' -ldl ' \ CC='powerpc64-linux-gcc' CFLAGS='-DDSO_DLFCN -DHAVE_DLFCN_H -DNDEBUG -DOPENSSL_THREADS -DOPENSSL_NO_STATIC_ENGINE -DOPENSSL_PIC -DOPENSSL_BN_ASM_MONT -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DAES_ASM -DVPAES_ASM -DECP_NISTZ256_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib64/engines-1.1\"" -Wall -O3 -pthread -m64 -DB_ENDIAN ' \ LDFLAGS='' \ link_app.linux-shared make[2]: Entering directory ` LD_LIBRARY_PATH=.: powerpc64-linux-gcc -DDSO_DLFCN -DHAVE_DLFCN_H -DNDEBUG -DOPENSSL_THREADS -DOPENSSL_NO_STATIC_ENGINE -DOPENSSL_PIC -DOPENSSL_BN_ASM_MONT -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DAES_ASM -DVPAES_ASM -DECP_NISTZ256_ASM -DPOLY1305_ASM -DOPENSSLDIR="/usr/local/ssl" -DENGINESDIR="/usr/local/lib64/engines-1.1" -Wall -O3 -pthread -m64 -DB_ENDIAN -o test/md5test test/md5test.o -L. -lcrypto -ldl make[2]: Leaving directory ` powerpc64-linux-gcc -I. -Iinclude -DDSO_DLFCN -DHAVE_DLFCN_H -DNDEBUG -DOPENSSL_THREADS -DOPENSSL_NO_STATIC_ENGINE -DOPENSSL_PIC -DOPENSSL_BN_ASM_MONT -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DAES_ASM -DVPAES_ASM -DECP_NISTZ256_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib64/engines-1.1\"" -Wall -O3 -pthread -m64 -DB_ENDIAN -MMD -MF test/mdc2_internal_test.d.tmp -MT test/mdc2_internal_test.o -c -o test/mdc2_internal_test.o test/mdc2_internal_test.c rm -f test/mdc2_internal_test make -f ./Makefile.shared -e \ PERL="/usr/bin/perl" SRCDIR=. \ APPNAME=test/mdc2_internal_test OBJECTS="test/mdc2_internal_test.o test/testutil.o" \ LIBDEPS=' '" -L. -lcrypto"' -ldl ' \ CC='powerpc64-linux-gcc' CFLAGS='-DDSO_DLFCN -DHAVE_DLFCN_H -DNDEBUG -DOPENSSL_THREADS -DOPENSSL_NO_STATIC_ENGINE -DOPENSSL_PIC -DOPENSSL_BN_ASM_MONT -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DAES_ASM -DVPAES_ASM -DECP_NISTZ256_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib64/engines-1.1\"" -Wall -O3 -pthread -m64 -DB_ENDIAN ' \ LDFLAGS='' \ link_app.linux-shared make[2]: Entering directory ` LD_LIBRARY_PATH=.: powerpc64-linux-gcc -DDSO_DLFCN -DHAVE_DLFCN_H -DNDEBUG -DOPENSSL_THREADS -DOPENSSL_NO_STATIC_ENGINE -DOPENSSL_PIC -DOPENSSL_BN_ASM_MONT -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DAES_ASM -DVPAES_ASM -DECP_NISTZ256_ASM -DPOLY1305_ASM -DOPENSSLDIR="/usr/local/ssl" -DENGINESDIR="/usr/local/lib64/engines-1.1" -Wall -O3 -pthread -m64 -DB_ENDIAN -o test/mdc2_internal_test test/mdc2_internal_test.o test/testutil.o -L. -lcrypto -ldl make[2]: Leaving directory ` powerpc64-linux-gcc -Iinclude -DDSO_DLFCN -DHAVE_DLFCN_H -DNDEBUG -DOPENSSL_THREADS -DOPENSSL_NO_STATIC_ENGINE -DOPENSSL_PIC -DOPENSSL_BN_ASM_MONT -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DAES_ASM -DVPAES_ASM -DECP_NISTZ256_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib64/engines-1.1\"" -Wall -O3 -pthread -m64 -DB_ENDIAN -MMD -MF test/mdc2test.d.tmp -MT test/mdc2test.o -c -o test/mdc2test.o test/mdc2test.c rm -f test/mdc2test make -f ./Makefile.shared -e \ PERL="/usr/bin/perl" SRCDIR=. \ APPNAME=test/mdc2test OBJECTS="test/mdc2test.o" \ LIBDEPS=' '" -L. -lcrypto"' -ldl ' \ CC='powerpc64-linux-gcc' CFLAGS='-DDSO_DLFCN -DHAVE_DLFCN_H -DNDEBUG -DOPENSSL_THREADS -DOPENSSL_NO_STATIC_ENGINE -DOPENSSL_PIC -DOPENSSL_BN_ASM_MONT -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DAES_ASM -DVPAES_ASM -DECP_NISTZ256_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib64/engines-1.1\"" -Wall -O3 -pthread -m64 -DB_ENDIAN ' \ LDFLAGS='' \ link_app.linux-shared make[2]: Entering directory ` LD_LIBRARY_PATH=.: powerpc64-linux-gcc -DDSO_DLFCN -DHAVE_DLFCN_H -DNDEBUG -DOPENSSL_THREADS -DOPENSSL_NO_STATIC_ENGINE -DOPENSSL_PIC -DOPENSSL_BN_ASM_MONT -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DAES_ASM -DVPAES_ASM -DECP_NISTZ256_ASM -DPOLY1305_ASM -DOPENSSLDIR="/usr/local/ssl" -DENGINESDIR="/usr/local/lib64/engines-1.1" -Wall -O3 -pthread -m64 -DB_ENDIAN -o test/mdc2test test/mdc2test.o -L. -lcrypto -ldl make[2]: Leaving directory ` powerpc64-linux-gcc -Iinclude -DDSO_DLFCN -DHAVE_DLFCN_H -DNDEBUG -DOPENSSL_THREADS -DOPENSSL_NO_STATIC_ENGINE -DOPENSSL_PIC -DOPENSSL_BN_ASM_MONT -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DAES_ASM -DVPAES_ASM -DECP_NISTZ256_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib64/engines-1.1\"" -Wall -O3 -pthread -m64 -DB_ENDIAN -MMD -MF test/memleaktest.d.tmp -MT test/memleaktest.o -c -o test/memleaktest.o test/memleaktest.c rm -f test/memleaktest make -f ./Makefile.shared -e \ PERL="/usr/bin/perl" SRCDIR=. \ APPNAME=test/memleaktest OBJECTS="test/memleaktest.o" \ LIBDEPS=' '" -L. -lcrypto"' -ldl ' \ CC='powerpc64-linux-gcc' CFLAGS='-DDSO_DLFCN -DHAVE_DLFCN_H -DNDEBUG -DOPENSSL_THREADS -DOPENSSL_NO_STATIC_ENGINE -DOPENSSL_PIC -DOPENSSL_BN_ASM_MONT -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DAES_ASM -DVPAES_ASM -DECP_NISTZ256_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib64/engines-1.1\"" -Wall -O3 -pthread -m64 -DB_ENDIAN ' \ LDFLAGS='' \ link_app.linux-shared make[2]: Entering directory ` LD_LIBRARY_PATH=.: powerpc64-linux-gcc -DDSO_DLFCN -DHAVE_DLFCN_H -DNDEBUG -DOPENSSL_THREADS -DOPENSSL_NO_STATIC_ENGINE -DOPENSSL_PIC -DOPENSSL_BN_ASM_MONT -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DAES_ASM -DVPAES_ASM -DECP_NISTZ256_ASM -DPOLY1305_ASM -DOPENSSLDIR="/usr/local/ssl" -DENGINESDIR="/usr/local/lib64/engines-1.1" -Wall -O3 -pthread -m64 -DB_ENDIAN -o test/memleaktest test/memleaktest.o -L. -lcrypto -ldl make[2]: Leaving directory ` powerpc64-linux-gcc -I. -Iinclude -DDSO_DLFCN -DHAVE_DLFCN_H -DNDEBUG -DOPENSSL_THREADS -DOPENSSL_NO_STATIC_ENGINE -DOPENSSL_PIC -DOPENSSL_BN_ASM_MONT -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DAES_ASM -DVPAES_ASM -DECP_NISTZ256_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib64/engines-1.1\"" -Wall -O3 -pthread -m64 -DB_ENDIAN -MMD -MF test/modes_internal_test.d.tmp -MT test/modes_internal_test.o -c -o test/modes_internal_test.o test/modes_internal_test.c make[1]: *** No rule to make target `test/ppccap.c', needed by `test/ppccap.o'. Stop. make[1]: Leaving directory ` make: *** [all] Error 2 Build step 'Execute shell' marked build as failure From levitte at openssl.org Thu Nov 3 15:35:39 2016 From: levitte at openssl.org (Richard Levitte) Date: Thu, 03 Nov 2016 15:35:39 +0000 Subject: [openssl-commits] [openssl] master update Message-ID: <1478187339.640480.18940.nullmailer@dev.openssl.org> The branch master has been updated via 3b0478fe03191bedef44644996a5a6da51f77eaf (commit) from 075e9da055454ec5586962b43d9923e44bdcb313 (commit) - Log ----------------------------------------------------------------- commit 3b0478fe03191bedef44644996a5a6da51f77eaf Author: Richard Levitte Date: Thu Nov 3 16:21:36 2016 +0100 test/shlibloadtest: small fixes - Make sure to initialise SHLIB variables - Make sure to make local variables static Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/1838) ----------------------------------------------------------------------- Summary of changes: test/shlibloadtest.c | 14 ++++++++------ 1 file changed, 8 insertions(+), 6 deletions(-) diff --git a/test/shlibloadtest.c b/test/shlibloadtest.c index be1e784..20030d9 100644 --- a/test/shlibloadtest.c +++ b/test/shlibloadtest.c @@ -28,12 +28,12 @@ typedef void (*SSL_CTX_free_t)(SSL_CTX *); typedef unsigned long (*ERR_get_error_t)(void); typedef unsigned long (*OpenSSL_version_num_t)(void); -TLS_method_t TLS_method; -SSL_CTX_new_t SSL_CTX_new; -SSL_CTX_free_t SSL_CTX_free; +static TLS_method_t TLS_method; +static SSL_CTX_new_t SSL_CTX_new; +static SSL_CTX_free_t SSL_CTX_free; -ERR_get_error_t ERR_get_error; -OpenSSL_version_num_t OpenSSL_version_num; +static ERR_get_error_t ERR_get_error; +static OpenSSL_version_num_t OpenSSL_version_num; #ifdef DSO_DLFCN @@ -42,6 +42,7 @@ OpenSSL_version_num_t OpenSSL_version_num; typedef void * SHLIB; typedef void * SHLIB_SYM; +# define SHLIB_INIT NULL # define SHARED_LIBRARY_SUFFIX ".so" @@ -87,6 +88,7 @@ static int shlib_close(SHLIB lib) typedef HINSTANCE SHLIB; typedef void * SHLIB_SYM; +# define SHLIB_INIT 0 static int shlib_load(char *filename, SHLIB *lib) { @@ -129,7 +131,7 @@ enum test_types_en { int main(int argc, char **argv) { - SHLIB ssllib, cryptolib; + SHLIB ssllib = SHLIB_INIT, cryptolib = SHLIB_INIT; SSL_CTX *ctx; union { void (*func) (void); From levitte at openssl.org Thu Nov 3 15:36:05 2016 From: levitte at openssl.org (Richard Levitte) Date: Thu, 03 Nov 2016 15:36:05 +0000 Subject: [openssl-commits] [openssl] OpenSSL_1_1_0-stable update Message-ID: <1478187365.946897.19838.nullmailer@dev.openssl.org> The branch OpenSSL_1_1_0-stable has been updated via b754f9a3a5bccffc7e8f534fefd13fc0ef7aaf13 (commit) from 22173a40b2192d9ecd2180b750833fd40d66534a (commit) - Log ----------------------------------------------------------------- commit b754f9a3a5bccffc7e8f534fefd13fc0ef7aaf13 Author: Richard Levitte Date: Thu Nov 3 16:21:36 2016 +0100 test/shlibloadtest: small fixes - Make sure to initialise SHLIB variables - Make sure to make local variables static Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/1838) (cherry picked from commit 3b0478fe03191bedef44644996a5a6da51f77eaf) ----------------------------------------------------------------------- Summary of changes: test/shlibloadtest.c | 14 ++++++++------ 1 file changed, 8 insertions(+), 6 deletions(-) diff --git a/test/shlibloadtest.c b/test/shlibloadtest.c index be1e784..20030d9 100644 --- a/test/shlibloadtest.c +++ b/test/shlibloadtest.c @@ -28,12 +28,12 @@ typedef void (*SSL_CTX_free_t)(SSL_CTX *); typedef unsigned long (*ERR_get_error_t)(void); typedef unsigned long (*OpenSSL_version_num_t)(void); -TLS_method_t TLS_method; -SSL_CTX_new_t SSL_CTX_new; -SSL_CTX_free_t SSL_CTX_free; +static TLS_method_t TLS_method; +static SSL_CTX_new_t SSL_CTX_new; +static SSL_CTX_free_t SSL_CTX_free; -ERR_get_error_t ERR_get_error; -OpenSSL_version_num_t OpenSSL_version_num; +static ERR_get_error_t ERR_get_error; +static OpenSSL_version_num_t OpenSSL_version_num; #ifdef DSO_DLFCN @@ -42,6 +42,7 @@ OpenSSL_version_num_t OpenSSL_version_num; typedef void * SHLIB; typedef void * SHLIB_SYM; +# define SHLIB_INIT NULL # define SHARED_LIBRARY_SUFFIX ".so" @@ -87,6 +88,7 @@ static int shlib_close(SHLIB lib) typedef HINSTANCE SHLIB; typedef void * SHLIB_SYM; +# define SHLIB_INIT 0 static int shlib_load(char *filename, SHLIB *lib) { @@ -129,7 +131,7 @@ enum test_types_en { int main(int argc, char **argv) { - SHLIB ssllib, cryptolib; + SHLIB ssllib = SHLIB_INIT, cryptolib = SHLIB_INIT; SSL_CTX *ctx; union { void (*func) (void); From builds at travis-ci.org Thu Nov 3 16:17:53 2016 From: builds at travis-ci.org (Travis CI) Date: Thu, 03 Nov 2016 16:17:53 +0000 Subject: [openssl-commits] Still Failing: openssl/openssl#6816 (OpenSSL_1_1_0-stable - f1ec9c0) In-Reply-To: Message-ID: <581b6330e0814_33f9b2b5890486150c2@40a337e2-63a6-48ad-9e75-ad447ce15e27.mail> Build Update for openssl/openssl ------------------------------------- Build: #6816 Status: Still Failing Duration: 1 hour, 13 minutes, and 58 seconds Commit: f1ec9c0 (OpenSSL_1_1_0-stable) Author: Richard Levitte Message: test/build.info: typo, $ missing Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/1832) (cherry picked from commit 9c89c8460a4dcf828a22e2dfc279b5ea8a80ec60) View the changeset: https://github.com/openssl/openssl/compare/3a3f9ed140b0...f1ec9c07fe36 View the full build log and details: https://travis-ci.org/openssl/openssl/builds/172962688 -- You can configure recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications -------------- next part -------------- An HTML attachment was scrubbed... URL: From builds at travis-ci.org Thu Nov 3 17:33:08 2016 From: builds at travis-ci.org (Travis CI) Date: Thu, 03 Nov 2016 17:33:08 +0000 Subject: [openssl-commits] Still Failing: openssl/openssl#6817 (master - 075e9da) In-Reply-To: Message-ID: <581b74d27298f_33f9c15d9b5c01154066@7ae2358b-3783-4987-8918-d1efac148eca.mail> Build Update for openssl/openssl ------------------------------------- Build: #6817 Status: Still Failing Duration: 1 hour, 25 minutes, and 43 seconds Commit: 075e9da (master) Author: Richard Levitte Message: Clang doesn't like -znodelete, make it a linker flag instead gcc is kinder, it silently passes quite a few flags to ld, while clang is stricter and wants them prefixed with -Wl, Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/1836) View the changeset: https://github.com/openssl/openssl/compare/7280a5d332e8...075e9da05545 View the full build log and details: https://travis-ci.org/openssl/openssl/builds/172962871 -- You can configure recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications -------------- next part -------------- An HTML attachment was scrubbed... URL: From levitte at openssl.org Thu Nov 3 18:25:11 2016 From: levitte at openssl.org (Richard Levitte) Date: Thu, 03 Nov 2016 18:25:11 +0000 Subject: [openssl-commits] [openssl] master update Message-ID: <1478197511.844737.8530.nullmailer@dev.openssl.org> The branch master has been updated via 6d4bc8a3d2c2f7701588bbfdea80a1f7a3973f26 (commit) from 3b0478fe03191bedef44644996a5a6da51f77eaf (commit) - Log ----------------------------------------------------------------- commit 6d4bc8a3d2c2f7701588bbfdea80a1f7a3973f26 Author: Richard Levitte Date: Thu Nov 3 17:08:10 2016 +0100 Enable memory debugging while testing Pre 1.1.0, 'make test' would set the environment variable OPENSSL_DEBUG_MEMORY to "on". This got lost when translating the old build files to the new templates. This changes reintroduces that variable. Reviewed-by: Rich Salz (Merged from https://github.com/openssl/openssl/pull/1840) ----------------------------------------------------------------------- Summary of changes: Configurations/descrip.mms.tmpl | 2 ++ Configurations/unix-Makefile.tmpl | 1 + Configurations/windows-makefile.tmpl | 1 + 3 files changed, 4 insertions(+) diff --git a/Configurations/descrip.mms.tmpl b/Configurations/descrip.mms.tmpl index 3d221f5..15e0678 100644 --- a/Configurations/descrip.mms.tmpl +++ b/Configurations/descrip.mms.tmpl @@ -267,8 +267,10 @@ test tests : build_generated, build_programs_nodep, build_engines_nodep, - DEFINE SRCTOP {- sourcedir() -} DEFINE BLDTOP {- builddir() -} DEFINE OPENSSL_ENGINES {- builddir("engines") -} + DEFINE OPENSSL_DEBUG_MEMORY "on" IF "$(VERBOSE)" .NES. "" THEN DEFINE VERBOSE "$(VERBOSE)" $(PERL) {- sourcefile("test", "run_tests.pl") -} $(TESTS) + DEASSIGN OPENSSL_DEBUG_MEMORY DEASSIGN OPENSSL_ENGINES DEASSIGN BLDTOP DEASSIGN SRCTOP diff --git a/Configurations/unix-Makefile.tmpl b/Configurations/unix-Makefile.tmpl index b263832..eb47630 100644 --- a/Configurations/unix-Makefile.tmpl +++ b/Configurations/unix-Makefile.tmpl @@ -251,6 +251,7 @@ test: tests PERL="$(PERL)" \ EXE_EXT={- $exeext -} \ OPENSSL_ENGINES=../$(BLDDIR)/engines \ + OPENSSL_DEBUG_MEMORY=on \ $(PERL) ../$(SRCDIR)/test/run_tests.pl $(TESTS) ) @ : {- if ($disabled{tests}) { output_on(); } else { output_off(); } "" -} @echo "Tests are not supported with your chosen Configure options" diff --git a/Configurations/windows-makefile.tmpl b/Configurations/windows-makefile.tmpl index 4c8e89f..a0ee953 100644 --- a/Configurations/windows-makefile.tmpl +++ b/Configurations/windows-makefile.tmpl @@ -198,6 +198,7 @@ tests: build_generated build_programs_nodep build_engines_nodep depend set SRCTOP=$(SRCDIR) set BLDTOP=$(BLDDIR) set PERL=$(PERL) + set OPENSSL_DEBUG_MEMORY=on "$(PERL)" "$(SRCDIR)\test\run_tests.pl" $(TESTS) @rem {- if ($disabled{tests}) { output_on(); } else { output_off(); } "" -} @echo "Tests are not supported with your chosen Configure options" From levitte at openssl.org Thu Nov 3 18:25:38 2016 From: levitte at openssl.org (Richard Levitte) Date: Thu, 03 Nov 2016 18:25:38 +0000 Subject: [openssl-commits] [openssl] OpenSSL_1_1_0-stable update Message-ID: <1478197538.897146.9223.nullmailer@dev.openssl.org> The branch OpenSSL_1_1_0-stable has been updated via 2cf10e88b7221e1edbbdc8ecc89abe2953a668b1 (commit) from b754f9a3a5bccffc7e8f534fefd13fc0ef7aaf13 (commit) - Log ----------------------------------------------------------------- commit 2cf10e88b7221e1edbbdc8ecc89abe2953a668b1 Author: Richard Levitte Date: Thu Nov 3 17:08:10 2016 +0100 Enable memory debugging while testing Pre 1.1.0, 'make test' would set the environment variable OPENSSL_DEBUG_MEMORY to "on". This got lost when translating the old build files to the new templates. This changes reintroduces that variable. Reviewed-by: Rich Salz (Merged from https://github.com/openssl/openssl/pull/1840) (cherry picked from commit 6d4bc8a3d2c2f7701588bbfdea80a1f7a3973f26) ----------------------------------------------------------------------- Summary of changes: Configurations/descrip.mms.tmpl | 2 ++ Configurations/unix-Makefile.tmpl | 1 + Configurations/windows-makefile.tmpl | 1 + 3 files changed, 4 insertions(+) diff --git a/Configurations/descrip.mms.tmpl b/Configurations/descrip.mms.tmpl index 39709a1..aef5fcf 100644 --- a/Configurations/descrip.mms.tmpl +++ b/Configurations/descrip.mms.tmpl @@ -264,8 +264,10 @@ test tests : build_generated, build_programs_nodep, build_engines_nodep, - DEFINE SRCTOP {- sourcedir() -} DEFINE BLDTOP {- builddir() -} DEFINE OPENSSL_ENGINES {- builddir("engines") -} + DEFINE OPENSSL_DEBUG_MEMORY "on" IF "$(VERBOSE)" .NES. "" THEN DEFINE VERBOSE "$(VERBOSE)" $(PERL) {- sourcefile("test", "run_tests.pl") -} $(TESTS) + DEASSIGN OPENSSL_DEBUG_MEMORY DEASSIGN OPENSSL_ENGINES DEASSIGN BLDTOP DEASSIGN SRCTOP diff --git a/Configurations/unix-Makefile.tmpl b/Configurations/unix-Makefile.tmpl index 87f8343..953fc1a 100644 --- a/Configurations/unix-Makefile.tmpl +++ b/Configurations/unix-Makefile.tmpl @@ -246,6 +246,7 @@ test: tests PERL="$(PERL)" \ EXE_EXT={- $exeext -} \ OPENSSL_ENGINES=../$(BLDDIR)/engines \ + OPENSSL_DEBUG_MEMORY=on \ $(PERL) ../$(SRCDIR)/test/run_tests.pl $(TESTS) ) @ : {- if ($disabled{tests}) { output_on(); } else { output_off(); } "" -} @echo "Tests are not supported with your chosen Configure options" diff --git a/Configurations/windows-makefile.tmpl b/Configurations/windows-makefile.tmpl index 77fceec..1d7e666 100644 --- a/Configurations/windows-makefile.tmpl +++ b/Configurations/windows-makefile.tmpl @@ -198,6 +198,7 @@ tests: build_generated build_programs_nodep build_engines_nodep depend set SRCTOP=$(SRCDIR) set BLDTOP=$(BLDDIR) set PERL=$(PERL) + set OPENSSL_DEBUG_MEMORY=on "$(PERL)" "$(SRCDIR)\test\run_tests.pl" $(TESTS) @rem {- if ($disabled{tests}) { output_on(); } else { output_off(); } "" -} @echo "Tests are not supported with your chosen Configure options" From builds at travis-ci.org Thu Nov 3 19:06:55 2016 From: builds at travis-ci.org (Travis CI) Date: Thu, 03 Nov 2016 19:06:55 +0000 Subject: [openssl-commits] Still Failing: openssl/openssl#6818 (OpenSSL_1_1_0-stable - 22173a4) In-Reply-To: Message-ID: <581b8acf963cf_33fed27ad9c0c2977f9@37837989-0aa8-48c7-9530-e15ebb55cb1e.mail> Build Update for openssl/openssl ------------------------------------- Build: #6818 Status: Still Failing Duration: 1 hour, 48 minutes, and 7 seconds Commit: 22173a4 (OpenSSL_1_1_0-stable) Author: Richard Levitte Message: Clang doesn't like -znodelete, make it a linker flag instead gcc is kinder, it silently passes quite a few flags to ld, while clang is stricter and wants them prefixed with -Wl, Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/1836) (cherry picked from commit 075e9da055454ec5586962b43d9923e44bdcb313) View the changeset: https://github.com/openssl/openssl/compare/f1ec9c07fe36...22173a40b219 View the full build log and details: https://travis-ci.org/openssl/openssl/builds/172963076 -- You can configure recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications -------------- next part -------------- An HTML attachment was scrubbed... URL: From rsalz at openssl.org Thu Nov 3 19:25:03 2016 From: rsalz at openssl.org (Rich Salz) Date: Thu, 03 Nov 2016 19:25:03 +0000 Subject: [openssl-commits] [openssl] master update Message-ID: <1478201103.017376.30709.nullmailer@dev.openssl.org> The branch master has been updated via 00bb5504cc62693e05ff4e699f379011c55ecc84 (commit) from 6d4bc8a3d2c2f7701588bbfdea80a1f7a3973f26 (commit) - Log ----------------------------------------------------------------- commit 00bb5504cc62693e05ff4e699f379011c55ecc84 Author: Rich Salz Date: Thu Nov 3 13:16:26 2016 -0400 Update CRYPTO_set_mem_debug() doc Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/1842) ----------------------------------------------------------------------- Summary of changes: doc/man3/OPENSSL_malloc.pod | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/doc/man3/OPENSSL_malloc.pod b/doc/man3/OPENSSL_malloc.pod index 50f0975..2104f43 100644 --- a/doc/man3/OPENSSL_malloc.pod +++ b/doc/man3/OPENSSL_malloc.pod @@ -135,8 +135,10 @@ at build-time). This adds some overhead by keeping a list of all memory allocations, and removes items from the list when they are free'd. This is most useful for identifying memory leaks. -CRYPTO_set_mem_debug() turns this tracking on and off. It is normally -called at startup, but can be called at any time. +CRYPTO_set_mem_debug() turns this tracking on and off. In order to have +any effect, is must be called before any of the allocation functions +(e.g., CRYPTO_malloc()) are called, and is therefore normally one of the +first lines of main() in an application. CRYPTO_mem_ctrl() provides fine-grained control of memory leak tracking. To enable tracking call CRYPTO_mem_ctrl() with a B argument of From rsalz at openssl.org Thu Nov 3 19:25:27 2016 From: rsalz at openssl.org (Rich Salz) Date: Thu, 03 Nov 2016 19:25:27 +0000 Subject: [openssl-commits] [openssl] OpenSSL_1_1_0-stable update Message-ID: <1478201127.788673.31533.nullmailer@dev.openssl.org> The branch OpenSSL_1_1_0-stable has been updated via 0d325d9cb9ecb10cb1d41f64751ca8d8f2df472b (commit) from 2cf10e88b7221e1edbbdc8ecc89abe2953a668b1 (commit) - Log ----------------------------------------------------------------- commit 0d325d9cb9ecb10cb1d41f64751ca8d8f2df472b Author: Rich Salz Date: Thu Nov 3 13:16:26 2016 -0400 Update CRYPTO_set_mem_debug() doc Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/1842) (cherry picked from commit 00bb5504cc62693e05ff4e699f379011c55ecc84) ----------------------------------------------------------------------- Summary of changes: doc/crypto/OPENSSL_malloc.pod | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/doc/crypto/OPENSSL_malloc.pod b/doc/crypto/OPENSSL_malloc.pod index 50f0975..2104f43 100644 --- a/doc/crypto/OPENSSL_malloc.pod +++ b/doc/crypto/OPENSSL_malloc.pod @@ -135,8 +135,10 @@ at build-time). This adds some overhead by keeping a list of all memory allocations, and removes items from the list when they are free'd. This is most useful for identifying memory leaks. -CRYPTO_set_mem_debug() turns this tracking on and off. It is normally -called at startup, but can be called at any time. +CRYPTO_set_mem_debug() turns this tracking on and off. In order to have +any effect, is must be called before any of the allocation functions +(e.g., CRYPTO_malloc()) are called, and is therefore normally one of the +first lines of main() in an application. CRYPTO_mem_ctrl() provides fine-grained control of memory leak tracking. To enable tracking call CRYPTO_mem_ctrl() with a B argument of From builds at travis-ci.org Thu Nov 3 21:56:47 2016 From: builds at travis-ci.org (Travis CI) Date: Thu, 03 Nov 2016 21:56:47 +0000 Subject: [openssl-commits] Still Failing: openssl/openssl#6821 (master - 3b0478f) In-Reply-To: Message-ID: <581bb29fad32f_33f9b2b5c66b41006116@40a337e2-63a6-48ad-9e75-ad447ce15e27.mail> Build Update for openssl/openssl ------------------------------------- Build: #6821 Status: Still Failing Duration: 19 minutes and 49 seconds Commit: 3b0478f (master) Author: Richard Levitte Message: test/shlibloadtest: small fixes - Make sure to initialise SHLIB variables - Make sure to make local variables static Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/1838) View the changeset: https://github.com/openssl/openssl/compare/075e9da05545...3b0478fe0319 View the full build log and details: https://travis-ci.org/openssl/openssl/builds/172984422 -- You can configure recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications -------------- next part -------------- An HTML attachment was scrubbed... URL: From levitte at openssl.org Thu Nov 3 23:19:17 2016 From: levitte at openssl.org (Richard Levitte) Date: Thu, 03 Nov 2016 23:19:17 +0000 Subject: [openssl-commits] [openssl] master update Message-ID: <1478215157.438595.10200.nullmailer@dev.openssl.org> The branch master has been updated via 62dd3351a16089aedb0f1e62e3b6df371c93389c (commit) from 00bb5504cc62693e05ff4e699f379011c55ecc84 (commit) - Log ----------------------------------------------------------------- commit 62dd3351a16089aedb0f1e62e3b6df371c93389c Author: Richard Levitte Date: Thu Nov 3 18:48:23 2016 +0100 Don't assume to know the shared library extension test/shlibloadtest.c assumes all Unix style platforms use .so as shared library extension. This is not the case for Mac OS X, which uses .dylib. Instead of this, have the test recipe find out the extension from configuration data. Reviewed-by: Matt Caswell Reviewed-by: Rich Salz (Merged from https://github.com/openssl/openssl/pull/1844) ----------------------------------------------------------------------- Summary of changes: test/recipes/90-test_shlibload.t | 17 ++++++++--------- test/shlibloadtest.c | 19 +++---------------- 2 files changed, 11 insertions(+), 25 deletions(-) diff --git a/test/recipes/90-test_shlibload.t b/test/recipes/90-test_shlibload.t index dc35613..9058ba5 100644 --- a/test/recipes/90-test_shlibload.t +++ b/test/recipes/90-test_shlibload.t @@ -22,16 +22,15 @@ plan skip_all => "Test only supported in a shared build" if disabled("shared"); plan tests => 3; -ok(run(test(["shlibloadtest", "-crypto_first", - $unified_info{sharednames}->{libcrypto}, - $unified_info{sharednames}->{libssl}])), +my $libcrypto = + $unified_info{sharednames}->{libcrypto}.$target{shared_extension_simple}; +my $libssl = + $unified_info{sharednames}->{libssl}.$target{shared_extension_simple}; + +ok(run(test(["shlibloadtest", "-crypto_first", $libcrypto, $libssl])), "running shlibloadtest -crypto_first"); -ok(run(test(["shlibloadtest", "-ssl_first", - $unified_info{sharednames}->{libcrypto}, - $unified_info{sharednames}->{libssl}])), +ok(run(test(["shlibloadtest", "-ssl_first", $libcrypto, $libssl])), "running shlibloadtest -ssl_first"); -ok(run(test(["shlibloadtest", "-just_crypto", - $unified_info{sharednames}->{libcrypto}, - $unified_info{sharednames}->{libssl}])), +ok(run(test(["shlibloadtest", "-just_crypto", $libcrypto, $libssl])), "running shlibloadtest -just_crypto"); diff --git a/test/shlibloadtest.c b/test/shlibloadtest.c index 20030d9..eea2e3a 100644 --- a/test/shlibloadtest.c +++ b/test/shlibloadtest.c @@ -44,22 +44,9 @@ typedef void * SHLIB; typedef void * SHLIB_SYM; # define SHLIB_INIT NULL -# define SHARED_LIBRARY_SUFFIX ".so" - -static int shlib_load(char *filename, SHLIB *lib) +static int shlib_load(const char *filename, SHLIB *lib) { - char *tmpfile; - size_t filenamelen = strlen(filename); - - /* Total length = base filename len + suffix len + 1 for NULL terminator */ - tmpfile = malloc(filenamelen + sizeof(SHARED_LIBRARY_SUFFIX) + 1); - if (tmpfile == NULL) - return 0; - strcpy(tmpfile, filename); - strcpy(tmpfile + filenamelen, SHARED_LIBRARY_SUFFIX); - - *lib = dlopen(tmpfile, RTLD_GLOBAL | RTLD_LAZY); - free(tmpfile); + *lib = dlopen(filename, RTLD_GLOBAL | RTLD_LAZY); if (*lib == NULL) return 0; @@ -90,7 +77,7 @@ typedef HINSTANCE SHLIB; typedef void * SHLIB_SYM; # define SHLIB_INIT 0 -static int shlib_load(char *filename, SHLIB *lib) +static int shlib_load(const char *filename, SHLIB *lib) { *lib = LoadLibraryA(filename); if (*lib == NULL) From levitte at openssl.org Thu Nov 3 23:19:54 2016 From: levitte at openssl.org (Richard Levitte) Date: Thu, 03 Nov 2016 23:19:54 +0000 Subject: [openssl-commits] [openssl] OpenSSL_1_1_0-stable update Message-ID: <1478215194.494224.11160.nullmailer@dev.openssl.org> The branch OpenSSL_1_1_0-stable has been updated via 8f8e9f184bf51fa283c1af9c4fd63098fc7387dd (commit) from 0d325d9cb9ecb10cb1d41f64751ca8d8f2df472b (commit) - Log ----------------------------------------------------------------- commit 8f8e9f184bf51fa283c1af9c4fd63098fc7387dd Author: Richard Levitte Date: Thu Nov 3 18:48:23 2016 +0100 Don't assume to know the shared library extension test/shlibloadtest.c assumes all Unix style platforms use .so as shared library extension. This is not the case for Mac OS X, which uses .dylib. Instead of this, have the test recipe find out the extension from configuration data. Reviewed-by: Matt Caswell Reviewed-by: Rich Salz (Merged from https://github.com/openssl/openssl/pull/1844) (cherry picked from commit 62dd3351a16089aedb0f1e62e3b6df371c93389c) ----------------------------------------------------------------------- Summary of changes: test/recipes/90-test_shlibload.t | 17 ++++++++--------- test/shlibloadtest.c | 19 +++---------------- 2 files changed, 11 insertions(+), 25 deletions(-) diff --git a/test/recipes/90-test_shlibload.t b/test/recipes/90-test_shlibload.t index dc35613..9058ba5 100644 --- a/test/recipes/90-test_shlibload.t +++ b/test/recipes/90-test_shlibload.t @@ -22,16 +22,15 @@ plan skip_all => "Test only supported in a shared build" if disabled("shared"); plan tests => 3; -ok(run(test(["shlibloadtest", "-crypto_first", - $unified_info{sharednames}->{libcrypto}, - $unified_info{sharednames}->{libssl}])), +my $libcrypto = + $unified_info{sharednames}->{libcrypto}.$target{shared_extension_simple}; +my $libssl = + $unified_info{sharednames}->{libssl}.$target{shared_extension_simple}; + +ok(run(test(["shlibloadtest", "-crypto_first", $libcrypto, $libssl])), "running shlibloadtest -crypto_first"); -ok(run(test(["shlibloadtest", "-ssl_first", - $unified_info{sharednames}->{libcrypto}, - $unified_info{sharednames}->{libssl}])), +ok(run(test(["shlibloadtest", "-ssl_first", $libcrypto, $libssl])), "running shlibloadtest -ssl_first"); -ok(run(test(["shlibloadtest", "-just_crypto", - $unified_info{sharednames}->{libcrypto}, - $unified_info{sharednames}->{libssl}])), +ok(run(test(["shlibloadtest", "-just_crypto", $libcrypto, $libssl])), "running shlibloadtest -just_crypto"); diff --git a/test/shlibloadtest.c b/test/shlibloadtest.c index 20030d9..eea2e3a 100644 --- a/test/shlibloadtest.c +++ b/test/shlibloadtest.c @@ -44,22 +44,9 @@ typedef void * SHLIB; typedef void * SHLIB_SYM; # define SHLIB_INIT NULL -# define SHARED_LIBRARY_SUFFIX ".so" - -static int shlib_load(char *filename, SHLIB *lib) +static int shlib_load(const char *filename, SHLIB *lib) { - char *tmpfile; - size_t filenamelen = strlen(filename); - - /* Total length = base filename len + suffix len + 1 for NULL terminator */ - tmpfile = malloc(filenamelen + sizeof(SHARED_LIBRARY_SUFFIX) + 1); - if (tmpfile == NULL) - return 0; - strcpy(tmpfile, filename); - strcpy(tmpfile + filenamelen, SHARED_LIBRARY_SUFFIX); - - *lib = dlopen(tmpfile, RTLD_GLOBAL | RTLD_LAZY); - free(tmpfile); + *lib = dlopen(filename, RTLD_GLOBAL | RTLD_LAZY); if (*lib == NULL) return 0; @@ -90,7 +77,7 @@ typedef HINSTANCE SHLIB; typedef void * SHLIB_SYM; # define SHLIB_INIT 0 -static int shlib_load(char *filename, SHLIB *lib) +static int shlib_load(const char *filename, SHLIB *lib) { *lib = LoadLibraryA(filename); if (*lib == NULL) From builds at travis-ci.org Fri Nov 4 03:53:12 2016 From: builds at travis-ci.org (Travis CI) Date: Fri, 04 Nov 2016 03:53:12 +0000 Subject: [openssl-commits] Still Failing: openssl/openssl#6840 (master - 62dd335) In-Reply-To: Message-ID: <581c0628417bf_33faaf3791994454735@ebdf8635-0a44-4326-830a-f27cc4141d26.mail> Build Update for openssl/openssl ------------------------------------- Build: #6840 Status: Still Failing Duration: 36 minutes and 29 seconds Commit: 62dd335 (master) Author: Richard Levitte Message: Don't assume to know the shared library extension test/shlibloadtest.c assumes all Unix style platforms use .so as shared library extension. This is not the case for Mac OS X, which uses .dylib. Instead of this, have the test recipe find out the extension from configuration data. Reviewed-by: Matt Caswell Reviewed-by: Rich Salz (Merged from https://github.com/openssl/openssl/pull/1844) View the changeset: https://github.com/openssl/openssl/compare/00bb5504cc62...62dd3351a160 View the full build log and details: https://travis-ci.org/openssl/openssl/builds/173117981 -- You can configure recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications -------------- next part -------------- An HTML attachment was scrubbed... URL: From builds at travis-ci.org Fri Nov 4 04:24:39 2016 From: builds at travis-ci.org (Travis CI) Date: Fri, 04 Nov 2016 04:24:39 +0000 Subject: [openssl-commits] Fixed: openssl/openssl#6841 (OpenSSL_1_1_0-stable - 8f8e9f1) In-Reply-To: Message-ID: <581c0da6631d7_33faaf37910844695fb@ebdf8635-0a44-4326-830a-f27cc4141d26.mail> Build Update for openssl/openssl ------------------------------------- Build: #6841 Status: Fixed Duration: 44 minutes and 39 seconds Commit: 8f8e9f1 (OpenSSL_1_1_0-stable) Author: Richard Levitte Message: Don't assume to know the shared library extension test/shlibloadtest.c assumes all Unix style platforms use .so as shared library extension. This is not the case for Mac OS X, which uses .dylib. Instead of this, have the test recipe find out the extension from configuration data. Reviewed-by: Matt Caswell Reviewed-by: Rich Salz (Merged from https://github.com/openssl/openssl/pull/1844) (cherry picked from commit 62dd3351a16089aedb0f1e62e3b6df371c93389c) View the changeset: https://github.com/openssl/openssl/compare/0d325d9cb9ec...8f8e9f184bf5 View the full build log and details: https://travis-ci.org/openssl/openssl/builds/173118071 -- You can configure recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications -------------- next part -------------- An HTML attachment was scrubbed... URL: From builds at travis-ci.org Fri Nov 4 08:19:43 2016 From: builds at travis-ci.org (Travis CI) Date: Fri, 04 Nov 2016 08:19:43 +0000 Subject: [openssl-commits] Fixed: openssl/openssl#6840 (master - 62dd335) In-Reply-To: Message-ID: <581c44b2428f5_33fccc70aec6c121510@909072ed-41f0-4974-9bb9-6c0935de37a8.mail> Build Update for openssl/openssl ------------------------------------- Build: #6840 Status: Fixed Duration: 8 minutes and 17 seconds Commit: 62dd335 (master) Author: Richard Levitte Message: Don't assume to know the shared library extension test/shlibloadtest.c assumes all Unix style platforms use .so as shared library extension. This is not the case for Mac OS X, which uses .dylib. Instead of this, have the test recipe find out the extension from configuration data. Reviewed-by: Matt Caswell Reviewed-by: Rich Salz (Merged from https://github.com/openssl/openssl/pull/1844) View the changeset: https://github.com/openssl/openssl/compare/00bb5504cc62...62dd3351a160 View the full build log and details: https://travis-ci.org/openssl/openssl/builds/173117981 -- You can configure recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications -------------- next part -------------- An HTML attachment was scrubbed... URL: From openssl.sanity at gmail.com Fri Nov 4 09:26:03 2016 From: openssl.sanity at gmail.com (openssl.sanity at gmail.com) Date: Fri, 4 Nov 2016 09:26:03 +0000 (UTC) Subject: [openssl-commits] Build failed in Jenkins: master_ppc64 #1039 In-Reply-To: <1231746374.8.1478186685029.JavaMail.jenkins@ossl-sanity.cisco.com> References: <1231746374.8.1478186685029.JavaMail.jenkins@ossl-sanity.cisco.com> Message-ID: <1056269514.9.1478251563423.JavaMail.jenkins@ossl-sanity.cisco.com> See Changes: [Richard Levitte] test/shlibloadtest: small fixes [Richard Levitte] Enable memory debugging while testing [rsalz] Update CRYPTO_set_mem_debug() doc [Richard Levitte] Don't assume to know the shared library extension ------------------------------------------ [...truncated 2178 lines...] link_app.linux-shared make[2]: Entering directory ` LD_LIBRARY_PATH=.: powerpc64-linux-gcc -DDSO_DLFCN -DHAVE_DLFCN_H -DNDEBUG -DOPENSSL_THREADS -DOPENSSL_NO_STATIC_ENGINE -DOPENSSL_PIC -DOPENSSL_BN_ASM_MONT -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DAES_ASM -DVPAES_ASM -DECP_NISTZ256_ASM -DPOLY1305_ASM -DOPENSSLDIR="/usr/local/ssl" -DENGINESDIR="/usr/local/lib64/engines-1.1" -Wall -O3 -pthread -m64 -DB_ENDIAN -o test/dtls_mtu_test test/dtls_mtu_test.o test/ssltestlib.o -L. -lssl -L. -lcrypto -ldl make[2]: Leaving directory ` powerpc64-linux-gcc -Iinclude -Itest -DDSO_DLFCN -DHAVE_DLFCN_H -DNDEBUG -DOPENSSL_THREADS -DOPENSSL_NO_STATIC_ENGINE -DOPENSSL_PIC -DOPENSSL_BN_ASM_MONT -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DAES_ASM -DVPAES_ASM -DECP_NISTZ256_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib64/engines-1.1\"" -Wall -O3 -pthread -m64 -DB_ENDIAN -MMD -MF test/dtlstest.d.tmp -MT test/dtlstest.o -c -o test/dtlstest.o test/dtlstest.c rm -f test/dtlstest make -f ./Makefile.shared -e \ PERL="/usr/bin/perl" SRCDIR=. \ APPNAME=test/dtlstest OBJECTS="test/dtlstest.o test/ssltestlib.o test/testutil.o" \ LIBDEPS=' '" -L. -lssl -L. -lcrypto"' -ldl ' \ CC='powerpc64-linux-gcc' CFLAGS='-DDSO_DLFCN -DHAVE_DLFCN_H -DNDEBUG -DOPENSSL_THREADS -DOPENSSL_NO_STATIC_ENGINE -DOPENSSL_PIC -DOPENSSL_BN_ASM_MONT -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DAES_ASM -DVPAES_ASM -DECP_NISTZ256_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib64/engines-1.1\"" -Wall -O3 -pthread -m64 -DB_ENDIAN ' \ LDFLAGS='' \ link_app.linux-shared make[2]: Entering directory ` LD_LIBRARY_PATH=.: powerpc64-linux-gcc -DDSO_DLFCN -DHAVE_DLFCN_H -DNDEBUG -DOPENSSL_THREADS -DOPENSSL_NO_STATIC_ENGINE -DOPENSSL_PIC -DOPENSSL_BN_ASM_MONT -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DAES_ASM -DVPAES_ASM -DECP_NISTZ256_ASM -DPOLY1305_ASM -DOPENSSLDIR="/usr/local/ssl" -DENGINESDIR="/usr/local/lib64/engines-1.1" -Wall -O3 -pthread -m64 -DB_ENDIAN -o test/dtlstest test/dtlstest.o test/ssltestlib.o test/testutil.o -L. -lssl -L. -lcrypto -ldl make[2]: Leaving directory ` powerpc64-linux-gcc -I. -Iinclude -DDSO_DLFCN -DHAVE_DLFCN_H -DNDEBUG -DOPENSSL_THREADS -DOPENSSL_NO_STATIC_ENGINE -DOPENSSL_PIC -DOPENSSL_BN_ASM_MONT -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DAES_ASM -DVPAES_ASM -DECP_NISTZ256_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib64/engines-1.1\"" -Wall -O3 -pthread -m64 -DB_ENDIAN -MMD -MF test/dtlsv1listentest.d.tmp -MT test/dtlsv1listentest.o -c -o test/dtlsv1listentest.o test/dtlsv1listentest.c rm -f test/dtlsv1listentest make -f ./Makefile.shared -e \ PERL="/usr/bin/perl" SRCDIR=. \ APPNAME=test/dtlsv1listentest OBJECTS="test/dtlsv1listentest.o" \ LIBDEPS=' '" -L. -lssl -L. -lcrypto"' -ldl ' \ CC='powerpc64-linux-gcc' CFLAGS='-DDSO_DLFCN -DHAVE_DLFCN_H -DNDEBUG -DOPENSSL_THREADS -DOPENSSL_NO_STATIC_ENGINE -DOPENSSL_PIC -DOPENSSL_BN_ASM_MONT -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DAES_ASM -DVPAES_ASM -DECP_NISTZ256_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib64/engines-1.1\"" -Wall -O3 -pthread -m64 -DB_ENDIAN ' \ LDFLAGS='' \ link_app.linux-shared make[2]: Entering directory ` LD_LIBRARY_PATH=.: powerpc64-linux-gcc -DDSO_DLFCN -DHAVE_DLFCN_H -DNDEBUG -DOPENSSL_THREADS -DOPENSSL_NO_STATIC_ENGINE -DOPENSSL_PIC -DOPENSSL_BN_ASM_MONT -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DAES_ASM -DVPAES_ASM -DECP_NISTZ256_ASM -DPOLY1305_ASM -DOPENSSLDIR="/usr/local/ssl" -DENGINESDIR="/usr/local/lib64/engines-1.1" -Wall -O3 -pthread -m64 -DB_ENDIAN -o test/dtlsv1listentest test/dtlsv1listentest.o -L. -lssl -L. -lcrypto -ldl make[2]: Leaving directory ` powerpc64-linux-gcc -Iinclude -DDSO_DLFCN -DHAVE_DLFCN_H -DNDEBUG -DOPENSSL_THREADS -DOPENSSL_NO_STATIC_ENGINE -DOPENSSL_PIC -DOPENSSL_BN_ASM_MONT -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DAES_ASM -DVPAES_ASM -DECP_NISTZ256_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib64/engines-1.1\"" -Wall -O3 -pthread -m64 -DB_ENDIAN -MMD -MF test/ecdhtest.d.tmp -MT test/ecdhtest.o -c -o test/ecdhtest.o test/ecdhtest.c rm -f test/ecdhtest make -f ./Makefile.shared -e \ PERL="/usr/bin/perl" SRCDIR=. \ APPNAME=test/ecdhtest OBJECTS="test/ecdhtest.o" \ LIBDEPS=' '" -L. -lcrypto"' -ldl ' \ CC='powerpc64-linux-gcc' CFLAGS='-DDSO_DLFCN -DHAVE_DLFCN_H -DNDEBUG -DOPENSSL_THREADS -DOPENSSL_NO_STATIC_ENGINE -DOPENSSL_PIC -DOPENSSL_BN_ASM_MONT -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DAES_ASM -DVPAES_ASM -DECP_NISTZ256_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib64/engines-1.1\"" -Wall -O3 -pthread -m64 -DB_ENDIAN ' \ LDFLAGS='' \ link_app.linux-shared make[2]: Entering directory ` LD_LIBRARY_PATH=.: powerpc64-linux-gcc -DDSO_DLFCN -DHAVE_DLFCN_H -DNDEBUG -DOPENSSL_THREADS -DOPENSSL_NO_STATIC_ENGINE -DOPENSSL_PIC -DOPENSSL_BN_ASM_MONT -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DAES_ASM -DVPAES_ASM -DECP_NISTZ256_ASM -DPOLY1305_ASM -DOPENSSLDIR="/usr/local/ssl" -DENGINESDIR="/usr/local/lib64/engines-1.1" -Wall -O3 -pthread -m64 -DB_ENDIAN -o test/ecdhtest test/ecdhtest.o -L. -lcrypto -ldl make[2]: Leaving directory ` powerpc64-linux-gcc -Iinclude -DDSO_DLFCN -DHAVE_DLFCN_H -DNDEBUG -DOPENSSL_THREADS -DOPENSSL_NO_STATIC_ENGINE -DOPENSSL_PIC -DOPENSSL_BN_ASM_MONT -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DAES_ASM -DVPAES_ASM -DECP_NISTZ256_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib64/engines-1.1\"" -Wall -O3 -pthread -m64 -DB_ENDIAN -MMD -MF test/ecdsatest.d.tmp -MT test/ecdsatest.o -c -o test/ecdsatest.o test/ecdsatest.c rm -f test/ecdsatest make -f ./Makefile.shared -e \ PERL="/usr/bin/perl" SRCDIR=. \ APPNAME=test/ecdsatest OBJECTS="test/ecdsatest.o" \ LIBDEPS=' '" -L. -lcrypto"' -ldl ' \ CC='powerpc64-linux-gcc' CFLAGS='-DDSO_DLFCN -DHAVE_DLFCN_H -DNDEBUG -DOPENSSL_THREADS -DOPENSSL_NO_STATIC_ENGINE -DOPENSSL_PIC -DOPENSSL_BN_ASM_MONT -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DAES_ASM -DVPAES_ASM -DECP_NISTZ256_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib64/engines-1.1\"" -Wall -O3 -pthread -m64 -DB_ENDIAN ' \ LDFLAGS='' \ link_app.linux-shared make[2]: Entering directory ` LD_LIBRARY_PATH=.: powerpc64-linux-gcc -DDSO_DLFCN -DHAVE_DLFCN_H -DNDEBUG -DOPENSSL_THREADS -DOPENSSL_NO_STATIC_ENGINE -DOPENSSL_PIC -DOPENSSL_BN_ASM_MONT -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DAES_ASM -DVPAES_ASM -DECP_NISTZ256_ASM -DPOLY1305_ASM -DOPENSSLDIR="/usr/local/ssl" -DENGINESDIR="/usr/local/lib64/engines-1.1" -Wall -O3 -pthread -m64 -DB_ENDIAN -o test/ecdsatest test/ecdsatest.o -L. -lcrypto -ldl make[2]: Leaving directory ` powerpc64-linux-gcc -Iinclude -DDSO_DLFCN -DHAVE_DLFCN_H -DNDEBUG -DOPENSSL_THREADS -DOPENSSL_NO_STATIC_ENGINE -DOPENSSL_PIC -DOPENSSL_BN_ASM_MONT -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DAES_ASM -DVPAES_ASM -DECP_NISTZ256_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib64/engines-1.1\"" -Wall -O3 -pthread -m64 -DB_ENDIAN -MMD -MF test/ectest.d.tmp -MT test/ectest.o -c -o test/ectest.o test/ectest.c rm -f test/ectest make -f ./Makefile.shared -e \ PERL="/usr/bin/perl" SRCDIR=. \ APPNAME=test/ectest OBJECTS="test/ectest.o" \ LIBDEPS=' '" -L. -lcrypto"' -ldl ' \ CC='powerpc64-linux-gcc' CFLAGS='-DDSO_DLFCN -DHAVE_DLFCN_H -DNDEBUG -DOPENSSL_THREADS -DOPENSSL_NO_STATIC_ENGINE -DOPENSSL_PIC -DOPENSSL_BN_ASM_MONT -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DAES_ASM -DVPAES_ASM -DECP_NISTZ256_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib64/engines-1.1\"" -Wall -O3 -pthread -m64 -DB_ENDIAN ' \ LDFLAGS='' \ link_app.linux-shared make[2]: Entering directory ` LD_LIBRARY_PATH=.: powerpc64-linux-gcc -DDSO_DLFCN -DHAVE_DLFCN_H -DNDEBUG -DOPENSSL_THREADS -DOPENSSL_NO_STATIC_ENGINE -DOPENSSL_PIC -DOPENSSL_BN_ASM_MONT -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DAES_ASM -DVPAES_ASM -DECP_NISTZ256_ASM -DPOLY1305_ASM -DOPENSSLDIR="/usr/local/ssl" -DENGINESDIR="/usr/local/lib64/engines-1.1" -Wall -O3 -pthread -m64 -DB_ENDIAN -o test/ectest test/ectest.o -L. -lcrypto -ldl make[2]: Leaving directory ` powerpc64-linux-gcc -Iinclude -DDSO_DLFCN -DHAVE_DLFCN_H -DNDEBUG -DOPENSSL_THREADS -DOPENSSL_NO_STATIC_ENGINE -DOPENSSL_PIC -DOPENSSL_BN_ASM_MONT -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DAES_ASM -DVPAES_ASM -DECP_NISTZ256_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib64/engines-1.1\"" -Wall -O3 -pthread -m64 -DB_ENDIAN -MMD -MF test/enginetest.d.tmp -MT test/enginetest.o -c -o test/enginetest.o test/enginetest.c rm -f test/enginetest make -f ./Makefile.shared -e \ PERL="/usr/bin/perl" SRCDIR=. \ APPNAME=test/enginetest OBJECTS="test/enginetest.o" \ LIBDEPS=' '" -L. -lcrypto"' -ldl ' \ CC='powerpc64-linux-gcc' CFLAGS='-DDSO_DLFCN -DHAVE_DLFCN_H -DNDEBUG -DOPENSSL_THREADS -DOPENSSL_NO_STATIC_ENGINE -DOPENSSL_PIC -DOPENSSL_BN_ASM_MONT -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DAES_ASM -DVPAES_ASM -DECP_NISTZ256_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib64/engines-1.1\"" -Wall -O3 -pthread -m64 -DB_ENDIAN ' \ LDFLAGS='' \ link_app.linux-shared make[2]: Entering directory ` LD_LIBRARY_PATH=.: powerpc64-linux-gcc -DDSO_DLFCN -DHAVE_DLFCN_H -DNDEBUG -DOPENSSL_THREADS -DOPENSSL_NO_STATIC_ENGINE -DOPENSSL_PIC -DOPENSSL_BN_ASM_MONT -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DAES_ASM -DVPAES_ASM -DECP_NISTZ256_ASM -DPOLY1305_ASM -DOPENSSLDIR="/usr/local/ssl" -DENGINESDIR="/usr/local/lib64/engines-1.1" -Wall -O3 -pthread -m64 -DB_ENDIAN -o test/enginetest test/enginetest.o -L. -lcrypto -ldl make[2]: Leaving directory ` powerpc64-linux-gcc -Iinclude -DDSO_DLFCN -DHAVE_DLFCN_H -DNDEBUG -DOPENSSL_THREADS -DOPENSSL_NO_STATIC_ENGINE -DOPENSSL_PIC -DOPENSSL_BN_ASM_MONT -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DAES_ASM -DVPAES_ASM -DECP_NISTZ256_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib64/engines-1.1\"" -Wall -O3 -pthread -m64 -DB_ENDIAN -MMD -MF test/evp_extra_test.d.tmp -MT test/evp_extra_test.o -c -o test/evp_extra_test.o test/evp_extra_test.c rm -f test/evp_extra_test make -f ./Makefile.shared -e \ PERL="/usr/bin/perl" SRCDIR=. \ APPNAME=test/evp_extra_test OBJECTS="test/evp_extra_test.o" \ LIBDEPS=' '" -L. -lcrypto"' -ldl ' \ CC='powerpc64-linux-gcc' CFLAGS='-DDSO_DLFCN -DHAVE_DLFCN_H -DNDEBUG -DOPENSSL_THREADS -DOPENSSL_NO_STATIC_ENGINE -DOPENSSL_PIC -DOPENSSL_BN_ASM_MONT -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DAES_ASM -DVPAES_ASM -DECP_NISTZ256_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib64/engines-1.1\"" -Wall -O3 -pthread -m64 -DB_ENDIAN ' \ LDFLAGS='' \ link_app.linux-shared make[2]: Entering directory ` LD_LIBRARY_PATH=.: powerpc64-linux-gcc -DDSO_DLFCN -DHAVE_DLFCN_H -DNDEBUG -DOPENSSL_THREADS -DOPENSSL_NO_STATIC_ENGINE -DOPENSSL_PIC -DOPENSSL_BN_ASM_MONT -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DAES_ASM -DVPAES_ASM -DECP_NISTZ256_ASM -DPOLY1305_ASM -DOPENSSLDIR="/usr/local/ssl" -DENGINESDIR="/usr/local/lib64/engines-1.1" -Wall -O3 -pthread -m64 -DB_ENDIAN -o test/evp_extra_test test/evp_extra_test.o -L. -lcrypto -ldl make[2]: Leaving directory ` powerpc64-linux-gcc -Iinclude -DDSO_DLFCN -DHAVE_DLFCN_H -DNDEBUG -DOPENSSL_THREADS -DOPENSSL_NO_STATIC_ENGINE -DOPENSSL_PIC -DOPENSSL_BN_ASM_MONT -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DAES_ASM -DVPAES_ASM -DECP_NISTZ256_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib64/engines-1.1\"" -Wall -O3 -pthread -m64 -DB_ENDIAN -MMD -MF test/evp_test.d.tmp -MT test/evp_test.o -c -o test/evp_test.o test/evp_test.c rm -f test/evp_test make -f ./Makefile.shared -e \ PERL="/usr/bin/perl" SRCDIR=. \ APPNAME=test/evp_test OBJECTS="test/evp_test.o" \ LIBDEPS=' '" -L. -lcrypto"' -ldl ' \ CC='powerpc64-linux-gcc' CFLAGS='-DDSO_DLFCN -DHAVE_DLFCN_H -DNDEBUG -DOPENSSL_THREADS -DOPENSSL_NO_STATIC_ENGINE -DOPENSSL_PIC -DOPENSSL_BN_ASM_MONT -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DAES_ASM -DVPAES_ASM -DECP_NISTZ256_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib64/engines-1.1\"" -Wall -O3 -pthread -m64 -DB_ENDIAN ' \ LDFLAGS='' \ link_app.linux-shared make[2]: Entering directory ` LD_LIBRARY_PATH=.: powerpc64-linux-gcc -DDSO_DLFCN -DHAVE_DLFCN_H -DNDEBUG -DOPENSSL_THREADS -DOPENSSL_NO_STATIC_ENGINE -DOPENSSL_PIC -DOPENSSL_BN_ASM_MONT -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DAES_ASM -DVPAES_ASM -DECP_NISTZ256_ASM -DPOLY1305_ASM -DOPENSSLDIR="/usr/local/ssl" -DENGINESDIR="/usr/local/lib64/engines-1.1" -Wall -O3 -pthread -m64 -DB_ENDIAN -o test/evp_test test/evp_test.o -L. -lcrypto -ldl make[2]: Leaving directory ` powerpc64-linux-gcc -Iinclude -DDSO_DLFCN -DHAVE_DLFCN_H -DNDEBUG -DOPENSSL_THREADS -DOPENSSL_NO_STATIC_ENGINE -DOPENSSL_PIC -DOPENSSL_BN_ASM_MONT -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DAES_ASM -DVPAES_ASM -DECP_NISTZ256_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib64/engines-1.1\"" -Wall -O3 -pthread -m64 -DB_ENDIAN -MMD -MF test/exptest.d.tmp -MT test/exptest.o -c -o test/exptest.o test/exptest.c rm -f test/exptest make -f ./Makefile.shared -e \ PERL="/usr/bin/perl" SRCDIR=. \ APPNAME=test/exptest OBJECTS="test/exptest.o" \ LIBDEPS=' '" -L. -lcrypto"' -ldl ' \ CC='powerpc64-linux-gcc' CFLAGS='-DDSO_DLFCN -DHAVE_DLFCN_H -DNDEBUG -DOPENSSL_THREADS -DOPENSSL_NO_STATIC_ENGINE -DOPENSSL_PIC -DOPENSSL_BN_ASM_MONT -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DAES_ASM -DVPAES_ASM -DECP_NISTZ256_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib64/engines-1.1\"" -Wall -O3 -pthread -m64 -DB_ENDIAN ' \ LDFLAGS='' \ link_app.linux-shared make[2]: Entering directory ` LD_LIBRARY_PATH=.: powerpc64-linux-gcc -DDSO_DLFCN -DHAVE_DLFCN_H -DNDEBUG -DOPENSSL_THREADS -DOPENSSL_NO_STATIC_ENGINE -DOPENSSL_PIC -DOPENSSL_BN_ASM_MONT -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DAES_ASM -DVPAES_ASM -DECP_NISTZ256_ASM -DPOLY1305_ASM -DOPENSSLDIR="/usr/local/ssl" -DENGINESDIR="/usr/local/lib64/engines-1.1" -Wall -O3 -pthread -m64 -DB_ENDIAN -o test/exptest test/exptest.o -L. -lcrypto -ldl make[2]: Leaving directory ` powerpc64-linux-gcc -Iinclude -DDSO_DLFCN -DHAVE_DLFCN_H -DNDEBUG -DOPENSSL_THREADS -DOPENSSL_NO_STATIC_ENGINE -DOPENSSL_PIC -DOPENSSL_BN_ASM_MONT -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DAES_ASM -DVPAES_ASM -DECP_NISTZ256_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib64/engines-1.1\"" -Wall -O3 -pthread -m64 -DB_ENDIAN -MMD -MF test/gmdifftest.d.tmp -MT test/gmdifftest.o -c -o test/gmdifftest.o test/gmdifftest.c rm -f test/gmdifftest make -f ./Makefile.shared -e \ PERL="/usr/bin/perl" SRCDIR=. \ APPNAME=test/gmdifftest OBJECTS="test/gmdifftest.o" \ LIBDEPS=' '" -L. -lcrypto"' -ldl ' \ CC='powerpc64-linux-gcc' CFLAGS='-DDSO_DLFCN -DHAVE_DLFCN_H -DNDEBUG -DOPENSSL_THREADS -DOPENSSL_NO_STATIC_ENGINE -DOPENSSL_PIC -DOPENSSL_BN_ASM_MONT -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DAES_ASM -DVPAES_ASM -DECP_NISTZ256_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib64/engines-1.1\"" -Wall -O3 -pthread -m64 -DB_ENDIAN ' \ LDFLAGS='' \ link_app.linux-shared make[2]: Entering directory ` LD_LIBRARY_PATH=.: powerpc64-linux-gcc -DDSO_DLFCN -DHAVE_DLFCN_H -DNDEBUG -DOPENSSL_THREADS -DOPENSSL_NO_STATIC_ENGINE -DOPENSSL_PIC -DOPENSSL_BN_ASM_MONT -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DAES_ASM -DVPAES_ASM -DECP_NISTZ256_ASM -DPOLY1305_ASM -DOPENSSLDIR="/usr/local/ssl" -DENGINESDIR="/usr/local/lib64/engines-1.1" -Wall -O3 -pthread -m64 -DB_ENDIAN -o test/gmdifftest test/gmdifftest.o -L. -lcrypto -ldl make[2]: Leaving directory ` powerpc64-linux-gcc -I. -Iinclude -DDSO_DLFCN -DHAVE_DLFCN_H -DNDEBUG -DOPENSSL_THREADS -DOPENSSL_NO_STATIC_ENGINE -DOPENSSL_PIC -DOPENSSL_BN_ASM_MONT -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DAES_ASM -DVPAES_ASM -DECP_NISTZ256_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib64/engines-1.1\"" -Wall -O3 -pthread -m64 -DB_ENDIAN -MMD -MF test/heartbeat_test.d.tmp -MT test/heartbeat_test.o -c -o test/heartbeat_test.o test/heartbeat_test.c rm -f test/heartbeat_test make -f ./Makefile.shared -e \ PERL="/usr/bin/perl" SRCDIR=. \ APPNAME=test/heartbeat_test OBJECTS="test/heartbeat_test.o test/testutil.o" \ LIBDEPS=' '" -L. -lssl -L. -lcrypto"' -ldl ' \ CC='powerpc64-linux-gcc' CFLAGS='-DDSO_DLFCN -DHAVE_DLFCN_H -DNDEBUG -DOPENSSL_THREADS -DOPENSSL_NO_STATIC_ENGINE -DOPENSSL_PIC -DOPENSSL_BN_ASM_MONT -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DAES_ASM -DVPAES_ASM -DECP_NISTZ256_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib64/engines-1.1\"" -Wall -O3 -pthread -m64 -DB_ENDIAN ' \ LDFLAGS='' \ link_app.linux-shared make[2]: Entering directory ` LD_LIBRARY_PATH=.: powerpc64-linux-gcc -DDSO_DLFCN -DHAVE_DLFCN_H -DNDEBUG -DOPENSSL_THREADS -DOPENSSL_NO_STATIC_ENGINE -DOPENSSL_PIC -DOPENSSL_BN_ASM_MONT -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DAES_ASM -DVPAES_ASM -DECP_NISTZ256_ASM -DPOLY1305_ASM -DOPENSSLDIR="/usr/local/ssl" -DENGINESDIR="/usr/local/lib64/engines-1.1" -Wall -O3 -pthread -m64 -DB_ENDIAN -o test/heartbeat_test test/heartbeat_test.o test/testutil.o -L. -lssl -L. -lcrypto -ldl make[2]: Leaving directory ` powerpc64-linux-gcc -Iinclude -DDSO_DLFCN -DHAVE_DLFCN_H -DNDEBUG -DOPENSSL_THREADS -DOPENSSL_NO_STATIC_ENGINE -DOPENSSL_PIC -DOPENSSL_BN_ASM_MONT -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DAES_ASM -DVPAES_ASM -DECP_NISTZ256_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib64/engines-1.1\"" -Wall -O3 -pthread -m64 -DB_ENDIAN -MMD -MF test/hmactest.d.tmp -MT test/hmactest.o -c -o test/hmactest.o test/hmactest.c rm -f test/hmactest make -f ./Makefile.shared -e \ PERL="/usr/bin/perl" SRCDIR=. \ APPNAME=test/hmactest OBJECTS="test/hmactest.o" \ LIBDEPS=' '" -L. -lcrypto"' -ldl ' \ CC='powerpc64-linux-gcc' CFLAGS='-DDSO_DLFCN -DHAVE_DLFCN_H -DNDEBUG -DOPENSSL_THREADS -DOPENSSL_NO_STATIC_ENGINE -DOPENSSL_PIC -DOPENSSL_BN_ASM_MONT -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DAES_ASM -DVPAES_ASM -DECP_NISTZ256_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib64/engines-1.1\"" -Wall -O3 -pthread -m64 -DB_ENDIAN ' \ LDFLAGS='' \ link_app.linux-shared make[2]: Entering directory ` LD_LIBRARY_PATH=.: powerpc64-linux-gcc -DDSO_DLFCN -DHAVE_DLFCN_H -DNDEBUG -DOPENSSL_THREADS -DOPENSSL_NO_STATIC_ENGINE -DOPENSSL_PIC -DOPENSSL_BN_ASM_MONT -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DAES_ASM -DVPAES_ASM -DECP_NISTZ256_ASM -DPOLY1305_ASM -DOPENSSLDIR="/usr/local/ssl" -DENGINESDIR="/usr/local/lib64/engines-1.1" -Wall -O3 -pthread -m64 -DB_ENDIAN -o test/hmactest test/hmactest.o -L. -lcrypto -ldl make[2]: Leaving directory ` powerpc64-linux-gcc -Iinclude -DDSO_DLFCN -DHAVE_DLFCN_H -DNDEBUG -DOPENSSL_THREADS -DOPENSSL_NO_STATIC_ENGINE -DOPENSSL_PIC -DOPENSSL_BN_ASM_MONT -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DAES_ASM -DVPAES_ASM -DECP_NISTZ256_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib64/engines-1.1\"" -Wall -O3 -pthread -m64 -DB_ENDIAN -MMD -MF test/ideatest.d.tmp -MT test/ideatest.o -c -o test/ideatest.o test/ideatest.c rm -f test/ideatest make -f ./Makefile.shared -e \ PERL="/usr/bin/perl" SRCDIR=. \ APPNAME=test/ideatest OBJECTS="test/ideatest.o" \ LIBDEPS=' '" -L. -lcrypto"' -ldl ' \ CC='powerpc64-linux-gcc' CFLAGS='-DDSO_DLFCN -DHAVE_DLFCN_H -DNDEBUG -DOPENSSL_THREADS -DOPENSSL_NO_STATIC_ENGINE -DOPENSSL_PIC -DOPENSSL_BN_ASM_MONT -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DAES_ASM -DVPAES_ASM -DECP_NISTZ256_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib64/engines-1.1\"" -Wall -O3 -pthread -m64 -DB_ENDIAN ' \ LDFLAGS='' \ link_app.linux-shared make[2]: Entering directory ` LD_LIBRARY_PATH=.: powerpc64-linux-gcc -DDSO_DLFCN -DHAVE_DLFCN_H -DNDEBUG -DOPENSSL_THREADS -DOPENSSL_NO_STATIC_ENGINE -DOPENSSL_PIC -DOPENSSL_BN_ASM_MONT -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DAES_ASM -DVPAES_ASM -DECP_NISTZ256_ASM -DPOLY1305_ASM -DOPENSSLDIR="/usr/local/ssl" -DENGINESDIR="/usr/local/lib64/engines-1.1" -Wall -O3 -pthread -m64 -DB_ENDIAN -o test/ideatest test/ideatest.o -L. -lcrypto -ldl make[2]: Leaving directory ` powerpc64-linux-gcc -I. -Iinclude -DDSO_DLFCN -DHAVE_DLFCN_H -DNDEBUG -DOPENSSL_THREADS -DOPENSSL_NO_STATIC_ENGINE -DOPENSSL_PIC -DOPENSSL_BN_ASM_MONT -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DAES_ASM -DVPAES_ASM -DECP_NISTZ256_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib64/engines-1.1\"" -Wall -O3 -pthread -m64 -DB_ENDIAN -MMD -MF test/igetest.d.tmp -MT test/igetest.o -c -o test/igetest.o test/igetest.c rm -f test/igetest make -f ./Makefile.shared -e \ PERL="/usr/bin/perl" SRCDIR=. \ APPNAME=test/igetest OBJECTS="test/igetest.o" \ LIBDEPS=' '" -L. -lcrypto"' -ldl ' \ CC='powerpc64-linux-gcc' CFLAGS='-DDSO_DLFCN -DHAVE_DLFCN_H -DNDEBUG -DOPENSSL_THREADS -DOPENSSL_NO_STATIC_ENGINE -DOPENSSL_PIC -DOPENSSL_BN_ASM_MONT -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DAES_ASM -DVPAES_ASM -DECP_NISTZ256_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib64/engines-1.1\"" -Wall -O3 -pthread -m64 -DB_ENDIAN ' \ LDFLAGS='' \ link_app.linux-shared make[2]: Entering directory ` LD_LIBRARY_PATH=.: powerpc64-linux-gcc -DDSO_DLFCN -DHAVE_DLFCN_H -DNDEBUG -DOPENSSL_THREADS -DOPENSSL_NO_STATIC_ENGINE -DOPENSSL_PIC -DOPENSSL_BN_ASM_MONT -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DAES_ASM -DVPAES_ASM -DECP_NISTZ256_ASM -DPOLY1305_ASM -DOPENSSLDIR="/usr/local/ssl" -DENGINESDIR="/usr/local/lib64/engines-1.1" -Wall -O3 -pthread -m64 -DB_ENDIAN -o test/igetest test/igetest.o -L. -lcrypto -ldl make[2]: Leaving directory ` powerpc64-linux-gcc -Iinclude -DDSO_DLFCN -DHAVE_DLFCN_H -DNDEBUG -DOPENSSL_THREADS -DOPENSSL_NO_STATIC_ENGINE -DOPENSSL_PIC -DOPENSSL_BN_ASM_MONT -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DAES_ASM -DVPAES_ASM -DECP_NISTZ256_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib64/engines-1.1\"" -Wall -O3 -pthread -m64 -DB_ENDIAN -MMD -MF test/md2test.d.tmp -MT test/md2test.o -c -o test/md2test.o test/md2test.c rm -f test/md2test make -f ./Makefile.shared -e \ PERL="/usr/bin/perl" SRCDIR=. \ APPNAME=test/md2test OBJECTS="test/md2test.o" \ LIBDEPS=' '" -L. -lcrypto"' -ldl ' \ CC='powerpc64-linux-gcc' CFLAGS='-DDSO_DLFCN -DHAVE_DLFCN_H -DNDEBUG -DOPENSSL_THREADS -DOPENSSL_NO_STATIC_ENGINE -DOPENSSL_PIC -DOPENSSL_BN_ASM_MONT -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DAES_ASM -DVPAES_ASM -DECP_NISTZ256_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib64/engines-1.1\"" -Wall -O3 -pthread -m64 -DB_ENDIAN ' \ LDFLAGS='' \ link_app.linux-shared make[2]: Entering directory ` LD_LIBRARY_PATH=.: powerpc64-linux-gcc -DDSO_DLFCN -DHAVE_DLFCN_H -DNDEBUG -DOPENSSL_THREADS -DOPENSSL_NO_STATIC_ENGINE -DOPENSSL_PIC -DOPENSSL_BN_ASM_MONT -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DAES_ASM -DVPAES_ASM -DECP_NISTZ256_ASM -DPOLY1305_ASM -DOPENSSLDIR="/usr/local/ssl" -DENGINESDIR="/usr/local/lib64/engines-1.1" -Wall -O3 -pthread -m64 -DB_ENDIAN -o test/md2test test/md2test.o -L. -lcrypto -ldl make[2]: Leaving directory ` powerpc64-linux-gcc -Iinclude -DDSO_DLFCN -DHAVE_DLFCN_H -DNDEBUG -DOPENSSL_THREADS -DOPENSSL_NO_STATIC_ENGINE -DOPENSSL_PIC -DOPENSSL_BN_ASM_MONT -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DAES_ASM -DVPAES_ASM -DECP_NISTZ256_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib64/engines-1.1\"" -Wall -O3 -pthread -m64 -DB_ENDIAN -MMD -MF test/md4test.d.tmp -MT test/md4test.o -c -o test/md4test.o test/md4test.c rm -f test/md4test make -f ./Makefile.shared -e \ PERL="/usr/bin/perl" SRCDIR=. \ APPNAME=test/md4test OBJECTS="test/md4test.o" \ LIBDEPS=' '" -L. -lcrypto"' -ldl ' \ CC='powerpc64-linux-gcc' CFLAGS='-DDSO_DLFCN -DHAVE_DLFCN_H -DNDEBUG -DOPENSSL_THREADS -DOPENSSL_NO_STATIC_ENGINE -DOPENSSL_PIC -DOPENSSL_BN_ASM_MONT -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DAES_ASM -DVPAES_ASM -DECP_NISTZ256_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib64/engines-1.1\"" -Wall -O3 -pthread -m64 -DB_ENDIAN ' \ LDFLAGS='' \ link_app.linux-shared make[2]: Entering directory ` LD_LIBRARY_PATH=.: powerpc64-linux-gcc -DDSO_DLFCN -DHAVE_DLFCN_H -DNDEBUG -DOPENSSL_THREADS -DOPENSSL_NO_STATIC_ENGINE -DOPENSSL_PIC -DOPENSSL_BN_ASM_MONT -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DAES_ASM -DVPAES_ASM -DECP_NISTZ256_ASM -DPOLY1305_ASM -DOPENSSLDIR="/usr/local/ssl" -DENGINESDIR="/usr/local/lib64/engines-1.1" -Wall -O3 -pthread -m64 -DB_ENDIAN -o test/md4test test/md4test.o -L. -lcrypto -ldl make[2]: Leaving directory ` powerpc64-linux-gcc -Iinclude -DDSO_DLFCN -DHAVE_DLFCN_H -DNDEBUG -DOPENSSL_THREADS -DOPENSSL_NO_STATIC_ENGINE -DOPENSSL_PIC -DOPENSSL_BN_ASM_MONT -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DAES_ASM -DVPAES_ASM -DECP_NISTZ256_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib64/engines-1.1\"" -Wall -O3 -pthread -m64 -DB_ENDIAN -MMD -MF test/md5test.d.tmp -MT test/md5test.o -c -o test/md5test.o test/md5test.c rm -f test/md5test make -f ./Makefile.shared -e \ PERL="/usr/bin/perl" SRCDIR=. \ APPNAME=test/md5test OBJECTS="test/md5test.o" \ LIBDEPS=' '" -L. -lcrypto"' -ldl ' \ CC='powerpc64-linux-gcc' CFLAGS='-DDSO_DLFCN -DHAVE_DLFCN_H -DNDEBUG -DOPENSSL_THREADS -DOPENSSL_NO_STATIC_ENGINE -DOPENSSL_PIC -DOPENSSL_BN_ASM_MONT -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DAES_ASM -DVPAES_ASM -DECP_NISTZ256_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib64/engines-1.1\"" -Wall -O3 -pthread -m64 -DB_ENDIAN ' \ LDFLAGS='' \ link_app.linux-shared make[2]: Entering directory ` LD_LIBRARY_PATH=.: powerpc64-linux-gcc -DDSO_DLFCN -DHAVE_DLFCN_H -DNDEBUG -DOPENSSL_THREADS -DOPENSSL_NO_STATIC_ENGINE -DOPENSSL_PIC -DOPENSSL_BN_ASM_MONT -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DAES_ASM -DVPAES_ASM -DECP_NISTZ256_ASM -DPOLY1305_ASM -DOPENSSLDIR="/usr/local/ssl" -DENGINESDIR="/usr/local/lib64/engines-1.1" -Wall -O3 -pthread -m64 -DB_ENDIAN -o test/md5test test/md5test.o -L. -lcrypto -ldl make[2]: Leaving directory ` powerpc64-linux-gcc -I. -Iinclude -DDSO_DLFCN -DHAVE_DLFCN_H -DNDEBUG -DOPENSSL_THREADS -DOPENSSL_NO_STATIC_ENGINE -DOPENSSL_PIC -DOPENSSL_BN_ASM_MONT -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DAES_ASM -DVPAES_ASM -DECP_NISTZ256_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib64/engines-1.1\"" -Wall -O3 -pthread -m64 -DB_ENDIAN -MMD -MF test/mdc2_internal_test.d.tmp -MT test/mdc2_internal_test.o -c -o test/mdc2_internal_test.o test/mdc2_internal_test.c rm -f test/mdc2_internal_test make -f ./Makefile.shared -e \ PERL="/usr/bin/perl" SRCDIR=. \ APPNAME=test/mdc2_internal_test OBJECTS="test/mdc2_internal_test.o test/testutil.o" \ LIBDEPS=' '" -L. -lcrypto"' -ldl ' \ CC='powerpc64-linux-gcc' CFLAGS='-DDSO_DLFCN -DHAVE_DLFCN_H -DNDEBUG -DOPENSSL_THREADS -DOPENSSL_NO_STATIC_ENGINE -DOPENSSL_PIC -DOPENSSL_BN_ASM_MONT -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DAES_ASM -DVPAES_ASM -DECP_NISTZ256_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib64/engines-1.1\"" -Wall -O3 -pthread -m64 -DB_ENDIAN ' \ LDFLAGS='' \ link_app.linux-shared make[2]: Entering directory ` LD_LIBRARY_PATH=.: powerpc64-linux-gcc -DDSO_DLFCN -DHAVE_DLFCN_H -DNDEBUG -DOPENSSL_THREADS -DOPENSSL_NO_STATIC_ENGINE -DOPENSSL_PIC -DOPENSSL_BN_ASM_MONT -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DAES_ASM -DVPAES_ASM -DECP_NISTZ256_ASM -DPOLY1305_ASM -DOPENSSLDIR="/usr/local/ssl" -DENGINESDIR="/usr/local/lib64/engines-1.1" -Wall -O3 -pthread -m64 -DB_ENDIAN -o test/mdc2_internal_test test/mdc2_internal_test.o test/testutil.o -L. -lcrypto -ldl make[2]: Leaving directory ` powerpc64-linux-gcc -Iinclude -DDSO_DLFCN -DHAVE_DLFCN_H -DNDEBUG -DOPENSSL_THREADS -DOPENSSL_NO_STATIC_ENGINE -DOPENSSL_PIC -DOPENSSL_BN_ASM_MONT -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DAES_ASM -DVPAES_ASM -DECP_NISTZ256_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib64/engines-1.1\"" -Wall -O3 -pthread -m64 -DB_ENDIAN -MMD -MF test/mdc2test.d.tmp -MT test/mdc2test.o -c -o test/mdc2test.o test/mdc2test.c rm -f test/mdc2test make -f ./Makefile.shared -e \ PERL="/usr/bin/perl" SRCDIR=. \ APPNAME=test/mdc2test OBJECTS="test/mdc2test.o" \ LIBDEPS=' '" -L. -lcrypto"' -ldl ' \ CC='powerpc64-linux-gcc' CFLAGS='-DDSO_DLFCN -DHAVE_DLFCN_H -DNDEBUG -DOPENSSL_THREADS -DOPENSSL_NO_STATIC_ENGINE -DOPENSSL_PIC -DOPENSSL_BN_ASM_MONT -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DAES_ASM -DVPAES_ASM -DECP_NISTZ256_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib64/engines-1.1\"" -Wall -O3 -pthread -m64 -DB_ENDIAN ' \ LDFLAGS='' \ link_app.linux-shared make[2]: Entering directory ` LD_LIBRARY_PATH=.: powerpc64-linux-gcc -DDSO_DLFCN -DHAVE_DLFCN_H -DNDEBUG -DOPENSSL_THREADS -DOPENSSL_NO_STATIC_ENGINE -DOPENSSL_PIC -DOPENSSL_BN_ASM_MONT -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DAES_ASM -DVPAES_ASM -DECP_NISTZ256_ASM -DPOLY1305_ASM -DOPENSSLDIR="/usr/local/ssl" -DENGINESDIR="/usr/local/lib64/engines-1.1" -Wall -O3 -pthread -m64 -DB_ENDIAN -o test/mdc2test test/mdc2test.o -L. -lcrypto -ldl make[2]: Leaving directory ` powerpc64-linux-gcc -Iinclude -DDSO_DLFCN -DHAVE_DLFCN_H -DNDEBUG -DOPENSSL_THREADS -DOPENSSL_NO_STATIC_ENGINE -DOPENSSL_PIC -DOPENSSL_BN_ASM_MONT -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DAES_ASM -DVPAES_ASM -DECP_NISTZ256_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib64/engines-1.1\"" -Wall -O3 -pthread -m64 -DB_ENDIAN -MMD -MF test/memleaktest.d.tmp -MT test/memleaktest.o -c -o test/memleaktest.o test/memleaktest.c rm -f test/memleaktest make -f ./Makefile.shared -e \ PERL="/usr/bin/perl" SRCDIR=. \ APPNAME=test/memleaktest OBJECTS="test/memleaktest.o" \ LIBDEPS=' '" -L. -lcrypto"' -ldl ' \ CC='powerpc64-linux-gcc' CFLAGS='-DDSO_DLFCN -DHAVE_DLFCN_H -DNDEBUG -DOPENSSL_THREADS -DOPENSSL_NO_STATIC_ENGINE -DOPENSSL_PIC -DOPENSSL_BN_ASM_MONT -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DAES_ASM -DVPAES_ASM -DECP_NISTZ256_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib64/engines-1.1\"" -Wall -O3 -pthread -m64 -DB_ENDIAN ' \ LDFLAGS='' \ link_app.linux-shared make[2]: Entering directory ` LD_LIBRARY_PATH=.: powerpc64-linux-gcc -DDSO_DLFCN -DHAVE_DLFCN_H -DNDEBUG -DOPENSSL_THREADS -DOPENSSL_NO_STATIC_ENGINE -DOPENSSL_PIC -DOPENSSL_BN_ASM_MONT -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DAES_ASM -DVPAES_ASM -DECP_NISTZ256_ASM -DPOLY1305_ASM -DOPENSSLDIR="/usr/local/ssl" -DENGINESDIR="/usr/local/lib64/engines-1.1" -Wall -O3 -pthread -m64 -DB_ENDIAN -o test/memleaktest test/memleaktest.o -L. -lcrypto -ldl make[2]: Leaving directory ` powerpc64-linux-gcc -I. -Iinclude -DDSO_DLFCN -DHAVE_DLFCN_H -DNDEBUG -DOPENSSL_THREADS -DOPENSSL_NO_STATIC_ENGINE -DOPENSSL_PIC -DOPENSSL_BN_ASM_MONT -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DAES_ASM -DVPAES_ASM -DECP_NISTZ256_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib64/engines-1.1\"" -Wall -O3 -pthread -m64 -DB_ENDIAN -MMD -MF test/modes_internal_test.d.tmp -MT test/modes_internal_test.o -c -o test/modes_internal_test.o test/modes_internal_test.c make[1]: *** No rule to make target `test/ppccap.c', needed by `test/ppccap.o'. Stop. make[1]: Leaving directory ` make: *** [all] Error 2 Build step 'Execute shell' marked build as failure From matt at openssl.org Fri Nov 4 10:45:31 2016 From: matt at openssl.org (Matt Caswell) Date: Fri, 04 Nov 2016 10:45:31 +0000 Subject: [openssl-commits] [openssl] master update Message-ID: <1478256331.184721.25060.nullmailer@dev.openssl.org> The branch master has been updated via a1ca39c02c5507536ee586e787f12f9ea3ea908b (commit) via e8585479a1541a722c5399ed53749cf3b0915e64 (commit) via 92ab7db6f8dabd9f071a8c70c65f85e4fbbfd375 (commit) via bc708af4b0148c23f5f76b549ccb3c996bfd11aa (commit) via b289bff830b081ce38437036766cea9a0d92d093 (commit) via 1669b7b58724c800971b817cd7c7400ce6eae547 (commit) via 1c8235c9b3e328d4c8637fd51b1f45adfa6ee446 (commit) via fc237de7ff4886c0d58300051ea4325e10b6943f (commit) via 0abcaddfcbe643e4f57c873e3b890d785bcb7357 (commit) via aedf33aed53a414a0935d578da1817d8cbaa11ad (commit) via 06e452fbc166339aa28280f4f6f2ba3e958cfbd6 (commit) via 8beda2c12dc58389dd3c036b0858e15b010567da (commit) via 5b2d35c34407c6f40c8e544f86ab4f50c779518c (commit) via 2fd0dfd9f69468b8276b0cd3a292a9b1aa24fef9 (commit) via da88e88a79b4e283328bb09f60b6e0099ae939e9 (commit) via d664ff498cad7b40fe330ce91f211b327e2e3090 (commit) via 5227337a7c340eeeebaced1230e8dfaa7a8ec7db (commit) via a60150e9abe3bf67a889d9b0e1fe90f3d2b91123 (commit) via 4d040e283e3ed611a0a7864ed3198fc01fb340a6 (commit) via 9e663b13714f36a2069cfddf493a5d27985e26a0 (commit) via d5df08afb43d66c26a512093c22a70d3a079dc3f (commit) via ce2596d404c16266b6bd5614b2d5159b67054d58 (commit) via cfa76979867a2401d435cafe66e05c4234785480 (commit) via 50b014e4c62cb9315de949e0e84b1628142d1401 (commit) via 694cfa1f49797ffdaf55817caefa2dc31043511a (commit) via 7b73b7beda88501b9d6e062a5dbf9a72f791dfda (commit) via 8c6c5077b211ea73223c950edff98f0891853dc8 (commit) via eef977aa0e6c6614bc99bd8357bc4afba91737f7 (commit) from 62dd3351a16089aedb0f1e62e3b6df371c93389c (commit) - Log ----------------------------------------------------------------- commit a1ca39c02c5507536ee586e787f12f9ea3ea908b Author: Matt Caswell Date: Fri Oct 28 10:09:29 2016 +0100 Remove an unused field in ossl_shim Reviewed-by: Richard Levitte commit e8585479a1541a722c5399ed53749cf3b0915e64 Author: Matt Caswell Date: Fri Oct 28 10:07:44 2016 +0100 Add a wildcard exception for TLS13 tests Reviewed-by: Richard Levitte commit 92ab7db6f8dabd9f071a8c70c65f85e4fbbfd375 Author: Matt Caswell Date: Fri Oct 28 09:57:16 2016 +0100 Swap header copyrights to standard OpenSSL As per permission from Google (Emilia). Reviewed-by: Richard Levitte commit bc708af4b0148c23f5f76b549ccb3c996bfd11aa Author: Matt Caswell Date: Tue Oct 25 22:13:17 2016 +0100 Add missing bn.h include Reviewed-by: Richard Levitte commit b289bff830b081ce38437036766cea9a0d92d093 Author: Matt Caswell Date: Wed Oct 19 12:59:26 2016 +0100 Update the BoringSSL suppressions file based on the latest shim The updated shim has the ability to skip tests using unimplemented flags. This should reduce the number of test failures. Reviewed-by: Richard Levitte commit 1669b7b58724c800971b817cd7c7400ce6eae547 Author: Matt Caswell Date: Wed Oct 19 11:37:17 2016 +0100 Rename BoringSSL style OPENSSL_WINDOWS to OPENSSL_SYS_WINDOWS Reviewed-by: Richard Levitte commit 1c8235c9b3e328d4c8637fd51b1f45adfa6ee446 Author: Matt Caswell Date: Wed Oct 19 11:35:55 2016 +0100 Fix a code inconsistency Move from two ifs to a single one with an && Reviewed-by: Richard Levitte commit fc237de7ff4886c0d58300051ea4325e10b6943f Author: Matt Caswell Date: Wed Oct 19 11:33:59 2016 +0100 Remove some #if 0'd out code It was only a sanity check anyway, so isn't needed Reviewed-by: Richard Levitte commit 0abcaddfcbe643e4f57c873e3b890d785bcb7357 Author: Matt Caswell Date: Wed Oct 19 11:33:06 2016 +0100 Removed scoped_types.h It is no longer used (replaced with bssl:UniquePtr) Reviewed-by: Richard Levitte commit aedf33aed53a414a0935d578da1817d8cbaa11ad Author: Matt Caswell Date: Wed Oct 19 11:22:07 2016 +0100 Remove some flags that are unused in the shim Reviewed-by: Richard Levitte commit 06e452fbc166339aa28280f4f6f2ba3e958cfbd6 Author: Matt Caswell Date: Wed Oct 19 11:21:25 2016 +0100 Use the -allow-unimplemented feature of the BoringSSL runner That way we can remove flags that we don't support Reviewed-by: Richard Levitte commit 8beda2c12dc58389dd3c036b0858e15b010567da Author: Matt Caswell Date: Wed Oct 19 11:03:38 2016 +0100 Remove unused BoringSSL specific flags We will rely on the -allow-unimplemented feature instead. Reviewed-by: Richard Levitte commit 5b2d35c34407c6f40c8e544f86ab4f50c779518c Author: Matt Caswell Date: Wed Oct 19 10:53:25 2016 +0100 Remove some unreferenced fields from TestState They were there for BoringSSL only features which are not relevant to us. Reviewed-by: Richard Levitte commit 2fd0dfd9f69468b8276b0cd3a292a9b1aa24fef9 Author: Matt Caswell Date: Wed Oct 19 10:52:47 2016 +0100 Remove some #if 0'd out code It was just a sanity check and isn't needed Reviewed-by: Richard Levitte commit da88e88a79b4e283328bb09f60b6e0099ae939e9 Author: Matt Caswell Date: Sat Oct 15 11:24:13 2016 +0100 Fix argument order in documentation git clone has the directory name last Reviewed-by: Richard Levitte commit d664ff498cad7b40fe330ce91f211b327e2e3090 Author: Matt Caswell Date: Sat Oct 15 11:11:23 2016 +0100 Remove test/ossl_shim/Makefile This Makefile was temporary. Building ossl_shim has now been integrated into to the build system. Reviewed-by: Richard Levitte commit 5227337a7c340eeeebaced1230e8dfaa7a8ec7db Author: Matt Caswell Date: Sat Oct 15 11:09:20 2016 +0100 Add documentation on the BoringSSL test suite integration Added the file README.external which describes how to build and run OpenSSL to use the BoringSSL test suite. Also updated INSTALL to point to it. Reviewed-by: Richard Levitte commit a60150e9abe3bf67a889d9b0e1fe90f3d2b91123 Author: Matt Caswell Date: Fri Oct 14 20:32:18 2016 +0100 Add -std=c++11 to CXXFLAGS Reviewed-by: Richard Levitte commit 4d040e283e3ed611a0a7864ed3198fc01fb340a6 Author: Matt Caswell Date: Fri Oct 14 16:18:47 2016 +0100 Fix some unused variable warnings in ossl_shim Reviewed-by: Richard Levitte commit 9e663b13714f36a2069cfddf493a5d27985e26a0 Author: Matt Caswell Date: Fri Oct 14 15:55:49 2016 +0100 Add a comment to 90-test_external.t to explain why we need filter_run Also rename executable to cmd...otherwise it breaks! Reviewed-by: Richard Levitte commit d5df08afb43d66c26a512093c22a70d3a079dc3f Author: Richard Levitte Date: Fri Oct 14 15:52:50 2016 +0100 Convert 90-test_external.t to using "executable" rather than "system" Use the newly added "executable" function rather than "system". Also filter the output to add a prefix to every line so that the "ok" doesn't confuse Test::More Reviewed-by: Richard Levitte Reviewed-by: Matt Caswell commit ce2596d404c16266b6bd5614b2d5159b67054d58 Author: Matt Caswell Date: Wed Oct 12 16:21:13 2016 +0100 Control building of ossl_shim through Configure Don't build ossl_shim by default. Switch it on through enable-external-tests. Reviewed-by: Richard Levitte commit cfa76979867a2401d435cafe66e05c4234785480 Author: Richard Levitte Date: Wed Oct 12 16:05:06 2016 +0100 Integrate ossl_shim into the build Reviewed-by: Richard Levitte Reviewed-by: Matt Caswell commit 50b014e4c62cb9315de949e0e84b1628142d1401 Author: Matt Caswell Date: Wed Oct 12 15:43:46 2016 +0100 Add a shim config file This just disables all tests that fail at the moment. Over time we will want to go over these and figure out why they are failing (and fix them if appropriate) Reviewed-by: Richard Levitte commit 694cfa1f49797ffdaf55817caefa2dc31043511a Author: Matt Caswell Date: Wed Oct 12 12:07:33 2016 +0100 Add ossl_shim to .gitignore Reviewed-by: Richard Levitte commit 7b73b7beda88501b9d6e062a5dbf9a72f791dfda Author: Matt Caswell Date: Wed Oct 12 10:56:29 2016 +0100 Rebase shim against latest boringssl code Numerous conflicts resolved. rebase was against commit 490469f850. Reviewed-by: Richard Levitte commit 8c6c5077b211ea73223c950edff98f0891853dc8 Author: Matt Caswell Date: Mon Oct 10 12:24:00 2016 +0100 Add a test to call the BoringSSL test suite This adds a test to the OpenSSL test suite to invoke the BoringSSL test suite. It assumes you have already compiled the ossl_shim (see previous commit). It also assumes that you have an environment variable BORING_RUNNER_DIR set up to point to the ssl/test/runner directory of a checkout of BoringSSL. This has only been tested with a very old version of BoringSSL (from commit f277add6c) - since that was the last known checkout where the shim compiles successfully. Even with that version of BoringSSL this test will fail. There are lots of Boring tests that are failing for various reasons. Some might be due to bugs in OpenSSL, some might be due to features that BoringSSL has that OpenSSL doesn't, some are due to assumptions about the way BoringSSL behaves that are not true for OpenSSL etc. To get the verbose BoringSSL test output, run like this: VERBOSE=1 BORING_RUNNER_DIR=/path/to/boring/ssl/test/runner make \ TESTS="test_external" test Reviewed-by: Richard Levitte commit eef977aa0e6c6614bc99bd8357bc4afba91737f7 Author: Matt Caswell Date: Mon Oct 10 12:17:21 2016 +0100 Integrate BoringSSL shim The BoringSSL test suite contains numerous tests which OpenSSL does not. The BoringSSL test runner uses a shim to launch the library and execute the tests. This is a version of the BoringSSL shim converted to compile against OpenSSL instead. This is primarily based on the work of David Benjamin from the BoringSSL project who did most of the necessary conversion. It also includes a few other tweaks for opacity changes etc. This is based on a *very* old version of BoringSSL from commit f277add6c. That was the last commit known to work with this patched shim. Later versions may also work but lots of merge conflicts occur when trying to bring it up to date. At the moment this has not been integrated into the build system. There is a very simple standalone makefile in the ossl_shim directory which should be executed directly before tyring to use the shim. Reviewed-by: Richard Levitte ----------------------------------------------------------------------- Summary of changes: .gitignore | 1 + Configurations/unix-Makefile.tmpl | 2 +- Configure | 8 + INSTALL | 7 + test/README.external | 65 ++ test/ossl_shim/async_bio.cc | 183 +++++ test/ossl_shim/async_bio.h | 39 + test/ossl_shim/build.info | 6 + test/ossl_shim/include/openssl/base.h | 158 ++++ test/ossl_shim/ossl_config.json | 1185 ++++++++++++++++++++++++++++++ test/ossl_shim/ossl_shim.cc | 1265 +++++++++++++++++++++++++++++++++ test/ossl_shim/packeted_bio.cc | 299 ++++++++ test/ossl_shim/packeted_bio.h | 44 ++ test/ossl_shim/test_config.cc | 181 +++++ test/ossl_shim/test_config.h | 88 +++ test/recipes/90-test_external.t | 41 ++ 16 files changed, 3571 insertions(+), 1 deletion(-) create mode 100644 test/README.external create mode 100644 test/ossl_shim/async_bio.cc create mode 100644 test/ossl_shim/async_bio.h create mode 100644 test/ossl_shim/build.info create mode 100644 test/ossl_shim/include/openssl/base.h create mode 100644 test/ossl_shim/ossl_config.json create mode 100644 test/ossl_shim/ossl_shim.cc create mode 100644 test/ossl_shim/packeted_bio.cc create mode 100644 test/ossl_shim/packeted_bio.h create mode 100644 test/ossl_shim/test_config.cc create mode 100644 test/ossl_shim/test_config.h create mode 100644 test/recipes/90-test_external.t diff --git a/.gitignore b/.gitignore index 23c48be..0a7edfc 100644 --- a/.gitignore +++ b/.gitignore @@ -50,6 +50,7 @@ Makefile /test/ssltest_old /test/x509aux /test/v3ext +/test/ossl_shim/ossl_shim # Certain files that get created by tests on the fly /test/*.ss diff --git a/Configurations/unix-Makefile.tmpl b/Configurations/unix-Makefile.tmpl index eb47630..28ec045 100644 --- a/Configurations/unix-Makefile.tmpl +++ b/Configurations/unix-Makefile.tmpl @@ -174,7 +174,7 @@ CC= $(CROSS_COMPILE){- $target{cc} -} CFLAGS={- our $cflags2 = join(" ",(map { "-D".