From aa4d426b4d3527d7e166df1a05058c9a4a0f6683 Mon Sep 17 00:00:00 2001 From: Wojtek Kosior Date: Fri, 30 Apr 2021 00:33:56 +0200 Subject: initial/final commit --- openssl-1.1.0h/test/CAss.cnf | 76 + openssl-1.1.0h/test/CAssdh.cnf | 24 + openssl-1.1.0h/test/CAssdsa.cnf | 23 + openssl-1.1.0h/test/CAssrsa.cnf | 24 + openssl-1.1.0h/test/CAtsa.cnf | 163 + openssl-1.1.0h/test/P1ss.cnf | 37 + openssl-1.1.0h/test/P2ss.cnf | 45 + openssl-1.1.0h/test/README | 109 + openssl-1.1.0h/test/README.ssltest.md | 274 + openssl-1.1.0h/test/Sssdsa.cnf | 27 + openssl-1.1.0h/test/Sssrsa.cnf | 26 + openssl-1.1.0h/test/Uss.cnf | 41 + openssl-1.1.0h/test/aborttest.c | 16 + openssl-1.1.0h/test/afalgtest.c | 133 + openssl-1.1.0h/test/asynciotest.c | 382 + openssl-1.1.0h/test/asynctest.c | 291 + openssl-1.1.0h/test/bad_dtls_test.c | 624 + openssl-1.1.0h/test/bftest.c | 484 + openssl-1.1.0h/test/bio_enc_test.c | 138 + openssl-1.1.0h/test/bioprinttest.c | 225 + openssl-1.1.0h/test/bntest.c | 2094 ++ openssl-1.1.0h/test/build.info | 326 + openssl-1.1.0h/test/casttest.c | 163 + openssl-1.1.0h/test/certs/alt1-cert.pem | 22 + openssl-1.1.0h/test/certs/alt1-key.pem | 28 + openssl-1.1.0h/test/certs/alt2-cert.pem | 20 + openssl-1.1.0h/test/certs/alt2-key.pem | 28 + openssl-1.1.0h/test/certs/alt3-cert.pem | 21 + openssl-1.1.0h/test/certs/alt3-key.pem | 28 + openssl-1.1.0h/test/certs/bad-pc3-cert.pem | 21 + openssl-1.1.0h/test/certs/bad-pc3-key.pem | 28 + openssl-1.1.0h/test/certs/bad-pc4-cert.pem | 21 + openssl-1.1.0h/test/certs/bad-pc4-key.pem | 28 + openssl-1.1.0h/test/certs/bad-pc6-cert.pem | 21 + openssl-1.1.0h/test/certs/bad-pc6-key.pem | 28 + openssl-1.1.0h/test/certs/bad.key | 27 + openssl-1.1.0h/test/certs/bad.pem | 21 + openssl-1.1.0h/test/certs/badalt1-cert.pem | 20 + openssl-1.1.0h/test/certs/badalt1-key.pem | 28 + openssl-1.1.0h/test/certs/badalt10-cert.pem | 21 + openssl-1.1.0h/test/certs/badalt10-key.pem | 28 + openssl-1.1.0h/test/certs/badalt2-cert.pem | 20 + openssl-1.1.0h/test/certs/badalt2-key.pem | 28 + openssl-1.1.0h/test/certs/badalt3-cert.pem | 21 + openssl-1.1.0h/test/certs/badalt3-key.pem | 28 + openssl-1.1.0h/test/certs/badalt4-cert.pem | 21 + openssl-1.1.0h/test/certs/badalt4-key.pem | 28 + openssl-1.1.0h/test/certs/badalt5-cert.pem | 20 + openssl-1.1.0h/test/certs/badalt5-key.pem | 28 + openssl-1.1.0h/test/certs/badalt6-cert.pem | 22 + openssl-1.1.0h/test/certs/badalt6-key.pem | 28 + openssl-1.1.0h/test/certs/badalt7-cert.pem | 23 + openssl-1.1.0h/test/certs/badalt7-key.pem | 28 + openssl-1.1.0h/test/certs/badalt8-cert.pem | 21 + openssl-1.1.0h/test/certs/badalt8-key.pem | 28 + openssl-1.1.0h/test/certs/badalt9-cert.pem | 21 + openssl-1.1.0h/test/certs/badalt9-key.pem | 28 + openssl-1.1.0h/test/certs/ca+anyEKU.pem | 18 + openssl-1.1.0h/test/certs/ca+clientAuth.pem | 18 + openssl-1.1.0h/test/certs/ca+serverAuth.pem | 18 + openssl-1.1.0h/test/certs/ca-anyEKU.pem | 18 + openssl-1.1.0h/test/certs/ca-cert-768.pem | 15 + openssl-1.1.0h/test/certs/ca-cert-768i.pem | 15 + openssl-1.1.0h/test/certs/ca-cert-md5-any.pem | 18 + openssl-1.1.0h/test/certs/ca-cert-md5.pem | 18 + openssl-1.1.0h/test/certs/ca-cert.pem | 18 + openssl-1.1.0h/test/certs/ca-cert2.pem | 18 + openssl-1.1.0h/test/certs/ca-clientAuth.pem | 18 + openssl-1.1.0h/test/certs/ca-expired.pem | 18 + openssl-1.1.0h/test/certs/ca-key-768.pem | 13 + openssl-1.1.0h/test/certs/ca-key.pem | 28 + openssl-1.1.0h/test/certs/ca-key2.pem | 28 + openssl-1.1.0h/test/certs/ca-name2.pem | 18 + openssl-1.1.0h/test/certs/ca-nonbc.pem | 18 + openssl-1.1.0h/test/certs/ca-nonca.pem | 19 + openssl-1.1.0h/test/certs/ca-root2.pem | 18 + openssl-1.1.0h/test/certs/ca-serverAuth.pem | 18 + openssl-1.1.0h/test/certs/cca+anyEKU.pem | 19 + openssl-1.1.0h/test/certs/cca+clientAuth.pem | 19 + openssl-1.1.0h/test/certs/cca+serverAuth.pem | 19 + openssl-1.1.0h/test/certs/cca-anyEKU.pem | 19 + openssl-1.1.0h/test/certs/cca-cert.pem | 19 + openssl-1.1.0h/test/certs/cca-clientAuth.pem | 19 + openssl-1.1.0h/test/certs/cca-serverAuth.pem | 19 + openssl-1.1.0h/test/certs/croot+anyEKU.pem | 19 + openssl-1.1.0h/test/certs/croot+clientAuth.pem | 19 + openssl-1.1.0h/test/certs/croot+serverAuth.pem | 19 + openssl-1.1.0h/test/certs/croot-anyEKU.pem | 19 + openssl-1.1.0h/test/certs/croot-cert.pem | 19 + openssl-1.1.0h/test/certs/croot-clientAuth.pem | 19 + openssl-1.1.0h/test/certs/croot-serverAuth.pem | 19 + openssl-1.1.0h/test/certs/ee+clientAuth.pem | 20 + openssl-1.1.0h/test/certs/ee+serverAuth.pem | 20 + openssl-1.1.0h/test/certs/ee-cert-768.pem | 16 + openssl-1.1.0h/test/certs/ee-cert-768i.pem | 16 + openssl-1.1.0h/test/certs/ee-cert-md5.pem | 19 + openssl-1.1.0h/test/certs/ee-cert.pem | 19 + openssl-1.1.0h/test/certs/ee-cert2.pem | 19 + openssl-1.1.0h/test/certs/ee-client-chain.pem | 37 + openssl-1.1.0h/test/certs/ee-client.pem | 19 + openssl-1.1.0h/test/certs/ee-clientAuth.pem | 20 + openssl-1.1.0h/test/certs/ee-expired.pem | 19 + openssl-1.1.0h/test/certs/ee-key-768.pem | 13 + openssl-1.1.0h/test/certs/ee-key.pem | 28 + openssl-1.1.0h/test/certs/ee-name2.pem | 19 + openssl-1.1.0h/test/certs/ee-serverAuth.pem | 20 + openssl-1.1.0h/test/certs/embeddedSCTs1-key.pem | 15 + openssl-1.1.0h/test/certs/embeddedSCTs1.pem | 20 + openssl-1.1.0h/test/certs/embeddedSCTs1.sct | 12 + openssl-1.1.0h/test/certs/embeddedSCTs1_issuer.pem | 18 + openssl-1.1.0h/test/certs/embeddedSCTs3.pem | 44 + openssl-1.1.0h/test/certs/embeddedSCTs3.sct | 36 + openssl-1.1.0h/test/certs/embeddedSCTs3_issuer.pem | 35 + openssl-1.1.0h/test/certs/interCA.key | 27 + openssl-1.1.0h/test/certs/interCA.pem | 21 + openssl-1.1.0h/test/certs/leaf.key | 27 + openssl-1.1.0h/test/certs/leaf.pem | 21 + openssl-1.1.0h/test/certs/many-constraints.pem | 292 + openssl-1.1.0h/test/certs/many-names1.pem | 409 + openssl-1.1.0h/test/certs/many-names2.pem | 251 + openssl-1.1.0h/test/certs/many-names3.pem | 571 + openssl-1.1.0h/test/certs/mkcert.sh | 254 + openssl-1.1.0h/test/certs/nca+anyEKU.pem | 19 + openssl-1.1.0h/test/certs/nca+serverAuth.pem | 19 + openssl-1.1.0h/test/certs/ncca-cert.pem | 21 + openssl-1.1.0h/test/certs/ncca-key.pem | 28 + openssl-1.1.0h/test/certs/ncca1-cert.pem | 20 + openssl-1.1.0h/test/certs/ncca1-key.pem | 28 + openssl-1.1.0h/test/certs/ncca2-cert.pem | 20 + openssl-1.1.0h/test/certs/ncca2-key.pem | 28 + openssl-1.1.0h/test/certs/ncca3-cert.pem | 20 + openssl-1.1.0h/test/certs/ncca3-key.pem | 28 + openssl-1.1.0h/test/certs/nroot+anyEKU.pem | 19 + openssl-1.1.0h/test/certs/nroot+serverAuth.pem | 19 + openssl-1.1.0h/test/certs/pathlen.pem | 22 + openssl-1.1.0h/test/certs/pc1-cert.pem | 20 + openssl-1.1.0h/test/certs/pc1-key.pem | 28 + openssl-1.1.0h/test/certs/pc2-cert.pem | 21 + openssl-1.1.0h/test/certs/pc2-key.pem | 28 + openssl-1.1.0h/test/certs/pc5-cert.pem | 21 + openssl-1.1.0h/test/certs/pc5-key.pem | 28 + openssl-1.1.0h/test/certs/root+anyEKU.pem | 18 + openssl-1.1.0h/test/certs/root+clientAuth.pem | 19 + openssl-1.1.0h/test/certs/root+serverAuth.pem | 19 + openssl-1.1.0h/test/certs/root-anyEKU.pem | 18 + openssl-1.1.0h/test/certs/root-cert-768.pem | 11 + openssl-1.1.0h/test/certs/root-cert-md5.pem | 18 + openssl-1.1.0h/test/certs/root-cert.pem | 18 + openssl-1.1.0h/test/certs/root-cert2.pem | 18 + openssl-1.1.0h/test/certs/root-clientAuth.pem | 19 + openssl-1.1.0h/test/certs/root-key-768.pem | 13 + openssl-1.1.0h/test/certs/root-key.pem | 28 + openssl-1.1.0h/test/certs/root-key2.pem | 28 + openssl-1.1.0h/test/certs/root-name2.pem | 18 + openssl-1.1.0h/test/certs/root-nonca.pem | 19 + openssl-1.1.0h/test/certs/root-noserver.pem | 19 + openssl-1.1.0h/test/certs/root-serverAuth.pem | 19 + openssl-1.1.0h/test/certs/root2+clientAuth.pem | 19 + openssl-1.1.0h/test/certs/root2+serverAuth.pem | 19 + openssl-1.1.0h/test/certs/root2-serverAuth.pem | 19 + openssl-1.1.0h/test/certs/rootCA.key | 27 + openssl-1.1.0h/test/certs/rootCA.pem | 21 + openssl-1.1.0h/test/certs/rootcert.pem | 18 + openssl-1.1.0h/test/certs/rootkey.pem | 28 + openssl-1.1.0h/test/certs/roots.pem | 42 + openssl-1.1.0h/test/certs/sca+anyEKU.pem | 19 + openssl-1.1.0h/test/certs/sca+clientAuth.pem | 19 + openssl-1.1.0h/test/certs/sca+serverAuth.pem | 19 + openssl-1.1.0h/test/certs/sca-anyEKU.pem | 19 + openssl-1.1.0h/test/certs/sca-cert.pem | 19 + openssl-1.1.0h/test/certs/sca-clientAuth.pem | 19 + openssl-1.1.0h/test/certs/sca-serverAuth.pem | 19 + openssl-1.1.0h/test/certs/server-trusted.pem | 20 + openssl-1.1.0h/test/certs/servercert.pem | 19 + openssl-1.1.0h/test/certs/serverkey.pem | 28 + openssl-1.1.0h/test/certs/setup.sh | 346 + openssl-1.1.0h/test/certs/some-names1.pem | 211 + openssl-1.1.0h/test/certs/some-names2.pem | 133 + openssl-1.1.0h/test/certs/some-names3.pem | 293 + openssl-1.1.0h/test/certs/sroot+anyEKU.pem | 19 + openssl-1.1.0h/test/certs/sroot+clientAuth.pem | 19 + openssl-1.1.0h/test/certs/sroot+serverAuth.pem | 19 + openssl-1.1.0h/test/certs/sroot-anyEKU.pem | 19 + openssl-1.1.0h/test/certs/sroot-cert.pem | 19 + openssl-1.1.0h/test/certs/sroot-clientAuth.pem | 19 + openssl-1.1.0h/test/certs/sroot-serverAuth.pem | 19 + openssl-1.1.0h/test/certs/subinterCA-ss.pem | 21 + openssl-1.1.0h/test/certs/subinterCA.key | 27 + openssl-1.1.0h/test/certs/subinterCA.pem | 21 + openssl-1.1.0h/test/certs/untrusted.pem | 42 + openssl-1.1.0h/test/certs/wrongcert.pem | 19 + openssl-1.1.0h/test/certs/wrongkey.pem | 28 + openssl-1.1.0h/test/cipherlist_test.c | 199 + openssl-1.1.0h/test/clienthellotest.c | 147 + openssl-1.1.0h/test/cms-examples.pl | 365 + openssl-1.1.0h/test/constant_time_test.c | 268 + openssl-1.1.0h/test/crltest.c | 378 + openssl-1.1.0h/test/ct/log_list.conf | 38 + openssl-1.1.0h/test/ct/tls1.sct | 12 + openssl-1.1.0h/test/ct_test.c | 607 + openssl-1.1.0h/test/d2i-tests/bad-cms.der | Bin 0 -> 24 bytes openssl-1.1.0h/test/d2i-tests/bad-int-pad0.der | Bin 0 -> 4 bytes .../test/d2i-tests/bad-int-padminus1.der | Bin 0 -> 4 bytes openssl-1.1.0h/test/d2i-tests/bad_bio.der | Bin 0 -> 7 bytes openssl-1.1.0h/test/d2i-tests/bad_cert.der | Bin 0 -> 1007 bytes openssl-1.1.0h/test/d2i-tests/bad_generalname.der | Bin 0 -> 60 bytes openssl-1.1.0h/test/d2i-tests/high_tag.der | Bin 0 -> 6 bytes openssl-1.1.0h/test/d2i-tests/int0.der | Bin 0 -> 3 bytes openssl-1.1.0h/test/d2i-tests/int1.der | Bin 0 -> 3 bytes openssl-1.1.0h/test/d2i-tests/intminus1.der | Bin 0 -> 3 bytes openssl-1.1.0h/test/d2i_test.c | 222 + openssl-1.1.0h/test/danetest.c | 504 + openssl-1.1.0h/test/danetest.in | 1878 ++ openssl-1.1.0h/test/danetest.pem | 14 + openssl-1.1.0h/test/destest.c | 804 + openssl-1.1.0h/test/dhtest.c | 626 + openssl-1.1.0h/test/dsatest.c | 196 + openssl-1.1.0h/test/dtlstest.c | 143 + openssl-1.1.0h/test/dtlsv1listentest.c | 426 + openssl-1.1.0h/test/ecdsatest.c | 519 + openssl-1.1.0h/test/ectest.c | 1776 ++ openssl-1.1.0h/test/enginetest.c | 408 + openssl-1.1.0h/test/evp_extra_test.c | 409 + openssl-1.1.0h/test/evp_test.c | 2172 +++ openssl-1.1.0h/test/evptests.txt | 19244 +++++++++++++++++++ openssl-1.1.0h/test/exdatatest.c | 234 + openssl-1.1.0h/test/exptest.c | 270 + openssl-1.1.0h/test/fatalerrtest.c | 125 + openssl-1.1.0h/test/generate_buildtest.pl | 34 + openssl-1.1.0h/test/generate_ssl_tests.pl | 141 + openssl-1.1.0h/test/gmdifftest.c | 81 + openssl-1.1.0h/test/handshake_helper.c | 1106 ++ openssl-1.1.0h/test/handshake_helper.h | 59 + openssl-1.1.0h/test/heartbeat_test.c | 378 + openssl-1.1.0h/test/hmactest.c | 312 + openssl-1.1.0h/test/ideatest.c | 178 + openssl-1.1.0h/test/igetest.c | 441 + openssl-1.1.0h/test/md2test.c | 92 + openssl-1.1.0h/test/md4test.c | 87 + openssl-1.1.0h/test/md5test.c | 88 + openssl-1.1.0h/test/mdc2test.c | 99 + openssl-1.1.0h/test/memleaktest.c | 46 + openssl-1.1.0h/test/methtest.c | 57 + openssl-1.1.0h/test/ocsp-tests/D1.ors | 32 + openssl-1.1.0h/test/ocsp-tests/D1_Cert_EE.pem | 38 + openssl-1.1.0h/test/ocsp-tests/D1_Issuer_ICA.pem | 27 + openssl-1.1.0h/test/ocsp-tests/D2.ors | 32 + openssl-1.1.0h/test/ocsp-tests/D2_Cert_ICA.pem | 26 + openssl-1.1.0h/test/ocsp-tests/D2_Issuer_Root.pem | 21 + openssl-1.1.0h/test/ocsp-tests/D3.ors | 38 + openssl-1.1.0h/test/ocsp-tests/D3_Cert_EE.pem | 31 + openssl-1.1.0h/test/ocsp-tests/D3_Issuer_Root.pem | 83 + openssl-1.1.0h/test/ocsp-tests/ISDOSC_D1.ors | 32 + openssl-1.1.0h/test/ocsp-tests/ISDOSC_D2.ors | 32 + openssl-1.1.0h/test/ocsp-tests/ISDOSC_D3.ors | 38 + .../test/ocsp-tests/ISIC_D1_Issuer_ICA.pem | 27 + .../test/ocsp-tests/ISIC_D2_Issuer_Root.pem | 21 + .../test/ocsp-tests/ISIC_D3_Issuer_Root.pem | 41 + .../test/ocsp-tests/ISIC_ND1_Issuer_ICA.pem | 29 + .../test/ocsp-tests/ISIC_ND2_Issuer_Root.pem | 23 + .../test/ocsp-tests/ISIC_ND3_Issuer_Root.pem | 25 + openssl-1.1.0h/test/ocsp-tests/ISOP_D1.ors | 32 + openssl-1.1.0h/test/ocsp-tests/ISOP_D2.ors | 32 + openssl-1.1.0h/test/ocsp-tests/ISOP_D3.ors | 38 + openssl-1.1.0h/test/ocsp-tests/ISOP_ND1.ors | 10 + openssl-1.1.0h/test/ocsp-tests/ISOP_ND2.ors | 10 + openssl-1.1.0h/test/ocsp-tests/ISOP_ND3.ors | 10 + openssl-1.1.0h/test/ocsp-tests/ND1.ors | 10 + openssl-1.1.0h/test/ocsp-tests/ND1_Cert_EE.pem | 36 + openssl-1.1.0h/test/ocsp-tests/ND1_Cross_Root.pem | 25 + .../test/ocsp-tests/ND1_Issuer_ICA-Cross.pem | 58 + openssl-1.1.0h/test/ocsp-tests/ND1_Issuer_ICA.pem | 29 + openssl-1.1.0h/test/ocsp-tests/ND2.ors | 10 + openssl-1.1.0h/test/ocsp-tests/ND2_Cert_ICA.pem | 29 + openssl-1.1.0h/test/ocsp-tests/ND2_Issuer_Root.pem | 23 + openssl-1.1.0h/test/ocsp-tests/ND3.ors | 10 + openssl-1.1.0h/test/ocsp-tests/ND3_Cert_EE.pem | 34 + openssl-1.1.0h/test/ocsp-tests/ND3_Issuer_Root.pem | 25 + openssl-1.1.0h/test/ocsp-tests/WIKH_D1.ors | 32 + openssl-1.1.0h/test/ocsp-tests/WIKH_D2.ors | 32 + openssl-1.1.0h/test/ocsp-tests/WIKH_D3.ors | 38 + openssl-1.1.0h/test/ocsp-tests/WIKH_ND1.ors | 10 + openssl-1.1.0h/test/ocsp-tests/WIKH_ND2.ors | 10 + openssl-1.1.0h/test/ocsp-tests/WIKH_ND3.ors | 10 + openssl-1.1.0h/test/ocsp-tests/WINH_D1.ors | 32 + openssl-1.1.0h/test/ocsp-tests/WINH_D2.ors | 32 + openssl-1.1.0h/test/ocsp-tests/WINH_D3.ors | 38 + openssl-1.1.0h/test/ocsp-tests/WINH_ND1.ors | 10 + openssl-1.1.0h/test/ocsp-tests/WINH_ND2.ors | 10 + openssl-1.1.0h/test/ocsp-tests/WINH_ND3.ors | 10 + openssl-1.1.0h/test/ocsp-tests/WKDOSC_D1.ors | 32 + openssl-1.1.0h/test/ocsp-tests/WKDOSC_D2.ors | 32 + openssl-1.1.0h/test/ocsp-tests/WKDOSC_D3.ors | 38 + .../test/ocsp-tests/WKIC_D1_Issuer_ICA.pem | 27 + .../test/ocsp-tests/WKIC_D2_Issuer_Root.pem | 21 + .../test/ocsp-tests/WKIC_D3_Issuer_Root.pem | 41 + .../test/ocsp-tests/WKIC_ND1_Issuer_ICA.pem | 29 + .../test/ocsp-tests/WKIC_ND2_Issuer_Root.pem | 23 + .../test/ocsp-tests/WKIC_ND3_Issuer_Root.pem | 25 + openssl-1.1.0h/test/ocsp-tests/WRID_D1.ors | 32 + openssl-1.1.0h/test/ocsp-tests/WRID_D2.ors | 32 + openssl-1.1.0h/test/ocsp-tests/WRID_D3.ors | 38 + openssl-1.1.0h/test/ocsp-tests/WRID_ND1.ors | 10 + openssl-1.1.0h/test/ocsp-tests/WRID_ND2.ors | 10 + openssl-1.1.0h/test/ocsp-tests/WRID_ND3.ors | 10 + .../test/ocsp-tests/WSNIC_D1_Issuer_ICA.pem | 27 + .../test/ocsp-tests/WSNIC_D2_Issuer_Root.pem | 21 + .../test/ocsp-tests/WSNIC_D3_Issuer_Root.pem | 41 + .../test/ocsp-tests/WSNIC_ND1_Issuer_ICA.pem | 29 + .../test/ocsp-tests/WSNIC_ND2_Issuer_Root.pem | 23 + .../test/ocsp-tests/WSNIC_ND3_Issuer_Root.pem | 25 + openssl-1.1.0h/test/ocspapitest.c | 168 + openssl-1.1.0h/test/p5_crpt2_test.c | 159 + openssl-1.1.0h/test/packettest.c | 537 + openssl-1.1.0h/test/pbelutest.c | 47 + openssl-1.1.0h/test/pkcs7-1.pem | 15 + openssl-1.1.0h/test/pkcs7.pem | 54 + openssl-1.1.0h/test/pkits-test.pl | 905 + openssl-1.1.0h/test/r160test.c | 9 + openssl-1.1.0h/test/randtest.c | 145 + openssl-1.1.0h/test/rc2test.c | 99 + openssl-1.1.0h/test/rc4test.c | 175 + openssl-1.1.0h/test/rc5test.c | 276 + openssl-1.1.0h/test/recipes/01-test_abort.t | 16 + openssl-1.1.0h/test/recipes/01-test_sanity.t | 12 + .../test/recipes/01-test_symbol_presence.t | 116 + openssl-1.1.0h/test/recipes/02-test_ordinals.t | 58 + openssl-1.1.0h/test/recipes/03-test_exdata.t | 12 + openssl-1.1.0h/test/recipes/03-test_ui.t | 30 + openssl-1.1.0h/test/recipes/04-test_pem.t | 106 + openssl-1.1.0h/test/recipes/04-test_pem_data/NOTES | 3 + .../test/recipes/04-test_pem_data/beermug.pem | 30 + .../recipes/04-test_pem_data/cert-1023line.pem | 13 + .../recipes/04-test_pem_data/cert-1024line.pem | 13 + .../recipes/04-test_pem_data/cert-1025line.pem | 13 + .../test/recipes/04-test_pem_data/cert-255line.pem | 25 + .../test/recipes/04-test_pem_data/cert-256line.pem | 25 + .../test/recipes/04-test_pem_data/cert-257line.pem | 25 + .../recipes/04-test_pem_data/cert-blankline.pem | 29 + .../test/recipes/04-test_pem_data/cert-comment.pem | 29 + .../recipes/04-test_pem_data/cert-earlypad.pem | 28 + .../recipes/04-test_pem_data/cert-extrapad.pem | 28 + .../04-test_pem_data/cert-infixwhitespace.pem | 28 + .../test/recipes/04-test_pem_data/cert-junk.pem | 29 + .../04-test_pem_data/cert-leadingwhitespace.pem | 28 + .../recipes/04-test_pem_data/cert-longline.pem | 28 + .../04-test_pem_data/cert-misalignedpad.pem | 28 + .../recipes/04-test_pem_data/cert-onecolumn.pem | 1646 ++ .../test/recipes/04-test_pem_data/cert-oneline.pem | 3 + .../04-test_pem_data/cert-shortandlongline.pem | 28 + .../recipes/04-test_pem_data/cert-shortline.pem | 28 + .../recipes/04-test_pem_data/cert-threecolumn.pem | 550 + .../04-test_pem_data/cert-trailingwhitespace.pem | 28 + .../test/recipes/04-test_pem_data/cert.pem | 28 + .../test/recipes/04-test_pem_data/csr.pem | 21 + .../test/recipes/04-test_pem_data/dsa-1023line.pem | 9 + .../test/recipes/04-test_pem_data/dsa-1024line.pem | 8 + .../test/recipes/04-test_pem_data/dsa-1025line.pem | 8 + .../test/recipes/04-test_pem_data/dsa-255line.pem | 21 + .../test/recipes/04-test_pem_data/dsa-256line.pem | 20 + .../test/recipes/04-test_pem_data/dsa-257line.pem | 20 + .../recipes/04-test_pem_data/dsa-blankline.pem | 24 + .../test/recipes/04-test_pem_data/dsa-comment.pem | 24 + .../04-test_pem_data/dsa-corruptedheader.pem | 23 + .../recipes/04-test_pem_data/dsa-corruptiv.pem | 23 + .../test/recipes/04-test_pem_data/dsa-earlypad.pem | 23 + .../test/recipes/04-test_pem_data/dsa-extrapad.pem | 24 + .../04-test_pem_data/dsa-infixwhitespace.pem | 23 + .../test/recipes/04-test_pem_data/dsa-junk.pem | 24 + .../04-test_pem_data/dsa-leadingwhitespace.pem | 23 + .../test/recipes/04-test_pem_data/dsa-longline.pem | 23 + .../recipes/04-test_pem_data/dsa-misalignedpad.pem | 24 + .../recipes/04-test_pem_data/dsa-onecolumn.pem | 1157 ++ .../test/recipes/04-test_pem_data/dsa-oneline.pem | 6 + .../recipes/04-test_pem_data/dsa-onelineheader.pem | 22 + .../04-test_pem_data/dsa-shortandlongline.pem | 23 + .../recipes/04-test_pem_data/dsa-shortline.pem | 24 + .../recipes/04-test_pem_data/dsa-threecolumn.pem | 389 + .../04-test_pem_data/dsa-trailingwhitespace.pem | 23 + .../test/recipes/04-test_pem_data/dsa.pem | 23 + .../test/recipes/04-test_pem_data/dsaparam.pem | 14 + .../test/recipes/04-test_pem_data/key.pem | 28 + .../test/recipes/04-test_pem_data/wellknown | 1 + openssl-1.1.0h/test/recipes/05-test_bf.t | 12 + openssl-1.1.0h/test/recipes/05-test_cast.t | 12 + openssl-1.1.0h/test/recipes/05-test_des.t | 12 + openssl-1.1.0h/test/recipes/05-test_hmac.t | 12 + openssl-1.1.0h/test/recipes/05-test_idea.t | 12 + openssl-1.1.0h/test/recipes/05-test_md2.t | 12 + openssl-1.1.0h/test/recipes/05-test_md4.t | 12 + openssl-1.1.0h/test/recipes/05-test_md5.t | 12 + openssl-1.1.0h/test/recipes/05-test_mdc2.t | 12 + openssl-1.1.0h/test/recipes/05-test_rand.t | 12 + openssl-1.1.0h/test/recipes/05-test_rc2.t | 11 + openssl-1.1.0h/test/recipes/05-test_rc4.t | 11 + openssl-1.1.0h/test/recipes/05-test_rc5.t | 12 + openssl-1.1.0h/test/recipes/05-test_rmd.t | 12 + openssl-1.1.0h/test/recipes/05-test_sha1.t | 12 + openssl-1.1.0h/test/recipes/05-test_sha256.t | 12 + openssl-1.1.0h/test/recipes/05-test_sha512.t | 12 + openssl-1.1.0h/test/recipes/05-test_wp.t | 12 + openssl-1.1.0h/test/recipes/10-test_bn.t | 84 + openssl-1.1.0h/test/recipes/10-test_exp.t | 12 + openssl-1.1.0h/test/recipes/15-test_dh.t | 12 + openssl-1.1.0h/test/recipes/15-test_dsa.t | 40 + openssl-1.1.0h/test/recipes/15-test_ec.t | 38 + openssl-1.1.0h/test/recipes/15-test_ecdsa.t | 12 + openssl-1.1.0h/test/recipes/15-test_genrsa.t | 26 + openssl-1.1.0h/test/recipes/15-test_rsa.t | 47 + openssl-1.1.0h/test/recipes/15-test_rsapss.t | 49 + openssl-1.1.0h/test/recipes/20-test_enc.t | 69 + openssl-1.1.0h/test/recipes/20-test_passwd.t | 39 + openssl-1.1.0h/test/recipes/25-test_crl.t | 43 + openssl-1.1.0h/test/recipes/25-test_d2i.t | 93 + openssl-1.1.0h/test/recipes/25-test_pkcs7.t | 27 + openssl-1.1.0h/test/recipes/25-test_req.t | 76 + openssl-1.1.0h/test/recipes/25-test_sid.t | 24 + openssl-1.1.0h/test/recipes/25-test_verify.t | 380 + openssl-1.1.0h/test/recipes/25-test_x509.t | 34 + openssl-1.1.0h/test/recipes/30-test_afalg.t | 23 + openssl-1.1.0h/test/recipes/30-test_engine.t | 18 + openssl-1.1.0h/test/recipes/30-test_evp.t | 19 + openssl-1.1.0h/test/recipes/30-test_evp_extra.t | 18 + openssl-1.1.0h/test/recipes/30-test_pbelu.t | 12 + openssl-1.1.0h/test/recipes/40-test_rehash.t | 98 + openssl-1.1.0h/test/recipes/60-test_x509_store.t | 53 + openssl-1.1.0h/test/recipes/70-test_asyncio.t | 21 + openssl-1.1.0h/test/recipes/70-test_bad_dtls.t | 20 + openssl-1.1.0h/test/recipes/70-test_clienthello.t | 20 + openssl-1.1.0h/test/recipes/70-test_packet.t | 12 + .../test/recipes/70-test_sslcbcpadding.t | 110 + .../test/recipes/70-test_sslcertstatus.t | 66 + openssl-1.1.0h/test/recipes/70-test_sslextension.t | 112 + openssl-1.1.0h/test/recipes/70-test_sslmessages.t | 147 + openssl-1.1.0h/test/recipes/70-test_sslrecords.t | 381 + .../test/recipes/70-test_sslsessiontick.t | 268 + openssl-1.1.0h/test/recipes/70-test_sslskewith0p.t | 65 + openssl-1.1.0h/test/recipes/70-test_sslvertol.t | 67 + openssl-1.1.0h/test/recipes/70-test_tlsextms.t | 238 + openssl-1.1.0h/test/recipes/70-test_verify_extra.t | 19 + openssl-1.1.0h/test/recipes/80-test_ca.t | 59 + openssl-1.1.0h/test/recipes/80-test_cipherlist.t | 26 + openssl-1.1.0h/test/recipes/80-test_cms.t | 511 + openssl-1.1.0h/test/recipes/80-test_ct.t | 17 + openssl-1.1.0h/test/recipes/80-test_dane.t | 24 + openssl-1.1.0h/test/recipes/80-test_dtls.t | 20 + openssl-1.1.0h/test/recipes/80-test_dtlsv1listen.t | 12 + openssl-1.1.0h/test/recipes/80-test_ocsp.t | 219 + .../test/recipes/80-test_ocsp_data/cert.pem | 19 + .../test/recipes/80-test_ocsp_data/key.pem | 28 + openssl-1.1.0h/test/recipes/80-test_pkcs12.t | 68 + openssl-1.1.0h/test/recipes/80-test_ssl_new.t | 133 + openssl-1.1.0h/test/recipes/80-test_ssl_old.t | 629 + openssl-1.1.0h/test/recipes/80-test_ssl_test_ctx.t | 19 + openssl-1.1.0h/test/recipes/80-test_sslcorrupt.t | 20 + openssl-1.1.0h/test/recipes/80-test_tsa.t | 207 + openssl-1.1.0h/test/recipes/80-test_x509aux.t | 27 + openssl-1.1.0h/test/recipes/90-test_async.t | 12 + openssl-1.1.0h/test/recipes/90-test_bio_enc.t | 12 + openssl-1.1.0h/test/recipes/90-test_bioprint.t | 12 + .../test/recipes/90-test_constant_time.t | 12 + openssl-1.1.0h/test/recipes/90-test_fatalerr.t | 21 + openssl-1.1.0h/test/recipes/90-test_fuzz.t | 40 + openssl-1.1.0h/test/recipes/90-test_gmdiff.t | 12 + openssl-1.1.0h/test/recipes/90-test_heartbeat.t | 12 + openssl-1.1.0h/test/recipes/90-test_ige.t | 12 + openssl-1.1.0h/test/recipes/90-test_memleak.t | 15 + openssl-1.1.0h/test/recipes/90-test_p5_crpt2.t | 12 + openssl-1.1.0h/test/recipes/90-test_secmem.t | 12 + openssl-1.1.0h/test/recipes/90-test_shlibload.t | 38 + openssl-1.1.0h/test/recipes/90-test_srp.t | 12 + openssl-1.1.0h/test/recipes/90-test_sslapi.t | 21 + openssl-1.1.0h/test/recipes/90-test_threads.t | 12 + openssl-1.1.0h/test/recipes/90-test_v3name.t | 12 + openssl-1.1.0h/test/recipes/bc.pl | 113 + openssl-1.1.0h/test/recipes/tconversion.pl | 105 + openssl-1.1.0h/test/rmdtest.c | 92 + openssl-1.1.0h/test/rsa_test.c | 344 + openssl-1.1.0h/test/run_tests.pl | 113 + openssl-1.1.0h/test/sanitytest.c | 67 + openssl-1.1.0h/test/secmemtest.c | 176 + openssl-1.1.0h/test/serverinfo.pem | 16 + openssl-1.1.0h/test/sha1test.c | 111 + openssl-1.1.0h/test/sha256t.c | 177 + openssl-1.1.0h/test/sha512t.c | 199 + openssl-1.1.0h/test/shibboleth.pfx | Bin 0 -> 2519 bytes openssl-1.1.0h/test/shlibloadtest.c | 245 + openssl-1.1.0h/test/smcont.txt | 1 + openssl-1.1.0h/test/smime-certs/ca.cnf | 66 + openssl-1.1.0h/test/smime-certs/mksmime-certs.sh | 85 + openssl-1.1.0h/test/smime-certs/smdh.pem | 33 + openssl-1.1.0h/test/smime-certs/smdsa1.pem | 47 + openssl-1.1.0h/test/smime-certs/smdsa2.pem | 47 + openssl-1.1.0h/test/smime-certs/smdsa3.pem | 47 + openssl-1.1.0h/test/smime-certs/smdsap.pem | 9 + openssl-1.1.0h/test/smime-certs/smec1.pem | 22 + openssl-1.1.0h/test/smime-certs/smec2.pem | 23 + openssl-1.1.0h/test/smime-certs/smec3.pem | 22 + openssl-1.1.0h/test/smime-certs/smroot.pem | 49 + openssl-1.1.0h/test/smime-certs/smrsa1.pem | 49 + openssl-1.1.0h/test/smime-certs/smrsa2.pem | 49 + openssl-1.1.0h/test/smime-certs/smrsa3.pem | 49 + openssl-1.1.0h/test/srptest.c | 312 + openssl-1.1.0h/test/ssl-tests/01-simple.conf | 78 + openssl-1.1.0h/test/ssl-tests/01-simple.conf.in | 42 + .../test/ssl-tests/02-protocol-version.conf | 9975 ++++++++++ .../test/ssl-tests/02-protocol-version.conf.in | 19 + .../test/ssl-tests/03-custom_verify.conf | 238 + .../test/ssl-tests/03-custom_verify.conf.in | 145 + openssl-1.1.0h/test/ssl-tests/04-client_auth.conf | 592 + .../test/ssl-tests/04-client_auth.conf.in | 123 + openssl-1.1.0h/test/ssl-tests/05-sni.conf | 203 + openssl-1.1.0h/test/ssl-tests/05-sni.conf.in | 112 + openssl-1.1.0h/test/ssl-tests/06-sni-ticket.conf | 734 + .../test/ssl-tests/06-sni-ticket.conf.in | 95 + .../test/ssl-tests/07-dtls-protocol-version.conf | 1820 ++ .../ssl-tests/07-dtls-protocol-version.conf.in | 19 + openssl-1.1.0h/test/ssl-tests/08-npn.conf | 794 + openssl-1.1.0h/test/ssl-tests/08-npn.conf.in | 420 + openssl-1.1.0h/test/ssl-tests/09-alpn.conf | 619 + openssl-1.1.0h/test/ssl-tests/09-alpn.conf.in | 324 + openssl-1.1.0h/test/ssl-tests/10-resumption.conf | 1336 ++ .../test/ssl-tests/10-resumption.conf.in | 19 + .../test/ssl-tests/11-dtls_resumption.conf | 612 + .../test/ssl-tests/11-dtls_resumption.conf.in | 19 + openssl-1.1.0h/test/ssl-tests/12-ct.conf | 191 + openssl-1.1.0h/test/ssl-tests/12-ct.conf.in | 119 + .../test/ssl-tests/13-fragmentation.conf | 397 + .../test/ssl-tests/13-fragmentation.conf.in | 181 + openssl-1.1.0h/test/ssl-tests/14-curves.conf | 787 + openssl-1.1.0h/test/ssl-tests/14-curves.conf.in | 44 + openssl-1.1.0h/test/ssl-tests/15-certstatus.conf | 62 + .../test/ssl-tests/15-certstatus.conf.in | 45 + openssl-1.1.0h/test/ssl-tests/16-certstatus.conf | 0 .../test/ssl-tests/16-dtls-certstatus.conf | 62 + .../test/ssl-tests/16-dtls-certstatus.conf.in | 45 + openssl-1.1.0h/test/ssl-tests/17-renegotiate.conf | 428 + .../test/ssl-tests/17-renegotiate.conf.in | 243 + .../test/ssl-tests/18-dtls-renegotiate.conf | 276 + .../test/ssl-tests/18-dtls-renegotiate.conf.in | 174 + .../test/ssl-tests/19-mac-then-encrypt.conf | 156 + .../test/ssl-tests/19-mac-then-encrypt.conf.in | 89 + openssl-1.1.0h/test/ssl-tests/protocol_version.pm | 247 + openssl-1.1.0h/test/ssl-tests/ssltests_base.pm | 30 + openssl-1.1.0h/test/ssl_test.c | 371 + openssl-1.1.0h/test/ssl_test.tmpl | 126 + openssl-1.1.0h/test/ssl_test_ctx.c | 662 + openssl-1.1.0h/test/ssl_test_ctx.h | 191 + openssl-1.1.0h/test/ssl_test_ctx_test.c | 338 + openssl-1.1.0h/test/ssl_test_ctx_test.conf | 88 + openssl-1.1.0h/test/sslapitest.c | 1262 ++ openssl-1.1.0h/test/sslcorrupttest.c | 283 + openssl-1.1.0h/test/ssltest_old.c | 3210 ++++ openssl-1.1.0h/test/ssltestlib.c | 710 + openssl-1.1.0h/test/ssltestlib.h | 41 + openssl-1.1.0h/test/test.cnf | 88 + openssl-1.1.0h/test/testcrl.pem | 16 + openssl-1.1.0h/test/testdsa.pem | 12 + openssl-1.1.0h/test/testdsapub.pem | 12 + openssl-1.1.0h/test/testec-p256.pem | 5 + openssl-1.1.0h/test/testecpub-p256.pem | 4 + openssl-1.1.0h/test/testp7.pem | 46 + openssl-1.1.0h/test/testreq2.pem | 7 + openssl-1.1.0h/test/testrsa.pem | 9 + openssl-1.1.0h/test/testrsapub.pem | 4 + openssl-1.1.0h/test/testsid.pem | 38 + openssl-1.1.0h/test/testutil.c | 109 + openssl-1.1.0h/test/testutil.h | 111 + openssl-1.1.0h/test/testx509.pem | 10 + openssl-1.1.0h/test/threadstest.c | 246 + openssl-1.1.0h/test/v3-cert1.pem | 16 + openssl-1.1.0h/test/v3-cert2.pem | 16 + openssl-1.1.0h/test/v3ext.c | 42 + openssl-1.1.0h/test/v3nametest.c | 355 + openssl-1.1.0h/test/verify_extra_test.c | 162 + openssl-1.1.0h/test/wp_test.c | 233 + openssl-1.1.0h/test/x509aux.c | 231 + 577 files changed, 95792 insertions(+) create mode 100644 openssl-1.1.0h/test/CAss.cnf create mode 100644 openssl-1.1.0h/test/CAssdh.cnf create mode 100644 openssl-1.1.0h/test/CAssdsa.cnf create mode 100644 openssl-1.1.0h/test/CAssrsa.cnf create mode 100644 openssl-1.1.0h/test/CAtsa.cnf create mode 100644 openssl-1.1.0h/test/P1ss.cnf create mode 100644 openssl-1.1.0h/test/P2ss.cnf create mode 100644 openssl-1.1.0h/test/README create mode 100644 openssl-1.1.0h/test/README.ssltest.md create mode 100644 openssl-1.1.0h/test/Sssdsa.cnf create mode 100644 openssl-1.1.0h/test/Sssrsa.cnf create mode 100644 openssl-1.1.0h/test/Uss.cnf create mode 100644 openssl-1.1.0h/test/aborttest.c create mode 100644 openssl-1.1.0h/test/afalgtest.c create mode 100644 openssl-1.1.0h/test/asynciotest.c create mode 100644 openssl-1.1.0h/test/asynctest.c create mode 100644 openssl-1.1.0h/test/bad_dtls_test.c create mode 100644 openssl-1.1.0h/test/bftest.c create mode 100644 openssl-1.1.0h/test/bio_enc_test.c create mode 100644 openssl-1.1.0h/test/bioprinttest.c create mode 100644 openssl-1.1.0h/test/bntest.c create mode 100644 openssl-1.1.0h/test/build.info create mode 100644 openssl-1.1.0h/test/casttest.c create mode 100644 openssl-1.1.0h/test/certs/alt1-cert.pem create mode 100644 openssl-1.1.0h/test/certs/alt1-key.pem create mode 100644 openssl-1.1.0h/test/certs/alt2-cert.pem create mode 100644 openssl-1.1.0h/test/certs/alt2-key.pem create mode 100644 openssl-1.1.0h/test/certs/alt3-cert.pem create mode 100644 openssl-1.1.0h/test/certs/alt3-key.pem create mode 100644 openssl-1.1.0h/test/certs/bad-pc3-cert.pem create mode 100644 openssl-1.1.0h/test/certs/bad-pc3-key.pem create mode 100644 openssl-1.1.0h/test/certs/bad-pc4-cert.pem create mode 100644 openssl-1.1.0h/test/certs/bad-pc4-key.pem create mode 100644 openssl-1.1.0h/test/certs/bad-pc6-cert.pem create mode 100644 openssl-1.1.0h/test/certs/bad-pc6-key.pem create mode 100644 openssl-1.1.0h/test/certs/bad.key create mode 100644 openssl-1.1.0h/test/certs/bad.pem create mode 100644 openssl-1.1.0h/test/certs/badalt1-cert.pem create mode 100644 openssl-1.1.0h/test/certs/badalt1-key.pem create mode 100644 openssl-1.1.0h/test/certs/badalt10-cert.pem create mode 100644 openssl-1.1.0h/test/certs/badalt10-key.pem create mode 100644 openssl-1.1.0h/test/certs/badalt2-cert.pem create mode 100644 openssl-1.1.0h/test/certs/badalt2-key.pem create mode 100644 openssl-1.1.0h/test/certs/badalt3-cert.pem create mode 100644 openssl-1.1.0h/test/certs/badalt3-key.pem create mode 100644 openssl-1.1.0h/test/certs/badalt4-cert.pem create mode 100644 openssl-1.1.0h/test/certs/badalt4-key.pem create mode 100644 openssl-1.1.0h/test/certs/badalt5-cert.pem create mode 100644 openssl-1.1.0h/test/certs/badalt5-key.pem create mode 100644 openssl-1.1.0h/test/certs/badalt6-cert.pem create mode 100644 openssl-1.1.0h/test/certs/badalt6-key.pem create mode 100644 openssl-1.1.0h/test/certs/badalt7-cert.pem create mode 100644 openssl-1.1.0h/test/certs/badalt7-key.pem create mode 100644 openssl-1.1.0h/test/certs/badalt8-cert.pem create mode 100644 openssl-1.1.0h/test/certs/badalt8-key.pem create mode 100644 openssl-1.1.0h/test/certs/badalt9-cert.pem create mode 100644 openssl-1.1.0h/test/certs/badalt9-key.pem create mode 100644 openssl-1.1.0h/test/certs/ca+anyEKU.pem create mode 100644 openssl-1.1.0h/test/certs/ca+clientAuth.pem create mode 100644 openssl-1.1.0h/test/certs/ca+serverAuth.pem create mode 100644 openssl-1.1.0h/test/certs/ca-anyEKU.pem create mode 100644 openssl-1.1.0h/test/certs/ca-cert-768.pem create mode 100644 openssl-1.1.0h/test/certs/ca-cert-768i.pem create mode 100644 openssl-1.1.0h/test/certs/ca-cert-md5-any.pem create mode 100644 openssl-1.1.0h/test/certs/ca-cert-md5.pem create mode 100644 openssl-1.1.0h/test/certs/ca-cert.pem create mode 100644 openssl-1.1.0h/test/certs/ca-cert2.pem create mode 100644 openssl-1.1.0h/test/certs/ca-clientAuth.pem create mode 100644 openssl-1.1.0h/test/certs/ca-expired.pem create mode 100644 openssl-1.1.0h/test/certs/ca-key-768.pem create mode 100644 openssl-1.1.0h/test/certs/ca-key.pem create mode 100644 openssl-1.1.0h/test/certs/ca-key2.pem create mode 100644 openssl-1.1.0h/test/certs/ca-name2.pem create mode 100644 openssl-1.1.0h/test/certs/ca-nonbc.pem create mode 100644 openssl-1.1.0h/test/certs/ca-nonca.pem create mode 100644 openssl-1.1.0h/test/certs/ca-root2.pem create mode 100644 openssl-1.1.0h/test/certs/ca-serverAuth.pem create mode 100644 openssl-1.1.0h/test/certs/cca+anyEKU.pem create mode 100644 openssl-1.1.0h/test/certs/cca+clientAuth.pem create mode 100644 openssl-1.1.0h/test/certs/cca+serverAuth.pem create mode 100644 openssl-1.1.0h/test/certs/cca-anyEKU.pem create mode 100644 openssl-1.1.0h/test/certs/cca-cert.pem create mode 100644 openssl-1.1.0h/test/certs/cca-clientAuth.pem create mode 100644 openssl-1.1.0h/test/certs/cca-serverAuth.pem create mode 100644 openssl-1.1.0h/test/certs/croot+anyEKU.pem create mode 100644 openssl-1.1.0h/test/certs/croot+clientAuth.pem create mode 100644 openssl-1.1.0h/test/certs/croot+serverAuth.pem create mode 100644 openssl-1.1.0h/test/certs/croot-anyEKU.pem create mode 100644 openssl-1.1.0h/test/certs/croot-cert.pem create mode 100644 openssl-1.1.0h/test/certs/croot-clientAuth.pem create mode 100644 openssl-1.1.0h/test/certs/croot-serverAuth.pem create mode 100644 openssl-1.1.0h/test/certs/ee+clientAuth.pem create mode 100644 openssl-1.1.0h/test/certs/ee+serverAuth.pem create mode 100644 openssl-1.1.0h/test/certs/ee-cert-768.pem create mode 100644 openssl-1.1.0h/test/certs/ee-cert-768i.pem create mode 100644 openssl-1.1.0h/test/certs/ee-cert-md5.pem create mode 100644 openssl-1.1.0h/test/certs/ee-cert.pem create mode 100644 openssl-1.1.0h/test/certs/ee-cert2.pem create mode 100644 openssl-1.1.0h/test/certs/ee-client-chain.pem create mode 100644 openssl-1.1.0h/test/certs/ee-client.pem create mode 100644 openssl-1.1.0h/test/certs/ee-clientAuth.pem create mode 100644 openssl-1.1.0h/test/certs/ee-expired.pem create mode 100644 openssl-1.1.0h/test/certs/ee-key-768.pem create mode 100644 openssl-1.1.0h/test/certs/ee-key.pem create mode 100644 openssl-1.1.0h/test/certs/ee-name2.pem create mode 100644 openssl-1.1.0h/test/certs/ee-serverAuth.pem create mode 100644 openssl-1.1.0h/test/certs/embeddedSCTs1-key.pem create mode 100644 openssl-1.1.0h/test/certs/embeddedSCTs1.pem create mode 100644 openssl-1.1.0h/test/certs/embeddedSCTs1.sct create mode 100644 openssl-1.1.0h/test/certs/embeddedSCTs1_issuer.pem create mode 100644 openssl-1.1.0h/test/certs/embeddedSCTs3.pem create mode 100644 openssl-1.1.0h/test/certs/embeddedSCTs3.sct create mode 100644 openssl-1.1.0h/test/certs/embeddedSCTs3_issuer.pem create mode 100644 openssl-1.1.0h/test/certs/interCA.key create mode 100644 openssl-1.1.0h/test/certs/interCA.pem create mode 100644 openssl-1.1.0h/test/certs/leaf.key create mode 100644 openssl-1.1.0h/test/certs/leaf.pem create mode 100644 openssl-1.1.0h/test/certs/many-constraints.pem create mode 100644 openssl-1.1.0h/test/certs/many-names1.pem create mode 100644 openssl-1.1.0h/test/certs/many-names2.pem create mode 100644 openssl-1.1.0h/test/certs/many-names3.pem create mode 100755 openssl-1.1.0h/test/certs/mkcert.sh create mode 100644 openssl-1.1.0h/test/certs/nca+anyEKU.pem create mode 100644 openssl-1.1.0h/test/certs/nca+serverAuth.pem create mode 100644 openssl-1.1.0h/test/certs/ncca-cert.pem create mode 100644 openssl-1.1.0h/test/certs/ncca-key.pem create mode 100644 openssl-1.1.0h/test/certs/ncca1-cert.pem create mode 100644 openssl-1.1.0h/test/certs/ncca1-key.pem create mode 100644 openssl-1.1.0h/test/certs/ncca2-cert.pem create mode 100644 openssl-1.1.0h/test/certs/ncca2-key.pem create mode 100644 openssl-1.1.0h/test/certs/ncca3-cert.pem create mode 100644 openssl-1.1.0h/test/certs/ncca3-key.pem create mode 100644 openssl-1.1.0h/test/certs/nroot+anyEKU.pem create mode 100644 openssl-1.1.0h/test/certs/nroot+serverAuth.pem create mode 100644 openssl-1.1.0h/test/certs/pathlen.pem create mode 100644 openssl-1.1.0h/test/certs/pc1-cert.pem create mode 100644 openssl-1.1.0h/test/certs/pc1-key.pem create mode 100644 openssl-1.1.0h/test/certs/pc2-cert.pem create mode 100644 openssl-1.1.0h/test/certs/pc2-key.pem create mode 100644 openssl-1.1.0h/test/certs/pc5-cert.pem create mode 100644 openssl-1.1.0h/test/certs/pc5-key.pem create mode 100644 openssl-1.1.0h/test/certs/root+anyEKU.pem create mode 100644 openssl-1.1.0h/test/certs/root+clientAuth.pem create mode 100644 openssl-1.1.0h/test/certs/root+serverAuth.pem create mode 100644 openssl-1.1.0h/test/certs/root-anyEKU.pem create mode 100644 openssl-1.1.0h/test/certs/root-cert-768.pem create mode 100644 openssl-1.1.0h/test/certs/root-cert-md5.pem create mode 100644 openssl-1.1.0h/test/certs/root-cert.pem create mode 100644 openssl-1.1.0h/test/certs/root-cert2.pem create mode 100644 openssl-1.1.0h/test/certs/root-clientAuth.pem create mode 100644 openssl-1.1.0h/test/certs/root-key-768.pem create mode 100644 openssl-1.1.0h/test/certs/root-key.pem create mode 100644 openssl-1.1.0h/test/certs/root-key2.pem create mode 100644 openssl-1.1.0h/test/certs/root-name2.pem create mode 100644 openssl-1.1.0h/test/certs/root-nonca.pem create mode 100644 openssl-1.1.0h/test/certs/root-noserver.pem create mode 100644 openssl-1.1.0h/test/certs/root-serverAuth.pem create mode 100644 openssl-1.1.0h/test/certs/root2+clientAuth.pem create mode 100644 openssl-1.1.0h/test/certs/root2+serverAuth.pem create mode 100644 openssl-1.1.0h/test/certs/root2-serverAuth.pem create mode 100644 openssl-1.1.0h/test/certs/rootCA.key create mode 100644 openssl-1.1.0h/test/certs/rootCA.pem create mode 100644 openssl-1.1.0h/test/certs/rootcert.pem create mode 100644 openssl-1.1.0h/test/certs/rootkey.pem create mode 100644 openssl-1.1.0h/test/certs/roots.pem create mode 100644 openssl-1.1.0h/test/certs/sca+anyEKU.pem create mode 100644 openssl-1.1.0h/test/certs/sca+clientAuth.pem create mode 100644 openssl-1.1.0h/test/certs/sca+serverAuth.pem create mode 100644 openssl-1.1.0h/test/certs/sca-anyEKU.pem create mode 100644 openssl-1.1.0h/test/certs/sca-cert.pem create mode 100644 openssl-1.1.0h/test/certs/sca-clientAuth.pem create mode 100644 openssl-1.1.0h/test/certs/sca-serverAuth.pem create mode 100644 openssl-1.1.0h/test/certs/server-trusted.pem create mode 100644 openssl-1.1.0h/test/certs/servercert.pem create mode 100644 openssl-1.1.0h/test/certs/serverkey.pem create mode 100755 openssl-1.1.0h/test/certs/setup.sh create mode 100644 openssl-1.1.0h/test/certs/some-names1.pem create mode 100644 openssl-1.1.0h/test/certs/some-names2.pem create mode 100644 openssl-1.1.0h/test/certs/some-names3.pem create mode 100644 openssl-1.1.0h/test/certs/sroot+anyEKU.pem create mode 100644 openssl-1.1.0h/test/certs/sroot+clientAuth.pem create mode 100644 openssl-1.1.0h/test/certs/sroot+serverAuth.pem create mode 100644 openssl-1.1.0h/test/certs/sroot-anyEKU.pem create mode 100644 openssl-1.1.0h/test/certs/sroot-cert.pem create mode 100644 openssl-1.1.0h/test/certs/sroot-clientAuth.pem create mode 100644 openssl-1.1.0h/test/certs/sroot-serverAuth.pem create mode 100644 openssl-1.1.0h/test/certs/subinterCA-ss.pem create mode 100644 openssl-1.1.0h/test/certs/subinterCA.key create mode 100644 openssl-1.1.0h/test/certs/subinterCA.pem create mode 100644 openssl-1.1.0h/test/certs/untrusted.pem create mode 100644 openssl-1.1.0h/test/certs/wrongcert.pem create mode 100644 openssl-1.1.0h/test/certs/wrongkey.pem create mode 100644 openssl-1.1.0h/test/cipherlist_test.c create mode 100644 openssl-1.1.0h/test/clienthellotest.c create mode 100644 openssl-1.1.0h/test/cms-examples.pl create mode 100644 openssl-1.1.0h/test/constant_time_test.c create mode 100644 openssl-1.1.0h/test/crltest.c create mode 100644 openssl-1.1.0h/test/ct/log_list.conf create mode 100644 openssl-1.1.0h/test/ct/tls1.sct create mode 100644 openssl-1.1.0h/test/ct_test.c create mode 100644 openssl-1.1.0h/test/d2i-tests/bad-cms.der create mode 100644 openssl-1.1.0h/test/d2i-tests/bad-int-pad0.der create mode 100644 openssl-1.1.0h/test/d2i-tests/bad-int-padminus1.der create mode 100644 openssl-1.1.0h/test/d2i-tests/bad_bio.der create mode 100644 openssl-1.1.0h/test/d2i-tests/bad_cert.der create mode 100644 openssl-1.1.0h/test/d2i-tests/bad_generalname.der create mode 100644 openssl-1.1.0h/test/d2i-tests/high_tag.der create mode 100644 openssl-1.1.0h/test/d2i-tests/int0.der create mode 100644 openssl-1.1.0h/test/d2i-tests/int1.der create mode 100644 openssl-1.1.0h/test/d2i-tests/intminus1.der create mode 100644 openssl-1.1.0h/test/d2i_test.c create mode 100644 openssl-1.1.0h/test/danetest.c create mode 100644 openssl-1.1.0h/test/danetest.in create mode 100644 openssl-1.1.0h/test/danetest.pem create mode 100644 openssl-1.1.0h/test/destest.c create mode 100644 openssl-1.1.0h/test/dhtest.c create mode 100644 openssl-1.1.0h/test/dsatest.c create mode 100644 openssl-1.1.0h/test/dtlstest.c create mode 100644 openssl-1.1.0h/test/dtlsv1listentest.c create mode 100644 openssl-1.1.0h/test/ecdsatest.c create mode 100644 openssl-1.1.0h/test/ectest.c create mode 100644 openssl-1.1.0h/test/enginetest.c create mode 100644 openssl-1.1.0h/test/evp_extra_test.c create mode 100644 openssl-1.1.0h/test/evp_test.c create mode 100644 openssl-1.1.0h/test/evptests.txt create mode 100644 openssl-1.1.0h/test/exdatatest.c create mode 100644 openssl-1.1.0h/test/exptest.c create mode 100644 openssl-1.1.0h/test/fatalerrtest.c create mode 100644 openssl-1.1.0h/test/generate_buildtest.pl create mode 100644 openssl-1.1.0h/test/generate_ssl_tests.pl create mode 100644 openssl-1.1.0h/test/gmdifftest.c create mode 100644 openssl-1.1.0h/test/handshake_helper.c create mode 100644 openssl-1.1.0h/test/handshake_helper.h create mode 100644 openssl-1.1.0h/test/heartbeat_test.c create mode 100644 openssl-1.1.0h/test/hmactest.c create mode 100644 openssl-1.1.0h/test/ideatest.c create mode 100644 openssl-1.1.0h/test/igetest.c create mode 100644 openssl-1.1.0h/test/md2test.c create mode 100644 openssl-1.1.0h/test/md4test.c create mode 100644 openssl-1.1.0h/test/md5test.c create mode 100644 openssl-1.1.0h/test/mdc2test.c create mode 100644 openssl-1.1.0h/test/memleaktest.c create mode 100644 openssl-1.1.0h/test/methtest.c create mode 100644 openssl-1.1.0h/test/ocsp-tests/D1.ors create mode 100644 openssl-1.1.0h/test/ocsp-tests/D1_Cert_EE.pem create mode 100644 openssl-1.1.0h/test/ocsp-tests/D1_Issuer_ICA.pem create mode 100644 openssl-1.1.0h/test/ocsp-tests/D2.ors create mode 100644 openssl-1.1.0h/test/ocsp-tests/D2_Cert_ICA.pem create mode 100644 openssl-1.1.0h/test/ocsp-tests/D2_Issuer_Root.pem create mode 100644 openssl-1.1.0h/test/ocsp-tests/D3.ors create mode 100644 openssl-1.1.0h/test/ocsp-tests/D3_Cert_EE.pem create mode 100644 openssl-1.1.0h/test/ocsp-tests/D3_Issuer_Root.pem create mode 100644 openssl-1.1.0h/test/ocsp-tests/ISDOSC_D1.ors create mode 100644 openssl-1.1.0h/test/ocsp-tests/ISDOSC_D2.ors create mode 100644 openssl-1.1.0h/test/ocsp-tests/ISDOSC_D3.ors create mode 100644 openssl-1.1.0h/test/ocsp-tests/ISIC_D1_Issuer_ICA.pem create mode 100644 openssl-1.1.0h/test/ocsp-tests/ISIC_D2_Issuer_Root.pem create mode 100644 openssl-1.1.0h/test/ocsp-tests/ISIC_D3_Issuer_Root.pem create mode 100644 openssl-1.1.0h/test/ocsp-tests/ISIC_ND1_Issuer_ICA.pem create mode 100644 openssl-1.1.0h/test/ocsp-tests/ISIC_ND2_Issuer_Root.pem create mode 100644 openssl-1.1.0h/test/ocsp-tests/ISIC_ND3_Issuer_Root.pem create mode 100644 openssl-1.1.0h/test/ocsp-tests/ISOP_D1.ors create mode 100644 openssl-1.1.0h/test/ocsp-tests/ISOP_D2.ors create mode 100644 openssl-1.1.0h/test/ocsp-tests/ISOP_D3.ors create mode 100644 openssl-1.1.0h/test/ocsp-tests/ISOP_ND1.ors create mode 100644 openssl-1.1.0h/test/ocsp-tests/ISOP_ND2.ors create mode 100644 openssl-1.1.0h/test/ocsp-tests/ISOP_ND3.ors create mode 100644 openssl-1.1.0h/test/ocsp-tests/ND1.ors create mode 100644 openssl-1.1.0h/test/ocsp-tests/ND1_Cert_EE.pem create mode 100644 openssl-1.1.0h/test/ocsp-tests/ND1_Cross_Root.pem create mode 100644 openssl-1.1.0h/test/ocsp-tests/ND1_Issuer_ICA-Cross.pem create mode 100644 openssl-1.1.0h/test/ocsp-tests/ND1_Issuer_ICA.pem create mode 100644 openssl-1.1.0h/test/ocsp-tests/ND2.ors create mode 100644 openssl-1.1.0h/test/ocsp-tests/ND2_Cert_ICA.pem create mode 100644 openssl-1.1.0h/test/ocsp-tests/ND2_Issuer_Root.pem create mode 100644 openssl-1.1.0h/test/ocsp-tests/ND3.ors create mode 100644 openssl-1.1.0h/test/ocsp-tests/ND3_Cert_EE.pem create mode 100644 openssl-1.1.0h/test/ocsp-tests/ND3_Issuer_Root.pem create mode 100644 openssl-1.1.0h/test/ocsp-tests/WIKH_D1.ors create mode 100644 openssl-1.1.0h/test/ocsp-tests/WIKH_D2.ors create mode 100644 openssl-1.1.0h/test/ocsp-tests/WIKH_D3.ors create mode 100644 openssl-1.1.0h/test/ocsp-tests/WIKH_ND1.ors create mode 100644 openssl-1.1.0h/test/ocsp-tests/WIKH_ND2.ors create mode 100644 openssl-1.1.0h/test/ocsp-tests/WIKH_ND3.ors create mode 100644 openssl-1.1.0h/test/ocsp-tests/WINH_D1.ors create mode 100644 openssl-1.1.0h/test/ocsp-tests/WINH_D2.ors create mode 100644 openssl-1.1.0h/test/ocsp-tests/WINH_D3.ors create mode 100644 openssl-1.1.0h/test/ocsp-tests/WINH_ND1.ors create mode 100644 openssl-1.1.0h/test/ocsp-tests/WINH_ND2.ors create mode 100644 openssl-1.1.0h/test/ocsp-tests/WINH_ND3.ors create mode 100644 openssl-1.1.0h/test/ocsp-tests/WKDOSC_D1.ors create mode 100644 openssl-1.1.0h/test/ocsp-tests/WKDOSC_D2.ors create mode 100644 openssl-1.1.0h/test/ocsp-tests/WKDOSC_D3.ors create mode 100644 openssl-1.1.0h/test/ocsp-tests/WKIC_D1_Issuer_ICA.pem create mode 100644 openssl-1.1.0h/test/ocsp-tests/WKIC_D2_Issuer_Root.pem create mode 100644 openssl-1.1.0h/test/ocsp-tests/WKIC_D3_Issuer_Root.pem create mode 100644 openssl-1.1.0h/test/ocsp-tests/WKIC_ND1_Issuer_ICA.pem create mode 100644 openssl-1.1.0h/test/ocsp-tests/WKIC_ND2_Issuer_Root.pem create mode 100644 openssl-1.1.0h/test/ocsp-tests/WKIC_ND3_Issuer_Root.pem create mode 100644 openssl-1.1.0h/test/ocsp-tests/WRID_D1.ors create mode 100644 openssl-1.1.0h/test/ocsp-tests/WRID_D2.ors create mode 100644 openssl-1.1.0h/test/ocsp-tests/WRID_D3.ors create mode 100644 openssl-1.1.0h/test/ocsp-tests/WRID_ND1.ors create mode 100644 openssl-1.1.0h/test/ocsp-tests/WRID_ND2.ors create mode 100644 openssl-1.1.0h/test/ocsp-tests/WRID_ND3.ors create mode 100644 openssl-1.1.0h/test/ocsp-tests/WSNIC_D1_Issuer_ICA.pem create mode 100644 openssl-1.1.0h/test/ocsp-tests/WSNIC_D2_Issuer_Root.pem create mode 100644 openssl-1.1.0h/test/ocsp-tests/WSNIC_D3_Issuer_Root.pem create mode 100644 openssl-1.1.0h/test/ocsp-tests/WSNIC_ND1_Issuer_ICA.pem create mode 100644 openssl-1.1.0h/test/ocsp-tests/WSNIC_ND2_Issuer_Root.pem create mode 100644 openssl-1.1.0h/test/ocsp-tests/WSNIC_ND3_Issuer_Root.pem create mode 100644 openssl-1.1.0h/test/ocspapitest.c create mode 100644 openssl-1.1.0h/test/p5_crpt2_test.c create mode 100644 openssl-1.1.0h/test/packettest.c create mode 100644 openssl-1.1.0h/test/pbelutest.c create mode 100644 openssl-1.1.0h/test/pkcs7-1.pem create mode 100644 openssl-1.1.0h/test/pkcs7.pem create mode 100644 openssl-1.1.0h/test/pkits-test.pl create mode 100644 openssl-1.1.0h/test/r160test.c create mode 100644 openssl-1.1.0h/test/randtest.c create mode 100644 openssl-1.1.0h/test/rc2test.c create mode 100644 openssl-1.1.0h/test/rc4test.c create mode 100644 openssl-1.1.0h/test/rc5test.c create mode 100644 openssl-1.1.0h/test/recipes/01-test_abort.t create mode 100644 openssl-1.1.0h/test/recipes/01-test_sanity.t create mode 100644 openssl-1.1.0h/test/recipes/01-test_symbol_presence.t create mode 100644 openssl-1.1.0h/test/recipes/02-test_ordinals.t create mode 100644 openssl-1.1.0h/test/recipes/03-test_exdata.t create mode 100644 openssl-1.1.0h/test/recipes/03-test_ui.t create mode 100644 openssl-1.1.0h/test/recipes/04-test_pem.t create mode 100644 openssl-1.1.0h/test/recipes/04-test_pem_data/NOTES create mode 100644 openssl-1.1.0h/test/recipes/04-test_pem_data/beermug.pem create mode 100644 openssl-1.1.0h/test/recipes/04-test_pem_data/cert-1023line.pem create mode 100644 openssl-1.1.0h/test/recipes/04-test_pem_data/cert-1024line.pem create mode 100644 openssl-1.1.0h/test/recipes/04-test_pem_data/cert-1025line.pem create mode 100644 openssl-1.1.0h/test/recipes/04-test_pem_data/cert-255line.pem create mode 100644 openssl-1.1.0h/test/recipes/04-test_pem_data/cert-256line.pem create mode 100644 openssl-1.1.0h/test/recipes/04-test_pem_data/cert-257line.pem create mode 100644 openssl-1.1.0h/test/recipes/04-test_pem_data/cert-blankline.pem create mode 100644 openssl-1.1.0h/test/recipes/04-test_pem_data/cert-comment.pem create mode 100644 openssl-1.1.0h/test/recipes/04-test_pem_data/cert-earlypad.pem create mode 100644 openssl-1.1.0h/test/recipes/04-test_pem_data/cert-extrapad.pem create mode 100644 openssl-1.1.0h/test/recipes/04-test_pem_data/cert-infixwhitespace.pem create mode 100644 openssl-1.1.0h/test/recipes/04-test_pem_data/cert-junk.pem create mode 100644 openssl-1.1.0h/test/recipes/04-test_pem_data/cert-leadingwhitespace.pem create mode 100644 openssl-1.1.0h/test/recipes/04-test_pem_data/cert-longline.pem create mode 100644 openssl-1.1.0h/test/recipes/04-test_pem_data/cert-misalignedpad.pem create mode 100644 openssl-1.1.0h/test/recipes/04-test_pem_data/cert-onecolumn.pem create mode 100644 openssl-1.1.0h/test/recipes/04-test_pem_data/cert-oneline.pem create mode 100644 openssl-1.1.0h/test/recipes/04-test_pem_data/cert-shortandlongline.pem create mode 100644 openssl-1.1.0h/test/recipes/04-test_pem_data/cert-shortline.pem create mode 100644 openssl-1.1.0h/test/recipes/04-test_pem_data/cert-threecolumn.pem create mode 100644 openssl-1.1.0h/test/recipes/04-test_pem_data/cert-trailingwhitespace.pem create mode 100644 openssl-1.1.0h/test/recipes/04-test_pem_data/cert.pem create mode 100644 openssl-1.1.0h/test/recipes/04-test_pem_data/csr.pem create mode 100644 openssl-1.1.0h/test/recipes/04-test_pem_data/dsa-1023line.pem create mode 100644 openssl-1.1.0h/test/recipes/04-test_pem_data/dsa-1024line.pem create mode 100644 openssl-1.1.0h/test/recipes/04-test_pem_data/dsa-1025line.pem create mode 100644 openssl-1.1.0h/test/recipes/04-test_pem_data/dsa-255line.pem create mode 100644 openssl-1.1.0h/test/recipes/04-test_pem_data/dsa-256line.pem create mode 100644 openssl-1.1.0h/test/recipes/04-test_pem_data/dsa-257line.pem create mode 100644 openssl-1.1.0h/test/recipes/04-test_pem_data/dsa-blankline.pem create mode 100644 openssl-1.1.0h/test/recipes/04-test_pem_data/dsa-comment.pem create mode 100644 openssl-1.1.0h/test/recipes/04-test_pem_data/dsa-corruptedheader.pem create mode 100644 openssl-1.1.0h/test/recipes/04-test_pem_data/dsa-corruptiv.pem create mode 100644 openssl-1.1.0h/test/recipes/04-test_pem_data/dsa-earlypad.pem create mode 100644 openssl-1.1.0h/test/recipes/04-test_pem_data/dsa-extrapad.pem create mode 100644 openssl-1.1.0h/test/recipes/04-test_pem_data/dsa-infixwhitespace.pem create mode 100644 openssl-1.1.0h/test/recipes/04-test_pem_data/dsa-junk.pem create mode 100644 openssl-1.1.0h/test/recipes/04-test_pem_data/dsa-leadingwhitespace.pem create mode 100644 openssl-1.1.0h/test/recipes/04-test_pem_data/dsa-longline.pem create mode 100644 openssl-1.1.0h/test/recipes/04-test_pem_data/dsa-misalignedpad.pem create mode 100644 openssl-1.1.0h/test/recipes/04-test_pem_data/dsa-onecolumn.pem create mode 100644 openssl-1.1.0h/test/recipes/04-test_pem_data/dsa-oneline.pem create mode 100644 openssl-1.1.0h/test/recipes/04-test_pem_data/dsa-onelineheader.pem create mode 100644 openssl-1.1.0h/test/recipes/04-test_pem_data/dsa-shortandlongline.pem create mode 100644 openssl-1.1.0h/test/recipes/04-test_pem_data/dsa-shortline.pem create mode 100644 openssl-1.1.0h/test/recipes/04-test_pem_data/dsa-threecolumn.pem create mode 100644 openssl-1.1.0h/test/recipes/04-test_pem_data/dsa-trailingwhitespace.pem create mode 100644 openssl-1.1.0h/test/recipes/04-test_pem_data/dsa.pem create mode 100644 openssl-1.1.0h/test/recipes/04-test_pem_data/dsaparam.pem create mode 100644 openssl-1.1.0h/test/recipes/04-test_pem_data/key.pem create mode 100644 openssl-1.1.0h/test/recipes/04-test_pem_data/wellknown create mode 100644 openssl-1.1.0h/test/recipes/05-test_bf.t create mode 100644 openssl-1.1.0h/test/recipes/05-test_cast.t create mode 100644 openssl-1.1.0h/test/recipes/05-test_des.t create mode 100644 openssl-1.1.0h/test/recipes/05-test_hmac.t create mode 100644 openssl-1.1.0h/test/recipes/05-test_idea.t create mode 100644 openssl-1.1.0h/test/recipes/05-test_md2.t create mode 100644 openssl-1.1.0h/test/recipes/05-test_md4.t create mode 100644 openssl-1.1.0h/test/recipes/05-test_md5.t create mode 100644 openssl-1.1.0h/test/recipes/05-test_mdc2.t create mode 100644 openssl-1.1.0h/test/recipes/05-test_rand.t create mode 100644 openssl-1.1.0h/test/recipes/05-test_rc2.t create mode 100644 openssl-1.1.0h/test/recipes/05-test_rc4.t create mode 100644 openssl-1.1.0h/test/recipes/05-test_rc5.t create mode 100644 openssl-1.1.0h/test/recipes/05-test_rmd.t create mode 100644 openssl-1.1.0h/test/recipes/05-test_sha1.t create mode 100644 openssl-1.1.0h/test/recipes/05-test_sha256.t create mode 100644 openssl-1.1.0h/test/recipes/05-test_sha512.t create mode 100644 openssl-1.1.0h/test/recipes/05-test_wp.t create mode 100644 openssl-1.1.0h/test/recipes/10-test_bn.t create mode 100644 openssl-1.1.0h/test/recipes/10-test_exp.t create mode 100644 openssl-1.1.0h/test/recipes/15-test_dh.t create mode 100644 openssl-1.1.0h/test/recipes/15-test_dsa.t create mode 100644 openssl-1.1.0h/test/recipes/15-test_ec.t create mode 100644 openssl-1.1.0h/test/recipes/15-test_ecdsa.t create mode 100644 openssl-1.1.0h/test/recipes/15-test_genrsa.t create mode 100644 openssl-1.1.0h/test/recipes/15-test_rsa.t create mode 100644 openssl-1.1.0h/test/recipes/15-test_rsapss.t create mode 100644 openssl-1.1.0h/test/recipes/20-test_enc.t create mode 100644 openssl-1.1.0h/test/recipes/20-test_passwd.t create mode 100644 openssl-1.1.0h/test/recipes/25-test_crl.t create mode 100644 openssl-1.1.0h/test/recipes/25-test_d2i.t create mode 100644 openssl-1.1.0h/test/recipes/25-test_pkcs7.t create mode 100644 openssl-1.1.0h/test/recipes/25-test_req.t create mode 100644 openssl-1.1.0h/test/recipes/25-test_sid.t create mode 100644 openssl-1.1.0h/test/recipes/25-test_verify.t create mode 100644 openssl-1.1.0h/test/recipes/25-test_x509.t create mode 100644 openssl-1.1.0h/test/recipes/30-test_afalg.t create mode 100644 openssl-1.1.0h/test/recipes/30-test_engine.t create mode 100644 openssl-1.1.0h/test/recipes/30-test_evp.t create mode 100644 openssl-1.1.0h/test/recipes/30-test_evp_extra.t create mode 100644 openssl-1.1.0h/test/recipes/30-test_pbelu.t create mode 100644 openssl-1.1.0h/test/recipes/40-test_rehash.t create mode 100644 openssl-1.1.0h/test/recipes/60-test_x509_store.t create mode 100644 openssl-1.1.0h/test/recipes/70-test_asyncio.t create mode 100644 openssl-1.1.0h/test/recipes/70-test_bad_dtls.t create mode 100644 openssl-1.1.0h/test/recipes/70-test_clienthello.t create mode 100644 openssl-1.1.0h/test/recipes/70-test_packet.t create mode 100644 openssl-1.1.0h/test/recipes/70-test_sslcbcpadding.t create mode 100644 openssl-1.1.0h/test/recipes/70-test_sslcertstatus.t create mode 100644 openssl-1.1.0h/test/recipes/70-test_sslextension.t create mode 100644 openssl-1.1.0h/test/recipes/70-test_sslmessages.t create mode 100644 openssl-1.1.0h/test/recipes/70-test_sslrecords.t create mode 100644 openssl-1.1.0h/test/recipes/70-test_sslsessiontick.t create mode 100644 openssl-1.1.0h/test/recipes/70-test_sslskewith0p.t create mode 100644 openssl-1.1.0h/test/recipes/70-test_sslvertol.t create mode 100644 openssl-1.1.0h/test/recipes/70-test_tlsextms.t create mode 100644 openssl-1.1.0h/test/recipes/70-test_verify_extra.t create mode 100644 openssl-1.1.0h/test/recipes/80-test_ca.t create mode 100644 openssl-1.1.0h/test/recipes/80-test_cipherlist.t create mode 100644 openssl-1.1.0h/test/recipes/80-test_cms.t create mode 100644 openssl-1.1.0h/test/recipes/80-test_ct.t create mode 100644 openssl-1.1.0h/test/recipes/80-test_dane.t create mode 100644 openssl-1.1.0h/test/recipes/80-test_dtls.t create mode 100644 openssl-1.1.0h/test/recipes/80-test_dtlsv1listen.t create mode 100644 openssl-1.1.0h/test/recipes/80-test_ocsp.t create mode 100644 openssl-1.1.0h/test/recipes/80-test_ocsp_data/cert.pem create mode 100644 openssl-1.1.0h/test/recipes/80-test_ocsp_data/key.pem create mode 100644 openssl-1.1.0h/test/recipes/80-test_pkcs12.t create mode 100644 openssl-1.1.0h/test/recipes/80-test_ssl_new.t create mode 100644 openssl-1.1.0h/test/recipes/80-test_ssl_old.t create mode 100644 openssl-1.1.0h/test/recipes/80-test_ssl_test_ctx.t create mode 100644 openssl-1.1.0h/test/recipes/80-test_sslcorrupt.t create mode 100644 openssl-1.1.0h/test/recipes/80-test_tsa.t create mode 100644 openssl-1.1.0h/test/recipes/80-test_x509aux.t create mode 100644 openssl-1.1.0h/test/recipes/90-test_async.t create mode 100644 openssl-1.1.0h/test/recipes/90-test_bio_enc.t create mode 100644 openssl-1.1.0h/test/recipes/90-test_bioprint.t create mode 100644 openssl-1.1.0h/test/recipes/90-test_constant_time.t create mode 100644 openssl-1.1.0h/test/recipes/90-test_fatalerr.t create mode 100644 openssl-1.1.0h/test/recipes/90-test_fuzz.t create mode 100644 openssl-1.1.0h/test/recipes/90-test_gmdiff.t create mode 100644 openssl-1.1.0h/test/recipes/90-test_heartbeat.t create mode 100644 openssl-1.1.0h/test/recipes/90-test_ige.t create mode 100644 openssl-1.1.0h/test/recipes/90-test_memleak.t create mode 100644 openssl-1.1.0h/test/recipes/90-test_p5_crpt2.t create mode 100644 openssl-1.1.0h/test/recipes/90-test_secmem.t create mode 100644 openssl-1.1.0h/test/recipes/90-test_shlibload.t create mode 100644 openssl-1.1.0h/test/recipes/90-test_srp.t create mode 100644 openssl-1.1.0h/test/recipes/90-test_sslapi.t create mode 100644 openssl-1.1.0h/test/recipes/90-test_threads.t create mode 100644 openssl-1.1.0h/test/recipes/90-test_v3name.t create mode 100644 openssl-1.1.0h/test/recipes/bc.pl create mode 100644 openssl-1.1.0h/test/recipes/tconversion.pl create mode 100644 openssl-1.1.0h/test/rmdtest.c create mode 100644 openssl-1.1.0h/test/rsa_test.c create mode 100644 openssl-1.1.0h/test/run_tests.pl create mode 100644 openssl-1.1.0h/test/sanitytest.c create mode 100644 openssl-1.1.0h/test/secmemtest.c create mode 100644 openssl-1.1.0h/test/serverinfo.pem create mode 100644 openssl-1.1.0h/test/sha1test.c create mode 100644 openssl-1.1.0h/test/sha256t.c create mode 100644 openssl-1.1.0h/test/sha512t.c create mode 100644 openssl-1.1.0h/test/shibboleth.pfx create mode 100644 openssl-1.1.0h/test/shlibloadtest.c create mode 100644 openssl-1.1.0h/test/smcont.txt create mode 100644 openssl-1.1.0h/test/smime-certs/ca.cnf create mode 100644 openssl-1.1.0h/test/smime-certs/mksmime-certs.sh create mode 100644 openssl-1.1.0h/test/smime-certs/smdh.pem create mode 100644 openssl-1.1.0h/test/smime-certs/smdsa1.pem create mode 100644 openssl-1.1.0h/test/smime-certs/smdsa2.pem create mode 100644 openssl-1.1.0h/test/smime-certs/smdsa3.pem create mode 100644 openssl-1.1.0h/test/smime-certs/smdsap.pem create mode 100644 openssl-1.1.0h/test/smime-certs/smec1.pem create mode 100644 openssl-1.1.0h/test/smime-certs/smec2.pem create mode 100644 openssl-1.1.0h/test/smime-certs/smec3.pem create mode 100644 openssl-1.1.0h/test/smime-certs/smroot.pem create mode 100644 openssl-1.1.0h/test/smime-certs/smrsa1.pem create mode 100644 openssl-1.1.0h/test/smime-certs/smrsa2.pem create mode 100644 openssl-1.1.0h/test/smime-certs/smrsa3.pem create mode 100644 openssl-1.1.0h/test/srptest.c create mode 100644 openssl-1.1.0h/test/ssl-tests/01-simple.conf create mode 100644 openssl-1.1.0h/test/ssl-tests/01-simple.conf.in create mode 100644 openssl-1.1.0h/test/ssl-tests/02-protocol-version.conf create mode 100644 openssl-1.1.0h/test/ssl-tests/02-protocol-version.conf.in create mode 100644 openssl-1.1.0h/test/ssl-tests/03-custom_verify.conf create mode 100644 openssl-1.1.0h/test/ssl-tests/03-custom_verify.conf.in create mode 100644 openssl-1.1.0h/test/ssl-tests/04-client_auth.conf create mode 100644 openssl-1.1.0h/test/ssl-tests/04-client_auth.conf.in create mode 100644 openssl-1.1.0h/test/ssl-tests/05-sni.conf create mode 100644 openssl-1.1.0h/test/ssl-tests/05-sni.conf.in create mode 100644 openssl-1.1.0h/test/ssl-tests/06-sni-ticket.conf create mode 100644 openssl-1.1.0h/test/ssl-tests/06-sni-ticket.conf.in create mode 100644 openssl-1.1.0h/test/ssl-tests/07-dtls-protocol-version.conf create mode 100644 openssl-1.1.0h/test/ssl-tests/07-dtls-protocol-version.conf.in create mode 100644 openssl-1.1.0h/test/ssl-tests/08-npn.conf create mode 100644 openssl-1.1.0h/test/ssl-tests/08-npn.conf.in create mode 100644 openssl-1.1.0h/test/ssl-tests/09-alpn.conf create mode 100644 openssl-1.1.0h/test/ssl-tests/09-alpn.conf.in create mode 100644 openssl-1.1.0h/test/ssl-tests/10-resumption.conf create mode 100644 openssl-1.1.0h/test/ssl-tests/10-resumption.conf.in create mode 100644 openssl-1.1.0h/test/ssl-tests/11-dtls_resumption.conf create mode 100644 openssl-1.1.0h/test/ssl-tests/11-dtls_resumption.conf.in create mode 100644 openssl-1.1.0h/test/ssl-tests/12-ct.conf create mode 100644 openssl-1.1.0h/test/ssl-tests/12-ct.conf.in create mode 100644 openssl-1.1.0h/test/ssl-tests/13-fragmentation.conf create mode 100644 openssl-1.1.0h/test/ssl-tests/13-fragmentation.conf.in create mode 100644 openssl-1.1.0h/test/ssl-tests/14-curves.conf create mode 100644 openssl-1.1.0h/test/ssl-tests/14-curves.conf.in create mode 100644 openssl-1.1.0h/test/ssl-tests/15-certstatus.conf create mode 100644 openssl-1.1.0h/test/ssl-tests/15-certstatus.conf.in create mode 100644 openssl-1.1.0h/test/ssl-tests/16-certstatus.conf create mode 100644 openssl-1.1.0h/test/ssl-tests/16-dtls-certstatus.conf create mode 100644 openssl-1.1.0h/test/ssl-tests/16-dtls-certstatus.conf.in create mode 100644 openssl-1.1.0h/test/ssl-tests/17-renegotiate.conf create mode 100644 openssl-1.1.0h/test/ssl-tests/17-renegotiate.conf.in create mode 100644 openssl-1.1.0h/test/ssl-tests/18-dtls-renegotiate.conf create mode 100644 openssl-1.1.0h/test/ssl-tests/18-dtls-renegotiate.conf.in create mode 100644 openssl-1.1.0h/test/ssl-tests/19-mac-then-encrypt.conf create mode 100644 openssl-1.1.0h/test/ssl-tests/19-mac-then-encrypt.conf.in create mode 100644 openssl-1.1.0h/test/ssl-tests/protocol_version.pm create mode 100644 openssl-1.1.0h/test/ssl-tests/ssltests_base.pm create mode 100644 openssl-1.1.0h/test/ssl_test.c create mode 100644 openssl-1.1.0h/test/ssl_test.tmpl create mode 100644 openssl-1.1.0h/test/ssl_test_ctx.c create mode 100644 openssl-1.1.0h/test/ssl_test_ctx.h create mode 100644 openssl-1.1.0h/test/ssl_test_ctx_test.c create mode 100644 openssl-1.1.0h/test/ssl_test_ctx_test.conf create mode 100644 openssl-1.1.0h/test/sslapitest.c create mode 100644 openssl-1.1.0h/test/sslcorrupttest.c create mode 100644 openssl-1.1.0h/test/ssltest_old.c create mode 100644 openssl-1.1.0h/test/ssltestlib.c create mode 100644 openssl-1.1.0h/test/ssltestlib.h create mode 100644 openssl-1.1.0h/test/test.cnf create mode 100644 openssl-1.1.0h/test/testcrl.pem create mode 100644 openssl-1.1.0h/test/testdsa.pem create mode 100644 openssl-1.1.0h/test/testdsapub.pem create mode 100644 openssl-1.1.0h/test/testec-p256.pem create mode 100644 openssl-1.1.0h/test/testecpub-p256.pem create mode 100644 openssl-1.1.0h/test/testp7.pem create mode 100644 openssl-1.1.0h/test/testreq2.pem create mode 100644 openssl-1.1.0h/test/testrsa.pem create mode 100644 openssl-1.1.0h/test/testrsapub.pem create mode 100644 openssl-1.1.0h/test/testsid.pem create mode 100644 openssl-1.1.0h/test/testutil.c create mode 100644 openssl-1.1.0h/test/testutil.h create mode 100644 openssl-1.1.0h/test/testx509.pem create mode 100644 openssl-1.1.0h/test/threadstest.c create mode 100644 openssl-1.1.0h/test/v3-cert1.pem create mode 100644 openssl-1.1.0h/test/v3-cert2.pem create mode 100644 openssl-1.1.0h/test/v3ext.c create mode 100644 openssl-1.1.0h/test/v3nametest.c create mode 100644 openssl-1.1.0h/test/verify_extra_test.c create mode 100644 openssl-1.1.0h/test/wp_test.c create mode 100644 openssl-1.1.0h/test/x509aux.c (limited to 'openssl-1.1.0h/test') diff --git a/openssl-1.1.0h/test/CAss.cnf b/openssl-1.1.0h/test/CAss.cnf new file mode 100644 index 0000000..b20a242 --- /dev/null +++ b/openssl-1.1.0h/test/CAss.cnf @@ -0,0 +1,76 @@ +# +# SSLeay example configuration file. +# This is mostly being used for generation of certificate requests. +# + +RANDFILE = ./.rnd + +#################################################################### +[ req ] +default_bits = 2048 +default_keyfile = keySS.pem +distinguished_name = req_distinguished_name +encrypt_rsa_key = no +default_md = sha1 + +[ req_distinguished_name ] +countryName = Country Name (2 letter code) +countryName_default = AU +countryName_value = AU + +organizationName = Organization Name (eg, company) +organizationName_value = Dodgy Brothers + +commonName = Common Name (eg, YOUR name) +commonName_value = Dodgy CA + +#################################################################### +[ ca ] +default_ca = CA_default # The default ca section + +#################################################################### +[ CA_default ] + +dir = ./demoCA # Where everything is kept +certs = $dir/certs # Where the issued certs are kept +crl_dir = $dir/crl # Where the issued crl are kept +database = $dir/index.txt # database index file. +#unique_subject = no # Set to 'no' to allow creation of + # several certificates with same subject. +new_certs_dir = $dir/newcerts # default place for new certs. + +certificate = $dir/cacert.pem # The CA certificate +serial = $dir/serial # The current serial number +crl = $dir/crl.pem # The current CRL +private_key = $dir/private/cakey.pem# The private key +RANDFILE = $dir/private/.rand # private random number file + +x509_extensions = v3_ca # The extensions to add to the cert + +name_opt = ca_default # Subject Name options +cert_opt = ca_default # Certificate field options + +default_days = 365 # how long to certify for +default_crl_days= 30 # how long before next CRL +default_md = md5 # which md to use. +preserve = no # keep passed DN ordering + +policy = policy_anything + +[ policy_anything ] +countryName = optional +stateOrProvinceName = optional +localityName = optional +organizationName = optional +organizationalUnitName = optional +commonName = supplied +emailAddress = optional + + + +[ v3_ca ] +subjectKeyIdentifier=hash +authorityKeyIdentifier=keyid:always,issuer:always +basicConstraints = critical,CA:true,pathlen:1 +keyUsage = cRLSign, keyCertSign +issuerAltName=issuer:copy diff --git a/openssl-1.1.0h/test/CAssdh.cnf b/openssl-1.1.0h/test/CAssdh.cnf new file mode 100644 index 0000000..4e0a908 --- /dev/null +++ b/openssl-1.1.0h/test/CAssdh.cnf @@ -0,0 +1,24 @@ +# +# SSLeay example configuration file. +# This is mostly being used for generation of certificate requests. +# +# hacked by iang to do DH certs - CA + +RANDFILE = ./.rnd + +#################################################################### +[ req ] +distinguished_name = req_distinguished_name +encrypt_rsa_key = no + +[ req_distinguished_name ] +countryName = Country Name (2 letter code) +countryName_default = CU +countryName_value = CU + +organizationName = Organization Name (eg, company) +organizationName_value = La Junta de la Revolucion + +commonName = Common Name (eg, YOUR name) +commonName_value = Junta + diff --git a/openssl-1.1.0h/test/CAssdsa.cnf b/openssl-1.1.0h/test/CAssdsa.cnf new file mode 100644 index 0000000..a6b4d18 --- /dev/null +++ b/openssl-1.1.0h/test/CAssdsa.cnf @@ -0,0 +1,23 @@ +# +# SSLeay example configuration file. +# This is mostly being used for generation of certificate requests. +# +# hacked by iang to do DSA certs - CA + +RANDFILE = ./.rnd + +#################################################################### +[ req ] +distinguished_name = req_distinguished_name +encrypt_rsa_key = no + +[ req_distinguished_name ] +countryName = Country Name (2 letter code) +countryName_default = ES +countryName_value = ES + +organizationName = Organization Name (eg, company) +organizationName_value = Hermanos Locos + +commonName = Common Name (eg, YOUR name) +commonName_value = Hermanos Locos CA diff --git a/openssl-1.1.0h/test/CAssrsa.cnf b/openssl-1.1.0h/test/CAssrsa.cnf new file mode 100644 index 0000000..eb24a6d --- /dev/null +++ b/openssl-1.1.0h/test/CAssrsa.cnf @@ -0,0 +1,24 @@ +# +# SSLeay example configuration file. +# This is mostly being used for generation of certificate requests. +# +# create RSA certs - CA + +RANDFILE = ./.rnd + +#################################################################### +[ req ] +distinguished_name = req_distinguished_name +encrypt_key = no + +[ req_distinguished_name ] +countryName = Country Name (2 letter code) +countryName_default = ES +countryName_value = ES + +organizationName = Organization Name (eg, company) +organizationName_value = Hermanos Locos + +commonName = Common Name (eg, YOUR name) +commonName_value = Hermanos Locos CA + diff --git a/openssl-1.1.0h/test/CAtsa.cnf b/openssl-1.1.0h/test/CAtsa.cnf new file mode 100644 index 0000000..ab2f84a --- /dev/null +++ b/openssl-1.1.0h/test/CAtsa.cnf @@ -0,0 +1,163 @@ + +# +# This config is used by the Time Stamp Authority tests. +# + +RANDFILE = ./.rnd + +# Extra OBJECT IDENTIFIER