$_} @{$target{defines}}, @{$config{defines}}),"-DOPENSSLDIR=\"\\\"\$(OPENSSLDIR)\\\"\"","-DENGINESDIR=\"\\\"\$(ENGINESDIR)\\\"\"") -} {- $target{cflags} -} {- $config{cflags} -} CFLAGS_Q={- $cflags2 =~ s|([\\"])|\\$1|g; $cflags2 -} {- $config{cflags} -} CXX= $(CROSS_COMPILE){- $target{cxx} -} -CXXFLAGS={- our $cxxflags2 = join(" ",(map { "-D".$_} @{$target{defines}}, @{$config{defines}}),"-DOPENSSLDIR=\"\\\"\$(OPENSSLDIR)\\\"\"","-DENGINESDIR=\"\\\"\$(ENGINESDIR)\\\"\"") -} {- $target{cxxflags} -} {- $config{cxxflags} -} +CXXFLAGS={- our $cxxflags2 = join(" ",(map { "-D".$_} @{$target{defines}}, @{$config{defines}}),"-DOPENSSLDIR=\"\\\"\$(OPENSSLDIR)\\\"\"","-DENGINESDIR=\"\\\"\$(ENGINESDIR)\\\"\"") -} {- $target{cxxflags} -} {- $config{cxxflags} -} -std=c++11 LDFLAGS= {- $target{lflags} -} PLIB_LDFLAGS= {- $target{plib_lflags} -} EX_LIBS= {- $target{ex_libs} -} {- $config{ex_libs} -} diff --git a/Configure b/Configure index 884f7bd..3289e9f 100755 --- a/Configure +++ b/Configure @@ -316,6 +316,8 @@ $config{sdirs} = [ "evp", "asn1", "pem", "x509", "x509v3", "conf", "txt_db", "pkcs7", "pkcs12", "comp", "ocsp", "ui", "cms", "ts", "srp", "cmac", "ct", "async", "kdf" ]; +# test/ subdirectories to build +$config{tdirs} = [ "ossl_shim" ]; # Known TLS and DTLS protocols my @tls = qw(ssl3 tls1 tls1_1 tls1_2 tls1_3); @@ -360,6 +362,7 @@ my @disablables = ( "egd", "engine", "err", + "external-tests", "filenames", "fuzz-libfuzzer", "fuzz-afl", @@ -429,6 +432,7 @@ our %disabled = ( # "what" => "comment" "crypto-mdebug-backtrace" => "default", "ec_nistp_64_gcc_128" => "default", "egd" => "default", + "external-tests" => "default", "fuzz-libfuzzer" => "default", "fuzz-afl" => "default", "heartbeats" => "default", @@ -1426,6 +1430,10 @@ if ($builder eq "unified") { push @build_infos, [ catdir("engines", $_), "build.info" ] if (-f catfile($srcdir, "engines", $_, "build.info")); } + foreach (@{$config{tdirs}}) { + push @build_infos, [ catdir("test", $_), "build.info" ] + if (-f catfile($srcdir, "test", $_, "build.info")); + } $config{build_infos} = [ ]; diff --git a/INSTALL b/INSTALL index a393225..36cb090 100644 --- a/INSTALL +++ b/INSTALL @@ -310,6 +310,13 @@ no-err Don't compile in any error strings. + enable-external-tests + Enable building of integration with external test suites. + This is a developer option and may not work on all platforms. + The only supported external test suite at the current time is + the BoringSSL test suite. See the file test/README.external + for further details. + no-filenames Don't compile in filename and line number information (e.g. for errors and memory allocation). diff --git a/test/README.external b/test/README.external new file mode 100644 index 0000000..3cd0541 --- /dev/null +++ b/test/README.external @@ -0,0 +1,65 @@ +Running the BoringSSL test suite with OpenSSL +============================================= + +It is possible to integrate external test suites into OpenSSL's "make test". At +the current time the only supported external suite is the one used by +BoringSSL. + +This capability is considered a developer option and may not work on all +platforms. + +In order to run the BoringSSL tests with OpenSSL, first checkout the BoringSSL +source code into an appropriate directory: + +$ git clone https://boringssl.googlesource.com/boringssl boringssl + +The BoringSSL tests are only confirmed to work at a specific commit in the +BoringSSL repository. Later commits may or may not pass the test suite: + +$ cd boringssl +$ git checkout 490469f850e + +From the OpenSSL source code configure to use the external tests: + +$ cd ../openssl +$ ./config enable-ssl3 enable-ssl3-method enable-weak-ssl-ciphers \ + enable-external-tests + +Note that using other config option than those given above may cause the tests +to fail. + +Run the OpenSSL tests by providing the path to the BoringSSL test runner in the +BORING_RUNNER_DIR environment variable: + +$ BORING_RUNNER_DIR=/path/to/boringssl/ssl/test/runner make test + +Note that the test suite may change directory while running so the path provided +should be absolute and not relative to the current working directory. + +To see more detailed output you can run just the BoringSSL tests with the +verbose option: + +$ VERBOSE=1 BORING_RUNNER_DIR=/path/to/boringssl/ssl/test/runner make \ + TESTS="test_external" test + + +Test failures and suppressions +============================== + +A large number of the BoringSSL tests are known to fail. A test could fail +because of many possible reasons. For example: + +- A bug in OpenSSL +- Different interpretations of standards +- Assumptions about the way BoringSSL works that do not apply to OpenSSL +- The test uses APIs added to BoringSSL that are not present in OpenSSL +- etc + +In order to provide a "clean" baseline run with all the tests passing a config +file has been provided that suppresses the running of tests that are known to +fail. These suppressions are held in the file "test/ossl_shim/ossl_config.json" +within the OpenSSL source code. + +The community is encouraged to contribute patches which reduce the number of +suppressions that are currently present. + diff --git a/test/ossl_shim/async_bio.cc b/test/ossl_shim/async_bio.cc new file mode 100644 index 0000000..f0f6a38 --- /dev/null +++ b/test/ossl_shim/async_bio.cc @@ -0,0 +1,183 @@ +/* + * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#include "async_bio.h" + +#include +#include + +#include +#include + + +namespace { + +struct AsyncBio { + bool datagram; + bool enforce_write_quota; + size_t read_quota; + size_t write_quota; +}; + +AsyncBio *GetData(BIO *bio) { + return (AsyncBio *)BIO_get_data(bio); +} + +static int AsyncWrite(BIO *bio, const char *in, int inl) { + AsyncBio *a = GetData(bio); + if (a == NULL || BIO_next(bio) == NULL) { + return 0; + } + + if (!a->enforce_write_quota) { + return BIO_write(BIO_next(bio), in, inl); + } + + BIO_clear_retry_flags(bio); + + if (a->write_quota == 0) { + BIO_set_retry_write(bio); + errno = EAGAIN; + return -1; + } + + if (!a->datagram && (size_t)inl > a->write_quota) { + inl = a->write_quota; + } + int ret = BIO_write(BIO_next(bio), in, inl); + if (ret <= 0) { + BIO_copy_next_retry(bio); + } else { + a->write_quota -= (a->datagram ? 1 : ret); + } + return ret; +} + +static int AsyncRead(BIO *bio, char *out, int outl) { + AsyncBio *a = GetData(bio); + if (a == NULL || BIO_next(bio) == NULL) { + return 0; + } + + BIO_clear_retry_flags(bio); + + if (a->read_quota == 0) { + BIO_set_retry_read(bio); + errno = EAGAIN; + return -1; + } + + if (!a->datagram && (size_t)outl > a->read_quota) { + outl = a->read_quota; + } + int ret = BIO_read(BIO_next(bio), out, outl); + if (ret <= 0) { + BIO_copy_next_retry(bio); + } else { + a->read_quota -= (a->datagram ? 1 : ret); + } + return ret; +} + +static long AsyncCtrl(BIO *bio, int cmd, long num, void *ptr) { + if (BIO_next(bio) == NULL) { + return 0; + } + BIO_clear_retry_flags(bio); + int ret = BIO_ctrl(BIO_next(bio), cmd, num, ptr); + BIO_copy_next_retry(bio); + return ret; +} + +static int AsyncNew(BIO *bio) { + AsyncBio *a = (AsyncBio *)OPENSSL_malloc(sizeof(*a)); + if (a == NULL) { + return 0; + } + memset(a, 0, sizeof(*a)); + a->enforce_write_quota = true; + BIO_set_init(bio, 1); + BIO_set_data(bio, a); + return 1; +} + +static int AsyncFree(BIO *bio) { + if (bio == NULL) { + return 0; + } + + OPENSSL_free(BIO_get_data(bio)); + BIO_set_data(bio, NULL); + BIO_set_init(bio, 0); + return 1; +} + +static long AsyncCallbackCtrl(BIO *bio, int cmd, bio_info_cb fp) { + if (BIO_next(bio) == NULL) { + return 0; + } + return BIO_callback_ctrl(BIO_next(bio), cmd, fp); +} + +static BIO_METHOD *g_async_bio_method = NULL; + +static const BIO_METHOD *AsyncMethod(void) +{ + if (g_async_bio_method == NULL) { + g_async_bio_method = BIO_meth_new(BIO_TYPE_FILTER, "async bio"); + if ( g_async_bio_method == NULL + || !BIO_meth_set_write(g_async_bio_method, AsyncWrite) + || !BIO_meth_set_read(g_async_bio_method, AsyncRead) + || !BIO_meth_set_ctrl(g_async_bio_method, AsyncCtrl) + || !BIO_meth_set_create(g_async_bio_method, AsyncNew) + || !BIO_meth_set_destroy(g_async_bio_method, AsyncFree) + || !BIO_meth_set_callback_ctrl(g_async_bio_method, AsyncCallbackCtrl)) + return NULL; + } + return g_async_bio_method; +} + +} // namespace + +bssl::UniquePtr AsyncBioCreate() { + return bssl::UniquePtr(BIO_new(AsyncMethod())); +} + +bssl::UniquePtr AsyncBioCreateDatagram() { + bssl::UniquePtr ret(BIO_new(AsyncMethod())); + if (!ret) { + return nullptr; + } + GetData(ret.get())->datagram = true; + return ret; +} + +void AsyncBioAllowRead(BIO *bio, size_t count) { + AsyncBio *a = GetData(bio); + if (a == NULL) { + return; + } + a->read_quota += count; +} + +void AsyncBioAllowWrite(BIO *bio, size_t count) { + AsyncBio *a = GetData(bio); + if (a == NULL) { + return; + } + a->write_quota += count; +} + +void AsyncBioEnforceWriteQuota(BIO *bio, bool enforce) { + AsyncBio *a = GetData(bio); + if (a == NULL) { + return; + } + a->enforce_write_quota = enforce; +} diff --git a/test/ossl_shim/async_bio.h b/test/ossl_shim/async_bio.h new file mode 100644 index 0000000..bb24ead --- /dev/null +++ b/test/ossl_shim/async_bio.h @@ -0,0 +1,39 @@ +/* + * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef HEADER_ASYNC_BIO +#define HEADER_ASYNC_BIO + +#include +#include + + +// AsyncBioCreate creates a filter BIO for testing asynchronous state +// machines which consume a stream socket. Reads and writes will fail +// and return EAGAIN unless explicitly allowed. Each async BIO has a +// read quota and a write quota. Initially both are zero. As each is +// incremented, bytes are allowed to flow through the BIO. +bssl::UniquePtr AsyncBioCreate(); + +// AsyncBioCreateDatagram creates a filter BIO for testing for +// asynchronous state machines which consume datagram sockets. The read +// and write quota count in packets rather than bytes. +bssl::UniquePtr AsyncBioCreateDatagram(); + +// AsyncBioAllowRead increments |bio|'s read quota by |count|. +void AsyncBioAllowRead(BIO *bio, size_t count); + +// AsyncBioAllowWrite increments |bio|'s write quota by |count|. +void AsyncBioAllowWrite(BIO *bio, size_t count); + +// AsyncBioEnforceWriteQuota configures where |bio| enforces its write quota. +void AsyncBioEnforceWriteQuota(BIO *bio, bool enforce); + + +#endif // HEADER_ASYNC_BIO diff --git a/test/ossl_shim/build.info b/test/ossl_shim/build.info new file mode 100644 index 0000000..aa5f062 --- /dev/null +++ b/test/ossl_shim/build.info @@ -0,0 +1,6 @@ +IF[{- defined $target{cxx} && !$disabled{"external-tests"}-}] + PROGRAMS_NO_INST=ossl_shim + SOURCE[ossl_shim]=ossl_shim.cc async_bio.cc packeted_bio.cc test_config.cc + INCLUDE[ossl_shim]=. include ../../include + DEPEND[ossl_shim]=../../libssl ../../libcrypto +ENDIF diff --git a/test/ossl_shim/include/openssl/base.h b/test/ossl_shim/include/openssl/base.h new file mode 100644 index 0000000..755d520 --- /dev/null +++ b/test/ossl_shim/include/openssl/base.h @@ -0,0 +1,158 @@ +/* ==================================================================== + * Copyright (c) 1998-2001 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * openssl-core at openssl.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.openssl.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay at cryptsoft.com). This product includes software written by Tim + * Hudson (tjh at cryptsoft.com). */ + +#ifndef OPENSSL_HEADER_BASE_H +#define OPENSSL_HEADER_BASE_H + +/* Needed for BORINGSSL_MAKE_DELETER */ +# include +# include +# include +# include +# include + +# define OPENSSL_ARRAY_SIZE(array) (sizeof(array) / sizeof((array)[0])) + +/* Temporary TLS1.3 defines until OpenSSL supports these */ +# define TLS1_3_VERSION 0x0304 +# define SSL_OP_NO_TLSv1_3 0 + +extern "C++" { + +#include + +namespace bssl { + +namespace internal { + +template +struct DeleterImpl {}; + +template +struct Deleter { + void operator()(T *ptr) { + // Rather than specialize Deleter for each type, we specialize + // DeleterImpl. This allows bssl::UniquePtr to be used while only + // including base.h as long as the destructor is not emitted. This matches + // std::unique_ptr's behavior on forward-declared types. + // + // DeleterImpl itself is specialized in the corresponding module's header + // and must be included to release an object. If not included, the compiler + // will error that DeleterImpl does not have a method Free. + DeleterImpl::Free(ptr); + } +}; + +template +class StackAllocated { + public: + StackAllocated() { init(&ctx_); } + ~StackAllocated() { cleanup(&ctx_); } + + StackAllocated(const StackAllocated &) = delete; + T& operator=(const StackAllocated &) = delete; + + T *get() { return &ctx_; } + const T *get() const { return &ctx_; } + + void Reset() { + cleanup(&ctx_); + init(&ctx_); + } + + private: + T ctx_; +}; + +} // namespace internal + +#define BORINGSSL_MAKE_DELETER(type, deleter) \ + namespace internal { \ + template <> \ + struct DeleterImpl { \ + static void Free(type *ptr) { deleter(ptr); } \ + }; \ + } + +// This makes a unique_ptr to STACK_OF(type) that owns all elements on the +// stack, i.e. it uses sk_pop_free() to clean up. +#define BORINGSSL_MAKE_STACK_DELETER(type, deleter) \ + namespace internal { \ + template <> \ + struct DeleterImpl { \ + static void Free(STACK_OF(type) *ptr) { \ + sk_##type##_pop_free(ptr, deleter); \ + } \ + }; \ + } + +// Holds ownership of heap-allocated BoringSSL structures. Sample usage: +// bssl::UniquePtr rsa(RSA_new()); +// bssl::UniquePtr bio(BIO_new(BIO_s_mem())); +template +using UniquePtr = std::unique_ptr>; + +BORINGSSL_MAKE_DELETER(BIO, BIO_free) +BORINGSSL_MAKE_DELETER(EVP_PKEY, EVP_PKEY_free) +BORINGSSL_MAKE_DELETER(DH, DH_free) +BORINGSSL_MAKE_DELETER(X509, X509_free) +BORINGSSL_MAKE_DELETER(SSL, SSL_free) +BORINGSSL_MAKE_DELETER(SSL_CTX, SSL_CTX_free) +BORINGSSL_MAKE_DELETER(SSL_SESSION, SSL_SESSION_free) + +} // namespace bssl + +} /* extern C++ */ + + +#endif /* OPENSSL_HEADER_BASE_H */ diff --git a/test/ossl_shim/ossl_config.json b/test/ossl_shim/ossl_config.json new file mode 100644 index 0000000..690dc66 --- /dev/null +++ b/test/ossl_shim/ossl_config.json @@ -0,0 +1,1185 @@ + +{ + "DisabledTests" : { + "*TLS13*":"No TLS1.3 support yet", + "UnauthenticatedECDH":"Test failure - reason unknown", + "SkipServerKeyExchange":"Test failure - reason unknown", + "FragmentAlert-DTLS":"Test failure - reason unknown", + "FallbackSCSV":"Test failure - reason unknown", + "Alert-DTLS":"Test failure - reason unknown", + "DoubleAlert-DTLS":"Test failure - reason unknown", + "SkipNewSessionTicket":"Test failure - reason unknown", + "Alert":"Test failure - reason unknown", + "FragmentAlert":"Test failure - reason unknown", + "DoubleAlert":"Test failure - reason unknown", + "FragmentedClientVersion":"Test failure - reason unknown", + "HttpPOST":"Test failure - reason unknown", + "DisableEverything":"Test failure - reason unknown", + "HttpHEAD":"Test failure - reason unknown", + "HttpGET":"Test failure - reason unknown", + "DisableEverything-DTLS":"Test failure - reason unknown", + "HttpPUT":"Test failure - reason unknown", + "CertMismatchRSA":"Test failure - reason unknown", + "MTU":"Test failure - reason unknown", + "HttpCONNECT":"Test failure - reason unknown", + "RSAEphemeralKey":"Test failure - reason unknown", + "CertMismatchECDSA":"Test failure - reason unknown", + "EmptyCertificateList-TLS13":"Test failure - reason unknown", + "EmptyCertificateList":"Test failure - reason unknown", + "AppDataBeforeHandshake-Empty":"Test failure - reason unknown", + "AppDataBeforeHandshake-DTLS":"Test failure - reason unknown", + "AppDataBeforeHandshake":"Test failure - reason unknown", + "TLSFatalBadPackets":"Test failure - reason unknown", + "Garbage":"Test failure - reason unknown", + "AppDataAfterChangeCipherSpec-DTLS":"Test failure - reason unknown", + "AppDataAfterChangeCipherSpec-Empty":"Test failure - reason unknown", + "AppDataBeforeHandshake-DTLS-Empty":"Test failure - reason unknown", + "AlertAfterChangeCipherSpec":"Test failure - reason unknown", + "AppDataAfterChangeCipherSpec":"Test failure - reason unknown", + "AlertAfterChangeCipherSpec-DTLS":"Test failure - reason unknown", + "FragmentMessageLengthMismatch-DTLS":"Test failure - reason unknown", + "SendInvalidRecordType-DTLS":"Test failure - reason unknown", + "SplitFragments-Header-DTLS":"Test failure - reason unknown", + "SendInvalidRecordType":"Test failure - reason unknown", + "SplitFragments-Boundary-DTLS":"Test failure - reason unknown", + "SplitFragments-Body-DTLS":"Test failure - reason unknown", + "SendEmptyFragments-DTLS":"Test failure - reason unknown", + "FragmentMessageTypeMismatch-DTLS":"Test failure - reason unknown", + "BadFinished-Client-TLS13":"Test failure - reason unknown", + "BadFinished-Server":"Test failure - reason unknown", + "BadFinished-Client":"Test failure - reason unknown", + "SendEmptyRecords":"Test failure - reason unknown", + "SendEmptyRecords-Async":"Test failure - reason unknown", + "SendWarningAlerts-TLS13":"Test failure - reason unknown", + "SendWarningAlerts":"Test failure - reason unknown", + "SendWarningAlerts-DTLS-Pass":"Test failure - reason unknown", + "SendWarningAlerts-Pass":"Test failure - reason unknown", + "SendKeyUpdates":"Test failure - reason unknown", + "SendWarningAlerts-Async":"Test failure - reason unknown", + "Unclean-Shutdown-Alert":"Test failure - reason unknown", + "LargePlaintext":"Test failure - reason unknown", + "LargeCiphertext":"Test failure - reason unknown", + "BadHelloRequest-1":"Test failure - reason unknown", + "LargePlaintext-DTLS":"Test failure - reason unknown", + "BadFinished-Server-TLS13":"Test failure - reason unknown", + "V2ClientHello-WarningAlertPrefix":"Test failure - reason unknown", + "V2ClientHello-EmptyRecordPrefix":"Test failure - reason unknown", + "BadHelloRequest-2":"Test failure - reason unknown", + "DTLS-SendExtraFinished":"Test failure - reason unknown", + "NoNullCompression-TLS12":"Test failure - reason unknown", + "LargeMessage-Reject":"Test failure - reason unknown", + "LargeMessage-Reject-DTLS":"Test failure - reason unknown", + "DTLS-SendExtraFinished-Reordered":"Test failure - reason unknown", + "NoNullCompression-TLS13":"Test failure - reason unknown", + "ExtraCompressionMethods-TLS13":"Test failure - reason unknown", + "SSL3-AES128-GCM-server":"Test failure - reason unknown", + "TLS13-3DES-SHA-client":"Test failure - reason unknown", + "TLS1-AES128-GCM-server":"Test failure - reason unknown", + "SSL3-AES128-GCM-client":"Test failure - reason unknown", + "DTLS1-AES128-GCM-server":"Test failure - reason unknown", + "TLS11-AES128-GCM-server":"Test failure - reason unknown", + "TLS1-AES128-GCM-client":"Test failure - reason unknown", + "DTLS1-AES128-GCM-client":"Test failure - reason unknown", + "TLS11-AES128-GCM-client":"Test failure - reason unknown", + "TLS13-AES128-GCM-client":"Test failure - reason unknown", + "TLS13-3DES-SHA-server":"Test failure - reason unknown", + "TLS13-AES128-SHA-client":"Test failure - reason unknown", + "TLS13-AES128-GCM-server":"Test failure - reason unknown", + "SSL3-AES128-SHA256-server":"Test failure - reason unknown", + "TLS1-AES128-SHA256-server":"Test failure - reason unknown", + "SSL3-AES128-SHA256-client":"Test failure - reason unknown", + "DTLS1-AES128-SHA256-server":"Test failure - reason unknown", + "TLS11-AES128-SHA256-server":"Test failure - reason unknown", + "TLS1-AES128-SHA256-client":"Test failure - reason unknown", + "DTLS1-AES128-SHA256-client":"Test failure - reason unknown", + "TLS11-AES128-SHA256-client":"Test failure - reason unknown", + "TLS13-AES128-SHA256-client":"Test failure - reason unknown", + "SSL3-AES256-GCM-server":"Test failure - reason unknown", + "TLS1-AES256-GCM-server":"Test failure - reason unknown", + "SSL3-AES256-GCM-client":"Test failure - reason unknown", + "TLS13-AES128-SHA-server":"Test failure - reason unknown", + "DTLS1-AES256-GCM-server":"Test failure - reason unknown", + "TLS11-AES256-GCM-server":"Test failure - reason unknown", + "TLS1-AES256-GCM-client":"Test failure - reason unknown", + "DTLS1-AES256-GCM-client":"Test failure - reason unknown", + "TLS11-AES256-GCM-client":"Test failure - reason unknown", + "TLS13-AES256-GCM-client":"Test failure - reason unknown", + "TLS13-AES128-SHA256-server":"Test failure - reason unknown", + "TLS13-AES256-GCM-server":"Test failure - reason unknown", + "TLS13-AES256-SHA-client":"Test failure - reason unknown", + "TLS1-AES256-SHA256-server":"Test failure - reason unknown", + "SSL3-AES256-SHA256-client":"Test failure - reason unknown", + "SSL3-AES256-SHA256-server":"Test failure - reason unknown", + "DTLS1-AES256-SHA256-server":"Test failure - reason unknown", + "TLS11-AES256-SHA256-server":"Test failure - reason unknown", + "TLS1-AES256-SHA256-client":"Test failure - reason unknown", + "DTLS1-AES256-SHA256-client":"Test failure - reason unknown", + "TLS11-AES256-SHA256-client":"Test failure - reason unknown", + "TLS13-AES256-SHA256-client":"Test failure - reason unknown", + "TLS13-AES256-SHA-server":"Test failure - reason unknown", + "SSL3-DHE-RSA-AES128-GCM-server":"Test failure - reason unknown", + "TLS1-DHE-RSA-AES128-GCM-server":"Test failure - reason unknown", + "SSL3-DHE-RSA-AES128-GCM-client":"Test failure - reason unknown", + "DTLS1-DHE-RSA-AES128-GCM-server":"Test failure - reason unknown", + "TLS1-DHE-RSA-AES128-GCM-client":"Test failure - reason unknown", + "DTLS1-DHE-RSA-AES128-GCM-client":"Test failure - reason unknown", + "TLS11-DHE-RSA-AES128-GCM-server":"Test failure - reason unknown", + "TLS11-DHE-RSA-AES128-GCM-client":"Test failure - reason unknown", + "TLS13-AES256-SHA256-server":"Test failure - reason unknown", + "TLS13-DHE-RSA-AES128-GCM-client":"Test failure - reason unknown", + "TLS13-DHE-RSA-AES128-GCM-server":"Test failure - reason unknown", + "TLS13-DHE-RSA-AES128-SHA-client":"Test failure - reason unknown", + "SSL3-DHE-RSA-AES128-SHA256-server":"Test failure - reason unknown", + "TLS1-DHE-RSA-AES128-SHA256-server":"Test failure - reason unknown", + "DTLS1-DHE-RSA-AES128-SHA256-server":"Test failure - reason unknown", + "SSL3-DHE-RSA-AES128-SHA256-client":"Test failure - reason unknown", + "TLS1-DHE-RSA-AES128-SHA256-client":"Test failure - reason unknown", + "TLS11-DHE-RSA-AES128-SHA256-server":"Test failure - reason unknown", + "DTLS1-DHE-RSA-AES128-SHA256-client":"Test failure - reason unknown", + "TLS11-DHE-RSA-AES128-SHA256-client":"Test failure - reason unknown", + "TLS13-DHE-RSA-AES128-SHA-server":"Test failure - reason unknown", + "TLS13-DHE-RSA-AES128-SHA256-client":"Test failure - reason unknown", + "SSL3-DHE-RSA-AES256-GCM-server":"Test failure - reason unknown", + "TLS1-DHE-RSA-AES256-GCM-server":"Test failure - reason unknown", + "SSL3-DHE-RSA-AES256-GCM-client":"Test failure - reason unknown", + "DTLS1-DHE-RSA-AES256-GCM-server":"Test failure - reason unknown", + "TLS11-DHE-RSA-AES256-GCM-server":"Test failure - reason unknown", + "TLS1-DHE-RSA-AES256-GCM-client":"Test failure - reason unknown", + "TLS11-DHE-RSA-AES256-GCM-client":"Test failure - reason unknown", + "DTLS1-DHE-RSA-AES256-GCM-client":"Test failure - reason unknown", + "TLS13-DHE-RSA-AES128-SHA256-server":"Test failure - reason unknown", + "TLS13-DHE-RSA-AES256-GCM-client":"Test failure - reason unknown", + "TLS13-DHE-RSA-AES256-GCM-server":"Test failure - reason unknown", + "TLS13-DHE-RSA-AES256-SHA-client":"Test failure - reason unknown", + "TLS1-DHE-RSA-AES256-SHA256-server":"Test failure - reason unknown", + "SSL3-DHE-RSA-AES256-SHA256-server":"Test failure - reason unknown", + "SSL3-DHE-RSA-AES256-SHA256-client":"Test failure - reason unknown", + "DTLS1-DHE-RSA-AES256-SHA256-server":"Test failure - reason unknown", + "TLS11-DHE-RSA-AES256-SHA256-server":"Test failure - reason unknown", + "TLS11-DHE-RSA-AES256-SHA256-client":"Test failure - reason unknown", + "TLS1-DHE-RSA-AES256-SHA256-client":"Test failure - reason unknown", + "DTLS1-DHE-RSA-AES256-SHA256-client":"Test failure - reason unknown", + "TLS13-DHE-RSA-AES256-SHA-server":"Test failure - reason unknown", + "TLS13-DHE-RSA-AES256-SHA256-client":"Test failure - reason unknown", + "SSL3-ECDHE-ECDSA-AES128-GCM-server":"Test failure - reason unknown", + "SSL3-ECDHE-ECDSA-AES128-GCM-client":"Test failure - reason unknown", + "TLS1-ECDHE-ECDSA-AES128-GCM-server":"Test failure - reason unknown", + "TLS1-ECDHE-ECDSA-AES128-GCM-client":"Test failure - reason unknown", + "DTLS1-ECDHE-ECDSA-AES128-GCM-server":"Test failure - reason unknown", + "TLS11-ECDHE-ECDSA-AES128-GCM-server":"Test failure - reason unknown", + "DTLS1-ECDHE-ECDSA-AES128-GCM-client":"Test failure - reason unknown", + "TLS11-ECDHE-ECDSA-AES128-GCM-client":"Test failure - reason unknown", + "TLS13-ECDHE-ECDSA-AES128-GCM-client":"Test failure - reason unknown", + "SSL3-ECDHE-ECDSA-AES128-SHA-server":"Test failure - reason unknown", + "TLS13-DHE-RSA-AES256-SHA256-server":"Test failure - reason unknown", + "TLS13-ECDHE-ECDSA-AES128-SHA-client":"Test failure - reason unknown", + "TLS13-ECDHE-ECDSA-AES128-GCM-server":"Test failure - reason unknown", + "SSL3-ECDHE-ECDSA-AES128-SHA256-server":"Test failure - reason unknown", + "TLS1-ECDHE-ECDSA-AES128-SHA256-server":"Test failure - reason unknown", + "TLS11-ECDHE-ECDSA-AES128-SHA256-server":"Test failure - reason unknown", + "SSL3-ECDHE-ECDSA-AES128-SHA256-client":"Test failure - reason unknown", + "DTLS1-ECDHE-ECDSA-AES128-SHA256-server":"Test failure - reason unknown", + "TLS1-ECDHE-ECDSA-AES128-SHA256-client":"Test failure - reason unknown", + "TLS11-ECDHE-ECDSA-AES128-SHA256-client":"Test failure - reason unknown", + "DTLS1-ECDHE-ECDSA-AES128-SHA256-client":"Test failure - reason unknown", + "TLS13-ECDHE-ECDSA-AES128-SHA-server":"Test failure - reason unknown", + "TLS13-ECDHE-ECDSA-AES128-SHA256-client":"Test failure - reason unknown", + "TLS1-ECDHE-ECDSA-AES256-GCM-server":"Test failure - reason unknown", + "SSL3-ECDHE-ECDSA-AES256-GCM-client":"Test failure - reason unknown", + "SSL3-ECDHE-ECDSA-AES256-GCM-server":"Test failure - reason unknown", + "DTLS1-ECDHE-ECDSA-AES256-GCM-server":"Test failure - reason unknown", + "DTLS1-ECDHE-ECDSA-AES256-GCM-client":"Test failure - reason unknown", + "TLS1-ECDHE-ECDSA-AES256-GCM-client":"Test failure - reason unknown", + "TLS11-ECDHE-ECDSA-AES256-GCM-server":"Test failure - reason unknown", + "TLS11-ECDHE-ECDSA-AES256-GCM-client":"Test failure - reason unknown", + "TLS13-ECDHE-ECDSA-AES256-GCM-client":"Test failure - reason unknown", + "SSL3-ECDHE-ECDSA-AES256-SHA-server":"Test failure - reason unknown", + "TLS13-ECDHE-ECDSA-AES128-SHA256-server":"Test failure - reason unknown", + "TLS13-ECDHE-ECDSA-AES256-SHA-client":"Test failure - reason unknown", + "SSL3-ECDHE-ECDSA-AES256-SHA384-server":"Test failure - reason unknown", + "TLS13-ECDHE-ECDSA-AES256-GCM-server":"Test failure - reason unknown", + "TLS1-ECDHE-ECDSA-AES256-SHA384-server":"Test failure - reason unknown", + "TLS1-ECDHE-ECDSA-AES256-SHA384-client":"Test failure - reason unknown", + "SSL3-ECDHE-ECDSA-AES256-SHA384-client":"Test failure - reason unknown", + "TLS11-ECDHE-ECDSA-AES256-SHA384-server":"Test failure - reason unknown", + "DTLS1-ECDHE-ECDSA-AES256-SHA384-server":"Test failure - reason unknown", + "TLS11-ECDHE-ECDSA-AES256-SHA384-client":"Test failure - reason unknown", + "DTLS1-ECDHE-ECDSA-AES256-SHA384-client":"Test failure - reason unknown", + "TLS13-ECDHE-ECDSA-AES256-SHA384-client":"Test failure - reason unknown", + "SSL3-ECDHE-ECDSA-CHACHA20-POLY1305-client":"Test failure - reason unknown", + "SSL3-ECDHE-ECDSA-CHACHA20-POLY1305-server":"Test failure - reason unknown", + "TLS1-ECDHE-ECDSA-CHACHA20-POLY1305-server":"Test failure - reason unknown", + "TLS1-ECDHE-ECDSA-CHACHA20-POLY1305-client":"Test failure - reason unknown", + "DTLS1-ECDHE-ECDSA-CHACHA20-POLY1305-server":"Test failure - reason unknown", + "DTLS1-ECDHE-ECDSA-CHACHA20-POLY1305-client":"Test failure - reason unknown", + "TLS11-ECDHE-ECDSA-CHACHA20-POLY1305-server":"Test failure - reason unknown", + "TLS13-ECDHE-ECDSA-AES256-SHA-server":"Test failure - reason unknown", + "TLS11-ECDHE-ECDSA-CHACHA20-POLY1305-client":"Test failure - reason unknown", + "TLS13-ECDHE-ECDSA-CHACHA20-POLY1305-client":"Test failure - reason unknown", + "SSL3-ECDHE-ECDSA-CHACHA20-POLY1305-OLD-server":"Test failure - reason unknown", + "SSL3-ECDHE-ECDSA-CHACHA20-POLY1305-OLD-client":"Test failure - reason unknown", + "TLS1-ECDHE-ECDSA-CHACHA20-POLY1305-OLD-server":"Test failure - reason unknown", + "DTLS1-ECDHE-ECDSA-CHACHA20-POLY1305-OLD-client":"Test failure - reason unknown", + "DTLS1-ECDHE-ECDSA-CHACHA20-POLY1305-OLD-server":"Test failure - reason unknown", + "TLS1-ECDHE-ECDSA-CHACHA20-POLY1305-OLD-client":"Test failure - reason unknown", + "TLS11-ECDHE-ECDSA-CHACHA20-POLY1305-OLD-server":"Test failure - reason unknown", + "TLS11-ECDHE-ECDSA-CHACHA20-POLY1305-OLD-client":"Test failure - reason unknown", + "TLS12-ECDHE-ECDSA-CHACHA20-POLY1305-OLD-LargeRecord":"Test failure - reason unknown", + "TLS12-ECDHE-ECDSA-CHACHA20-POLY1305-OLD-client":"Test failure - reason unknown", + "TLS12-ECDHE-ECDSA-CHACHA20-POLY1305-OLD-server":"Test failure - reason unknown", + "DTLS12-ECDHE-ECDSA-CHACHA20-POLY1305-OLD-LargeRecord":"Test failure - reason unknown", + "DTLS12-ECDHE-ECDSA-CHACHA20-POLY1305-OLD-server":"Test failure - reason unknown", + "DTLS12-ECDHE-ECDSA-CHACHA20-POLY1305-OLD-client":"Test failure - reason unknown", + "TLS13-ECDHE-ECDSA-CHACHA20-POLY1305-OLD-client":"Test failure - reason unknown", + "SSL3-ECDHE-RSA-AES128-GCM-server":"Test failure - reason unknown", + "TLS1-ECDHE-RSA-AES128-GCM-server":"Test failure - reason unknown", + "TLS13-ECDHE-ECDSA-AES256-SHA384-server":"Test failure - reason unknown", + "DTLS1-ECDHE-RSA-AES128-GCM-server":"Test failure - reason unknown", + "SSL3-ECDHE-RSA-AES128-GCM-client":"Test failure - reason unknown", + "TLS11-ECDHE-RSA-AES128-GCM-server":"Test failure - reason unknown", + "TLS11-ECDHE-RSA-AES128-GCM-client":"Test failure - reason unknown", + "DTLS1-ECDHE-RSA-AES128-GCM-client":"Test failure - reason unknown", + "TLS1-ECDHE-RSA-AES128-GCM-client":"Test failure - reason unknown", + "TLS13-ECDHE-RSA-AES128-GCM-client":"Test failure - reason unknown", + "TLS13-ECDHE-ECDSA-CHACHA20-POLY1305-server":"Test failure - reason unknown", + "SSL3-ECDHE-RSA-AES128-SHA-server":"Test failure - reason unknown", + "TLS13-ECDHE-ECDSA-CHACHA20-POLY1305-OLD-server":"Test failure - reason unknown", + "TLS13-ECDHE-RSA-AES128-GCM-server":"Test failure - reason unknown", + "TLS13-ECDHE-RSA-AES128-SHA-client":"Test failure - reason unknown", + "SSL3-ECDHE-RSA-AES128-SHA256-server":"Test failure - reason unknown", + "TLS11-ECDHE-RSA-AES128-SHA256-server":"Test failure - reason unknown", + "TLS1-ECDHE-RSA-AES128-SHA256-server":"Test failure - reason unknown", + "SSL3-ECDHE-RSA-AES128-SHA256-client":"Test failure - reason unknown", + "TLS1-ECDHE-RSA-AES128-SHA256-client":"Test failure - reason unknown", + "DTLS1-ECDHE-RSA-AES128-SHA256-client":"Test failure - reason unknown", + "DTLS1-ECDHE-RSA-AES128-SHA256-server":"Test failure - reason unknown", + "TLS11-ECDHE-RSA-AES128-SHA256-client":"Test failure - reason unknown", + "SSL3-ECDHE-RSA-AES256-GCM-server":"Test failure - reason unknown", + "TLS13-ECDHE-RSA-AES128-SHA256-client":"Test failure - reason unknown", + "TLS13-ECDHE-RSA-AES128-SHA-server":"Test failure - reason unknown", + "TLS1-ECDHE-RSA-AES256-GCM-server":"Test failure - reason unknown", + "SSL3-ECDHE-RSA-AES256-GCM-client":"Test failure - reason unknown", + "DTLS1-ECDHE-RSA-AES256-GCM-server":"Test failure - reason unknown", + "TLS11-ECDHE-RSA-AES256-GCM-server":"Test failure - reason unknown", + "TLS1-ECDHE-RSA-AES256-GCM-client":"Test failure - reason unknown", + "DTLS1-ECDHE-RSA-AES256-GCM-client":"Test failure - reason unknown", + "TLS11-ECDHE-RSA-AES256-GCM-client":"Test failure - reason unknown", + "TLS13-ECDHE-RSA-AES256-GCM-client":"Test failure - reason unknown", + "SSL3-ECDHE-RSA-AES256-SHA-server":"Test failure - reason unknown", + "TLS13-ECDHE-RSA-AES128-SHA256-server":"Test failure - reason unknown", + "TLS13-ECDHE-RSA-AES256-GCM-server":"Test failure - reason unknown", + "TLS13-ECDHE-RSA-AES256-SHA-client":"Test failure - reason unknown", + "SSL3-ECDHE-RSA-AES256-SHA384-server":"Test failure - reason unknown", + "TLS1-ECDHE-RSA-AES256-SHA384-server":"Test failure - reason unknown", + "SSL3-ECDHE-RSA-AES256-SHA384-client":"Test failure - reason unknown", + "TLS1-ECDHE-RSA-AES256-SHA384-client":"Test failure - reason unknown", + "DTLS1-ECDHE-RSA-AES256-SHA384-server":"Test failure - reason unknown", + "TLS11-ECDHE-RSA-AES256-SHA384-server":"Test failure - reason unknown", + "TLS11-ECDHE-RSA-AES256-SHA384-client":"Test failure - reason unknown", + "DTLS1-ECDHE-RSA-AES256-SHA384-client":"Test failure - reason unknown", + "TLS13-ECDHE-RSA-AES256-SHA384-client":"Test failure - reason unknown", + "TLS13-ECDHE-RSA-AES256-SHA-server":"Test failure - reason unknown", + "SSL3-ECDHE-RSA-CHACHA20-POLY1305-server":"Test failure - reason unknown", + "TLS1-ECDHE-RSA-CHACHA20-POLY1305-server":"Test failure - reason unknown", + "DTLS1-ECDHE-RSA-CHACHA20-POLY1305-server":"Test failure - reason unknown", + "TLS1-ECDHE-RSA-CHACHA20-POLY1305-client":"Test failure - reason unknown", + "SSL3-ECDHE-RSA-CHACHA20-POLY1305-client":"Test failure - reason unknown", + "TLS11-ECDHE-RSA-CHACHA20-POLY1305-server":"Test failure - reason unknown", + "DTLS1-ECDHE-RSA-CHACHA20-POLY1305-client":"Test failure - reason unknown", + "TLS11-ECDHE-RSA-CHACHA20-POLY1305-client":"Test failure - reason unknown", + "TLS13-ECDHE-RSA-CHACHA20-POLY1305-client":"Test failure - reason unknown", + "SSL3-ECDHE-RSA-CHACHA20-POLY1305-OLD-server":"Test failure - reason unknown", + "DTLS1-ECDHE-RSA-CHACHA20-POLY1305-OLD-server":"Test failure - reason unknown", + "TLS1-ECDHE-RSA-CHACHA20-POLY1305-OLD-server":"Test failure - reason unknown", + "TLS13-ECDHE-RSA-AES256-SHA384-server":"Test failure - reason unknown", + "SSL3-ECDHE-RSA-CHACHA20-POLY1305-OLD-client":"Test failure - reason unknown", + "TLS1-ECDHE-RSA-CHACHA20-POLY1305-OLD-client":"Test failure - reason unknown", + "TLS12-ECDHE-RSA-CHACHA20-POLY1305-OLD-server":"Test failure - reason unknown", + "TLS12-ECDHE-RSA-CHACHA20-POLY1305-OLD-client":"Test failure - reason unknown", + "TLS11-ECDHE-RSA-CHACHA20-POLY1305-OLD-server":"Test failure - reason unknown", + "DTLS1-ECDHE-RSA-CHACHA20-POLY1305-OLD-client":"Test failure - reason unknown", + "DTLS12-ECDHE-RSA-CHACHA20-POLY1305-OLD-server":"Test failure - reason unknown", + "TLS12-ECDHE-RSA-CHACHA20-POLY1305-OLD-LargeRecord":"Test failure - reason unknown", + "TLS11-ECDHE-RSA-CHACHA20-POLY1305-OLD-client":"Test failure - reason unknown", + "DTLS12-ECDHE-RSA-CHACHA20-POLY1305-OLD-client":"Test failure - reason unknown", + "DTLS12-ECDHE-RSA-CHACHA20-POLY1305-OLD-LargeRecord":"Test failure - reason unknown", + "TLS13-ECDHE-RSA-CHACHA20-POLY1305-OLD-client":"Test failure - reason unknown", + "TLS1-CECPQ1-RSA-CHACHA20-POLY1305-SHA256-server":"Test failure - reason unknown", + "SSL3-CECPQ1-RSA-CHACHA20-POLY1305-SHA256-server":"Test failure - reason unknown", + "SSL3-CECPQ1-RSA-CHACHA20-POLY1305-SHA256-client":"Test failure - reason unknown", + "DTLS1-CECPQ1-RSA-CHACHA20-POLY1305-SHA256-server":"Test failure - reason unknown", + "TLS11-CECPQ1-RSA-CHACHA20-POLY1305-SHA256-server":"Test failure - reason unknown", + "TLS1-CECPQ1-RSA-CHACHA20-POLY1305-SHA256-client":"Test failure - reason unknown", + "DTLS1-CECPQ1-RSA-CHACHA20-POLY1305-SHA256-client":"Test failure - reason unknown", + "TLS12-CECPQ1-RSA-CHACHA20-POLY1305-SHA256-client":"Test failure - reason unknown", + "TLS12-CECPQ1-RSA-CHACHA20-POLY1305-SHA256-LargeRecord":"Test failure - reason unknown", + "TLS12-CECPQ1-RSA-CHACHA20-POLY1305-SHA256-server":"Test failure - reason unknown", + "TLS11-CECPQ1-RSA-CHACHA20-POLY1305-SHA256-client":"Test failure - reason unknown", + "TLS13-ECDHE-RSA-CHACHA20-POLY1305-server":"Test failure - reason unknown", + "DTLS12-CECPQ1-RSA-CHACHA20-POLY1305-SHA256-client":"Test failure - reason unknown", + "DTLS12-CECPQ1-RSA-CHACHA20-POLY1305-SHA256-server":"Test failure - reason unknown", + "SSL3-CECPQ1-ECDSA-CHACHA20-POLY1305-SHA256-client":"Test failure - reason unknown", + "DTLS12-CECPQ1-RSA-CHACHA20-POLY1305-SHA256-LargeRecord":"Test failure - reason unknown", + "TLS1-CECPQ1-ECDSA-CHACHA20-POLY1305-SHA256-server":"Test failure - reason unknown", + "SSL3-CECPQ1-ECDSA-CHACHA20-POLY1305-SHA256-server":"Test failure - reason unknown", + "TLS13-CECPQ1-RSA-CHACHA20-POLY1305-SHA256-client":"Test failure - reason unknown", + "TLS1-CECPQ1-ECDSA-CHACHA20-POLY1305-SHA256-client":"Test failure - reason unknown", + "TLS11-CECPQ1-ECDSA-CHACHA20-POLY1305-SHA256-client":"Test failure - reason unknown", + "DTLS1-CECPQ1-ECDSA-CHACHA20-POLY1305-SHA256-client":"Test failure - reason unknown", + "TLS12-CECPQ1-ECDSA-CHACHA20-POLY1305-SHA256-server":"Test failure - reason unknown", + "DTLS1-CECPQ1-ECDSA-CHACHA20-POLY1305-SHA256-server":"Test failure - reason unknown", + "TLS11-CECPQ1-ECDSA-CHACHA20-POLY1305-SHA256-server":"Test failure - reason unknown", + "TLS13-ECDHE-RSA-CHACHA20-POLY1305-OLD-server":"Test failure - reason unknown", + "TLS12-CECPQ1-ECDSA-CHACHA20-POLY1305-SHA256-LargeRecord":"Test failure - reason unknown", + "TLS12-CECPQ1-ECDSA-CHACHA20-POLY1305-SHA256-client":"Test failure - reason unknown", + "DTLS12-CECPQ1-ECDSA-CHACHA20-POLY1305-SHA256-client":"Test failure - reason unknown", + "DTLS12-CECPQ1-ECDSA-CHACHA20-POLY1305-SHA256-server":"Test failure - reason unknown", + "DTLS12-CECPQ1-ECDSA-CHACHA20-POLY1305-SHA256-LargeRecord":"Test failure - reason unknown", + "SSL3-CECPQ1-RSA-AES256-GCM-SHA384-server":"Test failure - reason unknown", + "TLS13-CECPQ1-ECDSA-CHACHA20-POLY1305-SHA256-client":"Test failure - reason unknown", + "DTLS1-CECPQ1-RSA-AES256-GCM-SHA384-server":"Test failure - reason unknown", + "TLS1-CECPQ1-RSA-AES256-GCM-SHA384-server":"Test failure - reason unknown", + "TLS1-CECPQ1-RSA-AES256-GCM-SHA384-client":"Test failure - reason unknown", + "TLS11-CECPQ1-RSA-AES256-GCM-SHA384-server":"Test failure - reason unknown", + "SSL3-CECPQ1-RSA-AES256-GCM-SHA384-client":"Test failure - reason unknown", + "TLS12-CECPQ1-RSA-AES256-GCM-SHA384-client":"Test failure - reason unknown", + "TLS13-CECPQ1-RSA-CHACHA20-POLY1305-SHA256-server":"Test failure - reason unknown", + "DTLS1-CECPQ1-RSA-AES256-GCM-SHA384-client":"Test failure - reason unknown", + "TLS12-CECPQ1-RSA-AES256-GCM-SHA384-server":"Test failure - reason unknown", + "TLS12-CECPQ1-RSA-AES256-GCM-SHA384-LargeRecord":"Test failure - reason unknown", + "TLS11-CECPQ1-RSA-AES256-GCM-SHA384-client":"Test failure - reason unknown", + "DTLS12-CECPQ1-RSA-AES256-GCM-SHA384-server":"Test failure - reason unknown", + "DTLS12-CECPQ1-RSA-AES256-GCM-SHA384-LargeRecord":"Test failure - reason unknown", + "TLS13-CECPQ1-RSA-AES256-GCM-SHA384-client":"Test failure - reason unknown", + "DTLS12-CECPQ1-RSA-AES256-GCM-SHA384-client":"Test failure - reason unknown", + "SSL3-CECPQ1-ECDSA-AES256-GCM-SHA384-server":"Test failure - reason unknown", + "TLS1-CECPQ1-ECDSA-AES256-GCM-SHA384-server":"Test failure - reason unknown", + "SSL3-CECPQ1-ECDSA-AES256-GCM-SHA384-client":"Test failure - reason unknown", + "TLS1-CECPQ1-ECDSA-AES256-GCM-SHA384-client":"Test failure - reason unknown", + "DTLS1-CECPQ1-ECDSA-AES256-GCM-SHA384-client":"Test failure - reason unknown", + "DTLS1-CECPQ1-ECDSA-AES256-GCM-SHA384-server":"Test failure - reason unknown", + "TLS11-CECPQ1-ECDSA-AES256-GCM-SHA384-client":"Test failure - reason unknown", + "TLS12-CECPQ1-ECDSA-AES256-GCM-SHA384-server":"Test failure - reason unknown", + "TLS12-CECPQ1-ECDSA-AES256-GCM-SHA384-client":"Test failure - reason unknown", + "TLS11-CECPQ1-ECDSA-AES256-GCM-SHA384-server":"Test failure - reason unknown", + "TLS12-CECPQ1-ECDSA-AES256-GCM-SHA384-LargeRecord":"Test failure - reason unknown", + "DTLS12-CECPQ1-ECDSA-AES256-GCM-SHA384-LargeRecord":"Test failure - reason unknown", + "DTLS12-CECPQ1-ECDSA-AES256-GCM-SHA384-server":"Test failure - reason unknown", + "DTLS12-CECPQ1-ECDSA-AES256-GCM-SHA384-client":"Test failure - reason unknown", + "TLS13-CECPQ1-ECDSA-AES256-GCM-SHA384-client":"Test failure - reason unknown", + "TLS13-CECPQ1-ECDSA-CHACHA20-POLY1305-SHA256-server":"Test failure - reason unknown", + "TLS13-CECPQ1-RSA-AES256-GCM-SHA384-server":"Test failure - reason unknown", + "TLS13-PSK-AES128-CBC-SHA-client":"Test failure - reason unknown", + "TLS13-CECPQ1-ECDSA-AES256-GCM-SHA384-server":"Test failure - reason unknown", + "TLS13-PSK-AES256-CBC-SHA-client":"Test failure - reason unknown", + "SSL3-ECDHE-PSK-AES128-CBC-SHA-server":"Test failure - reason unknown", + "TLS13-PSK-AES128-CBC-SHA-server":"Test failure - reason unknown", + "TLS13-ECDHE-PSK-AES128-CBC-SHA-client":"Test failure - reason unknown", + "SSL3-ECDHE-PSK-AES256-CBC-SHA-server":"Test failure - reason unknown", + "TLS13-PSK-AES256-CBC-SHA-server":"Test failure - reason unknown", + "TLS13-ECDHE-PSK-AES128-CBC-SHA-server":"Test failure - reason unknown", + "TLS13-ECDHE-PSK-AES256-CBC-SHA-client":"Test failure - reason unknown", + "TLS1-ECDHE-PSK-CHACHA20-POLY1305-server":"Test failure - reason unknown", + "SSL3-ECDHE-PSK-CHACHA20-POLY1305-server":"Test failure - reason unknown", + "DTLS1-ECDHE-PSK-CHACHA20-POLY1305-server":"Test failure - reason unknown", + "SSL3-ECDHE-PSK-CHACHA20-POLY1305-client":"Test failure - reason unknown", + "TLS11-ECDHE-PSK-CHACHA20-POLY1305-server":"Test failure - reason unknown", + "TLS1-ECDHE-PSK-CHACHA20-POLY1305-client":"Test failure - reason unknown", + "TLS11-ECDHE-PSK-CHACHA20-POLY1305-client":"Test failure - reason unknown", + "DTLS1-ECDHE-PSK-CHACHA20-POLY1305-client":"Test failure - reason unknown", + "TLS13-ECDHE-PSK-CHACHA20-POLY1305-client":"Test failure - reason unknown", + "TLS13-ECDHE-PSK-AES256-CBC-SHA-server":"Test failure - reason unknown", + "SSL3-AEAD-CHACHA20-POLY1305-server":"Test failure - reason unknown", + "SSL3-AEAD-CHACHA20-POLY1305-client":"Test failure - reason unknown", + "TLS11-AEAD-CHACHA20-POLY1305-server":"Test failure - reason unknown", + "TLS1-AEAD-CHACHA20-POLY1305-server":"Test failure - reason unknown", + "TLS1-AEAD-CHACHA20-POLY1305-client":"Test failure - reason unknown", + "DTLS1-AEAD-CHACHA20-POLY1305-server":"Test failure - reason unknown", + "TLS12-AEAD-CHACHA20-POLY1305-server":"Test failure - reason unknown", + "DTLS1-AEAD-CHACHA20-POLY1305-client":"Test failure - reason unknown", + "DTLS12-AEAD-CHACHA20-POLY1305-server":"Test failure - reason unknown", + "TLS13-AEAD-CHACHA20-POLY1305-client":"Test failure - reason unknown", + "TLS11-AEAD-CHACHA20-POLY1305-client":"Test failure - reason unknown", + "TLS12-AEAD-CHACHA20-POLY1305-client":"Test failure - reason unknown", + "TLS13-AEAD-CHACHA20-POLY1305-LargeRecord":"Test failure - reason unknown", + "DTLS12-AEAD-CHACHA20-POLY1305-client":"Test failure - reason unknown", + "SSL3-AEAD-AES128-GCM-SHA256-server":"Test failure - reason unknown", + "TLS1-AEAD-AES128-GCM-SHA256-server":"Test failure - reason unknown", + "DTLS1-AEAD-AES128-GCM-SHA256-server":"Test failure - reason unknown", + "SSL3-AEAD-AES128-GCM-SHA256-client":"Test failure - reason unknown", + "TLS11-AEAD-AES128-GCM-SHA256-server":"Test failure - reason unknown", + "TLS1-AEAD-AES128-GCM-SHA256-client":"Test failure - reason unknown", + "DTLS1-AEAD-AES128-GCM-SHA256-client":"Test failure - reason unknown", + "TLS12-AEAD-AES128-GCM-SHA256-server":"Test failure - reason unknown", + "TLS11-AEAD-AES128-GCM-SHA256-client":"Test failure - reason unknown", + "DTLS12-AEAD-AES128-GCM-SHA256-server":"Test failure - reason unknown", + "TLS12-AEAD-AES128-GCM-SHA256-client":"Test failure - reason unknown", + "DTLS12-AEAD-AES128-GCM-SHA256-client":"Test failure - reason unknown", + "TLS13-AEAD-AES128-GCM-SHA256-LargeRecord":"Test failure - reason unknown", + "TLS13-ECDHE-PSK-CHACHA20-POLY1305-server":"Test failure - reason unknown", + "TLS13-AEAD-AES128-GCM-SHA256-client":"Test failure - reason unknown", + "SSL3-AEAD-AES256-GCM-SHA384-server":"Test failure - reason unknown", + "TLS1-AEAD-AES256-GCM-SHA384-server":"Test failure - reason unknown", + "DTLS1-AEAD-AES256-GCM-SHA384-server":"Test failure - reason unknown", + "SSL3-AEAD-AES256-GCM-SHA384-client":"Test failure - reason unknown", + "TLS11-AEAD-AES256-GCM-SHA384-server":"Test failure - reason unknown", + "TLS13-AEAD-CHACHA20-POLY1305-server":"Test failure - reason unknown", + "TLS12-AEAD-AES256-GCM-SHA384-server":"Test failure - reason unknown", + "TLS1-AEAD-AES256-GCM-SHA384-client":"Test failure - reason unknown", + "DTLS1-AEAD-AES256-GCM-SHA384-client":"Test failure - reason unknown", + "DTLS12-AEAD-AES256-GCM-SHA384-server":"Test failure - reason unknown", + "TLS11-AEAD-AES256-GCM-SHA384-client":"Test failure - reason unknown", + "TLS13-AEAD-AES256-GCM-SHA384-client":"Test failure - reason unknown", + "TLS12-AEAD-AES256-GCM-SHA384-client":"Test failure - reason unknown", + "TLS13-AEAD-AES256-GCM-SHA384-LargeRecord":"Test failure - reason unknown", + "DTLS12-AEAD-AES256-GCM-SHA384-client":"Test failure - reason unknown", + "SSL3-NULL-SHA-client":"Test failure - reason unknown", + "SSL3-NULL-SHA-server":"Test failure - reason unknown", + "SSL3-NULL-SHA-LargeRecord":"Test failure - reason unknown", + "TLS1-NULL-SHA-client":"Test failure - reason unknown", + "TLS1-NULL-SHA-server":"Test failure - reason unknown", + "TLS1-NULL-SHA-LargeRecord":"Test failure - reason unknown", + "TLS11-NULL-SHA-client":"Test failure - reason unknown", + "DTLS1-NULL-SHA-server":"Test failure - reason unknown", + "TLS11-NULL-SHA-server":"Test failure - reason unknown", + "TLS11-NULL-SHA-LargeRecord":"Test failure - reason unknown", + "TLS12-NULL-SHA-client":"Test failure - reason unknown", + "TLS12-NULL-SHA-server":"Test failure - reason unknown", + "DTLS1-NULL-SHA-client":"Test failure - reason unknown", + "TLS12-NULL-SHA-LargeRecord":"Test failure - reason unknown", + "TLS13-NULL-SHA-client":"Test failure - reason unknown", + "DTLS12-NULL-SHA-server":"Test failure - reason unknown", + "DTLS12-NULL-SHA-client":"Test failure - reason unknown", + "TLS13-AEAD-AES128-GCM-SHA256-server":"Test failure - reason unknown", + "NoSharedCipher":"Test failure - reason unknown", + "UnsupportedCipherSuite":"Test failure - reason unknown", + "NoSharedCipher-TLS13":"Test failure - reason unknown", + "WeakDH":"Test failure - reason unknown", + "ServerHelloBogusCipher-TLS13":"Test failure - reason unknown", + "ServerHelloBogusCipher":"Test failure - reason unknown", + "TLS13-AEAD-AES256-GCM-SHA384-server":"Test failure - reason unknown", + "TLS13-NULL-SHA-server":"Test failure - reason unknown", + "BadECDSA-1-1":"Test failure - reason unknown", + "BadECDSA-1-1-TLS13":"Test failure - reason unknown", + "BadECDSA-1-2-TLS13":"Test failure - reason unknown", + "BadECDSA-1-2":"Test failure - reason unknown", + "UnknownCipher-TLS13":"Test failure - reason unknown", + "BadECDSA-1-4":"Test failure - reason unknown", + "BadECDSA-1-3":"Test failure - reason unknown", + "BadECDSA-1-3-TLS13":"Test failure - reason unknown", + "BadECDSA-1-4-TLS13":"Test failure - reason unknown", + "BadECDSA-2-1-TLS13":"Test failure - reason unknown", + "BadECDSA-2-3":"Test failure - reason unknown", + "BadECDSA-2-2":"Test failure - reason unknown", + "BadECDSA-2-1":"Test failure - reason unknown", + "BadECDSA-2-2-TLS13":"Test failure - reason unknown", + "BadECDSA-2-4":"Test failure - reason unknown", + "BadECDSA-2-3-TLS13":"Test failure - reason unknown", + "BadECDSA-3-2":"Test failure - reason unknown", + "BadECDSA-3-1":"Test failure - reason unknown", + "BadECDSA-2-4-TLS13":"Test failure - reason unknown", + "BadECDSA-3-3-TLS13":"Test failure - reason unknown", + "BadECDSA-3-3":"Test failure - reason unknown", + "BadECDSA-3-1-TLS13":"Test failure - reason unknown", + "BadECDSA-3-2-TLS13":"Test failure - reason unknown", + "BadECDSA-3-4-TLS13":"Test failure - reason unknown", + "BadECDSA-3-4":"Test failure - reason unknown", + "BadECDSA-4-1":"Test failure - reason unknown", + "BadECDSA-4-1-TLS13":"Test failure - reason unknown", + "BadECDSA-4-2":"Test failure - reason unknown", + "BadECDSA-4-2-TLS13":"Test failure - reason unknown", + "BadECDSA-4-3-TLS13":"Test failure - reason unknown", + "BadECDSA-4-3":"Test failure - reason unknown", + "BadECDSA-4-4":"Test failure - reason unknown", + "BadECDSA-4-4-TLS13":"Test failure - reason unknown", + "BadCBCPadding255":"Test failure - reason unknown", + "BadCBCPadding":"Test failure - reason unknown", + "RequireAnyClientCertificate-SSL3":"Test failure - reason unknown", + "NoClientCertificate-Server-SSL3":"Test failure - reason unknown", + "RequireAnyClientCertificate-TLS1":"Test failure - reason unknown", + "SkipClientCertificate-TLS1":"Test failure - reason unknown", + "NoClientCertificate-Server-TLS1":"Test failure - reason unknown", + "SkipClientCertificate-TLS11":"Test failure - reason unknown", + "RequireAnyClientCertificate-TLS11":"Test failure - reason unknown", + "NoClientCertificate-Server-TLS11":"Test failure - reason unknown", + "NoClientCertificate-Server-TLS12":"Test failure - reason unknown", + "TLS13-Client-ClientAuth-RSA":"Test failure - reason unknown", + "RequireAnyClientCertificate-TLS12":"Test failure - reason unknown", + "NoClientCertificate-TLS13":"Test failure - reason unknown", + "TLS13-Client-ClientAuth-ECDSA":"Test failure - reason unknown", + "SkipClientCertificate-TLS12":"Test failure - reason unknown", + "TLS13-Server-ClientAuth-RSA":"Test failure - reason unknown", + "RequireAnyClientCertificate-TLS13":"Test failure - reason unknown", + "TLS13-Server-ClientAuth-ECDSA":"Test failure - reason unknown", + "NoClientCertificate-Server-TLS13":"Test failure - reason unknown", + "NoClientCertificateRequested-Server-TLS13":"Test failure - reason unknown", + "ClientAuth-PSK":"Test failure - reason unknown", + "SillyDH":"Test failure - reason unknown", + "ClientAuth-ECDHE_PSK":"Test failure - reason unknown", + "SkipClientCertificate-TLS13":"Test failure - reason unknown", + "VersionNegotiation-Client2-TLS13-SSL3":"Test failure - reason unknown", + "VersionNegotiation-Server2-TLS13-SSL3":"Test failure - reason unknown", + "VersionNegotiation-Client2-TLS13-TLS1":"Test failure - reason unknown", + "VersionNegotiation-Server2-TLS13-TLS1":"Test failure - reason unknown", + "VersionNegotiation-Client2-TLS13-TLS11":"Test failure - reason unknown", + "VersionNegotiation-Server2-TLS13-TLS11":"Test failure - reason unknown", + "VersionNegotiation-Client2-TLS13-TLS12":"Test failure - reason unknown", + "VersionNegotiation-Server2-TLS13-TLS12":"Test failure - reason unknown", + "VersionNegotiation-Client2-TLS13-TLS13":"Test failure - reason unknown", + "VersionNegotiation-Client-TLS13-TLS13":"Test failure - reason unknown", + "VersionNegotiation-Server2-TLS13-TLS13":"Test failure - reason unknown", + "VersionNegotiationExtension-TLS1-DTLS":"Test failure - reason unknown", + "VersionNegotiation-Server-TLS13-TLS13":"Test failure - reason unknown", + "VersionNegotiationExtension-SSL3":"Test failure - reason unknown", + "NoSupportedVersions-DTLS":"Test failure - reason unknown", + "VersionNegotiationExtension-TLS1":"Test failure - reason unknown", + "VersionNegotiationExtension-TLS11":"Test failure - reason unknown", + "NoSupportedVersions":"Test failure - reason unknown", + "VersionNegotiationExtension-TLS13":"Test failure - reason unknown", + "ConflictingVersionNegotiation-2":"Test failure - reason unknown", + "ConflictingVersionNegotiation":"Test failure - reason unknown", + "VersionTooLow-DTLS":"Test failure - reason unknown", + "ServerBogusVersion":"Test failure - reason unknown", + "VersionTolerance-TLS13":"Test failure - reason unknown", + "VersionTooLow":"Test failure - reason unknown", + "MinimumVersion-Client-SSL3-TLS13":"Test failure - reason unknown", + "MinimumVersion-Client2-SSL3-TLS13":"Test failure - reason unknown", + "MinimumVersion-Server-TLS1-SSL3":"Test failure - reason unknown", + "MinimumVersion-Client2-TLS1-SSL3":"Test failure - reason unknown", + "MinimumVersion-Server2-TLS1-SSL3":"Test failure - reason unknown", + "MinimumVersion-Client-TLS1-SSL3":"Test failure - reason unknown", + "MinimumVersion-Server2-SSL3-TLS13":"Test failure - reason unknown", + "MinimumVersion-Server-SSL3-TLS13":"Test failure - reason unknown", + "MinimumVersion-Client-TLS1-TLS13":"Test failure - reason unknown", + "MinimumVersion-Client2-TLS1-TLS13":"Test failure - reason unknown", + "MinimumVersion-Client2-TLS11-SSL3":"Test failure - reason unknown", + "MinimumVersion-Server-TLS11-SSL3":"Test failure - reason unknown", + "MinimumVersion-Server2-TLS11-SSL3":"Test failure - reason unknown", + "MinimumVersion-Client-TLS11-SSL3":"Test failure - reason unknown", + "MinimumVersion-Server2-TLS11-TLS1":"Test failure - reason unknown", + "MinimumVersion-Client-TLS11-TLS1":"Test failure - reason unknown", + "MinimumVersion-Server-TLS11-TLS1":"Test failure - reason unknown", + "MinimumVersion-Client2-TLS11-TLS1":"Test failure - reason unknown", + "MinimumVersion-Server-TLS1-TLS13":"Test failure - reason unknown", + "MinimumVersion-Client-TLS11-TLS13":"Test failure - reason unknown", + "MinimumVersion-Client2-TLS11-TLS13":"Test failure - reason unknown", + "MinimumVersion-Server-TLS12-SSL3":"Test failure - reason unknown", + "MinimumVersion-Server2-TLS1-TLS13":"Test failure - reason unknown", + "MinimumVersion-Server2-TLS12-SSL3":"Test failure - reason unknown", + "MinimumVersion-Client-TLS12-SSL3":"Test failure - reason unknown", + "MinimumVersion-Client2-TLS12-SSL3":"Test failure - reason unknown", + "MinimumVersion-Server-TLS12-TLS1":"Test failure - reason unknown", + "MinimumVersion-Server2-TLS12-TLS1":"Test failure - reason unknown", + "MinimumVersion-Client-TLS12-TLS1":"Test failure - reason unknown", + "MinimumVersion-Client2-TLS12-TLS1":"Test failure - reason unknown", + "MinimumVersion-Server2-TLS12-TLS1-DTLS":"Test failure - reason unknown", + "MinimumVersion-Server-TLS12-TLS1-DTLS":"Test failure - reason unknown", + "MinimumVersion-Client-TLS12-TLS1-DTLS":"Test failure - reason unknown", + "MinimumVersion-Server-TLS12-TLS11":"Test failure - reason unknown", + "MinimumVersion-Client-TLS12-TLS11":"Test failure - reason unknown", + "MinimumVersion-Server2-TLS12-TLS11":"Test failure - reason unknown", + "MinimumVersion-Client2-TLS12-TLS1-DTLS":"Test failure - reason unknown", + "MinimumVersion-Client2-TLS12-TLS11":"Test failure - reason unknown", + "MinimumVersion-Server2-TLS11-TLS13":"Test failure - reason unknown", + "MinimumVersion-Server-TLS11-TLS13":"Test failure - reason unknown", + "MinimumVersion-Client-TLS12-TLS13":"Test failure - reason unknown", + "MinimumVersion-Client2-TLS12-TLS13":"Test failure - reason unknown", + "MinimumVersion-Client-TLS13-SSL3":"Test failure - reason unknown", + "MinimumVersion-Server-TLS13-SSL3":"Test failure - reason unknown", + "MinimumVersion-Client2-TLS13-SSL3":"Test failure - reason unknown", + "MinimumVersion-Server2-TLS13-SSL3":"Test failure - reason unknown", + "MinimumVersion-Client2-TLS13-TLS1":"Test failure - reason unknown", + "MinimumVersion-Client-TLS13-TLS1":"Test failure - reason unknown", + "MinimumVersion-Server-TLS13-TLS1":"Test failure - reason unknown", + "MinimumVersion-Server2-TLS13-TLS1":"Test failure - reason unknown", + "MinimumVersion-Client-TLS13-TLS11":"Test failure - reason unknown", + "MinimumVersion-Client2-TLS13-TLS11":"Test failure - reason unknown", + "MinimumVersion-Server2-TLS13-TLS11":"Test failure - reason unknown", + "MinimumVersion-Client-TLS13-TLS12":"Test failure - reason unknown", + "MinimumVersion-Server-TLS13-TLS11":"Test failure - reason unknown", + "MinimumVersion-Client2-TLS13-TLS12":"Test failure - reason unknown", + "MinimumVersion-Server2-TLS13-TLS12":"Test failure - reason unknown", + "MinimumVersion-Server-TLS13-TLS12":"Test failure - reason unknown", + "MinimumVersion-Client2-TLS13-TLS13":"Test failure - reason unknown", + "MinimumVersion-Server2-TLS13-TLS13":"Test failure - reason unknown", + "MinimumVersion-Client-TLS13-TLS13":"Test failure - reason unknown", + "ALPNClient-Mismatch-TLS1":"Test failure - reason unknown", + "MinimumVersion-Server2-TLS12-TLS13":"Test failure - reason unknown", + "ALPNServer-Decline-TLS1":"Test failure - reason unknown", + "MinimumVersion-Server-TLS13-TLS13":"Test failure - reason unknown", + "MinimumVersion-Server-TLS12-TLS13":"Test failure - reason unknown", + "ALPNServer-EmptyProtocolName-TLS1":"Test failure - reason unknown", + "ALPNClient-EmptyProtocolName-TLS1":"Test failure - reason unknown", + "NegotiateALPNAndNPN-Swapped-TLS1":"Test failure - reason unknown", + "NegotiateALPNAndNPN-TLS1":"Test failure - reason unknown", + "OversizedSessionId-TLS1":"Test failure - reason unknown", + "SRTP-Client-NoMatch-TLS1":"Test failure - reason unknown", + "ALPNServer-Decline-TLS11":"Test failure - reason unknown", + "ALPNServer-EmptyProtocolName-TLS11":"Test failure - reason unknown", + "ALPNClient-Mismatch-TLS11":"Test failure - reason unknown", + "ALPNClient-EmptyProtocolName-TLS11":"Test failure - reason unknown", + "NegotiateALPNAndNPN-TLS11":"Test failure - reason unknown", + "NegotiateALPNAndNPN-Swapped-TLS11":"Test failure - reason unknown", + "OversizedSessionId-TLS11":"Test failure - reason unknown", + "ALPNServer-Decline-TLS12":"Test failure - reason unknown", + "ALPNClient-Mismatch-TLS12":"Test failure - reason unknown", + "ALPNServer-EmptyProtocolName-TLS12":"Test failure - reason unknown", + "ALPNClient-EmptyProtocolName-TLS12":"Test failure - reason unknown", + "NegotiateALPNAndNPN-TLS12":"Test failure - reason unknown", + "NegotiateALPNAndNPN-Swapped-TLS12":"Test failure - reason unknown", + "OversizedSessionId-TLS12":"Test failure - reason unknown", + "SRTP-Client-NoMatch-TLS12":"Test failure - reason unknown", + "ALPNClient-Mismatch-TLS13":"Test failure - reason unknown", + "ALPNClient-EmptyProtocolName-TLS13":"Test failure - reason unknown", + "ALPNServer-Decline-TLS13":"Test failure - reason unknown", + "ALPNServer-EmptyProtocolName-TLS13":"Test failure - reason unknown", + "ClientHelloPadding":"Test failure - reason unknown", + "NPN-Forbidden-TLS13":"Test failure - reason unknown", + "RenegotiationInfo-Forbidden-TLS13":"Test failure - reason unknown", + "EMS-Forbidden-TLS13":"Test failure - reason unknown", + "Ticket-Forbidden-TLS13":"Test failure - reason unknown", + "Resume-Client-Mismatch-SSL3-TLS1":"Test failure - reason unknown", + "Resume-Client-Mismatch-SSL3-TLS11":"Test failure - reason unknown", + "Resume-Client-Mismatch-SSL3-TLS12":"Test failure - reason unknown", + "Resume-Client-Mismatch-TLS1-SSL3":"Test failure - reason unknown", + "Resume-Client-Mismatch-TLS1-TLS11":"Test failure - reason unknown", + "Resume-Client-Mismatch-TLS1-TLS12":"Test failure - reason unknown", + "Resume-Client-Mismatch-TLS1-TLS13":"Test failure - reason unknown", + "Resume-Client-NoResume-TLS1-TLS13":"Test failure - reason unknown", + "Resume-Client-Mismatch-TLS1-TLS12-DTLS":"Test failure - reason unknown", + "Resume-Client-Mismatch-TLS11-SSL3":"Test failure - reason unknown", + "Resume-Client-Mismatch-TLS11-TLS1":"Test failure - reason unknown", + "Resume-Client-Mismatch-TLS11-TLS12":"Test failure - reason unknown", + "Resume-Server-TLS1-TLS13":"Test failure - reason unknown", + "Resume-Client-Mismatch-TLS11-TLS13":"Test failure - reason unknown", + "Resume-Client-Mismatch-TLS12-SSL3":"Test failure - reason unknown", + "Resume-Client-NoResume-TLS11-TLS13":"Test failure - reason unknown", + "Resume-Client-Mismatch-TLS12-TLS1":"Test failure - reason unknown", + "Resume-Client-Mismatch-TLS12-TLS1-DTLS":"Test failure - reason unknown", + "Resume-Client-Mismatch-TLS12-TLS11":"Test failure - reason unknown", + "Resume-Server-TLS11-TLS13":"Test failure - reason unknown", + "Resume-Client-Mismatch-TLS12-TLS13":"Test failure - reason unknown", + "Resume-Client-NoResume-TLS12-TLS13":"Test failure - reason unknown", + "Resume-Client-NoResume-TLS13-TLS1":"Test failure - reason unknown", + "Resume-Client-Mismatch-TLS13-TLS1":"Test failure - reason unknown", + "Resume-Client-Mismatch-TLS13-TLS11":"Test failure - reason unknown", + "Resume-Client-NoResume-TLS13-TLS12":"Test failure - reason unknown", + "Resume-Client-Mismatch-TLS13-TLS12":"Test failure - reason unknown", + "Resume-Client-NoResume-TLS13-TLS11":"Test failure - reason unknown", + "Resume-Client-TLS13-TLS13":"Test failure - reason unknown", + "Resume-Client-NoResume-TLS13-TLS13":"Test failure - reason unknown", + "Resume-Client-CipherMismatch-TLS13":"Test failure - reason unknown", + "Resume-Client-CipherMismatch":"Test failure - reason unknown", + "Resume-Server-TLS12-TLS13":"Test failure - reason unknown", + "Resume-Server-TLS13-TLS1":"Test failure - reason unknown", + "Resume-Server-TLS13-TLS11":"Test failure - reason unknown", + "Resume-Server-TLS13-TLS12":"Test failure - reason unknown", + "Resume-Server-TLS13-TLS13":"Test failure - reason unknown", + "NoExtendedMasterSecret-TLS13-Client":"Test failure - reason unknown", + "ExtendedMasterSecret-TLS13-Client":"Test failure - reason unknown", + "ExtendedMasterSecret-YesToNo-Server":"Test failure - reason unknown", + "NoExtendedMasterSecret-TLS13-Server":"Test failure - reason unknown", + "ExtendedMasterSecret-YesToNo-Client":"Test failure - reason unknown", + "ExtendedMasterSecret-TLS13-Server":"Test failure - reason unknown", + "ExtendedMasterSecret-NoToYes-Client":"Test failure - reason unknown", + "ExtendedMasterSecret-Renego-NoEMS":"Test failure - reason unknown", + "ExtendedMasterSecret-Renego-Downgrade":"Test failure - reason unknown", + "Renegotiate-Server-Forbidden":"Test failure - reason unknown", + "ExtendedMasterSecret-Renego-Upgrade":"Test failure - reason unknown", + "Renegotiate-Client":"Test failure - reason unknown", + "Renegotiate-Client-Downgrade":"Test failure - reason unknown", + "Renegotiate-Client-BadExt":"Test failure - reason unknown", + "Renegotiate-Client-EmptyExt":"Test failure - reason unknown", + "Renegotiate-Client-Upgrade":"Test failure - reason unknown", + "Renegotiate-Client-NoExt-Allowed":"Test failure - reason unknown", + "Renegotiate-Client-SwitchVersion":"Test failure - reason unknown", + "Renegotiate-Client-SwitchCiphers2":"Test failure - reason unknown", + "Renegotiate-Client-Forbidden-1":"Test failure - reason unknown", + "Renegotiate-SameClientVersion":"Test failure - reason unknown", + "Renegotiate-Client-SwitchCiphers":"Test failure - reason unknown", + "Renegotiate-Client-NoIgnore":"Test failure - reason unknown", + "Renegotiate-Client-Freely-2":"Test failure - reason unknown", + "Renegotiate-Client-Freely-1":"Test failure - reason unknown", + "Renegotiate-Client-TLS13":"Test failure - reason unknown", + "StrayHelloRequest-TLS13":"Test failure - reason unknown", + "Renegotiate-Client-SSL3":"Test failure - reason unknown", + "ServerAuth-InvalidSignature-RSA-PKCS1-SHA1-TLS12":"Test failure - reason unknown", + "ClientAuth-InvalidSignature-RSA-PKCS1-SHA1-TLS12":"Test failure - reason unknown", + "ClientAuth-Sign-RSA-PKCS1-SHA1-TLS13":"Test failure - reason unknown", + "ServerAuth-InvalidSignature-RSA-PKCS1-SHA256-TLS12":"Test failure - reason unknown", + "ClientAuth-InvalidSignature-RSA-PKCS1-SHA256-TLS12":"Test failure - reason unknown", + "ClientAuth-Sign-RSA-PKCS1-SHA256-TLS13":"Test failure - reason unknown", + "ServerAuth-InvalidSignature-RSA-PKCS1-SHA384-TLS12":"Test failure - reason unknown", + "ClientAuth-InvalidSignature-RSA-PKCS1-SHA384-TLS12":"Test failure - reason unknown", + "ClientAuth-Sign-RSA-PKCS1-SHA384-TLS13":"Test failure - reason unknown", + "ServerAuth-Sign-RSA-PKCS1-SHA1-TLS13":"Test failure - reason unknown", + "ClientAuth-InvalidSignature-RSA-PKCS1-SHA512-TLS12":"Test failure - reason unknown", + "ServerAuth-Sign-RSA-PKCS1-SHA256-TLS13":"Test failure - reason unknown", + "ServerAuth-InvalidSignature-RSA-PKCS1-SHA512-TLS12":"Test failure - reason unknown", + "ServerAuth-InvalidSignature-ECDSA-SHA1-TLS12":"Test failure - reason unknown", + "ClientAuth-InvalidSignature-ECDSA-SHA1-TLS12":"Test failure - reason unknown", + "ClientAuth-Sign-RSA-PKCS1-SHA512-TLS13":"Test failure - reason unknown", + "ServerAuth-Sign-RSA-PKCS1-SHA384-TLS13":"Test failure - reason unknown", + "ClientAuth-Sign-ECDSA-SHA1-TLS13":"Test failure - reason unknown", + "ServerAuth-InvalidSignature-ECDSA-P256-SHA256-TLS12":"Test failure - reason unknown", + "ClientAuth-InvalidSignature-ECDSA-P256-SHA256-TLS12":"Test failure - reason unknown", + "ServerAuth-Sign-RSA-PKCS1-SHA512-TLS13":"Test failure - reason unknown", + "ServerAuth-InvalidSignature-ECDSA-P256-SHA256-TLS13":"Test failure - reason unknown", + "ServerAuth-Sign-ECDSA-SHA1-TLS13":"Test failure - reason unknown", + "ServerAuth-InvalidSignature-ECDSA-P384-SHA384-TLS12":"Test failure - reason unknown", + "ClientAuth-InvalidSignature-ECDSA-P384-SHA384-TLS12":"Test failure - reason unknown", + "ClientAuth-InvalidSignature-ECDSA-P256-SHA256-TLS13":"Test failure - reason unknown", + "ServerAuth-InvalidSignature-ECDSA-P384-SHA384-TLS13":"Test failure - reason unknown", + "ClientAuth-InvalidSignature-ECDSA-P384-SHA384-TLS13":"Test failure - reason unknown", + "ClientAuth-InvalidSignature-ECDSA-P521-SHA512-TLS12":"Test failure - reason unknown", + "ServerAuth-InvalidSignature-ECDSA-P521-SHA512-TLS12":"Test failure - reason unknown", + "ServerAuth-Sign-RSA-PSS-SHA256-TLS12":"Test failure - reason unknown", + "ClientAuth-Sign-RSA-PSS-SHA256-TLS12":"Test failure - reason unknown", + "ServerAuth-InvalidSignature-RSA-PSS-SHA256-TLS12":"Test failure - reason unknown", + "ClientAuth-InvalidSignature-RSA-PSS-SHA256-TLS12":"Test failure - reason unknown", + "ServerAuth-InvalidSignature-ECDSA-P521-SHA512-TLS13":"Test failure - reason unknown", + "ServerAuth-InvalidSignature-RSA-PSS-SHA256-TLS13":"Test failure - reason unknown", + "ClientAuth-Sign-RSA-PSS-SHA256-TLS13":"Test failure - reason unknown", + "ServerAuth-Sign-RSA-PSS-SHA384-TLS12":"Test failure - reason unknown", + "ClientAuth-Sign-RSA-PSS-SHA384-TLS12":"Test failure - reason unknown", + "ServerAuth-InvalidSignature-RSA-PSS-SHA384-TLS12":"Test failure - reason unknown", + "ClientAuth-InvalidSignature-ECDSA-P521-SHA512-TLS13":"Test failure - reason unknown", + "ClientAuth-InvalidSignature-RSA-PSS-SHA384-TLS12":"Test failure - reason unknown", + "ServerAuth-Sign-RSA-PSS-SHA256-TLS13":"Test failure - reason unknown", + "ClientAuth-InvalidSignature-RSA-PSS-SHA256-TLS13":"Test failure - reason unknown", + "ClientAuth-Sign-RSA-PSS-SHA384-TLS13":"Test failure - reason unknown", + "ServerAuth-InvalidSignature-RSA-PSS-SHA384-TLS13":"Test failure - reason unknown", + "ServerAuth-Sign-RSA-PSS-SHA512-TLS12":"Test failure - reason unknown", + "ServerAuth-InvalidSignature-RSA-PSS-SHA512-TLS12":"Test failure - reason unknown", + "ClientAuth-Sign-RSA-PSS-SHA512-TLS12":"Test failure - reason unknown", + "ClientAuth-InvalidSignature-RSA-PSS-SHA512-TLS12":"Test failure - reason unknown", + "ServerAuth-InvalidSignature-RSA-PSS-SHA512-TLS13":"Test failure - reason unknown", + "ServerAuth-Sign-RSA-PSS-SHA384-TLS13":"Test failure - reason unknown", + "ClientAuth-Sign-RSA-PSS-SHA512-TLS13":"Test failure - reason unknown", + "ClientAuth-InvalidSignature-RSA-PSS-SHA384-TLS13":"Test failure - reason unknown", + "ServerAuth-InvalidSignature-RSA-SSL3":"Test failure - reason unknown", + "ClientAuth-InvalidSignature-RSA-SSL3":"Test failure - reason unknown", + "ServerAuth-InvalidSignature-RSA-TLS1":"Test failure - reason unknown", + "ClientAuth-InvalidSignature-RSA-PSS-SHA512-TLS13":"Test failure - reason unknown", + "ServerAuth-Sign-RSA-PSS-SHA512-TLS13":"Test failure - reason unknown", + "ClientAuth-InvalidSignature-RSA-TLS1":"Test failure - reason unknown", + "ServerAuth-InvalidSignature-RSA-TLS11":"Test failure - reason unknown", + "ServerAuth-InvalidSignature-ECDSA-TLS1":"Test failure - reason unknown", + "ClientAuth-InvalidSignature-RSA-TLS11":"Test failure - reason unknown", + "ClientAuth-InvalidSignature-ECDSA-TLS1":"Test failure - reason unknown", + "ServerAuth-InvalidSignature-ECDSA-TLS11":"Test failure - reason unknown", + "ClientAuth-InvalidSignature-ECDSA-TLS11":"Test failure - reason unknown", + "ClientAuth-SignatureType-TLS13":"Test failure - reason unknown", + "Verify-ClientAuth-SignatureType":"Test failure - reason unknown", + "Verify-ServerAuth-SignatureType":"Test failure - reason unknown", + "Verify-ServerAuth-SignatureType-TLS13":"Test failure - reason unknown", + "ClientAuth-SHA1-Fallback-RSA":"Test failure - reason unknown", + "ClientAuth-SHA1-Fallback-ECDSA":"Test failure - reason unknown", + "ServerAuth-Enforced":"Test failure - reason unknown", + "ServerAuth-SignatureType-TLS13":"Test failure - reason unknown", + "ClientAuth-NoFallback-TLS13":"Test failure - reason unknown", + "Verify-ClientAuth-SignatureType-TLS13":"Test failure - reason unknown", + "ClientAuth-Enforced":"Test failure - reason unknown", + "ServerAuth-Enforced-TLS13":"Test failure - reason unknown", + "ECDSACurveMismatch-Verify-TLS13":"Test failure - reason unknown", + "CheckLeafCurve-TLS13":"Test failure - reason unknown", + "CheckLeafCurve":"Test failure - reason unknown", + "RSA-PSS-Default-Verify":"Test failure - reason unknown", + "ServerAuth-NoFallback-TLS13":"Test failure - reason unknown", + "RSA-PSS-Default-Sign":"Test failure - reason unknown", + "ClientAuth-Enforced-TLS13":"Test failure - reason unknown", + "ECDSACurveMismatch-Sign-TLS13":"Test failure - reason unknown", + "RSA-PSS-Large":"Test failure - reason unknown", + "KeyUpdate":"Test failure - reason unknown", + "DTLS-Retransmit-Client-1-Async":"Test failure - reason unknown", + "DTLS-Retransmit-Server-1-Async":"Test failure - reason unknown", + "DTLS-Retransmit-Client-2-Async":"Test failure - reason unknown", + "DTLS-Retransmit-Client-3-Async":"Test failure - reason unknown", + "DTLS-Retransmit-Server-2-Async":"Test failure - reason unknown", + "DTLS-Retransmit-Server-3-Async":"Test failure - reason unknown", + "DTLS-Retransmit-Client-4-Async":"Test failure - reason unknown", + "Renegotiate-Client-Packed":"Test failure - reason unknown", + "DTLS-Retransmit-Server-4-Async":"Test failure - reason unknown", + "DTLS-Retransmit-Client-5-Async":"Test failure - reason unknown", + "DTLS-Retransmit-Server-5-Async":"Test failure - reason unknown", + "DTLS-Retransmit-Client-6-Async":"Test failure - reason unknown", + "DTLS-Retransmit-Client-7-Async":"Test failure - reason unknown", + "DTLS-Retransmit-Server-6-Async":"Test failure - reason unknown", + "DTLS-Retransmit-Server-7-Async":"Test failure - reason unknown", + "DTLS-Retransmit-Client-8-Async":"Test failure - reason unknown", + "DTLS-Retransmit-Client-9-Async":"Test failure - reason unknown", + "DTLS-Retransmit-Server-8-Async":"Test failure - reason unknown", + "DTLS-Retransmit-Server-9-Async":"Test failure - reason unknown", + "DTLS-Retransmit-Client-10-Async":"Test failure - reason unknown", + "DTLS-Retransmit-Client-11-Async":"Test failure - reason unknown", + "DTLS-Retransmit-Server-10-Async":"Test failure - reason unknown", + "DTLS-Retransmit-Server-11-Async":"Test failure - reason unknown", + "DTLS-Retransmit-Client-12-Async":"Test failure - reason unknown", + "DTLS-Retransmit-Server-12-Async":"Test failure - reason unknown", + "DTLS-Retransmit-Timeout-Async":"Test failure - reason unknown", + "DTLS-Retransmit-Fudge-Async":"Test failure - reason unknown", + "DTLS-Retransmit-Fragmented-Async":"Test failure - reason unknown", + "DTLS-Retransmit-Client-1":"Test failure - reason unknown", + "DTLS-Retransmit-Server-1":"Test failure - reason unknown", + "DTLS-Retransmit-Client-2":"Test failure - reason unknown", + "DTLS-Retransmit-Server-2":"Test failure - reason unknown", + "DTLS-Retransmit-Client-3":"Test failure - reason unknown", + "DTLS-Retransmit-Client-4":"Test failure - reason unknown", + "DTLS-Retransmit-Server-3":"Test failure - reason unknown", + "DTLS-Retransmit-Server-4":"Test failure - reason unknown", + "DTLS-Retransmit-Client-5":"Test failure - reason unknown", + "DTLS-Retransmit-Server-5":"Test failure - reason unknown", + "DTLS-Retransmit-Client-6":"Test failure - reason unknown", + "DTLS-Retransmit-Server-6":"Test failure - reason unknown", + "DTLS-Retransmit-Client-7":"Test failure - reason unknown", + "DTLS-Retransmit-Server-7":"Test failure - reason unknown", + "DTLS-Retransmit-Client-8":"Test failure - reason unknown", + "DTLS-Retransmit-Client-9":"Test failure - reason unknown", + "DTLS-Retransmit-Server-8":"Test failure - reason unknown", + "DTLS-Retransmit-Server-9":"Test failure - reason unknown", + "DTLS-Retransmit-Client-10":"Test failure - reason unknown", + "CustomExtensions-ParseError-Server":"Test failure - reason unknown", + "CustomExtensions-ParseError-Server-TLS13":"Test failure - reason unknown", + "CustomExtensions-FailAdd-Server":"Test failure - reason unknown", + "CustomExtensions-FailAdd-Server-TLS13":"Test failure - reason unknown", + "CustomExtensions-ParseError-Client":"Test failure - reason unknown", + "CustomExtensions-ParseError-Client-TLS13":"Test failure - reason unknown", + "CustomExtensions-FailAdd-Client":"Test failure - reason unknown", + "CustomExtensions-FailAdd-Client-TLS13":"Test failure - reason unknown", + "UnknownExtension-Client":"Test failure - reason unknown", + "UnknownExtension-Client-TLS13":"Test failure - reason unknown", + "UnknownUnencryptedExtension-Client-TLS13":"Test failure - reason unknown", + "UnexpectedUnencryptedExtension-Client-TLS13":"Test failure - reason unknown", + "UnofferedExtension-Client":"Test failure - reason unknown", + "UnofferedExtension-Client-TLS13":"Test failure - reason unknown", + "BadRSAClientKeyExchange-1":"Test failure - reason unknown", + "BadRSAClientKeyExchange-2":"Test failure - reason unknown", + "BadRSAClientKeyExchange-3":"Test failure - reason unknown", + "BadRSAClientKeyExchange-4":"Test failure - reason unknown", + "NoSupportedCurves":"Test failure - reason unknown", + "NoSupportedCurves-TLS13":"Test failure - reason unknown", + "BadECDHECurve":"Test failure - reason unknown", + "BadECDHECurve-TLS13":"Test failure - reason unknown", + "UnsupportedCurve":"Test failure - reason unknown", + "UnsupportedCurve-ServerHello-TLS13":"Test failure - reason unknown", + "InvalidECDHPoint-Client":"Test failure - reason unknown", + "InvalidECDHPoint-Client-TLS13":"Test failure - reason unknown", + "InvalidECDHPoint-Server":"Test failure - reason unknown", + "InvalidECDHPoint-Server-TLS13":"Test failure - reason unknown", + "CECPQ1-Client-BadX25519Part":"Test failure - reason unknown", + "CECPQ1-Client-BadNewhopePart":"Test failure - reason unknown", + "CECPQ1-Server-BadX25519Part":"Test failure - reason unknown", + "CECPQ1-Server-BadNewhopePart":"Test failure - reason unknown", + "TLS13-SendUnknownModeSessionTicket-Server":"Test failure - reason unknown", + "TLS13-SendBadKEModeSessionTicket-Server":"Test failure - reason unknown", + "TLS13-SendBadAuthModeSessionTicket-Server":"Test failure - reason unknown", + "TLS13-SendUnknownModeSessionTicket-Client":"Test failure - reason unknown", + "TLS13-SendBadKEModeSessionTicket-Client":"Test failure - reason unknown", + "TLS13-SendBadAuthModeSessionTicket-Client":"Test failure - reason unknown", + "TLS13-RecordPadding":"Test failure - reason unknown", + "TLS13-EmptyRecords":"Test failure - reason unknown", + "TLS13-OnlyPadding":"Test failure - reason unknown", + "TLS13-WrongOuterRecord":"Test failure - reason unknown", + "Basic-Client-RenewTicket-Sync":"Test failure - reason unknown", + "TLS13-1RTT-Client-Sync":"Test failure - reason unknown", + "TLS13-1RTT-Server-Sync":"Test failure - reason unknown", + "TLS13-HelloRetryRequest-Client-Sync":"Test failure - reason unknown", + "TLS13-HelloRetryRequest-Server-Sync":"Test failure - reason unknown", + "CertificateVerificationFail-Client-SSL3-Sync":"Test failure - reason unknown", + "CertificateVerificationSucceed-Server-SSL3-Sync":"Test failure - reason unknown", + "CertificateVerificationFail-Server-SSL3-Sync":"Test failure - reason unknown", + "CertificateVerificationFail-Client-TLS1-Sync":"Test failure - reason unknown", + "CertificateVerificationSucceed-Server-TLS1-Sync":"Test failure - reason unknown", + "CertificateVerificationFail-Server-TLS1-Sync":"Test failure - reason unknown", + "CertificateVerificationFail-Client-TLS11-Sync":"Test failure - reason unknown", + "CertificateVerificationSucceed-Server-TLS11-Sync":"Test failure - reason unknown", + "CertificateVerificationFail-Server-TLS11-Sync":"Test failure - reason unknown", + "CertificateVerificationFail-Client-TLS12-Sync":"Test failure - reason unknown", + "CertificateVerificationSucceed-Server-TLS12-Sync":"Test failure - reason unknown", + "CertificateVerificationFail-Server-TLS12-Sync":"Test failure - reason unknown", + "CertificateVerificationFail-Client-TLS13-Sync":"Test failure - reason unknown", + "CertificateVerificationSucceed-Server-TLS13-Sync":"Test failure - reason unknown", + "CertificateVerificationFail-Server-TLS13-Sync":"Test failure - reason unknown", + "Renegotiate-Client-Sync":"Test failure - reason unknown", + "Shutdown-Shim-Sync":"Test failure - reason unknown", + "Basic-Client-RenewTicket-Sync-SplitHandshakeRecords":"Test failure - reason unknown", + "TLS13-1RTT-Client-Sync-SplitHandshakeRecords":"Test failure - reason unknown", + "TLS13-1RTT-Server-Sync-SplitHandshakeRecords":"Test failure - reason unknown", + "TLS13-HelloRetryRequest-Client-Sync-SplitHandshakeRecords":"Test failure - reason unknown", + "TLS13-HelloRetryRequest-Server-Sync-SplitHandshakeRecords":"Test failure - reason unknown", + "CertificateVerificationFail-Client-SSL3-Sync-SplitHandshakeRecords":"Test failure - reason unknown", + "CertificateVerificationSucceed-Server-SSL3-Sync-SplitHandshakeRecords":"Test failure - reason unknown", + "CertificateVerificationFail-Server-SSL3-Sync-SplitHandshakeRecords":"Test failure - reason unknown", + "CertificateVerificationFail-Client-TLS1-Sync-SplitHandshakeRecords":"Test failure - reason unknown", + "CertificateVerificationSucceed-Server-TLS1-Sync-SplitHandshakeRecords":"Test failure - reason unknown", + "CertificateVerificationFail-Server-TLS1-Sync-SplitHandshakeRecords":"Test failure - reason unknown", + "CertificateVerificationFail-Client-TLS11-Sync-SplitHandshakeRecords":"Test failure - reason unknown", + "CertificateVerificationSucceed-Server-TLS11-Sync-SplitHandshakeRecords":"Test failure - reason unknown", + "CertificateVerificationFail-Server-TLS11-Sync-SplitHandshakeRecords":"Test failure - reason unknown", + "CertificateVerificationFail-Client-TLS12-Sync-SplitHandshakeRecords":"Test failure - reason unknown", + "CertificateVerificationSucceed-Server-TLS12-Sync-SplitHandshakeRecords":"Test failure - reason unknown", + "CertificateVerificationFail-Server-TLS12-Sync-SplitHandshakeRecords":"Test failure - reason unknown", + "CertificateVerificationFail-Client-TLS13-Sync-SplitHandshakeRecords":"Test failure - reason unknown", + "CertificateVerificationSucceed-Server-TLS13-Sync-SplitHandshakeRecords":"Test failure - reason unknown", + "CertificateVerificationFail-Server-TLS13-Sync-SplitHandshakeRecords":"Test failure - reason unknown", + "Renegotiate-Client-Sync-SplitHandshakeRecords":"Test failure - reason unknown", + "Shutdown-Shim-Sync-SplitHandshakeRecords":"Test failure - reason unknown", + "Basic-Client-RenewTicket-Sync-PackHandshakeFlight":"Test failure - reason unknown", + "TLS13-1RTT-Client-Sync-PackHandshakeFlight":"Test failure - reason unknown", + "TLS13-1RTT-Server-Sync-PackHandshakeFlight":"Test failure - reason unknown", + "TLS13-HelloRetryRequest-Client-Sync-PackHandshakeFlight":"Test failure - reason unknown", + "TLS13-HelloRetryRequest-Server-Sync-PackHandshakeFlight":"Test failure - reason unknown", + "CertificateVerificationFail-Client-SSL3-Sync-PackHandshakeFlight":"Test failure - reason unknown", + "CertificateVerificationSucceed-Server-SSL3-Sync-PackHandshakeFlight":"Test failure - reason unknown", + "CertificateVerificationFail-Server-SSL3-Sync-PackHandshakeFlight":"Test failure - reason unknown", + "CertificateVerificationFail-Client-TLS1-Sync-PackHandshakeFlight":"Test failure - reason unknown", + "CertificateVerificationSucceed-Server-TLS1-Sync-PackHandshakeFlight":"Test failure - reason unknown", + "CertificateVerificationFail-Server-TLS1-Sync-PackHandshakeFlight":"Test failure - reason unknown", + "CertificateVerificationFail-Client-TLS11-Sync-PackHandshakeFlight":"Test failure - reason unknown", + "CertificateVerificationSucceed-Server-TLS11-Sync-PackHandshakeFlight":"Test failure - reason unknown", + "CertificateVerificationFail-Server-TLS11-Sync-PackHandshakeFlight":"Test failure - reason unknown", + "CertificateVerificationFail-Client-TLS12-Sync-PackHandshakeFlight":"Test failure - reason unknown", + "CertificateVerificationSucceed-Server-TLS12-Sync-PackHandshakeFlight":"Test failure - reason unknown", + "CertificateVerificationFail-Server-TLS12-Sync-PackHandshakeFlight":"Test failure - reason unknown", + "CertificateVerificationFail-Client-TLS13-Sync-PackHandshakeFlight":"Test failure - reason unknown", + "CertificateVerificationSucceed-Server-TLS13-Sync-PackHandshakeFlight":"Test failure - reason unknown", + "CertificateVerificationFail-Server-TLS13-Sync-PackHandshakeFlight":"Test failure - reason unknown", + "Renegotiate-Client-Sync-PackHandshakeFlight":"Test failure - reason unknown", + "Shutdown-Shim-Sync-PackHandshakeFlight":"Test failure - reason unknown", + "Basic-Client-RenewTicket-DTLS-Sync":"Test failure - reason unknown", + "CertificateVerificationFail-Client-TLS1-DTLS-Sync":"Test failure - reason unknown", + "CertificateVerificationSucceed-Server-TLS1-DTLS-Sync":"Test failure - reason unknown", + "CertificateVerificationFail-Server-TLS1-DTLS-Sync":"Test failure - reason unknown", + "CertificateVerificationFail-Client-TLS12-DTLS-Sync":"Test failure - reason unknown", + "CertificateVerificationSucceed-Server-TLS12-DTLS-Sync":"Test failure - reason unknown", + "CertificateVerificationFail-Server-TLS12-DTLS-Sync":"Test failure - reason unknown", + "Basic-Client-RenewTicket-DTLS-Sync-SplitHandshakeRecords":"Test failure - reason unknown", + "Basic-Server-DTLS-Sync-SplitHandshakeRecords":"Test failure - reason unknown", + "Basic-Server-Implicit-DTLS-Sync-SplitHandshakeRecords":"Test failure - reason unknown", + "ClientAuth-NoCertificate-Server-DTLS-Sync-SplitHandshakeRecords":"Test failure - reason unknown", + "ClientAuth-ECDSA-Client-DTLS-Sync-SplitHandshakeRecords":"Test failure - reason unknown", + "ClientAuth-ECDSA-Client-TLS13-DTLS-Sync-SplitHandshakeRecords":"Test failure - reason unknown", + "Basic-Server-RSA-DTLS-Sync-SplitHandshakeRecords":"Test failure - reason unknown", + "Basic-Server-ECDHE-RSA-DTLS-Sync-SplitHandshakeRecords":"Test failure - reason unknown", + "Basic-Server-ECDHE-ECDSA-DTLS-Sync-SplitHandshakeRecords":"Test failure - reason unknown", + "CertificateVerificationFail-Client-TLS1-DTLS-Sync-SplitHandshakeRecords":"Test failure - reason unknown", + "CertificateVerificationSucceed-Server-TLS1-DTLS-Sync-SplitHandshakeRecords":"Test failure - reason unknown", + "CertificateVerificationFail-Server-TLS1-DTLS-Sync-SplitHandshakeRecords":"Test failure - reason unknown", + "CertificateVerificationFail-Client-TLS12-DTLS-Sync-SplitHandshakeRecords":"Test failure - reason unknown", + "CertificateVerificationSucceed-Server-TLS12-DTLS-Sync-SplitHandshakeRecords":"Test failure - reason unknown", + "CertificateVerificationFail-Server-TLS12-DTLS-Sync-SplitHandshakeRecords":"Test failure - reason unknown", + "Basic-Client-RenewTicket-Async":"Test failure - reason unknown", + "TLS13-1RTT-Client-Async":"Test failure - reason unknown", + "TLS13-1RTT-Server-Async":"Test failure - reason unknown", + "TLS13-HelloRetryRequest-Client-Async":"Test failure - reason unknown", + "TLS13-HelloRetryRequest-Server-Async":"Test failure - reason unknown", + "CertificateVerificationFail-Client-SSL3-Async":"Test failure - reason unknown", + "CertificateVerificationSucceed-Server-SSL3-Async":"Test failure - reason unknown", + "CertificateVerificationFail-Server-SSL3-Async":"Test failure - reason unknown", + "CertificateVerificationFail-Client-TLS1-Async":"Test failure - reason unknown", + "CertificateVerificationSucceed-Server-TLS1-Async":"Test failure - reason unknown", + "CertificateVerificationFail-Server-TLS1-Async":"Test failure - reason unknown", + "CertificateVerificationFail-Client-TLS11-Async":"Test failure - reason unknown", + "CertificateVerificationSucceed-Server-TLS11-Async":"Test failure - reason unknown", + "CertificateVerificationFail-Server-TLS11-Async":"Test failure - reason unknown", + "CertificateVerificationFail-Client-TLS12-Async":"Test failure - reason unknown", + "CertificateVerificationSucceed-Server-TLS12-Async":"Test failure - reason unknown", + "CertificateVerificationFail-Server-TLS12-Async":"Test failure - reason unknown", + "CertificateVerificationFail-Client-TLS13-Async":"Test failure - reason unknown", + "CertificateVerificationSucceed-Server-TLS13-Async":"Test failure - reason unknown", + "CertificateVerificationFail-Server-TLS13-Async":"Test failure - reason unknown", + "Shutdown-Shim-Async":"Test failure - reason unknown", + "Basic-Client-RenewTicket-Async-SplitHandshakeRecords":"Test failure - reason unknown", + "TLS13-1RTT-Client-Async-SplitHandshakeRecords":"Test failure - reason unknown", + "TLS13-1RTT-Server-Async-SplitHandshakeRecords":"Test failure - reason unknown", + "TLS13-HelloRetryRequest-Client-Async-SplitHandshakeRecords":"Test failure - reason unknown", + "TLS13-HelloRetryRequest-Server-Async-SplitHandshakeRecords":"Test failure - reason unknown", + "CertificateVerificationFail-Client-SSL3-Async-SplitHandshakeRecords":"Test failure - reason unknown", + "DTLS-Retransmit-Server-10":"Test failure - reason unknown", + "CertificateVerificationSucceed-Server-SSL3-Async-SplitHandshakeRecords":"Test failure - reason unknown", + "CertificateVerificationFail-Server-SSL3-Async-SplitHandshakeRecords":"Test failure - reason unknown", + "CertificateVerificationFail-Client-TLS1-Async-SplitHandshakeRecords":"Test failure - reason unknown", + "CertificateVerificationFail-Server-TLS1-Async-SplitHandshakeRecords":"Test failure - reason unknown", + "CertificateVerificationSucceed-Server-TLS1-Async-SplitHandshakeRecords":"Test failure - reason unknown", + "CertificateVerificationFail-Client-TLS11-Async-SplitHandshakeRecords":"Test failure - reason unknown", + "CertificateVerificationFail-Server-TLS11-Async-SplitHandshakeRecords":"Test failure - reason unknown", + "CertificateVerificationSucceed-Server-TLS11-Async-SplitHandshakeRecords":"Test failure - reason unknown", + "CertificateVerificationFail-Client-TLS12-Async-SplitHandshakeRecords":"Test failure - reason unknown", + "CertificateVerificationFail-Server-TLS12-Async-SplitHandshakeRecords":"Test failure - reason unknown", + "CertificateVerificationSucceed-Server-TLS12-Async-SplitHandshakeRecords":"Test failure - reason unknown", + "CertificateVerificationFail-Client-TLS13-Async-SplitHandshakeRecords":"Test failure - reason unknown", + "CertificateVerificationFail-Server-TLS13-Async-SplitHandshakeRecords":"Test failure - reason unknown", + "CertificateVerificationSucceed-Server-TLS13-Async-SplitHandshakeRecords":"Test failure - reason unknown", + "Shutdown-Shim-Async-SplitHandshakeRecords":"Test failure - reason unknown", + "Basic-Client-RenewTicket-Async-PackHandshakeFlight":"Test failure - reason unknown", + "TLS13-1RTT-Client-Async-PackHandshakeFlight":"Test failure - reason unknown", + "TLS13-HelloRetryRequest-Client-Async-PackHandshakeFlight":"Test failure - reason unknown", + "TLS13-HelloRetryRequest-Server-Async-PackHandshakeFlight":"Test failure - reason unknown", + "TLS13-1RTT-Server-Async-PackHandshakeFlight":"Test failure - reason unknown", + "CertificateVerificationFail-Client-SSL3-Async-PackHandshakeFlight":"Test failure - reason unknown", + "CertificateVerificationSucceed-Server-SSL3-Async-PackHandshakeFlight":"Test failure - reason unknown", + "CertificateVerificationFail-Server-SSL3-Async-PackHandshakeFlight":"Test failure - reason unknown", + "CertificateVerificationFail-Client-TLS1-Async-PackHandshakeFlight":"Test failure - reason unknown", + "CertificateVerificationSucceed-Server-TLS1-Async-PackHandshakeFlight":"Test failure - reason unknown", + "CertificateVerificationFail-Server-TLS1-Async-PackHandshakeFlight":"Test failure - reason unknown", + "CertificateVerificationFail-Client-TLS11-Async-PackHandshakeFlight":"Test failure - reason unknown", + "CertificateVerificationFail-Server-TLS11-Async-PackHandshakeFlight":"Test failure - reason unknown", + "CertificateVerificationSucceed-Server-TLS11-Async-PackHandshakeFlight":"Test failure - reason unknown", + "CertificateVerificationFail-Client-TLS12-Async-PackHandshakeFlight":"Test failure - reason unknown", + "CertificateVerificationSucceed-Server-TLS12-Async-PackHandshakeFlight":"Test failure - reason unknown", + "CertificateVerificationFail-Server-TLS12-Async-PackHandshakeFlight":"Test failure - reason unknown", + "CertificateVerificationFail-Client-TLS13-Async-PackHandshakeFlight":"Test failure - reason unknown", + "CertificateVerificationFail-Server-TLS13-Async-PackHandshakeFlight":"Test failure - reason unknown", + "CertificateVerificationSucceed-Server-TLS13-Async-PackHandshakeFlight":"Test failure - reason unknown", + "Shutdown-Shim-Async-PackHandshakeFlight":"Test failure - reason unknown", + "Basic-Client-RenewTicket-DTLS-Async":"Test failure - reason unknown", + "DTLS-Retransmit-Client-11":"Test failure - reason unknown", + "DTLS-Retransmit-Client-12":"Test failure - reason unknown", + "DTLS-Retransmit-Server-11":"Test failure - reason unknown", + "DTLS-Retransmit-Timeout":"Test failure - reason unknown", + "DTLS-Retransmit-Server-12":"Test failure - reason unknown", + "DTLS-Retransmit-Fragmented":"Test failure - reason unknown", + "CertificateVerificationFail-Client-TLS1-DTLS-Async":"Test failure - reason unknown", + "CertificateVerificationSucceed-Server-TLS1-DTLS-Async":"Test failure - reason unknown", + "CertificateVerificationFail-Client-TLS12-DTLS-Async":"Test failure - reason unknown", + "CertificateVerificationFail-Server-TLS1-DTLS-Async":"Test failure - reason unknown", + "CertificateVerificationFail-Server-TLS12-DTLS-Async":"Test failure - reason unknown", + "CertificateVerificationSucceed-Server-TLS12-DTLS-Async":"Test failure - reason unknown", + "Basic-Server-DTLS-Async-SplitHandshakeRecords":"Test failure - reason unknown", + "Basic-Server-Implicit-DTLS-Async-SplitHandshakeRecords":"Test failure - reason unknown", + "ClientAuth-NoCertificate-Server-DTLS-Async-SplitHandshakeRecords":"Test failure - reason unknown", + "Basic-Client-RenewTicket-DTLS-Async-SplitHandshakeRecords":"Test failure - reason unknown", + "ClientAuth-ECDSA-Client-DTLS-Async-SplitHandshakeRecords":"Test failure - reason unknown", + "ClientAuth-ECDSA-Client-TLS13-DTLS-Async-SplitHandshakeRecords":"Test failure - reason unknown", + "Basic-Server-RSA-DTLS-Async-SplitHandshakeRecords":"Test failure - reason unknown", + "Basic-Server-ECDHE-ECDSA-DTLS-Async-SplitHandshakeRecords":"Test failure - reason unknown", + "Basic-Server-ECDHE-RSA-DTLS-Async-SplitHandshakeRecords":"Test failure - reason unknown", + "CertificateVerificationFail-Server-TLS1-DTLS-Async-SplitHandshakeRecords":"Test failure - reason unknown", + "CertificateVerificationFail-Client-TLS1-DTLS-Async-SplitHandshakeRecords":"Test failure - reason unknown", + "CertificateVerificationFail-Client-TLS12-DTLS-Async-SplitHandshakeRecords":"Test failure - reason unknown", + "CertificateVerificationSucceed-Server-TLS12-DTLS-Async-SplitHandshakeRecords":"Test failure - reason unknown", + "CertificateVerificationSucceed-Server-TLS1-DTLS-Async-SplitHandshakeRecords":"Test failure - reason unknown", + "SkipChangeCipherSpec-Server-NPN":"Test failure - reason unknown", + "SkipChangeCipherSpec-Server":"Test failure - reason unknown", + "FragmentAcrossChangeCipherSpec-Client-Resume":"Test failure - reason unknown", + "CertificateVerificationFail-Server-TLS12-DTLS-Async-SplitHandshakeRecords":"Test failure - reason unknown", + "SkipChangeCipherSpec-Client":"Test failure - reason unknown", + "FragmentAcrossChangeCipherSpec-Server":"Test failure - reason unknown", + "FragmentAcrossChangeCipherSpec-Client":"Test failure - reason unknown", + "FragmentAcrossChangeCipherSpec-Server-NPN":"Test failure - reason unknown", + "FragmentAcrossChangeCipherSpec-Server-Resume":"Test failure - reason unknown", + "FragmentAcrossChangeCipherSpec-Client-Resume-Packed":"Test failure - reason unknown", + "FragmentAcrossChangeCipherSpec-Server-Resume-Packed":"Test failure - reason unknown", + "FragmentAcrossChangeCipherSpec-Client-Packed":"Test failure - reason unknown", + "FragmentAcrossChangeCipherSpec-Server-Packed":"Test failure - reason unknown", + "SendUnencryptedFinished-DTLS":"Test failure - reason unknown", + "FragmentAcrossChangeCipherSpec-Server-NPN-Packed":"Test failure - reason unknown", + "StrayChangeCipherSpec":"Test failure - reason unknown", + "EarlyChangeCipherSpec-server-2":"Test failure - reason unknown", + "EarlyChangeCipherSpec-server-1":"Test failure - reason unknown", + "PartialEncryptedExtensionsWithServerHello":"Test failure - reason unknown", + "WrongMessageType-ClientHello":"Test failure - reason unknown", + "BadChangeCipherSpec-2":"Test failure - reason unknown", + "BadChangeCipherSpec-DTLS-2":"Test failure - reason unknown", + "BadChangeCipherSpec-DTLS-1":"Test failure - reason unknown", + "BadChangeCipherSpec-1":"Test failure - reason unknown", + "WrongMessageType-ServerHello":"Test failure - reason unknown", + "WrongMessageType-ServerCertificate":"Test failure - reason unknown", + "WrongMessageType-CertificateRequest":"Test failure - reason unknown", + "WrongMessageType-ServerKeyExchange":"Test failure - reason unknown", + "WrongMessageType-ServerHelloDone":"Test failure - reason unknown", + "WrongMessageType-ClientCertificate":"Test failure - reason unknown", + "WrongMessageType-ClientKeyExchange":"Test failure - reason unknown", + "WrongMessageType-ClientFinished":"Test failure - reason unknown", + "WrongMessageType-NewSessionTicket":"Test failure - reason unknown", + "WrongMessageType-ServerFinished":"Test failure - reason unknown", + "WrongMessageType-NextProtocol":"Test failure - reason unknown", + "WrongMessageType-CertificateVerify":"Test failure - reason unknown", + "WrongMessageType-ClientHello-DTLS":"Test failure - reason unknown", + "WrongMessageType-HelloVerifyRequest-DTLS":"Test failure - reason unknown", + "WrongMessageType-ServerHello-DTLS":"Test failure - reason unknown", + "WrongMessageType-CertificateRequest-DTLS":"Test failure - reason unknown", + "PartialClientFinishedWithClientHello":"Test failure - reason unknown", + "WrongMessageType-ServerKeyExchange-DTLS":"Test failure - reason unknown", + "WrongMessageType-ServerCertificate-DTLS":"Test failure - reason unknown", + "WrongMessageType-ClientKeyExchange-DTLS":"Test failure - reason unknown", + "WrongMessageType-ServerHelloDone-DTLS":"Test failure - reason unknown", + "WrongMessageType-CertificateVerify-DTLS":"Test failure - reason unknown", + "WrongMessageType-ClientCertificate-DTLS":"Test failure - reason unknown", + "WrongMessageType-ClientFinished-DTLS":"Test failure - reason unknown", + "WrongMessageType-ServerFinished-DTLS":"Test failure - reason unknown", + "WrongMessageType-TLS13-ServerHello":"Test failure - reason unknown", + "WrongMessageType-NewSessionTicket-DTLS":"Test failure - reason unknown", + "WrongMessageType-TLS13-ServerCertificate":"Test failure - reason unknown", + "WrongMessageType-TLS13-CertificateRequest":"Test failure - reason unknown", + "WrongMessageType-TLS13-EncryptedExtensions":"Test failure - reason unknown", + "TrailingMessageData-ClientHello":"Test failure - reason unknown", + "WrongMessageType-TLS13-ServerCertificateVerify":"Test failure - reason unknown", + "WrongMessageType-TLS13-ServerFinished":"Test failure - reason unknown", + "TrailingMessageData-ServerHello":"Test failure - reason unknown", + "TrailingMessageData-ServerCertificate":"Test failure - reason unknown", + "TrailingMessageData-ServerKeyExchange":"Test failure - reason unknown", + "TrailingMessageData-CertificateRequest":"Test failure - reason unknown", + "TrailingMessageData-ServerHelloDone":"Test failure - reason unknown", + "TrailingMessageData-ClientKeyExchange":"Test failure - reason unknown", + "WrongMessageType-TLS13-ClientHello":"Test failure - reason unknown", + "TrailingMessageData-ClientCertificate":"Test failure - reason unknown", + "TrailingMessageData-CertificateVerify":"Test failure - reason unknown", + "TrailingMessageData-NextProtocol":"Test failure - reason unknown", + "TrailingMessageData-ClientFinished":"Test failure - reason unknown", + "TrailingMessageData-ClientHello-DTLS":"Test failure - reason unknown", + "TrailingMessageData-NewSessionTicket":"Test failure - reason unknown", + "TrailingMessageData-ServerFinished":"Test failure - reason unknown", + "WrongMessageType-TLS13-ClientFinished":"Test failure - reason unknown", + "WrongMessageType-TLS13-ClientCertificateVerify":"Test failure - reason unknown", + "WrongMessageType-TLS13-ClientCertificate":"Test failure - reason unknown", + "TrailingMessageData-ServerHello-DTLS":"Test failure - reason unknown", + "TrailingMessageData-HelloVerifyRequest-DTLS":"Test failure - reason unknown", + "TrailingMessageData-CertificateRequest-DTLS":"Test failure - reason unknown", + "TrailingMessageData-ServerHelloDone-DTLS":"Test failure - reason unknown", + "TrailingMessageData-ServerCertificate-DTLS":"Test failure - reason unknown", + "TrailingMessageData-ServerKeyExchange-DTLS":"Test failure - reason unknown", + "TrailingMessageData-ClientKeyExchange-DTLS":"Test failure - reason unknown", + "TrailingMessageData-ClientCertificate-DTLS":"Test failure - reason unknown", + "TrailingMessageData-ClientFinished-DTLS":"Test failure - reason unknown", + "TrailingMessageData-NewSessionTicket-DTLS":"Test failure - reason unknown", + "TrailingMessageData-ServerFinished-DTLS":"Test failure - reason unknown", + "TrailingMessageData-CertificateVerify-DTLS":"Test failure - reason unknown", + "TrailingMessageData-TLS13-EncryptedExtensions":"Test failure - reason unknown", + "TrailingMessageData-TLS13-ServerHello":"Test failure - reason unknown", + "TrailingMessageData-TLS13-ServerCertificate":"Test failure - reason unknown", + "TrailingMessageData-TLS13-ServerCertificateVerify":"Test failure - reason unknown", + "TrailingMessageData-TLS13-CertificateRequest":"Test failure - reason unknown", + "TrailingMessageData-TLS13-ServerFinished":"Test failure - reason unknown", + "OmitServerHelloSignatureAlgorithms":"Test failure - reason unknown", + "IncludeServerHelloSignatureAlgorithms":"Test failure - reason unknown", + "NegotiatePSKResumption-TLS13":"Test failure - reason unknown", + "MissingKeyShare-Client":"Test failure - reason unknown", + "TrailingMessageData-TLS13-ClientHello":"Test failure - reason unknown", + "EmptyEncryptedExtensions":"Test failure - reason unknown", + "EncryptedExtensionsWithKeyShare":"Test failure - reason unknown", + "TrailingMessageData-TLS13-ClientFinished":"Test failure - reason unknown", + "TrailingMessageData-TLS13-ClientCertificateVerify":"Test failure - reason unknown", + "TrailingMessageData-TLS13-ClientCertificate":"Test failure - reason unknown", + "DisabledCurve-HelloRetryRequest":"Test failure - reason unknown", + "UnnecessaryHelloRetryRequest":"Test failure - reason unknown", + "SecondClientHelloMissingKeyShare":"Test failure - reason unknown", + "DuplicateKeyShares":"Test failure - reason unknown", + "MissingKeyShare-Server":"Test failure - reason unknown", + "SecondClientHelloWrongCurve":"Test failure - reason unknown", + "TLS13-RequestContextInHandshake":"Test failure - reason unknown", + "UnknownCurve-HelloRetryRequest":"Test failure - reason unknown", + "TLS13-AlwaysSelectPSKIdentity":"Test failure - reason unknown", + "HelloRetryRequestVersionMismatch":"Test failure - reason unknown", + "TLS13-InvalidPSKIdentity":"Test failure - reason unknown", + "HelloRetryRequestCurveMismatch":"Test failure - reason unknown", + "SecondHelloRetryRequest":"Test failure - reason unknown", + "Peek-Renegotiate":"Test failure - reason unknown", + "SkipHelloRetryRequest":"Test failure - reason unknown", + "Peek-Alert":"Test failure - reason unknown", + "TLS13-TrailingKeyShareData":"Test failure - reason unknown", + "Peek-KeyUpdate":"Test failure - reason unknown" + }, + "ErrorMap" : { + } +} diff --git a/test/ossl_shim/ossl_shim.cc b/test/ossl_shim/ossl_shim.cc new file mode 100644 index 0000000..4da340b --- /dev/null +++ b/test/ossl_shim/ossl_shim.cc @@ -0,0 +1,1265 @@ +/* + * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#if !defined(__STDC_FORMAT_MACROS) +#define __STDC_FORMAT_MACROS +#endif + +#include + +#if !defined(OPENSSL_SYS_WINDOWS) +#include +#include +#include +#include +#include +#include +#include +#else +#include +OPENSSL_MSVC_PRAGMA(warning(push, 3)) +#include +#include +OPENSSL_MSVC_PRAGMA(warning(pop)) + +OPENSSL_MSVC_PRAGMA(comment(lib, "Ws2_32.lib")) +#endif + +#include +#include +#include + +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include + +#include +#include +#include + +#include "async_bio.h" +#include "packeted_bio.h" +#include "test_config.h" + +namespace bssl { + +#if !defined(OPENSSL_SYS_WINDOWS) +static int closesocket(int sock) { + return close(sock); +} + +static void PrintSocketError(const char *func) { + perror(func); +} +#else +static void PrintSocketError(const char *func) { + fprintf(stderr, "%s: %d\n", func, WSAGetLastError()); +} +#endif + +static int Usage(const char *program) { + fprintf(stderr, "Usage: %s [flags...]\n", program); + return 1; +} + +struct TestState { + // async_bio is async BIO which pauses reads and writes. + BIO *async_bio = nullptr; + // packeted_bio is the packeted BIO which simulates read timeouts. + BIO *packeted_bio = nullptr; + bool cert_ready = false; + bool handshake_done = false; + // private_key is the underlying private key used when testing custom keys. + bssl::UniquePtr private_key; + bool got_new_session = false; + bssl::UniquePtr new_session; + bool ticket_decrypt_done = false; + bool alpn_select_done = false; +}; + +static void TestStateExFree(void *parent, void *ptr, CRYPTO_EX_DATA *ad, + int index, long argl, void *argp) { + delete ((TestState *)ptr); +} + +static int g_config_index = 0; +static int g_state_index = 0; + +static bool SetTestConfig(SSL *ssl, const TestConfig *config) { + return SSL_set_ex_data(ssl, g_config_index, (void *)config) == 1; +} + +static const TestConfig *GetTestConfig(const SSL *ssl) { + return (const TestConfig *)SSL_get_ex_data(ssl, g_config_index); +} + +static bool SetTestState(SSL *ssl, std::unique_ptr state) { + // |SSL_set_ex_data| takes ownership of |state| only on success. + if (SSL_set_ex_data(ssl, g_state_index, state.get()) == 1) { + state.release(); + return true; + } + return false; +} + +static TestState *GetTestState(const SSL *ssl) { + return (TestState *)SSL_get_ex_data(ssl, g_state_index); +} + +static bssl::UniquePtr LoadCertificate(const std::string &file) { + bssl::UniquePtr bio(BIO_new(BIO_s_file())); + if (!bio || !BIO_read_filename(bio.get(), file.c_str())) { + return nullptr; + } + return bssl::UniquePtr(PEM_read_bio_X509(bio.get(), NULL, NULL, NULL)); +} + +static bssl::UniquePtr LoadPrivateKey(const std::string &file) { + bssl::UniquePtr bio(BIO_new(BIO_s_file())); + if (!bio || !BIO_read_filename(bio.get(), file.c_str())) { + return nullptr; + } + return bssl::UniquePtr( + PEM_read_bio_PrivateKey(bio.get(), NULL, NULL, NULL)); +} + +template +struct Free { + void operator()(T *buf) { + free(buf); + } +}; + +static bool GetCertificate(SSL *ssl, bssl::UniquePtr *out_x509, + bssl::UniquePtr *out_pkey) { + const TestConfig *config = GetTestConfig(ssl); + + if (!config->key_file.empty()) { + *out_pkey = LoadPrivateKey(config->key_file.c_str()); + if (!*out_pkey) { + return false; + } + } + if (!config->cert_file.empty()) { + *out_x509 = LoadCertificate(config->cert_file.c_str()); + if (!*out_x509) { + return false; + } + } + return true; +} + +static bool InstallCertificate(SSL *ssl) { + bssl::UniquePtr x509; + bssl::UniquePtr pkey; + if (!GetCertificate(ssl, &x509, &pkey)) { + return false; + } + + if (pkey && !SSL_use_PrivateKey(ssl, pkey.get())) { + return false; + } + + if (x509 && !SSL_use_certificate(ssl, x509.get())) { + return false; + } + + return true; +} + +static int ClientCertCallback(SSL *ssl, X509 **out_x509, EVP_PKEY **out_pkey) { + if (GetTestConfig(ssl)->async && !GetTestState(ssl)->cert_ready) { + return -1; + } + + bssl::UniquePtr x509; + bssl::UniquePtr pkey; + if (!GetCertificate(ssl, &x509, &pkey)) { + return -1; + } + + // Return zero for no certificate. + if (!x509) { + return 0; + } + + // Asynchronous private keys are not supported with client_cert_cb. + *out_x509 = x509.release(); + *out_pkey = pkey.release(); + return 1; +} + +static int VerifySucceed(X509_STORE_CTX *store_ctx, void *arg) { + return 1; +} + +static int VerifyFail(X509_STORE_CTX *store_ctx, void *arg) { + X509_STORE_CTX_set_error(store_ctx, X509_V_ERR_APPLICATION_VERIFICATION); + return 0; +} + +static int NextProtosAdvertisedCallback(SSL *ssl, const uint8_t **out, + unsigned int *out_len, void *arg) { + const TestConfig *config = GetTestConfig(ssl); + if (config->advertise_npn.empty()) { + return SSL_TLSEXT_ERR_NOACK; + } + + *out = (const uint8_t*)config->advertise_npn.data(); + *out_len = config->advertise_npn.size(); + return SSL_TLSEXT_ERR_OK; +} + +static int NextProtoSelectCallback(SSL* ssl, uint8_t** out, uint8_t* outlen, + const uint8_t* in, unsigned inlen, void* arg) { + const TestConfig *config = GetTestConfig(ssl); + if (config->select_next_proto.empty()) { + return SSL_TLSEXT_ERR_NOACK; + } + + *out = (uint8_t*)config->select_next_proto.data(); + *outlen = config->select_next_proto.size(); + return SSL_TLSEXT_ERR_OK; +} + +static int AlpnSelectCallback(SSL* ssl, const uint8_t** out, uint8_t* outlen, + const uint8_t* in, unsigned inlen, void* arg) { + if (GetTestState(ssl)->alpn_select_done) { + fprintf(stderr, "AlpnSelectCallback called after completion.\n"); + exit(1); + } + + GetTestState(ssl)->alpn_select_done = true; + + const TestConfig *config = GetTestConfig(ssl); + if (config->decline_alpn) { + return SSL_TLSEXT_ERR_NOACK; + } + + if (!config->expected_advertised_alpn.empty() && + (config->expected_advertised_alpn.size() != inlen || + memcmp(config->expected_advertised_alpn.data(), + in, inlen) != 0)) { + fprintf(stderr, "bad ALPN select callback inputs\n"); + exit(1); + } + + *out = (const uint8_t*)config->select_alpn.data(); + *outlen = config->select_alpn.size(); + return SSL_TLSEXT_ERR_OK; +} + +static unsigned PskClientCallback(SSL *ssl, const char *hint, + char *out_identity, + unsigned max_identity_len, + uint8_t *out_psk, unsigned max_psk_len) { + const TestConfig *config = GetTestConfig(ssl); + + if (config->psk_identity.empty()) { + if (hint != nullptr) { + fprintf(stderr, "Server PSK hint was non-null.\n"); + return 0; + } + } else if (hint == nullptr || + strcmp(hint, config->psk_identity.c_str()) != 0) { + fprintf(stderr, "Server PSK hint did not match.\n"); + return 0; + } + + // Account for the trailing '\0' for the identity. + if (config->psk_identity.size() >= max_identity_len || + config->psk.size() > max_psk_len) { + fprintf(stderr, "PSK buffers too small\n"); + return 0; + } + + BUF_strlcpy(out_identity, config->psk_identity.c_str(), + max_identity_len); + memcpy(out_psk, config->psk.data(), config->psk.size()); + return config->psk.size(); +} + +static unsigned PskServerCallback(SSL *ssl, const char *identity, + uint8_t *out_psk, unsigned max_psk_len) { + const TestConfig *config = GetTestConfig(ssl); + + if (strcmp(identity, config->psk_identity.c_str()) != 0) { + fprintf(stderr, "Client PSK identity did not match.\n"); + return 0; + } + + if (config->psk.size() > max_psk_len) { + fprintf(stderr, "PSK buffers too small\n"); + return 0; + } + + memcpy(out_psk, config->psk.data(), config->psk.size()); + return config->psk.size(); +} + +static int CertCallback(SSL *ssl, void *arg) { + const TestConfig *config = GetTestConfig(ssl); + + // Check the CertificateRequest metadata is as expected. + // + // TODO(davidben): Test |SSL_get_client_CA_list|. + if (!SSL_is_server(ssl) && + !config->expected_certificate_types.empty()) { + const uint8_t *certificate_types; + size_t certificate_types_len = + SSL_get0_certificate_types(ssl, &certificate_types); + if (certificate_types_len != config->expected_certificate_types.size() || + memcmp(certificate_types, + config->expected_certificate_types.data(), + certificate_types_len) != 0) { + fprintf(stderr, "certificate types mismatch\n"); + return 0; + } + } + + // The certificate will be installed via other means. + if (!config->async || + config->use_old_client_cert_callback) { + return 1; + } + + if (!GetTestState(ssl)->cert_ready) { + return -1; + } + if (!InstallCertificate(ssl)) { + return 0; + } + return 1; +} + +static void InfoCallback(const SSL *ssl, int type, int val) { + if (type == SSL_CB_HANDSHAKE_DONE) { + if (GetTestConfig(ssl)->handshake_never_done) { + fprintf(stderr, "Handshake unexpectedly completed.\n"); + // Abort before any expected error code is printed, to ensure the overall + // test fails. + abort(); + } + GetTestState(ssl)->handshake_done = true; + + // Callbacks may be called again on a new handshake. + GetTestState(ssl)->ticket_decrypt_done = false; + GetTestState(ssl)->alpn_select_done = false; + } +} + +static int NewSessionCallback(SSL *ssl, SSL_SESSION *session) { + GetTestState(ssl)->got_new_session = true; + GetTestState(ssl)->new_session.reset(session); + return 1; +} + +static int TicketKeyCallback(SSL *ssl, uint8_t *key_name, uint8_t *iv, + EVP_CIPHER_CTX *ctx, HMAC_CTX *hmac_ctx, + int encrypt) { + if (!encrypt) { + if (GetTestState(ssl)->ticket_decrypt_done) { + fprintf(stderr, "TicketKeyCallback called after completion.\n"); + return -1; + } + + GetTestState(ssl)->ticket_decrypt_done = true; + } + + // This is just test code, so use the all-zeros key. + static const uint8_t kZeros[16] = {0}; + + if (encrypt) { + memcpy(key_name, kZeros, sizeof(kZeros)); + RAND_bytes(iv, 16); + } else if (memcmp(key_name, kZeros, 16) != 0) { + return 0; + } + + if (!HMAC_Init_ex(hmac_ctx, kZeros, sizeof(kZeros), EVP_sha256(), NULL) || + !EVP_CipherInit_ex(ctx, EVP_aes_128_cbc(), NULL, kZeros, iv, encrypt)) { + return -1; + } + + if (!encrypt) { + return GetTestConfig(ssl)->renew_ticket ? 2 : 1; + } + return 1; +} + +// kCustomExtensionValue is the extension value that the custom extension +// callbacks will add. +static const uint16_t kCustomExtensionValue = 1234; +static void *const kCustomExtensionAddArg = + reinterpret_cast(kCustomExtensionValue); +static void *const kCustomExtensionParseArg = + reinterpret_cast(kCustomExtensionValue + 1); +static const char kCustomExtensionContents[] = "custom extension"; + +static int CustomExtensionAddCallback(SSL *ssl, unsigned extension_value, + const uint8_t **out, size_t *out_len, + int *out_alert_value, void *add_arg) { + if (extension_value != kCustomExtensionValue || + add_arg != kCustomExtensionAddArg) { + abort(); + } + + if (GetTestConfig(ssl)->custom_extension_skip) { + return 0; + } + if (GetTestConfig(ssl)->custom_extension_fail_add) { + return -1; + } + + *out = reinterpret_cast(kCustomExtensionContents); + *out_len = sizeof(kCustomExtensionContents) - 1; + + return 1; +} + +static void CustomExtensionFreeCallback(SSL *ssl, unsigned extension_value, + const uint8_t *out, void *add_arg) { + if (extension_value != kCustomExtensionValue || + add_arg != kCustomExtensionAddArg || + out != reinterpret_cast(kCustomExtensionContents)) { + abort(); + } +} + +static int CustomExtensionParseCallback(SSL *ssl, unsigned extension_value, + const uint8_t *contents, + size_t contents_len, + int *out_alert_value, void *parse_arg) { + if (extension_value != kCustomExtensionValue || + parse_arg != kCustomExtensionParseArg) { + abort(); + } + + if (contents_len != sizeof(kCustomExtensionContents) - 1 || + memcmp(contents, kCustomExtensionContents, contents_len) != 0) { + *out_alert_value = SSL_AD_DECODE_ERROR; + return 0; + } + + return 1; +} + +// Connect returns a new socket connected to localhost on |port| or -1 on +// error. +static int Connect(uint16_t port) { + int sock = socket(AF_INET, SOCK_STREAM, 0); + if (sock == -1) { + PrintSocketError("socket"); + return -1; + } + int nodelay = 1; + if (setsockopt(sock, IPPROTO_TCP, TCP_NODELAY, + reinterpret_cast(&nodelay), sizeof(nodelay)) != 0) { + PrintSocketError("setsockopt"); + closesocket(sock); + return -1; + } + sockaddr_in sin; + memset(&sin, 0, sizeof(sin)); + sin.sin_family = AF_INET; + sin.sin_port = htons(port); + if (!inet_pton(AF_INET, "127.0.0.1", &sin.sin_addr)) { + PrintSocketError("inet_pton"); + closesocket(sock); + return -1; + } + if (connect(sock, reinterpret_cast(&sin), + sizeof(sin)) != 0) { + PrintSocketError("connect"); + closesocket(sock); + return -1; + } + return sock; +} + +class SocketCloser { + public: + explicit SocketCloser(int sock) : sock_(sock) {} + ~SocketCloser() { + // Half-close and drain the socket before releasing it. This seems to be + // necessary for graceful shutdown on Windows. It will also avoid write + // failures in the test runner. +#if defined(OPENSSL_SYS_WINDOWS) + shutdown(sock_, SD_SEND); +#else + shutdown(sock_, SHUT_WR); +#endif + while (true) { + char buf[1024]; + if (recv(sock_, buf, sizeof(buf), 0) <= 0) { + break; + } + } + closesocket(sock_); + } + + private: + const int sock_; +}; + +static bssl::UniquePtr SetupCtx(const TestConfig *config) { + bssl::UniquePtr ssl_ctx(SSL_CTX_new( + config->is_dtls ? DTLS_method() : TLS_method())); + if (!ssl_ctx) { + return nullptr; + } + + SSL_CTX_set_security_level(ssl_ctx.get(), 0); +#if 0 + /* Disabled for now until we have some TLS1.3 support */ + // Enable TLS 1.3 for tests. + if (!config->is_dtls && + !SSL_CTX_set_max_proto_version(ssl_ctx.get(), TLS1_3_VERSION)) { + return nullptr; + } +#endif + + std::string cipher_list = "ALL"; + if (!config->cipher.empty()) { + cipher_list = config->cipher; + SSL_CTX_set_options(ssl_ctx.get(), SSL_OP_CIPHER_SERVER_PREFERENCE); + } + if (!SSL_CTX_set_cipher_list(ssl_ctx.get(), cipher_list.c_str())) { + return nullptr; + } + + DH *tmpdh; + + if (config->use_sparse_dh_prime) { + BIGNUM *p, *g; + p = BN_new(); + g = BN_new(); + tmpdh = DH_new(); + if (p == NULL || g == NULL || tmpdh == NULL) { + BN_free(p); + BN_free(g); + DH_free(tmpdh); + return nullptr; + } + // This prime number is 2^1024 + 643 ? a value just above a power of two. + // Because of its form, values modulo it are essentially certain to be one + // byte shorter. This is used to test padding of these values. + if (BN_hex2bn( + &p, + "1000000000000000000000000000000000000000000000000000000000000000" + "0000000000000000000000000000000000000000000000000000000000000000" + "0000000000000000000000000000000000000000000000000000000000000000" + "0000000000000000000000000000000000000000000000000000000000000028" + "3") == 0 || + !BN_set_word(g, 2)) { + BN_free(p); + BN_free(g); + DH_free(tmpdh); + return nullptr; + } + DH_set0_pqg(tmpdh, p, NULL, g); + } else { + tmpdh = DH_get_2048_256(); + } + + bssl::UniquePtr dh(tmpdh); + + if (!dh || !SSL_CTX_set_tmp_dh(ssl_ctx.get(), dh.get())) { + return nullptr; + } + + SSL_CTX_set_session_cache_mode(ssl_ctx.get(), SSL_SESS_CACHE_BOTH); + + if (config->use_old_client_cert_callback) { + SSL_CTX_set_client_cert_cb(ssl_ctx.get(), ClientCertCallback); + } + + SSL_CTX_set_next_protos_advertised_cb( + ssl_ctx.get(), NextProtosAdvertisedCallback, NULL); + if (!config->select_next_proto.empty()) { + SSL_CTX_set_next_proto_select_cb(ssl_ctx.get(), NextProtoSelectCallback, + NULL); + } + + if (!config->select_alpn.empty() || config->decline_alpn) { + SSL_CTX_set_alpn_select_cb(ssl_ctx.get(), AlpnSelectCallback, NULL); + } + + SSL_CTX_set_info_callback(ssl_ctx.get(), InfoCallback); + SSL_CTX_sess_set_new_cb(ssl_ctx.get(), NewSessionCallback); + + if (config->use_ticket_callback) { + SSL_CTX_set_tlsext_ticket_key_cb(ssl_ctx.get(), TicketKeyCallback); + } + + if (config->enable_client_custom_extension && + !SSL_CTX_add_client_custom_ext( + ssl_ctx.get(), kCustomExtensionValue, CustomExtensionAddCallback, + CustomExtensionFreeCallback, kCustomExtensionAddArg, + CustomExtensionParseCallback, kCustomExtensionParseArg)) { + return nullptr; + } + + if (config->enable_server_custom_extension && + !SSL_CTX_add_server_custom_ext( + ssl_ctx.get(), kCustomExtensionValue, CustomExtensionAddCallback, + CustomExtensionFreeCallback, kCustomExtensionAddArg, + CustomExtensionParseCallback, kCustomExtensionParseArg)) { + return nullptr; + } + + if (config->verify_fail) { + SSL_CTX_set_cert_verify_callback(ssl_ctx.get(), VerifyFail, NULL); + } else { + SSL_CTX_set_cert_verify_callback(ssl_ctx.get(), VerifySucceed, NULL); + } + + if (config->use_null_client_ca_list) { + SSL_CTX_set_client_CA_list(ssl_ctx.get(), nullptr); + } + + return ssl_ctx; +} + +// RetryAsync is called after a failed operation on |ssl| with return code +// |ret|. If the operation should be retried, it simulates one asynchronous +// event and returns true. Otherwise it returns false. +static bool RetryAsync(SSL *ssl, int ret) { + // No error; don't retry. + if (ret >= 0) { + return false; + } + + TestState *test_state = GetTestState(ssl); + assert(GetTestConfig(ssl)->async); + + if (test_state->packeted_bio != nullptr && + PacketedBioAdvanceClock(test_state->packeted_bio)) { + // The DTLS retransmit logic silently ignores write failures. So the test + // may progress, allow writes through synchronously. + AsyncBioEnforceWriteQuota(test_state->async_bio, false); + int timeout_ret = DTLSv1_handle_timeout(ssl); + AsyncBioEnforceWriteQuota(test_state->async_bio, true); + + if (timeout_ret < 0) { + fprintf(stderr, "Error retransmitting.\n"); + return false; + } + return true; + } + + // See if we needed to read or write more. If so, allow one byte through on + // the appropriate end to maximally stress the state machine. + switch (SSL_get_error(ssl, ret)) { + case SSL_ERROR_WANT_READ: + AsyncBioAllowRead(test_state->async_bio, 1); + return true; + case SSL_ERROR_WANT_WRITE: + AsyncBioAllowWrite(test_state->async_bio, 1); + return true; + case SSL_ERROR_WANT_X509_LOOKUP: + test_state->cert_ready = true; + return true; + default: + return false; + } +} + +// DoRead reads from |ssl|, resolving any asynchronous operations. It returns +// the result value of the final |SSL_read| call. +static int DoRead(SSL *ssl, uint8_t *out, size_t max_out) { + const TestConfig *config = GetTestConfig(ssl); + TestState *test_state = GetTestState(ssl); + int ret; + do { + if (config->async) { + // The DTLS retransmit logic silently ignores write failures. So the test + // may progress, allow writes through synchronously. |SSL_read| may + // trigger a retransmit, so disconnect the write quota. + AsyncBioEnforceWriteQuota(test_state->async_bio, false); + } + ret = config->peek_then_read ? SSL_peek(ssl, out, max_out) + : SSL_read(ssl, out, max_out); + if (config->async) { + AsyncBioEnforceWriteQuota(test_state->async_bio, true); + } + } while (config->async && RetryAsync(ssl, ret)); + + if (config->peek_then_read && ret > 0) { + std::unique_ptr buf(new uint8_t[static_cast(ret)]); + + // SSL_peek should synchronously return the same data. + int ret2 = SSL_peek(ssl, buf.get(), ret); + if (ret2 != ret || + memcmp(buf.get(), out, ret) != 0) { + fprintf(stderr, "First and second SSL_peek did not match.\n"); + return -1; + } + + // SSL_read should synchronously return the same data and consume it. + ret2 = SSL_read(ssl, buf.get(), ret); + if (ret2 != ret || + memcmp(buf.get(), out, ret) != 0) { + fprintf(stderr, "SSL_peek and SSL_read did not match.\n"); + return -1; + } + } + + return ret; +} + +// WriteAll writes |in_len| bytes from |in| to |ssl|, resolving any asynchronous +// operations. It returns the result of the final |SSL_write| call. +static int WriteAll(SSL *ssl, const uint8_t *in, size_t in_len) { + const TestConfig *config = GetTestConfig(ssl); + int ret; + do { + ret = SSL_write(ssl, in, in_len); + if (ret > 0) { + in += ret; + in_len -= ret; + } + } while ((config->async && RetryAsync(ssl, ret)) || (ret > 0 && in_len > 0)); + return ret; +} + +// DoShutdown calls |SSL_shutdown|, resolving any asynchronous operations. It +// returns the result of the final |SSL_shutdown| call. +static int DoShutdown(SSL *ssl) { + const TestConfig *config = GetTestConfig(ssl); + int ret; + do { + ret = SSL_shutdown(ssl); + } while (config->async && RetryAsync(ssl, ret)); + return ret; +} + +static uint16_t GetProtocolVersion(const SSL *ssl) { + uint16_t version = SSL_version(ssl); + if (!SSL_is_dtls(ssl)) { + return version; + } + return 0x0201 + ~version; +} + +// CheckHandshakeProperties checks, immediately after |ssl| completes its +// initial handshake (or False Starts), whether all the properties are +// consistent with the test configuration and invariants. +static bool CheckHandshakeProperties(SSL *ssl, bool is_resume) { + const TestConfig *config = GetTestConfig(ssl); + + if (SSL_get_current_cipher(ssl) == nullptr) { + fprintf(stderr, "null cipher after handshake\n"); + return false; + } + + if (is_resume && + (!!SSL_session_reused(ssl) == config->expect_session_miss)) { + fprintf(stderr, "session was%s reused\n", + SSL_session_reused(ssl) ? "" : " not"); + return false; + } + + if (!GetTestState(ssl)->handshake_done) { + fprintf(stderr, "handshake was not completed\n"); + return false; + } + + if (!config->is_server) { + bool expect_new_session = + !config->expect_no_session && + (!SSL_session_reused(ssl) || config->expect_ticket_renewal) && + // Session tickets are sent post-handshake in TLS 1.3. + GetProtocolVersion(ssl) < TLS1_3_VERSION; + if (expect_new_session != GetTestState(ssl)->got_new_session) { + fprintf(stderr, + "new session was%s cached, but we expected the opposite\n", + GetTestState(ssl)->got_new_session ? "" : " not"); + return false; + } + } + + if (!config->expected_server_name.empty()) { + const char *server_name = + SSL_get_servername(ssl, TLSEXT_NAMETYPE_host_name); + if (server_name != config->expected_server_name) { + fprintf(stderr, "servername mismatch (got %s; want %s)\n", + server_name, config->expected_server_name.c_str()); + return false; + } + } + + if (!config->expected_next_proto.empty()) { + const uint8_t *next_proto; + unsigned next_proto_len; + SSL_get0_next_proto_negotiated(ssl, &next_proto, &next_proto_len); + if (next_proto_len != config->expected_next_proto.size() || + memcmp(next_proto, config->expected_next_proto.data(), + next_proto_len) != 0) { + fprintf(stderr, "negotiated next proto mismatch\n"); + return false; + } + } + + if (!config->expected_alpn.empty()) { + const uint8_t *alpn_proto; + unsigned alpn_proto_len; + SSL_get0_alpn_selected(ssl, &alpn_proto, &alpn_proto_len); + if (alpn_proto_len != config->expected_alpn.size() || + memcmp(alpn_proto, config->expected_alpn.data(), + alpn_proto_len) != 0) { + fprintf(stderr, "negotiated alpn proto mismatch\n"); + return false; + } + } + + if (config->expect_extended_master_secret) { + if (!SSL_get_extms_support(ssl)) { + fprintf(stderr, "No EMS for connection when expected"); + return false; + } + } + + if (config->expect_verify_result) { + int expected_verify_result = config->verify_fail ? + X509_V_ERR_APPLICATION_VERIFICATION : + X509_V_OK; + + if (SSL_get_verify_result(ssl) != expected_verify_result) { + fprintf(stderr, "Wrong certificate verification result\n"); + return false; + } + } + + if (!config->psk.empty()) { + if (SSL_get_peer_cert_chain(ssl) != nullptr) { + fprintf(stderr, "Received peer certificate on a PSK cipher.\n"); + return false; + } + } else if (!config->is_server || config->require_any_client_certificate) { + if (SSL_get_peer_cert_chain(ssl) == nullptr) { + fprintf(stderr, "Received no peer certificate but expected one.\n"); + return false; + } + } + + return true; +} + +// DoExchange runs a test SSL exchange against the peer. On success, it returns +// true and sets |*out_session| to the negotiated SSL session. If the test is a +// resumption attempt, |is_resume| is true and |session| is the session from the +// previous exchange. +static bool DoExchange(bssl::UniquePtr *out_session, + SSL_CTX *ssl_ctx, const TestConfig *config, + bool is_resume, SSL_SESSION *session) { + bssl::UniquePtr ssl(SSL_new(ssl_ctx)); + if (!ssl) { + return false; + } + + if (!SetTestConfig(ssl.get(), config) || + !SetTestState(ssl.get(), std::unique_ptr(new TestState))) { + return false; + } + + if (config->fallback_scsv && + !SSL_set_mode(ssl.get(), SSL_MODE_SEND_FALLBACK_SCSV)) { + return false; + } + // Install the certificate synchronously if nothing else will handle it. + if (!config->use_old_client_cert_callback && + !config->async && + !InstallCertificate(ssl.get())) { + return false; + } + SSL_set_cert_cb(ssl.get(), CertCallback, nullptr); + if (config->require_any_client_certificate) { + SSL_set_verify(ssl.get(), SSL_VERIFY_PEER|SSL_VERIFY_FAIL_IF_NO_PEER_CERT, + NULL); + } + if (config->verify_peer) { + SSL_set_verify(ssl.get(), SSL_VERIFY_PEER, NULL); + } + if (config->partial_write) { + SSL_set_mode(ssl.get(), SSL_MODE_ENABLE_PARTIAL_WRITE); + } + if (config->no_tls13) { + SSL_set_options(ssl.get(), SSL_OP_NO_TLSv1_3); + } + if (config->no_tls12) { + SSL_set_options(ssl.get(), SSL_OP_NO_TLSv1_2); + } + if (config->no_tls11) { + SSL_set_options(ssl.get(), SSL_OP_NO_TLSv1_1); + } + if (config->no_tls1) { + SSL_set_options(ssl.get(), SSL_OP_NO_TLSv1); + } + if (config->no_ssl3) { + SSL_set_options(ssl.get(), SSL_OP_NO_SSLv3); + } + if (!config->host_name.empty() && + !SSL_set_tlsext_host_name(ssl.get(), config->host_name.c_str())) { + return false; + } + if (!config->advertise_alpn.empty() && + SSL_set_alpn_protos(ssl.get(), + (const uint8_t *)config->advertise_alpn.data(), + config->advertise_alpn.size()) != 0) { + return false; + } + if (!config->psk.empty()) { + SSL_set_psk_client_callback(ssl.get(), PskClientCallback); + SSL_set_psk_server_callback(ssl.get(), PskServerCallback); + } + if (!config->psk_identity.empty() && + !SSL_use_psk_identity_hint(ssl.get(), config->psk_identity.c_str())) { + return false; + } + if (!config->srtp_profiles.empty() && + SSL_set_tlsext_use_srtp(ssl.get(), config->srtp_profiles.c_str())) { + return false; + } + if (config->min_version != 0 && + !SSL_set_min_proto_version(ssl.get(), (uint16_t)config->min_version)) { + return false; + } + if (config->max_version != 0 && + !SSL_set_max_proto_version(ssl.get(), (uint16_t)config->max_version)) { + return false; + } + if (config->mtu != 0) { + SSL_set_options(ssl.get(), SSL_OP_NO_QUERY_MTU); + SSL_set_mtu(ssl.get(), config->mtu); + } + if (config->renegotiate_freely) { + // This is always on for OpenSSL. + } + if (!config->check_close_notify) { + SSL_set_quiet_shutdown(ssl.get(), 1); + } + if (config->p384_only) { + int nid = NID_secp384r1; + if (!SSL_set1_curves(ssl.get(), &nid, 1)) { + return false; + } + } + if (config->enable_all_curves) { + static const int kAllCurves[] = { + NID_X9_62_prime256v1, NID_secp384r1, NID_secp521r1, NID_X25519, + }; + if (!SSL_set1_curves(ssl.get(), kAllCurves, + OPENSSL_ARRAY_SIZE(kAllCurves))) { + return false; + } + } + if (config->max_cert_list > 0) { + SSL_set_max_cert_list(ssl.get(), config->max_cert_list); + } + + int sock = Connect(config->port); + if (sock == -1) { + return false; + } + SocketCloser closer(sock); + + bssl::UniquePtr bio(BIO_new_socket(sock, BIO_NOCLOSE)); + if (!bio) { + return false; + } + if (config->is_dtls) { + bssl::UniquePtr packeted = PacketedBioCreate(!config->async); + if (!packeted) { + return false; + } + GetTestState(ssl.get())->packeted_bio = packeted.get(); + BIO_push(packeted.get(), bio.release()); + bio = std::move(packeted); + } + if (config->async) { + bssl::UniquePtr async_scoped = + config->is_dtls ? AsyncBioCreateDatagram() : AsyncBioCreate(); + if (!async_scoped) { + return false; + } + BIO_push(async_scoped.get(), bio.release()); + GetTestState(ssl.get())->async_bio = async_scoped.get(); + bio = std::move(async_scoped); + } + SSL_set_bio(ssl.get(), bio.get(), bio.get()); + bio.release(); // SSL_set_bio takes ownership. + + if (session != NULL) { + if (!config->is_server) { + if (SSL_set_session(ssl.get(), session) != 1) { + return false; + } + } + } + +#if 0 + // KNOWN BUG: OpenSSL's SSL_get_current_cipher behaves incorrectly when + // offering resumption. + if (SSL_get_current_cipher(ssl.get()) != nullptr) { + fprintf(stderr, "non-null cipher before handshake\n"); + return false; + } +#endif + + int ret; + if (config->implicit_handshake) { + if (config->is_server) { + SSL_set_accept_state(ssl.get()); + } else { + SSL_set_connect_state(ssl.get()); + } + } else { + do { + if (config->is_server) { + ret = SSL_accept(ssl.get()); + } else { + ret = SSL_connect(ssl.get()); + } + } while (config->async && RetryAsync(ssl.get(), ret)); + if (ret != 1 || + !CheckHandshakeProperties(ssl.get(), is_resume)) { + return false; + } + + // Reset the state to assert later that the callback isn't called in + // renegotations. + GetTestState(ssl.get())->got_new_session = false; + } + + if (config->export_keying_material > 0) { + std::vector result( + static_cast(config->export_keying_material)); + if (SSL_export_keying_material( + ssl.get(), result.data(), result.size(), + config->export_label.data(), config->export_label.size(), + reinterpret_cast(config->export_context.data()), + config->export_context.size(), config->use_export_context) != 1) { + fprintf(stderr, "failed to export keying material\n"); + return false; + } + if (WriteAll(ssl.get(), result.data(), result.size()) < 0) { + return false; + } + } + + if (config->write_different_record_sizes) { + if (config->is_dtls) { + fprintf(stderr, "write_different_record_sizes not supported for DTLS\n"); + return false; + } + // This mode writes a number of different record sizes in an attempt to + // trip up the CBC record splitting code. + static const size_t kBufLen = 32769; + std::unique_ptr buf(new uint8_t[kBufLen]); + memset(buf.get(), 0x42, kBufLen); + static const size_t kRecordSizes[] = { + 0, 1, 255, 256, 257, 16383, 16384, 16385, 32767, 32768, 32769}; + for (size_t i = 0; i < OPENSSL_ARRAY_SIZE(kRecordSizes); i++) { + const size_t len = kRecordSizes[i]; + if (len > kBufLen) { + fprintf(stderr, "Bad kRecordSizes value.\n"); + return false; + } + if (WriteAll(ssl.get(), buf.get(), len) < 0) { + return false; + } + } + } else { + if (config->shim_writes_first) { + if (WriteAll(ssl.get(), reinterpret_cast("hello"), + 5) < 0) { + return false; + } + } + if (!config->shim_shuts_down) { + for (;;) { + static const size_t kBufLen = 16384; + std::unique_ptr buf(new uint8_t[kBufLen]); + + // Read only 512 bytes at a time in TLS to ensure records may be + // returned in multiple reads. + int n = DoRead(ssl.get(), buf.get(), config->is_dtls ? kBufLen : 512); + int err = SSL_get_error(ssl.get(), n); + if (err == SSL_ERROR_ZERO_RETURN || + (n == 0 && err == SSL_ERROR_SYSCALL)) { + if (n != 0) { + fprintf(stderr, "Invalid SSL_get_error output\n"); + return false; + } + // Stop on either clean or unclean shutdown. + break; + } else if (err != SSL_ERROR_NONE) { + if (n > 0) { + fprintf(stderr, "Invalid SSL_get_error output\n"); + return false; + } + return false; + } + // Successfully read data. + if (n <= 0) { + fprintf(stderr, "Invalid SSL_get_error output\n"); + return false; + } + + // After a successful read, with or without False Start, the handshake + // must be complete. + if (!GetTestState(ssl.get())->handshake_done) { + fprintf(stderr, "handshake was not completed after SSL_read\n"); + return false; + } + + for (int i = 0; i < n; i++) { + buf[i] ^= 0xff; + } + if (WriteAll(ssl.get(), buf.get(), n) < 0) { + return false; + } + } + } + } + + if (!config->is_server && + !config->implicit_handshake && + // Session tickets are sent post-handshake in TLS 1.3. + GetProtocolVersion(ssl.get()) < TLS1_3_VERSION && + GetTestState(ssl.get())->got_new_session) { + fprintf(stderr, "new session was established after the handshake\n"); + return false; + } + + if (GetProtocolVersion(ssl.get()) >= TLS1_3_VERSION && !config->is_server) { + bool expect_new_session = + !config->expect_no_session && !config->shim_shuts_down; + if (expect_new_session != GetTestState(ssl.get())->got_new_session) { + fprintf(stderr, + "new session was%s cached, but we expected the opposite\n", + GetTestState(ssl.get())->got_new_session ? "" : " not"); + return false; + } + } + + if (out_session) { + *out_session = std::move(GetTestState(ssl.get())->new_session); + } + + ret = DoShutdown(ssl.get()); + + if (config->shim_shuts_down && config->check_close_notify) { + // We initiate shutdown, so |SSL_shutdown| will return in two stages. First + // it returns zero when our close_notify is sent, then one when the peer's + // is received. + if (ret != 0) { + fprintf(stderr, "Unexpected SSL_shutdown result: %d != 0\n", ret); + return false; + } + ret = DoShutdown(ssl.get()); + } + + if (ret != 1) { + fprintf(stderr, "Unexpected SSL_shutdown result: %d != 1\n", ret); + return false; + } + + if (SSL_total_renegotiations(ssl.get()) != + config->expect_total_renegotiations) { + fprintf(stderr, "Expected %d renegotiations, got %ld\n", + config->expect_total_renegotiations, + SSL_total_renegotiations(ssl.get())); + return false; + } + + return true; +} + +class StderrDelimiter { + public: + ~StderrDelimiter() { fprintf(stderr, "--- DONE ---\n"); } +}; + +static int Main(int argc, char **argv) { + // To distinguish ASan's output from ours, add a trailing message to stderr. + // Anything following this line will be considered an error. + StderrDelimiter delimiter; + +#if defined(OPENSSL_SYS_WINDOWS) + /* Initialize Winsock. */ + WORD wsa_version = MAKEWORD(2, 2); + WSADATA wsa_data; + int wsa_err = WSAStartup(wsa_version, &wsa_data); + if (wsa_err != 0) { + fprintf(stderr, "WSAStartup failed: %d\n", wsa_err); + return 1; + } + if (wsa_data.wVersion != wsa_version) { + fprintf(stderr, "Didn't get expected version: %x\n", wsa_data.wVersion); + return 1; + } +#else + signal(SIGPIPE, SIG_IGN); +#endif + + OPENSSL_init_crypto(0, NULL); + OPENSSL_init_ssl(0, NULL); + g_config_index = SSL_get_ex_new_index(0, NULL, NULL, NULL, NULL); + g_state_index = SSL_get_ex_new_index(0, NULL, NULL, NULL, TestStateExFree); + if (g_config_index < 0 || g_state_index < 0) { + return 1; + } + + TestConfig config; + if (!ParseConfig(argc - 1, argv + 1, &config)) { + return Usage(argv[0]); + } + + bssl::UniquePtr ssl_ctx = SetupCtx(&config); + if (!ssl_ctx) { + ERR_print_errors_fp(stderr); + return 1; + } + + bssl::UniquePtr session; + for (int i = 0; i < config.resume_count + 1; i++) { + bool is_resume = i > 0; + if (is_resume && !config.is_server && !session) { + fprintf(stderr, "No session to offer.\n"); + return 1; + } + + bssl::UniquePtr offer_session = std::move(session); + if (!DoExchange(&session, ssl_ctx.get(), &config, is_resume, + offer_session.get())) { + fprintf(stderr, "Connection %d failed.\n", i + 1); + ERR_print_errors_fp(stderr); + return 1; + } + } + + return 0; +} + +} // namespace bssl + +int main(int argc, char **argv) { + return bssl::Main(argc, argv); +} diff --git a/test/ossl_shim/packeted_bio.cc b/test/ossl_shim/packeted_bio.cc new file mode 100644 index 0000000..e1b3c6c --- /dev/null +++ b/test/ossl_shim/packeted_bio.cc @@ -0,0 +1,299 @@ +/* + * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#include "packeted_bio.h" + +#include +#include +#include +#include + +#include + + +namespace { + +const uint8_t kOpcodePacket = 'P'; +const uint8_t kOpcodeTimeout = 'T'; +const uint8_t kOpcodeTimeoutAck = 't'; + +struct PacketedBio { + explicit PacketedBio(bool advance_clock_arg) + : advance_clock(advance_clock_arg) { + memset(&timeout, 0, sizeof(timeout)); + memset(&clock, 0, sizeof(clock)); + memset(&read_deadline, 0, sizeof(read_deadline)); + } + + bool HasTimeout() const { + return timeout.tv_sec != 0 || timeout.tv_usec != 0; + } + + bool CanRead() const { + if (read_deadline.tv_sec == 0 && read_deadline.tv_usec == 0) { + return true; + } + + if (clock.tv_sec == read_deadline.tv_sec) { + return clock.tv_usec < read_deadline.tv_usec; + } + return clock.tv_sec < read_deadline.tv_sec; + } + + timeval timeout; + timeval clock; + timeval read_deadline; + bool advance_clock; +}; + +PacketedBio *GetData(BIO *bio) { + return (PacketedBio *)BIO_get_data(bio); +} + +const PacketedBio *GetData(const BIO *bio) { + return GetData(const_cast(bio)); +} + +// ReadAll reads |len| bytes from |bio| into |out|. It returns 1 on success and +// 0 or -1 on error. +static int ReadAll(BIO *bio, uint8_t *out, size_t len) { + while (len > 0) { + int chunk_len = INT_MAX; + if (len <= INT_MAX) { + chunk_len = (int)len; + } + int ret = BIO_read(bio, out, chunk_len); + if (ret <= 0) { + return ret; + } + out += ret; + len -= ret; + } + return 1; +} + +static int PacketedWrite(BIO *bio, const char *in, int inl) { + if (BIO_next(bio) == NULL) { + return 0; + } + + BIO_clear_retry_flags(bio); + + // Write the header. + uint8_t header[5]; + header[0] = kOpcodePacket; + header[1] = (inl >> 24) & 0xff; + header[2] = (inl >> 16) & 0xff; + header[3] = (inl >> 8) & 0xff; + header[4] = inl & 0xff; + int ret = BIO_write(BIO_next(bio), header, sizeof(header)); + if (ret <= 0) { + BIO_copy_next_retry(bio); + return ret; + } + + // Write the buffer. + ret = BIO_write(BIO_next(bio), in, inl); + if (ret < 0 || (inl > 0 && ret == 0)) { + BIO_copy_next_retry(bio); + return ret; + } + assert(ret == inl); + return ret; +} + +static int PacketedRead(BIO *bio, char *out, int outl) { + PacketedBio *data = GetData(bio); + if (BIO_next(bio) == NULL) { + return 0; + } + + BIO_clear_retry_flags(bio); + + for (;;) { + // Check if the read deadline has passed. + if (!data->CanRead()) { + BIO_set_retry_read(bio); + return -1; + } + + // Read the opcode. + uint8_t opcode; + int ret = ReadAll(BIO_next(bio), &opcode, sizeof(opcode)); + if (ret <= 0) { + BIO_copy_next_retry(bio); + return ret; + } + + if (opcode == kOpcodeTimeout) { + // The caller is required to advance any pending timeouts before + // continuing. + if (data->HasTimeout()) { + fprintf(stderr, "Unprocessed timeout!\n"); + return -1; + } + + // Process the timeout. + uint8_t buf[8]; + ret = ReadAll(BIO_next(bio), buf, sizeof(buf)); + if (ret <= 0) { + BIO_copy_next_retry(bio); + return ret; + } + uint64_t timeout = (static_cast(buf[0]) << 56) | + (static_cast(buf[1]) << 48) | + (static_cast(buf[2]) << 40) | + (static_cast(buf[3]) << 32) | + (static_cast(buf[4]) << 24) | + (static_cast(buf[5]) << 16) | + (static_cast(buf[6]) << 8) | + static_cast(buf[7]); + timeout /= 1000; // Convert nanoseconds to microseconds. + + data->timeout.tv_usec = timeout % 1000000; + data->timeout.tv_sec = timeout / 1000000; + + // Send an ACK to the peer. + ret = BIO_write(BIO_next(bio), &kOpcodeTimeoutAck, 1); + if (ret <= 0) { + return ret; + } + assert(ret == 1); + + if (!data->advance_clock) { + // Signal to the caller to retry the read, after advancing the clock. + BIO_set_retry_read(bio); + return -1; + } + + PacketedBioAdvanceClock(bio); + continue; + } + + if (opcode != kOpcodePacket) { + fprintf(stderr, "Unknown opcode, %u\n", opcode); + return -1; + } + + // Read the length prefix. + uint8_t len_bytes[4]; + ret = ReadAll(BIO_next(bio), len_bytes, sizeof(len_bytes)); + if (ret <= 0) { + BIO_copy_next_retry(bio); + return ret; + } + + uint32_t len = (len_bytes[0] << 24) | (len_bytes[1] << 16) | + (len_bytes[2] << 8) | len_bytes[3]; + uint8_t *buf = (uint8_t *)OPENSSL_malloc(len); + if (buf == NULL) { + return -1; + } + ret = ReadAll(BIO_next(bio), buf, len); + if (ret <= 0) { + fprintf(stderr, "Packeted BIO was truncated\n"); + return -1; + } + + if (outl > (int)len) { + outl = len; + } + memcpy(out, buf, outl); + OPENSSL_free(buf); + return outl; + } +} + +static long PacketedCtrl(BIO *bio, int cmd, long num, void *ptr) { + if (cmd == BIO_CTRL_DGRAM_SET_NEXT_TIMEOUT) { + memcpy(&GetData(bio)->read_deadline, ptr, sizeof(timeval)); + return 1; + } + + if (BIO_next(bio) == NULL) { + return 0; + } + BIO_clear_retry_flags(bio); + int ret = BIO_ctrl(BIO_next(bio), cmd, num, ptr); + BIO_copy_next_retry(bio); + return ret; +} + +static int PacketedNew(BIO *bio) { + BIO_set_init(bio, 1); + return 1; +} + +static int PacketedFree(BIO *bio) { + if (bio == NULL) { + return 0; + } + + delete GetData(bio); + BIO_set_init(bio, 0); + return 1; +} + +static long PacketedCallbackCtrl(BIO *bio, int cmd, bio_info_cb fp) { + if (BIO_next(bio) == NULL) { + return 0; + } + return BIO_callback_ctrl(BIO_next(bio), cmd, fp); +} + +static BIO_METHOD *g_packeted_bio_method = NULL; + +static const BIO_METHOD *PacketedMethod(void) +{ + if (g_packeted_bio_method == NULL) { + g_packeted_bio_method = BIO_meth_new(BIO_TYPE_FILTER, "packeted bio"); + if ( g_packeted_bio_method == NULL + || !BIO_meth_set_write(g_packeted_bio_method, PacketedWrite) + || !BIO_meth_set_read(g_packeted_bio_method, PacketedRead) + || !BIO_meth_set_ctrl(g_packeted_bio_method, PacketedCtrl) + || !BIO_meth_set_create(g_packeted_bio_method, PacketedNew) + || !BIO_meth_set_destroy(g_packeted_bio_method, PacketedFree) + || !BIO_meth_set_callback_ctrl(g_packeted_bio_method, + PacketedCallbackCtrl)) + return NULL; + } + return g_packeted_bio_method; +} +} // namespace + +bssl::UniquePtr PacketedBioCreate(bool advance_clock) { + bssl::UniquePtr bio(BIO_new(PacketedMethod())); + if (!bio) { + return nullptr; + } + BIO_set_data(bio.get(), new PacketedBio(advance_clock)); + return bio; +} + +timeval PacketedBioGetClock(const BIO *bio) { + return GetData(bio)->clock; +} + +bool PacketedBioAdvanceClock(BIO *bio) { + PacketedBio *data = GetData(bio); + if (data == nullptr) { + return false; + } + + if (!data->HasTimeout()) { + return false; + } + + data->clock.tv_usec += data->timeout.tv_usec; + data->clock.tv_sec += data->clock.tv_usec / 1000000; + data->clock.tv_usec %= 1000000; + data->clock.tv_sec += data->timeout.tv_sec; + memset(&data->timeout, 0, sizeof(data->timeout)); + return true; +} diff --git a/test/ossl_shim/packeted_bio.h b/test/ossl_shim/packeted_bio.h new file mode 100644 index 0000000..afdba13 --- /dev/null +++ b/test/ossl_shim/packeted_bio.h @@ -0,0 +1,44 @@ +/* + * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef HEADER_PACKETED_BIO +#define HEADER_PACKETED_BIO + +#include +#include + +#if defined(OPENSSL_SYS_WINDOWS) +OPENSSL_MSVC_PRAGMA(warning(push, 3)) +#include +OPENSSL_MSVC_PRAGMA(warning(pop)) +#else +#include +#endif + + +// PacketedBioCreate creates a filter BIO which implements a reliable in-order +// blocking datagram socket. It internally maintains a clock and honors +// |BIO_CTRL_DGRAM_SET_NEXT_TIMEOUT| based on it. +// +// During a |BIO_read|, the peer may signal the filter BIO to simulate a +// timeout. If |advance_clock| is true, it automatically advances the clock and +// continues reading, subject to the read deadline. Otherwise, it fails +// immediately. The caller must then call |PacketedBioAdvanceClock| before +// retrying |BIO_read|. +bssl::UniquePtr PacketedBioCreate(bool advance_clock); + +// PacketedBioGetClock returns the current time for |bio|. +timeval PacketedBioGetClock(const BIO *bio); + +// PacketedBioAdvanceClock advances |bio|'s internal clock and returns true if +// there is a pending timeout. Otherwise, it returns false. +bool PacketedBioAdvanceClock(BIO *bio); + + +#endif // HEADER_PACKETED_BIO diff --git a/test/ossl_shim/test_config.cc b/test/ossl_shim/test_config.cc new file mode 100644 index 0000000..0fe7ba8 --- /dev/null +++ b/test/ossl_shim/test_config.cc @@ -0,0 +1,181 @@ +/* + * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#include "test_config.h" + +#include +#include +#include + +#include + +#include + +namespace { + +template +struct Flag { + const char *flag; + T TestConfig::*member; +}; + +// FindField looks for the flag in |flags| that matches |flag|. If one is found, +// it returns a pointer to the corresponding field in |config|. Otherwise, it +// returns NULL. +template +T *FindField(TestConfig *config, const Flag (&flags)[N], const char *flag) { + for (size_t i = 0; i < N; i++) { + if (strcmp(flag, flags[i].flag) == 0) { + return &(config->*(flags[i].member)); + } + } + return NULL; +} + +const Flag kBoolFlags[] = { + { "-server", &TestConfig::is_server }, + { "-dtls", &TestConfig::is_dtls }, + { "-fallback-scsv", &TestConfig::fallback_scsv }, + { "-require-any-client-certificate", + &TestConfig::require_any_client_certificate }, + { "-async", &TestConfig::async }, + { "-write-different-record-sizes", + &TestConfig::write_different_record_sizes }, + { "-partial-write", &TestConfig::partial_write }, + { "-no-tls13", &TestConfig::no_tls13 }, + { "-no-tls12", &TestConfig::no_tls12 }, + { "-no-tls11", &TestConfig::no_tls11 }, + { "-no-tls1", &TestConfig::no_tls1 }, + { "-no-ssl3", &TestConfig::no_ssl3 }, + { "-shim-writes-first", &TestConfig::shim_writes_first }, + { "-expect-session-miss", &TestConfig::expect_session_miss }, + { "-decline-alpn", &TestConfig::decline_alpn }, + { "-expect-extended-master-secret", + &TestConfig::expect_extended_master_secret }, + { "-implicit-handshake", &TestConfig::implicit_handshake }, + { "-handshake-never-done", &TestConfig::handshake_never_done }, + { "-use-export-context", &TestConfig::use_export_context }, + { "-expect-ticket-renewal", &TestConfig::expect_ticket_renewal }, + { "-expect-no-session", &TestConfig::expect_no_session }, + { "-use-ticket-callback", &TestConfig::use_ticket_callback }, + { "-renew-ticket", &TestConfig::renew_ticket }, + { "-enable-client-custom-extension", + &TestConfig::enable_client_custom_extension }, + { "-enable-server-custom-extension", + &TestConfig::enable_server_custom_extension }, + { "-custom-extension-skip", &TestConfig::custom_extension_skip }, + { "-custom-extension-fail-add", &TestConfig::custom_extension_fail_add }, + { "-check-close-notify", &TestConfig::check_close_notify }, + { "-shim-shuts-down", &TestConfig::shim_shuts_down }, + { "-verify-fail", &TestConfig::verify_fail }, + { "-verify-peer", &TestConfig::verify_peer }, + { "-expect-verify-result", &TestConfig::expect_verify_result }, + { "-renegotiate-freely", &TestConfig::renegotiate_freely }, + { "-p384-only", &TestConfig::p384_only }, + { "-enable-all-curves", &TestConfig::enable_all_curves }, + { "-use-sparse-dh-prime", &TestConfig::use_sparse_dh_prime }, + { "-use-old-client-cert-callback", + &TestConfig::use_old_client_cert_callback }, + { "-use-null-client-ca-list", &TestConfig::use_null_client_ca_list }, + { "-peek-then-read", &TestConfig::peek_then_read }, +}; + +const Flag kStringFlags[] = { + { "-key-file", &TestConfig::key_file }, + { "-cert-file", &TestConfig::cert_file }, + { "-expect-server-name", &TestConfig::expected_server_name }, + { "-advertise-npn", &TestConfig::advertise_npn }, + { "-expect-next-proto", &TestConfig::expected_next_proto }, + { "-select-next-proto", &TestConfig::select_next_proto }, + { "-host-name", &TestConfig::host_name }, + { "-advertise-alpn", &TestConfig::advertise_alpn }, + { "-expect-alpn", &TestConfig::expected_alpn }, + { "-expect-advertised-alpn", &TestConfig::expected_advertised_alpn }, + { "-select-alpn", &TestConfig::select_alpn }, + { "-psk", &TestConfig::psk }, + { "-psk-identity", &TestConfig::psk_identity }, + { "-srtp-profiles", &TestConfig::srtp_profiles }, + { "-cipher", &TestConfig::cipher }, + { "-export-label", &TestConfig::export_label }, + { "-export-context", &TestConfig::export_context }, +}; + +const Flag kBase64Flags[] = { + { "-expect-certificate-types", &TestConfig::expected_certificate_types }, +}; + +const Flag kIntFlags[] = { + { "-port", &TestConfig::port }, + { "-resume-count", &TestConfig::resume_count }, + { "-min-version", &TestConfig::min_version }, + { "-max-version", &TestConfig::max_version }, + { "-mtu", &TestConfig::mtu }, + { "-export-keying-material", &TestConfig::export_keying_material }, + { "-expect-total-renegotiations", &TestConfig::expect_total_renegotiations }, + { "-max-cert-list", &TestConfig::max_cert_list }, +}; + +} // namespace + +bool ParseConfig(int argc, char **argv, TestConfig *out_config) { + for (int i = 0; i < argc; i++) { + bool *bool_field = FindField(out_config, kBoolFlags, argv[i]); + if (bool_field != NULL) { + *bool_field = true; + continue; + } + + std::string *string_field = FindField(out_config, kStringFlags, argv[i]); + if (string_field != NULL) { + i++; + if (i >= argc) { + fprintf(stderr, "Missing parameter\n"); + return false; + } + string_field->assign(argv[i]); + continue; + } + + std::string *base64_field = FindField(out_config, kBase64Flags, argv[i]); + if (base64_field != NULL) { + i++; + if (i >= argc) { + fprintf(stderr, "Missing parameter\n"); + return false; + } + std::unique_ptr decoded(new uint8_t[strlen(argv[i])]); + int len = EVP_DecodeBlock(decoded.get(), + reinterpret_cast(argv[i]), + strlen(argv[i])); + if (len < 0) { + fprintf(stderr, "Invalid base64: %s\n", argv[i]); + return false; + } + base64_field->assign(reinterpret_cast(decoded.get()), len); + continue; + } + + int *int_field = FindField(out_config, kIntFlags, argv[i]); + if (int_field) { + i++; + if (i >= argc) { + fprintf(stderr, "Missing parameter\n"); + return false; + } + *int_field = atoi(argv[i]); + continue; + } + + fprintf(stderr, "Unknown argument: %s\n", argv[i]); + exit(89); + return false; + } + + return true; +} diff --git a/test/ossl_shim/test_config.h b/test/ossl_shim/test_config.h new file mode 100644 index 0000000..b4efa45 --- /dev/null +++ b/test/ossl_shim/test_config.h @@ -0,0 +1,88 @@ +/* + * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef HEADER_TEST_CONFIG +#define HEADER_TEST_CONFIG + +#include +#include + + +struct TestConfig { + int port = 0; + bool is_server = false; + bool is_dtls = false; + int resume_count = 0; + bool fallback_scsv = false; + std::string key_file; + std::string cert_file; + std::string expected_server_name; + std::string expected_certificate_types; + bool require_any_client_certificate = false; + std::string advertise_npn; + std::string expected_next_proto; + std::string select_next_proto; + bool async = false; + bool write_different_record_sizes = false; + bool partial_write = false; + bool no_tls13 = false; + bool no_tls12 = false; + bool no_tls11 = false; + bool no_tls1 = false; + bool no_ssl3 = false; + bool shim_writes_first = false; + std::string host_name; + std::string advertise_alpn; + std::string expected_alpn; + std::string expected_advertised_alpn; + std::string select_alpn; + bool decline_alpn = false; + bool expect_session_miss = false; + bool expect_extended_master_secret = false; + std::string psk; + std::string psk_identity; + std::string srtp_profiles; + int min_version = 0; + int max_version = 0; + int mtu = 0; + bool implicit_handshake = false; + std::string cipher; + bool handshake_never_done = false; + int export_keying_material = 0; + std::string export_label; + std::string export_context; + bool use_export_context = false; + bool expect_ticket_renewal = false; + bool expect_no_session = false; + bool use_ticket_callback = false; + bool renew_ticket = false; + bool enable_client_custom_extension = false; + bool enable_server_custom_extension = false; + bool custom_extension_skip = false; + bool custom_extension_fail_add = false; + bool check_close_notify = false; + bool shim_shuts_down = false; + bool verify_fail = false; + bool verify_peer = false; + bool expect_verify_result = false; + int expect_total_renegotiations = 0; + bool renegotiate_freely = false; + bool p384_only = false; + bool enable_all_curves = false; + bool use_sparse_dh_prime = false; + bool use_old_client_cert_callback = false; + bool use_null_client_ca_list = false; + bool peek_then_read = false; + int max_cert_list = 0; +}; + +bool ParseConfig(int argc, char **argv, TestConfig *out_config); + + +#endif // HEADER_TEST_CONFIG diff --git a/test/recipes/90-test_external.t b/test/recipes/90-test_external.t new file mode 100644 index 0000000..a3da76c --- /dev/null +++ b/test/recipes/90-test_external.t @@ -0,0 +1,41 @@ +#! /usr/bin/env perl +# Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved. +# +# Licensed under the OpenSSL license (the "License"). You may not use +# this file except in compliance with the License. You can obtain a copy +# in the file LICENSE in the source distribution or at +# https://www.openssl.org/source/license.html + + +use OpenSSL::Test; +use OpenSSL::Test::Utils; +use OpenSSL::Test qw/:DEFAULT srctop_file cmdstr/; + +setup("test_external"); + +if (!