info: +oid_section = new_oids + +TSDNSECT = ts_cert_dn +INDEX = 1 + +[ new_oids ] + +# Policies used by the TSA tests. +tsa_policy1 = 1.2.3.4.1 +tsa_policy2 = 1.2.3.4.5.6 +tsa_policy3 = 1.2.3.4.5.7 + +#---------------------------------------------------------------------- +[ ca ] +default_ca = CA_default # The default ca section + +[ CA_default ] + +dir = ./demoCA +certs = $dir/certs # Where the issued certs are kept +database = $dir/index.txt # database index file. +new_certs_dir = $dir/newcerts # default place for new certs. + +certificate = $dir/cacert.pem # The CA certificate +serial = $dir/serial # The current serial number +private_key = $dir/private/cakey.pem# The private key +RANDFILE = $dir/private/.rand # private random number file + +default_days = 365 # how long to certify for +default_md = sha256 # which md to use. +preserve = no # keep passed DN ordering + +policy = policy_match + +# For the CA policy +[ policy_match ] +countryName = supplied +stateOrProvinceName = supplied +organizationName = supplied +organizationalUnitName = optional +commonName = supplied +emailAddress = optional + +#---------------------------------------------------------------------- +[ req ] +default_bits = 2048 +default_md = sha1 +distinguished_name = $ENV::TSDNSECT +encrypt_rsa_key = no +prompt = no +# attributes = req_attributes +x509_extensions = v3_ca # The extensions to add to the self signed cert + +string_mask = nombstr + +[ ts_ca_dn ] +countryName = HU +stateOrProvinceName = Budapest +localityName = Budapest +organizationName = Gov-CA Ltd. +commonName = ca1 + +[ ts_cert_dn ] +countryName = HU +stateOrProvinceName = Budapest +localityName = Buda +organizationName = Hun-TSA Ltd. +commonName = tsa$ENV::INDEX + +[ tsa_cert ] + +# TSA server cert is not a CA cert. +basicConstraints=CA:FALSE + +# The following key usage flags are needed for TSA server certificates. +keyUsage = nonRepudiation, digitalSignature +extendedKeyUsage = critical,timeStamping + +# PKIX recommendations harmless if included in all certificates. +subjectKeyIdentifier=hash +authorityKeyIdentifier=keyid,issuer:always + +[ non_tsa_cert ] + +# This is not a CA cert and not a TSA cert, either (timeStamping usage missing) +basicConstraints=CA:FALSE + +# The following key usage flags are needed for TSA server certificates. +keyUsage = nonRepudiation, digitalSignature +# timeStamping is not supported by this certificate +# extendedKeyUsage = critical,timeStamping + +# PKIX recommendations harmless if included in all certificates. +subjectKeyIdentifier=hash +authorityKeyIdentifier=keyid,issuer:always + +[ v3_req ] + +# Extensions to add to a certificate request +basicConstraints = CA:FALSE +keyUsage = nonRepudiation, digitalSignature + +[ v3_ca ] + +# Extensions for a typical CA + +subjectKeyIdentifier=hash +authorityKeyIdentifier=keyid:always,issuer:always +basicConstraints = critical,CA:true +keyUsage = cRLSign, keyCertSign + +#---------------------------------------------------------------------- +[ tsa ] + +default_tsa = tsa_config1 # the default TSA section + +[ tsa_config1 ] + +# These are used by the TSA reply generation only. +dir = . # TSA root directory +serial = $dir/tsa_serial # The current serial number (mandatory) +signer_cert = $dir/tsa_cert1.pem # The TSA signing certificate + # (optional) +certs = $dir/tsaca.pem # Certificate chain to include in reply + # (optional) +signer_key = $dir/tsa_key1.pem # The TSA private key (optional) +signer_digest = sha256 # Signing digest to use. (Optional) +default_policy = tsa_policy1 # Policy if request did not specify it + # (optional) +other_policies = tsa_policy2, tsa_policy3 # acceptable policies (optional) +digests = sha1, sha256, sha384, sha512 # Acceptable message digests (mandatory) +accuracy = secs:1, millisecs:500, microsecs:100 # (optional) +ordering = yes # Is ordering defined for timestamps? + # (optional, default: no) +tsa_name = yes # Must the TSA name be included in the reply? + # (optional, default: no) +ess_cert_id_chain = yes # Must the ESS cert id chain be included? + # (optional, default: no) + +[ tsa_config2 ] + +# This configuration uses a certificate which doesn't have timeStamping usage. +# These are used by the TSA reply generation only. +dir = . # TSA root directory +serial = $dir/tsa_serial # The current serial number (mandatory) +signer_cert = $dir/tsa_cert2.pem # The TSA signing certificate + # (optional) +certs = $dir/demoCA/cacert.pem# Certificate chain to include in reply + # (optional) +signer_key = $dir/tsa_key2.pem # The TSA private key (optional) +signer_digest = sha256 # Signing digest to use. (Optional) +default_policy = tsa_policy1 # Policy if request did not specify it + # (optional) +other_policies = tsa_policy2, tsa_policy3 # acceptable policies (optional) +digests = sha1, sha256, sha384, sha512 # Acceptable message digests (mandatory) diff --git a/openssl-1.1.0h/test/P1ss.cnf b/openssl-1.1.0h/test/P1ss.cnf new file mode 100644 index 0000000..e6118dc --- /dev/null +++ b/openssl-1.1.0h/test/P1ss.cnf @@ -0,0 +1,37 @@ +# +# SSLeay example configuration file. +# This is mostly being used for generation of certificate requests. +# + +RANDFILE = ./.rnd + +#################################################################### +[ req ] +default_bits = 2048 +default_keyfile = keySS.pem +distinguished_name = req_distinguished_name +encrypt_rsa_key = no +default_md = sha256 + +[ req_distinguished_name ] +countryName = Country Name (2 letter code) +countryName_default = AU +countryName_value = AU + +organizationName = Organization Name (eg, company) +organizationName_value = Dodgy Brothers + +0.commonName = Common Name (eg, YOUR name) +0.commonName_value = Brother 1 + +1.commonName = Common Name (eg, YOUR name) +1.commonName_value = Brother 2 + +2.commonName = Common Name (eg, YOUR name) +2.commonName_value = Proxy 1 + +[ v3_proxy ] +basicConstraints=CA:FALSE +subjectKeyIdentifier=hash +authorityKeyIdentifier=keyid,issuer:always +proxyCertInfo=critical,language:id-ppl-anyLanguage,pathlen:1,policy:text:AB diff --git a/openssl-1.1.0h/test/P2ss.cnf b/openssl-1.1.0h/test/P2ss.cnf new file mode 100644 index 0000000..d530e31 --- /dev/null +++ b/openssl-1.1.0h/test/P2ss.cnf @@ -0,0 +1,45 @@ +# +# SSLeay example configuration file. +# This is mostly being used for generation of certificate requests. +# + +RANDFILE = ./.rnd + +#################################################################### +[ req ] +default_bits = 2048 +default_keyfile = keySS.pem +distinguished_name = req_distinguished_name +encrypt_rsa_key = no +default_md = sha256 + +[ req_distinguished_name ] +countryName = Country Name (2 letter code) +countryName_default = AU +countryName_value = AU + +organizationName = Organization Name (eg, company) +organizationName_value = Dodgy Brothers + +0.commonName = Common Name (eg, YOUR name) +0.commonName_value = Brother 1 + +1.commonName = Common Name (eg, YOUR name) +1.commonName_value = Brother 2 + +2.commonName = Common Name (eg, YOUR name) +2.commonName_value = Proxy 1 + +3.commonName = Common Name (eg, YOUR name) +3.commonName_value = Proxy 2 + +[ v3_proxy ] +basicConstraints=CA:FALSE +subjectKeyIdentifier=hash +authorityKeyIdentifier=keyid,issuer:always +proxyCertInfo=critical,@proxy_ext + +[ proxy_ext ] +language=id-ppl-anyLanguage +pathlen=0 +policy=text:BC diff --git a/openssl-1.1.0h/test/README b/openssl-1.1.0h/test/README new file mode 100644 index 0000000..ef39d38 --- /dev/null +++ b/openssl-1.1.0h/test/README @@ -0,0 +1,109 @@ +How to add recipes +================== + +For any test that you want to perform, you write a script located in +test/recipes/, named {nn}-test_{name}.t, where {nn} is a two digit number and +{name} is a unique name of your choice. + +Please note that if a test involves a new testing executable, you will need to +do some additions in test/Makefile. More on this later. + + +Naming conventions +================= + +A test executable is named test/{name}test.c + +A test recipe is named test/recipes/{nn}-test_{name}.t, where {nn} is a two +digit number and {name} is a unique name of your choice. + +The number {nn} is (somewhat loosely) grouped as follows: + +00-04 sanity, internal and essential API tests +05-09 individual symmetric cipher algorithms +10-14 math (bignum) +15-19 individual asymmetric cipher algorithms +20-24 openssl commands (some otherwise not tested) +25-29 certificate forms, generation and verification +30-35 engine and evp +60-79 APIs + 70 PACKET layer +80-89 "larger" protocols (CA, CMS, OCSP, SSL, TSA) +90-99 misc + + +A recipe that just runs a test executable +========================================= + +A script that just runs a program looks like this: + + #! /usr/bin/perl + + use OpenSSL::Test::Simple; + + simple_test("test_{name}", "{name}test", "{name}"); + +{name} is the unique name you have chosen for your test. + +The second argument to `simple_test' is the test executable, and `simple_test' +expects it to be located in test/ + +For documentation on OpenSSL::Test::Simple, do +`perldoc test/testlib/OpenSSL/Test/Simple.pm'. + + +A recipe that runs a more complex test +====================================== + +For more complex tests, you will need to read up on Test::More and +OpenSSL::Test. Test::More is normally preinstalled, do `man Test::More' for +documentation. For OpenSSL::Test, do `perldoc test/testlib/OpenSSL/Test.pm'. + +A script to start from could be this: + + #! /usr/bin/perl + + use strict; + use warnings; + use OpenSSL::Test; + + setup("test_{name}"); + + plan tests => 2; # The number of tests being performed + + ok(test1, "test1"); + ok(test2, "test1"); + + sub test1 + { + # test feature 1 + } + + sub test2 + { + # test feature 2 + } + + +Changes to test/Makefile +======================== + +Whenever a new test involves a new test executable you need to do the +following (at all times, replace {NAME} and {name} with the name of your +test): + +* among the variables for test executables at the beginning, add a line like + this: + + {NAME}TEST= {name}test + +* add `$({NAME}TEST)$(EXE_EXT)' to the assignment of EXE: + +* add `$({NAME}TEST).o' to the assignment of OBJ: + +* add `$({NAME}TEST).c' to the assignment of SRC: + +* add the following lines for building the executable: + + $({NAME}TEST)$(EXE_EXT): $({NAME}TEST).o $(DLIBCRYPTO) + @target=$({NAME}TEST); $(BUILD_CMD) diff --git a/openssl-1.1.0h/test/README.ssltest.md b/openssl-1.1.0h/test/README.ssltest.md new file mode 100644 index 0000000..c1edda5 --- /dev/null +++ b/openssl-1.1.0h/test/README.ssltest.md @@ -0,0 +1,274 @@ +# SSL tests + +SSL testcases are configured in the `ssl-tests` directory. + +Each `ssl_*.conf.in` file contains a number of test configurations. These files +are used to generate testcases in the OpenSSL CONF format. + +The precise test output can be dependent on the library configuration. The test +harness generates the output files on the fly. + +However, for verification, we also include checked-in configuration outputs +corresponding to the default configuration. These testcases live in +`test/ssl-tests/*.conf` files. + +For more details, see `ssl-tests/01-simple.conf.in` for an example. + +## Configuring the test + +First, give your test a name. The names do not have to be unique. + +An example test input looks like this: + +``` + { + name => "test-default", + server => { "CipherString" => "DEFAULT" }, + client => { "CipherString" => "DEFAULT" }, + test => { "ExpectedResult" => "Success" }, + } +``` + +The test section supports the following options + +### Test mode + +* Method - the method to test. One of DTLS or TLS. + +* HandshakeMode - which handshake flavour to test: + - Simple - plain handshake (default) + - Resume - test resumption + - RenegotiateServer - test server initiated renegotiation + - RenegotiateClient - test client initiated renegotiation + +When HandshakeMode is Resume or Renegotiate, the original handshake is expected +to succeed. All configured test expectations are verified against the second +handshake. + +* ApplicationData - amount of application data bytes to send (integer, defaults + to 256 bytes). Applies to both client and server. Application data is sent in + 64kB chunks (but limited by MaxFragmentSize and available parallelization, see + below). + +* MaxFragmentSize - maximum send fragment size (integer, defaults to 512 in + tests - see `SSL_CTX_set_max_send_fragment` for documentation). Applies to + both client and server. Lowering the fragment size will split handshake and + application data up between more `SSL_write` calls, thus allowing to exercise + different code paths. In particular, if the buffer size (64kB) is at least + four times as large as the maximum fragment, interleaved multi-buffer crypto + implementations may be used on some platforms. + +### Test expectations + +* ExpectedResult - expected handshake outcome. One of + - Success - handshake success + - ServerFail - serverside handshake failure + - ClientFail - clientside handshake failure + - InternalError - some other error + +* ExpectedClientAlert, ExpectedServerAlert - expected alert. See + `ssl_test_ctx.c` for known values. Note: the expected alert is currently + matched against the _last_ received alert (i.e., a fatal alert or a + `close_notify`). Warning alert expectations are not yet supported. (A warning + alert will not be correctly matched, if followed by a `close_notify` or + another alert.) + +* ExpectedProtocol - expected negotiated protocol. One of + SSLv3, TLSv1, TLSv1.1, TLSv1.2. + +* SessionTicketExpected - whether or not a session ticket is expected + - Ignore - do not check for a session ticket (default) + - Yes - a session ticket is expected + - No - a session ticket is not expected + +* ResumptionExpected - whether or not resumption is expected (Resume mode only) + - Yes - resumed handshake + - No - full handshake (default) + +* ExpectedNPNProtocol, ExpectedALPNProtocol - NPN and ALPN expectations. + +* ExpectedTmpKeyType - the expected algorithm or curve of server temp key + +## Configuring the client and server + +The client and server configurations can be any valid `SSL_CTX` +configurations. For details, see the manpages for `SSL_CONF_cmd`. + +Give your configurations as a dictionary of CONF commands, e.g. + +``` +server => { + "CipherString" => "DEFAULT", + "MinProtocol" => "TLSv1", +} +``` + +The following sections may optionally be defined: + +* server2 - this section configures a secondary context that is selected via the + ServerName test option. This context is used whenever a ServerNameCallback is + specified. If the server2 section is not present, then the configuration + matches server. +* resume_server - this section configures the client to resume its session + against a different server. This context is used whenever HandshakeMode is + Resume. If the resume_server section is not present, then the configuration + matches server. +* resume_client - this section configures the client to resume its session with + a different configuration. In practice this may occur when, for example, + upgraded clients reuse sessions persisted on disk. This context is used + whenever HandshakeMode is Resume. If the resume_client section is not present, + then the configuration matches client. + +### Configuring callbacks and additional options + +Additional handshake settings can be configured in the `extra` section of each +client and server: + +``` +client => { + "CipherString" => "DEFAULT", + extra => { + "ServerName" => "server2", + } +} +``` + +#### Supported client-side options + +* ClientVerifyCallback - the client's custom certificate verify callback. + Used to test callback behaviour. One of + - None - no custom callback (default) + - AcceptAll - accepts all certificates. + - RejectAll - rejects all certificates. + +* ServerName - the server the client should attempt to connect to. One of + - None - do not use SNI (default) + - server1 - the initial context + - server2 - the secondary context + - invalid - an unknown context + +* CTValidation - Certificate Transparency validation strategy. One of + - None - no validation (default) + - Permissive - SSL_CT_VALIDATION_PERMISSIVE + - Strict - SSL_CT_VALIDATION_STRICT + +#### Supported server-side options + +* ServerNameCallback - the SNI switching callback to use + - None - no callback (default) + - IgnoreMismatch - continue the handshake on SNI mismatch + - RejectMismatch - abort the handshake on SNI mismatch + +* BrokenSessionTicket - a special test case where the session ticket callback + does not initialize crypto. + - No (default) + - Yes + +#### Mutually supported options + +* NPNProtocols, ALPNProtocols - NPN and ALPN settings. Server and client + protocols can be specified as a comma-separated list, and a callback with the + recommended behaviour will be installed automatically. + +### Default server and client configurations + +The default server certificate and CA files are added to the configurations +automatically. Server certificate verification is requested by default. + +You can override these options by redefining them: + +``` +client => { + "VerifyCAFile" => "/path/to/custom/file" +} +``` + +or by deleting them + +``` +client => { + "VerifyCAFile" => undef +} +``` + +## Adding a test to the test harness + +1. Add a new test configuration to `test/ssl-tests`, following the examples of + existing `*.conf.in` files (for example, `01-simple.conf.in`). + +2. Generate the generated `*.conf` test input file. You can do so by running + `generate_ssl_tests.pl`: + +``` +$ ./config +$ cd test +$ TOP=.. perl -I testlib/ generate_ssl_tests.pl ssl-tests/my.conf.in \ + > ssl-tests/my.conf +``` + +where `my.conf.in` is your test input file. + +For example, to generate the test cases in `ssl-tests/01-simple.conf.in`, do + +``` +$ TOP=.. perl -I testlib/ generate_ssl_tests.pl ssl-tests/01-simple.conf.in > ssl-tests/01-simple.conf +``` + +Alternatively (hackish but simple), you can comment out + +``` +unlink glob $tmp_file; +``` + +in `test/recipes/80-test_ssl_new.t` and run + +``` +$ make TESTS=test_ssl_new test +``` + +This will save the generated output in a `*.tmp` file in the build directory. + +3. Update the number of tests planned in `test/recipes/80-test_ssl_new.t`. If + the test suite has any skip conditions, update those too (see + `test/recipes/80-test_ssl_new.t` for details). + +## Running the tests with the test harness + +``` +HARNESS_VERBOSE=yes make TESTS=test_ssl_new test +``` + +## Running a test manually + +These steps are only needed during development. End users should run `make test` +or follow the instructions above to run the SSL test suite. + +To run an SSL test manually from the command line, the `TEST_CERTS_DIR` +environment variable to point to the location of the certs. E.g., from the root +OpenSSL directory, do + +``` +$ CTLOG_FILE=test/ct/log_list.conf TEST_CERTS_DIR=test/certs test/ssl_test \ + test/ssl-tests/01-simple.conf +``` + +or for shared builds + +``` +$ CTLOG_FILE=test/ct/log_list.conf TEST_CERTS_DIR=test/certs \ + util/shlib_wrap.sh test/ssl_test test/ssl-tests/01-simple.conf +``` + +Note that the test expectations sometimes depend on the Configure settings. For +example, the negotiated protocol depends on the set of available (enabled) +protocols: a build with `enable-ssl3` has different test expectations than a +build with `no-ssl3`. + +The Perl test harness automatically generates expected outputs, so users who +just run `make test` do not need any extra steps. + +However, when running a test manually, keep in mind that the repository version +of the generated `test/ssl-tests/*.conf` correspond to expected outputs in with +the default Configure options. To run `ssl_test` manually from the command line +in a build with a different configuration, you may need to generate the right +`*.conf` file from the `*.conf.in` input first. diff --git a/openssl-1.1.0h/test/Sssdsa.cnf b/openssl-1.1.0h/test/Sssdsa.cnf new file mode 100644 index 0000000..8e170a2 --- /dev/null +++ b/openssl-1.1.0h/test/Sssdsa.cnf @@ -0,0 +1,27 @@ +# +# SSLeay example configuration file. +# This is mostly being used for generation of certificate requests. +# +# hacked by iang to do DSA certs - Server + +RANDFILE = ./.rnd + +#################################################################### +[ req ] +distinguished_name = req_distinguished_name +encrypt_rsa_key = no + +[ req_distinguished_name ] +countryName = Country Name (2 letter code) +countryName_default = ES +countryName_value = ES + +organizationName = Organization Name (eg, company) +organizationName_value = Tortilleras S.A. + +0.commonName = Common Name (eg, YOUR name) +0.commonName_value = Torti + +1.commonName = Common Name (eg, YOUR name) +1.commonName_value = Gordita + diff --git a/openssl-1.1.0h/test/Sssrsa.cnf b/openssl-1.1.0h/test/Sssrsa.cnf new file mode 100644 index 0000000..8c79a03 --- /dev/null +++ b/openssl-1.1.0h/test/Sssrsa.cnf @@ -0,0 +1,26 @@ +# +# SSLeay example configuration file. +# This is mostly being used for generation of certificate requests. +# +# create RSA certs - Server + +RANDFILE = ./.rnd + +#################################################################### +[ req ] +distinguished_name = req_distinguished_name +encrypt_key = no + +[ req_distinguished_name ] +countryName = Country Name (2 letter code) +countryName_default = ES +countryName_value = ES + +organizationName = Organization Name (eg, company) +organizationName_value = Tortilleras S.A. + +0.commonName = Common Name (eg, YOUR name) +0.commonName_value = Torti + +1.commonName = Common Name (eg, YOUR name) +1.commonName_value = Gordita diff --git a/openssl-1.1.0h/test/Uss.cnf b/openssl-1.1.0h/test/Uss.cnf new file mode 100644 index 0000000..f655e74 --- /dev/null +++ b/openssl-1.1.0h/test/Uss.cnf @@ -0,0 +1,41 @@ +# +# SSLeay example configuration file. +# This is mostly being used for generation of certificate requests. +# + +RANDFILE = ./.rnd +CN2 = Brother 2 + +#################################################################### +[ req ] +default_bits = 2048 +default_keyfile = keySS.pem +distinguished_name = req_distinguished_name +encrypt_rsa_key = no +default_md = sha256 +prompt = no + +[ req_distinguished_name ] +countryName = AU +organizationName = Dodgy Brothers +0.commonName = Brother 1 +1.commonName = $ENV::CN2 + +[ v3_ee ] +subjectKeyIdentifier=hash +authorityKeyIdentifier=keyid,issuer:always +basicConstraints = CA:false +keyUsage = nonRepudiation, digitalSignature, keyEncipherment + +[ v3_ee_dsa ] +subjectKeyIdentifier=hash +authorityKeyIdentifier=keyid:always +basicConstraints = CA:false +keyUsage = nonRepudiation, digitalSignature + +[ v3_ee_ec ] +subjectKeyIdentifier=hash +authorityKeyIdentifier=keyid:always +basicConstraints = CA:false +keyUsage = nonRepudiation, digitalSignature, keyAgreement + diff --git a/openssl-1.1.0h/test/aborttest.c b/openssl-1.1.0h/test/aborttest.c new file mode 100644 index 0000000..ba5055e --- /dev/null +++ b/openssl-1.1.0h/test/aborttest.c @@ -0,0 +1,16 @@ +/* + * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#include + +int main(int argc, char **argv) +{ + OPENSSL_die("Voluntary abort", __FILE__, __LINE__); + return 0; +} diff --git a/openssl-1.1.0h/test/afalgtest.c b/openssl-1.1.0h/test/afalgtest.c new file mode 100644 index 0000000..e6e02f0 --- /dev/null +++ b/openssl-1.1.0h/test/afalgtest.c @@ -0,0 +1,133 @@ +/* + * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#include +#include + +#ifndef OPENSSL_NO_AFALGENG +# include +# define K_MAJ 4 +# define K_MIN1 1 +# define K_MIN2 0 +# if LINUX_VERSION_CODE < KERNEL_VERSION(K_MAJ, K_MIN1, K_MIN2) +/* + * If we get here then it looks like there is a mismatch between the linux + * headers and the actual kernel version, so we have tried to compile with + * afalg support, but then skipped it in e_afalg.c. As far as this test is + * concerned we behave as if we had been configured without support + */ +# define OPENSSL_NO_AFALGENG +# endif +#endif + +#ifndef OPENSSL_NO_AFALGENG +#include +#include +#include +#include + +/* Use a buffer size which is not aligned to block size */ +#define BUFFER_SIZE (8 * 1024) - 13 + +static int test_afalg_aes_128_cbc(ENGINE *e) +{ + EVP_CIPHER_CTX *ctx; + const EVP_CIPHER *cipher = EVP_aes_128_cbc(); + unsigned char key[] = "\x5F\x4D\xCC\x3B\x5A\xA7\x65\xD6\ + \x1D\x83\x27\xDE\xB8\x82\xCF\x99"; + unsigned char iv[] = "\x2B\x95\x99\x0A\x91\x51\x37\x4A\ + \xBD\x8F\xF8\xC5\xA7\xA0\xFE\x08"; + + unsigned char in[BUFFER_SIZE]; + unsigned char ebuf[BUFFER_SIZE + 32]; + unsigned char dbuf[BUFFER_SIZE + 32]; + int encl, encf, decl, decf; + unsigned int status = 0; + + ctx = EVP_CIPHER_CTX_new(); + if (ctx == NULL) { + fprintf(stderr, "%s() failed to allocate ctx\n", __func__); + return 0; + } + RAND_bytes(in, BUFFER_SIZE); + + if ( !EVP_CipherInit_ex(ctx, cipher, e, key, iv, 1) + || !EVP_CipherUpdate(ctx, ebuf, &encl, in, BUFFER_SIZE) + || !EVP_CipherFinal_ex(ctx, ebuf+encl, &encf)) { + fprintf(stderr, "%s() failed encryption\n", __func__); + goto end; + } + encl += encf; + + if ( !EVP_CIPHER_CTX_reset(ctx) + || !EVP_CipherInit_ex(ctx, cipher, e, key, iv, 0) + || !EVP_CipherUpdate(ctx, dbuf, &decl, ebuf, encl) + || !EVP_CipherFinal_ex(ctx, dbuf+decl, &decf)) { + fprintf(stderr, "%s() failed decryption\n", __func__); + goto end; + } + decl += decf; + + if ( decl != BUFFER_SIZE + || memcmp(dbuf, in, BUFFER_SIZE)) { + fprintf(stderr, "%s() failed Dec(Enc(P)) != P\n", __func__); + goto end; + } + + status = 1; + + end: + EVP_CIPHER_CTX_free(ctx); + return status; +} + +int main(int argc, char **argv) +{ + ENGINE *e; + + CRYPTO_set_mem_debug(1); + CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON); + + ENGINE_load_builtin_engines(); + +# ifndef OPENSSL_NO_STATIC_ENGINE + OPENSSL_init_crypto(OPENSSL_INIT_ENGINE_AFALG, NULL); +# endif + + e = ENGINE_by_id("afalg"); + if (e == NULL) { + /* + * A failure to load is probably a platform environment problem so we + * don't treat this as an OpenSSL test failure, i.e. we return 0 + */ + fprintf(stderr, + "AFALG Test: Failed to load AFALG Engine - skipping test\n"); + return 0; + } + + if (test_afalg_aes_128_cbc(e) == 0) { + ENGINE_free(e); + return 1; + } + + ENGINE_free(e); + printf("PASS\n"); + return 0; +} + +#else /* OPENSSL_NO_AFALGENG */ + +int main(int argc, char **argv) +{ + fprintf(stderr, "AFALG not supported - skipping AFALG tests\n"); + printf("PASS\n"); + return 0; +} + +#endif diff --git a/openssl-1.1.0h/test/asynciotest.c b/openssl-1.1.0h/test/asynciotest.c new file mode 100644 index 0000000..7e51efb --- /dev/null +++ b/openssl-1.1.0h/test/asynciotest.c @@ -0,0 +1,382 @@ +/* + * Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL licenses, (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * https://www.openssl.org/source/license.html + * or in the file LICENSE in the source distribution. + */ + +#include +#include +#include +#include + +#include "../ssl/packet_locl.h" + +#include "ssltestlib.h" + +/* Should we fragment records or not? 0 = no, !0 = yes*/ +static int fragment = 0; + +static int async_new(BIO *bi); +static int async_free(BIO *a); +static int async_read(BIO *b, char *out, int outl); +static int async_write(BIO *b, const char *in, int inl); +static long async_ctrl(BIO *b, int cmd, long num, void *ptr); +static int async_gets(BIO *bp, char *buf, int size); +static int async_puts(BIO *bp, const char *str); + +/* Choose a sufficiently large type likely to be unused for this custom BIO */ +# define BIO_TYPE_ASYNC_FILTER (0x80 | BIO_TYPE_FILTER) + +static BIO_METHOD *methods_async = NULL; + +struct async_ctrs { + unsigned int rctr; + unsigned int wctr; +}; + +static const BIO_METHOD *bio_f_async_filter() +{ + if (methods_async == NULL) { + methods_async = BIO_meth_new(BIO_TYPE_ASYNC_FILTER, "Async filter"); + if ( methods_async == NULL + || !BIO_meth_set_write(methods_async, async_write) + || !BIO_meth_set_read(methods_async, async_read) + || !BIO_meth_set_puts(methods_async, async_puts) + || !BIO_meth_set_gets(methods_async, async_gets) + || !BIO_meth_set_ctrl(methods_async, async_ctrl) + || !BIO_meth_set_create(methods_async, async_new) + || !BIO_meth_set_destroy(methods_async, async_free)) + return NULL; + } + return methods_async; +} + +static int async_new(BIO *bio) +{ + struct async_ctrs *ctrs; + + ctrs = OPENSSL_zalloc(sizeof(struct async_ctrs)); + if (ctrs == NULL) + return 0; + + BIO_set_data(bio, ctrs); + BIO_set_init(bio, 1); + return 1; +} + +static int async_free(BIO *bio) +{ + struct async_ctrs *ctrs; + + if (bio == NULL) + return 0; + ctrs = BIO_get_data(bio); + OPENSSL_free(ctrs); + BIO_set_data(bio, NULL); + BIO_set_init(bio, 0); + + return 1; +} + +static int async_read(BIO *bio, char *out, int outl) +{ + struct async_ctrs *ctrs; + int ret = -1; + BIO *next = BIO_next(bio); + + if (outl <= 0) + return 0; + if (next == NULL) + return 0; + + ctrs = BIO_get_data(bio); + + BIO_clear_retry_flags(bio); + + if (ctrs->rctr > 0) { + ret = BIO_read(next, out, 1); + if (ret <= 0 && BIO_should_read(next)) + BIO_set_retry_read(bio); + ctrs->rctr = 0; + } else { + ctrs->rctr++; + BIO_set_retry_read(bio); + } + + return ret; +} + +#define MIN_RECORD_LEN 6 + +#define CONTENTTYPEPOS 0 +#define VERSIONHIPOS 1 +#define VERSIONLOPOS 2 +#define DATAPOS 5 + +static int async_write(BIO *bio, const char *in, int inl) +{ + struct async_ctrs *ctrs; + int ret = -1; + size_t written = 0; + BIO *next = BIO_next(bio); + + if (inl <= 0) + return 0; + if (next == NULL) + return 0; + + ctrs = BIO_get_data(bio); + + BIO_clear_retry_flags(bio); + + if (ctrs->wctr > 0) { + ctrs->wctr = 0; + if (fragment) { + PACKET pkt; + + if (!PACKET_buf_init(&pkt, (const unsigned char *)in, inl)) + abort(); + + while (PACKET_remaining(&pkt) > 0) { + PACKET payload; + unsigned int contenttype, versionhi, versionlo, data; + + if ( !PACKET_get_1(&pkt, &contenttype) + || !PACKET_get_1(&pkt, &versionhi) + || !PACKET_get_1(&pkt, &versionlo) + || !PACKET_get_length_prefixed_2(&pkt, &payload)) + abort(); + + /* Pretend we wrote out the record header */ + written += SSL3_RT_HEADER_LENGTH; + + while (PACKET_get_1(&payload, &data)) { + /* Create a new one byte long record for each byte in the + * record in the input buffer + */ + char smallrec[MIN_RECORD_LEN] = { + 0, /* Content type */ + 0, /* Version hi */ + 0, /* Version lo */ + 0, /* Length hi */ + 1, /* Length lo */ + 0 /* Data */ + }; + + smallrec[CONTENTTYPEPOS] = contenttype; + smallrec[VERSIONHIPOS] = versionhi; + smallrec[VERSIONLOPOS] = versionlo; + smallrec[DATAPOS] = data; + ret = BIO_write(next, smallrec, MIN_RECORD_LEN); + if (ret <= 0) + abort(); + written++; + } + /* + * We can't fragment anything after the CCS, otherwise we + * get a bad record MAC + */ + if (contenttype == SSL3_RT_CHANGE_CIPHER_SPEC) { + fragment = 0; + break; + } + } + } + /* Write any data we have left after fragmenting */ + ret = 0; + if ((int)written < inl) { + ret = BIO_write(next, in + written , inl - written); + } + + if (ret <= 0 && BIO_should_write(next)) + BIO_set_retry_write(bio); + else + ret += written; + } else { + ctrs->wctr++; + BIO_set_retry_write(bio); + } + + return ret; +} + +static long async_ctrl(BIO *bio, int cmd, long num, void *ptr) +{ + long ret; + BIO *next = BIO_next(bio); + + if (next == NULL) + return 0; + + switch (cmd) { + case BIO_CTRL_DUP: + ret = 0L; + break; + default: + ret = BIO_ctrl(next, cmd, num, ptr); + break; + } + return ret; +} + +static int async_gets(BIO *bio, char *buf, int size) +{ + /* We don't support this - not needed anyway */ + return -1; +} + +static int async_puts(BIO *bio, const char *str) +{ + return async_write(bio, str, strlen(str)); +} + +#define MAX_ATTEMPTS 100 + +int main(int argc, char *argv[]) +{ + SSL_CTX *serverctx = NULL, *clientctx = NULL; + SSL *serverssl = NULL, *clientssl = NULL; + BIO *s_to_c_fbio = NULL, *c_to_s_fbio = NULL; + int test, err = 1, ret; + size_t i, j; + const char testdata[] = "Test data"; + char buf[sizeof(testdata)]; + + CRYPTO_set_mem_debug(1); + CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON); + + if (argc != 3) { + printf("Invalid argument count\n"); + goto end; + } + + if (!create_ssl_ctx_pair(TLS_server_method(), TLS_client_method(), + TLS1_VERSION, TLS_MAX_VERSION, + &serverctx, &clientctx, argv[1], argv[2])) { + printf("Failed to create SSL_CTX pair\n"); + goto end; + } + + /* + * We do 2 test runs. The first time around we just do a normal handshake + * with lots of async io going on. The second time around we also break up + * all records so that the content is only one byte length (up until the + * CCS) + */ + for (test = 1; test < 3; test++) { + if (test == 2) + fragment = 1; + + + s_to_c_fbio = BIO_new(bio_f_async_filter()); + c_to_s_fbio = BIO_new(bio_f_async_filter()); + if (s_to_c_fbio == NULL || c_to_s_fbio == NULL) { + printf("Failed to create filter BIOs\n"); + BIO_free(s_to_c_fbio); + BIO_free(c_to_s_fbio); + goto end; + } + + /* BIOs get freed on error */ + if (!create_ssl_objects(serverctx, clientctx, &serverssl, &clientssl, + s_to_c_fbio, c_to_s_fbio)) { + printf("Test %d failed: Create SSL objects failed\n", test); + goto end; + } + + if (!create_ssl_connection(serverssl, clientssl)) { + printf("Test %d failed: Create SSL connection failed\n", test); + goto end; + } + + /* + * Send and receive some test data. Do the whole thing twice to ensure + * we hit at least one async event in both reading and writing + */ + for (j = 0; j < 2; j++) { + int len; + + /* + * Write some test data. It should never take more than 2 attempts + * (the first one might be a retryable fail). + */ + for (ret = -1, i = 0, len = 0; len != sizeof(testdata) && i < 2; + i++) { + ret = SSL_write(clientssl, testdata + len, + sizeof(testdata) - len); + if (ret > 0) { + len += ret; + } else { + int ssl_error = SSL_get_error(clientssl, ret); + + if (ssl_error == SSL_ERROR_SYSCALL || + ssl_error == SSL_ERROR_SSL) { + printf("Test %d failed: Failed to write app data\n", test); + err = -1; + goto end; + } + } + } + if (len != sizeof(testdata)) { + err = -1; + printf("Test %d failed: Failed to write all app data\n", test); + goto end; + } + /* + * Now read the test data. It may take more attempts here because + * it could fail once for each byte read, including all overhead + * bytes from the record header/padding etc. + */ + for (ret = -1, i = 0, len = 0; len != sizeof(testdata) && + i < MAX_ATTEMPTS; i++) + { + ret = SSL_read(serverssl, buf + len, sizeof(buf) - len); + if (ret > 0) { + len += ret; + } else { + int ssl_error = SSL_get_error(serverssl, ret); + + if (ssl_error == SSL_ERROR_SYSCALL || + ssl_error == SSL_ERROR_SSL) { + printf("Test %d failed: Failed to read app data\n", test); + err = -1; + goto end; + } + } + } + if (len != sizeof(testdata) + || memcmp(buf, testdata, sizeof(testdata)) != 0) { + err = -1; + printf("Test %d failed: Unexpected app data received\n", test); + goto end; + } + } + + /* Also frees the BIOs */ + SSL_free(clientssl); + SSL_free(serverssl); + clientssl = serverssl = NULL; + } + + printf("Test success\n"); + + err = 0; + end: + if (err) + ERR_print_errors_fp(stderr); + + SSL_free(clientssl); + SSL_free(serverssl); + SSL_CTX_free(clientctx); + SSL_CTX_free(serverctx); + +# ifndef OPENSSL_NO_CRYPTO_MDEBUG + CRYPTO_mem_leaks_fp(stderr); +# endif + + return err; +} diff --git a/openssl-1.1.0h/test/asynctest.c b/openssl-1.1.0h/test/asynctest.c new file mode 100644 index 0000000..eef3c32 --- /dev/null +++ b/openssl-1.1.0h/test/asynctest.c @@ -0,0 +1,291 @@ +/* + * Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifdef _WIN32 +# include +#endif + +#include +#include +#include +#include + +static int ctr = 0; +static ASYNC_JOB *currjob = NULL; + +static int only_pause(void *args) +{ + ASYNC_pause_job(); + + return 1; +} + +static int add_two(void *args) +{ + ctr++; + ASYNC_pause_job(); + ctr++; + + return 2; +} + +static int save_current(void *args) +{ + currjob = ASYNC_get_current_job(); + ASYNC_pause_job(); + + return 1; +} + +#define MAGIC_WAIT_FD ((OSSL_ASYNC_FD)99) +static int waitfd(void *args) +{ + ASYNC_JOB *job; + ASYNC_WAIT_CTX *waitctx; + job = ASYNC_get_current_job(); + if (job == NULL) + return 0; + waitctx = ASYNC_get_wait_ctx(job); + if (waitctx == NULL) + return 0; + + /* First case: no fd added or removed */ + ASYNC_pause_job(); + + /* Second case: one fd added */ + if (!ASYNC_WAIT_CTX_set_wait_fd(waitctx, waitctx, MAGIC_WAIT_FD, NULL, NULL)) + return 0; + ASYNC_pause_job(); + + /* Third case: all fd removed */ + if (!ASYNC_WAIT_CTX_clear_fd(waitctx, waitctx)) + return 0; + ASYNC_pause_job(); + + /* Last case: fd added and immediately removed */ + if (!ASYNC_WAIT_CTX_set_wait_fd(waitctx, waitctx, MAGIC_WAIT_FD, NULL, NULL)) + return 0; + if (!ASYNC_WAIT_CTX_clear_fd(waitctx, waitctx)) + return 0; + + return 1; +} + +static int blockpause(void *args) +{ + ASYNC_block_pause(); + ASYNC_pause_job(); + ASYNC_unblock_pause(); + ASYNC_pause_job(); + + return 1; +} + +static int test_ASYNC_init_thread() +{ + ASYNC_JOB *job1 = NULL, *job2 = NULL, *job3 = NULL; + int funcret1, funcret2, funcret3; + ASYNC_WAIT_CTX *waitctx = NULL; + + if ( !ASYNC_init_thread(2, 0) + || (waitctx = ASYNC_WAIT_CTX_new()) == NULL + || ASYNC_start_job(&job1, waitctx, &funcret1, only_pause, NULL, 0) + != ASYNC_PAUSE + || ASYNC_start_job(&job2, waitctx, &funcret2, only_pause, NULL, 0) + != ASYNC_PAUSE + || ASYNC_start_job(&job3, waitctx, &funcret3, only_pause, NULL, 0) + != ASYNC_NO_JOBS + || ASYNC_start_job(&job1, waitctx, &funcret1, only_pause, NULL, 0) + != ASYNC_FINISH + || ASYNC_start_job(&job3, waitctx, &funcret3, only_pause, NULL, 0) + != ASYNC_PAUSE + || ASYNC_start_job(&job2, waitctx, &funcret2, only_pause, NULL, 0) + != ASYNC_FINISH + || ASYNC_start_job(&job3, waitctx, &funcret3, only_pause, NULL, 0) + != ASYNC_FINISH + || funcret1 != 1 + || funcret2 != 1 + || funcret3 != 1) { + fprintf(stderr, "test_ASYNC_init_thread() failed\n"); + ASYNC_WAIT_CTX_free(waitctx); + ASYNC_cleanup_thread(); + return 0; + } + + ASYNC_WAIT_CTX_free(waitctx); + ASYNC_cleanup_thread(); + return 1; +} + +static int test_ASYNC_start_job() +{ + ASYNC_JOB *job = NULL; + int funcret; + ASYNC_WAIT_CTX *waitctx = NULL; + + ctr = 0; + + if ( !ASYNC_init_thread(1, 0) + || (waitctx = ASYNC_WAIT_CTX_new()) == NULL + || ASYNC_start_job(&job, waitctx, &funcret, add_two, NULL, 0) + != ASYNC_PAUSE + || ctr != 1 + || ASYNC_start_job(&job, waitctx, &funcret, add_two, NULL, 0) + != ASYNC_FINISH + || ctr != 2 + || funcret != 2) { + fprintf(stderr, "test_ASYNC_start_job() failed\n"); + ASYNC_WAIT_CTX_free(waitctx); + ASYNC_cleanup_thread(); + return 0; + } + + ASYNC_WAIT_CTX_free(waitctx); + ASYNC_cleanup_thread(); + return 1; +} + +static int test_ASYNC_get_current_job() +{ + ASYNC_JOB *job = NULL; + int funcret; + ASYNC_WAIT_CTX *waitctx = NULL; + + currjob = NULL; + + if ( !ASYNC_init_thread(1, 0) + || (waitctx = ASYNC_WAIT_CTX_new()) == NULL + || ASYNC_start_job(&job, waitctx, &funcret, save_current, NULL, 0) + != ASYNC_PAUSE + || currjob != job + || ASYNC_start_job(&job, waitctx, &funcret, save_current, NULL, 0) + != ASYNC_FINISH + || funcret != 1) { + fprintf(stderr, "test_ASYNC_get_current_job() failed\n"); + ASYNC_WAIT_CTX_free(waitctx); + ASYNC_cleanup_thread(); + return 0; + } + + ASYNC_WAIT_CTX_free(waitctx); + ASYNC_cleanup_thread(); + return 1; +} + +static int test_ASYNC_WAIT_CTX_get_all_fds() +{ + ASYNC_JOB *job = NULL; + int funcret; + ASYNC_WAIT_CTX *waitctx = NULL; + OSSL_ASYNC_FD fd = OSSL_BAD_ASYNC_FD, delfd = OSSL_BAD_ASYNC_FD; + size_t numfds, numdelfds; + + if ( !ASYNC_init_thread(1, 0) + || (waitctx = ASYNC_WAIT_CTX_new()) == NULL + /* On first run we're not expecting any wait fds */ + || ASYNC_start_job(&job, waitctx, &funcret, waitfd, NULL, 0) + != ASYNC_PAUSE + || !ASYNC_WAIT_CTX_get_all_fds(waitctx, NULL, &numfds) + || numfds != 0 + || !ASYNC_WAIT_CTX_get_changed_fds(waitctx, NULL, &numfds, NULL, + &numdelfds) + || numfds != 0 + || numdelfds != 0 + /* On second run we're expecting one added fd */ + || ASYNC_start_job(&job, waitctx, &funcret, waitfd, NULL, 0) + != ASYNC_PAUSE + || !ASYNC_WAIT_CTX_get_all_fds(waitctx, NULL, &numfds) + || numfds != 1 + || !ASYNC_WAIT_CTX_get_all_fds(waitctx, &fd, &numfds) + || fd != MAGIC_WAIT_FD + || (fd = OSSL_BAD_ASYNC_FD, 0) /* Assign to something else */ + || !ASYNC_WAIT_CTX_get_changed_fds(waitctx, NULL, &numfds, NULL, + &numdelfds) + || numfds != 1 + || numdelfds != 0 + || !ASYNC_WAIT_CTX_get_changed_fds(waitctx, &fd, &numfds, NULL, + &numdelfds) + || fd != MAGIC_WAIT_FD + /* On third run we expect one deleted fd */ + || ASYNC_start_job(&job, waitctx, &funcret, waitfd, NULL, 0) + != ASYNC_PAUSE + || !ASYNC_WAIT_CTX_get_all_fds(waitctx, NULL, &numfds) + || numfds != 0 + || !ASYNC_WAIT_CTX_get_changed_fds(waitctx, NULL, &numfds, NULL, + &numdelfds) + || numfds != 0 + || numdelfds != 1 + || !ASYNC_WAIT_CTX_get_changed_fds(waitctx, NULL, &numfds, &delfd, + &numdelfds) + || delfd != MAGIC_WAIT_FD + /* On last run we are not expecting any wait fd */ + || ASYNC_start_job(&job, waitctx, &funcret, waitfd, NULL, 0) + != ASYNC_FINISH + || !ASYNC_WAIT_CTX_get_all_fds(waitctx, NULL, &numfds) + || numfds != 0 + || !ASYNC_WAIT_CTX_get_changed_fds(waitctx, NULL, &numfds, NULL, + &numdelfds) + || numfds != 0 + || numdelfds != 0 + || funcret != 1) { + fprintf(stderr, "test_ASYNC_get_wait_fd() failed\n"); + ASYNC_WAIT_CTX_free(waitctx); + ASYNC_cleanup_thread(); + return 0; + } + + ASYNC_WAIT_CTX_free(waitctx); + ASYNC_cleanup_thread(); + return 1; +} + +static int test_ASYNC_block_pause() +{ + ASYNC_JOB *job = NULL; + int funcret; + ASYNC_WAIT_CTX *waitctx = NULL; + + if ( !ASYNC_init_thread(1, 0) + || (waitctx = ASYNC_WAIT_CTX_new()) == NULL + || ASYNC_start_job(&job, waitctx, &funcret, blockpause, NULL, 0) + != ASYNC_PAUSE + || ASYNC_start_job(&job, waitctx, &funcret, blockpause, NULL, 0) + != ASYNC_FINISH + || funcret != 1) { + fprintf(stderr, "test_ASYNC_block_pause() failed\n"); + ASYNC_WAIT_CTX_free(waitctx); + ASYNC_cleanup_thread(); + return 0; + } + + ASYNC_WAIT_CTX_free(waitctx); + ASYNC_cleanup_thread(); + return 1; +} + +int main(int argc, char **argv) +{ + if (!ASYNC_is_capable()) { + fprintf(stderr, + "OpenSSL build is not ASYNC capable - skipping async tests\n"); + } else { + CRYPTO_set_mem_debug(1); + CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON); + + if ( !test_ASYNC_init_thread() + || !test_ASYNC_start_job() + || !test_ASYNC_get_current_job() + || !test_ASYNC_WAIT_CTX_get_all_fds() + || !test_ASYNC_block_pause()) { + return 1; + } + } + printf("PASS\n"); + return 0; +} diff --git a/openssl-1.1.0h/test/bad_dtls_test.c b/openssl-1.1.0h/test/bad_dtls_test.c new file mode 100644 index 0000000..2e33010 --- /dev/null +++ b/openssl-1.1.0h/test/bad_dtls_test.c @@ -0,0 +1,624 @@ +/* + * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +/* + * Unit test for Cisco DTLS1_BAD_VER session resume, as used by + * AnyConnect VPN protocol. + * + * This is designed to exercise the code paths in + * http://git.infradead.org/users/dwmw2/openconnect.git/blob/HEAD:/dtls.c + * which have frequently been affected by regressions in DTLS1_BAD_VER + * support. + * + * Note that unlike other SSL tests, we don't test against our own SSL + * server method. Firstly because we don't have one; we *only* support + * DTLS1_BAD_VER as a client. And secondly because even if that were + * fixed up it's the wrong thing to test against - because if changes + * are made in generic DTLS code which don't take DTLS1_BAD_VER into + * account, there's plenty of scope for making those changes such that + * they break *both* the client and the server in the same way. + * + * So we handle the server side manually. In a session resume there isn't + * much to be done anyway. + */ +#include + +#include +#include +#include +#include +#include +#include +#include +#include + +#include "../ssl/packet_locl.h" +#include "../e_os.h" /* for OSSL_NELEM() */ + +/* For DTLS1_BAD_VER packets the MAC doesn't include the handshake header */ +#define MAC_OFFSET (DTLS1_RT_HEADER_LENGTH + DTLS1_HM_HEADER_LENGTH) + +static unsigned char client_random[SSL3_RANDOM_SIZE]; +static unsigned char server_random[SSL3_RANDOM_SIZE]; + +/* These are all generated locally, sized purely according to our own whim */ +static unsigned char session_id[32]; +static unsigned char master_secret[48]; +static unsigned char cookie[20]; + +/* We've hard-coded the cipher suite; we know it's 104 bytes */ +static unsigned char key_block[104]; +#define mac_key (key_block + 20) +#define dec_key (key_block + 40) +#define enc_key (key_block + 56) + +static EVP_MD_CTX *handshake_md; + +static int do_PRF(const void *seed1, int seed1_len, + const void *seed2, int seed2_len, + const void *seed3, int seed3_len, + unsigned char *out, int olen) +{ + EVP_PKEY_CTX *pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_TLS1_PRF, NULL); + size_t outlen = olen; + + /* No error handling. If it all screws up, the test will fail anyway */ + EVP_PKEY_derive_init(pctx); + EVP_PKEY_CTX_set_tls1_prf_md(pctx, EVP_md5_sha1()); + EVP_PKEY_CTX_set1_tls1_prf_secret(pctx, master_secret, sizeof(master_secret)); + EVP_PKEY_CTX_add1_tls1_prf_seed(pctx, seed1, seed1_len); + EVP_PKEY_CTX_add1_tls1_prf_seed(pctx, seed2, seed2_len); + EVP_PKEY_CTX_add1_tls1_prf_seed(pctx, seed3, seed3_len); + EVP_PKEY_derive(pctx, out, &outlen); + EVP_PKEY_CTX_free(pctx); + return 1; +} + +static SSL_SESSION *client_session(void) +{ + static unsigned char session_asn1[] = { + 0x30, 0x5F, /* SEQUENCE, length 0x5F */ + 0x02, 0x01, 0x01, /* INTEGER, SSL_SESSION_ASN1_VERSION */ + 0x02, 0x02, 0x01, 0x00, /* INTEGER, DTLS1_BAD_VER */ + 0x04, 0x02, 0x00, 0x2F, /* OCTET_STRING, AES128-SHA */ + 0x04, 0x20, /* OCTET_STRING, session id */ +#define SS_SESSID_OFS 15 /* Session ID goes here */ + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x04, 0x30, /* OCTET_STRING, master secret */ +#define SS_SECRET_OFS 49 /* Master secret goes here */ + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + }; + const unsigned char *p = session_asn1; + + /* Copy the randomly-generated fields into the above ASN1 */ + memcpy(session_asn1 + SS_SESSID_OFS, session_id, sizeof(session_id)); + memcpy(session_asn1 + SS_SECRET_OFS, master_secret, sizeof(master_secret)); + + return d2i_SSL_SESSION(NULL, &p, sizeof(session_asn1)); +} + +/* Returns 1 for initial ClientHello, 2 for ClientHello with cookie */ +static int validate_client_hello(BIO *wbio) +{ + PACKET pkt, pkt2; + long len; + unsigned char *data; + int cookie_found = 0; + unsigned int u; + + len = BIO_get_mem_data(wbio, (char **)&data); + if (!PACKET_buf_init(&pkt, data, len)) + return 0; + + /* Check record header type */ + if (!PACKET_get_1(&pkt, &u) || u != SSL3_RT_HANDSHAKE) + return 0; + /* Version */ + if (!PACKET_get_net_2(&pkt, &u) || u != DTLS1_BAD_VER) + return 0; + /* Skip the rest of the record header */ + if (!PACKET_forward(&pkt, DTLS1_RT_HEADER_LENGTH - 3)) + return 0; + + /* Check it's a ClientHello */ + if (!PACKET_get_1(&pkt, &u) || u != SSL3_MT_CLIENT_HELLO) + return 0; + /* Skip the rest of the handshake message header */ + if (!PACKET_forward(&pkt, DTLS1_HM_HEADER_LENGTH - 1)) + return 0; + + /* Check client version */ + if (!PACKET_get_net_2(&pkt, &u) || u != DTLS1_BAD_VER) + return 0; + + /* Store random */ + if (!PACKET_copy_bytes(&pkt, client_random, SSL3_RANDOM_SIZE)) + return 0; + + /* Check session id length and content */ + if (!PACKET_get_length_prefixed_1(&pkt, &pkt2) || + !PACKET_equal(&pkt2, session_id, sizeof(session_id))) + return 0; + + /* Check cookie */ + if (!PACKET_get_length_prefixed_1(&pkt, &pkt2)) + return 0; + if (PACKET_remaining(&pkt2)) { + if (!PACKET_equal(&pkt2, cookie, sizeof(cookie))) + return 0; + cookie_found = 1; + } + + /* Skip ciphers */ + if (!PACKET_get_net_2(&pkt, &u) || !PACKET_forward(&pkt, u)) + return 0; + + /* Skip compression */ + if (!PACKET_get_1(&pkt, &u) || !PACKET_forward(&pkt, u)) + return 0; + + /* Skip extensions */ + if (!PACKET_get_net_2(&pkt, &u) || !PACKET_forward(&pkt, u)) + return 0; + + /* Now we are at the end */ + if (PACKET_remaining(&pkt)) + return 0; + + /* Update handshake MAC for second ClientHello (with cookie) */ + if (cookie_found && !EVP_DigestUpdate(handshake_md, data + MAC_OFFSET, + len - MAC_OFFSET)) + printf("EVP_DigestUpdate() failed\n"); + + (void)BIO_reset(wbio); + + return 1 + cookie_found; +} + +static int send_hello_verify(BIO *rbio) +{ + static unsigned char hello_verify[] = { + 0x16, /* Handshake */ + 0x01, 0x00, /* DTLS1_BAD_VER */ + 0x00, 0x00, /* Epoch 0 */ + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, /* Seq# 0 */ + 0x00, 0x23, /* Length */ + 0x03, /* Hello Verify */ + 0x00, 0x00, 0x17, /* Length */ + 0x00, 0x00, /* Seq# 0 */ + 0x00, 0x00, 0x00, /* Fragment offset */ + 0x00, 0x00, 0x17, /* Fragment length */ + 0x01, 0x00, /* DTLS1_BAD_VER */ + 0x14, /* Cookie length */ +#define HV_COOKIE_OFS 28 /* Cookie goes here */ + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, + }; + + memcpy(hello_verify + HV_COOKIE_OFS, cookie, sizeof(cookie)); + + BIO_write(rbio, hello_verify, sizeof(hello_verify)); + + return 1; +} + +static int send_server_hello(BIO *rbio) +{ + static unsigned char server_hello[] = { + 0x16, /* Handshake */ + 0x01, 0x00, /* DTLS1_BAD_VER */ + 0x00, 0x00, /* Epoch 0 */ + 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, /* Seq# 1 */ + 0x00, 0x52, /* Length */ + 0x02, /* Server Hello */ + 0x00, 0x00, 0x46, /* Length */ + 0x00, 0x01, /* Seq# */ + 0x00, 0x00, 0x00, /* Fragment offset */ + 0x00, 0x00, 0x46, /* Fragment length */ + 0x01, 0x00, /* DTLS1_BAD_VER */ +#define SH_RANDOM_OFS 27 /* Server random goes here */ + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x20, /* Session ID length */ +#define SH_SESSID_OFS 60 /* Session ID goes here */ + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x2f, /* Cipher suite AES128-SHA */ + 0x00, /* Compression null */ + }; + static unsigned char change_cipher_spec[] = { + 0x14, /* Change Cipher Spec */ + 0x01, 0x00, /* DTLS1_BAD_VER */ + 0x00, 0x00, /* Epoch 0 */ + 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, /* Seq# 2 */ + 0x00, 0x03, /* Length */ + 0x01, 0x00, 0x02, /* Message */ + }; + + memcpy(server_hello + SH_RANDOM_OFS, server_random, sizeof(server_random)); + memcpy(server_hello + SH_SESSID_OFS, session_id, sizeof(session_id)); + + if (!EVP_DigestUpdate(handshake_md, server_hello + MAC_OFFSET, + sizeof(server_hello) - MAC_OFFSET)) + printf("EVP_DigestUpdate() failed\n"); + + BIO_write(rbio, server_hello, sizeof(server_hello)); + BIO_write(rbio, change_cipher_spec, sizeof(change_cipher_spec)); + + return 1; +} + +/* Create header, HMAC, pad, encrypt and send a record */ +static int send_record(BIO *rbio, unsigned char type, unsigned long seqnr, + const void *msg, size_t len) +{ + /* Note that the order of the record header fields on the wire, + * and in the HMAC, is different. So we just keep them in separate + * variables and handle them individually. */ + static unsigned char epoch[2] = { 0x00, 0x01 }; + static unsigned char seq[6] = { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }; + static unsigned char ver[2] = { 0x01, 0x00 }; /* DTLS1_BAD_VER */ + unsigned char lenbytes[2]; + HMAC_CTX *ctx; + EVP_CIPHER_CTX *enc_ctx; + unsigned char iv[16]; + unsigned char pad; + unsigned char *enc; + +#ifdef SIXTY_FOUR_BIT_LONG + seq[0] = (seqnr >> 40) & 0xff; + seq[1] = (seqnr >> 32) & 0xff; +#endif + seq[2] = (seqnr >> 24) & 0xff; + seq[3] = (seqnr >> 16) & 0xff; + seq[4] = (seqnr >> 8) & 0xff; + seq[5] = seqnr & 0xff; + + pad = 15 - ((len + SHA_DIGEST_LENGTH) % 16); + enc = OPENSSL_malloc(len + SHA_DIGEST_LENGTH + 1 + pad); + if (enc == NULL) + return 0; + + /* Copy record to encryption buffer */ + memcpy(enc, msg, len); + + /* Append HMAC to data */ + ctx = HMAC_CTX_new(); + HMAC_Init_ex(ctx, mac_key, 20, EVP_sha1(), NULL); + HMAC_Update(ctx, epoch, 2); + HMAC_Update(ctx, seq, 6); + HMAC_Update(ctx, &type, 1); + HMAC_Update(ctx, ver, 2); /* Version */ + lenbytes[0] = len >> 8; + lenbytes[1] = len & 0xff; + HMAC_Update(ctx, lenbytes, 2); /* Length */ + HMAC_Update(ctx, enc, len); /* Finally the data itself */ + HMAC_Final(ctx, enc + len, NULL); + HMAC_CTX_free(ctx); + + /* Append padding bytes */ + len += SHA_DIGEST_LENGTH; + do { + enc[len++] = pad; + } while (len % 16); + + /* Generate IV, and encrypt */ + RAND_bytes(iv, sizeof(iv)); + enc_ctx = EVP_CIPHER_CTX_new(); + EVP_CipherInit_ex(enc_ctx, EVP_aes_128_cbc(), NULL, enc_key, iv, 1); + EVP_Cipher(enc_ctx, enc, enc, len); + EVP_CIPHER_CTX_free(enc_ctx); + + /* Finally write header (from fragmented variables), IV and encrypted record */ + BIO_write(rbio, &type, 1); + BIO_write(rbio, ver, 2); + BIO_write(rbio, epoch, 2); + BIO_write(rbio, seq, 6); + lenbytes[0] = (len + sizeof(iv)) >> 8; + lenbytes[1] = (len + sizeof(iv)) & 0xff; + BIO_write(rbio, lenbytes, 2); + + BIO_write(rbio, iv, sizeof(iv)); + BIO_write(rbio, enc, len); + + OPENSSL_free(enc); + return 1; +} + +static int send_finished(SSL *s, BIO *rbio) +{ + static unsigned char finished_msg[DTLS1_HM_HEADER_LENGTH + + TLS1_FINISH_MAC_LENGTH] = { + 0x14, /* Finished */ + 0x00, 0x00, 0x0c, /* Length */ + 0x00, 0x03, /* Seq# 3 */ + 0x00, 0x00, 0x00, /* Fragment offset */ + 0x00, 0x00, 0x0c, /* Fragment length */ + /* Finished MAC (12 bytes) */ + }; + unsigned char handshake_hash[EVP_MAX_MD_SIZE]; + + /* Derive key material */ + do_PRF(TLS_MD_KEY_EXPANSION_CONST, TLS_MD_KEY_EXPANSION_CONST_SIZE, + server_random, SSL3_RANDOM_SIZE, + client_random, SSL3_RANDOM_SIZE, + key_block, sizeof(key_block)); + + /* Generate Finished MAC */ + if (!EVP_DigestFinal_ex(handshake_md, handshake_hash, NULL)) + printf("EVP_DigestFinal_ex() failed\n"); + + do_PRF(TLS_MD_SERVER_FINISH_CONST, TLS_MD_SERVER_FINISH_CONST_SIZE, + handshake_hash, EVP_MD_CTX_size(handshake_md), + NULL, 0, + finished_msg + DTLS1_HM_HEADER_LENGTH, TLS1_FINISH_MAC_LENGTH); + + return send_record(rbio, SSL3_RT_HANDSHAKE, 0, + finished_msg, sizeof(finished_msg)); +} + +static int validate_ccs(BIO *wbio) +{ + PACKET pkt; + long len; + unsigned char *data; + unsigned int u; + + len = BIO_get_mem_data(wbio, (char **)&data); + if (!PACKET_buf_init(&pkt, data, len)) + return 0; + + /* Check record header type */ + if (!PACKET_get_1(&pkt, &u) || u != SSL3_RT_CHANGE_CIPHER_SPEC) + return 0; + /* Version */ + if (!PACKET_get_net_2(&pkt, &u) || u != DTLS1_BAD_VER) + return 0; + /* Skip the rest of the record header */ + if (!PACKET_forward(&pkt, DTLS1_RT_HEADER_LENGTH - 3)) + return 0; + + /* Check ChangeCipherSpec message */ + if (!PACKET_get_1(&pkt, &u) || u != SSL3_MT_CCS) + return 0; + /* A DTLS1_BAD_VER ChangeCipherSpec also contains the + * handshake sequence number (which is 2 here) */ + if (!PACKET_get_net_2(&pkt, &u) || u != 0x0002) + return 0; + + /* Now check the Finished packet */ + if (!PACKET_get_1(&pkt, &u) || u != SSL3_RT_HANDSHAKE) + return 0; + if (!PACKET_get_net_2(&pkt, &u) || u != DTLS1_BAD_VER) + return 0; + + /* Check epoch is now 1 */ + if (!PACKET_get_net_2(&pkt, &u) || u != 0x0001) + return 0; + + /* That'll do for now. If OpenSSL accepted *our* Finished packet + * then it's evidently remembered that DTLS1_BAD_VER doesn't + * include the handshake header in the MAC. There's not a lot of + * point in implementing decryption here, just to check that it + * continues to get it right for one more packet. */ + + return 1; +} + +#define NODROP(x) { x##UL, 0 } +#define DROP(x) { x##UL, 1 } + +static struct { + unsigned long seq; + int drop; +} tests[] = { + NODROP(1), NODROP(3), NODROP(2), + NODROP(0x1234), NODROP(0x1230), NODROP(0x1235), + NODROP(0xffff), NODROP(0x10001), NODROP(0xfffe), NODROP(0x10000), + DROP(0x10001), DROP(0xff), NODROP(0x100000), NODROP(0x800000), NODROP(0x7fffe1), + NODROP(0xffffff), NODROP(0x1000000), NODROP(0xfffffe), DROP(0xffffff), NODROP(0x1000010), + NODROP(0xfffffd), NODROP(0x1000011), DROP(0x12), NODROP(0x1000012), + NODROP(0x1ffffff), NODROP(0x2000000), DROP(0x1ff00fe), NODROP(0x2000001), + NODROP(0x20fffff), NODROP(0x2105500), DROP(0x20ffffe), NODROP(0x21054ff), + NODROP(0x211ffff), DROP(0x2110000), NODROP(0x2120000) + /* The last test should be NODROP, because a DROP wouldn't get tested. */ +}; + +int main(int argc, char *argv[]) +{ + SSL_SESSION *sess; + SSL_CTX *ctx; + SSL *con; + BIO *rbio; + BIO *wbio; + BIO *err; + time_t now = 0; + int testresult = 0; + int ret; + int i; + + err = BIO_new_fp(stderr, BIO_NOCLOSE | BIO_FP_TEXT); + + CRYPTO_set_mem_debug(1); + CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON); + + RAND_bytes(session_id, sizeof(session_id)); + RAND_bytes(master_secret, sizeof(master_secret)); + RAND_bytes(cookie, sizeof(cookie)); + RAND_bytes(server_random + 4, sizeof(server_random) - 4); + + now = time(NULL); + memcpy(server_random, &now, sizeof(now)); + + sess = client_session(); + if (sess == NULL) { + printf("Failed to generate SSL_SESSION\n"); + goto end; + } + + handshake_md = EVP_MD_CTX_new(); + if (handshake_md == NULL || + !EVP_DigestInit_ex(handshake_md, EVP_md5_sha1(), NULL)) { + printf("Failed to initialise handshake_md\n"); + goto end; + } + + ctx = SSL_CTX_new(DTLS_client_method()); + if (ctx == NULL) { + printf("Failed to allocate SSL_CTX\n"); + goto end_md; + } + if (!SSL_CTX_set_min_proto_version(ctx, DTLS1_BAD_VER)) { + printf("SSL_CTX_set_min_proto_version() failed\n"); + goto end_ctx; + } + if (!SSL_CTX_set_max_proto_version(ctx, DTLS1_BAD_VER)) { + printf("SSL_CTX_set_max_proto_version() failed\n"); + goto end_ctx; + } + + if (!SSL_CTX_set_cipher_list(ctx, "AES128-SHA")) { + printf("SSL_CTX_set_cipher_list() failed\n"); + goto end_ctx; + } + + con = SSL_new(ctx); + if (!SSL_set_session(con, sess)) { + printf("SSL_set_session() failed\n"); + goto end_con; + } + SSL_SESSION_free(sess); + + rbio = BIO_new(BIO_s_mem()); + wbio = BIO_new(BIO_s_mem()); + + BIO_set_nbio(rbio, 1); + BIO_set_nbio(wbio, 1); + + SSL_set_bio(con, rbio, wbio); + SSL_set_connect_state(con); + + /* Send initial ClientHello */ + ret = SSL_do_handshake(con); + if (ret > 0 || SSL_get_error(con, ret) != SSL_ERROR_WANT_READ) { + printf("Unexpected handshake result at initial call!\n"); + goto end_con; + } + + if (validate_client_hello(wbio) != 1) { + printf("Initial ClientHello failed validation\n"); + goto end_con; + } + if (send_hello_verify(rbio) != 1) { + printf("Failed to send HelloVerify\n"); + goto end_con; + } + ret = SSL_do_handshake(con); + if (ret > 0 || SSL_get_error(con, ret) != SSL_ERROR_WANT_READ) { + printf("Unexpected handshake result after HelloVerify!\n"); + goto end_con; + } + if (validate_client_hello(wbio) != 2) { + printf("Second ClientHello failed validation\n"); + goto end_con; + } + if (send_server_hello(rbio) != 1) { + printf("Failed to send ServerHello\n"); + goto end_con; + } + ret = SSL_do_handshake(con); + if (ret > 0 || SSL_get_error(con, ret) != SSL_ERROR_WANT_READ) { + printf("Unexpected handshake result after ServerHello!\n"); + goto end_con; + } + if (send_finished(con, rbio) != 1) { + printf("Failed to send Finished\n"); + goto end_con; + } + ret = SSL_do_handshake(con); + if (ret < 1) { + printf("Handshake not successful after Finished!\n"); + goto end_con; + } + if (validate_ccs(wbio) != 1) { + printf("Failed to validate client CCS/Finished\n"); + goto end_con; + } + + /* While we're here and crafting packets by hand, we might as well do a + bit of a stress test on the DTLS record replay handling. Not Cisco-DTLS + specific but useful anyway for the general case. It's been broken + before, and in fact was broken even for a basic 0, 2, 1 test case + when this test was first added.... */ + for (i = 0; i < (int)OSSL_NELEM(tests); i++) { + unsigned long recv_buf[2]; + + if (send_record(rbio, SSL3_RT_APPLICATION_DATA, tests[i].seq, + &tests[i].seq, sizeof(unsigned long)) != 1) { + printf("Failed to send data seq #0x%lx (%d)\n", + tests[i].seq, i); + goto end_con; + } + + if (tests[i].drop) + continue; + + ret = SSL_read(con, recv_buf, 2 * sizeof(unsigned long)); + if (ret != sizeof(unsigned long)) { + printf("SSL_read failed or wrong size on seq#0x%lx (%d)\n", + tests[i].seq, i); + goto end_con; + } + if (recv_buf[0] != tests[i].seq) { + printf("Wrong data packet received (0x%lx not 0x%lx) at packet %d\n", + recv_buf[0], tests[i].seq, i); + goto end_con; + } + } + if (tests[i-1].drop) { + printf("Error: last test cannot be DROP()\n"); + goto end_con; + } + testresult=1; + + end_con: + SSL_free(con); + end_ctx: + SSL_CTX_free(ctx); + end_md: + EVP_MD_CTX_free(handshake_md); + end: + ERR_print_errors_fp(stderr); + + if (!testresult) { + printf("Cisco BadDTLS test: FAILED\n"); + } + + +#ifndef OPENSSL_NO_CRYPTO_MDEBUG + if (CRYPTO_mem_leaks(err) <= 0) + testresult = 0; +#endif + BIO_free(err); + + return testresult?0:1; +} diff --git a/openssl-1.1.0h/test/bftest.c b/openssl-1.1.0h/test/bftest.c new file mode 100644 index 0000000..a513660 --- /dev/null +++ b/openssl-1.1.0h/test/bftest.c @@ -0,0 +1,484 @@ +/* + * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +/* + * This has been a quickly hacked 'ideatest.c'. When I add tests for other + * RC2 modes, more of the code will be uncommented. + */ + +#include +#include +#include +#include /* To see if OPENSSL_NO_BF is defined */ + +#include "../e_os.h" + +#ifdef OPENSSL_NO_BF +int main(int argc, char *argv[]) +{ + printf("No BF support\n"); + return (0); +} +#else +# include + +# ifdef CHARSET_EBCDIC +# include +# endif + +static char bf_key[2][30] = { + "abcdefghijklmnopqrstuvwxyz", + "Who is John Galt?" +}; + +/* big endian */ +static BF_LONG bf_plain[2][2] = { + {0x424c4f57L, 0x46495348L}, + {0xfedcba98L, 0x76543210L} +}; + +static BF_LONG bf_cipher[2][2] = { + {0x324ed0feL, 0xf413a203L}, + {0xcc91732bL, 0x8022f684L} +}; + +/************/ + +/* Lets use the DES test vectors :-) */ +# define NUM_TESTS 34 +static unsigned char ecb_data[NUM_TESTS][8] = { + {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, + {0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF}, + {0x30, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, + {0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11}, + {0x01, 0x23, 0x45, 0x67, 0x89, 0xAB, 0xCD, 0xEF}, + {0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11}, + {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, + {0xFE, 0xDC, 0xBA, 0x98, 0x76, 0x54, 0x32, 0x10}, + {0x7C, 0xA1, 0x10, 0x45, 0x4A, 0x1A, 0x6E, 0x57}, + {0x01, 0x31, 0xD9, 0x61, 0x9D, 0xC1, 0x37, 0x6E}, + {0x07, 0xA1, 0x13, 0x3E, 0x4A, 0x0B, 0x26, 0x86}, + {0x38, 0x49, 0x67, 0x4C, 0x26, 0x02, 0x31, 0x9E}, + {0x04, 0xB9, 0x15, 0xBA, 0x43, 0xFE, 0xB5, 0xB6}, + {0x01, 0x13, 0xB9, 0x70, 0xFD, 0x34, 0xF2, 0xCE}, + {0x01, 0x70, 0xF1, 0x75, 0x46, 0x8F, 0xB5, 0xE6}, + {0x43, 0x29, 0x7F, 0xAD, 0x38, 0xE3, 0x73, 0xFE}, + {0x07, 0xA7, 0x13, 0x70, 0x45, 0xDA, 0x2A, 0x16}, + {0x04, 0x68, 0x91, 0x04, 0xC2, 0xFD, 0x3B, 0x2F}, + {0x37, 0xD0, 0x6B, 0xB5, 0x16, 0xCB, 0x75, 0x46}, + {0x1F, 0x08, 0x26, 0x0D, 0x1A, 0xC2, 0x46, 0x5E}, + {0x58, 0x40, 0x23, 0x64, 0x1A, 0xBA, 0x61, 0x76}, + {0x02, 0x58, 0x16, 0x16, 0x46, 0x29, 0xB0, 0x07}, + {0x49, 0x79, 0x3E, 0xBC, 0x79, 0xB3, 0x25, 0x8F}, + {0x4F, 0xB0, 0x5E, 0x15, 0x15, 0xAB, 0x73, 0xA7}, + {0x49, 0xE9, 0x5D, 0x6D, 0x4C, 0xA2, 0x29, 0xBF}, + {0x01, 0x83, 0x10, 0xDC, 0x40, 0x9B, 0x26, 0xD6}, + {0x1C, 0x58, 0x7F, 0x1C, 0x13, 0x92, 0x4F, 0xEF}, + {0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01}, + {0x1F, 0x1F, 0x1F, 0x1F, 0x0E, 0x0E, 0x0E, 0x0E}, + {0xE0, 0xFE, 0xE0, 0xFE, 0xF1, 0xFE, 0xF1, 0xFE}, + {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, + {0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF}, + {0x01, 0x23, 0x45, 0x67, 0x89, 0xAB, 0xCD, 0xEF}, + {0xFE, 0xDC, 0xBA, 0x98, 0x76, 0x54, 0x32, 0x10} +}; + +static unsigned char plain_data[NUM_TESTS][8] = { + {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, + {0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF}, + {0x10, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01}, + {0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11}, + {0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11}, + {0x01, 0x23, 0x45, 0x67, 0x89, 0xAB, 0xCD, 0xEF}, + {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, + {0x01, 0x23, 0x45, 0x67, 0x89, 0xAB, 0xCD, 0xEF}, + {0x01, 0xA1, 0xD6, 0xD0, 0x39, 0x77, 0x67, 0x42}, + {0x5C, 0xD5, 0x4C, 0xA8, 0x3D, 0xEF, 0x57, 0xDA}, + {0x02, 0x48, 0xD4, 0x38, 0x06, 0xF6, 0x71, 0x72}, + {0x51, 0x45, 0x4B, 0x58, 0x2D, 0xDF, 0x44, 0x0A}, + {0x42, 0xFD, 0x44, 0x30, 0x59, 0x57, 0x7F, 0xA2}, + {0x05, 0x9B, 0x5E, 0x08, 0x51, 0xCF, 0x14, 0x3A}, + {0x07, 0x56, 0xD8, 0xE0, 0x77, 0x47, 0x61, 0xD2}, + {0x76, 0x25, 0x14, 0xB8, 0x29, 0xBF, 0x48, 0x6A}, + {0x3B, 0xDD, 0x11, 0x90, 0x49, 0x37, 0x28, 0x02}, + {0x26, 0x95, 0x5F, 0x68, 0x35, 0xAF, 0x60, 0x9A}, + {0x16, 0x4D, 0x5E, 0x40, 0x4F, 0x27, 0x52, 0x32}, + {0x6B, 0x05, 0x6E, 0x18, 0x75, 0x9F, 0x5C, 0xCA}, + {0x00, 0x4B, 0xD6, 0xEF, 0x09, 0x17, 0x60, 0x62}, + {0x48, 0x0D, 0x39, 0x00, 0x6E, 0xE7, 0x62, 0xF2}, + {0x43, 0x75, 0x40, 0xC8, 0x69, 0x8F, 0x3C, 0xFA}, + {0x07, 0x2D, 0x43, 0xA0, 0x77, 0x07, 0x52, 0x92}, + {0x02, 0xFE, 0x55, 0x77, 0x81, 0x17, 0xF1, 0x2A}, + {0x1D, 0x9D, 0x5C, 0x50, 0x18, 0xF7, 0x28, 0xC2}, + {0x30, 0x55, 0x32, 0x28, 0x6D, 0x6F, 0x29, 0x5A}, + {0x01, 0x23, 0x45, 0x67, 0x89, 0xAB, 0xCD, 0xEF}, + {0x01, 0x23, 0x45, 0x67, 0x89, 0xAB, 0xCD, 0xEF}, + {0x01, 0x23, 0x45, 0x67, 0x89, 0xAB, 0xCD, 0xEF}, + {0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF}, + {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, + {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, + {0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF} +}; + +static unsigned char cipher_data[NUM_TESTS][8] = { + {0x4E, 0xF9, 0x97, 0x45, 0x61, 0x98, 0xDD, 0x78}, + {0x51, 0x86, 0x6F, 0xD5, 0xB8, 0x5E, 0xCB, 0x8A}, + {0x7D, 0x85, 0x6F, 0x9A, 0x61, 0x30, 0x63, 0xF2}, + {0x24, 0x66, 0xDD, 0x87, 0x8B, 0x96, 0x3C, 0x9D}, + {0x61, 0xF9, 0xC3, 0x80, 0x22, 0x81, 0xB0, 0x96}, + {0x7D, 0x0C, 0xC6, 0x30, 0xAF, 0xDA, 0x1E, 0xC7}, + {0x4E, 0xF9, 0x97, 0x45, 0x61, 0x98, 0xDD, 0x78}, + {0x0A, 0xCE, 0xAB, 0x0F, 0xC6, 0xA0, 0xA2, 0x8D}, + {0x59, 0xC6, 0x82, 0x45, 0xEB, 0x05, 0x28, 0x2B}, + {0xB1, 0xB8, 0xCC, 0x0B, 0x25, 0x0F, 0x09, 0xA0}, + {0x17, 0x30, 0xE5, 0x77, 0x8B, 0xEA, 0x1D, 0xA4}, + {0xA2, 0x5E, 0x78, 0x56, 0xCF, 0x26, 0x51, 0xEB}, + {0x35, 0x38, 0x82, 0xB1, 0x09, 0xCE, 0x8F, 0x1A}, + {0x48, 0xF4, 0xD0, 0x88, 0x4C, 0x37, 0x99, 0x18}, + {0x43, 0x21, 0x93, 0xB7, 0x89, 0x51, 0xFC, 0x98}, + {0x13, 0xF0, 0x41, 0x54, 0xD6, 0x9D, 0x1A, 0xE5}, + {0x2E, 0xED, 0xDA, 0x93, 0xFF, 0xD3, 0x9C, 0x79}, + {0xD8, 0x87, 0xE0, 0x39, 0x3C, 0x2D, 0xA6, 0xE3}, + {0x5F, 0x99, 0xD0, 0x4F, 0x5B, 0x16, 0x39, 0x69}, + {0x4A, 0x05, 0x7A, 0x3B, 0x24, 0xD3, 0x97, 0x7B}, + {0x45, 0x20, 0x31, 0xC1, 0xE4, 0xFA, 0xDA, 0x8E}, + {0x75, 0x55, 0xAE, 0x39, 0xF5, 0x9B, 0x87, 0xBD}, + {0x53, 0xC5, 0x5F, 0x9C, 0xB4, 0x9F, 0xC0, 0x19}, + {0x7A, 0x8E, 0x7B, 0xFA, 0x93, 0x7E, 0x89, 0xA3}, + {0xCF, 0x9C, 0x5D, 0x7A, 0x49, 0x86, 0xAD, 0xB5}, + {0xD1, 0xAB, 0xB2, 0x90, 0x65, 0x8B, 0xC7, 0x78}, + {0x55, 0xCB, 0x37, 0x74, 0xD1, 0x3E, 0xF2, 0x01}, + {0xFA, 0x34, 0xEC, 0x48, 0x47, 0xB2, 0x68, 0xB2}, + {0xA7, 0x90, 0x79, 0x51, 0x08, 0xEA, 0x3C, 0xAE}, + {0xC3, 0x9E, 0x07, 0x2D, 0x9F, 0xAC, 0x63, 0x1D}, + {0x01, 0x49, 0x33, 0xE0, 0xCD, 0xAF, 0xF6, 0xE4}, + {0xF2, 0x1E, 0x9A, 0x77, 0xB7, 0x1C, 0x49, 0xBC}, + {0x24, 0x59, 0x46, 0x88, 0x57, 0x54, 0x36, 0x9A}, + {0x6B, 0x5C, 0x5A, 0x9C, 0x5D, 0x9E, 0x0A, 0x5A}, +}; + +static unsigned char cbc_key[16] = { + 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef, + 0xf0, 0xe1, 0xd2, 0xc3, 0xb4, 0xa5, 0x96, 0x87 +}; +static unsigned char cbc_iv[8] = + { 0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10 }; +static char cbc_data[40] = "7654321 Now is the time for "; +static unsigned char cbc_ok[32] = { + 0x6B, 0x77, 0xB4, 0xD6, 0x30, 0x06, 0xDE, 0xE6, + 0x05, 0xB1, 0x56, 0xE2, 0x74, 0x03, 0x97, 0x93, + 0x58, 0xDE, 0xB9, 0xE7, 0x15, 0x46, 0x16, 0xD9, + 0x59, 0xF1, 0x65, 0x2B, 0xD5, 0xFF, 0x92, 0xCC +}; + +static unsigned char cfb64_ok[] = { + 0xE7, 0x32, 0x14, 0xA2, 0x82, 0x21, 0x39, 0xCA, + 0xF2, 0x6E, 0xCF, 0x6D, 0x2E, 0xB9, 0xE7, 0x6E, + 0x3D, 0xA3, 0xDE, 0x04, 0xD1, 0x51, 0x72, 0x00, + 0x51, 0x9D, 0x57, 0xA6, 0xC3 +}; + +static unsigned char ofb64_ok[] = { + 0xE7, 0x32, 0x14, 0xA2, 0x82, 0x21, 0x39, 0xCA, + 0x62, 0xB3, 0x43, 0xCC, 0x5B, 0x65, 0x58, 0x73, + 0x10, 0xDD, 0x90, 0x8D, 0x0C, 0x24, 0x1B, 0x22, + 0x63, 0xC2, 0xCF, 0x80, 0xDA +}; + +# define KEY_TEST_NUM 25 +static unsigned char key_test[KEY_TEST_NUM] = { + 0xf0, 0xe1, 0xd2, 0xc3, 0xb4, 0xa5, 0x96, 0x87, + 0x78, 0x69, 0x5a, 0x4b, 0x3c, 0x2d, 0x1e, 0x0f, + 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77, + 0x88 +}; + +static unsigned char key_data[8] = + { 0xFE, 0xDC, 0xBA, 0x98, 0x76, 0x54, 0x32, 0x10 }; + +static unsigned char key_out[KEY_TEST_NUM][8] = { + {0xF9, 0xAD, 0x59, 0x7C, 0x49, 0xDB, 0x00, 0x5E}, + {0xE9, 0x1D, 0x21, 0xC1, 0xD9, 0x61, 0xA6, 0xD6}, + {0xE9, 0xC2, 0xB7, 0x0A, 0x1B, 0xC6, 0x5C, 0xF3}, + {0xBE, 0x1E, 0x63, 0x94, 0x08, 0x64, 0x0F, 0x05}, + {0xB3, 0x9E, 0x44, 0x48, 0x1B, 0xDB, 0x1E, 0x6E}, + {0x94, 0x57, 0xAA, 0x83, 0xB1, 0x92, 0x8C, 0x0D}, + {0x8B, 0xB7, 0x70, 0x32, 0xF9, 0x60, 0x62, 0x9D}, + {0xE8, 0x7A, 0x24, 0x4E, 0x2C, 0xC8, 0x5E, 0x82}, + {0x15, 0x75, 0x0E, 0x7A, 0x4F, 0x4E, 0xC5, 0x77}, + {0x12, 0x2B, 0xA7, 0x0B, 0x3A, 0xB6, 0x4A, 0xE0}, + {0x3A, 0x83, 0x3C, 0x9A, 0xFF, 0xC5, 0x37, 0xF6}, + {0x94, 0x09, 0xDA, 0x87, 0xA9, 0x0F, 0x6B, 0xF2}, + {0x88, 0x4F, 0x80, 0x62, 0x50, 0x60, 0xB8, 0xB4}, + {0x1F, 0x85, 0x03, 0x1C, 0x19, 0xE1, 0x19, 0x68}, + {0x79, 0xD9, 0x37, 0x3A, 0x71, 0x4C, 0xA3, 0x4F}, + {0x93, 0x14, 0x28, 0x87, 0xEE, 0x3B, 0xE1, 0x5C}, + {0x03, 0x42, 0x9E, 0x83, 0x8C, 0xE2, 0xD1, 0x4B}, + {0xA4, 0x29, 0x9E, 0x27, 0x46, 0x9F, 0xF6, 0x7B}, + {0xAF, 0xD5, 0xAE, 0xD1, 0xC1, 0xBC, 0x96, 0xA8}, + {0x10, 0x85, 0x1C, 0x0E, 