$ENV{BORING_RUNNER_DIR}) { + plan skip_all => "No external tests have been detected"; +} + +plan tests => 1; + +indir $ENV{BORING_RUNNER_DIR} => sub { + ok(filter_run(cmd(["go", "test", "-shim-path", + srctop_file("test", "ossl_shim", "ossl_shim"), + "-shim-config", + srctop_file("test", "ossl_shim", "ossl_config.json"), + "-pipe", "-allow-unimplemented"])), + "running external tests"); +}, create => 0, cleanup => 0; + +# Filter the output so that the "ok" printed by go test doesn't confuse +# Test::More. Without that it thinks there has been one more test run than was +# planned +sub filter_run { + my $cmd = cmdstr(shift); + open(PIPE, "-|", $cmd); + while() { + print STDOUT "go test: ", $_; + } + close PIPE; +} From openssl.sanity at gmail.com Fri Nov 4 11:24:30 2016 From: openssl.sanity at gmail.com (openssl.sanity at gmail.com) Date: Fri, 4 Nov 2016 11:24:30 +0000 (UTC) Subject: [openssl-commits] Build failed in Jenkins: master_ppc64 #1040 In-Reply-To: <1056269514.9.1478251563423.JavaMail.jenkins@ossl-sanity.cisco.com> References: <1056269514.9.1478251563423.JavaMail.jenkins@ossl-sanity.cisco.com> Message-ID: <1125033636.10.1478258670612.JavaMail.jenkins@ossl-sanity.cisco.com> See Changes: [Matt Caswell] Integrate BoringSSL shim [Matt Caswell] Add a test to call the BoringSSL test suite [Matt Caswell] Rebase shim against latest boringssl code [Matt Caswell] Add ossl_shim to .gitignore [Matt Caswell] Add a shim config file [Matt Caswell] Integrate ossl_shim into the build [Matt Caswell] Control building of ossl_shim through Configure [Matt Caswell] Convert 90-test_external.t to using "executable" rather than "system" [Matt Caswell] Add a comment to 90-test_external.t to explain why we need filter_run [Matt Caswell] Fix some unused variable warnings in ossl_shim [Matt Caswell] Add -std=c++11 to CXXFLAGS [Matt Caswell] Add documentation on the BoringSSL test suite integration [Matt Caswell] Remove test/ossl_shim/Makefile [Matt Caswell] Fix argument order in documentation [Matt Caswell] Remove some #if 0'd out code [Matt Caswell] Remove some unreferenced fields from TestState [Matt Caswell] Remove unused BoringSSL specific flags [Matt Caswell] Use the -allow-unimplemented feature of the BoringSSL runner [Matt Caswell] Remove some flags that are unused in the shim [Matt Caswell] Removed scoped_types.h [Matt Caswell] Remove some #if 0'd out code [Matt Caswell] Fix a code inconsistency [Matt Caswell] Rename BoringSSL style OPENSSL_WINDOWS to OPENSSL_SYS_WINDOWS [Matt Caswell] Update the BoringSSL suppressions file based on the latest shim [Matt Caswell] Add missing bn.h include [Matt Caswell] Swap header copyrights to standard OpenSSL [Matt Caswell] Add a wildcard exception for TLS13 tests [Matt Caswell] Remove an unused field in ossl_shim ------------------------------------------ [...truncated 2179 lines...] link_app.linux-shared make[2]: Entering directory ` LD_LIBRARY_PATH=.: powerpc64-linux-gcc -DDSO_DLFCN -DHAVE_DLFCN_H -DNDEBUG -DOPENSSL_THREADS -DOPENSSL_NO_STATIC_ENGINE -DOPENSSL_PIC -DOPENSSL_BN_ASM_MONT -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DAES_ASM -DVPAES_ASM -DECP_NISTZ256_ASM -DPOLY1305_ASM -DOPENSSLDIR="/usr/local/ssl" -DENGINESDIR="/usr/local/lib64/engines-1.1" -Wall -O3 -pthread -m64 -DB_ENDIAN -o test/dtls_mtu_test test/dtls_mtu_test.o test/ssltestlib.o -L. -lssl -L. -lcrypto -ldl make[2]: Leaving directory ` powerpc64-linux-gcc -Iinclude -Itest -DDSO_DLFCN -DHAVE_DLFCN_H -DNDEBUG -DOPENSSL_THREADS -DOPENSSL_NO_STATIC_ENGINE -DOPENSSL_PIC -DOPENSSL_BN_ASM_MONT -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DAES_ASM -DVPAES_ASM -DECP_NISTZ256_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib64/engines-1.1\"" -Wall -O3 -pthread -m64 -DB_ENDIAN -MMD -MF test/dtlstest.d.tmp -MT test/dtlstest.o -c -o test/dtlstest.o test/dtlstest.c rm -f test/dtlstest make -f ./Makefile.shared -e \ PERL="/usr/bin/perl" SRCDIR=. \ APPNAME=test/dtlstest OBJECTS="test/dtlstest.o test/ssltestlib.o test/testutil.o" \ LIBDEPS=' '" -L. -lssl -L. -lcrypto"' -ldl ' \ CC='powerpc64-linux-gcc' CFLAGS='-DDSO_DLFCN -DHAVE_DLFCN_H -DNDEBUG -DOPENSSL_THREADS -DOPENSSL_NO_STATIC_ENGINE -DOPENSSL_PIC -DOPENSSL_BN_ASM_MONT -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DAES_ASM -DVPAES_ASM -DECP_NISTZ256_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib64/engines-1.1\"" -Wall -O3 -pthread -m64 -DB_ENDIAN ' \ LDFLAGS='' \ link_app.linux-shared make[2]: Entering directory ` LD_LIBRARY_PATH=.: powerpc64-linux-gcc -DDSO_DLFCN -DHAVE_DLFCN_H -DNDEBUG -DOPENSSL_THREADS -DOPENSSL_NO_STATIC_ENGINE -DOPENSSL_PIC -DOPENSSL_BN_ASM_MONT -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DAES_ASM -DVPAES_ASM -DECP_NISTZ256_ASM -DPOLY1305_ASM -DOPENSSLDIR="/usr/local/ssl" -DENGINESDIR="/usr/local/lib64/engines-1.1" -Wall -O3 -pthread -m64 -DB_ENDIAN -o test/dtlstest test/dtlstest.o test/ssltestlib.o test/testutil.o -L. -lssl -L. -lcrypto -ldl make[2]: Leaving directory ` powerpc64-linux-gcc -I. -Iinclude -DDSO_DLFCN -DHAVE_DLFCN_H -DNDEBUG -DOPENSSL_THREADS -DOPENSSL_NO_STATIC_ENGINE -DOPENSSL_PIC -DOPENSSL_BN_ASM_MONT -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DAES_ASM -DVPAES_ASM -DECP_NISTZ256_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib64/engines-1.1\"" -Wall -O3 -pthread -m64 -DB_ENDIAN -MMD -MF test/dtlsv1listentest.d.tmp -MT test/dtlsv1listentest.o -c -o test/dtlsv1listentest.o test/dtlsv1listentest.c rm -f test/dtlsv1listentest make -f ./Makefile.shared -e \ PERL="/usr/bin/perl" SRCDIR=. \ APPNAME=test/dtlsv1listentest OBJECTS="test/dtlsv1listentest.o" \ LIBDEPS=' '" -L. -lssl -L. -lcrypto"' -ldl ' \ CC='powerpc64-linux-gcc' CFLAGS='-DDSO_DLFCN -DHAVE_DLFCN_H -DNDEBUG -DOPENSSL_THREADS -DOPENSSL_NO_STATIC_ENGINE -DOPENSSL_PIC -DOPENSSL_BN_ASM_MONT -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DAES_ASM -DVPAES_ASM -DECP_NISTZ256_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib64/engines-1.1\"" -Wall -O3 -pthread -m64 -DB_ENDIAN ' \ LDFLAGS='' \ link_app.linux-shared make[2]: Entering directory ` LD_LIBRARY_PATH=.: powerpc64-linux-gcc -DDSO_DLFCN -DHAVE_DLFCN_H -DNDEBUG -DOPENSSL_THREADS -DOPENSSL_NO_STATIC_ENGINE -DOPENSSL_PIC -DOPENSSL_BN_ASM_MONT -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DAES_ASM -DVPAES_ASM -DECP_NISTZ256_ASM -DPOLY1305_ASM -DOPENSSLDIR="/usr/local/ssl" -DENGINESDIR="/usr/local/lib64/engines-1.1" -Wall -O3 -pthread -m64 -DB_ENDIAN -o test/dtlsv1listentest test/dtlsv1listentest.o -L. -lssl -L. -lcrypto -ldl make[2]: Leaving directory ` powerpc64-linux-gcc -Iinclude -DDSO_DLFCN -DHAVE_DLFCN_H -DNDEBUG -DOPENSSL_THREADS -DOPENSSL_NO_STATIC_ENGINE -DOPENSSL_PIC -DOPENSSL_BN_ASM_MONT -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DAES_ASM -DVPAES_ASM -DECP_NISTZ256_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib64/engines-1.1\"" -Wall -O3 -pthread -m64 -DB_ENDIAN -MMD -MF test/ecdhtest.d.tmp -MT test/ecdhtest.o -c -o test/ecdhtest.o test/ecdhtest.c rm -f test/ecdhtest make -f ./Makefile.shared -e \ PERL="/usr/bin/perl" SRCDIR=. \ APPNAME=test/ecdhtest OBJECTS="test/ecdhtest.o" \ LIBDEPS=' '" -L. -lcrypto"' -ldl ' \ CC='powerpc64-linux-gcc' CFLAGS='-DDSO_DLFCN -DHAVE_DLFCN_H -DNDEBUG -DOPENSSL_THREADS -DOPENSSL_NO_STATIC_ENGINE -DOPENSSL_PIC -DOPENSSL_BN_ASM_MONT -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DAES_ASM -DVPAES_ASM -DECP_NISTZ256_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib64/engines-1.1\"" -Wall -O3 -pthread -m64 -DB_ENDIAN ' \ LDFLAGS='' \ link_app.linux-shared make[2]: Entering directory ` LD_LIBRARY_PATH=.: powerpc64-linux-gcc -DDSO_DLFCN -DHAVE_DLFCN_H -DNDEBUG -DOPENSSL_THREADS -DOPENSSL_NO_STATIC_ENGINE -DOPENSSL_PIC -DOPENSSL_BN_ASM_MONT -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DAES_ASM -DVPAES_ASM -DECP_NISTZ256_ASM -DPOLY1305_ASM -DOPENSSLDIR="/usr/local/ssl" -DENGINESDIR="/usr/local/lib64/engines-1.1" -Wall -O3 -pthread -m64 -DB_ENDIAN -o test/ecdhtest test/ecdhtest.o -L. -lcrypto -ldl make[2]: Leaving directory ` powerpc64-linux-gcc -Iinclude -DDSO_DLFCN -DHAVE_DLFCN_H -DNDEBUG -DOPENSSL_THREADS -DOPENSSL_NO_STATIC_ENGINE -DOPENSSL_PIC -DOPENSSL_BN_ASM_MONT -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DAES_ASM -DVPAES_ASM -DECP_NISTZ256_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib64/engines-1.1\"" -Wall -O3 -pthread -m64 -DB_ENDIAN -MMD -MF test/ecdsatest.d.tmp -MT test/ecdsatest.o -c -o test/ecdsatest.o test/ecdsatest.c rm -f test/ecdsatest make -f ./Makefile.shared -e \ PERL="/usr/bin/perl" SRCDIR=. \ APPNAME=test/ecdsatest OBJECTS="test/ecdsatest.o" \ LIBDEPS=' '" -L. -lcrypto"' -ldl ' \ CC='powerpc64-linux-gcc' CFLAGS='-DDSO_DLFCN -DHAVE_DLFCN_H -DNDEBUG -DOPENSSL_THREADS -DOPENSSL_NO_STATIC_ENGINE -DOPENSSL_PIC -DOPENSSL_BN_ASM_MONT -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DAES_ASM -DVPAES_ASM -DECP_NISTZ256_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib64/engines-1.1\"" -Wall -O3 -pthread -m64 -DB_ENDIAN ' \ LDFLAGS='' \ link_app.linux-shared make[2]: Entering directory ` LD_LIBRARY_PATH=.: powerpc64-linux-gcc -DDSO_DLFCN -DHAVE_DLFCN_H -DNDEBUG -DOPENSSL_THREADS -DOPENSSL_NO_STATIC_ENGINE -DOPENSSL_PIC -DOPENSSL_BN_ASM_MONT -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DAES_ASM -DVPAES_ASM -DECP_NISTZ256_ASM -DPOLY1305_ASM -DOPENSSLDIR="/usr/local/ssl" -DENGINESDIR="/usr/local/lib64/engines-1.1" -Wall -O3 -pthread -m64 -DB_ENDIAN -o test/ecdsatest test/ecdsatest.o -L. -lcrypto -ldl make[2]: Leaving directory ` powerpc64-linux-gcc -Iinclude -DDSO_DLFCN -DHAVE_DLFCN_H -DNDEBUG -DOPENSSL_THREADS -DOPENSSL_NO_STATIC_ENGINE -DOPENSSL_PIC -DOPENSSL_BN_ASM_MONT -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DAES_ASM -DVPAES_ASM -DECP_NISTZ256_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib64/engines-1.1\"" -Wall -O3 -pthread -m64 -DB_ENDIAN -MMD -MF test/ectest.d.tmp -MT test/ectest.o -c -o test/ectest.o test/ectest.c rm -f test/ectest make -f ./Makefile.shared -e \ PERL="/usr/bin/perl" SRCDIR=. \ APPNAME=test/ectest OBJECTS="test/ectest.o" \ LIBDEPS=' '" -L. -lcrypto"' -ldl ' \ CC='powerpc64-linux-gcc' CFLAGS='-DDSO_DLFCN -DHAVE_DLFCN_H -DNDEBUG -DOPENSSL_THREADS -DOPENSSL_NO_STATIC_ENGINE -DOPENSSL_PIC -DOPENSSL_BN_ASM_MONT -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DAES_ASM -DVPAES_ASM -DECP_NISTZ256_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib64/engines-1.1\"" -Wall -O3 -pthread -m64 -DB_ENDIAN ' \ LDFLAGS='' \ link_app.linux-shared make[2]: Entering directory ` LD_LIBRARY_PATH=.: powerpc64-linux-gcc -DDSO_DLFCN -DHAVE_DLFCN_H -DNDEBUG -DOPENSSL_THREADS -DOPENSSL_NO_STATIC_ENGINE -DOPENSSL_PIC -DOPENSSL_BN_ASM_MONT -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DAES_ASM -DVPAES_ASM -DECP_NISTZ256_ASM -DPOLY1305_ASM -DOPENSSLDIR="/usr/local/ssl" -DENGINESDIR="/usr/local/lib64/engines-1.1" -Wall -O3 -pthread -m64 -DB_ENDIAN -o test/ectest test/ectest.o -L. -lcrypto -ldl make[2]: Leaving directory ` powerpc64-linux-gcc -Iinclude -DDSO_DLFCN -DHAVE_DLFCN_H -DNDEBUG -DOPENSSL_THREADS -DOPENSSL_NO_STATIC_ENGINE -DOPENSSL_PIC -DOPENSSL_BN_ASM_MONT -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DAES_ASM -DVPAES_ASM -DECP_NISTZ256_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib64/engines-1.1\"" -Wall -O3 -pthread -m64 -DB_ENDIAN -MMD -MF test/enginetest.d.tmp -MT test/enginetest.o -c -o test/enginetest.o test/enginetest.c rm -f test/enginetest make -f ./Makefile.shared -e \ PERL="/usr/bin/perl" SRCDIR=. \ APPNAME=test/enginetest OBJECTS="test/enginetest.o" \ LIBDEPS=' '" -L. -lcrypto"' -ldl ' \ CC='powerpc64-linux-gcc' CFLAGS='-DDSO_DLFCN -DHAVE_DLFCN_H -DNDEBUG -DOPENSSL_THREADS -DOPENSSL_NO_STATIC_ENGINE -DOPENSSL_PIC -DOPENSSL_BN_ASM_MONT -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DAES_ASM -DVPAES_ASM -DECP_NISTZ256_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib64/engines-1.1\"" -Wall -O3 -pthread -m64 -DB_ENDIAN ' \ LDFLAGS='' \ link_app.linux-shared make[2]: Entering directory ` LD_LIBRARY_PATH=.: powerpc64-linux-gcc -DDSO_DLFCN -DHAVE_DLFCN_H -DNDEBUG -DOPENSSL_THREADS -DOPENSSL_NO_STATIC_ENGINE -DOPENSSL_PIC -DOPENSSL_BN_ASM_MONT -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DAES_ASM -DVPAES_ASM -DECP_NISTZ256_ASM -DPOLY1305_ASM -DOPENSSLDIR="/usr/local/ssl" -DENGINESDIR="/usr/local/lib64/engines-1.1" -Wall -O3 -pthread -m64 -DB_ENDIAN -o test/enginetest test/enginetest.o -L. -lcrypto -ldl make[2]: Leaving directory ` powerpc64-linux-gcc -Iinclude -DDSO_DLFCN -DHAVE_DLFCN_H -DNDEBUG -DOPENSSL_THREADS -DOPENSSL_NO_STATIC_ENGINE -DOPENSSL_PIC -DOPENSSL_BN_ASM_MONT -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DAES_ASM -DVPAES_ASM -DECP_NISTZ256_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib64/engines-1.1\"" -Wall -O3 -pthread -m64 -DB_ENDIAN -MMD -MF test/evp_extra_test.d.tmp -MT test/evp_extra_test.o -c -o test/evp_extra_test.o test/evp_extra_test.c rm -f test/evp_extra_test make -f ./Makefile.shared -e \ PERL="/usr/bin/perl" SRCDIR=. \ APPNAME=test/evp_extra_test OBJECTS="test/evp_extra_test.o" \ LIBDEPS=' '" -L. -lcrypto"' -ldl ' \ CC='powerpc64-linux-gcc' CFLAGS='-DDSO_DLFCN -DHAVE_DLFCN_H -DNDEBUG -DOPENSSL_THREADS -DOPENSSL_NO_STATIC_ENGINE -DOPENSSL_PIC -DOPENSSL_BN_ASM_MONT -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DAES_ASM -DVPAES_ASM -DECP_NISTZ256_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib64/engines-1.1\"" -Wall -O3 -pthread -m64 -DB_ENDIAN ' \ LDFLAGS='' \ link_app.linux-shared make[2]: Entering directory ` LD_LIBRARY_PATH=.: powerpc64-linux-gcc -DDSO_DLFCN -DHAVE_DLFCN_H -DNDEBUG -DOPENSSL_THREADS -DOPENSSL_NO_STATIC_ENGINE -DOPENSSL_PIC -DOPENSSL_BN_ASM_MONT -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DAES_ASM -DVPAES_ASM -DECP_NISTZ256_ASM -DPOLY1305_ASM -DOPENSSLDIR="/usr/local/ssl" -DENGINESDIR="/usr/local/lib64/engines-1.1" -Wall -O3 -pthread -m64 -DB_ENDIAN -o test/evp_extra_test test/evp_extra_test.o -L. -lcrypto -ldl make[2]: Leaving directory ` powerpc64-linux-gcc -Iinclude -DDSO_DLFCN -DHAVE_DLFCN_H -DNDEBUG -DOPENSSL_THREADS -DOPENSSL_NO_STATIC_ENGINE -DOPENSSL_PIC -DOPENSSL_BN_ASM_MONT -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DAES_ASM -DVPAES_ASM -DECP_NISTZ256_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib64/engines-1.1\"" -Wall -O3 -pthread -m64 -DB_ENDIAN -MMD -MF test/evp_test.d.tmp -MT test/evp_test.o -c -o test/evp_test.o test/evp_test.c rm -f test/evp_test make -f ./Makefile.shared -e \ PERL="/usr/bin/perl" SRCDIR=. \ APPNAME=test/evp_test OBJECTS="test/evp_test.o" \ LIBDEPS=' '" -L. -lcrypto"' -ldl ' \ CC='powerpc64-linux-gcc' CFLAGS='-DDSO_DLFCN -DHAVE_DLFCN_H -DNDEBUG -DOPENSSL_THREADS -DOPENSSL_NO_STATIC_ENGINE -DOPENSSL_PIC -DOPENSSL_BN_ASM_MONT -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DAES_ASM -DVPAES_ASM -DECP_NISTZ256_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib64/engines-1.1\"" -Wall -O3 -pthread -m64 -DB_ENDIAN ' \ LDFLAGS='' \ link_app.linux-shared make[2]: Entering directory ` LD_LIBRARY_PATH=.: powerpc64-linux-gcc -DDSO_DLFCN -DHAVE_DLFCN_H -DNDEBUG -DOPENSSL_THREADS -DOPENSSL_NO_STATIC_ENGINE -DOPENSSL_PIC -DOPENSSL_BN_ASM_MONT -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DAES_ASM -DVPAES_ASM -DECP_NISTZ256_ASM -DPOLY1305_ASM -DOPENSSLDIR="/usr/local/ssl" -DENGINESDIR="/usr/local/lib64/engines-1.1" -Wall -O3 -pthread -m64 -DB_ENDIAN -o test/evp_test test/evp_test.o -L. -lcrypto -ldl make[2]: Leaving directory ` powerpc64-linux-gcc -Iinclude -DDSO_DLFCN -DHAVE_DLFCN_H -DNDEBUG -DOPENSSL_THREADS -DOPENSSL_NO_STATIC_ENGINE -DOPENSSL_PIC -DOPENSSL_BN_ASM_MONT -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DAES_ASM -DVPAES_ASM -DECP_NISTZ256_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib64/engines-1.1\"" -Wall -O3 -pthread -m64 -DB_ENDIAN -MMD -MF test/exptest.d.tmp -MT test/exptest.o -c -o test/exptest.o test/exptest.c rm -f test/exptest make -f ./Makefile.shared -e \ PERL="/usr/bin/perl" SRCDIR=. \ APPNAME=test/exptest OBJECTS="test/exptest.o" \ LIBDEPS=' '" -L. -lcrypto"' -ldl ' \ CC='powerpc64-linux-gcc' CFLAGS='-DDSO_DLFCN -DHAVE_DLFCN_H -DNDEBUG -DOPENSSL_THREADS -DOPENSSL_NO_STATIC_ENGINE -DOPENSSL_PIC -DOPENSSL_BN_ASM_MONT -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DAES_ASM -DVPAES_ASM -DECP_NISTZ256_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib64/engines-1.1\"" -Wall -O3 -pthread -m64 -DB_ENDIAN ' \ LDFLAGS='' \ link_app.linux-shared make[2]: Entering directory ` LD_LIBRARY_PATH=.: powerpc64-linux-gcc -DDSO_DLFCN -DHAVE_DLFCN_H -DNDEBUG -DOPENSSL_THREADS -DOPENSSL_NO_STATIC_ENGINE -DOPENSSL_PIC -DOPENSSL_BN_ASM_MONT -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DAES_ASM -DVPAES_ASM -DECP_NISTZ256_ASM -DPOLY1305_ASM -DOPENSSLDIR="/usr/local/ssl" -DENGINESDIR="/usr/local/lib64/engines-1.1" -Wall -O3 -pthread -m64 -DB_ENDIAN -o test/exptest test/exptest.o -L. -lcrypto -ldl make[2]: Leaving directory ` powerpc64-linux-gcc -Iinclude -DDSO_DLFCN -DHAVE_DLFCN_H -DNDEBUG -DOPENSSL_THREADS -DOPENSSL_NO_STATIC_ENGINE -DOPENSSL_PIC -DOPENSSL_BN_ASM_MONT -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DAES_ASM -DVPAES_ASM -DECP_NISTZ256_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib64/engines-1.1\"" -Wall -O3 -pthread -m64 -DB_ENDIAN -MMD -MF test/gmdifftest.d.tmp -MT test/gmdifftest.o -c -o test/gmdifftest.o test/gmdifftest.c rm -f test/gmdifftest make -f ./Makefile.shared -e \ PERL="/usr/bin/perl" SRCDIR=. \ APPNAME=test/gmdifftest OBJECTS="test/gmdifftest.o" \ LIBDEPS=' '" -L. -lcrypto"' -ldl ' \ CC='powerpc64-linux-gcc' CFLAGS='-DDSO_DLFCN -DHAVE_DLFCN_H -DNDEBUG -DOPENSSL_THREADS -DOPENSSL_NO_STATIC_ENGINE -DOPENSSL_PIC -DOPENSSL_BN_ASM_MONT -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DAES_ASM -DVPAES_ASM -DECP_NISTZ256_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib64/engines-1.1\"" -Wall -O3 -pthread -m64 -DB_ENDIAN ' \ LDFLAGS='' \ link_app.linux-shared make[2]: Entering directory ` LD_LIBRARY_PATH=.: powerpc64-linux-gcc -DDSO_DLFCN -DHAVE_DLFCN_H -DNDEBUG -DOPENSSL_THREADS -DOPENSSL_NO_STATIC_ENGINE -DOPENSSL_PIC -DOPENSSL_BN_ASM_MONT -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DAES_ASM -DVPAES_ASM -DECP_NISTZ256_ASM -DPOLY1305_ASM -DOPENSSLDIR="/usr/local/ssl" -DENGINESDIR="/usr/local/lib64/engines-1.1" -Wall -O3 -pthread -m64 -DB_ENDIAN -o test/gmdifftest test/gmdifftest.o -L. -lcrypto -ldl make[2]: Leaving directory ` powerpc64-linux-gcc -I. -Iinclude -DDSO_DLFCN -DHAVE_DLFCN_H -DNDEBUG -DOPENSSL_THREADS -DOPENSSL_NO_STATIC_ENGINE -DOPENSSL_PIC -DOPENSSL_BN_ASM_MONT -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DAES_ASM -DVPAES_ASM -DECP_NISTZ256_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib64/engines-1.1\"" -Wall -O3 -pthread -m64 -DB_ENDIAN -MMD -MF test/heartbeat_test.d.tmp -MT test/heartbeat_test.o -c -o test/heartbeat_test.o test/heartbeat_test.c rm -f test/heartbeat_test make -f ./Makefile.shared -e \ PERL="/usr/bin/perl" SRCDIR=. \ APPNAME=test/heartbeat_test OBJECTS="test/heartbeat_test.o test/testutil.o" \ LIBDEPS=' '" -L. -lssl -L. -lcrypto"' -ldl ' \ CC='powerpc64-linux-gcc' CFLAGS='-DDSO_DLFCN -DHAVE_DLFCN_H -DNDEBUG -DOPENSSL_THREADS -DOPENSSL_NO_STATIC_ENGINE -DOPENSSL_PIC -DOPENSSL_BN_ASM_MONT -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DAES_ASM -DVPAES_ASM -DECP_NISTZ256_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib64/engines-1.1\"" -Wall -O3 -pthread -m64 -DB_ENDIAN ' \ LDFLAGS='' \ link_app.linux-shared make[2]: Entering directory ` LD_LIBRARY_PATH=.: powerpc64-linux-gcc -DDSO_DLFCN -DHAVE_DLFCN_H -DNDEBUG -DOPENSSL_THREADS -DOPENSSL_NO_STATIC_ENGINE -DOPENSSL_PIC -DOPENSSL_BN_ASM_MONT -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DAES_ASM -DVPAES_ASM -DECP_NISTZ256_ASM -DPOLY1305_ASM -DOPENSSLDIR="/usr/local/ssl" -DENGINESDIR="/usr/local/lib64/engines-1.1" -Wall -O3 -pthread -m64 -DB_ENDIAN -o test/heartbeat_test test/heartbeat_test.o test/testutil.o -L. -lssl -L. -lcrypto -ldl make[2]: Leaving directory ` powerpc64-linux-gcc -Iinclude -DDSO_DLFCN -DHAVE_DLFCN_H -DNDEBUG -DOPENSSL_THREADS -DOPENSSL_NO_STATIC_ENGINE -DOPENSSL_PIC -DOPENSSL_BN_ASM_MONT -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DAES_ASM -DVPAES_ASM -DECP_NISTZ256_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib64/engines-1.1\"" -Wall -O3 -pthread -m64 -DB_ENDIAN -MMD -MF test/hmactest.d.tmp -MT test/hmactest.o -c -o test/hmactest.o test/hmactest.c rm -f test/hmactest make -f ./Makefile.shared -e \ PERL="/usr/bin/perl" SRCDIR=. \ APPNAME=test/hmactest OBJECTS="test/hmactest.o" \ LIBDEPS=' '" -L. -lcrypto"' -ldl ' \ CC='powerpc64-linux-gcc' CFLAGS='-DDSO_DLFCN -DHAVE_DLFCN_H -DNDEBUG -DOPENSSL_THREADS -DOPENSSL_NO_STATIC_ENGINE -DOPENSSL_PIC -DOPENSSL_BN_ASM_MONT -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DAES_ASM -DVPAES_ASM -DECP_NISTZ256_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib64/engines-1.1\"" -Wall -O3 -pthread -m64 -DB_ENDIAN ' \ LDFLAGS='' \ link_app.linux-shared make[2]: Entering directory ` LD_LIBRARY_PATH=.: powerpc64-linux-gcc -DDSO_DLFCN -DHAVE_DLFCN_H -DNDEBUG -DOPENSSL_THREADS -DOPENSSL_NO_STATIC_ENGINE -DOPENSSL_PIC -DOPENSSL_BN_ASM_MONT -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DAES_ASM -DVPAES_ASM -DECP_NISTZ256_ASM -DPOLY1305_ASM -DOPENSSLDIR="/usr/local/ssl" -DENGINESDIR="/usr/local/lib64/engines-1.1" -Wall -O3 -pthread -m64 -DB_ENDIAN -o test/hmactest test/hmactest.o -L. -lcrypto -ldl make[2]: Leaving directory ` powerpc64-linux-gcc -Iinclude -DDSO_DLFCN -DHAVE_DLFCN_H -DNDEBUG -DOPENSSL_THREADS -DOPENSSL_NO_STATIC_ENGINE -DOPENSSL_PIC -DOPENSSL_BN_ASM_MONT -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DAES_ASM -DVPAES_ASM -DECP_NISTZ256_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib64/engines-1.1\"" -Wall -O3 -pthread -m64 -DB_ENDIAN -MMD -MF test/ideatest.d.tmp -MT test/ideatest.o -c -o test/ideatest.o test/ideatest.c rm -f test/ideatest make -f ./Makefile.shared -e \ PERL="/usr/bin/perl" SRCDIR=. \ APPNAME=test/ideatest OBJECTS="test/ideatest.o" \ LIBDEPS=' '" -L. -lcrypto"' -ldl ' \ CC='powerpc64-linux-gcc' CFLAGS='-DDSO_DLFCN -DHAVE_DLFCN_H -DNDEBUG -DOPENSSL_THREADS -DOPENSSL_NO_STATIC_ENGINE -DOPENSSL_PIC -DOPENSSL_BN_ASM_MONT -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DAES_ASM -DVPAES_ASM -DECP_NISTZ256_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib64/engines-1.1\"" -Wall -O3 -pthread -m64 -DB_ENDIAN ' \ LDFLAGS='' \ link_app.linux-shared make[2]: Entering directory ` LD_LIBRARY_PATH=.: powerpc64-linux-gcc -DDSO_DLFCN -DHAVE_DLFCN_H -DNDEBUG -DOPENSSL_THREADS -DOPENSSL_NO_STATIC_ENGINE -DOPENSSL_PIC -DOPENSSL_BN_ASM_MONT -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DAES_ASM -DVPAES_ASM -DECP_NISTZ256_ASM -DPOLY1305_ASM -DOPENSSLDIR="/usr/local/ssl" -DENGINESDIR="/usr/local/lib64/engines-1.1" -Wall -O3 -pthread -m64 -DB_ENDIAN -o test/ideatest test/ideatest.o -L. -lcrypto -ldl make[2]: Leaving directory ` powerpc64-linux-gcc -I. -Iinclude -DDSO_DLFCN -DHAVE_DLFCN_H -DNDEBUG -DOPENSSL_THREADS -DOPENSSL_NO_STATIC_ENGINE -DOPENSSL_PIC -DOPENSSL_BN_ASM_MONT -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DAES_ASM -DVPAES_ASM -DECP_NISTZ256_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib64/engines-1.1\"" -Wall -O3 -pthread -m64 -DB_ENDIAN -MMD -MF test/igetest.d.tmp -MT test/igetest.o -c -o test/igetest.o test/igetest.c rm -f test/igetest make -f ./Makefile.shared -e \ PERL="/usr/bin/perl" SRCDIR=. \ APPNAME=test/igetest OBJECTS="test/igetest.o" \ LIBDEPS=' '" -L. -lcrypto"' -ldl ' \ CC='powerpc64-linux-gcc' CFLAGS='-DDSO_DLFCN -DHAVE_DLFCN_H -DNDEBUG -DOPENSSL_THREADS -DOPENSSL_NO_STATIC_ENGINE -DOPENSSL_PIC -DOPENSSL_BN_ASM_MONT -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DAES_ASM -DVPAES_ASM -DECP_NISTZ256_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib64/engines-1.1\"" -Wall -O3 -pthread -m64 -DB_ENDIAN ' \ LDFLAGS='' \ link_app.linux-shared make[2]: Entering directory ` LD_LIBRARY_PATH=.: powerpc64-linux-gcc -DDSO_DLFCN -DHAVE_DLFCN_H -DNDEBUG -DOPENSSL_THREADS -DOPENSSL_NO_STATIC_ENGINE -DOPENSSL_PIC -DOPENSSL_BN_ASM_MONT -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DAES_ASM -DVPAES_ASM -DECP_NISTZ256_ASM -DPOLY1305_ASM -DOPENSSLDIR="/usr/local/ssl" -DENGINESDIR="/usr/local/lib64/engines-1.1" -Wall -O3 -pthread -m64 -DB_ENDIAN -o test/igetest test/igetest.o -L. -lcrypto -ldl make[2]: Leaving directory ` powerpc64-linux-gcc -Iinclude -DDSO_DLFCN -DHAVE_DLFCN_H -DNDEBUG -DOPENSSL_THREADS -DOPENSSL_NO_STATIC_ENGINE -DOPENSSL_PIC -DOPENSSL_BN_ASM_MONT -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DAES_ASM -DVPAES_ASM -DECP_NISTZ256_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib64/engines-1.1\"" -Wall -O3 -pthread -m64 -DB_ENDIAN -MMD -MF test/md2test.d.tmp -MT test/md2test.o -c -o test/md2test.o test/md2test.c rm -f test/md2test make -f ./Makefile.shared -e \ PERL="/usr/bin/perl" SRCDIR=. \ APPNAME=test/md2test OBJECTS="test/md2test.o" \ LIBDEPS=' '" -L. -lcrypto"' -ldl ' \ CC='powerpc64-linux-gcc' CFLAGS='-DDSO_DLFCN -DHAVE_DLFCN_H -DNDEBUG -DOPENSSL_THREADS -DOPENSSL_NO_STATIC_ENGINE -DOPENSSL_PIC -DOPENSSL_BN_ASM_MONT -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DAES_ASM -DVPAES_ASM -DECP_NISTZ256_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib64/engines-1.1\"" -Wall -O3 -pthread -m64 -DB_ENDIAN ' \ LDFLAGS='' \ link_app.linux-shared make[2]: Entering directory ` LD_LIBRARY_PATH=.: powerpc64-linux-gcc -DDSO_DLFCN -DHAVE_DLFCN_H -DNDEBUG -DOPENSSL_THREADS -DOPENSSL_NO_STATIC_ENGINE -DOPENSSL_PIC -DOPENSSL_BN_ASM_MONT -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DAES_ASM -DVPAES_ASM -DECP_NISTZ256_ASM -DPOLY1305_ASM -DOPENSSLDIR="/usr/local/ssl" -DENGINESDIR="/usr/local/lib64/engines-1.1" -Wall -O3 -pthread -m64 -DB_ENDIAN -o test/md2test test/md2test.o -L. -lcrypto -ldl make[2]: Leaving directory ` powerpc64-linux-gcc -Iinclude -DDSO_DLFCN -DHAVE_DLFCN_H -DNDEBUG -DOPENSSL_THREADS -DOPENSSL_NO_STATIC_ENGINE -DOPENSSL_PIC -DOPENSSL_BN_ASM_MONT -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DAES_ASM -DVPAES_ASM -DECP_NISTZ256_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib64/engines-1.1\"" -Wall -O3 -pthread -m64 -DB_ENDIAN -MMD -MF test/md4test.d.tmp -MT test/md4test.o -c -o test/md4test.o test/md4test.c rm -f test/md4test make -f ./Makefile.shared -e \ PERL="/usr/bin/perl" SRCDIR=. \ APPNAME=test/md4test OBJECTS="test/md4test.o" \ LIBDEPS=' '" -L. -lcrypto"' -ldl ' \ CC='powerpc64-linux-gcc' CFLAGS='-DDSO_DLFCN -DHAVE_DLFCN_H -DNDEBUG -DOPENSSL_THREADS -DOPENSSL_NO_STATIC_ENGINE -DOPENSSL_PIC -DOPENSSL_BN_ASM_MONT -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DAES_ASM -DVPAES_ASM -DECP_NISTZ256_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib64/engines-1.1\"" -Wall -O3 -pthread -m64 -DB_ENDIAN ' \ LDFLAGS='' \ link_app.linux-shared make[2]: Entering directory ` LD_LIBRARY_PATH=.: powerpc64-linux-gcc -DDSO_DLFCN -DHAVE_DLFCN_H -DNDEBUG -DOPENSSL_THREADS -DOPENSSL_NO_STATIC_ENGINE -DOPENSSL_PIC -DOPENSSL_BN_ASM_MONT -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DAES_ASM -DVPAES_ASM -DECP_NISTZ256_ASM -DPOLY1305_ASM -DOPENSSLDIR="/usr/local/ssl" -DENGINESDIR="/usr/local/lib64/engines-1.1" -Wall -O3 -pthread -m64 -DB_ENDIAN -o test/md4test test/md4test.o -L. -lcrypto -ldl make[2]: Leaving directory ` powerpc64-linux-gcc -Iinclude -DDSO_DLFCN -DHAVE_DLFCN_H -DNDEBUG -DOPENSSL_THREADS -DOPENSSL_NO_STATIC_ENGINE -DOPENSSL_PIC -DOPENSSL_BN_ASM_MONT -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DAES_ASM -DVPAES_ASM -DECP_NISTZ256_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib64/engines-1.1\"" -Wall -O3 -pthread -m64 -DB_ENDIAN -MMD -MF test/md5test.d.tmp -MT test/md5test.o -c -o test/md5test.o test/md5test.c rm -f test/md5test make -f ./Makefile.shared -e \ PERL="/usr/bin/perl" SRCDIR=. \ APPNAME=test/md5test OBJECTS="test/md5test.o" \ LIBDEPS=' '" -L. -lcrypto"' -ldl ' \ CC='powerpc64-linux-gcc' CFLAGS='-DDSO_DLFCN -DHAVE_DLFCN_H -DNDEBUG -DOPENSSL_THREADS -DOPENSSL_NO_STATIC_ENGINE -DOPENSSL_PIC -DOPENSSL_BN_ASM_MONT -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DAES_ASM -DVPAES_ASM -DECP_NISTZ256_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib64/engines-1.1\"" -Wall -O3 -pthread -m64 -DB_ENDIAN ' \ LDFLAGS='' \ link_app.linux-shared make[2]: Entering directory ` LD_LIBRARY_PATH=.: powerpc64-linux-gcc -DDSO_DLFCN -DHAVE_DLFCN_H -DNDEBUG -DOPENSSL_THREADS -DOPENSSL_NO_STATIC_ENGINE -DOPENSSL_PIC -DOPENSSL_BN_ASM_MONT -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DAES_ASM -DVPAES_ASM -DECP_NISTZ256_ASM -DPOLY1305_ASM -DOPENSSLDIR="/usr/local/ssl" -DENGINESDIR="/usr/local/lib64/engines-1.1" -Wall -O3 -pthread -m64 -DB_ENDIAN -o test/md5test test/md5test.o -L. -lcrypto -ldl make[2]: Leaving directory ` powerpc64-linux-gcc -I. -Iinclude -DDSO_DLFCN -DHAVE_DLFCN_H -DNDEBUG -DOPENSSL_THREADS -DOPENSSL_NO_STATIC_ENGINE -DOPENSSL_PIC -DOPENSSL_BN_ASM_MONT -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DAES_ASM -DVPAES_ASM -DECP_NISTZ256_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib64/engines-1.1\"" -Wall -O3 -pthread -m64 -DB_ENDIAN -MMD -MF test/mdc2_internal_test.d.tmp -MT test/mdc2_internal_test.o -c -o test/mdc2_internal_test.o test/mdc2_internal_test.c rm -f test/mdc2_internal_test make -f ./Makefile.shared -e \ PERL="/usr/bin/perl" SRCDIR=. \ APPNAME=test/mdc2_internal_test OBJECTS="test/mdc2_internal_test.o test/testutil.o" \ LIBDEPS=' '" -L. -lcrypto"' -ldl ' \ CC='powerpc64-linux-gcc' CFLAGS='-DDSO_DLFCN -DHAVE_DLFCN_H -DNDEBUG -DOPENSSL_THREADS -DOPENSSL_NO_STATIC_ENGINE -DOPENSSL_PIC -DOPENSSL_BN_ASM_MONT -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DAES_ASM -DVPAES_ASM -DECP_NISTZ256_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib64/engines-1.1\"" -Wall -O3 -pthread -m64 -DB_ENDIAN ' \ LDFLAGS='' \ link_app.linux-shared make[2]: Entering directory ` LD_LIBRARY_PATH=.: powerpc64-linux-gcc -DDSO_DLFCN -DHAVE_DLFCN_H -DNDEBUG -DOPENSSL_THREADS -DOPENSSL_NO_STATIC_ENGINE -DOPENSSL_PIC -DOPENSSL_BN_ASM_MONT -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DAES_ASM -DVPAES_ASM -DECP_NISTZ256_ASM -DPOLY1305_ASM -DOPENSSLDIR="/usr/local/ssl" -DENGINESDIR="/usr/local/lib64/engines-1.1" -Wall -O3 -pthread -m64 -DB_ENDIAN -o test/mdc2_internal_test test/mdc2_internal_test.o test/testutil.o -L. -lcrypto -ldl make[2]: Leaving directory ` powerpc64-linux-gcc -Iinclude -DDSO_DLFCN -DHAVE_DLFCN_H -DNDEBUG -DOPENSSL_THREADS -DOPENSSL_NO_STATIC_ENGINE -DOPENSSL_PIC -DOPENSSL_BN_ASM_MONT -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DAES_ASM -DVPAES_ASM -DECP_NISTZ256_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib64/engines-1.1\"" -Wall -O3 -pthread -m64 -DB_ENDIAN -MMD -MF test/mdc2test.d.tmp -MT test/mdc2test.o -c -o test/mdc2test.o test/mdc2test.c rm -f test/mdc2test make -f ./Makefile.shared -e \ PERL="/usr/bin/perl" SRCDIR=. \ APPNAME=test/mdc2test OBJECTS="test/mdc2test.o" \ LIBDEPS=' '" -L. -lcrypto"' -ldl ' \ CC='powerpc64-linux-gcc' CFLAGS='-DDSO_DLFCN -DHAVE_DLFCN_H -DNDEBUG -DOPENSSL_THREADS -DOPENSSL_NO_STATIC_ENGINE -DOPENSSL_PIC -DOPENSSL_BN_ASM_MONT -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DAES_ASM -DVPAES_ASM -DECP_NISTZ256_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib64/engines-1.1\"" -Wall -O3 -pthread -m64 -DB_ENDIAN ' \ LDFLAGS='' \ link_app.linux-shared make[2]: Entering directory ` LD_LIBRARY_PATH=.: powerpc64-linux-gcc -DDSO_DLFCN -DHAVE_DLFCN_H -DNDEBUG -DOPENSSL_THREADS -DOPENSSL_NO_STATIC_ENGINE -DOPENSSL_PIC -DOPENSSL_BN_ASM_MONT -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DAES_ASM -DVPAES_ASM -DECP_NISTZ256_ASM -DPOLY1305_ASM -DOPENSSLDIR="/usr/local/ssl" -DENGINESDIR="/usr/local/lib64/engines-1.1" -Wall -O3 -pthread -m64 -DB_ENDIAN -o test/mdc2test test/mdc2test.o -L. -lcrypto -ldl make[2]: Leaving directory ` powerpc64-linux-gcc -Iinclude -DDSO_DLFCN -DHAVE_DLFCN_H -DNDEBUG -DOPENSSL_THREADS -DOPENSSL_NO_STATIC_ENGINE -DOPENSSL_PIC -DOPENSSL_BN_ASM_MONT -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DAES_ASM -DVPAES_ASM -DECP_NISTZ256_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib64/engines-1.1\"" -Wall -O3 -pthread -m64 -DB_ENDIAN -MMD -MF test/memleaktest.d.tmp -MT test/memleaktest.o -c -o test/memleaktest.o test/memleaktest.c rm -f test/memleaktest make -f ./Makefile.shared -e \ PERL="/usr/bin/perl" SRCDIR=. \ APPNAME=test/memleaktest OBJECTS="test/memleaktest.o" \ LIBDEPS=' '" -L. -lcrypto"' -ldl ' \ CC='powerpc64-linux-gcc' CFLAGS='-DDSO_DLFCN -DHAVE_DLFCN_H -DNDEBUG -DOPENSSL_THREADS -DOPENSSL_NO_STATIC_ENGINE -DOPENSSL_PIC -DOPENSSL_BN_ASM_MONT -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DAES_ASM -DVPAES_ASM -DECP_NISTZ256_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib64/engines-1.1\"" -Wall -O3 -pthread -m64 -DB_ENDIAN ' \ LDFLAGS='' \ link_app.linux-shared make[2]: Entering directory ` LD_LIBRARY_PATH=.: powerpc64-linux-gcc -DDSO_DLFCN -DHAVE_DLFCN_H -DNDEBUG -DOPENSSL_THREADS -DOPENSSL_NO_STATIC_ENGINE -DOPENSSL_PIC -DOPENSSL_BN_ASM_MONT -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DAES_ASM -DVPAES_ASM -DECP_NISTZ256_ASM -DPOLY1305_ASM -DOPENSSLDIR="/usr/local/ssl" -DENGINESDIR="/usr/local/lib64/engines-1.1" -Wall -O3 -pthread -m64 -DB_ENDIAN -o test/memleaktest test/memleaktest.o -L. -lcrypto -ldl make[2]: Leaving directory ` powerpc64-linux-gcc -I. -Iinclude -DDSO_DLFCN -DHAVE_DLFCN_H -DNDEBUG -DOPENSSL_THREADS -DOPENSSL_NO_STATIC_ENGINE -DOPENSSL_PIC -DOPENSSL_BN_ASM_MONT -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DAES_ASM -DVPAES_ASM -DECP_NISTZ256_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib64/engines-1.1\"" -Wall -O3 -pthread -m64 -DB_ENDIAN -MMD -MF test/modes_internal_test.d.tmp -MT test/modes_internal_test.o -c -o test/modes_internal_test.o test/modes_internal_test.c make[1]: *** No rule to make target `test/ppccap.c', needed by `test/ppccap.o'. Stop. make[1]: Leaving directory ` make: *** [all] Error 2 Build step 'Execute shell' marked build as failure From matt at openssl.org Fri Nov 4 12:12:29 2016 From: matt at openssl.org (Matt Caswell) Date: Fri, 04 Nov 2016 12:12:29 +0000 Subject: [openssl-commits] [openssl] master update Message-ID: <1478261549.149282.987.nullmailer@dev.openssl.org> The branch master has been updated via c42a78cb57cd335f3e2b224d4d8c8d7c2ecfaa44 (commit) via ff04799d904ec2bfcfc3a3ca656549db2dec9068 (commit) via ed9fa2c74bbb9da312aa82865aeb3f9b75a8167b (commit) via 54105ddd230c0d77fab91dd3f423b58b2a976de7 (commit) via 740bfebaf6d879f051da625d3c583f7cbba8944f (commit) via 02ba18a63e1f4ae1d0c0a185f9b7701fcddc1835 (commit) via 8d2b1819ef66206d19c1b0ecbf3ca882fed04721 (commit) via be2ef0e2e3842114054d26c3429016dc894a1359 (commit) via 2b7363ecf168f94e5d982cd49182aa923b92d3e4 (commit) via 3cdc2f8fb528a4d47436dd863f6b8d5c30619847 (commit) via 6782e5fdd885cbd09ecbc063f3c1116c2962ecae (commit) via d0ee717c938cda00bcb13cac2f7e2b162616254b (commit) via f0ca8f89f866fd2214241758b8485a462d3f6f01 (commit) via d02ef3d0be3b2cb1e6b3905ad26fc03ec261b317 (commit) via 7714dc5ea1174ca50cd12e5013683284f66c2dd3 (commit) via 699ae85915f83f91bf5d5af45dd4888217005461 (commit) via 2688e7a0beb0f5e76a98749f25b978ddfb40ac7f (commit) via 708e06c55d9fee5d59e4a4f409d115423ea1fa56 (commit) via 56a26ce3600cc9f96da0e64b345a25276d9abfc0 (commit) via 348240c676a1b2beaebb865e8be0b62f88c10b7d (commit) via a14aa99be8fe169bba7afc6355b6b6d750b2ba1d (commit) via c08d12ca40e031e652e84cd235e8394cf883fd1f (commit) via 153703dfde6bf3f1cf72576a19d0f2fabe61a826 (commit) via 8051ab2b6f8e1fb9e957771afcc3555560f9694f (commit) via 8b0e934afbdf8ca61866263c507d4b653135952d (commit) via e3c9727fece7bd73469e14796f579c4dc5209cdb (commit) via d736bc1a7d45744300b2c81f7296b0d1e550ae0d (commit) via 6db6bc5a8f0663e679a99ea91a6f490db0f183ba (commit) via cb150cbcaca651a5b32fc1f1fc94ca61285c3515 (commit) via 12472b456180cbc582d6152e174135524081c3ba (commit) via ec60ccc1c1b9562359753e8fcbeeab0a6b4b669c (commit) via 8c1a534305054c58d783fdfe7adbed24f5893a2e (commit) via b43d1cbb9abb331bbaa29658b4af434c7b870c56 (commit) via d0e7c31db04349882855add5a5a21977b4467e3d (commit) via 72716e79bf1207625d58f4fe3874303ac47d0f98 (commit) via 5607b2759a3148be6f38a9205d225bc8c802eaf1 (commit) via 7ee8627f6eb7cf63b34d2701d76bb66f6db811e5 (commit) via eda757514ea3018c8510b4738b5e37479aeadc5e (commit) via 8e6d03cac4c34dc089751f36120b69c512f77756 (commit) from a1ca39c02c5507536ee586e787f12f9ea3ea908b (commit) - Log ----------------------------------------------------------------- commit c42a78cb57cd335f3e2b224d4d8c8d7c2ecfaa44 Author: Matt Caswell Date: Fri Nov 4 10:26:57 2016 +0000 Fix a missed size_t variable declaration pqueue_size() now returns a size_t, but the variable that gets returned was still declared as an int. Reviewed-by: Rich Salz commit ff04799d904ec2bfcfc3a3ca656549db2dec9068 Author: Matt Caswell Date: Fri Nov 4 10:25:03 2016 +0000 Fix some style issues from libssl size_tify review Reviewed-by: Rich Salz commit ed9fa2c74bbb9da312aa82865aeb3f9b75a8167b Author: Matt Caswell Date: Wed Oct 26 20:59:49 2016 +0100 Tweak the SSL_read()/SSL_write() text based on feedback received. Reviewed-by: Rich Salz commit 54105ddd230c0d77fab91dd3f423b58b2a976de7 Author: Matt Caswell Date: Wed Oct 26 10:43:34 2016 +0100 Rename all "read" variables with "readbytes" Travis is reporting one file at a time shadowed variable warnings where "read" has been used. This attempts to go through all of libssl and replace "read" with "readbytes" to fix all the problems in one go. Reviewed-by: Rich Salz commit 740bfebaf6d879f051da625d3c583f7cbba8944f Author: Matt Caswell Date: Tue Oct 25 23:46:27 2016 +0100 Clarify the return values for SSL_read_ex()/SSL_write_ex() Give more detail on what constitutes success/failure. Reviewed-by: Rich Salz commit 02ba18a63e1f4ae1d0c0a185f9b7701fcddc1835 Author: Matt Caswell Date: Tue Oct 25 23:27:16 2016 +0100 Fix a shadowed variable declaration warning picked up by Travis Rename "read" to "readbytes" Reviewed-by: Rich Salz commit 8d2b1819ef66206d19c1b0ecbf3ca882fed04721 Author: Matt Caswell Date: Tue Oct 25 17:10:44 2016 +0100 Document the HMAC_size() function Reviewed-by: Rich Salz commit be2ef0e2e3842114054d26c3429016dc894a1359 Author: Matt Caswell Date: Tue Oct 25 15:29:35 2016 +0100 Test the size_t constant time functions Reviewed-by: Rich Salz commit 2b7363ecf168f94e5d982cd49182aa923b92d3e4 Author: Matt Caswell Date: Tue Oct 25 15:29:17 2016 +0100 Ensure SSL_DEBUG works following size_t changes Reviewed-by: Rich Salz commit 3cdc2f8fb528a4d47436dd863f6b8d5c30619847 Author: Matt Caswell Date: Tue Oct 25 15:27:55 2016 +0100 Clarify the return values for the peek functions Reviewed-by: Rich Salz commit 6782e5fdd885cbd09ecbc063f3c1116c2962ecae Author: Matt Caswell Date: Fri Oct 21 16:16:20 2016 +0100 Updates various man pages based on review feedback received. Improvements to style, grammar etc. Reviewed-by: Rich Salz commit d0ee717c938cda00bcb13cac2f7e2b162616254b Author: Matt Caswell Date: Fri Oct 21 15:41:04 2016 +0100 Fix style issues in HMAC_size() Based on review feedback. Reviewed-by: Rich Salz commit f0ca8f89f866fd2214241758b8485a462d3f6f01 Author: Matt Caswell Date: Thu Oct 20 23:49:41 2016 +0100 Fix some bogus warnings about uninitialised variables Travis was failing in some builds due to a bogus complaint about uninit variables. Reviewed-by: Rich Salz commit d02ef3d0be3b2cb1e6b3905ad26fc03ec261b317 Author: Matt Caswell Date: Thu Oct 20 17:27:59 2016 +0100 Fix some clashing symbol numbers due to merge conflict Reviewed-by: Rich Salz commit 7714dc5ea1174ca50cd12e5013683284f66c2dd3 Author: Matt Caswell Date: Thu Oct 20 15:04:21 2016 +0100 Document the newly added SSL functions Also document SSL_peek() which was missing from the docs. Reviewed-by: Rich Salz commit 699ae85915f83f91bf5d5af45dd4888217005461 Author: Matt Caswell Date: Wed Oct 19 17:37:22 2016 +0100 Remove a stray TODO that has already been fixed Reviewed-by: Rich Salz commit 2688e7a0beb0f5e76a98749f25b978ddfb40ac7f Author: Matt Caswell Date: Wed Oct 19 17:13:13 2016 +0100 Provide some constant time functions for dealing with size_t values Also implement the using of them Reviewed-by: Rich Salz commit 708e06c55d9fee5d59e4a4f409d115423ea1fa56 Author: Matt Caswell Date: Wed Oct 19 16:29:01 2016 +0100 Ensure HMAC_size() handles errors correctly Reviewed-by: Rich Salz commit 56a26ce3600cc9f96da0e64b345a25276d9abfc0 Author: Matt Caswell Date: Wed Oct 19 16:28:12 2016 +0100 Now that we can use size_t in PACKET lets use it Reviewed-by: Rich Salz commit 348240c676a1b2beaebb865e8be0b62f88c10b7d Author: Matt Caswell Date: Wed Oct 19 15:11:24 2016 +0100 Fix misc size_t issues causing Windows warnings in 64 bit Reviewed-by: Rich Salz commit a14aa99be8fe169bba7afc6355b6b6d750b2ba1d Author: Matt Caswell Date: Wed Oct 19 14:44:28 2016 +0100 Convert the mac functions to just return 1 for success and 0 for failure Previously they return -1 for failure or the size of the mac. But the size was never used anywhere. Reviewed-by: Rich Salz commit c08d12ca40e031e652e84cd235e8394cf883fd1f Author: Matt Caswell Date: Wed Oct 19 14:39:55 2016 +0100 Fix some ssl3_record code witch converstion to/from size_t Reviewed-by: Rich Salz commit 153703dfde6bf3f1cf72576a19d0f2fabe61a826 Author: Matt Caswell Date: Wed Oct 19 14:39:39 2016 +0100 Add some PACKET functions for size_t And use them in the DTLS code Reviewed-by: Rich Salz commit 8051ab2b6f8e1fb9e957771afcc3555560f9694f Author: Matt Caswell Date: Wed Oct 19 14:09:02 2016 +0100 Convert SSL BIO to use SSL_write_ex(). We also modify the SSL_get_error() function to handle the fact that with SSL_write_ex() the error return is 0 not -1, and fix some bugs in the SSL BIO reading. Reviewed-by: Rich Salz commit 8b0e934afbdf8ca61866263c507d4b653135952d Author: Matt Caswell Date: Thu Oct 6 19:17:54 2016 +0100 Fix some missed size_t updates Reviewed-by: Rich Salz commit e3c9727fece7bd73469e14796f579c4dc5209cdb Author: Matt Caswell Date: Tue Oct 4 21:42:28 2016 +0100 Resolve some outstanding size_t related TODOs Reviewed-by: Rich Salz commit d736bc1a7d45744300b2c81f7296b0d1e550ae0d Author: Matt Caswell Date: Tue Oct 4 21:22:19 2016 +0100 Update misc function params in libssl for size_t Reviewed-by: Rich Salz commit 6db6bc5a8f0663e679a99ea91a6f490db0f183ba Author: Matt Caswell Date: Tue Oct 4 21:14:24 2016 +0100 Convert some libssl local functions to size_t Reviewed-by: Rich Salz commit cb150cbcaca651a5b32fc1f1fc94ca61285c3515 Author: Matt Caswell Date: Tue Oct 4 21:04:03 2016 +0100 Update cookie_len for size_t Reviewed-by: Rich Salz commit 12472b456180cbc582d6152e174135524081c3ba Author: Matt Caswell Date: Tue Oct 4 20:56:11 2016 +0100 Update numerous misc libssl fields to be size_t Reviewed-by: Rich Salz commit ec60ccc1c1b9562359753e8fcbeeab0a6b4b669c Author: Matt Caswell Date: Tue Oct 4 20:31:19 2016 +0100 Convert session_id_length and sid_ctx_len to size_t Reviewed-by: Rich Salz commit 8c1a534305054c58d783fdfe7adbed24f5893a2e Author: Matt Caswell Date: Mon Oct 3 23:22:07 2016 +0100 Convert master_secret_size code to size_t Reviewed-by: Rich Salz commit b43d1cbb9abb331bbaa29658b4af434c7b870c56 Author: Matt Caswell Date: Mon Oct 3 22:34:07 2016 +0100 Convert various mac_secret_size usage to size_t Reviewed-by: Rich Salz commit d0e7c31db04349882855add5a5a21977b4467e3d Author: Matt Caswell Date: Mon Oct 3 22:26:59 2016 +0100 Convert ssl3_cbc_digest_record for size_t Reviewed-by: Rich Salz commit 72716e79bf1207625d58f4fe3874303ac47d0f98 Author: Matt Caswell Date: Mon Oct 3 22:15:10 2016 +0100 Convert some misc record layer functions for size_t Reviewed-by: Rich Salz commit 5607b2759a3148be6f38a9205d225bc8c802eaf1 Author: Matt Caswell Date: Mon Oct 3 21:12:23 2016 +0100 Convert SSL3_RECORD_clear() and SSL3_RECORD_release() to size_t Reviewed-by: Rich Salz commit 7ee8627f6eb7cf63b34d2701d76bb66f6db811e5 Author: Matt Caswell Date: Wed Sep 7 11:34:39 2016 +0100 Convert libssl writing for size_t Reviewed-by: Rich Salz commit eda757514ea3018c8510b4738b5e37479aeadc5e Author: Matt Caswell Date: Tue Sep 6 12:05:25 2016 +0100 Further libssl size_t-ify of reading Writing still to be done Reviewed-by: Rich Salz commit 8e6d03cac4c34dc089751f36120b69c512f77756 Author: Matt Caswell Date: Tue Sep 6 09:24:19 2016 +0100 Convert record layer to use size_t Reviewed-by: Rich Salz ----------------------------------------------------------------------- Summary of changes: crypto/hmac/hmac.c | 4 +- doc/man3/HMAC.pod | 10 +- doc/man3/SSL_CTX_set_mode.pod | 26 ++- doc/man3/SSL_CTX_set_split_send_fragment.pod | 10 +- doc/man3/SSL_get_error.pod | 15 +- doc/man3/SSL_pending.pod | 17 +- doc/man3/SSL_read.pod | 110 +++++---- doc/man3/SSL_set_connect_state.pod | 8 +- doc/man3/SSL_write.pod | 82 ++++--- doc/man7/ssl.pod | 6 +- include/internal/constant_time_locl.h | 49 ++++ include/openssl/ssl.h | 6 + ssl/bio_ssl.c | 25 +-- ssl/d1_lib.c | 56 +++-- ssl/d1_msg.c | 11 +- ssl/d1_srtp.c | 5 +- ssl/packet_locl.h | 48 ++++ ssl/pqueue.c | 4 +- ssl/record/rec_layer_d1.c | 120 +++++----- ssl/record/rec_layer_s3.c | 247 ++++++++++---------- ssl/record/record.h | 71 +++--- ssl/record/record_locl.h | 19 +- ssl/record/ssl3_buffer.c | 8 +- ssl/record/ssl3_record.c | 267 ++++++++++++---------- ssl/s3_cbc.c | 24 +- ssl/s3_enc.c | 40 ++-- ssl/s3_lib.c | 67 +++--- ssl/s3_msg.c | 20 +- ssl/ssl_asn1.c | 10 +- ssl/ssl_ciph.c | 11 +- ssl/ssl_err.c | 3 + ssl/ssl_lib.c | 322 +++++++++++++++++---------- ssl/ssl_locl.h | 151 ++++++------- ssl/ssl_mcnf.c | 4 +- ssl/ssl_sess.c | 10 +- ssl/ssl_txt.c | 11 +- ssl/statem/statem.c | 4 +- ssl/statem/statem_clnt.c | 80 ++++--- ssl/statem/statem_dtls.c | 198 ++++++++-------- ssl/statem/statem_lib.c | 103 +++++---- ssl/statem/statem_locl.h | 8 +- ssl/statem/statem_srvr.c | 61 ++--- ssl/t1_enc.c | 79 +++---- ssl/t1_lib.c | 65 +++--- ssl/t1_reneg.c | 6 +- test/constant_time_test.c | 115 +++++++++- util/libssl.num | 3 + 47 files changed, 1537 insertions(+), 1082 deletions(-) diff --git a/crypto/hmac/hmac.c b/crypto/hmac/hmac.c index 3374105..ffca891 100644 --- a/crypto/hmac/hmac.c +++ b/crypto/hmac/hmac.c @@ -118,7 +118,9 @@ int HMAC_Final(HMAC_CTX *ctx, unsigned char *md, unsigned int *len) size_t HMAC_size(const HMAC_CTX *ctx) { - return EVP_MD_size((ctx)->md); + int size = EVP_MD_size((ctx)->md); + + return (size < 0) ? 0 : size; } HMAC_CTX *HMAC_CTX_new(void) diff --git a/doc/man3/HMAC.pod b/doc/man3/HMAC.pod index 87f7e33..595d67d 100644 --- a/doc/man3/HMAC.pod +++ b/doc/man3/HMAC.pod @@ -12,7 +12,8 @@ HMAC_Update, HMAC_Final, HMAC_CTX_copy, HMAC_CTX_set_flags, -HMAC_CTX_get_md +HMAC_CTX_get_md, +HMAC_size - HMAC message authentication code =head1 SYNOPSIS @@ -37,6 +38,8 @@ HMAC_CTX_get_md void HMAC_CTX_set_flags(HMAC_CTX *ctx, unsigned long flags); const EVP_MD *HMAC_CTX_get_md(const HMAC_CTX *ctx); + size_t HMAC_size(const HMAC_CTX *e); + Deprecated: #if OPENSSL_API_COMPAT < 0x10100000L @@ -105,6 +108,8 @@ These flags have the same meaning as for L. HMAC_CTX_get_md() returns the EVP_MD that has previously been set for the supplied HMAC_CTX. +HMAC_size() returns the length in bytes of the underlying hash function output. + =head1 RETURN VALUES HMAC() returns a pointer to the message authentication code or NULL if @@ -119,6 +124,9 @@ HMAC_CTX_copy() return 1 for success or 0 if an error occurred. HMAC_CTX_get_md() return the EVP_MD previously set for the supplied HMAC_CTX or NULL if no EVP_MD has been set. +HMAC_size() returns the length in bytes of the underlying hash function output +or zero on error. + =head1 CONFORMING TO RFC 2104 diff --git a/doc/man3/SSL_CTX_set_mode.pod b/doc/man3/SSL_CTX_set_mode.pod index 1b3e783..6b8fad6 100644 --- a/doc/man3/SSL_CTX_set_mode.pod +++ b/doc/man3/SSL_CTX_set_mode.pod @@ -34,26 +34,27 @@ The following mode changes are available: =item SSL_MODE_ENABLE_PARTIAL_WRITE -Allow SSL_write(..., n) to return r with 0 < r < n (i.e. report success -when just a single record has been written). When not set (the default), -SSL_write() will only report success once the complete chunk was written. -Once SSL_write() returns with r, r bytes have been successfully written -and the next call to SSL_write() must only send the n-r bytes left, -imitating the behaviour of write(). +Allow SSL_write_ex(..., n, &r) to return with 0 < r < n (i.e. report success +when just a single record has been written). This works in a similar way for +SSL_write(). When not set (the default), SSL_write_ex() or SSL_write() will only +report success once the complete chunk was written. Once SSL_write_ex() or +SSL_write() returns successful, B bytes have been written and the next call +to SSL_write_ex() or SSL_write() must only send the n-r bytes left, imitating +the behaviour of write(). =item SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER -Make it possible to retry SSL_write() with changed buffer location -(the buffer contents must stay the same). This is not the default to avoid -the misconception that non-blocking SSL_write() behaves like +Make it possible to retry SSL_write_ex() or SSL_write() with changed buffer +location (the buffer contents must stay the same). This is not the default to +avoid the misconception that non-blocking SSL_write() behaves like non-blocking write(). =item SSL_MODE_AUTO_RETRY Never bother the application with retries if the transport is blocking. If a renegotiation take place during normal operation, a -L or L would return -with -1 and indicate the need to retry with SSL_ERROR_WANT_READ. +L, L, L or L would +return with a failure and indicate the need to retry with SSL_ERROR_WANT_READ. In a non-blocking environment applications must be prepared to handle incomplete read/write operations. In a blocking environment, applications are not always prepared to @@ -96,7 +97,8 @@ SSL_CTX_get_mode() and SSL_get_mode() return the current bitmask. =head1 SEE ALSO -L, L, L, L +L, L, L, L or +L, L =head1 HISTORY diff --git a/doc/man3/SSL_CTX_set_split_send_fragment.pod b/doc/man3/SSL_CTX_set_split_send_fragment.pod index accf5af..4c3e9e6 100644 --- a/doc/man3/SSL_CTX_set_split_send_fragment.pod +++ b/doc/man3/SSL_CTX_set_split_send_fragment.pod @@ -58,19 +58,19 @@ Pipelining operates slightly differently for reading encrypted data compared to writing encrypted data. SSL_CTX_set_split_send_fragment() and SSL_set_split_send_fragment() define how data is split up into pipelines when writing encrypted data. The number of pipelines used will be determined by the -amount of data provided to the SSL_write() call divided by +amount of data provided to the SSL_write_ex() or SSL_write() call divided by B. For example if B is set to 2000 and B is 4 then: -SSL_write called with 0-2000 bytes == 1 pipeline used +SSL_write/SSL_write_ex called with 0-2000 bytes == 1 pipeline used -SSL_write called with 2001-4000 bytes == 2 pipelines used +SSL_write/SSL_write_ex called with 2001-4000 bytes == 2 pipelines used -SSL_write called with 4001-6000 bytes == 3 pipelines used +SSL_write/SSL_write_ex called with 4001-6000 bytes == 3 pipelines used -SSL_write called with 6001+ bytes == 4 pipelines used +SSL_write/SSL_write_ex called with 6001+ bytes == 4 pipelines used B must always be less than or equal to B. By default it is set to be equal to B. diff --git a/doc/man3/SSL_get_error.pod b/doc/man3/SSL_get_error.pod index ddd72f7..424f6f0 100644 --- a/doc/man3/SSL_get_error.pod +++ b/doc/man3/SSL_get_error.pod @@ -14,9 +14,9 @@ SSL_get_error - obtain result code for TLS/SSL I/O operation SSL_get_error() returns a result code (suitable for the C "switch" statement) for a preceding call to SSL_connect(), SSL_accept(), SSL_do_handshake(), -SSL_read(), SSL_peek(), or SSL_write() on B. The value returned by -that TLS/SSL I/O function must be passed to SSL_get_error() in parameter -B. +SSL_read_ex(), SSL_read(), SSL_peek_ex(), SSL_peek(), SSL_write_ex() or +SSL_write() on B. The value returned by that TLS/SSL I/O function must be +passed to SSL_get_error() in parameter B. In addition to B and B, SSL_get_error() inspects the current thread's OpenSSL error queue. Thus, SSL_get_error() must be @@ -64,10 +64,11 @@ TLS/SSL I/O function should be retried. Caveat: Any TLS/SSL I/O function can lead to either of B and B. In particular, -SSL_read() or SSL_peek() may want to write data and SSL_write() may want -to read data. This is mainly because TLS/SSL handshakes may occur at any -time during the protocol (initiated by either the client or the server); -SSL_read(), SSL_peek(), and SSL_write() will handle any pending handshakes. +SSL_read_ex(), SSL_read(), SSL_peek_ex(), or SSL_peek() may want to write data +and SSL_write() or SSL_write_ex() may want to read data. This is mainly because +TLS/SSL handshakes may occur at any time during the protocol (initiated by +either the client or the server); SSL_read_ex(), SSL_read(), SSL_peek_ex(), +SSL_peek(), SSL_write_ex(), and SSL_write() will handle any pending handshakes. =item SSL_ERROR_WANT_CONNECT, SSL_ERROR_WANT_ACCEPT diff --git a/doc/man3/SSL_pending.pod b/doc/man3/SSL_pending.pod index f6ed565..642cd4b 100644 --- a/doc/man3/SSL_pending.pod +++ b/doc/man3/SSL_pending.pod @@ -16,7 +16,7 @@ SSL object Data is received in whole blocks known as records from the peer. A whole record is processed (e.g. decrypted) in one go and is buffered by OpenSSL until it is -read by the application via a call to L. +read by the application via a call to L or L. SSL_pending() returns the number of bytes which have been processed, buffered and are available inside B for immediate read. @@ -34,12 +34,13 @@ the data is in unprocessed buffered records). SSL_has_pending() returns 1 if B has buffered data (whether processed or unprocessed) and 0 otherwise. Note that it is possible for SSL_has_pending() to -return 1, and then a subsequent call to SSL_read() to return no data because the -unprocessed buffered data when processed yielded no application data (for -example this can happen during renegotiation). It is also possible in this -scenario for SSL_has_pending() to continue to return 1 even after an SSL_read() -call because the buffered and unprocessed data is not yet processable (e.g. -because OpenSSL has only received a partial record so far). +return 1, and then a subsequent call to SSL_read_ex() or SSL_read() to return no +data because the unprocessed buffered data when processed yielded no application +data (for example this can happen during renegotiation). It is also possible in +this scenario for SSL_has_pending() to continue to return 1 even after an +SSL_read_ex() or SSL_read() call because the buffered and unprocessed data is +not yet processable (e.g. because OpenSSL has only received a partial record so +far). =head1 RETURN VALUES @@ -49,7 +50,7 @@ returns 1 if there is buffered record data in the SSL object and 0 otherwise. =head1 SEE ALSO -L, L, +L, L, L, L, L =head1 HISTORY diff --git a/doc/man3/SSL_read.pod b/doc/man3/SSL_read.pod index 8dff244..7c175bf 100644 --- a/doc/man3/SSL_read.pod +++ b/doc/man3/SSL_read.pod @@ -2,82 +2,100 @@ =head1 NAME -SSL_read - read bytes from a TLS/SSL connection +SSL_read_ex, SSL_read - read bytes from a TLS/SSL connection =head1 SYNOPSIS #include + int SSL_read_ex(SSL *ssl, void *buf, size_t num, size_t *read); int SSL_read(SSL *ssl, void *buf, int num); + int SSL_peek_ex(SSL *ssl, void *buf, size_t num, size_t *read); + int SSL_peek(SSL *ssl, void *buf, int num); + =head1 DESCRIPTION -SSL_read() tries to read B bytes from the specified B into the -buffer B. +SSL_read_ex() and SSL_read() try to read B bytes from the specified B +into the buffer B. On success SSL_read_ex() will store the number of bytes +actually read in B<*read>. + +SSL_peek_ex() and SSL_peek() are identical to SSL_read_ex() and SSL_read() +respectively except no bytes are actually removed from the underlying BIO during +the read, so that a subsequent call to SSL_read_ex() or SSL_read() will yield +at least the same bytes. =head1 NOTES -If necessary, SSL_read() will negotiate a TLS/SSL session, if -not already explicitly performed by L or -L. If the +In the paragraphs below a "read function" is defined as one of SSL_read_ex(), +SSL_read(), SSL_peek_ex() or SSL_peek(). + +If necessary, a read function will negotiate a TLS/SSL session, if not already +explicitly performed by L or L. If the peer requests a re-negotiation, it will be performed transparently during -the SSL_read() operation. The behaviour of SSL_read() depends on the +the read function operation. The behaviour of the read functions depends on the underlying BIO. For the transparent negotiation to succeed, the B must have been initialized to client or server mode. This is being done by calling -L or SSL_set_accept_state() -before the first call to an SSL_read() or L -function. - -SSL_read() works based on the SSL/TLS records. The data are received in -records (with a maximum record size of 16kB for SSLv3/TLSv1). Only when a -record has been completely received, it can be processed (decryption and -check of integrity). Therefore data that was not retrieved at the last -call of SSL_read() can still be buffered inside the SSL layer and will be -retrieved on the next call to SSL_read(). If B is higher than the -number of bytes buffered, SSL_read() will return with the bytes buffered. -If no more bytes are in the buffer, SSL_read() will trigger the processing -of the next record. Only when the record has been received and processed -completely, SSL_read() will return reporting success. At most the contents -of the record will be returned. As the size of an SSL/TLS record may exceed -the maximum packet size of the underlying transport (e.g. TCP), it may -be necessary to read several packets from the transport layer before the -record is complete and SSL_read() can succeed. - -If the underlying BIO is B, SSL_read() will only return, once the +L or SSL_set_accept_state() before the first +invocation of a read function. + +The read functions work based on the SSL/TLS records. The data are received in +records (with a maximum record size of 16kB). Only when a record has been +completely received, can it be processed (decryption and check of integrity). +Therefore data that was not retrieved at the last read call can still be +buffered inside the SSL layer and will be retrieved on the next read +call. If B is higher than the number of bytes buffered then the read +functions will return with the bytes buffered. If no more bytes are in the +buffer, the read functions will trigger the processing of the next record. +Only when the record has been received and processed completely will the read +functions return reporting success. At most the contents of the record will +be returned. As the size of an SSL/TLS record may exceed the maximum packet size +of the underlying transport (e.g. TCP), it may be necessary to read several +packets from the transport layer before the record is complete and the read call +can succeed. + +If the underlying BIO is B, a read function will only return once the read operation has been finished or an error occurred, except when a -renegotiation take place, in which case a SSL_ERROR_WANT_READ may occur. -This behaviour can be controlled with the SSL_MODE_AUTO_RETRY flag of the +renegotiation takes place, in which case a SSL_ERROR_WANT_READ may occur. This +behaviour can be controlled with the SSL_MODE_AUTO_RETRY flag of the L call. -If the underlying BIO is B, SSL_read() will also return -when the underlying BIO could not satisfy the needs of SSL_read() -to continue the operation. In this case a call to -L with the -return value of SSL_read() will yield B or +If the underlying BIO is B, a read function will also return when +the underlying BIO could not satisfy the needs of the function to continue the +operation. In this case a call to L with the +return value of the read function will yield B or B. As at any time a re-negotiation is possible, a -call to SSL_read() can also cause write operations! The calling process -then must repeat the call after taking appropriate action to satisfy the -needs of SSL_read(). The action depends on the underlying BIO. When using a -non-blocking socket, nothing is to be done, but select() can be used to check -for the required condition. When using a buffering BIO, like a BIO pair, data -must be written into or retrieved out of the BIO before being able to continue. +a read function can also cause write operations! The calling process then must +repeat the call after taking appropriate action to satisfy the needs of the read +function. The action depends on the underlying BIO. When using a non-blocking +socket, nothing is to be done, but select() can be used to check for the +required condition. When using a buffering BIO, like a BIO pair, data must be +written into or retrieved out of the BIO before being able to continue. L can be used to find out whether there are buffered bytes available for immediate retrieval. In this case -SSL_read() can be called without blocking or actually receiving new -data from the underlying socket. +the read function can be called without blocking or actually receiving +new data from the underlying socket. =head1 WARNING -When an SSL_read() operation has to be repeated because of -B or B, it must be repeated +When a read function operation has to be repeated because L +returned B or B, it must be repeated with the same arguments. =head1 RETURN VALUES -The following return values can occur: +SSL_read_ex() and SSL_peek_ex() will return 1 for success or 0 for failure. +Success means that 1 or more application data bytes have been read from the SSL +connection. Failure means that no bytes could be read from the SSL connection. +Failures can be retryable (e.g. we are waiting for more bytes to +be delivered by the network) or non-retryable (e.g. a fatal network error). In +the event of a failure call L to find out the reason which +indicates whether the call is retryable or not. + +For SSL_read() and SSL_peek() the following return values can occur: =over 4 @@ -108,7 +126,7 @@ return value B to find out the reason. =head1 SEE ALSO -L, L, +L, L, L, L, L, L L, diff --git a/doc/man3/SSL_set_connect_state.pod b/doc/man3/SSL_set_connect_state.pod index 60c18a4..1f44f59 100644 --- a/doc/man3/SSL_set_connect_state.pod +++ b/doc/man3/SSL_set_connect_state.pod @@ -35,8 +35,8 @@ requested, the handshake routines must be explicitly set. When using the L or L routines, the correct handshake routines are automatically set. When performing a transparent negotiation -using L or L, the -handshake routines must be explicitly set in advance using either +using L, L, L, or L, +the handshake routines must be explicitly set in advance using either SSL_set_connect_state() or SSL_set_accept_state(). =head1 RETURN VALUES @@ -47,8 +47,8 @@ information. =head1 SEE ALSO L, L, L, -LL, L, -L, L, +L, L, +L, L, L, L, L, L diff --git a/doc/man3/SSL_write.pod b/doc/man3/SSL_write.pod index 5ab0790..c860ed7 100644 --- a/doc/man3/SSL_write.pod +++ b/doc/man3/SSL_write.pod @@ -2,75 +2,87 @@ =head1 NAME -SSL_write - write bytes to a TLS/SSL connection +SSL_write_ex, SSL_write - write bytes to a TLS/SSL connection =head1 SYNOPSIS #include + int SSL_write_ex(SSL *s, const void *buf, size_t num, size_t *written); int SSL_write(SSL *ssl, const void *buf, int num); =head1 DESCRIPTION -SSL_write() writes B bytes from the buffer B into the specified -B connection. +SSL_write_ex() and SSL_write() write B bytes from the buffer B into +the specified B connection. On success SSL_write_ex() will store the number +of bytes written in B<*written>. =head1 NOTES -If necessary, SSL_write() will negotiate a TLS/SSL session, if -not already explicitly performed by L or -L. If the -peer requests a re-negotiation, it will be performed transparently during -the SSL_write() operation. The behaviour of SSL_write() depends on the +In the paragraphs below a "write function" is defined as one of either +SSL_write_ex(), or SSL_write(). + +If necessary, a write function will negotiate a TLS/SSL session, if not already +explicitly performed by L or L. If the peer +requests a re-negotiation, it will be performed transparently during +the write functio operation. The behaviour of the write functions depends on the underlying BIO. For the transparent negotiation to succeed, the B must have been initialized to client or server mode. This is being done by calling L or SSL_set_accept_state() -before the first call to an L or SSL_write() function. +before the first call to a write function. -If the underlying BIO is B, SSL_write() will only return, once the -write operation has been finished or an error occurred, except when a +If the underlying BIO is B, the write functions will only return, once +the write operation has been finished or an error occurred, except when a renegotiation take place, in which case a SSL_ERROR_WANT_READ may occur. This behaviour can be controlled with the SSL_MODE_AUTO_RETRY flag of the L call. -If the underlying BIO is B, SSL_write() will also return, -when the underlying BIO could not satisfy the needs of SSL_write() -to continue the operation. In this case a call to -L with the -return value of SSL_write() will yield B or -B. As at any time a re-negotiation is possible, a -call to SSL_write() can also cause read operations! The calling process -then must repeat the call after taking appropriate action to satisfy the -needs of SSL_write(). The action depends on the underlying BIO. When using a +If the underlying BIO is B the write functions will also return +when the underlying BIO could not satisfy the needs of the function to continue +the operation. In this case a call to L with the +return value of the write function will yield B +or B. As at any time a re-negotiation is possible, a +call to a write function can also cause read operations! The calling process +then must repeat the call after taking appropriate action to satisfy the needs +of the write function. The action depends on the underlying BIO. When using a non-blocking socket, nothing is to be done, but select() can be used to check for the required condition. When using a buffering BIO, like a BIO pair, data must be written into or retrieved out of the BIO before being able to continue. -SSL_write() will only return with success, when the complete contents -of B of length B has been written. This default behaviour -can be changed with the SSL_MODE_ENABLE_PARTIAL_WRITE option of -L. When this flag is set, -SSL_write() will also return with success, when a partial write has been -successfully completed. In this case the SSL_write() operation is considered -completed. The bytes are sent and a new SSL_write() operation with a new -buffer (with the already sent bytes removed) must be started. -A partial write is performed with the size of a message block, which is -16kB for SSLv3/TLSv1. +The write functions will only return with success when the complete contents of +B of length B has been written. This default behaviour can be changed +with the SSL_MODE_ENABLE_PARTIAL_WRITE option of L. When +this flag is set the write functions will also return with success when a +partial write has been successfully completed. In this case the write function +operation is considered completed. The bytes are sent and a new write call with +a new buffer (with the already sent bytes removed) must be started. A partial +write is performed with the size of a message block, which is 16kB. =head1 WARNING -When an SSL_write() operation has to be repeated because of -B or B, it must be repeated +When a write function call has to be repeated because L +returned B or B, it must be repeated with the same arguments. -When calling SSL_write() with num=0 bytes to be sent the behaviour is +When calling the write functions with num=0 bytes to be sent the behaviour is undefined. =head1 RETURN VALUES -The following return values can occur: +SSL_write_ex() will return 1 for success or 0 for failure. Success means that +all requested application data bytes have been written to the SSL connection or, +if SSL_MODE_ENABLE_PARTIAL_WRITE is in use, at least 1 application data byte has +been written to the SSL connection. Failure means that not all the requested +bytes have been written yet (if SSL_MODE_ENABLE_PARTIAL_WRITE is not in use) or +no bytes could be written to the SSL connection (if +SSL_MODE_ENABLE_PARTIAL_WRITE is in use). Failures can be retryable (e.g. the +network write buffer has temporarily filled up) or non-retryable (e.g. a fatal +network error). In the event of a failure call L to find out +the reason which indicates whether the call is retryable or not. + +For SSL_write() the following return values can occur: =over 4 @@ -96,7 +108,7 @@ return value B to find out the reason. =head1 SEE ALSO -L, L, +L, L, L L, L, L, L L, diff --git a/doc/man7/ssl.pod b/doc/man7/ssl.pod index ce163f4..7b5b39e 100644 --- a/doc/man7/ssl.pod +++ b/doc/man7/ssl.pod @@ -28,8 +28,8 @@ connection with the object. Then the TLS/SSL handshake is performed using L or L respectively. -L and L are used -to read and write data on the TLS/SSL connection. +L, L, L and L are +used to read and write data on the TLS/SSL connection. L can be used to shut down the TLS/SSL connection. @@ -792,6 +792,7 @@ L, L, L, L, +L, L, L, L, @@ -803,6 +804,7 @@ L, L, L, L, +L, L, L, L, diff --git a/include/internal/constant_time_locl.h b/include/internal/constant_time_locl.h index d27fb14..be2730e 100644 --- a/include/internal/constant_time_locl.h +++ b/include/internal/constant_time_locl.h @@ -10,6 +10,7 @@ #ifndef HEADER_CONSTANT_TIME_LOCL_H # define HEADER_CONSTANT_TIME_LOCL_H +# include # include /* For 'ossl_inline' */ #ifdef __cplusplus @@ -102,12 +103,22 @@ static ossl_inline unsigned int constant_time_msb(unsigned int a) return 0 - (a >> (sizeof(a) * 8 - 1)); } +static ossl_inline size_t constant_time_msb_s(size_t a) +{ + return 0 - (a >> (sizeof(a) * 8 - 1)); +} + static ossl_inline unsigned int constant_time_lt(unsigned int a, unsigned int b) { return constant_time_msb(a ^ ((a ^ b) | ((a - b) ^ b))); } +static ossl_inline size_t constant_time_lt_s(size_t a, size_t b) +{ + return constant_time_msb_s(a ^ ((a ^ b) | ((a - b) ^ b))); +} + static ossl_inline unsigned char constant_time_lt_8(unsigned int a, unsigned int b) { @@ -120,17 +131,32 @@ static ossl_inline unsigned int constant_time_ge(unsigned int a, return ~constant_time_lt(a, b); } +static ossl_inline size_t constant_time_ge_s(size_t a, size_t b) +{ + return ~constant_time_lt_s(a, b); +} + static ossl_inline unsigned char constant_time_ge_8(unsigned int a, unsigned int b) { return (unsigned char)(constant_time_ge(a, b)); } +static ossl_inline unsigned char constant_time_ge_8_s(size_t a, size_t b) +{ + return (unsigned char)(constant_time_ge_s(a, b)); +} + static ossl_inline unsigned int constant_time_is_zero(unsigned int a) { return constant_time_msb(~a & (a - 1)); } +static ossl_inline size_t constant_time_is_zero_s(size_t a) +{ + return constant_time_msb_s(~a & (a - 1)); +} + static ossl_inline unsigned char constant_time_is_zero_8(unsigned int a) { return (unsigned char)(constant_time_is_zero(a)); @@ -142,12 +168,22 @@ static ossl_inline unsigned int constant_time_eq(unsigned int a, return constant_time_is_zero(a ^ b); } +static ossl_inline size_t constant_time_eq_s(size_t a, size_t b) +{ + return constant_time_is_zero_s(a ^ b); +} + static ossl_inline unsigned char constant_time_eq_8(unsigned int a, unsigned int b) { return (unsigned char)(constant_time_eq(a, b)); } +static ossl_inline unsigned char constant_time_eq_8_s(size_t a, size_t b) +{ + return (unsigned char)(constant_time_eq_s(a, b)); +} + static ossl_inline unsigned int constant_time_eq_int(int a, int b) { return constant_time_eq((unsigned)(a), (unsigned)(b)); @@ -165,6 +201,13 @@ static ossl_inline unsigned int constant_time_select(unsigned int mask, return (mask & a) | (~mask & b); } +static ossl_inline size_t constant_time_select_s(size_t mask, + size_t a, + size_t b) +{ + return (mask & a) | (~mask & b); +} + static ossl_inline unsigned char constant_time_select_8(unsigned char mask, unsigned char a, unsigned char b) @@ -178,6 +221,12 @@ static ossl_inline int constant_time_select_int(unsigned int mask, int a, return (int)(constant_time_select(mask, (unsigned)(a), (unsigned)(b))); } +static ossl_inline int constant_time_select_int_s(size_t mask, int a, int b) +{ + return (int)(constant_time_select((unsigned)mask, (unsigned)(a), + (unsigned)(b))); +} + #ifdef __cplusplus } #endif diff --git a/include/openssl/ssl.h b/include/openssl/ssl.h index 7b40b37..c781323 100644 --- a/include/openssl/ssl.h +++ b/include/openssl/ssl.h @@ -1568,8 +1568,11 @@ __owur int SSL_get_changed_async_fds(SSL *s, OSSL_ASYNC_FD *addfd, __owur int SSL_accept(SSL *ssl); __owur int SSL_connect(SSL *ssl); __owur int SSL_read(SSL *ssl, void *buf, int num); +__owur int SSL_read_ex(SSL *ssl, void *buf, size_t num, size_t *read); __owur int SSL_peek(SSL *ssl, void *buf, int num); +__owur int SSL_peek_ex(SSL *ssl, void *buf, size_t num, size_t *read); __owur int SSL_write(SSL *ssl, const void *buf, int num); +__owur int SSL_write_ex(SSL *s, const void *buf, size_t num, size_t *written); long SSL_ctrl(SSL *ssl, int cmd, long larg, void *parg); long SSL_callback_ctrl(SSL *, int, void (*)(void)); long SSL_CTX_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg); @@ -2179,7 +2182,9 @@ int ERR_load_SSL_strings(void); # define SSL_F_SSL_PARSE_SERVERHELLO_TLSEXT 303 # define SSL_F_SSL_PARSE_SERVERHELLO_USE_SRTP_EXT 311 # define SSL_F_SSL_PEEK 270 +# define SSL_F_SSL_PEEK_EX 432 # define SSL_F_SSL_READ 223 +# define SSL_F_SSL_READ_EX 434 # define SSL_F_SSL_SCAN_CLIENTHELLO_TLSEXT 320 # define SSL_F_SSL_SCAN_SERVERHELLO_TLSEXT 321 # define SSL_F_SSL_SESSION_DUP 348 @@ -2216,6 +2221,7 @@ int ERR_load_SSL_strings(void); # define SSL_F_SSL_VALIDATE_CT 400 # define SSL_F_SSL_VERIFY_CERT_CHAIN 207 # define SSL_F_SSL_WRITE 208 +# define SSL_F_SSL_WRITE_EX 433 # define SSL_F_STATE_MACHINE 353 # define SSL_F_TLS12_CHECK_PEER_SIGALG 333 # define SSL_F_TLS1_CHANGE_CIPHER_STATE 209 diff --git a/ssl/bio_ssl.c b/ssl/bio_ssl.c index d64451c..e48b90f 100644 --- a/ssl/bio_ssl.c +++ b/ssl/bio_ssl.c @@ -28,7 +28,7 @@ typedef struct bio_ssl_st { /* re-negotiate every time the total number of bytes is this size */ int num_renegotiates; unsigned long renegotiate_count; - unsigned long byte_count; + size_t byte_count; unsigned long renegotiate_timeout; unsigned long last_time; } BIO_SSL; @@ -103,17 +103,10 @@ static int ssl_read(BIO *b, char *buf, size_t size, size_t *readbytes) BIO_clear_retry_flags(b); - if (size > INT_MAX) - size = INT_MAX; - - ret = SSL_read(ssl, buf, size); - if (ret > 0) - *readbytes = ret; + ret = SSL_read_ex(ssl, buf, size, readbytes); switch (SSL_get_error(ssl, ret)) { case SSL_ERROR_NONE: - if (ret <= 0) - break; if (sb->renegotiate_count > 0) { sb->byte_count += *readbytes; if (sb->byte_count > sb->renegotiate_count) { @@ -179,17 +172,12 @@ static int ssl_write(BIO *b, const char *buf, size_t size, size_t *written) BIO_clear_retry_flags(b); - if (size > INT_MAX) - size = INT_MAX; - - ret = SSL_write(ssl, buf, size); + ret = SSL_write_ex(ssl, buf, size, written); switch (SSL_get_error(ssl, ret)) { case SSL_ERROR_NONE: - if (ret <= 0) - break; if (bs->renegotiate_count > 0) { - bs->byte_count += ret; + bs->byte_count += *written; if (bs->byte_count > bs->renegotiate_count) { bs->byte_count = 0; bs->num_renegotiates++; @@ -229,11 +217,6 @@ static int ssl_write(BIO *b, const char *buf, size_t size, size_t *written) BIO_set_retry_reason(b, retry_reason); - if (ret > 0) { - *written = ret; - ret = 1; - } - return ret; } diff --git a/ssl/d1_lib.c b/ssl/d1_lib.c index e7a6650..ffc6322 100644 --- a/ssl/d1_lib.c +++ b/ssl/d1_lib.c @@ -23,10 +23,10 @@ static void get_current_time(struct timeval *t); static int dtls1_handshake_write(SSL *s); -static unsigned int dtls1_link_min_mtu(void); +static size_t dtls1_link_min_mtu(void); /* XDTLS: figure out the right values */ -static const unsigned int g_probable_mtu[] = { 1500, 512, 256 }; +static const size_t g_probable_mtu[] = { 1500, 512, 256 }; const SSL3_ENC_METHOD DTLSv1_enc_data = { tls1_enc, @@ -35,13 +35,11 @@ const SSL3_ENC_METHOD DTLSv1_enc_data = { tls1_generate_master_secret, tls1_change_cipher_state, tls1_final_finish_mac, - TLS1_FINISH_MAC_LENGTH, TLS_MD_CLIENT_FINISH_CONST, TLS_MD_CLIENT_FINISH_CONST_SIZE, TLS_MD_SERVER_FINISH_CONST, TLS_MD_SERVER_FINISH_CONST_SIZE, tls1_alert_code, tls1_export_keying_material, SSL_ENC_FLAG_DTLS | SSL_ENC_FLAG_EXPLICIT_IV, - DTLS1_HM_HEADER_LENGTH, dtls1_set_handshake_header, dtls1_close_construct_packet, dtls1_handshake_write @@ -54,14 +52,12 @@ const SSL3_ENC_METHOD DTLSv1_2_enc_data = { tls1_generate_master_secret, tls1_change_cipher_state, tls1_final_finish_mac, - TLS1_FINISH_MAC_LENGTH, TLS_MD_CLIENT_FINISH_CONST, TLS_MD_CLIENT_FINISH_CONST_SIZE, TLS_MD_SERVER_FINISH_CONST, TLS_MD_SERVER_FINISH_CONST_SIZE, tls1_alert_code, tls1_export_keying_material, SSL_ENC_FLAG_DTLS | SSL_ENC_FLAG_EXPLICIT_IV | SSL_ENC_FLAG_SIGALGS | SSL_ENC_FLAG_SHA256_PRF | SSL_ENC_FLAG_TLS1_2_CIPHERS, - DTLS1_HM_HEADER_LENGTH, dtls1_set_handshake_header, dtls1_close_construct_packet, dtls1_handshake_write @@ -164,8 +160,8 @@ void dtls1_clear(SSL *s) { pqueue *buffered_messages; pqueue *sent_messages; - unsigned int mtu; - unsigned int link_mtu; + size_t mtu; + size_t link_mtu; DTLS_RECORD_LAYER_clear(&s->rlayer); @@ -344,7 +340,7 @@ void dtls1_stop_timer(SSL *s) int dtls1_check_timeout_num(SSL *s) { - unsigned int mtu; + size_t mtu; s->d1->timeout.num_alerts++; @@ -435,7 +431,7 @@ int DTLSv1_listen(SSL *s, BIO_ADDR *client) unsigned char seq[SEQ_NUM_SIZE]; const unsigned char *data; unsigned char *buf; - unsigned long fragoff, fraglen, msglen; + size_t fragoff, fraglen, msglen; unsigned int rectype, versmajor, msgseq, msgtype, clientvers, cookielen; BIO *rbio, *wbio; BUF_MEM *bufm; @@ -583,10 +579,10 @@ int DTLSv1_listen(SSL *s, BIO_ADDR *client) /* Finished processing the record header, now process the message */ if (!PACKET_get_1(&msgpkt, &msgtype) - || !PACKET_get_net_3(&msgpkt, &msglen) + || !PACKET_get_net_3_len(&msgpkt, &msglen) || !PACKET_get_net_2(&msgpkt, &msgseq) - || !PACKET_get_net_3(&msgpkt, &fragoff) - || !PACKET_get_net_3(&msgpkt, &fraglen) + || !PACKET_get_net_3_len(&msgpkt, &fragoff) + || !PACKET_get_net_3_len(&msgpkt, &fraglen) || !PACKET_get_sub_packet(&msgpkt, &msgpayload, fraglen) || PACKET_remaining(&msgpkt) != 0) { SSLerr(SSL_F_DTLSV1_LISTEN, SSL_R_LENGTH_MISMATCH); @@ -663,8 +659,7 @@ int DTLSv1_listen(SSL *s, BIO_ADDR *client) return -1; } if (s->ctx->app_verify_cookie_cb(s, PACKET_data(&cookiepkt), - PACKET_remaining(&cookiepkt)) == - 0) { + (unsigned int)PACKET_remaining(&cookiepkt)) == 0) { /* * We treat invalid cookies in the same was as no cookie as * per RFC6347 @@ -795,6 +790,7 @@ int DTLSv1_listen(SSL *s, BIO_ADDR *client) BIO_ADDR_free(tmpclient); tmpclient = NULL; + /* TODO(size_t): convert this call */ if (BIO_write(wbio, buf, wreclen) < (int)wreclen) { if (BIO_should_retry(wbio)) { /* @@ -872,12 +868,13 @@ static int dtls1_handshake_write(SSL *s) # define HEARTBEAT_SIZE_STD(payload) HEARTBEAT_SIZE(payload, 16) -int dtls1_process_heartbeat(SSL *s, unsigned char *p, unsigned int length) +int dtls1_process_heartbeat(SSL *s, unsigned char *p, size_t length) { unsigned char *pl; unsigned short hbtype; unsigned int payload; unsigned int padding = 16; /* Use minimum padding */ + size_t written; if (s->msg_callback) s->msg_callback(0, s->version, DTLS1_RT_HEARTBEAT, @@ -897,7 +894,7 @@ int dtls1_process_heartbeat(SSL *s, unsigned char *p, unsigned int length) if (hbtype == TLS1_HB_REQUEST) { unsigned char *buffer, *bp; - unsigned int write_length = HEARTBEAT_SIZE(payload, padding); + size_t write_length = HEARTBEAT_SIZE(payload, padding); int r; if (write_length > SSL3_RT_MAX_PLAIN_LENGTH) @@ -920,16 +917,17 @@ int dtls1_process_heartbeat(SSL *s, unsigned char *p, unsigned int length) return -1; } - r = dtls1_write_bytes(s, DTLS1_RT_HEARTBEAT, buffer, write_length); + r = dtls1_write_bytes(s, DTLS1_RT_HEARTBEAT, buffer, write_length, + &written); - if (r >= 0 && s->msg_callback) + if (r > 0 && s->msg_callback) s->msg_callback(1, s->version, DTLS1_RT_HEARTBEAT, buffer, write_length, s, s->msg_callback_arg); OPENSSL_free(buffer); - if (r < 0) - return r; + if (r <= 0) + return -1; } else if (hbtype == TLS1_HB_RESPONSE) { unsigned int seq; @@ -953,9 +951,9 @@ int dtls1_heartbeat(SSL *s) { unsigned char *buf, *p; int ret = -1; - unsigned int payload = 18; /* Sequence number + random bytes */ - unsigned int padding = 16; /* Use minimum padding */ - unsigned int size; + size_t payload = 18; /* Sequence number + random bytes */ + size_t padding = 16; /* Use minimum padding */ + size_t size, written; /* Only send if peer supports and accepts HB requests... */ if (!(s->tlsext_heartbeat & SSL_DTLSEXT_HB_ENABLED) || @@ -1006,8 +1004,8 @@ int dtls1_heartbeat(SSL *s) goto err; } - ret = dtls1_write_bytes(s, DTLS1_RT_HEARTBEAT, buf, size); - if (ret >= 0) { + ret = dtls1_write_bytes(s, DTLS1_RT_HEARTBEAT, buf, size, &written); + if (ret > 0) { if (s->msg_callback) s->msg_callback(1, s->version, DTLS1_RT_HEARTBEAT, buf, size, s, s->msg_callback_arg); @@ -1070,7 +1068,7 @@ int dtls1_query_mtu(SSL *s) /* Set to min mtu */ s->d1->mtu = dtls1_min_mtu(s); BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_SET_MTU, - s->d1->mtu, NULL); + (long)s->d1->mtu, NULL); } } else return 0; @@ -1078,13 +1076,13 @@ int dtls1_query_mtu(SSL *s) return 1; } -static unsigned int dtls1_link_min_mtu(void) +static size_t dtls1_link_min_mtu(void) { return (g_probable_mtu[(sizeof(g_probable_mtu) / sizeof(g_probable_mtu[0])) - 1]); } -unsigned int dtls1_min_mtu(SSL *s) +size_t dtls1_min_mtu(SSL *s) { return dtls1_link_min_mtu() - BIO_dgram_get_mtu_overhead(SSL_get_wbio(s)); } diff --git a/ssl/d1_msg.c b/ssl/d1_msg.c index ae7aff6..ac6d284 100644 --- a/ssl/d1_msg.c +++ b/ssl/d1_msg.c @@ -10,7 +10,8 @@ #define USE_SOCKETS #include "ssl_locl.h" -int dtls1_write_app_data_bytes(SSL *s, int type, const void *buf_, int len) +int dtls1_write_app_data_bytes(SSL *s, int type, const void *buf_, size_t len, + size_t *written) { int i; @@ -41,8 +42,7 @@ int dtls1_write_app_data_bytes(SSL *s, int type, const void *buf_, int len) return -1; } - i = dtls1_write_bytes(s, type, buf_, len); - return i; + return dtls1_write_bytes(s, type, buf_, len, written); } int dtls1_dispatch_alert(SSL *s) @@ -51,6 +51,7 @@ int dtls1_dispatch_alert(SSL *s) void (*cb) (const SSL *ssl, int type, int val) = NULL; unsigned char buf[DTLS1_AL_HEADER_LENGTH]; unsigned char *ptr = &buf[0]; + size_t written; s->s3->alert_dispatch = 0; @@ -65,7 +66,7 @@ int dtls1_dispatch_alert(SSL *s) } #endif - i = do_dtls1_write(s, SSL3_RT_ALERT, &buf[0], sizeof(buf), 0); + i = do_dtls1_write(s, SSL3_RT_ALERT, &buf[0], sizeof(buf), 0, &written); if (i <= 0) { s->s3->alert_dispatch = 1; /* fprintf( stderr, "not done with alert\n" ); */ @@ -91,5 +92,5 @@ int dtls1_dispatch_alert(SSL *s) cb(s, SSL_CB_WRITE_ALERT, j); } } - return (i); + return i; } diff --git a/ssl/d1_srtp.c b/ssl/d1_srtp.c index bcefb9e..718f417 100644 --- a/ssl/d1_srtp.c +++ b/ssl/d1_srtp.c @@ -40,7 +40,7 @@ static SRTP_PROTECTION_PROFILE srtp_known_profiles[] = { }; static int find_profile_by_name(char *profile_name, - SRTP_PROTECTION_PROFILE **pptr, unsigned len) + SRTP_PROTECTION_PROFILE **pptr, size_t len) { SRTP_PROTECTION_PROFILE *p; @@ -76,7 +76,8 @@ static int ssl_ctx_make_profiles(const char *profiles_string, do { col = strchr(ptr, ':'); - if (!find_profile_by_name(ptr, &p, col ? col - ptr : (int)strlen(ptr))) { + if (!find_profile_by_name(ptr, &p, col ? (size_t)(col - ptr) + : strlen(ptr))) { if (sk_SRTP_PROTECTION_PROFILE_find(profiles, p) >= 0) { SSLerr(SSL_F_SSL_CTX_MAKE_PROFILES, SSL_R_BAD_SRTP_PROTECTION_PROFILE_LIST); diff --git a/ssl/packet_locl.h b/ssl/packet_locl.h index cee1400..94933c1 100644 --- a/ssl/packet_locl.h +++ b/ssl/packet_locl.h @@ -160,6 +160,18 @@ __owur static ossl_inline int PACKET_get_net_2(PACKET *pkt, unsigned int *data) return 1; } +/* Same as PACKET_get_net_2() but for a size_t */ +__owur static ossl_inline int PACKET_get_net_2_len(PACKET *pkt, size_t *data) +{ + unsigned int i; + int ret = PACKET_get_net_2(pkt, &i); + + if (ret) + *data = (size_t)i; + + return ret; +} + /* * Peek ahead at 3 bytes in network order from |pkt| and store the value in * |*data| @@ -189,6 +201,18 @@ __owur static ossl_inline int PACKET_get_net_3(PACKET *pkt, unsigned long *data) return 1; } +/* Same as PACKET_get_net_3() but for a size_t */ +__owur static ossl_inline int PACKET_get_net_3_len(PACKET *pkt, size_t *data) +{ + unsigned long i; + int ret = PACKET_get_net_3(pkt, &i); + + if (ret) + *data = (size_t)i; + + return ret; +} + /* * Peek ahead at 4 bytes in network order from |pkt| and store the value in * |*data| @@ -219,6 +243,18 @@ __owur static ossl_inline int PACKET_get_net_4(PACKET *pkt, unsigned long *data) return 1; } +/* Same as PACKET_get_net_4() but for a size_t */ +__owur static ossl_inline int PACKET_get_net_4_len(PACKET *pkt, size_t *data) +{ + unsigned long i; + int ret = PACKET_get_net_4(pkt, &i); + + if (ret) + *data = (size_t)i; + + return ret; +} + /* Peek ahead at 1 byte from |pkt| and store the value in |*data| */ __owur static ossl_inline int PACKET_peek_1(const PACKET *pkt, unsigned int *data) @@ -242,6 +278,18 @@ __owur static ossl_inline int PACKET_get_1(PACKET *pkt, unsigned int *data) return 1; } +/* Same as PACKET_get_1() but for a size_t */ +__owur static ossl_inline int PACKET_get_1_len(PACKET *pkt, size_t *data) +{ + unsigned int i; + int ret = PACKET_get_1(pkt, &i); + + if (ret) + *data = (size_t)i; + + return ret; +} + /* * Peek ahead at 4 bytes in reverse network order from |pkt| and store the value * in |*data| diff --git a/ssl/pqueue.c b/ssl/pqueue.c index b447e1d..7e0ced9 100644 --- a/ssl/pqueue.c +++ b/ssl/pqueue.c @@ -141,10 +141,10 @@ pitem *pqueue_next(pitem **item) return ret; } -int pqueue_size(pqueue *pq) +size_t pqueue_size(pqueue *pq) { pitem *item = pq->items; - int count = 0; + size_t count = 0; while (item != NULL) { count++; diff --git a/ssl/record/rec_layer_d1.c b/ssl/record/rec_layer_d1.c index c9fd066..d2bb678 100644 --- a/ssl/record/rec_layer_d1.c +++ b/ssl/record/rec_layer_d1.c @@ -118,8 +118,8 @@ void DTLS_RECORD_LAYER_set_write_sequence(RECORD_LAYER *rl, unsigned char *seq) memcpy(rl->write_sequence, seq, SEQ_NUM_SIZE); } -static int have_handshake_fragment(SSL *s, int type, unsigned char *buf, - int len); +static size_t have_handshake_fragment(SSL *s, int type, unsigned char *buf, + size_t len); /* copy buffered record into SSL structure */ static int dtls1_copy_record(SSL *s, pitem *item) @@ -336,10 +336,10 @@ int dtls1_process_buffered_records(SSL *s) * none of our business */ int dtls1_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf, - int len, int peek) + size_t len, int peek, size_t *readbytes) { - int al, i, j, ret; - unsigned int n; + int al, i, j, iret; + size_t ret, n; SSL3_RECORD *rr; void (*cb) (const SSL *ssl, int type2, int val) = NULL; @@ -359,9 +359,11 @@ int dtls1_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf, /* * check whether there's a handshake message (client hello?) waiting */ - if ((ret = have_handshake_fragment(s, type, buf, len))) { + ret = have_handshake_fragment(s, type, buf, len); + if (ret > 0) { *recvd_type = SSL3_RT_HANDSHAKE; - return ret; + *readbytes = ret; + return 1; } /* @@ -385,10 +387,10 @@ int dtls1_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf, /* type == SSL3_RT_APPLICATION_DATA */ i = s->handshake_func(s); if (i < 0) - return (i); + return i; if (i == 0) { SSLerr(SSL_F_DTLS1_READ_BYTES, SSL_R_SSL_HANDSHAKE_FAILURE); - return (-1); + return -1; } } @@ -434,12 +436,12 @@ int dtls1_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf, /* get new packet if necessary */ if ((SSL3_RECORD_get_length(rr) == 0) || (s->rlayer.rstate == SSL_ST_READ_BODY)) { - ret = dtls1_get_record(s); - if (ret <= 0) { - ret = dtls1_read_failed(s, ret); + iret = dtls1_get_record(s); + if (iret <= 0) { + iret = dtls1_read_failed(s, iret); /* anything other than a timeout is an error */ - if (ret <= 0) - return (ret); + if (iret <= 0) + return iret; else goto start; } @@ -479,7 +481,7 @@ int dtls1_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf, if (s->shutdown & SSL_RECEIVED_SHUTDOWN) { SSL3_RECORD_set_length(rr, 0); s->rwstate = SSL_NOTHING; - return (0); + return 0; } if (type == SSL3_RECORD_get_type(rr) @@ -504,13 +506,13 @@ int dtls1_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf, if (recvd_type != NULL) *recvd_type = SSL3_RECORD_get_type(rr); - if (len <= 0) - return (len); + if (len == 0) + return 0; - if ((unsigned int)len > SSL3_RECORD_get_length(rr)) + if (len > SSL3_RECORD_get_length(rr)) n = SSL3_RECORD_get_length(rr); else - n = (unsigned int)len; + n = len; memcpy(buf, &(SSL3_RECORD_get_data(rr)[SSL3_RECORD_get_off(rr)]), n); if (!peek) { @@ -543,10 +545,11 @@ int dtls1_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf, s->d1->shutdown_received && !BIO_dgram_sctp_msg_waiting(SSL_get_rbio(s))) { s->shutdown |= SSL_RECEIVED_SHUTDOWN; - return (0); + return 0; } #endif - return (n); + *readbytes = n; + return 1; } /* @@ -559,9 +562,9 @@ int dtls1_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf, * that so that we can process the data at a fixed place. */ { - unsigned int k, dest_maxlen = 0; + size_t k, dest_maxlen = 0; unsigned char *dest = NULL; - unsigned int *dest_len = NULL; + size_t *dest_len = NULL; if (SSL3_RECORD_get_type(rr) == SSL3_RT_HANDSHAKE) { dest_maxlen = sizeof s->rlayer.d->handshake_fragment; @@ -584,7 +587,7 @@ int dtls1_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf, s->rwstate = SSL_READING; BIO_clear_retry_flags(SSL_get_rbio(s)); BIO_set_retry_read(SSL_get_rbio(s)); - return (-1); + return -1; } #endif /* else it's a CCS message, or application data or wrong */ @@ -600,7 +603,7 @@ int dtls1_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf, s->rwstate = SSL_READING; BIO_clear_retry_flags(bio); BIO_set_retry_read(bio); - return (-1); + return -1; } /* Not certain if this is the right error handling */ @@ -677,10 +680,10 @@ int dtls1_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf, if (ssl3_renegotiate_check(s)) { i = s->handshake_func(s); if (i < 0) - return (i); + return i; if (i == 0) { SSLerr(SSL_F_DTLS1_READ_BYTES, SSL_R_SSL_HANDSHAKE_FAILURE); - return (-1); + return -1; } if (!(s->mode & SSL_MODE_AUTO_RETRY)) { @@ -697,7 +700,7 @@ int dtls1_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf, bio = SSL_get_rbio(s); BIO_clear_retry_flags(bio); BIO_set_retry_read(bio); - return (-1); + return -1; } } } @@ -757,7 +760,7 @@ int dtls1_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf, } #endif s->shutdown |= SSL_RECEIVED_SHUTDOWN; - return (0); + return 0; } #if 0 /* XXX: this is a possible improvement in the future */ @@ -797,7 +800,7 @@ int dtls1_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf, ERR_add_error_data(2, "SSL alert number ", tmp); s->shutdown |= SSL_RECEIVED_SHUTDOWN; SSL_CTX_remove_session(s->session_ctx, s->session); - return (0); + return 0; } else { al = SSL_AD_ILLEGAL_PARAMETER; SSLerr(SSL_F_DTLS1_READ_BYTES, SSL_R_UNKNOWN_ALERT_TYPE); @@ -811,7 +814,7 @@ int dtls1_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf, * shutdown */ s->rwstate = SSL_NOTHING; SSL3_RECORD_set_length(rr, 0); - return (0); + return 0; } if (SSL3_RECORD_get_type(rr) == SSL3_RT_CHANGE_CIPHER_SPEC) { @@ -858,10 +861,10 @@ int dtls1_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf, } i = s->handshake_func(s); if (i < 0) - return (i); + return i; if (i == 0) { SSLerr(SSL_F_DTLS1_READ_BYTES, SSL_R_SSL_HANDSHAKE_FAILURE); - return (-1); + return -1; } if (!(s->mode & SSL_MODE_AUTO_RETRY)) { @@ -878,7 +881,7 @@ int dtls1_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf, bio = SSL_get_rbio(s); BIO_clear_retry_flags(bio); BIO_set_retry_read(bio); - return (-1); + return -1; } } goto start; @@ -917,7 +920,7 @@ int dtls1_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf, (s->s3->total_renegotiations != 0) && ossl_statem_app_data_allowed(s)) { s->s3->in_read_app_data = 2; - return (-1); + return -1; } else { al = SSL_AD_UNEXPECTED_MESSAGE; SSLerr(SSL_F_DTLS1_READ_BYTES, SSL_R_UNEXPECTED_RECORD); @@ -928,15 +931,15 @@ int dtls1_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf, f_err: ssl3_send_alert(s, SSL3_AL_FATAL, al); - return (-1); + return -1; } - /* - * this only happens when a client hello is received and a handshake - * is started. - */ -static int have_handshake_fragment(SSL *s, int type, unsigned char *buf, - int len) +/* + * this only happens when a client hello is received and a handshake + * is started. + */ +static size_t have_handshake_fragment(SSL *s, int type, unsigned char *buf, + size_t len) { if ((type == SSL3_RT_HANDSHAKE) @@ -945,7 +948,7 @@ static int have_handshake_fragment(SSL *s, int type, unsigned char *buf, { unsigned char *src = s->rlayer.d->handshake_fragment; unsigned char *dst = buf; - unsigned int k, n; + size_t k, n; /* peek == 0 */ n = 0; @@ -968,22 +971,23 @@ static int have_handshake_fragment(SSL *s, int type, unsigned char *buf, * Call this to write data in records of type 'type' It will return <= 0 if * not all data has been sent or non-blocking IO. */ -int dtls1_write_bytes(SSL *s, int type, const void *buf, int len) +int dtls1_write_bytes(SSL *s, int type, const void *buf, size_t len, + size_t *written) { int i; OPENSSL_assert(len <= SSL3_RT_MAX_PLAIN_LENGTH); s->rwstate = SSL_NOTHING; - i = do_dtls1_write(s, type, buf, len, 0); + i = do_dtls1_write(s, type, buf, len, 0, written); return i; } int do_dtls1_write(SSL *s, int type, const unsigned char *buf, - unsigned int len, int create_empty_fragment) + size_t len, int create_empty_fragment, size_t *written) { unsigned char *p, *pseq; int i, mac_size, clear = 0; - int prefix_len = 0; + size_t prefix_len = 0; int eivlen; SSL3_RECORD wr; SSL3_BUFFER *wb; @@ -997,14 +1001,14 @@ int do_dtls1_write(SSL *s, int type, const unsigned char *buf, */ if (SSL3_BUFFER_get_left(wb) != 0) { OPENSSL_assert(0); /* XDTLS: want to see if we ever get here */ - return (ssl3_write_pending(s, type, buf, len)); + return ssl3_write_pending(s, type, buf, len, written); } /* If we have an alert to send, lets send it */ if (s->s3->alert_dispatch) { i = s->method->ssl_dispatch_alert(s); if (i <= 0) - return (i); + return i; /* if it went, fall through and send more stuff */ } @@ -1069,7 +1073,7 @@ int do_dtls1_write(SSL *s, int type, const unsigned char *buf, /* lets setup the record stuff. */ SSL3_RECORD_set_data(&wr, p + eivlen); /* make room for IV in case of CBC */ - SSL3_RECORD_set_length(&wr, (int)len); + SSL3_RECORD_set_length(&wr, len); SSL3_RECORD_set_input(&wr, (unsigned char *)buf); /* @@ -1095,9 +1099,9 @@ int do_dtls1_write(SSL *s, int type, const unsigned char *buf, */ if (!SSL_USE_ETM(s) && mac_size != 0) { - if (s->method->ssl3_enc->mac(s, &wr, - &(p[SSL3_RECORD_get_length(&wr) + eivlen]), - 1) < 0) + if (!s->method->ssl3_enc->mac(s, &wr, + &(p[SSL3_RECORD_get_length(&wr) + eivlen]), + 1)) goto err; SSL3_RECORD_add_length(&wr, mac_size); } @@ -1113,9 +1117,8 @@ int do_dtls1_write(SSL *s, int type, const unsigned char *buf, goto err; if (SSL_USE_ETM(s) && mac_size != 0) { - if (s->method->ssl3_enc->mac(s, &wr, - &(p[SSL3_RECORD_get_length(&wr)]), - 1) < 0) + if (!s->method->ssl3_enc->mac(s, &wr, + &(p[SSL3_RECORD_get_length(&wr)]), 1)) goto err; SSL3_RECORD_add_length(&wr, mac_size); } @@ -1157,7 +1160,8 @@ int do_dtls1_write(SSL *s, int type, const unsigned char *buf, * we are in a recursive call; just return the length, don't write * out anything here */ - return wr.length; + *written = wr.length; + return 1; } /* now let's set up wb */ @@ -1174,7 +1178,7 @@ int do_dtls1_write(SSL *s, int type, const unsigned char *buf, s->rlayer.wpend_ret = len; /* we now just need to write the buffer */ - return ssl3_write_pending(s, type, buf, len); + return ssl3_write_pending(s, type, buf, len, written); err: return -1; } diff --git a/ssl/record/rec_layer_s3.c b/ssl/record/rec_layer_s3.c index 28de7c3..779a29f 100644 --- a/ssl/record/rec_layer_s3.c +++ b/ssl/record/rec_layer_s3.c @@ -95,7 +95,8 @@ int RECORD_LAYER_write_pending(const RECORD_LAYER *rl) && SSL3_BUFFER_get_left(&rl->wbuf[rl->numwpipes - 1]) != 0; } -int RECORD_LAYER_set_data(RECORD_LAYER *rl, const unsigned char *buf, int len) +int RECORD_LAYER_set_data(RECORD_LAYER *rl, const unsigned char *buf, + size_t len) { rl->packet_length = len; if (len != 0) { @@ -121,10 +122,9 @@ void RECORD_LAYER_reset_write_sequence(RECORD_LAYER *rl) memset(rl->write_sequence, 0, sizeof(rl->write_sequence)); } -int ssl3_pending(const SSL *s) +size_t ssl3_pending(const SSL *s) { - unsigned int i; - int num = 0; + size_t i, num = 0; if (s->rlayer.rstate == SSL_ST_READ_BODY) return 0; @@ -179,11 +179,12 @@ const char *SSL_rstate_string(const SSL *s) /* * Return values are as per SSL_read(), i.e. - * >0 The number of read bytes + * 1 Success * 0 Failure (not retryable) * <0 Failure (may be retryable) */ -int ssl3_read_n(SSL *s, int n, int max, int extend, int clearold) +int ssl3_read_n(SSL *s, size_t n, size_t max, int extend, int clearold, + size_t *readbytes) { /* * If extend == 0, obtain new n-byte packet; if extend == 1, increase @@ -194,13 +195,12 @@ int ssl3_read_n(SSL *s, int n, int max, int extend, int clearold) * if clearold == 1, move the packet to the start of the buffer; if * clearold == 0 then leave any old packets where they were */ - int i, len, left; - size_t align = 0; + size_t len, left, align = 0; unsigned char *pkt; SSL3_BUFFER *rb; - if (n <= 0) - return n; + if (n == 0) + return 0; rb = &s->rlayer.rbuf; if (rb->buf == NULL) @@ -270,12 +270,13 @@ int ssl3_read_n(SSL *s, int n, int max, int extend, int clearold) s->rlayer.packet_length += n; rb->left = left - n; rb->offset += n; - return (n); + *readbytes = n; + return 1; } /* else we need to read more data */ - if (n > (int)(rb->len - rb->offset)) { /* does not happen */ + if (n > rb->len - rb->offset) { /* does not happen */ SSLerr(SSL_F_SSL3_READ_N, ERR_R_INTERNAL_ERROR); return -1; } @@ -287,11 +288,14 @@ int ssl3_read_n(SSL *s, int n, int max, int extend, int clearold) else { if (max < n) max = n; - if (max > (int)(rb->len - rb->offset)) + if (max > rb->len - rb->offset) max = rb->len - rb->offset; } while (left < n) { + size_t bioread = 0; + int ret; + /* * Now we have len+left bytes at the front of s->s3->rbuf.buf and * need to read in more until we have len+n (up to len+max if @@ -301,20 +305,23 @@ int ssl3_read_n(SSL *s, int n, int max, int extend, int clearold) clear_sys_error(); if (s->rbio != NULL) { s->rwstate = SSL_READING; - i = BIO_read(s->rbio, pkt + len + left, max - left); + /* TODO(size_t): Convert this function */ + ret = BIO_read(s->rbio, pkt + len + left, max - left); + if (ret >= 0) + bioread = ret; } else { SSLerr(SSL_F_SSL3_READ_N, SSL_R_READ_BIO_NOT_SET); - i = -1; + ret = -1; } - if (i <= 0) { + if (ret <= 0) { rb->left = left; if (s->mode & SSL_MODE_RELEASE_BUFFERS && !SSL_IS_DTLS(s)) if (len + left == 0) ssl3_release_read_buffer(s); return -1; } - left += i; + left += bioread; /* * reads should *never* span multiple packets for DTLS because the * underlying transport protocol is message oriented as opposed to @@ -331,29 +338,26 @@ int ssl3_read_n(SSL *s, int n, int max, int extend, int clearold) rb->left = left - n; s->rlayer.packet_length += n; s->rwstate = SSL_NOTHING; - return (n); + *readbytes = n; + return 1; } /* * Call this to write data in records of type 'type' It will return <= 0 if * not all data has been sent or non-blocking IO. */ -int ssl3_write_bytes(SSL *s, int type, const void *buf_, int len) +int ssl3_write_bytes(SSL *s, int type, const void *buf_, size_t len, + size_t *written) { const unsigned char *buf = buf_; - int tot; - unsigned int n, split_send_fragment, maxpipes; + size_t tot; + size_t n, split_send_fragment, maxpipes; #if !defined(OPENSSL_NO_MULTIBLOCK) && EVP_CIPH_FLAG_TLS1_1_MULTIBLOCK - unsigned int max_send_fragment, nw; - unsigned int u_len = (unsigned int)len; + size_t max_send_fragment, nw; #endif SSL3_BUFFER *wb = &s->rlayer.wbuf[0]; int i; - - if (len < 0) { - SSLerr(SSL_F_SSL3_WRITE_BYTES, SSL_R_SSL_NEGATIVE_LENGTH); - return -1; - } + size_t tmpwrit; s->rwstate = SSL_NOTHING; tot = s->rlayer.wnum; @@ -366,7 +370,7 @@ int ssl3_write_bytes(SSL *s, int type, const void *buf_, int len) * promptly send beyond the end of the users buffer ... so we trap and * report the error in a way the user will notice */ - if ((unsigned int)len < s->rlayer.wnum) { + if (len < s->rlayer.wnum) { SSLerr(SSL_F_SSL3_WRITE_BYTES, SSL_R_BAD_LENGTH); return -1; } @@ -376,7 +380,7 @@ int ssl3_write_bytes(SSL *s, int type, const void *buf_, int len) if (SSL_in_init(s) && !ossl_statem_get_in_handshake(s)) { i = s->handshake_func(s); if (i < 0) - return (i); + return i; if (i == 0) { SSLerr(SSL_F_SSL3_WRITE_BYTES, SSL_R_SSL_HANDSHAKE_FAILURE); return -1; @@ -388,13 +392,14 @@ int ssl3_write_bytes(SSL *s, int type, const void *buf_, int len) * will happen with non blocking IO */ if (wb->left != 0) { - i = ssl3_write_pending(s, type, &buf[tot], s->rlayer.wpend_tot); + i = ssl3_write_pending(s, type, &buf[tot], s->rlayer.wpend_tot, + &tmpwrit); if (i <= 0) { /* XXX should we ssl3_release_write_buffer if i<0? */ s->rlayer.wnum = tot; return i; } - tot += i; /* this might be last fragment */ + tot += tmpwrit; /* this might be last fragment */ } #if !defined(OPENSSL_NO_MULTIBLOCK) && EVP_CIPH_FLAG_TLS1_1_MULTIBLOCK /* @@ -404,14 +409,15 @@ int ssl3_write_bytes(SSL *s, int type, const void *buf_, int len) * compromise is considered worthy. */ if (type == SSL3_RT_APPLICATION_DATA && - u_len >= 4 * (max_send_fragment = s->max_send_fragment) && + len >= 4 * (max_send_fragment = s->max_send_fragment) && s->compress == NULL && s->msg_callback == NULL && !SSL_USE_ETM(s) && SSL_USE_EXPLICIT_IV(s) && EVP_CIPHER_flags(EVP_CIPHER_CTX_cipher(s->enc_write_ctx)) & EVP_CIPH_FLAG_TLS1_1_MULTIBLOCK) { unsigned char aad[13]; EVP_CTRL_TLS1_1_MULTIBLOCK_PARAM mb_param; - int packlen; + size_t packlen; + int packleni; /* minimize address aliasing conflicts */ if ((max_send_fragment & 0xfff) == 0) @@ -422,9 +428,9 @@ int ssl3_write_bytes(SSL *s, int type, const void *buf_, int len) packlen = EVP_CIPHER_CTX_ctrl(s->enc_write_ctx, EVP_CTRL_TLS1_1_MULTIBLOCK_MAX_BUFSIZE, - max_send_fragment, NULL); + (int)max_send_fragment, NULL); - if (u_len >= 8 * max_send_fragment) + if (len >= 8 * max_send_fragment) packlen *= 8; else packlen *= 4; @@ -436,7 +442,8 @@ int ssl3_write_bytes(SSL *s, int type, const void *buf_, int len) } else if (tot == len) { /* done? */ /* free jumbo buffer */ ssl3_release_write_buffer(s); - return tot; + *written = tot; + return 1; } n = (len - tot); @@ -470,11 +477,11 @@ int ssl3_write_bytes(SSL *s, int type, const void *buf_, int len) mb_param.inp = aad; mb_param.len = nw; - packlen = EVP_CIPHER_CTX_ctrl(s->enc_write_ctx, + packleni = EVP_CIPHER_CTX_ctrl(s->enc_write_ctx, EVP_CTRL_TLS1_1_MULTIBLOCK_AAD, sizeof(mb_param), &mb_param); - - if (packlen <= 0 || packlen > (int)wb->len) { /* never happens */ + packlen = (size_t)packleni; + if (packleni <= 0 || packlen > wb->len) { /* never happens */ /* free jumbo buffer */ ssl3_release_write_buffer(s); break; @@ -503,7 +510,7 @@ int ssl3_write_bytes(SSL *s, int type, const void *buf_, int len) s->rlayer.wpend_type = type; s->rlayer.wpend_ret = nw; - i = ssl3_write_pending(s, type, &buf[tot], nw); + i = ssl3_write_pending(s, type, &buf[tot], nw, &tmpwrit); if (i <= 0) { if (i < 0 && (!s->wbio || !BIO_should_retry(s->wbio))) { /* free jumbo buffer */ @@ -512,13 +519,14 @@ int ssl3_write_bytes(SSL *s, int type, const void *buf_, int len) s->rlayer.wnum = tot; return i; } - if (i == (int)n) { + if (tmpwrit == n) { /* free jumbo buffer */ ssl3_release_write_buffer(s); - return tot + i; + *written = tot + tmpwrit; + return 1; } - n -= i; - tot += i; + n -= tmpwrit; + tot += tmpwrit; } } else #endif @@ -526,7 +534,8 @@ int ssl3_write_bytes(SSL *s, int type, const void *buf_, int len) if (s->mode & SSL_MODE_RELEASE_BUFFERS && !SSL_IS_DTLS(s)) ssl3_release_write_buffer(s); - return tot; + *written = tot; + return 1; } n = (len - tot); @@ -564,8 +573,8 @@ int ssl3_write_bytes(SSL *s, int type, const void *buf_, int len) } for (;;) { - unsigned int pipelens[SSL_MAX_PIPELINES], tmppipelen, remain; - unsigned int numpipes, j; + size_t pipelens[SSL_MAX_PIPELINES], tmppipelen, remain; + size_t numpipes, j; if (n == 0) numpipes = 1; @@ -593,14 +602,15 @@ int ssl3_write_bytes(SSL *s, int type, const void *buf_, int len) } } - i = do_ssl3_write(s, type, &(buf[tot]), pipelens, numpipes, 0); + i = do_ssl3_write(s, type, &(buf[tot]), pipelens, numpipes, 0, + &tmpwrit); if (i <= 0) { /* XXX should we ssl3_release_write_buffer if i<0? */ s->rlayer.wnum = tot; return i; } - if ((i == (int)n) || + if (tmpwrit == n || (type == SSL3_RT_APPLICATION_DATA && (s->mode & SSL_MODE_ENABLE_PARTIAL_WRITE))) { /* @@ -613,28 +623,29 @@ int ssl3_write_bytes(SSL *s, int type, const void *buf_, int len) !SSL_IS_DTLS(s)) ssl3_release_write_buffer(s); - return tot + i; + *written = tot + tmpwrit; + return 1; } - n -= i; - tot += i; + n -= tmpwrit; + tot += tmpwrit; } } int do_ssl3_write(SSL *s, int type, const unsigned char *buf, - unsigned int *pipelens, unsigned int numpipes, - int create_empty_fragment) + size_t *pipelens, size_t numpipes, + int create_empty_fragment, size_t *written) { unsigned char *outbuf[SSL_MAX_PIPELINES], *plen[SSL_MAX_PIPELINES]; SSL3_RECORD wr[SSL_MAX_PIPELINES]; int i, mac_size, clear = 0; - int prefix_len = 0; + size_t prefix_len = 0; int eivlen; size_t align = 0; SSL3_BUFFER *wb; SSL_SESSION *sess; - unsigned int totlen = 0; - unsigned int j; + size_t totlen = 0; + size_t j; for (j = 0; j < numpipes; j++) totlen += pipelens[j]; @@ -643,7 +654,7 @@ int do_ssl3_write(SSL *s, int type, const unsigned char *buf, * will happen with non blocking IO */ if (RECORD_LAYER_write_pending(&s->rlayer)) - return (ssl3_write_pending(s, type, buf, totlen)); + return ssl3_write_pending(s, type, buf, totlen, written); /* If we have an alert to send, lets send it */ if (s->s3->alert_dispatch) { @@ -667,6 +678,7 @@ int do_ssl3_write(SSL *s, int type, const unsigned char *buf, clear = s->enc_write_ctx ? 0 : 1; /* must be AEAD cipher */ mac_size = 0; } else { + /* TODO(siz_t): Convert me */ mac_size = EVP_MD_CTX_size(s->write_hash); if (mac_size < 0) goto err; @@ -688,10 +700,11 @@ int do_ssl3_write(SSL *s, int type, const unsigned char *buf, * 'prefix_len' bytes are sent out later together with the actual * payload) */ - unsigned int tmppipelen = 0; + size_t tmppipelen = 0; + int ret; - prefix_len = do_ssl3_write(s, type, buf, &tmppipelen, 1, 1); - if (prefix_len <= 0) + ret = do_ssl3_write(s, type, buf, &tmppipelen, 1, 1, &prefix_len); + if (ret <= 0) goto err; if (prefix_len > @@ -738,6 +751,7 @@ int do_ssl3_write(SSL *s, int type, const unsigned char *buf, if (s->enc_write_ctx && SSL_USE_EXPLICIT_IV(s)) { int mode = EVP_CIPHER_CTX_mode(s->enc_write_ctx); if (mode == EVP_CIPH_CBC_MODE) { + /* TODO(size_t): Convert me */ eivlen = EVP_CIPHER_CTX_iv_length(s->enc_write_ctx); if (eivlen <= 1) eivlen = 0; @@ -777,7 +791,7 @@ int do_ssl3_write(SSL *s, int type, const unsigned char *buf, /* lets setup the record stuff. */ SSL3_RECORD_set_data(&wr[j], outbuf[j] + eivlen); - SSL3_RECORD_set_length(&wr[j], (int)pipelens[j]); + SSL3_RECORD_set_length(&wr[j], pipelens[j]); SSL3_RECORD_set_input(&wr[j], (unsigned char *)&buf[totlen]); totlen += pipelens[j]; @@ -803,9 +817,9 @@ int do_ssl3_write(SSL *s, int type, const unsigned char *buf, */ if (!SSL_USE_ETM(s) && mac_size != 0) { - if (s->method->ssl3_enc->mac(s, &wr[j], - &(outbuf[j][wr[j].length + eivlen]), - 1) < 0) + if (!s->method->ssl3_enc->mac(s, &wr[j], + &(outbuf[j][wr[j].length + eivlen]), + 1)) goto err; SSL3_RECORD_add_length(&wr[j], mac_size); } @@ -826,8 +840,8 @@ int do_ssl3_write(SSL *s, int type, const unsigned char *buf, for (j = 0; j < numpipes; j++) { if (SSL_USE_ETM(s) && mac_size != 0) { - if (s->method->ssl3_enc->mac(s, &wr[j], - outbuf[j] + wr[j].length, 1) < 0) + if (!s->method->ssl3_enc->mac(s, &wr[j], + outbuf[j] + wr[j].length, 1)) goto err; SSL3_RECORD_add_length(&wr[j], mac_size); } @@ -857,7 +871,8 @@ int do_ssl3_write(SSL *s, int type, const unsigned char *buf, SSLerr(SSL_F_DO_SSL3_WRITE, ERR_R_INTERNAL_ERROR); goto err; } - return SSL3_RECORD_get_length(wr); + *written = SSL3_RECORD_get_length(wr); + return 1; } /* now let's set up wb */ @@ -875,7 +890,7 @@ int do_ssl3_write(SSL *s, int type, const unsigned char *buf, s->rlayer.wpend_ret = totlen; /* we now just need to write the buffer */ - return ssl3_write_pending(s, type, buf, totlen); + return ssl3_write_pending(s, type, buf, totlen, written); err: return -1; } @@ -883,24 +898,24 @@ int do_ssl3_write(SSL *s, int type, const unsigned char *buf, /* if s->s3->wbuf.left != 0, we need to call this * * Return values are as per SSL_read(), i.e. - * >0 The number of read bytes + * 1 Success * 0 Failure (not retryable) * <0 Failure (may be retryable) */ -int ssl3_write_pending(SSL *s, int type, const unsigned char *buf, - unsigned int len) +int ssl3_write_pending(SSL *s, int type, const unsigned char *buf, size_t len, + size_t *written) { int i; SSL3_BUFFER *wb = s->rlayer.wbuf; - unsigned int currbuf = 0; + size_t currbuf = 0; + size_t tmpwrit = 0; -/* XXXX */ - if ((s->rlayer.wpend_tot > (int)len) + if ((s->rlayer.wpend_tot > len) || ((s->rlayer.wpend_buf != buf) && !(s->mode & SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER)) || (s->rlayer.wpend_type != type)) { SSLerr(SSL_F_SSL3_WRITE_PENDING, SSL_R_BAD_WRITE_RETRY); - return (-1); + return -1; } for (;;) { @@ -913,21 +928,25 @@ int ssl3_write_pending(SSL *s, int type, const unsigned char *buf, clear_sys_error(); if (s->wbio != NULL) { s->rwstate = SSL_WRITING; + /* TODO(size_t): Convert this call */ i = BIO_write(s->wbio, (char *) &(SSL3_BUFFER_get_buf(&wb[currbuf]) [SSL3_BUFFER_get_offset(&wb[currbuf])]), (unsigned int)SSL3_BUFFER_get_left(&wb[currbuf])); + if (i >= 0) + tmpwrit = i; } else { SSLerr(SSL_F_SSL3_WRITE_PENDING, SSL_R_BIO_NOT_SET); i = -1; } - if (i == SSL3_BUFFER_get_left(&wb[currbuf])) { + if (i > 0 && tmpwrit == SSL3_BUFFER_get_left(&wb[currbuf])) { SSL3_BUFFER_set_left(&wb[currbuf], 0); - SSL3_BUFFER_add_offset(&wb[currbuf], i); + SSL3_BUFFER_add_offset(&wb[currbuf], tmpwrit); if (currbuf + 1 < s->rlayer.numwpipes) continue; s->rwstate = SSL_NOTHING; - return (s->rlayer.wpend_ret); + *written = s->rlayer.wpend_ret; + return 1; } else if (i <= 0) { if (SSL_IS_DTLS(s)) { /* @@ -938,8 +957,8 @@ int ssl3_write_pending(SSL *s, int type, const unsigned char *buf, } return -1; } - SSL3_BUFFER_add_offset(&wb[currbuf], i); - SSL3_BUFFER_add_left(&wb[currbuf], -i); + SSL3_BUFFER_add_offset(&wb[currbuf], tmpwrit); + SSL3_BUFFER_sub_left(&wb[currbuf], tmpwrit); } } @@ -973,10 +992,10 @@ int ssl3_write_pending(SSL *s, int type, const unsigned char *buf, * none of our business */ int ssl3_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf, - int len, int peek) + size_t len, int peek, size_t *readbytes) { int al, i, j, ret; - unsigned int n, curr_rec, num_recs, read_bytes; + size_t n, curr_rec, num_recs, totalbytes; SSL3_RECORD *rr; SSL3_BUFFER *rbuf; void (*cb) (const SSL *ssl, int type2, int val) = NULL; @@ -986,7 +1005,7 @@ int ssl3_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf, if (!SSL3_BUFFER_is_initialised(rbuf)) { /* Not initialized yet */ if (!ssl3_setup_read_buffer(s)) - return (-1); + return -1; } if ((type && (type != SSL3_RT_APPLICATION_DATA) @@ -1019,7 +1038,8 @@ int ssl3_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf, if (recvd_type != NULL) *recvd_type = SSL3_RT_HANDSHAKE; - return n; + *readbytes = n; + return 1; } /* @@ -1030,10 +1050,10 @@ int ssl3_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf, /* type == SSL3_RT_APPLICATION_DATA */ i = s->handshake_func(s); if (i < 0) - return (i); + return i; if (i == 0) { SSLerr(SSL_F_SSL3_READ_BYTES, SSL_R_SSL_HANDSHAKE_FAILURE); - return (-1); + return -1; } } start: @@ -1054,7 +1074,7 @@ int ssl3_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf, if (num_recs == 0) { ret = ssl3_get_record(s); if (ret <= 0) - return (ret); + return ret; num_recs = RECORD_LAYER_get_numrpipes(&s->rlayer); if (num_recs == 0) { /* Shouldn't happen */ @@ -1100,7 +1120,7 @@ int ssl3_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf, if (s->shutdown & SSL_RECEIVED_SHUTDOWN) { SSL3_RECORD_set_length(rr, 0); s->rwstate = SSL_NOTHING; - return (0); + return 0; } if (type == SSL3_RECORD_get_type(rr) @@ -1133,15 +1153,15 @@ int ssl3_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf, if (recvd_type != NULL) *recvd_type = SSL3_RECORD_get_type(rr); - if (len <= 0) - return (len); + if (len == 0) + return 0; - read_bytes = 0; + totalbytes = 0; do { - if ((unsigned int)len - read_bytes > SSL3_RECORD_get_length(rr)) + if (len - totalbytes > SSL3_RECORD_get_length(rr)) n = SSL3_RECORD_get_length(rr); else - n = (unsigned int)len - read_bytes; + n = len - totalbytes; memcpy(buf, &(rr->data[rr->off]), n); buf += n; @@ -1163,10 +1183,10 @@ int ssl3_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf, curr_rec++; rr++; } - read_bytes += n; + totalbytes += n; } while (type == SSL3_RT_APPLICATION_DATA && curr_rec < num_recs - && read_bytes < (unsigned int)len); - if (read_bytes == 0) { + && totalbytes < len); + if (totalbytes == 0) { /* We must have read empty records. Get more data */ goto start; } @@ -1174,7 +1194,8 @@ int ssl3_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf, && (s->mode & SSL_MODE_RELEASE_BUFFERS) && SSL3_BUFFER_get_left(rbuf) == 0) ssl3_release_read_buffer(s); - return read_bytes; + *readbytes = totalbytes; + return 1; } /* @@ -1217,9 +1238,9 @@ int ssl3_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf, * that so that we can process the data at a fixed place. */ { - unsigned int dest_maxlen = 0; + size_t dest_maxlen = 0; unsigned char *dest = NULL; - unsigned int *dest_len = NULL; + size_t *dest_len = NULL; if (SSL3_RECORD_get_type(rr) == SSL3_RT_HANDSHAKE) { dest_maxlen = sizeof s->rlayer.handshake_fragment; @@ -1284,10 +1305,10 @@ int ssl3_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf, if (ssl3_renegotiate_check(s)) { i = s->handshake_func(s); if (i < 0) - return (i); + return i; if (i == 0) { SSLerr(SSL_F_SSL3_READ_BYTES, SSL_R_SSL_HANDSHAKE_FAILURE); - return (-1); + return -1; } if (!(s->mode & SSL_MODE_AUTO_RETRY)) { @@ -1304,7 +1325,7 @@ int ssl3_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf, bio = SSL_get_rbio(s); BIO_clear_retry_flags(bio); BIO_set_retry_read(bio); - return (-1); + return -1; } } } @@ -1367,7 +1388,7 @@ int ssl3_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf, if (alert_descr == SSL_AD_CLOSE_NOTIFY) { s->shutdown |= SSL_RECEIVED_SHUTDOWN; - return (0); + return 0; } /* * This is a warning but we receive it if we requested @@ -1397,7 +1418,7 @@ int ssl3_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf, s->shutdown |= SSL_RECEIVED_SHUTDOWN; SSL3_RECORD_set_read(rr); SSL_CTX_remove_session(s->session_ctx, s->session); - return (0); + return 0; } else { al = SSL_AD_ILLEGAL_PARAMETER; SSLerr(SSL_F_SSL3_READ_BYTES, SSL_R_UNKNOWN_ALERT_TYPE); @@ -1412,7 +1433,7 @@ int ssl3_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf, s->rwstate = SSL_NOTHING; SSL3_RECORD_set_length(rr, 0); SSL3_RECORD_set_read(rr); - return (0); + return 0; } if (SSL3_RECORD_get_type(rr) == SSL3_RT_CHANGE_CIPHER_SPEC) { @@ -1434,10 +1455,10 @@ int ssl3_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf, } i = s->handshake_func(s); if (i < 0) - return (i); + return i; if (i == 0) { SSLerr(SSL_F_SSL3_READ_BYTES, SSL_R_SSL_HANDSHAKE_FAILURE); - return (-1); + return -1; } if (!(s->mode & SSL_MODE_AUTO_RETRY)) { @@ -1454,7 +1475,7 @@ int ssl3_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf, bio = SSL_get_rbio(s); BIO_clear_retry_flags(bio); BIO_set_retry_read(bio); - return (-1); + return -1; } } goto start; @@ -1493,7 +1514,7 @@ int ssl3_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf, */ if (ossl_statem_app_data_allowed(s)) { s->s3->in_read_app_data = 2; - return (-1); + return -1; } else { al = SSL_AD_UNEXPECTED_MESSAGE; SSLerr(SSL_F_SSL3_READ_BYTES, SSL_R_UNEXPECTED_RECORD); @@ -1504,7 +1525,7 @@ int ssl3_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf, f_err: ssl3_send_alert(s, SSL3_AL_FATAL, al); - return (-1); + return -1; } void ssl3_record_sequence_update(unsigned char *seq) @@ -1530,7 +1551,7 @@ int RECORD_LAYER_is_sslv2_record(RECORD_LAYER *rl) /* * Returns the length in bytes of the current rrec */ -unsigned int RECORD_LAYER_get_rrec_length(RECORD_LAYER *rl) +size_t RECORD_LAYER_get_rrec_length(RECORD_LAYER *rl) { return SSL3_RECORD_get_length(&rl->rrec[0]); } diff --git a/ssl/record/record.h b/ssl/record/record.h index 3e1530f..e30010d 100644 --- a/ssl/record/record.h +++ b/ssl/record/record.h @@ -22,9 +22,9 @@ typedef struct ssl3_buffer_st { /* buffer size */ size_t len; /* where to 'copy from' */ - int offset; + size_t offset; /* how many bytes left */ - int left; + size_t left; } SSL3_BUFFER; #define SEQ_NUM_SIZE 8 @@ -38,16 +38,16 @@ typedef struct ssl3_record_st { int type; /* How many bytes available */ /* rw */ - unsigned int length; + size_t length; /* * How many bytes were available before padding was removed? This is used * to implement the MAC check in constant time for CBC records. */ /* rw */ - unsigned int orig_len; + size_t orig_len; /* read/write offset into 'buf' */ /* r */ - unsigned int off; + size_t off; /* pointer to the record data */ /* rw */ unsigned char *data; @@ -82,7 +82,7 @@ typedef struct record_pqueue_st { typedef struct dtls1_record_data_st { unsigned char *packet; - unsigned int packet_length; + size_t packet_length; SSL3_BUFFER rbuf; SSL3_RECORD rrec; #ifndef OPENSSL_NO_SCTP @@ -116,9 +116,9 @@ typedef struct dtls_record_layer_st { * processed by ssl3_read_bytes: */ unsigned char alert_fragment[DTLS1_AL_HEADER_LENGTH]; - unsigned int alert_fragment_len; + size_t alert_fragment_len; unsigned char handshake_fragment[DTLS1_HM_HEADER_LENGTH]; - unsigned int handshake_fragment_len; + size_t handshake_fragment_len; /* save last and current sequence numbers for retransmissions */ unsigned char last_write_sequence[8]; unsigned char curr_write_sequence[8]; @@ -143,9 +143,9 @@ typedef struct record_layer_st { /* where we are when reading */ int rstate; /* How many pipelines can be used to read data */ - unsigned int numrpipes; + size_t numrpipes; /* How many pipelines can be used to write data */ - unsigned int numwpipes; + size_t numwpipes; /* read IO goes into here */ SSL3_BUFFER rbuf; /* write IO goes into here */ @@ -154,25 +154,25 @@ typedef struct record_layer_st { SSL3_RECORD rrec[SSL_MAX_PIPELINES]; /* used internally to point at a raw packet */ unsigned char *packet; - unsigned int packet_length; + size_t packet_length; /* number of bytes sent so far */ - unsigned int wnum; + size_t wnum; /* * storage for Alert/Handshake protocol data received but not yet * processed by ssl3_read_bytes: */ unsigned char alert_fragment[2]; - unsigned int alert_fragment_len; + size_t alert_fragment_len; unsigned char handshake_fragment[4]; - unsigned int handshake_fragment_len; + size_t handshake_fragment_len; /* The number of consecutive empty records we have received */ - unsigned int empty_record_count; + size_t empty_record_count; /* partial write - check the numbers match */ /* number bytes written */ - int wpend_tot; + size_t wpend_tot; int wpend_type; /* number of bytes submitted */ - int wpend_ret; + size_t wpend_ret; const unsigned char *wpend_buf; unsigned char read_sequence[SEQ_NUM_SIZE]; unsigned char write_sequence[SEQ_NUM_SIZE]; @@ -208,24 +208,27 @@ void RECORD_LAYER_clear(RECORD_LAYER *rl); void RECORD_LAYER_release(RECORD_LAYER *rl); int RECORD_LAYER_read_pending(const RECORD_LAYER *rl); int RECORD_LAYER_write_pending(const RECORD_LAYER *rl); -int RECORD_LAYER_set_data(RECORD_LAYER *rl, const unsigned char *buf, int len); +int RECORD_LAYER_set_data(RECORD_LAYER *rl, const unsigned char *buf, + size_t len); void RECORD_LAYER_reset_read_sequence(RECORD_LAYER *rl); void RECORD_LAYER_reset_write_sequence(RECORD_LAYER *rl); int RECORD_LAYER_is_sslv2_record(RECORD_LAYER *rl); -unsigned int RECORD_LAYER_get_rrec_length(RECORD_LAYER *rl); -__owur int ssl3_pending(const SSL *s); -__owur int ssl3_write_bytes(SSL *s, int type, const void *buf, int len); -__owur int do_ssl3_write(SSL *s, int type, const unsigned char *buf, - unsigned int *pipelens, unsigned int numpipes, - int create_empty_fragment); +size_t RECORD_LAYER_get_rrec_length(RECORD_LAYER *rl); +__owur size_t ssl3_pending(const SSL *s); +__owur int ssl3_write_bytes(SSL *s, int type, const void *buf, size_t len, + size_t *written); +int do_ssl3_write(SSL *s, int type, const unsigned char *buf, + size_t *pipelens, size_t numpipes, + int create_empty_fragment, size_t *written); __owur int ssl3_read_bytes(SSL *s, int type, int *recvd_type, - unsigned char *buf, int len, int peek); + unsigned char *buf, size_t len, int peek, + size_t *readbytes); __owur int ssl3_setup_buffers(SSL *s); -__owur int ssl3_enc(SSL *s, SSL3_RECORD *inrecs, unsigned int n_recs, int send); +__owur int ssl3_enc(SSL *s, SSL3_RECORD *inrecs, size_t n_recs, int send); __owur int n_ssl3_mac(SSL *ssl, SSL3_RECORD *rec, unsigned char *md, int send); -__owur int ssl3_write_pending(SSL *s, int type, const unsigned char *buf, - unsigned int len); -__owur int tls1_enc(SSL *s, SSL3_RECORD *recs, unsigned int n_recs, int send); +__owur int ssl3_write_pending(SSL *s, int type, const unsigned char *buf, size_t len, + size_t *written); +__owur int tls1_enc(SSL *s, SSL3_RECORD *recs, size_t n_recs, int send); __owur int tls1_mac(SSL *ssl, SSL3_RECORD *rec, unsigned char *md, int send); int DTLS_RECORD_LAYER_new(RECORD_LAYER *rl); void DTLS_RECORD_LAYER_free(RECORD_LAYER *rl); @@ -235,8 +238,10 @@ void DTLS_RECORD_LAYER_clear(RECORD_LAYER *rl); void DTLS_RECORD_LAYER_resync_write(RECORD_LAYER *rl); void DTLS_RECORD_LAYER_set_write_sequence(RECORD_LAYER *rl, unsigned char *seq); __owur int dtls1_read_bytes(SSL *s, int type, int *recvd_type, - unsigned char *buf, int len, int peek); -__owur int dtls1_write_bytes(SSL *s, int type, const void *buf, int len); -__owur int do_dtls1_write(SSL *s, int type, const unsigned char *buf, - unsigned int len, int create_empty_fragement); + unsigned char *buf, size_t len, int peek, + size_t *readbytes); +__owur int dtls1_write_bytes(SSL *s, int type, const void *buf, size_t len, + size_t *written); +int do_dtls1_write(SSL *s, int type, const unsigned char *buf, + size_t len, int create_empty_fragment, size_t *written); void dtls1_reset_seq_numbers(SSL *s, int rw); diff --git a/ssl/record/record_locl.h b/ssl/record/record_locl.h index b69afd8..6394835 100644 --- a/ssl/record/record_locl.h +++ b/ssl/record/record_locl.h @@ -38,7 +38,8 @@ #define RECORD_LAYER_clear_first_record(rl) ((rl)->is_first_record = 0) #define DTLS_RECORD_LAYER_get_r_epoch(rl) ((rl)->d->r_epoch) -__owur int ssl3_read_n(SSL *s, int n, int max, int extend, int clearold); +__owur int ssl3_read_n(SSL *s, size_t n, size_t max, int extend, int clearold, + size_t *readbytes); void RECORD_LAYER_set_write_sequence(RECORD_LAYER *rl, const unsigned char *ws); DTLS1_BITMAP *dtls1_get_bitmap(SSL *s, SSL3_RECORD *rr, @@ -61,7 +62,7 @@ void dtls1_record_bitmap_update(SSL *s, DTLS1_BITMAP *bitmap); #define SSL3_BUFFER_set_len(b, l) ((b)->len = (l)) #define SSL3_BUFFER_get_left(b) ((b)->left) #define SSL3_BUFFER_set_left(b, l) ((b)->left = (l)) -#define SSL3_BUFFER_add_left(b, l) ((b)->left += (l)) +#define SSL3_BUFFER_sub_left(b, l) ((b)->left -= (l)) #define SSL3_BUFFER_get_offset(b) ((b)->offset) #define SSL3_BUFFER_set_offset(b, o) ((b)->offset = (o)) #define SSL3_BUFFER_add_offset(b, o) ((b)->offset += (o)) @@ -69,10 +70,10 @@ void dtls1_record_bitmap_update(SSL *s, DTLS1_BITMAP *bitmap); #define SSL3_BUFFER_set_default_len(b, l) ((b)->default_len = (l)) void SSL3_BUFFER_clear(SSL3_BUFFER *b); -void SSL3_BUFFER_set_data(SSL3_BUFFER *b, const unsigned char *d, int n); +void SSL3_BUFFER_set_data(SSL3_BUFFER *b, const unsigned char *d, size_t n); void SSL3_BUFFER_release(SSL3_BUFFER *b); __owur int ssl3_setup_read_buffer(SSL *s); -__owur int ssl3_setup_write_buffer(SSL *s, unsigned int numwpipes, size_t len); +__owur int ssl3_setup_write_buffer(SSL *s, size_t numwpipes, size_t len); int ssl3_release_read_buffer(SSL *s); int ssl3_release_write_buffer(SSL *s); @@ -99,18 +100,18 @@ int ssl3_release_write_buffer(SSL *s); #define SSL3_RECORD_is_read(r) ((r)->read) #define SSL3_RECORD_set_read(r) ((r)->read = 1) -void SSL3_RECORD_clear(SSL3_RECORD *r, unsigned int num_recs); -void SSL3_RECORD_release(SSL3_RECORD *r, unsigned int num_recs); +void SSL3_RECORD_clear(SSL3_RECORD *r, size_t); +void SSL3_RECORD_release(SSL3_RECORD *r, size_t num_recs); void SSL3_RECORD_set_seq_num(SSL3_RECORD *r, const unsigned char *seq_num); int ssl3_get_record(SSL *s); __owur int ssl3_do_compress(SSL *ssl, SSL3_RECORD *wr); __owur int ssl3_do_uncompress(SSL *ssl, SSL3_RECORD *rr); void ssl3_cbc_copy_mac(unsigned char *out, - const SSL3_RECORD *rec, unsigned md_size); + const SSL3_RECORD *rec, size_t md_size); __owur int ssl3_cbc_remove_padding(SSL3_RECORD *rec, - unsigned block_size, unsigned mac_size); + size_t block_size, size_t mac_size); __owur int tls1_cbc_remove_padding(const SSL *s, SSL3_RECORD *rec, - unsigned block_size, unsigned mac_size); + size_t block_size, size_t mac_size); int dtls1_process_record(SSL *s, DTLS1_BITMAP *bitmap); __owur int dtls1_get_record(SSL *s); diff --git a/ssl/record/ssl3_buffer.c b/ssl/record/ssl3_buffer.c index 9638002..df1f900 100644 --- a/ssl/record/ssl3_buffer.c +++ b/ssl/record/ssl3_buffer.c @@ -10,7 +10,7 @@ #include "../ssl_locl.h" #include "record_locl.h" -void SSL3_BUFFER_set_data(SSL3_BUFFER *b, const unsigned char *d, int n) +void SSL3_BUFFER_set_data(SSL3_BUFFER *b, const unsigned char *d, size_t n) { if (d != NULL) memcpy(b->buf, d, n); @@ -74,12 +74,12 @@ int ssl3_setup_read_buffer(SSL *s) return 0; } -int ssl3_setup_write_buffer(SSL *s, unsigned int numwpipes, size_t len) +int ssl3_setup_write_buffer(SSL *s, size_t numwpipes, size_t len) { unsigned char *p; size_t align = 0, headerlen; SSL3_BUFFER *wb; - unsigned int currpipe; + size_t currpipe; s->rlayer.numwpipes = numwpipes; @@ -134,7 +134,7 @@ int ssl3_setup_buffers(SSL *s) int ssl3_release_write_buffer(SSL *s) { SSL3_BUFFER *wb; - unsigned int pipes; + size_t pipes; pipes = s->rlayer.numwpipes; while (pipes > 0) { diff --git a/ssl/record/ssl3_record.c b/ssl/record/ssl3_record.c index 3236166..f160c06 100644 --- a/ssl/record/ssl3_record.c +++ b/ssl/record/ssl3_record.c @@ -33,10 +33,10 @@ static const unsigned char ssl3_pad_2[48] = { /* * Clear the contents of an SSL3_RECORD but retain any memory allocated */ -void SSL3_RECORD_clear(SSL3_RECORD *r, unsigned int num_recs) +void SSL3_RECORD_clear(SSL3_RECORD *r, size_t num_recs) { unsigned char *comp; - unsigned int i; + size_t i; for (i = 0; i < num_recs; i++) { comp = r[i].comp; @@ -46,9 +46,9 @@ void SSL3_RECORD_clear(SSL3_RECORD *r, unsigned int num_recs) } } -void SSL3_RECORD_release(SSL3_RECORD *r, unsigned int num_recs) +void SSL3_RECORD_release(SSL3_RECORD *r, size_t num_recs) { - unsigned int i; + size_t i; for (i = 0; i < num_recs; i++) { OPENSSL_free(r[i].comp); @@ -68,7 +68,7 @@ void SSL3_RECORD_set_seq_num(SSL3_RECORD *r, const unsigned char *seq_num) static int ssl3_record_app_data_waiting(SSL *s) { SSL3_BUFFER *rbuf; - int left, len; + size_t left, len; unsigned char *p; rbuf = RECORD_LAYER_get_rbuf(&s->rlayer); @@ -125,17 +125,18 @@ static int ssl3_record_app_data_waiting(SSL *s) int ssl3_get_record(SSL *s) { int ssl_major, ssl_minor, al; - int enc_err, n, i, ret = -1; + int enc_err, rret, ret = -1; + int i; + size_t more, n; SSL3_RECORD *rr; SSL3_BUFFER *rbuf; SSL_SESSION *sess; unsigned char *p; unsigned char md[EVP_MAX_MD_SIZE]; short version; - unsigned mac_size; - unsigned int num_recs = 0; - unsigned int max_recs; - unsigned int j; + size_t mac_size; + int imac_size; + size_t num_recs = 0, max_recs, j; rr = RECORD_LAYER_get_rrec(&s->rlayer); rbuf = RECORD_LAYER_get_rbuf(&s->rlayer); @@ -149,11 +150,11 @@ int ssl3_get_record(SSL *s) if ((RECORD_LAYER_get_rstate(&s->rlayer) != SSL_ST_READ_BODY) || (RECORD_LAYER_get_packet_length(&s->rlayer) < SSL3_RT_HEADER_LENGTH)) { - n = ssl3_read_n(s, SSL3_RT_HEADER_LENGTH, - SSL3_BUFFER_get_len(rbuf), 0, - num_recs == 0 ? 1 : 0); - if (n <= 0) - return (n); /* error or non-blocking */ + rret = ssl3_read_n(s, SSL3_RT_HEADER_LENGTH, + SSL3_BUFFER_get_len(rbuf), 0, + num_recs == 0 ? 1 : 0, &n); + if (rret <= 0) + return rret; /* error or non-blocking */ RECORD_LAYER_set_rstate(&s->rlayer, SSL_ST_READ_BODY); p = RECORD_LAYER_get_packet(&s->rlayer); @@ -274,17 +275,17 @@ int ssl3_get_record(SSL *s) * record */ if (rr[num_recs].rec_version == SSL2_VERSION) { - i = rr[num_recs].length + SSL2_RT_HEADER_LENGTH + more = rr[num_recs].length + SSL2_RT_HEADER_LENGTH - SSL3_RT_HEADER_LENGTH; } else { - i = rr[num_recs].length; + more = rr[num_recs].length; } - if (i > 0) { + if (more > 0) { /* now s->packet_length == SSL3_RT_HEADER_LENGTH */ - n = ssl3_read_n(s, i, i, 1, 0); - if (n <= 0) - return (n); /* error or non-blocking io */ + rret = ssl3_read_n(s, more, more, 1, 0, &n); + if (rret <= 0) + return rret; /* error or non-blocking io */ } /* set state for later operations */ @@ -348,7 +349,14 @@ int ssl3_get_record(SSL *s) */ if (SSL_USE_ETM(s) && s->read_hash) { unsigned char *mac; - mac_size = EVP_MD_CTX_size(s->read_hash); + /* TODO(size_t): convert this to do size_t properly */ + imac_size = EVP_MD_CTX_size(s->read_hash); + if (imac_size < 0) { + al = SSL_AD_INTERNAL_ERROR; + SSLerr(SSL_F_SSL3_GET_RECORD, ERR_LIB_EVP); + goto f_err; + } + mac_size = (size_t)imac_size; OPENSSL_assert(mac_size <= EVP_MAX_MD_SIZE); for (j = 0; j < num_recs; j++) { if (rr[j].length < mac_size) { @@ -359,7 +367,7 @@ int ssl3_get_record(SSL *s) rr[j].length -= mac_size; mac = rr[j].data + rr[j].length; i = s->method->ssl3_enc->mac(s, &rr[j], md, 0 /* not send */ ); - if (i < 0 || CRYPTO_memcmp(md, mac, (size_t)mac_size) != 0) { + if (i == 0 || CRYPTO_memcmp(md, mac, mac_size) != 0) { al = SSL_AD_BAD_RECORD_MAC; SSLerr(SSL_F_SSL3_GET_RECORD, SSL_R_DECRYPTION_FAILED_OR_BAD_RECORD_MAC); @@ -381,9 +389,9 @@ int ssl3_get_record(SSL *s) goto f_err; } #ifdef SSL_DEBUG - printf("dec %d\n", rr->length); + printf("dec %"OSSLzu"\n", rr->length); { - unsigned int z; + size_t z; for (z = 0; z < rr->length; z++) printf("%02X%c", rr->data[z], ((z + 1) % 16) ? ' ' : '\n'); } @@ -438,7 +446,7 @@ int ssl3_get_record(SSL *s) } i = s->method->ssl3_enc->mac(s, &rr[j], md, 0 /* not send */ ); - if (i < 0 || mac == NULL + if (i == 0 || mac == NULL || CRYPTO_memcmp(md, mac, (size_t)mac_size) != 0) enc_err = -1; if (rr->length > SSL3_RT_MAX_COMPRESSED_LENGTH + mac_size) @@ -525,6 +533,7 @@ int ssl3_do_uncompress(SSL *ssl, SSL3_RECORD *rr) if (rr->comp == NULL) return 0; + /* TODO(size_t): Convert this call */ i = COMP_expand_block(ssl->expand, rr->comp, SSL3_RT_MAX_PLAIN_LENGTH, rr->data, (int)rr->length); if (i < 0) @@ -541,6 +550,7 @@ int ssl3_do_compress(SSL *ssl, SSL3_RECORD *wr) #ifndef OPENSSL_NO_COMP int i; + /* TODO(size_t): Convert this call */ i = COMP_compress_block(ssl->compress, wr->data, SSL3_RT_MAX_COMPRESSED_LENGTH, wr->input, (int)wr->length); @@ -564,12 +574,13 @@ int ssl3_do_compress(SSL *ssl, SSL3_RECORD *wr) * -1: if the record's padding is invalid or, if sending, an internal error * occurred. */ -int ssl3_enc(SSL *s, SSL3_RECORD *inrecs, unsigned int n_recs, int send) +int ssl3_enc(SSL *s, SSL3_RECORD *inrecs, size_t n_recs, int send) { SSL3_RECORD *rec; EVP_CIPHER_CTX *ds; - unsigned long l; - int bs, i, mac_size = 0; + size_t l, i; + size_t bs, mac_size = 0; + int imac_size; const EVP_CIPHER *enc; rec = inrecs; @@ -597,12 +608,13 @@ int ssl3_enc(SSL *s, SSL3_RECORD *inrecs, unsigned int n_recs, int send) rec->input = rec->data; } else { l = rec->length; + /* TODO(size_t): Convert this call */ bs = EVP_CIPHER_CTX_block_size(ds); /* COMPRESS */ if ((bs != 1) && send) { - i = bs - ((int)l % bs); + i = bs - (l % bs); /* we need to add 'i-1' padding bytes */ l += i; @@ -612,7 +624,7 @@ int ssl3_enc(SSL *s, SSL3_RECORD *inrecs, unsigned int n_recs, int send) */ memset(&rec->input[rec->length], 0, i); rec->length += i; - rec->input[l - 1] = (i - 1); + rec->input[l - 1] = (unsigned char)(i - 1); } if (!send) { @@ -621,17 +633,24 @@ int ssl3_enc(SSL *s, SSL3_RECORD *inrecs, unsigned int n_recs, int send) /* otherwise, rec->length >= bs */ } - if (EVP_Cipher(ds, rec->data, rec->input, l) < 1) + /* TODO(size_t): Convert this call */ + if (EVP_Cipher(ds, rec->data, rec->input, (unsigned int)l) < 1) return -1; - if (EVP_MD_CTX_md(s->read_hash) != NULL) - mac_size = EVP_MD_CTX_size(s->read_hash); + if (EVP_MD_CTX_md(s->read_hash) != NULL) { + /* TODO(size_t): convert me */ + imac_size = EVP_MD_CTX_size(s->read_hash); + if (imac_size < 0) + return -1; + mac_size = (size_t)imac_size; + } if ((bs != 1) && !send) return ssl3_cbc_remove_padding(rec, bs, mac_size); } return (1); } +#define MAX_PADDING 256 /*- * tls1_enc encrypts/decrypts |n_recs| in |recs|. * @@ -642,14 +661,16 @@ int ssl3_enc(SSL *s, SSL3_RECORD *inrecs, unsigned int n_recs, int send) * -1: if the record's padding/AEAD-authenticator is invalid or, if sending, * an internal error occurred. */ -int tls1_enc(SSL *s, SSL3_RECORD *recs, unsigned int n_recs, int send) +int tls1_enc(SSL *s, SSL3_RECORD *recs, size_t n_recs, int send) { EVP_CIPHER_CTX *ds; size_t reclen[SSL_MAX_PIPELINES]; unsigned char buf[SSL_MAX_PIPELINES][EVP_AEAD_TLS1_AAD_LEN]; - int bs, i, j, k, pad = 0, ret, mac_size = 0; + int i, pad = 0, ret, tmpr; + size_t bs, mac_size = 0, ctr, padnum, loop; + unsigned char padval; + int imac_size; const EVP_CIPHER *enc; - unsigned int ctr; if (send) { if (EVP_MD_CTX_md(s->write_hash)) { @@ -746,8 +767,8 @@ int tls1_enc(SSL *s, SSL3_RECORD *recs, unsigned int n_recs, int send) buf[ctr][8] = recs[ctr].type; buf[ctr][9] = (unsigned char)(s->version >> 8); buf[ctr][10] = (unsigned char)(s->version); - buf[ctr][11] = recs[ctr].length >> 8; - buf[ctr][12] = recs[ctr].length & 0xff; + buf[ctr][11] = (unsigned char)(recs[ctr].length >> 8); + buf[ctr][12] = (unsigned char)(recs[ctr].length & 0xff); pad = EVP_CIPHER_CTX_ctrl(ds, EVP_CTRL_AEAD_TLS1_AAD, EVP_AEAD_TLS1_AAD_LEN, buf[ctr]); if (pad <= 0) @@ -759,16 +780,18 @@ int tls1_enc(SSL *s, SSL3_RECORD *recs, unsigned int n_recs, int send) } } else if ((bs != 1) && send) { - i = bs - ((int)reclen[ctr] % bs); + padnum = bs - (reclen[ctr] % bs); /* Add weird padding of upto 256 bytes */ - /* we need to add 'i' padding bytes of value j */ - j = i - 1; - for (k = (int)reclen[ctr]; k < (int)(reclen[ctr] + i); k++) - recs[ctr].input[k] = j; - reclen[ctr] += i; - recs[ctr].length += i; + if (padnum > MAX_PADDING) + return -1; + /* we need to add 'padnum' padding bytes of value padval */ + padval = (unsigned char)(padnum - 1); + for (loop = reclen[ctr]; loop < reclen[ctr] + padnum; loop++) + recs[ctr].input[loop] = padval; + reclen[ctr] += padnum; + recs[ctr].length += padnum; } if (!send) { @@ -784,7 +807,7 @@ int tls1_enc(SSL *s, SSL3_RECORD *recs, unsigned int n_recs, int send) data[ctr] = recs[ctr].data; } if (EVP_CIPHER_CTX_ctrl(ds, EVP_CTRL_SET_PIPELINE_OUTPUT_BUFS, - n_recs, data) <= 0) { + (int)n_recs, data) <= 0) { SSLerr(SSL_F_TLS1_ENC, SSL_R_PIPELINE_FAILURE); } /* Set the input buffers */ @@ -792,19 +815,21 @@ int tls1_enc(SSL *s, SSL3_RECORD *recs, unsigned int n_recs, int send) data[ctr] = recs[ctr].input; } if (EVP_CIPHER_CTX_ctrl(ds, EVP_CTRL_SET_PIPELINE_INPUT_BUFS, - n_recs, data) <= 0 + (int)n_recs, data) <= 0 || EVP_CIPHER_CTX_ctrl(ds, EVP_CTRL_SET_PIPELINE_INPUT_LENS, - n_recs, reclen) <= 0) { + (int)n_recs, reclen) <= 0) { SSLerr(SSL_F_TLS1_ENC, SSL_R_PIPELINE_FAILURE); return -1; } } - i = EVP_Cipher(ds, recs[0].data, recs[0].input, reclen[0]); + /* TODO(size_t): Convert this call */ + tmpr = EVP_Cipher(ds, recs[0].data, recs[0].input, + (unsigned int)reclen[0]); if ((EVP_CIPHER_flags(EVP_CIPHER_CTX_cipher(ds)) & EVP_CIPH_FLAG_CUSTOM_CIPHER) - ? (i < 0) - : (i == 0)) + ? (tmpr < 0) + : (tmpr == 0)) return -1; /* AEAD can fail to verify MAC */ if (send == 0) { if (EVP_CIPHER_mode(enc) == EVP_CIPH_GCM_MODE) { @@ -823,8 +848,12 @@ int tls1_enc(SSL *s, SSL3_RECORD *recs, unsigned int n_recs, int send) } ret = 1; - if (!SSL_USE_ETM(s) && EVP_MD_CTX_md(s->read_hash) != NULL) - mac_size = EVP_MD_CTX_size(s->read_hash); + if (!SSL_USE_ETM(s) && EVP_MD_CTX_md(s->read_hash) != NULL) { + imac_size = EVP_MD_CTX_size(s->read_hash); + if (imac_size < 0) + return -1; + mac_size = (size_t)imac_size; + } if ((bs != 1) && !send) { int tmpret; for (ctr = 0; ctr < n_recs; ctr++) { @@ -855,7 +884,7 @@ int n_ssl3_mac(SSL *ssl, SSL3_RECORD *rec, unsigned char *md, int send) const EVP_MD_CTX *hash; unsigned char *p, rec_char; size_t md_size; - int npad; + size_t npad; int t; if (send) { @@ -870,7 +899,7 @@ int n_ssl3_mac(SSL *ssl, SSL3_RECORD *rec, unsigned char *md, int send) t = EVP_MD_CTX_size(hash); if (t < 0) - return -1; + return 0; md_size = t; npad = (48 / md_size) * md_size; @@ -892,7 +921,7 @@ int n_ssl3_mac(SSL *ssl, SSL3_RECORD *rec, unsigned char *md, int send) * total size. */ unsigned char header[75]; - unsigned j = 0; + size_t j = 0; memcpy(header + j, mac_sec, md_size); j += md_size; memcpy(header + j, ssl3_pad_1, npad); @@ -900,8 +929,8 @@ int n_ssl3_mac(SSL *ssl, SSL3_RECORD *rec, unsigned char *md, int send) memcpy(header + j, seq, 8); j += 8; header[j++] = rec->type; - header[j++] = rec->length >> 8; - header[j++] = rec->length & 0xff; + header[j++] = (unsigned char)(rec->length >> 8); + header[j++] = (unsigned char)(rec->length & 0xff); /* Final param == is SSLv3 */ if (ssl3_cbc_digest_record(hash, @@ -909,14 +938,14 @@ int n_ssl3_mac(SSL *ssl, SSL3_RECORD *rec, unsigned char *md, int send) header, rec->input, rec->length + md_size, rec->orig_len, mac_sec, md_size, 1) <= 0) - return -1; + return 0; } else { unsigned int md_size_u; /* Chop the digest off the end :-) */ EVP_MD_CTX *md_ctx = EVP_MD_CTX_new(); if (md_ctx == NULL) - return -1; + return 0; rec_char = rec->type; p = md; @@ -935,15 +964,14 @@ int n_ssl3_mac(SSL *ssl, SSL3_RECORD *rec, unsigned char *md, int send) || EVP_DigestUpdate(md_ctx, md, md_size) <= 0 || EVP_DigestFinal_ex(md_ctx, md, &md_size_u) <= 0) { EVP_MD_CTX_reset(md_ctx); - return -1; + return 0; } - md_size = md_size_u; EVP_MD_CTX_free(md_ctx); } ssl3_record_sequence_update(seq); - return (md_size); + return 1; } int tls1_mac(SSL *ssl, SSL3_RECORD *rec, unsigned char *md, int send) @@ -976,7 +1004,7 @@ int tls1_mac(SSL *ssl, SSL3_RECORD *rec, unsigned char *md, int send) } else { hmac = EVP_MD_CTX_new(); if (hmac == NULL || !EVP_MD_CTX_copy(hmac, hash)) - return -1; + return 0; mac_ctx = hmac; } @@ -994,8 +1022,8 @@ int tls1_mac(SSL *ssl, SSL3_RECORD *rec, unsigned char *md, int send) header[8] = rec->type; header[9] = (unsigned char)(ssl->version >> 8); header[10] = (unsigned char)(ssl->version); - header[11] = (rec->length) >> 8; - header[12] = (rec->length) & 0xff; + header[11] = (unsigned char)(rec->length >> 8); + header[12] = (unsigned char)(rec->length & 0xff); if (!send && !SSL_USE_ETM(ssl) && EVP_CIPHER_CTX_mode(ssl->enc_read_ctx) == EVP_CIPH_CBC_MODE && @@ -1016,18 +1044,19 @@ int tls1_mac(SSL *ssl, SSL3_RECORD *rec, unsigned char *md, int send) return -1; } } else { + /* TODO(size_t): Convert these calls */ if (EVP_DigestSignUpdate(mac_ctx, header, sizeof(header)) <= 0 || EVP_DigestSignUpdate(mac_ctx, rec->input, rec->length) <= 0 || EVP_DigestSignFinal(mac_ctx, md, &md_size) <= 0) { EVP_MD_CTX_free(hmac); - return -1; + return 0; } if (!send && !SSL_USE_ETM(ssl) && FIPS_mode()) if (!tls_fips_digest_extra(ssl->enc_read_ctx, mac_ctx, rec->input, rec->length, rec->orig_len)) { EVP_MD_CTX_free(hmac); - return -1; + return 0; } } @@ -1043,7 +1072,7 @@ int tls1_mac(SSL *ssl, SSL3_RECORD *rec, unsigned char *md, int send) } fprintf(stderr, "rec="); { - unsigned int z; + size_t z; for (z = 0; z < rec->length; z++) fprintf(stderr, "%02X ", rec->data[z]); fprintf(stderr, "\n"); @@ -1065,7 +1094,7 @@ int tls1_mac(SSL *ssl, SSL3_RECORD *rec, unsigned char *md, int send) fprintf(stderr, "\n"); } #endif - return (md_size); + return 1; } /*- @@ -1079,10 +1108,11 @@ int tls1_mac(SSL *ssl, SSL3_RECORD *rec, unsigned char *md, int send) * -1: otherwise. */ int ssl3_cbc_remove_padding(SSL3_RECORD *rec, - unsigned block_size, unsigned mac_size) + size_t block_size, size_t mac_size) { - unsigned padding_length, good; - const unsigned overhead = 1 /* padding length byte */ + mac_size; + size_t padding_length; + size_t good; + const size_t overhead = 1 /* padding length byte */ + mac_size; /* * These lengths are all public so we can test them in non-constant time. @@ -1091,11 +1121,11 @@ int ssl3_cbc_remove_padding(SSL3_RECORD *rec, return 0; padding_length = rec->data[rec->length - 1]; - good = constant_time_ge(rec->length, padding_length + overhead); + good = constant_time_ge_s(rec->length, padding_length + overhead); /* SSLv3 requires that the padding is minimal. */ - good &= constant_time_ge(block_size, padding_length + 1); + good &= constant_time_ge_s(block_size, padding_length + 1); rec->length -= good & (padding_length + 1); - return constant_time_select_int(good, 1, -1); + return constant_time_select_int_s(good, 1, -1); } /*- @@ -1113,10 +1143,11 @@ int ssl3_cbc_remove_padding(SSL3_RECORD *rec, */ int tls1_cbc_remove_padding(const SSL *s, SSL3_RECORD *rec, - unsigned block_size, unsigned mac_size) + size_t block_size, size_t mac_size) { - unsigned padding_length, good, to_check, i; - const unsigned overhead = 1 /* padding length byte */ + mac_size; + size_t good; + size_t padding_length, to_check, i; + const size_t overhead = 1 /* padding length byte */ + mac_size; /* Check if version requires explicit IV */ if (SSL_USE_EXPLICIT_IV(s)) { /* @@ -1142,7 +1173,7 @@ int tls1_cbc_remove_padding(const SSL *s, return 1; } - good = constant_time_ge(rec->length, overhead + padding_length); + good = constant_time_ge_s(rec->length, overhead + padding_length); /* * The padding consists of a length byte at the end of the record and * then that many bytes of padding, all with the same value as the length @@ -1157,7 +1188,7 @@ int tls1_cbc_remove_padding(const SSL *s, to_check = rec->length; for (i = 0; i < to_check; i++) { - unsigned char mask = constant_time_ge_8(padding_length, i); + unsigned char mask = constant_time_ge_8_s(padding_length, i); unsigned char b = rec->data[rec->length - 1 - i]; /* * The final |padding_length+1| bytes should all have the value @@ -1170,10 +1201,10 @@ int tls1_cbc_remove_padding(const SSL *s, * If any of the final |padding_length+1| bytes had the wrong value, one * or more of the lower eight bits of |good| will be cleared. */ - good = constant_time_eq(0xff, good & 0xff); + good = constant_time_eq_s(0xff, good & 0xff); rec->length -= good & (padding_length + 1); - return constant_time_select_int(good, 1, -1); + return constant_time_select_int_s(good, 1, -1); } /*- @@ -1197,7 +1228,7 @@ int tls1_cbc_remove_padding(const SSL *s, #define CBC_MAC_ROTATE_IN_PLACE void ssl3_cbc_copy_mac(unsigned char *out, - const SSL3_RECORD *rec, unsigned md_size) + const SSL3_RECORD *rec, size_t md_size) { #if defined(CBC_MAC_ROTATE_IN_PLACE) unsigned char rotated_mac_buf[64 + EVP_MAX_MD_SIZE]; @@ -1209,16 +1240,16 @@ void ssl3_cbc_copy_mac(unsigned char *out, /* * mac_end is the index of |rec->data| just after the end of the MAC. */ - unsigned mac_end = rec->length; - unsigned mac_start = mac_end - md_size; + size_t mac_end = rec->length; + size_t mac_start = mac_end - md_size; /* * scan_start contains the number of bytes that we can ignore because the * MAC's position can only vary by 255 bytes. */ - unsigned scan_start = 0; - unsigned i, j; - unsigned div_spoiler; - unsigned rotate_offset; + size_t scan_start = 0; + size_t i, j; + size_t div_spoiler; + size_t rotate_offset; OPENSSL_assert(rec->orig_len >= md_size); OPENSSL_assert(md_size <= EVP_MAX_MD_SIZE); @@ -1244,11 +1275,11 @@ void ssl3_cbc_copy_mac(unsigned char *out, memset(rotated_mac, 0, md_size); for (i = scan_start, j = 0; i < rec->orig_len; i++) { - unsigned char mac_started = constant_time_ge_8(i, mac_start); - unsigned char mac_ended = constant_time_ge_8(i, mac_end); + unsigned char mac_started = constant_time_ge_8_s(i, mac_start); + unsigned char mac_ended = constant_time_ge_8_s(i, mac_end); unsigned char b = rec->data[i]; rotated_mac[j++] |= b & mac_started & ~mac_ended; - j &= constant_time_lt(j, md_size); + j &= constant_time_lt_s(j, md_size); } /* Now rotate the MAC */ @@ -1258,17 +1289,17 @@ void ssl3_cbc_copy_mac(unsigned char *out, /* in case cache-line is 32 bytes, touch second line */ ((volatile unsigned char *)rotated_mac)[rotate_offset ^ 32]; out[j++] = rotated_mac[rotate_offset++]; - rotate_offset &= constant_time_lt(rotate_offset, md_size); + rotate_offset &= constant_time_lt_s(rotate_offset, md_size); } #else memset(out, 0, md_size); rotate_offset = md_size - rotate_offset; - rotate_offset &= constant_time_lt(rotate_offset, md_size); + rotate_offset &= constant_time_lt_s(rotate_offset, md_size); for (i = 0; i < md_size; i++) { for (j = 0; j < md_size; j++) - out[j] |= rotated_mac[i] & constant_time_eq_8(j, rotate_offset); + out[j] |= rotated_mac[i] & constant_time_eq_8_s(j, rotate_offset); rotate_offset++; - rotate_offset &= constant_time_lt(rotate_offset, md_size); + rotate_offset &= constant_time_lt_s(rotate_offset, md_size); } #endif } @@ -1279,7 +1310,8 @@ int dtls1_process_record(SSL *s, DTLS1_BITMAP *bitmap) int enc_err; SSL_SESSION *sess; SSL3_RECORD *rr; - unsigned int mac_size; + int imac_size; + size_t mac_size; unsigned char md[EVP_MAX_MD_SIZE]; rr = RECORD_LAYER_get_rrec(&s->rlayer); @@ -1326,7 +1358,7 @@ int dtls1_process_record(SSL *s, DTLS1_BITMAP *bitmap) rr->length -= mac_size; mac = rr->data + rr->length; i = s->method->ssl3_enc->mac(s, rr, md, 0 /* not send */ ); - if (i < 0 || CRYPTO_memcmp(md, mac, (size_t)mac_size) != 0) { + if (i == 0 || CRYPTO_memcmp(md, mac, (size_t)mac_size) != 0) { al = SSL_AD_BAD_RECORD_MAC; SSLerr(SSL_F_DTLS1_PROCESS_RECORD, SSL_R_DECRYPTION_FAILED_OR_BAD_RECORD_MAC); @@ -1348,9 +1380,9 @@ int dtls1_process_record(SSL *s, DTLS1_BITMAP *bitmap) goto err; } #ifdef SSL_DEBUG - printf("dec %d\n", rr->length); + printf("dec %ld\n", rr->length); { - unsigned int z; + size_t z; for (z = 0; z < rr->length; z++) printf("%02X%c", rr->data[z], ((z + 1) % 16) ? ' ' : '\n'); } @@ -1363,7 +1395,15 @@ int dtls1_process_record(SSL *s, DTLS1_BITMAP *bitmap) /* s->read_hash != NULL => mac_size != -1 */ unsigned char *mac = NULL; unsigned char mac_tmp[EVP_MAX_MD_SIZE]; - mac_size = EVP_MD_CTX_size(s->read_hash); + + /* TODO(size_t): Convert this to do size_t properly */ + imac_size = EVP_MD_CTX_size(s->read_hash); + if (imac_size < 0) { + al = SSL_AD_INTERNAL_ERROR; + SSLerr(SSL_F_DTLS1_PROCESS_RECORD, ERR_LIB_EVP); + goto f_err; + } + mac_size = (size_t)imac_size; OPENSSL_assert(mac_size <= EVP_MAX_MD_SIZE); /* @@ -1402,8 +1442,8 @@ int dtls1_process_record(SSL *s, DTLS1_BITMAP *bitmap) } i = s->method->ssl3_enc->mac(s, rr, md, 0 /* not send */ ); - if (i < 0 || mac == NULL - || CRYPTO_memcmp(md, mac, (size_t)mac_size) != 0) + if (i == 0 || mac == NULL + || CRYPTO_memcmp(md, mac, mac_size) != 0) enc_err = -1; if (rr->length > SSL3_RT_MAX_COMPRESSED_LENGTH + mac_size) enc_err = -1; @@ -1482,7 +1522,8 @@ int dtls1_process_record(SSL *s, DTLS1_BITMAP *bitmap) int dtls1_get_record(SSL *s) { int ssl_major, ssl_minor; - int i, n; + int rret; + size_t more, n; SSL3_RECORD *rr; unsigned char *p = NULL; unsigned short version; @@ -1508,11 +1549,11 @@ int dtls1_get_record(SSL *s) /* check if we have the header */ if ((RECORD_LAYER_get_rstate(&s->rlayer) != SSL_ST_READ_BODY) || (RECORD_LAYER_get_packet_length(&s->rlayer) < DTLS1_RT_HEADER_LENGTH)) { - n = ssl3_read_n(s, DTLS1_RT_HEADER_LENGTH, - SSL3_BUFFER_get_len(&s->rlayer.rbuf), 0, 1); + rret = ssl3_read_n(s, DTLS1_RT_HEADER_LENGTH, + SSL3_BUFFER_get_len(&s->rlayer.rbuf), 0, 1, &n); /* read timeout is handled by dtls1_read_bytes */ - if (n <= 0) - return (n); /* error or non-blocking */ + if (rret <= 0) + return rret; /* error or non-blocking */ /* this packet contained a partial record, dump it */ if (RECORD_LAYER_get_packet_length(&s->rlayer) != @@ -1575,10 +1616,10 @@ int dtls1_get_record(SSL *s) if (rr->length > RECORD_LAYER_get_packet_length(&s->rlayer) - DTLS1_RT_HEADER_LENGTH) { /* now s->packet_length == DTLS1_RT_HEADER_LENGTH */ - i = rr->length; - n = ssl3_read_n(s, i, i, 1, 1); + more = rr->length; + rret = ssl3_read_n(s, more, more, 1, 1, &n); /* this packet contained a partial record, dump it */ - if (n != i) { + if (rret <= 0 || n != more) { rr->length = 0; RECORD_LAYER_reset_packet_length(&s->rlayer); goto again; diff --git a/ssl/s3_cbc.c b/ssl/s3_cbc.c index 9a228f7..3a75745 100644 --- a/ssl/s3_cbc.c +++ b/ssl/s3_cbc.c @@ -134,7 +134,7 @@ int ssl3_cbc_digest_record(const EVP_MD_CTX *ctx, size_t data_plus_mac_size, size_t data_plus_mac_plus_padding_size, const unsigned char *mac_secret, - unsigned mac_secret_length, char is_sslv3) + size_t mac_secret_length, char is_sslv3) { union { double align; @@ -142,23 +142,24 @@ int ssl3_cbc_digest_record(const EVP_MD_CTX *ctx, } md_state; void (*md_final_raw) (void *ctx, unsigned char *md_out); void (*md_transform) (void *ctx, const unsigned char *block); - unsigned md_size, md_block_size = 64; - unsigned sslv3_pad_length = 40, header_length, variance_blocks, + size_t md_size, md_block_size = 64; + size_t sslv3_pad_length = 40, header_length, variance_blocks, len, max_mac_bytes, num_blocks, num_starting_blocks, k, mac_end_offset, c, index_a, index_b; - unsigned int bits; /* at most 18 bits */ + size_t bits; /* at most 18 bits */ unsigned char length_bytes[MAX_HASH_BIT_COUNT_BYTES]; /* hmac_pad is the masked HMAC key. */ unsigned char hmac_pad[MAX_HASH_BLOCK_SIZE]; unsigned char first_block[MAX_HASH_BLOCK_SIZE]; unsigned char mac_out[EVP_MAX_MD_SIZE]; - unsigned i, j, md_out_size_u; + size_t i, j; + unsigned md_out_size_u; EVP_MD_CTX *md_ctx = NULL; /* * mdLengthSize is the number of bytes in the length field that * terminates * the hash. */ - unsigned md_length_size = 8; + size_t md_length_size = 8; char length_is_big_endian = 1; int ret; @@ -356,7 +357,7 @@ int ssl3_cbc_digest_record(const EVP_MD_CTX *ctx, if (k > 0) { if (is_sslv3) { - unsigned overhang; + size_t overhang; /* * The SSLv3 header is larger than a single block. overhang is @@ -399,8 +400,8 @@ int ssl3_cbc_digest_record(const EVP_MD_CTX *ctx, for (i = num_starting_blocks; i <= num_starting_blocks + variance_blocks; i++) { unsigned char block[MAX_HASH_BLOCK_SIZE]; - unsigned char is_block_a = constant_time_eq_8(i, index_a); - unsigned char is_block_b = constant_time_eq_8(i, index_b); + unsigned char is_block_a = constant_time_eq_8_s(i, index_a); + unsigned char is_block_b = constant_time_eq_8_s(i, index_b); for (j = 0; j < md_block_size; j++) { unsigned char b = 0, is_past_c, is_past_cp1; if (k < header_length) @@ -409,8 +410,8 @@ int ssl3_cbc_digest_record(const EVP_MD_CTX *ctx, b = data[k - header_length]; k++; - is_past_c = is_block_a & constant_time_ge_8(j, c); - is_past_cp1 = is_block_a & constant_time_ge_8(j, c + 1); + is_past_c = is_block_a & constant_time_ge_8_s(j, c); + is_past_cp1 = is_block_a & constant_time_ge_8_s(j, c + 1); /* * If this is the block containing the end of the application * data, and we are at the offset for the 0x80 value, then @@ -471,6 +472,7 @@ int ssl3_cbc_digest_record(const EVP_MD_CTX *ctx, || EVP_DigestUpdate(md_ctx, mac_out, md_size) <= 0) goto err; } + /* TODO(size_t): Convert me */ ret = EVP_DigestFinal(md_ctx, md_out, &md_out_size_u); if (ret && md_out_size) *md_out_size = md_out_size_u; diff --git a/ssl/s3_enc.c b/ssl/s3_enc.c index 56bd34a..ba71bc1 100644 --- a/ssl/s3_enc.c +++ b/ssl/s3_enc.c @@ -113,7 +113,8 @@ int ssl3_change_cipher_state(SSL *s, int which) COMP_METHOD *comp; #endif const EVP_MD *m; - int n, i, j, k, cl; + int mdi; + size_t n, i, j, k, cl; int reuse_dd = 0; c = s->s3->tmp.new_sym_enc; @@ -194,9 +195,10 @@ int ssl3_change_cipher_state(SSL *s, int which) EVP_CIPHER_CTX_reset(dd); p = s->s3->tmp.key_block; - i = EVP_MD_size(m); - if (i < 0) + mdi = EVP_MD_size(m); + if (mdi < 0) goto err2; + i = mdi; cl = EVP_CIPHER_key_length(c); j = cl; k = EVP_CIPHER_iv_length(c); @@ -356,13 +358,18 @@ void ssl3_free_digest_list(SSL *s) s->s3->handshake_dgst = NULL; } -int ssl3_finish_mac(SSL *s, const unsigned char *buf, int len) +int ssl3_finish_mac(SSL *s, const unsigned char *buf, size_t len) { - if (s->s3->handshake_dgst == NULL) + if (s->s3->handshake_dgst == NULL) { + int ret; /* Note: this writes to a memory BIO so a failure is a fatal error */ - return BIO_write(s->s3->handshake_buffer, (void *)buf, len) == len; - else + if (len > INT_MAX) + return 0; + ret = BIO_write(s->s3->handshake_buffer, (void *)buf, (int)len); + return ret > 0 && ret == (int)len; + } else { return EVP_DigestUpdate(s->s3->handshake_dgst, buf, len); + } } int ssl3_digest_cached_records(SSL *s, int keep) @@ -400,7 +407,8 @@ int ssl3_digest_cached_records(SSL *s, int keep) return 1; } -int ssl3_final_finish_mac(SSL *s, const char *sender, int len, unsigned char *p) +size_t ssl3_final_finish_mac(SSL *s, const char *sender, size_t len, + unsigned char *p) { int ret; EVP_MD_CTX *ctx = NULL; @@ -431,7 +439,7 @@ int ssl3_final_finish_mac(SSL *s, const char *sender, int len, unsigned char *p) if ((sender != NULL && EVP_DigestUpdate(ctx, sender, len) <= 0) || EVP_MD_CTX_ctrl(ctx, EVP_CTRL_SSL3_MASTER_SECRET, - s->session->master_key_length, + (int)s->session->master_key_length, s->session->master_key) <= 0 || EVP_DigestFinal_ex(ctx, p, NULL) <= 0) { SSLerr(SSL_F_SSL3_FINAL_FINISH_MAC, ERR_R_INTERNAL_ERROR); @@ -444,7 +452,7 @@ int ssl3_final_finish_mac(SSL *s, const char *sender, int len, unsigned char *p) } int ssl3_generate_master_secret(SSL *s, unsigned char *out, unsigned char *p, - int len) + size_t len, size_t *secret_size) { static const unsigned char *salt[3] = { #ifndef CHARSET_EBCDIC @@ -459,11 +467,12 @@ int ssl3_generate_master_secret(SSL *s, unsigned char *out, unsigned char *p, }; unsigned char buf[EVP_MAX_MD_SIZE]; EVP_MD_CTX *ctx = EVP_MD_CTX_new(); - int i, ret = 0; + int i, ret = 1; unsigned int n; #ifdef OPENSSL_SSL_TRACE_CRYPTO unsigned char *tmpout = out; #endif + size_t ret_secret_size = 0; if (ctx == NULL) { SSLerr(SSL_F_SSL3_GENERATE_MASTER_SECRET, ERR_R_MALLOC_FAILURE); @@ -478,6 +487,7 @@ int ssl3_generate_master_secret(SSL *s, unsigned char *out, unsigned char *p, SSL3_RANDOM_SIZE) <= 0 || EVP_DigestUpdate(ctx, &(s->s3->server_random[0]), SSL3_RANDOM_SIZE) <= 0 + /* TODO(size_t) : convert me */ || EVP_DigestFinal_ex(ctx, buf, &n) <= 0 || EVP_DigestInit_ex(ctx, s->ctx->md5, NULL) <= 0 || EVP_DigestUpdate(ctx, p, len) <= 0 @@ -488,12 +498,12 @@ int ssl3_generate_master_secret(SSL *s, unsigned char *out, unsigned char *p, break; } out += n; - ret += n; + ret_secret_size += n; } EVP_MD_CTX_free(ctx); #ifdef OPENSSL_SSL_TRACE_CRYPTO - if (ret > 0 && s->msg_callback) { + if (ret && s->msg_callback) { s->msg_callback(2, s->version, TLS1_RT_CRYPTO_PREMASTER, p, len, s, s->msg_callback_arg); s->msg_callback(2, s->version, TLS1_RT_CRYPTO_CLIENT_RANDOM, @@ -508,7 +518,9 @@ int ssl3_generate_master_secret(SSL *s, unsigned char *out, unsigned char *p, } #endif OPENSSL_cleanse(buf, sizeof(buf)); - return (ret); + if (ret) + *secret_size = ret_secret_size; + return ret; } int ssl3_alert_code(int code) diff --git a/ssl/s3_lib.c b/ssl/s3_lib.c index ffdb454..90c1c66 100644 --- a/ssl/s3_lib.c +++ b/ssl/s3_lib.c @@ -2756,7 +2756,6 @@ const SSL3_ENC_METHOD SSLv3_enc_data = { ssl3_generate_master_secret, ssl3_change_cipher_state, ssl3_final_finish_mac, - MD5_DIGEST_LENGTH + SHA_DIGEST_LENGTH, SSL3_MD_CLIENT_FINISHED_CONST, 4, SSL3_MD_SERVER_FINISHED_CONST, 4, ssl3_alert_code, @@ -2764,7 +2763,6 @@ const SSL3_ENC_METHOD SSLv3_enc_data = { size_t, const unsigned char *, size_t, int use_context))ssl_undefined_function, 0, - SSL3_HM_HEADER_LENGTH, ssl3_set_handshake_header, tls_close_construct_packet, ssl3_handshake_write @@ -3037,7 +3035,10 @@ long ssl3_ctrl(SSL *s, int cmd, long larg, void *parg) case SSL_CTRL_GET_TLSEXT_STATUS_REQ_OCSP_RESP: *(unsigned char **)parg = s->tlsext_ocsp_resp; - return s->tlsext_ocsp_resplen; + if (s->tlsext_ocsp_resplen == 0 + || s->tlsext_ocsp_resplen > LONG_MAX) + return -1; + return (long)s->tlsext_ocsp_resplen; case SSL_CTRL_SET_TLSEXT_STATUS_REQ_OCSP_RESP: OPENSSL_free(s->tlsext_ocsp_resp); @@ -3812,12 +3813,13 @@ int ssl3_shutdown(SSL *s) return (ret); } } else if (!(s->shutdown & SSL_RECEIVED_SHUTDOWN)) { + size_t readbytes; /* * If we are waiting for a close from our peer, we are closed */ - s->method->ssl_read_bytes(s, 0, NULL, NULL, 0, 0); + s->method->ssl_read_bytes(s, 0, NULL, NULL, 0, 0, &readbytes); if (!