0x38, 0x58, 0xDA, 0x9F}, + {0xE6, 0xF5, 0x1E, 0xD7, 0x9B, 0x9D, 0xB2, 0x1F}, + {0x64, 0xA6, 0xE1, 0x4A, 0xFD, 0x36, 0xB4, 0x6F}, + {0x80, 0xC7, 0xD7, 0xD4, 0x5A, 0x54, 0x79, 0xAD}, + {0x05, 0x04, 0x4B, 0x62, 0xFA, 0x52, 0xD0, 0x80}, +}; + +static int test(void); +static int print_test_data(void); +int main(int argc, char *argv[]) +{ + int ret; + + if (argc > 1) + ret = print_test_data(); + else + ret = test(); + + EXIT(ret); +} + +static int print_test_data(void) +{ + unsigned int i, j; + + printf("ecb test data\n"); + printf("key bytes\t\tclear bytes\t\tcipher bytes\n"); + for (i = 0; i < NUM_TESTS; i++) { + for (j = 0; j < 8; j++) + printf("%02X", ecb_data[i][j]); + printf("\t"); + for (j = 0; j < 8; j++) + printf("%02X", plain_data[i][j]); + printf("\t"); + for (j = 0; j < 8; j++) + printf("%02X", cipher_data[i][j]); + printf("\n"); + } + + printf("set_key test data\n"); + printf("data[8]= "); + for (j = 0; j < 8; j++) + printf("%02X", key_data[j]); + printf("\n"); + for (i = 0; i < KEY_TEST_NUM - 1; i++) { + printf("c="); + for (j = 0; j < 8; j++) + printf("%02X", key_out[i][j]); + printf(" k[%2u]=", i + 1); + for (j = 0; j < i + 1; j++) + printf("%02X", key_test[j]); + printf("\n"); + } + + printf("\nchaining mode test data\n"); + printf("key[16] = "); + for (j = 0; j < 16; j++) + printf("%02X", cbc_key[j]); + printf("\niv[8] = "); + for (j = 0; j < 8; j++) + printf("%02X", cbc_iv[j]); + printf("\ndata[%d] = '%s'", (int)strlen(cbc_data) + 1, cbc_data); + printf("\ndata[%d] = ", (int)strlen(cbc_data) + 1); + for (j = 0; j < strlen(cbc_data) + 1; j++) + printf("%02X", cbc_data[j]); + printf("\n"); + printf("cbc cipher text\n"); + printf("cipher[%d]= ", 32); + for (j = 0; j < 32; j++) + printf("%02X", cbc_ok[j]); + printf("\n"); + + printf("cfb64 cipher text\n"); + printf("cipher[%d]= ", (int)strlen(cbc_data) + 1); + for (j = 0; j < strlen(cbc_data) + 1; j++) + printf("%02X", cfb64_ok[j]); + printf("\n"); + + printf("ofb64 cipher text\n"); + printf("cipher[%d]= ", (int)strlen(cbc_data) + 1); + for (j = 0; j < strlen(cbc_data) + 1; j++) + printf("%02X", ofb64_ok[j]); + printf("\n"); + return (0); +} + +static int test(void) +{ + unsigned char cbc_in[40], cbc_out[40], iv[8]; + int i, n, err = 0; + BF_KEY key; + BF_LONG data[2]; + unsigned char out[8]; + BF_LONG len; + +# ifdef CHARSET_EBCDIC + ebcdic2ascii(cbc_data, cbc_data, strlen(cbc_data)); +# endif + + printf("testing blowfish in raw ecb mode\n"); + for (n = 0; n < 2; n++) { +# ifdef CHARSET_EBCDIC + ebcdic2ascii(bf_key[n], bf_key[n], strlen(bf_key[n])); +# endif + BF_set_key(&key, strlen(bf_key[n]), (unsigned char *)bf_key[n]); + + data[0] = bf_plain[n][0]; + data[1] = bf_plain[n][1]; + BF_encrypt(data, &key); + if (memcmp(&(bf_cipher[n][0]), &(data[0]), 8) != 0) { + printf("BF_encrypt error encrypting\n"); + printf("got :"); + for (i = 0; i < 2; i++) + printf("%08lX ", (unsigned long)data[i]); + printf("\n"); + printf("expected:"); + for (i = 0; i < 2; i++) + printf("%08lX ", (unsigned long)bf_cipher[n][i]); + err = 1; + printf("\n"); + } + + BF_decrypt(&(data[0]), &key); + if (memcmp(&(bf_plain[n][0]), &(data[0]), 8) != 0) { + printf("BF_encrypt error decrypting\n"); + printf("got :"); + for (i = 0; i < 2; i++) + printf("%08lX ", (unsigned long)data[i]); + printf("\n"); + printf("expected:"); + for (i = 0; i < 2; i++) + printf("%08lX ", (unsigned long)bf_plain[n][i]); + printf("\n"); + err = 1; + } + } + + printf("testing blowfish in ecb mode\n"); + + for (n = 0; n < NUM_TESTS; n++) { + BF_set_key(&key, 8, ecb_data[n]); + + BF_ecb_encrypt(&(plain_data[n][0]), out, &key, BF_ENCRYPT); + if (memcmp(&(cipher_data[n][0]), out, 8) != 0) { + printf("BF_ecb_encrypt blowfish error encrypting\n"); + printf("got :"); + for (i = 0; i < 8; i++) + printf("%02X ", out[i]); + printf("\n"); + printf("expected:"); + for (i = 0; i < 8; i++) + printf("%02X ", cipher_data[n][i]); + err = 1; + printf("\n"); + } + + BF_ecb_encrypt(out, out, &key, BF_DECRYPT); + if (memcmp(&(plain_data[n][0]), out, 8) != 0) { + printf("BF_ecb_encrypt error decrypting\n"); + printf("got :"); + for (i = 0; i < 8; i++) + printf("%02X ", out[i]); + printf("\n"); + printf("expected:"); + for (i = 0; i < 8; i++) + printf("%02X ", plain_data[n][i]); + printf("\n"); + err = 1; + } + } + + printf("testing blowfish set_key\n"); + for (n = 1; n < KEY_TEST_NUM; n++) { + BF_set_key(&key, n, key_test); + BF_ecb_encrypt(key_data, out, &key, BF_ENCRYPT); + /* mips-sgi-irix6.5-gcc vv -mabi=64 bug workaround */ + if (memcmp(out, &(key_out[i = n - 1][0]), 8) != 0) { + printf("blowfish setkey error\n"); + err = 1; + } + } + + printf("testing blowfish in cbc mode\n"); + len = strlen(cbc_data) + 1; + + BF_set_key(&key, 16, cbc_key); + memset(cbc_in, 0, sizeof(cbc_in)); + memset(cbc_out, 0, sizeof(cbc_out)); + memcpy(iv, cbc_iv, sizeof(iv)); + BF_cbc_encrypt((unsigned char *)cbc_data, cbc_out, len, + &key, iv, BF_ENCRYPT); + if (memcmp(cbc_out, cbc_ok, 32) != 0) { + err = 1; + printf("BF_cbc_encrypt encrypt error\n"); + for (i = 0; i < 32; i++) + printf("0x%02X,", cbc_out[i]); + } + memcpy(iv, cbc_iv, 8); + BF_cbc_encrypt(cbc_out, cbc_in, len, &key, iv, BF_DECRYPT); + if (memcmp(cbc_in, cbc_data, strlen(cbc_data) + 1) != 0) { + printf("BF_cbc_encrypt decrypt error\n"); + err = 1; + } + + printf("testing blowfish in cfb64 mode\n"); + + BF_set_key(&key, 16, cbc_key); + memset(cbc_in, 0, 40); + memset(cbc_out, 0, 40); + memcpy(iv, cbc_iv, 8); + n = 0; + BF_cfb64_encrypt((unsigned char *)cbc_data, cbc_out, (long)13, + &key, iv, &n, BF_ENCRYPT); + BF_cfb64_encrypt((unsigned char *)&(cbc_data[13]), &(cbc_out[13]), + len - 13, &key, iv, &n, BF_ENCRYPT); + if (memcmp(cbc_out, cfb64_ok, (int)len) != 0) { + err = 1; + printf("BF_cfb64_encrypt encrypt error\n"); + for (i = 0; i < (int)len; i++) + printf("0x%02X,", cbc_out[i]); + } + n = 0; + memcpy(iv, cbc_iv, 8); + BF_cfb64_encrypt(cbc_out, cbc_in, 17, &key, iv, &n, BF_DECRYPT); + BF_cfb64_encrypt(&(cbc_out[17]), &(cbc_in[17]), len - 17, + &key, iv, &n, BF_DECRYPT); + if (memcmp(cbc_in, cbc_data, (int)len) != 0) { + printf("BF_cfb64_encrypt decrypt error\n"); + err = 1; + } + + printf("testing blowfish in ofb64\n"); + + BF_set_key(&key, 16, cbc_key); + memset(cbc_in, 0, 40); + memset(cbc_out, 0, 40); + memcpy(iv, cbc_iv, 8); + n = 0; + BF_ofb64_encrypt((unsigned char *)cbc_data, cbc_out, (long)13, &key, iv, + &n); + BF_ofb64_encrypt((unsigned char *)&(cbc_data[13]), &(cbc_out[13]), + len - 13, &key, iv, &n); + if (memcmp(cbc_out, ofb64_ok, (int)len) != 0) { + err = 1; + printf("BF_ofb64_encrypt encrypt error\n"); + for (i = 0; i < (int)len; i++) + printf("0x%02X,", cbc_out[i]); + } + n = 0; + memcpy(iv, cbc_iv, 8); + BF_ofb64_encrypt(cbc_out, cbc_in, 17, &key, iv, &n); + BF_ofb64_encrypt(&(cbc_out[17]), &(cbc_in[17]), len - 17, &key, iv, &n); + if (memcmp(cbc_in, cbc_data, (int)len) != 0) { + printf("BF_ofb64_encrypt decrypt error\n"); + err = 1; + } + + return (err); +} +#endif diff --git a/openssl-1.1.0h/test/bio_enc_test.c b/openssl-1.1.0h/test/bio_enc_test.c new file mode 100644 index 0000000..fad1a19 --- /dev/null +++ b/openssl-1.1.0h/test/bio_enc_test.c @@ -0,0 +1,138 @@ +/* + * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ +#include +#include +#include +#include +#include + +int main() +{ + BIO *b; + static const unsigned char key[16] = { 0 }; + static unsigned char inp[1024] = { 0 }; + unsigned char out[1024], ref[1024]; + int i, lref, len; + + /* Fill buffer with non-zero data so that over steps can be detected */ + if (RAND_bytes(inp, sizeof(inp)) <= 0) + return -1; + + /* + * Exercise CBC cipher + */ + + /* reference output for single-chunk operation */ + b = BIO_new(BIO_f_cipher()); + if (!BIO_set_cipher(b, EVP_aes_128_cbc(), key, NULL, 0)) + return -1; + BIO_push(b, BIO_new_mem_buf(inp, sizeof(inp))); + lref = BIO_read(b, ref, sizeof(ref)); + BIO_free_all(b); + + /* perform split operations and compare to reference */ + for (i = 1; i < lref; i++) { + b = BIO_new(BIO_f_cipher()); + if (!BIO_set_cipher(b, EVP_aes_128_cbc(), key, NULL, 0)) + return -1; + BIO_push(b, BIO_new_mem_buf(inp, sizeof(inp))); + memset(out, 0, sizeof(out)); + out[i] = ~ref[i]; + len = BIO_read(b, out, i); + /* check for overstep */ + if (out[i] != (unsigned char)~ref[i]) { + fprintf(stderr, "CBC output overstep@%d\n", i); + return 1; + } + len += BIO_read(b, out + len, sizeof(out) - len); + BIO_free_all(b); + + if (len != lref || memcmp(out, ref, len)) { + fprintf(stderr, "CBC output mismatch@%d\n", i); + return 2; + } + } + + /* perform small-chunk operations and compare to reference */ + for (i = 1; i < lref / 2; i++) { + int delta; + + b = BIO_new(BIO_f_cipher()); + if (!BIO_set_cipher(b, EVP_aes_128_cbc(), key, NULL, 0)) + return -1; + BIO_push(b, BIO_new_mem_buf(inp, sizeof(inp))); + memset(out, 0, sizeof(out)); + for (len = 0; (delta = BIO_read(b, out + len, i)); ) { + len += delta; + } + BIO_free_all(b); + + if (len != lref || memcmp(out, ref, len)) { + fprintf(stderr, "CBC output mismatch@%d\n", i); + return 3; + } + } + + /* + * Exercise CTR cipher + */ + + /* reference output for single-chunk operation */ + b = BIO_new(BIO_f_cipher()); + if (!BIO_set_cipher(b, EVP_aes_128_ctr(), key, NULL, 0)) + return -1; + BIO_push(b, BIO_new_mem_buf(inp, sizeof(inp))); + lref = BIO_read(b, ref, sizeof(ref)); + BIO_free_all(b); + + /* perform split operations and compare to reference */ + for (i = 1; i < lref; i++) { + b = BIO_new(BIO_f_cipher()); + if (!BIO_set_cipher(b, EVP_aes_128_ctr(), key, NULL, 0)) + return -1; + BIO_push(b, BIO_new_mem_buf(inp, sizeof(inp))); + memset(out, 0, sizeof(out)); + out[i] = ~ref[i]; + len = BIO_read(b, out, i); + /* check for overstep */ + if (out[i] != (unsigned char)~ref[i]) { + fprintf(stderr, "CTR output overstep@%d\n", i); + return 4; + } + len += BIO_read(b, out + len, sizeof(out) - len); + BIO_free_all(b); + + if (len != lref || memcmp(out, ref, len)) { + fprintf(stderr, "CTR output mismatch@%d\n", i); + return 5; + } + } + + /* perform small-chunk operations and compare to reference */ + for (i = 1; i < lref / 2; i++) { + int delta; + + b = BIO_new(BIO_f_cipher()); + if (!BIO_set_cipher(b, EVP_aes_128_ctr(), key, NULL, 0)) + return -1; + BIO_push(b, BIO_new_mem_buf(inp, sizeof(inp))); + memset(out, 0, sizeof(out)); + for (len = 0; (delta = BIO_read(b, out + len, i)); ) { + len += delta; + } + BIO_free_all(b); + + if (len != lref || memcmp(out, ref, len)) { + fprintf(stderr, "CTR output mismatch@%d\n", i); + return 6; + } + } + + return 0; +} diff --git a/openssl-1.1.0h/test/bioprinttest.c b/openssl-1.1.0h/test/bioprinttest.c new file mode 100644 index 0000000..b2d2622 --- /dev/null +++ b/openssl-1.1.0h/test/bioprinttest.c @@ -0,0 +1,225 @@ +/* + * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#include +#include +#include + +static int justprint = 0; + +static char *fpexpected[][5] = { + /* 0 */ { "0.0000e+00", "0.0000", "0", "0.0000E+00", "0" }, + /* 1 */ { "6.7000e-01", "0.6700", "0.67", "6.7000E-01", "0.67" }, + /* 2 */ { "6.6667e-01", "0.6667", "0.6667", "6.6667E-01", "0.6667" }, + /* 3 */ { "6.6667e-04", "0.0007", "0.0006667", "6.6667E-04", "0.0006667" }, + /* 4 */ { "6.6667e-05", "0.0001", "6.667e-05", "6.6667E-05", "6.667E-05" }, + /* 5 */ { "6.6667e+00", "6.6667", "6.667", "6.6667E+00", "6.667" }, + /* 6 */ { "6.6667e+01", "66.6667", "66.67", "6.6667E+01", "66.67" }, + /* 7 */ { "6.6667e+02", "666.6667", "666.7", "6.6667E+02", "666.7" }, + /* 8 */ { "6.6667e+03", "6666.6667", "6667", "6.6667E+03", "6667" }, + /* 9 */ { "6.6667e+04", "66666.6667", "6.667e+04", "6.6667E+04", "6.667E+04" }, + /* 10 */ { "0.00000e+00", "0.00000", "0", "0.00000E+00", "0" }, + /* 11 */ { "6.70000e-01", "0.67000", "0.67", "6.70000E-01", "0.67" }, + /* 12 */ { "6.66667e-01", "0.66667", "0.66667", "6.66667E-01", "0.66667" }, + /* 13 */ { "6.66667e-04", "0.00067", "0.00066667", "6.66667E-04", "0.00066667" }, + /* 14 */ { "6.66667e-05", "0.00007", "6.6667e-05", "6.66667E-05", "6.6667E-05" }, + /* 15 */ { "6.66667e+00", "6.66667", "6.6667", "6.66667E+00", "6.6667" }, + /* 16 */ { "6.66667e+01", "66.66667", "66.667", "6.66667E+01", "66.667" }, + /* 17 */ { "6.66667e+02", "666.66667", "666.67", "6.66667E+02", "666.67" }, + /* 18 */ { "6.66667e+03", "6666.66667", "6666.7", "6.66667E+03", "6666.7" }, + /* 19 */ { "6.66667e+04", "66666.66667", "66667", "6.66667E+04", "66667" }, + /* 20 */ { " 0.0000e+00", " 0.0000", " 0", " 0.0000E+00", " 0" }, + /* 21 */ { " 6.7000e-01", " 0.6700", " 0.67", " 6.7000E-01", " 0.67" }, + /* 22 */ { " 6.6667e-01", " 0.6667", " 0.6667", " 6.6667E-01", " 0.6667" }, + /* 23 */ { " 6.6667e-04", " 0.0007", " 0.0006667", " 6.6667E-04", " 0.0006667" }, + /* 24 */ { " 6.6667e-05", " 0.0001", " 6.667e-05", " 6.6667E-05", " 6.667E-05" }, + /* 25 */ { " 6.6667e+00", " 6.6667", " 6.667", " 6.6667E+00", " 6.667" }, + /* 26 */ { " 6.6667e+01", " 66.6667", " 66.67", " 6.6667E+01", " 66.67" }, + /* 27 */ { " 6.6667e+02", " 666.6667", " 666.7", " 6.6667E+02", " 666.7" }, + /* 28 */ { " 6.6667e+03", " 6666.6667", " 6667", " 6.6667E+03", " 6667" }, + /* 29 */ { " 6.6667e+04", " 66666.6667", " 6.667e+04", " 6.6667E+04", " 6.667E+04" }, + /* 30 */ { " 0.00000e+00", " 0.00000", " 0", " 0.00000E+00", " 0" }, + /* 31 */ { " 6.70000e-01", " 0.67000", " 0.67", " 6.70000E-01", " 0.67" }, + /* 32 */ { " 6.66667e-01", " 0.66667", " 0.66667", " 6.66667E-01", " 0.66667" }, + /* 33 */ { " 6.66667e-04", " 0.00067", " 0.00066667", " 6.66667E-04", " 0.00066667" }, + /* 34 */ { " 6.66667e-05", " 0.00007", " 6.6667e-05", " 6.66667E-05", " 6.6667E-05" }, + /* 35 */ { " 6.66667e+00", " 6.66667", " 6.6667", " 6.66667E+00", " 6.6667" }, + /* 36 */ { " 6.66667e+01", " 66.66667", " 66.667", " 6.66667E+01", " 66.667" }, + /* 37 */ { " 6.66667e+02", " 666.66667", " 666.67", " 6.66667E+02", " 666.67" }, + /* 38 */ { " 6.66667e+03", " 6666.66667", " 6666.7", " 6.66667E+03", " 6666.7" }, + /* 39 */ { " 6.66667e+04", " 66666.66667", " 66667", " 6.66667E+04", " 66667" }, + /* 40 */ { "0e+00", "0", "0", "0E+00", "0" }, + /* 41 */ { "7e-01", "1", "0.7", "7E-01", "0.7" }, + /* 42 */ { "7e-01", "1", "0.7", "7E-01", "0.7" }, + /* 43 */ { "7e-04", "0", "0.0007", "7E-04", "0.0007" }, + /* 44 */ { "7e-05", "0", "7e-05", "7E-05", "7E-05" }, + /* 45 */ { "7e+00", "7", "7", "7E+00", "7" }, + /* 46 */ { "7e+01", "67", "7e+01", "7E+01", "7E+01" }, + /* 47 */ { "7e+02", "667", "7e+02", "7E+02", "7E+02" }, + /* 48 */ { "7e+03", "6667", "7e+03", "7E+03", "7E+03" }, + /* 49 */ { "7e+04", "66667", "7e+04", "7E+04", "7E+04" }, + /* 50 */ { "0.000000e+00", "0.000000", "0", "0.000000E+00", "0" }, + /* 51 */ { "6.700000e-01", "0.670000", "0.67", "6.700000E-01", "0.67" }, + /* 52 */ { "6.666667e-01", "0.666667", "0.666667", "6.666667E-01", "0.666667" }, + /* 53 */ { "6.666667e-04", "0.000667", "0.000666667", "6.666667E-04", "0.000666667" }, + /* 54 */ { "6.666667e-05", "0.000067", "6.66667e-05", "6.666667E-05", "6.66667E-05" }, + /* 55 */ { "6.666667e+00", "6.666667", "6.66667", "6.666667E+00", "6.66667" }, + /* 56 */ { "6.666667e+01", "66.666667", "66.6667", "6.666667E+01", "66.6667" }, + /* 57 */ { "6.666667e+02", "666.666667", "666.667", "6.666667E+02", "666.667" }, + /* 58 */ { "6.666667e+03", "6666.666667", "6666.67", "6.666667E+03", "6666.67" }, + /* 59 */ { "6.666667e+04", "66666.666667", "66666.7", "6.666667E+04", "66666.7" }, + /* 60 */ { "0.0000e+00", "000.0000", "00000000", "0.0000E+00", "00000000" }, + /* 61 */ { "6.7000e-01", "000.6700", "00000.67", "6.7000E-01", "00000.67" }, + /* 62 */ { "6.6667e-01", "000.6667", "000.6667", "6.6667E-01", "000.6667" }, + /* 63 */ { "6.6667e-04", "000.0007", "0.0006667", "6.6667E-04", "0.0006667" }, + /* 64 */ { "6.6667e-05", "000.0001", "6.667e-05", "6.6667E-05", "6.667E-05" }, + /* 65 */ { "6.6667e+00", "006.6667", "0006.667", "6.6667E+00", "0006.667" }, + /* 66 */ { "6.6667e+01", "066.6667", "00066.67", "6.6667E+01", "00066.67" }, + /* 67 */ { "6.6667e+02", "666.6667", "000666.7", "6.6667E+02", "000666.7" }, + /* 68 */ { "6.6667e+03", "6666.6667", "00006667", "6.6667E+03", "00006667" }, + /* 69 */ { "6.6667e+04", "66666.6667", "6.667e+04", "6.6667E+04", "6.667E+04" }, +}; + +static void dofptest(int test, double val, char *width, int prec, int *fail) +{ + char format[80], result[80]; + int i; + + for (i = 0; i < 5; i++) { + char *fspec = NULL; + switch (i) { + case 0: + fspec = "e"; + break; + case 1: + fspec = "f"; + break; + case 2: + fspec = "g"; + break; + case 3: + fspec = "E"; + break; + case 4: + fspec = "G"; + break; + } + + if (prec >= 0) + BIO_snprintf(format, sizeof(format), "%%%s.%d%s", width, prec, + fspec); + else + BIO_snprintf(format, sizeof(format), "%%%s%s", width, fspec); + BIO_snprintf(result, sizeof(result), format, val); + + if (justprint) { + if (i == 0) { + printf(" /* %3d */ { \"%s\"", test, result); + } else { + printf(", \"%s\"", result); + } + } else { + if (strcmp(fpexpected[test][i], result) != 0) { + printf("Test %d(%d) failed. Expected \"%s\". Got \"%s\". " + "Format \"%s\"\n", test, i, fpexpected[test][i], result, + format); + *fail = 1; + } + } + } + if (justprint) { + printf(" },\n"); + } +} + +int main(int argc, char **argv) +{ + int test = 0; + int i; + int fail = 0; + int prec = -1; + char *width = ""; + const double frac = 2.0/3.0; + char buf[80]; + + if (argc == 2 && strcmp(argv[1], "-expected") == 0) { + justprint = 1; + } + + CRYPTO_set_mem_debug(1); + CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON); + + /* Tests for floating point format specifiers */ + for (i = 0; i < 7; i++) { + switch (i) { + case 0: + prec = 4; + width = ""; + break; + case 1: + prec = 5; + width = ""; + break; + case 2: + prec = 4; + width = "12"; + break; + case 3: + prec = 5; + width = "12"; + break; + case 4: + prec = 0; + width = ""; + break; + case 5: + prec = -1; + width = ""; + break; + case 6: + prec = 4; + width = "08"; + break; + } + + dofptest(test++, 0.0, width, prec, &fail); + dofptest(test++, 0.67, width, prec, &fail); + dofptest(test++, frac, width, prec, &fail); + dofptest(test++, frac / 1000, width, prec, &fail); + dofptest(test++, frac / 10000, width, prec, &fail); + dofptest(test++, 6.0 + frac, width, prec, &fail); + dofptest(test++, 66.0 + frac, width, prec, &fail); + dofptest(test++, 666.0 + frac, width, prec, &fail); + dofptest(test++, 6666.0 + frac, width, prec, &fail); + dofptest(test++, 66666.0 + frac, width, prec, &fail); + } + + /* Test excessively big number. Should fail */ + if (BIO_snprintf(buf, sizeof(buf), "%f\n", 2 * (double)ULONG_MAX) != -1) { + printf("Test %d failed. Unexpected success return from " + "BIO_snprintf()\n", test); + fail = 1; + } + +#ifndef OPENSSL_NO_CRYPTO_MDEBUG + if (CRYPTO_mem_leaks_fp(stderr) <= 0) + return 1; +# endif + + if (!justprint) { + if (fail) { + printf("FAIL\n"); + return 1; + } + printf ("PASS\n"); + } + return 0; +} + + diff --git a/openssl-1.1.0h/test/bntest.c b/openssl-1.1.0h/test/bntest.c new file mode 100644 index 0000000..686eab8 --- /dev/null +++ b/openssl-1.1.0h/test/bntest.c @@ -0,0 +1,2094 @@ +/* + * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +/* ==================================================================== + * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED. + * + * Portions of the attached software ("Contribution") are developed by + * SUN MICROSYSTEMS, INC., and are contributed to the OpenSSL project. + * + * The Contribution is licensed pursuant to the Eric Young open source + * license provided above. + * + * The binary polynomial arithmetic software is originally written by + * Sheueling Chang Shantz and Douglas Stebila of Sun Microsystems Laboratories. + * + */ + +#include +#include +#include + +#include "e_os.h" + +#include +#include +#include +#include +#include + +/* + * In bn_lcl.h, bn_expand() is defined as a static ossl_inline function. + * This is fine in itself, it will end up as an unused static function in + * the worst case. However, it referenses bn_expand2(), which is a private + * function in libcrypto and therefore unavailable on some systems. This + * may result in a linker error because of unresolved symbols. + * + * To avoid this, we define a dummy variant of bn_expand2() here, and to + * avoid possible clashes with libcrypto, we rename it first, using a macro. + */ +#define bn_expand2 dummy_bn_expand2 +BIGNUM *bn_expand2(BIGNUM *b, int words); +BIGNUM *bn_expand2(BIGNUM *b, int words) { return NULL; } + +#include "../crypto/bn/bn_lcl.h" + +static const int num0 = 100; /* number of tests */ +static const int num1 = 50; /* additional tests for some functions */ +static const int num2 = 5; /* number of tests for slow functions */ + +int test_add(BIO *bp); +int test_sub(BIO *bp); +int test_lshift1(BIO *bp); +int test_lshift(BIO *bp, BN_CTX *ctx, BIGNUM *a_); +int test_rshift1(BIO *bp); +int test_rshift(BIO *bp, BN_CTX *ctx); +int test_div(BIO *bp, BN_CTX *ctx); +int test_div_word(BIO *bp); +int test_div_recp(BIO *bp, BN_CTX *ctx); +int test_mul(BIO *bp); +int test_sqr(BIO *bp, BN_CTX *ctx); +int test_mont(BIO *bp, BN_CTX *ctx); +int test_mod(BIO *bp, BN_CTX *ctx); +int test_mod_mul(BIO *bp, BN_CTX *ctx); +int test_mod_exp(BIO *bp, BN_CTX *ctx); +int test_mod_exp_mont_consttime(BIO *bp, BN_CTX *ctx); +int test_mod_exp_mont5(BIO *bp, BN_CTX *ctx); +int test_exp(BIO *bp, BN_CTX *ctx); +int test_gf2m_add(BIO *bp); +int test_gf2m_mod(BIO *bp); +int test_gf2m_mod_mul(BIO *bp, BN_CTX *ctx); +int test_gf2m_mod_sqr(BIO *bp, BN_CTX *ctx); +int test_gf2m_mod_inv(BIO *bp, BN_CTX *ctx); +int test_gf2m_mod_div(BIO *bp, BN_CTX *ctx); +int test_gf2m_mod_exp(BIO *bp, BN_CTX *ctx); +int test_gf2m_mod_sqrt(BIO *bp, BN_CTX *ctx); +int test_gf2m_mod_solve_quad(BIO *bp, BN_CTX *ctx); +int test_kron(BIO *bp, BN_CTX *ctx); +int test_sqrt(BIO *bp, BN_CTX *ctx); +int test_small_prime(BIO *bp, BN_CTX *ctx); +int test_bn2dec(BIO *bp); +int rand_neg(void); +static int results = 0; + +static unsigned char lst[] = + "\xC6\x4F\x43\x04\x2A\xEA\xCA\x6E\x58\x36\x80\x5B\xE8\xC9" + "\x9B\x04\x5D\x48\x36\xC2\xFD\x16\xC9\x64\xF0"; + +static const char rnd_seed[] = + "string to make the random number generator think it has entropy"; + +static void message(BIO *out, char *m) +{ + fprintf(stderr, "test %s\n", m); + BIO_puts(out, "print \"test "); + BIO_puts(out, m); + BIO_puts(out, "\\n\"\n"); +} + +int main(int argc, char *argv[]) +{ + BN_CTX *ctx; + BIO *out; + char *outfile = NULL; + + CRYPTO_set_mem_debug(1); + CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON); + + results = 0; + + RAND_seed(rnd_seed, sizeof(rnd_seed)); /* or BN_generate_prime may fail */ + + argc--; + argv++; + while (argc >= 1) { + if (strcmp(*argv, "-results") == 0) + results = 1; + else if (strcmp(*argv, "-out") == 0) { + if (--argc < 1) + break; + outfile = *(++argv); + } + argc--; + argv++; + } + + ctx = BN_CTX_new(); + if (ctx == NULL) + EXIT(1); + + out = BIO_new(BIO_s_file()); + if (out == NULL) + EXIT(1); + if (outfile == NULL) { + BIO_set_fp(out, stdout, BIO_NOCLOSE | BIO_FP_TEXT); + } else { + if (!BIO_write_filename(out, outfile)) { + perror(outfile); + EXIT(1); + } + } +#ifdef OPENSSL_SYS_VMS + { + BIO *tmpbio = BIO_new(BIO_f_linebuffer()); + out = BIO_push(tmpbio, out); + } +#endif + + if (!results) + BIO_puts(out, "obase=16\nibase=16\n"); + + message(out, "BN_add"); + if (!test_add(out)) + goto err; + (void)BIO_flush(out); + + message(out, "BN_sub"); + if (!test_sub(out)) + goto err; + (void)BIO_flush(out); + + message(out, "BN_lshift1"); + if (!test_lshift1(out)) + goto err; + (void)BIO_flush(out); + + message(out, "BN_lshift (fixed)"); + if (!test_lshift(out, ctx, BN_bin2bn(lst, sizeof(lst) - 1, NULL))) + goto err; + (void)BIO_flush(out); + + message(out, "BN_lshift"); + if (!test_lshift(out, ctx, NULL)) + goto err; + (void)BIO_flush(out); + + message(out, "BN_rshift1"); + if (!test_rshift1(out)) + goto err; + (void)BIO_flush(out); + + message(out, "BN_rshift"); + if (!test_rshift(out, ctx)) + goto err; + (void)BIO_flush(out); + + message(out, "BN_sqr"); + if (!test_sqr(out, ctx)) + goto err; + (void)BIO_flush(out); + + message(out, "BN_mul"); + if (!test_mul(out)) + goto err; + (void)BIO_flush(out); + + message(out, "BN_div"); + if (!test_div(out, ctx)) + goto err; + (void)BIO_flush(out); + + message(out, "BN_div_word"); + if (!test_div_word(out)) + goto err; + (void)BIO_flush(out); + + message(out, "BN_div_recp"); + if (!test_div_recp(out, ctx)) + goto err; + (void)BIO_flush(out); + + message(out, "BN_mod"); + if (!test_mod(out, ctx)) + goto err; + (void)BIO_flush(out); + + message(out, "BN_mod_mul"); + if (!test_mod_mul(out, ctx)) + goto err; + (void)BIO_flush(out); + + message(out, "BN_mont"); + if (!test_mont(out, ctx)) + goto err; + (void)BIO_flush(out); + + message(out, "BN_mod_exp"); + if (!test_mod_exp(out, ctx)) + goto err; + (void)BIO_flush(out); + + message(out, "BN_mod_exp_mont_consttime"); + if (!test_mod_exp_mont_consttime(out, ctx)) + goto err; + if (!test_mod_exp_mont5(out, ctx)) + goto err; + (void)BIO_flush(out); + + message(out, "BN_exp"); + if (!test_exp(out, ctx)) + goto err; + (void)BIO_flush(out); + + message(out, "BN_kronecker"); + if (!test_kron(out, ctx)) + goto err; + (void)BIO_flush(out); + + message(out, "BN_mod_sqrt"); + if (!test_sqrt(out, ctx)) + goto err; + (void)BIO_flush(out); + + message(out, "Small prime generation"); + if (!test_small_prime(out, ctx)) + goto err; + (void)BIO_flush(out); + + message(out, "BN_bn2dec"); + if (!test_bn2dec(out)) + goto err; + (void)BIO_flush(out); + +#ifndef OPENSSL_NO_EC2M + message(out, "BN_GF2m_add"); + if (!test_gf2m_add(out)) + goto err; + (void)BIO_flush(out); + + message(out, "BN_GF2m_mod"); + if (!test_gf2m_mod(out)) + goto err; + (void)BIO_flush(out); + + message(out, "BN_GF2m_mod_mul"); + if (!test_gf2m_mod_mul(out, ctx)) + goto err; + (void)BIO_flush(out); + + message(out, "BN_GF2m_mod_sqr"); + if (!test_gf2m_mod_sqr(out, ctx)) + goto err; + (void)BIO_flush(out); + + message(out, "BN_GF2m_mod_inv"); + if (!test_gf2m_mod_inv(out, ctx)) + goto err; + (void)BIO_flush(out); + + message(out, "BN_GF2m_mod_div"); + if (!test_gf2m_mod_div(out, ctx)) + goto err; + (void)BIO_flush(out); + + message(out, "BN_GF2m_mod_exp"); + if (!test_gf2m_mod_exp(out, ctx)) + goto err; + (void)BIO_flush(out); + + message(out, "BN_GF2m_mod_sqrt"); + if (!test_gf2m_mod_sqrt(out, ctx)) + goto err; + (void)BIO_flush(out); + + message(out, "BN_GF2m_mod_solve_quad"); + if (!test_gf2m_mod_solve_quad(out, ctx)) + goto err; + (void)BIO_flush(out); +#endif + BN_CTX_free(ctx); + BIO_free(out); + + ERR_print_errors_fp(stderr); + +#ifndef OPENSSL_NO_CRYPTO_MDEBUG + if (CRYPTO_mem_leaks_fp(stderr) <= 0) + EXIT(1); +#endif + EXIT(0); + err: + BIO_puts(out, "1\n"); /* make sure the Perl script fed by bc + * notices the failure, see test_bn in + * test/Makefile.ssl */ + (void)BIO_flush(out); + BN_CTX_free(ctx); + BIO_free(out); + + ERR_print_errors_fp(stderr); + EXIT(1); +} + +int test_add(BIO *bp) +{ + BIGNUM *a, *b, *c; + int i; + + a = BN_new(); + b = BN_new(); + c = BN_new(); + + BN_bntest_rand(a, 512, 0, 0); + for (i = 0; i < num0; i++) { + BN_bntest_rand(b, 450 + i, 0, 0); + a->neg = rand_neg(); + b->neg = rand_neg(); + BN_add(c, a, b); + if (bp != NULL) { + if (!results) { + BN_print(bp, a); + BIO_puts(bp, " + "); + BN_print(bp, b); + BIO_puts(bp, " - "); + } + BN_print(bp, c); + BIO_puts(bp, "\n"); + } + a->neg = !a->neg; + b->neg = !b->neg; + BN_add(c, c, b); + BN_add(c, c, a); + if (!BN_is_zero(c)) { + fprintf(stderr, "Add test failed!\n"); + return 0; + } + } + BN_free(a); + BN_free(b); + BN_free(c); + return (1); +} + +int test_sub(BIO *bp) +{ + BIGNUM *a, *b, *c; + int i; + + a = BN_new(); + b = BN_new(); + c = BN_new(); + + for (i = 0; i < num0 + num1; i++) { + if (i < num1) { + BN_bntest_rand(a, 512, 0, 0); + BN_copy(b, a); + if (BN_set_bit(a, i) == 0) + return (0); + BN_add_word(b, i); + } else { + BN_bntest_rand(b, 400 + i - num1, 0, 0); + a->neg = rand_neg(); + b->neg = rand_neg(); + } + BN_sub(c, a, b); + if (bp != NULL) { + if (!results) { + BN_print(bp, a); + BIO_puts(bp, " - "); + BN_print(bp, b); + BIO_puts(bp, " - "); + } + BN_print(bp, c); + BIO_puts(bp, "\n"); + } + BN_add(c, c, b); + BN_sub(c, c, a); + if (!BN_is_zero(c)) { + fprintf(stderr, "Subtract test failed!\n"); + return 0; + } + } + BN_free(a); + BN_free(b); + BN_free(c); + return (1); +} + +int test_div(BIO *bp, BN_CTX *ctx) +{ + BIGNUM *a, *b, *c, *d, *e; + int i; + + a = BN_new(); + b = BN_new(); + c = BN_new(); + d = BN_new(); + e = BN_new(); + + BN_one(a); + BN_zero(b); + + if (BN_div(d, c, a, b, ctx)) { + fprintf(stderr, "Division by zero succeeded!\n"); + return 0; + } + + for (i = 0; i < num0 + num1; i++) { + if (i < num1) { + BN_bntest_rand(a, 400, 0, 0); + BN_copy(b, a); + BN_lshift(a, a, i); + BN_add_word(a, i); + } else + BN_bntest_rand(b, 50 + 3 * (i - num1), 0, 0); + a->neg = rand_neg(); + b->neg = rand_neg(); + BN_div(d, c, a, b, ctx); + if (bp != NULL) { + if (!results) { + BN_print(bp, a); + BIO_puts(bp, " / "); + BN_print(bp, b); + BIO_puts(bp, " - "); + } + BN_print(bp, d); + BIO_puts(bp, "\n"); + + if (!results) { + BN_print(bp, a); + BIO_puts(bp, " % "); + BN_print(bp, b); + BIO_puts(bp, " - "); + } + BN_print(bp, c); + BIO_puts(bp, "\n"); + } + BN_mul(e, d, b, ctx); + BN_add(d, e, c); + BN_sub(d, d, a); + if (!BN_is_zero(d)) { + fprintf(stderr, "Division test failed!\n"); + return 0; + } + } + BN_free(a); + BN_free(b); + BN_free(c); + BN_free(d); + BN_free(e); + return (1); +} + +static void print_word(BIO *bp, BN_ULONG w) +{ + int i = sizeof(w) * 8; + char *fmt = NULL; + unsigned char byte; + + do { + i -= 8; + byte = (unsigned char)(w >> i); + if (fmt == NULL) + fmt = byte ? "%X" : NULL; + else + fmt = "%02X"; + + if (fmt != NULL) + BIO_printf(bp, fmt, byte); + } while (i); + + /* If we haven't printed anything, at least print a zero! */ + if (fmt == NULL) + BIO_printf(bp, "0"); +} + +int test_div_word(BIO *bp) +{ + BIGNUM *a, *b; + BN_ULONG r, rmod, s; + int i; + + a = BN_new(); + b = BN_new(); + + for (i = 0; i < num0; i++) { + do { + BN_bntest_rand(a, 512, -1, 0); + BN_bntest_rand(b, BN_BITS2, -1, 0); + } while (BN_is_zero(b)); + + s = b->d[0]; + BN_copy(b, a); + rmod = BN_mod_word(b, s); + r = BN_div_word(b, s); + + if (rmod != r) { + fprintf(stderr, "Mod (word) test failed!\n"); + return 0; + } + + if (bp != NULL) { + if (!results) { + BN_print(bp, a); + BIO_puts(bp, " / "); + print_word(bp, s); + BIO_puts(bp, " - "); + } + BN_print(bp, b); + BIO_puts(bp, "\n"); + + if (!results) { + BN_print(bp, a); + BIO_puts(bp, " % "); + print_word(bp, s); + BIO_puts(bp, " - "); + } + print_word(bp, r); + BIO_puts(bp, "\n"); + } + BN_mul_word(b, s); + BN_add_word(b, r); + BN_sub(b, a, b); + if (!BN_is_zero(b)) { + fprintf(stderr, "Division (word) test failed!\n"); + return 0; + } + } + BN_free(a); + BN_free(b); + return (1); +} + +int test_div_recp(BIO *bp, BN_CTX *ctx) +{ + BIGNUM *a, *b, *c, *d, *e; + BN_RECP_CTX *recp; + int i; + + recp = BN_RECP_CTX_new(); + a = BN_new(); + b = BN_new(); + c = BN_new(); + d = BN_new(); + e = BN_new(); + + for (i = 0; i < num0 + num1; i++) { + if (i < num1) { + BN_bntest_rand(a, 400, 0, 0); + BN_copy(b, a); + BN_lshift(a, a, i); + BN_add_word(a, i); + } else + BN_bntest_rand(b, 50 + 3 * (i - num1), 0, 0); + a->neg = rand_neg(); + b->neg = rand_neg(); + BN_RECP_CTX_set(recp, b, ctx); + BN_div_recp(d, c, a, recp, ctx); + if (bp != NULL) { + if (!results) { + BN_print(bp, a); + BIO_puts(bp, " / "); + BN_print(bp, b); + BIO_puts(bp, " - "); + } + BN_print(bp, d); + BIO_puts(bp, "\n"); + + if (!results) { + BN_print(bp, a); + BIO_puts(bp, " % "); + BN_print(bp, b); + BIO_puts(bp, " - "); + } + BN_print(bp, c); + BIO_puts(bp, "\n"); + } + BN_mul(e, d, b, ctx); + BN_add(d, e, c); + BN_sub(d, d, a); + if (!BN_is_zero(d)) { + fprintf(stderr, "Reciprocal division test failed!\n"); + fprintf(stderr, "a="); + BN_print_fp(stderr, a); + fprintf(stderr, "\nb="); + BN_print_fp(stderr, b); + fprintf(stderr, "\n"); + return 0; + } + } + BN_free(a); + BN_free(b); + BN_free(c); + BN_free(d); + BN_free(e); + BN_RECP_CTX_free(recp); + return (1); +} + +int test_mul(BIO *bp) +{ + BIGNUM *a, *b, *c, *d, *e; + int i; + BN_CTX *ctx; + + ctx = BN_CTX_new(); + if (ctx == NULL) + EXIT(1); + + a = BN_new(); + b = BN_new(); + c = BN_new(); + d = BN_new(); + e = BN_new(); + + for (i = 0; i < num0 + num1; i++) { + if (i <= num1) { + BN_bntest_rand(a, 100, 0, 0); + BN_bntest_rand(b, 100, 0, 0); + } else + BN_bntest_rand(b, i - num1, 0, 0); + a->neg = rand_neg(); + b->neg = rand_neg(); + BN_mul(c, a, b, ctx); + if (bp != NULL) { + if (!results) { + BN_print(bp, a); + BIO_puts(bp, " * "); + BN_print(bp, b); + BIO_puts(bp, " - "); + } + BN_print(bp, c); + BIO_puts(bp, "\n"); + } + BN_div(d, e, c, a, ctx); + BN_sub(d, d, b); + if (!BN_is_zero(d) || !BN_is_zero(e)) { + fprintf(stderr, "Multiplication test failed!\n"); + return 0; + } + } + BN_free(a); + BN_free(b); + BN_free(c); + BN_free(d); + BN_free(e); + BN_CTX_free(ctx); + return (1); +} + +int test_sqr(BIO *bp, BN_CTX *ctx) +{ + BIGNUM *a, *c, *d, *e; + int i, ret = 0; + + a = BN_new(); + c = BN_new(); + d = BN_new(); + e = BN_new(); + if (a == NULL || c == NULL || d == NULL || e == NULL) { + goto err; + } + + for (i = 0; i < num0; i++) { + BN_bntest_rand(a, 40 + i * 10, 0, 0); + a->neg = rand_neg(); + BN_sqr(c, a, ctx); + if (bp != NULL) { + if (!results) { + BN_print(bp, a); + BIO_puts(bp, " * "); + BN_print(bp, a); + BIO_puts(bp, " - "); + } + BN_print(bp, c); + BIO_puts(bp, "\n"); + } + BN_div(d, e, c, a, ctx); + BN_sub(d, d, a); + if (!BN_is_zero(d) || !BN_is_zero(e)) { + fprintf(stderr, "Square test failed!\n"); + goto err; + } + } + + /* Regression test for a BN_sqr overflow bug. */ + BN_hex2bn(&a, + "80000000000000008000000000000001" + "FFFFFFFFFFFFFFFE0000000000000000"); + BN_sqr(c, a, ctx); + if (bp != NULL) { + if (!results) { + BN_print(bp, a); + BIO_puts(bp, " * "); + BN_print(bp, a); + BIO_puts(bp, " - "); + } + BN_print(bp, c); + BIO_puts(bp, "\n"); + } + BN_mul(d, a, a, ctx); + if (BN_cmp(c, d)) { + fprintf(stderr, "Square test failed: BN_sqr and BN_mul produce " + "different results!\n"); + goto err; + } + + /* Regression test for a BN_sqr overflow bug. */ + BN_hex2bn(&a, + "80000000000000000000000080000001" + "FFFFFFFE000000000000000000000000"); + BN_sqr(c, a, ctx); + if (bp != NULL) { + if (!results) { + BN_print(bp, a); + BIO_puts(bp, " * "); + BN_print(bp, a); + BIO_puts(bp, " - "); + } + BN_print(bp, c); + BIO_puts(bp, "\n"); + } + BN_mul(d, a, a, ctx); + if (BN_cmp(c, d)) { + fprintf(stderr, "Square test failed: BN_sqr and BN_mul produce " + "different results!\n"); + goto err; + } + ret = 1; + err: + BN_free(a); + BN_free(c); + BN_free(d); + BN_free(e); + return ret; +} + +int test_mont(BIO *bp, BN_CTX *ctx) +{ + BIGNUM *a, *b, *c, *d, *A, *B; + BIGNUM *n; + int i; + BN_MONT_CTX *mont; + + a = BN_new(); + b = BN_new(); + c = BN_new(); + d = BN_new(); + A = BN_new(); + B = BN_new(); + n = BN_new(); + + mont = BN_MONT_CTX_new(); + if (mont == NULL) + return 0; + + BN_zero(n); + if (BN_MONT_CTX_set(mont, n, ctx)) { + fprintf(stderr, "BN_MONT_CTX_set succeeded for zero modulus!\n"); + return 0; + } + + BN_set_word(n, 16); + if (BN_MONT_CTX_set(mont, n, ctx)) { + fprintf(stderr, "BN_MONT_CTX_set succeeded for even modulus!\n"); + return 0; + } + + BN_bntest_rand(a, 100, 0, 0); + BN_bntest_rand(b, 100, 0, 0); + for (i = 0; i < num2; i++) { + int bits = (200 * (i + 1)) / num2; + + if (bits == 0) + continue; + BN_bntest_rand(n, bits, 0, 1); + BN_MONT_CTX_set(mont, n, ctx); + + BN_nnmod(a, a, n, ctx); + BN_nnmod(b, b, n, ctx); + + BN_to_montgomery(A, a, mont, ctx); + BN_to_montgomery(B, b, mont, ctx); + + BN_mod_mul_montgomery(c, A, B, mont, ctx); + BN_from_montgomery(A, c, mont, ctx); + if (bp != NULL) { + if (!results) { + BN_print(bp, a); + BIO_puts(bp, " * "); + BN_print(bp, b); + BIO_puts(bp, " % "); + BN_print(bp, &mont->N); + BIO_puts(bp, " - "); + } + BN_print(bp, A); + BIO_puts(bp, "\n"); + } + BN_mod_mul(d, a, b, n, ctx); + BN_sub(d, d, A); + if (!BN_is_zero(d)) { + fprintf(stderr, "Montgomery multiplication test failed!\n"); + return 0; + } + } + + /* Regression test for carry bug in mulx4x_mont */ + BN_hex2bn(&a, + "7878787878787878787878787878787878787878787878787878787878787878" + "7878787878787878787878787878787878787878787878787878787878787878" + "7878787878787878787878787878787878787878787878787878787878787878" + "7878787878787878787878787878787878787878787878787878787878787878"); + BN_hex2bn(&b, + "095D72C08C097BA488C5E439C655A192EAFB6380073D8C2664668EDDB4060744" + "E16E57FB4EDB9AE10A0CEFCDC28A894F689A128379DB279D48A2E20849D68593" + "9B7803BCF46CEBF5C533FB0DD35B080593DE5472E3FE5DB951B8BFF9B4CB8F03" + "9CC638A5EE8CDD703719F8000E6A9F63BEED5F2FCD52FF293EA05A251BB4AB81"); + BN_hex2bn(&n, + "D78AF684E71DB0C39CFF4E64FB9DB567132CB9C50CC98009FEB820B26F2DED9B" + "91B9B5E2B83AE0AE4EB4E0523CA726BFBE969B89FD754F674CE99118C3F2D1C5" + "D81FDC7C54E02B60262B241D53C040E99E45826ECA37A804668E690E1AFC1CA4" + "2C9A15D84D4954425F0B7642FC0BD9D7B24E2618D2DCC9B729D944BADACFDDAF"); + BN_MONT_CTX_set(mont, n, ctx); + BN_mod_mul_montgomery(c, a, b, mont, ctx); + BN_mod_mul_montgomery(d, b, a, mont, ctx); + if (BN_cmp(c, d)) { + fprintf(stderr, "Montgomery multiplication test failed:" + " a*b != b*a.\n"); + return 0; + } + + BN_MONT_CTX_free(mont); + BN_free(a); + BN_free(b); + BN_free(c); + BN_free(d); + BN_free(A); + BN_free(B); + BN_free(n); + return (1); +} + +int test_mod(BIO *bp, BN_CTX *ctx) +{ + BIGNUM *a, *b, *c, *d, *e; + int i; + + a = BN_new(); + b = BN_new(); + c = BN_new(); + d = BN_new(); + e = BN_new(); + + BN_bntest_rand(a, 1024, 0, 0); + for (i = 0; i < num0; i++) { + BN_bntest_rand(b, 450 + i * 10, 0, 0); + a->neg = rand_neg(); + b->neg = rand_neg(); + BN_mod(c, a, b, ctx); + if (bp != NULL) { + if (!results) { + BN_print(bp, a); + BIO_puts(bp, " % "); + BN_print(bp, b); + BIO_puts(bp, " - "); + } + BN_print(bp, c); + BIO_puts(bp, "\n"); + } + BN_div(d, e, a, b, ctx); + BN_sub(e, e, c); + if (!BN_is_zero(e)) { + fprintf(stderr, "Modulo test failed!\n"); + return 0; + } + } + BN_free(a); + BN_free(b); + BN_free(c); + BN_free(d); + BN_free(e); + return (1); +} + +int test_mod_mul(BIO *bp, BN_CTX *ctx) +{ + BIGNUM *a, *b, *c, *d, *e; + int i, j; + + a = BN_new(); + b = BN_new(); + c = BN_new(); + d = BN_new(); + e = BN_new(); + + BN_one(a); + BN_one(b); + BN_zero(c); + if (BN_mod_mul(e, a, b, c, ctx)) { + fprintf(stderr, "BN_mod_mul with zero modulus succeeded!\n"); + return 0; + } + + for (j = 0; j < 3; j++) { + BN_bntest_rand(c, 1024, 0, 0); + for (i = 0; i < num0; i++) { + BN_bntest_rand(a, 475 + i * 10, 0, 0); + BN_bntest_rand(b, 425 + i * 11, 0, 0); + a->neg = rand_neg(); + b->neg = rand_neg(); + if (!BN_mod_mul(e, a, b, c, ctx)) { + unsigned long l; + + while ((l = ERR_get_error())) + fprintf(stderr, "ERROR:%s\n", ERR_error_string(l, NULL)); + EXIT(1); + } + if (bp != NULL) { + if (!results) { + BN_print(bp, a); + BIO_puts(bp, " * "); + BN_print(bp, b); + BIO_puts(bp, " % "); + BN_print(bp, c); + if ((a->neg ^ b->neg) && !BN_is_zero(e)) { + /* + * If (a*b) % c is negative, c must be added in order + * to obtain the normalized remainder (new with + * OpenSSL 0.9.7, previous versions of BN_mod_mul + * could generate negative results) + */ + BIO_puts(bp, " + "); + BN_print(bp, c); + } + BIO_puts(bp, " - "); + } + BN_print(bp, e); + BIO_puts(bp, "\n"); + } + BN_mul(d, a, b, ctx); + BN_sub(d, d, e); + BN_div(a, b, d, c, ctx); + if (!BN_is_zero(b)) { + fprintf(stderr, "Modulo multiply test failed!\n"); + ERR_print_errors_fp(stderr); + return 0; + } + } + } + BN_free(a); + BN_free(b); + BN_free(c); + BN_free(d); + BN_free(e); + return (1); +} + +int test_mod_exp(BIO *bp, BN_CTX *ctx) +{ + BIGNUM *a, *b, *c, *d, *e; + int i; + + a = BN_new(); + b = BN_new(); + c = BN_new(); + d = BN_new(); + e = BN_new(); + + BN_one(a); + BN_one(b); + BN_zero(c); + if (BN_mod_exp(d, a, b, c, ctx)) { + fprintf(stderr, "BN_mod_exp with zero modulus succeeded!\n"); + return 0; + } + + BN_bntest_rand(c, 30, 0, 1); /* must be odd for montgomery */ + for (i = 0; i < num2; i++) { + BN_bntest_rand(a, 20 + i * 5, 0, 0); + BN_bntest_rand(b, 2 + i, 0, 0); + + if (!BN_mod_exp(d, a, b, c, ctx)) + return (0); + + if (bp != NULL) { + if (!results) { + BN_print(bp, a); + BIO_puts(bp, " ^ "); + BN_print(bp, b); + BIO_puts(bp, " % "); + BN_print(bp, c); + BIO_puts(bp, " - "); + } + BN_print(bp, d); + BIO_puts(bp, "\n"); + } + BN_exp(e, a, b, ctx); + BN_sub(e, e, d); + BN_div(a, b, e, c, ctx); + if (!BN_is_zero(b)) { + fprintf(stderr, "Modulo exponentiation test failed!\n"); + return 0; + } + } + + /* Regression test for carry propagation bug in sqr8x_reduction */ + BN_hex2bn(&a, "050505050505"); + BN_hex2bn(&b, "02"); + BN_hex2bn(&c, + "4141414141414141414141274141414141414141414141414141414141414141" + "4141414141414141414141414141414141414141414141414141414141414141" + "4141414141414141414141800000000000000000000000000000000000000000" + "0000000000000000000000000000000000000000000000000000000000000000" + "0000000000000000000000000000000000000000000000000000000000000000" + "0000000000000000000000000000000000000000000000000000000001"); + BN_mod_exp(d, a, b, c, ctx); + BN_mul(e, a, a, ctx); + if (BN_cmp(d, e)) { + fprintf(stderr, "BN_mod_exp and BN_mul produce different results!\n"); + return 0; + } + + BN_free(a); + BN_free(b); + BN_free(c); + BN_free(d); + BN_free(e); + return (1); +} + +int test_mod_exp_mont_consttime(BIO *bp, BN_CTX *ctx) +{ + BIGNUM *a, *b, *c, *d, *e; + int i; + + a = BN_new(); + b = BN_new(); + c = BN_new(); + d = BN_new(); + e = BN_new(); + + BN_one(a); + BN_one(b); + BN_zero(c); + if (BN_mod_exp_mont_consttime(d, a, b, c, ctx, NULL)) { + fprintf(stderr, "BN_mod_exp_mont_consttime with zero modulus " + "succeeded\n"); + return 0; + } + + BN_set_word(c, 16); + if (BN_mod_exp_mont_consttime(d, a, b, c, ctx, NULL)) { + fprintf(stderr, "BN_mod_exp_mont_consttime with even modulus " + "succeeded\n"); + return 0; + } + + BN_bntest_rand(c, 30, 0, 1); /* must be odd for montgomery */ + for (i = 0; i < num2; i++) { + BN_bntest_rand(a, 20 + i * 5, 0, 0); + BN_bntest_rand(b, 2 + i, 0, 0); + + if (!BN_mod_exp_mont_consttime(d, a, b, c, ctx, NULL)) + return (00); + + if (bp != NULL) { + if (!results) { + BN_print(bp, a); + BIO_puts(bp, " ^ "); + BN_print(bp, b); + BIO_puts(bp, " % "); + BN_print(bp, c); + BIO_puts(bp, " - "); + } + BN_print(bp, d); + BIO_puts(bp, "\n"); + } + BN_exp(e, a, b, ctx); + BN_sub(e, e, d); + BN_div(a, b, e, c, ctx); + if (!BN_is_zero(b)) { + fprintf(stderr, "Modulo exponentiation test failed!\n"); + return 0; + } + } + BN_free(a); + BN_free(b); + BN_free(c); + BN_free(d); + BN_free(e); + return (1); +} + +/* + * Test constant-time modular exponentiation with 1024-bit inputs, which on + * x86_64 cause a different code branch to be taken. + */ +int test_mod_exp_mont5(BIO *bp, BN_CTX *ctx) +{ + BIGNUM *a, *p, *m, *d, *e; + BN_MONT_CTX *mont; + + a = BN_new(); + p = BN_new(); + m = BN_new(); + d = BN_new(); + e = BN_new(); + mont = BN_MONT_CTX_new(); + + BN_bntest_rand(m, 1024, 0, 1); /* must be odd for montgomery */ + /* Zero exponent */ + BN_bntest_rand(a, 1024, 0, 0); + BN_zero(p); + if (!BN_mod_exp_mont_consttime(d, a, p, m, ctx, NULL)) + return 0; + if (!BN_is_one(d)) { + fprintf(stderr, "Modular exponentiation test failed!\n"); + return 0; + } + /* Zero input */ + BN_bntest_rand(p, 1024, 0, 0); + BN_zero(a); + if (!BN_mod_exp_mont_consttime(d, a, p, m, ctx, NULL)) + return 0; + if (!BN_is_zero(d)) { + fprintf(stderr, "Modular exponentiation test failed!\n"); + return 0; + } + /* + * Craft an input whose Montgomery representation is 1, i.e., shorter + * than the modulus m, in order to test the const time precomputation + * scattering/gathering. + */ + BN_one(a); + BN_MONT_CTX_set(mont, m, ctx); + if (!BN_from_montgomery(e, a, mont, ctx)) + return 0; + if (!BN_mod_exp_mont_consttime(d, e, p, m, ctx, NULL)) + return 0; + if (!BN_mod_exp_simple(a, e, p, m, ctx)) + return 0; + if (BN_cmp(a, d) != 0) { + fprintf(stderr, "Modular exponentiation test failed!\n"); + return 0; + } + /* Finally, some regular test vectors. */ + BN_bntest_rand(e, 1024, 0, 0); + if (!BN_mod_exp_mont_consttime(d, e, p, m, ctx, NULL)) + return 0; + if (!BN_mod_exp_simple(a, e, p, m, ctx)) + return 0; + if (BN_cmp(a, d) != 0) { + fprintf(stderr, "Modular exponentiation test failed!\n"); + return 0; + } + BN_MONT_CTX_free(mont); + BN_free(a); + BN_free(p); + BN_free(m); + BN_free(d); + BN_free(e); + return (1); +} + +int test_exp(BIO *bp, BN_CTX *ctx) +{ + BIGNUM *a, *b, *d, *e, *one; + int i; + + a = BN_new(); + b = BN_new(); + d = BN_new(); + e = BN_new(); + one = BN_new(); + BN_one(one); + + for (i = 0; i < num2; i++) { + BN_bntest_rand(a, 20 + i * 5, 0, 0); + BN_bntest_rand(b, 2 + i, 0, 0); + + if (BN_exp(d, a, b, ctx) <= 0) + return (0); + + if (bp != NULL) { + if (!results) { + BN_print(bp, a); + BIO_puts(bp, " ^ "); + BN_print(bp, b); + BIO_puts(bp, " - "); + } + BN_print(bp, d); + BIO_puts(bp, "\n"); + } + BN_one(e); + for (; !BN_is_zero(b); BN_sub(b, b, one)) + BN_mul(e, e, a, ctx); + BN_sub(e, e, d); + if (!BN_is_zero(e)) { + fprintf(stderr, "Exponentiation test failed!\n"); + return 0; + } + } + BN_free(a); + BN_free(b); + BN_free(d); + BN_free(e); + BN_free(one); + return (1); +} + +#ifndef OPENSSL_NO_EC2M +int test_gf2m_add(BIO *bp) +{ + BIGNUM *a, *b, *c; + int i, ret = 0; + + a = BN_new(); + b = BN_new(); + c = BN_new(); + + for (i = 0; i < num0; i++) { + BN_rand(a, 512, BN_RAND_TOP_ONE, BN_RAND_BOTTOM_ANY); + BN_copy(b, BN_value_one()); + a->neg = rand_neg(); + b->neg = rand_neg(); + BN_GF2m_add(c, a, b); + /* Test that two added values have the correct parity. */ + if ((BN_is_odd(a) && BN_is_odd(c)) + || (!BN_is_odd(a) && !BN_is_odd(c))) { + fprintf(stderr, "GF(2^m) addition test (a) failed!\n"); + goto err; + } + BN_GF2m_add(c, c, c); + /* Test that c + c = 0. */ + if (!BN_is_zero(c)) { + fprintf(stderr, "GF(2^m) addition test (b) failed!\n"); + goto err; + } + } + ret = 1; + err: + BN_free(a); + BN_free(b); + BN_free(c); + return ret; +} + +int test_gf2m_mod(BIO *bp) +{ + BIGNUM *a, *b[2], *c, *d, *e; + int i, j, ret = 0; + int p0[] = { 163, 7, 6, 3, 0, -1 }; + int p1[] = { 193, 15, 0, -1 }; + + a = BN_new(); + b[0] = BN_new(); + b[1] = BN_new(); + c = BN_new(); + d = BN_new(); + e = BN_new(); + + BN_GF2m_arr2poly(p0, b[0]); + BN_GF2m_arr2poly(p1, b[1]); + + for (i = 0; i < num0; i++) { + BN_bntest_rand(a, 1024, 0, 0); + for (j = 0; j < 2; j++) { + BN_GF2m_mod(c, a, b[j]); + BN_GF2m_add(d, a, c); + BN_GF2m_mod(e, d, b[j]); + /* Test that a + (a mod p) mod p == 0. */ + if (!BN_is_zero(e)) { + fprintf(stderr, "GF(2^m) modulo test failed!\n"); + goto err; + } + } + } + ret = 1; + err: + BN_free(a); + BN_free(b[0]); + BN_free(b[1]); + BN_free(c); + BN_free(d); + BN_free(e); + return ret; +} + +int test_gf2m_mod_mul(BIO *bp, BN_CTX *ctx) +{ + BIGNUM *a, *b[2], *c, *d, *e, *f, *g, *h; + int i, j, ret = 0; + int p0[] = { 163, 7, 6, 3, 0, -1 }; + int p1[] = { 193, 15, 0, -1 }; + + a = BN_new(); + b[0] = BN_new(); + b[1] = BN_new(); + c = BN_new(); + d = BN_new(); + e = BN_new(); + f = BN_new(); + g = BN_new(); + h = BN_new(); + + BN_GF2m_arr2poly(p0, b[0]); + BN_GF2m_arr2poly(p1, b[1]); + + for (i = 0; i < num0; i++) { + BN_bntest_rand(a, 1024, 0, 0); + BN_bntest_rand(c, 1024, 0, 0); + BN_bntest_rand(d, 1024, 0, 0); + for (j = 0; j < 2; j++) { + BN_GF2m_mod_mul(e, a, c, b[j], ctx); + BN_GF2m_add(f, a, d); + BN_GF2m_mod_mul(g, f, c, b[j], ctx); + BN_GF2m_mod_mul(h, d, c, b[j], ctx); + BN_GF2m_add(f, e, g); + BN_GF2m_add(f, f, h); + /* Test that (a+d)*c = a*c + d*c. */ + if (!BN_is_zero(f)) { + fprintf(stderr, + "GF(2^m) modular multiplication test failed!\n"); + goto err; + } + } + } + ret = 1; + err: + BN_free(a); + BN_free(b[0]); + BN_free(b[1]); + BN_free(c); + BN_free(d); + BN_free(e); + BN_free(f); + BN_free(g); + BN_free(h); + return ret; +} + +int test_gf2m_mod_sqr(BIO *bp, BN_CTX *ctx) +{ + BIGNUM *a, *b[2], *c, *d; + int i, j, ret = 0; + int p0[] = { 163, 7, 6, 3, 0, -1 }; + int p1[] = { 193, 15, 0, -1 }; + + a = BN_new(); + b[0] = BN_new(); + b[1] = BN_new(); + c = BN_new(); + d = BN_new(); + + BN_GF2m_arr2poly(p0, b[0]); + BN_GF2m_arr2poly(p1, b[1]); + + for (i = 0; i < num0; i++) { + BN_bntest_rand(a, 1024, 0, 0); + for (j = 0; j < 2; j++) { + BN_GF2m_mod_sqr(c, a, b[j], ctx); + BN_copy(d, a); + BN_GF2m_mod_mul(d, a, d, b[j], ctx); + BN_GF2m_add(d, c, d); + /* Test that a*a = a^2. */ + if (!BN_is_zero(d)) { + fprintf(stderr, "GF(2^m) modular squaring test failed!\n"); + goto err; + } + } + } + ret = 1; + err: + BN_free(a); + BN_free(b[0]); + BN_free(b[1]); + BN_free(c); + BN_free(d); + return ret; +} + +int test_gf2m_mod_inv(BIO *bp, BN_CTX *ctx) +{ + BIGNUM *a, *b[2], *c, *d; + int i, j, ret = 0; + int p0[] = { 163, 7, 6, 3, 0, -1 }; + int p1[] = { 193, 15, 0, -1 }; + + a = BN_new(); + b[0] = BN_new(); + b[1] = BN_new(); + c = BN_new(); + d = BN_new(); + + BN_GF2m_arr2poly(p0, b[0]); + BN_GF2m_arr2poly(p1, b[1]); + + for (i = 0; i < num0; i++) { + BN_bntest_rand(a, 512, 0, 0); + for (j = 0; j < 2; j++) { + BN_GF2m_mod_inv(c, a, b[j], ctx); + BN_GF2m_mod_mul(d, a, c, b[j], ctx); + /* Test that ((1/a)*a) = 1. */ + if (!BN_is_one(d)) { + fprintf(stderr, "GF(2^m) modular inversion test failed!\n"); + goto err; + } + } + } + ret = 1; + err: + BN_free(a); + BN_free(b[0]); + BN_free(b[1]); + BN_free(c); + BN_free(d); + return ret; +} + +int test_gf2m_mod_div(BIO *bp, BN_CTX *ctx) +{ + BIGNUM *a, *b[2], *c, *d, *e, *f; + int i, j, ret = 0; + int p0[] = { 163, 7, 6, 3, 0, -1 }; + int p1[] = { 193, 15, 0, -1 }; + + a = BN_new(); + b[0] = BN_new(); + b[1] = BN_new(); + c = BN_new(); + d = BN_new(); + e = BN_new(); + f = BN_new(); + + BN_GF2m_arr2poly(p0, b[0]); + BN_GF2m_arr2poly(p1, b[1]); + + for (i = 0; i < num0; i++) { + BN_bntest_rand(a, 512, 0, 0); + BN_bntest_rand(c, 512, 0, 0); + for (j = 0; j < 2; j++) { + BN_GF2m_mod_div(d, a, c, b[j], ctx); + BN_GF2m_mod_mul(e, d, c, b[j], ctx); + BN_GF2m_mod_div(f, a, e, b[j], ctx); + /* Test that ((a/c)*c)/a = 1. */ + if (!BN_is_one(f)) { + fprintf(stderr, "GF(2^m) modular division test failed!\n"); + goto err; + } + } + } + ret = 1; + err: + BN_free(a); + BN_free(b[0]); + BN_free(b[1]); + BN_free(c); + BN_free(d); + BN_free(e); + BN_free(f); + return ret; +} + +int test_gf2m_mod_exp(BIO *bp, BN_CTX *ctx) +{ + BIGNUM *a, *b[2], *c, *d, *e, *f; + int i, j, ret = 0; + int p0[] = { 163, 7, 6, 3, 0, -1 }; + int p1[] = { 193, 15, 0, -1 }; + + a = BN_new(); + b[0] = BN_new(); + b[1] = BN_new(); + c = BN_new(); + d = BN_new(); + e = BN_new(); + f = BN_new(); + + BN_GF2m_arr2poly(p0, b[0]); + BN_GF2m_arr2poly(p1, b[1]); + + for (i = 0; i < num0; i++) { + BN_bntest_rand(a, 512, 0, 0); + BN_bntest_rand(c, 512, 0, 0); + BN_bntest_rand(d, 512, 0, 0); + for (j = 0; j < 2; j++) { + BN_GF2m_mod_exp(e, a, c, b[j], ctx); + BN_GF2m_mod_exp(f, a, d, b[j], ctx); + BN_GF2m_mod_mul(e, e, f, b[j], ctx); + BN_add(f, c, d); + BN_GF2m_mod_exp(f, a, f, b[j], ctx); + BN_GF2m_add(f, e, f); + /* Test that a^(c+d)=a^c*a^d. */ + if (!BN_is_zero(f)) { + fprintf(stderr, + "GF(2^m) modular exponentiation test failed!\n"); + goto err; + } + } + } + ret = 1; + err: + BN_free(a); + BN_free(b[0]); + BN_free(b[1]); + BN_free(c); + BN_free(d); + BN_free(e); + BN_free(f); + return ret; +} + +int test_gf2m_mod_sqrt(BIO *bp, BN_CTX *ctx) +{ + BIGNUM *a, *b[2], *c, *d, *e, *f; + int i, j, ret = 0; + int p0[] = { 163, 7, 6, 3, 0, -1 }; + int p1[] = { 193, 15, 0, -1 }; + + a = BN_new(); + b[0] = BN_new(); + b[1] = BN_new(); + c = BN_new(); + d = BN_new(); + e = BN_new(); + f = BN_new(); + + BN_GF2m_arr2poly(p0, b[0]); + BN_GF2m_arr2poly(p1, b[1]); + + for (i = 0; i < num0; i++) { + BN_bntest_rand(a, 512, 0, 0); + for (j = 0; j < 2; j++) { + BN_GF2m_mod(c, a, b[j]); + BN_GF2m_mod_sqrt(d, a, b[j], ctx); + BN_GF2m_mod_sqr(e, d, b[j], ctx); + BN_GF2m_add(f, c, e); + /* Test that d^2 = a, where d = sqrt(a). */ + if (!BN_is_zero(f)) { + fprintf(stderr, "GF(2^m) modular square root test failed!\n"); + goto err; + } + } + } + ret = 1; + err: + BN_free(a); + BN_free(b[0]); + BN_free(b[1]); + BN_free(c); + BN_free(d); + BN_free(e); + BN_free(f); + return ret; +} + +int test_gf2m_mod_solve_quad(BIO *bp, BN_CTX *ctx) +{ + BIGNUM *a, *b[2], *c, *d, *e; + int i, j, s = 0, t, ret = 0; + int p0[] = { 163, 7, 6, 3, 0, -1 }; + int p1[] = { 193, 15, 0, -1 }; + + a = BN_new(); + b[0] = BN_new(); + b[1] = BN_new(); + c = BN_new(); + d = BN_new(); + e = BN_new(); + + BN_GF2m_arr2poly(p0, b[0]); + BN_GF2m_arr2poly(p1, b[1]); + + for (i = 0; i < num0; i++) { + BN_bntest_rand(a, 512, 0, 0); + for (j = 0; j < 2; j++) { + t = BN_GF2m_mod_solve_quad(c, a, b[j], ctx); + if (t) { + s++; + BN_GF2m_mod_sqr(d, c, b[j], ctx); + BN_GF2m_add(d, c, d); + BN_GF2m_mod(e, a, b[j]); + BN_GF2m_add(e, e, d); + /* + * Test that solution of quadratic c satisfies c^2 + c = a. + */ + if (!BN_is_zero(e)) { + fprintf(stderr, + "GF(2^m) modular solve quadratic test failed!\n"); + goto err; + } + + } + } + } + if (s == 0) { + fprintf(stderr, + "All %i tests of GF(2^m) modular solve quadratic resulted in no roots;\n", + num0); + fprintf(stderr, + "this is very unlikely and probably indicates an error.\n"); + goto err; + } + ret = 1; + err: + BN_free(a); + BN_free(b[0]); + BN_free(b[1]); + BN_free(c); + BN_free(d); + BN_free(e); + return ret; +} +#endif +static int genprime_cb(int p, int n, BN_GENCB *arg) +{ + char c = '*'; + + if (p == 0) + c = '.'; + if (p == 1) + c = '+'; + if (p == 2) + c = '*'; + if (p == 3) + c = '\n'; + putc(c, stderr); + fflush(stderr); + return 1; +} + +int test_kron(BIO *bp, BN_CTX *ctx) +{ + BN_GENCB cb; + BIGNUM *a, *b, *r, *t; + int i; + int legendre, kronecker; + int ret = 0; + + a = BN_new(); + b = BN_new(); + r = BN_new(); + t = BN_new(); + if (a == NULL || b == NULL || r == NULL || t == NULL) + goto err; + + BN_GENCB_set(&cb, genprime_cb, NULL); + + /* + * We test BN_kronecker(a, b, ctx) just for b odd (Jacobi symbol). In + * this case we know that if b is prime, then BN_kronecker(a, b, ctx) is + * congruent to $a^{(b-1)/2}$, modulo $b$ (Legendre symbol). So we + * generate a random prime b and compare these values for a number of + * random a's. (That is, we run the Solovay-Strassen primality test to + * confirm that b is prime, except that we don't want to test whether b + * is prime but whether BN_kronecker works.) + */ + + if (!BN_generate_prime_ex(b, 512, 0, NULL, NULL, &cb)) + goto err; + b->neg = rand_neg(); + putc('\n', stderr); + + for (i = 0; i < num0; i++) { + if (!BN_bntest_rand(a, 512, 0, 0)) + goto err; + a->neg = rand_neg(); + + /* t := (|b|-1)/2 (note that b is odd) */ + if (!BN_copy(t, b)) + goto err; + t->neg = 0; + if (!BN_sub_word(t, 1)) + goto err; + if (!BN_rshift1(t, t)) + goto err; + /* r := a^t mod b */ + b->neg = 0; + + if (!BN_mod_exp_recp(r, a, t, b, ctx)) + goto err; + b->neg = 1; + + if (BN_is_word(r, 1)) + legendre = 1; + else if (BN_is_zero(r)) + legendre = 0; + else { + if (!BN_add_word(r, 1)) + goto err; + if (0 != BN_ucmp(r, b)) { + fprintf(stderr, "Legendre symbol computation failed\n"); + goto err; + } + legendre = -1; + } + + kronecker = BN_kronecker(a, b, ctx); + if (kronecker < -1) + goto err; + /* we actually need BN_kronecker(a, |b|) */ + if (a->neg && b->neg) + kronecker = -kronecker; + + if (legendre != kronecker) { + fprintf(stderr, "legendre != kronecker; a = "); + BN_print_fp(stderr, a); + fprintf(stderr, ", b = "); + BN_print_fp(stderr, b); + fprintf(stderr, "\n"); + goto err; + } + + putc('.', stderr); + fflush(stderr); + } + + putc('\n', stderr); + fflush(stderr); + ret = 1; + err: + BN_free(a); + BN_free(b); + BN_free(r); + BN_free(t); + return ret; +} + +int test_sqrt(BIO *bp, BN_CTX *ctx) +{ + BN_GENCB cb; + BIGNUM *a, *p, *r; + int i, j; + int ret = 0; + + a = BN_new(); + p = BN_new(); + r = BN_new(); + if (a == NULL || p == NULL || r == NULL) + goto err; + + BN_GENCB_set(&cb, genprime_cb, NULL); + + for (i = 0; i < 16; i++) { + if (i < 8) { + unsigned primes[8] = { 2, 3, 5, 7, 11, 13, 17, 19 }; + + if (!BN_set_word(p, primes[i])) + goto err; + } else { + if (!BN_set_word(a, 32)) + goto err; + if (!BN_set_word(r, 2 * i + 1)) + goto err; + + if (!BN_generate_prime_ex(p, 256, 0, a, r, &cb)) + goto err; + putc('\n', stderr); + } + p->neg = rand_neg(); + + for (j = 0; j < num2; j++) { + /* + * construct 'a' such that it is a square modulo p, but in + * general not a proper square and not reduced modulo p + */ + if (!BN_bntest_rand(r, 256, 0, 3)) + goto err; + if (!BN_nnmod(r, r, p, ctx)) + goto err; + if (!BN_mod_sqr(r, r, p, ctx)) + goto err; + if (!BN_bntest_rand(a, 256, 0, 3)) + goto err; + if (!BN_nnmod(a, a, p, ctx)) + goto err; + if (!BN_mod_sqr(a, a, p, ctx)) + goto err; + if (!BN_mul(a, a, r, ctx)) + goto err; + if (rand_neg()) + if (!BN_sub(a, a, p)) + goto err; + + if (!BN_mod_sqrt(r, a, p, ctx)) + goto err; + if (!BN_mod_sqr(r, r, p, ctx)) + goto err; + + if (!BN_nnmod(a, a, p, ctx)) + goto err; + + if (BN_cmp(a, r) != 0) { + fprintf(stderr, "BN_mod_sqrt failed: a = "); + BN_print_fp(stderr, a); + fprintf(stderr, ", r = "); + BN_print_fp(stderr, r); + fprintf(stderr, ", p = "); + BN_print_fp(stderr, p); + fprintf(stderr, "\n"); + goto err; + } + + putc('.', stderr); + fflush(stderr); + } + + putc('\n', stderr); + fflush(stderr); + } + ret = 1; + err: + BN_free(a); + BN_free(p); + BN_free(r); + return ret; +} + +int test_small_prime(BIO *bp, BN_CTX *ctx) +{ + static const int bits = 10; + int ret = 0; + BIGNUM *r; + + r = BN_new(); + if (!BN_generate_prime_ex(r, bits, 0, NULL, NULL, NULL)) + goto err; + if (BN_num_bits(r) != bits) { + BIO_printf(bp, "Expected %d bit prime, got %d bit number\n", bits, + BN_num_bits(r)); + goto err; + } + + ret = 1; + + err: + BN_clear_free(r); + return ret; +} + +int test_bn2dec(BIO *bp) +{ + static const char *bn2dec_tests[] = { + "0", + "1", + "-1", + "100", + "-100", + "123456789012345678901234567890", + "-123456789012345678901234567890", + "123456789012345678901234567890123456789012345678901234567890", + "-123456789012345678901234567890123456789012345678901234567890", + }; + int ret = 0; + size_t i; + BIGNUM *bn = NULL; + char *dec = NULL; + + for (i = 0; i < OSSL_NELEM(bn2dec_tests); i++) { + if (!BN_dec2bn(&bn, bn2dec_tests[i])) + goto err; + + dec = BN_bn2dec(bn); + if (dec == NULL) { + fprintf(stderr, "BN_bn2dec failed on %s.\n", bn2dec_tests[i]); + goto err; + } + + if (strcmp(dec, bn2dec_tests[i]) != 0) { + fprintf(stderr, "BN_bn2dec gave %s, wanted %s.\n", dec, + bn2dec_tests[i]); + goto err; + } + + OPENSSL_free(dec); + dec = NULL; + } + + ret = 1; + +err: + BN_free(bn); + OPENSSL_free(dec); + return ret; +} + +int test_lshift(BIO *bp, BN_CTX *ctx, BIGNUM *a_) +{ + BIGNUM *a, *b, *c, *d; + int i; + + b = BN_new(); + c = BN_new(); + d = BN_new(); + BN_one(c); + + if (a_) + a = a_; + else { + a = BN_new(); + BN_bntest_rand(a, 200, 0, 0); + a->neg = rand_neg(); + } + for (i = 0; i < num0; i++) { + BN_lshift(b, a, i + 1); + BN_add(c, c, c); + if (bp != NULL) { + if (!results) { + BN_print(bp, a); + BIO_puts(bp, " * "); + BN_print(bp, c); + BIO_puts(bp, " - "); + } + BN_print(bp, b); + BIO_puts(bp, "\n"); + } + BN_mul(d, a, c, ctx); + BN_sub(d, d, b); + if (!BN_is_zero(d)) { + fprintf(stderr, "Left shift test failed!\n"); + fprintf(stderr, "a="); + BN_print_fp(stderr, a); + fprintf(stderr, "\nb="); + BN_print_fp(stderr, b); + fprintf(stderr, "\nc="); + BN_print_fp(stderr, c); + fprintf(stderr, "\nd="); + BN_print_fp(stderr, d); + fprintf(stderr, "\n"); + return 0; + } + } + BN_free(a); + BN_free(b); + BN_free(c); + BN_free(d); + return (1); +} + +int test_lshift1(BIO *bp) +{ + BIGNUM *a, *b, *c; + int i; + + a = BN_new(); + b = BN_new(); + c = BN_new(); + + BN_bntest_rand(a, 200, 0, 0); + a->neg = rand_neg(); + for (i = 0; i < num0; i++) { + BN_lshift1(b, a); + if (bp != NULL) { + if (!results) { + BN_print(bp, a); + BIO_puts(bp, " * 2"); + BIO_puts(bp, " - "); + } + BN_print(bp, b); + BIO_puts(bp, "\n"); + } + BN_add(c, a, a); + BN_sub(a, b, c); + if (!BN_is_zero(a)) { + fprintf(stderr, "Left shift one test failed!\n"); + return 0; + } + + BN_copy(a, b); + } + BN_free(a); + BN_free(b); + BN_free(c); + return (1); +} + +int test_rshift(BIO *bp, BN_CTX *ctx) +{ + BIGNUM *a, *b, *c, *d, *e; + int i; + + a = BN_new(); + b = BN_new(); + c = BN_new(); + d = BN_new(); + e = BN_new(); + BN_one(c); + + BN_bntest_rand(a, 200, 0, 0); + a->neg = rand_neg(); + for (i = 0; i < num0; i++) { + BN_rshift(b, a, i + 1); + BN_add(c, c, c); + if (bp != NULL) { + if (!results) { + BN_print(bp, a); + BIO_puts(bp, " / "); + BN_print(bp, c); + BIO_puts(bp, " - "); + } + BN_print(bp, b); + BIO_puts(bp, "\n"); + } + BN_div(d, e, a, c, ctx); + BN_sub(d, d, b); + if (!BN_is_zero(d)) { + fprintf(stderr, "Right shift test failed!\n"); + return 0; + } + } + BN_free(a); + BN_free(b); + BN_free(c); + BN_free(d); + BN_free(e); + return (1); +} + +int test_rshift1(BIO *bp) +{ + BIGNUM *a, *b, *c; + int i; + + a = BN_new(); + b = BN_new(); + c = BN_new(); + + BN_bntest_rand(a, 200, 0, 0); + a->neg = rand_neg(); + for (i = 0; i < num0; i++) { + BN_rshift1(b, a); + if (bp != NULL) { + if (!results) { + BN_print(bp, a); + BIO_puts(bp, " / 2"); + BIO_puts(bp, " - "); + } + BN_print(bp, b); + BIO_puts(bp, "\n"); + } + BN_sub(c, a, b); + BN_sub(c, c, b); + if (!BN_is_zero(c) && !BN_abs_is_word(c, 1)) { + fprintf(stderr, "Right shift one test failed!\n"); + return 0; + } + BN_copy(a, b); + } + BN_free(a); + BN_free(b); + BN_free(c); + return (1); +} + +int rand_neg(void) +{ + static unsigned int neg = 0; + static int sign[8] = { 0, 0, 0, 1, 1, 0, 1, 1 }; + + return (sign[(neg++) % 8]); +} diff --git a/openssl-1.1.0h/test/build.info b/openssl-1.1.0h/test/build.info new file mode 100644 index 0000000..c262248 --- /dev/null +++ b/openssl-1.1.0h/test/build.info @@ -0,0 +1,326 @@ +IF[{- !$disabled{tests} -}] + PROGRAMS_NO_INST=\ + aborttest \ + sanitytest exdatatest bntest \ + ectest ecdsatest gmdifftest pbelutest ideatest \ + md2test md4test md5test \ + hmactest wp_test \ + rc2test rc4test rc5test \ + destest sha1test sha256t sha512t \ + mdc2test rmdtest \ + randtest dhtest enginetest casttest \ + bftest ssltest_old dsatest exptest rsa_test \ + evp_test evp_extra_test igetest v3nametest v3ext \ + crltest danetest heartbeat_test p5_crpt2_test bad_dtls_test \ + constant_time_test verify_extra_test clienthellotest \ + packettest asynctest secmemtest srptest memleaktest \ + dtlsv1listentest ct_test threadstest afalgtest d2i_test \ + ssl_test_ctx_test ssl_test x509aux cipherlist_test asynciotest \ + bioprinttest sslapitest dtlstest sslcorrupttest bio_enc_test \ + ocspapitest fatalerrtest + + SOURCE[aborttest]=aborttest.c + INCLUDE[aborttest]=../include + DEPEND[aborttest]=../libcrypto + + SOURCE[sanitytest]=sanitytest.c + INCLUDE[sanitytest]=../include + DEPEND[sanitytest]=../libcrypto + + SOURCE[exdatatest]=exdatatest.c + INCLUDE[exdatatest]=../include + DEPEND[exdatatest]=../libcrypto + + SOURCE[bntest]=bntest.c + INCLUDE[bntest]=.. ../crypto/include ../include + DEPEND[bntest]=../libcrypto + + SOURCE[ectest]=ectest.c + INCLUDE[ectest]=../include + DEPEND[ectest]=../libcrypto + + SOURCE[ecdsatest]=ecdsatest.c + INCLUDE[ecdsatest]=../include + DEPEND[ecdsatest]=../libcrypto + + SOURCE[gmdifftest]=gmdifftest.c + INCLUDE[gmdifftest]=../include + DEPEND[gmdifftest]=../libcrypto + + SOURCE[pbelutest]=pbelutest.c + INCLUDE[pbelutest]=../include + DEPEND[pbelutest]=../libcrypto + + SOURCE[ideatest]=ideatest.c + INCLUDE[ideatest]=../include + DEPEND[ideatest]=../libcrypto + + SOURCE[md2test]=md2test.c + INCLUDE[md2test]=../include + DEPEND[md2test]=../libcrypto + + SOURCE[md4test]=md4test.c + INCLUDE[md4test]=../include + DEPEND[md4test]=../libcrypto + + SOURCE[md5test]=md5test.c + INCLUDE[md5test]=../include + DEPEND[md5test]=../libcrypto + + SOURCE[hmactest]=hmactest.c + INCLUDE[hmactest]=../include + DEPEND[hmactest]=../libcrypto + + SOURCE[wp_test]=wp_test.c + INCLUDE[wp_test]=../include + DEPEND[wp_test]=../libcrypto + + SOURCE[rc2test]=rc2test.c + INCLUDE[rc2test]=../include + DEPEND[rc2test]=../libcrypto + + SOURCE[rc4test]=rc4test.c + INCLUDE[rc4test]=../include + DEPEND[rc4test]=../libcrypto + + SOURCE[rc5test]=rc5test.c + INCLUDE[rc5test]=../include + DEPEND[rc5test]=../libcrypto + + SOURCE[destest]=destest.c + INCLUDE[destest]=../include + DEPEND[destest]=../libcrypto + + SOURCE[sha1test]=sha1test.c + INCLUDE[sha1test]=../include + DEPEND[sha1test]=../libcrypto + + SOURCE[sha256t]=sha256t.c + INCLUDE[sha256t]=../include + DEPEND[sha256t]=../libcrypto + + SOURCE[sha512t]=sha512t.c + INCLUDE[sha512t]=../include + DEPEND[sha512t]=../libcrypto + + SOURCE[mdc2test]=mdc2test.c + INCLUDE[mdc2test]=../include + DEPEND[mdc2test]=../libcrypto + + SOURCE[rmdtest]=rmdtest.c + INCLUDE[rmdtest]=../include + DEPEND[rmdtest]=../libcrypto + + SOURCE[randtest]=randtest.c + INCLUDE[randtest]=../include + DEPEND[randtest]=../libcrypto + + SOURCE[dhtest]=dhtest.c + INCLUDE[dhtest]=../include + DEPEND[dhtest]=../libcrypto + + SOURCE[enginetest]=enginetest.c + INCLUDE[enginetest]=../include + DEPEND[enginetest]=../libcrypto + + SOURCE[casttest]=casttest.c + INCLUDE[casttest]=../include + DEPEND[casttest]=../libcrypto + + SOURCE[bftest]=bftest.c + INCLUDE[bftest]=../include + DEPEND[bftest]=../libcrypto + + SOURCE[ssltest_old]=ssltest_old.c + INCLUDE[ssltest_old]=.. ../include + DEPEND[ssltest_old]=../libcrypto ../libssl + + SOURCE[dsatest]=dsatest.c + INCLUDE[dsatest]=../include + DEPEND[dsatest]=../libcrypto + + SOURCE[exptest]=exptest.c + INCLUDE[exptest]=../include + DEPEND[exptest]=../libcrypto + + SOURCE[rsa_test]=rsa_test.c + INCLUDE[rsa_test]=.. ../include + DEPEND[rsa_test]=../libcrypto + + SOURCE[fatalerrtest]=fatalerrtest.c ssltestlib.c testutil.c + INCLUDE[fatalerrtest]=../include .. + DEPEND[fatalerrtest]=../libcrypto ../libssl + + SOURCE[evp_test]=evp_test.c + INCLUDE[evp_test]=../include + DEPEND[evp_test]=../libcrypto + + SOURCE[evp_extra_test]=evp_extra_test.c + INCLUDE[evp_extra_test]=../include + DEPEND[evp_extra_test]=../libcrypto + + SOURCE[igetest]=igetest.c + INCLUDE[igetest]=.. ../include + DEPEND[igetest]=../libcrypto + + SOURCE[v3nametest]=v3nametest.c + INCLUDE[v3nametest]=../include + DEPEND[v3nametest]=../libcrypto + + SOURCE[crltest]=crltest.c testutil.c + INCLUDE[crltest]=../include + DEPEND[crltest]=../libcrypto + + SOURCE[v3ext]=v3ext.c + INCLUDE[v3ext]=../include + DEPEND[v3ext]=../libcrypto + + SOURCE[danetest]=danetest.c + INCLUDE[danetest]=../include + DEPEND[danetest]=../libcrypto ../libssl + + SOURCE[heartbeat_test]=heartbeat_test.c testutil.c + INCLUDE[heartbeat_test]=.. ../include + DEPEND[heartbeat_test]=../libcrypto ../libssl + + SOURCE[p5_crpt2_test]=p5_crpt2_test.c + INCLUDE[p5_crpt2_test]=../include + DEPEND[p5_crpt2_test]=../libcrypto + + SOURCE[constant_time_test]=constant_time_test.c + INCLUDE[constant_time_test]=.. ../include + DEPEND[constant_time_test]=../libcrypto + + SOURCE[verify_extra_test]=verify_extra_test.c + INCLUDE[verify_extra_test]=../include + DEPEND[verify_extra_test]=../libcrypto + + SOURCE[clienthellotest]=clienthellotest.c + INCLUDE[clienthellotest]=../include + DEPEND[clienthellotest]=../libcrypto ../libssl + + SOURCE[bad_dtls_test]=bad_dtls_test.c + INCLUDE[bad_dtls_test]=../include + DEPEND[bad_dtls_test]=../libcrypto ../libssl + + SOURCE[packettest]=packettest.c + INCLUDE[packettest]=../include + DEPEND[packettest]=../libcrypto + + SOURCE[asynctest]=asynctest.c + INCLUDE[asynctest]=.. ../include + DEPEND[asynctest]=../libcrypto + + SOURCE[secmemtest]=secmemtest.c + INCLUDE[secmemtest]=../include + DEPEND[secmemtest]=../libcrypto + + SOURCE[srptest]=srptest.c + INCLUDE[srptest]=../include + DEPEND[srptest]=../libcrypto + + SOURCE[memleaktest]=memleaktest.c + INCLUDE[memleaktest]=../include + DEPEND[memleaktest]=../libcrypto + + SOURCE[dtlsv1listentest]=dtlsv1listentest.c + INCLUDE[dtlsv1listentest]=.. ../include + DEPEND[dtlsv1listentest]=../libssl + + SOURCE[ct_test]=ct_test.c testutil.c + INCLUDE[ct_test]=../crypto/include ../include + DEPEND[ct_test]=../libcrypto + + SOURCE[threadstest]=threadstest.c + INCLUDE[threadstest]=.. ../include + DEPEND[threadstest]=../libcrypto + + SOURCE[afalgtest]=afalgtest.c + INCLUDE[afalgtest]=.. ../include + DEPEND[afalgtest]=../libcrypto + + SOURCE[d2i_test]=d2i_test.c testutil.c + INCLUDE[d2i_test]=.. ../include + DEPEND[d2i_test]=../libcrypto + + SOURCE[ssl_test_ctx_test]=ssl_test_ctx_test.c ssl_test_ctx.c testutil.c + INCLUDE[ssl_test_ctx_test]=.. ../include + DEPEND[ssl_test_ctx_test]=../libcrypto + + SOURCE[ssl_test]=ssl_test.c ssl_test_ctx.c testutil.c handshake_helper.c + INCLUDE[ssl_test]=.. ../include + DEPEND[ssl_test]=../libcrypto ../libssl + + SOURCE[cipherlist_test]=cipherlist_test.c testutil.c + INCLUDE[cipherlist_test]=.. ../include + DEPEND[cipherlist_test]=../libcrypto ../libssl + + INCLUDE[testutil.o]=.. + INCLUDE[ssl_test_ctx.o]=../include + INCLUDE[handshake_helper.o]=../include + INCLUDE[ssltestlib.o]=.. ../include + + SOURCE[x509aux]=x509aux.c + INCLUDE[x509aux]=../include + DEPEND[x509aux]=../libcrypto + + SOURCE[asynciotest]=asynciotest.c ssltestlib.c + INCLUDE[asynciotest]=../include + DEPEND[asynciotest]=../libcrypto ../libssl + + SOURCE[bioprinttest]=bioprinttest.c + INCLUDE[bioprinttest]=../include + DEPEND[bioprinttest]=../libcrypto + + SOURCE[sslapitest]=sslapitest.c ssltestlib.c testutil.c + INCLUDE[sslapitest]=../include .. + DEPEND[sslapitest]=../libcrypto ../libssl + + SOURCE[ocspapitest]=ocspapitest.c testutil.c + INCLUDE[ocspapitest]=../include .. + DEPEND[ocspapitest]=../libcrypto + + SOURCE[dtlstest]=dtlstest.c ssltestlib.c testutil.c + INCLUDE[dtlstest]=../include . + DEPEND[dtlstest]=../libcrypto ../libssl + + SOURCE[sslcorrupttest]=sslcorrupttest.c ssltestlib.c testutil.c + INCLUDE[sslcorrupttest]=../include . + DEPEND[sslcorrupttest]=../libcrypto ../libssl + + SOURCE[bio_enc_test]=bio_enc_test.c + INCLUDE[bio_enc_test]=../include + DEPEND[bio_enc_test]=../libcrypto + + IF[{- !