(s->shutdown & SSL_RECEIVED_SHUTDOWN)) { - return (-1); /* return WANT_READ */ + return -1; /* return WANT_READ */ } } @@ -3828,16 +3830,18 @@ int ssl3_shutdown(SSL *s) return (0); } -int ssl3_write(SSL *s, const void *buf, int len) +int ssl3_write(SSL *s, const void *buf, size_t len, size_t *written) { clear_sys_error(); if (s->s3->renegotiate) ssl3_renegotiate_check(s); - return s->method->ssl_write_bytes(s, SSL3_RT_APPLICATION_DATA, buf, len); + return s->method->ssl_write_bytes(s, SSL3_RT_APPLICATION_DATA, buf, len, + written); } -static int ssl3_read_internal(SSL *s, void *buf, int len, int peek) +static int ssl3_read_internal(SSL *s, void *buf, size_t len, int peek, + size_t *readbytes) { int ret; @@ -3847,7 +3851,7 @@ static int ssl3_read_internal(SSL *s, void *buf, int len, int peek) s->s3->in_read_app_data = 1; ret = s->method->ssl_read_bytes(s, SSL3_RT_APPLICATION_DATA, NULL, buf, len, - peek); + peek, readbytes); if ((ret == -1) && (s->s3->in_read_app_data == 2)) { /* * ssl3_read_bytes decided to call s->handshake_func, which called @@ -3859,22 +3863,22 @@ static int ssl3_read_internal(SSL *s, void *buf, int len, int peek) ossl_statem_set_in_handshake(s, 1); ret = s->method->ssl_read_bytes(s, SSL3_RT_APPLICATION_DATA, NULL, buf, - len, peek); + len, peek, readbytes); ossl_statem_set_in_handshake(s, 0); } else s->s3->in_read_app_data = 0; - return (ret); + return ret; } -int ssl3_read(SSL *s, void *buf, int len) +int ssl3_read(SSL *s, void *buf, size_t len, size_t *readbytes) { - return ssl3_read_internal(s, buf, len, 0); + return ssl3_read_internal(s, buf, len, 0, readbytes); } -int ssl3_peek(SSL *s, void *buf, int len) +int ssl3_peek(SSL *s, void *buf, size_t len, size_t *readbytes) { - return ssl3_read_internal(s, buf, len, 1); + return ssl3_read_internal(s, buf, len, 1, readbytes); } int ssl3_renegotiate(SSL *s) @@ -3938,7 +3942,7 @@ long ssl_get_algorithm2(SSL *s) * Fill a ClientRandom or ServerRandom field of length len. Returns <= 0 on * failure, 1 on success. */ -int ssl_fill_hello_random(SSL *s, int server, unsigned char *result, int len) +int ssl_fill_hello_random(SSL *s, int server, unsigned char *result, size_t len) { int send_time = 0; @@ -3952,15 +3956,18 @@ int ssl_fill_hello_random(SSL *s, int server, unsigned char *result, int len) unsigned long Time = (unsigned long)time(NULL); unsigned char *p = result; l2n(Time, p); - return RAND_bytes(p, len - 4); + /* TODO(size_t): Convert this */ + return RAND_bytes(p, (int)(len - 4)); } else - return RAND_bytes(result, len); + return RAND_bytes(result, (int)len); } int ssl_generate_master_secret(SSL *s, unsigned char *pms, size_t pmslen, int free_pms) { unsigned long alg_k = s->s3->tmp.new_cipher->algorithm_mkey; + int ret = 0; + if (alg_k & SSL_PSK) { #ifndef OPENSSL_NO_PSK unsigned char *pskpms, *t; @@ -3975,10 +3982,8 @@ int ssl_generate_master_secret(SSL *s, unsigned char *pms, size_t pmslen, pskpmslen = 4 + pmslen + psklen; pskpms = OPENSSL_malloc(pskpmslen); - if (pskpms == NULL) { - s->session->master_key_length = 0; + if (pskpms == NULL) goto err; - } t = pskpms; s2n(pmslen, t); if (alg_k & SSL_kPSK) @@ -3991,23 +3996,23 @@ int ssl_generate_master_secret(SSL *s, unsigned char *pms, size_t pmslen, OPENSSL_clear_free(s->s3->tmp.psk, psklen); s->s3->tmp.psk = NULL; - s->session->master_key_length = - s->method->ssl3_enc->generate_master_secret(s, - s->session->master_key, - pskpms, pskpmslen); + if (!s->method->ssl3_enc->generate_master_secret(s, + s->session->master_key,pskpms, pskpmslen, + &s->session->master_key_length)) + goto err; OPENSSL_clear_free(pskpms, pskpmslen); #else /* Should never happen */ - s->session->master_key_length = 0; goto err; #endif } else { - s->session->master_key_length = - s->method->ssl3_enc->generate_master_secret(s, - s->session->master_key, - pms, pmslen); + if (!s->method->ssl3_enc->generate_master_secret(s, + s->session->master_key, pms, pmslen, + &s->session->master_key_length)) + goto err; } + ret = 1; err: if (pms) { if (free_pms) @@ -4017,7 +4022,7 @@ int ssl_generate_master_secret(SSL *s, unsigned char *pms, size_t pmslen, } if (s->server == 0) s->s3->tmp.pms = NULL; - return s->session->master_key_length >= 0; + return ret; } /* Generate a private key from parameters */ diff --git a/ssl/s3_msg.c b/ssl/s3_msg.c index 82513d2..743a02b 100644 --- a/ssl/s3_msg.c +++ b/ssl/s3_msg.c @@ -13,8 +13,9 @@ int ssl3_do_change_cipher_spec(SSL *s) { int i; + size_t finish_md_len; const char *sender; - int slen; + size_t slen; if (s->server) i = SSL3_CHANGE_CIPHER_SERVER_READ; @@ -48,14 +49,13 @@ int ssl3_do_change_cipher_spec(SSL *s) slen = s->method->ssl3_enc->client_finished_label_len; } - i = s->method->ssl3_enc->final_finish_mac(s, - sender, slen, - s->s3->tmp.peer_finish_md); - if (i == 0) { + finish_md_len = s->method->ssl3_enc->final_finish_mac(s, sender, slen, + s->s3->tmp.peer_finish_md); + if (finish_md_len == 0) { SSLerr(SSL_F_SSL3_DO_CHANGE_CIPHER_SPEC, ERR_R_INTERNAL_ERROR); return 0; } - s->s3->tmp.peer_finish_md_len = i; + s->s3->tmp.peer_finish_md_len = finish_md_len; return (1); } @@ -90,12 +90,14 @@ int ssl3_send_alert(SSL *s, int level, int desc) int ssl3_dispatch_alert(SSL *s) { int i, j; - unsigned int alertlen; + size_t alertlen; void (*cb) (const SSL *ssl, int type, int val) = NULL; + size_t written; s->s3->alert_dispatch = 0; alertlen = 2; - i = do_ssl3_write(s, SSL3_RT_ALERT, &s->s3->send_alert[0], &alertlen, 1, 0); + i = do_ssl3_write(s, SSL3_RT_ALERT, &s->s3->send_alert[0], &alertlen, 1, 0, + &written); if (i <= 0) { s->s3->alert_dispatch = 1; } else { @@ -121,5 +123,5 @@ int ssl3_dispatch_alert(SSL *s) cb(s, SSL_CB_WRITE_ALERT, j); } } - return (i); + return i; } diff --git a/ssl/ssl_asn1.c b/ssl/ssl_asn1.c index aa6e3e6..fd13f90 100644 --- a/ssl/ssl_asn1.c +++ b/ssl/ssl_asn1.c @@ -102,7 +102,7 @@ static void ssl_session_oinit(ASN1_OCTET_STRING **dest, ASN1_OCTET_STRING *os, unsigned char *data, size_t len) { os->data = data; - os->length = len; + os->length = (int)len; os->flags = 0; *dest = os; } @@ -223,14 +223,14 @@ static int ssl_session_strndup(char **pdst, ASN1_OCTET_STRING *src) /* Copy an OCTET STRING, return error if it exceeds maximum length */ -static int ssl_session_memcpy(unsigned char *dst, unsigned int *pdstlen, - ASN1_OCTET_STRING *src, int maxlen) +static int ssl_session_memcpy(unsigned char *dst, size_t *pdstlen, + ASN1_OCTET_STRING *src, size_t maxlen) { if (src == NULL) { *pdstlen = 0; return 1; } - if (src->length > maxlen) + if (src->length < 0 || src->length > (int)maxlen) return 0; memcpy(dst, src->data, src->length); *pdstlen = src->length; @@ -241,7 +241,7 @@ SSL_SESSION *d2i_SSL_SESSION(SSL_SESSION **a, const unsigned char **pp, long length) { long id; - unsigned int tmpl; + size_t tmpl; const unsigned char *p = *pp; SSL_SESSION_ASN1 *as = NULL; SSL_SESSION *ret = NULL; diff --git a/ssl/ssl_ciph.c b/ssl/ssl_ciph.c index acc1840..9d259c1 100644 --- a/ssl/ssl_ciph.c +++ b/ssl/ssl_ciph.c @@ -175,7 +175,7 @@ static int ssl_cipher_info_find(const ssl_cipher_table * table, size_t i; for (i = 0; i < table_cnt; i++, table++) { if (table->mask == mask) - return i; + return (int)i; } return -1; } @@ -197,7 +197,7 @@ static int ssl_mac_pkey_id[SSL_MD_NUM_IDX] = { EVP_PKEY_HMAC, }; -static int ssl_mac_secret_size[SSL_MD_NUM_IDX]; +static size_t ssl_mac_secret_size[SSL_MD_NUM_IDX]; #define CIPHER_ADD 1 #define CIPHER_KILL 2 @@ -399,8 +399,9 @@ void ssl_load_ciphers(void) if (md == NULL) { disabled_mac_mask |= t->mask; } else { - ssl_mac_secret_size[i] = EVP_MD_size(md); - OPENSSL_assert(ssl_mac_secret_size[i] >= 0); + int tmpsize = EVP_MD_size(md); + OPENSSL_assert(tmpsize >= 0); + ssl_mac_secret_size[i] = tmpsize; } } /* Make sure we can access MD5 and SHA1 */ @@ -502,7 +503,7 @@ static int load_builtin_compressions(void) int ssl_cipher_get_evp(const SSL_SESSION *s, const EVP_CIPHER **enc, const EVP_MD **md, int *mac_pkey_type, - int *mac_secret_size, SSL_COMP **comp, int use_etm) + size_t *mac_secret_size, SSL_COMP **comp, int use_etm) { int i; const SSL_CIPHER *c; diff --git a/ssl/ssl_err.c b/ssl/ssl_err.c index c1a886a..5c2e961 100644 --- a/ssl/ssl_err.c +++ b/ssl/ssl_err.c @@ -181,7 +181,9 @@ static ERR_STRING_DATA SSL_str_functs[] = { {ERR_FUNC(SSL_F_SSL_PARSE_SERVERHELLO_USE_SRTP_EXT), "ssl_parse_serverhello_use_srtp_ext"}, {ERR_FUNC(SSL_F_SSL_PEEK), "SSL_peek"}, + {ERR_FUNC(SSL_F_SSL_PEEK_EX), "SSL_peek_ex"}, {ERR_FUNC(SSL_F_SSL_READ), "SSL_read"}, + {ERR_FUNC(SSL_F_SSL_READ_EX), "SSL_read_ex"}, {ERR_FUNC(SSL_F_SSL_SCAN_CLIENTHELLO_TLSEXT), "ssl_scan_clienthello_tlsext"}, {ERR_FUNC(SSL_F_SSL_SCAN_SERVERHELLO_TLSEXT), @@ -227,6 +229,7 @@ static ERR_STRING_DATA SSL_str_functs[] = { {ERR_FUNC(SSL_F_SSL_VALIDATE_CT), "ssl_validate_ct"}, {ERR_FUNC(SSL_F_SSL_VERIFY_CERT_CHAIN), "ssl_verify_cert_chain"}, {ERR_FUNC(SSL_F_SSL_WRITE), "SSL_write"}, + {ERR_FUNC(SSL_F_SSL_WRITE_EX), "SSL_write_ex"}, {ERR_FUNC(SSL_F_STATE_MACHINE), "state_machine"}, {ERR_FUNC(SSL_F_TLS12_CHECK_PEER_SIGALG), "tls12_check_peer_sigalg"}, {ERR_FUNC(SSL_F_TLS1_CHANGE_CIPHER_STATE), "tls1_change_cipher_state"}, diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c index 67eee74..363b4f4 100644 --- a/ssl/ssl_lib.c +++ b/ssl/ssl_lib.c @@ -59,15 +59,14 @@ SSL3_ENC_METHOD ssl3_undef_enc_method = { * evil casts, but these functions are only called if there's a library * bug */ - (int (*)(SSL *, SSL3_RECORD *, unsigned int, int))ssl_undefined_function, + (int (*)(SSL *, SSL3_RECORD *, size_t, int))ssl_undefined_function, (int (*)(SSL *, SSL3_RECORD *, unsigned char *, int))ssl_undefined_function, ssl_undefined_function, - (int (*)(SSL *, unsigned char *, unsigned char *, int)) + (int (*)(SSL *, unsigned char *, unsigned char *, size_t, size_t *)) ssl_undefined_function, (int (*)(SSL *, int))ssl_undefined_function, - (int (*)(SSL *, const char *, int, unsigned char *)) + (size_t (*)(SSL *, const char *, size_t, unsigned char *)) ssl_undefined_function, - 0, /* finish_mac_length */ NULL, /* client_finished_label */ 0, /* client_finished_label_len */ NULL, /* server_finished_label */ @@ -81,11 +80,11 @@ SSL3_ENC_METHOD ssl3_undef_enc_method = { struct ssl_async_args { SSL *s; void *buf; - int num; + size_t num; enum { READFUNC, WRITEFUNC, OTHERFUNC } type; union { - int (*func_read) (SSL *, void *, int); - int (*func_write) (SSL *, const void *, int); + int (*func_read) (SSL *, void *, size_t, size_t *); + int (*func_write) (SSL *, const void *, size_t, size_t *); int (*func_other) (SSL *); } f; }; @@ -319,14 +318,14 @@ static int dane_tlsa_add(SSL_DANE *dane, t->usage = usage; t->selector = selector; t->mtype = mtype; - t->data = OPENSSL_malloc(ilen); + t->data = OPENSSL_malloc(dlen); if (t->data == NULL) { tlsa_free(t); SSLerr(SSL_F_DANE_TLSA_ADD, ERR_R_MALLOC_FAILURE); return -1; } - memcpy(t->data, data, ilen); - t->dlen = ilen; + memcpy(t->data, data, dlen); + t->dlen = dlen; /* Validate and cache full certificate or public key */ if (mtype == DANETLS_MATCHING_FULL) { @@ -336,7 +335,7 @@ static int dane_tlsa_add(SSL_DANE *dane, switch (selector) { case DANETLS_SELECTOR_CERT: - if (!d2i_X509(&cert, &p, dlen) || p < data || + if (!d2i_X509(&cert, &p, ilen) || p < data || dlen != (size_t)(p - data)) { tlsa_free(t); SSLerr(SSL_F_DANE_TLSA_ADD, SSL_R_DANE_TLSA_BAD_CERTIFICATE); @@ -371,7 +370,7 @@ static int dane_tlsa_add(SSL_DANE *dane, break; case DANETLS_SELECTOR_SPKI: - if (!d2i_PUBKEY(&pkey, &p, dlen) || p < data || + if (!d2i_PUBKEY(&pkey, &p, ilen) || p < data || dlen != (size_t)(p - data)) { tlsa_free(t); SSLerr(SSL_F_DANE_TLSA_ADD, SSL_R_DANE_TLSA_BAD_PUBLIC_KEY); @@ -598,7 +597,7 @@ SSL *SSL_new(SSL_CTX *ctx) s->tlsext_ocsp_ids = NULL; s->tlsext_ocsp_exts = NULL; s->tlsext_ocsp_resp = NULL; - s->tlsext_ocsp_resplen = -1; + s->tlsext_ocsp_resplen = 0; SSL_CTX_up_ref(ctx); s->initial_ctx = ctx; #ifndef OPENSSL_NO_EC @@ -1293,14 +1292,19 @@ int SSL_get_read_ahead(const SSL *s) int SSL_pending(const SSL *s) { + size_t pending = s->method->ssl_pending(s); + /* * SSL_pending cannot work properly if read-ahead is enabled * (SSL_[CTX_]ctrl(..., SSL_CTRL_SET_READ_AHEAD, 1, NULL)), and it is * impossible to fix since SSL_pending cannot report errors that may be * observed while scanning the new data. (Note that SSL_pending() is * often used as a boolean value, so we'd better not return -1.) + * + * SSL_pending also cannot work properly if the value >INT_MAX. In that case + * we just return INT_MAX. */ - return (s->method->ssl_pending(s)); + return pending < INT_MAX ? (int)pending : INT_MAX; } int SSL_has_pending(const SSL *s) @@ -1378,7 +1382,7 @@ int SSL_copy_session_id(SSL *t, const SSL *f) CRYPTO_atomic_add(&f->cert->references, 1, &i, f->cert->lock); ssl_cert_free(t->cert); t->cert = f->cert; - if (!SSL_set_session_id_context(t, f->sid_ctx, f->sid_ctx_length)) { + if (!SSL_set_session_id_context(t, f->sid_ctx, (int)f->sid_ctx_length)) { return 0; } @@ -1509,7 +1513,7 @@ static int ssl_io_intern(void *vargs) struct ssl_async_args *args; SSL *s; void *buf; - int num; + size_t num; args = (struct ssl_async_args *)vargs; s = args->s; @@ -1517,9 +1521,9 @@ static int ssl_io_intern(void *vargs) num = args->num; switch (args->type) { case READFUNC: - return args->f.func_read(s, buf, num); + return args->f.func_read(s, buf, num, &s->asyncrw); case WRITEFUNC: - return args->f.func_write(s, buf, num); + return args->f.func_write(s, buf, num, &s->asyncrw); case OTHERFUNC: return args->f.func_other(s); } @@ -1528,8 +1532,30 @@ static int ssl_io_intern(void *vargs) int SSL_read(SSL *s, void *buf, int num) { + int ret; + size_t readbytes; + + if (num < 0) { + SSLerr(SSL_F_SSL_READ, SSL_R_BAD_LENGTH); + return -1; + } + + ret = SSL_read_ex(s, buf, (size_t)num, &readbytes); + + /* + * The cast is safe here because ret should be <= INT_MAX because num is + * <= INT_MAX + */ + if (ret > 0) + ret = (int)readbytes; + + return ret; +} + +int SSL_read_ex(SSL *s, void *buf, size_t num, size_t *readbytes) +{ if (s->handshake_func == NULL) { - SSLerr(SSL_F_SSL_READ, SSL_R_UNINITIALIZED); + SSLerr(SSL_F_SSL_READ_EX, SSL_R_UNINITIALIZED); return -1; } @@ -1540,6 +1566,7 @@ int SSL_read(SSL *s, void *buf, int num) if ((s->mode & SSL_MODE_ASYNC) && ASYNC_get_current_job() == NULL) { struct ssl_async_args args; + int ret; args.s = s; args.buf = buf; @@ -1547,16 +1574,40 @@ int SSL_read(SSL *s, void *buf, int num) args.type = READFUNC; args.f.func_read = s->method->ssl_read; - return ssl_start_async_job(s, &args, ssl_io_intern); + ret = ssl_start_async_job(s, &args, ssl_io_intern); + *readbytes = s->asyncrw; + return ret; } else { - return s->method->ssl_read(s, buf, num); + return s->method->ssl_read(s, buf, num, readbytes); } } int SSL_peek(SSL *s, void *buf, int num) { + int ret; + size_t readbytes; + + if (num < 0) { + SSLerr(SSL_F_SSL_PEEK, SSL_R_BAD_LENGTH); + return -1; + } + + ret = SSL_peek_ex(s, buf, (size_t)num, &readbytes); + + /* + * The cast is safe here because ret should be <= INT_MAX because num is + * <= INT_MAX + */ + if (ret > 0) + ret = (int)readbytes; + + return ret; +} + +int SSL_peek_ex(SSL *s, void *buf, size_t num, size_t *readbytes) +{ if (s->handshake_func == NULL) { - SSLerr(SSL_F_SSL_PEEK, SSL_R_UNINITIALIZED); + SSLerr(SSL_F_SSL_PEEK_EX, SSL_R_UNINITIALIZED); return -1; } @@ -1565,6 +1616,7 @@ int SSL_peek(SSL *s, void *buf, int num) } if ((s->mode & SSL_MODE_ASYNC) && ASYNC_get_current_job() == NULL) { struct ssl_async_args args; + int ret; args.s = s; args.buf = buf; @@ -1572,26 +1624,51 @@ int SSL_peek(SSL *s, void *buf, int num) args.type = READFUNC; args.f.func_read = s->method->ssl_peek; - return ssl_start_async_job(s, &args, ssl_io_intern); + ret = ssl_start_async_job(s, &args, ssl_io_intern); + *readbytes = s->asyncrw; + return ret; } else { - return s->method->ssl_peek(s, buf, num); + return s->method->ssl_peek(s, buf, num, readbytes); } } int SSL_write(SSL *s, const void *buf, int num) { + int ret; + size_t written; + + if (num < 0) { + SSLerr(SSL_F_SSL_WRITE, SSL_R_BAD_LENGTH); + return -1; + } + + ret = SSL_write_ex(s, buf, (size_t)num, &written); + + /* + * The cast is safe here because ret should be <= INT_MAX because num is + * <= INT_MAX + */ + if (ret > 0) + ret = (int)written; + + return ret; +} + +int SSL_write_ex(SSL *s, const void *buf, size_t num, size_t *written) +{ if (s->handshake_func == NULL) { - SSLerr(SSL_F_SSL_WRITE, SSL_R_UNINITIALIZED); + SSLerr(SSL_F_SSL_WRITE_EX, SSL_R_UNINITIALIZED); return -1; } if (s->shutdown & SSL_SENT_SHUTDOWN) { s->rwstate = SSL_NOTHING; - SSLerr(SSL_F_SSL_WRITE, SSL_R_PROTOCOL_IS_SHUTDOWN); + SSLerr(SSL_F_SSL_WRITE_EX, SSL_R_PROTOCOL_IS_SHUTDOWN); return (-1); } if ((s->mode & SSL_MODE_ASYNC) && ASYNC_get_current_job() == NULL) { + int ret; struct ssl_async_args args; args.s = s; @@ -1600,9 +1677,11 @@ int SSL_write(SSL *s, const void *buf, int num) args.type = WRITEFUNC; args.f.func_write = s->method->ssl_write; - return ssl_start_async_job(s, &args, ssl_io_intern); + ret = ssl_start_async_job(s, &args, ssl_io_intern); + *written = s->asyncrw; + return ret; } else { - return s->method->ssl_write(s, buf, num); + return s->method->ssl_write(s, buf, num, written); } } @@ -1688,11 +1767,13 @@ long SSL_ctrl(SSL *s, int cmd, long larg, void *parg) case SSL_CTRL_CLEAR_MODE: return (s->mode &= ~larg); case SSL_CTRL_GET_MAX_CERT_LIST: - return (s->max_cert_list); + return (long)(s->max_cert_list); case SSL_CTRL_SET_MAX_CERT_LIST: - l = s->max_cert_list; - s->max_cert_list = larg; - return (l); + if (larg < 0) + return 0; + l = (long)s->max_cert_list; + s->max_cert_list = (size_t)larg; + return l; case SSL_CTRL_SET_MAX_SEND_FRAGMENT: if (larg < 512 || larg > SSL3_RT_MAX_PLAIN_LENGTH) return 0; @@ -1701,7 +1782,7 @@ long SSL_ctrl(SSL *s, int cmd, long larg, void *parg) s->split_send_fragment = s->max_send_fragment; return 1; case SSL_CTRL_SET_SPLIT_SEND_FRAGMENT: - if ((unsigned int)larg > s->max_send_fragment || larg == 0) + if ((size_t)larg > s->max_send_fragment || larg == 0) return 0; s->split_send_fragment = larg; return 1; @@ -1800,18 +1881,22 @@ long SSL_CTX_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg) return 1; case SSL_CTRL_GET_MAX_CERT_LIST: - return (ctx->max_cert_list); + return (long)(ctx->max_cert_list); case SSL_CTRL_SET_MAX_CERT_LIST: - l = ctx->max_cert_list; - ctx->max_cert_list = larg; - return (l); + if (larg < 0) + return 0; + l = (long)ctx->max_cert_list; + ctx->max_cert_list = (size_t)larg; + return l; case SSL_CTRL_SET_SESS_CACHE_SIZE: - l = ctx->session_cache_size; - ctx->session_cache_size = larg; - return (l); + if (larg < 0) + return 0; + l = (long)ctx->session_cache_size; + ctx->session_cache_size = (size_t)larg; + return l; case SSL_CTRL_GET_SESS_CACHE_SIZE: - return (ctx->session_cache_size); + return (long)(ctx->session_cache_size); case SSL_CTRL_SET_SESS_CACHE_MODE: l = ctx->session_cache_mode; ctx->session_cache_mode = larg; @@ -1855,7 +1940,7 @@ long SSL_CTX_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg) ctx->split_send_fragment = ctx->max_send_fragment; return 1; case SSL_CTRL_SET_SPLIT_SEND_FRAGMENT: - if ((unsigned int)larg > ctx->max_send_fragment || larg == 0) + if ((size_t)larg > ctx->max_send_fragment || larg == 0) return 0; ctx->split_send_fragment = larg; return 1; @@ -2170,7 +2255,7 @@ void SSL_get0_next_proto_negotiated(const SSL *s, const unsigned char **data, if (!*data) { *len = 0; } else { - *len = s->next_proto_negotiated_len; + *len = (unsigned int)s->next_proto_negotiated_len; } } @@ -2287,7 +2372,7 @@ void SSL_get0_alpn_selected(const SSL *ssl, const unsigned char **data, if (*data == NULL) *len = 0; else - *len = ssl->s3->alpn_selected_len; + *len = (unsigned int)ssl->s3->alpn_selected_len; } int SSL_export_keying_material(SSL *s, unsigned char *out, size_t olen, @@ -2923,72 +3008,69 @@ int SSL_get_error(const SSL *s, int i) return (SSL_ERROR_SSL); } - if (i < 0) { - if (SSL_want_read(s)) { - bio = SSL_get_rbio(s); - if (BIO_should_read(bio)) - return (SSL_ERROR_WANT_READ); - else if (BIO_should_write(bio)) - /* - * This one doesn't make too much sense ... We never try to write - * to the rbio, and an application program where rbio and wbio - * are separate couldn't even know what it should wait for. - * However if we ever set s->rwstate incorrectly (so that we have - * SSL_want_read(s) instead of SSL_want_write(s)) and rbio and - * wbio *are* the same, this test works around that bug; so it - * might be safer to keep it. - */ - return (SSL_ERROR_WANT_WRITE); - else if (BIO_should_io_special(bio)) { - reason = BIO_get_retry_reason(bio); - if (reason == BIO_RR_CONNECT) - return (SSL_ERROR_WANT_CONNECT); - else if (reason == BIO_RR_ACCEPT) - return (SSL_ERROR_WANT_ACCEPT); - else - return (SSL_ERROR_SYSCALL); /* unknown */ - } + if (SSL_want_read(s)) { + bio = SSL_get_rbio(s); + if (BIO_should_read(bio)) + return (SSL_ERROR_WANT_READ); + else if (BIO_should_write(bio)) + /* + * This one doesn't make too much sense ... We never try to write + * to the rbio, and an application program where rbio and wbio + * are separate couldn't even know what it should wait for. + * However if we ever set s->rwstate incorrectly (so that we have + * SSL_want_read(s) instead of SSL_want_write(s)) and rbio and + * wbio *are* the same, this test works around that bug; so it + * might be safer to keep it. + */ + return (SSL_ERROR_WANT_WRITE); + else if (BIO_should_io_special(bio)) { + reason = BIO_get_retry_reason(bio); + if (reason == BIO_RR_CONNECT) + return (SSL_ERROR_WANT_CONNECT); + else if (reason == BIO_RR_ACCEPT) + return (SSL_ERROR_WANT_ACCEPT); + else + return (SSL_ERROR_SYSCALL); /* unknown */ } + } - if (SSL_want_write(s)) { + if (SSL_want_write(s)) { + /* + * Access wbio directly - in order to use the buffered bio if + * present + */ + bio = s->wbio; + if (BIO_should_write(bio)) + return (SSL_ERROR_WANT_WRITE); + else if (BIO_should_read(bio)) /* - * Access wbio directly - in order to use the buffered bio if - * present + * See above (SSL_want_read(s) with BIO_should_write(bio)) */ - bio = s->wbio; - if (BIO_should_write(bio)) - return (SSL_ERROR_WANT_WRITE); - else if (BIO_should_read(bio)) - /* - * See above (SSL_want_read(s) with BIO_should_write(bio)) - */ - return (SSL_ERROR_WANT_READ); - else if (BIO_should_io_special(bio)) { - reason = BIO_get_retry_reason(bio); - if (reason == BIO_RR_CONNECT) - return (SSL_ERROR_WANT_CONNECT); - else if (reason == BIO_RR_ACCEPT) - return (SSL_ERROR_WANT_ACCEPT); - else - return (SSL_ERROR_SYSCALL); - } - } - if (SSL_want_x509_lookup(s)) { - return (SSL_ERROR_WANT_X509_LOOKUP); - } - if (SSL_want_async(s)) { - return SSL_ERROR_WANT_ASYNC; - } - if (SSL_want_async_job(s)) { - return SSL_ERROR_WANT_ASYNC_JOB; + return (SSL_ERROR_WANT_READ); + else if (BIO_should_io_special(bio)) { + reason = BIO_get_retry_reason(bio); + if (reason == BIO_RR_CONNECT) + return (SSL_ERROR_WANT_CONNECT); + else if (reason == BIO_RR_ACCEPT) + return (SSL_ERROR_WANT_ACCEPT); + else + return (SSL_ERROR_SYSCALL); } } - - if (i == 0) { - if ((s->shutdown & SSL_RECEIVED_SHUTDOWN) && - (s->s3->warn_alert == SSL_AD_CLOSE_NOTIFY)) - return (SSL_ERROR_ZERO_RETURN); + if (SSL_want_x509_lookup(s)) { + return (SSL_ERROR_WANT_X509_LOOKUP); + } + if (SSL_want_async(s)) { + return SSL_ERROR_WANT_ASYNC; } + if (SSL_want_async_job(s)) { + return SSL_ERROR_WANT_ASYNC_JOB; + } + + if ((s->shutdown & SSL_RECEIVED_SHUTDOWN) && + (s->s3->warn_alert == SSL_AD_CLOSE_NOTIFY)) + return (SSL_ERROR_ZERO_RETURN); + return (SSL_ERROR_SYSCALL); } @@ -3151,7 +3233,8 @@ SSL *SSL_dup(SSL *s) goto err; } - if (!SSL_set_session_id_context(ret, s->sid_ctx, s->sid_ctx_length)) + if (!SSL_set_session_id_context(ret, s->sid_ctx, + (int)s->sid_ctx_length)) goto err; } @@ -3518,13 +3601,9 @@ size_t SSL_get_server_random(const SSL *ssl, unsigned char *out, size_t outlen) size_t SSL_SESSION_get_master_key(const SSL_SESSION *session, unsigned char *out, size_t outlen) { - if (session->master_key_length < 0) { - /* Should never happen */ - return 0; - } if (outlen == 0) return session->master_key_length; - if (outlen > (size_t)session->master_key_length) + if (outlen > session->master_key_length) outlen = session->master_key_length; memcpy(out, session->master_key, outlen); return outlen; @@ -3755,23 +3834,28 @@ void ssl_clear_hash_ctx(EVP_MD_CTX **hash) } /* Retrieve handshake hashes */ -int ssl_handshake_hash(SSL *s, unsigned char *out, int outlen) +int ssl_handshake_hash(SSL *s, unsigned char *out, size_t outlen, + size_t *hashlen) { EVP_MD_CTX *ctx = NULL; EVP_MD_CTX *hdgst = s->s3->handshake_dgst; - int ret = EVP_MD_CTX_size(hdgst); - if (ret < 0 || ret > outlen) { - ret = 0; + int hashleni = EVP_MD_CTX_size(hdgst); + int ret = 0; + + if (hashleni < 0 || (size_t)hashleni > outlen) goto err; - } + ctx = EVP_MD_CTX_new(); - if (ctx == NULL) { - ret = 0; + if (ctx == NULL) goto err; - } + if (!EVP_MD_CTX_copy_ex(ctx, hdgst) || EVP_DigestFinal_ex(ctx, out, NULL) <= 0) - ret = 0; + goto err; + + *hashlen = hashleni; + + ret = 1; err: EVP_MD_CTX_free(ctx); return ret; @@ -3991,7 +4075,7 @@ static int ct_extract_ocsp_response_scts(SSL *s) goto err; p = s->tlsext_ocsp_resp; - rsp = d2i_OCSP_RESPONSE(NULL, &p, s->tlsext_ocsp_resplen); + rsp = d2i_OCSP_RESPONSE(NULL, &p, (int)s->tlsext_ocsp_resplen); if (rsp == NULL) goto err; diff --git a/ssl/ssl_locl.h b/ssl/ssl_locl.h index 1cf27b9..0c6bd31 100644 --- a/ssl/ssl_locl.h +++ b/ssl/ssl_locl.h @@ -444,22 +444,24 @@ struct ssl_method_st { void (*ssl_free) (SSL *s); int (*ssl_accept) (SSL *s); int (*ssl_connect) (SSL *s); - int (*ssl_read) (SSL *s, void *buf, int len); - int (*ssl_peek) (SSL *s, void *buf, int len); - int (*ssl_write) (SSL *s, const void *buf, int len); + int (*ssl_read) (SSL *s, void *buf, size_t len, size_t *readbytes); + int (*ssl_peek) (SSL *s, void *buf, size_t len, size_t *readbytes); + int (*ssl_write) (SSL *s, const void *buf, size_t len, size_t *written); int (*ssl_shutdown) (SSL *s); int (*ssl_renegotiate) (SSL *s); int (*ssl_renegotiate_check) (SSL *s); int (*ssl_read_bytes) (SSL *s, int type, int *recvd_type, - unsigned char *buf, int len, int peek); - int (*ssl_write_bytes) (SSL *s, int type, const void *buf_, int len); + unsigned char *buf, size_t len, int peek, + size_t *readbytes); + int (*ssl_write_bytes) (SSL *s, int type, const void *buf_, size_t len, + size_t *written); int (*ssl_dispatch_alert) (SSL *s); long (*ssl_ctrl) (SSL *s, int cmd, long larg, void *parg); long (*ssl_ctx_ctrl) (SSL_CTX *ctx, int cmd, long larg, void *parg); const SSL_CIPHER *(*get_cipher_by_char) (const unsigned char *ptr); int (*put_cipher_by_char) (const SSL_CIPHER *cipher, WPACKET *pkt, size_t *len); - int (*ssl_pending) (const SSL *s); + size_t (*ssl_pending) (const SSL *s); int (*num_ciphers) (void); const SSL_CIPHER *(*get_cipher) (unsigned ncipher); long (*get_timeout) (void); @@ -498,17 +500,17 @@ struct ssl_method_st { struct ssl_session_st { int ssl_version; /* what ssl version session info is being kept * in here? */ - int master_key_length; + size_t master_key_length; unsigned char master_key[SSL_MAX_MASTER_KEY_LENGTH]; /* session_id - valid? */ - unsigned int session_id_length; + size_t session_id_length; unsigned char session_id[SSL_MAX_SSL_SESSION_ID_LENGTH]; /* * this is used to determine whether the session is being reused in the * appropriate context. It is up to the application to set this, via * SSL_new */ - unsigned int sid_ctx_length; + size_t sid_ctx_length; unsigned char sid_ctx[SSL_MAX_SID_CTX_LENGTH]; # ifndef OPENSSL_NO_PSK char *psk_identity_hint; @@ -610,7 +612,7 @@ struct ssl_ctx_st { * Most session-ids that will be cached, default is * SSL_SESSION_CACHE_MAX_SIZE_DEFAULT. 0 is unlimited. */ - unsigned long session_cache_size; + size_t session_cache_size; struct ssl_session_st *session_cache_head; struct ssl_session_st *session_cache_tail; /* @@ -709,7 +711,7 @@ struct ssl_ctx_st { uint32_t mode; int min_proto_version; int max_proto_version; - long max_cert_list; + size_t max_cert_list; struct cert_st /* CERT */ *cert; int read_ahead; @@ -720,7 +722,7 @@ struct ssl_ctx_st { void *msg_callback_arg; uint32_t verify_mode; - unsigned int sid_ctx_length; + size_t sid_ctx_length; unsigned char sid_ctx[SSL_MAX_SID_CTX_LENGTH]; /* called 'verify_callback' in the SSL */ int (*default_verify_callback) (int ok, X509_STORE_CTX *ctx); @@ -746,15 +748,15 @@ struct ssl_ctx_st { * If we're using more than one pipeline how should we divide the data * up between the pipes? */ - unsigned int split_send_fragment; + size_t split_send_fragment; /* * Maximum amount of data to send in one fragment. actual record size can * be more than this due to padding and MAC overheads. */ - unsigned int max_send_fragment; + size_t max_send_fragment; /* Up to how many pipelines should we use? If 0 then 1 is assumed */ - unsigned int max_pipelines; + size_t max_pipelines; /* The default read buffer length to use (0 means not set) */ size_t default_read_buf_len; @@ -846,7 +848,7 @@ struct ssl_ctx_st { * format. */ unsigned char *alpn_client_proto_list; - unsigned alpn_client_proto_list_len; + size_t alpn_client_proto_list_len; /* Shared DANE context */ struct dane_ctx_st dane; @@ -922,8 +924,8 @@ struct ssl_st { BUF_MEM *init_buf; /* buffer used during init */ void *init_msg; /* pointer to handshake message body, set by * ssl3_get_message() */ - int init_num; /* amount read/written */ - int init_off; /* amount read/written */ + size_t init_num; /* amount read/written */ + size_t init_off; /* amount read/written */ struct ssl3_state_st *s3; /* SSLv3 variables */ struct dtls1_state_st *d1; /* DTLSv1 variables */ /* callback that allows applications to peek at protocol messages */ @@ -956,7 +958,7 @@ struct ssl_st { * the session_id_context is used to ensure sessions are only reused in * the appropriate context */ - unsigned int sid_ctx_length; + size_t sid_ctx_length; unsigned char sid_ctx[SSL_MAX_SID_CTX_LENGTH]; /* This can also be in the session once a session is established */ SSL_SESSION *session; @@ -1001,7 +1003,7 @@ struct ssl_st { uint32_t mode; int min_proto_version; int max_proto_version; - long max_cert_list; + size_t max_cert_list; int first_packet; /* what was passed, used for SSLv3/TLS rollback check */ int client_version; @@ -1009,14 +1011,14 @@ struct ssl_st { * If we're using more than one pipeline how should we divide the data * up between the pipes? */ - unsigned int split_send_fragment; + size_t split_send_fragment; /* * Maximum amount of data to send in one fragment. actual record size can * be more than this due to padding and MAC overheads. */ - unsigned int max_send_fragment; + size_t max_send_fragment; /* Up to how many pipelines should we use? If 0 then 1 is assumed */ - unsigned int max_pipelines; + size_t max_pipelines; /* TLS extension debug callback */ void (*tlsext_debug_cb) (SSL *s, int client_server, int type, const unsigned char *data, int len, void *arg); @@ -1059,7 +1061,7 @@ struct ssl_st { X509_EXTENSIONS *tlsext_ocsp_exts; /* OCSP response received or to be sent */ unsigned char *tlsext_ocsp_resp; - int tlsext_ocsp_resplen; + size_t tlsext_ocsp_resplen; /* RFC4507 session ticket expected to be received or sent */ int tlsext_ticket_expected; # ifndef OPENSSL_NO_EC @@ -1088,7 +1090,7 @@ struct ssl_st { * the Finished message. */ unsigned char *next_proto_negotiated; - unsigned char next_proto_negotiated_len; + size_t next_proto_negotiated_len; # endif # define session_ctx initial_ctx /* What we'll do */ @@ -1111,7 +1113,7 @@ struct ssl_st { * format. */ unsigned char *alpn_client_proto_list; - unsigned alpn_client_proto_list_len; + size_t alpn_client_proto_list_len; /*- * 1 if we are renegotiating. * 2 if we are a server and are inside a handshake @@ -1135,14 +1137,16 @@ struct ssl_st { /* Async Job info */ ASYNC_JOB *job; ASYNC_WAIT_CTX *waitctx; + size_t asyncrw; + CRYPTO_RWLOCK *lock; }; typedef struct ssl3_state_st { long flags; - int read_mac_secret_size; + size_t read_mac_secret_size; unsigned char read_mac_secret[EVP_MAX_MD_SIZE]; - int write_mac_secret_size; + size_t write_mac_secret_size; unsigned char write_mac_secret[EVP_MAX_MD_SIZE]; unsigned char server_random[SSL3_RANDOM_SIZE]; unsigned char client_random[SSL3_RANDOM_SIZE]; @@ -1181,10 +1185,10 @@ typedef struct ssl3_state_st { struct { /* actually only need to be 16+20 for SSLv3 and 12 for TLS */ unsigned char finish_md[EVP_MAX_MD_SIZE * 2]; - int finish_md_len; + size_t finish_md_len; unsigned char peer_finish_md[EVP_MAX_MD_SIZE * 2]; - int peer_finish_md_len; - unsigned long message_size; + size_t peer_finish_md_len; + size_t message_size; int message_type; /* used to hold the new cipher we are going to use */ const SSL_CIPHER *new_cipher; @@ -1196,12 +1200,12 @@ typedef struct ssl3_state_st { int ctype_num; char ctype[SSL3_CT_NUMBER]; STACK_OF(X509_NAME) *ca_names; - int key_block_length; + size_t key_block_length; unsigned char *key_block; const EVP_CIPHER *new_sym_enc; const EVP_MD *new_hash; int new_mac_pkey_type; - int new_mac_secret_size; + size_t new_mac_secret_size; # ifndef OPENSSL_NO_COMP const SSL_COMP *new_compression; # else @@ -1255,9 +1259,9 @@ typedef struct ssl3_state_st { /* Connection binding to prevent renegotiation attacks */ unsigned char previous_client_finished[EVP_MAX_MD_SIZE]; - unsigned char previous_client_finished_len; + size_t previous_client_finished_len; unsigned char previous_server_finished[EVP_MAX_MD_SIZE]; - unsigned char previous_server_finished_len; + size_t previous_server_finished_len; int send_connection_binding; /* TODOEKR */ # ifndef OPENSSL_NO_NEXTPROTONEG @@ -1326,10 +1330,10 @@ struct dtls1_retransmit_state { struct hm_header_st { unsigned char type; - unsigned long msg_len; + size_t msg_len; unsigned short seq; - unsigned long frag_off; - unsigned long frag_len; + size_t frag_off; + size_t frag_len; unsigned int is_ccs; struct dtls1_retransmit_state saved_retransmit_state; }; @@ -1370,11 +1374,11 @@ pitem *pqueue_pop(pqueue *pq); pitem *pqueue_find(pqueue *pq, unsigned char *prio64be); pitem *pqueue_iterator(pqueue *pq); pitem *pqueue_next(piterator *iter); -int pqueue_size(pqueue *pq); +size_t pqueue_size(pqueue *pq); typedef struct dtls1_state_st { unsigned char cookie[DTLS1_COOKIE_LENGTH]; - unsigned int cookie_len; + size_t cookie_len; unsigned int cookie_verified; /* handshake message numbers */ unsigned short handshake_write_seq; @@ -1384,8 +1388,8 @@ typedef struct dtls1_state_st { pqueue *buffered_messages; /* Buffered (sent) handshake records */ pqueue *sent_messages; - unsigned int link_mtu; /* max on-the-wire DTLS packet size */ - unsigned int mtu; /* max DTLS packet size */ + size_t link_mtu; /* max on-the-wire DTLS packet size */ + size_t mtu; /* max DTLS packet size */ struct hm_header_st w_msg_hdr; struct hm_header_st r_msg_hdr; struct dtls1_timeout_st timeout; @@ -1562,18 +1566,17 @@ struct tls_sigalgs_st { * of a mess of functions, but hell, think of it as an opaque structure :-) */ typedef struct ssl3_enc_method { - int (*enc) (SSL *, SSL3_RECORD *, unsigned int, int); + int (*enc) (SSL *, SSL3_RECORD *, size_t, int); int (*mac) (SSL *, SSL3_RECORD *, unsigned char *, int); int (*setup_key_block) (SSL *); int (*generate_master_secret) (SSL *, unsigned char *, unsigned char *, - int); + size_t, size_t *); int (*change_cipher_state) (SSL *, int); - int (*final_finish_mac) (SSL *, const char *, int, unsigned char *); - int finish_mac_length; + size_t (*final_finish_mac) (SSL *, const char *, size_t, unsigned char *); const char *client_finished_label; - int client_finished_label_len; + size_t client_finished_label_len; const char *server_finished_label; - int server_finished_label_len; + size_t server_finished_label_len; int (*alert_value) (int); int (*export_keying_material) (SSL *, unsigned char *, size_t, const char *, size_t, @@ -1581,8 +1584,6 @@ typedef struct ssl3_enc_method { int use_context); /* Various flags indicating protocol version requirements */ uint32_t enc_flags; - /* Handshake header length */ - unsigned int hhlen; /* Set the handshake header */ int (*set_handshake_header) (SSL *s, WPACKET *pkt, int type); /* Close construction of the handshake message */ @@ -1591,9 +1592,6 @@ typedef struct ssl3_enc_method { int (*do_write) (SSL *s); } SSL3_ENC_METHOD; -# define SSL_HM_HEADER_LENGTH(s) s->method->ssl3_enc->hhlen -# define ssl_handshake_start(s) \ - (((unsigned char *)s->init_buf->data) + s->method->ssl3_enc->hhlen) # define ssl_set_handshake_header(s, pkt, htype) \ s->method->ssl3_enc->set_handshake_header((s), (pkt), (htype)) # define ssl_close_construct_packet(s, pkt, htype) \ @@ -1815,7 +1813,7 @@ __owur STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *meth, void ssl_update_cache(SSL *s, int mode); __owur int ssl_cipher_get_evp(const SSL_SESSION *s, const EVP_CIPHER **enc, const EVP_MD **md, int *mac_pkey_type, - int *mac_secret_size, SSL_COMP **comp, + size_t *mac_secret_size, SSL_COMP **comp, int use_etm); __owur int ssl_cipher_get_overhead(const SSL_CIPHER *c, size_t *mac_overhead, size_t *int_overhead, size_t *blocksize, @@ -1858,7 +1856,7 @@ __owur int ssl_verify_alarm_type(long type); void ssl_sort_cipher_list(void); void ssl_load_ciphers(void); __owur int ssl_fill_hello_random(SSL *s, int server, unsigned char *field, - int len); + size_t len); __owur int ssl_generate_master_secret(SSL *s, unsigned char *pms, size_t pmslen, int free_pms); __owur EVP_PKEY *ssl_generate_pkey(EVP_PKEY *pm); @@ -1875,16 +1873,17 @@ void ssl3_cleanup_key_block(SSL *s); __owur int ssl3_do_write(SSL *s, int type); int ssl3_send_alert(SSL *s, int level, int desc); __owur int ssl3_generate_master_secret(SSL *s, unsigned char *out, - unsigned char *p, int len); + unsigned char *p, size_t len, + size_t *secret_size); __owur int ssl3_get_req_cert_type(SSL *s, WPACKET *pkt); __owur int ssl3_num_ciphers(void); __owur const SSL_CIPHER *ssl3_get_cipher(unsigned int u); int ssl3_renegotiate(SSL *ssl); int ssl3_renegotiate_check(SSL *ssl); __owur int ssl3_dispatch_alert(SSL *s); -__owur int ssl3_final_finish_mac(SSL *s, const char *sender, int slen, - unsigned char *p); -__owur int ssl3_finish_mac(SSL *s, const unsigned char *buf, int len); +__owur size_t ssl3_final_finish_mac(SSL *s, const char *sender, size_t slen, + unsigned char *p); +__owur int ssl3_finish_mac(SSL *s, const unsigned char *buf, size_t len); void ssl3_free_digest_list(SSL *s); __owur unsigned long ssl3_output_cert_chain(SSL *s, WPACKET *pkt, CERT_PKEY *cpk); @@ -1894,9 +1893,9 @@ __owur const SSL_CIPHER *ssl3_choose_cipher(SSL *ssl, __owur int ssl3_digest_cached_records(SSL *s, int keep); __owur int ssl3_new(SSL *s); void ssl3_free(SSL *s); -__owur int ssl3_read(SSL *s, void *buf, int len); -__owur int ssl3_peek(SSL *s, void *buf, int len); -__owur int ssl3_write(SSL *s, const void *buf, int len); +__owur int ssl3_read(SSL *s, void *buf, size_t len, size_t *readbytes); +__owur int ssl3_peek(SSL *s, void *buf, size_t len, size_t *readbytes); +__owur int ssl3_write(SSL *s, const void *buf, size_t len, size_t *written); __owur int ssl3_shutdown(SSL *s); void ssl3_clear(SSL *s); __owur long ssl3_ctrl(SSL *s, int cmd, long larg, void *parg); @@ -1929,11 +1928,11 @@ __owur long tls1_default_timeout(void); __owur int dtls1_do_write(SSL *s, int type); void dtls1_set_message_header(SSL *s, unsigned char mt, - unsigned long len, - unsigned long frag_off, unsigned long frag_len); + size_t len, + size_t frag_off, size_t frag_len); -__owur int dtls1_write_app_data_bytes(SSL *s, int type, const void *buf, - int len); +int dtls1_write_app_data_bytes(SSL *s, int type, const void *buf_, size_t len, + size_t *written); __owur int dtls1_read_failed(SSL *s, int code); __owur int dtls1_buffer_message(SSL *s, int ccs); @@ -1953,9 +1952,9 @@ void dtls1_stop_timer(SSL *s); __owur int dtls1_is_timer_expired(SSL *s); void dtls1_double_timeout(SSL *s); __owur int dtls_raw_hello_verify_request(WPACKET *pkt, unsigned char *cookie, - unsigned char cookie_len); + size_t cookie_len); __owur int dtls1_send_newsession_ticket(SSL *s); -__owur unsigned int dtls1_min_mtu(SSL *s); +__owur size_t dtls1_min_mtu(SSL *s); void dtls1_hm_fragment_free(hm_fragment *frag); __owur int dtls1_query_mtu(SSL *s); @@ -1978,10 +1977,11 @@ void ssl_free_wbio_buffer(SSL *s); __owur int tls1_change_cipher_state(SSL *s, int which); __owur int tls1_setup_key_block(SSL *s); -__owur int tls1_final_finish_mac(SSL *s, - const char *str, int slen, unsigned char *p); +__owur size_t tls1_final_finish_mac(SSL *s, const char *str, size_t slen, + unsigned char *p); __owur int tls1_generate_master_secret(SSL *s, unsigned char *out, - unsigned char *p, int len); + unsigned char *p, size_t len, + size_t *secret_size); __owur int tls1_export_keying_material(SSL *s, unsigned char *out, size_t olen, const char *label, size_t llen, const unsigned char *p, size_t plen, @@ -2031,7 +2031,7 @@ __owur int ssl_prepare_serverhello_tlsext(SSL *s); # ifndef OPENSSL_NO_HEARTBEATS __owur int dtls1_heartbeat(SSL *s); __owur int dtls1_process_heartbeat(SSL *s, unsigned char *p, - unsigned int length); + size_t length); # endif __owur int tls_check_serverhello_tlsext_early(SSL *s, const PACKET *ext, @@ -2071,7 +2071,7 @@ __owur int ssl_parse_clienthello_renegotiate_ext(SSL *s, PACKET *pkt, int *al); __owur long ssl_get_algorithm2(SSL *s); __owur int tls12_copy_sigalgs(SSL *s, WPACKET *pkt, const unsigned char *psig, size_t psiglen); -__owur int tls1_save_sigalgs(SSL *s, const unsigned char *data, int dsize); +__owur int tls1_save_sigalgs(SSL *s, const unsigned char *data, size_t dsize); __owur int tls1_process_sigalgs(SSL *s); __owur size_t tls12_get_psigalgs(SSL *s, const unsigned char **psigs); __owur int tls12_check_peer_sigalg(const EVP_MD **pmd, SSL *s, @@ -2082,7 +2082,8 @@ __owur int ssl_cipher_disabled(SSL *s, const SSL_CIPHER *c, int op); __owur int ssl_parse_clienthello_use_srtp_ext(SSL *s, PACKET *pkt, int *al); __owur int ssl_parse_serverhello_use_srtp_ext(SSL *s, PACKET *pkt, int *al); -__owur int ssl_handshake_hash(SSL *s, unsigned char *out, int outlen); +__owur int ssl_handshake_hash(SSL *s, unsigned char *out, size_t outlen, + size_t *hashlen); __owur const EVP_MD *ssl_md(int idx); __owur const EVP_MD *ssl_handshake_md(SSL *s); __owur const EVP_MD *ssl_prf_md(SSL *s); @@ -2097,7 +2098,7 @@ __owur int ssl3_cbc_digest_record(const EVP_MD_CTX *ctx, size_t data_plus_mac_size, size_t data_plus_mac_plus_padding_size, const unsigned char *mac_secret, - unsigned mac_secret_length, char is_sslv3); + size_t mac_secret_length, char is_sslv3); __owur int tls_fips_digest_extra(const EVP_CIPHER_CTX *cipher_ctx, EVP_MD_CTX *mac_ctx, const unsigned char *data, diff --git a/ssl/ssl_mcnf.c b/ssl/ssl_mcnf.c index c2d9dba..59674f3 100644 --- a/ssl/ssl_mcnf.c +++ b/ssl/ssl_mcnf.c @@ -73,7 +73,7 @@ static int ssl_module_init(CONF_IMODULE *md, const CONF *cnf) ssl_names_count = cnt; for (i = 0; i < ssl_names_count; i++) { struct ssl_conf_name *ssl_name = ssl_names + i; - CONF_VALUE *sect = sk_CONF_VALUE_value(cmd_lists, i); + CONF_VALUE *sect = sk_CONF_VALUE_value(cmd_lists, (int)i); STACK_OF(CONF_VALUE) *cmds = NCONF_get_section(cnf, sect->value); if (sk_CONF_VALUE_num(cmds) <= 0) { if (cmds == NULL) @@ -94,7 +94,7 @@ static int ssl_module_init(CONF_IMODULE *md, const CONF *cnf) ssl_name->cmd_count = cnt; for (j = 0; j < cnt; j++) { const char *name; - CONF_VALUE *cmd_conf = sk_CONF_VALUE_value(cmds, j); + CONF_VALUE *cmd_conf = sk_CONF_VALUE_value(cmds, (int)j); struct ssl_conf_cmd *cmd = ssl_name->cmds + j; /* Skip any initial dot in name */ name = strchr(cmd_conf->name, '.'); diff --git a/ssl/ssl_sess.c b/ssl/ssl_sess.c index e0ec918..44101cb 100644 --- a/ssl/ssl_sess.c +++ b/ssl/ssl_sess.c @@ -236,14 +236,14 @@ SSL_SESSION *ssl_session_dup(SSL_SESSION *src, int ticket) const unsigned char *SSL_SESSION_get_id(const SSL_SESSION *s, unsigned int *len) { if (len) - *len = s->session_id_length; + *len = (unsigned int)s->session_id_length; return s->session_id; } const unsigned char *SSL_SESSION_get0_id_context(const SSL_SESSION *s, unsigned int *len) { if (len != NULL) - *len = s->sid_ctx_length; + *len = (unsigned int)s->sid_ctx_length; return s->sid_ctx; } @@ -369,7 +369,7 @@ int ssl_get_new_session(SSL *s, int session) CRYPTO_THREAD_unlock(s->lock); /* Choose a session ID */ memset(ss->session_id, 0, ss->session_id_length); - tmp = ss->session_id_length; + tmp = (int)ss->session_id_length; if (!cb(s, ss->session_id, &tmp)) { /* The callback failed */ SSLerr(SSL_F_SSL_GET_NEW_SESSION, @@ -391,7 +391,7 @@ int ssl_get_new_session(SSL *s, int session) ss->session_id_length = tmp; /* Finally, check for a conflict */ if (SSL_has_matching_session_id(s, ss->session_id, - ss->session_id_length)) { + (unsigned int)ss->session_id_length)) { SSLerr(SSL_F_SSL_GET_NEW_SESSION, SSL_R_SSL_SESSION_ID_CONFLICT); SSL_SESSION_free(ss); return (0); @@ -502,7 +502,7 @@ int ssl_get_prev_session(SSL *s, const PACKET *ext, const PACKET *session_id) ret == NULL && s->session_ctx->get_session_cb != NULL) { int copy = 1; ret = s->session_ctx->get_session_cb(s, PACKET_data(session_id), - PACKET_remaining(session_id), + (int)PACKET_remaining(session_id), ©); if (ret != NULL) { diff --git a/ssl/ssl_txt.c b/ssl/ssl_txt.c index dbbf9d9..06ea646 100644 --- a/ssl/ssl_txt.c +++ b/ssl/ssl_txt.c @@ -57,7 +57,7 @@ int SSL_SESSION_print_fp(FILE *fp, const SSL_SESSION *x) int SSL_SESSION_print(BIO *bp, const SSL_SESSION *x) { - unsigned int i; + size_t i; const char *s; if (x == NULL) @@ -98,7 +98,7 @@ int SSL_SESSION_print(BIO *bp, const SSL_SESSION *x) } if (BIO_puts(bp, "\n Master-Key: ") <= 0) goto err; - for (i = 0; i < (unsigned int)x->master_key_length; i++) { + for (i = 0; i < x->master_key_length; i++) { if (BIO_printf(bp, "%02X", x->master_key[i]) <= 0) goto err; } @@ -128,8 +128,9 @@ int SSL_SESSION_print(BIO *bp, const SSL_SESSION *x) if (x->tlsext_tick) { if (BIO_puts(bp, "\n TLS session ticket:\n") <= 0) goto err; + /* TODO(size_t): Convert this call */ if (BIO_dump_indent - (bp, (const char *)x->tlsext_tick, x->tlsext_ticklen, 4) + (bp, (const char *)x->tlsext_tick, (int)x->tlsext_ticklen, 4) <= 0) goto err; } @@ -181,7 +182,7 @@ int SSL_SESSION_print(BIO *bp, const SSL_SESSION *x) */ int SSL_SESSION_print_keylog(BIO *bp, const SSL_SESSION *x) { - unsigned int i; + size_t i; if (x == NULL) goto err; @@ -204,7 +205,7 @@ int SSL_SESSION_print_keylog(BIO *bp, const SSL_SESSION *x) } if (BIO_puts(bp, " Master-Key:") <= 0) goto err; - for (i = 0; i < (unsigned int)x->master_key_length; i++) { + for (i = 0; i < x->master_key_length; i++) { if (BIO_printf(bp, "%02X", x->master_key[i]) <= 0) goto err; } diff --git a/ssl/statem/statem.c b/ssl/statem/statem.c index 786eb24..901a3f2 100644 --- a/ssl/statem/statem.c +++ b/ssl/statem/statem.c @@ -490,12 +490,12 @@ static SUB_STATE_RETURN read_state_machine(SSL *s) { OSSL_STATEM *st = &s->statem; int ret, mt; - unsigned long len = 0; + size_t len = 0; int (*transition) (SSL *s, int mt); PACKET pkt; MSG_PROCESS_RETURN(*process_message) (SSL *s, PACKET *pkt); WORK_STATE(*post_process_message) (SSL *s, WORK_STATE wst); - unsigned long (*max_message_size) (SSL *s); + size_t (*max_message_size) (SSL *s); void (*cb) (const SSL *ssl, int type, int val) = NULL; cb = get_callback(s); diff --git a/ssl/statem/statem_clnt.c b/ssl/statem/statem_clnt.c index 51513d5..d8fbf58 100644 --- a/ssl/statem/statem_clnt.c +++ b/ssl/statem/statem_clnt.c @@ -568,7 +568,7 @@ int ossl_statem_client_construct_message(SSL *s, WPACKET *pkt, * Returns the maximum allowed length for the current message that we are * reading. Excludes the message header. */ -unsigned long ossl_statem_client_max_message_size(SSL *s) +size_t ossl_statem_client_max_message_size(SSL *s) { OSSL_STATEM *st = &s->statem; @@ -696,8 +696,8 @@ WORK_STATE ossl_statem_client_post_process_message(SSL *s, WORK_STATE wst) int tls_construct_client_hello(SSL *s, WPACKET *pkt) { unsigned char *p; - int i; - int protverr; + size_t sess_id_len; + int i, protverr; int al = SSL_AD_HANDSHAKE_FAILURE; #ifndef OPENSSL_NO_COMP SSL_COMP *comp; @@ -788,12 +788,13 @@ int tls_construct_client_hello(SSL *s, WPACKET *pkt) /* Session ID */ if (s->new_session) - i = 0; + sess_id_len = 0; else - i = s->session->session_id_length; - if (i > (int)sizeof(s->session->session_id) + sess_id_len = s->session->session_id_length; + if (sess_id_len > sizeof(s->session->session_id) || !WPACKET_start_sub_packet_u8(pkt) - || (i != 0 && !WPACKET_memcpy(pkt, s->session->session_id, i)) + || (sess_id_len != 0 && !WPACKET_memcpy(pkt, s->session->session_id, + sess_id_len)) || !WPACKET_close(pkt)) { SSLerr(SSL_F_TLS_CONSTRUCT_CLIENT_HELLO, ERR_R_INTERNAL_ERROR); return 0; @@ -869,7 +870,7 @@ int tls_construct_client_hello(SSL *s, WPACKET *pkt) MSG_PROCESS_RETURN dtls_process_hello_verify(SSL *s, PACKET *pkt) { int al; - unsigned int cookie_len; + size_t cookie_len; PACKET cookiepkt; if (!PACKET_forward(pkt, 2) @@ -973,11 +974,18 @@ MSG_PROCESS_RETURN tls_process_server_hello(SSL *s, PACKET *pkt) if (s->version >= TLS1_VERSION && s->tls_session_secret_cb && s->session->tlsext_tick) { const SSL_CIPHER *pref_cipher = NULL; - s->session->master_key_length = sizeof(s->session->master_key); + /* + * s->session->master_key_length is a size_t, but this is an int for + * backwards compat reasons + */ + int master_key_length; + master_key_length = sizeof(s->session->master_key); if (s->tls_session_secret_cb(s, s->session->master_key, - &s->session->master_key_length, + &master_key_length, NULL, &pref_cipher, - s->tls_session_secret_cb_arg)) { + s->tls_session_secret_cb_arg) + && master_key_length > 0) { + s->session->master_key_length = master_key_length; s->session->cipher = pref_cipher ? pref_cipher : ssl_get_cipher_by_char(s, cipherchars); } else { @@ -1350,18 +1358,19 @@ static int tls_process_ske_srp(SSL *s, PACKET *pkt, EVP_PKEY **pkey, int *al) return 0; } + /* TODO(size_t): Convert BN_bin2bn() calls */ if ((s->srp_ctx.N = BN_bin2bn(PACKET_data(&prime), - PACKET_remaining(&prime), NULL)) == NULL + (int)PACKET_remaining(&prime), NULL)) == NULL || (s->srp_ctx.g = BN_bin2bn(PACKET_data(&generator), - PACKET_remaining(&generator), NULL)) == NULL + (int)PACKET_remaining(&generator), NULL)) == NULL || (s->srp_ctx.s = BN_bin2bn(PACKET_data(&salt), - PACKET_remaining(&salt), NULL)) == NULL + (int)PACKET_remaining(&salt), NULL)) == NULL || (s->srp_ctx.B = BN_bin2bn(PACKET_data(&server_pub), - PACKET_remaining(&server_pub), NULL)) == NULL) { + (int)PACKET_remaining(&server_pub), NULL)) == NULL) { *al = SSL_AD_INTERNAL_ERROR; SSLerr(SSL_F_TLS_PROCESS_SKE_SRP, ERR_R_BN_LIB); return 0; @@ -1411,10 +1420,12 @@ static int tls_process_ske_dhe(SSL *s, PACKET *pkt, EVP_PKEY **pkey, int *al) goto err; } - p = BN_bin2bn(PACKET_data(&prime), PACKET_remaining(&prime), NULL); - g = BN_bin2bn(PACKET_data(&generator), PACKET_remaining(&generator), NULL); - bnpub_key = BN_bin2bn(PACKET_data(&pub_key), PACKET_remaining(&pub_key), - NULL); + /* TODO(size_t): Convert these calls */ + p = BN_bin2bn(PACKET_data(&prime), (int)PACKET_remaining(&prime), NULL); + g = BN_bin2bn(PACKET_data(&generator), (int)PACKET_remaining(&generator), + NULL); + bnpub_key = BN_bin2bn(PACKET_data(&pub_key), + (int)PACKET_remaining(&pub_key), NULL); if (p == NULL || g == NULL || bnpub_key == NULL) { *al = SSL_AD_INTERNAL_ERROR; SSLerr(SSL_F_TLS_PROCESS_SKE_DHE, ERR_R_BN_LIB); @@ -1702,8 +1713,10 @@ MSG_PROCESS_RETURN tls_process_key_exchange(SSL *s, PACKET *pkt) SSLerr(SSL_F_TLS_PROCESS_KEY_EXCHANGE, ERR_R_EVP_LIB); goto err; } + /* TODO(size_t): Convert this call */ if (EVP_VerifyFinal(md_ctx, PACKET_data(&signature), - PACKET_remaining(&signature), pkey) <= 0) { + (unsigned int)PACKET_remaining(&signature), + pkey) <= 0) { /* bad signature */ EVP_MD_CTX_free(md_ctx); al = SSL_AD_DECRYPT_ERROR; @@ -1772,7 +1785,7 @@ MSG_PROCESS_RETURN tls_process_certificate_request(SSL *s, PACKET *pkt) goto err; } memcpy(s->cert->ctypes, data, ctype_num); - s->cert->ctype_num = (size_t)ctype_num; + s->cert->ctype_num = ctype_num; ctype_num = SSL3_CT_NUMBER; } for (i = 0; i < ctype_num; i++) @@ -1873,6 +1886,7 @@ MSG_PROCESS_RETURN tls_process_new_session_ticket(SSL *s, PACKET *pkt) int al; unsigned int ticklen; unsigned long ticket_lifetime_hint; + unsigned int sess_len; if (!PACKET_get_net_4(pkt, &ticket_lifetime_hint) || !PACKET_get_net_2(pkt, &ticklen) @@ -1937,12 +1951,17 @@ MSG_PROCESS_RETURN tls_process_new_session_ticket(SSL *s, PACKET *pkt) * elsewhere in OpenSSL. The session ID is set to the SHA256 (or SHA1 is * SHA256 is disabled) hash of the ticket. */ + /* + * TODO(size_t): we use sess_len here because EVP_Digest expects an int + * but s->session->session_id_length is a size_t + */ if (!EVP_Digest(s->session->tlsext_tick, ticklen, - s->session->session_id, &s->session->session_id_length, + s->session->session_id, &sess_len, EVP_sha256(), NULL)) { SSLerr(SSL_F_TLS_PROCESS_NEW_SESSION_TICKET, ERR_R_EVP_LIB); goto err; } + s->session->session_id_length = sess_len; return MSG_PROCESS_CONTINUE_READING; f_err: ssl3_send_alert(s, SSL3_AL_FATAL, al); @@ -1954,7 +1973,7 @@ MSG_PROCESS_RETURN tls_process_new_session_ticket(SSL *s, PACKET *pkt) MSG_PROCESS_RETURN tls_process_cert_status(SSL *s, PACKET *pkt) { int al; - unsigned long resplen; + size_t resplen; unsigned int type; if (!PACKET_get_1(pkt, &type) @@ -1963,7 +1982,7 @@ MSG_PROCESS_RETURN tls_process_cert_status(SSL *s, PACKET *pkt) SSLerr(SSL_F_TLS_PROCESS_CERT_STATUS, SSL_R_UNSUPPORTED_STATUS_TYPE); goto f_err; } - if (!PACKET_get_net_3(pkt, &resplen) + if (!PACKET_get_net_3_len(pkt, &resplen) || PACKET_remaining(pkt) != resplen) { al = SSL_AD_DECODE_ERROR; SSLerr(SSL_F_TLS_PROCESS_CERT_STATUS, SSL_R_LENGTH_MISMATCH); @@ -2177,7 +2196,8 @@ static int tls_construct_cke_rsa(SSL *s, WPACKET *pkt, int *al) pms[0] = s->client_version >> 8; pms[1] = s->client_version & 0xff; - if (RAND_bytes(pms + 2, pmslen - 2) <= 0) { + /* TODO(size_t): Convert this function */ + if (RAND_bytes(pms + 2, (int)(pmslen - 2)) <= 0) { goto err; } @@ -2267,7 +2287,7 @@ static int tls_construct_cke_ecdhe(SSL *s, WPACKET *pkt, int *al) { #ifndef OPENSSL_NO_EC unsigned char *encodedPoint = NULL; - int encoded_pt_len = 0; + size_t encoded_pt_len = 0; EVP_PKEY *ckey = NULL, *skey = NULL; int ret = 0; @@ -2359,8 +2379,10 @@ static int tls_construct_cke_gost(SSL *s, WPACKET *pkt, int *al) } if (EVP_PKEY_encrypt_init(pkey_ctx) <= 0 - /* Generate session key */ - || RAND_bytes(pms, pmslen) <= 0) { + /* Generate session key + * TODO(size_t): Convert this function + */ + || RAND_bytes(pms, (int)pmslen) <= 0) { *al = SSL_AD_INTERNAL_ERROR; SSLerr(SSL_F_TLS_CONSTRUCT_CKE_GOST, ERR_R_INTERNAL_ERROR); goto err; @@ -2601,7 +2623,7 @@ int tls_construct_client_verify(SSL *s, WPACKET *pkt) || !EVP_SignUpdate(mctx, hdata, hdatalen) || (s->version == SSL3_VERSION && !EVP_MD_CTX_ctrl(mctx, EVP_CTRL_SSL3_MASTER_SECRET, - s->session->master_key_length, + (int)s->session->master_key_length, s->session->master_key)) || !EVP_SignFinal(mctx, sig, &u, pkey)) { SSLerr(SSL_F_TLS_CONSTRUCT_CLIENT_VERIFY, ERR_R_EVP_LIB); diff --git a/ssl/statem/statem_dtls.c b/ssl/statem/statem_dtls.c index 5b90c56..52e62a4 100644 --- a/ssl/statem/statem_dtls.c +++ b/ssl/statem/statem_dtls.c @@ -43,18 +43,17 @@ static unsigned char bitmask_start_values[] = static unsigned char bitmask_end_values[] = { 0xff, 0x01, 0x03, 0x07, 0x0f, 0x1f, 0x3f, 0x7f }; -static void dtls1_fix_message_header(SSL *s, unsigned long frag_off, - unsigned long frag_len); +static void dtls1_fix_message_header(SSL *s, size_t frag_off, + size_t frag_len); static unsigned char *dtls1_write_message_header(SSL *s, unsigned char *p); static void dtls1_set_message_header_int(SSL *s, unsigned char mt, - unsigned long len, + size_t len, unsigned short seq_num, - unsigned long frag_off, - unsigned long frag_len); -static int dtls_get_reassembled_message(SSL *s, long *len); + size_t frag_off, + size_t frag_len); +static int dtls_get_reassembled_message(SSL *s, int *errtype, size_t *len); -static hm_fragment *dtls1_hm_fragment_new(unsigned long frag_len, - int reassembly) +static hm_fragment *dtls1_hm_fragment_new(size_t frag_len, int reassembly) { hm_fragment *frag = NULL; unsigned char *buf = NULL; @@ -111,9 +110,10 @@ void dtls1_hm_fragment_free(hm_fragment *frag) int dtls1_do_write(SSL *s, int type) { int ret; - unsigned int curr_mtu; + size_t written; + size_t curr_mtu; int retry = 1; - unsigned int len, frag_off, mac_size, blocksize, used_len; + size_t len, frag_off, mac_size, blocksize, used_len; if (!dtls1_query_mtu(s)) return -1; @@ -124,7 +124,7 @@ int dtls1_do_write(SSL *s, int type) if (s->init_off == 0 && type == SSL3_RT_HANDSHAKE) OPENSSL_assert(s->init_num == - (int)s->d1->w_msg_hdr.msg_len + DTLS1_HM_HEADER_LENGTH); + s->d1->w_msg_hdr.msg_len + DTLS1_HM_HEADER_LENGTH); if (s->write_hash) { if (s->enc_write_ctx @@ -214,10 +214,6 @@ int dtls1_do_write(SSL *s, int type) else len = s->init_num; - /* Shouldn't ever happen */ - if (len > INT_MAX) - len = INT_MAX; - /* * XDTLS: this function is too long. split out the CCS part */ @@ -236,7 +232,8 @@ int dtls1_do_write(SSL *s, int type) data[s->init_off]); } - ret = dtls1_write_bytes(s, type, &s->init_buf->data[s->init_off], len); + ret = dtls1_write_bytes(s, type, &s->init_buf->data[s->init_off], len, + &written); if (ret < 0) { /* * might need to update MTU here, but we don't know which @@ -262,7 +259,7 @@ int dtls1_do_write(SSL *s, int type) * bad if this assert fails, only part of the handshake message * got sent. but why would this happen? */ - OPENSSL_assert(len == (unsigned int)ret); + OPENSSL_assert(len == written); if (type == SSL3_RT_HANDSHAKE && !s->d1->retransmitting) { /* @@ -272,7 +269,7 @@ int dtls1_do_write(SSL *s, int type) unsigned char *p = (unsigned char *)&s->init_buf->data[s->init_off]; const struct hm_header_st *msg_hdr = &s->d1->w_msg_hdr; - int xlen; + size_t xlen; if (frag_off == 0 && s->version != DTLS1_BAD_VER) { /* @@ -285,17 +282,17 @@ int dtls1_do_write(SSL *s, int type) l2n3(0, p); l2n3(msg_hdr->msg_len, p); p -= DTLS1_HM_HEADER_LENGTH; - xlen = ret; + xlen = written; } else { p += DTLS1_HM_HEADER_LENGTH; - xlen = ret - DTLS1_HM_HEADER_LENGTH; + xlen = written - DTLS1_HM_HEADER_LENGTH; } if (!ssl3_finish_mac(s, p, xlen)) return -1; } - if (ret == s->init_num) { + if (written == s->init_num) { if (s->msg_callback) s->msg_callback(1, s->version, type, s->init_buf->data, (size_t)(s->init_off + s->init_num), s, @@ -304,12 +301,12 @@ int dtls1_do_write(SSL *s, int type) s->init_off = 0; /* done writing this message */ s->init_num = 0; - return (1); + return 1; } - s->init_off += ret; - s->init_num -= ret; - ret -= DTLS1_HM_HEADER_LENGTH; - frag_off += ret; + s->init_off += written; + s->init_num -= written; + written -= DTLS1_HM_HEADER_LENGTH; + frag_off += written; /* * We save the fragment offset for the next fragment so we have it @@ -320,32 +317,34 @@ int dtls1_do_write(SSL *s, int type) dtls1_fix_message_header(s, frag_off, 0); } } - return (0); + return 0; } -int dtls_get_message(SSL *s, int *mt, unsigned long *len) +int dtls_get_message(SSL *s, int *mt, size_t *len) { struct hm_header_st *msg_hdr; unsigned char *p; - unsigned long msg_len; - int ok; - long tmplen; + size_t msg_len; + size_t tmplen; + int errtype; msg_hdr = &s->d1->r_msg_hdr; memset(msg_hdr, 0, sizeof(*msg_hdr)); again: - ok = dtls_get_reassembled_message(s, &tmplen); - if (tmplen == DTLS1_HM_BAD_FRAGMENT || tmplen == DTLS1_HM_FRAGMENT_RETRY) { - /* bad fragment received */ - goto again; - } else if (tmplen <= 0 && !ok) { + if (!dtls_get_reassembled_message(s, &errtype, &tmplen)) { + if (errtype == DTLS1_HM_BAD_FRAGMENT + || errtype == DTLS1_HM_FRAGMENT_RETRY) { + /* bad fragment received */ + goto again; + } return 0; } *mt = s->s3->tmp.message_type; p = (unsigned char *)s->init_buf->data; + *len = s->init_num; if (*mt == SSL3_MT_CHANGE_CIPHER_SPEC) { if (s->msg_callback) { @@ -355,7 +354,6 @@ int dtls_get_message(SSL *s, int *mt, unsigned long *len) /* * This isn't a real handshake message so skip the processing below. */ - *len = (unsigned long)tmplen; return 1; } @@ -383,7 +381,6 @@ int dtls_get_message(SSL *s, int *mt, unsigned long *len) s->d1->handshake_read_seq++; s->init_msg = s->init_buf->data + DTLS1_HM_HEADER_LENGTH; - *len = s->init_num; return 1; } @@ -393,11 +390,10 @@ int dtls_get_message(SSL *s, int *mt, unsigned long *len) * permitted in a DTLS handshake message for |s|. The minimum is 16KB, but * may be greater if the maximum certificate list size requires it. */ -static unsigned long dtls1_max_handshake_message_len(const SSL *s) +static size_t dtls1_max_handshake_message_len(const SSL *s) { - unsigned long max_len = - DTLS1_HM_HEADER_LENGTH + SSL3_RT_MAX_ENCRYPTED_LENGTH; - if (max_len < (unsigned long)s->max_cert_list) + size_t max_len = DTLS1_HM_HEADER_LENGTH + SSL3_RT_MAX_ENCRYPTED_LENGTH; + if (max_len < s->max_cert_list) return s->max_cert_list; return max_len; } @@ -444,7 +440,7 @@ static int dtls1_preprocess_fragment(SSL *s, struct hm_header_st *msg_hdr) return 0; /* no error */ } -static int dtls1_retrieve_buffered_fragment(SSL *s, int *ok) +static int dtls1_retrieve_buffered_fragment(SSL *s, size_t *len) { /*- * (0) check whether the desired fragment is available @@ -456,8 +452,6 @@ static int dtls1_retrieve_buffered_fragment(SSL *s, int *ok) hm_fragment *frag; int al; - *ok = 0; - do { item = pqueue_peek(s->d1->buffered_messages); if (item == NULL) @@ -480,7 +474,7 @@ static int dtls1_retrieve_buffered_fragment(SSL *s, int *ok) return 0; if (s->d1->handshake_read_seq == frag->msg_header.seq) { - unsigned long frag_len = frag->msg_header.frag_len; + size_t frag_len = frag->msg_header.frag_len; pqueue_pop(s->d1->buffered_messages); al = dtls1_preprocess_fragment(s, &frag->msg_header); @@ -496,33 +490,35 @@ static int dtls1_retrieve_buffered_fragment(SSL *s, int *ok) pitem_free(item); if (al == 0) { - *ok = 1; - return frag_len; + *len = frag_len; + return 1; } ssl3_send_alert(s, SSL3_AL_FATAL, al); s->init_num = 0; - *ok = 0; - return -1; - } else return 0; + } else { + return 0; + } } static int -dtls1_reassemble_fragment(SSL *s, const struct hm_header_st *msg_hdr, int *ok) +dtls1_reassemble_fragment(SSL *s, const struct hm_header_st *msg_hdr) { hm_fragment *frag = NULL; pitem *item = NULL; int i = -1, is_complete; unsigned char seq64be[8]; - unsigned long frag_len = msg_hdr->frag_len; + size_t frag_len = msg_hdr->frag_len; + size_t readbytes; if ((msg_hdr->frag_off + frag_len) > msg_hdr->msg_len || msg_hdr->msg_len > dtls1_max_handshake_message_len(s)) goto err; - if (frag_len == 0) + if (frag_len == 0) { return DTLS1_HM_FRAGMENT_RETRY; + } /* Try to find item in queue */ memset(seq64be, 0, sizeof(seq64be)); @@ -559,10 +555,10 @@ dtls1_reassemble_fragment(SSL *s, const struct hm_header_st *msg_hdr, int *ok) devnull, frag_len > sizeof(devnull) ? sizeof(devnull) : - frag_len, 0); + frag_len, 0, &readbytes); if (i <= 0) goto err; - frag_len -= i; + frag_len -= readbytes; } return DTLS1_HM_FRAGMENT_RETRY; } @@ -570,8 +566,8 @@ dtls1_reassemble_fragment(SSL *s, const struct hm_header_st *msg_hdr, int *ok) /* read the body of the fragment (header has already been read */ i = s->method->ssl_read_bytes(s, SSL3_RT_HANDSHAKE, NULL, frag->fragment + msg_hdr->frag_off, - frag_len, 0); - if ((unsigned long)i != frag_len) + frag_len, 0, &readbytes); + if (i <= 0 || readbytes != frag_len) i = -1; if (i <= 0) goto err; @@ -609,19 +605,18 @@ dtls1_reassemble_fragment(SSL *s, const struct hm_header_st *msg_hdr, int *ok) err: if (item == NULL) dtls1_hm_fragment_free(frag); - *ok = 0; - return i; + return -1; } static int -dtls1_process_out_of_seq_message(SSL *s, const struct hm_header_st *msg_hdr, - int *ok) +dtls1_process_out_of_seq_message(SSL *s, const struct hm_header_st *msg_hdr) { int i = -1; hm_fragment *frag = NULL; pitem *item = NULL; unsigned char seq64be[8]; - unsigned long frag_len = msg_hdr->frag_len; + size_t frag_len = msg_hdr->frag_len; + size_t readbytes; if ((msg_hdr->frag_off + frag_len) > msg_hdr->msg_len) goto err; @@ -654,14 +649,15 @@ dtls1_process_out_of_seq_message(SSL *s, const struct hm_header_st *msg_hdr, devnull, frag_len > sizeof(devnull) ? sizeof(devnull) : - frag_len, 0); + frag_len, 0, &readbytes); if (i <= 0) goto err; - frag_len -= i; + frag_len -= readbytes; } } else { - if (frag_len != msg_hdr->msg_len) - return dtls1_reassemble_fragment(s, msg_hdr, ok); + if (frag_len != msg_hdr->msg_len) { + return dtls1_reassemble_fragment(s, msg_hdr);; + } if (frag_len > dtls1_max_handshake_message_len(s)) goto err; @@ -677,8 +673,9 @@ dtls1_process_out_of_seq_message(SSL *s, const struct hm_header_st *msg_hdr, * read the body of the fragment (header has already been read */ i = s->method->ssl_read_bytes(s, SSL3_RT_HANDSHAKE, NULL, - frag->fragment, frag_len, 0); - if ((unsigned long)i != frag_len) + frag->fragment, frag_len, 0, + &readbytes); + if (i<=0 || readbytes != frag_len) i = -1; if (i <= 0) goto err; @@ -705,33 +702,33 @@ dtls1_process_out_of_seq_message(SSL *s, const struct hm_header_st *msg_hdr, err: if (item == NULL) dtls1_hm_fragment_free(frag); - *ok = 0; - return i; + return 0; } -static int dtls_get_reassembled_message(SSL *s, long *len) +static int dtls_get_reassembled_message(SSL *s, int *errtype, size_t *len) { unsigned char wire[DTLS1_HM_HEADER_LENGTH]; - unsigned long mlen, frag_off, frag_len; + size_t mlen, frag_off, frag_len; int i, al, recvd_type; struct hm_header_st msg_hdr; - int ok; + size_t readbytes; + + *errtype = 0; redo: /* see if we have the required fragment already */ - if ((frag_len = dtls1_retrieve_buffered_fragment(s, &ok)) || ok) { - if (ok) - s->init_num = frag_len; + if (dtls1_retrieve_buffered_fragment(s, &frag_len)) { + s->init_num = frag_len; *len = frag_len; - return ok; + return 1; } /* read handshake message header */ i = s->method->ssl_read_bytes(s, SSL3_RT_HANDSHAKE, &recvd_type, wire, - DTLS1_HM_HEADER_LENGTH, 0); + DTLS1_HM_HEADER_LENGTH, 0, &readbytes); if (i <= 0) { /* nbio, or an error */ s->rwstate = SSL_READING; - *len = i; + *len = 0; return 0; } if (recvd_type == SSL3_RT_CHANGE_CIPHER_SPEC) { @@ -742,17 +739,17 @@ static int dtls_get_reassembled_message(SSL *s, long *len) goto f_err; } - memcpy(s->init_buf->data, wire, i); - s->init_num = i - 1; + memcpy(s->init_buf->data, wire, readbytes); + s->init_num = readbytes - 1; s->init_msg = s->init_buf->data + 1; s->s3->tmp.message_type = SSL3_MT_CHANGE_CIPHER_SPEC; - s->s3->tmp.message_size = i - 1; - *len = i - 1; + s->s3->tmp.message_size = readbytes - 1; + *len = readbytes - 1; return 1; } /* Handshake fails if message header is incomplete */ - if (i != DTLS1_HM_HEADER_LENGTH) { + if (readbytes != DTLS1_HM_HEADER_LENGTH) { al = SSL_AD_UNEXPECTED_MESSAGE; SSLerr(SSL_F_DTLS_GET_REASSEMBLED_MESSAGE, SSL_R_UNEXPECTED_MESSAGE); goto f_err; @@ -782,13 +779,13 @@ static int dtls_get_reassembled_message(SSL *s, long *len) * although we're still expecting seq 0 (ClientHello) */ if (msg_hdr.seq != s->d1->handshake_read_seq) { - *len = dtls1_process_out_of_seq_message(s, &msg_hdr, &ok); - return ok; + *errtype = dtls1_process_out_of_seq_message(s, &msg_hdr); + return 0; } if (frag_len && frag_len < mlen) { - *len = dtls1_reassemble_fragment(s, &msg_hdr, &ok); - return ok; + *errtype = dtls1_reassemble_fragment(s, &msg_hdr); + return 0; } if (!s->server && s->d1->r_msg_hdr.frag_off == 0 && @@ -823,7 +820,7 @@ static int dtls_get_reassembled_message(SSL *s, long *len) (unsigned char *)s->init_buf->data + DTLS1_HM_HEADER_LENGTH; i = s->method->ssl_read_bytes(s, SSL3_RT_HANDSHAKE, NULL, - &p[frag_off], frag_len, 0); + &p[frag_off], frag_len, 0, &readbytes); /* * This shouldn't ever fail due to NBIO because we already checked @@ -831,17 +828,18 @@ static int dtls_get_reassembled_message(SSL *s, long *len) */ if (i <= 0) { s->rwstate = SSL_READING; - *len = i; + *len = 0; return 0; } - } else - i = 0; + } else { + readbytes = 0; + } /* * XDTLS: an incorrectly formatted fragment should cause the handshake * to fail */ - if (i != (int)frag_len) { + if (readbytes != frag_len) { al = SSL3_AD_ILLEGAL_PARAMETER; SSLerr(SSL_F_DTLS_GET_REASSEMBLED_MESSAGE, SSL3_AD_ILLEGAL_PARAMETER); goto f_err; @@ -859,7 +857,7 @@ static int dtls_get_reassembled_message(SSL *s, long *len) f_err: ssl3_send_alert(s, SSL3_AL_FATAL, al); s->init_num = 0; - *len = -1; + *len = 0; return 0; } @@ -1116,8 +1114,8 @@ int dtls1_retransmit_message(SSL *s, unsigned short seq, int *found) } void dtls1_set_message_header(SSL *s, - unsigned char mt, unsigned long len, - unsigned long frag_off, unsigned long frag_len) + unsigned char mt, size_t len, + size_t frag_off, size_t frag_len) { if (frag_off == 0) { s->d1->handshake_write_seq = s->d1->next_handshake_write_seq; @@ -1131,8 +1129,8 @@ void dtls1_set_message_header(SSL *s, /* don't actually do the writing, wait till the MTU has been retrieved */ static void dtls1_set_message_header_int(SSL *s, unsigned char mt, - unsigned long len, unsigned short seq_num, - unsigned long frag_off, unsigned long frag_len) + size_t len, unsigned short seq_num, + size_t frag_off, size_t frag_len) { struct hm_header_st *msg_hdr = &s->d1->w_msg_hdr; @@ -1144,7 +1142,7 @@ dtls1_set_message_header_int(SSL *s, unsigned char mt, } static void -dtls1_fix_message_header(SSL *s, unsigned long frag_off, unsigned long frag_len) +dtls1_fix_message_header(SSL *s, size_t frag_off, size_t frag_len) { struct hm_header_st *msg_hdr = &s->d1->w_msg_hdr; diff --git a/ssl/statem/statem_lib.c b/ssl/statem/statem_lib.c index a3d8d1e..990510a 100644 --- a/ssl/statem/statem_lib.c +++ b/ssl/statem/statem_lib.c @@ -30,9 +30,10 @@ int ssl3_do_write(SSL *s, int type) { int ret; + size_t written = 0; ret = ssl3_write_bytes(s, type, &s->init_buf->data[s->init_off], - s->init_num); + s->init_num, &written); if (ret < 0) return (-1); if (type == SSL3_RT_HANDSHAKE) @@ -42,18 +43,18 @@ int ssl3_do_write(SSL *s, int type) */ if (!ssl3_finish_mac(s, (unsigned char *)&s->init_buf->data[s->init_off], - ret)) + written)) return -1; - if (ret == s->init_num) { + if (written == s->init_num) { if (s->msg_callback) s->msg_callback(1, s->version, type, s->init_buf->data, (size_t)(s->init_off + s->init_num), s, s->msg_callback_arg); return (1); } - s->init_off += ret; - s->init_num -= ret; + s->init_off += written; + s->init_num -= written; return (0); } @@ -73,9 +74,9 @@ int tls_close_construct_packet(SSL *s, WPACKET *pkt, int htype) int tls_construct_finished(SSL *s, WPACKET *pkt) { - int i; + size_t finish_md_len; const char *sender; - int slen; + size_t slen; if (s->server) { sender = s->method->ssl3_enc->server_finished_label; @@ -85,17 +86,17 @@ int tls_construct_finished(SSL *s, WPACKET *pkt) slen = s->method->ssl3_enc->client_finished_label_len; } - i = s->method->ssl3_enc->final_finish_mac(s, - sender, slen, - s->s3->tmp.finish_md); - if (i <= 0) { + finish_md_len = s->method->ssl3_enc->final_finish_mac(s, + sender, slen, + s->s3->tmp.finish_md); + if (finish_md_len == 0) { SSLerr(SSL_F_TLS_CONSTRUCT_FINISHED, ERR_R_INTERNAL_ERROR); goto err; } - s->s3->tmp.finish_md_len = i; + s->s3->tmp.finish_md_len = finish_md_len; - if (!WPACKET_memcpy(pkt, s->s3->tmp.finish_md, i)) { + if (!WPACKET_memcpy(pkt, s->s3->tmp.finish_md, finish_md_len)) { SSLerr(SSL_F_TLS_CONSTRUCT_FINISHED, ERR_R_INTERNAL_ERROR); goto err; } @@ -104,13 +105,15 @@ int tls_construct_finished(SSL *s, WPACKET *pkt) * Copy the finished so we can use it for renegotiation checks */ if (!s->server) { - OPENSSL_assert(i <= EVP_MAX_MD_SIZE); - memcpy(s->s3->previous_client_finished, s->s3->tmp.finish_md, i); - s->s3->previous_client_finished_len = i; + OPENSSL_assert(finish_md_len <= EVP_MAX_MD_SIZE); + memcpy(s->s3->previous_client_finished, s->s3->tmp.finish_md, + finish_md_len); + s->s3->previous_client_finished_len = finish_md_len; } else { - OPENSSL_assert(i <= EVP_MAX_MD_SIZE); - memcpy(s->s3->previous_server_finished, s->s3->tmp.finish_md, i); - s->s3->previous_server_finished_len = i; + OPENSSL_assert(finish_md_len <= EVP_MAX_MD_SIZE); + memcpy(s->s3->previous_server_finished, s->s3->tmp.finish_md, + finish_md_len); + s->s3->previous_server_finished_len = finish_md_len; } return 1; @@ -127,7 +130,7 @@ int tls_construct_finished(SSL *s, WPACKET *pkt) static void ssl3_take_mac(SSL *s) { const char *sender; - int slen; + size_t slen; /* * If no new cipher setup return immediately: other functions will set * the appropriate error. @@ -152,7 +155,7 @@ static void ssl3_take_mac(SSL *s) MSG_PROCESS_RETURN tls_process_change_cipher_spec(SSL *s, PACKET *pkt) { int al; - long remain; + size_t remain; remain = PACKET_remaining(pkt); /* @@ -218,7 +221,8 @@ MSG_PROCESS_RETURN tls_process_change_cipher_spec(SSL *s, PACKET *pkt) MSG_PROCESS_RETURN tls_process_finished(SSL *s, PACKET *pkt) { - int al, i; + int al; + size_t md_len; /* If this occurs, we have missed a message */ if (!s->s3->change_cipher_spec) { @@ -228,15 +232,16 @@ MSG_PROCESS_RETURN tls_process_finished(SSL *s, PACKET *pkt) } s->s3->change_cipher_spec = 0; - i = s->s3->tmp.peer_finish_md_len; + md_len = s->s3->tmp.peer_finish_md_len; - if ((unsigned long)i != PACKET_remaining(pkt)) { + if (md_len != PACKET_remaining(pkt)) { al = SSL_AD_DECODE_ERROR; SSLerr(SSL_F_TLS_PROCESS_FINISHED, SSL_R_BAD_DIGEST_LENGTH); goto f_err; } - if (CRYPTO_memcmp(PACKET_data(pkt), s->s3->tmp.peer_finish_md, i) != 0) { + if (CRYPTO_memcmp(PACKET_data(pkt), s->s3->tmp.peer_finish_md, + md_len) != 0) { al = SSL_AD_DECRYPT_ERROR; SSLerr(SSL_F_TLS_PROCESS_FINISHED, SSL_R_DIGEST_CHECK_FAILED); goto f_err; @@ -246,13 +251,15 @@ MSG_PROCESS_RETURN tls_process_finished(SSL *s, PACKET *pkt) * Copy the finished so we can use it for renegotiation checks */ if (s->server) { - OPENSSL_assert(i <= EVP_MAX_MD_SIZE); - memcpy(s->s3->previous_client_finished, s->s3->tmp.peer_finish_md, i); - s->s3->previous_client_finished_len = i; + OPENSSL_assert(md_len <= EVP_MAX_MD_SIZE); + memcpy(s->s3->previous_client_finished, s->s3->tmp.peer_finish_md, + md_len); + s->s3->previous_client_finished_len = md_len; } else { - OPENSSL_assert(i <= EVP_MAX_MD_SIZE); - memcpy(s->s3->previous_server_finished, s->s3->tmp.peer_finish_md, i); - s->s3->previous_server_finished_len = i; + OPENSSL_assert(md_len <= EVP_MAX_MD_SIZE); + memcpy(s->s3->previous_server_finished, s->s3->tmp.peer_finish_md, + md_len); + s->s3->previous_server_finished_len = md_len; } return MSG_PROCESS_FINISHED_READING; @@ -357,7 +364,7 @@ int tls_get_message_header(SSL *s, int *mt) /* s->init_num < SSL3_HM_HEADER_LENGTH */ int skip_message, i, recvd_type, al; unsigned char *p; - unsigned long l; + size_t l, readbytes; p = (unsigned char *)s->init_buf->data; @@ -366,7 +373,7 @@ int tls_get_message_header(SSL *s, int *mt) i = s->method->ssl_read_bytes(s, SSL3_RT_HANDSHAKE, &recvd_type, &p[s->init_num], SSL3_HM_HEADER_LENGTH - s->init_num, - 0); + 0, &readbytes); if (i <= 0) { s->rwstate = SSL_READING; return 0; @@ -376,22 +383,22 @@ int tls_get_message_header(SSL *s, int *mt) * A ChangeCipherSpec must be a single byte and may not occur * in the middle of a handshake message. */ - if (s->init_num != 0 || i != 1 || p[0] != SSL3_MT_CCS) { + if (s->init_num != 0 || readbytes != 1 || p[0] != SSL3_MT_CCS) { al = SSL_AD_UNEXPECTED_MESSAGE; SSLerr(SSL_F_TLS_GET_MESSAGE_HEADER, SSL_R_BAD_CHANGE_CIPHER_SPEC); goto f_err; } s->s3->tmp.message_type = *mt = SSL3_MT_CHANGE_CIPHER_SPEC; - s->init_num = i - 1; - s->s3->tmp.message_size = i; + s->init_num = readbytes - 1; + s->s3->tmp.message_size = readbytes; return 1; } else if (recvd_type != SSL3_RT_HANDSHAKE) { al = SSL_AD_UNEXPECTED_MESSAGE; SSLerr(SSL_F_TLS_GET_MESSAGE_HEADER, SSL_R_CCS_RECEIVED_EARLY); goto f_err; } - s->init_num += i; + s->init_num += readbytes; } skip_message = 0; @@ -452,9 +459,9 @@ int tls_get_message_header(SSL *s, int *mt) return 0; } -int tls_get_message_body(SSL *s, unsigned long *len) +int tls_get_message_body(SSL *s, size_t *len) { - long n; + size_t n, readbytes; unsigned char *p; int i; @@ -468,14 +475,14 @@ int tls_get_message_body(SSL *s, unsigned long *len) n = s->s3->tmp.message_size - s->init_num; while (n > 0) { i = s->method->ssl_read_bytes(s, SSL3_RT_HANDSHAKE, NULL, - &p[s->init_num], n, 0); + &p[s->init_num], n, 0, &readbytes); if (i <= 0) { s->rwstate = SSL_READING; *len = 0; return 0; } - s->init_num += i; - n -= i; + s->init_num += readbytes; + n -= readbytes; } #ifndef OPENSSL_NO_NEXTPROTONEG @@ -513,17 +520,7 @@ int tls_get_message_body(SSL *s, unsigned long *len) s->msg_callback_arg); } - /* - * init_num should never be negative...should probably be declared - * unsigned - */ - if (s->init_num < 0) { - SSLerr(SSL_F_TLS_GET_MESSAGE_BODY, ERR_R_INTERNAL_ERROR); - ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_INTERNAL_ERROR); - *len = 0; - return 0; - } - *len = (unsigned long)s->init_num; + *len = s->init_num; return 1; } diff --git a/ssl/statem/statem_locl.h b/ssl/statem/statem_locl.h index 6b57b25..a360fc9 100644 --- a/ssl/statem/statem_locl.h +++ b/ssl/statem/statem_locl.h @@ -54,7 +54,7 @@ WORK_STATE ossl_statem_client_pre_work(SSL *s, WORK_STATE wst); WORK_STATE ossl_statem_client_post_work(SSL *s, WORK_STATE wst); int ossl_statem_client_construct_message(SSL *s, WPACKET *pkt, confunc_f *confunc, int *mt); -unsigned long ossl_statem_client_max_message_size(SSL *s); +size_t ossl_statem_client_max_message_size(SSL *s); MSG_PROCESS_RETURN ossl_statem_client_process_message(SSL *s, PACKET *pkt); WORK_STATE ossl_statem_client_post_process_message(SSL *s, WORK_STATE wst); @@ -67,14 +67,14 @@ WORK_STATE ossl_statem_server_pre_work(SSL *s, WORK_STATE wst); WORK_STATE ossl_statem_server_post_work(SSL *s, WORK_STATE wst); int ossl_statem_server_construct_message(SSL *s, WPACKET *pkt, confunc_f *confunc,int *mt); -unsigned long ossl_statem_server_max_message_size(SSL *s); +size_t ossl_statem_server_max_message_size(SSL *s); MSG_PROCESS_RETURN ossl_statem_server_process_message(SSL *s, PACKET *pkt); WORK_STATE ossl_statem_server_post_process_message(SSL *s, WORK_STATE wst); /* Functions for getting new message data */ __owur int tls_get_message_header(SSL *s, int *mt); -__owur int tls_get_message_body(SSL *s, unsigned long *len); -__owur int dtls_get_message(SSL *s, int *mt, unsigned long *len); +__owur int tls_get_message_body(SSL *s, size_t *len); +__owur int dtls_get_message(SSL *s, int *mt, size_t *len); /* Message construction and processing functions */ __owur MSG_PROCESS_RETURN tls_process_change_cipher_spec(SSL *s, PACKET *pkt); diff --git a/ssl/statem/statem_srvr.c b/ssl/statem/statem_srvr.c index 009d06c..6aa897b 100644 --- a/ssl/statem/statem_srvr.c +++ b/ssl/statem/statem_srvr.c @@ -717,7 +717,7 @@ int ossl_statem_server_construct_message(SSL *s, WPACKET *pkt, * Returns the maximum allowed length for the current message that we are * reading. Excludes the message header. */ -unsigned long ossl_statem_server_max_message_size(SSL *s) +size_t ossl_statem_server_max_message_size(SSL *s) { OSSL_STATEM *st = &s->statem; @@ -853,7 +853,7 @@ static int ssl_check_srp_ext_ClientHello(SSL *s, int *al) #endif int dtls_raw_hello_verify_request(WPACKET *pkt, unsigned char *cookie, - unsigned char cookie_len) + size_t cookie_len) { /* Always use DTLS 1.0 version: see RFC 6347 */ if (!WPACKET_put_bytes_u16(pkt, DTLS1_VERSION) @@ -865,14 +865,16 @@ int dtls_raw_hello_verify_request(WPACKET *pkt, unsigned char *cookie, int dtls_construct_hello_verify_request(SSL *s, WPACKET *pkt) { + unsigned int cookie_leni; if (s->ctx->app_gen_cookie_cb == NULL || s->ctx->app_gen_cookie_cb(s, s->d1->cookie, - &(s->d1->cookie_len)) == 0 || - s->d1->cookie_len > 255) { + &cookie_leni) == 0 || + cookie_leni > 255) { SSLerr(SSL_F_DTLS_CONSTRUCT_HELLO_VERIFY_REQUEST, SSL_R_COOKIE_GEN_CALLBACK_FAILURE); return 0; } + s->d1->cookie_len = cookie_leni; if (!dtls_raw_hello_verify_request(pkt, s->d1->cookie, s->d1->cookie_len)) { @@ -886,7 +888,8 @@ int dtls_construct_hello_verify_request(SSL *s, WPACKET *pkt) MSG_PROCESS_RETURN tls_process_client_hello(SSL *s, PACKET *pkt) { int i, al = SSL_AD_INTERNAL_ERROR; - unsigned int j, complen = 0; + unsigned int j; + size_t loop, complen = 0; unsigned long id; const SSL_CIPHER *c; #ifndef OPENSSL_NO_COMP @@ -1085,8 +1088,7 @@ MSG_PROCESS_RETURN tls_process_client_hello(SSL *s, PACKET *pkt) if (SSL_get_options(s) & SSL_OP_COOKIE_EXCHANGE) { if (s->ctx->app_verify_cookie_cb != NULL) { if (s->ctx->app_verify_cookie_cb(s, PACKET_data(&cookie), - PACKET_remaining(&cookie)) == - 0) { + (unsigned int)PACKET_remaining(&cookie)) == 0) { al = SSL_AD_HANDSHAKE_FAILURE; SSLerr(SSL_F_TLS_PROCESS_CLIENT_HELLO, SSL_R_COOKIE_MISMATCH); @@ -1195,12 +1197,12 @@ MSG_PROCESS_RETURN tls_process_client_hello(SSL *s, PACKET *pkt) } complen = PACKET_remaining(&compression); - for (j = 0; j < complen; j++) { - if (PACKET_data(&compression)[j] == 0) + for (loop = 0; loop < complen; loop++) { + if (PACKET_data(&compression)[loop] == 0) break; } - if (j >= complen) { + if (loop >= complen) { /* no compress */ al = SSL_AD_DECODE_ERROR; SSLerr(SSL_F_TLS_PROCESS_CLIENT_HELLO, SSL_R_NO_COMPRESSION_SPECIFIED); @@ -1231,12 +1233,19 @@ MSG_PROCESS_RETURN tls_process_client_hello(SSL *s, PACKET *pkt) if (!s->hit && s->version >= TLS1_VERSION && s->tls_session_secret_cb) { const SSL_CIPHER *pref_cipher = NULL; + /* + * s->session->master_key_length is a size_t, but this is an int for + * backwards compat reasons + */ + int master_key_length; - s->session->master_key_length = sizeof(s->session->master_key); + master_key_length = sizeof(s->session->master_key); if (s->tls_session_secret_cb(s, s->session->master_key, - &s->session->master_key_length, ciphers, + &master_key_length, ciphers, &pref_cipher, - s->tls_session_secret_cb_arg)) { + s->tls_session_secret_cb_arg) + && master_key_length > 0) { + s->session->master_key_length = master_key_length; s->hit = 1; s->session->ciphers = ciphers; s->session->verify_result = X509_V_OK; @@ -1484,8 +1493,8 @@ WORK_STATE tls_post_process_client_hello(SSL *s, WORK_STATE wst) int tls_construct_server_hello(SSL *s, WPACKET *pkt) { - int sl, compm, al = SSL_AD_INTERNAL_ERROR; - size_t len; + int compm, al = SSL_AD_INTERNAL_ERROR; + size_t sl, len; if (!WPACKET_put_bytes_u16(pkt, s->version) /* @@ -1519,7 +1528,7 @@ int tls_construct_server_hello(SSL *s, WPACKET *pkt) s->session->session_id_length = 0; sl = s->session->session_id_length; - if (sl > (int)sizeof(s->session->session_id)) { + if (sl > sizeof(s->session->session_id)) { SSLerr(SSL_F_TLS_CONSTRUCT_SERVER_HELLO, ERR_R_INTERNAL_ERROR); goto err; } @@ -1567,7 +1576,7 @@ int tls_construct_server_key_exchange(SSL *s, WPACKET *pkt) #endif #ifndef OPENSSL_NO_EC unsigned char *encodedPoint = NULL; - int encodedlen = 0; + size_t encodedlen = 0; int curve_id = 0; #endif EVP_PKEY *pkey; @@ -1900,7 +1909,7 @@ int tls_construct_server_key_exchange(SSL *s, WPACKET *pkt) int tls_construct_certificate_request(SSL *s, WPACKET *pkt) { - int i, nl; + int i; STACK_OF(X509_NAME) *sk = NULL; /* get the list of acceptable cert types */ @@ -1913,7 +1922,7 @@ int tls_construct_certificate_request(SSL *s, WPACKET *pkt) if (SSL_USE_SIGALGS(s)) { const unsigned char *psigs; - nl = tls12_get_psigalgs(s, &psigs); + size_t nl = tls12_get_psigalgs(s, &psigs); if (!WPACKET_start_sub_packet_u16(pkt) || !tls12_copy_sigalgs(s, pkt, psigs, nl) || !WPACKET_close(pkt)) { @@ -2094,9 +2103,10 @@ static int tls_process_cke_rsa(SSL *s, PACKET *pkt, int *al) * Decrypt with no padding. PKCS#1 padding will be removed as part of * the timing-sensitive code below. */ - decrypt_len = RSA_private_decrypt(PACKET_remaining(&enc_premaster), - PACKET_data(&enc_premaster), - rsa_decrypt, rsa, RSA_NO_PADDING); + /* TODO(size_t): Convert this function */ + decrypt_len = (int)RSA_private_decrypt((int)PACKET_remaining(&enc_premaster), + PACKET_data(&enc_premaster), + rsa_decrypt, rsa, RSA_NO_PADDING); if (decrypt_len < 0) goto err; @@ -2377,7 +2387,7 @@ static int tls_process_cke_gost(SSL *s, PACKET *pkt, int *al) unsigned long alg_a; int Ttag, Tclass; long Tlen; - long sess_key_len; + size_t sess_key_len; const unsigned char *data; int ret = 0; @@ -2427,8 +2437,9 @@ static int tls_process_cke_gost(SSL *s, PACKET *pkt, int *al) SSLerr(SSL_F_TLS_PROCESS_CKE_GOST, ERR_R_INTERNAL_ERROR); goto err; } + /* TODO(size_t): Convert this function */ if (ASN1_get_object((const unsigned char **)&data, &Tlen, &Ttag, - &Tclass, sess_key_len) != V_ASN1_CONSTRUCTED + &Tclass, (long)sess_key_len) != V_ASN1_CONSTRUCTED || Ttag != V_ASN1_SEQUENCE || Tclass != V_ASN1_UNIVERSAL) { *al = SSL_AD_DECODE_ERROR; SSLerr(SSL_F_TLS_PROCESS_CKE_GOST, SSL_R_DECRYPTION_FAILED); @@ -2730,7 +2741,7 @@ MSG_PROCESS_RETURN tls_process_cert_verify(SSL *s, PACKET *pkt) if (s->version == SSL3_VERSION && !EVP_MD_CTX_ctrl(mctx, EVP_CTRL_SSL3_MASTER_SECRET, - s->session->master_key_length, + (int)s->session->master_key_length, s->session->master_key)) { SSLerr(SSL_F_TLS_PROCESS_CERT_VERIFY, ERR_R_EVP_LIB); al = SSL_AD_INTERNAL_ERROR; diff --git a/ssl/t1_enc.c b/ssl/t1_enc.c index 4aa5ddd..8d1e350 100644 --- a/ssl/t1_enc.c +++ b/ssl/t1_enc.c @@ -43,19 +43,18 @@ /* seed1 through seed5 are concatenated */ static int tls1_PRF(SSL *s, - const void *seed1, int seed1_len, - const void *seed2, int seed2_len, - const void *seed3, int seed3_len, - const void *seed4, int seed4_len, - const void *seed5, int seed5_len, - const unsigned char *sec, int slen, - unsigned char *out, int olen) + const void *seed1, size_t seed1_len, + const void *seed2, size_t seed2_len, + const void *seed3, size_t seed3_len, + const void *seed4, size_t seed4_len, + const void *seed5, size_t seed5_len, + const unsigned char *sec, size_t slen, + unsigned char *out, size_t olen) { const EVP_MD *md = ssl_prf_md(s); EVP_PKEY_CTX *pctx = NULL; int ret = 0; - size_t outlen = olen; if (md == NULL) { /* Should never happen */ @@ -65,21 +64,21 @@ static int tls1_PRF(SSL *s, pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_TLS1_PRF, NULL); if (pctx == NULL || EVP_PKEY_derive_init(pctx) <= 0 || EVP_PKEY_CTX_set_tls1_prf_md(pctx, md) <= 0 - || EVP_PKEY_CTX_set1_tls1_prf_secret(pctx, sec, slen) <= 0) + || EVP_PKEY_CTX_set1_tls1_prf_secret(pctx, sec, (int)slen) <= 0) goto err; - if (EVP_PKEY_CTX_add1_tls1_prf_seed(pctx, seed1, seed1_len) <= 0) + if (EVP_PKEY_CTX_add1_tls1_prf_seed(pctx, seed1, (int)seed1_len) <= 0) goto err; - if (EVP_PKEY_CTX_add1_tls1_prf_seed(pctx, seed2, seed2_len) <= 0) + if (EVP_PKEY_CTX_add1_tls1_prf_seed(pctx, seed2, (int)seed2_len) <= 0) goto err; - if (EVP_PKEY_CTX_add1_tls1_prf_seed(pctx, seed3, seed3_len) <= 0) + if (EVP_PKEY_CTX_add1_tls1_prf_seed(pctx, seed3, (int)seed3_len) <= 0) goto err; - if (EVP_PKEY_CTX_add1_tls1_prf_seed(pctx, seed4, seed4_len) <= 0) + if (EVP_PKEY_CTX_add1_tls1_prf_seed(pctx, seed4, (int)seed4_len) <= 0) goto err; - if (EVP_PKEY_CTX_add1_tls1_prf_seed(pctx, seed5, seed5_len) <= 0) + if (EVP_PKEY_CTX_add1_tls1_prf_seed(pctx, seed5, (int)seed5_len) <= 0) goto err; - if (EVP_PKEY_derive(pctx, out, &outlen) <= 0) + if (EVP_PKEY_derive(pctx, out, &olen) <= 0) goto err; ret = 1; @@ -88,7 +87,7 @@ static int tls1_PRF(SSL *s, return ret; } -static int tls1_generate_key_block(SSL *s, unsigned char *km, int num) +static int tls1_generate_key_block(SSL *s, unsigned char *km, size_t num) { int ret; ret = tls1_PRF(s, @@ -116,10 +115,10 @@ int tls1_change_cipher_state(SSL *s, int which) #endif const EVP_MD *m; int mac_type; - int *mac_secret_size; + size_t *mac_secret_size; EVP_MD_CTX *mac_ctx; EVP_PKEY *mac_key; - int n, i, j, k, cl; + size_t n, i, j, k, cl; int reuse_dd = 0; c = s->s3->tmp.new_sym_enc; @@ -214,6 +213,7 @@ int tls1_change_cipher_state(SSL *s, int which) p = s->s3->tmp.key_block; i = *mac_secret_size = s->s3->tmp.new_mac_secret_size; + /* TODO(size_t): convert me */ cl = EVP_CIPHER_key_length(c); j = cl; /* Was j=(exp)?5:EVP_CIPHER_key_length(c); */ @@ -250,8 +250,9 @@ int tls1_change_cipher_state(SSL *s, int which) memcpy(mac_secret, ms, i); if (!(EVP_CIPHER_flags(c) & EVP_CIPH_FLAG_AEAD_CIPHER)) { + /* TODO(size_t): Convert this function */ mac_key = EVP_PKEY_new_mac_key(mac_type, NULL, - mac_secret, *mac_secret_size); + mac_secret, (int)*mac_secret_size); if (mac_key == NULL || EVP_DigestSignInit(mac_ctx, NULL, m, NULL, mac_key) <= 0) { EVP_PKEY_free(mac_key); @@ -263,7 +264,7 @@ int tls1_change_cipher_state(SSL *s, int which) #ifdef SSL_DEBUG printf("which = %04X\nmac key=", which); { - int z; + size_t z; for (z = 0; z < i; z++) printf("%02X%c", ms[z], ((z + 1) % 16) ? ' ' : '\n'); } @@ -271,7 +272,8 @@ int tls1_change_cipher_state(SSL *s, int which) if (EVP_CIPHER_mode(c) == EVP_CIPH_GCM_MODE) { if (!EVP_CipherInit_ex(dd, c, NULL, key, NULL, (which & SSL3_CC_WRITE)) - || !EVP_CIPHER_CTX_ctrl(dd, EVP_CTRL_GCM_SET_IV_FIXED, k, iv)) { + || !EVP_CIPHER_CTX_ctrl(dd, EVP_CTRL_GCM_SET_IV_FIXED, (int)k, + iv)) { SSLerr(SSL_F_TLS1_CHANGE_CIPHER_STATE, ERR_R_INTERNAL_ERROR); goto err2; } @@ -285,7 +287,7 @@ int tls1_change_cipher_state(SSL *s, int which) if (!EVP_CipherInit_ex(dd, c, NULL, NULL, NULL, (which & SSL3_CC_WRITE)) || !EVP_CIPHER_CTX_ctrl(dd, EVP_CTRL_AEAD_SET_IVLEN, 12, NULL) || !EVP_CIPHER_CTX_ctrl(dd, EVP_CTRL_AEAD_SET_TAG, taglen, NULL) - || !EVP_CIPHER_CTX_ctrl(dd, EVP_CTRL_CCM_SET_IV_FIXED, k, iv) + || !EVP_CIPHER_CTX_ctrl(dd, EVP_CTRL_CCM_SET_IV_FIXED, (int)k, iv) || !EVP_CipherInit_ex(dd, NULL, NULL, key, NULL, -1)) { SSLerr(SSL_F_TLS1_CHANGE_CIPHER_STATE, ERR_R_INTERNAL_ERROR); goto err2; @@ -299,7 +301,7 @@ int tls1_change_cipher_state(SSL *s, int which) /* Needed for "composite" AEADs, such as RC4-HMAC-MD5 */ if ((EVP_CIPHER_flags(c) & EVP_CIPH_FLAG_AEAD_CIPHER) && *mac_secret_size && !EVP_CIPHER_CTX_ctrl(dd, EVP_CTRL_AEAD_SET_MAC_KEY, - *mac_secret_size, mac_secret)) { + (int)*mac_secret_size, mac_secret)) { SSLerr(SSL_F_TLS1_CHANGE_CIPHER_STATE, ERR_R_INTERNAL_ERROR); goto err2; } @@ -332,7 +334,7 @@ int tls1_change_cipher_state(SSL *s, int which) } printf("\niv="); { - int z; + size_t z; for (z = 0; z < k; z++) printf("%02X%c", iv[z], ((z + 1) % 16) ? ' ' : '\n'); } @@ -359,9 +361,9 @@ int tls1_setup_key_block(SSL *s) unsigned char *p; const EVP_CIPHER *c; const EVP_MD *hash; - int num; SSL_COMP *comp; - int mac_type = NID_undef, mac_secret_size = 0; + int mac_type = NID_undef; + size_t num, mac_secret_size = 0; int ret = 0; if (s->s3->tmp.key_block_length != 0) @@ -408,7 +410,7 @@ int tls1_setup_key_block(SSL *s) } printf("master key\n"); { - int z; + size_t z; for (z = 0; z < s->session->master_key_length; z++) printf("%02X%c", s->session->master_key[z], ((z + 1) % 16) ? ' ' : '\n'); @@ -419,7 +421,7 @@ int tls1_setup_key_block(SSL *s) #ifdef SSL_DEBUG printf("\nkey block\n"); { - int z; + size_t z; for (z = 0; z < num; z++) printf("%02X%c", p[z], ((z + 1) % 16) ? ' ' : '\n'); } @@ -449,17 +451,16 @@ int tls1_setup_key_block(SSL *s) return (ret); } -int tls1_final_finish_mac(SSL *s, const char *str, int slen, unsigned char *out) +size_t tls1_final_finish_mac(SSL *s, const char *str, size_t slen, + unsigned char *out) { - int hashlen; + size_t hashlen; unsigned char hash[EVP_MAX_MD_SIZE]; if (!ssl3_digest_cached_records(s, 0)) return 0; - hashlen = ssl_handshake_hash(s, hash, sizeof(hash)); - - if (hashlen == 0) + if (!ssl_handshake_hash(s, hash, sizeof(hash), &hashlen)) return 0; if (!tls1_PRF(s, str, slen, hash, hashlen, NULL, 0, NULL, 0, NULL, 0, @@ -471,19 +472,20 @@ int tls1_final_finish_mac(SSL *s, const char *str, int slen, unsigned char *out) } int tls1_generate_master_secret(SSL *s, unsigned char *out, unsigned char *p, - int len) + size_t len, size_t *secret_size) { if (s->session->flags & SSL_SESS_FLAG_EXTMS) { unsigned char hash[EVP_MAX_MD_SIZE * 2]; - int hashlen; + size_t hashlen; /* * Digest cached records keeping record buffer (if present): this wont * affect client auth because we're freezing the buffer at the same * point (after client key exchange and before certificate verify) */ if (!ssl3_digest_cached_records(s, 1)) - return -1; - hashlen = ssl_handshake_hash(s, hash, sizeof(hash)); + return 0; + if(!ssl_handshake_hash(s, hash, sizeof(hash), &hashlen)) + return 0; #ifdef SSL_DEBUG fprintf(stderr, "Handshake hashes:\n"); BIO_dump_fp(stderr, (char *)hash, hashlen); @@ -535,7 +537,8 @@ int tls1_generate_master_secret(SSL *s, unsigned char *out, unsigned char *p, } #endif - return (SSL3_MASTER_SECRET_SIZE); + *secret_size = SSL3_MASTER_SECRET_SIZE; + return 1; } int tls1_export_keying_material(SSL *s, unsigned char *out, size_t olen, diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c index e19f93d..0523e54 100644 --- a/ssl/t1_lib.c +++ b/ssl/t1_lib.c @@ -20,8 +20,8 @@ #include "ssl_locl.h" #include -static int tls_decrypt_ticket(SSL *s, const unsigned char *tick, int ticklen, - const unsigned char *sess_id, int sesslen, +static int tls_decrypt_ticket(SSL *s, const unsigned char *tick, size_t ticklen, + const unsigned char *sess_id, size_t sesslen, SSL_SESSION **psess); static int ssl_check_clienthello_tlsext_early(SSL *s); static int ssl_check_serverhello_tlsext(SSL *s); @@ -33,13 +33,11 @@ SSL3_ENC_METHOD const TLSv1_enc_data = { tls1_generate_master_secret, tls1_change_cipher_state, tls1_final_finish_mac, - TLS1_FINISH_MAC_LENGTH, TLS_MD_CLIENT_FINISH_CONST, TLS_MD_CLIENT_FINISH_CONST_SIZE, TLS_MD_SERVER_FINISH_CONST, TLS_MD_SERVER_FINISH_CONST_SIZE, tls1_alert_code, tls1_export_keying_material, 0, - SSL3_HM_HEADER_LENGTH, ssl3_set_handshake_header, tls_close_construct_packet, ssl3_handshake_write @@ -52,13 +50,11 @@ SSL3_ENC_METHOD const TLSv1_1_enc_data = { tls1_generate_master_secret, tls1_change_cipher_state, tls1_final_finish_mac, - TLS1_FINISH_MAC_LENGTH, TLS_MD_CLIENT_FINISH_CONST, TLS_MD_CLIENT_FINISH_CONST_SIZE, TLS_MD_SERVER_FINISH_CONST, TLS_MD_SERVER_FINISH_CONST_SIZE, tls1_alert_code, tls1_export_keying_material, SSL_ENC_FLAG_EXPLICIT_IV, - SSL3_HM_HEADER_LENGTH, ssl3_set_handshake_header, tls_close_construct_packet, ssl3_handshake_write @@ -71,14 +67,12 @@ SSL3_ENC_METHOD const TLSv1_2_enc_data = { tls1_generate_master_secret, tls1_change_cipher_state, tls1_final_finish_mac, - TLS1_FINISH_MAC_LENGTH, TLS_MD_CLIENT_FINISH_CONST, TLS_MD_CLIENT_FINISH_CONST_SIZE, TLS_MD_SERVER_FINISH_CONST, TLS_MD_SERVER_FINISH_CONST_SIZE, tls1_alert_code, tls1_export_keying_material, SSL_ENC_FLAG_EXPLICIT_IV | SSL_ENC_FLAG_SIGALGS | SSL_ENC_FLAG_SHA256_PRF | SSL_ENC_FLAG_TLS1_2_CIPHERS, - SSL3_HM_HEADER_LENGTH, ssl3_set_handshake_header, tls_close_construct_packet, ssl3_handshake_write @@ -91,14 +85,12 @@ SSL3_ENC_METHOD const TLSv1_3_enc_data = { tls1_generate_master_secret, tls1_change_cipher_state, tls1_final_finish_mac, - TLS1_FINISH_MAC_LENGTH, TLS_MD_CLIENT_FINISH_CONST, TLS_MD_CLIENT_FINISH_CONST_SIZE, TLS_MD_SERVER_FINISH_CONST, TLS_MD_SERVER_FINISH_CONST_SIZE, tls1_alert_code, tls1_export_keying_material, SSL_ENC_FLAG_EXPLICIT_IV | SSL_ENC_FLAG_SIGALGS | SSL_ENC_FLAG_SHA256_PRF | SSL_ENC_FLAG_TLS1_2_CIPHERS, - SSL3_HM_HEADER_LENGTH, ssl3_set_handshake_header, tls_close_construct_packet, ssl3_handshake_write @@ -254,7 +246,7 @@ int tls1_ec_nid2curve_id(int nid) size_t i; for (i = 0; i < OSSL_NELEM(nid_list); i++) { if (nid_list[i].nid == nid) - return i + 1; + return (int)(i + 1); } return 0; } @@ -1159,7 +1151,7 @@ int ssl_add_clienthello_tlsext(SSL *s, WPACKET *pkt, int *al) #endif /* OPENSSL_NO_EC */ if (tls_use_ticket(s)) { - int ticklen; + size_t ticklen; if (!s->new_session && s->session && s->session->tlsext_tick) ticklen = s->session->tlsext_ticklen; else if (s->session && s->tlsext_session_ticket && @@ -1671,7 +1663,7 @@ static int tls1_alpn_handle_client_hello_late(SSL *s, int *al) if (s->ctx->alpn_select_cb != NULL && s->s3->alpn_proposed != NULL) { int r = s->ctx->alpn_select_cb(s, &selected, &selected_len, s->s3->alpn_proposed, - s->s3->alpn_proposed_len, + (unsigned int)s->s3->alpn_proposed_len, s->ctx->alpn_select_cb_arg); if (r == SSL_TLSEXT_ERR_OK) { @@ -1833,7 +1825,7 @@ static int ssl_scan_clienthello_tlsext(SSL *s, PACKET *pkt, int *al) if (s->tlsext_debug_cb) s->tlsext_debug_cb(s, 0, type, PACKET_data(&extension), - PACKET_remaining(&extension), + (int)PACKET_remaining(&extension), s->tlsext_debug_arg); if (type == TLSEXT_TYPE_renegotiate) { @@ -1985,7 +1977,7 @@ static int ssl_scan_clienthello_tlsext(SSL *s, PACKET *pkt, int *al) else if (type == TLSEXT_TYPE_session_ticket) { if (s->tls_session_ticket_ext_cb && !s->tls_session_ticket_ext_cb(s, PACKET_data(&extension), - PACKET_remaining(&extension), + (int)PACKET_remaining(&extension), s->tls_session_ticket_ext_cb_arg)) { *al = TLS1_AD_INTERNAL_ERROR; @@ -2047,8 +2039,9 @@ static int ssl_scan_clienthello_tlsext(SSL *s, PACKET *pkt, int *al) } id_data = PACKET_data(&responder_id); + /* TODO(size_t): Convert d2i_* to size_t */ id = d2i_OCSP_RESPID(NULL, &id_data, - PACKET_remaining(&responder_id)); + (int)PACKET_remaining(&responder_id)); if (id == NULL) return 0; @@ -2074,7 +2067,7 @@ static int ssl_scan_clienthello_tlsext(SSL *s, PACKET *pkt, int *al) X509_EXTENSION_free); s->tlsext_ocsp_exts = d2i_X509_EXTENSIONS(NULL, &ext_data, - PACKET_remaining(&exts)); + (int)PACKET_remaining(&exts)); if (s->tlsext_ocsp_exts == NULL || ext_data != PACKET_end(&exts)) { return 0; @@ -2765,7 +2758,7 @@ int ssl_check_serverhello_tlsext(SSL *s) */ OPENSSL_free(s->tlsext_ocsp_resp); s->tlsext_ocsp_resp = NULL; - s->tlsext_ocsp_resplen = -1; + s->tlsext_ocsp_resplen = 0; switch (ret) { case SSL_TLSEXT_ERR_ALERT_FATAL: @@ -2963,13 +2956,14 @@ int tls_check_serverhello_tlsext_early(SSL *s, const PACKET *ext, * 4: same as 3, but the ticket needs to be renewed. */ static int tls_decrypt_ticket(SSL *s, const unsigned char *etick, - int eticklen, const unsigned char *sess_id, - int sesslen, SSL_SESSION **psess) + size_t eticklen, const unsigned char *sess_id, + size_t sesslen, SSL_SESSION **psess) { SSL_SESSION *sess; unsigned char *sdec; const unsigned char *p; - int slen, mlen, renew_ticket = 0, ret = -1; + int slen, renew_ticket = 0, ret = -1, declen; + size_t mlen; unsigned char tick_hmac[EVP_MAX_MD_SIZE]; HMAC_CTX *hctx = NULL; EVP_CIPHER_CTX *ctx; @@ -3018,7 +3012,7 @@ static int tls_decrypt_ticket(SSL *s, const unsigned char *etick, * checks on ticket. */ mlen = HMAC_size(hctx); - if (mlen < 0) { + if (mlen == 0) { goto err; } /* Sanity check ticket length: must exceed keyname + IV + HMAC */ @@ -3043,17 +3037,18 @@ static int tls_decrypt_ticket(SSL *s, const unsigned char *etick, p = etick + 16 + EVP_CIPHER_CTX_iv_length(ctx); eticklen -= 16 + EVP_CIPHER_CTX_iv_length(ctx); sdec = OPENSSL_malloc(eticklen); - if (sdec == NULL || EVP_DecryptUpdate(ctx, sdec, &slen, p, eticklen) <= 0) { + if (sdec == NULL || EVP_DecryptUpdate(ctx, sdec, &slen, p, + (int)eticklen) <= 0) { EVP_CIPHER_CTX_free(ctx); OPENSSL_free(sdec); return -1; } - if (EVP_DecryptFinal(ctx, sdec + slen, &mlen) <= 0) { + if (EVP_DecryptFinal(ctx, sdec + slen, &declen) <= 0) { EVP_CIPHER_CTX_free(ctx); OPENSSL_free(sdec); return 2; } - slen += mlen; + slen += declen; EVP_CIPHER_CTX_free(ctx); ctx = NULL; p = sdec; @@ -3334,9 +3329,9 @@ int tls12_copy_sigalgs(SSL *s, WPACKET *pkt, } /* Given preference and allowed sigalgs set shared sigalgs */ -static int tls12_shared_sigalgs(SSL *s, TLS_SIGALGS *shsig, - const unsigned char *pref, size_t preflen, - const unsigned char *allow, size_t allowlen) +static size_t tls12_shared_sigalgs(SSL *s, TLS_SIGALGS *shsig, + const unsigned char *pref, size_t preflen, + const unsigned char *allow, size_t allowlen) { const unsigned char *ptmp, *atmp; size_t i, j, nmatch = 0; @@ -3411,7 +3406,7 @@ static int tls1_set_shared_sigalgs(SSL *s) /* Set preferred digest for each key type */ -int tls1_save_sigalgs(SSL *s, const unsigned char *data, int dsize) +int tls1_save_sigalgs(SSL *s, const unsigned char *data, size_t dsize) { CERT *c = s->cert; /* Extension ignored for inappropriate versions */ @@ -3498,7 +3493,8 @@ int SSL_get_sigalgs(SSL *s, int idx, unsigned char *rsig, unsigned char *rhash) { const unsigned char *psig = s->s3->tmp.peer_sigalgs; - if (psig == NULL) + size_t numsigalgs = s->s3->tmp.peer_sigalgslen / 2; + if (psig == NULL || numsigalgs > INT_MAX) return 0; if (idx >= 0) { idx <<= 1; @@ -3511,7 +3507,7 @@ int SSL_get_sigalgs(SSL *s, int idx, *rsig = psig[1]; tls1_lookup_sigalg(phash, psign, psignhash, psig); } - return s->s3->tmp.peer_sigalgslen / 2; + return (int)numsigalgs; } int SSL_get_shared_sigalgs(SSL *s, int idx, @@ -3519,7 +3515,8 @@ int SSL_get_shared_sigalgs(SSL *s, int idx, unsigned char *rsig, unsigned char *rhash) { TLS_SIGALGS *shsigalgs = s->cert->shared_sigalgs; - if (!shsigalgs || idx >= (int)s->cert->shared_sigalgslen) + if (!shsigalgs || idx >= (int)s->cert->shared_sigalgslen + || s->cert->shared_sigalgslen > INT_MAX) return 0; shsigalgs += idx; if (phash) @@ -3532,7 +3529,7 @@ int SSL_get_shared_sigalgs(SSL *s, int idx, *rsig = shsigalgs->rsign; if (rhash) *rhash = shsigalgs->rhash; - return s->cert->shared_sigalgslen; + return (int)s->cert->shared_sigalgslen; } #define MAX_SIGALGLEN (TLSEXT_hash_num * TLSEXT_signature_num * 2) @@ -3705,7 +3702,7 @@ int tls1_check_chain(SSL *s, X509 *x, EVP_PKEY *pk, STACK_OF(X509) *chain, /* idx == -2 means checking client certificate chains */ if (idx == -2) { cpk = c->key; - idx = cpk - c->pkeys; + idx = (int)(cpk - c->pkeys); } else cpk = c->pkeys + idx; pvalid = s->s3->tmp.valid_flags + idx; diff --git a/ssl/t1_reneg.c b/ssl/t1_reneg.c index f3e01bb..492386e 100644 --- a/ssl/t1_reneg.c +++ b/ssl/t1_reneg.c @@ -71,9 +71,9 @@ int ssl_add_serverhello_renegotiate_ext(SSL *s, WPACKET *pkt) */ int ssl_parse_serverhello_renegotiate_ext(SSL *s, PACKET *pkt, int *al) { - unsigned int expected_len = s->s3->previous_client_finished_len + size_t expected_len = s->s3->previous_client_finished_len + s->s3->previous_server_finished_len; - unsigned int ilen; + size_t ilen; const unsigned char *data; /* Check for logic errors */ @@ -81,7 +81,7 @@ int ssl_parse_serverhello_renegotiate_ext(SSL *s, PACKET *pkt, int *al) OPENSSL_assert(!expected_len || s->s3->previous_server_finished_len); /* Parse the length byte */ - if (!PACKET_get_1(pkt, &ilen)) { + if (!PACKET_get_1_len(pkt, &ilen)) { SSLerr(SSL_F_SSL_PARSE_SERVERHELLO_RENEGOTIATE_EXT, SSL_R_RENEGOTIATION_ENCODING_ERR); *al = SSL_AD_ILLEGAL_PARAMETER; diff --git a/test/constant_time_test.c b/test/constant_time_test.c index 3ee6a81..41587e2 100644 --- a/test/constant_time_test.c +++ b/test/constant_time_test.c @@ -9,6 +9,7 @@ #include "internal/constant_time_locl.h" #include "e_os.h" +#include #include #include @@ -18,6 +19,8 @@ static const unsigned int CONSTTIME_TRUE = (unsigned)(~0); static const unsigned int CONSTTIME_FALSE = 0; static const unsigned char CONSTTIME_TRUE_8 = 0xff; static const unsigned char CONSTTIME_FALSE_8 = 0; +static const size_t CONSTTIME_TRUE_S = ~((size_t)0); +static const size_t CONSTTIME_FALSE_S = 0; static int test_binary_op(unsigned int (*op) (unsigned int a, unsigned int b), const char *op_name, unsigned int a, unsigned int b, @@ -54,6 +57,25 @@ static int test_binary_op_8(unsigned return 0; } +static int test_binary_op_s(size_t (*op) (size_t a, size_t b), + const char *op_name, size_t a, size_t b, + int is_true) +{ + size_t c = op(a, b); + if (is_true && c != CONSTTIME_TRUE_S) { + fprintf(stderr, "Test failed for %s(%"OSSLzu", %"OSSLzu + "): expected %"OSSLzu" (TRUE), got %"OSSLzu"\n", + op_name, a, b, CONSTTIME_TRUE_S, c); + return 1; + } else if (!is_true && c != CONSTTIME_FALSE_S) { + fprintf(stderr, "Test failed for %s(%"OSSLzu", %"OSSLzu + "): expected %" OSSLzu " (FALSE), got %"OSSLzu"\n", + op_name, a, b, CONSTTIME_FALSE_S, c); + return 1; + } + return 0; +} + static int test_is_zero(unsigned int a) { unsigned int c = constant_time_is_zero(a); @@ -84,6 +106,22 @@ static int test_is_zero_8(unsigned int a) return 0; } +static int test_is_zero_s(size_t a) +{ + size_t c = constant_time_is_zero_s(a); + if (a == 0 && c != CONSTTIME_TRUE_S) { + fprintf(stderr, "Test failed for constant_time_is_zero_s(%"OSSLzu"): " + "expected %"OSSLzu" (TRUE), got %"OSSLzu"\n", + a, CONSTTIME_TRUE_S, c); + return 1; + } else if (a != 0 && c != CONSTTIME_FALSE) { + fprintf(stderr, "Test failed for constant_time_is_zero_s(%"OSSLzu"): " + "expected %"OSSLzu" (FALSE), got %"OSSLzu"\n", + a, CONSTTIME_FALSE_S, c); + return 1; + } + return 0; +} static int test_select(unsigned int a, unsigned int b) { unsigned int selected = constant_time_select(CONSTTIME_TRUE, a, b); @@ -141,6 +179,28 @@ static int test_select_int(int a, int b) return 0; } + +static int test_select_s(size_t a, size_t b) +{ + size_t selected = constant_time_select_s(CONSTTIME_TRUE_S, a, b); + if (selected != a) { + fprintf(stderr, "Test failed for constant_time_select_s(%"OSSLzu + ", %"OSSLzu",%"OSSLzu"): expected %"OSSLzu + "(first value), got %"OSSLzu"\n", + CONSTTIME_TRUE_S, a, b, a, selected); + return 1; + } + selected = constant_time_select_s(CONSTTIME_FALSE_S, a, b); + if (selected != b) { + fprintf(stderr, "Test failed for constant_time_select_s(%"OSSLzu + ", %"OSSLzu",%"OSSLzu"): expected %"OSSLzu + "(second value), got %"OSSLzu"\n", + CONSTTIME_FALSE_S, a, b, b, selected); + return 1; + } + return 0; +} + static int test_eq_int(int a, int b) { unsigned int equal = constant_time_eq_int(a, b); @@ -173,6 +233,23 @@ static int test_eq_int_8(int a, int b) return 0; } +static int test_eq_s(size_t a, size_t b) +{ + size_t equal = constant_time_eq_s(a, b); + if (a == b && equal != CONSTTIME_TRUE_S) { + fprintf(stderr, "Test failed for constant_time_eq_int(%"OSSLzu + ", %"OSSLzu"): expected %"OSSLzu"(TRUE), got %"OSSLzu"\n", + a, b, CONSTTIME_TRUE_S, equal); + return 1; + } else if (a != b && equal != CONSTTIME_FALSE_S) { + fprintf(stderr, "Test failed for constant_time_eq_int(%"OSSLzu", %" + OSSLzu"): expected %"OSSLzu"(FALSE), got %"OSSLzu"\n", + a, b, CONSTTIME_FALSE_S, equal); + return 1; + } + return 0; +} + static unsigned int test_values[] = { 0, 1, 1024, 12345, 32000, UINT_MAX / 2 - 1, UINT_MAX / 2, UINT_MAX / 2 + 1, UINT_MAX - 1, @@ -187,34 +264,55 @@ static int signed_test_values[] = { 0, 1, -1, 1024, -1024, 12345, -12345, INT_MIN + 1 }; +static size_t test_values_s[] = + { 0, 1, 1024, 12345, 32000, SIZE_MAX / 2 - 1, + SIZE_MAX / 2, SIZE_MAX / 2 + 1, SIZE_MAX - 1, + SIZE_MAX +}; + int main(int argc, char *argv[]) { unsigned int a, b, i, j; int c, d; unsigned char e, f; + size_t g, h; int num_failed = 0, num_all = 0; fprintf(stdout, "Testing constant time operations...\n"); + if (OSSL_NELEM(test_values) != OSSL_NELEM(test_values_s)) { + fprintf(stdout, "Unexpected number of tests\n"); + return EXIT_FAILURE; + } + for (i = 0; i < OSSL_NELEM(test_values); ++i) { a = test_values[i]; + g = test_values_s[i]; num_failed += test_is_zero(a); num_failed += test_is_zero_8(a); - num_all += 2; + num_failed += test_is_zero_s(g); + num_all += 3; for (j = 0; j < OSSL_NELEM(test_values); ++j) { b = test_values[j]; + h = test_values[j]; num_failed += test_binary_op(&constant_time_lt, "constant_time_lt", a, b, a < b); num_failed += test_binary_op_8(&constant_time_lt_8, "constant_time_lt_8", a, b, a < b); + num_failed += test_binary_op_s(&constant_time_lt_s, + "constant_time_lt_s", g, h, g < h); num_failed += test_binary_op(&constant_time_lt, - "constant_time_lt_8", b, a, b < a); + "constant_time_lt", b, a, b < a); num_failed += test_binary_op_8(&constant_time_lt_8, "constant_time_lt_8", b, a, b < a); + num_failed += test_binary_op_s(&constant_time_lt_s, + "constant_time_lt_s", h, g, h < g); num_failed += test_binary_op(&constant_time_ge, "constant_time_ge", a, b, a >= b); num_failed += test_binary_op_8(&constant_time_ge_8, "constant_time_ge_8", a, b, a >= b); + num_failed += test_binary_op_s(&constant_time_ge_s, + "constant_time_ge_s", g, h, g >= h); num_failed += test_binary_op(&constant_time_ge, "constant_time_ge", b, a, b >= a); @@ -222,19 +320,30 @@ int main(int argc, char *argv[]) test_binary_op_8(&constant_time_ge_8, "constant_time_ge_8", b, a, b >= a); num_failed += + test_binary_op_s(&constant_time_ge_s, "constant_time_ge_s", h, g, + h >= g); + num_failed += test_binary_op(&constant_time_eq, "constant_time_eq", a, b, a == b); num_failed += test_binary_op_8(&constant_time_eq_8, "constant_time_eq_8", a, b, a == b); num_failed += + test_binary_op_s(&constant_time_eq_s, "constant_time_eq_s", g, h, + g == h); + num_failed += test_binary_op(&constant_time_eq, "constant_time_eq", b, a, b == a); num_failed += test_binary_op_8(&constant_time_eq_8, "constant_time_eq_8", b, a, b == a); + num_failed += + test_binary_op_s(&constant_time_eq_s, "constant_time_eq_s", h, g, + h == g); num_failed += test_select(a, b); - num_all += 13; + num_failed += test_select_s(g, h); + num_failed += test_eq_s(g, h); + num_all += 21; } } diff --git a/util/libssl.num b/util/libssl.num index 9f44b38..7d1e8d8 100644 --- a/util/libssl.num +++ b/util/libssl.num @@ -405,3 +405,6 @@ SSL_SESSION_get0_id_context 405 1_1_0 EXIST::FUNCTION: SSL_SESSION_set1_id 406 1_1_0 EXIST::FUNCTION: SSL_CTX_set1_cert_store 407 1_1_1 EXIST::FUNCTION: DTLS_get_data_mtu 408 1_1_1 EXIST::FUNCTION: +SSL_read_ex 409 1_1_1 EXIST::FUNCTION: +SSL_peek_ex 410 1_1_1 EXIST::FUNCTION: +SSL_write_ex 411 1_1_1 EXIST::FUNCTION: From levitte at openssl.org Fri Nov 4 13:12:10 2016 From: levitte at openssl.org (Richard Levitte) Date: Fri, 04 Nov 2016 13:12:10 +0000 Subject: [openssl-commits] [openssl] master update Message-ID: <1478265130.080951.7981.nullmailer@dev.openssl.org> The branch master has been updated via 7b1954384114643e1a3c3a0ababa3fd7a112c5e3 (commit) from c42a78cb57cd335f3e2b224d4d8c8d7c2ecfaa44 (commit) - Log ----------------------------------------------------------------- commit 7b1954384114643e1a3c3a0ababa3fd7a112c5e3 Author: Richard Levitte Date: Thu Nov 3 16:46:14 2016 +0100 Travis: add a strict build Clang on Linux seems to catch things that we might miss otherwise. Also, throw in 'no-deprecated' to make sure we test that as well. Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/1839) ----------------------------------------------------------------------- Summary of changes: .travis.yml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/.travis.yml b/.travis.yml index 235e309..b117f0e 100644 --- a/.travis.yml +++ b/.travis.yml @@ -36,6 +36,9 @@ env: matrix: include: - os: linux + compiler: clang-3.6 + env: CONFIG_OPTS="--strict-warnings no-deprecated" BUILDONLY="yes" + - os: linux compiler: gcc env: CONFIG_OPTS="--debug --coverage no-asm enable-rc5 enable-md2 enable-ec_nistp_64_gcc_128 enable-ssl3 enable-ssl3-method enable-nextprotoneg enable-weak-ssl-ciphers" COVERALLS="yes" - os: linux From levitte at openssl.org Fri Nov 4 13:13:59 2016 From: levitte at openssl.org (Richard Levitte) Date: Fri, 04 Nov 2016 13:13:59 +0000 Subject: [openssl-commits] [openssl] OpenSSL_1_1_0-stable update Message-ID: <1478265239.852428.8847.nullmailer@dev.openssl.org> The branch OpenSSL_1_1_0-stable has been updated via d29279371c5d72d67cb3c5923e3b24c186641016 (commit) from 8f8e9f184bf51fa283c1af9c4fd63098fc7387dd (commit) - Log ----------------------------------------------------------------- commit d29279371c5d72d67cb3c5923e3b24c186641016 Author: Richard Levitte Date: Thu Nov 3 16:46:14 2016 +0100 Travis: add a strict build Clang on Linux seems to catch things that we might miss otherwise. Also, throw in 'no-deprecated' to make sure we test that as well. Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/1839) (cherry picked from commit 7b1954384114643e1a3c3a0ababa3fd7a112c5e3) ----------------------------------------------------------------------- Summary of changes: .travis.yml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/.travis.yml b/.travis.yml index be03abc..fa7e211 100644 --- a/.travis.yml +++ b/.travis.yml @@ -35,6 +35,9 @@ env: matrix: include: - os: linux + compiler: clang-3.6 + env: CONFIG_OPTS="--strict-warnings no-deprecated" BUILDONLY="yes" + - os: linux compiler: gcc env: CONFIG_OPTS="--debug --coverage no-asm enable-rc5 enable-md2 enable-ec_nistp_64_gcc_128 enable-ssl3 enable-ssl3-method enable-weak-ssl-ciphers" COVERALLS="yes" - os: linux From builds at travis-ci.org Fri Nov 4 13:27:44 2016 From: builds at travis-ci.org (Travis CI) Date: Fri, 04 Nov 2016 13:27:44 +0000 Subject: [openssl-commits] Errored: openssl/openssl#6846 (master - c42a78c) In-Reply-To: Message-ID: <581c8cce8bfc_33faaf3790b0c83976a@ebdf8635-0a44-4326-830a-f27cc4141d26.mail> Build Update for openssl/openssl ------------------------------------- Build: #6846 Status: Errored Duration: 18 minutes and 58 seconds Commit: c42a78c (master) Author: Matt Caswell Message: Fix a missed size_t variable declaration pqueue_size() now returns a size_t, but the variable that gets returned was still declared as an int. Reviewed-by: Rich Salz View the changeset: https://github.com/openssl/openssl/compare/a1ca39c02c55...c42a78cb57cd View the full build log and details: https://travis-ci.org/openssl/openssl/builds/173229296 -- You can configure recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications -------------- next part -------------- An HTML attachment was scrubbed... URL: From no-reply at appveyor.com Fri Nov 4 13:50:48 2016 From: no-reply at appveyor.com (AppVeyor) Date: Fri, 04 Nov 2016 13:50:48 +0000 Subject: [openssl-commits] Build failed: openssl master.6191 Message-ID: <20161104135044.114717.38051.0A97BEFD@appveyor.com> An HTML attachment was scrubbed... URL: From openssl.sanity at gmail.com Fri Nov 4 13:24:39 2016 From: openssl.sanity at gmail.com (openssl.sanity at gmail.com) Date: Fri, 4 Nov 2016 13:24:39 +0000 (UTC) Subject: [openssl-commits] Build failed in Jenkins: master_ppc64 #1041 In-Reply-To: <1125033636.10.1478258670612.JavaMail.jenkins@ossl-sanity.cisco.com> References: <1125033636.10.1478258670612.JavaMail.jenkins@ossl-sanity.cisco.com> Message-ID: <824373017.11.1478265879870.JavaMail.jenkins@ossl-sanity.cisco.com> See Changes: [Matt Caswell] Convert record layer to use size_t [Matt Caswell] Further libssl size_t-ify of reading [Matt Caswell] Convert libssl writing for size_t [Matt Caswell] Convert SSL3_RECORD_clear() and SSL3_RECORD_release() to size_t [Matt Caswell] Convert some misc record layer functions for size_t [Matt Caswell] Convert ssl3_cbc_digest_record for size_t [Matt Caswell] Convert various mac_secret_size usage to size_t [Matt Caswell] Convert master_secret_size code to size_t [Matt Caswell] Convert session_id_length and sid_ctx_len to size_t [Matt Caswell] Update numerous misc libssl fields to be size_t [Matt Caswell] Update cookie_len for size_t [Matt Caswell] Convert some libssl local functions to size_t [Matt Caswell] Update misc function params in libssl for size_t [Matt Caswell] Resolve some outstanding size_t related TODOs [Matt Caswell] Fix some missed size_t updates [Matt Caswell] Convert SSL BIO to use SSL_write_ex(). [Matt Caswell] Add some PACKET functions for size_t [Matt Caswell] Fix some ssl3_record code witch converstion to/from size_t [Matt Caswell] Convert the mac functions to just return 1 for success and 0 for failure [Matt Caswell] Fix misc size_t issues causing Windows warnings in 64 bit [Matt Caswell] Now that we can use size_t in PACKET lets use it [Matt Caswell] Ensure HMAC_size() handles errors correctly [Matt Caswell] Provide some constant time functions for dealing with size_t values [Matt Caswell] Remove a stray TODO that has already been fixed [Matt Caswell] Document the newly added SSL functions [Matt Caswell] Fix some clashing symbol numbers due to merge conflict [Matt Caswell] Fix some bogus warnings about uninitialised variables [Matt Caswell] Fix style issues in HMAC_size() [Matt Caswell] Updates various man pages based on review feedback received. [Matt Caswell] Clarify the return values for the peek functions [Matt Caswell] Ensure SSL_DEBUG works following size_t changes [Matt Caswell] Test the size_t constant time functions [Matt Caswell] Document the HMAC_size() function [Matt Caswell] Fix a shadowed variable declaration warning picked up by Travis [Matt Caswell] Clarify the return values for SSL_read_ex()/SSL_write_ex() [Matt Caswell] Rename all "read" variables with "readbytes" [Matt Caswell] Tweak the SSL_read()/SSL_write() text based on feedback received. [Matt Caswell] Fix some style issues from libssl size_tify review [Matt Caswell] Fix a missed size_t variable declaration [Richard Levitte] Travis: add a strict build ------------------------------------------ [...truncated 2179 lines...] link_app.linux-shared make[2]: Entering directory ` LD_LIBRARY_PATH=.: powerpc64-linux-gcc -DDSO_DLFCN -DHAVE_DLFCN_H -DNDEBUG -DOPENSSL_THREADS -DOPENSSL_NO_STATIC_ENGINE -DOPENSSL_PIC -DOPENSSL_BN_ASM_MONT -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DAES_ASM -DVPAES_ASM -DECP_NISTZ256_ASM -DPOLY1305_ASM -DOPENSSLDIR="/usr/local/ssl" -DENGINESDIR="/usr/local/lib64/engines-1.1" -Wall -O3 -pthread -m64 -DB_ENDIAN -o test/dtls_mtu_test test/dtls_mtu_test.o test/ssltestlib.o -L. -lssl -L. -lcrypto -ldl make[2]: Leaving directory ` powerpc64-linux-gcc -Iinclude -Itest -DDSO_DLFCN -DHAVE_DLFCN_H -DNDEBUG -DOPENSSL_THREADS -DOPENSSL_NO_STATIC_ENGINE -DOPENSSL_PIC -DOPENSSL_BN_ASM_MONT -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DAES_ASM -DVPAES_ASM -DECP_NISTZ256_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib64/engines-1.1\"" -Wall -O3 -pthread -m64 -DB_ENDIAN -MMD -MF test/dtlstest.d.tmp -MT test/dtlstest.o -c -o test/dtlstest.o test/dtlstest.c rm -f test/dtlstest make -f ./Makefile.shared -e \ PERL="/usr/bin/perl" SRCDIR=. \ APPNAME=test/dtlstest OBJECTS="test/dtlstest.o test/ssltestlib.o test/testutil.o" \ LIBDEPS=' '" -L. -lssl -L. -lcrypto"' -ldl ' \ CC='powerpc64-linux-gcc' CFLAGS='-DDSO_DLFCN -DHAVE_DLFCN_H -DNDEBUG -DOPENSSL_THREADS -DOPENSSL_NO_STATIC_ENGINE -DOPENSSL_PIC -DOPENSSL_BN_ASM_MONT -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DAES_ASM -DVPAES_ASM -DECP_NISTZ256_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib64/engines-1.1\"" -Wall -O3 -pthread -m64 -DB_ENDIAN ' \ LDFLAGS='' \ link_app.linux-shared make[2]: Entering directory ` LD_LIBRARY_PATH=.: powerpc64-linux-gcc -DDSO_DLFCN -DHAVE_DLFCN_H -DNDEBUG -DOPENSSL_THREADS -DOPENSSL_NO_STATIC_ENGINE -DOPENSSL_PIC -DOPENSSL_BN_ASM_MONT -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DAES_ASM -DVPAES_ASM -DECP_NISTZ256_ASM -DPOLY1305_ASM -DOPENSSLDIR="/usr/local/ssl" -DENGINESDIR="/usr/local/lib64/engines-1.1" -Wall -O3 -pthread -m64 -DB_ENDIAN -o test/dtlstest test/dtlstest.o test/ssltestlib.o test/testutil.o -L. -lssl -L. -lcrypto -ldl make[2]: Leaving directory ` powerpc64-linux-gcc -I. -Iinclude -DDSO_DLFCN -DHAVE_DLFCN_H -DNDEBUG -DOPENSSL_THREADS -DOPENSSL_NO_STATIC_ENGINE -DOPENSSL_PIC -DOPENSSL_BN_ASM_MONT -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DAES_ASM -DVPAES_ASM -DECP_NISTZ256_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib64/engines-1.1\"" -Wall -O3 -pthread -m64 -DB_ENDIAN -MMD -MF test/dtlsv1listentest.d.tmp -MT test/dtlsv1listentest.o -c -o test/dtlsv1listentest.o test/dtlsv1listentest.c rm -f test/dtlsv1listentest make -f ./Makefile.shared -e \ PERL="/usr/bin/perl" SRCDIR=. \ APPNAME=test/dtlsv1listentest OBJECTS="test/dtlsv1listentest.o" \ LIBDEPS=' '" -L. -lssl -L. -lcrypto"' -ldl ' \ CC='powerpc64-linux-gcc' CFLAGS='-DDSO_DLFCN -DHAVE_DLFCN_H -DNDEBUG -DOPENSSL_THREADS -DOPENSSL_NO_STATIC_ENGINE -DOPENSSL_PIC -DOPENSSL_BN_ASM_MONT -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DAES_ASM -DVPAES_ASM -DECP_NISTZ256_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib64/engines-1.1\"" -Wall -O3 -pthread -m64 -DB_ENDIAN ' \ LDFLAGS='' \ link_app.linux-shared make[2]: Entering directory ` LD_LIBRARY_PATH=.: powerpc64-linux-gcc -DDSO_DLFCN -DHAVE_DLFCN_H -DNDEBUG -DOPENSSL_THREADS -DOPENSSL_NO_STATIC_ENGINE -DOPENSSL_PIC -DOPENSSL_BN_ASM_MONT -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DAES_ASM -DVPAES_ASM -DECP_NISTZ256_ASM -DPOLY1305_ASM -DOPENSSLDIR="/usr/local/ssl" -DENGINESDIR="/usr/local/lib64/engines-1.1" -Wall -O3 -pthread -m64 -DB_ENDIAN -o test/dtlsv1listentest test/dtlsv1listentest.o -L. -lssl -L. -lcrypto -ldl make[2]: Leaving directory ` powerpc64-linux-gcc -Iinclude -DDSO_DLFCN -DHAVE_DLFCN_H -DNDEBUG -DOPENSSL_THREADS -DOPENSSL_NO_STATIC_ENGINE -DOPENSSL_PIC -DOPENSSL_BN_ASM_MONT -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DAES_ASM -DVPAES_ASM -DECP_NISTZ256_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib64/engines-1.1\"" -Wall -O3 -pthread -m64 -DB_ENDIAN -MMD -MF test/ecdhtest.d.tmp -MT test/ecdhtest.o -c -o test/ecdhtest.o test/ecdhtest.c rm -f test/ecdhtest make -f ./Makefile.shared -e \ PERL="/usr/bin/perl" SRCDIR=. \ APPNAME=test/ecdhtest OBJECTS="test/ecdhtest.o" \ LIBDEPS=' '" -L. -lcrypto"' -ldl ' \ CC='powerpc64-linux-gcc' CFLAGS='-DDSO_DLFCN -DHAVE_DLFCN_H -DNDEBUG -DOPENSSL_THREADS -DOPENSSL_NO_STATIC_ENGINE -DOPENSSL_PIC -DOPENSSL_BN_ASM_MONT -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DAES_ASM -DVPAES_ASM -DECP_NISTZ256_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib64/engines-1.1\"" -Wall -O3 -pthread -m64 -DB_ENDIAN ' \ LDFLAGS='' \ link_app.linux-shared make[2]: Entering directory ` LD_LIBRARY_PATH=.: powerpc64-linux-gcc -DDSO_DLFCN -DHAVE_DLFCN_H -DNDEBUG -DOPENSSL_THREADS -DOPENSSL_NO_STATIC_ENGINE -DOPENSSL_PIC -DOPENSSL_BN_ASM_MONT -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DAES_ASM -DVPAES_ASM -DECP_NISTZ256_ASM -DPOLY1305_ASM -DOPENSSLDIR="/usr/local/ssl" -DENGINESDIR="/usr/local/lib64/engines-1.1" -Wall -O3 -pthread -m64 -DB_ENDIAN -o test/ecdhtest test/ecdhtest.o -L. -lcrypto -ldl make[2]: Leaving directory ` powerpc64-linux-gcc -Iinclude -DDSO_DLFCN -DHAVE_DLFCN_H -DNDEBUG -DOPENSSL_THREADS -DOPENSSL_NO_STATIC_ENGINE -DOPENSSL_PIC -DOPENSSL_BN_ASM_MONT -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DAES_ASM -DVPAES_ASM -DECP_NISTZ256_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib64/engines-1.1\"" -Wall -O3 -pthread -m64 -DB_ENDIAN -MMD -MF test/ecdsatest.d.tmp -MT test/ecdsatest.o -c -o test/ecdsatest.o test/ecdsatest.c rm -f test/ecdsatest make -f ./Makefile.shared -e \ PERL="/usr/bin/perl" SRCDIR=. \ APPNAME=test/ecdsatest OBJECTS="test/ecdsatest.o" \ LIBDEPS=' '" -L. -lcrypto"' -ldl ' \ CC='powerpc64-linux-gcc' CFLAGS='-DDSO_DLFCN -DHAVE_DLFCN_H -DNDEBUG -DOPENSSL_THREADS -DOPENSSL_NO_STATIC_ENGINE -DOPENSSL_PIC -DOPENSSL_BN_ASM_MONT -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DAES_ASM -DVPAES_ASM -DECP_NISTZ256_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib64/engines-1.1\"" -Wall -O3 -pthread -m64 -DB_ENDIAN ' \ LDFLAGS='' \ link_app.linux-shared make[2]: Entering directory ` LD_LIBRARY_PATH=.: powerpc64-linux-gcc -DDSO_DLFCN -DHAVE_DLFCN_H -DNDEBUG -DOPENSSL_THREADS -DOPENSSL_NO_STATIC_ENGINE -DOPENSSL_PIC -DOPENSSL_BN_ASM_MONT -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DAES_ASM -DVPAES_ASM -DECP_NISTZ256_ASM -DPOLY1305_ASM -DOPENSSLDIR="/usr/local/ssl" -DENGINESDIR="/usr/local/lib64/engines-1.1" -Wall -O3 -pthread -m64 -DB_ENDIAN -o test/ecdsatest test/ecdsatest.o -L. -lcrypto -ldl make[2]: Leaving directory ` powerpc64-linux-gcc -Iinclude -DDSO_DLFCN -DHAVE_DLFCN_H -DNDEBUG -DOPENSSL_THREADS -DOPENSSL_NO_STATIC_ENGINE -DOPENSSL_PIC -DOPENSSL_BN_ASM_MONT -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DAES_ASM -DVPAES_ASM -DECP_NISTZ256_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib64/engines-1.1\"" -Wall -O3 -pthread -m64 -DB_ENDIAN -MMD -MF test/ectest.d.tmp -MT test/ectest.o -c -o test/ectest.o test/ectest.c rm -f test/ectest make -f ./Makefile.shared -e \ PERL="/usr/bin/perl" SRCDIR=. \ APPNAME=test/ectest OBJECTS="test/ectest.o" \ LIBDEPS=' '" -L. -lcrypto"' -ldl ' \ CC='powerpc64-linux-gcc' CFLAGS='-DDSO_DLFCN -DHAVE_DLFCN_H -DNDEBUG -DOPENSSL_THREADS -DOPENSSL_NO_STATIC_ENGINE -DOPENSSL_PIC -DOPENSSL_BN_ASM_MONT -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DAES_ASM -DVPAES_ASM -DECP_NISTZ256_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib64/engines-1.1\"" -Wall -O3 -pthread -m64 -DB_ENDIAN ' \ LDFLAGS='' \ link_app.linux-shared make[2]: Entering directory ` LD_LIBRARY_PATH=.: powerpc64-linux-gcc -DDSO_DLFCN -DHAVE_DLFCN_H -DNDEBUG -DOPENSSL_THREADS -DOPENSSL_NO_STATIC_ENGINE -DOPENSSL_PIC -DOPENSSL_BN_ASM_MONT -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DAES_ASM -DVPAES_ASM -DECP_NISTZ256_ASM -DPOLY1305_ASM -DOPENSSLDIR="/usr/local/ssl" -DENGINESDIR="/usr/local/lib64/engines-1.1" -Wall -O3 -pthread -m64 -DB_ENDIAN -o test/ectest test/ectest.o -L. -lcrypto -ldl make[2]: Leaving directory ` powerpc64-linux-gcc -Iinclude -DDSO_DLFCN -DHAVE_DLFCN_H -DNDEBUG -DOPENSSL_THREADS -DOPENSSL_NO_STATIC_ENGINE -DOPENSSL_PIC -DOPENSSL_BN_ASM_MONT -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DAES_ASM -DVPAES_ASM -DECP_NISTZ256_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib64/engines-1.1\"" -Wall -O3 -pthread -m64 -DB_ENDIAN -MMD -MF test/enginetest.d.tmp -MT test/enginetest.o -c -o test/enginetest.o test/enginetest.c rm -f test/enginetest make -f ./Makefile.shared -e \ PERL="/usr/bin/perl" SRCDIR=. \ APPNAME=test/enginetest OBJECTS="test/enginetest.o" \ LIBDEPS=' '" -L. -lcrypto"' -ldl ' \ CC='powerpc64-linux-gcc' CFLAGS='-DDSO_DLFCN -DHAVE_DLFCN_H -DNDEBUG -DOPENSSL_THREADS -DOPENSSL_NO_STATIC_ENGINE -DOPENSSL_PIC -DOPENSSL_BN_ASM_MONT -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DAES_ASM -DVPAES_ASM -DECP_NISTZ256_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib64/engines-1.1\"" -Wall -O3 -pthread -m64 -DB_ENDIAN ' \ LDFLAGS='' \ link_app.linux-shared make[2]: Entering directory ` LD_LIBRARY_PATH=.: powerpc64-linux-gcc -DDSO_DLFCN -DHAVE_DLFCN_H -DNDEBUG -DOPENSSL_THREADS -DOPENSSL_NO_STATIC_ENGINE -DOPENSSL_PIC -DOPENSSL_BN_ASM_MONT -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DAES_ASM -DVPAES_ASM -DECP_NISTZ256_ASM -DPOLY1305_ASM -DOPENSSLDIR="/usr/local/ssl" -DENGINESDIR="/usr/local/lib64/engines-1.1" -Wall -O3 -pthread -m64 -DB_ENDIAN -o test/enginetest test/enginetest.o -L. -lcrypto -ldl make[2]: Leaving directory ` powerpc64-linux-gcc -Iinclude -DDSO_DLFCN -DHAVE_DLFCN_H -DNDEBUG -DOPENSSL_THREADS -DOPENSSL_NO_STATIC_ENGINE -DOPENSSL_PIC -DOPENSSL_BN_ASM_MONT -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DAES_ASM -DVPAES_ASM -DECP_NISTZ256_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib64/engines-1.1\"" -Wall -O3 -pthread -m64 -DB_ENDIAN -MMD -MF test/evp_extra_test.d.tmp -MT test/evp_extra_test.o -c -o test/evp_extra_test.o test/evp_extra_test.c rm -f test/evp_extra_test make -f ./Makefile.shared -e \ PERL="/usr/bin/perl" SRCDIR=. \ APPNAME=test/evp_extra_test OBJECTS="test/evp_extra_test.o" \ LIBDEPS=' '" -L. -lcrypto"' -ldl ' \ CC='powerpc64-linux-gcc' CFLAGS='-DDSO_DLFCN -DHAVE_DLFCN_H -DNDEBUG -DOPENSSL_THREADS -DOPENSSL_NO_STATIC_ENGINE -DOPENSSL_PIC -DOPENSSL_BN_ASM_MONT -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DAES_ASM -DVPAES_ASM -DECP_NISTZ256_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib64/engines-1.1\"" -Wall -O3 -pthread -m64 -DB_ENDIAN ' \ LDFLAGS='' \ link_app.linux-shared make[2]: Entering directory ` LD_LIBRARY_PATH=.: powerpc64-linux-gcc -DDSO_DLFCN -DHAVE_DLFCN_H -DNDEBUG -DOPENSSL_THREADS -DOPENSSL_NO_STATIC_ENGINE -DOPENSSL_PIC -DOPENSSL_BN_ASM_MONT -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DAES_ASM -DVPAES_ASM -DECP_NISTZ256_ASM -DPOLY1305_ASM -DOPENSSLDIR="/usr/local/ssl" -DENGINESDIR="/usr/local/lib64/engines-1.1" -Wall -O3 -pthread -m64 -DB_ENDIAN -o test/evp_extra_test test/evp_extra_test.o -L. -lcrypto -ldl make[2]: Leaving directory ` powerpc64-linux-gcc -Iinclude -DDSO_DLFCN -DHAVE_DLFCN_H -DNDEBUG -DOPENSSL_THREADS -DOPENSSL_NO_STATIC_ENGINE -DOPENSSL_PIC -DOPENSSL_BN_ASM_MONT -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DAES_ASM -DVPAES_ASM -DECP_NISTZ256_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib64/engines-1.1\"" -Wall -O3 -pthread -m64 -DB_ENDIAN -MMD -MF test/evp_test.d.tmp -MT test/evp_test.o -c -o test/evp_test.o test/evp_test.c rm -f test/evp_test make -f ./Makefile.shared -e \ PERL="/usr/bin/perl" SRCDIR=. \ APPNAME=test/evp_test OBJECTS="test/evp_test.o" \ LIBDEPS=' '" -L. -lcrypto"' -ldl ' \ CC='powerpc64-linux-gcc' CFLAGS='-DDSO_DLFCN -DHAVE_DLFCN_H -DNDEBUG -DOPENSSL_THREADS -DOPENSSL_NO_STATIC_ENGINE -DOPENSSL_PIC -DOPENSSL_BN_ASM_MONT -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DAES_ASM -DVPAES_ASM -DECP_NISTZ256_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib64/engines-1.1\"" -Wall -O3 -pthread -m64 -DB_ENDIAN ' \ LDFLAGS='' \ link_app.linux-shared make[2]: Entering directory ` LD_LIBRARY_PATH=.: powerpc64-linux-gcc -DDSO_DLFCN -DHAVE_DLFCN_H -DNDEBUG -DOPENSSL_THREADS -DOPENSSL_NO_STATIC_ENGINE -DOPENSSL_PIC -DOPENSSL_BN_ASM_MONT -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DAES_ASM -DVPAES_ASM -DECP_NISTZ256_ASM -DPOLY1305_ASM -DOPENSSLDIR="/usr/local/ssl" -DENGINESDIR="/usr/local/lib64/engines-1.1" -Wall -O3 -pthread -m64 -DB_ENDIAN -o test/evp_test test/evp_test.o -L. -lcrypto -ldl make[2]: Leaving directory ` powerpc64-linux-gcc -Iinclude -DDSO_DLFCN -DHAVE_DLFCN_H -DNDEBUG -DOPENSSL_THREADS -DOPENSSL_NO_STATIC_ENGINE -DOPENSSL_PIC -DOPENSSL_BN_ASM_MONT -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DAES_ASM -DVPAES_ASM -DECP_NISTZ256_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib64/engines-1.1\"" -Wall -O3 -pthread -m64 -DB_ENDIAN -MMD -MF test/exptest.d.tmp -MT test/exptest.o -c -o test/exptest.o test/exptest.c rm -f test/exptest make -f ./Makefile.shared -e \ PERL="/usr/bin/perl" SRCDIR=. \ APPNAME=test/exptest OBJECTS="test/exptest.o" \ LIBDEPS=' '" -L. -lcrypto"' -ldl ' \ CC='powerpc64-linux-gcc' CFLAGS='-DDSO_DLFCN -DHAVE_DLFCN_H -DNDEBUG -DOPENSSL_THREADS -DOPENSSL_NO_STATIC_ENGINE -DOPENSSL_PIC -DOPENSSL_BN_ASM_MONT -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DAES_ASM -DVPAES_ASM -DECP_NISTZ256_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib64/engines-1.1\"" -Wall -O3 -pthread -m64 -DB_ENDIAN ' \ LDFLAGS='' \ link_app.linux-shared make[2]: Entering directory ` LD_LIBRARY_PATH=.: powerpc64-linux-gcc -DDSO_DLFCN -DHAVE_DLFCN_H -DNDEBUG -DOPENSSL_THREADS -DOPENSSL_NO_STATIC_ENGINE -DOPENSSL_PIC -DOPENSSL_BN_ASM_MONT -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DAES_ASM -DVPAES_ASM -DECP_NISTZ256_ASM -DPOLY1305_ASM -DOPENSSLDIR="/usr/local/ssl" -DENGINESDIR="/usr/local/lib64/engines-1.1" -Wall -O3 -pthread -m64 -DB_ENDIAN -o test/exptest test/exptest.o -L. -lcrypto -ldl make[2]: Leaving directory ` powerpc64-linux-gcc -Iinclude -DDSO_DLFCN -DHAVE_DLFCN_H -DNDEBUG -DOPENSSL_THREADS -DOPENSSL_NO_STATIC_ENGINE -DOPENSSL_PIC -DOPENSSL_BN_ASM_MONT -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DAES_ASM -DVPAES_ASM -DECP_NISTZ256_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib64/engines-1.1\"" -Wall -O3 -pthread -m64 -DB_ENDIAN -MMD -MF test/gmdifftest.d.tmp -MT test/gmdifftest.o -c -o test/gmdifftest.o test/gmdifftest.c rm -f test/gmdifftest make -f ./Makefile.shared -e \ PERL="/usr/bin/perl" SRCDIR=. \ APPNAME=test/gmdifftest OBJECTS="test/gmdifftest.o" \ LIBDEPS=' '" -L. -lcrypto"' -ldl ' \ CC='powerpc64-linux-gcc' CFLAGS='-DDSO_DLFCN -DHAVE_DLFCN_H -DNDEBUG -DOPENSSL_THREADS -DOPENSSL_NO_STATIC_ENGINE -DOPENSSL_PIC -DOPENSSL_BN_ASM_MONT -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DAES_ASM -DVPAES_ASM -DECP_NISTZ256_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib64/engines-1.1\"" -Wall -O3 -pthread -m64 -DB_ENDIAN ' \ LDFLAGS='' \ link_app.linux-shared make[2]: Entering directory ` LD_LIBRARY_PATH=.: powerpc64-linux-gcc -DDSO_DLFCN -DHAVE_DLFCN_H -DNDEBUG -DOPENSSL_THREADS -DOPENSSL_NO_STATIC_ENGINE -DOPENSSL_PIC -DOPENSSL_BN_ASM_MONT -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DAES_ASM -DVPAES_ASM -DECP_NISTZ256_ASM -DPOLY1305_ASM -DOPENSSLDIR="/usr/local/ssl" -DENGINESDIR="/usr/local/lib64/engines-1.1" -Wall -O3 -pthread -m64 -DB_ENDIAN -o test/gmdifftest test/gmdifftest.o -L. -lcrypto -ldl make[2]: Leaving directory ` powerpc64-linux-gcc -I. -Iinclude -DDSO_DLFCN -DHAVE_DLFCN_H -DNDEBUG -DOPENSSL_THREADS -DOPENSSL_NO_STATIC_ENGINE -DOPENSSL_PIC -DOPENSSL_BN_ASM_MONT -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DAES_ASM -DVPAES_ASM -DECP_NISTZ256_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib64/engines-1.1\"" -Wall -O3 -pthread -m64 -DB_ENDIAN -MMD -MF test/heartbeat_test.d.tmp -MT test/heartbeat_test.o -c -o test/heartbeat_test.o test/heartbeat_test.c rm -f test/heartbeat_test make -f ./Makefile.shared -e \ PERL="/usr/bin/perl" SRCDIR=. \ APPNAME=test/heartbeat_test OBJECTS="test/heartbeat_test.o test/testutil.o" \ LIBDEPS=' '" -L. -lssl -L. -lcrypto"' -ldl ' \ CC='powerpc64-linux-gcc' CFLAGS='-DDSO_DLFCN -DHAVE_DLFCN_H -DNDEBUG -DOPENSSL_THREADS -DOPENSSL_NO_STATIC_ENGINE -DOPENSSL_PIC -DOPENSSL_BN_ASM_MONT -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DAES_ASM -DVPAES_ASM -DECP_NISTZ256_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib64/engines-1.1\"" -Wall -O3 -pthread -m64 -DB_ENDIAN ' \ LDFLAGS='' \ link_app.linux-shared make[2]: Entering directory ` LD_LIBRARY_PATH=.: powerpc64-linux-gcc -DDSO_DLFCN -DHAVE_DLFCN_H -DNDEBUG -DOPENSSL_THREADS -DOPENSSL_NO_STATIC_ENGINE -DOPENSSL_PIC -DOPENSSL_BN_ASM_MONT -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DAES_ASM -DVPAES_ASM -DECP_NISTZ256_ASM -DPOLY1305_ASM -DOPENSSLDIR="/usr/local/ssl" -DENGINESDIR="/usr/local/lib64/engines-1.1" -Wall -O3 -pthread -m64 -DB_ENDIAN -o test/heartbeat_test test/heartbeat_test.o test/testutil.o -L. -lssl -L. -lcrypto -ldl make[2]: Leaving directory ` powerpc64-linux-gcc -Iinclude -DDSO_DLFCN -DHAVE_DLFCN_H -DNDEBUG -DOPENSSL_THREADS -DOPENSSL_NO_STATIC_ENGINE -DOPENSSL_PIC -DOPENSSL_BN_ASM_MONT -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DAES_ASM -DVPAES_ASM -DECP_NISTZ256_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib64/engines-1.1\"" -Wall -O3 -pthread -m64 -DB_ENDIAN -MMD -MF test/hmactest.d.tmp -MT test/hmactest.o -c -o test/hmactest.o test/hmactest.c rm -f test/hmactest make -f ./Makefile.shared -e \ PERL="/usr/bin/perl" SRCDIR=. \ APPNAME=test/hmactest OBJECTS="test/hmactest.o" \ LIBDEPS=' '" -L. -lcrypto"' -ldl ' \ CC='powerpc64-linux-gcc' CFLAGS='-DDSO_DLFCN -DHAVE_DLFCN_H -DNDEBUG -DOPENSSL_THREADS -DOPENSSL_NO_STATIC_ENGINE -DOPENSSL_PIC -DOPENSSL_BN_ASM_MONT -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DAES_ASM -DVPAES_ASM -DECP_NISTZ256_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib64/engines-1.1\"" -Wall -O3 -pthread -m64 -DB_ENDIAN ' \ LDFLAGS='' \ link_app.linux-shared make[2]: Entering directory ` LD_LIBRARY_PATH=.: powerpc64-linux-gcc -DDSO_DLFCN -DHAVE_DLFCN_H -DNDEBUG -DOPENSSL_THREADS -DOPENSSL_NO_STATIC_ENGINE -DOPENSSL_PIC -DOPENSSL_BN_ASM_MONT -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DAES_ASM -DVPAES_ASM -DECP_NISTZ256_ASM -DPOLY1305_ASM -DOPENSSLDIR="/usr/local/ssl" -DENGINESDIR="/usr/local/lib64/engines-1.1" -Wall -O3 -pthread -m64 -DB_ENDIAN -o test/hmactest test/hmactest.o -L. -lcrypto -ldl make[2]: Leaving directory ` powerpc64-linux-gcc -Iinclude -DDSO_DLFCN -DHAVE_DLFCN_H -DNDEBUG -DOPENSSL_THREADS -DOPENSSL_NO_STATIC_ENGINE -DOPENSSL_PIC -DOPENSSL_BN_ASM_MONT -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DAES_ASM -DVPAES_ASM -DECP_NISTZ256_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib64/engines-1.1\"" -Wall -O3 -pthread -m64 -DB_ENDIAN -MMD -MF test/ideatest.d.tmp -MT test/ideatest.o -c -o test/ideatest.o test/ideatest.c rm -f test/ideatest make -f ./Makefile.shared -e \ PERL="/usr/bin/perl" SRCDIR=. \ APPNAME=test/ideatest OBJECTS="test/ideatest.o" \ LIBDEPS=' '" -L. -lcrypto"' -ldl ' \ CC='powerpc64-linux-gcc' CFLAGS='-DDSO_DLFCN -DHAVE_DLFCN_H -DNDEBUG -DOPENSSL_THREADS -DOPENSSL_NO_STATIC_ENGINE -DOPENSSL_PIC -DOPENSSL_BN_ASM_MONT -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DAES_ASM -DVPAES_ASM -DECP_NISTZ256_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib64/engines-1.1\"" -Wall -O3 -pthread -m64 -DB_ENDIAN ' \ LDFLAGS='' \ link_app.linux-shared make[2]: Entering directory ` LD_LIBRARY_PATH=.: powerpc64-linux-gcc -DDSO_DLFCN -DHAVE_DLFCN_H -DNDEBUG -DOPENSSL_THREADS -DOPENSSL_NO_STATIC_ENGINE -DOPENSSL_PIC -DOPENSSL_BN_ASM_MONT -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DAES_ASM -DVPAES_ASM -DECP_NISTZ256_ASM -DPOLY1305_ASM -DOPENSSLDIR="/usr/local/ssl" -DENGINESDIR="/usr/local/lib64/engines-1.1" -Wall -O3 -pthread -m64 -DB_ENDIAN -o test/ideatest test/ideatest.o -L. -lcrypto -ldl make[2]: Leaving directory ` powerpc64-linux-gcc -I. -Iinclude -DDSO_DLFCN -DHAVE_DLFCN_H -DNDEBUG -DOPENSSL_THREADS -DOPENSSL_NO_STATIC_ENGINE -DOPENSSL_PIC -DOPENSSL_BN_ASM_MONT -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DAES_ASM -DVPAES_ASM -DECP_NISTZ256_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib64/engines-1.1\"" -Wall -O3 -pthread -m64 -DB_ENDIAN -MMD -MF test/igetest.d.tmp -MT test/igetest.o -c -o test/igetest.o test/igetest.c rm -f test/igetest make -f ./Makefile.shared -e \ PERL="/usr/bin/perl" SRCDIR=. \ APPNAME=test/igetest OBJECTS="test/igetest.o" \ LIBDEPS=' '" -L. -lcrypto"' -ldl ' \ CC='powerpc64-linux-gcc' CFLAGS='-DDSO_DLFCN -DHAVE_DLFCN_H -DNDEBUG -DOPENSSL_THREADS -DOPENSSL_NO_STATIC_ENGINE -DOPENSSL_PIC -DOPENSSL_BN_ASM_MONT -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DAES_ASM -DVPAES_ASM -DECP_NISTZ256_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib64/engines-1.1\"" -Wall -O3 -pthread -m64 -DB_ENDIAN ' \ LDFLAGS='' \ link_app.linux-shared make[2]: Entering directory ` LD_LIBRARY_PATH=.: powerpc64-linux-gcc -DDSO_DLFCN -DHAVE_DLFCN_H -DNDEBUG -DOPENSSL_THREADS -DOPENSSL_NO_STATIC_ENGINE -DOPENSSL_PIC -DOPENSSL_BN_ASM_MONT -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DAES_ASM -DVPAES_ASM -DECP_NISTZ256_ASM -DPOLY1305_ASM -DOPENSSLDIR="/usr/local/ssl" -DENGINESDIR="/usr/local/lib64/engines-1.1" -Wall -O3 -pthread -m64 -DB_ENDIAN -o test/igetest test/igetest.o -L. -lcrypto -ldl make[2]: Leaving directory ` powerpc64-linux-gcc -Iinclude -DDSO_DLFCN -DHAVE_DLFCN_H -DNDEBUG -DOPENSSL_THREADS -DOPENSSL_NO_STATIC_ENGINE -DOPENSSL_PIC -DOPENSSL_BN_ASM_MONT -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DAES_ASM -DVPAES_ASM -DECP_NISTZ256_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib64/engines-1.1\"" -Wall -O3 -pthread -m64 -DB_ENDIAN -MMD -MF test/md2test.d.tmp -MT test/md2test.o -c -o test/md2test.o test/md2test.c rm -f test/md2test make -f ./Makefile.shared -e \ PERL="/usr/bin/perl" SRCDIR=. \ APPNAME=test/md2test OBJECTS="test/md2test.o" \ LIBDEPS=' '" -L. -lcrypto"' -ldl ' \ CC='powerpc64-linux-gcc' CFLAGS='-DDSO_DLFCN -DHAVE_DLFCN_H -DNDEBUG -DOPENSSL_THREADS -DOPENSSL_NO_STATIC_ENGINE -DOPENSSL_PIC -DOPENSSL_BN_ASM_MONT -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DAES_ASM -DVPAES_ASM -DECP_NISTZ256_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib64/engines-1.1\"" -Wall -O3 -pthread -m64 -DB_ENDIAN ' \ LDFLAGS='' \ link_app.linux-shared make[2]: Entering directory ` LD_LIBRARY_PATH=.: powerpc64-linux-gcc -DDSO_DLFCN -DHAVE_DLFCN_H -DNDEBUG -DOPENSSL_THREADS -DOPENSSL_NO_STATIC_ENGINE -DOPENSSL_PIC -DOPENSSL_BN_ASM_MONT -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DAES_ASM -DVPAES_ASM -DECP_NISTZ256_ASM -DPOLY1305_ASM -DOPENSSLDIR="/usr/local/ssl" -DENGINESDIR="/usr/local/lib64/engines-1.1" -Wall -O3 -pthread -m64 -DB_ENDIAN -o test/md2test test/md2test.o -L. -lcrypto -ldl make[2]: Leaving directory ` powerpc64-linux-gcc -Iinclude -DDSO_DLFCN -DHAVE_DLFCN_H -DNDEBUG -DOPENSSL_THREADS -DOPENSSL_NO_STATIC_ENGINE -DOPENSSL_PIC -DOPENSSL_BN_ASM_MONT -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DAES_ASM -DVPAES_ASM -DECP_NISTZ256_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib64/engines-1.1\"" -Wall -O3 -pthread -m64 -DB_ENDIAN -MMD -MF test/md4test.d.tmp -MT test/md4test.o -c -o test/md4test.o test/md4test.c rm -f test/md4test make -f ./Makefile.shared -e \ PERL="/usr/bin/perl" SRCDIR=. \ APPNAME=test/md4test OBJECTS="test/md4test.o" \ LIBDEPS=' '" -L. -lcrypto"' -ldl ' \ CC='powerpc64-linux-gcc' CFLAGS='-DDSO_DLFCN -DHAVE_DLFCN_H -DNDEBUG -DOPENSSL_THREADS -DOPENSSL_NO_STATIC_ENGINE -DOPENSSL_PIC -DOPENSSL_BN_ASM_MONT -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DAES_ASM -DVPAES_ASM -DECP_NISTZ256_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib64/engines-1.1\"" -Wall -O3 -pthread -m64 -DB_ENDIAN ' \ LDFLAGS='' \ link_app.linux-shared make[2]: Entering directory ` LD_LIBRARY_PATH=.: powerpc64-linux-gcc -DDSO_DLFCN -DHAVE_DLFCN_H -DNDEBUG -DOPENSSL_THREADS -DOPENSSL_NO_STATIC_ENGINE -DOPENSSL_PIC -DOPENSSL_BN_ASM_MONT -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DAES_ASM -DVPAES_ASM -DECP_NISTZ256_ASM -DPOLY1305_ASM -DOPENSSLDIR="/usr/local/ssl" -DENGINESDIR="/usr/local/lib64/engines-1.1" -Wall -O3 -pthread -m64 -DB_ENDIAN -o test/md4test test/md4test.o -L. -lcrypto -ldl make[2]: Leaving directory ` powerpc64-linux-gcc -Iinclude -DDSO_DLFCN -DHAVE_DLFCN_H -DNDEBUG -DOPENSSL_THREADS -DOPENSSL_NO_STATIC_ENGINE -DOPENSSL_PIC -DOPENSSL_BN_ASM_MONT -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DAES_ASM -DVPAES_ASM -DECP_NISTZ256_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib64/engines-1.1\"" -Wall -O3 -pthread -m64 -DB_ENDIAN -MMD -MF test/md5test.d.tmp -MT test/md5test.o -c -o test/md5test.o test/md5test.c rm -f test/md5test make -f ./Makefile.shared -e \ PERL="/usr/bin/perl" SRCDIR=. \ APPNAME=test/md5test OBJECTS="test/md5test.o" \ LIBDEPS=' '" -L. -lcrypto"' -ldl ' \ CC='powerpc64-linux-gcc' CFLAGS='-DDSO_DLFCN -DHAVE_DLFCN_H -DNDEBUG -DOPENSSL_THREADS -DOPENSSL_NO_STATIC_ENGINE -DOPENSSL_PIC -DOPENSSL_BN_ASM_MONT -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DAES_ASM -DVPAES_ASM -DECP_NISTZ256_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib64/engines-1.1\"" -Wall -O3 -pthread -m64 -DB_ENDIAN ' \ LDFLAGS='' \ link_app.linux-shared make[2]: Entering directory ` LD_LIBRARY_PATH=.: powerpc64-linux-gcc -DDSO_DLFCN -DHAVE_DLFCN_H -DNDEBUG -DOPENSSL_THREADS -DOPENSSL_NO_STATIC_ENGINE -DOPENSSL_PIC -DOPENSSL_BN_ASM_MONT -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DAES_ASM -DVPAES_ASM -DECP_NISTZ256_ASM -DPOLY1305_ASM -DOPENSSLDIR="/usr/local/ssl" -DENGINESDIR="/usr/local/lib64/engines-1.1" -Wall -O3 -pthread -m64 -DB_ENDIAN -o test/md5test test/md5test.o -L. -lcrypto -ldl make[2]: Leaving directory ` powerpc64-linux-gcc -I. -Iinclude -DDSO_DLFCN -DHAVE_DLFCN_H -DNDEBUG -DOPENSSL_THREADS -DOPENSSL_NO_STATIC_ENGINE -DOPENSSL_PIC -DOPENSSL_BN_ASM_MONT -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DAES_ASM -DVPAES_ASM -DECP_NISTZ256_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib64/engines-1.1\"" -Wall -O3 -pthread -m64 -DB_ENDIAN -MMD -MF test/mdc2_internal_test.d.tmp -MT test/mdc2_internal_test.o -c -o test/mdc2_internal_test.o test/mdc2_internal_test.c rm -f test/mdc2_internal_test make -f ./Makefile.shared -e \ PERL="/usr/bin/perl" SRCDIR=. \ APPNAME=test/mdc2_internal_test OBJECTS="test/mdc2_internal_test.o test/testutil.o" \ LIBDEPS=' '" -L. -lcrypto"' -ldl ' \ CC='powerpc64-linux-gcc' CFLAGS='-DDSO_DLFCN -DHAVE_DLFCN_H -DNDEBUG -DOPENSSL_THREADS -DOPENSSL_NO_STATIC_ENGINE -DOPENSSL_PIC -DOPENSSL_BN_ASM_MONT -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DAES_ASM -DVPAES_ASM -DECP_NISTZ256_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib64/engines-1.1\"" -Wall -O3 -pthread -m64 -DB_ENDIAN ' \ LDFLAGS='' \ link_app.linux-shared make[2]: Entering directory ` LD_LIBRARY_PATH=.: powerpc64-linux-gcc -DDSO_DLFCN -DHAVE_DLFCN_H -DNDEBUG -DOPENSSL_THREADS -DOPENSSL_NO_STATIC_ENGINE -DOPENSSL_PIC -DOPENSSL_BN_ASM_MONT -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DAES_ASM -DVPAES_ASM -DECP_NISTZ256_ASM -DPOLY1305_ASM -DOPENSSLDIR="/usr/local/ssl" -DENGINESDIR="/usr/local/lib64/engines-1.1" -Wall -O3 -pthread -m64 -DB_ENDIAN -o test/mdc2_internal_test test/mdc2_internal_test.o test/testutil.o -L. -lcrypto -ldl make[2]: Leaving directory ` powerpc64-linux-gcc -Iinclude -DDSO_DLFCN -DHAVE_DLFCN_H -DNDEBUG -DOPENSSL_THREADS -DOPENSSL_NO_STATIC_ENGINE -DOPENSSL_PIC -DOPENSSL_BN_ASM_MONT -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DAES_ASM -DVPAES_ASM -DECP_NISTZ256_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib64/engines-1.1\"" -Wall -O3 -pthread -m64 -DB_ENDIAN -MMD -MF test/mdc2test.d.tmp -MT test/mdc2test.o -c -o test/mdc2test.o test/mdc2test.c rm -f test/mdc2test make -f ./Makefile.shared -e \ PERL="/usr/bin/perl" SRCDIR=. \ APPNAME=test/mdc2test OBJECTS="test/mdc2test.o" \ LIBDEPS=' '" -L. -lcrypto"' -ldl ' \ CC='powerpc64-linux-gcc' CFLAGS='-DDSO_DLFCN -DHAVE_DLFCN_H -DNDEBUG -DOPENSSL_THREADS -DOPENSSL_NO_STATIC_ENGINE -DOPENSSL_PIC -DOPENSSL_BN_ASM_MONT -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DAES_ASM -DVPAES_ASM -DECP_NISTZ256_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib64/engines-1.1\"" -Wall -O3 -pthread -m64 -DB_ENDIAN ' \ LDFLAGS='' \ link_app.linux-shared make[2]: Entering directory ` LD_LIBRARY_PATH=.: powerpc64-linux-gcc -DDSO_DLFCN -DHAVE_DLFCN_H -DNDEBUG -DOPENSSL_THREADS -DOPENSSL_NO_STATIC_ENGINE -DOPENSSL_PIC -DOPENSSL_BN_ASM_MONT -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DAES_ASM -DVPAES_ASM -DECP_NISTZ256_ASM -DPOLY1305_ASM -DOPENSSLDIR="/usr/local/ssl" -DENGINESDIR="/usr/local/lib64/engines-1.1" -Wall -O3 -pthread -m64 -DB_ENDIAN -o test/mdc2test test/mdc2test.o -L. -lcrypto -ldl make[2]: Leaving directory ` powerpc64-linux-gcc -Iinclude -DDSO_DLFCN -DHAVE_DLFCN_H -DNDEBUG -DOPENSSL_THREADS -DOPENSSL_NO_STATIC_ENGINE -DOPENSSL_PIC -DOPENSSL_BN_ASM_MONT -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DAES_ASM -DVPAES_ASM -DECP_NISTZ256_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib64/engines-1.1\"" -Wall -O3 -pthread -m64 -DB_ENDIAN -MMD -MF test/memleaktest.d.tmp -MT test/memleaktest.o -c -o test/memleaktest.o test/memleaktest.c rm -f test/memleaktest make -f ./Makefile.shared -e \ PERL="/usr/bin/perl" SRCDIR=. \ APPNAME=test/memleaktest OBJECTS="test/memleaktest.o" \ LIBDEPS=' '" -L. -lcrypto"' -ldl ' \ CC='powerpc64-linux-gcc' CFLAGS='-DDSO_DLFCN -DHAVE_DLFCN_H -DNDEBUG -DOPENSSL_THREADS -DOPENSSL_NO_STATIC_ENGINE -DOPENSSL_PIC -DOPENSSL_BN_ASM_MONT -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DAES_ASM -DVPAES_ASM -DECP_NISTZ256_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib64/engines-1.1\"" -Wall -O3 -pthread -m64 -DB_ENDIAN ' \ LDFLAGS='' \ link_app.linux-shared make[2]: Entering directory ` LD_LIBRARY_PATH=.: powerpc64-linux-gcc -DDSO_DLFCN -DHAVE_DLFCN_H -DNDEBUG -DOPENSSL_THREADS -DOPENSSL_NO_STATIC_ENGINE -DOPENSSL_PIC -DOPENSSL_BN_ASM_MONT -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DAES_ASM -DVPAES_ASM -DECP_NISTZ256_ASM -DPOLY1305_ASM -DOPENSSLDIR="/usr/local/ssl" -DENGINESDIR="/usr/local/lib64/engines-1.1" -Wall -O3 -pthread -m64 -DB_ENDIAN -o test/memleaktest test/memleaktest.o -L. -lcrypto -ldl make[2]: Leaving directory ` powerpc64-linux-gcc -I. -Iinclude -DDSO_DLFCN -DHAVE_DLFCN_H -DNDEBUG -DOPENSSL_THREADS -DOPENSSL_NO_STATIC_ENGINE -DOPENSSL_PIC -DOPENSSL_BN_ASM_MONT -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DAES_ASM -DVPAES_ASM -DECP_NISTZ256_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib64/engines-1.1\"" -Wall -O3 -pthread -m64 -DB_ENDIAN -MMD -MF test/modes_internal_test.d.tmp -MT test/modes_internal_test.o -c -o test/modes_internal_test.o test/modes_internal_test.c make[1]: *** No rule to make target `test/ppccap.c', needed by `test/ppccap.o'. Stop. make[1]: Leaving directory ` make: *** [all] Error 2 Build step 'Execute shell' marked build as failure From emilia at openssl.org Fri Nov 4 14:06:14 2016 From: emilia at openssl.org (Emilia Kasper) Date: Fri, 04 Nov 2016 14:06:14 +0000 Subject: [openssl-commits] [openssl] master update Message-ID: <1478268374.085324.31545.nullmailer@dev.openssl.org> The branch master has been updated via 308b876da9eff2f6455a32751b7ffeeaf6ee3fb8 (commit) via 6ec327eed616deeb4e5ecf1abfb1e1a530ba0701 (commit) from 7b1954384114643e1a3c3a0ababa3fd7a112c5e3 (commit) - Log ----------------------------------------------------------------- commit 308b876da9eff2f6455a32751b7ffeeaf6ee3fb8 Author: Emilia Kasper Date: Thu Nov 3 17:15:41 2016 +0100 Don't create fixtures for simple tests The test fixtures are (meant to be) useful for sharing common setup. Don't bother when we don't have any setup/teardown. This only addresses simple tests. Parameterized tests (ADD_ALL_TESTS) will be made more user-friendly in a follow-up. Reviewed-by: Rich Salz commit 6ec327eed616deeb4e5ecf1abfb1e1a530ba0701 Author: Emilia Kasper Date: Thu Nov 3 14:27:05 2016 +0100 testutil: always print errors on failure Reviewed-by: Richard Levitte ----------------------------------------------------------------------- Summary of changes: test/asn1_internal_test.c | 75 +++++++------------------------------------ test/cipherlist_test.c | 1 - test/ct_test.c | 1 - test/d2i_test.c | 30 +---------------- test/heartbeat_test.c | 2 -- test/mdc2_internal_test.c | 1 - test/modes_internal_test.c | 2 -- test/poly1305_internal_test.c | 1 - test/ssl_test.c | 2 -- test/ssl_test_ctx_test.c | 1 - test/testutil.c | 20 ++++++++++-- test/testutil.h | 15 +++++---- test/x509_internal_test.c | 44 ++----------------------- 13 files changed, 40 insertions(+), 155 deletions(-) diff --git a/test/asn1_internal_test.c b/test/asn1_internal_test.c index fc0ac20..6a5fce4 100644 --- a/test/asn1_internal_test.c +++ b/test/asn1_internal_test.c @@ -18,27 +18,15 @@ #include "testutil.h" #include "e_os.h" -typedef struct { - const char *test_case_name; - const char *test_section; -} SIMPLE_FIXTURE; - /********************************************************************** * * Test of a_strnid's tbl_standard * ***/ -static SIMPLE_FIXTURE setup_tbl_standard(const char *const test_case_name) -{ - SIMPLE_FIXTURE fixture; - fixture.test_case_name = test_case_name; - return fixture; -} - #include "../crypto/asn1/tbl_standard.h" -static int execute_tbl_standard(SIMPLE_FIXTURE fixture) +static int test_tbl_standard() { const ASN1_STRING_TABLE *tmp; int last_nid = -1; @@ -53,39 +41,27 @@ static int execute_tbl_standard(SIMPLE_FIXTURE fixture) } if (last_nid != 0) { - fprintf(stderr, "%s: Table order OK\n", fixture.test_section); + fprintf(stderr, "asn1 tbl_standard: Table order OK\n"); return 1; } for (tmp = tbl_standard, i = 0; i < OSSL_NELEM(tbl_standard); i++, tmp++) - fprintf(stderr, "%s: Index %" OSSLzu ", NID %d, Name=%s\n", - fixture.test_section, i, tmp->nid, OBJ_nid2ln(tmp->nid)); + fprintf(stderr, "asn1 tbl_standard: Index %" OSSLzu ", NID %d, Name=%s\n", + i, tmp->nid, OBJ_nid2ln(tmp->nid)); return 0; } -static void teardown_tbl_standard(SIMPLE_FIXTURE fixture) -{ - ERR_print_errors_fp(stderr); -} - /********************************************************************** * * Test of ameth_lib's standard_methods * ***/ -static SIMPLE_FIXTURE setup_standard_methods(const char *const test_case_name) -{ - SIMPLE_FIXTURE fixture; - fixture.test_case_name = test_case_name; - return fixture; -} - #include "internal/asn1_int.h" #include "../crypto/asn1/standard_methods.h" -static int execute_standard_methods(SIMPLE_FIXTURE fixture) +static int test_standard_methods() { const EVP_PKEY_ASN1_METHOD **tmp; int last_pkey_id = -1; @@ -101,52 +77,23 @@ static int execute_standard_methods(SIMPLE_FIXTURE fixture) } if (last_pkey_id != 0) { - fprintf(stderr, "%s: Table order OK\n", fixture.test_section); + fprintf(stderr, "asn1 standard methods: Table order OK\n"); return 1; } for (tmp = standard_methods, i = 0; i < OSSL_NELEM(standard_methods); i++, tmp++) - fprintf(stderr, "%s: Index %" OSSLzu ", pkey ID %d, Name=%s\n", - fixture.test_section, i, (*tmp)->pkey_id, - OBJ_nid2sn((*tmp)->pkey_id)); + fprintf(stderr, "asn1 standard methods: Index %" OSSLzu + ", pkey ID %d, Name=%s\n", i, (*tmp)->pkey_id, + OBJ_nid2sn((*tmp)->pkey_id)); return 0; } -static void teardown_standard_methods(SIMPLE_FIXTURE fixture) -{ - ERR_print_errors_fp(stderr); -} - -/********************************************************************** - * - * Test driver - * - ***/ - -static struct { - const char *section; - SIMPLE_FIXTURE (*setup)(const char *const test_case_name); - int (*execute)(SIMPLE_FIXTURE); - void (*teardown)(SIMPLE_FIXTURE); -} tests[] = { - {"asn1 tlb_standard", setup_tbl_standard, execute_tbl_standard, - teardown_tbl_standard}, - {"asn1 standard_methods", setup_standard_methods, execute_standard_methods, - teardown_standard_methods} -}; - -static int drive_tests(int idx) -{ - SETUP_TEST_FIXTURE(SIMPLE_FIXTURE, tests[idx].setup); - fixture.test_section = tests[idx].section; - EXECUTE_TEST(tests[idx].execute, tests[idx].teardown); -} - int main(int argc, char **argv) { - ADD_ALL_TESTS(drive_tests, OSSL_NELEM(tests)); + ADD_TEST(test_tbl_standard); + ADD_TEST(test_standard_methods); return run_tests(argv[0]); } diff --git a/test/cipherlist_test.c b/test/cipherlist_test.c index 70ebd83..b5dd7d9 100644 --- a/test/cipherlist_test.c +++ b/test/cipherlist_test.c @@ -167,7 +167,6 @@ static void tear_down(CIPHERLIST_TEST_FIXTURE fixture) { SSL_CTX_free(fixture.server); SSL_CTX_free(fixture.client); - ERR_print_errors_fp(stderr); } #define SETUP_CIPHERLIST_TEST_FIXTURE() \ diff --git a/test/ct_test.c b/test/ct_test.c index 705fbfb..db03f86 100644 --- a/test/ct_test.c +++ b/test/ct_test.c @@ -88,7 +88,6 @@ static void tear_down(CT_TEST_FIXTURE fixture) { CTLOG_STORE_free(fixture.ctlog_store); SCT_LIST_free(fixture.sct_list); - ERR_print_errors_fp(stderr); } static char *mk_file_path(const char *dir, const char *file) diff --git a/test/d2i_test.c b/test/d2i_test.c index 9c6fcb6..e12f249 100644 --- a/test/d2i_test.c +++ b/test/d2i_test.c @@ -41,18 +41,7 @@ typedef struct { static expected_error_t expected_error = ASN1_UNKNOWN; -typedef struct d2i_test_fixture { - const char *test_case_name; -} D2I_TEST_FIXTURE; - -static D2I_TEST_FIXTURE set_up(const char *const test_case_name) -{ - D2I_TEST_FIXTURE fixture; - fixture.test_case_name = test_case_name; - return fixture; -} - -static int execute_test(D2I_TEST_FIXTURE fixture) +static int test_bad_asn1() { BIO *bio = NULL; ASN1_VALUE *value = NULL; @@ -116,23 +105,6 @@ static int execute_test(D2I_TEST_FIXTURE fixture) return ret; } -static void tear_down(D2I_TEST_FIXTURE fixture) -{ - ERR_print_errors_fp(stderr); -} - -#define SETUP_D2I_TEST_FIXTURE() \ - SETUP_TEST_FIXTURE(D2I_TEST_FIXTURE, set_up) - -#define EXECUTE_D2I_TEST() \ - EXECUTE_TEST(execute_test, tear_down) - -static int test_bad_asn1() -{ - SETUP_D2I_TEST_FIXTURE(); - EXECUTE_D2I_TEST(); -} - /* * Usage: d2i_test , e.g. * d2i_test generalname bad_generalname.der diff --git a/test/heartbeat_test.c b/test/heartbeat_test.c index 906736c..9f6c6e5 100644 --- a/test/heartbeat_test.c +++ b/test/heartbeat_test.c @@ -155,7 +155,6 @@ static int dummy_handshake(SSL *s) static void tear_down(HEARTBEAT_TEST_FIXTURE fixture) { - ERR_print_errors_fp(stderr); SSL_free(fixture.s); SSL_CTX_free(fixture.ctx); } @@ -365,7 +364,6 @@ int main(int argc, char *argv[]) ADD_TEST(test_dtls1_heartbleed_excessive_plaintext_length); result = run_tests(argv[0]); - ERR_print_errors_fp(stderr); return result; } diff --git a/test/mdc2_internal_test.c b/test/mdc2_internal_test.c index 7f6a95c..3ed52de 100644 --- a/test/mdc2_internal_test.c +++ b/test/mdc2_internal_test.c @@ -60,7 +60,6 @@ static int execute_mdc2(SIMPLE_FIXTURE fixture) static void teardown_mdc2(SIMPLE_FIXTURE fixture) { - ERR_print_errors_fp(stderr); } /********************************************************************** diff --git a/test/modes_internal_test.c b/test/modes_internal_test.c index a1ed8c7..1e4f6e3 100644 --- a/test/modes_internal_test.c +++ b/test/modes_internal_test.c @@ -210,7 +210,6 @@ static int execute_cts128_nist(CTS128_FIXTURE fixture) static void teardown_cts128(CTS128_FIXTURE fixture) { - ERR_print_errors_fp(stderr); } /********************************************************************** @@ -279,7 +278,6 @@ static int execute_gcm128(GCM128_FIXTURE fixture) static void teardown_gcm128(GCM128_FIXTURE fixture) { - ERR_print_errors_fp(stderr); } static void benchmark_gcm128(const unsigned char *K, size_t Klen, diff --git a/test/poly1305_internal_test.c b/test/poly1305_internal_test.c index e5e7457..05ef878 100644 --- a/test/poly1305_internal_test.c +++ b/test/poly1305_internal_test.c @@ -144,7 +144,6 @@ static int execute_poly1305(SIMPLE_FIXTURE fixture) static void teardown_poly1305(SIMPLE_FIXTURE fixture) { - ERR_print_errors_fp(stderr); } static void benchmark_poly1305() diff --git a/test/ssl_test.c b/test/ssl_test.c index 9f14618..fb6214e 100644 --- a/test/ssl_test.c +++ b/test/ssl_test.c @@ -301,8 +301,6 @@ err: SSL_CTX_free(resume_server_ctx); SSL_CTX_free(resume_client_ctx); SSL_TEST_CTX_free(test_ctx); - if (ret != 1) - ERR_print_errors_fp(stderr); HANDSHAKE_RESULT_free(result); return ret; } diff --git a/test/ssl_test_ctx_test.c b/test/ssl_test_ctx_test.c index 0f321c6..c601e90 100644 --- a/test/ssl_test_ctx_test.c +++ b/test/ssl_test_ctx_test.c @@ -233,7 +233,6 @@ static int execute_failure_test(SSL_TEST_CTX_TEST_FIXTURE fixture) static void tear_down(SSL_TEST_CTX_TEST_FIXTURE fixture) { SSL_TEST_CTX_free(fixture.expected_ctx); - ERR_print_errors_fp(stderr); } #define SETUP_SSL_TEST_CTX_TEST_FIXTURE() \ diff --git a/test/testutil.c b/test/testutil.c index a16ef0f..f1cad64 100644 --- a/test/testutil.c +++ b/test/testutil.c @@ -15,6 +15,8 @@ #include #include "e_os.h" +#include + /* * Declares the structures needed to register each test case function. */ @@ -55,6 +57,14 @@ void add_all_tests(const char *test_case_name, int(*test_fn)(int idx), num_test_cases += num; } +static void finalize(int success) +{ + if (success) + ERR_clear_error(); + else + ERR_print_errors_fp(stderr); +} + int run_tests(const char *test_prog_name) { int num_failed = 0; @@ -66,18 +76,24 @@ int run_tests(const char *test_prog_name) for (i = 0; i != num_tests; ++i) { if (all_tests[i].num == -1) { - if (!all_tests[i].test_fn()) { + int ret = all_tests[i].test_fn(); + + if (!ret) { printf("** %s failed **\n--------\n", all_tests[i].test_case_name); ++num_failed; } + finalize(ret); } else { for (j = 0; j < all_tests[i].num; j++) { - if (!all_tests[i].param_test_fn(j)) { + int ret = all_tests[i].param_test_fn(j); + + if (!ret) { printf("** %s failed test %d\n--------\n", all_tests[i].test_case_name, j); ++num_failed; } + finalize(ret); } } } diff --git a/test/testutil.h b/test/testutil.h index 68d202a..af7c48c 100644 --- a/test/testutil.h +++ b/test/testutil.h @@ -12,7 +12,15 @@ #include +/* + * In main(), call ADD_TEST to register each test case function, then call + * run_tests() to execute all tests and report the results. The result + * returned from run_tests() should be used as the return value for main(). + */ +# define ADD_TEST(test_function) add_test(#test_function, test_function) + /*- + * Test cases that share common setup should use the helper * SETUP_TEST_FIXTURE and EXECUTE_TEST macros for test case functions. * * SETUP_TEST_FIXTURE will call set_up() to create a new TEST_FIXTURE_TYPE @@ -69,13 +77,6 @@ # endif /* __STDC_VERSION__ */ /* - * In main(), call ADD_TEST to register each test case function, then call - * run_tests() to execute all tests and report the results. The result - * returned from run_tests() should be used as the return value for main(). - */ -# define ADD_TEST(test_function) add_test(#test_function, test_function) - -/* * Simple parameterized tests. Adds a test_function(idx) test for each * 0 <= idx < num. */ diff --git a/test/x509_internal_test.c b/test/x509_internal_test.c index 76cc2ed..e0cb615 100644 --- a/test/x509_internal_test.c +++ b/test/x509_internal_test.c @@ -17,28 +17,16 @@ #include "testutil.h" #include "e_os.h" -typedef struct { - const char *test_case_name; - const char *test_section; -} SIMPLE_FIXTURE; - /********************************************************************** * * Test of x509v3 * ***/ -static SIMPLE_FIXTURE setup_standard_exts(const char *const test_case_name) -{ - SIMPLE_FIXTURE fixture; - fixture.test_case_name = test_case_name; - return fixture; -} - #include "../crypto/x509v3/ext_dat.h" #include "../crypto/x509v3/standard_exts.h" -static int execute_standard_exts(SIMPLE_FIXTURE fixture) +static int test_standard_exts() { size_t i; int prev = -1, good = 1; @@ -64,37 +52,9 @@ static int execute_standard_exts(SIMPLE_FIXTURE fixture) return good; } -static void teardown_standard_exts(SIMPLE_FIXTURE fixture) -{ - ERR_print_errors_fp(stderr); -} - -/********************************************************************** - * - * Test driver - * - ***/ - -static struct { - const char *section; - SIMPLE_FIXTURE (*setup)(const char *const test_case_name); - int (*execute)(SIMPLE_FIXTURE); - void (*teardown)(SIMPLE_FIXTURE); -} tests[] = { - {"standard_exts", setup_standard_exts, execute_standard_exts, - teardown_standard_exts}, -}; - -static int drive_tests(int idx) -{ - SETUP_TEST_FIXTURE(SIMPLE_FIXTURE, tests[idx].setup); - fixture.test_section = tests[idx].section; - EXECUTE_TEST(tests[idx].execute, tests[idx].teardown); -} - int main(int argc, char **argv) { - ADD_ALL_TESTS(drive_tests, OSSL_NELEM(tests)); + ADD_TEST(test_standard_exts); return run_tests(argv[0]); } From no-reply at appveyor.com Fri Nov 4 14:18:42 2016 From: no-reply at appveyor.com (AppVeyor) Date: Fri, 04 Nov 2016 14:18:42 +0000 Subject: [openssl-commits] Build completed: openssl master.6192 Message-ID: <20161104141829.45224.71709.CADC59B0@appveyor.com> An HTML attachment was scrubbed... URL: From rsalz at openssl.org Fri Nov 4 14:19:25 2016 From: rsalz at openssl.org (Rich Salz) Date: Fri, 04 Nov 2016 14:19:25 +0000 Subject: [openssl-commits] [web] master update Message-ID: <1478269165.672134.5541.nullmailer@dev.openssl.org> The branch master has been updated via 664e55d5a68aaf8cb986c065677737b34d7a89c2 (commit) from 24c3c743806fecc30e1c807cd04ce021d8d19f5b (commit) - Log ----------------------------------------------------------------- commit 664e55d5a68aaf8cb986c065677737b34d7a89c2 Author: Rich Salz Date: Fri Nov 4 10:17:08 2016 -0400 Missed updates to not use RT any more. ----------------------------------------------------------------------- Summary of changes: community/index.html | 41 +++++++++++++++++++++-------------------- docs/faq.txt | 25 +------------------------ 2 files changed, 22 insertions(+), 44 deletions(-) diff --git a/community/index.html b/community/index.html index a9fe68f..8dfd6b4 100644 --- a/community/index.html +++ b/community/index.html @@ -40,27 +40,20 @@

Reporting Bugs

+

We are in the process of changing to do "everything" on + GitHub. Please see our + blog post + for some details and background. +

If you think have found a security bug, please see our vulnerabilities page for information on how to report it.

-

We have set up a request tracker at - https://rt.openssl.org, - with read-only access using guest as the name - and password. - Requests can be viewed on-line by using the following URL, - replacing NNNN with the request number: - https://rt.openssl.org/Ticket/Display.html?user=guest&pass=guest&id=NNNN -

- -

The easiest way to respond to an existing request is to reply - to the relevant message in openssl-dev at openssl.org. - To help avoid duplicate copies, edit the recipient list so that - only rt at openssl.org is listed and remove any quoted - material. -

- -

To report a bug or make an enhancement request, send email +

To report a bug or make an enhancement request, please open + an issue on GitHub, by clicking "new issue" on this page: + https://github.com/openssl/openssl/issues. to rt at openssl.org. In the subject line, please make sure to indicate if it's a bug or a fix, and a brief description of the issue. In the @@ -71,9 +64,17 @@

For more information about the best way to submit patches, please see the file CONTRIBUTING in the distribution. - In short, making a - GitHub, - pull request is preferred.

+ The short answer is + make a pull request. +

+ +

Our backlog of old bugs is maintained with Request + Tracker, available at + https://rt.openssl.org, + with read-only access using guest as the name + and password. +