$disabled{shared} -}] + PROGRAMS_NO_INST=shlibloadtest + SOURCE[shlibloadtest]=shlibloadtest.c + INCLUDE[shlibloadtest]=../include + ENDIF +ENDIF + +{- + use File::Spec::Functions; + use File::Basename; + use OpenSSL::Glob; + + my @nogo_headers = ( "asn1_mac.h", + "__decc_include_prologue.h", + "__decc_include_epilogue.h" ); + my @headerfiles = glob catfile($sourcedir, + updir(), "include", "openssl", "*.h"); + + foreach my $headerfile (@headerfiles) { + my $name = basename($headerfile, ".h"); + next if $disabled{$name}; + next if grep { $_ eq lc("$name.h") } @nogo_headers; + $OUT .= <<"_____"; + + PROGRAMS_NO_INST=buildtest_$name + GENERATE[buildtest_$name.c]=generate_buildtest.pl $name + SOURCE[buildtest_$name]=buildtest_$name.c + INCLUDE[buildtest_$name]=../include + DEPEND[buildtest_$name]=../libssl ../libcrypto +_____ + } +-} diff --git a/openssl-1.1.0h/test/casttest.c b/openssl-1.1.0h/test/casttest.c new file mode 100644 index 0000000..c2a0ab5 --- /dev/null +++ b/openssl-1.1.0h/test/casttest.c @@ -0,0 +1,163 @@ +/* + * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#include +#include +#include +#include /* To see if OPENSSL_NO_CAST is defined */ + +#include "../e_os.h" + +#ifdef OPENSSL_NO_CAST +int main(int argc, char *argv[]) +{ + printf("No CAST support\n"); + return (0); +} +#else +# include + +# define FULL_TEST + +static unsigned char k[16] = { + 0x01, 0x23, 0x45, 0x67, 0x12, 0x34, 0x56, 0x78, + 0x23, 0x45, 0x67, 0x89, 0x34, 0x56, 0x78, 0x9A +}; + +static unsigned char in[8] = + { 0x01, 0x23, 0x45, 0x67, 0x89, 0xAB, 0xCD, 0xEF }; + +static int k_len[3] = { 16, 10, 5 }; + +static unsigned char c[3][8] = { + {0x23, 0x8B, 0x4F, 0xE5, 0x84, 0x7E, 0x44, 0xB2}, + {0xEB, 0x6A, 0x71, 0x1A, 0x2C, 0x02, 0x27, 0x1B}, + {0x7A, 0xC8, 0x16, 0xD1, 0x6E, 0x9B, 0x30, 0x2E}, +}; + +static unsigned char out[80]; + +static unsigned char in_a[16] = { + 0x01, 0x23, 0x45, 0x67, 0x12, 0x34, 0x56, 0x78, + 0x23, 0x45, 0x67, 0x89, 0x34, 0x56, 0x78, 0x9A +}; + +static unsigned char in_b[16] = { + 0x01, 0x23, 0x45, 0x67, 0x12, 0x34, 0x56, 0x78, + 0x23, 0x45, 0x67, 0x89, 0x34, 0x56, 0x78, 0x9A +}; + +static unsigned char c_a[16] = { + 0xEE, 0xA9, 0xD0, 0xA2, 0x49, 0xFD, 0x3B, 0xA6, + 0xB3, 0x43, 0x6F, 0xB8, 0x9D, 0x6D, 0xCA, 0x92 +}; + +static unsigned char c_b[16] = { + 0xB2, 0xC9, 0x5E, 0xB0, 0x0C, 0x31, 0xAD, 0x71, + 0x80, 0xAC, 0x05, 0xB8, 0xE8, 0x3D, 0x69, 0x6E +}; + +int main(int argc, char *argv[]) +{ +# ifdef FULL_TEST + long l; + CAST_KEY key_b; +# endif + int i, z, err = 0; + CAST_KEY key; + + for (z = 0; z < 3; z++) { + CAST_set_key(&key, k_len[z], k); + + CAST_ecb_encrypt(in, out, &key, CAST_ENCRYPT); + if (memcmp(out, &(c[z][0]), 8) != 0) { + printf("ecb cast error encrypting for keysize %d\n", + k_len[z] * 8); + printf("got :"); + for (i = 0; i < 8; i++) + printf("%02X ", out[i]); + printf("\n"); + printf("expected:"); + for (i = 0; i < 8; i++) + printf("%02X ", c[z][i]); + err = 20; + printf("\n"); + } + + CAST_ecb_encrypt(out, out, &key, CAST_DECRYPT); + if (memcmp(out, in, 8) != 0) { + printf("ecb cast error decrypting for keysize %d\n", + k_len[z] * 8); + printf("got :"); + for (i = 0; i < 8; i++) + printf("%02X ", out[i]); + printf("\n"); + printf("expected:"); + for (i = 0; i < 8; i++) + printf("%02X ", in[i]); + printf("\n"); + err = 3; + } + } + if (err == 0) + printf("ecb cast5 ok\n"); + +# ifdef FULL_TEST + { + unsigned char out_a[16], out_b[16]; + static char *hex = "0123456789ABCDEF"; + + printf("This test will take some time...."); + fflush(stdout); + memcpy(out_a, in_a, sizeof(in_a)); + memcpy(out_b, in_b, sizeof(in_b)); + i = 1; + + for (l = 0; l < 1000000L; l++) { + CAST_set_key(&key_b, 16, out_b); + CAST_ecb_encrypt(&(out_a[0]), &(out_a[0]), &key_b, CAST_ENCRYPT); + CAST_ecb_encrypt(&(out_a[8]), &(out_a[8]), &key_b, CAST_ENCRYPT); + CAST_set_key(&key, 16, out_a); + CAST_ecb_encrypt(&(out_b[0]), &(out_b[0]), &key, CAST_ENCRYPT); + CAST_ecb_encrypt(&(out_b[8]), &(out_b[8]), &key, CAST_ENCRYPT); + if ((l & 0xffff) == 0xffff) { + printf("%c", hex[i & 0x0f]); + fflush(stdout); + i++; + } + } + + if ((memcmp(out_a, c_a, sizeof(c_a)) != 0) || + (memcmp(out_b, c_b, sizeof(c_b)) != 0)) { + printf("\n"); + printf("Error\n"); + + printf("A out ="); + for (i = 0; i < 16; i++) + printf("%02X ", out_a[i]); + printf("\nactual="); + for (i = 0; i < 16; i++) + printf("%02X ", c_a[i]); + printf("\n"); + + printf("B out ="); + for (i = 0; i < 16; i++) + printf("%02X ", out_b[i]); + printf("\nactual="); + for (i = 0; i < 16; i++) + printf("%02X ", c_b[i]); + printf("\n"); + } else + printf(" ok\n"); + } +# endif + + EXIT(err); +} +#endif diff --git a/openssl-1.1.0h/test/certs/alt1-cert.pem b/openssl-1.1.0h/test/certs/alt1-cert.pem new file mode 100644 index 0000000..b94d0ea --- /dev/null +++ b/openssl-1.1.0h/test/certs/alt1-cert.pem @@ -0,0 +1,22 @@ +-----BEGIN CERTIFICATE----- +MIIDlTCCAn2gAwIBAgIBAjANBgkqhkiG9w0BAQsFADAXMRUwEwYDVQQDDAxUZXN0 +IE5DIENBIDEwIBcNMTYwNzA5MTQ0ODExWhgPMjExNjA3MTAxNDQ4MTFaMGgxIzAh +BgNVBAoMGkdvb2QgTkMgVGVzdCBDZXJ0aWZpY2F0ZSAxMRUwEwYDVQQDDAx3d3cu +Z29vZC5vcmcxEzARBgNVBAMMCkpvZSBCbG9nZ3MxFTATBgNVBAMMDGFueS5nb29k +LmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALAv1X8S8uUpnjTa +3bv7m1jJbbX7bC9w7k4TfxiU5XL/m3EhN//EUBJSoamy6vFC6oy/6jA8XmptlVrY +Sp3ZKFdjdZh+CyYZKcrv4JReF2lfRIINn6d6EgcAobGTNwdcv67xuNtMi0meAvmK +gLjOa/IhCHNC+l8vNDJx/a+7mxH+yNxPL6lC/kJMja6oaYndx74WJpPC22LJ/cCp +xspKKsoPYYjk0BX9RvbKO8s4b86Wjzzntht+NpQ4LLh9XwPZog11qGE4UIrsV8XA +YxJrMGQNZd69cnCOz8vnOVCszFOa4qVvXeAGr0iFlZAXbQJevpiiXaXHMEt8C1qH +xpcW8DcCAwEAAaOBmDCBlTAdBgNVHQ4EFgQUw8nB25NP0gUaFCrOwAO5KzllnREw +HwYDVR0jBBgwFoAUCNGb+ebVZHCg8Wsanu1S2t31UEMwCQYDVR0TBAIwADBIBgNV +HREEQTA/ggx3d3cuZ29vZC5vcmeCDGFueS5nb29kLmNvbYENZ29vZEBnb29kLm9y +Z4EMYW55QGdvb2QuY29thwTAqAABMA0GCSqGSIb3DQEBCwUAA4IBAQBUnDMrg1py +8/iYXzs11Qbw7bBhc/HQDpu5QVgriaX2zDUpTLSEUV7qZFSHmwWm91ILw2VA1Xni +ua2sF19o/tJT0ZHpapkfqGpfsym2H04NDMKy0l0fSZhlCB5Kv5wpiFt9hBUrxS/2 +Dd6Kg+Ka02nD5QBXSAk/xz0FmgezzGGCLjg85/Sfe9Y7tNhQXh3HuGXuJizYccdQ +Fh1IAFYW3DZoDKS7dDTCltvDEma/2IE684+CRJiA6PH9rYfJ1CCUfAMpyA85CxKT +P68GDKI++WoUgM8LDfxS0KOL7A9cqcpM2L27hjyEgnqIBPHFfm9fxztBotuCTl5L +vRlTFVjv65nn +-----END CERTIFICATE----- diff --git a/openssl-1.1.0h/test/certs/alt1-key.pem b/openssl-1.1.0h/test/certs/alt1-key.pem new file mode 100644 index 0000000..b5d4d32 --- /dev/null +++ b/openssl-1.1.0h/test/certs/alt1-key.pem @@ -0,0 +1,28 @@ +-----BEGIN PRIVATE KEY----- +MIIEvAIBADANBgkqhkiG9w0BAQEFAASCBKYwggSiAgEAAoIBAQCwL9V/EvLlKZ40 +2t27+5tYyW21+2wvcO5OE38YlOVy/5txITf/xFASUqGpsurxQuqMv+owPF5qbZVa +2Eqd2ShXY3WYfgsmGSnK7+CUXhdpX0SCDZ+nehIHAKGxkzcHXL+u8bjbTItJngL5 +ioC4zmvyIQhzQvpfLzQycf2vu5sR/sjcTy+pQv5CTI2uqGmJ3ce+FiaTwttiyf3A +qcbKSirKD2GI5NAV/Ub2yjvLOG/Olo8857YbfjaUOCy4fV8D2aINdahhOFCK7FfF +wGMSazBkDWXevXJwjs/L5zlQrMxTmuKlb13gBq9IhZWQF20CXr6Yol2lxzBLfAta +h8aXFvA3AgMBAAECggEAa073DcqQvhq3DSIw4wm/+DfW5nwXzF1QB6XAR0yI453j +IuhEnzcGPeKuLBmZFxDWoptRG8fpCZFs4kPSTomxFGizewlp6O5ykfPAKR2VzMwF +geCiWPL0f+dWlD1Byu4moXsASDE6tL/UuAAvnl+7R2HvL6SfsdGiTQc4qAvvyukM +szks+MePHSlXmL5Eld7HfKgpvxY1SbYOQU0aPXAQAnLaOT931q+tgZMG6nBWN+pu +w5bgKCA26BMAAaUAdIIDEa9fjzkpXjElCT4qhJYVKQn9Pb7aSc4jihSpCknqbb9c +55nW5PWMZJyCbCOUG/SVTblXV+NmhdtwrgUbHImXIQKBgQDcb/7vp+rq06uNx3b4 +AjTZdzCVbHM8gp7b1GkGD0SncrzX6RxPSzNn7d4AUKY065bwa89A+TRwV8DSo7G8 +hxjzdU/FKCg8ce0eqoCtWjIT2r+rV2P9dFhfRT5jdOwHrym8LeSGzANjIBNV7FOf +FIRkQ1BVD0QSPla+26ASqsw60wKBgQDMnEzChQWgAsBelALmGaj/wDdWDUXK8xRg +s7dG1Sx41SLk39SAjCUYXPyy8IHBitJtPZNDp23tR4/m8Ui1pB2T0EnlzBsuzrZ/ +0aCbJnQ08FXE8iVajrgce4ZCdT8vkeH8EVhqDpJIlAhoKy3HaoAr4o2/uRoGDpHZ +iAbDLTEOjQKBgFrp4dXLhkqFNArMShetKUjLLIFj8f7xzDzT1ODH6UO6QYI2xRM6 +65+gbd/pYzMOOvk7LYYZgXQX7RGyq3oaqcK3Dkg88KNFRUtRfLKCMYcYv9YVu8pr +cosQTtPMBBCDQI44yziA6aC3OOJGDpLcbmG/lWEPY762cSZUBCfOw147AoGAd8S+ +AdcPtdwmcrY9BCfdDuea/JoEUon7UaehDqtVvt0z8bk7kIt4Y0x69ttleL8j8aHr +g9yLsisDhvGR2BFa5t0zhHn3J20E0skINAlMWHieHAyJ5PpJtxJvQpOTCutf1sbo +dBxXcHiGe0NbJrGmmQmiY6mcHBOHOEgxfSoE3zkCgYAc+ozIr3xmUcooUeA7uqpd +LvGGqHThGrtXVFIErOIcajC9bHEeZw4Do/oT5L7Wr7pOZ20VUmuRvwytd7IYYTVV +g+nIyKaMttEaCzHEsO0CQUHexOkJbL4rpc3HiK5hIhL8Yo2L/obQgCxYmvyChpo3 +sXJAoFllBNfAK3aanFOR1Q== +-----END PRIVATE KEY----- diff --git a/openssl-1.1.0h/test/certs/alt2-cert.pem b/openssl-1.1.0h/test/certs/alt2-cert.pem new file mode 100644 index 0000000..0e0f140 --- /dev/null +++ b/openssl-1.1.0h/test/certs/alt2-cert.pem @@ -0,0 +1,20 @@ +-----BEGIN CERTIFICATE----- +MIIDVjCCAj6gAwIBAgIBAjANBgkqhkiG9w0BAQsFADAXMRUwEwYDVQQDDAxUZXN0 +IE5DIENBIDIwIBcNMTYwNzA5MTQ0ODExWhgPMjExNjA3MTAxNDQ4MTFaMCUxIzAh +BgNVBAoMGkdvb2QgTkMgVGVzdCBDZXJ0aWZpY2F0ZSAyMIIBIjANBgkqhkiG9w0B +AQEFAAOCAQ8AMIIBCgKCAQEAw+bG1zr36IgcElBxX1vFcfq1NhdwjzUWlYt88oVr +Zbn2cKzOZWTA2ft8slJf5b5AgWWuJ1Ph1EdX9evBvUE3qVUPDpJQ7UNBMvScqL8J +pCjWBcRK9WWguV6MTqF8dJnadup7qfN0i6IWquA4yDEcJDQR4j0BjoAEsQgkASYi +maYN5W7PW5swj7AR4K0W5Cwy+KF4+UXKkHPCmYUlbBa6lXZRp3uwU/gXT0fmLz3W +O8eT1PdoPnbRVFIKPhZrHcNAORti4xr4Cn8IEhTaqxIQnCjSCjhksoOuoojhW0qR +s9t1lTDxyBX5Uz6smanEyCQ6TQFOdMj4m8ULNYTSZbGYcwIDAQABo4GcMIGZMB0G +A1UdDgQWBBT4YmD7D7JsE8BJzNs/5cIpbtZxhjAfBgNVHSMEGDAWgBS6A5+dBiSk +V+Zz+vU6Cfm6hcyp+jAJBgNVHRMEAjAAMEwGA1UdEQRFMEOCEHd3dy5hbnl0aGlu +Zy5vcmeCDWFueS5vdGhlci5jb22BDW90aGVyQGJhZC5vcmeBEWFueUBzb21ldGhp +bmcuY29tMA0GCSqGSIb3DQEBCwUAA4IBAQBaH8qg41pSXo2ViEsZWVyUmB7QwVVW +bWeR191XTQPfPNEDFmUzzeBllMUedF4HyD36v7Flpo/LdPdXQnZQ/eyKalztFHgm +uePN5DNdS5xn9aqiKNF5pkO9WDhhYuwLRM50JeiyvKk2NvNx9oDFUQ7G6jEJu/r9 +rd+8PCUa0SK1dDPJ9dpGrfsAYwk8kST5/JfyDMrocsijOu3v1uGTttMQ0h0A6w6g +EW8p77dVS/a2S3wJo9EiFHhnrAN493cwSXgBZUhKoKOri2u6XKV2D3g8N6bp22Ut +S5wx0pC8o3wW5upPsDAnEUt9kJJgVkS0FfCEHhHZ8iQyuwX15Yft2Qsj +-----END CERTIFICATE----- diff --git a/openssl-1.1.0h/test/certs/alt2-key.pem b/openssl-1.1.0h/test/certs/alt2-key.pem new file mode 100644 index 0000000..4c12800 --- /dev/null +++ b/openssl-1.1.0h/test/certs/alt2-key.pem @@ -0,0 +1,28 @@ +-----BEGIN PRIVATE KEY----- +MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQDD5sbXOvfoiBwS +UHFfW8Vx+rU2F3CPNRaVi3zyhWtlufZwrM5lZMDZ+3yyUl/lvkCBZa4nU+HUR1f1 +68G9QTepVQ8OklDtQ0Ey9JyovwmkKNYFxEr1ZaC5XoxOoXx0mdp26nup83SLohaq +4DjIMRwkNBHiPQGOgASxCCQBJiKZpg3lbs9bmzCPsBHgrRbkLDL4oXj5RcqQc8KZ +hSVsFrqVdlGne7BT+BdPR+YvPdY7x5PU92g+dtFUUgo+Fmsdw0A5G2LjGvgKfwgS +FNqrEhCcKNIKOGSyg66iiOFbSpGz23WVMPHIFflTPqyZqcTIJDpNAU50yPibxQs1 +hNJlsZhzAgMBAAECggEAfuMureALDTmD/TTPijV1+TKrRyL9jDSVsT1NLATRIG3I +OwkjErek1kw3Y4VJihSl0Wpb2CtT3dxsE+Slc4EXnX1zqDuLYXKre2bHReGfTA4L +Omb/Kl2uMgMUnCWq6BdzUozklpsTRRIy3nEnNjvg/24em0xqgrNW1pfwQjJCPQQX +5ZLma+msDjT0BW2V7cnVh76A8qjDVRvJzKGRseVZEh+8Uke+SIKKLi1qICcK6MmX +1TpGs/Yy+GaXk7HajmKEYEEDSRdS9sqFnvqkf1TsbHrZQqKdtWuXtIvss1ap7y1c +PL5Y1z0/zf5WXV9nV3Yjd7F1tTN6S4sY7exOgNenmQKBgQDtkElQSwPHI3GCddfp +Eo79w0K0N+PkkQTXkP/3566xTCg78xGU1HW0aw8jabVsSpHC2uD0dBJbkQ0iBa24 +VOwwGUUy8ZME14M0ToCDm2vXTR8oOw05DBcM4RwQQdGVxdnwScUJnDzefJEUyx57 +3HO4QWu+h4nBqp5CTk+Y5gu4ZQKBgQDTGsgtIcdQevWay4nXKp+kcUYJy2zmCnBO +RFryyvdSSr3Tf7eeEZTicBiBp20fzppHc8/hdWnaF8+jlRx/hYY0M6hO2DEvXg78 +BbkqxwGV3dOZXEVusy8CPCQuRfQNY8XhQ195VyFdfsRKZ1dKD7C1Gky7dXgA26Ms +KdWarvuD9wKBgQCi/h0fBujnp6zIqtvhoQcUmvTYO4STnOAqmuTUjVQxdyQfxazp +ZUAA8ndnf66nRx5tB8nSTxUNWB8fma/QSgvnEF+HDXImn0r5B2drZKaACPz4mFOB +MYdbIdQkX1RSI3ZdQ+/5oQWuTN8p2hbnOqD26YPoLIxaoRqGOb6pFCU0dQKBgDUm ++CHM8HdGDlLkTpd7ZuirkJvkuU2OcUpzkYayLeVtZjA7ZwsImDkPSkxS0HoCtfup +oDy/KGC+QAyK/brp7ql0HDuF2ZR4lUNFWaL4qmCGksF5Zw4BVaO1atKv0EwSw/78 +zKwrkP4ObfPh4yuFmdNvhMRqRkXJB2OWQO8Kgc9vAoGBALXo6IGSM6TtHoNrnEwi +LozF+eV6ZmYb1miBEBVOyCDl0BVx+6n3iNt17v2EmWLcFYS4ZE+AF9EuRfxuDv+V +ZSK8sQKka0YgQmLPIoBXksZGwTUYBaO1ojFKuVzrE0ATnbVzuu5wHLZeyK2soCQF +slY5WVhO5Oo2YTGB7Wxzs4Ut +-----END PRIVATE KEY----- diff --git a/openssl-1.1.0h/test/certs/alt3-cert.pem b/openssl-1.1.0h/test/certs/alt3-cert.pem new file mode 100644 index 0000000..877734f --- /dev/null +++ b/openssl-1.1.0h/test/certs/alt3-cert.pem @@ -0,0 +1,21 @@ +-----BEGIN CERTIFICATE----- +MIIDeDCCAmCgAwIBAgIBAjANBgkqhkiG9w0BAQsFADAZMRcwFQYDVQQDDA5UZXN0 +IE5DIHN1YiBDQTAgFw0xNjA3MDkxNDQ4MTFaGA8yMTE2MDcxMDE0NDgxMVowVDEj +MCEGA1UECgwaR29vZCBOQyBUZXN0IENlcnRpZmljYXRlIDMxGDAWBgNVBAMMD3d3 +dy5vay5nb29kLmNvbTETMBEGA1UEAwwKSm9lIEJsb2dnczCCASIwDQYJKoZIhvcN +AQEBBQADggEPADCCAQoCggEBANF68Ty4b18vK4fqVqJMIbwj/mLnF+WA6lvrzEE2 +79mtKLn6jHAjXWJCJ8U+ib23dRf7K3F3qJcQF3sEZpY3VgbmBMZe6mQ1A4Kfza3k +Wm+D2vNy8BTh8esu3P9TsD89679qUaZ2/85RykFmnV8NdJnAgFEQ+NZuBeQck2Ya +cZiYyjNCfWEnSsvmO66M99VXzzD9kkpEUXpe2GbLfzE1iP+79sFGGFHYAvmTmhKY +DFIEJqKY56bnYBlFtQFTWGqjDe8irV8vFJ+VoXR73DXq/J/k9UvwytwDtsJMeRsj +O61UpbBDV+QipZeGC6cXtRzxPDsxz0BAXQeWQl7F4xavc78CAwEAAaOBjTCBijAd +BgNVHQ4EFgQU0K7Prr9eRi5yL/vKPFPpfIBCRUwwHwYDVR0jBBgwFoAU8FOJh91W +GcAZ5iBVbwv8FBXXo7IwCQYDVR0TBAIwADA9BgNVHREENjA0gg93d3cub2suZ29v +ZC5jb22BDWdvb2RAZ29vZC5vcmeBDGFueUBnb29kLmNvbYcEwKgAATANBgkqhkiG +9w0BAQsFAAOCAQEAfJyYbBQfCHNwPeKi1/OYZA5CLOzktiiR8Uh/1YQLb80jNtcn +f4zZOHURqd4mLDrKNnQ7MVqlj+CC3oN4c/L58yQqLm1fbTKXgH6t6OGgg2IL3Aet +XWbHOg0arknwyOKY5jjVkzbZthZ9EaS0QTlN8eULHV3nwImlfc5IFDetzIvPJkz9 +82fYuUO5jeCB4vjKBX5Ha7rvg/6rnNX71vA3++JrFc0PRFoJvnQ6GQTtBSZE4dFK +TOH5jE60bjDUL48jl267HLF5RklGuQRgZ3XfIU8JqDtEQuWJTWHc3NPEl2GOJO86 +QDfXLy4+TUfWsoAEuoVeOvR5zitzy3Wqcm3Idw== +-----END CERTIFICATE----- diff --git a/openssl-1.1.0h/test/certs/alt3-key.pem b/openssl-1.1.0h/test/certs/alt3-key.pem new file mode 100644 index 0000000..cc41860 --- /dev/null +++ b/openssl-1.1.0h/test/certs/alt3-key.pem @@ -0,0 +1,28 @@ +-----BEGIN PRIVATE KEY----- +MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQDRevE8uG9fLyuH +6laiTCG8I/5i5xflgOpb68xBNu/ZrSi5+oxwI11iQifFPom9t3UX+ytxd6iXEBd7 +BGaWN1YG5gTGXupkNQOCn82t5Fpvg9rzcvAU4fHrLtz/U7A/Peu/alGmdv/OUcpB +Zp1fDXSZwIBREPjWbgXkHJNmGnGYmMozQn1hJ0rL5juujPfVV88w/ZJKRFF6Xthm +y38xNYj/u/bBRhhR2AL5k5oSmAxSBCaimOem52AZRbUBU1hqow3vIq1fLxSflaF0 +e9w16vyf5PVL8MrcA7bCTHkbIzutVKWwQ1fkIqWXhgunF7Uc8Tw7Mc9AQF0HlkJe +xeMWr3O/AgMBAAECggEBAJFEuNZq8JEJnR58G+gg86QNMfRUXfYCGIP2WYdAGcTS +mFOgtJNvcusZBYt7evndp44h2FavrHJV7nKY8qtpZHcUPGt0lwc23GBRgcj9etmq +jsQVCPjyV1nI/ejymF7DCiGMEWNnUq45ehEwoCGyqxGUtWeCZY4Obndqea1s2SoA +SIwrP74kSP+cjcOb+KEg5jF5aT0Mzo9ipQuuoxLzjXJhtQuyDYOulq4g/jalMewk +GLgRgbzrEDK8/DMVu35rNJ+CHWHowo+1G4lLY4DhajPMXMqb0dgR1JlFF5qyBoTN +CJXq4mpuf4ApEd61MTCm0FoqSm/AprSAIISCqapytQECgYEA/ND+C9ZnOOtTxgqI +nuq2r1yGFlNnbovcfiU3vrceUvmN+ne1tBtXSTNB4H95AUuoBeVAeYApBKxc0c9K +5Pnwp5NdPbana2cfuorzJrIHM09RP/obDP8VTnNJeO7wd+00Cx5ZnV5g8UcicebH +hbjfsc/lkd8G8YCIx+DBigzjIO8CgYEA1B4/JjCOuzM7Ag3y+XIIl3Ud4n15uog1 +5tDD1y3xWzZbL7fh0APf4mT8cTTU0ms4i9Rnpraw8ds9EfhMDXxJBs+LO6Ivw5RY +RxWoAB1YTPU+T8EuTzZzIp/jrWTgsvLkjNq25W/lbZLO1n8ofFMgAAbWsN0J40ZN +70Sib/JAOjECgYBSiJvXG3h5QYIIzhmJ39Ah8Y+orDPBCBHEcLwBG+Dfb67lDL2Z +/a8CK6Se+J51SNCilBP3VlqNtwNaT1UA6YOiAV7YLc/8JR9bk88LW+Uz3/oDa8/2 +7zNyd/qNa1u/mwV5d8ADuvLk8bcR/ig2xILqlpc4htnKb463ye0E924SqwKBgHKL +OtKmmgzg51Z+rdyiBZ20MsUhuOBPubvAtGC4gIMe4TLte1VXIkkg+2kufFZ8a/am +ZqqSMQ8JsvrHOFp36P9yh99V/7D/pIQOX8BgGFTGgjWTPiysXJQv/0SdGvHHVD/z +w5w2RpBbHLKbzAMG6FrbVof/dN10E5XHXGhTSvehAoGAHA6WgpPFp7iJBoC13NrZ +q3DKluiytegvljyDW5hOlRGqdWp7551EGYLnWtc4bSHboIf89Iz4mW/hyYr7frzE +A3Ksob4NIUCGMFJGSyTuK7eyhAxlVZbzqepZ+YftfTvW3iVXkxXx6kEgdzwPrNMx +DXwfc6G23PX5tUayTZqKC+g= +-----END PRIVATE KEY----- diff --git a/openssl-1.1.0h/test/certs/bad-pc3-cert.pem b/openssl-1.1.0h/test/certs/bad-pc3-cert.pem new file mode 100644 index 0000000..f8e76ff --- /dev/null +++ b/openssl-1.1.0h/test/certs/bad-pc3-cert.pem @@ -0,0 +1,21 @@ +-----BEGIN CERTIFICATE----- +MIIDajCCAlKgAwIBAgIBAjANBgkqhkiG9w0BAQsFADArMRcwFQYDVQQDDA5zZXJ2 +ZXIuZXhhbXBsZTEQMA4GA1UEAwwHcHJveHkgMTAgFw0xNjA2MTgxOTU0NDZaGA8y +MTE2MDYxOTE5NTQ0NlowKzEXMBUGA1UEAwwOc2VydmVyLmV4YW1wbGUxEDAOBgNV +BAMMB3Byb3h5IDMwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDfkPXh +tGaOG5MRdMZ6mSI+OVj13SjQEMO741bjZmZM7/WwJwNx4/ozwy5w3hbcvEom2qe6 +WCKThzpB+hufIgsElrLL6YHu/eExxfMqSkuUnlYye8JLriqs54i47bvtLn+h/vZd +MnsIrS/WGmGCDfVGC3u21h3tTmcVd/jC8vUueXdgoFVCq4elMidmM0ar5+tNAJRc +G9ZSeuuGiVbYCiGaYY+7PkyyYy1UiWyrhBPNvdQ3xcakygpWOXSQ19INYTLcAM6G +MSnEBK6F55zZyvuq3Ob60+okaSYWAo+7D0/BrzVfCWlzmWeFyJVR3Ps3nLxteahs ++Fl7D7a9DbgPbY2HAgMBAAGjgZYwgZMwHQYDVR0OBBYEFH18o4bnybHle31aYNRi +QZSGJ96XMEEGA1UdIwQ6MDiAFNOib4aG0AVcbb7pbh224iVD3Jx8oR2kGzAZMRcw +FQYDVQQDDA5zZXJ2ZXIuZXhhbXBsZYIBAjAJBgNVHRMEAjAAMCQGCCsGAQUFBwEO +AQH/BBUwEwIBADAOBggrBgEFBQcVAAQCQUIwDQYJKoZIhvcNAQELBQADggEBAGKD +jTgyuFlwNRgrw0g4IZMmbEWcgW4r1v2yMRyAXhZuVyc8lkUZoe14eM4kqwJ5ayti +peN+ETpRk6AS4eaCEBnn4tE/S8TD4KRovio1EWy5TvjPE6M9jPonF5IfNKgGuR3o +7gN0KKJpzf9jj5JEJPV/d5AKw9fMdSZseea7bZ6JV8kKCW+9WCSMFnwR7POPWSQa +ZNJy1PN6GlvHykdK4QwZT3jHaQMVY/uIC1BXrN3sC3l79jnL5tTeK8JLvZAqjfy5 ++5pNH71k8zqVR2z0fC4oiv8TNsDn2g07wCCcQmzg8JHsP5p/hyUg51RqrQJhAbaf +eUmD8lyBBdfcia2UqJM= +-----END CERTIFICATE----- diff --git a/openssl-1.1.0h/test/certs/bad-pc3-key.pem b/openssl-1.1.0h/test/certs/bad-pc3-key.pem new file mode 100644 index 0000000..8ddee57 --- /dev/null +++ b/openssl-1.1.0h/test/certs/bad-pc3-key.pem @@ -0,0 +1,28 @@ +-----BEGIN PRIVATE KEY----- +MIIEvwIBADANBgkqhkiG9w0BAQEFAASCBKkwggSlAgEAAoIBAQDfkPXhtGaOG5MR +dMZ6mSI+OVj13SjQEMO741bjZmZM7/WwJwNx4/ozwy5w3hbcvEom2qe6WCKThzpB ++hufIgsElrLL6YHu/eExxfMqSkuUnlYye8JLriqs54i47bvtLn+h/vZdMnsIrS/W +GmGCDfVGC3u21h3tTmcVd/jC8vUueXdgoFVCq4elMidmM0ar5+tNAJRcG9ZSeuuG +iVbYCiGaYY+7PkyyYy1UiWyrhBPNvdQ3xcakygpWOXSQ19INYTLcAM6GMSnEBK6F +55zZyvuq3Ob60+okaSYWAo+7D0/BrzVfCWlzmWeFyJVR3Ps3nLxteahs+Fl7D7a9 +DbgPbY2HAgMBAAECggEASAMzkG5BkojDSJ4qyJbG9vAV/awtV0fvJHhIJpt3XFT2 ++LS4YVkj4MSAEw8WoidsYzOPT3DQQmEOnO3pM8sNbX71PMWMeuUAQr4WY4rm6YpP +DZfbr/D8AhHacmbxX6bYqd+sj7yQ8OyIOhjpS7EfTl6ojO5PWX8lqT6pvHHyE/Ol +1ZH2MG4GaX10IfrF7bw88XozmFfsw6eVX6t3cBK3PNapxj+RNEwcYBAgtXBNVVAJ +mSMkgSZ8/kTggRr3ntKvXCiOrm8Iud6Bwqp+aXB8+etT9p6gWDs0J4MCfkWvva+1 +WuZDgryiVnIdqwalrLMg2IfwJhjtlqZjj0R1Oe2isQKBgQD/JSlg+/ZYAmm/BzzV +C3mII94Vw0lvX6qpeKMXvcwVcWRSwJMnMPMxnxebyEZopn0t25CRu0+N+sHNUZKg +JVw5wL9nA7815JGTfVV9znN8leSYdhvWh6amrKT+Ku+1vXTBONFAR85eilzYUtff +jKGVDhBuZ7a5YIT6+DOLoPbMdQKBgQDgULasEUxNTeVSq6qzM/1tvSR4Z9W2JIFr +nDxC/RyPq5LN+3Pg5JiA3FFION6C2Rb+rb2RBlpSxuO4Jv+gPWnqZfuXZiTusiDd +dnyFsAoGPnb2SIm3OAO2N3w/7ttmRCsWnm0mkFLkd4XJG/mtDcHrit1SZTEWima2 +wKf2RJEiiwKBgQCH5+aTp4K/vIFRZOyNWvBgiSJ6GyzZq26/mOfe9JVp8p2KytNX +c+aGzwSHUXXXtp9FNwhZ6BlnOmPTFxlwPpZSmQ4bNE68yUSV+JP6UGcJvNooL/mC +G320mI/GZ16KQyGW7snfYKBXkYIFJJOim0lSmUw9Uvds5THQcTcbsCDmJQKBgQDE +F2sJUnncXkspkO5BiCJ0a1NVepgFiTYmJ0c63F+6bKeCL94l7FAw3eikdSp3QmXq +r2E3RVFyaXGqi1UN9IIBqbNdr6p7i/ZVA35ps/Gfcb23IMRbCbmc8jZJAXqElPUB +6e7LNoFwPdgTbcQ+9vbd/N/rZpCZ/tU5z4NFMr2ZbwKBgQCPN9KsqsRRK2v+j0wt +ArKrWHK5w1Cj5rRbedOn8659edTB5tqrFtZh4YJB842oe4s2XYXtk+Kq9HBRh4Em +CkO/JSH7lgVXT1zsf0ZYojaZWLhVTNHa3PO6R0FtyC0h7MtHV9aquPNCeiQDkwbT +RBV8wc0Stpj+QEShPIS9gEQVNA== +-----END PRIVATE KEY----- diff --git a/openssl-1.1.0h/test/certs/bad-pc4-cert.pem b/openssl-1.1.0h/test/certs/bad-pc4-cert.pem new file mode 100644 index 0000000..5e47992 --- /dev/null +++ b/openssl-1.1.0h/test/certs/bad-pc4-cert.pem @@ -0,0 +1,21 @@ +-----BEGIN CERTIFICATE----- +MIIDfDCCAmSgAwIBAgIBAjANBgkqhkiG9w0BAQsFADArMRcwFQYDVQQDDA5zZXJ2 +ZXIuZXhhbXBsZTEQMA4GA1UEAwwHcHJveHkgMTAgFw0xNjA2MTgxOTU0NTBaGA8y +MTE2MDYxOTE5NTQ1MFowPTEXMBUGA1UEAwwOc2VydmVyLmV4YW1wbGUxEDAOBgNV +BAMMB3Byb3h5IDExEDAOBgNVBAMMB3Byb3h5IDQwggEiMA0GCSqGSIb3DQEBAQUA +A4IBDwAwggEKAoIBAQC2xxl2G3u38wzrx5uWgKiZ557ZIbLQECZgwmMbGzdrNqbD +veVgTEdkIxRk0py1QUqqukhTk9OpkUrYiSUpkAMkc3yRtpCp2KZeuN6OwyeAm8Jf +KUHeEvvM+GNZw/AoahgRJ5Cd9OykI4Uv3y0BzwZGXCrKDWr0Bpwcg6aQ/0+dFtd0 +ElBKq2v2hHpKn4P7ZM0mpvPSEwJ5nPUDY6iuRZNVrihmuZ4UZtKsz7EFbXfqaiLz +zfns+Kmh4j5OK3Iunm7gQLpv9RrXxsad2s7gKzgRhuEi6sECg/+4qOKwhUUxVWRX +iJYTxJfKfyIb8fjtrQrEWxNb1n/1Ea9nWuOk1N3XAgMBAAGjgZYwgZMwHQYDVR0O +BBYEFLFSiWVtSRQ48ziWfxHBtmC/PwPiMEEGA1UdIwQ6MDiAFNOib4aG0AVcbb7p +bh224iVD3Jx8oR2kGzAZMRcwFQYDVQQDDA5zZXJ2ZXIuZXhhbXBsZYIBAjAJBgNV +HRMEAjAAMCQGCCsGAQUFBwEOAQH/BBUwEwIBATAOBggrBgEFBQcVAAQCQUIwDQYJ +KoZIhvcNAQELBQADggEBAEg+p78n5eTkl7D6OPecC47nqFp7pNQtWTksTxMgBtz4 +LeZR0nBX1kZdA0arVd7RAeqjR5wCwGIbdc3hFu/xeoPeTUBFv/7tiTWsCFBmfoSK +Tu/NeYrfIc3Qd6KhW9iwUxN7GFAZZFhJ3xVpaDhjpMDlgp9UZ24vN+eY0KRhuHQv +hGJcyWs5M0dYGVyTSS5VueJSWlXD98KT49LzdyAfaveQoIMFaSH3rmR4BXvUMjEw +ByFwvFeG0lrtvcx3RhvlJQYixUPME6TcNOAWJARJ0qiO1PCufFDlOSjq8GjtxGbc +JjMc3GfdaieMM8afXWQPflfLw/Jb1rPOKpikva05ZMI= +-----END CERTIFICATE----- diff --git a/openssl-1.1.0h/test/certs/bad-pc4-key.pem b/openssl-1.1.0h/test/certs/bad-pc4-key.pem new file mode 100644 index 0000000..49406bc --- /dev/null +++ b/openssl-1.1.0h/test/certs/bad-pc4-key.pem @@ -0,0 +1,28 @@ +-----BEGIN PRIVATE KEY----- +MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQC2xxl2G3u38wzr +x5uWgKiZ557ZIbLQECZgwmMbGzdrNqbDveVgTEdkIxRk0py1QUqqukhTk9OpkUrY +iSUpkAMkc3yRtpCp2KZeuN6OwyeAm8JfKUHeEvvM+GNZw/AoahgRJ5Cd9OykI4Uv +3y0BzwZGXCrKDWr0Bpwcg6aQ/0+dFtd0ElBKq2v2hHpKn4P7ZM0mpvPSEwJ5nPUD +Y6iuRZNVrihmuZ4UZtKsz7EFbXfqaiLzzfns+Kmh4j5OK3Iunm7gQLpv9RrXxsad +2s7gKzgRhuEi6sECg/+4qOKwhUUxVWRXiJYTxJfKfyIb8fjtrQrEWxNb1n/1Ea9n +WuOk1N3XAgMBAAECggEAQbq33VFk3HH7Y48U1LrP5wj0hwEnXMtyAbnmCglvlI7C +ygGwS0EjK0+yNc/HqycfwuXavLOcmo41bEllo9y2RJWDZqNQwsO2kLnKz2w++HEL +JU2g8kvBYaSxlcZwxxfgL8saprM9polfjCel99CLYSIkASVyIO9/lIGDlQE7kDHb +B+YdDzucQtyi3LXsdcfW8so2DsZla2Qa9305ZAZPEOFXFjsvKR41WdI5r1uwsrYU +voMcH9k3aefOd62+e1KodO5w9TxSYTw2bLrGhjB1UzEzRGIgOY7L+VSmYzTn+ARY +loXqK4sA9yvr7z+ZXHeA1y0XuMRzkG7qf5Z0pc29AQKBgQDd4piLIt0Rygzud4WQ +5UBwwLd1u1A3jdU5EACvG4GBlJiQQPU0hHcTGoFbnTNy+y7QSBl/3viRH5WPx8Cx +O1nJ2Qc7mlAmoKq3Gs4gso6utPP2x9Rs/bIPkL/LhAdi9BBnp6H/5dyrvtv8O1OQ +S1rXpYTjmYj9X7BSU1PsDUiyWQKBgQDS4TwxXycJYClGufq9mrNuAoMfReXaiwv3 +b7wfRfOn1cL0hjLjLAhxn8eau+/7ZKS8ScXqHszrz0yXPfxTtWJ/DvhuobWOOWJd +RmHN+OAxCLvcZD1hy6bzXqYuuX2WrARUKWZRg7RXxlOwnkcR8/7OrmnsnEiCh8wg +9h/GGd4rrwKBgQCXV4BOnrgE8zjAyrtKqmO6xGgeIGZFjjNaWYTt6yf5V358HiJh +8Nw7JoAHGgFGsvcqT5M8+bu3WMCtskTHXkEPAT4CtG1o+3uVqu3ftYrGtVwV/hTx +RlVWcpevW92h6/DokplXrtRGPMdVkq2bpRpQLnCmwUmD8OmWLYn3XtQv+QKBgCA6 +jBh/kle8epJ0mf2gRwvpFmERLa/Y0FtgmD+vUS21XbZBTEWr1R6IbNkZH/QrzYF5 +ROYjDu57IBl9P7MLZaJFh3JhBH5YBtB6kTgJcToNO6jTKQ5pMXrAXGWHs8nzQDYc +naaXmlhP1zqG9hWoVKkBvu6KdAp+9pOTCggcq/fBAoGBALHpj0QFvEzROBpLiNtW +zrU7jcl4TwAbTh26cjb3Nj/2J+JH3lmLilxT6ltKUvtXFMmAT20at46RMGqY8z7R +Z1OgtiraQtSG7BeSMRLJ2aCM8+JotvYMjRauiC00jXZCsusyJ1mLqgWlHu+YORVE +9fO6/M0yLLz4mk5z2gdrP9MA +-----END PRIVATE KEY----- diff --git a/openssl-1.1.0h/test/certs/bad-pc6-cert.pem b/openssl-1.1.0h/test/certs/bad-pc6-cert.pem new file mode 100644 index 0000000..d529091 --- /dev/null +++ b/openssl-1.1.0h/test/certs/bad-pc6-cert.pem @@ -0,0 +1,21 @@ +-----BEGIN CERTIFICATE----- +MIIDejCCAmKgAwIBAgIBAjANBgkqhkiG9w0BAQsFADArMRcwFQYDVQQDDA5zZXJ2 +ZXIuZXhhbXBsZTEQMA4GA1UEAwwHcHJveHkgMTAgFw0xNjA2MjAxODAwMjRaGA8y +MTE2MDYyMTE4MDAyNFowOzEXMBUGA1UEAwwOc2VydmVyLmV4YW1wbGUxIDAOBgNV +BAMMB3Byb3h5IDEwDgYDVQQDDAdwcm94eSA2MIIBIjANBgkqhkiG9w0BAQEFAAOC +AQ8AMIIBCgKCAQEA5hE+Hzx8w4tAPaYsbdY9ZJSzpzpa8ZBsZxhiJr9ayIU4C71m +uV7EMZtUGyAbl1pXzBcvNQq/lUnXL4hpl612h9Pg7H+oaNM1ZVDnRFyIWvaq/oVu +msi//4z5QetkM2zRa9T3BtSWNJF+9BnDsdDxi2qLW5xY9xN3tFr234ueri9HNK4O +V0vJX67wgmVgGmIX6EQlgX5RF+PdU4SYjqxZZe2v0+ND334svlDAdQfKYf4pYqMB +Vs5hi4PYiuU2QDhLOms0m4Fs54mRjRQ/m/I4L/j2R4051xLO1ya5UrZWepkvd4Uk +rW7lC5JyFvG3Mp/QChrGZF0cb9iHi81iUNULAwIDAQABo4GWMIGTMB0GA1UdDgQW +BBQwWHApUcXg5oqkZdg2JpLWKfsUVjBBBgNVHSMEOjA4gBTTom+GhtAFXG2+6W4d +tuIlQ9ycfKEdpBswGTEXMBUGA1UEAwwOc2VydmVyLmV4YW1wbGWCAQIwCQYDVR0T +BAIwADAkBggrBgEFBQcBDgEB/wQVMBMCAQAwDgYIKwYBBQUHFQAEAkFCMA0GCSqG +SIb3DQEBCwUAA4IBAQBe/pghhwiZk++TtmV/eTLbQ/tMOxlb1Q5MhX+nF42eI52G +Hwsg3dBHgy2RSgTE6fzMUt8cyEplG4nqCpR7qm2ZGcHmn/IEO7exZmWTvurun4tF +56L2W0oe5hLLJV9W4akVTH6LpRZOR/CgMcew6tvzmuAADcP0KidFSxkd/Y7plhSy +hptq50Qey2yyA1UVTCQ8k7OSvL2lyD6F3EasejmK0FuHekgewB54cTMCBBw/7aZc +08rvhIi9X/yQKFD1o5kvbTi5//zcCx0RbMVZRFcrFUD+PNwt7QLpFrMs4u08aok4 +/QzS0G+801JZa1zoUMnnNPNGlfybvANVbovUCc2h +-----END CERTIFICATE----- diff --git a/openssl-1.1.0h/test/certs/bad-pc6-key.pem b/openssl-1.1.0h/test/certs/bad-pc6-key.pem new file mode 100644 index 0000000..ef7541c --- /dev/null +++ b/openssl-1.1.0h/test/certs/bad-pc6-key.pem @@ -0,0 +1,28 @@ +-----BEGIN PRIVATE KEY----- +MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQDmET4fPHzDi0A9 +pixt1j1klLOnOlrxkGxnGGImv1rIhTgLvWa5XsQxm1QbIBuXWlfMFy81Cr+VSdcv +iGmXrXaH0+Dsf6ho0zVlUOdEXIha9qr+hW6ayL//jPlB62QzbNFr1PcG1JY0kX70 +GcOx0PGLaotbnFj3E3e0Wvbfi56uL0c0rg5XS8lfrvCCZWAaYhfoRCWBflEX491T +hJiOrFll7a/T40Pffiy+UMB1B8ph/iliowFWzmGLg9iK5TZAOEs6azSbgWzniZGN +FD+b8jgv+PZHjTnXEs7XJrlStlZ6mS93hSStbuULknIW8bcyn9AKGsZkXRxv2IeL +zWJQ1QsDAgMBAAECggEAV8MsF25TiaSNFPdW629WbA/tmFVCa/PT5l/+0Rkd4HAx +OQk/LmdgICxIoTBWVh44b7pIX8uB2ckZNSCsZxfcp2PD4XOxIouvSr7Z+dHykgCW +qhDsaE88LpfwXZ0V1CgmmyPaN9jQk60M6MELTcGO4sf58TBrH5VljH9GvW/dUEQv +f85PsN8VMWdZYx5AU97oLxNlZgRgZa72rtRfW3xi+Nnf/TbyqQ7pJAHdGju7kR7C +Mv7Kp+us/FzPXJxHdumh8BSAbqn2Fr1hgUyH7v/7n7oSLpBATLOQ49K0X4OnEN3m ++GYzj9rpnza9QAX3too3EP0tDYZaJUUZiQqdtFIzgQKBgQD6KISBQq7LjRGNOr+R +ayA27HlrZ0O0STyOkxOCx8GqdHQjLS/REGnLAJy6ggm3Col4ACXkD8zNLenFCCsA +CVq6iEQcGiT5bZyJa7cwLEGdoj8Aqd6OM30TgJ1u9ZJSWukys0BhhQ7huBmxdpm3 +ykIGQ5DxhnecXJdYylzdunktmwKBgQDrcJ5fyYFSheQjW2TkNTRSDccToGVPIECd +/a/FvhzqhwLWt1d0Hpub9M37AwpN3V8IM7PHcDqgpzrD3q+vLW726h68ETAqZX4H +FDHLPiENkoBZoj6yjS5fmAkVa7jhGQBFSIQ1s6eYkAHCRwSbF2jfNK1no8fERwkp +XjEf6yWiuQKBgFPfQ9Xm2p4qlQjp+pKx/SINFQSaocuPhnsy+qatfNQ+qTWmD9Mj +kqTadrHdqY4yPTb7rbiSR5M/YpKKE4i2mjHSQCu/5EewpXw5njjLjdBhNohta833 +m2bvh1lNgpqUGn3CNcK8junFBPBIGG/To2FgQ/eGoxHMxX2ik5JP1BMjAoGBAJ+K +ryeFqua66D+1XQbvrsazo2V/WWdnGaJ2GDhNfdbHKntJvi9n1la2ayZfhwoAqrcq +IfdR68iVydKVAkQY64rSV4VluFficqZlXuC09zz1O5iBwy7HUNdidTVYy+1tPau1 +WjHxze4qF6cI7OwTzvMCBUenymUNJf4sX+mbNOOxAoGAHYK/AbJtXFKcYx8uj0MA +YnkWWjTKMJ2TQIu94CaSf1oR4M6fuskgPfuRjW/CyBFQ3zh9+F4l7lG2Ywv16rBb +/1B7W5euucM8JYxSGAicqKX7iYV6Ikz0l21Slw6fy+e1U4gIDfZPgx56iV7yVoGc +IywUjiA/G1N3M5WBVqBl3K8= +-----END PRIVATE KEY----- diff --git a/openssl-1.1.0h/test/certs/bad.key b/openssl-1.1.0h/test/certs/bad.key new file mode 100644 index 0000000..4708495 --- /dev/null +++ b/openssl-1.1.0h/test/certs/bad.key @@ -0,0 +1,27 @@ +-----BEGIN RSA PRIVATE KEY----- +MIIEogIBAAKCAQEAwTqNko5vQiQ5BQohPJ3sySrjT6JedjsKtt1OZ8ndR2C1asUi +HgpVO8QDHKID88Qklx6UCieeKAwIY0VzqWzTyZWTwdqTU9t8arHHJu7IcFlmWsAL +fwTmARWJmpY+K8fGnQx1Kxfi6nQJ8Whq4bcAqJ2HXzG69Wjs3Ki70ScNbQ9RUwXJ +n/FeNrsphKAv5K22zBqjWAQdYMg6vtKZAXCET8jw6OkPVnUb/QvyoBEijWt0+HBh +7wLkSUvMj/7fc88+xtvGqZPyG2Py4DdWW1stpgiZ3TTohEk84t1u5L3qQaRQmVE6 +y5RMImyVY8hegC4zc6aGZDFRv8MR+gk6prcuUwIDAQABAoIBAEkz4YZwJ34rMt7R +452PRrE/ajY1EQxBeeGlHZr8QrRT0ubMIAy5ZWjq7TLfvhePaz1E/FiMgcIyLMtO ++G5rKCDqZbu/DqlqMUxKZWQ+efj2JWyj7LcGKAypGCRUXuE/IeNFYO4ecnzX0Rx/ +rl4scjdu1mYd9PIb+f/ufJjT7qYtykmwlb0MbEJ25yjTC4iHzacvFLJgdXrPp8b9 +ZGlVBKyuk9ZrZDC8/a4QrKt7Hp2SqqO4WqaTgM1G+cQFYuVBmj74bQhJHMmQ+Opr +5KXwBKEHMtJkq1GPVZ34W90V82d+8MJAxymuPomwRXKl1dKgnvny+0eobXkiBDcF +XCBCmIECgYEA8c/fE7Sa1vLZriw0Meq+TxU5hru4YM6OmQ+idc6diCp2U9lW+KJr +YrIRTZFcmhEGmRjAEZrdK0oFY7h5RhsZ+gTftmNZuL8WJCK9+y2DE9dB++md3oVC +PK0d4SmQKsivOTTeiK/VYFGoLc8t8Ud/anu2Q1kFdC+7cH/TrRseV4MCgYEAzJDw +MTil055rYlrAAH8ePEuONomu2MoZRRCX/tWuVvz+eIzA35mryW3OR45l5qNluQoZ +AdpVE68kBak2wIrF2oyWcF1s8VzSbAJCoqK42lKiSGVDVnr6jb69WUujCkYUZIwR +Q20QYBUUQu0JiFBU22tRgILIAK+rRah37EP4RPECgYBN3hKH1fDGpw1R+QoVyPHf +pYYQzQJiqiFhSJeYOCCiaIoSFjrbdfH+pjjMMbMQKctmIYI4KRZvijaSFiV3XeLP +kCI6KWQLCf2nRUjISa+cBAVLib88mMzrnROyHiA+psFGOrAuc/DSQ3lUxxKUT+HH ++G6I4XHQKE7Du2X+qGzs4QKBgBZyJNjRxWhF7rR5Dq4/RHsLM0yKqPPCoSkx2+ur +WJjU47sofpVKUE4mzUaOumGnNicqk3nfkgw54HL6kTZpQ7JqUKt9pNGLBM+zI8qi +njPec04MRmo7zjg1YKNmqDodXGl38QD7+5r/VRzO04fwgI8e5G98aiOhIuLezGHR +R3GRAoGAAyhwtKoC87fSGrpyZQ16UAYuqNy0fVAQtrDgRgP5Nu4esr9QxS/hWjcR +8s2P82wsR4gZna6l6vSz4awGVG4PGKnVjteAtZxok3nBHxPmRke5o7IpdObPjpQP +RJNZYbJ9G/PbYDhciEoTjVyig6Ol5BRe9stSbO7+JIxEYr7VSpA= +-----END RSA PRIVATE KEY----- diff --git a/openssl-1.1.0h/test/certs/bad.pem b/openssl-1.1.0h/test/certs/bad.pem new file mode 100644 index 0000000..8769231 --- /dev/null +++ b/openssl-1.1.0h/test/certs/bad.pem @@ -0,0 +1,21 @@ +-----BEGIN CERTIFICATE----- +MIIDdzCCAl+gAwIBAgIJAJgwOOciuxjSMA0GCSqGSIb3DQEBCwUAMFQxCzAJBgNV +BAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBX +aWRnaXRzIFB0eSBMdGQxDTALBgNVBAMTBGxlYWYwHhcNMTUwNzAyMTMyMDQ2WhcN +MzUwNzAyMTMyMDQ2WjBTMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0 +ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMQwwCgYDVQQDEwNi +YWQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDBOo2Sjm9CJDkFCiE8 +nezJKuNPol52Owq23U5nyd1HYLVqxSIeClU7xAMcogPzxCSXHpQKJ54oDAhjRXOp +bNPJlZPB2pNT23xqsccm7shwWWZawAt/BOYBFYmalj4rx8adDHUrF+LqdAnxaGrh +twConYdfMbr1aOzcqLvRJw1tD1FTBcmf8V42uymEoC/krbbMGqNYBB1gyDq+0pkB +cIRPyPDo6Q9WdRv9C/KgESKNa3T4cGHvAuRJS8yP/t9zzz7G28apk/IbY/LgN1Zb +Wy2mCJndNOiESTzi3W7kvepBpFCZUTrLlEwibJVjyF6ALjNzpoZkMVG/wxH6CTqm +ty5TAgMBAAGjTTBLMAkGA1UdEwQCMAAwHQYDVR0OBBYEFJoH29IULbskIG8BwYp4 +9yD+q7wbMB8GA1UdIwQYMBaAFBwdxP7xJUYhGU31hO4z2uXPtRl/MA0GCSqGSIb3 +DQEBCwUAA4IBAQBl0tHkWMBHW6r3ywBlWWFdok04xlt2QD8eA4ywwz97t/8JgLht +OpuHO1bQtrZR6bxAgYT1+yHQnYBTfjKxFq+S9EP6nxBe94mEgizLmMv9pf7x5q+H +pfT8ejcY54E/oXlFXSbLDE1BDpfgkWll2/TIsTRJNoM2n8mytEdPqzRburwWnoFR +VchcfO968asdc9/8glSLJSNO+Wh9vQlbtcPzfbd4ZVE5E/P6drQzSwNjWvHQdswJ +ujkY1zkTP2rtVBGN4OyOfkE6enVKpt5lN6AqjEMhJ5i/yFM/jDndTrgd/JkAvyUJ +O2ELtifCd8DeSYNA9Qm8/MEUYq1xXQrGJHCE +-----END CERTIFICATE----- diff --git a/openssl-1.1.0h/test/certs/badalt1-cert.pem b/openssl-1.1.0h/test/certs/badalt1-cert.pem new file mode 100644 index 0000000..99f1e26 --- /dev/null +++ b/openssl-1.1.0h/test/certs/badalt1-cert.pem @@ -0,0 +1,20 @@ +-----BEGIN CERTIFICATE----- +MIIDTDCCAjSgAwIBAgIBAjANBgkqhkiG9w0BAQsFADAXMRUwEwYDVQQDDAxUZXN0 +IE5DIENBIDEwIBcNMTYwNzA5MTQ0ODExWhgPMjExNjA3MTAxNDQ4MTFaMCQxIjAg +BgNVBAoMGUJhZCBOQyBUZXN0IENlcnRpZmljYXRlIDMwggEiMA0GCSqGSIb3DQEB +AQUAA4IBDwAwggEKAoIBAQCiqb6LYFYj1uPeIVuzuDL1bfV8+xlrws67I+9yVDiH +slYdA7ygv41gYKEmKSbL2SvAOnfjgDEb8RYfLhF3LQUvXyON0LkjkZseXVFLNokD +BXoNVeP1QjWfznPxHpgGN/xF7OQpkX3FVByCIVUOpiXBbq5FtsuLhquHK0yAsY1g +JYP8QFHUbCnE5vrpK8lOv4MZEc9rS6ZrSKn69+s3nGx9QheboiDVTWqynxDQn2W5 +ZyTyKQX0IRnKg2zLJ6Dg2ec8OUh5nvzzUdnsAJ/pN2Yc3ri53OPodTkmrRha31N4 +8TA7st35XepAk4vZnSq7cml+85xs8Az/OZDSHH1EV5sDAgMBAAGjgZMwgZAwHQYD +VR0OBBYEFOI3TVHkhEPOWw3mh25Ri85AMqJmMB8GA1UdIwQYMBaAFAjRm/nm1WRw +oPFrGp7tUtrd9VBDMAkGA1UdEwQCMAAwQwYDVR0RBDwwOoIMd3d3Lmdvb2Qub3Jn +ggxhbnkuZ29vZC5jb22BDm90aGVyQGdvb2Qub3JngQxhbnlAZ29vZC5jb20wDQYJ +KoZIhvcNAQELBQADggEBAGpxmDDbqtgDry35nKv2pTDMHW9Yqv80ZQmy61kQiatN +vJzxdb+admW+CNXHHqsAeRr6ai2aQkn2bJrMkGuosNrkVOg43Qw7k45nIK4jUgUc +dcH7vVp+8isjSYXo2fIxulhE8N8fhhMVAQrhQywkdJW98fDlq+lHqUAEHJ7vNtlb +4LssY78+hq1ftjYiItAybc8peU3iDjUl+TTk0ZLTX6E9XE0xRYV9berAyTIUDSIE +GpzEtsBqZlTdkvZOfsTs4s4tpkOoZQ1aHniCk8fQ+/nI3CS9EHuWqt/s573rCRl4 +HfiXnUmwyOm6IKzBLsbgxlByfI7fAS1Nm/hLhgtglfk= +-----END CERTIFICATE----- diff --git a/openssl-1.1.0h/test/certs/badalt1-key.pem b/openssl-1.1.0h/test/certs/badalt1-key.pem new file mode 100644 index 0000000..8d70885 --- /dev/null +++ b/openssl-1.1.0h/test/certs/badalt1-key.pem @@ -0,0 +1,28 @@ +-----BEGIN PRIVATE KEY----- +MIIEvAIBADANBgkqhkiG9w0BAQEFAASCBKYwggSiAgEAAoIBAQC8n4gY4wOae4Sg +pyqOZf4bg5JDa/NvzZV/g6PawamFQJIAjf41ylZ5Cjdi9+2H9CuFZ4e3im9L6Hu4 +2ihsTeLmxtIabr2w0bFxTW5ZQ/NogfyNGgdcSqUrQLF8nSqE2NJ88sNVyrMQPLMk +LllqvVFhXEBntFfZSXKIz2sA6LIeC/t8UReznRfAKF5lJoBjjDXJLOYmgz44rxqq +L7m84ABJYD119LXRc8N5XfEvC7ff61ZrBOrmxtwZY8FJWODsS/CC+RBN8nnt8rh8 +ICyfh/2gA4x6Mwt6dVMax2dw4u/esgbokjQ16wvFGjWKzufdSPa3Tk7hrhvRC38h +8jAqpxtZAgMBAAECggEADW9fhkZFL2+01qyRf2sMWnFYray2vjPqfhamSSKaLH+Y +5qk2fiZXWm+72jTGmnRt1Sa2qAAYRVPd3CDN2EkD7GQk+vUAVePZu7REM99/KuZ3 +UqWT+KLoeNg2zCV1rdizxWqVNzsk3fc021Lh05SAg2rKu5hA2Z09pzj+6iWo6jLY +0pFml3LgNjYy7VQ1V8978vtaVhVYklOiAT4dfNirt42F1NBGgaRCLhOlROOJYPz1 +LCjSlKzF2T6e/4hNvxQXGt2yJ1fq9dIj9h2XaGBbyPhiy7gUvMNC46LB66kOkPwL +4rX7OGAEgr/vHpZvPiCVALK7dm92Z87+yem92UrDwQKBgQDzj+HvgfxDsezpZUHh +rFEobTx98XOtCDDn9uS1dODGB+DaRROzybqfcf1D3ayWoS0ucajoOsv+/brq5FsA +f7aNMbSTZNIIqjOyioWAz/4Jqupcr3RFczaVG+mX+OPHq1WnvCWfD/yNI8MSy+FO +b7LdO7idN12M9HNurZGmO0Jv9QKBgQDGQW0efsO55DN/Ve6QdLeqSjVvXhmDKv9i +6bBu8zQQWD5hFqirDl8144VY1SqTua3N+QfX0DX0QAxqkVeG9O2sNERumElWaBm+ +MnOKW/IklXIK7shmjtAzarRD0cX/8di0Wwv0qZfL6iU8tkmh89kNyUE6tHbmpeUj +fVeO0G3TVQKBgCWAkw5Y2mnl/I+XasR/zuNFppnR0rji2PzulBqoi2+SiPmyxyzY +s+aXG6MWf9uVp6pOD+7qFr0FfoFqdeSmxYoKDD7huEFjS6CDGblSzU/ZxEpPLbz/ +13iwGpCu3wvAgujX3IcYZA+rYP8E64UzR7wu1OdIPhxVC20QRqvs1fb9AoGAPCgy +IiS44zkZXzQF9ZNU/7kQycA14ZU0dSEPxjrJu4PrOa6Uc4Mi5Mkq9y+Hgde/o1ZD +SPsGxByDJ/r+IhdD3xLlCOHwruVbmljYsk0ABpXKSwL1kBkZl+By3nlSqT0LUn6l +/BFR3DAqKGfvo9LIM+SzhEqqIYaJJuGrpcwc5xkCgYBu0Q1goQd3me/U1KCIRYN1 +u0f8H1uav2zGp9818PvLny6tMa83Kfam/zT8zGIOBEty530jPFWDnky+CLAm6qYL +ANLPHiCErO+3n15C80porioSFnUL7QY/5uRfTwDjcgCjGQgDiL1RhwZJurmFgwM3 +RBPODQ6vGkTdrJOJr2AWCA== +-----END PRIVATE KEY----- diff --git a/openssl-1.1.0h/test/certs/badalt10-cert.pem b/openssl-1.1.0h/test/certs/badalt10-cert.pem new file mode 100644 index 0000000..9db1768 --- /dev/null +++ b/openssl-1.1.0h/test/certs/badalt10-cert.pem @@ -0,0 +1,21 @@ +-----BEGIN CERTIFICATE----- +MIIDiTCCAnGgAwIBAgIBAjANBgkqhkiG9w0BAQsFADAZMRcwFQYDVQQDDA5UZXN0 +IE5DIHN1YiBDQTAgFw0xNjA3MDkxNDQ4MTJaGA8yMTE2MDcxMDE0NDgxMlowVDEj +MCEGA1UECgwaQmFkIE5DIFRlc3QgQ2VydGlmaWNhdGUgMTAxGDAWBgNVBAMMD3d3 +dy5vay5nb29kLmNvbTETMBEGA1UEAwwKSm9lIEJsb2dnczCCASIwDQYJKoZIhvcN +AQEBBQADggEPADCCAQoCggEBAM273Y+gNkheA8Ifd/zsmibA0KmeuEKGZsLvv4Vl +HXABoOtYli7wkfyZPexHgUUdNe6Tu9de7nYDCx/iWoSdrcKl+/5BBiFcLY72Buqk +DF2vmC+un8z4ykHa+dqJ2KaL7j8uLsiSPCOk9+tM+bvCYv4o1wPBsoDmPg50yvXp +RVR7487cN29h4BnZC1BMXuwUzEexpYCy7i2GQTI4DrQ+oN1OsIUbHS9qQxrfx+vG +TYpeZOkR2Mb6OtPEHCGpCsxNCDzhPAmlH6jaxT2kCkhuAWkqkhHLTuga3kmXuH2r +OBOpq9TRhC2kPipcuOcIdnhexovcODVJ0X0prkS3P10K3fcCAwEAAaOBnjCBmzAd +BgNVHQ4EFgQUmGUQRhEili5u8F+d8jSgSLailgUwHwYDVR0jBBgwFoAU8FOJh91W +GcAZ5iBVbwv8FBXXo7IwCQYDVR0TBAIwADBOBgNVHREERzBFgg93d3cub2suZ29v +ZC5jb22CD2JhZC5vay5nb29kLmNvbYENZ29vZEBnb29kLm9yZ4EMYW55QGdvb2Qu +Y29thwTAqAABMA0GCSqGSIb3DQEBCwUAA4IBAQBZ4RTnIR7Tgv4rq1Qx7pbx3Hlw +Y68L0Nt/8GaFZK0pOrKHuY6HUcUOSabtchcm/CYF1ZowKT5KGWmR8X1WzgHe9Aay +4njzcnTu66hc1osZdH2lF1+lkNA+HLvzNNcBu0XwqzCs2f/yp4uznuHZKvX45y4L +x5TUh570LVUnnoosdTmzicZdXcw0nzikbueNAFSrZFLPt+lH/t1P7d+gNj6hAOYi +6Ac+JEjSAPXZOzbNrf56SC77cvkkFrYONjXgrJfNpZHMCNj1M3bqileTYIV5Leyh +PgoXCRyteMyNjwTih90SZPq4dLPx3Mf/WNG2/hXIkC1AvFXpp/u0iuwlw7AO +-----END CERTIFICATE----- diff --git a/openssl-1.1.0h/test/certs/badalt10-key.pem b/openssl-1.1.0h/test/certs/badalt10-key.pem new file mode 100644 index 0000000..e62c0e1 --- /dev/null +++ b/openssl-1.1.0h/test/certs/badalt10-key.pem @@ -0,0 +1,28 @@ +-----BEGIN PRIVATE KEY----- +MIIEvwIBADANBgkqhkiG9w0BAQEFAASCBKkwggSlAgEAAoIBAQDNu92PoDZIXgPC +H3f87JomwNCpnrhChmbC77+FZR1wAaDrWJYu8JH8mT3sR4FFHTXuk7vXXu52Awsf +4lqEna3Cpfv+QQYhXC2O9gbqpAxdr5gvrp/M+MpB2vnaidimi+4/Li7IkjwjpPfr +TPm7wmL+KNcDwbKA5j4OdMr16UVUe+PO3DdvYeAZ2QtQTF7sFMxHsaWAsu4thkEy +OA60PqDdTrCFGx0vakMa38frxk2KXmTpEdjG+jrTxBwhqQrMTQg84TwJpR+o2sU9 +pApIbgFpKpIRy07oGt5Jl7h9qzgTqavU0YQtpD4qXLjnCHZ4XsaL3Dg1SdF9Ka5E +tz9dCt33AgMBAAECggEBAJzXPb+C2h8tXRwetXCiR5qHoAvPrpU4tRqjf5SIU3rS +IwWIEWZTjFfP039Pu+Mes8Df63HzM0PQaiiyfWNgedlMhOF+XNgN18WHFhrHWY4K +kbC4Jacze63c7GGIeRvuzYBpCs1pfmOGHmLJ2hEjzigIpnJ8tkLCREjtDNWQMoSG +V5LznbgZ9S/2KjyvTW5ff6m4GQH3BShPPkFDICgQTulwdZT/Y8SDKx5+qX2RAtjY +RguaaNSKQnOHroF+FPNPMUsK5gLZLWIdIECTi6YHaba1BThKzeKFKtQ0lWI5ebxg +R4kzEPFJmEHbNplxUHSkY4ZIsWK9m09Sn72IrmVY6fECgYEA9e4+w2x/YLtnfwYT +tVj+kR5MRTn6t+gOR7o6lsWGvkFqwSi0syfN8D6u3KeoYORUUY7ISCFJgIag5Y5V +Hp8T23O4rRcWuoAmolxNyvYiUYsVdflDbAZFKMSvrAv3XlRRf0vJYXym32k8KAhx +1qo1zTl7THWM/skv/SF+VMItnO0CgYEA1ihKz8LbtPcbsOaivJX7cXVf1AuRty6F +lKX8QIGg0ppq/EFkZDWg7+OCVneO53bFVDDqKoiM4Dq9+aA6Dgx4fjFof8rUaCet +H/isEkjcvEmG2a71PU/moamDuZDu8yRodUl4zyjqthQgc2n6ryV/ZIU8vNZmjpIr +EhITW8/mbfMCgYEA7UMjpDA5l55VlDPNscihGGpNlQABxYmItWSSf8EjZMwB7UaT +RsChKyWeV90cUhYWzvRcf1I18lxwP+eYcUlxw+eaBMvgrp9SJpO8rZHWvCrd0opf +pIlMEa/n96k3xva8BX6dU4MKD0IculajVUGzVEIflT1XgLuio6i7k5Qeo2UCgYA3 +I8SvXbKIE5/Tmm6IM+27tsbnp9rq2VWXgm1Chp3L2+pz7LpWeuBnI6LpdHsc6Z3B +IZ8JOINdMIK9hR2thFR52WrYjHbIIn8W3kYfpxb+e8f2wG9wS+RL94NtAf4kKFmk +6TfrztMv8lqwnLbo5bS5QvzyehmJ1+SzEGhfmVXxNQKBgQCULij+SMWsFC/gPJHh +BCnx12Dx9t5+qE4vrjtNumCCnj9i0nRPludbWapRfHyfe0WlhpnnHo2OTFcl3qna +wBln8Km2CWNsX/QeosZBPr5KAakfD+l8LieK350t7yE1LEboYCZkBNCG2gJXIyTs +o5DsYNoxX/IWq2EbB6qQ3Cys6w== +-----END PRIVATE KEY----- diff --git a/openssl-1.1.0h/test/certs/badalt2-cert.pem b/openssl-1.1.0h/test/certs/badalt2-cert.pem new file mode 100644 index 0000000..890c551 --- /dev/null +++ b/openssl-1.1.0h/test/certs/badalt2-cert.pem @@ -0,0 +1,20 @@ +-----BEGIN CERTIFICATE----- +MIIDSjCCAjKgAwIBAgIBAjANBgkqhkiG9w0BAQsFADAXMRUwEwYDVQQDDAxUZXN0 +IE5DIENBIDIwIBcNMTYwNzA5MTQ0ODExWhgPMjExNjA3MTAxNDQ4MTFaMCQxIjAg +BgNVBAoMGUJhZCBOQyBUZXN0IENlcnRpZmljYXRlIDIwggEiMA0GCSqGSIb3DQEB +AQUAA4IBDwAwggEKAoIBAQCy5dZH9k2pwH5jw7iWD1TwOIqtmkNBOGDDk9jKvovm +VUYm7nvLOrx4amqi7OUEpYaJTroPS1UxFo1E7/0yqjIesNPVvqzn2wzuii4VsfDn +qN1lqbpg/unr2g2gd095AyY8VQwuqYa3bXOQHSOHNgzm108XfpubuqleEy+ykHhX +bgzqVTQ0Y3UjD53f6P9kSUnjnODG0RK0dgHWQDWKE8TiQiGzb0sXWdkXvPt+zGw2 ++C76lID3p7y1+8G4rpfGpi2aPOH6m4beqNAkekUzu/dauhHY4aGRoX/EsDTN8K4F +YtGGaoViFIh9Twc3nWvERXbjXSayeu08f+7CNiSo6WMzAgMBAAGjgZEwgY4wHQYD +VR0OBBYEFPIaUwk0/m0BQNvG30Cm6oNqQFIXMB8GA1UdIwQYMBaAFLoDn50GJKRX +5nP69ToJ+bqFzKn6MAkGA1UdEwQCMAAwQQYDVR0RBDowOIIMd3d3Lmdvb2Qub3Jn +ggthbnkuYmFkLmNvbYENZ29vZEBnb29kLm9yZ4EMYW55QGdvb2QuY29tMA0GCSqG +SIb3DQEBCwUAA4IBAQBjicKVS7UDgLCb15ucoKfnrVGvKUs7XSKfF/xae+c/2xWP ++jCCqbilW0QhVuAYyK6GgVO9cG3PKhCH/Us2Az0oCzwLXibRHcDSRfrjJJ9uiofc +f71p9AzAtRMlSwl3UhSLS8xbHLRbniNXi928+1iMoKb8Ua2ZVHzF3s/T3J26EEkR +D2DtWq+y7ETlTPS/GklldW1x6qzWRgi4IriApX2taccJtFhaZH/Ih0XtnEWkmtOL +dwsadu9bjbLtUsFBeW/bcRBqZoI/7xbSxVwHVXF2MZwHkdFuq/3eJE9RXVGpy86+ +JXOcEouXyLAVjj9XCWLW8ilVTkYE6EmUvKSF4aON +-----END CERTIFICATE----- diff --git a/openssl-1.1.0h/test/certs/badalt2-key.pem b/openssl-1.1.0h/test/certs/badalt2-key.pem new file mode 100644 index 0000000..895900d --- /dev/null +++ b/openssl-1.1.0h/test/certs/badalt2-key.pem @@ -0,0 +1,28 @@ +-----BEGIN PRIVATE KEY----- +MIIEvwIBADANBgkqhkiG9w0BAQEFAASCBKkwggSlAgEAAoIBAQCy5dZH9k2pwH5j +w7iWD1TwOIqtmkNBOGDDk9jKvovmVUYm7nvLOrx4amqi7OUEpYaJTroPS1UxFo1E +7/0yqjIesNPVvqzn2wzuii4VsfDnqN1lqbpg/unr2g2gd095AyY8VQwuqYa3bXOQ +HSOHNgzm108XfpubuqleEy+ykHhXbgzqVTQ0Y3UjD53f6P9kSUnjnODG0RK0dgHW +QDWKE8TiQiGzb0sXWdkXvPt+zGw2+C76lID3p7y1+8G4rpfGpi2aPOH6m4beqNAk +ekUzu/dauhHY4aGRoX/EsDTN8K4FYtGGaoViFIh9Twc3nWvERXbjXSayeu08f+7C +NiSo6WMzAgMBAAECggEAe5D7MBt1S0H1Ss1+as/OOFqllwGNYLgjRhOR04BHu2G9 +Idjp0tcQJRBD9aMxEMOQKLkjFLtQ7aYJD8vAFMWv9rjmqKWaYk9QIFd7O2r73dcq +jTTt0l9gjZLAhMzELO6680M/Nd/MeFf2UV1/E76GrM+dBrphmvAUWjFgabMWHDR0 +vFmZW46MGyDLAmihSYXXtwamYxf4UHYC9QxW2KNu1l+llalrRqzT0tQde93W+lM7 +fZBXgjdLayqdPpYhKd6QkEfVYrgtkuZern+DlIhfQcBwVqj+2gVfO87hFVEb5V2+ +Rt4v6xpL2Um+MvojE1NO353WPDBFMYOmoMjSBL+CoQKBgQDXzk0ke/+ZZoOIWLfd +z57s9HyoTbiUHNELIhCNjJmpEVMlUn6TSRu8r8s4EciOb9yj4j5dr0p5tdsmP0eL +KJZyTvNlEsq93azCuzG82Z+963iqq/1msncjvcbnIll8kGwpr38sLAN/qjc11/o1 +gLbWuiztGyTPuFtM/Hy/UvkV4wKBgQDUN78TSEGzuKDtyuZNMCnvSJdXm2p3XMaz +d52ooRtZ0REH/MGMFW5u1xJxnDflcgnzXRVq8xaw3TMo/3Fx+Op6PGq8zVEwGDBQ +0WQqBVB/b4Rw21Kf9fMVMtXvOxIsQcdz2583s6Lojr63H4P11fF60EEVmEW2cXs7 +MviuHdt+cQKBgQCpgS0ufwbgYpjlu2mQG8fkrpRLTeCw1YGMkREXXVxEY4s/QXCS +F1Zl+l5QiAdTeaGAR/BcfZatyp17iTCUqSiiWEjtFrmQMFHGEmqavwStlAqPY9AB +niPeOu3EFkLbiESs6V+mPlvxJq1+6UlqRNNYDZvEERH05gUwjxEc5fsnqQKBgQCo +Q2cqJ8GIeVyIDreZ/hVR15G/8cdxysr1o2MLQGpKRb0mQx9HLfr4wWirUfzz3P7M +ykJgIUwdgdW9rQRLJNztfJf5CSZVZuhwPAYaV0pjMI2nWg7iLAXICh2caI7ZLnKx +hzJv3OvPTtcipUdhFXg5M4RXVfv4U3QtFRYeIChX0QKBgQDDQ7mGmWkuR++svxXG +A5ITe+7RBRO8kVhXEGYQbIiuk4fM2ZXWnw/MwMVX3cZRfL2DPVmRa5Xcgs9OLwQD +hoGqX9LBAkyB1p+ZBqNJaHa86awXR01gWNPW7/GJTp4Q7V4KkGvjIbWVWH/7TpMe +d6YkymUz7h0qMN/M5nsB5Xg4jg== +-----END PRIVATE KEY----- diff --git a/openssl-1.1.0h/test/certs/badalt3-cert.pem b/openssl-1.1.0h/test/certs/badalt3-cert.pem new file mode 100644 index 0000000..cd44b22 --- /dev/null +++ b/openssl-1.1.0h/test/certs/badalt3-cert.pem @@ -0,0 +1,21 @@ +-----BEGIN CERTIFICATE----- +MIIDaTCCAlGgAwIBAgIBAjANBgkqhkiG9w0BAQsFADAXMRUwEwYDVQQDDAxUZXN0 +IE5DIENBIDEwIBcNMTYwNzAxMTMzNjIzWhgPMjExNjA3MDIxMzM2MjNaMEIxIjAg +BgNVBAoMGUJhZCBOQyBUZXN0IENlcnRpZmljYXRlIDQxHDAaBgkqhkiG9w0BCQEW +DWFueUBvdGhlci5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQD7 +yQbYxTDmAxcJzHqauQqtUWWDj96qO481h0oELUC1VEbmV9Qr1v2OPebjVQfa+gSc +YYqC96IrJRwtg+z/mQzGE2QbLdVrCwktLmd0e3udfT4DObkKFJ63G9wH1kkBcsXy +esNTqmUvUS6uXMZYlAGX3uml7UmwXJ+E3zHzFILTeZcQxqjLm1BLGbSFZzT37euc +ymsZucA6pZwGiJQdRieSDTliXCkECZJhRf+tFBvcGuTnbYHsK6RnAlAN1Y8LSLrq +sjJunJA9U+5y++QR+xSzDrwjQ2RjiCDO6HU5k6x67x0g8tdkhS8yjT+lBIxOuU6T +I3GC4vN3U9LvZrWTj26DAgMBAAGjgZIwgY8wHQYDVR0OBBYEFIcSdFjChgdLODYp +IIL3Cx40pmomMB8GA1UdIwQYMBaAFAjRm/nm1WRwoPFrGp7tUtrd9VBDMAkGA1Ud +EwQCMAAwQgYDVR0RBDswOYIMd3d3Lmdvb2Qub3JnggxhbnkuZ29vZC5jb22BDWdv +b2RAZ29vZC5vcmeBDGFueUBnb29kLmNvbTANBgkqhkiG9w0BAQsFAAOCAQEAZSDs +XlhVEqGRU5Y/n6EIznEBdDSMSxjrZ62Nf4rWzrQGYT+R9CjUQra9/6wXyjvlTZZO +w+BP3y0n2vH1TrCP22fA3n4Tw8WoJfq4Sb3x/eSgTlUYAiZvHv6vfugC7y36c7xh +3dCgKWCDxaAplRsMkXIQXgfCNp360Z+OMMeNpcpVnxnp3LfMKCpsDWUKuWvN1AJE +mi1VCWQuQIC3vmiZbZc/YKF1kAgUHxCnqHcLtU3GAZUuCVyNrdWXk8IjzjzX+ZpN +qr/RUVVZ4IYDUUiGLHW2AvpVv9mt+SBspsCDXyiAf5O6xdek+tiTYLmU9uUOmtJ3 +ndvhdtnodLRvtBeJUg== +-----END CERTIFICATE----- diff --git a/openssl-1.1.0h/test/certs/badalt3-key.pem b/openssl-1.1.0h/test/certs/badalt3-key.pem new file mode 100644 index 0000000..398b52f --- /dev/null +++ b/openssl-1.1.0h/test/certs/badalt3-key.pem @@ -0,0 +1,28 @@ +-----BEGIN PRIVATE KEY----- +MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQCiqb6LYFYj1uPe +IVuzuDL1bfV8+xlrws67I+9yVDiHslYdA7ygv41gYKEmKSbL2SvAOnfjgDEb8RYf +LhF3LQUvXyON0LkjkZseXVFLNokDBXoNVeP1QjWfznPxHpgGN/xF7OQpkX3FVByC +IVUOpiXBbq5FtsuLhquHK0yAsY1gJYP8QFHUbCnE5vrpK8lOv4MZEc9rS6ZrSKn6 +9+s3nGx9QheboiDVTWqynxDQn2W5ZyTyKQX0IRnKg2zLJ6Dg2ec8OUh5nvzzUdns +AJ/pN2Yc3ri53OPodTkmrRha31N48TA7st35XepAk4vZnSq7cml+85xs8Az/OZDS +HH1EV5sDAgMBAAECggEAUIndN2NGo04l2vkHT4/XY1/DWdN1/b4h39TmHOSIbN+m +9YzBG5JcbKjLgXqEpA/uMqqAa9sv9ZbEDkIgEbLvy0m+79u1n1/bvwgTVTs2UZGn +oeyyBuB2bp6pF2y/duzHctPdEJvh+w8vYlsgozUuonyruwbL91SBn1aX9Wx0BHMk +rReJHuLxnGGgUVJzmNqKaGKBpuBaLhpytcIuwkNErDHUfzyxDcpu8IPo70jCafrE +hlrbs9o8vKcnWF3XZ2LVPdrF0MQeXfvOPc0txiAOU4DQ91gsoZsVsYJCXY4Qw+4S +ajpxidF6nQDtRtB/aTq+OCMzCVGog6V8Mg7VbA8u4QKBgQDQSHDEBgvPfoA/6Sxp +uzFV7T0Vgl58oV35EqPFl81cBUSwTElx8ueP4kK00964j47Qe/N5TQOzvH+rxlGQ +cBgQzG3W83c9HmfHjdx6lSQIruRW/HwqOsJtPcxP3XyxSO73+hqwf3hsOWRq74Lq +MHcgvWZ1iy/A0smVQu2sDLDk8QKBgQDH7b+FbKSngDZU+9uEYKkPpmhh0qGXVgSX +1W1BKYxIKd2y6aDOCxZJDTJGNBMpVdOTm1VNrL2J+cF73XOJWaG7KnSbxl/tkrS4 +9hwJ+Ut2VOumFWHEUqp+nxLxwJdCtA2f/YTNqJPLj3GiGJB+xp+dZr4ARn/+P5/N +DC5G6S3vMwKBgQCreWg1ShEBI9FsTIi/B1kHuAgZJDqr+qIGQ/1G2MI+Jyw0xKmW +wXc48vseKmvroGzgYZvCWtBYcjDd96kA8/gsJFGtrMWXMOgZ10YUOaLv7ySYJMgI +cFXPYBhMDDnzLutmhqbgdiFrYBi3HTa3nW0GLEglL5EB+8fwNai8g7pC0QKBgG6A +su3NGcjW7bDVMASf5HGY+XKwF85spcdCGMv+aeHs+fOMe+vGZv/jglkZKUocfP/F +yEVRZ8WePNn4kYZl+yVXFvKOl7DY+HiO1vqQRqxVzZWTleEMC95GkBL87t3YZPt8 +BW4iceX+F8GPMDZSFCDMi9HdJZtikTGlPOLGuTPPAoGAAjVUGfbNqnpQv6aDpyWX +Szd2uA9TzBCkh1hf7x4+E/Wr0leTGgXVez9uNarfpnVfgHTDv+OYK+Qnrq+UEHQr +9xRAgXLEZWXPbkUakB1o7ZW52MxR6C1zZgitTZYVzeX0EMeWc+1Ujjwe7Qu3L6RN +kEI6l4ZQL9buxDhqXH1UFbw= +-----END PRIVATE KEY----- diff --git a/openssl-1.1.0h/test/certs/badalt4-cert.pem b/openssl-1.1.0h/test/certs/badalt4-cert.pem new file mode 100644 index 0000000..3c041cf --- /dev/null +++ b/openssl-1.1.0h/test/certs/badalt4-cert.pem @@ -0,0 +1,21 @@ +-----BEGIN CERTIFICATE----- +MIIDaTCCAlGgAwIBAgIBAjANBgkqhkiG9w0BAQsFADAXMRUwEwYDVQQDDAxUZXN0 +IE5DIENBIDEwIBcNMTYwNzA5MTQ0ODExWhgPMjExNjA3MTAxNDQ4MTFaMEIxIjAg +BgNVBAoMGUJhZCBOQyBUZXN0IENlcnRpZmljYXRlIDQxHDAaBgkqhkiG9w0BCQEW +DWFueUBvdGhlci5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQD7 +yQbYxTDmAxcJzHqauQqtUWWDj96qO481h0oELUC1VEbmV9Qr1v2OPebjVQfa+gSc +YYqC96IrJRwtg+z/mQzGE2QbLdVrCwktLmd0e3udfT4DObkKFJ63G9wH1kkBcsXy +esNTqmUvUS6uXMZYlAGX3uml7UmwXJ+E3zHzFILTeZcQxqjLm1BLGbSFZzT37euc +ymsZucA6pZwGiJQdRieSDTliXCkECZJhRf+tFBvcGuTnbYHsK6RnAlAN1Y8LSLrq +sjJunJA9U+5y++QR+xSzDrwjQ2RjiCDO6HU5k6x67x0g8tdkhS8yjT+lBIxOuU6T +I3GC4vN3U9LvZrWTj26DAgMBAAGjgZIwgY8wHQYDVR0OBBYEFIcSdFjChgdLODYp +IIL3Cx40pmomMB8GA1UdIwQYMBaAFAjRm/nm1WRwoPFrGp7tUtrd9VBDMAkGA1Ud +EwQCMAAwQgYDVR0RBDswOYIMd3d3Lmdvb2Qub3JnggxhbnkuZ29vZC5jb22BDWdv +b2RAZ29vZC5vcmeBDGFueUBnb29kLmNvbTANBgkqhkiG9w0BAQsFAAOCAQEAiF/+ +jEoLAFll7JZN9PioyP0i7EEYCCVc7omFaKnIV0A9ZfV/TlHBZH/IQKdUXbSPF6eF +4UwOQbkc2gwYEliNsU+rw5PANBEwPhCGKBIClWhReIzQqY8oTRxKOpq3cHd6hsab +P3NYRUtinFdoOGlUHQQcql3zYwD/guOvA/zG8sR58ed9Fd0gt3OnSEvUSiR4e9bg +gbqgSYgagIDcZn4kEJWVHQGj7lA4ot60X3VYk6vWSB/RmWqbmsGxzoNayGWaCw7l +CuipVdk9yi4eROoQAxWvVBDz+7Q9CF7j1PkDMYB+QwiXwNfGplOMAWv6nQUNJPs5 +dIn/eeha7QWrqG/45A== +-----END CERTIFICATE----- diff --git a/openssl-1.1.0h/test/certs/badalt4-key.pem b/openssl-1.1.0h/test/certs/badalt4-key.pem new file mode 100644 index 0000000..aad778d --- /dev/null +++ b/openssl-1.1.0h/test/certs/badalt4-key.pem @@ -0,0 +1,28 @@ +-----BEGIN PRIVATE KEY----- +MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQD7yQbYxTDmAxcJ +zHqauQqtUWWDj96qO481h0oELUC1VEbmV9Qr1v2OPebjVQfa+gScYYqC96IrJRwt +g+z/mQzGE2QbLdVrCwktLmd0e3udfT4DObkKFJ63G9wH1kkBcsXyesNTqmUvUS6u +XMZYlAGX3uml7UmwXJ+E3zHzFILTeZcQxqjLm1BLGbSFZzT37eucymsZucA6pZwG +iJQdRieSDTliXCkECZJhRf+tFBvcGuTnbYHsK6RnAlAN1Y8LSLrqsjJunJA9U+5y +++QR+xSzDrwjQ2RjiCDO6HU5k6x67x0g8tdkhS8yjT+lBIxOuU6TI3GC4vN3U9Lv +ZrWTj26DAgMBAAECggEAB5KFLTHJBbHkGHxY15xnEM1Y4zsJdE80QGTgOf3ua0Ws +mDLeA6+EkqmT7xRYlyJbzyQz2Tp/WxLTpR7JmupMcwyUPykCuSRs0zoJDHzGO/dP +TSOISCBUoacp1+Z+7Zc5EtDUXQjL4D9tyvqpUHKrFZkzp7TaOX6foYxg4TGluZxo +RDp6qlAOzZJiAcmavgqPpvfgbkNs4cfdh9yu7FDX2Orqa0pQNsPDWp2VyOkDEPiR +7LTK0OxQiHLdBbLvjiW34eElyJl2tJhCb08JcRrfbYpeS43j0rOcyDJQZX6tkpxK +BJwgWVwqwuKBlZyGT2inASNeqON1tAGWhz59cWXcyQKBgQD++LSllDv7fOZTRKgC +e+MGbkCKrPgjUr9NJgcrQhQ+kxE69E3p4iUtj/YTwIc23qxjuZ+jyG1wOFIULRYz +KjBbuyEugfmcgWtFWeJokl71IHBk1QUT4xlSSMvccs8pTseBCdVWIkPRIc4qeGRB +3RCPrJmmcvsJ7gnYPFfmKL1tRQKBgQD8zQflPYNLPgGPNaCbFiy0aCNYzvd+4ETz +3TsKbmITXnq3W2Mf80RctzasFkTxM4Kma2fXbDNt4Z26s2x12FuEg7oaKtGKZBy9 +anmg4u4Cr1lk9BSSqlQeKsqQOp0mI3hyBW6v9CDhgCbMbKT6DgskwZpQjHLPf8UK +DCfJ2Mq1JwKBgFuy8rVCNLhj2SpFXO9XwvSDHm9BehSqI+cJMDbckw9WMTI0vvjI +vno+dk/wRDD1sKZFEicDZGihuNNMy9km6TF0gaCKWk1xNjVA+G6HheM/AW0iN6tJ +V8gCKl9kYyEGFjZQZQuPUziZod4gYl5VtSkW+EOmwqZ1l9DPEwXRzR7JAoGAAu2A +9Oe0eI+cRwNQ+9rS47f9CM9E0IRaaBSc1W8X1a+Xbj4xtLIFjalVicKsQ7rb/X9q +8XTAV7pwMDRZwjeiP7Oi2SC70oV8S7lK9VELfp53Q5MMFfLBDKRkOi1jmoh4oaFs +eb8zDkmEqYNsmbTF7kQLvHkT71FEf+xKHa1UE6sCgYEA+9bRKxPgngVA1qAhwrDM +jjODdUhrlJZDZ7oAVs/CelAO6sSXZ7Yqyujs2YonuQ9aUiLLA/b3b26XEqW/iMzG +onhxrQXGlsvqK+V5u+x8yBpBUj9KBw8RXBtdhPEl5iRIeQ17xKRi+9WilOuhwdKJ +dlpiKXP638lF4t5jvaCy28o= +-----END PRIVATE KEY----- diff --git a/openssl-1.1.0h/test/certs/badalt5-cert.pem b/openssl-1.1.0h/test/certs/badalt5-cert.pem new file mode 100644 index 0000000..bd67898 --- /dev/null +++ b/openssl-1.1.0h/test/certs/badalt5-cert.pem @@ -0,0 +1,20 @@ +-----BEGIN CERTIFICATE----- +MIIDUTCCAjmgAwIBAgIBAjANBgkqhkiG9w0BAQsFADAXMRUwEwYDVQQDDAxUZXN0 +IE5DIENBIDEwIBcNMTYwNzA5MTQ0ODExWhgPMjExNjA3MTAxNDQ4MTFaMCQxIjAg +BgNVBAoMGUJhZCBOQyBUZXN0IENlcnRpZmljYXRlIDUwggEiMA0GCSqGSIb3DQEB +AQUAA4IBDwAwggEKAoIBAQCzgx886aURB161wWGRp4rr45Di4KhS/wUUSaHTQo5n +9jD+7glAOBTrbQYb+Gz/tusDsuHvZOGOvQ45D05MJVvWsz7M42lA8GLJfKIX90aN +PMkX0pjNbx4admrAf4PYGabkihF9iPJ/ONiAYuoGoT0gjOEqtoxyEu/buXgNMTdt +lZ+wL30WKL518MCm1KIsqFpSrNRYZq5E206Umsna7uje5tBI3CwYy0OD/XVwnSEx +OgWkQ71RAqciVV3bCptBpheWSL8RH2Zom//INa6g5ArJy6TCy3IsmE0hCwteaHKB +jcFUPfLQKqJZiIg5DgJjjdwZ3KAWMljo3GjdSVbdZ6hNAgMBAAGjgZgwgZUwHQYD +VR0OBBYEFHecitO/eIltLUNkgT19Gn4TVkc2MB8GA1UdIwQYMBaAFAjRm/nm1WRw +oPFrGp7tUtrd9VBDMAkGA1UdEwQCMAAwSAYDVR0RBEEwP4IMd3d3Lmdvb2Qub3Jn +ggxhbnkuZ29vZC5jb22BDWdvb2RAZ29vZC5vcmeBDGFueUBnb29kLmNvbYcEfwAA +AjANBgkqhkiG9w0BAQsFAAOCAQEAOBZXBSNNAAAaII+l4mMoeXCpvofbaHuNlJur +G+1uu5ra6VF5Juc5/uBa9zVQa2npe0kKOtx8xcI6QMQW+usphaUEh8t7AgR3efyK +bsSKPnGxXtCSaYZIEiwFyAFTx1idzZixEfHUHTO+LQUwNTskDGCWK46V1P1wL478 +jXikGqc76DSmOXTc93asCMxCBIbHN7LLJIRhbUpiL2JrBPydzERPVoqiEZ9SWG4p +DB4T0hHq5FUUnR1Wg7yQoClhyButeB4A2eGwLjhpSeLeXo+w6ENlcm9Lp5rOhbOo +xqwgz6kUtU6smxWv0HruLT8Pq9hIKuPz6DWG/vIpiSLwz4B25A== +-----END CERTIFICATE----- diff --git a/openssl-1.1.0h/test/certs/badalt5-key.pem b/openssl-1.1.0h/test/certs/badalt5-key.pem new file mode 100644 index 0000000..89cdf25 --- /dev/null +++ b/openssl-1.1.0h/test/certs/badalt5-key.pem @@ -0,0 +1,28 @@ +-----BEGIN PRIVATE KEY----- +MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQCzgx886aURB161 +wWGRp4rr45Di4KhS/wUUSaHTQo5n9jD+7glAOBTrbQYb+Gz/tusDsuHvZOGOvQ45 +D05MJVvWsz7M42lA8GLJfKIX90aNPMkX0pjNbx4admrAf4PYGabkihF9iPJ/ONiA +YuoGoT0gjOEqtoxyEu/buXgNMTdtlZ+wL30WKL518MCm1KIsqFpSrNRYZq5E206U +msna7uje5tBI3CwYy0OD/XVwnSExOgWkQ71RAqciVV3bCptBpheWSL8RH2Zom//I +Na6g5ArJy6TCy3IsmE0hCwteaHKBjcFUPfLQKqJZiIg5DgJjjdwZ3KAWMljo3Gjd +SVbdZ6hNAgMBAAECggEAcNWYiwcptFx3kbNuCsnPLpqp9ZHU++ZEYQ4vY8VQEdTT +00n4Ep+ttpWe43HxwYJOktKb5Yf5p2j6Sa9vPbm10mx0qwC+pgzza0al9H5/oEN2 ++zxqw6Z2u5d3XmxIiUsGdly6xbeRBZrLq1eBVo1/CLjEx75a5VE151zbMx+egYge +xETVRushMINQwkMbVUQp6MLX+M5eqEP8c2xyzPVEtxtxpu4yxZWbDuFezModhdvj +ncV0QTBvlvB5Eg+4CeZiOvgu8ulnNUJsYGvMGCK8b9FwJhpM1CVtmw070CnRL0hx +6Xrhgw26oAUmxWkvzzXsgwxAZFJMpM5Rg3rwrNDzWQKBgQDnR9FIh24gOK6g9dOx +i/LVKFZ1V1/HVXTXiBjPHwecNkBXLLlgE46fxSHd1mt1yoHnyp3qOXbCIsqnk0S9 +KyMN0y7YG0P6QHxdrnhhr2zsZaVBEoLXmBn7vp6M50xt/Je4qvOGwkPTrU2Uftil +qMIexti5oO/tOksmWw0Bm0R0WwKBgQDGsthSr9y1zpACJnu9rdMkwqZoxn8n7CPN +y2L66WSpCopBKighfvn9ymOkV07TdcY9PEo/Yb5G3jT23trY2GOd6EYTSa0S8yDt +lslXTzZJGAK+RiMf5zHBwIS800XSBqXCjL+yJ3w0sQd9uRcQr8XjIJLZfbT10sRg +1jQBMK1WdwKBgQDJdsXXaCGF79ouW/ULs9zT0U9+552HBenB1cvGoEEA0kE5rrvL +9T1H73CQzTbOZJjEULs+TNAmTCg70Q0Pu4PNhyhHF3kfhQzQjipO7YD0a5aIGJfh +NZ1srZ9vHgx1wpJnSoLX4GE1AsGRmO0fYOG37X7cNFTLUPwlbSrnO1lmAQKBgHdR +kJve5X/7wfi4mVgnGQMbLIkAof0cTcfYGeEo5HyqSqmlIiIzOPYRYlKe50QOlnPR +T5jOHlA6Qb35x5uuHewGPoZ4mMknXR+vi8q1U5kDJSqTvaX71KJP9KXbjTL5MPMq +SDc4hNqzcBcsXdB0bTXeKrEWTuPLpIeuOd55F64zAoGBAMooy318nDZ0c2Qek3/N ++SN+cG5tLH7HjbI9C4XBYVbxXHIvg/nSzFRxBbC2ZFetJ27xvweM1J/Clk7d1Lvq +PM7fcVgcc+ccHNM7KX77k0/J+FJF1uNsj9Rgg2TFveLKbtHfmaZd31k1HIYhSS5E +a0BZeU4ZpKQJxpf8YbXbPi2Z +-----END PRIVATE KEY----- diff --git a/openssl-1.1.0h/test/certs/badalt6-cert.pem b/openssl-1.1.0h/test/certs/badalt6-cert.pem new file mode 100644 index 0000000..fbe040b --- /dev/null +++ b/openssl-1.1.0h/test/certs/badalt6-cert.pem @@ -0,0 +1,22 @@ +-----BEGIN CERTIFICATE----- +MIIDljCCAn6gAwIBAgIBAjANBgkqhkiG9w0BAQsFADAXMRUwEwYDVQQDDAxUZXN0 +IE5DIENBIDEwIBcNMTYwNzA5MTQ0ODExWhgPMjExNjA3MTAxNDQ4MTFaMGkxIjAg +BgNVBAoMGUJhZCBOQyBUZXN0IENlcnRpZmljYXRlIDYxFzAVBgNVBAMMDm90aGVy +Lmdvb2Qub3JnMRMwEQYDVQQDDApKb2UgQmxvZ2dzMRUwEwYDVQQDDAxhbnkuZ29v +ZC5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDKz8F/ndKz0vuv +BymjTUjtrWSQsnsuisR+oW8CIliNBi8yqqeNrtoa2s+e2GBC7gxDlK9IOqGo4Ulu +9jY5On6RysrFWLpK97I7EP9cg63alH+NRFEwczRzErHtYx54yiBjcovcCVeTtdnd +7/P4T8hIGy6QjdW68lzwnN/I9x11NWoipIKvAOGXz0L/WaPPWZ0GJFlBqEX//O3+ +6sweSUX4ivAC9txou3rwDA8kJx5Ge9trQ9dPPG/jpL96f1DLE9H2SkVff1KLTPmb +jUwiYj161lsKLxGkbdmPWRjt1pP4+5UUhioo1Y0WrTd5ELwB1eKTtWsOlRsdLOa8 +1L6m8ngXAgMBAAGjgZgwgZUwHQYDVR0OBBYEFBIKyD5bUUNIFxlQJl/rBvvIm0XZ +MB8GA1UdIwQYMBaAFAjRm/nm1WRwoPFrGp7tUtrd9VBDMAkGA1UdEwQCMAAwSAYD +VR0RBEEwP4IMd3d3Lmdvb2Qub3JnggxhbnkuZ29vZC5jb22BDWdvb2RAZ29vZC5v +cmeBDGFueUBnb29kLmNvbYcEwKgAATANBgkqhkiG9w0BAQsFAAOCAQEAa2lydA7a +YgRhYeIuPEtR+bKyDkIKNjvx2IRL/FL70s/IWFWDK1rpsMYLGNa7rWpW5gq4T6zb +JIwC/770Rw1p+0j9eAC95d2wCEhyNcLdoP4ch7whr0MhxYHUJ8zQGPdQ97DWGoEB +2seLjrhMrX004TM4UlM+lpjsb88QEcD+kOEhdDTKm0ABUygOr1KRay437mtUhAzb +WyUbAjKbhgyv6IFRNHKy6YtCMugPihn+Pd1NY6c2ACRVOAUS/+rvVyjxBCATW5Wk +zAtNIxYgcm3rYRroGYT2BGj8Ic7oqPOWPdGWhsieX0c+y2ZnS727Kwc5tXFfW9By +GH32QmEN5o5jZQ== +-----END CERTIFICATE----- diff --git a/openssl-1.1.0h/test/certs/badalt6-key.pem b/openssl-1.1.0h/test/certs/badalt6-key.pem new file mode 100644 index 0000000..203a4c7 --- /dev/null +++ b/openssl-1.1.0h/test/certs/badalt6-key.pem @@ -0,0 +1,28 @@ +-----BEGIN PRIVATE KEY----- +MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQDKz8F/ndKz0vuv +BymjTUjtrWSQsnsuisR+oW8CIliNBi8yqqeNrtoa2s+e2GBC7gxDlK9IOqGo4Ulu +9jY5On6RysrFWLpK97I7EP9cg63alH+NRFEwczRzErHtYx54yiBjcovcCVeTtdnd +7/P4T8hIGy6QjdW68lzwnN/I9x11NWoipIKvAOGXz0L/WaPPWZ0GJFlBqEX//O3+ +6sweSUX4ivAC9txou3rwDA8kJx5Ge9trQ9dPPG/jpL96f1DLE9H2SkVff1KLTPmb +jUwiYj161lsKLxGkbdmPWRjt1pP4+5UUhioo1Y0WrTd5ELwB1eKTtWsOlRsdLOa8 +1L6m8ngXAgMBAAECggEBAJNMHK8BAvzTqTPPsfAGu4bTvgxRdKGy609FFAiqxUF3 +UmQsCZEfgwyqCszFPfSeS43xuPRukObE6L6MV4ls8GwWqvp1nKfCClJX3/9jK6tq +2tDQ416a7Wb+FvfgW0tDEg7oLKfcqRyAoQFNuxWHbGDiTQlz2dzzFYkzhlzBDUYH +/pu9qkNFGfYMFwsBUd8pp8zMnv552CCIgalBBFr1hy9q47HBaJPaF2/CjZJmsqkp +rVMBH7+j0y1DW3JO5rSKcRdz+mgEd9m/yQIazvBPJKxeGza8JfLBuACYFLIoO1S+ +b8s/zmQPHeZwTxSsM64M1uYi4dmJy0viozLlWsjrE1ECgYEA/GxGG/lB1mL+Hzmc +kXzWmA2nLPxZXGxMBOYH/n8l4OyDmKi2Bmly7kS0kLdY6gYTVBWFCRcvPxf+UJu9 +x4NcKDkjXVXSg7Muux3Bh1JoRCOKB2Hk3pqdDe55GcT5bSikkd5PYCNobcnqzSK1 +HzKveDdukraZxIPFpVs1VM9/gxMCgYEAza+BJUAEWoq925a1RKlMwdXW1ONBhFqU +fXon15fgycHkiYIBGbGE65Oyz8BwE6jNAT+SwKlNCc6jPAkXvEUpczEi5Rcox8Ec +hNoXBHcBxHEhtfV2VKX5I9JFAadmvnfS5St7HjRLzE2Y6xym1+fKfnAlSLpdb3W2 +eRqVBi3F020CgYEA6K/yrQTHwRX+BdC42JCIzSAA1IJG6eDW7skR43NX+pBr+sTD +DwQTszrYbHLnXst888zmluutXO8EO1Bl0E3yHQ4W4IolhcweLtUOOm0nunA8Y/PE +48MJNfd34N5nw01s7x5Mc2YQdOxmKvVsmzbA9AO9RTdYZgPGpVh/wA+LDssCgYBh +F2+G/ekQNF3awhFfD+vDtAVtCLlsmLVvZbJY+sCJfJU8s7mBP2LXMSk/GD/Ph+b9 +p9zGRSSwdHJpbIFfxeYDEja+nWgKowWrUKd83BBhgmW/Vtc8rfwlBKS+Wx8M2dMb +iqLbZyRAlICSuzumvyu+84EmC5L/gjlYgUvHVuQDIQKBgHH7q3hrKI5mQ0BR9h75 +4yP98c+Duz8IsQllIG0gzCiiOYIVTl3uzTCa/E9Sa+jG+kFsCeUDchmC6LmHdF/Z +ZHfECcQT4B37xMMwvjwNW7E6/FyRx3XC762Fd5vlz3fBuVKburfh1JpfpcO85Wvo +R1UfsJugW9Yetsqd9WB6q3ln +-----END PRIVATE KEY----- diff --git a/openssl-1.1.0h/test/certs/badalt7-cert.pem b/openssl-1.1.0h/test/certs/badalt7-cert.pem new file mode 100644 index 0000000..b515ba4 --- /dev/null +++ b/openssl-1.1.0h/test/certs/badalt7-cert.pem @@ -0,0 +1,23 @@ +-----BEGIN CERTIFICATE----- +MIID1DCCArygAwIBAgIBAjANBgkqhkiG9w0BAQsFADAXMRUwEwYDVQQDDAxUZXN0 +IE5DIENBIDEwIBcNMTYwNzA5MTQ0ODExWhgPMjExNjA3MTAxNDQ4MTFaMIGmMTsw +OQYDVQQKHjIAQgBhAGQAIABOAEMAIABUAGUAcwB0ACAAQwBlAHIAdABpAGYAaQBj +AGEAdABlACAANzElMCMGA1UEAx4cAG8AdABoAGUAcgAuAGcAbwBvAGQALgBvAHIA +ZzEdMBsGA1UEAx4UAEoAbwBlACAAQgBsAG8AZwBnAHMxITAfBgNVBAMeGABhAG4A +eQAuAGcAbwBvAGQALgBjAG8AbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC +ggEBANStByWr70u2A49OO+LYu0ivQP+uBu2n3E6RoEYf+op/+JF3clwfMQCGqiSg +QxOJMHkcu4gJDudRLCSXqHPnR0hOd+mQ5wQQJmLj8A99ImcD2oN5R3V5I4bSlXP9 +GCq2pFDnwXuEcJ3d2Dt1HYO4jA4Ol/RBT3NIqmwSnQzXv98mjYFpy6AuAIaYGmbh +1DLWxsTPI2NjNafJYS85NrQDLkTpq48nCmQCJ+ly6Zzu7WuJiDKD1Rxs7ZwgNtLi +Zhp41TeFHxCbfSFKe9u4rnUmImKxwgc9KuzOLpLAzD9avWpPGHtkCsLFsiw/EJYf +UdeCXc7tz9WhXZzOk/ffLOcrorMCAwEAAaOBmDCBlTAdBgNVHQ4EFgQUwYsR1XfZ +2cPcAR7i5i9obalnJcIwHwYDVR0jBBgwFoAUCNGb+ebVZHCg8Wsanu1S2t31UEMw +CQYDVR0TBAIwADBIBgNVHREEQTA/ggx3d3cuZ29vZC5vcmeCDGFueS5nb29kLmNv +bYENZ29vZEBnb29kLm9yZ4EMYW55QGdvb2QuY29thwTAqAABMA0GCSqGSIb3DQEB +CwUAA4IBAQAN/klfzMLi2acp5KdH9UZR4XCk3cZBOuMuI0vU+wrU/ETgY6rFhAwY +gSZsO6vX0mt/G6QfOmY5+kW4FY5XavGhhNVY2x5ATZKvQCf+orIsUHOBxVTjH6az +uEnxGDRTbjXSkBTCTSoOqdJNeOmEwiaHEVy/atumUW2B2KP5FeBGdud/94c4Q9/O +WBJ0EICGF6hYTDra63lAjxyARTvocVakIE8zytT1SbU4yO05mYPyNdXxiXikepFE +phPQWNSLx4EPBIorGCFj7MPDmFCH/+EjDjGz3SNUvqsak6MstzK94KVriQyIHKex +IL5WuKFm0XSGKTX8SzyMGErMGeriveL2 +-----END CERTIFICATE----- diff --git a/openssl-1.1.0h/test/certs/badalt7-key.pem b/openssl-1.1.0h/test/certs/badalt7-key.pem new file mode 100644 index 0000000..50557e8 --- /dev/null +++ b/openssl-1.1.0h/test/certs/badalt7-key.pem @@ -0,0 +1,28 @@ +-----BEGIN PRIVATE KEY----- +MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQDUrQclq+9LtgOP +Tjvi2LtIr0D/rgbtp9xOkaBGH/qKf/iRd3JcHzEAhqokoEMTiTB5HLuICQ7nUSwk +l6hz50dITnfpkOcEECZi4/APfSJnA9qDeUd1eSOG0pVz/RgqtqRQ58F7hHCd3dg7 +dR2DuIwODpf0QU9zSKpsEp0M17/fJo2BacugLgCGmBpm4dQy1sbEzyNjYzWnyWEv +OTa0Ay5E6auPJwpkAifpcumc7u1riYgyg9UcbO2cIDbS4mYaeNU3hR8Qm30hSnvb +uK51JiJiscIHPSrszi6SwMw/Wr1qTxh7ZArCxbIsPxCWH1HXgl3O7c/VoV2czpP3 +3yznK6KzAgMBAAECggEADjQ0Kv7tr3fLixGljEP/Vh5mT+02hz7TxueQ9b4DBKcB +We3JVH+8zRUxXdraP/7EnwIdQDuipC5WrWb3mC4VI64h8hZ8Z1gQyEAC83XfC1RF +jsxVynG5vrJnyuRXbdre5Ixl7rLsto5vd6EdxINZz0KIQYbvIHr07tzbYlUyelvA +mu0kYdtbjm2p2AGJJ99zN3EiQ9lZDyiFirOXEA9P/YdKKVlIwpDPbn/TmNY/k6Ul +mRxgAJKwKiR6Gg3QMdTUKeaXBpKf/pa+5rzR7zxNbiQO3IXOVx7ZzQ2R0Wuivpqk +yjMaqUa7dDuvtIHJBpJB7TIL6SlQkiS1lEQFhO7EAQKBgQDz30obdymxqQVy7IsH +NLo5xRX1hRRN9h34Y4qC0JXkCTG1fWJ19KYHod0S5peaIo/ThDVf1UXln6amdCjM +oIfhmo0baNIdMMpxxBdsdLfUKwyVh8qROaBscPE4FGBUrfEW/wSn1WRYcWh+oda3 +LuLVf5Qt9a9f6ZYuy1X6dDi8swKBgQDfQJTSFUNkV8yKfMX54x0DcUkiWOu3LaET +GSu0UXqBVn1Q+u6CUAkh5jA9fpyM5sp9+t5FuwjO+ITHfiNFoD/LCeMUfYVDF7O2 +uCLTsN+7gTGpKMnfL/rg9exrsfDdsmbQe4BhrUFBsYfKgBlBraL0QGD+25qgU8CS +CQ6toGCCAQKBgQDCYJskwRoObPXW4AsAN1qnaRtTkjrY2O6SaGSiV7bhByMD0WiF +M/aR5sXapsj3Jc0Vfi88rzUDDPk7eyJ51wn3G8SUsDuo4Ja7jtxMqctL5PQmyxD+ +J7xiMrNRS4xscifTeHgxfbh5dgsfw8bsQwaxvPpSl5ytCfWWXqOs+K2wWQKBgBM4 +Mher8PNQg7FgcILExJipRgyI7zID4ZwNTK/nW86KrZstHx9k2IRslraUkdGnhMM3 +t671HRsEVhn+h/bUhulp3nzDGZffEH+odocW8QvpYWcYtdha/xQi18mltgC//Q3x +s+m0yqtnJzONt57p3d99M1x9d2BaFXf9A6B68BQBAoGBAOatu9+wGaIEB//fpaQt +mnsS2XBJco5gHTjOegCSNe3gQQsB5mhTEekOeMzJ8WLTMVXQVCXx9/8HxKoycbq8 +M/7ScH1iT/wJTkSsjyeycUgH31GPeRvmo9YU2PsW3NN6ZyNpxWJFdcPYHAzZqJeA +cZtQWiEyaf026DdR8YBYn6tf +-----END PRIVATE KEY----- diff --git a/openssl-1.1.0h/test/certs/badalt8-cert.pem b/openssl-1.1.0h/test/certs/badalt8-cert.pem new file mode 100644 index 0000000..2056060 --- /dev/null +++ b/openssl-1.1.0h/test/certs/badalt8-cert.pem @@ -0,0 +1,21 @@ +-----BEGIN CERTIFICATE----- +MIIDgjCCAmqgAwIBAgIBAjANBgkqhkiG9w0BAQsFADAZMRcwFQYDVQQDDA5UZXN0 +IE5DIHN1YiBDQTAgFw0xNjA3MDkxNDQ4MTFaGA8yMTE2MDcxMDE0NDgxMVowUDEi +MCAGA1UECgwZQmFkIE5DIFRlc3QgQ2VydGlmaWNhdGUgODEVMBMGA1UEAwwMd3d3 +Lmdvb2QuY29tMRMwEQYDVQQDDApKb2UgQmxvZ2dzMIIBIjANBgkqhkiG9w0BAQEF +AAOCAQ8AMIIBCgKCAQEAp5T7voqwIiauadaESOe4RMhRVU9tHp5JZlz1yJ7ZYF81 +PJJ9XfERTCJQow3BNRbVeXEyI4mvMMcuFwd5cKqy/gP5yfEV01QbpqACKhIK90Nj +9fM2QOiYE81FmvQzP6j7QFYt0E6J4kupvj0D8Z2Nri0kXDGe5+hbgLPkZvnh0vvJ +Ck7AEQ2iqO4Npe4uHoDx3GXNo2Jb6BKNf+nMsJPLo7sqUuZA0/mFDVPNRvKfiq6b +ObFUdbY/qPVPHk9VBWZuO9etk35G2yTSQ9KiGRNgcoWQAozAyLRx0yECHZEbrZ5J +JFuPXO/r7saqNuV7L8UpR0Z0SpyXKs7suLGBpYnO/wIDAQABo4GbMIGYMB0GA1Ud +DgQWBBRkrc1ZEOlR+93o/6EPrgFeM37AsjAfBgNVHSMEGDAWgBTwU4mH3VYZwBnm +IFVvC/wUFdejsjAJBgNVHRMEAjAAMEsGA1UdEQREMEKCD3d3dy5vay5nb29kLmNv +bYIMd3d3Lmdvb2QubmV0gQ1nb29kQGdvb2Qub3JngQxhbnlAZ29vZC5jb22HBMCo +AAEwDQYJKoZIhvcNAQELBQADggEBAJ/gHSUGV0LahCqlFzhi4iP5JTleZlhsqOQd +S2I6KV24gC+Hz4NHv4XhYv9mqZbivNSpf6+TV+77wcncfmkeAGqYMVXVt8DlJ7co +NiKJZu3e2InmhLm5b6cYRidPhPEM7qYpxIhjpia1v7U83nNWvwEITmC0H0Qp3Cuf +dv1EjAyGZsER05jBsy0qqH/64+djqd92zKNKCEaWXkTlC1XE+/PbEb94X8YbQaUn +/wpvioqQ5rv+Bk2Jss23DDh0zOdWrCbKPc9BfsWCfLZYfOAyn5iH1vNdCVd85ggJ +YyHBQ4JiF/uqkHZ7iQJ1QinJIJruAsC0BV0S3mdGgGQAmTT3m84= +-----END CERTIFICATE----- diff --git a/openssl-1.1.0h/test/certs/badalt8-key.pem b/openssl-1.1.0h/test/certs/badalt8-key.pem new file mode 100644 index 0000000..1b5cfbc --- /dev/null +++ b/openssl-1.1.0h/test/certs/badalt8-key.pem @@ -0,0 +1,28 @@ +-----BEGIN PRIVATE KEY----- +MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQCnlPu+irAiJq5p +1oRI57hEyFFVT20enklmXPXIntlgXzU8kn1d8RFMIlCjDcE1FtV5cTIjia8wxy4X +B3lwqrL+A/nJ8RXTVBumoAIqEgr3Q2P18zZA6JgTzUWa9DM/qPtAVi3QToniS6m+ +PQPxnY2uLSRcMZ7n6FuAs+Rm+eHS+8kKTsARDaKo7g2l7i4egPHcZc2jYlvoEo1/ +6cywk8ujuypS5kDT+YUNU81G8p+Krps5sVR1tj+o9U8eT1UFZm47162TfkbbJNJD +0qIZE2ByhZACjMDItHHTIQIdkRutnkkkW49c7+vuxqo25XsvxSlHRnRKnJcqzuy4 +sYGlic7/AgMBAAECggEAEnrYZAOxNqLjWuKABfYfmN4qMeknVFgKKhKYO/5gZEM7 +gKl6z7A0wxuJnuF2a99PvSuhZs/ZFNzyFTIKz0TTpjVUB1Phn0NIJVDBzFffA7NX +w5iFZBUCKDTbtyG0wRFmW4rlVHJEvEKxvjvGQo+oPwvVVaFXL6Ws6X1s83oc0AIs +U3NKt8Q69o5pMHUo4Cv8Lgv41J2dfmxqf81FPLPl8NO+E5zV8OKT1AEisYh98P8R +l7E6qWdPVv8hbqmtpXx2rDvUdooaNZPBczjbb/b6zdqxkR3Weu6xBFKTIJAsb7hi +QI/DNxRTKnlDt8QFZi37KwkXAtSIQb7rjZ2OVOGfgQKBgQDQs5+u1ufRxi65Vw/8 +lkVjuB0L5+2Z58HlNrB8+iXqh9eovph17Y23ADaCUGEgEUyK3SfA2SFaj0C9nGtf +SgqI2btQQm53sYq/MDNxKf9f0hJ0K0EK0LVyyl4fmGTSexrz+sEYPmp27/RhFSAR +f+uccT0lI/V1V8NKkSKAK30zvwKBgQDNj7FK/+ER7e1+gE5CWKEimOPys3hd91Il +2hNWOzllPtOj5C9qayG18XNYZm0+YqQtYZLhV5REMxY2sNtpfMxtqkjUrZnuaqy0 +thhQQP8BRS7eoyOgZ4lAvizsroAqvM9Hqxu7EMspBVLvKDoyGf+L4QsvWB6A7K9q +4EjDrx00wQKBgCxh1paG6zuoKq2Nfz/W8SC4uaybgOLW71wAWl3pkICkrM8c4S1K +/HUrXWwvDciVBTMOvvJ6+mXYywrHpenYxA7ARt5Vkkpv/jKUXIw3QzCsavI7dJSJ +N90Wfhe3/9DnDx9NdxzhwSBT/SNcK7qs+n0Fc9xfHkb7B/Pmk3CwTurfAoGAKlf7 +MXPcLRFR5skPVeNj7fiInCoUFWco6NsvOIginpR+jDgo/EbtPslp9T/EKSGwqBh9 +ZSXhSNstLD7qM6Sdh8mYDxdjqhUXVnJcN8vru5tAuGPqptQtFcUXA/o+NI+IMz8w +Cyy+bMjH+LPUqRVp6qqE30/LmMsop19kHcsovQECgYEArGQs1WwBCkKCyjAbUOXF +m7pTgqrVEA/+ACrB2/4lCNgBwRvo2/b23pceEIekfcfzlJnsy0i73Jbh6OV5yk1N +Glq+druyWBpK6Ao9emVeLWBJVinSB7WMZ2XPPKEUHVQkYSN0rMuBisEa07lai01E +RxbCxTFtyUMpmWzDwgiwPbM= +-----END PRIVATE KEY----- diff --git a/openssl-1.1.0h/test/certs/badalt9-cert.pem b/openssl-1.1.0h/test/certs/badalt9-cert.pem new file mode 100644 index 0000000..f3d7820 --- /dev/null +++ b/openssl-1.1.0h/test/certs/badalt9-cert.pem @@ -0,0 +1,21 @@ +-----BEGIN CERTIFICATE----- +MIIDgTCCAmmgAwIBAgIBAjANBgkqhkiG9w0BAQsFADAZMRcwFQYDVQQDDA5UZXN0 +IE5DIHN1YiBDQTAgFw0xNjA3MDkxNDQ4MTJaGA8yMTE2MDcxMDE0NDgxMlowUDEi +MCAGA1UECgwZQmFkIE5DIFRlc3QgQ2VydGlmaWNhdGUgOTEVMBMGA1UEAwwMd3d3 +Lmdvb2QuY29tMRMwEQYDVQQDDApKb2UgQmxvZ2dzMIIBIjANBgkqhkiG9w0BAQEF +AAOCAQ8AMIIBCgKCAQEA9Y+SgizcSJ9TIHvJf0k3cnBDWx8xJKurrmpiuvQMl1YY +lzmI4Qxojr5CRDSvCZh50xtF4CDMXW1MnTtYelFhfSmQ09M6lyfjMF+hrYTFkDMX +Rz8WhtN6/YP80xuy7NuhsA00/hUJKqsAKT8ggwlf++0e+L0ELiu9dmB46zaxWzr4 +z+DigvrA+O7xrpiD/NscLNK02uIURKPKqlPL5LxUenC9ROFGNAIYJoWzsjxoVD0D +X4bf0COBRzGlLFUHN4FY8LBwGhTcQ+hvsYn0JbT913daX46BuEkrT2V2plCsFDXz +TOtKAHEBm/U4slrp1F3CPsXeqdqnB+3Ktaj+UQ5ZRwIDAQABo4GaMIGXMB0GA1Ud +DgQWBBSauJ1kxBbvxrSyMER4Eh+hEnOo/TAfBgNVHSMEGDAWgBTwU4mH3VYZwBnm +IFVvC/wUFdejsjAJBgNVHRMEAjAAMEoGA1UdEQRDMEGCDHd3dy5nb29kLmNvbYIO +b3RoZXIuZ29vZC5jb22BDWdvb2RAZ29vZC5vcmeBDGFueUBnb29kLmNvbYcEwKgA +ATANBgkqhkiG9w0BAQsFAAOCAQEAGrRJCrSxYLrkJ2MUyaMmJTrhfijIw9ZdYRLx +lkCeW+i6qIV58JQKZeRQVVRJSUEV9OGWn6/46xZZdZWpJIab0EtoNHlMQoB1xni/ +1D8+gyOdiWy4jgg83arMMulre37T256vOGtNOu7PpDQCoPWCJkb9xuMt3RJrK8N/ +tFYB8TvWATtY/LGzk9Tmm+C7hNxsWx0l+ewxlqdHvpc7xwXuf8u7Ise0JkCDi8NY +z6BxnUyWJ83G20npGnAWXJoaXNDcY0H75dGni3WcRPTAayboEr4xjR9Xqiu3bzlZ +eVdPGwLwbgkvj7NDCQDphHl0HseTUToHGJrVj8dbR4lV10gogA== +-----END CERTIFICATE----- diff --git a/openssl-1.1.0h/test/certs/badalt9-key.pem b/openssl-1.1.0h/test/certs/badalt9-key.pem new file mode 100644 index 0000000..873bae8 --- /dev/null +++ b/openssl-1.1.0h/test/certs/badalt9-key.pem @@ -0,0 +1,28 @@ +-----BEGIN PRIVATE KEY----- +MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQD1j5KCLNxIn1Mg +e8l/STdycENbHzEkq6uuamK69AyXVhiXOYjhDGiOvkJENK8JmHnTG0XgIMxdbUyd +O1h6UWF9KZDT0zqXJ+MwX6GthMWQMxdHPxaG03r9g/zTG7Ls26GwDTT+FQkqqwAp +PyCDCV/77R74vQQuK712YHjrNrFbOvjP4OKC+sD47vGumIP82xws0rTa4hREo8qq +U8vkvFR6cL1E4UY0AhgmhbOyPGhUPQNfht/QI4FHMaUsVQc3gVjwsHAaFNxD6G+x +ifQltP3Xd1pfjoG4SStPZXamUKwUNfNM60oAcQGb9TiyWunUXcI+xd6p2qcH7cq1 +qP5RDllHAgMBAAECggEBAJYazkcOnxUxd0HrCU/qdJ9aqoG//m1ZFxgF5hY76ppz +wZJnVBmlWSCwgpdo0Pp/nzCBgmQwCFyv3F5ckYgryPkWeHZTr4QImOLQAmesOowb +/wXJNb7y9UKU9O4jB2usEhko6ZTLTRAs+Ws9MGWJTIgV+ZG5ER4cFLOQ4zl89Es7 +/Z9dQFs4c9SqLfyEY3kbXqSQ2uwbUPvZxk22gEmT1OPJGCLAV/fVIaHlGMwacvDV +W2xqNd+uhkqm2ym5u/ROKOCg0jNDkbyHvfTaqCuM1um92nV5kE+JdPiZvAF9XYsf +BDWCaYZW7b97drptp3LOCCptjNAqXc0PH8inVvqbjnkCgYEA/jK6BnXM4lzlLUPt +Bzec+poqyS6uUjP81Ug5CRP5kr+H9GkpBT3iUIU73S+F6Tg6YpobiSP4vpp5kB1p +iZxApte404EtVtOd1M08fx1rQVnyc8RjDENvYQk5hefOg3DrJ28iQzN/c+m8tHfb +OjBp90PFDGSsVvvQjJlwtB5oj+0CgYEA900sE2hBGpm5jXgER7CaahcDnHp9qSlB +lsQYDTDu751V11iRyUVUqZ8IzmgOu53vXbuCpfuQO0H2aFhbe16fCk223eLPJHWh +cGl3FUeLi+uwShMiRWAikMSQ/fUxoOfeal+N+VgiGYZtT7u2s1mpm83/mw3J/gaT +CQI19A67H4MCgYBX7xZZC8EvgTEqYngJahycuF4asFJPT3qkEVLhqA5KzITscMBm +9sxmTGC0GC97yR6xY1wpKc9vqCJrTzFmEC5xSOjACcy0X4oWxlSqKHQk7Eep8oLN +CDrsV3OVteXDpHlEb/ZrRtJNN8s2psuoqnzNs5zjt6PCh2PSb3YEaQyE1QKBgQCp +6VfzLZotkJkwXdly+B/f7FgK1w4nf7UUxT5RMeG4uD0WbEAeLYhx0lbWmiAlP+oK +WJ73M9RxIm0OXEbeiLB0/9g4s3Dm9/snpQ6wjCuQwyqoemT9jYOyO5vzINgsWaMz +Ktv9CVTEfNv2AF8S8vPZnLuV6O9znUjA08gGG2jtyQKBgBisaBV0L3zTllp/KxiN +rFf3u42XibhfTuiyaJtUDQftkvfW727nE4nTZ9Q7uVXuK4xdmihfA0htsMbHX7Jc +1R6SzJ8x8T/2HXsiHLubqbANWfOYxYxlvmfZ7/Bv1GhBIq4d7A8a/Eyz34j9w/xs +C34TbBAlm79KVANPHT+CJoR1 +-----END PRIVATE KEY----- diff --git a/openssl-1.1.0h/test/certs/ca+anyEKU.pem b/openssl-1.1.0h/test/certs/ca+anyEKU.pem new file mode 100644 index 0000000..36ed837 --- /dev/null +++ b/openssl-1.1.0h/test/certs/ca+anyEKU.pem @@ -0,0 +1,18 @@ +-----BEGIN TRUSTED CERTIFICATE----- +MIIC7DCCAdSgAwIBAgIBAjANBgkqhkiG9w0BAQsFADASMRAwDgYDVQQDDAdSb290 +IENBMCAXDTE2MDExNTA4MTk0OVoYDzIxMTYwMTE2MDgxOTQ5WjANMQswCQYDVQQD +DAJDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJadpD0ASxxfxsvd +j9IxsogVzMSGLFziaYuE9KejU9+R479RifvwfBANO62sNWJ19X//9G5UjwWmkiOz +n1k50DkYsBBA3mJzik6wjt/c58lBIlSEgAgpvDU8ht8w3t20JP9+YqXAeugqFj/W +l9rFQtsvaWSRywjXVlp5fxuEQelNnXcJEKhsKTNExsBUZebo4/J1BWpklWzA9P0l +YW5INvDAAwcF1nzlEf0Y6Eot03IMNyg2MTE4hehxjdgCSci8GYnFirE/ojXqqpAc +ZGh7r2dqWgZUD1Dh+bT2vjrUzj8eTH3GdzI+oljt29102JIUaqj3yzRYkah8FLF9 +CLNNsUcCAwEAAaNQME4wHQYDVR0OBBYEFLQRM/HX4l73U54gIhBPhga/H8leMB8G +A1UdIwQYMBaAFI71Ja8em2uEPXyAmslTnE1y96NSMAwGA1UdEwQFMAMBAf8wDQYJ +KoZIhvcNAQELBQADggEBADnZ9uXGAdwfNC3xuERIlBwgLROeBRGgcfHWdXZB/tWk +IM9ox88wYKWynanPbra4n0zhepooKt+naeY2HLR8UgwT6sTi0Yfld9mjytA8/DP6 +AcqtIDDf60vNI00sgxjgZqofVayA9KShzIPzjBec4zI1sg5YzoSNyH28VXFstEpi +8CVtmRYQHhc2gDI9MGge4sHRYwaIFkegzpwcEUnp6tTVe9ZvHawgsXF/rCGfH4M6 +uNO0D+9Md1bdW7382yOtWbkyibsugqnfBYCUH6hAhDlfYzpba2Smb0roc6Crq7HR +5HpEYY6qEir9wFMkD5MZsWrNRGRuzd5am82J+aaHz/4wCDAGBgRVHSUA +-----END TRUSTED CERTIFICATE----- diff --git a/openssl-1.1.0h/test/certs/ca+clientAuth.pem b/openssl-1.1.0h/test/certs/ca+clientAuth.pem new file mode 100644 index 0000000..bb94007 --- /dev/null +++ b/openssl-1.1.0h/test/certs/ca+clientAuth.pem @@ -0,0 +1,18 @@ +-----BEGIN TRUSTED CERTIFICATE----- +MIIC7DCCAdSgAwIBAgIBAjANBgkqhkiG9w0BAQsFADASMRAwDgYDVQQDDAdSb290 +IENBMCAXDTE2MDExNTA4MTk0OVoYDzIxMTYwMTE2MDgxOTQ5WjANMQswCQYDVQQD +DAJDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJadpD0ASxxfxsvd +j9IxsogVzMSGLFziaYuE9KejU9+R479RifvwfBANO62sNWJ19X//9G5UjwWmkiOz +n1k50DkYsBBA3mJzik6wjt/c58lBIlSEgAgpvDU8ht8w3t20JP9+YqXAeugqFj/W +l9rFQtsvaWSRywjXVlp5fxuEQelNnXcJEKhsKTNExsBUZebo4/J1BWpklWzA9P0l +YW5INvDAAwcF1nzlEf0Y6Eot03IMNyg2MTE4hehxjdgCSci8GYnFirE/ojXqqpAc +ZGh7r2dqWgZUD1Dh+bT2vjrUzj8eTH3GdzI+oljt29102JIUaqj3yzRYkah8FLF9 +CLNNsUcCAwEAAaNQME4wHQYDVR0OBBYEFLQRM/HX4l73U54gIhBPhga/H8leMB8G +A1UdIwQYMBaAFI71Ja8em2uEPXyAmslTnE1y96NSMAwGA1UdEwQFMAMBAf8wDQYJ +KoZIhvcNAQELBQADggEBADnZ9uXGAdwfNC3xuERIlBwgLROeBRGgcfHWdXZB/tWk +IM9ox88wYKWynanPbra4n0zhepooKt+naeY2HLR8UgwT6sTi0Yfld9mjytA8/DP6 +AcqtIDDf60vNI00sgxjgZqofVayA9KShzIPzjBec4zI1sg5YzoSNyH28VXFstEpi +8CVtmRYQHhc2gDI9MGge4sHRYwaIFkegzpwcEUnp6tTVe9ZvHawgsXF/rCGfH4M6 +uNO0D+9Md1bdW7382yOtWbkyibsugqnfBYCUH6hAhDlfYzpba2Smb0roc6Crq7HR +5HpEYY6qEir9wFMkD5MZsWrNRGRuzd5am82J+aaHz/4wDDAKBggrBgEFBQcDAg== +-----END TRUSTED CERTIFICATE----- diff --git a/openssl-1.1.0h/test/certs/ca+serverAuth.pem b/openssl-1.1.0h/test/certs/ca+serverAuth.pem new file mode 100644 index 0000000..a07c777 --- /dev/null +++ b/openssl-1.1.0h/test/certs/ca+serverAuth.pem @@ -0,0 +1,18 @@ +-----BEGIN TRUSTED CERTIFICATE----- +MIIC7DCCAdSgAwIBAgIBAjANBgkqhkiG9w0BAQsFADASMRAwDgYDVQQDDAdSb290 +IENBMCAXDTE2MDExNTA4MTk0OVoYDzIxMTYwMTE2MDgxOTQ5WjANMQswCQYDVQQD +DAJDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJadpD0ASxxfxsvd +j9IxsogVzMSGLFziaYuE9KejU9+R479RifvwfBANO62sNWJ19X//9G5UjwWmkiOz +n1k50DkYsBBA3mJzik6wjt/c58lBIlSEgAgpvDU8ht8w3t20JP9+YqXAeugqFj/W +l9rFQtsvaWSRywjXVlp5fxuEQelNnXcJEKhsKTNExsBUZebo4/J1BWpklWzA9P0l +YW5INvDAAwcF1nzlEf0Y6Eot03IMNyg2MTE4hehxjdgCSci8GYnFirE/ojXqqpAc +ZGh7r2dqWgZUD1Dh+bT2vjrUzj8eTH3GdzI+oljt29102JIUaqj3yzRYkah8FLF9 +CLNNsUcCAwEAAaNQME4wHQYDVR0OBBYEFLQRM/HX4l73U54gIhBPhga/H8leMB8G +A1UdIwQYMBaAFI71Ja8em2uEPXyAmslTnE1y96NSMAwGA1UdEwQFMAMBAf8wDQYJ +KoZIhvcNAQELBQADggEBADnZ9uXGAdwfNC3xuERIlBwgLROeBRGgcfHWdXZB/tWk +IM9ox88wYKWynanPbra4n0zhepooKt+naeY2HLR8UgwT6sTi0Yfld9mjytA8/DP6 +AcqtIDDf60vNI00sgxjgZqofVayA9KShzIPzjBec4zI1sg5YzoSNyH28VXFstEpi +8CVtmRYQHhc2gDI9MGge4sHRYwaIFkegzpwcEUnp6tTVe9ZvHawgsXF/rCGfH4M6 +uNO0D+9Md1bdW7382yOtWbkyibsugqnfBYCUH6hAhDlfYzpba2Smb0roc6Crq7HR +5HpEYY6qEir9wFMkD5MZsWrNRGRuzd5am82J+aaHz/4wDDAKBggrBgEFBQcDAQ== +-----END TRUSTED CERTIFICATE----- diff --git a/openssl-1.1.0h/test/certs/ca-anyEKU.pem b/openssl-1.1.0h/test/certs/ca-anyEKU.pem new file mode 100644 index 0000000..241d7b4 --- /dev/null +++ b/openssl-1.1.0h/test/certs/ca-anyEKU.pem @@ -0,0 +1,18 @@ +-----BEGIN TRUSTED CERTIFICATE----- +MIIC7DCCAdSgAwIBAgIBAjANBgkqhkiG9w0BAQsFADASMRAwDgYDVQQDDAdSb290 +IENBMCAXDTE2MDExNTA4MTk0OVoYDzIxMTYwMTE2MDgxOTQ5WjANMQswCQYDVQQD +DAJDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJadpD0ASxxfxsvd +j9IxsogVzMSGLFziaYuE9KejU9+R479RifvwfBANO62sNWJ19X//9G5UjwWmkiOz +n1k50DkYsBBA3mJzik6wjt/c58lBIlSEgAgpvDU8ht8w3t20JP9+YqXAeugqFj/W +l9rFQtsvaWSRywjXVlp5fxuEQelNnXcJEKhsKTNExsBUZebo4/J1BWpklWzA9P0l +YW5INvDAAwcF1nzlEf0Y6Eot03IMNyg2MTE4hehxjdgCSci8GYnFirE/ojXqqpAc +ZGh7r2dqWgZUD1Dh+bT2vjrUzj8eTH3GdzI+oljt29102JIUaqj3yzRYkah8FLF9 +CLNNsUcCAwEAAaNQME4wHQYDVR0OBBYEFLQRM/HX4l73U54gIhBPhga/H8leMB8G +A1UdIwQYMBaAFI71Ja8em2uEPXyAmslTnE1y96NSMAwGA1UdEwQFMAMBAf8wDQYJ +KoZIhvcNAQELBQADggEBADnZ9uXGAdwfNC3xuERIlBwgLROeBRGgcfHWdXZB/tWk +IM9ox88wYKWynanPbra4n0zhepooKt+naeY2HLR8UgwT6sTi0Yfld9mjytA8/DP6 +AcqtIDDf60vNI00sgxjgZqofVayA9KShzIPzjBec4zI1sg5YzoSNyH28VXFstEpi +8CVtmRYQHhc2gDI9MGge4sHRYwaIFkegzpwcEUnp6tTVe9ZvHawgsXF/rCGfH4M6 +uNO0D+9Md1bdW7382yOtWbkyibsugqnfBYCUH6hAhDlfYzpba2Smb0roc6Crq7HR +5HpEYY6qEir9wFMkD5MZsWrNRGRuzd5am82J+aaHz/4wCKAGBgRVHSUA +-----END TRUSTED CERTIFICATE----- diff --git a/openssl-1.1.0h/test/certs/ca-cert-768.pem b/openssl-1.1.0h/test/certs/ca-cert-768.pem new file mode 100644 index 0000000..0c8ff29 --- /dev/null +++ b/openssl-1.1.0h/test/certs/ca-cert-768.pem @@ -0,0 +1,15 @@ +-----BEGIN CERTIFICATE----- +MIICRDCCASygAwIBAgIBAjANBgkqhkiG9w0BAQsFADASMRAwDgYDVQQDDAdSb290 +IENBMCAXDTE2MDMyMDA2MjcyN1oYDzIxMTYwMzIxMDYyNzI3WjANMQswCQYDVQQD +DAJDQTB8MA0GCSqGSIb3DQEBAQUAA2sAMGgCYQC3wNLc1A9gAjz1H94ozPrLOhE2 +R8c6RQjkUIALCOuw8xbZV+AEDSqP11Bw8MVzvmpksR9s1idJhLOugwMNTHfTXJjV +DWoQh9ofR51J5sOph4yDhQBXRmiuvqMDj+a81UkCAwEAAaNQME4wHQYDVR0OBBYE +FKrzei/LKJop6yShiJupKskW0ZQcMB8GA1UdIwQYMBaAFI71Ja8em2uEPXyAmslT +nE1y96NSMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBAFr4hjVtLuZz +gxLILAOREEtanckfnapUrhTLukog9Q8uzqMUE+YDEhkcP4YAVjcab6HaXrbcxXsn +zn+v+GPszD9G3doGbUjuwEEAHz+k/9sjsn8QAGw/XslYhd5dktaRRCqaTNiWT+Ks +xKntAsgXcgWNIpvGikzTB/W7IrjIV8/S1JjLABtoY88tFUX81Ohr3bFFsRc9EHVS +MtGnEwfoBOSlCUjaTWBNHHi1HstK9sG2SNT/nhN1HATk/aiCiQRKr/bm6ezPC2If +6mRidaNiQN8+vzvtn86BqtRJOEi8jj5CBax6IqwfE+lDZIwT7H9C9Cu8Yp4mTM0x +wwzRDnFVisM= +-----END CERTIFICATE----- diff --git a/openssl-1.1.0h/test/certs/ca-cert-768i.pem b/openssl-1.1.0h/test/certs/ca-cert-768i.pem new file mode 100644 index 0000000..acc432f --- /dev/null +++ b/openssl-1.1.0h/test/certs/ca-cert-768i.pem @@ -0,0 +1,15 @@ +-----BEGIN CERTIFICATE----- +MIICSjCCAdSgAwIBAgIBAjANBgkqhkiG9w0BAQsFADASMRAwDgYDVQQDDAdSb290 +IENBMCAXDTE2MDMyMDA2MjcyN1oYDzIxMTYwMzIxMDYyNzI3WjANMQswCQYDVQQD +DAJDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJadpD0ASxxfxsvd +j9IxsogVzMSGLFziaYuE9KejU9+R479RifvwfBANO62sNWJ19X//9G5UjwWmkiOz +n1k50DkYsBBA3mJzik6wjt/c58lBIlSEgAgpvDU8ht8w3t20JP9+YqXAeugqFj/W +l9rFQtsvaWSRywjXVlp5fxuEQelNnXcJEKhsKTNExsBUZebo4/J1BWpklWzA9P0l +YW5INvDAAwcF1nzlEf0Y6Eot03IMNyg2MTE4hehxjdgCSci8GYnFirE/ojXqqpAc +ZGh7r2dqWgZUD1Dh+bT2vjrUzj8eTH3GdzI+oljt29102JIUaqj3yzRYkah8FLF9 +CLNNsUcCAwEAAaNQME4wHQYDVR0OBBYEFLQRM/HX4l73U54gIhBPhga/H8leMB8G +A1UdIwQYMBaAFFjzE/eu8wvKwzb2aODw52C+0gLVMAwGA1UdEwQFMAMBAf8wDQYJ +KoZIhvcNAQELBQADYQCZM1sSpIyjyuGirBYvezFryUq5EyZiME3HIHJ7AbmquPtE +LcoE8lwxEYXl7OTbLZHxIKkt6+WX2TL/0yshJLq/42nh5DZwyug7fIITmkzmzidF +rbnl7fIop7OJX/kELbY= +-----END CERTIFICATE----- diff --git a/openssl-1.1.0h/test/certs/ca-cert-md5-any.pem b/openssl-1.1.0h/test/certs/ca-cert-md5-any.pem new file mode 100644 index 0000000..7c2b53f --- /dev/null +++ b/openssl-1.1.0h/test/certs/ca-cert-md5-any.pem @@ -0,0 +1,18 @@ +-----BEGIN TRUSTED CERTIFICATE----- +MIIC7DCCAdSgAwIBAgIBAjANBgkqhkiG9w0BAQQFADASMRAwDgYDVQQDDAdSb290 +IENBMCAXDTE2MDMyMDA2MjcyN1oYDzIxMTYwMzIxMDYyNzI3WjANMQswCQYDVQQD +DAJDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJadpD0ASxxfxsvd +j9IxsogVzMSGLFziaYuE9KejU9+R479RifvwfBANO62sNWJ19X//9G5UjwWmkiOz +n1k50DkYsBBA3mJzik6wjt/c58lBIlSEgAgpvDU8ht8w3t20JP9+YqXAeugqFj/W +l9rFQtsvaWSRywjXVlp5fxuEQelNnXcJEKhsKTNExsBUZebo4/J1BWpklWzA9P0l +YW5INvDAAwcF1nzlEf0Y6Eot03IMNyg2MTE4hehxjdgCSci8GYnFirE/ojXqqpAc +ZGh7r2dqWgZUD1Dh+bT2vjrUzj8eTH3GdzI+oljt29102JIUaqj3yzRYkah8FLF9 +CLNNsUcCAwEAAaNQME4wHQYDVR0OBBYEFLQRM/HX4l73U54gIhBPhga/H8leMB8G +A1UdIwQYMBaAFI71Ja8em2uEPXyAmslTnE1y96NSMAwGA1UdEwQFMAMBAf8wDQYJ +KoZIhvcNAQEEBQADggEBACTmLO0KOkXFNjj6hXozC9GzQYMXdCfNmgMuetk8xdVm +TqkF/qIGK2FBWn91IH0/9ydZbL83EKjPjqjwqzXqExJ0Un+fy7XbYMKtjGJ21egJ +x97jzKey5phEwRD/4fJ+PCml9eE/SNzBV0xKSDq4qQYvSJ3GF6KCATVlr0bDzQJZ +yTY3FeNoy+K7Mb0rHtsGru60C/Ft1dl9uiJ+yKXMiCxPcDjYb+95mA9QJ1kXfR8J +JVfeKhEEK+QIVpz/37aQ4jx/zbGblFsruALK22aLnpgrfUzrsYQ8W8T/DV2dV1ra +4wHz/QtlE4isInOaK2+pvXwyGar+1/s3+VxXEiPlZ7IwCDAGBgRVHSUA +-----END TRUSTED CERTIFICATE----- diff --git a/openssl-1.1.0h/test/certs/ca-cert-md5.pem b/openssl-1.1.0h/test/certs/ca-cert-md5.pem new file mode 100644 index 0000000..be564dd --- /dev/null +++ b/openssl-1.1.0h/test/certs/ca-cert-md5.pem @@ -0,0 +1,18 @@ +-----BEGIN CERTIFICATE----- +MIIC7DCCAdSgAwIBAgIBAjANBgkqhkiG9w0BAQQFADASMRAwDgYDVQQDDAdSb290 +IENBMCAXDTE2MDMyMDA2MjcyN1oYDzIxMTYwMzIxMDYyNzI3WjANMQswCQYDVQQD +DAJDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJadpD0ASxxfxsvd +j9IxsogVzMSGLFziaYuE9KejU9+R479RifvwfBANO62sNWJ19X//9G5UjwWmkiOz +n1k50DkYsBBA3mJzik6wjt/c58lBIlSEgAgpvDU8ht8w3t20JP9+YqXAeugqFj/W +l9rFQtsvaWSRywjXVlp5fxuEQelNnXcJEKhsKTNExsBUZebo4/J1BWpklWzA9P0l +YW5INvDAAwcF1nzlEf0Y6Eot03IMNyg2MTE4hehxjdgCSci8GYnFirE/ojXqqpAc +ZGh7r2dqWgZUD1Dh+bT2vjrUzj8eTH3GdzI+oljt29102JIUaqj3yzRYkah8FLF9 +CLNNsUcCAwEAAaNQME4wHQYDVR0OBBYEFLQRM/HX4l73U54gIhBPhga/H8leMB8G +A1UdIwQYMBaAFI71Ja8em2uEPXyAmslTnE1y96NSMAwGA1UdEwQFMAMBAf8wDQYJ +KoZIhvcNAQEEBQADggEBACTmLO0KOkXFNjj6hXozC9GzQYMXdCfNmgMuetk8xdVm +TqkF/qIGK2FBWn91IH0/9ydZbL83EKjPjqjwqzXqExJ0Un+fy7XbYMKtjGJ21egJ +x97jzKey5phEwRD/4fJ+PCml9eE/SNzBV0xKSDq4qQYvSJ3GF6KCATVlr0bDzQJZ +yTY3FeNoy+K7Mb0rHtsGru60C/Ft1dl9uiJ+yKXMiCxPcDjYb+95mA9QJ1kXfR8J +JVfeKhEEK+QIVpz/37aQ4jx/zbGblFsruALK22aLnpgrfUzrsYQ8W8T/DV2dV1ra +4wHz/QtlE4isInOaK2+pvXwyGar+1/s3+VxXEiPlZ7I= +-----END CERTIFICATE----- diff --git a/openssl-1.1.0h/test/certs/ca-cert.pem b/openssl-1.1.0h/test/certs/ca-cert.pem new file mode 100644 index 0000000..f6bc233 --- /dev/null +++ b/openssl-1.1.0h/test/certs/ca-cert.pem @@ -0,0 +1,18 @@ +-----BEGIN CERTIFICATE----- +MIIC7DCCAdSgAwIBAgIBAjANBgkqhkiG9w0BAQsFADASMRAwDgYDVQQDDAdSb290 +IENBMCAXDTE2MDExNTA4MTk0OVoYDzIxMTYwMTE2MDgxOTQ5WjANMQswCQYDVQQD +DAJDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJadpD0ASxxfxsvd +j9IxsogVzMSGLFziaYuE9KejU9+R479RifvwfBANO62sNWJ19X//9G5UjwWmkiOz +n1k50DkYsBBA3mJzik6wjt/c58lBIlSEgAgpvDU8ht8w3t20JP9+YqXAeugqFj/W +l9rFQtsvaWSRywjXVlp5fxuEQelNnXcJEKhsKTNExsBUZebo4/J1BWpklWzA9P0l +YW5INvDAAwcF1nzlEf0Y6Eot03IMNyg2MTE4hehxjdgCSci8GYnFirE/ojXqqpAc +ZGh7r2dqWgZUD1Dh+bT2vjrUzj8eTH3GdzI+oljt29102JIUaqj3yzRYkah8FLF9 +CLNNsUcCAwEAAaNQME4wHQYDVR0OBBYEFLQRM/HX4l73U54gIhBPhga/H8leMB8G +A1UdIwQYMBaAFI71Ja8em2uEPXyAmslTnE1y96NSMAwGA1UdEwQFMAMBAf8wDQYJ +KoZIhvcNAQELBQADggEBADnZ9uXGAdwfNC3xuERIlBwgLROeBRGgcfHWdXZB/tWk +IM9ox88wYKWynanPbra4n0zhepooKt+naeY2HLR8UgwT6sTi0Yfld9mjytA8/DP6 +AcqtIDDf60vNI00sgxjgZqofVayA9KShzIPzjBec4zI1sg5YzoSNyH28VXFstEpi +8CVtmRYQHhc2gDI9MGge4sHRYwaIFkegzpwcEUnp6tTVe9ZvHawgsXF/rCGfH4M6 +uNO0D+9Md1bdW7382yOtWbkyibsugqnfBYCUH6hAhDlfYzpba2Smb0roc6Crq7HR +5HpEYY6qEir9wFMkD5MZsWrNRGRuzd5am82J+aaHz/4= +-----END CERTIFICATE----- diff --git a/openssl-1.1.0h/test/certs/ca-cert2.pem b/openssl-1.1.0h/test/certs/ca-cert2.pem new file mode 100644 index 0000000..561ffb2 --- /dev/null +++ b/openssl-1.1.0h/test/certs/ca-cert2.pem @@ -0,0 +1,18 @@ +-----BEGIN CERTIFICATE----- +MIIC7DCCAdSgAwIBAgIBAjANBgkqhkiG9w0BAQsFADASMRAwDgYDVQQDDAdSb290 +IENBMCAXDTE2MDExNTA4MTk0OVoYDzIxMTYwMTE2MDgxOTQ5WjANMQswCQYDVQQD +DAJDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAOsBxQ3RD9TDABcU +Uddp+r5s2pLcA/IUN8MnH2PoemxgfJUKfWm+t0VR2mFqyiSeym1V1TkDnuhzui1Y +ftOuiN1qVs0s6xBcU0+S9vWzYIu5SFTkOgB5APYamCLfbDw3xFTQvRs55UfR+yof +T/sN6Enq6AhptqnJ/eYVX9EuLTDwV55Kptb4gv9JQs6v01aEHzJ9KGlK2zKpS9Am +E67xNkwPeXwbzDdqXgr2a+aSrZjtHUfOsV5gZwH8XPAY0kFmrwhHIJsYZInsZhFo +nil/9pMB8gHFU2EHq3LXbs4GUouQoIf+m3OmgeHCI+t7nAfQgU94FJzq+r6p4WxQ +KI7cotkCAwEAAaNQME4wHQYDVR0OBBYEFAFonW/5R1NkYk6W28NxJdMyTlCtMB8G +A1UdIwQYMBaAFI71Ja8em2uEPXyAmslTnE1y96NSMAwGA1UdEwQFMAMBAf8wDQYJ +KoZIhvcNAQELBQADggEBAJIyn7fl5QppxeRmCLhj18Ic+Nft5LMCvaOkv9HNctL+ +f1Qe2RgtdrMbHpYykXYrOI4KDt4LhLLInGjXNgV+lp8tSi/ok26wNIpwjf68bfP+ +nWNHi2Lt0Eeo9Wpq2VqdsHct98VvBXyuLysbThEJVbrLRsgvBWxdEzbf5RnwdWd5 +ZTDQyHgP1/gabl+AyvDFne101IyEA3i90NBhQ8NmSNn4ShTTrerbZSiWhy4eQEzo +PeWfUVERV28/0D4XIt/fFuF3M/0RbEgKq2wlDMCT8+W/hWmcZsdyt4xSyiGyjh9Y +ldYmdyOrlfOGVzkZ63GTOAC68SNVCXJg3cOmfEczkRw= +-----END CERTIFICATE----- diff --git a/openssl-1.1.0h/test/certs/ca-clientAuth.pem b/openssl-1.1.0h/test/certs/ca-clientAuth.pem new file mode 100644 index 0000000..838c70e --- /dev/null +++ b/openssl-1.1.0h/test/certs/ca-clientAuth.pem @@ -0,0 +1,18 @@ +-----BEGIN TRUSTED CERTIFICATE----- +MIIC7DCCAdSgAwIBAgIBAjANBgkqhkiG9w0BAQsFADASMRAwDgYDVQQDDAdSb290 +IENBMCAXDTE2MDExNTA4MTk0OVoYDzIxMTYwMTE2MDgxOTQ5WjANMQswCQYDVQQD +DAJDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJadpD0ASxxfxsvd +j9IxsogVzMSGLFziaYuE9KejU9+R479RifvwfBANO62sNWJ19X//9G5UjwWmkiOz +n1k50DkYsBBA3mJzik6wjt/c58lBIlSEgAgpvDU8ht8w3t20JP9+YqXAeugqFj/W +l9rFQtsvaWSRywjXVlp5fxuEQelNnXcJEKhsKTNExsBUZebo4/J1BWpklWzA9P0l +YW5INvDAAwcF1nzlEf0Y6Eot03IMNyg2MTE4hehxjdgCSci8GYnFirE/ojXqqpAc +ZGh7r2dqWgZUD1Dh+bT2vjrUzj8eTH3GdzI+oljt29102JIUaqj3yzRYkah8FLF9 +CLNNsUcCAwEAAaNQME4wHQYDVR0OBBYEFLQRM/HX4l73U54gIhBPhga/H8leMB8G +A1UdIwQYMBaAFI71Ja8em2uEPXyAmslTnE1y96NSMAwGA1UdEwQFMAMBAf8wDQYJ +KoZIhvcNAQELBQADggEBADnZ9uXGAdwfNC3xuERIlBwgLROeBRGgcfHWdXZB/tWk +IM9ox88wYKWynanPbra4n0zhepooKt+naeY2HLR8UgwT6sTi0Yfld9mjytA8/DP6 +AcqtIDDf60vNI00sgxjgZqofVayA9KShzIPzjBec4zI1sg5YzoSNyH28VXFstEpi +8CVtmRYQHhc2gDI9MGge4sHRYwaIFkegzpwcEUnp6tTVe9ZvHawgsXF/rCGfH4M6 +uNO0D+9Md1bdW7382yOtWbkyibsugqnfBYCUH6hAhDlfYzpba2Smb0roc6Crq7HR +5HpEYY6qEir9wFMkD5MZsWrNRGRuzd5am82J+aaHz/4wDKAKBggrBgEFBQcDAg== +-----END TRUSTED CERTIFICATE----- diff --git a/openssl-1.1.0h/test/certs/ca-expired.pem b/openssl-1.1.0h/test/certs/ca-expired.pem new file mode 100644 index 0000000..5be60fa --- /dev/null +++ b/openssl-1.1.0h/test/certs/ca-expired.pem @@ -0,0 +1,18 @@ +-----BEGIN CERTIFICATE----- +MIIC6jCCAdKgAwIBAgIBAjANBgkqhkiG9w0BAQsFADASMRAwDgYDVQQDDAdSb290 +IENBMB4XDTE2MDExNTA4MTk0OVoXDTE2MDExNDA4MTk0OVowDTELMAkGA1UEAwwC +Q0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCWnaQ9AEscX8bL3Y/S +MbKIFczEhixc4mmLhPSno1PfkeO/UYn78HwQDTutrDVidfV///RuVI8FppIjs59Z +OdA5GLAQQN5ic4pOsI7f3OfJQSJUhIAIKbw1PIbfMN7dtCT/fmKlwHroKhY/1pfa +xULbL2lkkcsI11ZaeX8bhEHpTZ13CRCobCkzRMbAVGXm6OPydQVqZJVswPT9JWFu +SDbwwAMHBdZ85RH9GOhKLdNyDDcoNjExOIXocY3YAknIvBmJxYqxP6I16qqQHGRo +e69naloGVA9Q4fm09r461M4/Hkx9xncyPqJY7dvddNiSFGqo98s0WJGofBSxfQiz +TbFHAgMBAAGjUDBOMB0GA1UdDgQWBBS0ETPx1+Je91OeICIQT4YGvx/JXjAfBgNV +HSMEGDAWgBSO9SWvHptrhD18gJrJU5xNcvejUjAMBgNVHRMEBTADAQH/MA0GCSqG +SIb3DQEBCwUAA4IBAQAW1MwF8Rfcgj6zHutqzzt7RQB5GT1b/vJNzgUyGTRK9kch +HOw7rM9WpfP1cMEjhLwGJEZkHPb0DA8rZ4uFERuoZky04/vTum0GgLXmlnSTaAk5 +ImJyJn9aFR+sbD6QyfkSmQk9yS48AHom62IfA9yVwQStq3HvI038oVEb2IO5TE+L +CTX8dVFl4ZgYMVWTLYGzvECCvM42enR9QT0yp+9k8dZ9DcGzknZouoDd1BC2u05V +TJIviKNZMA/UEsON5QL02h25r1YRNlegeC4zl1DbJXXhJfDiacMZD7AA6NWMdwlk +7jDeEHIItT7V/x0NWllSqSPPZIsuyuuwFNmLZHfw +-----END CERTIFICATE----- diff --git a/openssl-1.1.0h/test/certs/ca-key-768.pem b/openssl-1.1.0h/test/certs/ca-key-768.pem new file mode 100644 index 0000000..7aea5ed --- /dev/null +++ b/openssl-1.1.0h/test/certs/ca-key-768.pem @@ -0,0 +1,13 @@ +-----BEGIN PRIVATE KEY----- +MIIB5QIBADANBgkqhkiG9w0BAQEFAASCAc8wggHLAgEAAmEAt8DS3NQPYAI89R/e +KMz6yzoRNkfHOkUI5FCACwjrsPMW2VfgBA0qj9dQcPDFc75qZLEfbNYnSYSzroMD +DUx301yY1Q1qEIfaH0edSebDqYeMg4UAV0Zorr6jA4/mvNVJAgMBAAECYQCJAsu3 +QJ9eNQ0CsQpTXdO6aMegs5CHkCX7J1Lx52rl+7uTv4QXQUH1EtS2AbEYhmdGzMFN +ZlBrg1vDsW/yn02NZzvT6xT/kvzFhQVw1i8B0YyB8wPao3f2ZxPkAfeoAAECMQDa +6VkNYlHgPOlTtwU1WYUirFczpipQsuk/lIf7B3+rVRUHoAE4nbeIRJgkKZaJEAEC +MQDW4pYsyN79HEqFpOFlfsrERw3y4hLRXGeHxbfJFdAe7SUfNj28ZI2EPFE0DJhX +RUkCMA39M2+jhM/rlI2A+Jg8LEHW+YuXZsTZagZiG35zMDlmqn1eQDW5/mx61a4Z +6kDAAQIwIlbZWtTK1bX0rsC3iEmny4/zSbIZAb37iXXuNcM3nAmXmhJH8Vg8STp+ +W4v7uE6JAjEAwiB9wCVwG4UhvKNQ4Wd2mfJiKZQNF4rL4ID0g+Wk6kX67c7u2hfH +sSaluw9nM91s +-----END PRIVATE KEY----- diff --git a/openssl-1.1.0h/test/certs/ca-key.pem b/openssl-1.1.0h/test/certs/ca-key.pem new file mode 100644 index 0000000..d84dcd2 --- /dev/null +++ b/openssl-1.1.0h/test/certs/ca-key.pem @@ -0,0 +1,28 @@ +-----BEGIN PRIVATE KEY----- +MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQCWnaQ9AEscX8bL +3Y/SMbKIFczEhixc4mmLhPSno1PfkeO/UYn78HwQDTutrDVidfV///RuVI8FppIj +s59ZOdA5GLAQQN5ic4pOsI7f3OfJQSJUhIAIKbw1PIbfMN7dtCT/fmKlwHroKhY/ +1pfaxULbL2lkkcsI11ZaeX8bhEHpTZ13CRCobCkzRMbAVGXm6OPydQVqZJVswPT9 +JWFuSDbwwAMHBdZ85RH9GOhKLdNyDDcoNjExOIXocY3YAknIvBmJxYqxP6I16qqQ +HGRoe69naloGVA9Q4fm09r461M4/Hkx9xncyPqJY7dvddNiSFGqo98s0WJGofBSx +fQizTbFHAgMBAAECggEABdXHpiFbx5aiUgWca81HGGSX0UlNcK/I3QHipJf8SN4T +D7dt/Be+BrUsibbxPoZJY5Mb+iZGgDaK1N1BoChQO9YMBCUvOGs3gYLvlhat2Csw +1Etp1mcfhoR4yS7Qg5BWGpvf4IILgPEYeZKrwWsBAxLcJ2xKjGYjT1ADr6I5F3u+ +FYN+bvlXxr07GccfS+UHt04oT0dHwxQzFaJj+yqKWGo2IFtPqtr6Sgoh9a+yFYIi +8a9MigTTt+IyJ55OuC/FHRf1PofprftADFts78k43qxWtrxSrQVdlNXp1lpZOtuR +7gvB/r3a2byDYxCxYVu98tQuOfW909TdDgPmEJjcAQKBgQDHcTYi+zcGKooN3tfK +Oc6hnFXAYTNpYp074NfIYB8i10CwbvWta1FDoi3iRqlQFwg+pu12UefZsj21F+aF +v2eGP33kQ6yiXJQ3j7jam7dY+tZ6xb0dthm+X/INuHp/HbSb1qKFmSO2rmMDQg+e +Crqts9+t5Xk04ewTgpySLZjvRwKBgQDBU85Ls3s8osre5EmVBRd5qBt6ILnjtdoa +UxrrrWopRx2q3HsI41VhKFx0PGs6ia0c6+9GFR6wX/Qevj85DADbzHDA5XEZq98q +8yH4lme2Uj2gOlWqyhDeC/g4S+MsbNoIaUOZbMGg/phyAe20HvtvD7MUhZ/2rkta +U5UjFpouAQKBgQC/+vU+tQ0hTV94vJKBoiWKIX/V4HrprbhmxCdSRVyTYBpv+09X +8J7X+MwsLRKb+p/AF1UreOox/sYxhOEsy7MuYf2f9Zi+7VjrJtis7gmOiF5e7er+ +J6UeQSMyG+smY4TQIcptyZy8I59Bqpx36CIMRMJClUqYIgTqPubSOzwkzwKBgENB +9LNBbc5alFmW8kJ10wTwBx8l44Xk7kvaPbNgUV6q7xdSPTuKW1nBwOhvXJ6w5xj4 +u/WVw2d4+mT3qucd1e6h4Vg6em6D7M/0Zg0lxk8XrXjg0ozoX5XgdCqhvBboh7IF +bQ8jVvm7mS2QnjHb1X196L9q/YvEd1KlYW0jn+ABAoGBAKwArjjmr3zRhJurujA5 +x/+V28hUf8m8P2NxP5ALaDZagdaMfzjGZo3O3wDv33Cds0P5GMGQYnRXDxcZN/2L +/453f0uUObRwFepuv9HzuvPgkTRGpcLFiIHCThiKdyBgPKoq39qjbAyWQcfmW8+S +2k24wuH7oUtLlvf05p4cqfEx +-----END PRIVATE KEY----- diff --git a/openssl-1.1.0h/test/certs/ca-key2.pem b/openssl-1.1.0h/test/certs/ca-key2.pem new file mode 100644 index 0000000..6ddf16f --- /dev/null +++ b/openssl-1.1.0h/test/certs/ca-key2.pem @@ -0,0 +1,28 @@ +-----BEGIN PRIVATE KEY----- +MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQDrAcUN0Q/UwwAX +FFHXafq+bNqS3APyFDfDJx9j6HpsYHyVCn1pvrdFUdphasoknsptVdU5A57oc7ot +WH7TrojdalbNLOsQXFNPkvb1s2CLuUhU5DoAeQD2Gpgi32w8N8RU0L0bOeVH0fsq +H0/7DehJ6ugIabapyf3mFV/RLi0w8FeeSqbW+IL/SULOr9NWhB8yfShpStsyqUvQ +JhOu8TZMD3l8G8w3al4K9mvmkq2Y7R1HzrFeYGcB/FzwGNJBZq8IRyCbGGSJ7GYR +aJ4pf/aTAfIBxVNhB6ty127OBlKLkKCH/ptzpoHhwiPre5wH0IFPeBSc6vq+qeFs +UCiO3KLZAgMBAAECggEAWrrGLz1llUjrwf1QU5BRBC/WexiCVXXEyY1TKylYCnt9 +3bS9EpRVAWhGnZGzFUxQ7sFSnr5tHWWAnX0rCeK6aHFjrbcH0bszVudwfQ+R2J/h +8xRh6EjPPDSsQ9pqWR1WqUAloltJz96bz3ljUZPe+Jq+lnDp2sdnROs/oOzo+Zkz +ZkesMwX+aR9prRhnT60A0UeQXZyDJFrWMCVnaeO3JUI5RvjZ3xdEgi5jj4AiNUvH +x1k/CApynTvJN4LTFncc6qfnyNH/BU0521WKOcTVCI7tWioRIhiX369xR9qqgRfL +woifc3UjW1f66eMRTsIeh+smcoG4WkHvmpknVDG74QKBgQD7lOtCRMZr9gKIEWNy +pwm1sMS91zuJnaVLEHjIc6Glc9TqDlZOGp5KcAgXA8Tm7TblQXJ+QlGjX6RBdRD6 +XTHbQcyCJ/5rUU+2a6BBga++moBp2ugLSjc/YSTpzVTRC9+Lw1dZ5czrn3exozQj +1/jxdOUVToOomwhpGHoXxVqv3QKBgQDvIlUbvHxrwE8EmBWYjhYZeOTREmzhWNCo +6p7zibZPvKyfZxzXSonJ+T1k/pxNlkMg3SuhZozOCdhQtQupauRlrQ4Hzw3Vc6gr +Dv5Qew/UwxB02zWjG2PhAfDV1KQgZAwC1g1TCWwqQcV52g5p0kdUgKaPte1P336l +YvwmTduNLQKBgQDutNsQEr+OWmsGfjE07Sb6XRIf6qOULJ9UfPmNgKGkoiYoOphL +HViJ2ojihXIDhppqplGjWPurHylz7kbAt0KB/om0CYyOeSVAOhhhb1K4cFJdnhZD ++BQ5r8vdhzTt8O0X6K3uH2vzOWjRhMAJLngHalmegNPNW+R8C3x1J42nhQKBgF9s +q9mtlVjKHL4Qkk2WJWt0uppTZ+9kqZ8+QL+eLIoVGC1j0DZ5IBLgyocKswSi+Zab +q1V0vqtZcmCCXmz0or+QFxE2pqaOyISmLwWeleqpDGAVOYok2+5l/9zURcpHIiPf +luGT2P3j0RGW2jmQF7a4v76JMnG1FayZm1UNrJbhAoGAGM8s9YbDW2+DaTbbSQbg +IBmT+8MLjVczRUmv5Yi8y4z/aEGjsM7032LjFRiR1PUTeAnkKLnII5rdbEo96UDb +OMv8SAH3G4lhfS+lq2TSy+XjlAAIOkiI9xW6Xo/KakIOepDzORzY74ayrxqjiyQv +uchNPF6GhCMnLZC9AxZs4Fg= +-----END PRIVATE KEY----- diff --git a/openssl-1.1.0h/test/certs/ca-name2.pem b/openssl-1.1.0h/test/certs/ca-name2.pem new file mode 100644 index 0000000..b8bbc80 --- /dev/null +++ b/openssl-1.1.0h/test/certs/ca-name2.pem @@ -0,0 +1,18 @@ +-----BEGIN CERTIFICATE----- +MIIC7TCCAdWgAwIBAgIBAjANBgkqhkiG9w0BAQsFADASMRAwDgYDVQQDDAdSb290 +IENBMCAXDTE2MDExNTA4MTk0OVoYDzIxMTYwMTE2MDgxOTQ5WjAOMQwwCgYDVQQD +DANDQTIwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCWnaQ9AEscX8bL +3Y/SMbKIFczEhixc4mmLhPSno1PfkeO/UYn78HwQDTutrDVidfV///RuVI8FppIj +s59ZOdA5GLAQQN5ic4pOsI7f3OfJQSJUhIAIKbw1PIbfMN7dtCT/fmKlwHroKhY/ +1pfaxULbL2lkkcsI11ZaeX8bhEHpTZ13CRCobCkzRMbAVGXm6OPydQVqZJVswPT9 +JWFuSDbwwAMHBdZ85RH9GOhKLdNyDDcoNjExOIXocY3YAknIvBmJxYqxP6I16qqQ +HGRoe69naloGVA9Q4fm09r461M4/Hkx9xncyPqJY7dvddNiSFGqo98s0WJGofBSx +fQizTbFHAgMBAAGjUDBOMB0GA1UdDgQWBBS0ETPx1+Je91OeICIQT4YGvx/JXjAf +BgNVHSMEGDAWgBSO9SWvHptrhD18gJrJU5xNcvejUjAMBgNVHRMEBTADAQH/MA0G +CSqGSIb3DQEBCwUAA4IBAQCnVQGsqB3UipgBdwnxQMQJxaeo6MUdBs0gc3rFg2e9 +EFoDE92/hX+Ze7YRji6GRDzmRDd/i5gLgn6tMtJZzPPV6pzFsDZ0mB1pHJrObB+q +nZVjRFpGFcIm1epXjYRssCQepu92DR7ReSsLqFDSmBROAKfYvt3hdN34W8rp5Gnb +2kxm5F+dJrtDIs0C/3hItBkBmZ69KHqSWq5lmBY7K1cpKU6enZFgJEZ+w3pqAPBI +jrbxER2qdr4g80hzT9g+YPIlI+PfkGf5jmClugpsJ7ptXEdW1LsdEyZgd2VUZymw +rcIp4tupJNvgLC18ZcYcyQ6jMPZOfhfGpNlqZ37jI7Yu +-----END CERTIFICATE----- diff --git a/openssl-1.1.0h/test/certs/ca-nonbc.pem b/openssl-1.1.0h/test/certs/ca-nonbc.pem new file mode 100644 index 0000000..013775b --- /dev/null +++ b/openssl-1.1.0h/test/certs/ca-nonbc.pem @@ -0,0 +1,18 @@ +-----BEGIN CERTIFICATE----- +MIIC6zCCAdOgAwIBAgIBAjANBgkqhkiG9w0BAQsFADASMRAwDgYDVQQDDAdSb290 +IENBMCAXDTE2MDMzMDAwMDE1N1oYDzIxMTYwMzMxMDAwMTU3WjANMQswCQYDVQQD +DAJDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJadpD0ASxxfxsvd +j9IxsogVzMSGLFziaYuE9KejU9+R479RifvwfBANO62sNWJ19X//9G5UjwWmkiOz +n1k50DkYsBBA3mJzik6wjt/c58lBIlSEgAgpvDU8ht8w3t20JP9+YqXAeugqFj/W +l9rFQtsvaWSRywjXVlp5fxuEQelNnXcJEKhsKTNExsBUZebo4/J1BWpklWzA9P0l +YW5INvDAAwcF1nzlEf0Y6Eot03IMNyg2MTE4hehxjdgCSci8GYnFirE/ojXqqpAc +ZGh7r2dqWgZUD1Dh+bT2vjrUzj8eTH3GdzI+oljt29102JIUaqj3yzRYkah8FLF9 +CLNNsUcCAwEAAaNPME0wHQYDVR0OBBYEFLQRM/HX4l73U54gIhBPhga/H8leMB8G +A1UdIwQYMBaAFI71Ja8em2uEPXyAmslTnE1y96NSMAsGA1UdDwQEAwIBBjANBgkq +hkiG9w0BAQsFAAOCAQEAPo7bKKFLbwT3x7dw+OPZMDxwyG1pk5x+5SD7iv45mOzS +5lZ2ByaOH+jnjTfG6beNmTCbfq6RcHqTvD6LXYex5z9KliIL9Fpwh507uGDXmKDN +lM0zmbYhXiWGRwP5NkbB/EppbiSk42l5/ky4gmCH/a9kQfiBW+Gwe3aBwRX6v+5p +BLwH12YrM46DdEL4RHd2H/9rjSaX4X3aaZd9kZsf/yaOU65iQX15cNDfxkKncYQK +K+xjT2S/NLcwslkPzQLCWeWZVBV4Vd+TEjjZA1tFpu5e1oNlJYvGbqjIuUurpoxv +IhsVUfWJEf7KjpFy+kgPyijNYRUBFrMspdb6x771RQ== +-----END CERTIFICATE----- diff --git a/openssl-1.1.0h/test/certs/ca-nonca.pem b/openssl-1.1.0h/test/certs/ca-nonca.pem new file mode 100644 index 0000000..cdb2cd1 --- /dev/null +++ b/openssl-1.1.0h/test/certs/ca-nonca.pem @@ -0,0 +1,19 @@ +-----BEGIN CERTIFICATE----- +MIIDDTCCAfWgAwIBAgIBAjANBgkqhkiG9w0BAQsFADASMRAwDgYDVQQDDAdSb290 +IENBMCAXDTE2MDExNTA4MTk0OVoYDzIxMTYwMTE2MDgxOTQ5WjANMQswCQYDVQQD +DAJDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJadpD0ASxxfxsvd +j9IxsogVzMSGLFziaYuE9KejU9+R479RifvwfBANO62sNWJ19X//9G5UjwWmkiOz +n1k50DkYsBBA3mJzik6wjt/c58lBIlSEgAgpvDU8ht8w3t20JP9+YqXAeugqFj/W +l9rFQtsvaWSRywjXVlp5fxuEQelNnXcJEKhsKTNExsBUZebo4/J1BWpklWzA9P0l +YW5INvDAAwcF1nzlEf0Y6Eot03IMNyg2MTE4hehxjdgCSci8GYnFirE/ojXqqpAc +ZGh7r2dqWgZUD1Dh+bT2vjrUzj8eTH3GdzI+oljt29102JIUaqj3yzRYkah8FLF9 +CLNNsUcCAwEAAaNxMG8wHQYDVR0OBBYEFLQRM/HX4l73U54gIhBPhga/H8leMB8G +A1UdIwQYMBaAFI71Ja8em2uEPXyAmslTnE1y96NSMAkGA1UdEwQCMAAwEwYDVR0l +BAwwCgYIKwYBBQUHAwEwDQYDVR0RBAYwBIICQ0EwDQYJKoZIhvcNAQELBQADggEB +AL/aEy4Nk2W2UQNi/0h9MLkiq4J5IkjUocJp4grPUsdUJKu68GFYgWnJSBZjKMhs +X390IUWrRJ8C7SJtyGOhbh2E6Zn7TveI77Mnw2CZpGhy+xieqTFmaIIWJgZVzaTT +3hMhnXImn06k8eJiJiQQAHKr9XKDK9HIiESyBpujIW5hI7wrklkn0asl6DwiXcUw +AuXqNffWpomWI4ZZceOJkr5dSFM9HyksQi4uzj0qYTDyDHJ6BLuGYWbUoB64pnKF +wCn0cPOmbo866l0XqzJlxQYPvwOicAptX8jTjSpYsx5SLripS4KwyfxbGy5If8mT +X4st+BN48+n9wHuDQJ97sBs= +-----END CERTIFICATE----- diff --git a/openssl-1.1.0h/test/certs/ca-root2.pem b/openssl-1.1.0h/test/certs/ca-root2.pem new file mode 100644 index 0000000..28d9854 --- /dev/null +++ b/openssl-1.1.0h/test/certs/ca-root2.pem @@ -0,0 +1,18 @@ +-----BEGIN CERTIFICATE----- +MIIC7DCCAdSgAwIBAgIBAjANBgkqhkiG9w0BAQsFADASMRAwDgYDVQQDDAdSb290 +IENBMCAXDTE2MDExNTA4MTk0OVoYDzIxMTYwMTE2MDgxOTQ5WjANMQswCQYDVQQD +DAJDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJadpD0ASxxfxsvd +j9IxsogVzMSGLFziaYuE9KejU9+R479RifvwfBANO62sNWJ19X//9G5UjwWmkiOz +n1k50DkYsBBA3mJzik6wjt/c58lBIlSEgAgpvDU8ht8w3t20JP9+YqXAeugqFj/W +l9rFQtsvaWSRywjXVlp5fxuEQelNnXcJEKhsKTNExsBUZebo4/J1BWpklWzA9P0l +YW5INvDAAwcF1nzlEf0Y6Eot03IMNyg2MTE4hehxjdgCSci8GYnFirE/ojXqqpAc +ZGh7r2dqWgZUD1Dh+bT2vjrUzj8eTH3GdzI+oljt29102JIUaqj3yzRYkah8FLF9 +CLNNsUcCAwEAAaNQME4wHQYDVR0OBBYEFLQRM/HX4l73U54gIhBPhga/H8leMB8G +A1UdIwQYMBaAFJzOZkIwqxwIJl9zGW3fD6euWFIeMAwGA1UdEwQFMAMBAf8wDQYJ +KoZIhvcNAQELBQADggEBAEqhb/i7hTJ9l/UdLm9fgm4QYmNb1OMWyCU84y5QI/Rj +uHueaHLy6zEWHTavz9m4VcQpu8hblxFG+4CWWr92QjSYwTsyi578k7Ju5jNzvZQ5 +RnVAL+eeaTVa/7mazmqYzOHgyE4IpljX1MOd0QDpUjRGuNLoWfKXeXn7ul44r3ry +1hDMwmc3SS3XMzJ9Wl6k5SjKObbkMc8e0WjhhAwGjw3lODa5nj2xGf6W/Ikr/XTp +pnVjYsm+jxHoj+qmMgmXa1h11wdFCPUl15V1qq4R4rcS5zR8YxKUGZRo1R839geW +w4G8ytKRsapdFi165mOXZUumyHpJ8i43SEvYlcJux0I= +-----END CERTIFICATE----- diff --git a/openssl-1.1.0h/test/certs/ca-serverAuth.pem b/openssl-1.1.0h/test/certs/ca-serverAuth.pem new file mode 100644 index 0000000..f10155d --- /dev/null +++ b/openssl-1.1.0h/test/certs/ca-serverAuth.pem @@ -0,0 +1,18 @@ +-----BEGIN TRUSTED CERTIFICATE----- +MIIC7DCCAdSgAwIBAgIBAjANBgkqhkiG9w0BAQsFADASMRAwDgYDVQQDDAdSb290 +IENBMCAXDTE2MDExNTA4MTk0OVoYDzIxMTYwMTE2MDgxOTQ5WjANMQswCQYDVQQD +DAJDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJadpD0ASxxfxsvd +j9IxsogVzMSGLFziaYuE9KejU9+R479RifvwfBANO62sNWJ19X//9G5UjwWmkiOz +n1k50DkYsBBA3mJzik6wjt/c58lBIlSEgAgpvDU8ht8w3t20JP9+YqXAeugqFj/W +l9rFQtsvaWSRywjXVlp5fxuEQelNnXcJEKhsKTNExsBUZebo4/J1BWpklWzA9P0l +YW5INvDAAwcF1nzlEf0Y6Eot03IMNyg2MTE4hehxjdgCSci8GYnFirE/ojXqqpAc +ZGh7r2dqWgZUD1Dh+bT2vjrUzj8eTH3GdzI+oljt29102JIUaqj3yzRYkah8FLF9 +CLNNsUcCAwEAAaNQME4wHQYDVR0OBBYEFLQRM/HX4l73U54gIhBPhga/H8leMB8G +A1UdIwQYMBaAFI71Ja8em2uEPXyAmslTnE1y96NSMAwGA1UdEwQFMAMBAf8wDQYJ +KoZIhvcNAQELBQADggEBADnZ9uXGAdwfNC3xuERIlBwgLROeBRGgcfHWdXZB/tWk +IM9ox88wYKWynanPbra4n0zhepooKt+naeY2HLR8UgwT6sTi0Yfld9mjytA8/DP6 +AcqtIDDf60vNI00sgxjgZqofVayA9KShzIPzjBec4zI1sg5YzoSNyH28VXFstEpi +8CVtmRYQHhc2gDI9MGge4sHRYwaIFkegzpwcEUnp6tTVe9ZvHawgsXF/rCGfH4M6 +uNO0D+9Md1bdW7382yOtWbkyibsugqnfBYCUH6hAhDlfYzpba2Smb0roc6Crq7HR +5HpEYY6qEir9wFMkD5MZsWrNRGRuzd5am82J+aaHz/4wDKAKBggrBgEFBQcDAQ== +-----END TRUSTED CERTIFICATE----- diff --git a/openssl-1.1.0h/test/certs/cca+anyEKU.pem b/openssl-1.1.0h/test/certs/cca+anyEKU.pem new file mode 100644 index 0000000..46ee9fa --- /dev/null +++ b/openssl-1.1.0h/test/certs/cca+anyEKU.pem @@ -0,0 +1,19 @@ +-----BEGIN TRUSTED CERTIFICATE----- +MIIDATCCAemgAwIBAgIBAjANBgkqhkiG9w0BAQsFADASMRAwDgYDVQQDDAdSb290 +IENBMCAXDTE2MDEyOTA0NDc0NloYDzIxMTYwMTMwMDQ0NzQ2WjANMQswCQYDVQQD +DAJDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJadpD0ASxxfxsvd +j9IxsogVzMSGLFziaYuE9KejU9+R479RifvwfBANO62sNWJ19X//9G5UjwWmkiOz +n1k50DkYsBBA3mJzik6wjt/c58lBIlSEgAgpvDU8ht8w3t20JP9+YqXAeugqFj/W +l9rFQtsvaWSRywjXVlp5fxuEQelNnXcJEKhsKTNExsBUZebo4/J1BWpklWzA9P0l +YW5INvDAAwcF1nzlEf0Y6Eot03IMNyg2MTE4hehxjdgCSci8GYnFirE/ojXqqpAc +ZGh7r2dqWgZUD1Dh+bT2vjrUzj8eTH3GdzI+oljt29102JIUaqj3yzRYkah8FLF9 +CLNNsUcCAwEAAaNlMGMwHQYDVR0OBBYEFLQRM/HX4l73U54gIhBPhga/H8leMB8G +A1UdIwQYMBaAFI71Ja8em2uEPXyAmslTnE1y96NSMAwGA1UdEwQFMAMBAf8wEwYD +VR0lBAwwCgYIKwYBBQUHAwIwDQYJKoZIhvcNAQELBQADggEBAB6mihrap7ByLl3w +P/0XsqMvOkxCxoWTeI0cEwbxSpUXfMTE24oIQJiqIyHO6qeSRgSywk/DTU0uJWOB +Idr6dPI6wPrS4jvFqcgoFH1OPjAJCpl5CuCJEH8gB3LJ4dNfj+O7shT0XeI+R1vw +gp+fJ8v6jX4y8Nk/Bcy748dC1HZhMWHxQblzjRu8Xmd6lDiMskoWE2JAwgRK7b3M +dCpuTCHMTsdCspwBUvQ4gNYNP5IURE+09DBtEBQicN/1RHyRZOw7YGs5ZOdc5mRe +O5E+WHE1xiJ0QwUu2co55PFlukidWXx7LE02foNaNm+rw4OUTrzsqmmgkp1qqAab +ap/RSXgwCDAGBgRVHSUA +-----END TRUSTED CERTIFICATE----- diff --git a/openssl-1.1.0h/test/certs/cca+clientAuth.pem b/openssl-1.1.0h/test/certs/cca+clientAuth.pem new file mode 100644 index 0000000..0b857ee --- /dev/null +++ b/openssl-1.1.0h/test/certs/cca+clientAuth.pem @@ -0,0 +1,19 @@ +-----BEGIN TRUSTED CERTIFICATE----- +MIIDATCCAemgAwIBAgIBAjANBgkqhkiG9w0BAQsFADASMRAwDgYDVQQDDAdSb290 +IENBMCAXDTE2MDEyOTA0NDc0NloYDzIxMTYwMTMwMDQ0NzQ2WjANMQswCQYDVQQD +DAJDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJadpD0ASxxfxsvd +j9IxsogVzMSGLFziaYuE9KejU9+R479RifvwfBANO62sNWJ19X//9G5UjwWmkiOz +n1k50DkYsBBA3mJzik6wjt/c58lBIlSEgAgpvDU8ht8w3t20JP9+YqXAeugqFj/W +l9rFQtsvaWSRywjXVlp5fxuEQelNnXcJEKhsKTNExsBUZebo4/J1BWpklWzA9P0l +YW5INvDAAwcF1nzlEf0Y6Eot03IMNyg2MTE4hehxjdgCSci8GYnFirE/ojXqqpAc +ZGh7r2dqWgZUD1Dh+bT2vjrUzj8eTH3GdzI+oljt29102JIUaqj3yzRYkah8FLF9 +CLNNsUcCAwEAAaNlMGMwHQYDVR0OBBYEFLQRM/HX4l73U54gIhBPhga/H8leMB8G +A1UdIwQYMBaAFI71Ja8em2uEPXyAmslTnE1y96NSMAwGA1UdEwQFMAMBAf8wEwYD +VR0lBAwwCgYIKwYBBQUHAwIwDQYJKoZIhvcNAQELBQADggEBAB6mihrap7ByLl3w +P/0XsqMvOkxCxoWTeI0cEwbxSpUXfMTE24oIQJiqIyHO6qeSRgSywk/DTU0uJWOB +Idr6dPI6wPrS4jvFqcgoFH1OPjAJCpl5CuCJEH8gB3LJ4dNfj+O7shT0XeI+R1vw +gp+fJ8v6jX4y8Nk/Bcy748dC1HZhMWHxQblzjRu8Xmd6lDiMskoWE2JAwgRK7b3M +dCpuTCHMTsdCspwBUvQ4gNYNP5IURE+09DBtEBQicN/1RHyRZOw7YGs5ZOdc5mRe +O5E+WHE1xiJ0QwUu2co55PFlukidWXx7LE02foNaNm+rw4OUTrzsqmmgkp1qqAab +ap/RSXgwDDAKBggrBgEFBQcDAg== +-----END TRUSTED CERTIFICATE----- diff --git a/openssl-1.1.0h/test/certs/cca+serverAuth.pem b/openssl-1.1.0h/test/certs/cca+serverAuth.pem new file mode 100644 index 0000000..38a0bdb --- /dev/null +++ b/openssl-1.1.0h/test/certs/cca+serverAuth.pem @@ -0,0 +1,19 @@ +-----BEGIN TRUSTED CERTIFICATE----- +MIIDATCCAemgAwIBAgIBAjANBgkqhkiG9w0BAQsFADASMRAwDgYDVQQDDAdSb290 +IENBMCAXDTE2MDEyOTA0NDc0NloYDzIxMTYwMTMwMDQ0NzQ2WjANMQswCQYDVQQD +DAJDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJadpD0ASxxfxsvd +j9IxsogVzMSGLFziaYuE9KejU9+R479RifvwfBANO62sNWJ19X//9G5UjwWmkiOz +n1k50DkYsBBA3mJzik6wjt/c58lBIlSEgAgpvDU8ht8w3t20JP9+YqXAeugqFj/W +l9rFQtsvaWSRywjXVlp5fxuEQelNnXcJEKhsKTNExsBUZebo4/J1BWpklWzA9P0l +YW5INvDAAwcF1nzlEf0Y6Eot03IMNyg2MTE4hehxjdgCSci8GYnFirE/ojXqqpAc +ZGh7r2dqWgZUD1Dh+bT2vjrUzj8eTH3GdzI+oljt29102JIUaqj3yzRYkah8FLF9 +CLNNsUcCAwEAAaNlMGMwHQYDVR0OBBYEFLQRM/HX4l73U54gIhBPhga/H8leMB8G +A1UdIwQYMBaAFI71Ja8em2uEPXyAmslTnE1y96NSMAwGA1UdEwQFMAMBAf8wEwYD +VR0lBAwwCgYIKwYBBQUHAwIwDQYJKoZIhvcNAQELBQADggEBAB6mihrap7ByLl3w +P/0XsqMvOkxCxoWTeI0cEwbxSpUXfMTE24oIQJiqIyHO6qeSRgSywk/DTU0uJWOB +Idr6dPI6wPrS4jvFqcgoFH1OPjAJCpl5CuCJEH8gB3LJ4dNfj+O7shT0XeI+R1vw +gp+fJ8v6jX4y8Nk/Bcy748dC1HZhMWHxQblzjRu8Xmd6lDiMskoWE2JAwgRK7b3M +dCpuTCHMTsdCspwBUvQ4gNYNP5IURE+09DBtEBQicN/1RHyRZOw7YGs5ZOdc5mRe +O5E+WHE1xiJ0QwUu2co55PFlukidWXx7LE02foNaNm+rw4OUTrzsqmmgkp1qqAab +ap/RSXgwDDAKBggrBgEFBQcDAQ== +-----END TRUSTED CERTIFICATE----- diff --git a/openssl-1.1.0h/test/certs/cca-anyEKU.pem b/openssl-1.1.0h/test/certs/cca-anyEKU.pem new file mode 100644 index 0000000..cb3e708 --- /dev/null +++ b/openssl-1.1.0h/test/certs/cca-anyEKU.pem @@ -0,0 +1,19 @@ +-----BEGIN TRUSTED CERTIFICATE----- +MIIDATCCAemgAwIBAgIBAjANBgkqhkiG9w0BAQsFADASMRAwDgYDVQQDDAdSb290 +IENBMCAXDTE2MDEyOTA0NDc0NloYDzIxMTYwMTMwMDQ0NzQ2WjANMQswCQYDVQQD +DAJDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJadpD0ASxxfxsvd +j9IxsogVzMSGLFziaYuE9KejU9+R479RifvwfBANO62sNWJ19X//9G5UjwWmkiOz +n1k50DkYsBBA3mJzik6wjt/c58lBIlSEgAgpvDU8ht8w3t20JP9+YqXAeugqFj/W +l9rFQtsvaWSRywjXVlp5fxuEQelNnXcJEKhsKTNExsBUZebo4/J1BWpklWzA9P0l +YW5INvDAAwcF1nzlEf0Y6Eot03IMNyg2MTE4hehxjdgCSci8GYnFirE/ojXqqpAc +ZGh7r2dqWgZUD1Dh+bT2vjrUzj8eTH3GdzI+oljt29102JIUaqj3yzRYkah8FLF9 +CLNNsUcCAwEAAaNlMGMwHQYDVR0OBBYEFLQRM/HX4l73U54gIhBPhga/H8leMB8G +A1UdIwQYMBaAFI71Ja8em2uEPXyAmslTnE1y96NSMAwGA1UdEwQFMAMBAf8wEwYD +VR0lBAwwCgYIKwYBBQUHAwIwDQYJKoZIhvcNAQELBQADggEBAB6mihrap7ByLl3w +P/0XsqMvOkxCxoWTeI0cEwbxSpUXfMTE24oIQJiqIyHO6qeSRgSywk/DTU0uJWOB +Idr6dPI6wPrS4jvFqcgoFH1OPjAJCpl5CuCJEH8gB3LJ4dNfj+O7shT0XeI+R1vw +gp+fJ8v6jX4y8Nk/Bcy748dC1HZhMWHxQblzjRu8Xmd6lDiMskoWE2JAwgRK7b3M +dCpuTCHMTsdCspwBUvQ4gNYNP5IURE+09DBtEBQicN/1RHyRZOw7YGs5ZOdc5mRe +O5E+WHE1xiJ0QwUu2co55PFlukidWXx7LE02foNaNm+rw4OUTrzsqmmgkp1qqAab +ap/RSXgwCKAGBgRVHSUA +-----END TRUSTED CERTIFICATE----- diff --git a/openssl-1.1.0h/test/certs/cca-cert.pem b/openssl-1.1.0h/test/certs/cca-cert.pem new file mode 100644 index 0000000..6bccc4c --- /dev/null +++ b/openssl-1.1.0h/test/certs/cca-cert.pem @@ -0,0 +1,19 @@ +-----BEGIN CERTIFICATE----- +MIIDATCCAemgAwIBAgIBAjANBgkqhkiG9w0BAQsFADASMRAwDgYDVQQDDAdSb290 +IENBMCAXDTE2MDEyOTA0NDc0NloYDzIxMTYwMTMwMDQ0NzQ2WjANMQswCQYDVQQD +DAJDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJadpD0ASxxfxsvd +j9IxsogVzMSGLFziaYuE9KejU9+R479RifvwfBANO62sNWJ19X//9G5UjwWmkiOz +n1k50DkYsBBA3mJzik6wjt/c58lBIlSEgAgpvDU8ht8w3t20JP9+YqXAeugqFj/W +l9rFQtsvaWSRywjXVlp5fxuEQelNnXcJEKhsKTNExsBUZebo4/J1BWpklWzA9P0l +YW5INvDAAwcF1nzlEf0Y6Eot03IMNyg2MTE4hehxjdgCSci8GYnFirE/ojXqqpAc +ZGh7r2dqWgZUD1Dh+bT2vjrUzj8eTH3GdzI+oljt29102JIUaqj3yzRYkah8FLF9 +CLNNsUcCAwEAAaNlMGMwHQYDVR0OBBYEFLQRM/HX4l73U54gIhBPhga/H8leMB8G +A1UdIwQYMBaAFI71Ja8em2uEPXyAmslTnE1y96NSMAwGA1UdEwQFMAMBAf8wEwYD +VR0lBAwwCgYIKwYBBQUHAwIwDQYJKoZIhvcNAQELBQADggEBAB6mihrap7ByLl3w +P/0XsqMvOkxCxoWTeI0cEwbxSpUXfMTE24oIQJiqIyHO6qeSRgSywk/DTU0uJWOB +Idr6dPI6wPrS4jvFqcgoFH1OPjAJCpl5CuCJEH8gB3LJ4dNfj+O7shT0XeI+R1vw +gp+fJ8v6jX4y8Nk/Bcy748dC1HZhMWHxQblzjRu8Xmd6lDiMskoWE2JAwgRK7b3M +dCpuTCHMTsdCspwBUvQ4gNYNP5IURE+09DBtEBQicN/1RHyRZOw7YGs5ZOdc5mRe +O5E+WHE1xiJ0QwUu2co55PFlukidWXx7LE02foNaNm+rw4OUTrzsqmmgkp1qqAab +ap/RSXg= +-----END CERTIFICATE----- diff --git a/openssl-1.1.0h/test/certs/cca-clientAuth.pem b/openssl-1.1.0h/test/certs/cca-clientAuth.pem new file mode 100644 index 0000000..0b857ee --- /dev/null +++ b/openssl-1.1.0h/test/certs/cca-clientAuth.pem @@ -0,0 +1,19 @@ +-----BEGIN TRUSTED CERTIFICATE----- +MIIDATCCAemgAwIBAgIBAjANBgkqhkiG9w0BAQsFADASMRAwDgYDVQQDDAdSb290 +IENBMCAXDTE2MDEyOTA0NDc0NloYDzIxMTYwMTMwMDQ0NzQ2WjANMQswCQYDVQQD +DAJDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJadpD0ASxxfxsvd +j9IxsogVzMSGLFziaYuE9KejU9+R479RifvwfBANO62sNWJ19X//9G5UjwWmkiOz +n1k50DkYsBBA3mJzik6wjt/c58lBIlSEgAgpvDU8ht8w3t20JP9+YqXAeugqFj/W +l9rFQtsvaWSRywjXVlp5fxuEQelNnXcJEKhsKTNExsBUZebo4/J1BWpklWzA9P0l +YW5INvDAAwcF1nzlEf0Y6Eot03IMNyg2MTE4hehxjdgCSci8GYnFirE/ojXqqpAc +ZGh7r2dqWgZUD1Dh+bT2vjrUzj8eTH3GdzI+oljt29102JIUaqj3yzRYkah8FLF9 +CLNNsUcCAwEAAaNlMGMwHQYDVR0OBBYEFLQRM/HX4l73U54gIhBPhga/H8leMB8G +A1UdIwQYMBaAFI71Ja8em2uEPXyAmslTnE1y96NSMAwGA1UdEwQFMAMBAf8wEwYD +VR0lBAwwCgYIKwYBBQUHAwIwDQYJKoZIhvcNAQELBQADggEBAB6mihrap7ByLl3w +P/0XsqMvOkxCxoWTeI0cEwbxSpUXfMTE24oIQJiqIyHO6qeSRgSywk/DTU0uJWOB +Idr6dPI6wPrS4jvFqcgoFH1OPjAJCpl5CuCJEH8gB3LJ4dNfj+O7shT0XeI+R1vw +gp+fJ8v6jX4y8Nk/Bcy748dC1HZhMWHxQblzjRu8Xmd6lDiMskoWE2JAwgRK7b3M +dCpuTCHMTsdCspwBUvQ4gNYNP5IURE+09DBtEBQicN/1RHyRZOw7YGs5ZOdc5mRe +O5E+WHE1xiJ0QwUu2co55PFlukidWXx7LE02foNaNm+rw4OUTrzsqmmgkp1qqAab +ap/RSXgwDDAKBggrBgEFBQcDAg== +-----END TRUSTED CERTIFICATE----- diff --git a/openssl-1.1.0h/test/certs/cca-serverAuth.pem b/openssl-1.1.0h/test/certs/cca-serverAuth.pem new file mode 100644 index 0000000..46cbce0 --- /dev/null +++ b/openssl-1.1.0h/test/certs/cca-serverAuth.pem @@ -0,0 +1,19 @@ +-----BEGIN TRUSTED CERTIFICATE----- +MIIDATCCAemgAwIBAgIBAjANBgkqhkiG9w0BAQsFADASMRAwDgYDVQQDDAdSb290 +IENBMCAXDTE2MDEyOTA0NDc0NloYDzIxMTYwMTMwMDQ0NzQ2WjANMQswCQYDVQQD +DAJDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJadpD0ASxxfxsvd +j9IxsogVzMSGLFziaYuE9KejU9+R479RifvwfBANO62sNWJ19X//9G5UjwWmkiOz +n1k50DkYsBBA3mJzik6wjt/c58lBIlSEgAgpvDU8ht8w3t20JP9+YqXAeugqFj/W +l9rFQtsvaWSRywjXVlp5fxuEQelNnXcJEKhsKTNExsBUZebo4/J1BWpklWzA9P0l +YW5INvDAAwcF1nzlEf0Y6Eot03IMNyg2MTE4hehxjdgCSci8GYnFirE/ojXqqpAc +ZGh7r2dqWgZUD1Dh+bT2vjrUzj8eTH3GdzI+oljt29102JIUaqj3yzRYkah8FLF9 +CLNNsUcCAwEAAaNlMGMwHQYDVR0OBBYEFLQRM/HX4l73U54gIhBPhga/H8leMB8G +A1UdIwQYMBaAFI71Ja8em2uEPXyAmslTnE1y96NSMAwGA1UdEwQFMAMBAf8wEwYD +VR0lBAwwCgYIKwYBBQUHAwIwDQYJKoZIhvcNAQELBQADggEBAB6mihrap7ByLl3w +P/0XsqMvOkxCxoWTeI0cEwbxSpUXfMTE24oIQJiqIyHO6qeSRgSywk/DTU0uJWOB +Idr6dPI6wPrS4jvFqcgoFH1OPjAJCpl5CuCJEH8gB3LJ4dNfj+O7shT0XeI+R1vw +gp+fJ8v6jX4y8Nk/Bcy748dC1HZhMWHxQblzjRu8Xmd6lDiMskoWE2JAwgRK7b3M +dCpuTCHMTsdCspwBUvQ4gNYNP5IURE+09DBtEBQicN/1RHyRZOw7YGs5ZOdc5mRe +O5E+WHE1xiJ0QwUu2co55PFlukidWXx7LE02foNaNm+rw4OUTrzsqmmgkp1qqAab +ap/RSXgwDKAKBggrBgEFBQcDAQ== +-----END TRUSTED CERTIFICATE----- diff --git a/openssl-1.1.0h/test/certs/croot+anyEKU.pem b/openssl-1.1.0h/test/certs/croot+anyEKU.pem new file mode 100644 index 0000000..88ce120 --- /dev/null +++ b/openssl-1.1.0h/test/certs/croot+anyEKU.pem @@ -0,0 +1,19 @@ +-----BEGIN TRUSTED CERTIFICATE----- +MIIDBjCCAe6gAwIBAgIBATANBgkqhkiG9w0BAQsFADASMRAwDgYDVQQDDAdSb290 +IENBMCAXDTE2MDEyOTA0NDc0NloYDzIxMTYwMTMwMDQ0NzQ2WjASMRAwDgYDVQQD +DAdSb290IENBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4eYA9Qa8 +oEY4eQ8/HnEZE20C3yubdmv8rLAh7daRCEI7pWM17FJboKJKxdYAlAOXWj25ZyjS +feMhXKTtxjyNjoTRnVTDPdl0opZ2Z3H5xhpQd7P9eO5b4OOMiSPCmiLsPtQ3ngfN +wCtVERc6NEIcaQ06GLDtFZRexv2eh8Yc55QaksBfBcFzQ+UD3gmRySTO2I6Lfi7g +MUjRhipqVSZ66As2Tpex4KTJ2lxpSwOACFaDox+yKrjBTP7FsU3UwAGq7b7OJb3u +aa32B81uK6GJVPVo65gJ7clgZsszYkoDsGjWDqtfwTVVfv1G7rrr3Laio+2Ff3ff +tWgiQ35mJCOvxQIDAQABo2UwYzAdBgNVHQ4EFgQUjvUlrx6ba4Q9fICayVOcTXL3 +o1IwHwYDVR0jBBgwFoAUjvUlrx6ba4Q9fICayVOcTXL3o1IwDAYDVR0TBAUwAwEB +/zATBgNVHSUEDDAKBggrBgEFBQcDAjANBgkqhkiG9w0BAQsFAAOCAQEAi/mR+SIa +bs1egGRRSAzqu4KkrOG1vGVQNj0XfHn1WeAdmwEAjNi+llErpkMyY08Cjb/3fiQc +6H9CA36utf/Ym84OQOY64m4C1Kikxw8EHudoPNvSWQAFEpCk5gs6rCJEnj9QolL3 +32IvZQ1m+GcrjGg976PccEaM7S362kTj+kcAswmS8iJmDAJ2b+ghHTFrFQS4GAw7 +XOcqQbinx9ntGn135VsJLOXKveYvQSD7sHKCd4RFrFTSEwWmtBL96vRXmTV5wTAr +tpkKKKw5N9CiHnbhNyVrSRiLCzVDTpYQDaBJhb7XOsHi+/HOzmbK6LHe0Lt1nP+k +4PR8O0S5WC0PlzAIMAYGBFUdJQA= +-----END TRUSTED CERTIFICATE----- diff --git a/openssl-1.1.0h/test/certs/croot+clientAuth.pem b/openssl-1.1.0h/test/certs/croot+clientAuth.pem new file mode 100644 index 0000000..aa45a06 --- /dev/null +++ b/openssl-1.1.0h/test/certs/croot+clientAuth.pem @@ -0,0 +1,19 @@ +-----BEGIN TRUSTED CERTIFICATE----- +MIIDBjCCAe6gAwIBAgIBATANBgkqhkiG9w0BAQsFADASMRAwDgYDVQQDDAdSb290 +IENBMCAXDTE2MDEyOTA0NDc0NloYDzIxMTYwMTMwMDQ0NzQ2WjASMRAwDgYDVQQD +DAdSb290IENBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4eYA9Qa8 +oEY4eQ8/HnEZE20C3yubdmv8rLAh7daRCEI7pWM17FJboKJKxdYAlAOXWj25ZyjS +feMhXKTtxjyNjoTRnVTDPdl0opZ2Z3H5xhpQd7P9eO5b4OOMiSPCmiLsPtQ3ngfN +wCtVERc6NEIcaQ06GLDtFZRexv2eh8Yc55QaksBfBcFzQ+UD3gmRySTO2I6Lfi7g +MUjRhipqVSZ66As2Tpex4KTJ2lxpSwOACFaDox+yKrjBTP7FsU3UwAGq7b7OJb3u +aa32B81uK6GJVPVo65gJ7clgZsszYkoDsGjWDqtfwTVVfv1G7rrr3Laio+2Ff3ff +tWgiQ35mJCOvxQIDAQABo2UwYzAdBgNVHQ4EFgQUjvUlrx6ba4Q9fICayVOcTXL3 +o1IwHwYDVR0jBBgwFoAUjvUlrx6ba4Q9fICayVOcTXL3o1IwDAYDVR0TBAUwAwEB +/zATBgNVHSUEDDAKBggrBgEFBQcDAjANBgkqhkiG9w0BAQsFAAOCAQEAi/mR+SIa +bs1egGRRSAzqu4KkrOG1vGVQNj0XfHn1WeAdmwEAjNi+llErpkMyY08Cjb/3fiQc +6H9CA36utf/Ym84OQOY64m4C1Kikxw8EHudoPNvSWQAFEpCk5gs6rCJEnj9QolL3 +32IvZQ1m+GcrjGg976PccEaM7S362kTj+kcAswmS8iJmDAJ2b+ghHTFrFQS4GAw7 +XOcqQbinx9ntGn135VsJLOXKveYvQSD7sHKCd4RFrFTSEwWmtBL96vRXmTV5wTAr +tpkKKKw5N9CiHnbhNyVrSRiLCzVDTpYQDaBJhb7XOsHi+/HOzmbK6LHe0Lt1nP+k +4PR8O0S5WC0PlzAMMAoGCCsGAQUFBwMC +-----END TRUSTED CERTIFICATE----- diff --git a/openssl-1.1.0h/test/certs/croot+serverAuth.pem b/openssl-1.1.0h/test/certs/croot+serverAuth.pem new file mode 100644 index 0000000..3564769 --- /dev/null +++ b/openssl-1.1.0h/test/certs/croot+serverAuth.pem @@ -0,0 +1,19 @@ +-----BEGIN TRUSTED CERTIFICATE----- +MIIDBjCCAe6gAwIBAgIBATANBgkqhkiG9w0BAQsFADASMRAwDgYDVQQDDAdSb290 +IENBMCAXDTE2MDEyOTA0NDc0NloYDzIxMTYwMTMwMDQ0NzQ2WjASMRAwDgYDVQQD +DAdSb290IENBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4eYA9Qa8 +oEY4eQ8/HnEZE20C3yubdmv8rLAh7daRCEI7pWM17FJboKJKxdYAlAOXWj25ZyjS +feMhXKTtxjyNjoTRnVTDPdl0opZ2Z3H5xhpQd7P9eO5b4OOMiSPCmiLsPtQ3ngfN +wCtVERc6NEIcaQ06GLDtFZRexv2eh8Yc55QaksBfBcFzQ+UD3gmRySTO2I6Lfi7g +MUjRhipqVSZ66As2Tpex4KTJ2lxpSwOACFaDox+yKrjBTP7FsU3UwAGq7b7OJb3u +aa32B81uK6GJVPVo65gJ7clgZsszYkoDsGjWDqtfwTVVfv1G7rrr3Laio+2Ff3ff +tWgiQ35mJCOvxQIDAQABo2UwYzAdBgNVHQ4EFgQUjvUlrx6ba4Q9fICayVOcTXL3 +o1IwHwYDVR0jBBgwFoAUjvUlrx6ba4Q9fICayVOcTXL3o1IwDAYDVR0TBAUwAwEB +/zATBgNVHSUEDDAKBggrBgEFBQcDAjANBgkqhkiG9w0BAQsFAAOCAQEAi/mR+SIa +bs1egGRRSAzqu4KkrOG1vGVQNj0XfHn1WeAdmwEAjNi+llErpkMyY08Cjb/3fiQc +6H9CA36utf/Ym84OQOY64m4C1Kikxw8EHudoPNvSWQAFEpCk5gs6rCJEnj9QolL3 +32IvZQ1m+GcrjGg976PccEaM7S362kTj+kcAswmS8iJmDAJ2b+ghHTFrFQS4GAw7 +XOcqQbinx9ntGn135VsJLOXKveYvQSD7sHKCd4RFrFTSEwWmtBL96vRXmTV5wTAr +tpkKKKw5N9CiHnbhNyVrSRiLCzVDTpYQDaBJhb7XOsHi+/HOzmbK6LHe0Lt1nP+k +4PR8O0S5WC0PlzAMMAoGCCsGAQUFBwMB +-----END TRUSTED CERTIFICATE----- diff --git a/openssl-1.1.0h/test/certs/croot-anyEKU.pem b/openssl-1.1.0h/test/certs/croot-anyEKU.pem new file mode 100644 index 0000000..50fffbf --- /dev/null +++ b/openssl-1.1.0h/test/certs/croot-anyEKU.pem @@ -0,0 +1,19 @@ +-----BEGIN TRUSTED CERTIFICATE----- +MIIDBjCCAe6gAwIBAgIBATANBgkqhkiG9w0BAQsFADASMRAwDgYDVQQDDAdSb290 +IENBMCAXDTE2MDEyOTA0NDc0NloYDzIxMTYwMTMwMDQ0NzQ2WjASMRAwDgYDVQQD +DAdSb290IENBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4eYA9Qa8 +oEY4eQ8/HnEZE20C3yubdmv8rLAh7daRCEI7pWM17FJboKJKxdYAlAOXWj25ZyjS +feMhXKTtxjyNjoTRnVTDPdl0opZ2Z3H5xhpQd7P9eO5b4OOMiSPCmiLsPtQ3ngfN +wCtVERc6NEIcaQ06GLDtFZRexv2eh8Yc55QaksBfBcFzQ+UD3gmRySTO2I6Lfi7g +MUjRhipqVSZ66As2Tpex4KTJ2lxpSwOACFaDox+yKrjBTP7FsU3UwAGq7b7OJb3u +aa32B81uK6GJVPVo65gJ7clgZsszYkoDsGjWDqtfwTVVfv1G7rrr3Laio+2Ff3ff +tWgiQ35mJCOvxQIDAQABo2UwYzAdBgNVHQ4EFgQUjvUlrx6ba4Q9fICayVOcTXL3 +o1IwHwYDVR0jBBgwFoAUjvUlrx6ba4Q9fICayVOcTXL3o1IwDAYDVR0TBAUwAwEB +/zATBgNVHSUEDDAKBggrBgEFBQcDAjANBgkqhkiG9w0BAQsFAAOCAQEAi/mR+SIa +bs1egGRRSAzqu4KkrOG1vGVQNj0XfHn1WeAdmwEAjNi+llErpkMyY08Cjb/3fiQc +6H9CA36utf/Ym84OQOY64m4C1Kikxw8EHudoPNvSWQAFEpCk5gs6rCJEnj9QolL3 +32IvZQ1m+GcrjGg976PccEaM7S362kTj+kcAswmS8iJmDAJ2b+ghHTFrFQS4GAw7 +XOcqQbinx9ntGn135VsJLOXKveYvQSD7sHKCd4RFrFTSEwWmtBL96vRXmTV5wTAr +tpkKKKw5N9CiHnbhNyVrSRiLCzVDTpYQDaBJhb7XOsHi+/HOzmbK6LHe0Lt1nP+k +4PR8O0S5WC0PlzAIoAYGBFUdJQA= +-----END TRUSTED CERTIFICATE----- diff --git a/openssl-1.1.0h/test/certs/croot-cert.pem b/openssl-1.1.0h/test/certs/croot-cert.pem new file mode 100644 index 0000000..f3459f4 --- /dev/null +++ b/openssl-1.1.0h/test/certs/croot-cert.pem @@ -0,0 +1,19 @@ +-----BEGIN CERTIFICATE----- +MIIDBjCCAe6gAwIBAgIBATANBgkqhkiG9w0BAQsFADASMRAwDgYDVQQDDAdSb290 +IENBMCAXDTE2MDEyOTA0NDc0NloYDzIxMTYwMTMwMDQ0NzQ2WjASMRAwDgYDVQQD +DAdSb290IENBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4eYA9Qa8 +oEY4eQ8/HnEZE20C3yubdmv8rLAh7daRCEI7pWM17FJboKJKxdYAlAOXWj25ZyjS +feMhXKTtxjyNjoTRnVTDPdl0opZ2Z3H5xhpQd7P9eO5b4OOMiSPCmiLsPtQ3ngfN +wCtVERc6NEIcaQ06GLDtFZRexv2eh8Yc55QaksBfBcFzQ+UD3gmRySTO2I6Lfi7g +MUjRhipqVSZ66As2Tpex4KTJ2lxpSwOACFaDox+yKrjBTP7FsU3UwAGq7b7OJb3u +aa32B81uK6GJVPVo65gJ7clgZsszYkoDsGjWDqtfwTVVfv1G7rrr3Laio+2Ff3ff +tWgiQ35mJCOvxQIDAQABo2UwYzAdBgNVHQ4EFgQUjvUlrx6ba4Q9fICayVOcTXL3 +o1IwHwYDVR0jBBgwFoAUjvUlrx6ba4Q9fICayVOcTXL3o1IwDAYDVR0TBAUwAwEB +/zATBgNVHSUEDDAKBggrBgEFBQcDAjANBgkqhkiG9w0BAQsFAAOCAQEAi/mR+SIa +bs1egGRRSAzqu4KkrOG1vGVQNj0XfHn1WeAdmwEAjNi+llErpkMyY08Cjb/3fiQc +6H9CA36utf/Ym84OQOY64m4C1Kikxw8EHudoPNvSWQAFEpCk5gs6rCJEnj9QolL3 +32IvZQ1m+GcrjGg976PccEaM7S362kTj+kcAswmS8iJmDAJ2b+ghHTFrFQS4GAw7 +XOcqQbinx9ntGn135VsJLOXKveYvQSD7sHKCd4RFrFTSEwWmtBL96vRXmTV5wTAr +tpkKKKw5N9CiHnbhNyVrSRiLCzVDTpYQDaBJhb7XOsHi+/HOzmbK6LHe0Lt1nP+k +4PR8O0S5WC0Plw== +-----END CERTIFICATE----- diff --git a/openssl-1.1.0h/test/certs/croot-clientAuth.pem b/openssl-1.1.0h/test/certs/croot-clientAuth.pem new file mode 100644 index 0000000..7845641 --- /dev/null +++ b/openssl-1.1.0h/test/certs/croot-clientAuth.pem @@ -0,0 +1,19 @@ +-----BEGIN TRUSTED CERTIFICATE----- +MIIDBjCCAe6gAwIBAgIBATANBgkqhkiG9w0BAQsFADASMRAwDgYDVQQDDAdSb290 +IENBMCAXDTE2MDEyOTA0NDc0NloYDzIxMTYwMTMwMDQ0NzQ2WjASMRAwDgYDVQQD +DAdSb290IENBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4eYA9Qa8 +oEY4eQ8/HnEZE20C3yubdmv8rLAh7daRCEI7pWM17FJboKJKxdYAlAOXWj25ZyjS +feMhXKTtxjyNjoTRnVTDPdl0opZ2Z3H5xhpQd7P9eO5b4OOMiSPCmiLsPtQ3ngfN +wCtVERc6NEIcaQ06GLDtFZRexv2eh8Yc55QaksBfBcFzQ+UD3gmRySTO2I6Lfi7g +MUjRhipqVSZ66As2Tpex4KTJ2lxpSwOACFaDox+yKrjBTP7FsU3UwAGq7b7OJb3u +aa32B81uK6GJVPVo65gJ7clgZsszYkoDsGjWDqtfwTVVfv1G7rrr3Laio+2Ff3ff +tWgiQ35mJCOvxQIDAQABo2UwYzAdBgNVHQ4EFgQUjvUlrx6ba4Q9fICayVOcTXL3 +o1IwHwYDVR0jBBgwFoAUjvUlrx6ba4Q9fICayVOcTXL3o1IwDAYDVR0TBAUwAwEB +/zATBgNVHSUEDDAKBggrBgEFBQcDAjANBgkqhkiG9w0BAQsFAAOCAQEAi/mR+SIa +bs1egGRRSAzqu4KkrOG1vGVQNj0XfHn1WeAdmwEAjNi+llErpkMyY08Cjb/3fiQc +6H9CA36utf/Ym84OQOY64m4C1Kikxw8EHudoPNvSWQAFEpCk5gs6rCJEnj9QolL3 +32IvZQ1m+GcrjGg976PccEaM7S362kTj+kcAswmS8iJmDAJ2b+ghHTFrFQS4GAw7 +XOcqQbinx9ntGn135VsJLOXKveYvQSD7sHKCd4RFrFTSEwWmtBL96vRXmTV5wTAr +tpkKKKw5N9CiHnbhNyVrSRiLCzVDTpYQDaBJhb7XOsHi+/HOzmbK6LHe0Lt1nP+k +4PR8O0S5WC0PlzAMoAoGCCsGAQUFBwMC +-----END TRUSTED CERTIFICATE----- diff --git a/openssl-1.1.0h/test/certs/croot-serverAuth.pem b/openssl-1.1.0h/test/certs/croot-serverAuth.pem new file mode 100644 index 0000000..7e4ffa7 --- /dev/null +++ b/openssl-1.1.0h/test/certs/croot-serverAuth.pem @@ -0,0 +1,19 @@ +-----BEGIN TRUSTED CERTIFICATE----- +MIIDBjCCAe6gAwIBAgIBATANBgkqhkiG9w0BAQsFADASMRAwDgYDVQQDDAdSb290 +IENBMCAXDTE2MDEyOTA0NDc0NloYDzIxMTYwMTMwMDQ0NzQ2WjASMRAwDgYDVQQD +DAdSb290IENBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4eYA9Qa8 +oEY4eQ8/HnEZE20C3yubdmv8rLAh7daRCEI7pWM17FJboKJKxdYAlAOXWj25ZyjS +feMhXKTtxjyNjoTRnVTDPdl0opZ2Z3H5xhpQd7P9eO5b4OOMiSPCmiLsPtQ3ngfN +wCtVERc6NEIcaQ06GLDtFZRexv2eh8Yc55QaksBfBcFzQ+UD3gmRySTO2I6Lfi7g +MUjRhipqVSZ66As2Tpex4KTJ2lxpSwOACFaDox+yKrjBTP7FsU3UwAGq7b7OJb3u +aa32B81uK6GJVPVo65gJ7clgZsszYkoDsGjWDqtfwTVVfv1G7rrr3Laio+2Ff3ff +tWgiQ35mJCOvxQIDAQABo2UwYzAdBgNVHQ4EFgQUjvUlrx6ba4Q9fICayVOcTXL3 +o1IwHwYDVR0jBBgwFoAUjvUlrx6ba4Q9fICayVOcTXL3o1IwDAYDVR0TBAUwAwEB +/zATBgNVHSUEDDAKBggrBgEFBQcDAjANBgkqhkiG9w0BAQsFAAOCAQEAi/mR+SIa +bs1egGRRSAzqu4KkrOG1vGVQNj0XfHn1WeAdmwEAjNi+llErpkMyY08Cjb/3fiQc +6H9CA36utf/Ym84OQOY64m4C1Kikxw8EHudoPNvSWQAFEpCk5gs6rCJEnj9QolL3 +32IvZQ1m+GcrjGg976PccEaM7S362kTj+kcAswmS8iJmDAJ2b+ghHTFrFQS4GAw7 +XOcqQbinx9ntGn135VsJLOXKveYvQSD7sHKCd4RFrFTSEwWmtBL96vRXmTV5wTAr +tpkKKKw5N9CiHnbhNyVrSRiLCzVDTpYQDaBJhb7XOsHi+/HOzmbK6LHe0Lt1nP+k +4PR8O0S5WC0PlzAMoAoGCCsGAQUFBwMB +-----END TRUSTED CERTIFICATE----- diff --git a/openssl-1.1.0h/test/certs/ee+clientAuth.pem b/openssl-1.1.0h/test/certs/ee+clientAuth.pem new file mode 100644 index 0000000..850a868 --- /dev/null +++ b/openssl-1.1.0h/test/certs/ee+clientAuth.pem @@ -0,0 +1,20 @@ +-----BEGIN TRUSTED CERTIFICATE----- +MIIDIDCCAgigAwIBAgIBAjANBgkqhkiG9w0BAQsFADANMQswCQYDVQQDDAJDQTAg +Fw0xNjAxMTUwODE5NTBaGA8yMTE2MDExNjA4MTk1MFowGTEXMBUGA1UEAwwOc2Vy +dmVyLmV4YW1wbGUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCo/4lY +YYWu3tssD9Vz++K3qBt6dWAr1H08c3a1rt6TL38kkG3JHPSKOM2fooAWVsu0LLuT +5Rcf/w3GQ/4xNPgo2HXpo7uIgu+jcuJTYgVFTeAxl++qnRDSWA2eBp4yuxsIVl1l +Dz9mjsI2oBH/wFk1/Ukc3RxCMwZ4rgQ4I+XndWfTlK1aqUAfrFkQ9QzBZK1KxMY1 +U7OWaoIbFYvRmavknm+UqtKW5Vf7jJFkijwkFsbSGb6CYBM7YrDtPh2zyvlr3zG5 +ep5LR2inKcc/SuIiJ7TvkGPX79ByST5brbkb1Ctvhmjd1XMSuEPJ3EEPoqNGT4tn +iIQPYf55NB9KiR+3AgMBAAGjfTB7MB0GA1UdDgQWBBTnm+IqrYpsOst2UeWOB5gi +l+FzojAfBgNVHSMEGDAWgBS0ETPx1+Je91OeICIQT4YGvx/JXjAJBgNVHRMEAjAA +MBMGA1UdJQQMMAoGCCsGAQUFBwMCMBkGA1UdEQQSMBCCDnNlcnZlci5leGFtcGxl +MA0GCSqGSIb3DQEBCwUAA4IBAQB+x23yjviJ9/n0G65xjntoPCLpsZtqId+WvN/9 +sXGqRZyAnBWPFpWrf9qXdxXZpTw7KRfywnEVsUQP12XKCc9JH4tG4l/wCDaHi9qO +pLstQskcXk40gWaU83ojjchdtDFBaxR5KxC83SR669Rw9mn66bWz/6zpK9VYohVh +A5/3RqteQaeQETFbZdlb6e7jAjiGp6DmAiH/WLrVvMY8k0z81TD0+UjJqI9097mF +VtNX0l+46/tR4zvyA4yYqxK+L8M57SjfwxvwUpDxxVVnRsf3kHhudeAc+UDWzqws +n5P71o+AfbkYzhHsSFIZyYUnGv+JApFpcGEMEiHL2iBhCRdxMAwwCgYIKwYBBQUH +AwI= +-----END TRUSTED CERTIFICATE----- diff --git a/openssl-1.1.0h/test/certs/ee+serverAuth.pem b/openssl-1.1.0h/test/certs/ee+serverAuth.pem new file mode 100644 index 0000000..61d03ac --- /dev/null +++ b/openssl-1.1.0h/test/certs/ee+serverAuth.pem @@ -0,0 +1,20 @@ +-----BEGIN TRUSTED CERTIFICATE----- +MIIDIDCCAgigAwIBAgIBAjANBgkqhkiG9w0BAQsFADANMQswCQYDVQQDDAJDQTAg +Fw0xNjAxMTUwODE5NDlaGA8yMTE2MDExNjA4MTk0OVowGTEXMBUGA1UEAwwOc2Vy +dmVyLmV4YW1wbGUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCo/4lY +YYWu3tssD9Vz++K3qBt6dWAr1H08c3a1rt6TL38kkG3JHPSKOM2fooAWVsu0LLuT +5Rcf/w3GQ/4xNPgo2HXpo7uIgu+jcuJTYgVFTeAxl++qnRDSWA2eBp4yuxsIVl1l +Dz9mjsI2oBH/wFk1/Ukc3RxCMwZ4rgQ4I+XndWfTlK1aqUAfrFkQ9QzBZK1KxMY1 +U7OWaoIbFYvRmavknm+UqtKW5Vf7jJFkijwkFsbSGb6CYBM7YrDtPh2zyvlr3zG5 +ep5LR2inKcc/SuIiJ7TvkGPX79ByST5brbkb1Ctvhmjd1XMSuEPJ3EEPoqNGT4tn +iIQPYf55NB9KiR+3AgMBAAGjfTB7MB0GA1UdDgQWBBTnm+IqrYpsOst2UeWOB5gi +l+FzojAfBgNVHSMEGDAWgBS0ETPx1+Je91OeICIQT4YGvx/JXjAJBgNVHRMEAjAA +MBMGA1UdJQQMMAoGCCsGAQUFBwMBMBkGA1UdEQQSMBCCDnNlcnZlci5leGFtcGxl +MA0GCSqGSIb3DQEBCwUAA4IBAQBBtDxPYULl5b7VFC7/U0NgV8vTJk4zpPnUMMQ4 +QF2AWDFAek8oLKrz18KQ8M/DEhDxgkaoeXEMLT6BJUEVNYuFEYHEDGarl0nMDRXL +xOgAExfz3Tf/pjsLaha5aWH7NyCSKWC+lYkIOJ/Kb/m/6QsDJoXsEC8AhrPfqJhz +UzsCoxIlaDWqawH4+S8bdeX0tvs2VtJk/WOJHxMqXra6kgI4fAgyvr2kIZHinQ3y +cgX40uAC38bwpE95kJ7FhSfQlE1Rt7sOspUj098Dd0RNDn2uKyOTxEqIELHfw4AX +O3XAzt8qDyho8nEd/xiQ6qgsQnvXa+hSRJw42g3/czVskxRxMAwwCgYIKwYBBQUH +AwE= +-----END TRUSTED CERTIFICATE----- diff --git a/openssl-1.1.0h/test/certs/ee-cert-768.pem b/openssl-1.1.0h/test/certs/ee-cert-768.pem new file mode 100644 index 0000000..794f93c --- /dev/null +++ b/openssl-1.1.0h/test/certs/ee-cert-768.pem @@ -0,0 +1,16 @@ +-----BEGIN CERTIFICATE----- +MIICeDCCAWCgAwIBAgIBAjANBgkqhkiG9w0BAQsFADANMQswCQYDVQQDDAJDQTAg +Fw0xNjAzMjAwNjI3MjdaGA8yMTE2MDMyMTA2MjcyN1owGTEXMBUGA1UEAwwOc2Vy +dmVyLmV4YW1wbGUwfDANBgkqhkiG9w0BAQEFAANrADBoAmEAwCvrPAynx+7VtpFz +4cWZW3/n3/nMwK4fxkWSB0kbVUhQaYiaQGWEfB4JpRz5rPt8NW5m2aVGT7mMjScu +8YyFa3IDdpBeQL1n8VQUH3FLySgQHC1bkkzwyzQM8JirCdl/AgMBAAGjfTB7MB0G +A1UdDgQWBBSRBasp1P/UDCesreviw4Lwz8tFBDAfBgNVHSMEGDAWgBS0ETPx1+Je +91OeICIQT4YGvx/JXjAJBgNVHRMEAjAAMBMGA1UdJQQMMAoGCCsGAQUFBwMBMBkG +A1UdEQQSMBCCDnNlcnZlci5leGFtcGxlMA0GCSqGSIb3DQEBCwUAA4IBAQB5xled +do7U++n86KmJDGnXd4XMpr1QbTFVSO7fhSiObeGm961re/TI7AhuLlsZYP601YhZ +pRe9B7tiEuzu3iCD4kKB0yxgUCSsF0u1KbHSUNe2H5bBJC21c2eLZh6U54y014nL +gFSDOsA8M1301+Hlh5AS+4iTR0Ra02RaZb3L5HCR2wtkJubh3rSj8eBzb6fx+Lhw +JoeRg34lhycGC4bBVwkRT8bo73Nrs71JUP2A6/PjdsIfF2rtVMEuIq8AMQ5wInZ+ +2mIxJ4MwCClwLCq3VxI1bzdf1TYsPNxYTUS1POb2VgNofG0mBTHNUYUO20aF0ct8 +PCQqIqxUIegfS3f5 +-----END CERTIFICATE----- diff --git a/openssl-1.1.0h/test/certs/ee-cert-768i.pem b/openssl-1.1.0h/test/certs/ee-cert-768i.pem new file mode 100644 index 0000000..d6532fb --- /dev/null +++ b/openssl-1.1.0h/test/certs/ee-cert-768i.pem @@ -0,0 +1,16 @@ +-----BEGIN CERTIFICATE----- +MIICfjCCAgigAwIBAgIBAjANBgkqhkiG9w0BAQsFADANMQswCQYDVQQDDAJDQTAg +Fw0xNjAzMjAwNjI3MjdaGA8yMTE2MDMyMTA2MjcyN1owGTEXMBUGA1UEAwwOc2Vy +dmVyLmV4YW1wbGUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCo/4lY +YYWu3tssD9Vz++K3qBt6dWAr1H08c3a1rt6TL38kkG3JHPSKOM2fooAWVsu0LLuT +5Rcf/w3GQ/4xNPgo2HXpo7uIgu+jcuJTYgVFTeAxl++qnRDSWA2eBp4yuxsIVl1l +Dz9mjsI2oBH/wFk1/Ukc3RxCMwZ4rgQ4I+XndWfTlK1aqUAfrFkQ9QzBZK1KxMY1 +U7OWaoIbFYvRmavknm+UqtKW5Vf7jJFkijwkFsbSGb6CYBM7YrDtPh2zyvlr3zG5 +ep5LR2inKcc/SuIiJ7TvkGPX79ByST5brbkb1Ctvhmjd1XMSuEPJ3EEPoqNGT4tn +iIQPYf55NB9KiR+3AgMBAAGjfTB7MB0GA1UdDgQWBBTnm+IqrYpsOst2UeWOB5gi +l+FzojAfBgNVHSMEGDAWgBSq83ovyyiaKeskoYibqSrJFtGUHDAJBgNVHRMEAjAA +MBMGA1UdJQQMMAoGCCsGAQUFBwMBMBkGA1UdEQQSMBCCDnNlcnZlci5leGFtcGxl +MA0GCSqGSIb3DQEBCwUAA2EASAwDwXsYGnhQDyWixI9eKZwXAA9E4rEIdmKNvVjU +jWkMh1oC0FZl4TTHU+sAaXmv2QItZOcG2QEHoTIZDPYiy+7eZC7pPQY25dkxeSZ9 +TIlMnfePzYTc3BnfxZj82Mny +-----END CERTIFICATE----- diff --git a/openssl-1.1.0h/test/certs/ee-cert-md5.pem b/openssl-1.1.0h/test/certs/ee-cert-md5.pem new file mode 100644 index 0000000..8c26422 --- /dev/null +++ b/openssl-1.1.0h/test/certs/ee-cert-md5.pem @@ -0,0 +1,19 @@ +-----BEGIN CERTIFICATE----- +MIIDIDCCAgigAwIBAgIBAjANBgkqhkiG9w0BAQQFADANMQswCQYDVQQDDAJDQTAg +Fw0xNjAzMjAwNjI3MjdaGA8yMTE2MDMyMTA2MjcyN1owGTEXMBUGA1UEAwwOc2Vy +dmVyLmV4YW1wbGUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCo/4lY +YYWu3tssD9Vz++K3qBt6dWAr1H08c3a1rt6TL38kkG3JHPSKOM2fooAWVsu0LLuT +5Rcf/w3GQ/4xNPgo2HXpo7uIgu+jcuJTYgVFTeAxl++qnRDSWA2eBp4yuxsIVl1l +Dz9mjsI2oBH/wFk1/Ukc3RxCMwZ4rgQ4I+XndWfTlK1aqUAfrFkQ9QzBZK1KxMY1 +U7OWaoIbFYvRmavknm+UqtKW5Vf7jJFkijwkFsbSGb6CYBM7YrDtPh2zyvlr3zG5 +ep5LR2inKcc/SuIiJ7TvkGPX79ByST5brbkb1Ctvhmjd1XMSuEPJ3EEPoqNGT4tn +iIQPYf55NB9KiR+3AgMBAAGjfTB7MB0GA1UdDgQWBBTnm+IqrYpsOst2UeWOB5gi +l+FzojAfBgNVHSMEGDAWgBS0ETPx1+Je91OeICIQT4YGvx/JXjAJBgNVHRMEAjAA +MBMGA1UdJQQMMAoGCCsGAQUFBwMBMBkGA1UdEQQSMBCCDnNlcnZlci5leGFtcGxl +MA0GCSqGSIb3DQEBBAUAA4IBAQBqCPfIEZOVUiq2exiRFoxVOvq668Y55lJZ9+4j +E5Ncq9mdbuD7GIxJSKByf899yBJUG32ZIbmwnSHfBkPolc/LjQhUDxJtSBE8vFaA +8AZ1rsOcaWapPQ94gYIgncBS15t7RjTX1l04fY0NPqVsWmTji+ummA5e7iCj6l6t +CqRGhMeSZWa1mc+Plurmz7oWEqkUK5cfTrlDnXeQNOI8EK8lc636elqqdnw0amO4 +yKJlaXRlm/I1nQdUQ0G5Bk2Tp/QGoJCtJ25XsoIbnCs0tIbpQllTdLsRQmOussAP +NvdwbKtAAolgMAxH9pl1Mc6OIo2e8405EWs1jvGEMgE0IFAY +-----END CERTIFICATE----- diff --git a/openssl-1.1.0h/test/certs/ee-cert.pem b/openssl-1.1.0h/test/certs/ee-cert.pem new file mode 100644 index 0000000..05d2318 --- /dev/null +++ b/openssl-1.1.0h/test/certs/ee-cert.pem @@ -0,0 +1,19 @@ +-----BEGIN CERTIFICATE----- +MIIDIDCCAgigAwIBAgIBAjANBgkqhkiG9w0BAQsFADANMQswCQYDVQQDDAJDQTAg +Fw0xNjAxMTUwODE5NDlaGA8yMTE2MDExNjA4MTk0OVowGTEXMBUGA1UEAwwOc2Vy +dmVyLmV4YW1wbGUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCo/4lY +YYWu3tssD9Vz++K3qBt6dWAr1H08c3a1rt6TL38kkG3JHPSKOM2fooAWVsu0LLuT +5Rcf/w3GQ/4xNPgo2HXpo7uIgu+jcuJTYgVFTeAxl++qnRDSWA2eBp4yuxsIVl1l +Dz9mjsI2oBH/wFk1/Ukc3RxCMwZ4rgQ4I+XndWfTlK1aqUAfrFkQ9QzBZK1KxMY1 +U7OWaoIbFYvRmavknm+UqtKW5Vf7jJFkijwkFsbSGb6CYBM7YrDtPh2zyvlr3zG5 +ep5LR2inKcc/SuIiJ7TvkGPX79ByST5brbkb1Ctvhmjd1XMSuEPJ3EEPoqNGT4tn +iIQPYf55NB9KiR+3AgMBAAGjfTB7MB0GA1UdDgQWBBTnm+IqrYpsOst2UeWOB5gi +l+FzojAfBgNVHSMEGDAWgBS0ETPx1+Je91OeICIQT4YGvx/JXjAJBgNVHRMEAjAA +MBMGA1UdJQQMMAoGCCsGAQUFBwMBMBkGA1UdEQQSMBCCDnNlcnZlci5leGFtcGxl +MA0GCSqGSIb3DQEBCwUAA4IBAQBBtDxPYULl5b7VFC7/U0NgV8vTJk4zpPnUMMQ4 +QF2AWDFAek8oLKrz18KQ8M/DEhDxgkaoeXEMLT6BJUEVNYuFEYHEDGarl0nMDRXL +xOgAExfz3Tf/pjsLaha5aWH7NyCSKWC+lYkIOJ/Kb/m/6QsDJoXsEC8AhrPfqJhz +UzsCoxIlaDWqawH4+S8bdeX0tvs2VtJk/WOJHxMqXra6kgI4fAgyvr2kIZHinQ3y +cgX40uAC38bwpE95kJ7FhSfQlE1Rt7sOspUj098Dd0RNDn2uKyOTxEqIELHfw4AX +O3XAzt8qDyho8nEd/xiQ6qgsQnvXa+hSRJw42g3/czVskxRx +-----END CERTIFICATE----- diff --git a/openssl-1.1.0h/test/certs/ee-cert2.pem b/openssl-1.1.0h/test/certs/ee-cert2.pem new file mode 100644 index 0000000..b6ad976 --- /dev/null +++ b/openssl-1.1.0h/test/certs/ee-cert2.pem @@ -0,0 +1,19 @@ +-----BEGIN CERTIFICATE----- +MIIDIDCCAgigAwIBAgIBAjANBgkqhkiG9w0BAQsFADANMQswCQYDVQQDDAJDQTAg +Fw0xNjAxMTUwODE5NDlaGA8yMTE2MDExNjA4MTk0OVowGTEXMBUGA1UEAwwOc2Vy +dmVyLmV4YW1wbGUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCo/4lY +YYWu3tssD9Vz++K3qBt6dWAr1H08c3a1rt6TL38kkG3JHPSKOM2fooAWVsu0LLuT +5Rcf/w3GQ/4xNPgo2HXpo7uIgu+jcuJTYgVFTeAxl++qnRDSWA2eBp4yuxsIVl1l +Dz9mjsI2oBH/wFk1/Ukc3RxCMwZ4rgQ4I+XndWfTlK1aqUAfrFkQ9QzBZK1KxMY1 +U7OWaoIbFYvRmavknm+UqtKW5Vf7jJFkijwkFsbSGb6CYBM7YrDtPh2zyvlr3zG5 +ep5LR2inKcc/SuIiJ7TvkGPX79ByST5brbkb1Ctvhmjd1XMSuEPJ3EEPoqNGT4tn +iIQPYf55NB9KiR+3AgMBAAGjfTB7MB0GA1UdDgQWBBTnm+IqrYpsOst2UeWOB5gi +l+FzojAfBgNVHSMEGDAWgBQBaJ1v+UdTZGJOltvDcSXTMk5QrTAJBgNVHRMEAjAA +MBMGA1UdJQQMMAoGCCsGAQUFBwMBMBkGA1UdEQQSMBCCDnNlcnZlci5leGFtcGxl +MA0GCSqGSIb3DQEBCwUAA4IBAQC8XKL6Bh01xQv+3BTk4Kqu95/TEecZdBPsxU4r +mCT829HsTw54Od7ID64Kzxi52RtJKPDnd3GB1tDAChEYI+U0g3582JiZCXPwxkC0 +y2YEhsXgatfOj0h5eT47FdmH7YeY4S6PxNo7Ek3ma5523M6dqcbP71fLvFptu5DZ +dP9+I9hxeojAeumKONzVK4ADWthqgMgVKqjV34lqNNcWDEXgOUjJwT1HXnlwnCMk +PtdnDSvzHEQFt25RZwkiOjimC97FZAPmsyYmLHc4q6s81ms5M4S9dackCA6TDRvv +sOzivaeM07/94iKBINFpoHpJmD9Z5zE+vH2weMVjhSQnFsGc +-----END CERTIFICATE----- diff --git a/openssl-1.1.0h/test/certs/ee-client-chain.pem b/openssl-1.1.0h/test/certs/ee-client-chain.pem new file mode 100644 index 0000000..27652fa --- /dev/null +++ b/openssl-1.1.0h/test/certs/ee-client-chain.pem @@ -0,0 +1,37 @@ +-----BEGIN CERTIFICATE----- +MIIDIDCCAgigAwIBAgIBAjANBgkqhkiG9w0BAQsFADANMQswCQYDVQQDDAJDQTAg +Fw0xNjAxMTUwODE5NTBaGA8yMTE2MDExNjA4MTk1MFowGTEXMBUGA1UEAwwOc2Vy +dmVyLmV4YW1wbGUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCo/4lY +YYWu3tssD9Vz++K3qBt6dWAr1H08c3a1rt6TL38kkG3JHPSKOM2fooAWVsu0LLuT +5Rcf/w3GQ/4xNPgo2HXpo7uIgu+jcuJTYgVFTeAxl++qnRDSWA2eBp4yuxsIVl1l +Dz9mjsI2oBH/wFk1/Ukc3RxCMwZ4rgQ4I+XndWfTlK1aqUAfrFkQ9QzBZK1KxMY1 +U7OWaoIbFYvRmavknm+UqtKW5Vf7jJFkijwkFsbSGb6CYBM7YrDtPh2zyvlr3zG5 +ep5LR2inKcc/SuIiJ7TvkGPX79ByST5brbkb1Ctvhmjd1XMSuEPJ3EEPoqNGT4tn +iIQPYf55NB9KiR+3AgMBAAGjfTB7MB0GA1UdDgQWBBTnm+IqrYpsOst2UeWOB5gi +l+FzojAfBgNVHSMEGDAWgBS0ETPx1+Je91OeICIQT4YGvx/JXjAJBgNVHRMEAjAA +MBMGA1UdJQQMMAoGCCsGAQUFBwMCMBkGA1UdEQQSMBCCDnNlcnZlci5leGFtcGxl +MA0GCSqGSIb3DQEBCwUAA4IBAQB+x23yjviJ9/n0G65xjntoPCLpsZtqId+WvN/9 +sXGqRZyAnBWPFpWrf9qXdxXZpTw7KRfywnEVsUQP12XKCc9JH4tG4l/wCDaHi9qO +pLstQskcXk40gWaU83ojjchdtDFBaxR5KxC83SR669Rw9mn66bWz/6zpK9VYohVh +A5/3RqteQaeQETFbZdlb6e7jAjiGp6DmAiH/WLrVvMY8k0z81TD0+UjJqI9097mF +VtNX0l+46/tR4zvyA4yYqxK+L8M57SjfwxvwUpDxxVVnRsf3kHhudeAc+UDWzqws +n5P71o+AfbkYzhHsSFIZyYUnGv+JApFpcGEMEiHL2iBhCRdx +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIC7DCCAdSgAwIBAgIBAjANBgkqhkiG9w0BAQsFADASMRAwDgYDVQQDDAdSb290 +IENBMCAXDTE2MDExNTA4MTk0OVoYDzIxMTYwMTE2MDgxOTQ5WjANMQswCQYDVQQD +DAJDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJadpD0ASxxfxsvd +j9IxsogVzMSGLFziaYuE9KejU9+R479RifvwfBANO62sNWJ19X//9G5UjwWmkiOz +n1k50DkYsBBA3mJzik6wjt/c58lBIlSEgAgpvDU8ht8w3t20JP9+YqXAeugqFj/W +l9rFQtsvaWSRywjXVlp5fxuEQelNnXcJEKhsKTNExsBUZebo4/J1BWpklWzA9P0l +YW5INvDAAwcF1nzlEf0Y6Eot03IMNyg2MTE4hehxjdgCSci8GYnFirE/ojXqqpAc +ZGh7r2dqWgZUD1Dh+bT2vjrUzj8eTH3GdzI+oljt29102JIUaqj3yzRYkah8FLF9 +CLNNsUcCAwEAAaNQME4wHQYDVR0OBBYEFLQRM/HX4l73U54gIhBPhga/H8leMB8G +A1UdIwQYMBaAFI71Ja8em2uEPXyAmslTnE1y96NSMAwGA1UdEwQFMAMBAf8wDQYJ +KoZIhvcNAQELBQADggEBADnZ9uXGAdwfNC3xuERIlBwgLROeBRGgcfHWdXZB/tWk +IM9ox88wYKWynanPbra4n0zhepooKt+naeY2HLR8UgwT6sTi0Yfld9mjytA8/DP6 +AcqtIDDf60vNI00sgxjgZqofVayA9KShzIPzjBec4zI1sg5YzoSNyH28VXFstEpi +8CVtmRYQHhc2gDI9MGge4sHRYwaIFkegzpwcEUnp6tTVe9ZvHawgsXF/rCGfH4M6 +uNO0D+9Md1bdW7382yOtWbkyibsugqnfBYCUH6hAhDlfYzpba2Smb0roc6Crq7HR +5HpEYY6qEir9wFMkD5MZsWrNRGRuzd5am82J+aaHz/4= +-----END CERTIFICATE----- diff --git a/openssl-1.1.0h/test/certs/ee-client.pem b/openssl-1.1.0h/test/certs/ee-client.pem new file mode 100644 index 0000000..a6105b2 --- /dev/null +++ b/openssl-1.1.0h/test/certs/ee-client.pem @@ -0,0 +1,19 @@ +-----BEGIN CERTIFICATE----- +MIIDIDCCAgigAwIBAgIBAjANBgkqhkiG9w0BAQsFADANMQswCQYDVQQDDAJDQTAg +Fw0xNjAxMTUwODE5NTBaGA8yMTE2MDExNjA4MTk1MFowGTEXMBUGA1UEAwwOc2Vy +dmVyLmV4YW1wbGUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCo/4lY +YYWu3tssD9Vz++K3qBt6dWAr1H08c3a1rt6TL38kkG3JHPSKOM2fooAWVsu0LLuT +5Rcf/w3GQ/4xNPgo2HXpo7uIgu+jcuJTYgVFTeAxl++qnRDSWA2eBp4yuxsIVl1l +Dz9mjsI2oBH/wFk1/Ukc3RxCMwZ4rgQ4I+XndWfTlK1aqUAfrFkQ9QzBZK1KxMY1 +U7OWaoIbFYvRmavknm+UqtKW5Vf7jJFkijwkFsbSGb6CYBM7YrDtPh2zyvlr3zG5 +ep5LR2inKcc/SuIiJ7TvkGPX79ByST5brbkb1Ctvhmjd1XMSuEPJ3EEPoqNGT4tn +iIQPYf55NB9KiR+3AgMBAAGjfTB7MB0GA1UdDgQWBBTnm+IqrYpsOst2UeWOB5gi +l+FzojAfBgNVHSMEGDAWgBS0ETPx1+Je91OeICIQT4YGvx/JXjAJBgNVHRMEAjAA +MBMGA1UdJQQMMAoGCCsGAQUFBwMCMBkGA1UdEQQSMBCCDnNlcnZlci5leGFtcGxl +MA0GCSqGSIb3DQEBCwUAA4IBAQB+x23yjviJ9/n0G65xjntoPCLpsZtqId+WvN/9 +sXGqRZyAnBWPFpWrf9qXdxXZpTw7KRfywnEVsUQP12XKCc9JH4tG4l/wCDaHi9qO +pLstQskcXk40gWaU83ojjchdtDFBaxR5KxC83SR669Rw9mn66bWz/6zpK9VYohVh +A5/3RqteQaeQETFbZdlb6e7jAjiGp6DmAiH/WLrVvMY8k0z81TD0+UjJqI9097mF +VtNX0l+46/tR4zvyA4yYqxK+L8M57SjfwxvwUpDxxVVnRsf3kHhudeAc+UDWzqws +n5P71o+AfbkYzhHsSFIZyYUnGv+JApFpcGEMEiHL2iBhCRdx +-----END CERTIFICATE----- diff --git a/openssl-1.1.0h/test/certs/ee-clientAuth.pem b/openssl-1.1.0h/test/certs/ee-clientAuth.pem new file mode 100644 index 0000000..e6b88a7 --- /dev/null +++ b/openssl-1.1.0h/test/certs/ee-clientAuth.pem @@ -0,0 +1,20 @@ +-----BEGIN TRUSTED CERTIFICATE----- +MIIDIDCCAgigAwIBAgIBAjANBgkqhkiG9w0BAQsFADANMQswCQYDVQQDDAJDQTAg +Fw0xNjAxMTUwODE5NTBaGA8yMTE2MDExNjA4MTk1MFowGTEXMBUGA1UEAwwOc2Vy +dmVyLmV4YW1wbGUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCo/4lY +YYWu3tssD9Vz++K3qBt6dWAr1H08c3a1rt6TL38kkG3JHPSKOM2fooAWVsu0LLuT +5Rcf/w3GQ/4xNPgo2HXpo7uIgu+jcuJTYgVFTeAxl++qnRDSWA2eBp4yuxsIVl1l +Dz9mjsI2oBH/wFk1/Ukc3RxCMwZ4rgQ4I+XndWfTlK1aqUAfrFkQ9QzBZK1KxMY1 +U7OWaoIbFYvRmavknm+UqtKW5Vf7jJFkijwkFsbSGb6CYBM7YrDtPh2zyvlr3zG5 +ep5LR2inKcc/SuIiJ7TvkGPX79ByST5brbkb1Ctvhmjd1XMSuEPJ3EEPoqNGT4tn +iIQPYf55NB9KiR+3AgMBAAGjfTB7MB0GA1UdDgQWBBTnm+IqrYpsOst2UeWOB5gi +l+FzojAfBgNVHSMEGDAWgBS0ETPx1+Je91OeICIQT4YGvx/JXjAJBgNVHRMEAjAA +MBMGA1UdJQQMMAoGCCsGAQUFBwMCMBkGA1UdEQQSMBCCDnNlcnZlci5leGFtcGxl +MA0GCSqGSIb3DQEBCwUAA4IBAQB+x23yjviJ9/n0G65xjntoPCLpsZtqId+WvN/9 +sXGqRZyAnBWPFpWrf9qXdxXZpTw7KRfywnEVsUQP12XKCc9JH4tG4l/wCDaHi9qO +pLstQskcXk40gWaU83ojjchdtDFBaxR5KxC83SR669Rw9mn66bWz/6zpK9VYohVh +A5/3RqteQaeQETFbZdlb6e7jAjiGp6DmAiH/WLrVvMY8k0z81TD0+UjJqI9097mF +VtNX0l+46/tR4zvyA4yYqxK+L8M57SjfwxvwUpDxxVVnRsf3kHhudeAc+UDWzqws +n5P71o+AfbkYzhHsSFIZyYUnGv+JApFpcGEMEiHL2iBhCRdxMAygCgYIKwYBBQUH +AwI= +-----END TRUSTED CERTIFICATE----- diff --git a/openssl-1.1.0h/test/certs/ee-expired.pem b/openssl-1.1.0h/test/certs/ee-expired.pem new file mode 100644 index 0000000..bc49002 --- /dev/null +++ b/openssl-1.1.0h/test/certs/ee-expired.pem @@ -0,0 +1,19 @@ +-----BEGIN CERTIFICATE----- +MIIDHjCCAgagAwIBAgIBAjANBgkqhkiG9w0BAQsFADANMQswCQYDVQQDDAJDQTAe +Fw0xNjAxMTUwODE5NDlaFw0xNjAxMTQwODE5NDlaMBkxFzAVBgNVBAMMDnNlcnZl +ci5leGFtcGxlMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqP+JWGGF +rt7bLA/Vc/vit6gbenVgK9R9PHN2ta7eky9/JJBtyRz0ijjNn6KAFlbLtCy7k+UX +H/8NxkP+MTT4KNh16aO7iILvo3LiU2IFRU3gMZfvqp0Q0lgNngaeMrsbCFZdZQ8/ +Zo7CNqAR/8BZNf1JHN0cQjMGeK4EOCPl53Vn05StWqlAH6xZEPUMwWStSsTGNVOz +lmqCGxWL0Zmr5J5vlKrSluVX+4yRZIo8JBbG0hm+gmATO2Kw7T4ds8r5a98xuXqe +S0dopynHP0riIie075Bj1+/Qckk+W625G9Qrb4Zo3dVzErhDydxBD6KjRk+LZ4iE +D2H+eTQfSokftwIDAQABo30wezAdBgNVHQ4EFgQU55viKq2KbDrLdlHljgeYIpfh +c6IwHwYDVR0jBBgwFoAUtBEz8dfiXvdTniAiEE+GBr8fyV4wCQYDVR0TBAIwADAT +BgNVHSUEDDAKBggrBgEFBQcDATAZBgNVHREEEjAQgg5zZXJ2ZXIuZXhhbXBsZTAN +BgkqhkiG9w0BAQsFAAOCAQEAaxdo2UEbO7GovfQ18HNQ8hTwZGTyv8h4nZuUcgkf +6L63FLoeyakcNtg1jgpsXmIEuCvWGNrUZJiNt7IiWW8fqmEgVMsYNtldUrQfIhUC +I91SQveIy16Yoebx+1o8JPGIwoN19mqRWXC48gnF6Tmb5XuPVA5niidVryJR2U1m +xciwaDZMNFvEogWopMajZrRTt/hjZYXdFuBVrJPwoP0uc/qYO9e8r5rKdthE3A9B +sRezBb1FRe1ssFshgHcCwXl8AWRlaDFOW3TJvzJgvW3hjEm9z9booKD5dNuUeWWN +CgM8Igp1gjCLXo0a/ZhCwiyE+7uGsLkDjHoGclcGwW17YA== +-----END CERTIFICATE----- diff --git a/openssl-1.1.0h/test/certs/ee-key-768.pem b/openssl-1.1.0h/test/certs/ee-key-768.pem new file mode 100644 index 0000000..0d44f85 --- /dev/null +++ b/openssl-1.1.0h/test/certs/ee-key-768.pem @@ -0,0 +1,13 @@ +-----BEGIN PRIVATE KEY----- +MIIB5QIBADANBgkqhkiG9w0BAQEFAASCAc8wggHLAgEAAmEAwCvrPAynx+7VtpFz +4cWZW3/n3/nMwK4fxkWSB0kbVUhQaYiaQGWEfB4JpRz5rPt8NW5m2aVGT7mMjScu +8YyFa3IDdpBeQL1n8VQUH3FLySgQHC1bkkzwyzQM8JirCdl/AgMBAAECYQCzO0MW +qqcBrhvdPyPZerZhxJW7K/xv6PbxsYlVCjZYAC4ff6x+SzCZolpUiQXE9Hdyhlyk +alcqn2vT5TagWk64YUmIMP7BCT2Ps/IW0nQl07k27c2BNq3IzdRnBz5SbQECMQDg +9UxISqFOG6sLdZIKA88Q+M2HE/MdzwiJby/bSUXhn5aluZqjR60nGPqAb2S/r98C +MQDasGzUTXqEYOPsAL4irzKMMiMdqbj6dNHsmo1GIYKx8PuN193i/cNd5XDv78Gm +imECMQC10IvewbKtVl9f2540ye9JYE18pvsPVI0pxtt++DGqsTkoqGH7JasktmN/ ++ogLBTECMBf9/xKTpXtcfeTod/OqMOt8nKmmcyrXIijJE/K7vnDzNUXshuVeXc6x +W2CXdzFkQQIweyLLA6etAJGsmCRwIgnfp1ubmVdfPou68byHSnzAf4/GxBriSd5b +EQcYwjE7SDI7 +-----END PRIVATE KEY----- diff --git a/openssl-1.1.0h/test/certs/ee-key.pem b/openssl-1.1.0h/test/certs/ee-key.pem new file mode 100644 index 0000000..9bc2a84 --- /dev/null +++ b/openssl-1.1.0h/test/certs/ee-key.pem @@ -0,0 +1,28 @@ +-----BEGIN PRIVATE KEY----- +MIIEvAIBADANBgkqhkiG9w0BAQEFAASCBKYwggSiAgEAAoIBAQCo/4lYYYWu3tss +D9Vz++K3qBt6dWAr1H08c3a1rt6TL38kkG3JHPSKOM2fooAWVsu0LLuT5Rcf/w3G +Q/4xNPgo2HXpo7uIgu+jcuJTYgVFTeAxl++qnRDSWA2eBp4yuxsIVl1lDz9mjsI2 +oBH/wFk1/Ukc3RxCMwZ4rgQ4I+XndWfTlK1aqUAfrFkQ9QzBZK1KxMY1U7OWaoIb +FYvRmavknm+UqtKW5Vf7jJFkijwkFsbSGb6CYBM7YrDtPh2zyvlr3zG5ep5LR2in +Kcc/SuIiJ7TvkGPX79ByST5brbkb1Ctvhmjd1XMSuEPJ3EEPoqNGT4tniIQPYf55 +NB9KiR+3AgMBAAECggEAFvp/40uHUMquhGQ2wsl5/zzVV6ZECFGhIaoVdwiq7Npl +cERPGSxdt7mXg+AliGQO2JXIf4iDx273oYC3PFuWbn9YMQd5RUuAZ/oD+hB25QB8 +vmGJTeqDUgZ0+4qs0fsM5upPUqFrHnfEwoarS9oMh0HEQi9yWzHy7E/E9Rk0dm8Q +qAwfKKqqwBe0RIp6GOwRJ2AO4NLvPh1oddVX15zvVeDP5pmHScZKtGXf9sIKfJJo +JN7N5UaviOKEGpQtxKVNOjn1wYusvzrvz3U3TmvyXTGkPCdSxK/6bz0LN+Lwyfzw +RpSoNUe/cREZJkXDIIaqvmzlQVk1aKDdAx4+8ltyWQKBgQDahgSMZAAeGuQwtI+S +jor9dNWcxEr5Uf/iw5gWmp5E59CSyc35Zj5rdf4M12X7jPRqAbFcM6FgERtbKyYd +lg+PGgcKMYXKXJWimA6xU06+wwRl1iI/j718FCLeov6Lt17VHr8sjO3GiZ/WtHz1 +H6mqV8i9vcClmA6IyS+EQvtkBQKBgQDF+y0JwcbEzS3YqTHy4DGQtcCOkcLi+WM5 +APch7pev4I9MTgZdRnC6ZjnYKXQU9nzALZrH1PoHnFRZbsXbCFsmTdh/6g1L0b7B +/zfZhB+9LiB7NBpfHiUydj1JQfkw/EvnLbs7r5EYGbpkMhpzmmzE9Yv0d+xj1CPd +6kz/6CRdiwKBgBE1ZpxLr7qvMXModPn8obNuBPhweNsDexw3fP2itX4Fp2Y34DGY +vKenxhbqy4wwwHqsoXP6WOYA0t+uGTVRQO5rBUznM3sJKXuBb/7E6bmaD/mZEF9j +CXABAfH4cgU8roon/rQacQsmgWDeG80N7kWM3jEbBVXFELfy5/wJblSlAoGAUZax +eNPiljf4LNGNRAogYwKD2D05k1AzE8rSDanF2TUx2MBO3yGoUyjNrcdnjzwFLS2e +G7wpTfmeyTxdTWakKaTrE8vgrt5BPrFu0rUgX1YjDKLsO0axDZqspwQJLabLoPm3 +r2Eq6kOwDJqZTArXyFNo2daSFJHYNhvYn52LXwECgYB9CRrPMe0sWdbVPm55bXGM +Ern05LQuaLaDZjsbsaH9Q5YPk99Sq7jklyQ3ZuHodSLAArHGu/96uu66xtMrRYcj +c89fqFeqc/BwnkodvWJ3K80UNulnjfOcPVAPHaAr9GE9rJcjICNpu2+wJ2wi4JAF +rLxFTZXBDbnGZ9QtcGcJSw== +-----END PRIVATE KEY----- diff --git a/openssl-1.1.0h/test/certs/ee-name2.pem b/openssl-1.1.0h/test/certs/ee-name2.pem new file mode 100644 index 0000000..234704e --- /dev/null +++ b/openssl-1.1.0h/test/certs/ee-name2.pem @@ -0,0 +1,19 @@ +-----BEGIN CERTIFICATE----- +MIIDITCCAgmgAwIBAgIBAjANBgkqhkiG9w0BAQsFADAOMQwwCgYDVQQDDANDQTIw +IBcNMTYwMTE1MDgxOTQ5WhgPMjExNjAxMTYwODE5NDlaMBkxFzAVBgNVBAMMDnNl +cnZlci5leGFtcGxlMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqP+J +WGGFrt7bLA/Vc/vit6gbenVgK9R9PHN2ta7eky9/JJBtyRz0ijjNn6KAFlbLtCy7 +k+UXH/8NxkP+MTT4KNh16aO7iILvo3LiU2IFRU3gMZfvqp0Q0lgNngaeMrsbCFZd +ZQ8/Zo7CNqAR/8BZNf1JHN0cQjMGeK4EOCPl53Vn05StWqlAH6xZEPUMwWStSsTG +NVOzlmqCGxWL0Zmr5J5vlKrSluVX+4yRZIo8JBbG0hm+gmATO2Kw7T4ds8r5a98x +uXqeS0dopynHP0riIie075Bj1+/Qckk+W625G9Qrb4Zo3dVzErhDydxBD6KjRk+L +Z4iED2H+eTQfSokftwIDAQABo30wezAdBgNVHQ4EFgQU55viKq2KbDrLdlHljgeY +Ipfhc6IwHwYDVR0jBBgwFoAUtBEz8dfiXvdTniAiEE+GBr8fyV4wCQYDVR0TBAIw +ADATBgNVHSUEDDAKBggrBgEFBQcDATAZBgNVHREEEjAQgg5zZXJ2ZXIuZXhhbXBs +ZTANBgkqhkiG9w0BAQsFAAOCAQEAS963QA7e4VCU5bdx4fBV9j5I6KhlEZnLOj5h +MYH1gr3/+V2cdbjctMvsZHB9NLfha7PcDyYHhPDjFuSwu834r31opR4LaSJKlGiW +l+K6mhGk1ofLIQLJedFFdBCuUAHMsTN7yWY6398y72XglJ+KtQh9wUd9g6H6QMzN +OWlZZmVQjVllFOj3y5v1YsJ9JlUFDDzdJVB9KgiyAIj6hcz7pJX42nFtsQvTHBUT +r6J+ViasAnOGjBSVsE5MQw9dYVgSbVd3ftUZkDkLQ5ShTZ5N2ndIMY2xzw7lifrX +O34gCkt55vyZNkOzZgCfMglkloYm7ww7pofZVfjmkmm3k/HGFw== +-----END CERTIFICATE----- diff --git a/openssl-1.1.0h/test/certs/ee-serverAuth.pem b/openssl-1.1.0h/test/certs/ee-serverAuth.pem new file mode 100644 index 0000000..fd6ab28 --- /dev/null +++ b/openssl-1.1.0h/test/certs/ee-serverAuth.pem @@ -0,0 +1,20 @@ +-----BEGIN TRUSTED CERTIFICATE----- +MIIDIDCCAgigAwIBAgIBAjANBgkqhkiG9w0BAQsFADANMQswCQYDVQQDDAJDQTAg +Fw0xNjAxMTUwODE5NDlaGA8yMTE2MDExNjA4MTk0OVowGTEXMBUGA1UEAwwOc2Vy +dmVyLmV4YW1wbGUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCo/4lY +YYWu3tssD9Vz++K3qBt6dWAr1H08c3a1rt6TL38kkG3JHPSKOM2fooAWVsu0LLuT +5Rcf/w3GQ/4xNPgo2HXpo7uIgu+jcuJTYgVFTeAxl++qnRDSWA2eBp4yuxsIVl1l +Dz9mjsI2oBH/wFk1/Ukc3RxCMwZ4rgQ4I+XndWfTlK1aqUAfrFkQ9QzBZK1KxMY1 +U7OWaoIbFYvRmavknm+UqtKW5Vf7jJFkijwkFsbSGb6CYBM7YrDtPh2zyvlr3zG5 +ep5LR2inKcc/SuIiJ7TvkGPX79ByST5brbkb1Ctvhmjd1XMSuEPJ3EEPoqNGT4tn +iIQPYf55NB9KiR+3AgMBAAGjfTB7MB0GA1UdDgQWBBTnm+IqrYpsOst2UeWOB5gi +l+FzojAfBgNVHSMEGDAWgBS0ETPx1+Je91OeICIQT4YGvx/JXjAJBgNVHRMEAjAA +MBMGA1UdJQQMMAoGCCsGAQUFBwMBMBkGA1UdEQQSMBCCDnNlcnZlci5leGFtcGxl +MA0GCSqGSIb3DQEBCwUAA4IBAQBBtDxPYULl5b7VFC7/U0NgV8vTJk4zpPnUMMQ4 +QF2AWDFAek8oLKrz18KQ8M/DEhDxgkaoeXEMLT6BJUEVNYuFEYHEDGarl0nMDRXL +xOgAExfz3Tf/pjsLaha5aWH7NyCSKWC+lYkIOJ/Kb/m/6QsDJoXsEC8AhrPfqJhz +UzsCoxIlaDWqawH4+S8bdeX0tvs2VtJk/WOJHxMqXra6kgI4fAgyvr2kIZHinQ3y +cgX40uAC38bwpE95kJ7FhSfQlE1Rt7sOspUj098Dd0RNDn2uKyOTxEqIELHfw4AX +O3XAzt8qDyho8nEd/xiQ6qgsQnvXa+hSRJw42g3/czVskxRxMAygCgYIKwYBBQUH +AwE= +-----END TRUSTED CERTIFICATE----- diff --git a/openssl-1.1.0h/test/certs/embeddedSCTs1-key.pem b/openssl-1.1.0h/test/certs/embeddedSCTs1-key.pem new file mode 100644 index 0000000..e3e66d5 --- /dev/null +++ b/openssl-1.1.0h/test/certs/embeddedSCTs1-key.pem @@ -0,0 +1,15 @@ +-----BEGIN RSA PRIVATE KEY----- +MIICWwIBAAKBgQC+75jnwmh3rjhfdTJaDB0ym+3xj6r015a/BH634c4VyVui+A7k +WL19uG+KSyUhkaeb1wDDjpwDibRc1NyaEgqyHgy0HNDnKAWkEM2cW9tdSSdyba8X +EPYBhzd+olsaHjnu0LiBGdwVTcaPfajjDK8VijPmyVCfSgWwFAn/Xdh+tQIDAQAB +AoGAK/daG0vt6Fkqy/hdrtSJSKUVRoGRmS2nnba4Qzlwzh1+x2kdbMFuaOu2a37g +PvmeQclheKZ3EG1+Jb4yShwLcBCV6pkRJhOKuhvqGnjngr6uBH4gMCjpZVj7GDMf +flYHhdJCs3Cz/TY0wKN3o1Fldil2DHR/AEOc1nImeSp5/EUCQQDjKS3W957kYtTU +X5BeRjvg03Ug8tJq6IFuhTFvUJ+XQ5bAc0DmxAbQVKqRS7Wje59zTknVvS+MFdeQ +pz4dGuV7AkEA1y0X2yarIls+0A/S1uwkvwRTIkfS+QwFJ1zVya8sApRdKAcidIzA +b70hkKLilU9+LrXg5iZdFp8l752qJiw9jwJAXjItN/7mfH4fExGto+or2kbVQxxt +9LcFNPc2UJp2ExuL37HrL8YJrUnukOF8KJaSwBWuuFsC5GwKP4maUCdfEQJAUwBR +83c3DEmmMRvpeH4erpA8gTyzZN3+HvDwhpvLnjMcvBQEdnDUykVqbSBnxrCjO+Fs +n1qtDczWFVf8Cj2GgQJAQ14Awx32Cn9sF+3M+sEVtlAf6CqiEbkYeYdSCbsplMmZ +1UoaxiwXY3z+B7epsRnnPR3KaceAlAxw2/zQJMFNOQ== +-----END RSA PRIVATE KEY----- diff --git a/openssl-1.1.0h/test/certs/embeddedSCTs1.pem b/openssl-1.1.0h/test/certs/embeddedSCTs1.pem new file mode 100644 index 0000000..d1e8512 --- /dev/null +++ b/openssl-1.1.0h/test/certs/embeddedSCTs1.pem @@ -0,0 +1,20 @@ +-----BEGIN CERTIFICATE----- +MIIDWTCCAsKgAwIBAgIBBzANBgkqhkiG9w0BAQUFADBVMQswCQYDVQQGEwJHQjEk +MCIGA1UEChMbQ2VydGlmaWNhdGUgVHJhbnNwYXJlbmN5IENBMQ4wDAYDVQQIEwVX +YWxlczEQMA4GA1UEBxMHRXJ3IFdlbjAeFw0xMjA2MDEwMDAwMDBaFw0yMjA2MDEw +MDAwMDBaMFIxCzAJBgNVBAYTAkdCMSEwHwYDVQQKExhDZXJ0aWZpY2F0ZSBUcmFu +c3BhcmVuY3kxDjAMBgNVBAgTBVdhbGVzMRAwDgYDVQQHEwdFcncgV2VuMIGfMA0G +CSqGSIb3DQEBAQUAA4GNADCBiQKBgQC+75jnwmh3rjhfdTJaDB0ym+3xj6r015a/ +BH634c4VyVui+A7kWL19uG+KSyUhkaeb1wDDjpwDibRc1NyaEgqyHgy0HNDnKAWk +EM2cW9tdSSdyba8XEPYBhzd+olsaHjnu0LiBGdwVTcaPfajjDK8VijPmyVCfSgWw +FAn/Xdh+tQIDAQABo4IBOjCCATYwHQYDVR0OBBYEFCAxVBryXAX/2GWLaEN5T16Q +Nve0MH0GA1UdIwR2MHSAFF+diA3Ic+ZU1PgN2OawwSS0R8NVoVmkVzBVMQswCQYD +VQQGEwJHQjEkMCIGA1UEChMbQ2VydGlmaWNhdGUgVHJhbnNwYXJlbmN5IENBMQ4w +DAYDVQQIEwVXYWxlczEQMA4GA1UEBxMHRXJ3IFdlboIBADAJBgNVHRMEAjAAMIGK +BgorBgEEAdZ5AgQCBHwEegB4AHYA3xwuwRUAlFJHqWFoMl3cXHlZ6PfG04j8AC4L +vT9012QAAAE92yffkwAABAMARzBFAiBIL2dRrzXbplQ2vh/WZA89v5pBQpSVkkUw +KI+j5eI+BgIhAOTtwNs6xXKx4vXoq2poBlOYfc9BAn3+/6EFUZ2J7b8IMA0GCSqG +SIb3DQEBBQUAA4GBAIoMS+8JnUeSea+goo5on5HhxEIb4tJpoupspOghXd7dyhUE +oR58h8S3foDw6XkDUmjyfKIOFmgErlVvMWmB+Wo5Srer/T4lWsAERRP+dlcMZ5Wr +5HAxM9MD+J86+mu8/FFzGd/ZW5NCQSEfY0A1w9B4MHpoxgdaLiDInza4kQyg +-----END CERTIFICATE----- diff --git a/openssl-1.1.0h/test/certs/embeddedSCTs1.sct b/openssl-1.1.0h/test/certs/embeddedSCTs1.sct new file mode 100644 index 0000000..59362dc --- /dev/null +++ b/openssl-1.1.0h/test/certs/embeddedSCTs1.sct @@ -0,0 +1,12 @@ +Signed Certificate Timestamp: + Version : v1 (0x0) + Log ID : DF:1C:2E:C1:15:00:94:52:47:A9:61:68:32:5D:DC:5C: + 79:59:E8:F7:C6:D3:88:FC:00:2E:0B:BD:3F:74:D7:64 + Timestamp : Apr 5 17:04:16.275 2013 GMT + Extensions: none + Signature : ecdsa-with-SHA256 + 30:45:02:20:48:2F:67:51:AF:35:DB:A6:54:36:BE:1F: + D6:64:0F:3D:BF:9A:41:42:94:95:92:45:30:28:8F:A3: + E5:E2:3E:06:02:21:00:E4:ED:C0:DB:3A:C5:72:B1:E2: + F5:E8:AB:6A:68:06:53:98:7D:CF:41:02:7D:FE:FF:A1: + 05:51:9D:89:ED:BF:08 \ No newline at end of file diff --git a/openssl-1.1.0h/test/certs/embeddedSCTs1_issuer.pem b/openssl-1.1.0h/test/certs/embeddedSCTs1_issuer.pem new file mode 100644 index 0000000..1fa449d --- /dev/null +++ b/openssl-1.1.0h/test/certs/embeddedSCTs1_issuer.pem @@ -0,0 +1,18 @@ +-----BEGIN CERTIFICATE----- +MIIC0DCCAjmgAwIBAgIBADANBgkqhkiG9w0BAQUFADBVMQswCQYDVQQGEwJHQjEk +MCIGA1UEChMbQ2VydGlmaWNhdGUgVHJhbnNwYXJlbmN5IENBMQ4wDAYDVQQIEwVX +YWxlczEQMA4GA1UEBxMHRXJ3IFdlbjAeFw0xMjA2MDEwMDAwMDBaFw0yMjA2MDEw +MDAwMDBaMFUxCzAJBgNVBAYTAkdCMSQwIgYDVQQKExtDZXJ0aWZpY2F0ZSBUcmFu +c3BhcmVuY3kgQ0ExDjAMBgNVBAgTBVdhbGVzMRAwDgYDVQQHEwdFcncgV2VuMIGf +MA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDVimhTYhCicRmTbneDIRgcKkATxtB7 +jHbrkVfT0PtLO1FuzsvRyY2RxS90P6tjXVUJnNE6uvMa5UFEJFGnTHgW8iQ8+EjP +KDHM5nugSlojgZ88ujfmJNnDvbKZuDnd/iYx0ss6hPx7srXFL8/BT/9Ab1zURmnL +svfP34b7arnRsQIDAQABo4GvMIGsMB0GA1UdDgQWBBRfnYgNyHPmVNT4DdjmsMEk +tEfDVTB9BgNVHSMEdjB0gBRfnYgNyHPmVNT4DdjmsMEktEfDVaFZpFcwVTELMAkG +A1UEBhMCR0IxJDAiBgNVBAoTG0NlcnRpZmljYXRlIFRyYW5zcGFyZW5jeSBDQTEO +MAwGA1UECBMFV2FsZXMxEDAOBgNVBAcTB0VydyBXZW6CAQAwDAYDVR0TBAUwAwEB +/zANBgkqhkiG9w0BAQUFAAOBgQAGCMxKbWTyIF4UbASydvkrDvqUpdryOvw4BmBt +OZDQoeojPUApV2lGOwRmYef6HReZFSCa6i4Kd1F2QRIn18ADB8dHDmFYT9czQiRy +f1HWkLxHqd81TbD26yWVXeGJPE3VICskovPkQNJ0tU4b03YmnKliibduyqQQkOFP +OwqULg== +-----END CERTIFICATE----- diff --git a/openssl-1.1.0h/test/certs/embeddedSCTs3.pem b/openssl-1.1.0h/test/certs/embeddedSCTs3.pem new file mode 100644 index 0000000..bce8918 --- /dev/null +++ b/openssl-1.1.0h/test/certs/embeddedSCTs3.pem @@ -0,0 +1,44 @@ +-----BEGIN CERTIFICATE----- +MIIHvzCCBqegAwIBAgIRANSYNM/GMmLagfa+3OOk63swDQYJKoZIhvcNAQELBQAw +gZIxCzAJBgNVBAYTAkdCMRswGQYDVQQIExJHcmVhdGVyIE1hbmNoZXN0ZXIxEDAO +BgNVBAcTB1NhbGZvcmQxGjAYBgNVBAoTEUNPTU9ETyBDQSBMaW1pdGVkMTgwNgYD +VQQDEy9DT01PRE8gUlNBIEV4dGVuZGVkIFZhbGlkYXRpb24gU2VjdXJlIFNlcnZl +ciBDQTAeFw0xNTEyMDEwMDAwMDBaFw0xODAyMjUyMzU5NTlaMIIBMzEQMA4GA1UE +BRMHMzgzMDEzODETMBEGCysGAQQBgjc8AgEDEwJVUzEZMBcGCysGAQQBgjc8AgEC +EwhEZWxhd2FyZTEdMBsGA1UEDxMUUHJpdmF0ZSBPcmdhbml6YXRpb24xCzAJBgNV +BAYTAlVTMQ4wDAYDVQQREwUwNzAxMzELMAkGA1UECBMCTkoxEDAOBgNVBAcTB0Ns +aWZ0b24xEjAQBgNVBAkTCVN1aXRlIDEwMDEXMBUGA1UECRMOMTI1NSBCcm9hZCBT +dC4xGjAYBgNVBAoTEUNvbW9kbyBHcm91cCBJbmMuMRYwFAYDVQQLEw1DT01PRE8g +RVYgU1NMMRowGAYDVQQLExFDT01PRE8gRVYgU0dDIFNTTDEXMBUGA1UEAxMOd3d3 +LmNvbW9kby5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC5S2RD +XGjch2spb10rLVCA4TgeB/TiNLHPczeKMJzIY9qKUGQfcYCTwfWe2E1xBer/i0OX +IUca+/Br3HTK2qkNoc/nuFkJJ3ej17A9Kv1EYhsN+2gHobKEy+sMTJyGmFVo98nu +V9mmiEWM7Bi0Y6YRVYCOey4K2yUwSK1MOgc10RzbwDsk+P2mvTzvPi8QZzd4I36/ +xlFFhk39VKY94PorJCzF/6qifmNnIjxMkrmSKJKKQaZu8vgbshqlj3+TkeCtIjdR +77OcZuROMFdnKsp8JKAq9bzXmDkwlDmUzxAzgYmAvqCwQvNWtJrm0SeiEkNsoK5F +xadrfw6OO7BCGXiNAgMBAAGjggNqMIIDZjAfBgNVHSMEGDAWgBQ52v/KKBSKqHQT +CLnkDqnS+n6daTAdBgNVHQ4EFgQURD5zMOsLG6ennQ/aeZZNGofpnSEwDgYDVR0P +AQH/BAQDAgWgMAwGA1UdEwEB/wQCMAAwNAYDVR0lBC0wKwYIKwYBBQUHAwEGCCsG +AQUFBwMCBgorBgEEAYI3CgMDBglghkgBhvhCBAEwRgYDVR0gBD8wPTA7BgwrBgEE +AbIxAQIBBQEwKzApBggrBgEFBQcCARYdaHR0cHM6Ly9zZWN1cmUuY29tb2RvLmNv +bS9DUFMwVgYDVR0fBE8wTTBLoEmgR4ZFaHR0cDovL2NybC5jb21vZG9jYS5jb20v +Q09NT0RPUlNBRXh0ZW5kZWRWYWxpZGF0aW9uU2VjdXJlU2VydmVyQ0EuY3JsMIGH +BggrBgEFBQcBAQR7MHkwUQYIKwYBBQUHMAKGRWh0dHA6Ly9jcnQuY29tb2RvY2Eu +Y29tL0NPTU9ET1JTQUV4dGVuZGVkVmFsaWRhdGlvblNlY3VyZVNlcnZlckNBLmNy +dDAkBggrBgEFBQcwAYYYaHR0cDovL29jc3AuY29tb2RvY2EuY29tMCUGA1UdEQQe +MByCDnd3dy5jb21vZG8uY29tggpjb21vZG8uY29tMIIBfQYKKwYBBAHWeQIEAgSC +AW0EggFpAWcAdQBo9pj4H2SCvjqM7rkoHUz8cVFdZ5PURNEKZ6y7T0/7xAAAAVFd +vZuJAAAEAwBGMEQCIFgtCr54QYrnialeZiHFahZ53zOFitPzHXGvdTD7zE5FAiBB +nIm4gBmHRmwcOpULvvSYddTKSZf9JS7jeLU2MCAmTQB2AFYUBpov18Ls0/XhvUSy +PsdGdrm8mRFcwO+UmFXWidDdAAABUV29mSgAAAQDAEcwRQIgeWjpcDhaY/OmsZcO +ftDFcRt2BssJY0ge4SDzp+8qTnQCIQCOt7vthV2FG1RePMXs8hOcCdEKAcJZX3wx +GaGd4RfHHwB2AKS5CZC0GFgUh7sTosxncAo8NZgE+RvfuON3zQ7IDdwQAAABUV29 +m5wAAAQDAEcwRQIgKwZCD9lxvSFCpfnFVYPSneWhjbY9pnOJQjKckQ87anQCIQCG +7hD5EOZ7F2XZLTdTSjvwrgPkIXY376+0RC4r9VzGkTANBgkqhkiG9w0BAQsFAAOC +AQEAHVZgKwtIKcxJg6k5THIICJ63vZyaPJN21HVYPAN/heDUcbYzOqP0F+v+ahj5 +yNiRhSji/xxcOf5bWT158dHQoMtC1Ld1dI3lttVAvDTgXOApbmc8N0Xpjvapag3r +b0IYW5SJio0qn1VxgeSsf0UCBTyw0N8lgbaIr3FHw2SP2rUS8PUixFRK52MYnyEp +6Imz730Adl0RgUvp7mzRcWVDK4i6sPRqV6my68XsyaBcQr2qKALQK0Js+mE/0850 +47USqZ1XjbUke47OPxdlF85uUtIUSGquHTWnxrqy7FLMPIu9HL8XGo3vVlTYCCsb +d6V/RWexyzZiHDGA1ToA0Y16Aw== +-----END CERTIFICATE----- diff --git a/openssl-1.1.0h/test/certs/embeddedSCTs3.sct b/openssl-1.1.0h/test/certs/embeddedSCTs3.sct new file mode 100644 index 0000000..ad1ccf0 --- /dev/null +++ b/openssl-1.1.0h/test/certs/embeddedSCTs3.sct @@ -0,0 +1,36 @@ +Signed Certificate Timestamp: + Version : v1 (0x0) + Log ID : 68:F6:98:F8:1F:64:82:BE:3A:8C:EE:B9:28:1D:4C:FC: + 71:51:5D:67:93:D4:44:D1:0A:67:AC:BB:4F:4F:FB:C4 + Timestamp : Dec 1 13:31:25.961 2015 GMT + Extensions: none + Signature : ecdsa-with-SHA256 + 30:44:02:20:58:2D:0A:BE:78:41:8A:E7:89:A9:5E:66: + 21:C5:6A:16:79:DF:33:85:8A:D3:F3:1D:71:AF:75:30: + FB:CC:4E:45:02:20:41:9C:89:B8:80:19:87:46:6C:1C: + 3A:95:0B:BE:F4:98:75:D4:CA:49:97:FD:25:2E:E3:78: + B5:36:30:20:26:4D +Signed Certificate Timestamp: + Version : v1 (0x0) + Log ID : 56:14:06:9A:2F:D7:C2:EC:D3:F5:E1:BD:44:B2:3E:C7: + 46:76:B9:BC:99:11:5C:C0:EF:94:98:55:D6:89:D0:DD + Timestamp : Dec 1 13:31:25.352 2015 GMT + Extensions: none + Signature : ecdsa-with-SHA256 + 30:45:02:20:79:68:E9:70:38:5A:63:F3:A6:B1:97:0E: + 7E:D0:C5:71:1B:76:06:CB:09:63:48:1E:E1:20:F3:A7: + EF:2A:4E:74:02:21:00:8E:B7:BB:ED:85:5D:85:1B:54: + 5E:3C:C5:EC:F2:13:9C:09:D1:0A:01:C2:59:5F:7C:31: + 19:A1:9D:E1:17:C7:1F +Signed Certificate Timestamp: + Version : v1 (0x0) + Log ID : A4:B9:09:90:B4:18:58:14:87:BB:13:A2:CC:67:70:0A: + 3C:35:98:04:F9:1B:DF:B8:E3:77:CD:0E:C8:0D:DC:10 + Timestamp : Dec 1 13:31:25.980 2015 GMT + Extensions: none + Signature : ecdsa-with-SHA256 + 30:45:02:20:2B:06:42:0F:D9:71:BD:21:42:A5:F9:C5: + 55:83:D2:9D:E5:A1:8D:B6:3D:A6:73:89:42:32:9C:91: + 0F:3B:6A:74:02:21:00:86:EE:10:F9:10:E6:7B:17:65: + D9:2D:37:53:4A:3B:F0:AE:03:E4:21:76:37:EF:AF:B4: + 44:2E:2B:F5:5C:C6:91 \ No newline at end of file diff --git a/openssl-1.1.0h/test/certs/embeddedSCTs3_issuer.pem b/openssl-1.1.0h/test/certs/embeddedSCTs3_issuer.pem new file mode 100644 index 0000000..f4bc312 --- /dev/null +++ b/openssl-1.1.0h/test/certs/embeddedSCTs3_issuer.pem @@ -0,0 +1,35 @@ +-----BEGIN CERTIFICATE----- +MIIGDjCCA/agAwIBAgIQBqdDgNTr/tQ1taP34Wq92DANBgkqhkiG9w0BAQwFADCB +hTELMAkGA1UEBhMCR0IxGzAZBgNVBAgTEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4G +A1UEBxMHU2FsZm9yZDEaMBgGA1UEChMRQ09NT0RPIENBIExpbWl0ZWQxKzApBgNV +BAMTIkNPTU9ETyBSU0EgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwHhcNMTIwMjEy +MDAwMDAwWhcNMjcwMjExMjM1OTU5WjCBkjELMAkGA1UEBhMCR0IxGzAZBgNVBAgT +EkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4GA1UEBxMHU2FsZm9yZDEaMBgGA1UEChMR +Q09NT0RPIENBIExpbWl0ZWQxODA2BgNVBAMTL0NPTU9ETyBSU0EgRXh0ZW5kZWQg +VmFsaWRhdGlvbiBTZWN1cmUgU2VydmVyIENBMIIBIjANBgkqhkiG9w0BAQEFAAOC +AQ8AMIIBCgKCAQEAlVbeVLTf1QJJe9FbXKKyHo+cK2JMK40SKPMalaPGEP0p3uGf +CzhAk9HvbpUQ/OGQF3cs7nU+e2PsYZJuTzurgElr3wDqAwB/L3XVKC/sVmePgIOj +vdwDmZOLlJFWW6G4ajo/Br0OksxgnP214J9mMF/b5pTwlWqvyIqvgNnmiDkBfBzA +xSr3e5Wg8narbZtyOTDr0VdVAZ1YEZ18bYSPSeidCfw8/QpKdhQhXBZzQCMZdMO6 +WAqmli7eNuWf0MLw4eDBYuPCGEUZUaoXHugjddTI0JYT/8ck0YwLJ66eetw6YWNg +iJctXQUL5Tvrrs46R3N2qPos3cCHF+msMJn4HwIDAQABo4IBaTCCAWUwHwYDVR0j +BBgwFoAUu69+Aj36pvE8hI6t7jiY7NkyMtQwHQYDVR0OBBYEFDna/8ooFIqodBMI +ueQOqdL6fp1pMA4GA1UdDwEB/wQEAwIBBjASBgNVHRMBAf8ECDAGAQH/AgEAMD4G +A1UdIAQ3MDUwMwYEVR0gADArMCkGCCsGAQUFBwIBFh1odHRwczovL3NlY3VyZS5j +b21vZG8uY29tL0NQUzBMBgNVHR8ERTBDMEGgP6A9hjtodHRwOi8vY3JsLmNvbW9k +b2NhLmNvbS9DT01PRE9SU0FDZXJ0aWZpY2F0aW9uQXV0aG9yaXR5LmNybDBxBggr +BgEFBQcBAQRlMGMwOwYIKwYBBQUHMAKGL2h0dHA6Ly9jcnQuY29tb2RvY2EuY29t +L0NPTU9ET1JTQUFkZFRydXN0Q0EuY3J0MCQGCCsGAQUFBzABhhhodHRwOi8vb2Nz +cC5jb21vZG9jYS5jb20wDQYJKoZIhvcNAQEMBQADggIBAERCnUFRK0iIXZebeV4R +AUpSGXtBLMeJPNBy3IX6WK/VJeQT+FhlZ58N/1eLqYVeyqZLsKeyLeCMIs37/3mk +jCuN/gI9JN6pXV/kD0fQ22YlPodHDK4ixVAihNftSlka9pOlk7DgG4HyVsTIEFPk +1Hax0VtpS3ey4E/EhOfUoFDuPPpE/NBXueEoU/1Tzdy5H3pAvTA/2GzS8+cHnx8i +teoiccsq8FZ8/qyo0QYPFBRSTP5kKwxpKrgNUG4+BAe/eiCL+O5lCeHHSQgyPQ0o +fkkdt0rvAucNgBfIXOBhYsvss2B5JdoaZXOcOBCgJjqwyBZ9kzEi7nQLiMBciUEA +KKlHMd99SUWa9eanRRrSjhMQ34Ovmw2tfn6dNVA0BM7pINae253UqNpktNEvWS5e +ojZh1CSggjMziqHRbO9haKPl0latxf1eYusVqHQSTC8xjOnB3xBLAer2VBvNfzu9 +XJ/B288ByvK6YBIhMe2pZLiySVgXbVrXzYxtvp5/4gJYp9vDLVj2dAZqmvZh+fYA +tmnYOosxWd2R5nwnI4fdAw+PKowegwFOAWEMUnNt/AiiuSpm5HZNMaBWm9lTjaK2 +jwLI5jqmBNFI+8NKAnb9L9K8E7bobTQk+p0pisehKxTxlgBzuRPpwLk6R1YCcYAn +pLwltum95OmYdBbxN4SBB7SC +-----END CERTIFICATE----- diff --git a/openssl-1.1.0h/test/certs/interCA.key b/openssl-1.1.0h/test/certs/interCA.key new file mode 100644 index 0000000..c32fe26 --- /dev/null +++ b/openssl-1.1.0h/test/certs/interCA.key @@ -0,0 +1,27 @@ +-----BEGIN RSA PRIVATE KEY----- +MIIEowIBAAKCAQEAu7NHo76UDp738A/nuEfvVkKL7a7Kjk8PJIYkRKouSZZgBW6Q +xBWptfJ6UZLeoDnBjJ47hc7s+ohLkJnnsodAalgMKTIFjDLXhMyzgGqpBJf/ydvl +oEWwP/KZsB32z1v3fn926euBaA9YUAHpwc15i8VaIREPQQPsRA0ZC/3AN2PpPztQ +vTkYUkKyTbAfWhN8ymxR3fZjph+GjUrBfDp90qpUVTgkIp3uXOgAkndB1BI2MvWj +m6mOO8kjVC281auculTozLNFvthv16q3FZMc3/W1aslQa6wCa529+f8v4itM1oCQ +T/h14cK+ZjE7zbhIqwXlWLs/uoVHq1G7iYa9BQIDAQABAoIBABa8FldNBB3pP1rC +cmytud2W3eACJeKqzMi9vrLachTTs/m0dLBrd0zke9BZm8GIfVsM52TDtYx66bww +CBJls3WuCHsM5gMfPV+Gc8+AG8zEpGTMz7lj938nYVolpvliyE14Hu0ia2AxS58V +PD0PKEO3ubz7lf9n/DwZ4gjDyX5r1Cq+thwPlIf4PbEcGHk5SYxNm2DGR0DNL676 +X7CrRu3JBa2mY+moTV/pMrjvwAInmSxs4RBO7ggdYEief/4cBYyzMdiQ1v0UxvdO +674dBJJFG32akPrnPqza7U41ivoDPlgCpKWHDaZadI0Joozd2pw0Mq0a8cyig0BJ +Wa3d9xkCgYEA9T3j8F52u+QMaMzV1VENUAwo0Sqhk8xU0r/4l5PsvCjOuJ7NZkkW +EQnNOI++zaPCeBRV55X0A5E8Pi3uEdKt6m+wsncJzGEVNRwixfd0Ul7Itntq7u9L +/DHTlwpQ4t4PLNu8/uSBDN9A2slY2WsoXkJsdYPgjkrS2rYkt5bHFN8CgYEAw+8w +Qw/zTCBmerzYLJSsjz9rcD2hTtDw72UF1rvEg4QP/9v0I/OU7Lu0ds0KmKJcJfay +ZDMeBT8tW6LFztqdFi24tKISfodfYdET32lNd4QnMtWhoqXXXNiJY5gQC16YmSJm +R7Dgw9hBrr0323/lhhwDDysq1lgD9QbUVEacJpsCgYAoau/TIK5u3vHQn9mqE3af +N7HObzk785QTO8JLsPx2Mj+Hm9x8PBVf736cEMzAdXnKcoeJ6GPT5q7IDKfM1i0F +kyzK7OV3gpSNMTrl55eLL8XilUqVYGjkgo29udyE11Ym7XwjgiNmrLCynjZ/drKr +fkUDxR1QNjK0CwrYGwhqfwKBgQDAYGn3foK4nRthqWdrJjLjlzZLBwgJldbqhjsc +YlIJezImWnU0k2YGpioDd0DPKqLlV3pCLXptVmGXlpM3jags7YlsObGE8C+zoBAu +DHtWPLgsDltckg6Jh8YltlkSgLe9q2vXOhEF2aBsDDb62nGmonxSeWTe/Z4tB56U +fJu2vwKBgFnGbZIcH8sDR7Vwh0sjSKnFkZ1v0T4qsBKpDz9yCvZVIgIFXPkKnALT ++OEpQTuLVN/MZxVlc8qo8UFflJprDsK1/Rm3iPaw+lwErswgddNUKNLnLPjlxcEe +nTinsfyf4i48+IW55UFVU118nyufNeDdasoU6SSBH/MdeNq4hrTa +-----END RSA PRIVATE KEY----- diff --git a/openssl-1.1.0h/test/certs/interCA.pem b/openssl-1.1.0h/test/certs/interCA.pem new file mode 100644 index 0000000..35568ab --- /dev/null +++ b/openssl-1.1.0h/test/certs/interCA.pem @@ -0,0 +1,21 @@ +-----BEGIN CERTIFICATE----- +MIIDgDCCAmigAwIBAgIJANnoWlLlEsTgMA0GCSqGSIb3DQEBCwUAMFYxCzAJBgNV +BAYTAkFVMRMwEQYDVQQIDApTb21lLVN0YXRlMSEwHwYDVQQKDBhJbnRlcm5ldCBX +aWRnaXRzIFB0eSBMdGQxDzANBgNVBAMMBnJvb3RDQTAeFw0xNTA3MDIxMzE3MDVa +Fw0zNTA3MDIxMzE3MDVaMFcxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0 +YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQxEDAOBgNVBAMT +B2ludGVyQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC7s0ejvpQO +nvfwD+e4R+9WQovtrsqOTw8khiREqi5JlmAFbpDEFam18npRkt6gOcGMnjuFzuz6 +iEuQmeeyh0BqWAwpMgWMMteEzLOAaqkEl//J2+WgRbA/8pmwHfbPW/d+f3bp64Fo +D1hQAenBzXmLxVohEQ9BA+xEDRkL/cA3Y+k/O1C9ORhSQrJNsB9aE3zKbFHd9mOm +H4aNSsF8On3SqlRVOCQine5c6ACSd0HUEjYy9aObqY47ySNULbzVq5y6VOjMs0W+ +2G/XqrcVkxzf9bVqyVBrrAJrnb35/y/iK0zWgJBP+HXhwr5mMTvNuEirBeVYuz+6 +hUerUbuJhr0FAgMBAAGjUDBOMAwGA1UdEwQFMAMBAf8wHQYDVR0OBBYEFBj61iO5 +j11dE30+j6iRx9lhwBcuMB8GA1UdIwQYMBaAFIVWiTXinwAa4YYDC0uvdhJrM239 +MA0GCSqGSIb3DQEBCwUAA4IBAQDAU0MvL/yZpmibhxUsoSsa97UJbejn5IbxpPzZ +4WHw8lsoUGs12ZHzQJ9LxkZVeuccFXy9yFEHW56GTlkBmD2qrddlmQCfQ3m8jtZ9 +Hh5feKAyrqfmfsWF5QPjAmdj/MFdq+yMJVosDftkmUmaBHjzbvbcq1sWh/6drH8U +7pdYRpfeEY8dHSU6FHwVN/H8VaBB7vYYc2wXwtk8On7z2ocIVHn9RPkcLwmwJjb/ +e4jmcYiyZev22KXQudeHc4w6crWiEFkVspomn5PqDmza3rkdB3baXFVZ6sd23ufU +wjkiKKtwRBwU+5tCCagQZoeQ5dZXQThkiH2XEIOCOLxyD/tb +-----END CERTIFICATE----- diff --git a/openssl-1.1.0h/test/certs/leaf.key b/openssl-1.1.0h/test/certs/leaf.key new file mode 100644 index 0000000..a1b1721 --- /dev/null +++ b/openssl-1.1.0h/test/certs/leaf.key @@ -0,0 +1,27 @@ +-----BEGIN RSA PRIVATE KEY----- +MIIEpAIBAAKCAQEAv0Qo9WC/BKA70LtQJdwVGSXqr9dut3cQmiFzTb/SaWldjOT1 +sRNDFxSzdTJjU/8cIDEZvaTIwRxP/dtVQLjc+4jzrUwz93NuZYlsEWUEUg4Lrnfs +0Nz50yHk4rJhVxWjb8Ii/wRBViWHFExP7CwTkXiTclC1bCqTuWkjxF3thTfTsttR +yY7qNkz2JpNx0guD8v4otQoYjA5AEZvK4IXLwOwxol5xBTMvIrvvff2kkh+c7OC2 +QVbUTow/oppjqIKCx2maNHCtLFTJELf3fwtRJLJsy4fKGP0/6kpZc8Sp88WK4B4F +auF9IV1CmoAJUC1vJxhagHIKfVtFjUWs8GPobQIDAQABAoIBAB1fCiskQDElqgnT +uesWcOb7u55lJstlrVb97Ab0fgtR8tvADTq0Colw1F4a7sXnVxpab+l/dJSzFFWX +aPAXc1ftH/5sxU4qm7lb8Qx6xr8TCRgxslwgkvypJ8zoN6p32DFBTr56mM3x1Vx4 +m41Y92hPa9USL8n8f9LpImT1R5Q9ShI/RUCowPyzhC6OGkFSBJu72nyA3WK0znXn +q5TNsTRdJLOug7eoJJvhOPfy3neNQV0f2jQ+2wDKCYvn6i4j9FSLgYC/vorqofEd +vFBHxl374117F6DXdBChyD4CD5vsplB0zcExRUCT5+iBqf5uc8CbLHeyNk6vSaf5 +BljHWsECgYEA93QnlKsVycgCQqHt2q8EIZ5p7ksGYRVfBEzgetsNdpxvSwrLyLQE +L5AKG3upndOofCeJnLuQF1j954FjCs5Y+8Sy2H1D1EPrHSBp4ig2F5aOxT3vYROd +v+/mF4ZUzlIlv3jNDz5IoLaxm9vhXTtLLUtQyTueGDmqwlht0Kr3/gcCgYEAxd86 +Q23jT4DmJqUl+g0lWdc2dgej0jwFfJ2BEw/Q55vHjqj96oAX5QQZFOUhZU8Otd/D +lLzlsFn0pOaSW/RB4l5Kv8ab+ZpxfAV6Gq47nlfzmEGGx4wcoL0xkHufiXg0sqaG +UtEMSKFhxPQZhWojUimK/+YIF69molxA6G9miOsCgYEA8mICSytxwh55qE74rtXz +1AJZfKJcc0f9tDahQ3XBsEb29Kh0h/lciEIsxFLTB9dFF6easb0/HL98pQElxHXu +z14SWOAKSqbka7lOPcppgZ1l52oNSiduw4z28mAQPbBVbUGkiqPVfCa3vhUYoLvt +nUZCsXoGF3CVBJydpGFzXI0CgYEAtt3Jg72PoM8YZEimI0R462F4xHXlEYtE6tjJ +C+vG/fU65P4Kw+ijrJQv9d6YEX+RscXdg51bjLJl5OvuAStopCLOZBPR3Ei+bobF +RNkW4gyYZHLSc6JqZqbSopuNYkeENEKvyuPFvW3f5FxPJbxkbi9UdZCKlBEXAh/O +IMGregcCgYBC8bS7zk6KNDy8q2uC/m/g6LRMxpb8G4jsrcLoyuJs3zDckBjQuLJQ +IOMXcQBWN1h+DKekF2ecr3fJAJyEv4pU4Ct2r/ZTYFMdJTyAbjw0mqOjUR4nsdOh +t/vCbt0QW3HXYTcVdCnFqBtelKnI12KoC0jAO9EAJGZ6kE/NwG6dQg== +-----END RSA PRIVATE KEY----- diff --git a/openssl-1.1.0h/test/certs/leaf.pem b/openssl-1.1.0h/test/certs/leaf.pem new file mode 100644 index 0000000..bb94d12 --- /dev/null +++ b/openssl-1.1.0h/test/certs/leaf.pem @@ -0,0 +1,21 @@ +-----BEGIN CERTIFICATE----- +MIIDfjCCAmagAwIBAgIJAKRNsDKacUqNMA0GCSqGSIb3DQEBCwUAMFoxCzAJBgNV +BAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBX +aWRnaXRzIFB0eSBMdGQxEzARBgNVBAMTCnN1YmludGVyQ0EwHhcNMTUwNzAyMTMx +OTQ5WhcNMzUwNzAyMTMxOTQ5WjBUMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29t +ZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMQ0wCwYD +VQQDEwRsZWFmMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv0Qo9WC/ +BKA70LtQJdwVGSXqr9dut3cQmiFzTb/SaWldjOT1sRNDFxSzdTJjU/8cIDEZvaTI +wRxP/dtVQLjc+4jzrUwz93NuZYlsEWUEUg4Lrnfs0Nz50yHk4rJhVxWjb8Ii/wRB +ViWHFExP7CwTkXiTclC1bCqTuWkjxF3thTfTsttRyY7qNkz2JpNx0guD8v4otQoY +jA5AEZvK4IXLwOwxol5xBTMvIrvvff2kkh+c7OC2QVbUTow/oppjqIKCx2maNHCt +LFTJELf3fwtRJLJsy4fKGP0/6kpZc8Sp88WK4B4FauF9IV1CmoAJUC1vJxhagHIK +fVtFjUWs8GPobQIDAQABo00wSzAJBgNVHRMEAjAAMB0GA1UdDgQWBBQcHcT+8SVG +IRlN9YTuM9rlz7UZfzAfBgNVHSMEGDAWgBTpZ30QdMGarrhMPwk+HHAV3R8aTzAN +BgkqhkiG9w0BAQsFAAOCAQEAGjmSkF8is+v0/RLcnSRiCXENz+yNi4pFCAt6dOtT +6Gtpqa1tY5It9lVppfWb26JrygMIzOr/fB0r1Q7FtZ/7Ft3P6IXVdk3GDO0QsORD +2dRAejhYpc5c7joHxAw9oRfKrEqE+ihVPUTcfcIuBaalvuhkpQRmKP71ws5DVzOw +QhnMd0TtIrbKHaNQ4kNsmSY5fQolwB0LtNfTus7OEFdcZWhOXrWImKXN9jewPKdV +mSG34NfXOnA6qx0eQg06z+TkdrptH6j1Va2vS1/bL+h1GxjpTHlvTGaZYxaloIjw +y/EzY5jygRoABnR3eBm15CYZwwKL9izIq1H3OhymEi/Ycg== +-----END CERTIFICATE----- diff --git a/openssl-1.1.0h/test/certs/many-constraints.pem b/openssl-1.1.0h/test/certs/many-constraints.pem new file mode 100644 index 0000000..13b8ab2 --- /dev/null +++ b/openssl-1.1.0h/test/certs/many-constraints.pem @@ -0,0 +1,292 @@ +-----BEGIN CERTIFICATE----- +MII2MzCCNRugAwIBAgIBATANBgkqhkiG9w0BAQsFADANMQswCQYDVQQDEwJDQTAg +Fw0wMDAxMDEwMDAwMDBaGA8yMTAwMDEwMTAwMDAwMFowDTELMAkGA1UEAxMCQ0Ew +ggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC6C9qEGRIBQXV8Lj29vVu+ +U+tyXzSSinWIumK5ijPhCm3DLnv4RayxkFwemtnkGRZ/o94ZnsXkBfU/IlsYdkuq +8wK9WI/ql3gwWjH+KARIhIQcSLGiJcLN6kGuG2nlRBKMcPgPiEq2B0yBXFf4tG3C +Bbeae7+8G7uvOmv8NLyKj32neWpnUCTL5o2VwyPoxjLxT5gUR69v9XSVFj2irCZb +sEedeKSb++LqyMhLfnRTzNv+ZHNh4izZHrktR25MvnT5QyBq32hx7AjZ2/xo70Om +H7w10a2DwsVjJNMdxTEmgyvU9M6CeYRPX1Ykfg+sXCTtkTVAlBDUviIqY95CKy25 +AgMBAAGjgjOaMIIzljAOBgNVHQ8BAf8EBAMCAgQwEwYDVR0lBAwwCgYIKwYBBQUH +AwEwDwYDVR0TAQH/BAUwAwEB/zCCM1wGA1UdHgSCM1MwgjNPoIIZqDAJggd0MC50 +ZXN0MAmCB3QxLnRlc3QwCYIHdDIudGVzdDAJggd0My50ZXN0MAmCB3Q0LnRlc3Qw +CYIHdDUudGVzdDAJggd0Ni50ZXN0MAmCB3Q3LnRlc3QwCYIHdDgudGVzdDAJggd0 +OS50ZXN0MAqCCHQxMC50ZXN0MAqCCHQxMS50ZXN0MAqCCHQxMi50ZXN0MAqCCHQx +My50ZXN0MAqCCHQxNC50ZXN0MAqCCHQxNS50ZXN0MAqCCHQxNi50ZXN0MAqCCHQx +Ny50ZXN0MAqCCHQxOC50ZXN0MAqCCHQxOS50ZXN0MAqCCHQyMC50ZXN0MAqCCHQy +MS50ZXN0MAqCCHQyMi50ZXN0MAqCCHQyMy50ZXN0MAqCCHQyNC50ZXN0MAqCCHQy +NS50ZXN0MAqCCHQyNi50ZXN0MAqCCHQyNy50ZXN0MAqCCHQyOC50ZXN0MAqCCHQy +OS50ZXN0MAqCCHQzMC50ZXN0MAqCCHQzMS50ZXN0MAqCCHQzMi50ZXN0MAqCCHQz +My50ZXN0MAqCCHQzNC50ZXN0MAqCCHQzNS50ZXN0MAqCCHQzNi50ZXN0MAqCCHQz +Ny50ZXN0MAqCCHQzOC50ZXN0MAqCCHQzOS50ZXN0MAqCCHQ0MC50ZXN0MAqCCHQ0 +MS50ZXN0MAqCCHQ0Mi50ZXN0MAqCCHQ0My50ZXN0MAqCCHQ0NC50ZXN0MAqCCHQ0 +NS50ZXN0MAqCCHQ0Ni50ZXN0MAqCCHQ0Ny50ZXN0MAqCCHQ0OC50ZXN0MAqCCHQ0 +OS50ZXN0MAqCCHQ1MC50ZXN0MAqCCHQ1MS50ZXN0MAqCCHQ1Mi50ZXN0MAqCCHQ1 +My50ZXN0MAqCCHQ1NC50ZXN0MAqCCHQ1NS50ZXN0MAqCCHQ1Ni50ZXN0MAqCCHQ1 +Ny50ZXN0MAqCCHQ1OC50ZXN0MAqCCHQ1OS50ZXN0MAqCCHQ2MC50ZXN0MAqCCHQ2 +MS50ZXN0MAqCCHQ2Mi50ZXN0MAqCCHQ2My50ZXN0MAqCCHQ2NC50ZXN0MAqCCHQ2 +NS50ZXN0MAqCCHQ2Ni50ZXN0MAqCCHQ2Ny50ZXN0MAqCCHQ2OC50ZXN0MAqCCHQ2 +OS50ZXN0MAqCCHQ3MC50ZXN0MAqCCHQ3MS50ZXN0MAqCCHQ3Mi50ZXN0MAqCCHQ3 +My50ZXN0MAqCCHQ3NC50ZXN0MAqCCHQ3NS50ZXN0MAqCCHQ3Ni50ZXN0MAqCCHQ3 +Ny50ZXN0MAqCCHQ3OC50ZXN0MAqCCHQ3OS50ZXN0MAqCCHQ4MC50ZXN0MAqCCHQ4 +MS50ZXN0MAqCCHQ4Mi50ZXN0MAqCCHQ4My50ZXN0MAqCCHQ4NC50ZXN0MAqCCHQ4 +NS50ZXN0MAqCCHQ4Ni50ZXN0MAqCCHQ4Ny50ZXN0MAqCCHQ4OC50ZXN0MAqCCHQ4 +OS50ZXN0MAqCCHQ5MC50ZXN0MAqCCHQ5MS50ZXN0MAqCCHQ5Mi50ZXN0MAqCCHQ5 +My50ZXN0MAqCCHQ5NC50ZXN0MAqCCHQ5NS50ZXN0MAqCCHQ5Ni50ZXN0MAqCCHQ5 +Ny50ZXN0MAqCCHQ5OC50ZXN0MAqCCHQ5OS50ZXN0MAuCCXQxMDAudGVzdDALggl0 +MTAxLnRlc3QwC4IJdDEwMi50ZXN0MAuCCXQxMDMudGVzdDALggl0MTA0LnRlc3Qw +C4IJdDEwNS50ZXN0MAuCCXQxMDYudGVzdDALggl0MTA3LnRlc3QwC4IJdDEwOC50 +ZXN0MAuCCXQxMDkudGVzdDALggl0MTEwLnRlc3QwC4IJdDExMS50ZXN0MAuCCXQx +MTIudGVzdDALggl0MTEzLnRlc3QwC4IJdDExNC50ZXN0MAuCCXQxMTUudGVzdDAL +ggl0MTE2LnRlc3QwC4IJdDExNy50ZXN0MAuCCXQxMTgudGVzdDALggl0MTE5LnRl +c3QwC4IJdDEyMC50ZXN0MAuCCXQxMjEudGVzdDALggl0MTIyLnRlc3QwC4IJdDEy +My50ZXN0MAuCCXQxMjQudGVzdDALggl0MTI1LnRlc3QwC4IJdDEyNi50ZXN0MAuC +CXQxMjcudGVzdDALggl0MTI4LnRlc3QwC4IJdDEyOS50ZXN0MAuCCXQxMzAudGVz +dDALggl0MTMxLnRlc3QwC4IJdDEzMi50ZXN0MAuCCXQxMzMudGVzdDALggl0MTM0 +LnRlc3QwC4IJdDEzNS50ZXN0MAuCCXQxMzYudGVzdDALggl0MTM3LnRlc3QwC4IJ +dDEzOC50ZXN0MAuCCXQxMzkudGVzdDALggl0MTQwLnRlc3QwC4IJdDE0MS50ZXN0 +MAuCCXQxNDIudGVzdDALggl0MTQzLnRlc3QwC4IJdDE0NC50ZXN0MAuCCXQxNDUu +dGVzdDALggl0MTQ2LnRlc3QwC4IJdDE0Ny50ZXN0MAuCCXQxNDgudGVzdDALggl0 +MTQ5LnRlc3QwC4IJdDE1MC50ZXN0MAuCCXQxNTEudGVzdDALggl0MTUyLnRlc3Qw +C4IJdDE1My50ZXN0MAuCCXQxNTQudGVzdDALggl0MTU1LnRlc3QwC4IJdDE1Ni50 +ZXN0MAuCCXQxNTcudGVzdDALggl0MTU4LnRlc3QwC4IJdDE1OS50ZXN0MAuCCXQx +NjAudGVzdDALggl0MTYxLnRlc3QwC4IJdDE2Mi50ZXN0MAuCCXQxNjMudGVzdDAL +ggl0MTY0LnRlc3QwC4IJdDE2NS50ZXN0MAuCCXQxNjYudGVzdDALggl0MTY3LnRl +c3QwC4IJdDE2OC50ZXN0MAuCCXQxNjkudGVzdDALggl0MTcwLnRlc3QwC4IJdDE3 +MS50ZXN0MAuCCXQxNzIudGVzdDALggl0MTczLnRlc3QwC4IJdDE3NC50ZXN0MAuC +CXQxNzUudGVzdDALggl0MTc2LnRlc3QwC4IJdDE3Ny50ZXN0MAuCCXQxNzgudGVz +dDALggl0MTc5LnRlc3QwC4IJdDE4MC50ZXN0MAuCCXQxODEudGVzdDALggl0MTgy +LnRlc3QwC4IJdDE4My50ZXN0MAuCCXQxODQudGVzdDALggl0MTg1LnRlc3QwC4IJ +dDE4Ni50ZXN0MAuCCXQxODcudGVzdDALggl0MTg4LnRlc3QwC4IJdDE4OS50ZXN0 +MAuCCXQxOTAudGVzdDALggl0MTkxLnRlc3QwC4IJdDE5Mi50ZXN0MAuCCXQxOTMu +dGVzdDALggl0MTk0LnRlc3QwC4IJdDE5NS50ZXN0MAuCCXQxOTYudGVzdDALggl0 +MTk3LnRlc3QwC4IJdDE5OC50ZXN0MAuCCXQxOTkudGVzdDALggl0MjAwLnRlc3Qw +C4IJdDIwMS50ZXN0MAuCCXQyMDIudGVzdDALggl0MjAzLnRlc3QwC4IJdDIwNC50 +ZXN0MAuCCXQyMDUudGVzdDALggl0MjA2LnRlc3QwC4IJdDIwNy50ZXN0MAuCCXQy +MDgudGVzdDALggl0MjA5LnRlc3QwC4IJdDIxMC50ZXN0MAuCCXQyMTEudGVzdDAL +ggl0MjEyLnRlc3QwC4IJdDIxMy50ZXN0MAuCCXQyMTQudGVzdDALggl0MjE1LnRl +c3QwC4IJdDIxNi50ZXN0MAuCCXQyMTcudGVzdDALggl0MjE4LnRlc3QwC4IJdDIx +OS50ZXN0MAuCCXQyMjAudGVzdDALggl0MjIxLnRlc3QwC4IJdDIyMi50ZXN0MAuC +CXQyMjMudGVzdDALggl0MjI0LnRlc3QwC4IJdDIyNS50ZXN0MAuCCXQyMjYudGVz +dDALggl0MjI3LnRlc3QwC4IJdDIyOC50ZXN0MAuCCXQyMjkudGVzdDALggl0MjMw +LnRlc3QwC4IJdDIzMS50ZXN0MAuCCXQyMzIudGVzdDALggl0MjMzLnRlc3QwC4IJ +dDIzNC50ZXN0MAuCCXQyMzUudGVzdDALggl0MjM2LnRlc3QwC4IJdDIzNy50ZXN0 +MAuCCXQyMzgudGVzdDALggl0MjM5LnRlc3QwC4IJdDI0MC50ZXN0MAuCCXQyNDEu +dGVzdDALggl0MjQyLnRlc3QwC4IJdDI0My50ZXN0MAuCCXQyNDQudGVzdDALggl0 +MjQ1LnRlc3QwC4IJdDI0Ni50ZXN0MAuCCXQyNDcudGVzdDALggl0MjQ4LnRlc3Qw +C4IJdDI0OS50ZXN0MAuCCXQyNTAudGVzdDALggl0MjUxLnRlc3QwC4IJdDI1Mi50 +ZXN0MAuCCXQyNTMudGVzdDALggl0MjU0LnRlc3QwC4IJdDI1NS50ZXN0MAuCCXQy +NTYudGVzdDALggl0MjU3LnRlc3QwC4IJdDI1OC50ZXN0MAuCCXQyNTkudGVzdDAL +ggl0MjYwLnRlc3QwC4IJdDI2MS50ZXN0MAuCCXQyNjIudGVzdDALggl0MjYzLnRl +c3QwC4IJdDI2NC50ZXN0MAuCCXQyNjUudGVzdDALggl0MjY2LnRlc3QwC4IJdDI2 +Ny50ZXN0MAuCCXQyNjgudGVzdDALggl0MjY5LnRlc3QwC4IJdDI3MC50ZXN0MAuC +CXQyNzEudGVzdDALggl0MjcyLnRlc3QwC4IJdDI3My50ZXN0MAuCCXQyNzQudGVz +dDALggl0Mjc1LnRlc3QwC4IJdDI3Ni50ZXN0MAuCCXQyNzcudGVzdDALggl0Mjc4 +LnRlc3QwC4IJdDI3OS50ZXN0MAuCCXQyODAudGVzdDALggl0MjgxLnRlc3QwC4IJ +dDI4Mi50ZXN0MAuCCXQyODMudGVzdDALggl0Mjg0LnRlc3QwC4IJdDI4NS50ZXN0 +MAuCCXQyODYudGVzdDALggl0Mjg3LnRlc3QwC4IJdDI4OC50ZXN0MAuCCXQyODku +dGVzdDALggl0MjkwLnRlc3QwC4IJdDI5MS50ZXN0MAuCCXQyOTIudGVzdDALggl0 +MjkzLnRlc3QwC4IJdDI5NC50ZXN0MAuCCXQyOTUudGVzdDALggl0Mjk2LnRlc3Qw +C4IJdDI5Ny50ZXN0MAuCCXQyOTgudGVzdDALggl0Mjk5LnRlc3QwC4IJdDMwMC50 +ZXN0MAuCCXQzMDEudGVzdDALggl0MzAyLnRlc3QwC4IJdDMwMy50ZXN0MAuCCXQz +MDQudGVzdDALggl0MzA1LnRlc3QwC4IJdDMwNi50ZXN0MAuCCXQzMDcudGVzdDAL +ggl0MzA4LnRlc3QwC4IJdDMwOS50ZXN0MAuCCXQzMTAudGVzdDALggl0MzExLnRl +c3QwC4IJdDMxMi50ZXN0MAuCCXQzMTMudGVzdDALggl0MzE0LnRlc3QwC4IJdDMx +NS50ZXN0MAuCCXQzMTYudGVzdDALggl0MzE3LnRlc3QwC4IJdDMxOC50ZXN0MAuC +CXQzMTkudGVzdDALggl0MzIwLnRlc3QwC4IJdDMyMS50ZXN0MAuCCXQzMjIudGVz +dDALggl0MzIzLnRlc3QwC4IJdDMyNC50ZXN0MAuCCXQzMjUudGVzdDALggl0MzI2 +LnRlc3QwC4IJdDMyNy50ZXN0MAuCCXQzMjgudGVzdDALggl0MzI5LnRlc3QwC4IJ +dDMzMC50ZXN0MAuCCXQzMzEudGVzdDALggl0MzMyLnRlc3QwC4IJdDMzMy50ZXN0 +MAuCCXQzMzQudGVzdDALggl0MzM1LnRlc3QwC4IJdDMzNi50ZXN0MAuCCXQzMzcu +dGVzdDALggl0MzM4LnRlc3QwC4IJdDMzOS50ZXN0MAuCCXQzNDAudGVzdDALggl0 +MzQxLnRlc3QwC4IJdDM0Mi50ZXN0MAuCCXQzNDMudGVzdDALggl0MzQ0LnRlc3Qw +C4IJdDM0NS50ZXN0MAuCCXQzNDYudGVzdDALggl0MzQ3LnRlc3QwC4IJdDM0OC50 +ZXN0MAuCCXQzNDkudGVzdDALggl0MzUwLnRlc3QwC4IJdDM1MS50ZXN0MAuCCXQz +NTIudGVzdDALggl0MzUzLnRlc3QwC4IJdDM1NC50ZXN0MAuCCXQzNTUudGVzdDAL +ggl0MzU2LnRlc3QwC4IJdDM1Ny50ZXN0MAuCCXQzNTgudGVzdDALggl0MzU5LnRl +c3QwC4IJdDM2MC50ZXN0MAuCCXQzNjEudGVzdDALggl0MzYyLnRlc3QwC4IJdDM2 +My50ZXN0MAuCCXQzNjQudGVzdDALggl0MzY1LnRlc3QwC4IJdDM2Ni50ZXN0MAuC +CXQzNjcudGVzdDALggl0MzY4LnRlc3QwC4IJdDM2OS50ZXN0MAuCCXQzNzAudGVz +dDALggl0MzcxLnRlc3QwC4IJdDM3Mi50ZXN0MAuCCXQzNzMudGVzdDALggl0Mzc0 +LnRlc3QwC4IJdDM3NS50ZXN0MAuCCXQzNzYudGVzdDALggl0Mzc3LnRlc3QwC4IJ +dDM3OC50ZXN0MAuCCXQzNzkudGVzdDALggl0MzgwLnRlc3QwC4IJdDM4MS50ZXN0 +MAuCCXQzODIudGVzdDALggl0MzgzLnRlc3QwC4IJdDM4NC50ZXN0MAuCCXQzODUu +dGVzdDALggl0Mzg2LnRlc3QwC4IJdDM4Ny50ZXN0MAuCCXQzODgudGVzdDALggl0 +Mzg5LnRlc3QwC4IJdDM5MC50ZXN0MAuCCXQzOTEudGVzdDALggl0MzkyLnRlc3Qw +C4IJdDM5My50ZXN0MAuCCXQzOTQudGVzdDALggl0Mzk1LnRlc3QwC4IJdDM5Ni50 +ZXN0MAuCCXQzOTcudGVzdDALggl0Mzk4LnRlc3QwC4IJdDM5OS50ZXN0MAuCCXQ0 +MDAudGVzdDALggl0NDAxLnRlc3QwC4IJdDQwMi50ZXN0MAuCCXQ0MDMudGVzdDAL +ggl0NDA0LnRlc3QwC4IJdDQwNS50ZXN0MAuCCXQ0MDYudGVzdDALggl0NDA3LnRl +c3QwC4IJdDQwOC50ZXN0MAuCCXQ0MDkudGVzdDALggl0NDEwLnRlc3QwC4IJdDQx +MS50ZXN0MAuCCXQ0MTIudGVzdDALggl0NDEzLnRlc3QwC4IJdDQxNC50ZXN0MAuC +CXQ0MTUudGVzdDALggl0NDE2LnRlc3QwC4IJdDQxNy50ZXN0MAuCCXQ0MTgudGVz +dDALggl0NDE5LnRlc3QwC4IJdDQyMC50ZXN0MAuCCXQ0MjEudGVzdDALggl0NDIy +LnRlc3QwC4IJdDQyMy50ZXN0MAuCCXQ0MjQudGVzdDALggl0NDI1LnRlc3QwC4IJ +dDQyNi50ZXN0MAuCCXQ0MjcudGVzdDALggl0NDI4LnRlc3QwC4IJdDQyOS50ZXN0 +MAuCCXQ0MzAudGVzdDALggl0NDMxLnRlc3QwC4IJdDQzMi50ZXN0MAuCCXQ0MzMu +dGVzdDALggl0NDM0LnRlc3QwC4IJdDQzNS50ZXN0MAuCCXQ0MzYudGVzdDALggl0 +NDM3LnRlc3QwC4IJdDQzOC50ZXN0MAuCCXQ0MzkudGVzdDALggl0NDQwLnRlc3Qw +C4IJdDQ0MS50ZXN0MAuCCXQ0NDIudGVzdDALggl0NDQzLnRlc3QwC4IJdDQ0NC50 +ZXN0MAuCCXQ0NDUudGVzdDALggl0NDQ2LnRlc3QwC4IJdDQ0Ny50ZXN0MAuCCXQ0 +NDgudGVzdDALggl0NDQ5LnRlc3QwC4IJdDQ1MC50ZXN0MAuCCXQ0NTEudGVzdDAL +ggl0NDUyLnRlc3QwC4IJdDQ1My50ZXN0MAuCCXQ0NTQudGVzdDALggl0NDU1LnRl +c3QwC4IJdDQ1Ni50ZXN0MAuCCXQ0NTcudGVzdDALggl0NDU4LnRlc3QwC4IJdDQ1 +OS50ZXN0MAuCCXQ0NjAudGVzdDALggl0NDYxLnRlc3QwC4IJdDQ2Mi50ZXN0MAuC +CXQ0NjMudGVzdDALggl0NDY0LnRlc3QwC4IJdDQ2NS50ZXN0MAuCCXQ0NjYudGVz +dDALggl0NDY3LnRlc3QwC4IJdDQ2OC50ZXN0MAuCCXQ0NjkudGVzdDALggl0NDcw +LnRlc3QwC4IJdDQ3MS50ZXN0MAuCCXQ0NzIudGVzdDALggl0NDczLnRlc3QwC4IJ +dDQ3NC50ZXN0MAuCCXQ0NzUudGVzdDALggl0NDc2LnRlc3QwC4IJdDQ3Ny50ZXN0 +MAuCCXQ0NzgudGVzdDALggl0NDc5LnRlc3QwC4IJdDQ4MC50ZXN0MAuCCXQ0ODEu +dGVzdDALggl0NDgyLnRlc3QwC4IJdDQ4My50ZXN0MAuCCXQ0ODQudGVzdDALggl0 +NDg1LnRlc3QwC4IJdDQ4Ni50ZXN0MAuCCXQ0ODcudGVzdDALggl0NDg4LnRlc3Qw +C4IJdDQ4OS50ZXN0MAuCCXQ0OTAudGVzdDALggl0NDkxLnRlc3QwC4IJdDQ5Mi50 +ZXN0MAuCCXQ0OTMudGVzdDALggl0NDk0LnRlc3QwC4IJdDQ5NS50ZXN0MAuCCXQ0 +OTYudGVzdDALggl0NDk3LnRlc3QwC4IJdDQ5OC50ZXN0MAuCCXQ0OTkudGVzdDAL +ggl0NTAwLnRlc3QwC4IJdDUwMS50ZXN0MAuCCXQ1MDIudGVzdDALggl0NTAzLnRl +c3QwC4IJdDUwNC50ZXN0MAuCCXQ1MDUudGVzdDALggl0NTA2LnRlc3QwC4IJdDUw +Ny50ZXN0MAuCCXQ1MDgudGVzdDALggl0NTA5LnRlc3QwC4IJdDUxMC50ZXN0MAuC +CXQ1MTEudGVzdDALggl0NTEyLnRlc3QwB4IFLnRlc3ShghmfMAmCB3gwLnRlc3Qw +CYIHeDEudGVzdDAJggd4Mi50ZXN0MAmCB3gzLnRlc3QwCYIHeDQudGVzdDAJggd4 +NS50ZXN0MAmCB3g2LnRlc3QwCYIHeDcudGVzdDAJggd4OC50ZXN0MAmCB3g5LnRl +c3QwCoIIeDEwLnRlc3QwCoIIeDExLnRlc3QwCoIIeDEyLnRlc3QwCoIIeDEzLnRl +c3QwCoIIeDE0LnRlc3QwCoIIeDE1LnRlc3QwCoIIeDE2LnRlc3QwCoIIeDE3LnRl +c3QwCoIIeDE4LnRlc3QwCoIIeDE5LnRlc3QwCoIIeDIwLnRlc3QwCoIIeDIxLnRl +c3QwCoIIeDIyLnRlc3QwCoIIeDIzLnRlc3QwCoIIeDI0LnRlc3QwCoIIeDI1LnRl +c3QwCoIIeDI2LnRlc3QwCoIIeDI3LnRlc3QwCoIIeDI4LnRlc3QwCoIIeDI5LnRl +c3QwCoIIeDMwLnRlc3QwCoIIeDMxLnRlc3QwCoIIeDMyLnRlc3QwCoIIeDMzLnRl +c3QwCoIIeDM0LnRlc3QwCoIIeDM1LnRlc3QwCoIIeDM2LnRlc3QwCoIIeDM3LnRl +c3QwCoIIeDM4LnRlc3QwCoIIeDM5LnRlc3QwCoIIeDQwLnRlc3QwCoIIeDQxLnRl +c3QwCoIIeDQyLnRlc3QwCoIIeDQzLnRlc3QwCoIIeDQ0LnRlc3QwCoIIeDQ1LnRl +c3QwCoIIeDQ2LnRlc3QwCoIIeDQ3LnRlc3QwCoIIeDQ4LnRlc3QwCoIIeDQ5LnRl +c3QwCoIIeDUwLnRlc3QwCoIIeDUxLnRlc3QwCoIIeDUyLnRlc3QwCoIIeDUzLnRl +c3QwCoIIeDU0LnRlc3QwCoIIeDU1LnRlc3QwCoIIeDU2LnRlc3QwCoIIeDU3LnRl +c3QwCoIIeDU4LnRlc3QwCoIIeDU5LnRlc3QwCoIIeDYwLnRlc3QwCoIIeDYxLnRl +c3QwCoIIeDYyLnRlc3QwCoIIeDYzLnRlc3QwCoIIeDY0LnRlc3QwCoIIeDY1LnRl +c3QwCoIIeDY2LnRlc3QwCoIIeDY3LnRlc3QwCoIIeDY4LnRlc3QwCoIIeDY5LnRl +c3QwCoIIeDcwLnRlc3QwCoIIeDcxLnRlc3QwCoIIeDcyLnRlc3QwCoIIeDczLnRl +c3QwCoIIeDc0LnRlc3QwCoIIeDc1LnRlc3QwCoIIeDc2LnRlc3QwCoIIeDc3LnRl +c3QwCoIIeDc4LnRlc3QwCoIIeDc5LnRlc3QwCoIIeDgwLnRlc3QwCoIIeDgxLnRl +c3QwCoIIeDgyLnRlc3QwCoIIeDgzLnRlc3QwCoIIeDg0LnRlc3QwCoIIeDg1LnRl +c3QwCoIIeDg2LnRlc3QwCoIIeDg3LnRlc3QwCoIIeDg4LnRlc3QwCoIIeDg5LnRl +c3QwCoIIeDkwLnRlc3QwCoIIeDkxLnRlc3QwCoIIeDkyLnRlc3QwCoIIeDkzLnRl +c3QwCoIIeDk0LnRlc3QwCoIIeDk1LnRlc3QwCoIIeDk2LnRlc3QwCoIIeDk3LnRl +c3QwCoIIeDk4LnRlc3QwCoIIeDk5LnRlc3QwC4IJeDEwMC50ZXN0MAuCCXgxMDEu +dGVzdDALggl4MTAyLnRlc3QwC4IJeDEwMy50ZXN0MAuCCXgxMDQudGVzdDALggl4 +MTA1LnRlc3QwC4IJeDEwNi50ZXN0MAuCCXgxMDcudGVzdDALggl4MTA4LnRlc3Qw +C4IJeDEwOS50ZXN0MAuCCXgxMTAudGVzdDALggl4MTExLnRlc3QwC4IJeDExMi50 +ZXN0MAuCCXgxMTMudGVzdDALggl4MTE0LnRlc3QwC4IJeDExNS50ZXN0MAuCCXgx +MTYudGVzdDALggl4MTE3LnRlc3QwC4IJeDExOC50ZXN0MAuCCXgxMTkudGVzdDAL +ggl4MTIwLnRlc3QwC4IJeDEyMS50ZXN0MAuCCXgxMjIudGVzdDALggl4MTIzLnRl +c3QwC4IJeDEyNC50ZXN0MAuCCXgxMjUudGVzdDALggl4MTI2LnRlc3QwC4IJeDEy +Ny50ZXN0MAuCCXgxMjgudGVzdDALggl4MTI5LnRlc3QwC4IJeDEzMC50ZXN0MAuC +CXgxMzEudGVzdDALggl4MTMyLnRlc3QwC4IJeDEzMy50ZXN0MAuCCXgxMzQudGVz +dDALggl4MTM1LnRlc3QwC4IJeDEzNi50ZXN0MAuCCXgxMzcudGVzdDALggl4MTM4 +LnRlc3QwC4IJeDEzOS50ZXN0MAuCCXgxNDAudGVzdDALggl4MTQxLnRlc3QwC4IJ +eDE0Mi50ZXN0MAuCCXgxNDMudGVzdDALggl4MTQ0LnRlc3QwC4IJeDE0NS50ZXN0 +MAuCCXgxNDYudGVzdDALggl4MTQ3LnRlc3QwC4IJeDE0OC50ZXN0MAuCCXgxNDku +dGVzdDALggl4MTUwLnRlc3QwC4IJeDE1MS50ZXN0MAuCCXgxNTIudGVzdDALggl4 +MTUzLnRlc3QwC4IJeDE1NC50ZXN0MAuCCXgxNTUudGVzdDALggl4MTU2LnRlc3Qw +C4IJeDE1Ny50ZXN0MAuCCXgxNTgudGVzdDALggl4MTU5LnRlc3QwC4IJeDE2MC50 +ZXN0MAuCCXgxNjEudGVzdDALggl4MTYyLnRlc3QwC4IJeDE2My50ZXN0MAuCCXgx +NjQudGVzdDALggl4MTY1LnRlc3QwC4IJeDE2Ni50ZXN0MAuCCXgxNjcudGVzdDAL +ggl4MTY4LnRlc3QwC4IJeDE2OS50ZXN0MAuCCXgxNzAudGVzdDALggl4MTcxLnRl +c3QwC4IJeDE3Mi50ZXN0MAuCCXgxNzMudGVzdDALggl4MTc0LnRlc3QwC4IJeDE3 +NS50ZXN0MAuCCXgxNzYudGVzdDALggl4MTc3LnRlc3QwC4IJeDE3OC50ZXN0MAuC +CXgxNzkudGVzdDALggl4MTgwLnRlc3QwC4IJeDE4MS50ZXN0MAuCCXgxODIudGVz +dDALggl4MTgzLnRlc3QwC4IJeDE4NC50ZXN0MAuCCXgxODUudGVzdDALggl4MTg2 +LnRlc3QwC4IJeDE4Ny50ZXN0MAuCCXgxODgudGVzdDALggl4MTg5LnRlc3QwC4IJ +eDE5MC50ZXN0MAuCCXgxOTEudGVzdDALggl4MTkyLnRlc3QwC4IJeDE5My50ZXN0 +MAuCCXgxOTQudGVzdDALggl4MTk1LnRlc3QwC4IJeDE5Ni50ZXN0MAuCCXgxOTcu +dGVzdDALggl4MTk4LnRlc3QwC4IJeDE5OS50ZXN0MAuCCXgyMDAudGVzdDALggl4 +MjAxLnRlc3QwC4IJeDIwMi50ZXN0MAuCCXgyMDMudGVzdDALggl4MjA0LnRlc3Qw +C4IJeDIwNS50ZXN0MAuCCXgyMDYudGVzdDALggl4MjA3LnRlc3QwC4IJeDIwOC50 +ZXN0MAuCCXgyMDkudGVzdDALggl4MjEwLnRlc3QwC4IJeDIxMS50ZXN0MAuCCXgy +MTIudGVzdDALggl4MjEzLnRlc3QwC4IJeDIxNC50ZXN0MAuCCXgyMTUudGVzdDAL +ggl4MjE2LnRlc3QwC4IJeDIxNy50ZXN0MAuCCXgyMTgudGVzdDALggl4MjE5LnRl +c3QwC4IJeDIyMC50ZXN0MAuCCXgyMjEudGVzdDALggl4MjIyLnRlc3QwC4IJeDIy +My50ZXN0MAuCCXgyMjQudGVzdDALggl4MjI1LnRlc3QwC4IJeDIyNi50ZXN0MAuC +CXgyMjcudGVzdDALggl4MjI4LnRlc3QwC4IJeDIyOS50ZXN0MAuCCXgyMzAudGVz +dDALggl4MjMxLnRlc3QwC4IJeDIzMi50ZXN0MAuCCXgyMzMudGVzdDALggl4MjM0 +LnRlc3QwC4IJeDIzNS50ZXN0MAuCCXgyMzYudGVzdDALggl4MjM3LnRlc3QwC4IJ +eDIzOC50ZXN0MAuCCXgyMzkudGVzdDALggl4MjQwLnRlc3QwC4IJeDI0MS50ZXN0 +MAuCCXgyNDIudGVzdDALggl4MjQzLnRlc3QwC4IJeDI0NC50ZXN0MAuCCXgyNDUu +dGVzdDALggl4MjQ2LnRlc3QwC4IJeDI0Ny50ZXN0MAuCCXgyNDgudGVzdDALggl4 +MjQ5LnRlc3QwC4IJeDI1MC50ZXN0MAuCCXgyNTEudGVzdDALggl4MjUyLnRlc3Qw +C4IJeDI1My50ZXN0MAuCCXgyNTQudGVzdDALggl4MjU1LnRlc3QwC4IJeDI1Ni50 +ZXN0MAuCCXgyNTcudGVzdDALggl4MjU4LnRlc3QwC4IJeDI1OS50ZXN0MAuCCXgy +NjAudGVzdDALggl4MjYxLnRlc3QwC4IJeDI2Mi50ZXN0MAuCCXgyNjMudGVzdDAL +ggl4MjY0LnRlc3QwC4IJeDI2NS50ZXN0MAuCCXgyNjYudGVzdDALggl4MjY3LnRl +c3QwC4IJeDI2OC50ZXN0MAuCCXgyNjkudGVzdDALggl4MjcwLnRlc3QwC4IJeDI3 +MS50ZXN0MAuCCXgyNzIudGVzdDALggl4MjczLnRlc3QwC4IJeDI3NC50ZXN0MAuC +CXgyNzUudGVzdDALggl4Mjc2LnRlc3QwC4IJeDI3Ny50ZXN0MAuCCXgyNzgudGVz +dDALggl4Mjc5LnRlc3QwC4IJeDI4MC50ZXN0MAuCCXgyODEudGVzdDALggl4Mjgy +LnRlc3QwC4IJeDI4My50ZXN0MAuCCXgyODQudGVzdDALggl4Mjg1LnRlc3QwC4IJ +eDI4Ni50ZXN0MAuCCXgyODcudGVzdDALggl4Mjg4LnRlc3QwC4IJeDI4OS50ZXN0 +MAuCCXgyOTAudGVzdDALggl4MjkxLnRlc3QwC4IJeDI5Mi50ZXN0MAuCCXgyOTMu +dGVzdDALggl4Mjk0LnRlc3QwC4IJeDI5NS50ZXN0MAuCCXgyOTYudGVzdDALggl4 +Mjk3LnRlc3QwC4IJeDI5OC50ZXN0MAuCCXgyOTkudGVzdDALggl4MzAwLnRlc3Qw +C4IJeDMwMS50ZXN0MAuCCXgzMDIudGVzdDALggl4MzAzLnRlc3QwC4IJeDMwNC50 +ZXN0MAuCCXgzMDUudGVzdDALggl4MzA2LnRlc3QwC4IJeDMwNy50ZXN0MAuCCXgz +MDgudGVzdDALggl4MzA5LnRlc3QwC4IJeDMxMC50ZXN0MAuCCXgzMTEudGVzdDAL +ggl4MzEyLnRlc3QwC4IJeDMxMy50ZXN0MAuCCXgzMTQudGVzdDALggl4MzE1LnRl +c3QwC4IJeDMxNi50ZXN0MAuCCXgzMTcudGVzdDALggl4MzE4LnRlc3QwC4IJeDMx +OS50ZXN0MAuCCXgzMjAudGVzdDALggl4MzIxLnRlc3QwC4IJeDMyMi50ZXN0MAuC +CXgzMjMudGVzdDALggl4MzI0LnRlc3QwC4IJeDMyNS50ZXN0MAuCCXgzMjYudGVz +dDALggl4MzI3LnRlc3QwC4IJeDMyOC50ZXN0MAuCCXgzMjkudGVzdDALggl4MzMw +LnRlc3QwC4IJeDMzMS50ZXN0MAuCCXgzMzIudGVzdDALggl4MzMzLnRlc3QwC4IJ +eDMzNC50ZXN0MAuCCXgzMzUudGVzdDALggl4MzM2LnRlc3QwC4IJeDMzNy50ZXN0 +MAuCCXgzMzgudGVzdDALggl4MzM5LnRlc3QwC4IJeDM0MC50ZXN0MAuCCXgzNDEu +dGVzdDALggl4MzQyLnRlc3QwC4IJeDM0My50ZXN0MAuCCXgzNDQudGVzdDALggl4 +MzQ1LnRlc3QwC4IJeDM0Ni50ZXN0MAuCCXgzNDcudGVzdDALggl4MzQ4LnRlc3Qw +C4IJeDM0OS50ZXN0MAuCCXgzNTAudGVzdDALggl4MzUxLnRlc3QwC4IJeDM1Mi50 +ZXN0MAuCCXgzNTMudGVzdDALggl4MzU0LnRlc3QwC4IJeDM1NS50ZXN0MAuCCXgz +NTYudGVzdDALggl4MzU3LnRlc3QwC4IJeDM1OC50ZXN0MAuCCXgzNTkudGVzdDAL +ggl4MzYwLnRlc3QwC4IJeDM2MS50ZXN0MAuCCXgzNjIudGVzdDALggl4MzYzLnRl +c3QwC4IJeDM2NC50ZXN0MAuCCXgzNjUudGVzdDALggl4MzY2LnRlc3QwC4IJeDM2 +Ny50ZXN0MAuCCXgzNjgudGVzdDALggl4MzY5LnRlc3QwC4IJeDM3MC50ZXN0MAuC +CXgzNzEudGVzdDALggl4MzcyLnRlc3QwC4IJeDM3My50ZXN0MAuCCXgzNzQudGVz +dDALggl4Mzc1LnRlc3QwC4IJeDM3Ni50ZXN0MAuCCXgzNzcudGVzdDALggl4Mzc4 +LnRlc3QwC4IJeDM3OS50ZXN0MAuCCXgzODAudGVzdDALggl4MzgxLnRlc3QwC4IJ +eDM4Mi50ZXN0MAuCCXgzODMudGVzdDALggl4Mzg0LnRlc3QwC4IJeDM4NS50ZXN0 +MAuCCXgzODYudGVzdDALggl4Mzg3LnRlc3QwC4IJeDM4OC50ZXN0MAuCCXgzODku +dGVzdDALggl4MzkwLnRlc3QwC4IJeDM5MS50ZXN0MAuCCXgzOTIudGVzdDALggl4 +MzkzLnRlc3QwC4IJeDM5NC50ZXN0MAuCCXgzOTUudGVzdDALggl4Mzk2LnRlc3Qw +C4IJeDM5Ny50ZXN0MAuCCXgzOTgudGVzdDALggl4Mzk5LnRlc3QwC4IJeDQwMC50 +ZXN0MAuCCXg0MDEudGVzdDALggl4NDAyLnRlc3QwC4IJeDQwMy50ZXN0MAuCCXg0 +MDQudGVzdDALggl4NDA1LnRlc3QwC4IJeDQwNi50ZXN0MAuCCXg0MDcudGVzdDAL +ggl4NDA4LnRlc3QwC4IJeDQwOS50ZXN0MAuCCXg0MTAudGVzdDALggl4NDExLnRl +c3QwC4IJeDQxMi50ZXN0MAuCCXg0MTMudGVzdDALggl4NDE0LnRlc3QwC4IJeDQx +NS50ZXN0MAuCCXg0MTYudGVzdDALggl4NDE3LnRlc3QwC4IJeDQxOC50ZXN0MAuC +CXg0MTkudGVzdDALggl4NDIwLnRlc3QwC4IJeDQyMS50ZXN0MAuCCXg0MjIudGVz +dDALggl4NDIzLnRlc3QwC4IJeDQyNC50ZXN0MAuCCXg0MjUudGVzdDALggl4NDI2 +LnRlc3QwC4IJeDQyNy50ZXN0MAuCCXg0MjgudGVzdDALggl4NDI5LnRlc3QwC4IJ +eDQzMC50ZXN0MAuCCXg0MzEudGVzdDALggl4NDMyLnRlc3QwC4IJeDQzMy50ZXN0 +MAuCCXg0MzQudGVzdDALggl4NDM1LnRlc3QwC4IJeDQzNi50ZXN0MAuCCXg0Mzcu +dGVzdDALggl4NDM4LnRlc3QwC4IJeDQzOS50ZXN0MAuCCXg0NDAudGVzdDALggl4 +NDQxLnRlc3QwC4IJeDQ0Mi50ZXN0MAuCCXg0NDMudGVzdDALggl4NDQ0LnRlc3Qw +C4IJeDQ0NS50ZXN0MAuCCXg0NDYudGVzdDALggl4NDQ3LnRlc3QwC4IJeDQ0OC50 +ZXN0MAuCCXg0NDkudGVzdDALggl4NDUwLnRlc3QwC4IJeDQ1MS50ZXN0MAuCCXg0 +NTIudGVzdDALggl4NDUzLnRlc3QwC4IJeDQ1NC50ZXN0MAuCCXg0NTUudGVzdDAL +ggl4NDU2LnRlc3QwC4IJeDQ1Ny50ZXN0MAuCCXg0NTgudGVzdDALggl4NDU5LnRl +c3QwC4IJeDQ2MC50ZXN0MAuCCXg0NjEudGVzdDALggl4NDYyLnRlc3QwC4IJeDQ2 +My50ZXN0MAuCCXg0NjQudGVzdDALggl4NDY1LnRlc3QwC4IJeDQ2Ni50ZXN0MAuC +CXg0NjcudGVzdDALggl4NDY4LnRlc3QwC4IJeDQ2OS50ZXN0MAuCCXg0NzAudGVz +dDALggl4NDcxLnRlc3QwC4IJeDQ3Mi50ZXN0MAuCCXg0NzMudGVzdDALggl4NDc0 +LnRlc3QwC4IJeDQ3NS50ZXN0MAuCCXg0NzYudGVzdDALggl4NDc3LnRlc3QwC4IJ +eDQ3OC50ZXN0MAuCCXg0NzkudGVzdDALggl4NDgwLnRlc3QwC4IJeDQ4MS50ZXN0 +MAuCCXg0ODIudGVzdDALggl4NDgzLnRlc3QwC4IJeDQ4NC50ZXN0MAuCCXg0ODUu +dGVzdDALggl4NDg2LnRlc3QwC4IJeDQ4Ny50ZXN0MAuCCXg0ODgudGVzdDALggl4 +NDg5LnRlc3QwC4IJeDQ5MC50ZXN0MAuCCXg0OTEudGVzdDALggl4NDkyLnRlc3Qw +C4IJeDQ5My50ZXN0MAuCCXg0OTQudGVzdDALggl4NDk1LnRlc3QwC4IJeDQ5Ni50 +ZXN0MAuCCXg0OTcudGVzdDALggl4NDk4LnRlc3QwC4IJeDQ5OS50ZXN0MAuCCXg1 +MDAudGVzdDALggl4NTAxLnRlc3QwC4IJeDUwMi50ZXN0MAuCCXg1MDMudGVzdDAL +ggl4NTA0LnRlc3QwC4IJeDUwNS50ZXN0MAuCCXg1MDYudGVzdDALggl4NTA3LnRl +c3QwC4IJeDUwOC50ZXN0MAuCCXg1MDkudGVzdDALggl4NTEwLnRlc3QwC4IJeDUx +MS50ZXN0MAuCCXg1MTIudGVzdDANBgkqhkiG9w0BAQsFAAOCAQEAL2zj4W3+BzBa +UA0pBD3K5mXq5H94uVT3YFiS1Yrrv1aGJjnb9iabNjdPNRFq7eBm1OajFTv8UtE/ +WJR0JDvBTs7yvpOgTy+JY9RY8NP72gdOOvpZ3DbJ0bbSUFqBVQlM8771Mz9RVQX9 +i9oCqVkakKI/9guAU2XHx9ztTB6N3mULB3QkeFmlyrqeeVK/2lFErArRxyKQXjxb +cfD76JGADWpp6p1/QUGYmPNYGxHMtWzAhzX1zs/OdGwVVX7g6xxfFdOw0z2PVSPL +otKS5E3GWvqe43Edz3D6AI7jp6ibtH32HX/D4lLLd9nSiQURvJJ0nrMYZI+7p1DE +6BsnsA2jNg== +-----END CERTIFICATE----- diff --git a/openssl-1.1.0h/test/certs/many-names1.pem b/openssl-1.1.0h/test/certs/many-names1.pem new file mode 100644 index 0000000..cf6a0df --- /dev/null +++ b/openssl-1.1.0h/test/certs/many-names1.pem @@ -0,0 +1,409 @@ +-----BEGIN CERTIFICATE----- +MIJMMTCCSxmgAwIBAgIBAjANBgkqhkiG9w0BAQsFADANMQswCQYDVQQDEwJDQTAg +Fw0wMDAxMDEwMDAwMDBaGA8yMTAwMDEwMTAwMDAwMFowgjO+MRAwDgYDVQQDEwd0 +MC50ZXN0MRYwFAYJKoZIhvcNAQkBFgd0MEB0ZXN0MRYwFAYJKoZIhvcNAQkBFgd0 +MUB0ZXN0MRYwFAYJKoZIhvcNAQkBFgd0MkB0ZXN0MRYwFAYJKoZIhvcNAQkBFgd0 +M0B0ZXN0MRYwFAYJKoZIhvcNAQkBFgd0NEB0ZXN0MRYwFAYJKoZIhvcNAQkBFgd0 +NUB0ZXN0MRYwFAYJKoZIhvcNAQkBFgd0NkB0ZXN0MRYwFAYJKoZIhvcNAQkBFgd0 +N0B0ZXN0MRYwFAYJKoZIhvcNAQkBFgd0OEB0ZXN0MRYwFAYJKoZIhvcNAQkBFgd0 +OUB0ZXN0MRcwFQYJKoZIhvcNAQkBFgh0MTBAdGVzdDEXMBUGCSqGSIb3DQEJARYI +dDExQHRlc3QxFzAVBgkqhkiG9w0BCQEWCHQxMkB0ZXN0MRcwFQYJKoZIhvcNAQkB +Fgh0MTNAdGVzdDEXMBUGCSqGSIb3DQEJARYIdDE0QHRlc3QxFzAVBgkqhkiG9w0B +CQEWCHQxNUB0ZXN0MRcwFQYJKoZIhvcNAQkBFgh0MTZAdGVzdDEXMBUGCSqGSIb3 +DQEJARYIdDE3QHRlc3QxFzAVBgkqhkiG9w0BCQEWCHQxOEB0ZXN0MRcwFQYJKoZI +hvcNAQkBFgh0MTlAdGVzdDEXMBUGCSqGSIb3DQEJARYIdDIwQHRlc3QxFzAVBgkq +hkiG9w0BCQEWCHQyMUB0ZXN0MRcwFQYJKoZIhvcNAQkBFgh0MjJAdGVzdDEXMBUG +CSqGSIb3DQEJARYIdDIzQHRlc3QxFzAVBgkqhkiG9w0BCQEWCHQyNEB0ZXN0MRcw +FQYJKoZIhvcNAQkBFgh0MjVAdGVzdDEXMBUGCSqGSIb3DQEJARYIdDI2QHRlc3Qx +FzAVBgkqhkiG9w0BCQEWCHQyN0B0ZXN0MRcwFQYJKoZIhvcNAQkBFgh0MjhAdGVz +dDEXMBUGCSqGSIb3DQEJARYIdDI5QHRlc3QxFzAVBgkqhkiG9w0BCQEWCHQzMEB0 +ZXN0MRcwFQYJKoZIhvcNAQkBFgh0MzFAdGVzdDEXMBUGCSqGSIb3DQEJARYIdDMy +QHRlc3QxFzAVBgkqhkiG9w0BCQEWCHQzM0B0ZXN0MRcwFQYJKoZIhvcNAQkBFgh0 +MzRAdGVzdDEXMBUGCSqGSIb3DQEJARYIdDM1QHRlc3QxFzAVBgkqhkiG9w0BCQEW +CHQzNkB0ZXN0MRcwFQYJKoZIhvcNAQkBFgh0MzdAdGVzdDEXMBUGCSqGSIb3DQEJ +ARYIdDM4QHRlc3QxFzAVBgkqhkiG9w0BCQEWCHQzOUB0ZXN0MRcwFQYJKoZIhvcN +AQkBFgh0NDBAdGVzdDEXMBUGCSqGSIb3DQEJARYIdDQxQHRlc3QxFzAVBgkqhkiG +9w0BCQEWCHQ0MkB0ZXN0MRcwFQYJKoZIhvcNAQkBFgh0NDNAdGVzdDEXMBUGCSqG +SIb3DQEJARYIdDQ0QHRlc3QxFzAVBgkqhkiG9w0BCQEWCHQ0NUB0ZXN0MRcwFQYJ +KoZIhvcNAQkBFgh0NDZAdGVzdDEXMBUGCSqGSIb3DQEJARYIdDQ3QHRlc3QxFzAV +BgkqhkiG9w0BCQEWCHQ0OEB0ZXN0MRcwFQYJKoZIhvcNAQkBFgh0NDlAdGVzdDEX +MBUGCSqGSIb3DQEJARYIdDUwQHRlc3QxFzAVBgkqhkiG9w0BCQEWCHQ1MUB0ZXN0 +MRcwFQYJKoZIhvcNAQkBFgh0NTJAdGVzdDEXMBUGCSqGSIb3DQEJARYIdDUzQHRl +c3QxFzAVBgkqhkiG9w0BCQEWCHQ1NEB0ZXN0MRcwFQYJKoZIhvcNAQkBFgh0NTVA +dGVzdDEXMBUGCSqGSIb3DQEJARYIdDU2QHRlc3QxFzAVBgkqhkiG9w0BCQEWCHQ1 +N0B0ZXN0MRcwFQYJKoZIhvcNAQkBFgh0NThAdGVzdDEXMBUGCSqGSIb3DQEJARYI +dDU5QHRlc3QxFzAVBgkqhkiG9w0BCQEWCHQ2MEB0ZXN0MRcwFQYJKoZIhvcNAQkB +Fgh0NjFAdGVzdDEXMBUGCSqGSIb3DQEJARYIdDYyQHRlc3QxFzAVBgkqhkiG9w0B +CQEWCHQ2M0B0ZXN0MRcwFQYJKoZIhvcNAQkBFgh0NjRAdGVzdDEXMBUGCSqGSIb3 +DQEJARYIdDY1QHRlc3QxFzAVBgkqhkiG9w0BCQEWCHQ2NkB0ZXN0MRcwFQYJKoZI +hvcNAQkBFgh0NjdAdGVzdDEXMBUGCSqGSIb3DQEJARYIdDY4QHRlc3QxFzAVBgkq +hkiG9w0BCQEWCHQ2OUB0ZXN0MRcwFQYJKoZIhvcNAQkBFgh0NzBAdGVzdDEXMBUG +CSqGSIb3DQEJARYIdDcxQHRlc3QxFzAVBgkqhkiG9w0BCQEWCHQ3MkB0ZXN0MRcw +FQYJKoZIhvcNAQkBFgh0NzNAdGVzdDEXMBUGCSqGSIb3DQEJARYIdDc0QHRlc3Qx +FzAVBgkqhkiG9w0BCQEWCHQ3NUB0ZXN0MRcwFQYJKoZIhvcNAQkBFgh0NzZAdGVz +dDEXMBUGCSqGSIb3DQEJARYIdDc3QHRlc3QxFzAVBgkqhkiG9w0BCQEWCHQ3OEB0 +ZXN0MRcwFQYJKoZIhvcNAQkBFgh0NzlAdGVzdDEXMBUGCSqGSIb3DQEJARYIdDgw +QHRlc3QxFzAVBgkqhkiG9w0BCQEWCHQ4MUB0ZXN0MRcwFQYJKoZIhvcNAQkBFgh0 +ODJAdGVzdDEXMBUGCSqGSIb3DQEJARYIdDgzQHRlc3QxFzAVBgkqhkiG9w0BCQEW +CHQ4NEB0ZXN0MRcwFQYJKoZIhvcNAQkBFgh0ODVAdGVzdDEXMBUGCSqGSIb3DQEJ +ARYIdDg2QHRlc3QxFzAVBgkqhkiG9w0BCQEWCHQ4N0B0ZXN0MRcwFQYJKoZIhvcN +AQkBFgh0ODhAdGVzdDEXMBUGCSqGSIb3DQEJARYIdDg5QHRlc3QxFzAVBgkqhkiG +9w0BCQEWCHQ5MEB0ZXN0MRcwFQYJKoZIhvcNAQkBFgh0OTFAdGVzdDEXMBUGCSqG +SIb3DQEJARYIdDkyQHRlc3QxFzAVBgkqhkiG9w0BCQEWCHQ5M0B0ZXN0MRcwFQYJ +KoZIhvcNAQkBFgh0OTRAdGVzdDEXMBUGCSqGSIb3DQEJARYIdDk1QHRlc3QxFzAV +BgkqhkiG9w0BCQEWCHQ5NkB0ZXN0MRcwFQYJKoZIhvcNAQkBFgh0OTdAdGVzdDEX +MBUGCSqGSIb3DQEJARYIdDk4QHRlc3QxFzAVBgkqhkiG9w0BCQEWCHQ5OUB0ZXN0 +MRgwFgYJKoZIhvcNAQkBFgl0MTAwQHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQxMDFA +dGVzdDEYMBYGCSqGSIb3DQEJARYJdDEwMkB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0 +MTAzQHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQxMDRAdGVzdDEYMBYGCSqGSIb3DQEJ +ARYJdDEwNUB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0MTA2QHRlc3QxGDAWBgkqhkiG +9w0BCQEWCXQxMDdAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDEwOEB0ZXN0MRgwFgYJ +KoZIhvcNAQkBFgl0MTA5QHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQxMTBAdGVzdDEY +MBYGCSqGSIb3DQEJARYJdDExMUB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0MTEyQHRl +c3QxGDAWBgkqhkiG9w0BCQEWCXQxMTNAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDEx +NEB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0MTE1QHRlc3QxGDAWBgkqhkiG9w0BCQEW +CXQxMTZAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDExN0B0ZXN0MRgwFgYJKoZIhvcN +AQkBFgl0MTE4QHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQxMTlAdGVzdDEYMBYGCSqG +SIb3DQEJARYJdDEyMEB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0MTIxQHRlc3QxGDAW +BgkqhkiG9w0BCQEWCXQxMjJAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDEyM0B0ZXN0 +MRgwFgYJKoZIhvcNAQkBFgl0MTI0QHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQxMjVA +dGVzdDEYMBYGCSqGSIb3DQEJARYJdDEyNkB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0 +MTI3QHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQxMjhAdGVzdDEYMBYGCSqGSIb3DQEJ +ARYJdDEyOUB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0MTMwQHRlc3QxGDAWBgkqhkiG +9w0BCQEWCXQxMzFAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDEzMkB0ZXN0MRgwFgYJ +KoZIhvcNAQkBFgl0MTMzQHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQxMzRAdGVzdDEY +MBYGCSqGSIb3DQEJARYJdDEzNUB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0MTM2QHRl +c3QxGDAWBgkqhkiG9w0BCQEWCXQxMzdAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDEz +OEB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0MTM5QHRlc3QxGDAWBgkqhkiG9w0BCQEW +CXQxNDBAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDE0MUB0ZXN0MRgwFgYJKoZIhvcN +AQkBFgl0MTQyQHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQxNDNAdGVzdDEYMBYGCSqG +SIb3DQEJARYJdDE0NEB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0MTQ1QHRlc3QxGDAW +BgkqhkiG9w0BCQEWCXQxNDZAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDE0N0B0ZXN0 +MRgwFgYJKoZIhvcNAQkBFgl0MTQ4QHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQxNDlA +dGVzdDEYMBYGCSqGSIb3DQEJARYJdDE1MEB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0 +MTUxQHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQxNTJAdGVzdDEYMBYGCSqGSIb3DQEJ +ARYJdDE1M0B0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0MTU0QHRlc3QxGDAWBgkqhkiG +9w0BCQEWCXQxNTVAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDE1NkB0ZXN0MRgwFgYJ +KoZIhvcNAQkBFgl0MTU3QHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQxNThAdGVzdDEY +MBYGCSqGSIb3DQEJARYJdDE1OUB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0MTYwQHRl +c3QxGDAWBgkqhkiG9w0BCQEWCXQxNjFAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDE2 +MkB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0MTYzQHRlc3QxGDAWBgkqhkiG9w0BCQEW +CXQxNjRAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDE2NUB0ZXN0MRgwFgYJKoZIhvcN +AQkBFgl0MTY2QHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQxNjdAdGVzdDEYMBYGCSqG +SIb3DQEJARYJdDE2OEB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0MTY5QHRlc3QxGDAW +BgkqhkiG9w0BCQEWCXQxNzBAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDE3MUB0ZXN0 +MRgwFgYJKoZIhvcNAQkBFgl0MTcyQHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQxNzNA +dGVzdDEYMBYGCSqGSIb3DQEJARYJdDE3NEB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0 +MTc1QHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQxNzZAdGVzdDEYMBYGCSqGSIb3DQEJ +ARYJdDE3N0B0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0MTc4QHRlc3QxGDAWBgkqhkiG +9w0BCQEWCXQxNzlAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDE4MEB0ZXN0MRgwFgYJ +KoZIhvcNAQkBFgl0MTgxQHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQxODJAdGVzdDEY +MBYGCSqGSIb3DQEJARYJdDE4M0B0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0MTg0QHRl +c3QxGDAWBgkqhkiG9w0BCQEWCXQxODVAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDE4 +NkB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0MTg3QHRlc3QxGDAWBgkqhkiG9w0BCQEW +CXQxODhAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDE4OUB0ZXN0MRgwFgYJKoZIhvcN +AQkBFgl0MTkwQHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQxOTFAdGVzdDEYMBYGCSqG +SIb3DQEJARYJdDE5MkB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0MTkzQHRlc3QxGDAW +BgkqhkiG9w0BCQEWCXQxOTRAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDE5NUB0ZXN0 +MRgwFgYJKoZIhvcNAQkBFgl0MTk2QHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQxOTdA +dGVzdDEYMBYGCSqGSIb3DQEJARYJdDE5OEB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0 +MTk5QHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQyMDBAdGVzdDEYMBYGCSqGSIb3DQEJ +ARYJdDIwMUB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0MjAyQHRlc3QxGDAWBgkqhkiG +9w0BCQEWCXQyMDNAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDIwNEB0ZXN0MRgwFgYJ +KoZIhvcNAQkBFgl0MjA1QHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQyMDZAdGVzdDEY +MBYGCSqGSIb3DQEJARYJdDIwN0B0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0MjA4QHRl +c3QxGDAWBgkqhkiG9w0BCQEWCXQyMDlAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDIx +MEB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0MjExQHRlc3QxGDAWBgkqhkiG9w0BCQEW +CXQyMTJAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDIxM0B0ZXN0MRgwFgYJKoZIhvcN +AQkBFgl0MjE0QHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQyMTVAdGVzdDEYMBYGCSqG +SIb3DQEJARYJdDIxNkB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0MjE3QHRlc3QxGDAW +BgkqhkiG9w0BCQEWCXQyMThAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDIxOUB0ZXN0 +MRgwFgYJKoZIhvcNAQkBFgl0MjIwQHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQyMjFA +dGVzdDEYMBYGCSqGSIb3DQEJARYJdDIyMkB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0 +MjIzQHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQyMjRAdGVzdDEYMBYGCSqGSIb3DQEJ +ARYJdDIyNUB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0MjI2QHRlc3QxGDAWBgkqhkiG +9w0BCQEWCXQyMjdAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDIyOEB0ZXN0MRgwFgYJ +KoZIhvcNAQkBFgl0MjI5QHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQyMzBAdGVzdDEY +MBYGCSqGSIb3DQEJARYJdDIzMUB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0MjMyQHRl +c3QxGDAWBgkqhkiG9w0BCQEWCXQyMzNAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDIz +NEB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0MjM1QHRlc3QxGDAWBgkqhkiG9w0BCQEW +CXQyMzZAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDIzN0B0ZXN0MRgwFgYJKoZIhvcN +AQkBFgl0MjM4QHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQyMzlAdGVzdDEYMBYGCSqG +SIb3DQEJARYJdDI0MEB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0MjQxQHRlc3QxGDAW +BgkqhkiG9w0BCQEWCXQyNDJAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDI0M0B0ZXN0 +MRgwFgYJKoZIhvcNAQkBFgl0MjQ0QHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQyNDVA +dGVzdDEYMBYGCSqGSIb3DQEJARYJdDI0NkB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0 +MjQ3QHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQyNDhAdGVzdDEYMBYGCSqGSIb3DQEJ +ARYJdDI0OUB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0MjUwQHRlc3QxGDAWBgkqhkiG +9w0BCQEWCXQyNTFAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDI1MkB0ZXN0MRgwFgYJ +KoZIhvcNAQkBFgl0MjUzQHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQyNTRAdGVzdDEY +MBYGCSqGSIb3DQEJARYJdDI1NUB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0MjU2QHRl +c3QxGDAWBgkqhkiG9w0BCQEWCXQyNTdAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDI1 +OEB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0MjU5QHRlc3QxGDAWBgkqhkiG9w0BCQEW +CXQyNjBAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDI2MUB0ZXN0MRgwFgYJKoZIhvcN +AQkBFgl0MjYyQHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQyNjNAdGVzdDEYMBYGCSqG +SIb3DQEJARYJdDI2NEB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0MjY1QHRlc3QxGDAW +BgkqhkiG9w0BCQEWCXQyNjZAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDI2N0B0ZXN0 +MRgwFgYJKoZIhvcNAQkBFgl0MjY4QHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQyNjlA +dGVzdDEYMBYGCSqGSIb3DQEJARYJdDI3MEB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0 +MjcxQHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQyNzJAdGVzdDEYMBYGCSqGSIb3DQEJ +ARYJdDI3M0B0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0Mjc0QHRlc3QxGDAWBgkqhkiG +9w0BCQEWCXQyNzVAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDI3NkB0ZXN0MRgwFgYJ +KoZIhvcNAQkBFgl0Mjc3QHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQyNzhAdGVzdDEY +MBYGCSqGSIb3DQEJARYJdDI3OUB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0MjgwQHRl +c3QxGDAWBgkqhkiG9w0BCQEWCXQyODFAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDI4 +MkB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0MjgzQHRlc3QxGDAWBgkqhkiG9w0BCQEW +CXQyODRAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDI4NUB0ZXN0MRgwFgYJKoZIhvcN +AQkBFgl0Mjg2QHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQyODdAdGVzdDEYMBYGCSqG +SIb3DQEJARYJdDI4OEB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0Mjg5QHRlc3QxGDAW +BgkqhkiG9w0BCQEWCXQyOTBAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDI5MUB0ZXN0 +MRgwFgYJKoZIhvcNAQkBFgl0MjkyQHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQyOTNA +dGVzdDEYMBYGCSqGSIb3DQEJARYJdDI5NEB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0 +Mjk1QHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQyOTZAdGVzdDEYMBYGCSqGSIb3DQEJ +ARYJdDI5N0B0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0Mjk4QHRlc3QxGDAWBgkqhkiG +9w0BCQEWCXQyOTlAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDMwMEB0ZXN0MRgwFgYJ +KoZIhvcNAQkBFgl0MzAxQHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQzMDJAdGVzdDEY +MBYGCSqGSIb3DQEJARYJdDMwM0B0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0MzA0QHRl +c3QxGDAWBgkqhkiG9w0BCQEWCXQzMDVAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDMw +NkB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0MzA3QHRlc3QxGDAWBgkqhkiG9w0BCQEW +CXQzMDhAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDMwOUB0ZXN0MRgwFgYJKoZIhvcN +AQkBFgl0MzEwQHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQzMTFAdGVzdDEYMBYGCSqG +SIb3DQEJARYJdDMxMkB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0MzEzQHRlc3QxGDAW +BgkqhkiG9w0BCQEWCXQzMTRAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDMxNUB0ZXN0 +MRgwFgYJKoZIhvcNAQkBFgl0MzE2QHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQzMTdA +dGVzdDEYMBYGCSqGSIb3DQEJARYJdDMxOEB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0 +MzE5QHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQzMjBAdGVzdDEYMBYGCSqGSIb3DQEJ +ARYJdDMyMUB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0MzIyQHRlc3QxGDAWBgkqhkiG +9w0BCQEWCXQzMjNAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDMyNEB0ZXN0MRgwFgYJ +KoZIhvcNAQkBFgl0MzI1QHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQzMjZAdGVzdDEY +MBYGCSqGSIb3DQEJARYJdDMyN0B0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0MzI4QHRl +c3QxGDAWBgkqhkiG9w0BCQEWCXQzMjlAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDMz +MEB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0MzMxQHRlc3QxGDAWBgkqhkiG9w0BCQEW +CXQzMzJAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDMzM0B0ZXN0MRgwFgYJKoZIhvcN +AQkBFgl0MzM0QHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQzMzVAdGVzdDEYMBYGCSqG +SIb3DQEJARYJdDMzNkB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0MzM3QHRlc3QxGDAW +BgkqhkiG9w0BCQEWCXQzMzhAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDMzOUB0ZXN0 +MRgwFgYJKoZIhvcNAQkBFgl0MzQwQHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQzNDFA +dGVzdDEYMBYGCSqGSIb3DQEJARYJdDM0MkB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0 +MzQzQHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQzNDRAdGVzdDEYMBYGCSqGSIb3DQEJ +ARYJdDM0NUB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0MzQ2QHRlc3QxGDAWBgkqhkiG +9w0BCQEWCXQzNDdAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDM0OEB0ZXN0MRgwFgYJ +KoZIhvcNAQkBFgl0MzQ5QHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQzNTBAdGVzdDEY +MBYGCSqGSIb3DQEJARYJdDM1MUB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0MzUyQHRl +c3QxGDAWBgkqhkiG9w0BCQEWCXQzNTNAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDM1 +NEB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0MzU1QHRlc3QxGDAWBgkqhkiG9w0BCQEW +CXQzNTZAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDM1N0B0ZXN0MRgwFgYJKoZIhvcN +AQkBFgl0MzU4QHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQzNTlAdGVzdDEYMBYGCSqG +SIb3DQEJARYJdDM2MEB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0MzYxQHRlc3QxGDAW +BgkqhkiG9w0BCQEWCXQzNjJAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDM2M0B0ZXN0 +MRgwFgYJKoZIhvcNAQkBFgl0MzY0QHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQzNjVA +dGVzdDEYMBYGCSqGSIb3DQEJARYJdDM2NkB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0 +MzY3QHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQzNjhAdGVzdDEYMBYGCSqGSIb3DQEJ +ARYJdDM2OUB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0MzcwQHRlc3QxGDAWBgkqhkiG +9w0BCQEWCXQzNzFAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDM3MkB0ZXN0MRgwFgYJ +KoZIhvcNAQkBFgl0MzczQHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQzNzRAdGVzdDEY +MBYGCSqGSIb3DQEJARYJdDM3NUB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0Mzc2QHRl +c3QxGDAWBgkqhkiG9w0BCQEWCXQzNzdAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDM3 +OEB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0Mzc5QHRlc3QxGDAWBgkqhkiG9w0BCQEW +CXQzODBAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDM4MUB0ZXN0MRgwFgYJKoZIhvcN +AQkBFgl0MzgyQHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQzODNAdGVzdDEYMBYGCSqG +SIb3DQEJARYJdDM4NEB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0Mzg1QHRlc3QxGDAW +BgkqhkiG9w0BCQEWCXQzODZAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDM4N0B0ZXN0 +MRgwFgYJKoZIhvcNAQkBFgl0Mzg4QHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQzODlA +dGVzdDEYMBYGCSqGSIb3DQEJARYJdDM5MEB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0 +MzkxQHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQzOTJAdGVzdDEYMBYGCSqGSIb3DQEJ +ARYJdDM5M0B0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0Mzk0QHRlc3QxGDAWBgkqhkiG +9w0BCQEWCXQzOTVAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDM5NkB0ZXN0MRgwFgYJ +KoZIhvcNAQkBFgl0Mzk3QHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQzOThAdGVzdDEY +MBYGCSqGSIb3DQEJARYJdDM5OUB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0NDAwQHRl +c3QxGDAWBgkqhkiG9w0BCQEWCXQ0MDFAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDQw +MkB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0NDAzQHRlc3QxGDAWBgkqhkiG9w0BCQEW +CXQ0MDRAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDQwNUB0ZXN0MRgwFgYJKoZIhvcN +AQkBFgl0NDA2QHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQ0MDdAdGVzdDEYMBYGCSqG +SIb3DQEJARYJdDQwOEB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0NDA5QHRlc3QxGDAW +BgkqhkiG9w0BCQEWCXQ0MTBAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDQxMUB0ZXN0 +MRgwFgYJKoZIhvcNAQkBFgl0NDEyQHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQ0MTNA +dGVzdDEYMBYGCSqGSIb3DQEJARYJdDQxNEB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0 +NDE1QHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQ0MTZAdGVzdDEYMBYGCSqGSIb3DQEJ +ARYJdDQxN0B0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0NDE4QHRlc3QxGDAWBgkqhkiG +9w0BCQEWCXQ0MTlAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDQyMEB0ZXN0MRgwFgYJ +KoZIhvcNAQkBFgl0NDIxQHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQ0MjJAdGVzdDEY +MBYGCSqGSIb3DQEJARYJdDQyM0B0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0NDI0QHRl +c3QxGDAWBgkqhkiG9w0BCQEWCXQ0MjVAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDQy +NkB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0NDI3QHRlc3QxGDAWBgkqhkiG9w0BCQEW +CXQ0MjhAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDQyOUB0ZXN0MRgwFgYJKoZIhvcN +AQkBFgl0NDMwQHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQ0MzFAdGVzdDEYMBYGCSqG +SIb3DQEJARYJdDQzMkB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0NDMzQHRlc3QxGDAW +BgkqhkiG9w0BCQEWCXQ0MzRAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDQzNUB0ZXN0 +MRgwFgYJKoZIhvcNAQkBFgl0NDM2QHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQ0MzdA +dGVzdDEYMBYGCSqGSIb3DQEJARYJdDQzOEB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0 +NDM5QHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQ0NDBAdGVzdDEYMBYGCSqGSIb3DQEJ +ARYJdDQ0MUB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0NDQyQHRlc3QxGDAWBgkqhkiG +9w0BCQEWCXQ0NDNAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDQ0NEB0ZXN0MRgwFgYJ +KoZIhvcNAQkBFgl0NDQ1QHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQ0NDZAdGVzdDEY +MBYGCSqGSIb3DQEJARYJdDQ0N0B0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0NDQ4QHRl +c3QxGDAWBgkqhkiG9w0BCQEWCXQ0NDlAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDQ1 +MEB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0NDUxQHRlc3QxGDAWBgkqhkiG9w0BCQEW +CXQ0NTJAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDQ1M0B0ZXN0MRgwFgYJKoZIhvcN +AQkBFgl0NDU0QHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQ0NTVAdGVzdDEYMBYGCSqG +SIb3DQEJARYJdDQ1NkB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0NDU3QHRlc3QxGDAW +BgkqhkiG9w0BCQEWCXQ0NThAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDQ1OUB0ZXN0 +MRgwFgYJKoZIhvcNAQkBFgl0NDYwQHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQ0NjFA +dGVzdDEYMBYGCSqGSIb3DQEJARYJdDQ2MkB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0 +NDYzQHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQ0NjRAdGVzdDEYMBYGCSqGSIb3DQEJ +ARYJdDQ2NUB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0NDY2QHRlc3QxGDAWBgkqhkiG +9w0BCQEWCXQ0NjdAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDQ2OEB0ZXN0MRgwFgYJ +KoZIhvcNAQkBFgl0NDY5QHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQ0NzBAdGVzdDEY +MBYGCSqGSIb3DQEJARYJdDQ3MUB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0NDcyQHRl +c3QxGDAWBgkqhkiG9w0BCQEWCXQ0NzNAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDQ3 +NEB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0NDc1QHRlc3QxGDAWBgkqhkiG9w0BCQEW +CXQ0NzZAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDQ3N0B0ZXN0MRgwFgYJKoZIhvcN +AQkBFgl0NDc4QHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQ0NzlAdGVzdDEYMBYGCSqG +SIb3DQEJARYJdDQ4MEB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0NDgxQHRlc3QxGDAW +BgkqhkiG9w0BCQEWCXQ0ODJAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDQ4M0B0ZXN0 +MRgwFgYJKoZIhvcNAQkBFgl0NDg0QHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQ0ODVA +dGVzdDEYMBYGCSqGSIb3DQEJARYJdDQ4NkB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0 +NDg3QHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQ0ODhAdGVzdDEYMBYGCSqGSIb3DQEJ +ARYJdDQ4OUB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0NDkwQHRlc3QxGDAWBgkqhkiG +9w0BCQEWCXQ0OTFAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDQ5MkB0ZXN0MRgwFgYJ +KoZIhvcNAQkBFgl0NDkzQHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQ0OTRAdGVzdDEY +MBYGCSqGSIb3DQEJARYJdDQ5NUB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0NDk2QHRl +c3QxGDAWBgkqhkiG9w0BCQEWCXQ0OTdAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDQ5 +OEB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0NDk5QHRlc3QxGDAWBgkqhkiG9w0BCQEW +CXQ1MDBAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDUwMUB0ZXN0MRgwFgYJKoZIhvcN +AQkBFgl0NTAyQHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQ1MDNAdGVzdDEYMBYGCSqG +SIb3DQEJARYJdDUwNEB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0NTA1QHRlc3QxGDAW +BgkqhkiG9w0BCQEWCXQ1MDZAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDUwN0B0ZXN0 +MRgwFgYJKoZIhvcNAQkBFgl0NTA4QHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQ1MDlA +dGVzdDEYMBYGCSqGSIb3DQEJARYJdDUxMEB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0 +NTExQHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQ1MTJAdGVzdDCCASIwDQYJKoZIhvcN +AQEBBQADggEPADCCAQoCggEBALoL2oQZEgFBdXwuPb29W75T63JfNJKKdYi6YrmK +M+EKbcMue/hFrLGQXB6a2eQZFn+j3hmexeQF9T8iWxh2S6rzAr1Yj+qXeDBaMf4o +BEiEhBxIsaIlws3qQa4baeVEEoxw+A+ISrYHTIFcV/i0bcIFt5p7v7wbu686a/w0 +vIqPfad5amdQJMvmjZXDI+jGMvFPmBRHr2/1dJUWPaKsJluwR514pJv74urIyEt+ +dFPM2/5kc2HiLNkeuS1Hbky+dPlDIGrfaHHsCNnb/GjvQ6YfvDXRrYPCxWMk0x3F +MSaDK9T0zoJ5hE9fViR+D6xcJO2RNUCUENS+Iipj3kIrLbkCAwEAAaOCFeUwghXh +MA4GA1UdDwEB/wQEAwIFoDATBgNVHSUEDDAKBggrBgEFBQcDATAMBgNVHRMBAf8E +AjAAMIIVqgYDVR0RBIIVoTCCFZ2CB3QwLnRlc3SCB3QxLnRlc3SCB3QyLnRlc3SC +B3QzLnRlc3SCB3Q0LnRlc3SCB3Q1LnRlc3SCB3Q2LnRlc3SCB3Q3LnRlc3SCB3Q4 +LnRlc3SCB3Q5LnRlc3SCCHQxMC50ZXN0ggh0MTEudGVzdIIIdDEyLnRlc3SCCHQx +My50ZXN0ggh0MTQudGVzdIIIdDE1LnRlc3SCCHQxNi50ZXN0ggh0MTcudGVzdIII +dDE4LnRlc3SCCHQxOS50ZXN0ggh0MjAudGVzdIIIdDIxLnRlc3SCCHQyMi50ZXN0 +ggh0MjMudGVzdIIIdDI0LnRlc3SCCHQyNS50ZXN0ggh0MjYudGVzdIIIdDI3LnRl +c3SCCHQyOC50ZXN0ggh0MjkudGVzdIIIdDMwLnRlc3SCCHQzMS50ZXN0ggh0MzIu +dGVzdIIIdDMzLnRlc3SCCHQzNC50ZXN0ggh0MzUudGVzdIIIdDM2LnRlc3SCCHQz +Ny50ZXN0ggh0MzgudGVzdIIIdDM5LnRlc3SCCHQ0MC50ZXN0ggh0NDEudGVzdIII +dDQyLnRlc3SCCHQ0My50ZXN0ggh0NDQudGVzdIIIdDQ1LnRlc3SCCHQ0Ni50ZXN0 +ggh0NDcudGVzdIIIdDQ4LnRlc3SCCHQ0OS50ZXN0ggh0NTAudGVzdIIIdDUxLnRl +c3SCCHQ1Mi50ZXN0ggh0NTMudGVzdIIIdDU0LnRlc3SCCHQ1NS50ZXN0ggh0NTYu +dGVzdIIIdDU3LnRlc3SCCHQ1OC50ZXN0ggh0NTkudGVzdIIIdDYwLnRlc3SCCHQ2 +MS50ZXN0ggh0NjIudGVzdIIIdDYzLnRlc3SCCHQ2NC50ZXN0ggh0NjUudGVzdIII +dDY2LnRlc3SCCHQ2Ny50ZXN0ggh0NjgudGVzdIIIdDY5LnRlc3SCCHQ3MC50ZXN0 +ggh0NzEudGVzdIIIdDcyLnRlc3SCCHQ3My50ZXN0ggh0NzQudGVzdIIIdDc1LnRl +c3SCCHQ3Ni50ZXN0ggh0NzcudGVzdIIIdDc4LnRlc3SCCHQ3OS50ZXN0ggh0ODAu +dGVzdIIIdDgxLnRlc3SCCHQ4Mi50ZXN0ggh0ODMudGVzdIIIdDg0LnRlc3SCCHQ4 +NS50ZXN0ggh0ODYudGVzdIIIdDg3LnRlc3SCCHQ4OC50ZXN0ggh0ODkudGVzdIII +dDkwLnRlc3SCCHQ5MS50ZXN0ggh0OTIudGVzdIIIdDkzLnRlc3SCCHQ5NC50ZXN0 +ggh0OTUudGVzdIIIdDk2LnRlc3SCCHQ5Ny50ZXN0ggh0OTgudGVzdIIIdDk5LnRl +c3SCCXQxMDAudGVzdIIJdDEwMS50ZXN0ggl0MTAyLnRlc3SCCXQxMDMudGVzdIIJ +dDEwNC50ZXN0ggl0MTA1LnRlc3SCCXQxMDYudGVzdIIJdDEwNy50ZXN0ggl0MTA4 +LnRlc3SCCXQxMDkudGVzdIIJdDExMC50ZXN0ggl0MTExLnRlc3SCCXQxMTIudGVz +dIIJdDExMy50ZXN0ggl0MTE0LnRlc3SCCXQxMTUudGVzdIIJdDExNi50ZXN0ggl0 +MTE3LnRlc3SCCXQxMTgudGVzdIIJdDExOS50ZXN0ggl0MTIwLnRlc3SCCXQxMjEu +dGVzdIIJdDEyMi50ZXN0ggl0MTIzLnRlc3SCCXQxMjQudGVzdIIJdDEyNS50ZXN0 +ggl0MTI2LnRlc3SCCXQxMjcudGVzdIIJdDEyOC50ZXN0ggl0MTI5LnRlc3SCCXQx +MzAudGVzdIIJdDEzMS50ZXN0ggl0MTMyLnRlc3SCCXQxMzMudGVzdIIJdDEzNC50 +ZXN0ggl0MTM1LnRlc3SCCXQxMzYudGVzdIIJdDEzNy50ZXN0ggl0MTM4LnRlc3SC +CXQxMzkudGVzdIIJdDE0MC50ZXN0ggl0MTQxLnRlc3SCCXQxNDIudGVzdIIJdDE0 +My50ZXN0ggl0MTQ0LnRlc3SCCXQxNDUudGVzdIIJdDE0Ni50ZXN0ggl0MTQ3LnRl +c3SCCXQxNDgudGVzdIIJdDE0OS50ZXN0ggl0MTUwLnRlc3SCCXQxNTEudGVzdIIJ +dDE1Mi50ZXN0ggl0MTUzLnRlc3SCCXQxNTQudGVzdIIJdDE1NS50ZXN0ggl0MTU2 +LnRlc3SCCXQxNTcudGVzdIIJdDE1OC50ZXN0ggl0MTU5LnRlc3SCCXQxNjAudGVz +dIIJdDE2MS50ZXN0ggl0MTYyLnRlc3SCCXQxNjMudGVzdIIJdDE2NC50ZXN0ggl0 +MTY1LnRlc3SCCXQxNjYudGVzdIIJdDE2Ny50ZXN0ggl0MTY4LnRlc3SCCXQxNjku +dGVzdIIJdDE3MC50ZXN0ggl0MTcxLnRlc3SCCXQxNzIudGVzdIIJdDE3My50ZXN0 +ggl0MTc0LnRlc3SCCXQxNzUudGVzdIIJdDE3Ni50ZXN0ggl0MTc3LnRlc3SCCXQx +NzgudGVzdIIJdDE3OS50ZXN0ggl0MTgwLnRlc3SCCXQxODEudGVzdIIJdDE4Mi50 +ZXN0ggl0MTgzLnRlc3SCCXQxODQudGVzdIIJdDE4NS50ZXN0ggl0MTg2LnRlc3SC +CXQxODcudGVzdIIJdDE4OC50ZXN0ggl0MTg5LnRlc3SCCXQxOTAudGVzdIIJdDE5 +MS50ZXN0ggl0MTkyLnRlc3SCCXQxOTMudGVzdIIJdDE5NC50ZXN0ggl0MTk1LnRl +c3SCCXQxOTYudGVzdIIJdDE5Ny50ZXN0ggl0MTk4LnRlc3SCCXQxOTkudGVzdIIJ +dDIwMC50ZXN0ggl0MjAxLnRlc3SCCXQyMDIudGVzdIIJdDIwMy50ZXN0ggl0MjA0 +LnRlc3SCCXQyMDUudGVzdIIJdDIwNi50ZXN0ggl0MjA3LnRlc3SCCXQyMDgudGVz +dIIJdDIwOS50ZXN0ggl0MjEwLnRlc3SCCXQyMTEudGVzdIIJdDIxMi50ZXN0ggl0 +MjEzLnRlc3SCCXQyMTQudGVzdIIJdDIxNS50ZXN0ggl0MjE2LnRlc3SCCXQyMTcu +dGVzdIIJdDIxOC50ZXN0ggl0MjE5LnRlc3SCCXQyMjAudGVzdIIJdDIyMS50ZXN0 +ggl0MjIyLnRlc3SCCXQyMjMudGVzdIIJdDIyNC50ZXN0ggl0MjI1LnRlc3SCCXQy +MjYudGVzdIIJdDIyNy50ZXN0ggl0MjI4LnRlc3SCCXQyMjkudGVzdIIJdDIzMC50 +ZXN0ggl0MjMxLnRlc3SCCXQyMzIudGVzdIIJdDIzMy50ZXN0ggl0MjM0LnRlc3SC +CXQyMzUudGVzdIIJdDIzNi50ZXN0ggl0MjM3LnRlc3SCCXQyMzgudGVzdIIJdDIz +OS50ZXN0ggl0MjQwLnRlc3SCCXQyNDEudGVzdIIJdDI0Mi50ZXN0ggl0MjQzLnRl +c3SCCXQyNDQudGVzdIIJdDI0NS50ZXN0ggl0MjQ2LnRlc3SCCXQyNDcudGVzdIIJ +dDI0OC50ZXN0ggl0MjQ5LnRlc3SCCXQyNTAudGVzdIIJdDI1MS50ZXN0ggl0MjUy +LnRlc3SCCXQyNTMudGVzdIIJdDI1NC50ZXN0ggl0MjU1LnRlc3SCCXQyNTYudGVz +dIIJdDI1Ny50ZXN0ggl0MjU4LnRlc3SCCXQyNTkudGVzdIIJdDI2MC50ZXN0ggl0 +MjYxLnRlc3SCCXQyNjIudGVzdIIJdDI2My50ZXN0ggl0MjY0LnRlc3SCCXQyNjUu +dGVzdIIJdDI2Ni50ZXN0ggl0MjY3LnRlc3SCCXQyNjgudGVzdIIJdDI2OS50ZXN0 +ggl0MjcwLnRlc3SCCXQyNzEudGVzdIIJdDI3Mi50ZXN0ggl0MjczLnRlc3SCCXQy +NzQudGVzdIIJdDI3NS50ZXN0ggl0Mjc2LnRlc3SCCXQyNzcudGVzdIIJdDI3OC50 +ZXN0ggl0Mjc5LnRlc3SCCXQyODAudGVzdIIJdDI4MS50ZXN0ggl0MjgyLnRlc3SC +CXQyODMudGVzdIIJdDI4NC50ZXN0ggl0Mjg1LnRlc3SCCXQyODYudGVzdIIJdDI4 +Ny50ZXN0ggl0Mjg4LnRlc3SCCXQyODkudGVzdIIJdDI5MC50ZXN0ggl0MjkxLnRl +c3SCCXQyOTIudGVzdIIJdDI5My50ZXN0ggl0Mjk0LnRlc3SCCXQyOTUudGVzdIIJ +dDI5Ni50ZXN0ggl0Mjk3LnRlc3SCCXQyOTgudGVzdIIJdDI5OS50ZXN0ggl0MzAw +LnRlc3SCCXQzMDEudGVzdIIJdDMwMi50ZXN0ggl0MzAzLnRlc3SCCXQzMDQudGVz +dIIJdDMwNS50ZXN0ggl0MzA2LnRlc3SCCXQzMDcudGVzdIIJdDMwOC50ZXN0ggl0 +MzA5LnRlc3SCCXQzMTAudGVzdIIJdDMxMS50ZXN0ggl0MzEyLnRlc3SCCXQzMTMu +dGVzdIIJdDMxNC50ZXN0ggl0MzE1LnRlc3SCCXQzMTYudGVzdIIJdDMxNy50ZXN0 +ggl0MzE4LnRlc3SCCXQzMTkudGVzdIIJdDMyMC50ZXN0ggl0MzIxLnRlc3SCCXQz +MjIudGVzdIIJdDMyMy50ZXN0ggl0MzI0LnRlc3SCCXQzMjUudGVzdIIJdDMyNi50 +ZXN0ggl0MzI3LnRlc3SCCXQzMjgudGVzdIIJdDMyOS50ZXN0ggl0MzMwLnRlc3SC +CXQzMzEudGVzdIIJdDMzMi50ZXN0ggl0MzMzLnRlc3SCCXQzMzQudGVzdIIJdDMz +NS50ZXN0ggl0MzM2LnRlc3SCCXQzMzcudGVzdIIJdDMzOC50ZXN0ggl0MzM5LnRl +c3SCCXQzNDAudGVzdIIJdDM0MS50ZXN0ggl0MzQyLnRlc3SCCXQzNDMudGVzdIIJ +dDM0NC50ZXN0ggl0MzQ1LnRlc3SCCXQzNDYudGVzdIIJdDM0Ny50ZXN0ggl0MzQ4 +LnRlc3SCCXQzNDkudGVzdIIJdDM1MC50ZXN0ggl0MzUxLnRlc3SCCXQzNTIudGVz +dIIJdDM1My50ZXN0ggl0MzU0LnRlc3SCCXQzNTUudGVzdIIJdDM1Ni50ZXN0ggl0 +MzU3LnRlc3SCCXQzNTgudGVzdIIJdDM1OS50ZXN0ggl0MzYwLnRlc3SCCXQzNjEu +dGVzdIIJdDM2Mi50ZXN0ggl0MzYzLnRlc3SCCXQzNjQudGVzdIIJdDM2NS50ZXN0 +ggl0MzY2LnRlc3SCCXQzNjcudGVzdIIJdDM2OC50ZXN0ggl0MzY5LnRlc3SCCXQz +NzAudGVzdIIJdDM3MS50ZXN0ggl0MzcyLnRlc3SCCXQzNzMudGVzdIIJdDM3NC50 +ZXN0ggl0Mzc1LnRlc3SCCXQzNzYudGVzdIIJdDM3Ny50ZXN0ggl0Mzc4LnRlc3SC +CXQzNzkudGVzdIIJdDM4MC50ZXN0ggl0MzgxLnRlc3SCCXQzODIudGVzdIIJdDM4 +My50ZXN0ggl0Mzg0LnRlc3SCCXQzODUudGVzdIIJdDM4Ni50ZXN0ggl0Mzg3LnRl +c3SCCXQzODgudGVzdIIJdDM4OS50ZXN0ggl0MzkwLnRlc3SCCXQzOTEudGVzdIIJ +dDM5Mi50ZXN0ggl0MzkzLnRlc3SCCXQzOTQudGVzdIIJdDM5NS50ZXN0ggl0Mzk2 +LnRlc3SCCXQzOTcudGVzdIIJdDM5OC50ZXN0ggl0Mzk5LnRlc3SCCXQ0MDAudGVz +dIIJdDQwMS50ZXN0ggl0NDAyLnRlc3SCCXQ0MDMudGVzdIIJdDQwNC50ZXN0ggl0 +NDA1LnRlc3SCCXQ0MDYudGVzdIIJdDQwNy50ZXN0ggl0NDA4LnRlc3SCCXQ0MDku +dGVzdIIJdDQxMC50ZXN0ggl0NDExLnRlc3SCCXQ0MTIudGVzdIIJdDQxMy50ZXN0 +ggl0NDE0LnRlc3SCCXQ0MTUudGVzdIIJdDQxNi50ZXN0ggl0NDE3LnRlc3SCCXQ0 +MTgudGVzdIIJdDQxOS50ZXN0ggl0NDIwLnRlc3SCCXQ0MjEudGVzdIIJdDQyMi50 +ZXN0ggl0NDIzLnRlc3SCCXQ0MjQudGVzdIIJdDQyNS50ZXN0ggl0NDI2LnRlc3SC +CXQ0MjcudGVzdIIJdDQyOC50ZXN0ggl0NDI5LnRlc3SCCXQ0MzAudGVzdIIJdDQz +MS50ZXN0ggl0NDMyLnRlc3SCCXQ0MzMudGVzdIIJdDQzNC50ZXN0ggl0NDM1LnRl +c3SCCXQ0MzYudGVzdIIJdDQzNy50ZXN0ggl0NDM4LnRlc3SCCXQ0MzkudGVzdIIJ +dDQ0MC50ZXN0ggl0NDQxLnRlc3SCCXQ0NDIudGVzdIIJdDQ0My50ZXN0ggl0NDQ0 +LnRlc3SCCXQ0NDUudGVzdIIJdDQ0Ni50ZXN0ggl0NDQ3LnRlc3SCCXQ0NDgudGVz +dIIJdDQ0OS50ZXN0ggl0NDUwLnRlc3SCCXQ0NTEudGVzdIIJdDQ1Mi50ZXN0ggl0 +NDUzLnRlc3SCCXQ0NTQudGVzdIIJdDQ1NS50ZXN0ggl0NDU2LnRlc3SCCXQ0NTcu +dGVzdIIJdDQ1OC50ZXN0ggl0NDU5LnRlc3SCCXQ0NjAudGVzdIIJdDQ2MS50ZXN0 +ggl0NDYyLnRlc3SCCXQ0NjMudGVzdIIJdDQ2NC50ZXN0ggl0NDY1LnRlc3SCCXQ0 +NjYudGVzdIIJdDQ2Ny50ZXN0ggl0NDY4LnRlc3SCCXQ0NjkudGVzdIIJdDQ3MC50 +ZXN0ggl0NDcxLnRlc3SCCXQ0NzIudGVzdIIJdDQ3My50ZXN0ggl0NDc0LnRlc3SC +CXQ0NzUudGVzdIIJdDQ3Ni50ZXN0ggl0NDc3LnRlc3SCCXQ0NzgudGVzdIIJdDQ3 +OS50ZXN0ggl0NDgwLnRlc3SCCXQ0ODEudGVzdIIJdDQ4Mi50ZXN0ggl0NDgzLnRl +c3SCCXQ0ODQudGVzdIIJdDQ4NS50ZXN0ggl0NDg2LnRlc3SCCXQ0ODcudGVzdIIJ +dDQ4OC50ZXN0ggl0NDg5LnRlc3SCCXQ0OTAudGVzdIIJdDQ5MS50ZXN0ggl0NDky +LnRlc3SCCXQ0OTMudGVzdIIJdDQ5NC50ZXN0ggl0NDk1LnRlc3SCCXQ0OTYudGVz +dIIJdDQ5Ny50ZXN0ggl0NDk4LnRlc3SCCXQ0OTkudGVzdIIJdDUwMC50ZXN0ggl0 +NTAxLnRlc3SCCXQ1MDIudGVzdIIJdDUwMy50ZXN0ggl0NTA0LnRlc3SCCXQ1MDUu +dGVzdIIJdDUwNi50ZXN0ggl0NTA3LnRlc3SCCXQ1MDgudGVzdIIJdDUwOS50ZXN0 +ggl0NTEwLnRlc3SCCXQ1MTEudGVzdIIJdDUxMi50ZXN0MA0GCSqGSIb3DQEBCwUA +A4IBAQCp6JcB0NWRQJSgjsI0ycv1gpuoo2k/NjPlkYCcsLwmTPRVdpBHi9MJNS2i +MKPk7Wek2y9wJw6QPq9fMi/XSmEqRcFC8uBZ9evyTwmVbzzRsEN3qGHCrVdOnVLa +D7x7NjoTLApVNelYTxMPEennTd9+we8cl0T2TqosTnbxyvP+pnwtpazjDAFKlt8e +JpLRlRtWR/aScZ+P8CGj4b3prp12NJIAPG9W2ZqiHNLNMhTQG4Bz+O5+zMnIbC+e +Ahc4co+A/7qzselNZL1pcFFyRtTeLAcREuZVTTRa/EXmlLqzMe+UEEinEtdktnPL +KO0ED3qPXggpBbFaa4/PVubBS4QU +-----END CERTIFICATE----- diff --git a/openssl-1.1.0h/test/certs/many-names2.pem b/openssl-1.1.0h/test/certs/many-names2.pem new file mode 100644 index 0000000..842ac60 --- /dev/null +++ b/openssl-1.1.0h/test/certs/many-names2.pem @@ -0,0 +1,251 @@ +-----BEGIN CERTIFICATE----- +MIIunDCCLYSgAwIBAgIBAzANBgkqhkiG9w0BAQsFADANMQswCQYDVQQDEwJDQTAg +Fw0wMDAxMDEwMDAwMDBaGA8yMTAwMDEwMTAwMDAwMFowEjEQMA4GA1UEAxMHdDAu +dGVzdDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALoL2oQZEgFBdXwu +Pb29W75T63JfNJKKdYi6YrmKM+EKbcMue/hFrLGQXB6a2eQZFn+j3hmexeQF9T8i +Wxh2S6rzAr1Yj+qXeDBaMf4oBEiEhBxIsaIlws3qQa4baeVEEoxw+A+ISrYHTIFc +V/i0bcIFt5p7v7wbu686a/w0vIqPfad5amdQJMvmjZXDI+jGMvFPmBRHr2/1dJUW +PaKsJluwR514pJv74urIyEt+dFPM2/5kc2HiLNkeuS1Hbky+dPlDIGrfaHHsCNnb +/GjvQ6YfvDXRrYPCxWMk0x3FMSaDK9T0zoJ5hE9fViR+D6xcJO2RNUCUENS+Iipj +3kIrLbkCAwEAAaOCK/4wgiv6MA4GA1UdDwEB/wQEAwIFoDATBgNVHSUEDDAKBggr +BgEFBQcDATAMBgNVHRMBAf8EAjAAMIIrwwYDVR0RBIIrujCCK7aCB3QwLnRlc3SC +B3QxLnRlc3SCB3QyLnRlc3SCB3QzLnRlc3SCB3Q0LnRlc3SCB3Q1LnRlc3SCB3Q2 +LnRlc3SCB3Q3LnRlc3SCB3Q4LnRlc3SCB3Q5LnRlc3SCCHQxMC50ZXN0ggh0MTEu +dGVzdIIIdDEyLnRlc3SCCHQxMy50ZXN0ggh0MTQudGVzdIIIdDE1LnRlc3SCCHQx +Ni50ZXN0ggh0MTcudGVzdIIIdDE4LnRlc3SCCHQxOS50ZXN0ggh0MjAudGVzdIII +dDIxLnRlc3SCCHQyMi50ZXN0ggh0MjMudGVzdIIIdDI0LnRlc3SCCHQyNS50ZXN0 +ggh0MjYudGVzdIIIdDI3LnRlc3SCCHQyOC50ZXN0ggh0MjkudGVzdIIIdDMwLnRl +c3SCCHQzMS50ZXN0ggh0MzIudGVzdIIIdDMzLnRlc3SCCHQzNC50ZXN0ggh0MzUu +dGVzdIIIdDM2LnRlc3SCCHQzNy50ZXN0ggh0MzgudGVzdIIIdDM5LnRlc3SCCHQ0 +MC50ZXN0ggh0NDEudGVzdIIIdDQyLnRlc3SCCHQ0My50ZXN0ggh0NDQudGVzdIII +dDQ1LnRlc3SCCHQ0Ni50ZXN0ggh0NDcudGVzdIIIdDQ4LnRlc3SCCHQ0OS50ZXN0 +ggh0NTAudGVzdIIIdDUxLnRlc3SCCHQ1Mi50ZXN0ggh0NTMudGVzdIIIdDU0LnRl +c3SCCHQ1NS50ZXN0ggh0NTYudGVzdIIIdDU3LnRlc3SCCHQ1OC50ZXN0ggh0NTku +dGVzdIIIdDYwLnRlc3SCCHQ2MS50ZXN0ggh0NjIudGVzdIIIdDYzLnRlc3SCCHQ2 +NC50ZXN0ggh0NjUudGVzdIIIdDY2LnRlc3SCCHQ2Ny50ZXN0ggh0NjgudGVzdIII +dDY5LnRlc3SCCHQ3MC50ZXN0ggh0NzEudGVzdIIIdDcyLnRlc3SCCHQ3My50ZXN0 +ggh0NzQudGVzdIIIdDc1LnRlc3SCCHQ3Ni50ZXN0ggh0NzcudGVzdIIIdDc4LnRl +c3SCCHQ3OS50ZXN0ggh0ODAudGVzdIIIdDgxLnRlc3SCCHQ4Mi50ZXN0ggh0ODMu +dGVzdIIIdDg0LnRlc3SCCHQ4NS50ZXN0ggh0ODYudGVzdIIIdDg3LnRlc3SCCHQ4 +OC50ZXN0ggh0ODkudGVzdIIIdDkwLnRlc3SCCHQ5MS50ZXN0ggh0OTIudGVzdIII +dDkzLnRlc3SCCHQ5NC50ZXN0ggh0OTUudGVzdIIIdDk2LnRlc3SCCHQ5Ny50ZXN0 +ggh0OTgudGVzdIIIdDk5LnRlc3SCCXQxMDAudGVzdIIJdDEwMS50ZXN0ggl0MTAy +LnRlc3SCCXQxMDMudGVzdIIJdDEwNC50ZXN0ggl0MTA1LnRlc3SCCXQxMDYudGVz +dIIJdDEwNy50ZXN0ggl0MTA4LnRlc3SCCXQxMDkudGVzdIIJdDExMC50ZXN0ggl0 +MTExLnRlc3SCCXQxMTIudGVzdIIJdDExMy50ZXN0ggl0MTE0LnRlc3SCCXQxMTUu +dGVzdIIJdDExNi50ZXN0ggl0MTE3LnRlc3SCCXQxMTgudGVzdIIJdDExOS50ZXN0 +ggl0MTIwLnRlc3SCCXQxMjEudGVzdIIJdDEyMi50ZXN0ggl0MTIzLnRlc3SCCXQx +MjQudGVzdIIJdDEyNS50ZXN0ggl0MTI2LnRlc3SCCXQxMjcudGVzdIIJdDEyOC50 +ZXN0ggl0MTI5LnRlc3SCCXQxMzAudGVzdIIJdDEzMS50ZXN0ggl0MTMyLnRlc3SC +CXQxMzMudGVzdIIJdDEzNC50ZXN0ggl0MTM1LnRlc3SCCXQxMzYudGVzdIIJdDEz +Ny50ZXN0ggl0MTM4LnRlc3SCCXQxMzkudGVzdIIJdDE0MC50ZXN0ggl0MTQxLnRl +c3SCCXQxNDIudGVzdIIJdDE0My50ZXN0ggl0MTQ0LnRlc3SCCXQxNDUudGVzdIIJ +dDE0Ni50ZXN0ggl0MTQ3LnRlc3SCCXQxNDgudGVzdIIJdDE0OS50ZXN0ggl0MTUw +LnRlc3SCCXQxNTEudGVzdIIJdDE1Mi50ZXN0ggl0MTUzLnRlc3SCCXQxNTQudGVz +dIIJdDE1NS50ZXN0ggl0MTU2LnRlc3SCCXQxNTcudGVzdIIJdDE1OC50ZXN0ggl0 +MTU5LnRlc3SCCXQxNjAudGVzdIIJdDE2MS50ZXN0ggl0MTYyLnRlc3SCCXQxNjMu +dGVzdIIJdDE2NC50ZXN0ggl0MTY1LnRlc3SCCXQxNjYudGVzdIIJdDE2Ny50ZXN0 +ggl0MTY4LnRlc3SCCXQxNjkudGVzdIIJdDE3MC50ZXN0ggl0MTcxLnRlc3SCCXQx +NzIudGVzdIIJdDE3My50ZXN0ggl0MTc0LnRlc3SCCXQxNzUudGVzdIIJdDE3Ni50 +ZXN0ggl0MTc3LnRlc3SCCXQxNzgudGVzdIIJdDE3OS50ZXN0ggl0MTgwLnRlc3SC +CXQxODEudGVzdIIJdDE4Mi50ZXN0ggl0MTgzLnRlc3SCCXQxODQudGVzdIIJdDE4 +NS50ZXN0ggl0MTg2LnRlc3SCCXQxODcudGVzdIIJdDE4OC50ZXN0ggl0MTg5LnRl +c3SCCXQxOTAudGVzdIIJdDE5MS50ZXN0ggl0MTkyLnRlc3SCCXQxOTMudGVzdIIJ +dDE5NC50ZXN0ggl0MTk1LnRlc3SCCXQxOTYudGVzdIIJdDE5Ny50ZXN0ggl0MTk4 +LnRlc3SCCXQxOTkudGVzdIIJdDIwMC50ZXN0ggl0MjAxLnRlc3SCCXQyMDIudGVz +dIIJdDIwMy50ZXN0ggl0MjA0LnRlc3SCCXQyMDUudGVzdIIJdDIwNi50ZXN0ggl0 +MjA3LnRlc3SCCXQyMDgudGVzdIIJdDIwOS50ZXN0ggl0MjEwLnRlc3SCCXQyMTEu +dGVzdIIJdDIxMi50ZXN0ggl0MjEzLnRlc3SCCXQyMTQudGVzdIIJdDIxNS50ZXN0 +ggl0MjE2LnRlc3SCCXQyMTcudGVzdIIJdDIxOC50ZXN0ggl0MjE5LnRlc3SCCXQy +MjAudGVzdIIJdDIyMS50ZXN0ggl0MjIyLnRlc3SCCXQyMjMudGVzdIIJdDIyNC50 +ZXN0ggl0MjI1LnRlc3SCCXQyMjYudGVzdIIJdDIyNy50ZXN0ggl0MjI4LnRlc3SC +CXQyMjkudGVzdIIJdDIzMC50ZXN0ggl0MjMxLnRlc3SCCXQyMzIudGVzdIIJdDIz +My50ZXN0ggl0MjM0LnRlc3SCCXQyMzUudGVzdIIJdDIzNi50ZXN0ggl0MjM3LnRl +c3SCCXQyMzgudGVzdIIJdDIzOS50ZXN0ggl0MjQwLnRlc3SCCXQyNDEudGVzdIIJ +dDI0Mi50ZXN0ggl0MjQzLnRlc3SCCXQyNDQudGVzdIIJdDI0NS50ZXN0ggl0MjQ2 +LnRlc3SCCXQyNDcudGVzdIIJdDI0OC50ZXN0ggl0MjQ5LnRlc3SCCXQyNTAudGVz +dIIJdDI1MS50ZXN0ggl0MjUyLnRlc3SCCXQyNTMudGVzdIIJdDI1NC50ZXN0ggl0 +MjU1LnRlc3SCCXQyNTYudGVzdIIJdDI1Ny50ZXN0ggl0MjU4LnRlc3SCCXQyNTku +dGVzdIIJdDI2MC50ZXN0ggl0MjYxLnRlc3SCCXQyNjIudGVzdIIJdDI2My50ZXN0 +ggl0MjY0LnRlc3SCCXQyNjUudGVzdIIJdDI2Ni50ZXN0ggl0MjY3LnRlc3SCCXQy +NjgudGVzdIIJdDI2OS50ZXN0ggl0MjcwLnRlc3SCCXQyNzEudGVzdIIJdDI3Mi50 +ZXN0ggl0MjczLnRlc3SCCXQyNzQudGVzdIIJdDI3NS50ZXN0ggl0Mjc2LnRlc3SC +CXQyNzcudGVzdIIJdDI3OC50ZXN0ggl0Mjc5LnRlc3SCCXQyODAudGVzdIIJdDI4 +MS50ZXN0ggl0MjgyLnRlc3SCCXQyODMudGVzdIIJdDI4NC50ZXN0ggl0Mjg1LnRl +c3SCCXQyODYudGVzdIIJdDI4Ny50ZXN0ggl0Mjg4LnRlc3SCCXQyODkudGVzdIIJ +dDI5MC50ZXN0ggl0MjkxLnRlc3SCCXQyOTIudGVzdIIJdDI5My50ZXN0ggl0Mjk0 +LnRlc3SCCXQyOTUudGVzdIIJdDI5Ni50ZXN0ggl0Mjk3LnRlc3SCCXQyOTgudGVz +dIIJdDI5OS50ZXN0ggl0MzAwLnRlc3SCCXQzMDEudGVzdIIJdDMwMi50ZXN0ggl0 +MzAzLnRlc3SCCXQzMDQudGVzdIIJdDMwNS50ZXN0ggl0MzA2LnRlc3SCCXQzMDcu +dGVzdIIJdDMwOC50ZXN0ggl0MzA5LnRlc3SCCXQzMTAudGVzdIIJdDMxMS50ZXN0 +ggl0MzEyLnRlc3SCCXQzMTMudGVzdIIJdDMxNC50ZXN0ggl0MzE1LnRlc3SCCXQz +MTYudGVzdIIJdDMxNy50ZXN0ggl0MzE4LnRlc3SCCXQzMTkudGVzdIIJdDMyMC50 +ZXN0ggl0MzIxLnRlc3SCCXQzMjIudGVzdIIJdDMyMy50ZXN0ggl0MzI0LnRlc3SC +CXQzMjUudGVzdIIJdDMyNi50ZXN0ggl0MzI3LnRlc3SCCXQzMjgudGVzdIIJdDMy +OS50ZXN0ggl0MzMwLnRlc3SCCXQzMzEudGVzdIIJdDMzMi50ZXN0ggl0MzMzLnRl +c3SCCXQzMzQudGVzdIIJdDMzNS50ZXN0ggl0MzM2LnRlc3SCCXQzMzcudGVzdIIJ +dDMzOC50ZXN0ggl0MzM5LnRlc3SCCXQzNDAudGVzdIIJdDM0MS50ZXN0ggl0MzQy +LnRlc3SCCXQzNDMudGVzdIIJdDM0NC50ZXN0ggl0MzQ1LnRlc3SCCXQzNDYudGVz +dIIJdDM0Ny50ZXN0ggl0MzQ4LnRlc3SCCXQzNDkudGVzdIIJdDM1MC50ZXN0ggl0 +MzUxLnRlc3SCCXQzNTIudGVzdIIJdDM1My50ZXN0ggl0MzU0LnRlc3SCCXQzNTUu +dGVzdIIJdDM1Ni50ZXN0ggl0MzU3LnRlc3SCCXQzNTgudGVzdIIJdDM1OS50ZXN0 +ggl0MzYwLnRlc3SCCXQzNjEudGVzdIIJdDM2Mi50ZXN0ggl0MzYzLnRlc3SCCXQz +NjQudGVzdIIJdDM2NS50ZXN0ggl0MzY2LnRlc3SCCXQzNjcudGVzdIIJdDM2OC50 +ZXN0ggl0MzY5LnRlc3SCCXQzNzAudGVzdIIJdDM3MS50ZXN0ggl0MzcyLnRlc3SC +CXQzNzMudGVzdIIJdDM3NC50ZXN0ggl0Mzc1LnRlc3SCCXQzNzYudGVzdIIJdDM3 +Ny50ZXN0ggl0Mzc4LnRlc3SCCXQzNzkudGVzdIIJdDM4MC50ZXN0ggl0MzgxLnRl +c3SCCXQzODIudGVzdIIJdDM4My50ZXN0ggl0Mzg0LnRlc3SCCXQzODUudGVzdIIJ +dDM4Ni50ZXN0ggl0Mzg3LnRlc3SCCXQzODgudGVzdIIJdDM4OS50ZXN0ggl0Mzkw +LnRlc3SCCXQzOTEudGVzdIIJdDM5Mi50ZXN0ggl0MzkzLnRlc3SCCXQzOTQudGVz +dIIJdDM5NS50ZXN0ggl0Mzk2LnRlc3SCCXQzOTcudGVzdIIJdDM5OC50ZXN0ggl0 +Mzk5LnRlc3SCCXQ0MDAudGVzdIIJdDQwMS50ZXN0ggl0NDAyLnRlc3SCCXQ0MDMu +dGVzdIIJdDQwNC50ZXN0ggl0NDA1LnRlc3SCCXQ0MDYudGVzdIIJdDQwNy50ZXN0 +ggl0NDA4LnRlc3SCCXQ0MDkudGVzdIIJdDQxMC50ZXN0ggl0NDExLnRlc3SCCXQ0 +MTIudGVzdIIJdDQxMy50ZXN0ggl0NDE0LnRlc3SCCXQ0MTUudGVzdIIJdDQxNi50 +ZXN0ggl0NDE3LnRlc3SCCXQ0MTgudGVzdIIJdDQxOS50ZXN0ggl0NDIwLnRlc3SC +CXQ0MjEudGVzdIIJdDQyMi50ZXN0ggl0NDIzLnRlc3SCCXQ0MjQudGVzdIIJdDQy +NS50ZXN0ggl0NDI2LnRlc3SCCXQ0MjcudGVzdIIJdDQyOC50ZXN0ggl0NDI5LnRl +c3SCCXQ0MzAudGVzdIIJdDQzMS50ZXN0ggl0NDMyLnRlc3SCCXQ0MzMudGVzdIIJ +dDQzNC50ZXN0ggl0NDM1LnRlc3SCCXQ0MzYudGVzdIIJdDQzNy50ZXN0ggl0NDM4 +LnRlc3SCCXQ0MzkudGVzdIIJdDQ0MC50ZXN0ggl0NDQxLnRlc3SCCXQ0NDIudGVz +dIIJdDQ0My50ZXN0ggl0NDQ0LnRlc3SCCXQ0NDUudGVzdIIJdDQ0Ni50ZXN0ggl0 +NDQ3LnRlc3SCCXQ0NDgudGVzdIIJdDQ0OS50ZXN0ggl0NDUwLnRlc3SCCXQ0NTEu +dGVzdIIJdDQ1Mi50ZXN0ggl0NDUzLnRlc3SCCXQ0NTQudGVzdIIJdDQ1NS50ZXN0 +ggl0NDU2LnRlc3SCCXQ0NTcudGVzdIIJdDQ1OC50ZXN0ggl0NDU5LnRlc3SCCXQ0 +NjAudGVzdIIJdDQ2MS50ZXN0ggl0NDYyLnRlc3SCCXQ0NjMudGVzdIIJdDQ2NC50 +ZXN0ggl0NDY1LnRlc3SCCXQ0NjYudGVzdIIJdDQ2Ny50ZXN0ggl0NDY4LnRlc3SC +CXQ0NjkudGVzdIIJdDQ3MC50ZXN0ggl0NDcxLnRlc3SCCXQ0NzIudGVzdIIJdDQ3 +My50ZXN0ggl0NDc0LnRlc3SCCXQ0NzUudGVzdIIJdDQ3Ni50ZXN0ggl0NDc3LnRl +c3SCCXQ0NzgudGVzdIIJdDQ3OS50ZXN0ggl0NDgwLnRlc3SCCXQ0ODEudGVzdIIJ +dDQ4Mi50ZXN0ggl0NDgzLnRlc3SCCXQ0ODQudGVzdIIJdDQ4NS50ZXN0ggl0NDg2 +LnRlc3SCCXQ0ODcudGVzdIIJdDQ4OC50ZXN0ggl0NDg5LnRlc3SCCXQ0OTAudGVz +dIIJdDQ5MS50ZXN0ggl0NDkyLnRlc3SCCXQ0OTMudGVzdIIJdDQ5NC50ZXN0ggl0 +NDk1LnRlc3SCCXQ0OTYudGVzdIIJdDQ5Ny50ZXN0ggl0NDk4LnRlc3SCCXQ0OTku +dGVzdIIJdDUwMC50ZXN0ggl0NTAxLnRlc3SCCXQ1MDIudGVzdIIJdDUwMy50ZXN0 +ggl0NTA0LnRlc3SCCXQ1MDUudGVzdIIJdDUwNi50ZXN0ggl0NTA3LnRlc3SCCXQ1 +MDgudGVzdIIJdDUwOS50ZXN0ggl0NTEwLnRlc3SCCXQ1MTEudGVzdIIJdDUxMi50 +ZXN0ggl0NTEzLnRlc3SCCXQ1MTQudGVzdIIJdDUxNS50ZXN0ggl0NTE2LnRlc3SC +CXQ1MTcudGVzdIIJdDUxOC50ZXN0ggl0NTE5LnRlc3SCCXQ1MjAudGVzdIIJdDUy +MS50ZXN0ggl0NTIyLnRlc3SCCXQ1MjMudGVzdIIJdDUyNC50ZXN0ggl0NTI1LnRl +c3SCCXQ1MjYudGVzdIIJdDUyNy50ZXN0ggl0NTI4LnRlc3SCCXQ1MjkudGVzdIIJ +dDUzMC50ZXN0ggl0NTMxLnRlc3SCCXQ1MzIudGVzdIIJdDUzMy50ZXN0ggl0NTM0 +LnRlc3SCCXQ1MzUudGVzdIIJdDUzNi50ZXN0ggl0NTM3LnRlc3SCCXQ1MzgudGVz +dIIJdDUzOS50ZXN0ggl0NTQwLnRlc3SCCXQ1NDEudGVzdIIJdDU0Mi50ZXN0ggl0 +NTQzLnRlc3SCCXQ1NDQudGVzdIIJdDU0NS50ZXN0ggl0NTQ2LnRlc3SCCXQ1NDcu +dGVzdIIJdDU0OC50ZXN0ggl0NTQ5LnRlc3SCCXQ1NTAudGVzdIIJdDU1MS50ZXN0 +ggl0NTUyLnRlc3SCCXQ1NTMudGVzdIIJdDU1NC50ZXN0ggl0NTU1LnRlc3SCCXQ1 +NTYudGVzdIIJdDU1Ny50ZXN0ggl0NTU4LnRlc3SCCXQ1NTkudGVzdIIJdDU2MC50 +ZXN0ggl0NTYxLnRlc3SCCXQ1NjIudGVzdIIJdDU2My50ZXN0ggl0NTY0LnRlc3SC +CXQ1NjUudGVzdIIJdDU2Ni50ZXN0ggl0NTY3LnRlc3SCCXQ1NjgudGVzdIIJdDU2 +OS50ZXN0ggl0NTcwLnRlc3SCCXQ1NzEudGVzdIIJdDU3Mi50ZXN0ggl0NTczLnRl +c3SCCXQ1NzQudGVzdIIJdDU3NS50ZXN0ggl0NTc2LnRlc3SCCXQ1NzcudGVzdIIJ +dDU3OC50ZXN0ggl0NTc5LnRlc3SCCXQ1ODAudGVzdIIJdDU4MS50ZXN0ggl0NTgy +LnRlc3SCCXQ1ODMudGVzdIIJdDU4NC50ZXN0ggl0NTg1LnRlc3SCCXQ1ODYudGVz +dIIJdDU4Ny50ZXN0ggl0NTg4LnRlc3SCCXQ1ODkudGVzdIIJdDU5MC50ZXN0ggl0 +NTkxLnRlc3SCCXQ1OTIudGVzdIIJdDU5My50ZXN0ggl0NTk0LnRlc3SCCXQ1OTUu +dGVzdIIJdDU5Ni50ZXN0ggl0NTk3LnRlc3SCCXQ1OTgudGVzdIIJdDU5OS50ZXN0 +ggl0NjAwLnRlc3SCCXQ2MDEudGVzdIIJdDYwMi50ZXN0ggl0NjAzLnRlc3SCCXQ2 +MDQudGVzdIIJdDYwNS50ZXN0ggl0NjA2LnRlc3SCCXQ2MDcudGVzdIIJdDYwOC50 +ZXN0ggl0NjA5LnRlc3SCCXQ2MTAudGVzdIIJdDYxMS50ZXN0ggl0NjEyLnRlc3SC +CXQ2MTMudGVzdIIJdDYxNC50ZXN0ggl0NjE1LnRlc3SCCXQ2MTYudGVzdIIJdDYx +Ny50ZXN0ggl0NjE4LnRlc3SCCXQ2MTkudGVzdIIJdDYyMC50ZXN0ggl0NjIxLnRl +c3SCCXQ2MjIudGVzdIIJdDYyMy50ZXN0ggl0NjI0LnRlc3SCCXQ2MjUudGVzdIIJ +dDYyNi50ZXN0ggl0NjI3LnRlc3SCCXQ2MjgudGVzdIIJdDYyOS50ZXN0ggl0NjMw +LnRlc3SCCXQ2MzEudGVzdIIJdDYzMi50ZXN0ggl0NjMzLnRlc3SCCXQ2MzQudGVz +dIIJdDYzNS50ZXN0ggl0NjM2LnRlc3SCCXQ2MzcudGVzdIIJdDYzOC50ZXN0ggl0 +NjM5LnRlc3SCCXQ2NDAudGVzdIIJdDY0MS50ZXN0ggl0NjQyLnRlc3SCCXQ2NDMu +dGVzdIIJdDY0NC50ZXN0ggl0NjQ1LnRlc3SCCXQ2NDYudGVzdIIJdDY0Ny50ZXN0 +ggl0NjQ4LnRlc3SCCXQ2NDkudGVzdIIJdDY1MC50ZXN0ggl0NjUxLnRlc3SCCXQ2 +NTIudGVzdIIJdDY1My50ZXN0ggl0NjU0LnRlc3SCCXQ2NTUudGVzdIIJdDY1Ni50 +ZXN0ggl0NjU3LnRlc3SCCXQ2NTgudGVzdIIJdDY1OS50ZXN0ggl0NjYwLnRlc3SC +CXQ2NjEudGVzdIIJdDY2Mi50ZXN0ggl0NjYzLnRlc3SCCXQ2NjQudGVzdIIJdDY2 +NS50ZXN0ggl0NjY2LnRlc3SCCXQ2NjcudGVzdIIJdDY2OC50ZXN0ggl0NjY5LnRl +c3SCCXQ2NzAudGVzdIIJdDY3MS50ZXN0ggl0NjcyLnRlc3SCCXQ2NzMudGVzdIIJ +dDY3NC50ZXN0ggl0Njc1LnRlc3SCCXQ2NzYudGVzdIIJdDY3Ny50ZXN0ggl0Njc4 +LnRlc3SCCXQ2NzkudGVzdIIJdDY4MC50ZXN0ggl0NjgxLnRlc3SCCXQ2ODIudGVz +dIIJdDY4My50ZXN0ggl0Njg0LnRlc3SCCXQ2ODUudGVzdIIJdDY4Ni50ZXN0ggl0 +Njg3LnRlc3SCCXQ2ODgudGVzdIIJdDY4OS50ZXN0ggl0NjkwLnRlc3SCCXQ2OTEu +dGVzdIIJdDY5Mi50ZXN0ggl0NjkzLnRlc3SCCXQ2OTQudGVzdIIJdDY5NS50ZXN0 +ggl0Njk2LnRlc3SCCXQ2OTcudGVzdIIJdDY5OC50ZXN0ggl0Njk5LnRlc3SCCXQ3 +MDAudGVzdIIJdDcwMS50ZXN0ggl0NzAyLnRlc3SCCXQ3MDMudGVzdIIJdDcwNC50 +ZXN0ggl0NzA1LnRlc3SCCXQ3MDYudGVzdIIJdDcwNy50ZXN0ggl0NzA4LnRlc3SC +CXQ3MDkudGVzdIIJdDcxMC50ZXN0ggl0NzExLnRlc3SCCXQ3MTIudGVzdIIJdDcx +My50ZXN0ggl0NzE0LnRlc3SCCXQ3MTUudGVzdIIJdDcxNi50ZXN0ggl0NzE3LnRl +c3SCCXQ3MTgudGVzdIIJdDcxOS50ZXN0ggl0NzIwLnRlc3SCCXQ3MjEudGVzdIIJ +dDcyMi50ZXN0ggl0NzIzLnRlc3SCCXQ3MjQudGVzdIIJdDcyNS50ZXN0ggl0NzI2 +LnRlc3SCCXQ3MjcudGVzdIIJdDcyOC50ZXN0ggl0NzI5LnRlc3SCCXQ3MzAudGVz +dIIJdDczMS50ZXN0ggl0NzMyLnRlc3SCCXQ3MzMudGVzdIIJdDczNC50ZXN0ggl0 +NzM1LnRlc3SCCXQ3MzYudGVzdIIJdDczNy50ZXN0ggl0NzM4LnRlc3SCCXQ3Mzku +dGVzdIIJdDc0MC50ZXN0ggl0NzQxLnRlc3SCCXQ3NDIudGVzdIIJdDc0My50ZXN0 +ggl0NzQ0LnRlc3SCCXQ3NDUudGVzdIIJdDc0Ni50ZXN0ggl0NzQ3LnRlc3SCCXQ3 +NDgudGVzdIIJdDc0OS50ZXN0ggl0NzUwLnRlc3SCCXQ3NTEudGVzdIIJdDc1Mi50 +ZXN0ggl0NzUzLnRlc3SCCXQ3NTQudGVzdIIJdDc1NS50ZXN0ggl0NzU2LnRlc3SC +CXQ3NTcudGVzdIIJdDc1OC50ZXN0ggl0NzU5LnRlc3SCCXQ3NjAudGVzdIIJdDc2 +MS50ZXN0ggl0NzYyLnRlc3SCCXQ3NjMudGVzdIIJdDc2NC50ZXN0ggl0NzY1LnRl +c3SCCXQ3NjYudGVzdIIJdDc2Ny50ZXN0ggl0NzY4LnRlc3SCCXQ3NjkudGVzdIIJ +dDc3MC50ZXN0ggl0NzcxLnRlc3SCCXQ3NzIudGVzdIIJdDc3My50ZXN0ggl0Nzc0 +LnRlc3SCCXQ3NzUudGVzdIIJdDc3Ni50ZXN0ggl0Nzc3LnRlc3SCCXQ3NzgudGVz +dIIJdDc3OS50ZXN0ggl0NzgwLnRlc3SCCXQ3ODEudGVzdIIJdDc4Mi50ZXN0ggl0 +NzgzLnRlc3SCCXQ3ODQudGVzdIIJdDc4NS50ZXN0ggl0Nzg2LnRlc3SCCXQ3ODcu +dGVzdIIJdDc4OC50ZXN0ggl0Nzg5LnRlc3SCCXQ3OTAudGVzdIIJdDc5MS50ZXN0 +ggl0NzkyLnRlc3SCCXQ3OTMudGVzdIIJdDc5NC50ZXN0ggl0Nzk1LnRlc3SCCXQ3 +OTYudGVzdIIJdDc5Ny50ZXN0ggl0Nzk4LnRlc3SCCXQ3OTkudGVzdIIJdDgwMC50 +ZXN0ggl0ODAxLnRlc3SCCXQ4MDIudGVzdIIJdDgwMy50ZXN0ggl0ODA0LnRlc3SC +CXQ4MDUudGVzdIIJdDgwNi50ZXN0ggl0ODA3LnRlc3SCCXQ4MDgudGVzdIIJdDgw +OS50ZXN0ggl0ODEwLnRlc3SCCXQ4MTEudGVzdIIJdDgxMi50ZXN0ggl0ODEzLnRl +c3SCCXQ4MTQudGVzdIIJdDgxNS50ZXN0ggl0ODE2LnRlc3SCCXQ4MTcudGVzdIIJ +dDgxOC50ZXN0ggl0ODE5LnRlc3SCCXQ4MjAudGVzdIIJdDgyMS50ZXN0ggl0ODIy +LnRlc3SCCXQ4MjMudGVzdIIJdDgyNC50ZXN0ggl0ODI1LnRlc3SCCXQ4MjYudGVz +dIIJdDgyNy50ZXN0ggl0ODI4LnRlc3SCCXQ4MjkudGVzdIIJdDgzMC50ZXN0ggl0 +ODMxLnRlc3SCCXQ4MzIudGVzdIIJdDgzMy50ZXN0ggl0ODM0LnRlc3SCCXQ4MzUu +dGVzdIIJdDgzNi50ZXN0ggl0ODM3LnRlc3SCCXQ4MzgudGVzdIIJdDgzOS50ZXN0 +ggl0ODQwLnRlc3SCCXQ4NDEudGVzdIIJdDg0Mi50ZXN0ggl0ODQzLnRlc3SCCXQ4 +NDQudGVzdIIJdDg0NS50ZXN0ggl0ODQ2LnRlc3SCCXQ4NDcudGVzdIIJdDg0OC50 +ZXN0ggl0ODQ5LnRlc3SCCXQ4NTAudGVzdIIJdDg1MS50ZXN0ggl0ODUyLnRlc3SC +CXQ4NTMudGVzdIIJdDg1NC50ZXN0ggl0ODU1LnRlc3SCCXQ4NTYudGVzdIIJdDg1 +Ny50ZXN0ggl0ODU4LnRlc3SCCXQ4NTkudGVzdIIJdDg2MC50ZXN0ggl0ODYxLnRl +c3SCCXQ4NjIudGVzdIIJdDg2My50ZXN0ggl0ODY0LnRlc3SCCXQ4NjUudGVzdIIJ +dDg2Ni50ZXN0ggl0ODY3LnRlc3SCCXQ4NjgudGVzdIIJdDg2OS50ZXN0ggl0ODcw +LnRlc3SCCXQ4NzEudGVzdIIJdDg3Mi50ZXN0ggl0ODczLnRlc3SCCXQ4NzQudGVz +dIIJdDg3NS50ZXN0ggl0ODc2LnRlc3SCCXQ4NzcudGVzdIIJdDg3OC50ZXN0ggl0 +ODc5LnRlc3SCCXQ4ODAudGVzdIIJdDg4MS50ZXN0ggl0ODgyLnRlc3SCCXQ4ODMu +dGVzdIIJdDg4NC50ZXN0ggl0ODg1LnRlc3SCCXQ4ODYudGVzdIIJdDg4Ny50ZXN0 +ggl0ODg4LnRlc3SCCXQ4ODkudGVzdIIJdDg5MC50ZXN0ggl0ODkxLnRlc3SCCXQ4 +OTIudGVzdIIJdDg5My50ZXN0ggl0ODk0LnRlc3SCCXQ4OTUudGVzdIIJdDg5Ni50 +ZXN0ggl0ODk3LnRlc3SCCXQ4OTgudGVzdIIJdDg5OS50ZXN0ggl0OTAwLnRlc3SC +CXQ5MDEudGVzdIIJdDkwMi50ZXN0ggl0OTAzLnRlc3SCCXQ5MDQudGVzdIIJdDkw +NS50ZXN0ggl0OTA2LnRlc3SCCXQ5MDcudGVzdIIJdDkwOC50ZXN0ggl0OTA5LnRl +c3SCCXQ5MTAudGVzdIIJdDkxMS50ZXN0ggl0OTEyLnRlc3SCCXQ5MTMudGVzdIIJ +dDkxNC50ZXN0ggl0OTE1LnRlc3SCCXQ5MTYudGVzdIIJdDkxNy50ZXN0ggl0OTE4 +LnRlc3SCCXQ5MTkudGVzdIIJdDkyMC50ZXN0ggl0OTIxLnRlc3SCCXQ5MjIudGVz +dIIJdDkyMy50ZXN0ggl0OTI0LnRlc3SCCXQ5MjUudGVzdIIJdDkyNi50ZXN0ggl0 +OTI3LnRlc3SCCXQ5MjgudGVzdIIJdDkyOS50ZXN0ggl0OTMwLnRlc3SCCXQ5MzEu +dGVzdIIJdDkzMi50ZXN0ggl0OTMzLnRlc3SCCXQ5MzQudGVzdIIJdDkzNS50ZXN0 +ggl0OTM2LnRlc3SCCXQ5MzcudGVzdIIJdDkzOC50ZXN0ggl0OTM5LnRlc3SCCXQ5 +NDAudGVzdIIJdDk0MS50ZXN0ggl0OTQyLnRlc3SCCXQ5NDMudGVzdIIJdDk0NC50 +ZXN0ggl0OTQ1LnRlc3SCCXQ5NDYudGVzdIIJdDk0Ny50ZXN0ggl0OTQ4LnRlc3SC +CXQ5NDkudGVzdIIJdDk1MC50ZXN0ggl0OTUxLnRlc3SCCXQ5NTIudGVzdIIJdDk1 +My50ZXN0ggl0OTU0LnRlc3SCCXQ5NTUudGVzdIIJdDk1Ni50ZXN0ggl0OTU3LnRl +c3SCCXQ5NTgudGVzdIIJdDk1OS50ZXN0ggl0OTYwLnRlc3SCCXQ5NjEudGVzdIIJ +dDk2Mi50ZXN0ggl0OTYzLnRlc3SCCXQ5NjQudGVzdIIJdDk2NS50ZXN0ggl0OTY2 +LnRlc3SCCXQ5NjcudGVzdIIJdDk2OC50ZXN0ggl0OTY5LnRlc3SCCXQ5NzAudGVz +dIIJdDk3MS50ZXN0ggl0OTcyLnRlc3SCCXQ5NzMudGVzdIIJdDk3NC50ZXN0ggl0 +OTc1LnRlc3SCCXQ5NzYudGVzdIIJdDk3Ny50ZXN0ggl0OTc4LnRlc3SCCXQ5Nzku +dGVzdIIJdDk4MC50ZXN0ggl0OTgxLnRlc3SCCXQ5ODIudGVzdIIJdDk4My50ZXN0 +ggl0OTg0LnRlc3SCCXQ5ODUudGVzdIIJdDk4Ni50ZXN0ggl0OTg3LnRlc3SCCXQ5 +ODgudGVzdIIJdDk4OS50ZXN0ggl0OTkwLnRlc3SCCXQ5OTEudGVzdIIJdDk5Mi50 +ZXN0ggl0OTkzLnRlc3SCCXQ5OTQudGVzdIIJdDk5NS50ZXN0ggl0OTk2LnRlc3SC +CXQ5OTcudGVzdIIJdDk5OC50ZXN0ggl0OTk5LnRlc3SCCnQxMDAwLnRlc3SCCnQx +MDAxLnRlc3SCCnQxMDAyLnRlc3SCCnQxMDAzLnRlc3SCCnQxMDA0LnRlc3SCCnQx +MDA1LnRlc3SCCnQxMDA2LnRlc3SCCnQxMDA3LnRlc3SCCnQxMDA4LnRlc3SCCnQx +MDA5LnRlc3SCCnQxMDEwLnRlc3SCCnQxMDExLnRlc3SCCnQxMDEyLnRlc3SCCnQx +MDEzLnRlc3SCCnQxMDE0LnRlc3SCCnQxMDE1LnRlc3SCCnQxMDE2LnRlc3SCCnQx +MDE3LnRlc3SCCnQxMDE4LnRlc3SCCnQxMDE5LnRlc3SCCnQxMDIwLnRlc3SCCnQx +MDIxLnRlc3SCCnQxMDIyLnRlc3SCCnQxMDIzLnRlc3SCCnQxMDI0LnRlc3QwDQYJ +KoZIhvcNAQELBQADggEBAGfZxjrjcjFw5FnJMzq7SIad+JpmvMar7VnzXj84hjoV +FuUqiclqjg1KRD7aIh5M1VEQv+AAk8UP6jMrvLJpoi5OD8ljivNA8zycj1N/LhNq +8MjZauCTS+tuXIoh5hOE/TQqY6cUxY4LRBLIFIcbH0FGF22amCtowMVbRoaUpPvr +GR5OXPAS3yRiEWrp703c21o3hw9QckB82z7Lxnt3oOFPg62EFPXiqE07Wkw/1xH4 +J9yy45XW5A77kfel22hVs873QVHI+GkKoTPe/q6eQVgesR2vpDRytKDP9K4tK4KS +6hqVxj6a8Eqund0izSV+UXkskc9iN6EPXvVTELo3hD8= +-----END CERTIFICATE----- diff --git a/openssl-1.1.0h/test/certs/many-names3.pem b/openssl-1.1.0h/test/certs/many-names3.pem new file mode 100644 index 0000000..dbfa042 --- /dev/null +++ b/openssl-1.1.0h/test/certs/many-names3.pem @@ -0,0 +1,571 @@ +-----BEGIN CERTIFICATE----- +MIJqmDCCaYCgAwIBAgIBBDANBgkqhkiG9w0BAQsFADANMQswCQYDVQQDEwJDQTAg +Fw0wMDAxMDEwMDAwMDBaGA8yMTAwMDEwMTAwMDAwMFowgmfXMRAwDgYDVQQDEwd0 +MC50ZXN0MRYwFAYJKoZIhvcNAQkBFgd0MEB0ZXN0MRYwFAYJKoZIhvcNAQkBFgd0 +MUB0ZXN0MRYwFAYJKoZIhvcNAQkBFgd0MkB0ZXN0MRYwFAYJKoZIhvcNAQkBFgd0 +M0B0ZXN0MRYwFAYJKoZIhvcNAQkBFgd0NEB0ZXN0MRYwFAYJKoZIhvcNAQkBFgd0 +NUB0ZXN0MRYwFAYJKoZIhvcNAQkBFgd0NkB0ZXN0MRYwFAYJKoZIhvcNAQkBFgd0 +N0B0ZXN0MRYwFAYJKoZIhvcNAQkBFgd0OEB0ZXN0MRYwFAYJKoZIhvcNAQkBFgd0 +OUB0ZXN0MRcwFQYJKoZIhvcNAQkBFgh0MTBAdGVzdDEXMBUGCSqGSIb3DQEJARYI +dDExQHRlc3QxFzAVBgkqhkiG9w0BCQEWCHQxMkB0ZXN0MRcwFQYJKoZIhvcNAQkB +Fgh0MTNAdGVzdDEXMBUGCSqGSIb3DQEJARYIdDE0QHRlc3QxFzAVBgkqhkiG9w0B +CQEWCHQxNUB0ZXN0MRcwFQYJKoZIhvcNAQkBFgh0MTZAdGVzdDEXMBUGCSqGSIb3 +DQEJARYIdDE3QHRlc3QxFzAVBgkqhkiG9w0BCQEWCHQxOEB0ZXN0MRcwFQYJKoZI +hvcNAQkBFgh0MTlAdGVzdDEXMBUGCSqGSIb3DQEJARYIdDIwQHRlc3QxFzAVBgkq +hkiG9w0BCQEWCHQyMUB0ZXN0MRcwFQYJKoZIhvcNAQkBFgh0MjJAdGVzdDEXMBUG +CSqGSIb3DQEJARYIdDIzQHRlc3QxFzAVBgkqhkiG9w0BCQEWCHQyNEB0ZXN0MRcw +FQYJKoZIhvcNAQkBFgh0MjVAdGVzdDEXMBUGCSqGSIb3DQEJARYIdDI2QHRlc3Qx +FzAVBgkqhkiG9w0BCQEWCHQyN0B0ZXN0MRcwFQYJKoZIhvcNAQkBFgh0MjhAdGVz +dDEXMBUGCSqGSIb3DQEJARYIdDI5QHRlc3QxFzAVBgkqhkiG9w0BCQEWCHQzMEB0 +ZXN0MRcwFQYJKoZIhvcNAQkBFgh0MzFAdGVzdDEXMBUGCSqGSIb3DQEJARYIdDMy +QHRlc3QxFzAVBgkqhkiG9w0BCQEWCHQzM0B0ZXN0MRcwFQYJKoZIhvcNAQkBFgh0 +MzRAdGVzdDEXMBUGCSqGSIb3DQEJARYIdDM1QHRlc3QxFzAVBgkqhkiG9w0BCQEW +CHQzNkB0ZXN0MRcwFQYJKoZIhvcNAQkBFgh0MzdAdGVzdDEXMBUGCSqGSIb3DQEJ +ARYIdDM4QHRlc3QxFzAVBgkqhkiG9w0BCQEWCHQzOUB0ZXN0MRcwFQYJKoZIhvcN +AQkBFgh0NDBAdGVzdDEXMBUGCSqGSIb3DQEJARYIdDQxQHRlc3QxFzAVBgkqhkiG +9w0BCQEWCHQ0MkB0ZXN0MRcwFQYJKoZIhvcNAQkBFgh0NDNAdGVzdDEXMBUGCSqG +SIb3DQEJARYIdDQ0QHRlc3QxFzAVBgkqhkiG9w0BCQEWCHQ0NUB0ZXN0MRcwFQYJ +KoZIhvcNAQkBFgh0NDZAdGVzdDEXMBUGCSqGSIb3DQEJARYIdDQ3QHRlc3QxFzAV +BgkqhkiG9w0BCQEWCHQ0OEB0ZXN0MRcwFQYJKoZIhvcNAQkBFgh0NDlAdGVzdDEX +MBUGCSqGSIb3DQEJARYIdDUwQHRlc3QxFzAVBgkqhkiG9w0BCQEWCHQ1MUB0ZXN0 +MRcwFQYJKoZIhvcNAQkBFgh0NTJAdGVzdDEXMBUGCSqGSIb3DQEJARYIdDUzQHRl +c3QxFzAVBgkqhkiG9w0BCQEWCHQ1NEB0ZXN0MRcwFQYJKoZIhvcNAQkBFgh0NTVA +dGVzdDEXMBUGCSqGSIb3DQEJARYIdDU2QHRlc3QxFzAVBgkqhkiG9w0BCQEWCHQ1 +N0B0ZXN0MRcwFQYJKoZIhvcNAQkBFgh0NThAdGVzdDEXMBUGCSqGSIb3DQEJARYI +dDU5QHRlc3QxFzAVBgkqhkiG9w0BCQEWCHQ2MEB0ZXN0MRcwFQYJKoZIhvcNAQkB +Fgh0NjFAdGVzdDEXMBUGCSqGSIb3DQEJARYIdDYyQHRlc3QxFzAVBgkqhkiG9w0B +CQEWCHQ2M0B0ZXN0MRcwFQYJKoZIhvcNAQkBFgh0NjRAdGVzdDEXMBUGCSqGSIb3 +DQEJARYIdDY1QHRlc3QxFzAVBgkqhkiG9w0BCQEWCHQ2NkB0ZXN0MRcwFQYJKoZI +hvcNAQkBFgh0NjdAdGVzdDEXMBUGCSqGSIb3DQEJARYIdDY4QHRlc3QxFzAVBgkq +hkiG9w0BCQEWCHQ2OUB0ZXN0MRcwFQYJKoZIhvcNAQkBFgh0NzBAdGVzdDEXMBUG +CSqGSIb3DQEJARYIdDcxQHRlc3QxFzAVBgkqhkiG9w0BCQEWCHQ3MkB0ZXN0MRcw +FQYJKoZIhvcNAQkBFgh0NzNAdGVzdDEXMBUGCSqGSIb3DQEJARYIdDc0QHRlc3Qx +FzAVBgkqhkiG9w0BCQEWCHQ3NUB0ZXN0MRcwFQYJKoZIhvcNAQkBFgh0NzZAdGVz +dDEXMBUGCSqGSIb3DQEJARYIdDc3QHRlc3QxFzAVBgkqhkiG9w0BCQEWCHQ3OEB0 +ZXN0MRcwFQYJKoZIhvcNAQkBFgh0NzlAdGVzdDEXMBUGCSqGSIb3DQEJARYIdDgw +QHRlc3QxFzAVBgkqhkiG9w0BCQEWCHQ4MUB0ZXN0MRcwFQYJKoZIhvcNAQkBFgh0 +ODJAdGVzdDEXMBUGCSqGSIb3DQEJARYIdDgzQHRlc3QxFzAVBgkqhkiG9w0BCQEW +CHQ4NEB0ZXN0MRcwFQYJKoZIhvcNAQkBFgh0ODVAdGVzdDEXMBUGCSqGSIb3DQEJ +ARYIdDg2QHRlc3QxFzAVBgkqhkiG9w0BCQEWCHQ4N0B0ZXN0MRcwFQYJKoZIhvcN +AQkBFgh0ODhAdGVzdDEXMBUGCSqGSIb3DQEJARYIdDg5QHRlc3QxFzAVBgkqhkiG +9w0BCQEWCHQ5MEB0ZXN0MRcwFQYJKoZIhvcNAQkBFgh0OTFAdGVzdDEXMBUGCSqG +SIb3DQEJARYIdDkyQHRlc3QxFzAVBgkqhkiG9w0BCQEWCHQ5M0B0ZXN0MRcwFQYJ +KoZIhvcNAQkBFgh0OTRAdGVzdDEXMBUGCSqGSIb3DQEJARYIdDk1QHRlc3QxFzAV +BgkqhkiG9w0BCQEWCHQ5NkB0ZXN0MRcwFQYJKoZIhvcNAQkBFgh0OTdAdGVzdDEX +MBUGCSqGSIb3DQEJARYIdDk4QHRlc3QxFzAVBgkqhkiG9w0BCQEWCHQ5OUB0ZXN0 +MRgwFgYJKoZIhvcNAQkBFgl0MTAwQHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQxMDFA +dGVzdDEYMBYGCSqGSIb3DQEJARYJdDEwMkB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0 +MTAzQHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQxMDRAdGVzdDEYMBYGCSqGSIb3DQEJ +ARYJdDEwNUB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0MTA2QHRlc3QxGDAWBgkqhkiG +9w0BCQEWCXQxMDdAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDEwOEB0ZXN0MRgwFgYJ +KoZIhvcNAQkBFgl0MTA5QHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQxMTBAdGVzdDEY +MBYGCSqGSIb3DQEJARYJdDExMUB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0MTEyQHRl +c3QxGDAWBgkqhkiG9w0BCQEWCXQxMTNAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDEx +NEB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0MTE1QHRlc3QxGDAWBgkqhkiG9w0BCQEW +CXQxMTZAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDExN0B0ZXN0MRgwFgYJKoZIhvcN +AQkBFgl0MTE4QHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQxMTlAdGVzdDEYMBYGCSqG +SIb3DQEJARYJdDEyMEB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0MTIxQHRlc3QxGDAW +BgkqhkiG9w0BCQEWCXQxMjJAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDEyM0B0ZXN0 +MRgwFgYJKoZIhvcNAQkBFgl0MTI0QHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQxMjVA +dGVzdDEYMBYGCSqGSIb3DQEJARYJdDEyNkB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0 +MTI3QHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQxMjhAdGVzdDEYMBYGCSqGSIb3DQEJ +ARYJdDEyOUB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0MTMwQHRlc3QxGDAWBgkqhkiG +9w0BCQEWCXQxMzFAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDEzMkB0ZXN0MRgwFgYJ +KoZIhvcNAQkBFgl0MTMzQHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQxMzRAdGVzdDEY +MBYGCSqGSIb3DQEJARYJdDEzNUB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0MTM2QHRl +c3QxGDAWBgkqhkiG9w0BCQEWCXQxMzdAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDEz +OEB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0MTM5QHRlc3QxGDAWBgkqhkiG9w0BCQEW +CXQxNDBAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDE0MUB0ZXN0MRgwFgYJKoZIhvcN +AQkBFgl0MTQyQHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQxNDNAdGVzdDEYMBYGCSqG +SIb3DQEJARYJdDE0NEB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0MTQ1QHRlc3QxGDAW +BgkqhkiG9w0BCQEWCXQxNDZAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDE0N0B0ZXN0 +MRgwFgYJKoZIhvcNAQkBFgl0MTQ4QHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQxNDlA +dGVzdDEYMBYGCSqGSIb3DQEJARYJdDE1MEB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0 +MTUxQHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQxNTJAdGVzdDEYMBYGCSqGSIb3DQEJ +ARYJdDE1M0B0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0MTU0QHRlc3QxGDAWBgkqhkiG +9w0BCQEWCXQxNTVAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDE1NkB0ZXN0MRgwFgYJ +KoZIhvcNAQkBFgl0MTU3QHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQxNThAdGVzdDEY +MBYGCSqGSIb3DQEJARYJdDE1OUB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0MTYwQHRl +c3QxGDAWBgkqhkiG9w0BCQEWCXQxNjFAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDE2 +MkB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0MTYzQHRlc3QxGDAWBgkqhkiG9w0BCQEW +CXQxNjRAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDE2NUB0ZXN0MRgwFgYJKoZIhvcN +AQkBFgl0MTY2QHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQxNjdAdGVzdDEYMBYGCSqG +SIb3DQEJARYJdDE2OEB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0MTY5QHRlc3QxGDAW +BgkqhkiG9w0BCQEWCXQxNzBAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDE3MUB0ZXN0 +MRgwFgYJKoZIhvcNAQkBFgl0MTcyQHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQxNzNA +dGVzdDEYMBYGCSqGSIb3DQEJARYJdDE3NEB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0 +MTc1QHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQxNzZAdGVzdDEYMBYGCSqGSIb3DQEJ +ARYJdDE3N0B0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0MTc4QHRlc3QxGDAWBgkqhkiG +9w0BCQEWCXQxNzlAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDE4MEB0ZXN0MRgwFgYJ +KoZIhvcNAQkBFgl0MTgxQHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQxODJAdGVzdDEY +MBYGCSqGSIb3DQEJARYJdDE4M0B0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0MTg0QHRl +c3QxGDAWBgkqhkiG9w0BCQEWCXQxODVAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDE4 +NkB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0MTg3QHRlc3QxGDAWBgkqhkiG9w0BCQEW +CXQxODhAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDE4OUB0ZXN0MRgwFgYJKoZIhvcN +AQkBFgl0MTkwQHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQxOTFAdGVzdDEYMBYGCSqG +SIb3DQEJARYJdDE5MkB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0MTkzQHRlc3QxGDAW +BgkqhkiG9w0BCQEWCXQxOTRAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDE5NUB0ZXN0 +MRgwFgYJKoZIhvcNAQkBFgl0MTk2QHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQxOTdA +dGVzdDEYMBYGCSqGSIb3DQEJARYJdDE5OEB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0 +MTk5QHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQyMDBAdGVzdDEYMBYGCSqGSIb3DQEJ +ARYJdDIwMUB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0MjAyQHRlc3QxGDAWBgkqhkiG +9w0BCQEWCXQyMDNAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDIwNEB0ZXN0MRgwFgYJ +KoZIhvcNAQkBFgl0MjA1QHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQyMDZAdGVzdDEY +MBYGCSqGSIb3DQEJARYJdDIwN0B0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0MjA4QHRl +c3QxGDAWBgkqhkiG9w0BCQEWCXQyMDlAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDIx +MEB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0MjExQHRlc3QxGDAWBgkqhkiG9w0BCQEW +CXQyMTJAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDIxM0B0ZXN0MRgwFgYJKoZIhvcN +AQkBFgl0MjE0QHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQyMTVAdGVzdDEYMBYGCSqG +SIb3DQEJARYJdDIxNkB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0MjE3QHRlc3QxGDAW +BgkqhkiG9w0BCQEWCXQyMThAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDIxOUB0ZXN0 +MRgwFgYJKoZIhvcNAQkBFgl0MjIwQHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQyMjFA +dGVzdDEYMBYGCSqGSIb3DQEJARYJdDIyMkB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0 +MjIzQHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQyMjRAdGVzdDEYMBYGCSqGSIb3DQEJ +ARYJdDIyNUB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0MjI2QHRlc3QxGDAWBgkqhkiG +9w0BCQEWCXQyMjdAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDIyOEB0ZXN0MRgwFgYJ +KoZIhvcNAQkBFgl0MjI5QHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQyMzBAdGVzdDEY +MBYGCSqGSIb3DQEJARYJdDIzMUB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0MjMyQHRl +c3QxGDAWBgkqhkiG9w0BCQEWCXQyMzNAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDIz +NEB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0MjM1QHRlc3QxGDAWBgkqhkiG9w0BCQEW +CXQyMzZAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDIzN0B0ZXN0MRgwFgYJKoZIhvcN +AQkBFgl0MjM4QHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQyMzlAdGVzdDEYMBYGCSqG +SIb3DQEJARYJdDI0MEB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0MjQxQHRlc3QxGDAW +BgkqhkiG9w0BCQEWCXQyNDJAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDI0M0B0ZXN0 +MRgwFgYJKoZIhvcNAQkBFgl0MjQ0QHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQyNDVA +dGVzdDEYMBYGCSqGSIb3DQEJARYJdDI0NkB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0 +MjQ3QHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQyNDhAdGVzdDEYMBYGCSqGSIb3DQEJ +ARYJdDI0OUB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0MjUwQHRlc3QxGDAWBgkqhkiG +9w0BCQEWCXQyNTFAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDI1MkB0ZXN0MRgwFgYJ +KoZIhvcNAQkBFgl0MjUzQHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQyNTRAdGVzdDEY +MBYGCSqGSIb3DQEJARYJdDI1NUB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0MjU2QHRl +c3QxGDAWBgkqhkiG9w0BCQEWCXQyNTdAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDI1 +OEB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0MjU5QHRlc3QxGDAWBgkqhkiG9w0BCQEW +CXQyNjBAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDI2MUB0ZXN0MRgwFgYJKoZIhvcN +AQkBFgl0MjYyQHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQyNjNAdGVzdDEYMBYGCSqG +SIb3DQEJARYJdDI2NEB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0MjY1QHRlc3QxGDAW +BgkqhkiG9w0BCQEWCXQyNjZAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDI2N0B0ZXN0 +MRgwFgYJKoZIhvcNAQkBFgl0MjY4QHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQyNjlA +dGVzdDEYMBYGCSqGSIb3DQEJARYJdDI3MEB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0 +MjcxQHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQyNzJAdGVzdDEYMBYGCSqGSIb3DQEJ +ARYJdDI3M0B0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0Mjc0QHRlc3QxGDAWBgkqhkiG +9w0BCQEWCXQyNzVAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDI3NkB0ZXN0MRgwFgYJ +KoZIhvcNAQkBFgl0Mjc3QHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQyNzhAdGVzdDEY +MBYGCSqGSIb3DQEJARYJdDI3OUB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0MjgwQHRl +c3QxGDAWBgkqhkiG9w0BCQEWCXQyODFAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDI4 +MkB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0MjgzQHRlc3QxGDAWBgkqhkiG9w0BCQEW +CXQyODRAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDI4NUB0ZXN0MRgwFgYJKoZIhvcN +AQkBFgl0Mjg2QHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQyODdAdGVzdDEYMBYGCSqG +SIb3DQEJARYJdDI4OEB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0Mjg5QHRlc3QxGDAW +BgkqhkiG9w0BCQEWCXQyOTBAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDI5MUB0ZXN0 +MRgwFgYJKoZIhvcNAQkBFgl0MjkyQHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQyOTNA +dGVzdDEYMBYGCSqGSIb3DQEJARYJdDI5NEB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0 +Mjk1QHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQyOTZAdGVzdDEYMBYGCSqGSIb3DQEJ +ARYJdDI5N0B0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0Mjk4QHRlc3QxGDAWBgkqhkiG +9w0BCQEWCXQyOTlAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDMwMEB0ZXN0MRgwFgYJ +KoZIhvcNAQkBFgl0MzAxQHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQzMDJAdGVzdDEY +MBYGCSqGSIb3DQEJARYJdDMwM0B0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0MzA0QHRl +c3QxGDAWBgkqhkiG9w0BCQEWCXQzMDVAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDMw +NkB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0MzA3QHRlc3QxGDAWBgkqhkiG9w0BCQEW +CXQzMDhAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDMwOUB0ZXN0MRgwFgYJKoZIhvcN +AQkBFgl0MzEwQHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQzMTFAdGVzdDEYMBYGCSqG +SIb3DQEJARYJdDMxMkB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0MzEzQHRlc3QxGDAW +BgkqhkiG9w0BCQEWCXQzMTRAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDMxNUB0ZXN0 +MRgwFgYJKoZIhvcNAQkBFgl0MzE2QHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQzMTdA +dGVzdDEYMBYGCSqGSIb3DQEJARYJdDMxOEB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0 +MzE5QHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQzMjBAdGVzdDEYMBYGCSqGSIb3DQEJ +ARYJdDMyMUB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0MzIyQHRlc3QxGDAWBgkqhkiG +9w0BCQEWCXQzMjNAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDMyNEB0ZXN0MRgwFgYJ +KoZIhvcNAQkBFgl0MzI1QHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQzMjZAdGVzdDEY +MBYGCSqGSIb3DQEJARYJdDMyN0B0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0MzI4QHRl +c3QxGDAWBgkqhkiG9w0BCQEWCXQzMjlAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDMz +MEB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0MzMxQHRlc3QxGDAWBgkqhkiG9w0BCQEW +CXQzMzJAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDMzM0B0ZXN0MRgwFgYJKoZIhvcN +AQkBFgl0MzM0QHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQzMzVAdGVzdDEYMBYGCSqG +SIb3DQEJARYJdDMzNkB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0MzM3QHRlc3QxGDAW +BgkqhkiG9w0BCQEWCXQzMzhAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDMzOUB0ZXN0 +MRgwFgYJKoZIhvcNAQkBFgl0MzQwQHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQzNDFA +dGVzdDEYMBYGCSqGSIb3DQEJARYJdDM0MkB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0 +MzQzQHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQzNDRAdGVzdDEYMBYGCSqGSIb3DQEJ +ARYJdDM0NUB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0MzQ2QHRlc3QxGDAWBgkqhkiG +9w0BCQEWCXQzNDdAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDM0OEB0ZXN0MRgwFgYJ +KoZIhvcNAQkBFgl0MzQ5QHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQzNTBAdGVzdDEY +MBYGCSqGSIb3DQEJARYJdDM1MUB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0MzUyQHRl +c3QxGDAWBgkqhkiG9w0BCQEWCXQzNTNAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDM1 +NEB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0MzU1QHRlc3QxGDAWBgkqhkiG9w0BCQEW +CXQzNTZAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDM1N0B0ZXN0MRgwFgYJKoZIhvcN +AQkBFgl0MzU4QHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQzNTlAdGVzdDEYMBYGCSqG +SIb3DQEJARYJdDM2MEB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0MzYxQHRlc3QxGDAW +BgkqhkiG9w0BCQEWCXQzNjJAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDM2M0B0ZXN0 +MRgwFgYJKoZIhvcNAQkBFgl0MzY0QHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQzNjVA +dGVzdDEYMBYGCSqGSIb3DQEJARYJdDM2NkB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0 +MzY3QHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQzNjhAdGVzdDEYMBYGCSqGSIb3DQEJ +ARYJdDM2OUB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0MzcwQHRlc3QxGDAWBgkqhkiG +9w0BCQEWCXQzNzFAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDM3MkB0ZXN0MRgwFgYJ +KoZIhvcNAQkBFgl0MzczQHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQzNzRAdGVzdDEY +MBYGCSqGSIb3DQEJARYJdDM3NUB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0Mzc2QHRl +c3QxGDAWBgkqhkiG9w0BCQEWCXQzNzdAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDM3 +OEB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0Mzc5QHRlc3QxGDAWBgkqhkiG9w0BCQEW +CXQzODBAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDM4MUB0ZXN0MRgwFgYJKoZIhvcN +AQkBFgl0MzgyQHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQzODNAdGVzdDEYMBYGCSqG +SIb3DQEJARYJdDM4NEB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0Mzg1QHRlc3QxGDAW +BgkqhkiG9w0BCQEWCXQzODZAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDM4N0B0ZXN0 +MRgwFgYJKoZIhvcNAQkBFgl0Mzg4QHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQzODlA +dGVzdDEYMBYGCSqGSIb3DQEJARYJdDM5MEB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0 +MzkxQHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQzOTJAdGVzdDEYMBYGCSqGSIb3DQEJ +ARYJdDM5M0B0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0Mzk0QHRlc3QxGDAWBgkqhkiG +9w0BCQEWCXQzOTVAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDM5NkB0ZXN0MRgwFgYJ +KoZIhvcNAQkBFgl0Mzk3QHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQzOThAdGVzdDEY +MBYGCSqGSIb3DQEJARYJdDM5OUB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0NDAwQHRl +c3QxGDAWBgkqhkiG9w0BCQEWCXQ0MDFAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDQw +MkB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0NDAzQHRlc3QxGDAWBgkqhkiG9w0BCQEW +CXQ0MDRAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDQwNUB0ZXN0MRgwFgYJKoZIhvcN +AQkBFgl0NDA2QHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQ0MDdAdGVzdDEYMBYGCSqG +SIb3DQEJARYJdDQwOEB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0NDA5QHRlc3QxGDAW +BgkqhkiG9w0BCQEWCXQ0MTBAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDQxMUB0ZXN0 +MRgwFgYJKoZIhvcNAQkBFgl0NDEyQHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQ0MTNA +dGVzdDEYMBYGCSqGSIb3DQEJARYJdDQxNEB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0 +NDE1QHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQ0MTZAdGVzdDEYMBYGCSqGSIb3DQEJ +ARYJdDQxN0B0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0NDE4QHRlc3QxGDAWBgkqhkiG +9w0BCQEWCXQ0MTlAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDQyMEB0ZXN0MRgwFgYJ +KoZIhvcNAQkBFgl0NDIxQHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQ0MjJAdGVzdDEY +MBYGCSqGSIb3DQEJARYJdDQyM0B0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0NDI0QHRl +c3QxGDAWBgkqhkiG9w0BCQEWCXQ0MjVAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDQy +NkB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0NDI3QHRlc3QxGDAWBgkqhkiG9w0BCQEW +CXQ0MjhAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDQyOUB0ZXN0MRgwFgYJKoZIhvcN +AQkBFgl0NDMwQHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQ0MzFAdGVzdDEYMBYGCSqG +SIb3DQEJARYJdDQzMkB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0NDMzQHRlc3QxGDAW +BgkqhkiG9w0BCQEWCXQ0MzRAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDQzNUB0ZXN0 +MRgwFgYJKoZIhvcNAQkBFgl0NDM2QHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQ0MzdA +dGVzdDEYMBYGCSqGSIb3DQEJARYJdDQzOEB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0 +NDM5QHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQ0NDBAdGVzdDEYMBYGCSqGSIb3DQEJ +ARYJdDQ0MUB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0NDQyQHRlc3QxGDAWBgkqhkiG +9w0BCQEWCXQ0NDNAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDQ0NEB0ZXN0MRgwFgYJ +KoZIhvcNAQkBFgl0NDQ1QHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQ0NDZAdGVzdDEY +MBYGCSqGSIb3DQEJARYJdDQ0N0B0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0NDQ4QHRl +c3QxGDAWBgkqhkiG9w0BCQEWCXQ0NDlAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDQ1 +MEB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0NDUxQHRlc3QxGDAWBgkqhkiG9w0BCQEW +CXQ0NTJAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDQ1M0B0ZXN0MRgwFgYJKoZIhvcN +AQkBFgl0NDU0QHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQ0NTVAdGVzdDEYMBYGCSqG +SIb3DQEJARYJdDQ1NkB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0NDU3QHRlc3QxGDAW +BgkqhkiG9w0BCQEWCXQ0NThAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDQ1OUB0ZXN0 +MRgwFgYJKoZIhvcNAQkBFgl0NDYwQHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQ0NjFA +dGVzdDEYMBYGCSqGSIb3DQEJARYJdDQ2MkB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0 +NDYzQHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQ0NjRAdGVzdDEYMBYGCSqGSIb3DQEJ +ARYJdDQ2NUB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0NDY2QHRlc3QxGDAWBgkqhkiG +9w0BCQEWCXQ0NjdAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDQ2OEB0ZXN0MRgwFgYJ +KoZIhvcNAQkBFgl0NDY5QHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQ0NzBAdGVzdDEY +MBYGCSqGSIb3DQEJARYJdDQ3MUB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0NDcyQHRl +c3QxGDAWBgkqhkiG9w0BCQEWCXQ0NzNAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDQ3 +NEB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0NDc1QHRlc3QxGDAWBgkqhkiG9w0BCQEW +CXQ0NzZAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDQ3N0B0ZXN0MRgwFgYJKoZIhvcN +AQkBFgl0NDc4QHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQ0NzlAdGVzdDEYMBYGCSqG +SIb3DQEJARYJdDQ4MEB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0NDgxQHRlc3QxGDAW +BgkqhkiG9w0BCQEWCXQ0ODJAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDQ4M0B0ZXN0 +MRgwFgYJKoZIhvcNAQkBFgl0NDg0QHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQ0ODVA +dGVzdDEYMBYGCSqGSIb3DQEJARYJdDQ4NkB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0 +NDg3QHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQ0ODhAdGVzdDEYMBYGCSqGSIb3DQEJ +ARYJdDQ4OUB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0NDkwQHRlc3QxGDAWBgkqhkiG +9w0BCQEWCXQ0OTFAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDQ5MkB0ZXN0MRgwFgYJ +KoZIhvcNAQkBFgl0NDkzQHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQ0OTRAdGVzdDEY +MBYGCSqGSIb3DQEJARYJdDQ5NUB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0NDk2QHRl +c3QxGDAWBgkqhkiG9w0BCQEWCXQ0OTdAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDQ5 +OEB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0NDk5QHRlc3QxGDAWBgkqhkiG9w0BCQEW +CXQ1MDBAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDUwMUB0ZXN0MRgwFgYJKoZIhvcN +AQkBFgl0NTAyQHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQ1MDNAdGVzdDEYMBYGCSqG +SIb3DQEJARYJdDUwNEB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0NTA1QHRlc3QxGDAW +BgkqhkiG9w0BCQEWCXQ1MDZAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDUwN0B0ZXN0 +MRgwFgYJKoZIhvcNAQkBFgl0NTA4QHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQ1MDlA +dGVzdDEYMBYGCSqGSIb3DQEJARYJdDUxMEB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0 +NTExQHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQ1MTJAdGVzdDEYMBYGCSqGSIb3DQEJ +ARYJdDUxM0B0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0NTE0QHRlc3QxGDAWBgkqhkiG +9w0BCQEWCXQ1MTVAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDUxNkB0ZXN0MRgwFgYJ +KoZIhvcNAQkBFgl0NTE3QHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQ1MThAdGVzdDEY +MBYGCSqGSIb3DQEJARYJdDUxOUB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0NTIwQHRl +c3QxGDAWBgkqhkiG9w0BCQEWCXQ1MjFAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDUy +MkB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0NTIzQHRlc3QxGDAWBgkqhkiG9w0BCQEW +CXQ1MjRAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDUyNUB0ZXN0MRgwFgYJKoZIhvcN +AQkBFgl0NTI2QHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQ1MjdAdGVzdDEYMBYGCSqG +SIb3DQEJARYJdDUyOEB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0NTI5QHRlc3QxGDAW +BgkqhkiG9w0BCQEWCXQ1MzBAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDUzMUB0ZXN0 +MRgwFgYJKoZIhvcNAQkBFgl0NTMyQHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQ1MzNA +dGVzdDEYMBYGCSqGSIb3DQEJARYJdDUzNEB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0 +NTM1QHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQ1MzZAdGVzdDEYMBYGCSqGSIb3DQEJ +ARYJdDUzN0B0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0NTM4QHRlc3QxGDAWBgkqhkiG +9w0BCQEWCXQ1MzlAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDU0MEB0ZXN0MRgwFgYJ +KoZIhvcNAQkBFgl0NTQxQHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQ1NDJAdGVzdDEY +MBYGCSqGSIb3DQEJARYJdDU0M0B0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0NTQ0QHRl +c3QxGDAWBgkqhkiG9w0BCQEWCXQ1NDVAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDU0 +NkB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0NTQ3QHRlc3QxGDAWBgkqhkiG9w0BCQEW +CXQ1NDhAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDU0OUB0ZXN0MRgwFgYJKoZIhvcN +AQkBFgl0NTUwQHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQ1NTFAdGVzdDEYMBYGCSqG +SIb3DQEJARYJdDU1MkB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0NTUzQHRlc3QxGDAW +BgkqhkiG9w0BCQEWCXQ1NTRAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDU1NUB0ZXN0 +MRgwFgYJKoZIhvcNAQkBFgl0NTU2QHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQ1NTdA +dGVzdDEYMBYGCSqGSIb3DQEJARYJdDU1OEB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0 +NTU5QHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQ1NjBAdGVzdDEYMBYGCSqGSIb3DQEJ +ARYJdDU2MUB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0NTYyQHRlc3QxGDAWBgkqhkiG +9w0BCQEWCXQ1NjNAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDU2NEB0ZXN0MRgwFgYJ +KoZIhvcNAQkBFgl0NTY1QHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQ1NjZAdGVzdDEY +MBYGCSqGSIb3DQEJARYJdDU2N0B0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0NTY4QHRl +c3QxGDAWBgkqhkiG9w0BCQEWCXQ1NjlAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDU3 +MEB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0NTcxQHRlc3QxGDAWBgkqhkiG9w0BCQEW +CXQ1NzJAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDU3M0B0ZXN0MRgwFgYJKoZIhvcN +AQkBFgl0NTc0QHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQ1NzVAdGVzdDEYMBYGCSqG +SIb3DQEJARYJdDU3NkB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0NTc3QHRlc3QxGDAW +BgkqhkiG9w0BCQEWCXQ1NzhAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDU3OUB0ZXN0 +MRgwFgYJKoZIhvcNAQkBFgl0NTgwQHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQ1ODFA +dGVzdDEYMBYGCSqGSIb3DQEJARYJdDU4MkB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0 +NTgzQHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQ1ODRAdGVzdDEYMBYGCSqGSIb3DQEJ +ARYJdDU4NUB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0NTg2QHRlc3QxGDAWBgkqhkiG +9w0BCQEWCXQ1ODdAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDU4OEB0ZXN0MRgwFgYJ +KoZIhvcNAQkBFgl0NTg5QHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQ1OTBAdGVzdDEY +MBYGCSqGSIb3DQEJARYJdDU5MUB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0NTkyQHRl +c3QxGDAWBgkqhkiG9w0BCQEWCXQ1OTNAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDU5 +NEB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0NTk1QHRlc3QxGDAWBgkqhkiG9w0BCQEW +CXQ1OTZAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDU5N0B0ZXN0MRgwFgYJKoZIhvcN +AQkBFgl0NTk4QHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQ1OTlAdGVzdDEYMBYGCSqG +SIb3DQEJARYJdDYwMEB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0NjAxQHRlc3QxGDAW +BgkqhkiG9w0BCQEWCXQ2MDJAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDYwM0B0ZXN0 +MRgwFgYJKoZIhvcNAQkBFgl0NjA0QHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQ2MDVA +dGVzdDEYMBYGCSqGSIb3DQEJARYJdDYwNkB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0 +NjA3QHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQ2MDhAdGVzdDEYMBYGCSqGSIb3DQEJ +ARYJdDYwOUB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0NjEwQHRlc3QxGDAWBgkqhkiG +9w0BCQEWCXQ2MTFAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDYxMkB0ZXN0MRgwFgYJ +KoZIhvcNAQkBFgl0NjEzQHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQ2MTRAdGVzdDEY +MBYGCSqGSIb3DQEJARYJdDYxNUB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0NjE2QHRl +c3QxGDAWBgkqhkiG9w0BCQEWCXQ2MTdAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDYx +OEB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0NjE5QHRlc3QxGDAWBgkqhkiG9w0BCQEW +CXQ2MjBAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDYyMUB0ZXN0MRgwFgYJKoZIhvcN +AQkBFgl0NjIyQHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQ2MjNAdGVzdDEYMBYGCSqG +SIb3DQEJARYJdDYyNEB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0NjI1QHRlc3QxGDAW +BgkqhkiG9w0BCQEWCXQ2MjZAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDYyN0B0ZXN0 +MRgwFgYJKoZIhvcNAQkBFgl0NjI4QHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQ2MjlA +dGVzdDEYMBYGCSqGSIb3DQEJARYJdDYzMEB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0 +NjMxQHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQ2MzJAdGVzdDEYMBYGCSqGSIb3DQEJ +ARYJdDYzM0B0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0NjM0QHRlc3QxGDAWBgkqhkiG +9w0BCQEWCXQ2MzVAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDYzNkB0ZXN0MRgwFgYJ +KoZIhvcNAQkBFgl0NjM3QHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQ2MzhAdGVzdDEY +MBYGCSqGSIb3DQEJARYJdDYzOUB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0NjQwQHRl +c3QxGDAWBgkqhkiG9w0BCQEWCXQ2NDFAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDY0 +MkB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0NjQzQHRlc3QxGDAWBgkqhkiG9w0BCQEW +CXQ2NDRAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDY0NUB0ZXN0MRgwFgYJKoZIhvcN +AQkBFgl0NjQ2QHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQ2NDdAdGVzdDEYMBYGCSqG +SIb3DQEJARYJdDY0OEB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0NjQ5QHRlc3QxGDAW +BgkqhkiG9w0BCQEWCXQ2NTBAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDY1MUB0ZXN0 +MRgwFgYJKoZIhvcNAQkBFgl0NjUyQHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQ2NTNA +dGVzdDEYMBYGCSqGSIb3DQEJARYJdDY1NEB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0 +NjU1QHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQ2NTZAdGVzdDEYMBYGCSqGSIb3DQEJ +ARYJdDY1N0B0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0NjU4QHRlc3QxGDAWBgkqhkiG +9w0BCQEWCXQ2NTlAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDY2MEB0ZXN0MRgwFgYJ +KoZIhvcNAQkBFgl0NjYxQHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQ2NjJAdGVzdDEY +MBYGCSqGSIb3DQEJARYJdDY2M0B0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0NjY0QHRl +c3QxGDAWBgkqhkiG9w0BCQEWCXQ2NjVAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDY2 +NkB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0NjY3QHRlc3QxGDAWBgkqhkiG9w0BCQEW +CXQ2NjhAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDY2OUB0ZXN0MRgwFgYJKoZIhvcN +AQkBFgl0NjcwQHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQ2NzFAdGVzdDEYMBYGCSqG +SIb3DQEJARYJdDY3MkB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0NjczQHRlc3QxGDAW +BgkqhkiG9w0BCQEWCXQ2NzRAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDY3NUB0ZXN0 +MRgwFgYJKoZIhvcNAQkBFgl0Njc2QHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQ2NzdA +dGVzdDEYMBYGCSqGSIb3DQEJARYJdDY3OEB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0 +Njc5QHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQ2ODBAdGVzdDEYMBYGCSqGSIb3DQEJ +ARYJdDY4MUB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0NjgyQHRlc3QxGDAWBgkqhkiG +9w0BCQEWCXQ2ODNAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDY4NEB0ZXN0MRgwFgYJ +KoZIhvcNAQkBFgl0Njg1QHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQ2ODZAdGVzdDEY +MBYGCSqGSIb3DQEJARYJdDY4N0B0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0Njg4QHRl +c3QxGDAWBgkqhkiG9w0BCQEWCXQ2ODlAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDY5 +MEB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0NjkxQHRlc3QxGDAWBgkqhkiG9w0BCQEW +CXQ2OTJAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDY5M0B0ZXN0MRgwFgYJKoZIhvcN +AQkBFgl0Njk0QHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQ2OTVAdGVzdDEYMBYGCSqG +SIb3DQEJARYJdDY5NkB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0Njk3QHRlc3QxGDAW +BgkqhkiG9w0BCQEWCXQ2OThAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDY5OUB0ZXN0 +MRgwFgYJKoZIhvcNAQkBFgl0NzAwQHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQ3MDFA +dGVzdDEYMBYGCSqGSIb3DQEJARYJdDcwMkB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0 +NzAzQHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQ3MDRAdGVzdDEYMBYGCSqGSIb3DQEJ +ARYJdDcwNUB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0NzA2QHRlc3QxGDAWBgkqhkiG +9w0BCQEWCXQ3MDdAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDcwOEB0ZXN0MRgwFgYJ +KoZIhvcNAQkBFgl0NzA5QHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQ3MTBAdGVzdDEY +MBYGCSqGSIb3DQEJARYJdDcxMUB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0NzEyQHRl +c3QxGDAWBgkqhkiG9w0BCQEWCXQ3MTNAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDcx +NEB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0NzE1QHRlc3QxGDAWBgkqhkiG9w0BCQEW +CXQ3MTZAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDcxN0B0ZXN0MRgwFgYJKoZIhvcN +AQkBFgl0NzE4QHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQ3MTlAdGVzdDEYMBYGCSqG +SIb3DQEJARYJdDcyMEB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0NzIxQHRlc3QxGDAW +BgkqhkiG9w0BCQEWCXQ3MjJAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDcyM0B0ZXN0 +MRgwFgYJKoZIhvcNAQkBFgl0NzI0QHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQ3MjVA +dGVzdDEYMBYGCSqGSIb3DQEJARYJdDcyNkB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0 +NzI3QHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQ3MjhAdGVzdDEYMBYGCSqGSIb3DQEJ +ARYJdDcyOUB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0NzMwQHRlc3QxGDAWBgkqhkiG +9w0BCQEWCXQ3MzFAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDczMkB0ZXN0MRgwFgYJ +KoZIhvcNAQkBFgl0NzMzQHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQ3MzRAdGVzdDEY +MBYGCSqGSIb3DQEJARYJdDczNUB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0NzM2QHRl +c3QxGDAWBgkqhkiG9w0BCQEWCXQ3MzdAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDcz +OEB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0NzM5QHRlc3QxGDAWBgkqhkiG9w0BCQEW +CXQ3NDBAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDc0MUB0ZXN0MRgwFgYJKoZIhvcN +AQkBFgl0NzQyQHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQ3NDNAdGVzdDEYMBYGCSqG +SIb3DQEJARYJdDc0NEB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0NzQ1QHRlc3QxGDAW +BgkqhkiG9w0BCQEWCXQ3NDZAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDc0N0B0ZXN0 +MRgwFgYJKoZIhvcNAQkBFgl0NzQ4QHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQ3NDlA +dGVzdDEYMBYGCSqGSIb3DQEJARYJdDc1MEB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0 +NzUxQHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQ3NTJAdGVzdDEYMBYGCSqGSIb3DQEJ +ARYJdDc1M0B0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0NzU0QHRlc3QxGDAWBgkqhkiG +9w0BCQEWCXQ3NTVAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDc1NkB0ZXN0MRgwFgYJ +KoZIhvcNAQkBFgl0NzU3QHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQ3NThAdGVzdDEY +MBYGCSqGSIb3DQEJARYJdDc1OUB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0NzYwQHRl +c3QxGDAWBgkqhkiG9w0BCQEWCXQ3NjFAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDc2 +MkB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0NzYzQHRlc3QxGDAWBgkqhkiG9w0BCQEW +CXQ3NjRAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDc2NUB0ZXN0MRgwFgYJKoZIhvcN +AQkBFgl0NzY2QHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQ3NjdAdGVzdDEYMBYGCSqG +SIb3DQEJARYJdDc2OEB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0NzY5QHRlc3QxGDAW +BgkqhkiG9w0BCQEWCXQ3NzBAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDc3MUB0ZXN0 +MRgwFgYJKoZIhvcNAQkBFgl0NzcyQHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQ3NzNA +dGVzdDEYMBYGCSqGSIb3DQEJARYJdDc3NEB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0 +Nzc1QHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQ3NzZAdGVzdDEYMBYGCSqGSIb3DQEJ +ARYJdDc3N0B0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0Nzc4QHRlc3QxGDAWBgkqhkiG +9w0BCQEWCXQ3NzlAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDc4MEB0ZXN0MRgwFgYJ +KoZIhvcNAQkBFgl0NzgxQHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQ3ODJAdGVzdDEY +MBYGCSqGSIb3DQEJARYJdDc4M0B0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0Nzg0QHRl +c3QxGDAWBgkqhkiG9w0BCQEWCXQ3ODVAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDc4 +NkB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0Nzg3QHRlc3QxGDAWBgkqhkiG9w0BCQEW +CXQ3ODhAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDc4OUB0ZXN0MRgwFgYJKoZIhvcN +AQkBFgl0NzkwQHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQ3OTFAdGVzdDEYMBYGCSqG +SIb3DQEJARYJdDc5MkB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0NzkzQHRlc3QxGDAW +BgkqhkiG9w0BCQEWCXQ3OTRAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDc5NUB0ZXN0 +MRgwFgYJKoZIhvcNAQkBFgl0Nzk2QHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQ3OTdA +dGVzdDEYMBYGCSqGSIb3DQEJARYJdDc5OEB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0 +Nzk5QHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQ4MDBAdGVzdDEYMBYGCSqGSIb3DQEJ +ARYJdDgwMUB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0ODAyQHRlc3QxGDAWBgkqhkiG +9w0BCQEWCXQ4MDNAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDgwNEB0ZXN0MRgwFgYJ +KoZIhvcNAQkBFgl0ODA1QHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQ4MDZAdGVzdDEY +MBYGCSqGSIb3DQEJARYJdDgwN0B0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0ODA4QHRl +c3QxGDAWBgkqhkiG9w0BCQEWCXQ4MDlAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDgx +MEB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0ODExQHRlc3QxGDAWBgkqhkiG9w0BCQEW +CXQ4MTJAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDgxM0B0ZXN0MRgwFgYJKoZIhvcN +AQkBFgl0ODE0QHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQ4MTVAdGVzdDEYMBYGCSqG +SIb3DQEJARYJdDgxNkB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0ODE3QHRlc3QxGDAW +BgkqhkiG9w0BCQEWCXQ4MThAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDgxOUB0ZXN0 +MRgwFgYJKoZIhvcNAQkBFgl0ODIwQHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQ4MjFA +dGVzdDEYMBYGCSqGSIb3DQEJARYJdDgyMkB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0 +ODIzQHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQ4MjRAdGVzdDEYMBYGCSqGSIb3DQEJ +ARYJdDgyNUB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0ODI2QHRlc3QxGDAWBgkqhkiG +9w0BCQEWCXQ4MjdAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDgyOEB0ZXN0MRgwFgYJ +KoZIhvcNAQkBFgl0ODI5QHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQ4MzBAdGVzdDEY +MBYGCSqGSIb3DQEJARYJdDgzMUB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0ODMyQHRl +c3QxGDAWBgkqhkiG9w0BCQEWCXQ4MzNAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDgz +NEB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0ODM1QHRlc3QxGDAWBgkqhkiG9w0BCQEW +CXQ4MzZAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDgzN0B0ZXN0MRgwFgYJKoZIhvcN +AQkBFgl0ODM4QHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQ4MzlAdGVzdDEYMBYGCSqG +SIb3DQEJARYJdDg0MEB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0ODQxQHRlc3QxGDAW +BgkqhkiG9w0BCQEWCXQ4NDJAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDg0M0B0ZXN0 +MRgwFgYJKoZIhvcNAQkBFgl0ODQ0QHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQ4NDVA +dGVzdDEYMBYGCSqGSIb3DQEJARYJdDg0NkB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0 +ODQ3QHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQ4NDhAdGVzdDEYMBYGCSqGSIb3DQEJ +ARYJdDg0OUB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0ODUwQHRlc3QxGDAWBgkqhkiG +9w0BCQEWCXQ4NTFAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDg1MkB0ZXN0MRgwFgYJ +KoZIhvcNAQkBFgl0ODUzQHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQ4NTRAdGVzdDEY +MBYGCSqGSIb3DQEJARYJdDg1NUB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0ODU2QHRl +c3QxGDAWBgkqhkiG9w0BCQEWCXQ4NTdAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDg1 +OEB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0ODU5QHRlc3QxGDAWBgkqhkiG9w0BCQEW +CXQ4NjBAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDg2MUB0ZXN0MRgwFgYJKoZIhvcN +AQkBFgl0ODYyQHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQ4NjNAdGVzdDEYMBYGCSqG +SIb3DQEJARYJdDg2NEB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0ODY1QHRlc3QxGDAW +BgkqhkiG9w0BCQEWCXQ4NjZAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDg2N0B0ZXN0 +MRgwFgYJKoZIhvcNAQkBFgl0ODY4QHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQ4NjlA +dGVzdDEYMBYGCSqGSIb3DQEJARYJdDg3MEB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0 +ODcxQHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQ4NzJAdGVzdDEYMBYGCSqGSIb3DQEJ +ARYJdDg3M0B0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0ODc0QHRlc3QxGDAWBgkqhkiG +9w0BCQEWCXQ4NzVAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDg3NkB0ZXN0MRgwFgYJ +KoZIhvcNAQkBFgl0ODc3QHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQ4NzhAdGVzdDEY +MBYGCSqGSIb3DQEJARYJdDg3OUB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0ODgwQHRl +c3QxGDAWBgkqhkiG9w0BCQEWCXQ4ODFAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDg4 +MkB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0ODgzQHRlc3QxGDAWBgkqhkiG9w0BCQEW +CXQ4ODRAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDg4NUB0ZXN0MRgwFgYJKoZIhvcN +AQkBFgl0ODg2QHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQ4ODdAdGVzdDEYMBYGCSqG +SIb3DQEJARYJdDg4OEB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0ODg5QHRlc3QxGDAW +BgkqhkiG9w0BCQEWCXQ4OTBAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDg5MUB0ZXN0 +MRgwFgYJKoZIhvcNAQkBFgl0ODkyQHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQ4OTNA +dGVzdDEYMBYGCSqGSIb3DQEJARYJdDg5NEB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0 +ODk1QHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQ4OTZAdGVzdDEYMBYGCSqGSIb3DQEJ +ARYJdDg5N0B0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0ODk4QHRlc3QxGDAWBgkqhkiG +9w0BCQEWCXQ4OTlAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDkwMEB0ZXN0MRgwFgYJ +KoZIhvcNAQkBFgl0OTAxQHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQ5MDJAdGVzdDEY +MBYGCSqGSIb3DQEJARYJdDkwM0B0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0OTA0QHRl +c3QxGDAWBgkqhkiG9w0BCQEWCXQ5MDVAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDkw +NkB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0OTA3QHRlc3QxGDAWBgkqhkiG9w0BCQEW +CXQ5MDhAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDkwOUB0ZXN0MRgwFgYJKoZIhvcN +AQkBFgl0OTEwQHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQ5MTFAdGVzdDEYMBYGCSqG +SIb3DQEJARYJdDkxMkB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0OTEzQHRlc3QxGDAW +BgkqhkiG9w0BCQEWCXQ5MTRAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDkxNUB0ZXN0 +MRgwFgYJKoZIhvcNAQkBFgl0OTE2QHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQ5MTdA +dGVzdDEYMBYGCSqGSIb3DQEJARYJdDkxOEB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0 +OTE5QHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQ5MjBAdGVzdDEYMBYGCSqGSIb3DQEJ +ARYJdDkyMUB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0OTIyQHRlc3QxGDAWBgkqhkiG +9w0BCQEWCXQ5MjNAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDkyNEB0ZXN0MRgwFgYJ +KoZIhvcNAQkBFgl0OTI1QHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQ5MjZAdGVzdDEY +MBYGCSqGSIb3DQEJARYJdDkyN0B0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0OTI4QHRl +c3QxGDAWBgkqhkiG9w0BCQEWCXQ5MjlAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDkz +MEB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0OTMxQHRlc3QxGDAWBgkqhkiG9w0BCQEW +CXQ5MzJAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDkzM0B0ZXN0MRgwFgYJKoZIhvcN +AQkBFgl0OTM0QHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQ5MzVAdGVzdDEYMBYGCSqG +SIb3DQEJARYJdDkzNkB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0OTM3QHRlc3QxGDAW +BgkqhkiG9w0BCQEWCXQ5MzhAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDkzOUB0ZXN0 +MRgwFgYJKoZIhvcNAQkBFgl0OTQwQHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQ5NDFA +dGVzdDEYMBYGCSqGSIb3DQEJARYJdDk0MkB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0 +OTQzQHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQ5NDRAdGVzdDEYMBYGCSqGSIb3DQEJ +ARYJdDk0NUB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0OTQ2QHRlc3QxGDAWBgkqhkiG +9w0BCQEWCXQ5NDdAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDk0OEB0ZXN0MRgwFgYJ +KoZIhvcNAQkBFgl0OTQ5QHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQ5NTBAdGVzdDEY +MBYGCSqGSIb3DQEJARYJdDk1MUB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0OTUyQHRl +c3QxGDAWBgkqhkiG9w0BCQEWCXQ5NTNAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDk1 +NEB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0OTU1QHRlc3QxGDAWBgkqhkiG9w0BCQEW +CXQ5NTZAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDk1N0B0ZXN0MRgwFgYJKoZIhvcN +AQkBFgl0OTU4QHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQ5NTlAdGVzdDEYMBYGCSqG +SIb3DQEJARYJdDk2MEB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0OTYxQHRlc3QxGDAW +BgkqhkiG9w0BCQEWCXQ5NjJAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDk2M0B0ZXN0 +MRgwFgYJKoZIhvcNAQkBFgl0OTY0QHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQ5NjVA +dGVzdDEYMBYGCSqGSIb3DQEJARYJdDk2NkB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0 +OTY3QHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQ5NjhAdGVzdDEYMBYGCSqGSIb3DQEJ +ARYJdDk2OUB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0OTcwQHRlc3QxGDAWBgkqhkiG +9w0BCQEWCXQ5NzFAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDk3MkB0ZXN0MRgwFgYJ +KoZIhvcNAQkBFgl0OTczQHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQ5NzRAdGVzdDEY +MBYGCSqGSIb3DQEJARYJdDk3NUB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0OTc2QHRl +c3QxGDAWBgkqhkiG9w0BCQEWCXQ5NzdAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDk3 +OEB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0OTc5QHRlc3QxGDAWBgkqhkiG9w0BCQEW +CXQ5ODBAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDk4MUB0ZXN0MRgwFgYJKoZIhvcN +AQkBFgl0OTgyQHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQ5ODNAdGVzdDEYMBYGCSqG +SIb3DQEJARYJdDk4NEB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0OTg1QHRlc3QxGDAW +BgkqhkiG9w0BCQEWCXQ5ODZAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDk4N0B0ZXN0 +MRgwFgYJKoZIhvcNAQkBFgl0OTg4QHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQ5ODlA +dGVzdDEYMBYGCSqGSIb3DQEJARYJdDk5MEB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0 +OTkxQHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQ5OTJAdGVzdDEYMBYGCSqGSIb3DQEJ +ARYJdDk5M0B0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0OTk0QHRlc3QxGDAWBgkqhkiG +9w0BCQEWCXQ5OTVAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDk5NkB0ZXN0MRgwFgYJ +KoZIhvcNAQkBFgl0OTk3QHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQ5OThAdGVzdDEY +MBYGCSqGSIb3DQEJARYJdDk5OUB0ZXN0MRkwFwYJKoZIhvcNAQkBFgp0MTAwMEB0 +ZXN0MRkwFwYJKoZIhvcNAQkBFgp0MTAwMUB0ZXN0MRkwFwYJKoZIhvcNAQkBFgp0 +MTAwMkB0ZXN0MRkwFwYJKoZIhvcNAQkBFgp0MTAwM0B0ZXN0MRkwFwYJKoZIhvcN +AQkBFgp0MTAwNEB0ZXN0MRkwFwYJKoZIhvcNAQkBFgp0MTAwNUB0ZXN0MRkwFwYJ +KoZIhvcNAQkBFgp0MTAwNkB0ZXN0MRkwFwYJKoZIhvcNAQkBFgp0MTAwN0B0ZXN0 +MRkwFwYJKoZIhvcNAQkBFgp0MTAwOEB0ZXN0MRkwFwYJKoZIhvcNAQkBFgp0MTAw +OUB0ZXN0MRkwFwYJKoZIhvcNAQkBFgp0MTAxMEB0ZXN0MRkwFwYJKoZIhvcNAQkB +Fgp0MTAxMUB0ZXN0MRkwFwYJKoZIhvcNAQkBFgp0MTAxMkB0ZXN0MRkwFwYJKoZI +hvcNAQkBFgp0MTAxM0B0ZXN0MRkwFwYJKoZIhvcNAQkBFgp0MTAxNEB0ZXN0MRkw +FwYJKoZIhvcNAQkBFgp0MTAxNUB0ZXN0MRkwFwYJKoZIhvcNAQkBFgp0MTAxNkB0 +ZXN0MRkwFwYJKoZIhvcNAQkBFgp0MTAxN0B0ZXN0MRkwFwYJKoZIhvcNAQkBFgp0 +MTAxOEB0ZXN0MRkwFwYJKoZIhvcNAQkBFgp0MTAxOUB0ZXN0MRkwFwYJKoZIhvcN +AQkBFgp0MTAyMEB0ZXN0MRkwFwYJKoZIhvcNAQkBFgp0MTAyMUB0ZXN0MRkwFwYJ +KoZIhvcNAQkBFgp0MTAyMkB0ZXN0MRkwFwYJKoZIhvcNAQkBFgp0MTAyM0B0ZXN0 +MRkwFwYJKoZIhvcNAQkBFgp0MTAyNEB0ZXN0MIIBIjANBgkqhkiG9w0BAQEFAAOC +AQ8AMIIBCgKCAQEAugvahBkSAUF1fC49vb1bvlPrcl80kop1iLpiuYoz4Qptwy57 ++EWssZBcHprZ5BkWf6PeGZ7F5AX1PyJbGHZLqvMCvViP6pd4MFox/igESISEHEix +oiXCzepBrhtp5UQSjHD4D4hKtgdMgVxX+LRtwgW3mnu/vBu7rzpr/DS8io99p3lq +Z1Aky+aNlcMj6MYy8U+YFEevb/V0lRY9oqwmW7BHnXikm/vi6sjIS350U8zb/mRz +YeIs2R65LUduTL50+UMgat9ocewI2dv8aO9Dph+8NdGtg8LFYyTTHcUxJoMr1PTO +gnmET19WJH4PrFwk7ZE1QJQQ1L4iKmPeQistuQIDAQABozUwMzAOBgNVHQ8BAf8E +BAMCBaAwEwYDVR0lBAwwCgYIKwYBBQUHAwEwDAYDVR0TAQH/BAIwADANBgkqhkiG +9w0BAQsFAAOCAQEAtMIpnGzOBkJXEBmCsRVbTrg9QgYRlGPG48+cXT2QbIutAmbj +miF+OYg/bRsQtuqcKjnJYog+x6UCU3d34jaMEfEXfHSwF7xPQrqJm45MXhG3so4E ++el5GMAS+SKFQK3w8NPoGhGwn82sz4XV6HMG+ANUxMlCrOcx2jh5UW+7ITjdRwJd +ReJ/JaMpneJdwGFSU9Vn+t7PFb51/pOYqO/PuEANzphovjMVcFZ6mtAQwYDkQZBJ +Vy1/7bPoNmbKD0GAS6HpS+xaJ/DnjjD6Kal2T7GMyvRMogj5BeZ/uEkXCEhvoaBT +os1gaqqnGpZ6JSEDctzjgpCtEPR40yiz1wv1CA== +-----END CERTIFICATE----- diff --git a/openssl-1.1.0h/test/certs/mkcert.sh b/openssl-1.1.0h/test/certs/mkcert.sh new file mode 100755 index 0000000..ee31bf0 --- /dev/null +++ b/openssl-1.1.0h/test/certs/mkcert.sh @@ -0,0 +1,254 @@ +#! /bin/bash +# +# Copyright (c) 2016 Viktor Dukhovni . +# All rights reserved. +# +# Contributed to the OpenSSL project under the terms of the OpenSSL license +# included with the version of the OpenSSL software that includes this module. + +# 100 years should be enough for now +# +if [ -z "$DAYS" ]; then + DAYS=36525 +fi + +if [ -z "$OPENSSL_SIGALG" ]; then + OPENSSL_SIGALG=sha256 +fi + +if [ -z "$REQMASK" ]; then + REQMASK=utf8only +fi + +stderr_onerror() { + ( + err=$("$@" >&3 2>&1) || { + printf "%s\n" "$err" >&2 + exit 1 + } + ) 3>&1 +} + +key() { + local key=$1; shift + + local alg=rsa + if [ -n "$OPENSSL_KEYALG" ]; then + alg=$OPENSSL_KEYALG + fi + + local bits=2048 + if [ -n "$OPENSSL_KEYBITS" ]; then + bits=$OPENSSL_KEYBITS + fi + + if [ ! -f "${key}.pem" ]; then + args=(-algorithm "$alg") + case $alg in + rsa) args=("${args[@]}" -pkeyopt rsa_keygen_bits:$bits );; + ec) args=("${args[@]}" -pkeyopt "ec_paramgen_curve:$bits") + args=("${args[@]}" -pkeyopt ec_param_enc:named_curve);; + *) printf "Unsupported key algorithm: %s\n" "$alg" >&2; return 1;; + esac + stderr_onerror \ + openssl genpkey "${args[@]}" -out "${key}.pem" + fi +} + +# Usage: $0 req keyname dn1 dn2 ... +req() { + local key=$1; shift + + key "$key" + local errs + + stderr_onerror \ + openssl req -new -"${OPENSSL_SIGALG}" -key "${key}.pem" \ + -config <(printf "string_mask=%s\n[req]\n%s\n%s\n[dn]\n" \ + "$REQMASK" "prompt = no" "distinguished_name = dn" + for dn in "$@"; do echo "$dn"; done) +} + +req_nocn() { + local key=$1; shift + + key "$key" + stderr_onerror \ + openssl req -new -"${OPENSSL_SIGALG}" -subj / -key "${key}.pem" \ + -config <(printf "[req]\n%s\n[dn]\nCN_default =\n" \ + "distinguished_name = dn") +} + +cert() { + local cert=$1; shift + local exts=$1; shift + + stderr_onerror \ + openssl x509 -req -"${OPENSSL_SIGALG}" -out "${cert}.pem" \ + -extfile <(printf "%s\n" "$exts") "$@" +} + +genroot() { + local cn=$1; shift + local key=$1; shift + local cert=$1; shift + local skid="subjectKeyIdentifier = hash" + local akid="authorityKeyIdentifier = keyid" + + exts=$(printf "%s\n%s\n%s\n" "$skid" "$akid" "basicConstraints = critical,CA:true") + for eku in "$@" + do + exts=$(printf "%s\nextendedKeyUsage = %s\n" "$exts" "$eku") + done + csr=$(req "$key" "CN = $cn") || return 1 + echo "$csr" | + cert "$cert" "$exts" -signkey "${key}.pem" -set_serial 1 -days "${DAYS}" +} + +genca() { + local cn=$1; shift + local key=$1; shift + local cert=$1; shift + local cakey=$1; shift + local cacert=$1; shift + local skid="subjectKeyIdentifier = hash" + local akid="authorityKeyIdentifier = keyid" + + exts=$(printf "%s\n%s\n%s\n" "$skid" "$akid" "basicConstraints = critical,CA:true") + for eku in "$@" + do + exts=$(printf "%s\nextendedKeyUsage = %s\n" "$exts" "$eku") + done + if [ -n "$NC" ]; then + exts=$(printf "%s\nnameConstraints = %s\n" "$exts" "$NC") + fi + csr=$(req "$key" "CN = $cn") || return 1 + echo "$csr" | + cert "$cert" "$exts" -CA "${cacert}.pem" -CAkey "${cakey}.pem" \ + -set_serial 2 -days "${DAYS}" +} + +gen_nonbc_ca() { + local cn=$1; shift + local key=$1; shift + local cert=$1; shift + local cakey=$1; shift + local cacert=$1; shift + local skid="subjectKeyIdentifier = hash" + local akid="authorityKeyIdentifier = keyid" + + exts=$(printf "%s\n%s\n%s\n" "$skid" "$akid") + exts=$(printf "%s\nkeyUsage = %s\n" "$exts" "keyCertSign, cRLSign") + for eku in "$@" + do + exts=$(printf "%s\nextendedKeyUsage = %s\n" "$exts" "$eku") + done + csr=$(req "$key" "CN = $cn") || return 1 + echo "$csr" | + cert "$cert" "$exts" -CA "${cacert}.pem" -CAkey "${cakey}.pem" \ + -set_serial 2 -days "${DAYS}" +} + +# Usage: $0 genpc keyname certname eekeyname eecertname pcext1 pcext2 ... +# +# Note: takes csr on stdin, so must be used with $0 req like this: +# +# $0 req keyname dn | $0 genpc keyname certname eekeyname eecertname pcext ... +genpc() { + local key=$1; shift + local cert=$1; shift + local cakey=$1; shift + local ca=$1; shift + + exts=$(printf "%s\n%s\n%s\n%s\n" \ + "subjectKeyIdentifier = hash" \ + "authorityKeyIdentifier = keyid, issuer:always" \ + "basicConstraints = CA:false" \ + "proxyCertInfo = critical, @pcexts"; + echo "[pcexts]"; + for x in "$@"; do echo $x; done) + cert "$cert" "$exts" -CA "${ca}.pem" -CAkey "${cakey}.pem" \ + -set_serial 2 -days "${DAYS}" +} + +# Usage: $0 genalt keyname certname eekeyname eecertname alt1 alt2 ... +# +# Note: takes csr on stdin, so must be used with $0 req like this: +# +# $0 req keyname dn | $0 genalt keyname certname eekeyname eecertname alt ... +geneealt() { + local key=$1; shift + local cert=$1; shift + local cakey=$1; shift + local ca=$1; shift + + exts=$(printf "%s\n%s\n%s\n%s\n" \ + "subjectKeyIdentifier = hash" \ + "authorityKeyIdentifier = keyid" \ + "basicConstraints = CA:false" \ + "subjectAltName = @alts"; + echo "[alts]"; + for x in "$@"; do echo $x; done) + cert "$cert" "$exts" -CA "${ca}.pem" -CAkey "${cakey}.pem" \ + -set_serial 2 -days "${DAYS}" +} + +genee() { + local OPTIND=1 + local purpose=serverAuth + + while getopts p: o + do + case $o in + p) purpose="$OPTARG";; + *) echo "Usage: $0 genee [-p EKU] cn keyname certname cakeyname cacertname" >&2 + return 1;; + esac + done + + shift $((OPTIND - 1)) + local cn=$1; shift + local key=$1; shift + local cert=$1; shift + local cakey=$1; shift + local ca=$1; shift + + exts=$(printf "%s\n%s\n%s\n%s\n%s\n[alts]\n%s\n" \ + "subjectKeyIdentifier = hash" \ + "authorityKeyIdentifier = keyid, issuer" \ + "basicConstraints = CA:false" \ + "extendedKeyUsage = $purpose" \ + "subjectAltName = @alts" "DNS=${cn}") + csr=$(req "$key" "CN = $cn") || return 1 + echo "$csr" | + cert "$cert" "$exts" -CA "${ca}.pem" -CAkey "${cakey}.pem" \ + -set_serial 2 -days "${DAYS}" "$@" +} + +genss() { + local cn=$1; shift + local key=$1; shift + local cert=$1; shift + + exts=$(printf "%s\n%s\n%s\n%s\n%s\n[alts]\n%s\n" \ + "subjectKeyIdentifier = hash" \ + "authorityKeyIdentifier = keyid, issuer" \ + "basicConstraints = CA:false" \ + "extendedKeyUsage = serverAuth" \ + "subjectAltName = @alts" "DNS=${cn}") + csr=$(req "$key" "CN = $cn") || return 1 + echo "$csr" | + cert "$cert" "$exts" -signkey "${key}.pem" \ + -set_serial 1 -days "${DAYS}" "$@" +} + +gennocn() { + local key=$1; shift + local cert=$1; shift + + csr=$(req_nocn "$key") || return 1 + echo "$csr" | + cert "$cert" "" -signkey "${key}.pem" -set_serial 1 -days -1 "$@" +} + +"$@" diff --git a/openssl-1.1.0h/test/certs/nca+anyEKU.pem b/openssl-1.1.0h/test/certs/nca+anyEKU.pem new file mode 100644 index 0000000..b97a455 --- /dev/null +++ b/openssl-1.1.0h/test/certs/nca+anyEKU.pem @@ -0,0 +1,19 @@ +-----BEGIN TRUSTED CERTIFICATE----- +MIIDDTCCAfWgAwIBAgIBAjANBgkqhkiG9w0BAQsFADASMRAwDgYDVQQDDAdSb290 +IENBMCAXDTE2MDExNTA4MTk0OVoYDzIxMTYwMTE2MDgxOTQ5WjANMQswCQYDVQQD +DAJDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJadpD0ASxxfxsvd +j9IxsogVzMSGLFziaYuE9KejU9+R479RifvwfBANO62sNWJ19X//9G5UjwWmkiOz +n1k50DkYsBBA3mJzik6wjt/c58lBIlSEgAgpvDU8ht8w3t20JP9+YqXAeugqFj/W +l9rFQtsvaWSRywjXVlp5fxuEQelNnXcJEKhsKTNExsBUZebo4/J1BWpklWzA9P0l +YW5INvDAAwcF1nzlEf0Y6Eot03IMNyg2MTE4hehxjdgCSci8GYnFirE/ojXqqpAc +ZGh7r2dqWgZUD1Dh+bT2vjrUzj8eTH3GdzI+oljt29102JIUaqj3yzRYkah8FLF9 +CLNNsUcCAwEAAaNxMG8wHQYDVR0OBBYEFLQRM/HX4l73U54gIhBPhga/H8leMB8G +A1UdIwQYMBaAFI71Ja8em2uEPXyAmslTnE1y96NSMAkGA1UdEwQCMAAwEwYDVR0l +BAwwCgYIKwYBBQUHAwEwDQYDVR0RBAYwBIICQ0EwDQYJKoZIhvcNAQELBQADggEB +AL/aEy4Nk2W2UQNi/0h9MLkiq4J5IkjUocJp4grPUsdUJKu68GFYgWnJSBZjKMhs +X390IUWrRJ8C7SJtyGOhbh2E6Zn7TveI77Mnw2CZpGhy+xieqTFmaIIWJgZVzaTT +3hMhnXImn06k8eJiJiQQAHKr9XKDK9HIiESyBpujIW5hI7wrklkn0asl6DwiXcUw +AuXqNffWpomWI4ZZceOJkr5dSFM9HyksQi4uzj0qYTDyDHJ6BLuGYWbUoB64pnKF +wCn0cPOmbo866l0XqzJlxQYPvwOicAptX8jTjSpYsx5SLripS4KwyfxbGy5If8mT +X4st+BN48+n9wHuDQJ97sBswDDAKBggrBgEFBQcDAQ== +-----END TRUSTED CERTIFICATE----- diff --git a/openssl-1.1.0h/test/certs/nca+serverAuth.pem b/openssl-1.1.0h/test/certs/nca+serverAuth.pem new file mode 100644 index 0000000..b97a455 --- /dev/null +++ b/openssl-1.1.0h/test/certs/nca+serverAuth.pem @@ -0,0 +1,19 @@ +-----BEGIN TRUSTED CERTIFICATE----- +MIIDDTCCAfWgAwIBAgIBAjANBgkqhkiG9w0BAQsFADASMRAwDgYDVQQDDAdSb290 +IENBMCAXDTE2MDExNTA4MTk0OVoYDzIxMTYwMTE2MDgxOTQ5WjANMQswCQYDVQQD +DAJDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJadpD0ASxxfxsvd +j9IxsogVzMSGLFziaYuE9KejU9+R479RifvwfBANO62sNWJ19X//9G5UjwWmkiOz +n1k50DkYsBBA3mJzik6wjt/c58lBIlSEgAgpvDU8ht8w3t20JP9+YqXAeugqFj/W +l9rFQtsvaWSRywjXVlp5fxuEQelNnXcJEKhsKTNExsBUZebo4/J1BWpklWzA9P0l +YW5INvDAAwcF1nzlEf0Y6Eot03IMNyg2MTE4hehxjdgCSci8GYnFirE/ojXqqpAc +ZGh7r2dqWgZUD1Dh+bT2vjrUzj8eTH3GdzI+oljt29102JIUaqj3yzRYkah8FLF9 +CLNNsUcCAwEAAaNxMG8wHQYDVR0OBBYEFLQRM/HX4l73U54gIhBPhga/H8leMB8G +A1UdIwQYMBaAFI71Ja8em2uEPXyAmslTnE1y96NSMAkGA1UdEwQCMAAwEwYDVR0l +BAwwCgYIKwYBBQUHAwEwDQYDVR0RBAYwBIICQ0EwDQYJKoZIhvcNAQELBQADggEB +AL/aEy4Nk2W2UQNi/0h9MLkiq4J5IkjUocJp4grPUsdUJKu68GFYgWnJSBZjKMhs +X390IUWrRJ8C7SJtyGOhbh2E6Zn7TveI77Mnw2CZpGhy+xieqTFmaIIWJgZVzaTT +3hMhnXImn06k8eJiJiQQAHKr9XKDK9HIiESyBpujIW5hI7wrklkn0asl6DwiXcUw +AuXqNffWpomWI4ZZceOJkr5dSFM9HyksQi4uzj0qYTDyDHJ6BLuGYWbUoB64pnKF +wCn0cPOmbo866l0XqzJlxQYPvwOicAptX8jTjSpYsx5SLripS4KwyfxbGy5If8mT +X4st+BN48+n9wHuDQJ97sBswDDAKBggrBgEFBQcDAQ== +-----END TRUSTED CERTIFICATE----- diff --git a/openssl-1.1.0h/test/certs/ncca-cert.pem b/openssl-1.1.0h/test/certs/ncca-cert.pem new file mode 100644 index 0000000..a79bba6 --- /dev/null +++ b/openssl-1.1.0h/test/certs/ncca-cert.pem @@ -0,0 +1,21 @@ +-----BEGIN CERTIFICATE----- +MIIDeTCCAmGgAwIBAgIBAjANBgkqhkiG9w0BAQsFADASMRAwDgYDVQQDDAdSb290 +IENBMCAXDTE2MDcwMTExMzQwMloYDzIxMTYwNzAyMTEzNDAyWjAVMRMwEQYDVQQD +DApUZXN0IE5DIENBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmuWS +Ozk+X7+BorU9o4nDc9jhk+Qajzav6yRFpJFlnxL5I4Az3wQiHFwyDWkR58FKYFLx +adAahUYRIJioBwUhKEiMyJcT/Lr+lxioQog268nCUosqr5r3iaAQkXj9j49HXIdo +qD+hbMH/82IqYP7vpJl8yvjRCZQ69KJZOQN4F4rHtUxJYLLmmbeIF02uNNib5hiH +m3sdn1ic2Cxk1h1mHQqa5fPfKz2NSANKRYVQcOYiFSwroNFbgKo7++N59NGgYY0a +n5uz+MZh/10+PsRF7WFsxt0TdExv++mN1fFRkBB4fD7fFp+52Qef27lv37X2JT5U +C2gpXXUWQC8jJIijPwIDAQABo4HUMIHRMB0GA1UdDgQWBBRh7exLM2xCRHrP9Slp +oxYhlykaqDAfBgNVHSMEGDAWgBSO9SWvHptrhD18gJrJU5xNcvejUjAPBgNVHRMB +Af8EBTADAQH/MH4GA1UdHgR3MHWgOzAOggx3d3cuZ29vZC5vcmcwC4IJLmdvb2Qu +Y29tMA+BDWdvb2RAZ29vZC5vcmcwC4EJQGdvb2QuY29toTYwDYILd3d3LmJhZC5v +cmcwCoIILmJhZC5jb20wDYELYmFkQGJhZC5vcmcwCoEIQGJhZC5jb20wDQYJKoZI +hvcNAQELBQADggEBAEFkGH/0mh93mMCWZ1QZOhlK48arnco0wjC5sYcVX5X/PoO1 +2DmHFiyHmHablH4d8uWUt9A63Akt0ogIPL4R0I3nOkUU38A1geXruSJDlDVsH75/ +MT7RVRTqJriVwqX6YlAVj2i0De20BLgyZiN3WaR+nngVC7JjdY+n1qskGByEWrin +pwDVdFtWBTPDq1Nh9sm3FewrfOws7KQvjf0Pj88PIrNEDZm9SR512eH7EFPMvHJv +7usU33GL34VRZAYtspQ5EwZbspHXe1FFwdhZLr71gChGeNpDfpqVDQQxhDNor7uQ +z8L+Xuh7FvhjFgCp1Mnd6VN1q2Pwt5sG8Z3i29Q= +-----END CERTIFICATE----- diff --git a/openssl-1.1.0h/test/certs/ncca-key.pem b/openssl-1.1.0h/test/certs/ncca-key.pem new file mode 100644 index 0000000..d085541 --- /dev/null +++ b/openssl-1.1.0h/test/certs/ncca-key.pem @@ -0,0 +1,28 @@ +-----BEGIN PRIVATE KEY----- +MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQCa5ZI7OT5fv4Gi +tT2jicNz2OGT5BqPNq/rJEWkkWWfEvkjgDPfBCIcXDINaRHnwUpgUvFp0BqFRhEg +mKgHBSEoSIzIlxP8uv6XGKhCiDbrycJSiyqvmveJoBCReP2Pj0dch2ioP6Fswf/z +Yipg/u+kmXzK+NEJlDr0olk5A3gXise1TElgsuaZt4gXTa402JvmGIebex2fWJzY +LGTWHWYdCprl898rPY1IA0pFhVBw5iIVLCug0VuAqjv743n00aBhjRqfm7P4xmH/ +XT4+xEXtYWzG3RN0TG/76Y3V8VGQEHh8Pt8Wn7nZB5/buW/ftfYlPlQLaClddRZA +LyMkiKM/AgMBAAECggEAfZqBDKMrkArDvUPIes9gfZU1vm3ul4kZ98wO6Ra519dT +zVTNOx+n5WVhdPxpd4uGmztG5a3Jg57AjrUbM64WKAtElffkTkD352AoOOMp3eNa +PwL4lzNLXP890CjTO9FMZZyr4hrO9FkQCrTkdojjnI6V4iUHpQPdFrh7Lz8/553v +sfbXW0o6jRtnN8jslLs7LQY+n0QQeLuvwrJGJRdQSfubtjTOYzlE/WZJmitJMi2X +0qnoVK5B91bo3NcdFxstSgv36RL5Txsas8PfXWrFzPxqgjPjlpw1xMrF5bT3rK72 +oPB+/HunqIJc0OHHs2mi38Jea0yBCaJHzniAp2INcQKBgQDLjP5STKvu+SSZGpBp +T3m+i6hbmo1HzYZBSi9jJiyGB8G50G5rbGJ0c/BgjfkhfRhmJ5Ym4NVVgxQgrMHe +pFP5L4yDtspFwbRWuuYHoWFupUbqnZfksDHB5xQHFbJPFKBQOKBgM4crDG6PTnYO +2M+fNlY7IL/QTlJxUHYH07CPGQKBgQDCzytixBLPB/mmIZNhwyK8pyecu6tCEpBi +QiG/gcaLejXMwGieTiZQ/5sCG+oQWywFXqbPsgQ/gAlXsZ0yZ5GW7TTtsOGksnmt +W1+bxQQ3Pv99wpg/G71SLdK0em5lAodCT6gccqjbKRj23sRnmL+M2GeEGI5hsNyC +OFmyYisIFwKBgHLNk8cRLUu8QzMC834h8BVTKWJ4+cQMm/MJB08Rgb0adN37O7vk +xmbN2T5r9J45suAy5ZIJ7uiq5FhFd5a98gqyEbtcBhtv0+mywfh9wbkpCKVcuwWl +hnrJfNc+GnJVvNFiDroTdeIGwfiblSRsjjVK7TmuD+FJu1/jtJ5Xe9ZJAoGASHwP +N5ufJ/ter6r0jL6vsSQ8//twOJBxuq3CouAlwQYC+KFrC+QmK6M/yOQcDmPuGD1k +sgkZvYrlbwS+ad/Rcyfltr9G5iImVhOWmn4PGINPSzrZrTmkEuzL5q1bYCg1rb23 +3oXnQEylZk3zJFzYgQ6QTb1ZVQ4arjVLYq1WN5cCgYEAxRBqa8ZfwlS5D6bBNgn3 +DDCwz2kZNXG5U3wIw905NNrpUC55W33qcKe9UzoRZEOzuUjq3EL2maMrJULldLGy +g+elvsZhz7cfmestY2cnbxExqwrTrLWfA8s9Hyl7i9tkfRze5WfhNGc3kwm1qrVG +5zFZgtb/mTLnvQVIYCX9ks4= +-----END PRIVATE KEY----- diff --git a/openssl-1.1.0h/test/certs/ncca1-cert.pem b/openssl-1.1.0h/test/certs/ncca1-cert.pem new file mode 100644 index 0000000..1f7f52e --- /dev/null +++ b/openssl-1.1.0h/test/certs/ncca1-cert.pem @@ -0,0 +1,20 @@ +-----BEGIN CERTIFICATE----- +MIIDWTCCAkGgAwIBAgIBAjANBgkqhkiG9w0BAQsFADASMRAwDgYDVQQDDAdSb290 +IENBMCAXDTE2MDcwOTE0NDgxMVoYDzIxMTYwNzEwMTQ0ODExWjAXMRUwEwYDVQQD +DAxUZXN0IE5DIENBIDEwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDC +XjL5JEImsGFW5whlXCfDTeqjZAVb+rSXAhZQ25bP9YvhsbmPVYe8A61zwGStl2rF +mChzN9/+LA40/lh0mjCV82mfNp1XLRPhE9sPGXwfLgJGCy/d6pp/8yGuFmkWPus9 +bhxlOk7ADw4e3R3kVdwn9I3O3mIrI+I45ywZpzrbs/NGFiqhRxXbZTAKyI4INxgB +VZfkoxqesnjD1j36fq7qEVas6gVm27YA9b+31ofFLM7WN811LQELwTdWiF0/xXiO +XawU1QnkrNPxCSPWyeaM4tN50ZPRQA/ArV4I7szKhKskRzGwFgdaxorYn8c+2gTq +fedLPvNw1WPryAumidqTAgMBAAGjgbIwga8wHQYDVR0OBBYEFAjRm/nm1WRwoPFr +Gp7tUtrd9VBDMB8GA1UdIwQYMBaAFI71Ja8em2uEPXyAmslTnE1y96NSMA8GA1Ud +EwEB/wQFMAMBAf8wXAYDVR0eBFUwU6BRMA6CDHd3dy5nb29kLm9yZzAKgghnb29k +LmNvbTAPgQ1nb29kQGdvb2Qub3JnMAqBCGdvb2QuY29tMAqHCH8AAAH/////MAqH +CMCoAAD//wAAMA0GCSqGSIb3DQEBCwUAA4IBAQDRpRo9txGcsPsfBInz2ctvl37p +a7DcrFTSLltADj+7/80OwYBtdmxiU9OfuETxdq5XbkghlmBGrDswtGHhcoDnSugm +2n3Ov0YOQHYgStGYEsmXahjZ49Xlh8gzt9NBfzJIm6blBpJo845Z0cbzd1LdCgt/ +ck83nGnLvhIEZ3nFrT2K9vWQ3UkrFMfR3gCZpu/2X3+5UgK9IpGU+crDcGUcpdoz +YaJka2w7rjw0mvQX8JtVBRt4xGRRAXXL2YA421nIzX7tKLHngYp6V9zu7QE2G5zS +RewAXU3TERFQi4bF+N9mmwj8z9CYClRH56uFboGGBEGSulsbF5C4DB0p7dbl +-----END CERTIFICATE----- diff --git a/openssl-1.1.0h/test/certs/ncca1-key.pem b/openssl-1.1.0h/test/certs/ncca1-key.pem new file mode 100644 index 0000000..eef6b14 --- /dev/null +++ b/openssl-1.1.0h/test/certs/ncca1-key.pem @@ -0,0 +1,28 @@ +-----BEGIN PRIVATE KEY----- +MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQDCXjL5JEImsGFW +5whlXCfDTeqjZAVb+rSXAhZQ25bP9YvhsbmPVYe8A61zwGStl2rFmChzN9/+LA40 +/lh0mjCV82mfNp1XLRPhE9sPGXwfLgJGCy/d6pp/8yGuFmkWPus9bhxlOk7ADw4e +3R3kVdwn9I3O3mIrI+I45ywZpzrbs/NGFiqhRxXbZTAKyI4INxgBVZfkoxqesnjD +1j36fq7qEVas6gVm27YA9b+31ofFLM7WN811LQELwTdWiF0/xXiOXawU1QnkrNPx +CSPWyeaM4tN50ZPRQA/ArV4I7szKhKskRzGwFgdaxorYn8c+2gTqfedLPvNw1WPr +yAumidqTAgMBAAECggEAcIZCclQYa/eO0tW72ZppdrsEDQWZyK8yn33Y14TZIZnh +Go9egumcRC/I2gtW/dx8NtqpCFMfvTFaJDnfkdm2KQmba04d9tsk+BgbqPkzD4X+ +UPinBI2OVma2Z+eXfQZ9/7lgfQYtkyjkHuAaLxe59fOxqUK7iIgkrpa+xDc5bvkR +v3e/ipJ1lrLn7aaQUR87wIkG9hs5UpRHiTd8PgaVavX8SdeXsOChv89owIKya2d3 +HCZiFVPwHrn7FVmDD41sllC78r+qvsyRs1j9aU5hGk8XlslxrYehphCCUHTUWRfM +Mc6iSzuJyHFj1faOSs64eab5FLWp612S709vcfhSqQKBgQD7ycj2VhoPII6sko+k +iUS0hzX7qC17cP4RmqGKbyffNW0L5B5+XmqBrw13duSv7O388F9P0+ctxbLgg6ML +2r0PxkNTNISJim+vWbwMAFevJ9mzsOMRaPZKqx1MghWJzjR2LdPD5x9nHrYi7uUC +NJe6R6pjtPCSU4yMLgu0IOEm7wKBgQDFnocCLCNiHwaJZ0v1wgSpQmYcE6MOKp+1 +SqOAsWwRtEgMQFoAEC3gGotm0BYF0fwSbM8XFFWqO2NITSV7b8/RkADocvvHWfQN +d/ETJy3iL1UZgr012jwa91VuhL4XbqON+CAZSgwmVnOhTaXg1imuorHrwR6f1JzT +F9EQhiqmnQKBgCmsYS2cXJ3KVrLrYwjpi0yR4HZxhG2c6wBA5qHB+ghwkEbaj818 +lQY30fPG4tzXSyCFLFFLEkU6JnwQbYkFwCr/Np9r3s/g8NFF+eDGobykzNx3121H +QRRks+m40hXH4lj5Bsay1zi7FYw8m/y8daxoNiRgizy8xVNiP5+lnX5TAoGAQ4bJ +50ohxROI7kanxBBJ+3Q+4/Up0FtsO0yH1h/KJ7qMq/MJTeA5bMxlOfp8q/x2v+0C +ToaaRxMH99q0phsszhUA2mz/77yjEj8b10mZ+iHmWFM+SDqMM0K0pJEjS2p45LgW +b83HnQoJdOLNfahwkcXyOfbBeifydoc63wSZalkCgYEA2gNC+Fvtzv/Zm6yj6M2j +RdU2Ncbi3fAKCiOhTcsXSWi0H7IYi/r8Su48946X7GTLgZIFM4HlGbQaStX5MUbJ +BjtOyYaUGjzH/7KKiuyuoLVuWWi4llV+Xigc+WSqO5X/DUmjXA9ldbB5/vcDiHk0 +QZ/pla7vZ4cbNPFd2cFHk84= +-----END PRIVATE KEY----- diff --git a/openssl-1.1.0h/test/certs/ncca2-cert.pem b/openssl-1.1.0h/test/certs/ncca2-cert.pem new file mode 100644 index 0000000..2b649a2 --- /dev/null +++ b/openssl-1.1.0h/test/certs/ncca2-cert.pem @@ -0,0 +1,20 @@ +-----BEGIN CERTIFICATE----- +MIIDSDCCAjCgAwIBAgIBAjANBgkqhkiG9w0BAQsFADASMRAwDgYDVQQDDAdSb290 +IENBMCAXDTE2MDcwOTE0NDgxMVoYDzIxMTYwNzEwMTQ0ODExWjAXMRUwEwYDVQQD +DAxUZXN0IE5DIENBIDIwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC8 +Dg3FeyXgtP6MAYaLRCH1peDogKo0OI5dqERirJDymgg0eqUkGPD86n/ZRDFZMhqM +2LATVNS9UHybb/8aBZaSNmCVGcQuhGFFI1STjtu34n8z7+XFE66I2cFUo20kUdTl +OeUAj7Wd+a2paAtPW3G2mX6EIzm/6/3HMh/y1d0knCBRjialOCdhrRTvGcamYBqw +PJd8X8nMtM320ZNDF5wBvx09/5KY1jLhdzBVbzezFogX0Bj1LX9UZRu+xN2dHAUn +CuYevJJwkfiHeg0EZxr/p4AZ7GICWkpk+bRzQ16+IifXtc5qIns0VvWKtffsDExV +mlM6af1eIjgLhKGAd9cZAgMBAAGjgaEwgZ4wHQYDVR0OBBYEFLoDn50GJKRX5nP6 +9ToJ+bqFzKn6MB8GA1UdIwQYMBaAFI71Ja8em2uEPXyAmslTnE1y96NSMA8GA1Ud +EwEB/wQFMAMBAf8wSwYDVR0eBEQwQqFAMA2CC3d3dy5iYWQub3JnMAmCB2JhZC5j +b20wDYELYmFkQGJhZC5vcmcwCYEHYmFkLmNvbTAKhwgKAAAA/wAAADANBgkqhkiG +9w0BAQsFAAOCAQEAlqqhiquvukmLApryy5ztoy3bGtF6S6k/MGAZAf1ndxpdhHNX +vQmjSrFL2IPENwTrPd5T1Muf5C+ZfX/NOf6QWoF3kbD/98K1vfEa6C+3fgsflUQu +1Tu20ItN2C7VkMawOhItxBXU9nLcIULUJye0dRC+xvh1ECHiLBh45y/fG0bdZGpd +/NajC+1FwBGI2k62mbW8KGpNDKeJWwcDe4SsMs70Y3JybCj5PNO63JF6db9yZGF3 +2esHfYJ1NQTA9oRsOztlf+PQADQx/HoCJ/BhJSuOcBL/r9uN+YQUtBzG8BKGODE3 +aOrnkbDctDI3zZXUADTidBVxO5HzizGlRGodSQ== +-----END CERTIFICATE----- diff --git a/openssl-1.1.0h/test/certs/ncca2-key.pem b/openssl-1.1.0h/test/certs/ncca2-key.pem new file mode 100644 index 0000000..03eae6d --- /dev/null +++ b/openssl-1.1.0h/test/certs/ncca2-key.pem @@ -0,0 +1,28 @@ +-----BEGIN PRIVATE KEY----- +MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQC8Dg3FeyXgtP6M +AYaLRCH1peDogKo0OI5dqERirJDymgg0eqUkGPD86n/ZRDFZMhqM2LATVNS9UHyb +b/8aBZaSNmCVGcQuhGFFI1STjtu34n8z7+XFE66I2cFUo20kUdTlOeUAj7Wd+a2p +aAtPW3G2mX6EIzm/6/3HMh/y1d0knCBRjialOCdhrRTvGcamYBqwPJd8X8nMtM32 +0ZNDF5wBvx09/5KY1jLhdzBVbzezFogX0Bj1LX9UZRu+xN2dHAUnCuYevJJwkfiH +eg0EZxr/p4AZ7GICWkpk+bRzQ16+IifXtc5qIns0VvWKtffsDExVmlM6af1eIjgL +hKGAd9cZAgMBAAECggEAT1t+5D87lL/MSzi5ljuCOS9u4a6qJK9ZJJzFfv5jjH0D +yWGYHsuHprMukHj+ei1yls06QG4j+F/mtZFljY2eJMVdrI3bA+ZJRevK3RoEDm0+ +UKSDyc6scIOz2gu9Gv6NYM41nS8H7UpXxo1peGuWaQANK6XR0PO9fDni0Y7+a1vc +mTbiI5m2mKcYRgLmDBXzTGANszBdgGK9UxHL+Jx+j04ZdcMSg3b/OE1RAZr9zS86 +2CiZgcEVdddXjQ0HufkeG7gozyX7Y4JulLuqLZiROyHiIv+8kXLyLi7MUBFuizKP +GdmJxGhYfbYVLU5KXsLjf/oakYroatxabonn4HnpoQKBgQD3zhL2dEuyhPwxpGHu +53hpZmNSbLj7pT441t4WwraoV8SyOb195yeX77IVT1FSctmYi2txXdfe1MAseKcf +8P7XuWchEnro5dE7sTcZ4M3uLMDsEFPkWyRz3Y+CIg6IjMz0JsByyVVa8f4Kjw9G +99ceZPd+M16YNwYgj/1GB9HOBwKBgQDCRiIlWz8BPnY6xltQPSC4AXffD4V5pzOo +/b82y6+aeCvzwZGcXz9ac3fbRkiOKdPa0b+mYm/ZTpO0XIMALkpsQRN5Jnt5UeaP +J3n7IAS13Gy2gDXuRrllXbbRZI4VPiI7gADzYYpu68sBnJwH2FC0w2l96Gj6woCI +POoClgfp3wKBgQCMLqWHig5wdM59/rHwBj2V0ngJXrvej4H9gX+tfIT8AnqhIAzU +Nnmtd8lUSMSGUbZKl0Q2o5HE2rHD9pUEer6PprBygxPIwIl2rS+wkf2s6OBSKoJq +wiyC5ymRwlZaZNxkma9wv/hrNE40Bu3rhbTJ2vAvEjxG+4mZzhrHDRFg7QKBgGCK +6b0WsyCzIZ3jpM0jE3ddg2xeEj56ULnSH4vjfMiOn4jq0Kmcy6bvasiVDMlZD+bW +BR9yG5Mp8UzYDGGyn1lcnYi/Du0jPig1vfCF4NFfUMcAv8xBaTBuecNk7RaxYeGf +otlPx7OHicKrSP69CJ5L3cisDj9PGQCbBM90L0qRAoGAcXUoDdI+EYBBqxIOXvvl +ZuSOyNPZHwcPw+918uSpuh1xSn/qGD6EdlsBRIxBGk1ztQDNfhOmpFiPSeCmFzhS ++IEy2NMVWRoJTaVwN2UzpKfyDRIzs6DWTs8fJARNDWO+lp04skToFRPdY5L6RJhP +dl0yHofPTNUz2lLmMOhTOw4= +-----END PRIVATE KEY----- diff --git a/openssl-1.1.0h/test/certs/ncca3-cert.pem b/openssl-1.1.0h/test/certs/ncca3-cert.pem new file mode 100644 index 0000000..207c7a7 --- /dev/null +++ b/openssl-1.1.0h/test/certs/ncca3-cert.pem @@ -0,0 +1,20 @@ +-----BEGIN CERTIFICATE----- +MIIDQzCCAiugAwIBAgIBAjANBgkqhkiG9w0BAQsFADAXMRUwEwYDVQQDDAxUZXN0 +IE5DIENBIDEwIBcNMTYwNzA5MTQ0ODExWhgPMjExNjA3MTAxNDQ4MTFaMBkxFzAV +BgNVBAMMDlRlc3QgTkMgc3ViIENBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB +CgKCAQEAu6gOQAcNel3NCbWCctR4Y4BqRNPbo6W3HpFyY+204kGimdNZvE2zkpfs +HR6PB7AHUvq+44+NN/l1J//JkT/9rFVoGDbb/L354US/iBJ3zjBSqeeXvofSmsvf +6+x6g9W7bFLETJ0mH+vjPQ2f3dS4O4Lc7W3HsldR/WUkesQb3+FsxBph6/84vylM +oSsScd/2HFD7lrt+Fk1DGqkMI10tl6PozREAxSJgSFLUtr2P15a7wyi4m5LBM4+L +YKMr/vuj7wFtH2BEwh2iRbJ2wYxxjKV42Hg+6l5XlahVr2rTpK6aP9R8spg+Og/P +A+d2shD3+q6OkglEyq9rRGa2mRZrwwIDAQABo4GVMIGSMB0GA1UdDgQWBBTwU4mH +3VYZwBnmIFVvC/wUFdejsjAfBgNVHSMEGDAWgBQI0Zv55tVkcKDxaxqe7VLa3fVQ +QzAPBgNVHRMBAf8EBTADAQH/MD8GA1UdHgQ4MDagHzAOggx3d3cuZ29vZC5uZXQw +DYILb2suZ29vZC5jb22hEzARgg9iYWQub2suZ29vZC5jb20wDQYJKoZIhvcNAQEL +BQADggEBAMIXGpXdI4jpDzPkqJIoDtAC4KQlC8fm8nW/fEgfHiOZgGHsCkjcvpFU +4yQ/ito9qlV4d4SoWLQijc5eJmTvWQKvHfZNCM9nKWQCY/QDMMePT2UO8RLHjkI3 +V2ARfrFv9NEQ8gd7u0dvsGivacE0vlIS480saVVnda54gOHh5RVe1/mr3EUqnQJr +RTothfmTcCH104SUBUB92gD9Cgh3NpvRS/sZI1pv3diUyw1QF9qszWfk1NPDan4g +hX6VBeHQ4n6PbZLhdbUawE1tVyoN7Q7siz/ybNH0Uj68k87q+HOIx99Qtihw6xoj +UhL2ht4Pmyhy3ACeEI2BTZESEzG/WBI= +-----END CERTIFICATE----- diff --git a/openssl-1.1.0h/test/certs/ncca3-key.pem b/openssl-1.1.0h/test/certs/ncca3-key.pem new file mode 100644 index 0000000..3277dd2 --- /dev/null +++ b/openssl-1.1.0h/test/certs/ncca3-key.pem @@ -0,0 +1,28 @@ +-----BEGIN PRIVATE KEY----- +MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQC7qA5ABw16Xc0J +tYJy1HhjgGpE09ujpbcekXJj7bTiQaKZ01m8TbOSl+wdHo8HsAdS+r7jj403+XUn +/8mRP/2sVWgYNtv8vfnhRL+IEnfOMFKp55e+h9Kay9/r7HqD1btsUsRMnSYf6+M9 +DZ/d1Lg7gtztbceyV1H9ZSR6xBvf4WzEGmHr/zi/KUyhKxJx3/YcUPuWu34WTUMa +qQwjXS2Xo+jNEQDFImBIUtS2vY/XlrvDKLibksEzj4tgoyv++6PvAW0fYETCHaJF +snbBjHGMpXjYeD7qXleVqFWvatOkrpo/1HyymD46D88D53ayEPf6ro6SCUTKr2tE +ZraZFmvDAgMBAAECggEALp/Lopbd/2gs2FuzpIoruzUdsiodKSS0QbELhc56obiD +CMsdQY7grex3Kqj8CoHu3+wS34E8Kgsd06lW0HLguR+jNFj1AW/GFPU6zTkhcSZK +c5Jp/lnKttEuunRP4E+LOJe70/k7jrTSCcpHzRrcB1U1RPyAoEvXwCiQDryI3G+9 +jDw1vUvQTlb3u/0j798N8a13ahi2cepauOrxS/Si0fHt9LxOnaRfVJWyQ5hmyh0j +MFpAzpqGtI6hlq0HO0Kzu+zFIl9POcrMyAjPdfhIR7zC+pHsyOGXsRpRU0HKHQfC +ukImc9wZ9xy2/lQVwWJnjksaZfM6qVG5IOkpIUskIQKBgQDtnhkkGo4BlGA/yCY+ +2Vt6dZOBEtJlqBVzL4Us0B5PLqE4L09r5pTil7pep8itM5u5Bn1zio839Q0iUDxc +omfViJA/y/eJb0trLZXKen8QUcVkBvB4VL4vVPjULcKCpWPNcop2toJDJdDZuSvR +DQUYvkd22MlBCg3YCVcDGPXisQKBgQDKLIB2sSwTph6XjBPnsC3br11ymSog5RAq +zXpnBczre1CT7dLixbJP6ISbVJwlDrvFum33r3hEOUDE5BZo2aVyQoZ6tPTmIfkG +C14xsnvyuGYBTWemd7dyt2rXbvZaq0a3U1IHxt/KQlj99DrSASyfKH0Hk44EZ3dS +wsi7Vq4KswKBgAr7dKQDii6ugehQwtvCxgSZ7JBZo1nJc/xX5OrWT6BPQmpLXXta +M+VpJ9b6ID9JFFhv4Vp2u/nVHJ9KYA/T/cKTxj78mVtDxpOUjsjF8pt5fAsMew7E +s+mSHtIHr2bEaCF1usqT0t9xnv6BHXJTDLpBCSKIEH0uDse+XsQo4ixxAoGAVjgm +TPf/8R0+HKkrb/pNhEvEUXQKaF7nxyk8EyWBH8fGNGAPOJDRG4zwyIGL2a3v3EJG +VYPqiUXVXmJbQDnZeeHvEfOMIXzJg49ji1Qv0fJb5iBJnM+fV3frQ5bZzw8OKG6L +JC/nDo2/AAag8yB3FCUjNRDzVuN9Grlg+6vaq0sCgYEAnpSh/EA1lxKpHFs8dh8l +qtoKzBZzBFODMp8avJVYUYI3oVjm4CUXKbMdSNgQiFjfWKe6I0vzFxhIBOEI+5JR +N29VMjeFxgXkD4qmz6qjCZr9tmJiiu3tMJfW13D94U5RKi5OFAzlPxtBLe+sx6nq +NXMk2XIx1ndW+uWUjtU0EQc= +-----END PRIVATE KEY----- diff --git a/openssl-1.1.0h/test/certs/nroot+anyEKU.pem b/openssl-1.1.0h/test/certs/nroot+anyEKU.pem new file mode 100644 index 0000000..395b844 --- /dev/null +++ b/openssl-1.1.0h/test/certs/nroot+anyEKU.pem @@ -0,0 +1,19 @@ +-----BEGIN TRUSTED CERTIFICATE----- +MIIDFzCCAf+gAwIBAgIBATANBgkqhkiG9w0BAQsFADASMRAwDgYDVQQDDAdSb290 +IENBMCAXDTE2MDExNTA4MTk0OVoYDzIxMTYwMTE2MDgxOTQ5WjASMRAwDgYDVQQD +DAdSb290IENBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4eYA9Qa8 +oEY4eQ8/HnEZE20C3yubdmv8rLAh7daRCEI7pWM17FJboKJKxdYAlAOXWj25ZyjS +feMhXKTtxjyNjoTRnVTDPdl0opZ2Z3H5xhpQd7P9eO5b4OOMiSPCmiLsPtQ3ngfN +wCtVERc6NEIcaQ06GLDtFZRexv2eh8Yc55QaksBfBcFzQ+UD3gmRySTO2I6Lfi7g +MUjRhipqVSZ66As2Tpex4KTJ2lxpSwOACFaDox+yKrjBTP7FsU3UwAGq7b7OJb3u +aa32B81uK6GJVPVo65gJ7clgZsszYkoDsGjWDqtfwTVVfv1G7rrr3Laio+2Ff3ff +tWgiQ35mJCOvxQIDAQABo3YwdDAdBgNVHQ4EFgQUjvUlrx6ba4Q9fICayVOcTXL3 +o1IwHwYDVR0jBBgwFoAUjvUlrx6ba4Q9fICayVOcTXL3o1IwCQYDVR0TBAIwADAT +BgNVHSUEDDAKBggrBgEFBQcDATASBgNVHREECzAJggdSb290IENBMA0GCSqGSIb3 +DQEBCwUAA4IBAQCJLiUshLaVQxjnoxN4MISOIM7vy9jIfCEabtyOumjVXasvLqKS +fF0nLoRb/6iCd0VnJlliTKky/p8aaG4+VooQPTxwpat6zir4G1N2dWwYbMTDpVfh +836wHNPmmFvCUSKZcoLAEmMVRrNU9gBXkS64FfoP0FCoWeHb9NSlQY5YFb0BO8C/ +6AZlMGCt1HDPEK+gE/Uwayk7Yo3npSb+ZgnwZpA0ip0lPJ0Uf5cZ5Q/RBP0H+nxi +KLKzBpY01IJ67/7R1Ioc27JiUpBGmKQzjg48POSMOECFolv0dH33O6aXJaXtw9Kq +m8y3rPQqNPehWzbRq75txC/sayQZXNUrteVzMAgwBgYEVR0lAA== +-----END TRUSTED CERTIFICATE----- diff --git a/openssl-1.1.0h/test/certs/nroot+serverAuth.pem b/openssl-1.1.0h/test/certs/nroot+serverAuth.pem new file mode 100644 index 0000000..7b84f26 --- /dev/null +++ b/openssl-1.1.0h/test/certs/nroot+serverAuth.pem @@ -0,0 +1,19 @@ +-----BEGIN TRUSTED CERTIFICATE----- +MIIDFzCCAf+gAwIBAgIBATANBgkqhkiG9w0BAQsFADASMRAwDgYDVQQDDAdSb290 +IENBMCAXDTE2MDExNTA4MTk0OVoYDzIxMTYwMTE2MDgxOTQ5WjASMRAwDgYDVQQD +DAdSb290IENBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4eYA9Qa8 +oEY4eQ8/HnEZE20C3yubdmv8rLAh7daRCEI7pWM17FJboKJKxdYAlAOXWj25ZyjS +feMhXKTtxjyNjoTRnVTDPdl0opZ2Z3H5xhpQd7P9eO5b4OOMiSPCmiLsPtQ3ngfN +wCtVERc6NEIcaQ06GLDtFZRexv2eh8Yc55QaksBfBcFzQ+UD3gmRySTO2I6Lfi7g +MUjRhipqVSZ66As2Tpex4KTJ2lxpSwOACFaDox+yKrjBTP7FsU3UwAGq7b7OJb3u +aa32B81uK6GJVPVo65gJ7clgZsszYkoDsGjWDqtfwTVVfv1G7rrr3Laio+2Ff3ff +tWgiQ35mJCOvxQIDAQABo3YwdDAdBgNVHQ4EFgQUjvUlrx6ba4Q9fICayVOcTXL3 +o1IwHwYDVR0jBBgwFoAUjvUlrx6ba4Q9fICayVOcTXL3o1IwCQYDVR0TBAIwADAT +BgNVHSUEDDAKBggrBgEFBQcDATASBgNVHREECzAJggdSb290IENBMA0GCSqGSIb3 +DQEBCwUAA4IBAQCJLiUshLaVQxjnoxN4MISOIM7vy9jIfCEabtyOumjVXasvLqKS +fF0nLoRb/6iCd0VnJlliTKky/p8aaG4+VooQPTxwpat6zir4G1N2dWwYbMTDpVfh +836wHNPmmFvCUSKZcoLAEmMVRrNU9gBXkS64FfoP0FCoWeHb9NSlQY5YFb0BO8C/ +6AZlMGCt1HDPEK+gE/Uwayk7Yo3npSb+ZgnwZpA0ip0lPJ0Uf5cZ5Q/RBP0H+nxi +KLKzBpY01IJ67/7R1Ioc27JiUpBGmKQzjg48POSMOECFolv0dH33O6aXJaXtw9Kq +m8y3rPQqNPehWzbRq75txC/sayQZXNUrteVzMAwwCgYIKwYBBQUHAwE= +-----END TRUSTED CERTIFICATE----- diff --git a/openssl-1.1.0h/test/certs/pathlen.pem b/openssl-1.1.0h/test/certs/pathlen.pem new file mode 100644 index 0000000..c0ef75e --- /dev/null +++ b/openssl-1.1.0h/test/certs/pathlen.pem @@ -0,0 +1,22 @@ +-----BEGIN CERTIFICATE----- +MIIDjTCCAnWgAwIBAgIBGzANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJVUzEf +MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEVMBMGA1UEAxMMVHJ1c3Qg +QW5jaG9yMB4XDTEwMDEwMTA4MzAwMFoXDTMwMTIzMTA4MzAwMFowTjELMAkGA1UE +BhMCVVMxHzAdBgNVBAoTFlRlc3QgQ2VydGlmaWNhdGVzIDIwMTExHjAcBgNVBAMT +FXBhdGhMZW5Db25zdHJhaW50NiBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCC +AQoCggEBAMhrG5ilLNK2JnW0V+GiT392lCKM4vUjPjAOxrg0mdIfK2AI1D9pgYUN +h5jXFarP18NT65fkskd/NPPSbEePcEzi0ZjOBqnaUFS+tA425QiWkqdld/q+r4H/ +1ZF/f6Cz6CrguSUDNPT1a0cmv1t7dlLnae1UTP9HiVBLNCTfabBaTN95vzM3dyVR +mcGYkT+ahiEgXDLYXuoWjqHjkz5Y8yd3+3TQ2IsyrmSN0NJCj4P/fC5sdpzFRDoB +FYCXsCL0gXVUsvfzn/ds1BUqxcHw6O4UUadhBj+Khuleq0forX+77bxFhUnZkGo5 +iO+EZhvr6t32d7IG/MKfXt5nb25jypMCAwEAAaN/MH0wHwYDVR0jBBgwFoAU5H1f +0VyVhggsBa6+dbZlp9ldqGYwHQYDVR0OBBYEFK+8ha7+TK7hjZcjiMilsWALuk7Y +MA4GA1UdDwEB/wQEAwIBBjAXBgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEwEgYDVR0T +AQH/BAgwBgEB/wIBBjANBgkqhkiG9w0BAQsFAAOCAQEAMJCr70MBeik9uEqE4f27 +dR2O/kNaoqIOtzn+Y4PIzJGRspeGRjhkl4E+wafiPgHeyYCWIlO/R2E4BmI/ZNeD +xQCHbIVzPDHeSI7DD6F9N/atZ/b3L3J4VnfU8gFdNq1wsGqf1hxHcvdpLXLTU0LX +2j+th4jY/ogHv4kz3SHT7un1ktxQk2Rhb1u4PSBbQ6lI9oP4Jnda0jtakb1ZqhdZ +8N/sJvsfEQuqxss/jp+j70dmIGH/bDJfxU1oG0xdyi1xP2qjqdrWHI/mEVlygfXi +oxJ8JTfEcEHVsTffYR9fDUn0NylqCLdqFaDwLKqWl+C2inODNMpNusqleDAViw6B +CA== +-----END CERTIFICATE----- diff --git a/openssl-1.1.0h/test/certs/pc1-cert.pem b/openssl-1.1.0h/test/certs/pc1-cert.pem new file mode 100644 index 0000000..e0a373a --- /dev/null +++ b/openssl-1.1.0h/test/certs/pc1-cert.pem @@ -0,0 +1,20 @@ +-----BEGIN CERTIFICATE----- +MIIDTDCCAjSgAwIBAgIBAjANBgkqhkiG9w0BAQsFADAZMRcwFQYDVQQDDA5zZXJ2 +ZXIuZXhhbXBsZTAgFw0xNjA2MTgxOTU0MzZaGA8yMTE2MDYxOTE5NTQzNlowKzEX +MBUGA1UEAwwOc2VydmVyLmV4YW1wbGUxEDAOBgNVBAMMB3Byb3h5IDEwggEiMA0G +CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCeF5hc7UW6KtJ/26YrZTeG5Pu7FrPd +9W58Wq/xpll8sg2priHgomhwFG+EtBqxP/qfGQADwCBpynm+bxngsRX94+puCbdp +DCRV19vZNfrrdH57PbUmujQfCAPuWnGye7TWbtilqkgJf88yfI+0Y2qmGWpvl3Pc +ijZVbNxEan1FKkB5v1E25+UCDU4Y4nfyJ1jtqSA6RJeixCUE363iLanJL4Ph781u +/GUhICeqj6oKdPzEmnzT9Udt8APpS2pfIjhfcw4w8A+pFXf0HsezGdcodiZqzs39 +mdmS8cmMk77xJ8BIOlT484Jg/bB9PfBfEB2LXO3jz/HyrRWQVHgyF2ONAgMBAAGj +gYowgYcwHQYDVR0OBBYEFNOib4aG0AVcbb7pbh224iVD3Jx8MDUGA1UdIwQuMCyA +FOeb4iqtimw6y3ZR5Y4HmCKX4XOioRGkDzANMQswCQYDVQQDDAJDQYIBAjAJBgNV +HRMEAjAAMCQGCCsGAQUFBwEOAQH/BBUwEwIBATAOBggrBgEFBQcVAAQCQUIwDQYJ +KoZIhvcNAQELBQADggEBAGCPfyKX74TwnX7sakAKq+IY5qbFnUAupiACsoqNyf2C +J6/wsAHz51SA69UcOmQsLCtBzvr11Mh9tFG6uqAquMifP6Cx3274sHCglb5BYFQX +eOwSc30FyaqUZzCWKHRjuzdBUUplS2NVl778xLEbWySLkpHehp7Hpj6mBT9lLNyw +6L2ZXJcBmxCSB6+aKJ0v4h3wrTNkbYh1Pz9sQqKMgnK+dC5xNmQWWzaVnAPERmbT +/11HRF2cGE6OKVmPrksI2NVOe0S0BmL2UwIeO1mIoQikJlOlCsa6QHS7KNQKGtrV +0Z/z5ahapEq7+wlyrw+lsZf+rBKFzwbowl1K2YJva9Q= +-----END CERTIFICATE----- diff --git a/openssl-1.1.0h/test/certs/pc1-key.pem b/openssl-1.1.0h/test/certs/pc1-key.pem new file mode 100644 index 0000000..d879dbc --- /dev/null +++ b/openssl-1.1.0h/test/certs/pc1-key.pem @@ -0,0 +1,28 @@ +-----BEGIN PRIVATE KEY----- +MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQCeF5hc7UW6KtJ/ +26YrZTeG5Pu7FrPd9W58Wq/xpll8sg2priHgomhwFG+EtBqxP/qfGQADwCBpynm+ +bxngsRX94+puCbdpDCRV19vZNfrrdH57PbUmujQfCAPuWnGye7TWbtilqkgJf88y +fI+0Y2qmGWpvl3PcijZVbNxEan1FKkB5v1E25+UCDU4Y4nfyJ1jtqSA6RJeixCUE +363iLanJL4Ph781u/GUhICeqj6oKdPzEmnzT9Udt8APpS2pfIjhfcw4w8A+pFXf0 +HsezGdcodiZqzs39mdmS8cmMk77xJ8BIOlT484Jg/bB9PfBfEB2LXO3jz/HyrRWQ +VHgyF2ONAgMBAAECggEBAJtfoTUjVPYlBAD5RRU9QxdmkSlMpLYucsnw7x7WWPi+ +ncL4Cv+VXoNY8klAIUO3F3+puGP3PWP7xS8uTgaQxIZkq5A+KG4rqsJbhgyyistC +ENTazuEi+/rLi+GELl42SoK9KluXQXlkjaSW2z10v+pC7GKEPTCw/blzZgAvkLKZ +ykQgEEyKf/kNR4+exiJqdBi8gp0cB1+WwBYqYitNKahhf9sFjcLWhj8umYN/+Hb4 +6hH+8JMaHm0G3DvBUIGTkuUQVZB+BkOG7DRivgwNCFlUqvA100JGhoVnBoqj2pan +eD7TtJfIW7UMoXFr0qCMMGvUXnhJb2v01oxpQTfBLEECgYEA0Ys2RjxUAQmh8j90 +jRV2dI/zL5t1NXxfSTn7JmLp2r2SEWfxiXwCs2bly6J8Xr07bY8DeM6+NfmQ7en1 +pdwxorIROhXRI2X6ZIdIfLwRw+l2TrQVzqgSnUI8GnU3gy57m1QLrcRW9Gxv7r1j +DjlRMtf828C7oUd+2h0rXY6DeMUCgYEAwSQ20OJy9qDvT569cOMADgvZRKjU0ZLd +2ER40WakK+6gyvSkUYpdSK5722xMo5CAFmE35xn5r/JX4QnIK3DGnJcm0e68GtyE +qh5YGXqTlnvgl/+YxBjgrvL97OWKtvof/ZjGqF48sNB4trMz9+80M5oBsr7ZjoPQ +1B1mFTi9nCkCgYBojLgQxSr4tZCq6MRDXHEU6XnhyAPsItj8FUTdOz8JF8rYim82 +NLy4PF/tgW3iazJKkK+fyC+ZiKKqQjCBh+LwFT6JJ7eInOoY3HLrYX7PrB2OWUYE +LVHUSuboIJIJDtk3f/Cvy6XDIJOcn7vbrfd4kdGk5332k1CUjTdE38VzLQKBgQCl +TbRoxVd1xDnuIEOtSWuzmeqDvCghkpyyy6/IMRwTybHu4sF8VHsQiN3S5/cUCsnF +3cE112J/d2BFZ9TdcTFbtnZwOO7f4prc6wmmDOYiZrXMAeOi+lPbCHfR+IfnoV4d +81MbqUQyZMrcO7Yf3qgD/iyz6mpTcngaA2tqgFywOQKBgFigb4O1tKsK16HwflMm +6EQB/3TmdhIsoNEq6M6tOuV3uypze+97olwJMjsgIMxpIqnff55WLBmDjmoMZSoS +6juHCqmKWKwTZPHPdWNVUgMOGVHFjcCgQjuqWYWupl6un/CefXPleImZ/wrXee5w +f2DAK68puLIhIySfEIjrYh4P +-----END PRIVATE KEY----- diff --git a/openssl-1.1.0h/test/certs/pc2-cert.pem b/openssl-1.1.0h/test/certs/pc2-cert.pem new file mode 100644 index 0000000..2913b98 --- /dev/null +++ b/openssl-1.1.0h/test/certs/pc2-cert.pem @@ -0,0 +1,21 @@ +-----BEGIN CERTIFICATE----- +MIIDfDCCAmSgAwIBAgIBAjANBgkqhkiG9w0BAQsFADArMRcwFQYDVQQDDA5zZXJ2 +ZXIuZXhhbXBsZTEQMA4GA1UEAwwHcHJveHkgMTAgFw0xNjA2MTgxOTU0NDFaGA8y +MTE2MDYxOTE5NTQ0MVowPTEXMBUGA1UEAwwOc2VydmVyLmV4YW1wbGUxEDAOBgNV +BAMMB3Byb3h5IDExEDAOBgNVBAMMB3Byb3h5IDIwggEiMA0GCSqGSIb3DQEBAQUA +A4IBDwAwggEKAoIBAQDgpvzv40QOQxRy6qhowyMfSRwn8TSUX/tt9U92ij/HDurM +aT+89lLd6oOCohmXomg4t18Fik3yUyoKOi2Jo/ATV5ZYvhKOQzf4d7zTno3SsTSB +s1i9aNVnwVd9QZA/Y1lHtEUETIr94neET6bvaV9DHrtmVaEC6rXxbLmm6dLEcqEh ++XnjoAi6PL/+U+RSQm6ekLEWwhwePUCr2QvGotjpUzDJngHCtxrVj6ZK8DPlgXpo +2CWC2l6uwlakxkMQkCQQICywMKsmyMVPWFbalUezRDl7S/J9ybZYK61aq8mrBYzn +tCaD3HwtjKmkAZ3tKcDfPidqwVtUAioBSzB6ztc/AgMBAAGjgZYwgZMwHQYDVR0O +BBYEFPg3PONgEnnZVF3tRrg4aY4hBGVhMEEGA1UdIwQ6MDiAFNOib4aG0AVcbb7p +bh224iVD3Jx8oR2kGzAZMRcwFQYDVQQDDA5zZXJ2ZXIuZXhhbXBsZYIBAjAJBgNV +HRMEAjAAMCQGCCsGAQUFBwEOAQH/BBUwEwIBADAOBggrBgEFBQcVAAQCQUIwDQYJ +KoZIhvcNAQELBQADggEBAJvmPj0eIOQEZSFrvbMEz5dp0udK+TIMKBmgPfCVrSPu +g5wArKY5CqFzrrvXb8FWHuAuP9KsXaqU+oqaTrRlGDs0sl6LWkvamz9FLDbYS2+d +9cGMdlEmWxPJg9Nkc557ng4b54xncyw+YQ/1vqkTtBX7w5Y4lFTOaZW3uq3iL1NU +v1TO5fCNksndgw7tdilbps2BLeNcEJ7DZyS7ESPPe7NX78RCKsDLSj7C9bMlKvUc +swUADTDhNTValfr2RQswlEPIt5qURe2vsvacQ701cPPwT+fgQj1N/XLFsBGTmnOP +KpT6Adh+uk8xTHv2BUg+XDRAFOhoLMu1hnloiH14FgY= +-----END CERTIFICATE----- diff --git a/openssl-1.1.0h/test/certs/pc2-key.pem b/openssl-1.1.0h/test/certs/pc2-key.pem new file mode 100644 index 0000000..77ab6ff --- /dev/null +++ b/openssl-1.1.0h/test/certs/pc2-key.pem @@ -0,0 +1,28 @@ +-----BEGIN PRIVATE KEY----- +MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQDgpvzv40QOQxRy +6qhowyMfSRwn8TSUX/tt9U92ij/HDurMaT+89lLd6oOCohmXomg4t18Fik3yUyoK +Oi2Jo/ATV5ZYvhKOQzf4d7zTno3SsTSBs1i9aNVnwVd9QZA/Y1lHtEUETIr94neE +T6bvaV9DHrtmVaEC6rXxbLmm6dLEcqEh+XnjoAi6PL/+U+RSQm6ekLEWwhwePUCr +2QvGotjpUzDJngHCtxrVj6ZK8DPlgXpo2CWC2l6uwlakxkMQkCQQICywMKsmyMVP +WFbalUezRDl7S/J9ybZYK61aq8mrBYzntCaD3HwtjKmkAZ3tKcDfPidqwVtUAioB +SzB6ztc/AgMBAAECggEBAKMvCWpjZksJ1O/Inn5CyN9v5uDop+3jbqqn14ne0IcS +weGrzh2/u9/w+ohIoVhxI02XfZFzrj0Ixe/Z5LwndjtGkzJxFt952k1FBMefU5up +Ft/j2+DyJpoQajHVDyfMTcz1GHEP/KKA/5n/ld4wZ39E8pFaP/PzdCgjdxPUo0II +OWvNehyLqiOQseYsnWTYFGgBFX5Dr8/cZH8duaNTkGzr+/4O3KmF04lTYS2SPkQ8 +8ospMX9a9N4+gDXF6KWlIJUEk4Xelv/BT7jygEz0K0bIcRGdmgFe57Rh9qTHxZrl +YkHh3lHC5XD5sWuOjoEu54jJdL/u1zfaK/jpQXKMjtECgYEA+eCIg1vBPKl53s38 +Ch/nRuwmtu8qJlcN6aYBAdUn/Z95Qy5gKmL0hW7qJ5+kgwLJZEdLQ+xIHBdnWjdP +7VJ7k6NEsy/EQ2NOYBzxysvnyYSAwY1Wb4StPO9ejqb02LrY6gBNfePE/wpR1EqK +Suyzocf0x02blO8dQ3JaGn/IKlkCgYEA5ig4jtcKUzP2vRQ8tWaaJvLxP2fEzEgb +J+r1zLrdMqZvWwjhbdIbQRnhwjpelVKpxGFiOP91bf9+6qiX8q3TOar3tDu2o2Nu +yFNvExoqxfaD+IHfDo3KjTwohysbBXdZzqeOwL2N7HcQz5E11e0JDgTPLXtWk2UN +qeYUNHeXq1cCgYAmKXWP4j6D3jo/nePlQ/QVb9GF1MbyLg9w5Kp4ti4yXN2vNfD3 +6D8B9euK+6WrYIyTZRQInphwud5N9+6cByHabW/7kcr+o7b/lMwUtcmDjFoBtW1D +ANdYXBJr5PG1++tO6ZbsKBIZBWFz86JlSPsyNRCcM60UNOSaPWenbmaKmQKBgQC8 +qEt0CqDUAsxFwMjiiO/i7VEDADQ4nwJjfh1ta97VHcg5ftYKByd//Y8ofl/5VoEC +EDFLN1syhzOpdfjXW9TAeHwCqM/UrjSo0HtD1Tcqfh8/HHWSoHdfvegapCLKIELl +OkOxia9EHXUSL51JdbruWtLYHTmiKDtDAO2e9EjGkQKBgHOEZ0u07bCyz+EZHTQb +sWt1U2LztJ/cNSNqgVc4NTTna0KisjXBTbtIQeArI42GHXNBazE+KbApnHQy8f7M +DJIl2/70CRTfosDdSE6DnQk672BhJ4fr6Ln/VyvcATlcv34UYiGsDY3LCf0UTdjd +GsR6pGtD+3qErri9pbdxDvRC +-----END PRIVATE KEY----- diff --git a/openssl-1.1.0h/test/certs/pc5-cert.pem b/openssl-1.1.0h/test/certs/pc5-cert.pem new file mode 100644 index 0000000..8663bdf --- /dev/null +++ b/openssl-1.1.0h/test/certs/pc5-cert.pem @@ -0,0 +1,21 @@ +-----BEGIN CERTIFICATE----- +MIIDeDCCAmCgAwIBAgIBAjANBgkqhkiG9w0BAQsFADArMRcwFQYDVQQDDA5zZXJ2 +ZXIuZXhhbXBsZTEQMA4GA1UEAwwHcHJveHkgMTAgFw0xNjA2MTgxOTU0NTVaGA8y +MTE2MDYxOTE5NTQ1NVowPTEXMBUGA1UEAwwOc2VydmVyLmV4YW1wbGUxEDAOBgNV +BAMMB3Byb3h5IDExEDAOBgNVBAMMB3Byb3h5IDUwggEiMA0GCSqGSIb3DQEBAQUA +A4IBDwAwggEKAoIBAQCvDPn1fctKUE8+aHf036mHkIEsWn0iNFl2K/qAOMqjqOvs +lj+zxhRqwj29v1Prb4ZYvjRrJ2GQdh7GXju4cP6wQKKHGOurJhYczcfqwAfi+21K +Bn4gmM3i4GESuIC6GuXWqw24oMZYBi5H3zsBMr2mobSQJV3gN/5jfGIEtZW3GqVW +iKAutNCbmV76NoRJm0sRzrFwyX1pomHCm9odwJQ0nNvyetMulY9tX9xYn01FLfiz +JS2UmyOYxkSyKOSsmGJDVK/mZ86xYnQygUy6yIiz2hR2yq5M1oeRYOEONwt9mY/e +ZVoIbquW28PEDQE6KtK/EYUdWn8482XQdRcdKmSlAgMBAAGjgZIwgY8wHQYDVR0O +BBYEFEfQwyLv6WIDOf9VQ/ElxxcFKkX5MEEGA1UdIwQ6MDiAFNOib4aG0AVcbb7p +bh224iVD3Jx8oR2kGzAZMRcwFQYDVQQDDA5zZXJ2ZXIuZXhhbXBsZYIBAjAJBgNV +HRMEAjAAMCAGCCsGAQUFBwEOAQH/BBEwDwIBADAKBggrBgEFBQcVADANBgkqhkiG +9w0BAQsFAAOCAQEAl93p1Pcw3hBbTTnm9oa9cOUvPBkUwLJmSJ1Il3HQQuLz5H+H +OiF3ePaa7wmGmMTwHEYtOvIhGO5c6zilVRint03BaXRizZcqdjDiHUgVcr11pzX5 +F4ihFOF91c6DmUorRrtkjglLb/gAMdUE0eT/wukiMjJWgcw+O2EVxGjpAgRVNw/v +byYx4TPmvnnigqfMY9lVFKJy0g5Ovw6Nb2ff8ndSEZsCDB8XdNg2u07zYu1dM/vF +wpjsA/omrfXP3opH1ustvMQm9BPkySLRzNbIYHHRJX3Hkhn+EYzMmxv3cH0EEtn6 +taj7Gfsp7TfLpfSgP/Y88EsKhQAWsdFt2tT3FQ== +-----END CERTIFICATE----- diff --git a/openssl-1.1.0h/test/certs/pc5-key.pem b/openssl-1.1.0h/test/certs/pc5-key.pem new file mode 100644 index 0000000..1ad0805 --- /dev/null +++ b/openssl-1.1.0h/test/certs/pc5-key.pem @@ -0,0 +1,28 @@ +-----BEGIN PRIVATE KEY----- +MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQCvDPn1fctKUE8+ +aHf036mHkIEsWn0iNFl2K/qAOMqjqOvslj+zxhRqwj29v1Prb4ZYvjRrJ2GQdh7G +Xju4cP6wQKKHGOurJhYczcfqwAfi+21KBn4gmM3i4GESuIC6GuXWqw24oMZYBi5H +3zsBMr2mobSQJV3gN/5jfGIEtZW3GqVWiKAutNCbmV76NoRJm0sRzrFwyX1pomHC +m9odwJQ0nNvyetMulY9tX9xYn01FLfizJS2UmyOYxkSyKOSsmGJDVK/mZ86xYnQy +gUy6yIiz2hR2yq5M1oeRYOEONwt9mY/eZVoIbquW28PEDQE6KtK/EYUdWn8482XQ +dRcdKmSlAgMBAAECggEBAKqEmXjp8P2S/Z5tZWzD8wB7Y1kxTHPlSsAyVvJQYBTM +mAT+107nxTu5uyr7FWRiXxxTK/y1f/SZG6FgagxhBbfrPmcbf3ZYw3GLgxLJvOT+ +xpc1e+eE8gnvSKBT2hFv4jQarGMNOijE3JBmg7PHGbcYDivcOnYQFV4T6+dqe0zA +q2bLi/lko81Plunp7ev3i2ATjNxcYoannaTCq0HFxMLoOgrAoLqJqt8nkqXIY91z +phx1x13HrHyikhuDBDb15TdJo68rbHngDolHFC7rHW65+vp0emJDtdEkBnQLDa5W +a3ZeVe/xY0aaMPlcw//ZB8KMUD69VdCuiGXjrrHISAECgYEA2uIh82TIp+xG2Tk/ +2uZS1dOCCEEkkBqqgKwH2m2fctTHGMnKJaxSTCNKPEIpxaTt6EMp3jlviOmdrPtd +pUS1OqkA99bzT8ZBEd8fg33XGCN5W7wvfo5077onwwJ+ocd//KJqQ2M6MioEp5im +6Z8cDDdGA6NI3kJ+G3+CwczRTXECgYEAzLwKVkfd7TNJZQ7Z0n2x+O8hPJAaut2/ +qFIeItSBFo+ErQL8NnJPLMxBkWfVmnc4vFKc2bxgjz8S+cJCEucTrOAS7+ikP6KU +Mo2NjbzA4omceuy3t+3eGJdYE44nBL/V+ZVAt6F0TQ7rayMAurcLJurHMiFYQEfs +qAlsaYCiAHUCgYAmv7Wm8waaw7dfKUVmqTOs6v6wG2gvoqjgkpPpVVLO72A3wTFq +LfF7zRuNQ2FFvgboAUveLWjTYhgp0W4onds/gT/MoF7+lmhak5dunc6AVXdciBoY +W3vUHK6BVWW5minMPax2NZDN5KZiTSHvZd1/RCG+7x8tSbQthgtN58Z94QKBgHbH +aZ/hFgo1xRESaqFKN2TbJ4dBe6CKYlU/Pyip7TKvlSPjJXxZGUI+RpQbj7uMC6iG +rWVNex/gUhwA7eCVm76iSZpSeGhK5Hvn0AY5ShakC9rtVzEomb/enkTKJi0FNxkT +1HY0/4pta3u+1P9+jsPHVkXpPpAcqlpbDUCwVky5AoGAJgwr1pxM7RDQon8Mpjxm +XTJ36Vl+6dq/5yPBcKylQ49e5XrugS2trV1aSZKsiVuLGK9N8ND2N8OazxfpXbee +q6b8GAqWWz4ewe30FKo0ipL1SfsJUTv8lPKIGo8oNk4vsUvv/bLJHpr6+g2d8lCw +A0i6wzzrXUiXlynYm+VCKhs= +-----END PRIVATE KEY----- diff --git a/openssl-1.1.0h/test/certs/root+anyEKU.pem b/openssl-1.1.0h/test/certs/root+anyEKU.pem new file mode 100644 index 0000000..97e0732 --- /dev/null +++ b/openssl-1.1.0h/test/certs/root+anyEKU.pem @@ -0,0 +1,18 @@ +-----BEGIN TRUSTED CERTIFICATE----- +MIIC8TCCAdmgAwIBAgIBATANBgkqhkiG9w0BAQsFADASMRAwDgYDVQQDDAdSb290 +IENBMCAXDTE2MDExNTA4MTk0OVoYDzIxMTYwMTE2MDgxOTQ5WjASMRAwDgYDVQQD +DAdSb290IENBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4eYA9Qa8 +oEY4eQ8/HnEZE20C3yubdmv8rLAh7daRCEI7pWM17FJboKJKxdYAlAOXWj25ZyjS +feMhXKTtxjyNjoTRnVTDPdl0opZ2Z3H5xhpQd7P9eO5b4OOMiSPCmiLsPtQ3ngfN +wCtVERc6NEIcaQ06GLDtFZRexv2eh8Yc55QaksBfBcFzQ+UD3gmRySTO2I6Lfi7g +MUjRhipqVSZ66As2Tpex4KTJ2lxpSwOACFaDox+yKrjBTP7FsU3UwAGq7b7OJb3u +aa32B81uK6GJVPVo65gJ7clgZsszYkoDsGjWDqtfwTVVfv1G7rrr3Laio+2Ff3ff +tWgiQ35mJCOvxQIDAQABo1AwTjAdBgNVHQ4EFgQUjvUlrx6ba4Q9fICayVOcTXL3 +o1IwHwYDVR0jBBgwFoAUjvUlrx6ba4Q9fICayVOcTXL3o1IwDAYDVR0TBAUwAwEB +/zANBgkqhkiG9w0BAQsFAAOCAQEAyRRJx27WYOogPXZpPfAMt8ptapr/ugLWGLlw +bzKySoyLpoV2/YNAvTAGB90iFq6x/ujjrK41/ES0p3v38/Qfuxo24gcZgc/oYLV2 +UqR+uGCx68p2OWLYctBsARtYWOEgPhHFb9aVxcOQKyZHtivDX0wLGX+nqZoHX9IY +mc0sbpRBRMzxRsChbzD5re9kZ5NrgkjA6DJ7jYh2GitOM6oIU3Dd9+pk3bCEkFUg +Ry9qN/k+AyeqH1Qcb5LU+MTmlw8bmyzmMOBZgdegtO4HshcBMO054KSB3WSfBPDO +bEhZ0vm/lw63TGi88yIMtlkmcU2g0RKpeQI96G6QeqHyKF3p8DAIMAYGBFUdJQA= +-----END TRUSTED CERTIFICATE----- diff --git a/openssl-1.1.0h/test/certs/root+clientAuth.pem b/openssl-1.1.0h/test/certs/root+clientAuth.pem new file mode 100644 index 0000000..8004e63 --- /dev/null +++ b/openssl-1.1.0h/test/certs/root+clientAuth.pem @@ -0,0 +1,19 @@ +-----BEGIN TRUSTED CERTIFICATE----- +MIIC8TCCAdmgAwIBAgIBATANBgkqhkiG9w0BAQsFADASMRAwDgYDVQQDDAdSb290 +IENBMCAXDTE2MDExNTA4MTk0OVoYDzIxMTYwMTE2MDgxOTQ5WjASMRAwDgYDVQQD +DAdSb290IENBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4eYA9Qa8 +oEY4eQ8/HnEZE20C3yubdmv8rLAh7daRCEI7pWM17FJboKJKxdYAlAOXWj25ZyjS +feMhXKTtxjyNjoTRnVTDPdl0opZ2Z3H5xhpQd7P9eO5b4OOMiSPCmiLsPtQ3ngfN +wCtVERc6NEIcaQ06GLDtFZRexv2eh8Yc55QaksBfBcFzQ+UD3gmRySTO2I6Lfi7g +MUjRhipqVSZ66As2Tpex4KTJ2lxpSwOACFaDox+yKrjBTP7FsU3UwAGq7b7OJb3u +aa32B81uK6GJVPVo65gJ7clgZsszYkoDsGjWDqtfwTVVfv1G7rrr3Laio+2Ff3ff +tWgiQ35mJCOvxQIDAQABo1AwTjAdBgNVHQ4EFgQUjvUlrx6ba4Q9fICayVOcTXL3 +o1IwHwYDVR0jBBgwFoAUjvUlrx6ba4Q9fICayVOcTXL3o1IwDAYDVR0TBAUwAwEB +/zANBgkqhkiG9w0BAQsFAAOCAQEAyRRJx27WYOogPXZpPfAMt8ptapr/ugLWGLlw +bzKySoyLpoV2/YNAvTAGB90iFq6x/ujjrK41/ES0p3v38/Qfuxo24gcZgc/oYLV2 +UqR+uGCx68p2OWLYctBsARtYWOEgPhHFb9aVxcOQKyZHtivDX0wLGX+nqZoHX9IY +mc0sbpRBRMzxRsChbzD5re9kZ5NrgkjA6DJ7jYh2GitOM6oIU3Dd9+pk3bCEkFUg +Ry9qN/k+AyeqH1Qcb5LU+MTmlw8bmyzmMOBZgdegtO4HshcBMO054KSB3WSfBPDO +bEhZ0vm/lw63TGi88yIMtlkmcU2g0RKpeQI96G6QeqHyKF3p8DAMMAoGCCsGAQUF +BwMC +-----END TRUSTED CERTIFICATE----- diff --git a/openssl-1.1.0h/test/certs/root+serverAuth.pem b/openssl-1.1.0h/test/certs/root+serverAuth.pem new file mode 100644 index 0000000..966676d --- /dev/null +++ b/openssl-1.1.0h/test/certs/root+serverAuth.pem @@ -0,0 +1,19 @@ +-----BEGIN TRUSTED CERTIFICATE----- +MIIC8TCCAdmgAwIBAgIBATANBgkqhkiG9w0BAQsFADASMRAwDgYDVQQDDAdSb290 +IENBMCAXDTE2MDExNTA4MTk0OVoYDzIxMTYwMTE2MDgxOTQ5WjASMRAwDgYDVQQD +DAdSb290IENBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4eYA9Qa8 +oEY4eQ8/HnEZE20C3yubdmv8rLAh7daRCEI7pWM17FJboKJKxdYAlAOXWj25ZyjS +feMhXKTtxjyNjoTRnVTDPdl0opZ2Z3H5xhpQd7P9eO5b4OOMiSPCmiLsPtQ3ngfN +wCtVERc6NEIcaQ06GLDtFZRexv2eh8Yc55QaksBfBcFzQ+UD3gmRySTO2I6Lfi7g +MUjRhipqVSZ66As2Tpex4KTJ2lxpSwOACFaDox+yKrjBTP7FsU3UwAGq7b7OJb3u +aa32B81uK6GJVPVo65gJ7clgZsszYkoDsGjWDqtfwTVVfv1G7rrr3Laio+2Ff3ff +tWgiQ35mJCOvxQIDAQABo1AwTjAdBgNVHQ4EFgQUjvUlrx6ba4Q9fICayVOcTXL3 +o1IwHwYDVR0jBBgwFoAUjvUlrx6ba4Q9fICayVOcTXL3o1IwDAYDVR0TBAUwAwEB +/zANBgkqhkiG9w0BAQsFAAOCAQEAyRRJx27WYOogPXZpPfAMt8ptapr/ugLWGLlw +bzKySoyLpoV2/YNAvTAGB90iFq6x/ujjrK41/ES0p3v38/Qfuxo24gcZgc/oYLV2 +UqR+uGCx68p2OWLYctBsARtYWOEgPhHFb9aVxcOQKyZHtivDX0wLGX+nqZoHX9IY +mc0sbpRBRMzxRsChbzD5re9kZ5NrgkjA6DJ7jYh2GitOM6oIU3Dd9+pk3bCEkFUg +Ry9qN/k+AyeqH1Qcb5LU+MTmlw8bmyzmMOBZgdegtO4HshcBMO054KSB3WSfBPDO +bEhZ0vm/lw63TGi88yIMtlkmcU2g0RKpeQI96G6QeqHyKF3p8DAMMAoGCCsGAQUF +BwMB +-----END TRUSTED CERTIFICATE----- diff --git a/openssl-1.1.0h/test/certs/root-anyEKU.pem b/openssl-1.1.0h/test/certs/root-anyEKU.pem new file mode 100644 index 0000000..712b1f5 --- /dev/null +++ b/openssl-1.1.0h/test/certs/root-anyEKU.pem @@ -0,0 +1,18 @@ +-----BEGIN TRUSTED CERTIFICATE----- +MIIC8TCCAdmgAwIBAgIBATANBgkqhkiG9w0BAQsFADASMRAwDgYDVQQDDAdSb290 +IENBMCAXDTE2MDExNTA4MTk0OVoYDzIxMTYwMTE2MDgxOTQ5WjASMRAwDgYDVQQD +DAdSb290IENBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4eYA9Qa8 +oEY4eQ8/HnEZE20C3yubdmv8rLAh7daRCEI7pWM17FJboKJKxdYAlAOXWj25ZyjS +feMhXKTtxjyNjoTRnVTDPdl0opZ2Z3H5xhpQd7P9eO5b4OOMiSPCmiLsPtQ3ngfN +wCtVERc6NEIcaQ06GLDtFZRexv2eh8Yc55QaksBfBcFzQ+UD3gmRySTO2I6Lfi7g +MUjRhipqVSZ66As2Tpex4KTJ2lxpSwOACFaDox+yKrjBTP7FsU3UwAGq7b7OJb3u +aa32B81uK6GJVPVo65gJ7clgZsszYkoDsGjWDqtfwTVVfv1G7rrr3Laio+2Ff3ff +tWgiQ35mJCOvxQIDAQABo1AwTjAdBgNVHQ4EFgQUjvUlrx6ba4Q9fICayVOcTXL3 +o1IwHwYDVR0jBBgwFoAUjvUlrx6ba4Q9fICayVOcTXL3o1IwDAYDVR0TBAUwAwEB +/zANBgkqhkiG9w0BAQsFAAOCAQEAyRRJx27WYOogPXZpPfAMt8ptapr/ugLWGLlw +bzKySoyLpoV2/YNAvTAGB90iFq6x/ujjrK41/ES0p3v38/Qfuxo24gcZgc/oYLV2 +UqR+uGCx68p2OWLYctBsARtYWOEgPhHFb9aVxcOQKyZHtivDX0wLGX+nqZoHX9IY +mc0sbpRBRMzxRsChbzD5re9kZ5NrgkjA6DJ7jYh2GitOM6oIU3Dd9+pk3bCEkFUg +Ry9qN/k+AyeqH1Qcb5LU+MTmlw8bmyzmMOBZgdegtO4HshcBMO054KSB3WSfBPDO +bEhZ0vm/lw63TGi88yIMtlkmcU2g0RKpeQI96G6QeqHyKF3p8DAIoAYGBFUdJQA= +-----END TRUSTED CERTIFICATE----- diff --git a/openssl-1.1.0h/test/certs/root-cert-768.pem b/openssl-1.1.0h/test/certs/root-cert-768.pem new file mode 100644 index 0000000..4392ef0 --- /dev/null +++ b/openssl-1.1.0h/test/certs/root-cert-768.pem @@ -0,0 +1,11 @@ +-----BEGIN CERTIFICATE----- +MIIBpzCCATGgAwIBAgIBATANBgkqhkiG9w0BAQsFADASMRAwDgYDVQQDDAdSb290 +IENBMCAXDTE2MDMyMDA2MjcyN1oYDzIxMTYwMzIxMDYyNzI3WjASMRAwDgYDVQQD +DAdSb290IENBMHwwDQYJKoZIhvcNAQEBBQADawAwaAJhALntqSk2YVnhNalAikA2 +tuSOvHUKVSJlqjKmzlUPI+gQFyBWxtyQdwepI87tl8EW1in2IiOeN49W+OtVOlBi +Mxwqi/BcBltTbbSrlRpoSKOH6V7zIXvfsqjwWsDi37V1xQIDAQABo1AwTjAdBgNV +HQ4EFgQUWPMT967zC8rDNvZo4PDnYL7SAtUwHwYDVR0jBBgwFoAUWPMT967zC8rD +NvZo4PDnYL7SAtUwDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQsFAANhAFDU7FyF +Ma6EG0OBS4IYws2US9t3IQwlI5noQwm9R3Nk/3AIUrdPG8ydRyV1N4GuRhRpprh0 +sEbX3ZO9/E54DbPYfS5kqfZZtohUNy+Wmx8XY9OSv4SWUrrMSIRFXS63MA== +-----END CERTIFICATE----- diff --git a/openssl-1.1.0h/test/certs/root-cert-md5.pem b/openssl-1.1.0h/test/certs/root-cert-md5.pem new file mode 100644 index 0000000..b6ed10c --- /dev/null +++ b/openssl-1.1.0h/test/certs/root-cert-md5.pem @@ -0,0 +1,18 @@ +-----BEGIN CERTIFICATE----- +MIIC8TCCAdmgAwIBAgIBATANBgkqhkiG9w0BAQQFADASMRAwDgYDVQQDDAdSb290 +IENBMCAXDTE2MDMyMDA2MjcyN1oYDzIxMTYwMzIxMDYyNzI3WjASMRAwDgYDVQQD +DAdSb290IENBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4eYA9Qa8 +oEY4eQ8/HnEZE20C3yubdmv8rLAh7daRCEI7pWM17FJboKJKxdYAlAOXWj25ZyjS +feMhXKTtxjyNjoTRnVTDPdl0opZ2Z3H5xhpQd7P9eO5b4OOMiSPCmiLsPtQ3ngfN +wCtVERc6NEIcaQ06GLDtFZRexv2eh8Yc55QaksBfBcFzQ+UD3gmRySTO2I6Lfi7g +MUjRhipqVSZ66As2Tpex4KTJ2lxpSwOACFaDox+yKrjBTP7FsU3UwAGq7b7OJb3u +aa32B81uK6GJVPVo65gJ7clgZsszYkoDsGjWDqtfwTVVfv1G7rrr3Laio+2Ff3ff +tWgiQ35mJCOvxQIDAQABo1AwTjAdBgNVHQ4EFgQUjvUlrx6ba4Q9fICayVOcTXL3 +o1IwHwYDVR0jBBgwFoAUjvUlrx6ba4Q9fICayVOcTXL3o1IwDAYDVR0TBAUwAwEB +/zANBgkqhkiG9w0BAQQFAAOCAQEAwSTZo97psLqiNmgvCC/Z51F3S9bFKPjGK4dc +Kqh8pMJsb8DnfGlPnsYXq/0oPcBThTRGZDqTeZa0ms8G+g4GS21TPF7lmvVJUJhz +GRLJxX7TYB8xriSJ15DwZgGmEGPfzmoIq27nwrO4TRAi0TCLdw01XZwiq2V7anl+ +jrIpJPDuaT3oBqnGTMZ5IoaQq2TX8PS/ZW6icJiRmXLMp/HUycKpDUshiuARR5Mi +UOzX8IHwn76Zj6z1R8xW9j1WcEycFYevTMaRuS6hnYagiSaAytIQU8hgMR4AWodM +NFYv5t9rguJnimGUGMMBIYXnPNE2kaoq9qCVgjuC14gWU0kq6Q== +-----END CERTIFICATE----- diff --git a/openssl-1.1.0h/test/certs/root-cert.pem b/openssl-1.1.0h/test/certs/root-cert.pem new file mode 100644 index 0000000..21ffa4d --- /dev/null +++ b/openssl-1.1.0h/test/certs/root-cert.pem @@ -0,0 +1,18 @@ +-----BEGIN CERTIFICATE----- +MIIC8TCCAdmgAwIBAgIBATANBgkqhkiG9w0BAQsFADASMRAwDgYDVQQDDAdSb290 +IENBMCAXDTE2MDExNTA4MTk0OVoYDzIxMTYwMTE2MDgxOTQ5WjASMRAwDgYDVQQD +DAdSb290IENBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4eYA9Qa8 +oEY4eQ8/HnEZE20C3yubdmv8rLAh7daRCEI7pWM17FJboKJKxdYAlAOXWj25ZyjS +feMhXKTtxjyNjoTRnVTDPdl0opZ2Z3H5xhpQd7P9eO5b4OOMiSPCmiLsPtQ3ngfN +wCtVERc6NEIcaQ06GLDtFZRexv2eh8Yc55QaksBfBcFzQ+UD3gmRySTO2I6Lfi7g +MUjRhipqVSZ66As2Tpex4KTJ2lxpSwOACFaDox+yKrjBTP7FsU3UwAGq7b7OJb3u +aa32B81uK6GJVPVo65gJ7clgZsszYkoDsGjWDqtfwTVVfv1G7rrr3Laio+2Ff3ff +tWgiQ35mJCOvxQIDAQABo1AwTjAdBgNVHQ4EFgQUjvUlrx6ba4Q9fICayVOcTXL3 +o1IwHwYDVR0jBBgwFoAUjvUlrx6ba4Q9fICayVOcTXL3o1IwDAYDVR0TBAUwAwEB +/zANBgkqhkiG9w0BAQsFAAOCAQEAyRRJx27WYOogPXZpPfAMt8ptapr/ugLWGLlw +bzKySoyLpoV2/YNAvTAGB90iFq6x/ujjrK41/ES0p3v38/Qfuxo24gcZgc/oYLV2 +UqR+uGCx68p2OWLYctBsARtYWOEgPhHFb9aVxcOQKyZHtivDX0wLGX+nqZoHX9IY +mc0sbpRBRMzxRsChbzD5re9kZ5NrgkjA6DJ7jYh2GitOM6oIU3Dd9+pk3bCEkFUg +Ry9qN/k+AyeqH1Qcb5LU+MTmlw8bmyzmMOBZgdegtO4HshcBMO054KSB3WSfBPDO +bEhZ0vm/lw63TGi88yIMtlkmcU2g0RKpeQI96G6QeqHyKF3p8A== +-----END CERTIFICATE----- diff --git a/openssl-1.1.0h/test/certs/root-cert2.pem b/openssl-1.1.0h/test/certs/root-cert2.pem new file mode 100644 index 0000000..e47e91e --- /dev/null +++ b/openssl-1.1.0h/test/certs/root-cert2.pem @@ -0,0 +1,18 @@ +-----BEGIN CERTIFICATE----- +MIIC8TCCAdmgAwIBAgIBATANBgkqhkiG9w0BAQsFADASMRAwDgYDVQQDDAdSb290 +IENBMCAXDTE2MDExNTA4MTk0OVoYDzIxMTYwMTE2MDgxOTQ5WjASMRAwDgYDVQQD +DAdSb290IENBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyB6dJAD5 +wbStQf4HE0EhldtDShNVQ/jhDu6s2Ka30FdP4ml1+c2Py7ODUSjSCegXaBIOXCA+ +R0zaBAJ3ZeqXx3UrE9PiXaHRGZcoPtX4mK9IOHhIdxwPUa6ceSOJn4cHY+p0cFLp +/5bnUErp4IqbL1bMd4v8fFxJ0ZDGJahfLiurnYUyalaNCHK+hK2+RaeRgPlsXfiU +/vwhhjFhdhixbPm8l+S+2xNySV1JAAzrUvEDdNZ0iBvuVcS2mlhSKTht5Zeg+0C6 +7kYYqxM9CVZCwcV/aSUImwjeFsNMJsl/nFyEacu6vXz0rjvLwPzTAeVYZy592Gwv +akWOtiDdap7WJQIDAQABo1AwTjAdBgNVHQ4EFgQUnM5mQjCrHAgmX3MZbd8Pp65Y +Uh4wHwYDVR0jBBgwFoAUnM5mQjCrHAgmX3MZbd8Pp65YUh4wDAYDVR0TBAUwAwEB +/zANBgkqhkiG9w0BAQsFAAOCAQEADkH6+rUX2QD5TMBn8x4PR9mTQsxhD2k8K2bv +NpbsWX0ta2pDPhiBpIbrTrTmw656MMRkwMLYIAX7BFhyjO9gO0nVXfU1SSTDsso+ +qu/K1t2US/rLeJQn8gYiTw6AqmvxHOndLaZQrYef4rUzsYnahNzxcoS1FMVxoJFM +o+1Wo0BFBlASv5Az0iFfjd1Uy3+AHB41+2vczNIWSki3mg4hzus2PSS4AA9IYeh+ +zU/HJMddnVedLKNstTAfR85ftACtsP6JhBqCBqC4mCVsN2ZlgucETbsOMyWYB4+y +9b6JIYDA1wxNVBXwN+D4MyALxjmjwcTsL6pXgoVc0JEJWVqQ1w== +-----END CERTIFICATE----- diff --git a/openssl-1.1.0h/test/certs/root-clientAuth.pem b/openssl-1.1.0h/test/certs/root-clientAuth.pem new file mode 100644 index 0000000..8d82866 --- /dev/null +++ b/openssl-1.1.0h/test/certs/root-clientAuth.pem @@ -0,0 +1,19 @@ +-----BEGIN TRUSTED CERTIFICATE----- +MIIC8TCCAdmgAwIBAgIBATANBgkqhkiG9w0BAQsFADASMRAwDgYDVQQDDAdSb290 +IENBMCAXDTE2MDExNTA4MTk0OVoYDzIxMTYwMTE2MDgxOTQ5WjASMRAwDgYDVQQD +DAdSb290IENBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4eYA9Qa8 +oEY4eQ8/HnEZE20C3yubdmv8rLAh7daRCEI7pWM17FJboKJKxdYAlAOXWj25ZyjS +feMhXKTtxjyNjoTRnVTDPdl0opZ2Z3H5xhpQd7P9eO5b4OOMiSPCmiLsPtQ3ngfN +wCtVERc6NEIcaQ06GLDtFZRexv2eh8Yc55QaksBfBcFzQ+UD3gmRySTO2I6Lfi7g +MUjRhipqVSZ66As2Tpex4KTJ2lxpSwOACFaDox+yKrjBTP7FsU3UwAGq7b7OJb3u +aa32B81uK6GJVPVo65gJ7clgZsszYkoDsGjWDqtfwTVVfv1G7rrr3Laio+2Ff3ff +tWgiQ35mJCOvxQIDAQABo1AwTjAdBgNVHQ4EFgQUjvUlrx6ba4Q9fICayVOcTXL3 +o1IwHwYDVR0jBBgwFoAUjvUlrx6ba4Q9fICayVOcTXL3o1IwDAYDVR0TBAUwAwEB +/zANBgkqhkiG9w0BAQsFAAOCAQEAyRRJx27WYOogPXZpPfAMt8ptapr/ugLWGLlw +bzKySoyLpoV2/YNAvTAGB90iFq6x/ujjrK41/ES0p3v38/Qfuxo24gcZgc/oYLV2 +UqR+uGCx68p2OWLYctBsARtYWOEgPhHFb9aVxcOQKyZHtivDX0wLGX+nqZoHX9IY +mc0sbpRBRMzxRsChbzD5re9kZ5NrgkjA6DJ7jYh2GitOM6oIU3Dd9+pk3bCEkFUg +Ry9qN/k+AyeqH1Qcb5LU+MTmlw8bmyzmMOBZgdegtO4HshcBMO054KSB3WSfBPDO +bEhZ0vm/lw63TGi88yIMtlkmcU2g0RKpeQI96G6QeqHyKF3p8DAMoAoGCCsGAQUF +BwMC +-----END TRUSTED CERTIFICATE----- diff --git a/openssl-1.1.0h/test/certs/root-key-768.pem b/openssl-1.1.0h/test/certs/root-key-768.pem new file mode 100644 index 0000000..4ecdcd3 --- /dev/null +++ b/openssl-1.1.0h/test/certs/root-key-768.pem @@ -0,0 +1,13 @@ +-----BEGIN PRIVATE KEY----- +MIIB5AIBADANBgkqhkiG9w0BAQEFAASCAc4wggHKAgEAAmEAue2pKTZhWeE1qUCK +QDa25I68dQpVImWqMqbOVQ8j6BAXIFbG3JB3B6kjzu2XwRbWKfYiI543j1b461U6 +UGIzHCqL8FwGW1NttKuVGmhIo4fpXvMhe9+yqPBawOLftXXFAgMBAAECYH1FP4Bg +/16Lepg6v+tb8gY0lY1WFN5EGVRfRw3QUaT9kldboEjjnQ8wSswVEPYr56IHZ8mH +Or8LtJVrB3fjriq5vNOt7lRscuV7IcVtOyVWu5+MoJmO67Q2vRJXLWTdAQIxANtp +AiqObXo8vyT+EDcOEW104PfKNVh/4fhyrDwAk/yTcxkv4dcnuTykeLPvkXq4cQIx +ANjvQa+9LubMy3N1uXIbWWsiEBi4BdNK+xuppJ2puckaiQU42Mfmw/Nj4LMEJLfc +lQIwCYcv3uU8f9hvfI3D6oAj5Zrzwg737hXvnDhunlRwGMHWd7uKlStWcfm6fCXl +LW0hAjEAneK0egVEp3IR+PyLdcL194UZFgSJKNj/nYiAaMdokjcf1o8jJ4qKvw/I +MEIpvy9pAjAzaFHKRugCN01V2dgXYYGL8+zkcwG4ehDXH1XEs4v8r3WtHBPPKED6 +AemfAQJLvh8= +-----END PRIVATE KEY----- diff --git a/openssl-1.1.0h/test/certs/root-key.pem b/openssl-1.1.0h/test/certs/root-key.pem new file mode 100644 index 0000000..0e0ee11 --- /dev/null +++ b/openssl-1.1.0h/test/certs/root-key.pem @@ -0,0 +1,28 @@ +-----BEGIN PRIVATE KEY----- +MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQDh5gD1BrygRjh5 +Dz8ecRkTbQLfK5t2a/yssCHt1pEIQjulYzXsUlugokrF1gCUA5daPblnKNJ94yFc +pO3GPI2OhNGdVMM92XSilnZncfnGGlB3s/147lvg44yJI8KaIuw+1DeeB83AK1UR +Fzo0QhxpDToYsO0VlF7G/Z6HxhznlBqSwF8FwXND5QPeCZHJJM7Yjot+LuAxSNGG +KmpVJnroCzZOl7HgpMnaXGlLA4AIVoOjH7IquMFM/sWxTdTAAartvs4lve5prfYH +zW4roYlU9WjrmAntyWBmyzNiSgOwaNYOq1/BNVV+/UbuuuvctqKj7YV/d9+1aCJD +fmYkI6/FAgMBAAECggEBAJWfUmL441cFK8KDZrszDfjf61cF+yKkw+ddghuWUtm1 +hOw2mjC9HBN5ay0+YYOoHUeYOoUpdMIM/rvuQc9brCcJsg0TZ34/2hEWt7Yst9OO ++l1OykSfHBwIm7z6Aps1JmU3Ct+RK6ZtDRsU12hloYuzRxezmFUCwQPsWGR1xA9d +usQHGbhM6F0WXFiTUulwf5x/06egO4IcDQL/qi5B79Byou+YnEQXcvWlF+6shPb6 +dvQbHuNRWd7QJRU/nJ/yhUDQ8Kx8e1WB2QJemBbf3jzkrGxHxWojcr6avJOQuNk4 +DCo+ksUcpiJqKLF26dGyLTypqL3s1L6FXbQ2kvlGqMECgYEA+Bpv+uJAZk7N83+N +9DSsDmzQ1I1pp9tnwHvHko3gaWBr2O0bC7kl2CyLlUZ8Fi1SuiZPkWBXbffZbLxb +H7t8ppvsvnVC4+BWkdmQR9du6mtl16GojZxPE1GL0Gqqw8CyJGSATBm9UJs/roq1 +hQxnvWrbGZp2+PGJTndlb+UpIXMCgYEA6Raj0bHa4Lzb2CLxf5eo6p4iBNacD3as +CokJmDETIAwXFpjnHLDEuq8W26OACCv6vZtHefhtO0ULqJC1pRLF5/3lxhp219pp +5Q1bSIysOKUJtZyqNwvhvROoiFgTDRyfu48eKsAx18pzRJ/ZFHsHqNbNUVWjF2Nf +1yNC6PErO+cCgYEAufImhyPXHFZnqN2qqKJpaY5InWU3EKUyB2M92isXTCMF8VkT +ch/bqz8HhmODUKO7YuSfsddA75xYilRI/2lnLP+j2cLM1Tkn6LvklNNzv6GqfIge +abQC1/nADf5D6d6cJQZl2aNY7fbNLaWsEgGQJrjVaUUJcd6lB/gYQFrCDt0CgYAb +61RQB8e556VFrFnU+KuI/swAXFxxFbvhvyxhCG/MBOa3FDWKoDnQSqyoPltVnz73 +eyQCnhknYkvVMxAu56LA+Q6OvhjCHi1U/FaUyBTQ7CPPlyZkVY4CgdpMCpCtn2Ia +qzfn0wGlYWCRNbxg0aPHO4N4XJOed47BTD31fP26vQKBgDWXNz5he9pLYYDiF4F3 +jdjbG/QCmO41VBdfd81pFajJKm4TaskuMLTaWa51KHcoW+ddQQLy72qtXH53X4SL +lO/RacV9hRoSX5Nq7ivSO8sM1fnU55kBre+V/ZgKkG4Xe669P1Hd4TpmmpoYDhgO +Jq+6oI4L87uoIoyqvltRK3hM +-----END PRIVATE KEY----- diff --git a/openssl-1.1.0h/test/certs/root-key2.pem b/openssl-1.1.0h/test/certs/root-key2.pem new file mode 100644 index 0000000..990b20d --- /dev/null +++ b/openssl-1.1.0h/test/certs/root-key2.pem @@ -0,0 +1,28 @@ +-----BEGIN PRIVATE KEY----- +MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQDIHp0kAPnBtK1B +/gcTQSGV20NKE1VD+OEO7qzYprfQV0/iaXX5zY/Ls4NRKNIJ6BdoEg5cID5HTNoE +Andl6pfHdSsT0+JdodEZlyg+1fiYr0g4eEh3HA9Rrpx5I4mfhwdj6nRwUun/ludQ +SungipsvVsx3i/x8XEnRkMYlqF8uK6udhTJqVo0Icr6Erb5Fp5GA+Wxd+JT+/CGG +MWF2GLFs+byX5L7bE3JJXUkADOtS8QN01nSIG+5VxLaaWFIpOG3ll6D7QLruRhir +Ez0JVkLBxX9pJQibCN4Ww0wmyX+cXIRpy7q9fPSuO8vA/NMB5VhnLn3YbC9qRY62 +IN1qntYlAgMBAAECggEAJgHieHcS+F43VcRIVbjWBx8orYX0eL9pByv/efpYCOK8 +UlUTSglnmRmUBDMLiUQiReq//XFGQsZu1boeMSYYA5LWRqLEaGIWU5To2N5Mo7sO +rWLy6GRU6H+QSlWcisbbeXeK+9ZTiO6BKjfAKZxJkvkaRk44+umQP5QOfhJ3WU4t +0wkwYOfm8uOEg48yZTgjUVzhIORHAq5RHH/5goLrNwO2bIqOHOqzSrXGQJJ+oDaL +JykccyVAElUGd5JaSpm5z0a43C4A5q770ppiByGxJv1L3ID1hkik1ZpWfMtwPH1Y +FIAINqlhVoeAEwOCpL9axZ5OCGQrgWLNV4LfJyG4NQKBgQDyHGDyp+ZpMJRxCtDt +8QWtthuoOfwmXOR81ZJGD3GA8rEGcG1zH4F+B4Z76/Kwb/uabH9FPURS+kcDpsuM +9Avx88JTg6YFhtpQQCcmhY7awgc+B4ve95ziz6DOMhCD8Yb36UjM7B1jY+zVLIYt +yQhZOKQEzPFqfPMrzEDsabT+GwKBgQDTmY35/l13zYi21xmCL+309KzjbZEyX0NF +SE2JjIdwcWvKSMPFlWv7l1ssIg1fF0Hu7mEbLB74eUU0fe4D0LPeoEX3ihjYej4N +M/EdKv7+WhCr11lnWwWTM+aeeFAmwdD95Gdvv0hTnG/GqxiOt19HhGhMHJueAKDL +Tmci9hPAvwKBgQCkjbM62fEZp4IMvtw4DKveYDq2AQsnC9XkHsh3Q8HScaDuDnXl +XBGIFhdKnJhrYQEx+PIbnkOU3jRr/+6zE6AWx6VZW834TaqOBrxVS0tH1b5UY46m +ccc4xQO3gYGGHB+u2ei4Fvb2eZEbZlKgRdWdxoh8FssypFAmgYHS7Rmt5wKBgEYu +symM1aGL2WGTnJFSpmFN2h4g1DzZ3e0X2yfZJX8FD5RraAub0NIE1Kehr7+vbh36 +kNi7XJZbWrnbXtuDGHWpwSsmcbEzcmtcpAdhoGvqoYbtiWi/huzZFQ/Qpf0E4fWk +ES6+ShX5WBWT4DRN29tTrmg4QOE6IhrsqUauScTvAoGAKxEzsSHPgZm5rGOfVPcI +cFeSJFCsaPfVk97T9aNievhMMChKBV8vT3Unlk0RObcsMweo6OMmfnRxrHhgfVz8 +elpLOlzEHfELlR8HELvxCeWWzuPgNCAPcG3BmjRnm8g5xmmkfQuRKlkQTcGbHotI +wIPT+bHg3fjx7CemHl+rZeo= +-----END PRIVATE KEY----- diff --git a/openssl-1.1.0h/test/certs/root-name2.pem b/openssl-1.1.0h/test/certs/root-name2.pem new file mode 100644 index 0000000..ac3a4bb --- /dev/null +++ b/openssl-1.1.0h/test/certs/root-name2.pem @@ -0,0 +1,18 @@ +-----BEGIN CERTIFICATE----- +MIIC+TCCAeGgAwIBAgIBATANBgkqhkiG9w0BAQsFADAWMRQwEgYDVQQDDAtSb290 +IENlcnQgMjAgFw0xNjAxMTUwODE5NDlaGA8yMTE2MDExNjA4MTk0OVowFjEUMBIG +A1UEAwwLUm9vdCBDZXJ0IDIwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB +AQDh5gD1BrygRjh5Dz8ecRkTbQLfK5t2a/yssCHt1pEIQjulYzXsUlugokrF1gCU +A5daPblnKNJ94yFcpO3GPI2OhNGdVMM92XSilnZncfnGGlB3s/147lvg44yJI8Ka +Iuw+1DeeB83AK1URFzo0QhxpDToYsO0VlF7G/Z6HxhznlBqSwF8FwXND5QPeCZHJ +JM7Yjot+LuAxSNGGKmpVJnroCzZOl7HgpMnaXGlLA4AIVoOjH7IquMFM/sWxTdTA +Aartvs4lve5prfYHzW4roYlU9WjrmAntyWBmyzNiSgOwaNYOq1/BNVV+/Ubuuuvc +tqKj7YV/d9+1aCJDfmYkI6/FAgMBAAGjUDBOMB0GA1UdDgQWBBSO9SWvHptrhD18 +gJrJU5xNcvejUjAfBgNVHSMEGDAWgBSO9SWvHptrhD18gJrJU5xNcvejUjAMBgNV +HRMEBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQAXH466iCDUusG2NbpU/tMZVWB2 +8wVwawbXn2LNYCdWPAgOHR+87OekNAh/vXBoPu9up9Up40/l/4+29zl5s9tKpF7X +SI8QeM2HC9LLGsbFNEJoX4kcz6Q8WxrhtEeBTu1api4CB4POGkj5VlKFCwa3bjPH +brDwCODq1Gkggf4NR0piiqFKUEKTteMoeC3dod+FzBh6eDssGcVsNxhB0FiMk4GG +3Fc1NR56gL+Qz3QFZf2tdpMcBXECc1nP7fNq6CwSRwcgDgte/qqYr3gkeBo3M3Bz +7JE19lq7kjfiTq6zyswacaqlvN9bJAxNkbshW7kvIqw+27y5XErpestuoxSt +-----END CERTIFICATE----- diff --git a/openssl-1.1.0h/test/certs/root-nonca.pem b/openssl-1.1.0h/test/certs/root-nonca.pem new file mode 100644 index 0000000..5c86abe --- /dev/null +++ b/openssl-1.1.0h/test/certs/root-nonca.pem @@ -0,0 +1,19 @@ +-----BEGIN CERTIFICATE----- +MIIDFzCCAf+gAwIBAgIBATANBgkqhkiG9w0BAQsFADASMRAwDgYDVQQDDAdSb290 +IENBMCAXDTE2MDExNTA4MTk0OVoYDzIxMTYwMTE2MDgxOTQ5WjASMRAwDgYDVQQD +DAdSb290IENBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4eYA9Qa8 +oEY4eQ8/HnEZE20C3yubdmv8rLAh7daRCEI7pWM17FJboKJKxdYAlAOXWj25ZyjS +feMhXKTtxjyNjoTRnVTDPdl0opZ2Z3H5xhpQd7P9eO5b4OOMiSPCmiLsPtQ3ngfN +wCtVERc6NEIcaQ06GLDtFZRexv2eh8Yc55QaksBfBcFzQ+UD3gmRySTO2I6Lfi7g +MUjRhipqVSZ66As2Tpex4KTJ2lxpSwOACFaDox+yKrjBTP7FsU3UwAGq7b7OJb3u +aa32B81uK6GJVPVo65gJ7clgZsszYkoDsGjWDqtfwTVVfv1G7rrr3Laio+2Ff3ff +tWgiQ35mJCOvxQIDAQABo3YwdDAdBgNVHQ4EFgQUjvUlrx6ba4Q9fICayVOcTXL3 +o1IwHwYDVR0jBBgwFoAUjvUlrx6ba4Q9fICayVOcTXL3o1IwCQYDVR0TBAIwADAT +BgNVHSUEDDAKBggrBgEFBQcDATASBgNVHREECzAJggdSb290IENBMA0GCSqGSIb3 +DQEBCwUAA4IBAQCJLiUshLaVQxjnoxN4MISOIM7vy9jIfCEabtyOumjVXasvLqKS +fF0nLoRb/6iCd0VnJlliTKky/p8aaG4+VooQPTxwpat6zir4G1N2dWwYbMTDpVfh +836wHNPmmFvCUSKZcoLAEmMVRrNU9gBXkS64FfoP0FCoWeHb9NSlQY5YFb0BO8C/ +6AZlMGCt1HDPEK+gE/Uwayk7Yo3npSb+ZgnwZpA0ip0lPJ0Uf5cZ5Q/RBP0H+nxi +KLKzBpY01IJ67/7R1Ioc27JiUpBGmKQzjg48POSMOECFolv0dH33O6aXJaXtw9Kq +m8y3rPQqNPehWzbRq75txC/sayQZXNUrteVz +-----END CERTIFICATE----- diff --git a/openssl-1.1.0h/test/certs/root-noserver.pem b/openssl-1.1.0h/test/certs/root-noserver.pem new file mode 100644 index 0000000..0c7fb8d --- /dev/null +++ b/openssl-1.1.0h/test/certs/root-noserver.pem @@ -0,0 +1,19 @@ +-----BEGIN TRUSTED CERTIFICATE----- +MIIC8TCCAdmgAwIBAgIBATANBgkqhkiG9w0BAQsFADASMRAwDgYDVQQDDAdSb290 +IENBMCAXDTE2MDExNDIyMjkwNVoYDzIxMTYwMTE1MjIyOTA1WjASMRAwDgYDVQQD +DAdSb290IENBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv5oV1s3N +us7SINg7omu5AxueEgK97mh5PU3hgZpliSFaESmL2qLGeP609oXs/68XDXVW4utU +LCOjLh0np+5Xy3i3GRDXgBZ72QDe23WqqQqqaBlQVVm1WxG+amRtZJEWdSIsiFBt +k+8dBElHh2WQDhDOWqHGHQarQgJPxGB97MRhMSlbTwK1T5KAWOlqi5mJW5L6vNrQ +7Tra/YceH70fU0fJYOXhBxM92NwD1bbVd9GPYFSqrdrVj19bvo63XsxZduex5QHr +RkWqT5w5mgAHaEgCqWrS/64q9TR9UEwrB8kiZZg3k9/im+zBwEULTZu0r8oMEkpj +bTlXLmt8EMBqxwIDAQABo1AwTjAdBgNVHQ4EFgQUcH8uroNoWZgEIyrN6z4XzSTd +AUkwHwYDVR0jBBgwFoAUcH8uroNoWZgEIyrN6z4XzSTdAUkwDAYDVR0TBAUwAwEB +/zANBgkqhkiG9w0BAQsFAAOCAQEAuiLq2lhcOJHrwUP0txbHk2vy6rmGTPxqmcCo +CUQFZ3KrvUQM+rtRqqQ0+LzU4wSTFogBz9KSMfT03gPegY3b/7L2TOaMmUFRzTdd +c9PNT0lP8V3pNQrxp0IjKir791QkGe2Ux45iMKf/SXpeTWASp4zeMiD6/LXFzzaK +BfNS5IrIWRDev41lFasDzudK5/kmVaMvDOFyW51KkKkqb64VS4UA81JIEzClvz+3 +Vp3k1AXup5+XnTvhqu2nRhrLpJR5w8OXQpcn6qjKlVc2BXtb3xwci1/ibHlZy3CZ +n70e2NYihU5yYKccReP+fjLgVFsuhsDs/0hRML1u9bLp9nUbYDAMoAoGCCsGAQUF +BwMB +-----END TRUSTED CERTIFICATE----- diff --git a/openssl-1.1.0h/test/certs/root-serverAuth.pem b/openssl-1.1.0h/test/certs/root-serverAuth.pem new file mode 100644 index 0000000..37b49f6 --- /dev/null +++ b/openssl-1.1.0h/test/certs/root-serverAuth.pem @@ -0,0 +1,19 @@ +-----BEGIN TRUSTED CERTIFICATE----- +MIIC8TCCAdmgAwIBAgIBATANBgkqhkiG9w0BAQsFADASMRAwDgYDVQQDDAdSb290 +IENBMCAXDTE2MDExNTA4MTk0OVoYDzIxMTYwMTE2MDgxOTQ5WjASMRAwDgYDVQQD +DAdSb290IENBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4eYA9Qa8 +oEY4eQ8/HnEZE20C3yubdmv8rLAh7daRCEI7pWM17FJboKJKxdYAlAOXWj25ZyjS +feMhXKTtxjyNjoTRnVTDPdl0opZ2Z3H5xhpQd7P9eO5b4OOMiSPCmiLsPtQ3ngfN +wCtVERc6NEIcaQ06GLDtFZRexv2eh8Yc55QaksBfBcFzQ+UD3gmRySTO2I6Lfi7g +MUjRhipqVSZ66As2Tpex4KTJ2lxpSwOACFaDox+yKrjBTP7FsU3UwAGq7b7OJb3u +aa32B81uK6GJVPVo65gJ7clgZsszYkoDsGjWDqtfwTVVfv1G7rrr3Laio+2Ff3ff +tWgiQ35mJCOvxQIDAQABo1AwTjAdBgNVHQ4EFgQUjvUlrx6ba4Q9fICayVOcTXL3 +o1IwHwYDVR0jBBgwFoAUjvUlrx6ba4Q9fICayVOcTXL3o1IwDAYDVR0TBAUwAwEB +/zANBgkqhkiG9w0BAQsFAAOCAQEAyRRJx27WYOogPXZpPfAMt8ptapr/ugLWGLlw +bzKySoyLpoV2/YNAvTAGB90iFq6x/ujjrK41/ES0p3v38/Qfuxo24gcZgc/oYLV2 +UqR+uGCx68p2OWLYctBsARtYWOEgPhHFb9aVxcOQKyZHtivDX0wLGX+nqZoHX9IY +mc0sbpRBRMzxRsChbzD5re9kZ5NrgkjA6DJ7jYh2GitOM6oIU3Dd9+pk3bCEkFUg +Ry9qN/k+AyeqH1Qcb5LU+MTmlw8bmyzmMOBZgdegtO4HshcBMO054KSB3WSfBPDO +bEhZ0vm/lw63TGi88yIMtlkmcU2g0RKpeQI96G6QeqHyKF3p8DAMoAoGCCsGAQUF +BwMB +-----END TRUSTED CERTIFICATE----- diff --git a/openssl-1.1.0h/test/certs/root2+clientAuth.pem b/openssl-1.1.0h/test/certs/root2+clientAuth.pem new file mode 100644 index 0000000..41355b0 --- /dev/null +++ b/openssl-1.1.0h/test/certs/root2+clientAuth.pem @@ -0,0 +1,19 @@ +-----BEGIN TRUSTED CERTIFICATE----- +MIIC8TCCAdmgAwIBAgIBATANBgkqhkiG9w0BAQsFADASMRAwDgYDVQQDDAdSb290 +IENBMCAXDTE2MDExNTA4MTk0OVoYDzIxMTYwMTE2MDgxOTQ5WjASMRAwDgYDVQQD +DAdSb290IENBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyB6dJAD5 +wbStQf4HE0EhldtDShNVQ/jhDu6s2Ka30FdP4ml1+c2Py7ODUSjSCegXaBIOXCA+ +R0zaBAJ3ZeqXx3UrE9PiXaHRGZcoPtX4mK9IOHhIdxwPUa6ceSOJn4cHY+p0cFLp +/5bnUErp4IqbL1bMd4v8fFxJ0ZDGJahfLiurnYUyalaNCHK+hK2+RaeRgPlsXfiU +/vwhhjFhdhixbPm8l+S+2xNySV1JAAzrUvEDdNZ0iBvuVcS2mlhSKTht5Zeg+0C6 +7kYYqxM9CVZCwcV/aSUImwjeFsNMJsl/nFyEacu6vXz0rjvLwPzTAeVYZy592Gwv +akWOtiDdap7WJQIDAQABo1AwTjAdBgNVHQ4EFgQUnM5mQjCrHAgmX3MZbd8Pp65Y +Uh4wHwYDVR0jBBgwFoAUnM5mQjCrHAgmX3MZbd8Pp65YUh4wDAYDVR0TBAUwAwEB +/zANBgkqhkiG9w0BAQsFAAOCAQEADkH6+rUX2QD5TMBn8x4PR9mTQsxhD2k8K2bv +NpbsWX0ta2pDPhiBpIbrTrTmw656MMRkwMLYIAX7BFhyjO9gO0nVXfU1SSTDsso+ +qu/K1t2US/rLeJQn8gYiTw6AqmvxHOndLaZQrYef4rUzsYnahNzxcoS1FMVxoJFM +o+1Wo0BFBlASv5Az0iFfjd1Uy3+AHB41+2vczNIWSki3mg4hzus2PSS4AA9IYeh+ +zU/HJMddnVedLKNstTAfR85ftACtsP6JhBqCBqC4mCVsN2ZlgucETbsOMyWYB4+y +9b6JIYDA1wxNVBXwN+D4MyALxjmjwcTsL6pXgoVc0JEJWVqQ1zAMMAoGCCsGAQUF +BwMC +-----END TRUSTED CERTIFICATE----- diff --git a/openssl-1.1.0h/test/certs/root2+serverAuth.pem b/openssl-1.1.0h/test/certs/root2+serverAuth.pem new file mode 100644 index 0000000..52053f1 --- /dev/null +++ b/openssl-1.1.0h/test/certs/root2+serverAuth.pem @@ -0,0 +1,19 @@ +-----BEGIN TRUSTED CERTIFICATE----- +MIIC8TCCAdmgAwIBAgIBATANBgkqhkiG9w0BAQsFADASMRAwDgYDVQQDDAdSb290 +IENBMCAXDTE2MDExNTA4MTk0OVoYDzIxMTYwMTE2MDgxOTQ5WjASMRAwDgYDVQQD +DAdSb290IENBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyB6dJAD5 +wbStQf4HE0EhldtDShNVQ/jhDu6s2Ka30FdP4ml1+c2Py7ODUSjSCegXaBIOXCA+ +R0zaBAJ3ZeqXx3UrE9PiXaHRGZcoPtX4mK9IOHhIdxwPUa6ceSOJn4cHY+p0cFLp +/5bnUErp4IqbL1bMd4v8fFxJ0ZDGJahfLiurnYUyalaNCHK+hK2+RaeRgPlsXfiU +/vwhhjFhdhixbPm8l+S+2xNySV1JAAzrUvEDdNZ0iBvuVcS2mlhSKTht5Zeg+0C6 +7kYYqxM9CVZCwcV/aSUImwjeFsNMJsl/nFyEacu6vXz0rjvLwPzTAeVYZy592Gwv +akWOtiDdap7WJQIDAQABo1AwTjAdBgNVHQ4EFgQUnM5mQjCrHAgmX3MZbd8Pp65Y +Uh4wHwYDVR0jBBgwFoAUnM5mQjCrHAgmX3MZbd8Pp65YUh4wDAYDVR0TBAUwAwEB +/zANBgkqhkiG9w0BAQsFAAOCAQEADkH6+rUX2QD5TMBn8x4PR9mTQsxhD2k8K2bv +NpbsWX0ta2pDPhiBpIbrTrTmw656MMRkwMLYIAX7BFhyjO9gO0nVXfU1SSTDsso+ +qu/K1t2US/rLeJQn8gYiTw6AqmvxHOndLaZQrYef4rUzsYnahNzxcoS1FMVxoJFM +o+1Wo0BFBlASv5Az0iFfjd1Uy3+AHB41+2vczNIWSki3mg4hzus2PSS4AA9IYeh+ +zU/HJMddnVedLKNstTAfR85ftACtsP6JhBqCBqC4mCVsN2ZlgucETbsOMyWYB4+y +9b6JIYDA1wxNVBXwN+D4MyALxjmjwcTsL6pXgoVc0JEJWVqQ1zAMMAoGCCsGAQUF +BwMB +-----END TRUSTED CERTIFICATE----- diff --git a/openssl-1.1.0h/test/certs/root2-serverAuth.pem b/openssl-1.1.0h/test/certs/root2-serverAuth.pem new file mode 100644 index 0000000..dae848a --- /dev/null +++ b/openssl-1.1.0h/test/certs/root2-serverAuth.pem @@ -0,0 +1,19 @@ +-----BEGIN TRUSTED CERTIFICATE----- +MIIC8TCCAdmgAwIBAgIBATANBgkqhkiG9w0BAQsFADASMRAwDgYDVQQDDAdSb290 +IENBMCAXDTE2MDExNTA4MTk0OVoYDzIxMTYwMTE2MDgxOTQ5WjASMRAwDgYDVQQD +DAdSb290IENBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyB6dJAD5 +wbStQf4HE0EhldtDShNVQ/jhDu6s2Ka30FdP4ml1+c2Py7ODUSjSCegXaBIOXCA+ +R0zaBAJ3ZeqXx3UrE9PiXaHRGZcoPtX4mK9IOHhIdxwPUa6ceSOJn4cHY+p0cFLp +/5bnUErp4IqbL1bMd4v8fFxJ0ZDGJahfLiurnYUyalaNCHK+hK2+RaeRgPlsXfiU +/vwhhjFhdhixbPm8l+S+2xNySV1JAAzrUvEDdNZ0iBvuVcS2mlhSKTht5Zeg+0C6 +7kYYqxM9CVZCwcV/aSUImwjeFsNMJsl/nFyEacu6vXz0rjvLwPzTAeVYZy592Gwv +akWOtiDdap7WJQIDAQABo1AwTjAdBgNVHQ4EFgQUnM5mQjCrHAgmX3MZbd8Pp65Y +Uh4wHwYDVR0jBBgwFoAUnM5mQjCrHAgmX3MZbd8Pp65YUh4wDAYDVR0TBAUwAwEB +/zANBgkqhkiG9w0BAQsFAAOCAQEADkH6+rUX2QD5TMBn8x4PR9mTQsxhD2k8K2bv +NpbsWX0ta2pDPhiBpIbrTrTmw656MMRkwMLYIAX7BFhyjO9gO0nVXfU1SSTDsso+ +qu/K1t2US/rLeJQn8gYiTw6AqmvxHOndLaZQrYef4rUzsYnahNzxcoS1FMVxoJFM +o+1Wo0BFBlASv5Az0iFfjd1Uy3+AHB41+2vczNIWSki3mg4hzus2PSS4AA9IYeh+ +zU/HJMddnVedLKNstTAfR85ftACtsP6JhBqCBqC4mCVsN2ZlgucETbsOMyWYB4+y +9b6JIYDA1wxNVBXwN+D4MyALxjmjwcTsL6pXgoVc0JEJWVqQ1zAMoAoGCCsGAQUF +BwMB +-----END TRUSTED CERTIFICATE----- diff --git a/openssl-1.1.0h/test/certs/rootCA.key b/openssl-1.1.0h/test/certs/rootCA.key new file mode 100644 index 0000000..527f3ad --- /dev/null +++ b/openssl-1.1.0h/test/certs/rootCA.key @@ -0,0 +1,27 @@ +-----BEGIN RSA PRIVATE KEY----- +MIIEpAIBAAKCAQEAwPFrd4isNd/7c1MvkoAvdBYyTfUQIG9sOo7R3GvhLj7DBA+/ +m8TJEtHkC0WX5QbNZjrh4OIr36LE7HvTPTyK/150oKunA2oWW16SxH5beYpp1LyD +Xq5CknSlK+cAwanc1bFTBw9z946tFD4lnuUe5syRzZUMgEQgw/0Xz5E9YxAcFFv7 +w6jBiLJ3/5zb/GpERET3hewILNTfgaN5yf4em5MWU7eXq75PGqXi+kYF5A2cKqTM +uR4hoGzEq1mwQDm7+Yit/d+NtAuvfkHgITzIM0VJhC+TBu79T+1P87yb3vwlXlXV +ddTFezpANQafxIS0bJMMrzdar7ZBTSYjHLgCswIDAQABAoIBAC1EdwJEfqLlOgmE +qtSkXn3N919y76Wsfqf+eh5M8Tf4YajCSSIyuTpBJE/AtDJ3thkWF4i7h6+gcLNL +GfR0D+h6MMLBgx259iTZu3V+b9fEMbBHykqcd+IEm/wA5pyJTdaVE/XEGmEqiFEH +g6wT9XwQ4uRo49X0JfvVlZCNcumapYfPY+BwPQloydm/cLtgUtc1RKUCG7i27aHM +VaUm+NdYZIwwCQs0Aof/h7PkEWvHq0idaxY9qkLbbZHb1Np/IkmvqCo/PSS1whDj +/KIQGJDBGuXX/V+cZ+DYkCXAq1fCto9MjarEVmlLW5Hr5QojdbpvwsxSmrGfCqdH +bfc/9gECgYEA6y6EcYBuvCibmO4G2OA1sNSe5lJF911xUHuUl3CRORdeVFDi9Ch+ +LKzE+XEOlvA+qFSIA/KztevX3dvmvvBMwu0PUWDtBKJZ1mXt4Mgo63MHpYnKIzWz +YuDaMKpvbl3iTFJlKPUkPlv+/uDccd0QYYvk4gbBrWVQDghV3ya9LqMCgYEA0gW6 +Cu5yRWodehCh0z8VtFfOGDkhZEav6B5mZvyDCk5f+zVeRlsTJwY4BsgnoMUJ+SjQ +iQwQX3FbWrwcyYPOIA+ja6Hisgb9p/f+hxsQOOhN9nFsk2MNIHkwrMRcE8pj7pc1 +uBoYqpdX8blEs8wkJI+bTI3/SIZw6vjbogSqbLECgYEAhXuQho9byoXN0p3+2ude +8e+sBJPbzEuH/iM2MkIc2ueNjZOfTO8Sti6VWfK2UisnlQjtbjg5kd67Vdvy+pqP +Ju/ACvNVc5TmIo8V1cglmYVfaLBtP1DCcTOoA4ko196Hi8QUUIvat14lu+pKlIHh +Q0xQa41kLhNbvaszegWVyLsCgYEAxhuGySbw/U9CbNDhhL1eANZOXoUNXWRcK6z5 +VS3dgcw6N2C5A86G+2mfUa5dywXyCWgZhRyvGQh5btZApUlCFvYJZc63Ysy7WkTQ +f6rkm3ltiQimrURirn4CjwVOAZEIwJc7oeRj3g6Scz4acysd8KrRh93trwC55LtH +mcWi6JECgYAlqCQvaAnvaWpR0RX7m/UMpqWOVgIperGR7hrN3d04RaWG4yv1+66T +xANNBA8aDxhFwXjAKev4iOE/rp8SEjYXh3lbKmx+p9dk8REUdIFqoClX9tqctW9g +AkDF34S0mSE4T34zhs2+InfohJa6ojsuiNJSQMBPBxfr6wV2C+UWMQ== +-----END RSA PRIVATE KEY----- diff --git a/openssl-1.1.0h/test/certs/rootCA.pem b/openssl-1.1.0h/test/certs/rootCA.pem new file mode 100644 index 0000000..ef73d00 --- /dev/null +++ b/openssl-1.1.0h/test/certs/rootCA.pem @@ -0,0 +1,21 @@ +-----BEGIN CERTIFICATE----- +MIIDfzCCAmegAwIBAgIJAIhDKcvC6xWaMA0GCSqGSIb3DQEBCwUAMFYxCzAJBgNV +BAYTAkFVMRMwEQYDVQQIDApTb21lLVN0YXRlMSEwHwYDVQQKDBhJbnRlcm5ldCBX +aWRnaXRzIFB0eSBMdGQxDzANBgNVBAMMBnJvb3RDQTAeFw0xNTA3MDIxMzE1MTFa +Fw0zNTA3MDIxMzE1MTFaMFYxCzAJBgNVBAYTAkFVMRMwEQYDVQQIDApTb21lLVN0 +YXRlMSEwHwYDVQQKDBhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQxDzANBgNVBAMM +BnJvb3RDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMDxa3eIrDXf ++3NTL5KAL3QWMk31ECBvbDqO0dxr4S4+wwQPv5vEyRLR5AtFl+UGzWY64eDiK9+i +xOx70z08iv9edKCrpwNqFlteksR+W3mKadS8g16uQpJ0pSvnAMGp3NWxUwcPc/eO +rRQ+JZ7lHubMkc2VDIBEIMP9F8+RPWMQHBRb+8OowYiyd/+c2/xqRERE94XsCCzU +34Gjecn+HpuTFlO3l6u+Txql4vpGBeQNnCqkzLkeIaBsxKtZsEA5u/mIrf3fjbQL +r35B4CE8yDNFSYQvkwbu/U/tT/O8m978JV5V1XXUxXs6QDUGn8SEtGyTDK83Wq+2 +QU0mIxy4ArMCAwEAAaNQME4wDAYDVR0TBAUwAwEB/zAdBgNVHQ4EFgQUhVaJNeKf +ABrhhgMLS692Emszbf0wHwYDVR0jBBgwFoAUhVaJNeKfABrhhgMLS692Emszbf0w +DQYJKoZIhvcNAQELBQADggEBADIKvyoK4rtPQ86I2lo5EDeAuzctXi2I3SZpnOe0 +mCCxJeZhWW0S7JuHvlfhEgXFBPEXzhS4HJLUlZUsWyiJ+3KcINMygaiF7MgIe6hZ +WzpsMatS4mbNFElc89M+YryRFrQc9d1Uqjxhl3ms5MhDNcMP/PNwHa/wnIoqkpNI +qtDoR741wcZ7bdr6XVdF8+pBjzbBPPRSf24x3bqavHBWcTjcSVcM/ZEXxeqH5SN0 +GbK2mQxrogX4UWjtl+DfYvl+ejpEcYNXKEmIabUUHtpG42544cuPtZizLW5bt/aT +JBQfpPZpvf9MUlACxUONFOLQdZ8SXpSJ0e93iX2J2Z52mSQ= +-----END CERTIFICATE----- diff --git a/openssl-1.1.0h/test/certs/rootcert.pem b/openssl-1.1.0h/test/certs/rootcert.pem new file mode 100644 index 0000000..2b90ddb --- /dev/null +++ b/openssl-1.1.0h/test/certs/rootcert.pem @@ -0,0 +1,18 @@ +-----BEGIN CERTIFICATE----- +MIIC8TCCAdmgAwIBAgIBATANBgkqhkiG9w0BAQsFADASMRAwDgYDVQQDDAdSb290 +IENBMCAXDTE2MDExNDIyMjkwNVoYDzIxMTYwMTE1MjIyOTA1WjASMRAwDgYDVQQD +DAdSb290IENBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv5oV1s3N +us7SINg7omu5AxueEgK97mh5PU3hgZpliSFaESmL2qLGeP609oXs/68XDXVW4utU +LCOjLh0np+5Xy3i3GRDXgBZ72QDe23WqqQqqaBlQVVm1WxG+amRtZJEWdSIsiFBt +k+8dBElHh2WQDhDOWqHGHQarQgJPxGB97MRhMSlbTwK1T5KAWOlqi5mJW5L6vNrQ +7Tra/YceH70fU0fJYOXhBxM92NwD1bbVd9GPYFSqrdrVj19bvo63XsxZduex5QHr +RkWqT5w5mgAHaEgCqWrS/64q9TR9UEwrB8kiZZg3k9/im+zBwEULTZu0r8oMEkpj +bTlXLmt8EMBqxwIDAQABo1AwTjAdBgNVHQ4EFgQUcH8uroNoWZgEIyrN6z4XzSTd +AUkwHwYDVR0jBBgwFoAUcH8uroNoWZgEIyrN6z4XzSTdAUkwDAYDVR0TBAUwAwEB +/zANBgkqhkiG9w0BAQsFAAOCAQEAuiLq2lhcOJHrwUP0txbHk2vy6rmGTPxqmcCo +CUQFZ3KrvUQM+rtRqqQ0+LzU4wSTFogBz9KSMfT03gPegY3b/7L2TOaMmUFRzTdd +c9PNT0lP8V3pNQrxp0IjKir791QkGe2Ux45iMKf/SXpeTWASp4zeMiD6/LXFzzaK +BfNS5IrIWRDev41lFasDzudK5/kmVaMvDOFyW51KkKkqb64VS4UA81JIEzClvz+3 +Vp3k1AXup5+XnTvhqu2nRhrLpJR5w8OXQpcn6qjKlVc2BXtb3xwci1/ibHlZy3CZ +n70e2NYihU5yYKccReP+fjLgVFsuhsDs/0hRML1u9bLp9nUbYA== +-----END CERTIFICATE----- diff --git a/openssl-1.1.0h/test/certs/rootkey.pem b/openssl-1.1.0h/test/certs/rootkey.pem new file mode 100644 index 0000000..d85c96f --- /dev/null +++ b/openssl-1.1.0h/test/certs/rootkey.pem @@ -0,0 +1,28 @@ +-----BEGIN PRIVATE KEY----- +MIIEvwIBADANBgkqhkiG9w0BAQEFAASCBKkwggSlAgEAAoIBAQC/mhXWzc26ztIg +2Duia7kDG54SAr3uaHk9TeGBmmWJIVoRKYvaosZ4/rT2hez/rxcNdVbi61QsI6Mu +HSen7lfLeLcZENeAFnvZAN7bdaqpCqpoGVBVWbVbEb5qZG1kkRZ1IiyIUG2T7x0E +SUeHZZAOEM5aocYdBqtCAk/EYH3sxGExKVtPArVPkoBY6WqLmYlbkvq82tDtOtr9 +hx4fvR9TR8lg5eEHEz3Y3APVttV30Y9gVKqt2tWPX1u+jrdezFl257HlAetGRapP +nDmaAAdoSAKpatL/rir1NH1QTCsHySJlmDeT3+Kb7MHARQtNm7SvygwSSmNtOVcu +a3wQwGrHAgMBAAECggEBAL4rWle8JuCuHGNbGz1nO9d41tg7fnYdnZAaN6OiMfr8 +bl+wY84aV3GKJOS2InfYOcIy340UU5QHvxOq/kwwRVV/uAOZ8rqAFmZY9djOnhdv +rZjq3xAHnPgJ0XvZt7XkR2z1AUw+v7Pf1WYGsYcSZ/t99MKB5Je0odA/aRqZRwLy +YflbsnAJtxdJ6fsiVCSJcU76V8sxfiCimw6ppLMEp3zCjveQ5Lv0eVoL2zNYeh+l +GiSwqTqaR+WJekkDiXRd9KYI19drf7OkTII1DtOd6bgvKX3zv2lNiere4J4k7cAP +rW6fBFgtSq2oklTpWUlXRH7XQAgDtDvldXdlKaj96dkCgYEA8KPSu5ywg8pjCofE +nLtJTfVyD2g9tgNLj9dI3kuSniZU51kOtk5rZZwL0S8piGczL908aV9DIWdXWsND +5hlXquKUTSjxPYEzZvaN+tvf9e0AcY/D/UaK0mKPjEbh7vg6pS77aZZz2EL2inOs +dam8famOOC9RUkxH5JWa3UV4UhsCgYEAy9T0wPQctjuvDkZQTqKEKsHrmrgY2PXT +Re8DDGI8hxjYb8l+NoFQ7eiwTHir/DULupxQoBBUQtS+idQzUu02tzLMnGcjHNwh +Tu+vZ4xlVnXxfgIRjDKkfQjiAC5SLzoNO9Jn8g4eS/1mEPXhQ0TXIsFonZDypp/n +RMp21DkvdMUCgYAIMgwjR5rbYjEtUqJnlBlTBmD0FWDEqigQpgxdRcWgjT2nA2l0 +3AbcVwwv+6M2eg1MPASqsgvfP13CQZQ2afaKY10Zo6NTrOrLPupm+MYP4hp5w6Ox +JI3lzGWHKYLYWKvmpEr7tZwMaXtsC7R77WP2A6hMUZA7dU2dg1ra3lrSsQKBgQDA +sPIsUtmtwOBtqzUSEXrGfQqA+larDEGNVDVaiKfVwzwg+aeyWS+rqRS5Rj64L2GG +KW3i020EvN/fplZap9vY9lIN7UZ5avSmDdqRFl1ajiccy1HRarKrbTFRoHibItMN +4YvYfVZQ2h2aHQe2Myb6OULv6e4qbPIRyyDo4aKmTQKBgQCadq2JfICFIP9Q1aQn +93oD7Z4WcYs+KsLYO+/uJxWMrn0/gv90cGrSfstJqDOHnRq4WKUcgK9ErxaE4LkW +sD0mBhRM3SMxnRJZRO+6roRdehtjHkvzKu75KjcsuwefoMs2sFa4CLQ1YU2vO3Tx +dgzpnKS2bH/i5yLwhelRfddZ6Q== +-----END PRIVATE KEY----- diff --git a/openssl-1.1.0h/test/certs/roots.pem b/openssl-1.1.0h/test/certs/roots.pem new file mode 100644 index 0000000..0bc6912 --- /dev/null +++ b/openssl-1.1.0h/test/certs/roots.pem @@ -0,0 +1,42 @@ +-----BEGIN CERTIFICATE----- +MIIDgDCCAmigAwIBAgIJANnoWlLlEsTgMA0GCSqGSIb3DQEBCwUAMFYxCzAJBgNV +BAYTAkFVMRMwEQYDVQQIDApTb21lLVN0YXRlMSEwHwYDVQQKDBhJbnRlcm5ldCBX +aWRnaXRzIFB0eSBMdGQxDzANBgNVBAMMBnJvb3RDQTAeFw0xNTA3MDIxMzE3MDVa +Fw0zNTA3MDIxMzE3MDVaMFcxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0 +YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQxEDAOBgNVBAMT +B2ludGVyQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC7s0ejvpQO +nvfwD+e4R+9WQovtrsqOTw8khiREqi5JlmAFbpDEFam18npRkt6gOcGMnjuFzuz6 +iEuQmeeyh0BqWAwpMgWMMteEzLOAaqkEl//J2+WgRbA/8pmwHfbPW/d+f3bp64Fo +D1hQAenBzXmLxVohEQ9BA+xEDRkL/cA3Y+k/O1C9ORhSQrJNsB9aE3zKbFHd9mOm +H4aNSsF8On3SqlRVOCQine5c6ACSd0HUEjYy9aObqY47ySNULbzVq5y6VOjMs0W+ +2G/XqrcVkxzf9bVqyVBrrAJrnb35/y/iK0zWgJBP+HXhwr5mMTvNuEirBeVYuz+6 +hUerUbuJhr0FAgMBAAGjUDBOMAwGA1UdEwQFMAMBAf8wHQYDVR0OBBYEFBj61iO5 +j11dE30+j6iRx9lhwBcuMB8GA1UdIwQYMBaAFIVWiTXinwAa4YYDC0uvdhJrM239 +MA0GCSqGSIb3DQEBCwUAA4IBAQDAU0MvL/yZpmibhxUsoSsa97UJbejn5IbxpPzZ +4WHw8lsoUGs12ZHzQJ9LxkZVeuccFXy9yFEHW56GTlkBmD2qrddlmQCfQ3m8jtZ9 +Hh5feKAyrqfmfsWF5QPjAmdj/MFdq+yMJVosDftkmUmaBHjzbvbcq1sWh/6drH8U +7pdYRpfeEY8dHSU6FHwVN/H8VaBB7vYYc2wXwtk8On7z2ocIVHn9RPkcLwmwJjb/ +e4jmcYiyZev22KXQudeHc4w6crWiEFkVspomn5PqDmza3rkdB3baXFVZ6sd23ufU +wjkiKKtwRBwU+5tCCagQZoeQ5dZXQThkiH2XEIOCOLxyD/tb +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIDhzCCAm+gAwIBAgIJAJTed6XmFiu/MA0GCSqGSIb3DQEBCwUAMFoxCzAJBgNV +BAYTAkFVMRMwEQYDVQQIDApTb21lLVN0YXRlMSEwHwYDVQQKDBhJbnRlcm5ldCBX +aWRnaXRzIFB0eSBMdGQxEzARBgNVBAMMCnN1YmludGVyQ0EwHhcNMTUwNzAyMTMy +MTU4WhcNMzUwNzAyMTMyMTU4WjBaMQswCQYDVQQGEwJBVTETMBEGA1UECAwKU29t +ZS1TdGF0ZTEhMB8GA1UECgwYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMRMwEQYD +VQQDDApzdWJpbnRlckNBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA +/zQjvhbU7RWDsRaEkVUBZWR/PqZ49GoE9p3OyRN4pkt1c1yb2ARVkYZP5e9gHb04 +wPVz2+FYy+2mNkl+uAZbcK5w5fWO3WJIEn57he4MkWu3ew1nJeSv3na8gyOoCheG +64kWVbA2YL92mR7QoSCo4SP7RmykLrwj6TlDxqgH6DxKSD/CpdCHE3DKAzAiri3G +Vc90OJAszYHlje4/maVIOayGROVET3xa5cbtRJl8IBgmqhMywtz4hhY/XZTvdEn2 +90aL857Hk7JjogA7mLKi07yKzknMxHV+k6JX7xJEttkcNQRFHONWZG1T4mRY1Drh +6VbJGb+0GNIldNLQqigkfwIDAQABo1AwTjAMBgNVHRMEBTADAQH/MB0GA1UdDgQW +BBTpZ30QdMGarrhMPwk+HHAV3R8aTzAfBgNVHSMEGDAWgBTpZ30QdMGarrhMPwk+ +HHAV3R8aTzANBgkqhkiG9w0BAQsFAAOCAQEAF8UAMtV1DClUWRw1h+THdAhjeo8S +9BOp6QphtlYuc9o+tQri5m+WqbyUZKIBEtumNhFb7QI1e4hO64y1kKbSs2AjWcJ2 +QxAyGiMM3wl2UfxPohDtgNhm0GFgQ1tUTeSnW3kAom9NqI7U/2lPpLh4rrFYTepR +wy0FV3NpRuHPtJE0VfqYnwWiTRdCJ7w1XzknKOUSHP/hRbyJVlwQp3VEQ9SIOYU6 +C+QEVGIgQiST6MRlCvoNP43guaRtrMuBZJaHKy/hLPvkdRpXHoUeKQFDuH77sZsF +sBv3EHNKoBvpSpSJndZN6UcH7Z1yn41Y6AnO4u492jiRAjQpP9+Nf/x1eg== +-----END CERTIFICATE----- diff --git a/openssl-1.1.0h/test/certs/sca+anyEKU.pem b/openssl-1.1.0h/test/certs/sca+anyEKU.pem new file mode 100644 index 0000000..459a4dc --- /dev/null +++ b/openssl-1.1.0h/test/certs/sca+anyEKU.pem @@ -0,0 +1,19 @@ +-----BEGIN TRUSTED CERTIFICATE----- +MIIDATCCAemgAwIBAgIBAjANBgkqhkiG9w0BAQsFADASMRAwDgYDVQQDDAdSb290 +IENBMCAXDTE2MDEyOTA0NDc0NloYDzIxMTYwMTMwMDQ0NzQ2WjANMQswCQYDVQQD +DAJDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJadpD0ASxxfxsvd +j9IxsogVzMSGLFziaYuE9KejU9+R479RifvwfBANO62sNWJ19X//9G5UjwWmkiOz +n1k50DkYsBBA3mJzik6wjt/c58lBIlSEgAgpvDU8ht8w3t20JP9+YqXAeugqFj/W +l9rFQtsvaWSRywjXVlp5fxuEQelNnXcJEKhsKTNExsBUZebo4/J1BWpklWzA9P0l +YW5INvDAAwcF1nzlEf0Y6Eot03IMNyg2MTE4hehxjdgCSci8GYnFirE/ojXqqpAc +ZGh7r2dqWgZUD1Dh+bT2vjrUzj8eTH3GdzI+oljt29102JIUaqj3yzRYkah8FLF9 +CLNNsUcCAwEAAaNlMGMwHQYDVR0OBBYEFLQRM/HX4l73U54gIhBPhga/H8leMB8G +A1UdIwQYMBaAFI71Ja8em2uEPXyAmslTnE1y96NSMAwGA1UdEwQFMAMBAf8wEwYD +VR0lBAwwCgYIKwYBBQUHAwEwDQYJKoZIhvcNAQELBQADggEBAB4hlnzu/V80J5+R +rT57HXi0ufIjXLTC4zEghc/xL3V5vKst2dDPTKJ6SqG6PWSlVg1nJJbjekR3kH+G +knFp8wMIDp4EZDt1vU2jHtEyLTEmuFPY/MiR2fnLtX4jlPk5EpuMCA7n69lBAD3I +rlyQxv/DVfBSxkXJYFKZCTghxYHsP7TrHvmI4qQ3Of0OXeH0vn7j8mqA8xBERUQl +ZCRUQWZoHd5zJX1ELv0iBaB7pQbV4f3ILhEBfWE04m8GxkbRNdEi4+i5BIvjSqw7 +SBKP9nn4g4+CfKFex6cHGafkAb+gBCoUWMofXJCNr1b7FBc6Zi6xnBMHwhUnhEdj +LGCBSw0wCDAGBgRVHSUA +-----END TRUSTED CERTIFICATE----- diff --git a/openssl-1.1.0h/test/certs/sca+clientAuth.pem b/openssl-1.1.0h/test/certs/sca+clientAuth.pem new file mode 100644 index 0000000..3807805 --- /dev/null +++ b/openssl-1.1.0h/test/certs/sca+clientAuth.pem @@ -0,0 +1,19 @@ +-----BEGIN TRUSTED CERTIFICATE----- +MIIDATCCAemgAwIBAgIBAjANBgkqhkiG9w0BAQsFADASMRAwDgYDVQQDDAdSb290 +IENBMCAXDTE2MDEyOTA0NDc0NloYDzIxMTYwMTMwMDQ0NzQ2WjANMQswCQYDVQQD +DAJDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJadpD0ASxxfxsvd +j9IxsogVzMSGLFziaYuE9KejU9+R479RifvwfBANO62sNWJ19X//9G5UjwWmkiOz +n1k50DkYsBBA3mJzik6wjt/c58lBIlSEgAgpvDU8ht8w3t20JP9+YqXAeugqFj/W +l9rFQtsvaWSRywjXVlp5fxuEQelNnXcJEKhsKTNExsBUZebo4/J1BWpklWzA9P0l +YW5INvDAAwcF1nzlEf0Y6Eot03IMNyg2MTE4hehxjdgCSci8GYnFirE/ojXqqpAc +ZGh7r2dqWgZUD1Dh+bT2vjrUzj8eTH3GdzI+oljt29102JIUaqj3yzRYkah8FLF9 +CLNNsUcCAwEAAaNlMGMwHQYDVR0OBBYEFLQRM/HX4l73U54gIhBPhga/H8leMB8G +A1UdIwQYMBaAFI71Ja8em2uEPXyAmslTnE1y96NSMAwGA1UdEwQFMAMBAf8wEwYD +VR0lBAwwCgYIKwYBBQUHAwEwDQYJKoZIhvcNAQELBQADggEBAB4hlnzu/V80J5+R +rT57HXi0ufIjXLTC4zEghc/xL3V5vKst2dDPTKJ6SqG6PWSlVg1nJJbjekR3kH+G +knFp8wMIDp4EZDt1vU2jHtEyLTEmuFPY/MiR2fnLtX4jlPk5EpuMCA7n69lBAD3I +rlyQxv/DVfBSxkXJYFKZCTghxYHsP7TrHvmI4qQ3Of0OXeH0vn7j8mqA8xBERUQl +ZCRUQWZoHd5zJX1ELv0iBaB7pQbV4f3ILhEBfWE04m8GxkbRNdEi4+i5BIvjSqw7 +SBKP9nn4g4+CfKFex6cHGafkAb+gBCoUWMofXJCNr1b7FBc6Zi6xnBMHwhUnhEdj +LGCBSw0wDDAKBggrBgEFBQcDAg== +-----END TRUSTED CERTIFICATE----- diff --git a/openssl-1.1.0h/test/certs/sca+serverAuth.pem b/openssl-1.1.0h/test/certs/sca+serverAuth.pem new file mode 100644 index 0000000..952d288 --- /dev/null +++ b/openssl-1.1.0h/test/certs/sca+serverAuth.pem @@ -0,0 +1,19 @@ +-----BEGIN TRUSTED CERTIFICATE----- +MIIDATCCAemgAwIBAgIBAjANBgkqhkiG9w0BAQsFADASMRAwDgYDVQQDDAdSb290 +IENBMCAXDTE2MDEyOTA0NDc0NloYDzIxMTYwMTMwMDQ0NzQ2WjANMQswCQYDVQQD +DAJDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJadpD0ASxxfxsvd +j9IxsogVzMSGLFziaYuE9KejU9+R479RifvwfBANO62sNWJ19X//9G5UjwWmkiOz +n1k50DkYsBBA3mJzik6wjt/c58lBIlSEgAgpvDU8ht8w3t20JP9+YqXAeugqFj/W +l9rFQtsvaWSRywjXVlp5fxuEQelNnXcJEKhsKTNExsBUZebo4/J1BWpklWzA9P0l +YW5INvDAAwcF1nzlEf0Y6Eot03IMNyg2MTE4hehxjdgCSci8GYnFirE/ojXqqpAc +ZGh7r2dqWgZUD1Dh+bT2vjrUzj8eTH3GdzI+oljt29102JIUaqj3yzRYkah8FLF9 +CLNNsUcCAwEAAaNlMGMwHQYDVR0OBBYEFLQRM/HX4l73U54gIhBPhga/H8leMB8G +A1UdIwQYMBaAFI71Ja8em2uEPXyAmslTnE1y96NSMAwGA1UdEwQFMAMBAf8wEwYD +VR0lBAwwCgYIKwYBBQUHAwEwDQYJKoZIhvcNAQELBQADggEBAB4hlnzu/V80J5+R +rT57HXi0ufIjXLTC4zEghc/xL3V5vKst2dDPTKJ6SqG6PWSlVg1nJJbjekR3kH+G +knFp8wMIDp4EZDt1vU2jHtEyLTEmuFPY/MiR2fnLtX4jlPk5EpuMCA7n69lBAD3I +rlyQxv/DVfBSxkXJYFKZCTghxYHsP7TrHvmI4qQ3Of0OXeH0vn7j8mqA8xBERUQl +ZCRUQWZoHd5zJX1ELv0iBaB7pQbV4f3ILhEBfWE04m8GxkbRNdEi4+i5BIvjSqw7 +SBKP9nn4g4+CfKFex6cHGafkAb+gBCoUWMofXJCNr1b7FBc6Zi6xnBMHwhUnhEdj +LGCBSw0wDDAKBggrBgEFBQcDAQ== +-----END TRUSTED CERTIFICATE----- diff --git a/openssl-1.1.0h/test/certs/sca-anyEKU.pem b/openssl-1.1.0h/test/certs/sca-anyEKU.pem new file mode 100644 index 0000000..a43c021 --- /dev/null +++ b/openssl-1.1.0h/test/certs/sca-anyEKU.pem @@ -0,0 +1,19 @@ +-----BEGIN TRUSTED CERTIFICATE----- +MIIDATCCAemgAwIBAgIBAjANBgkqhkiG9w0BAQsFADASMRAwDgYDVQQDDAdSb290 +IENBMCAXDTE2MDEyOTA0NDc0NloYDzIxMTYwMTMwMDQ0NzQ2WjANMQswCQYDVQQD +DAJDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJadpD0ASxxfxsvd +j9IxsogVzMSGLFziaYuE9KejU9+R479RifvwfBANO62sNWJ19X//9G5UjwWmkiOz +n1k50DkYsBBA3mJzik6wjt/c58lBIlSEgAgpvDU8ht8w3t20JP9+YqXAeugqFj/W +l9rFQtsvaWSRywjXVlp5fxuEQelNnXcJEKhsKTNExsBUZebo4/J1BWpklWzA9P0l +YW5INvDAAwcF1nzlEf0Y6Eot03IMNyg2MTE4hehxjdgCSci8GYnFirE/ojXqqpAc +ZGh7r2dqWgZUD1Dh+bT2vjrUzj8eTH3GdzI+oljt29102JIUaqj3yzRYkah8FLF9 +CLNNsUcCAwEAAaNlMGMwHQYDVR0OBBYEFLQRM/HX4l73U54gIhBPhga/H8leMB8G +A1UdIwQYMBaAFI71Ja8em2uEPXyAmslTnE1y96NSMAwGA1UdEwQFMAMBAf8wEwYD +VR0lBAwwCgYIKwYBBQUHAwEwDQYJKoZIhvcNAQELBQADggEBAB4hlnzu/V80J5+R +rT57HXi0ufIjXLTC4zEghc/xL3V5vKst2dDPTKJ6SqG6PWSlVg1nJJbjekR3kH+G +knFp8wMIDp4EZDt1vU2jHtEyLTEmuFPY/MiR2fnLtX4jlPk5EpuMCA7n69lBAD3I +rlyQxv/DVfBSxkXJYFKZCTghxYHsP7TrHvmI4qQ3Of0OXeH0vn7j8mqA8xBERUQl +ZCRUQWZoHd5zJX1ELv0iBaB7pQbV4f3ILhEBfWE04m8GxkbRNdEi4+i5BIvjSqw7 +SBKP9nn4g4+CfKFex6cHGafkAb+gBCoUWMofXJCNr1b7FBc6Zi6xnBMHwhUnhEdj +LGCBSw0wCKAGBgRVHSUA +-----END TRUSTED CERTIFICATE----- diff --git a/openssl-1.1.0h/test/certs/sca-cert.pem b/openssl-1.1.0h/test/certs/sca-cert.pem new file mode 100644 index 0000000..6b800b6 --- /dev/null +++ b/openssl-1.1.0h/test/certs/sca-cert.pem @@ -0,0 +1,19 @@ +-----BEGIN CERTIFICATE----- +MIIDATCCAemgAwIBAgIBAjANBgkqhkiG9w0BAQsFADASMRAwDgYDVQQDDAdSb290 +IENBMCAXDTE2MDEyOTA0NDc0NloYDzIxMTYwMTMwMDQ0NzQ2WjANMQswCQYDVQQD +DAJDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJadpD0ASxxfxsvd +j9IxsogVzMSGLFziaYuE9KejU9+R479RifvwfBANO62sNWJ19X//9G5UjwWmkiOz +n1k50DkYsBBA3mJzik6wjt/c58lBIlSEgAgpvDU8ht8w3t20JP9+YqXAeugqFj/W +l9rFQtsvaWSRywjXVlp5fxuEQelNnXcJEKhsKTNExsBUZebo4/J1BWpklWzA9P0l +YW5INvDAAwcF1nzlEf0Y6Eot03IMNyg2MTE4hehxjdgCSci8GYnFirE/ojXqqpAc +ZGh7r2dqWgZUD1Dh+bT2vjrUzj8eTH3GdzI+oljt29102JIUaqj3yzRYkah8FLF9 +CLNNsUcCAwEAAaNlMGMwHQYDVR0OBBYEFLQRM/HX4l73U54gIhBPhga/H8leMB8G +A1UdIwQYMBaAFI71Ja8em2uEPXyAmslTnE1y96NSMAwGA1UdEwQFMAMBAf8wEwYD +VR0lBAwwCgYIKwYBBQUHAwEwDQYJKoZIhvcNAQELBQADggEBAB4hlnzu/V80J5+R +rT57HXi0ufIjXLTC4zEghc/xL3V5vKst2dDPTKJ6SqG6PWSlVg1nJJbjekR3kH+G +knFp8wMIDp4EZDt1vU2jHtEyLTEmuFPY/MiR2fnLtX4jlPk5EpuMCA7n69lBAD3I +rlyQxv/DVfBSxkXJYFKZCTghxYHsP7TrHvmI4qQ3Of0OXeH0vn7j8mqA8xBERUQl +ZCRUQWZoHd5zJX1ELv0iBaB7pQbV4f3ILhEBfWE04m8GxkbRNdEi4+i5BIvjSqw7 +SBKP9nn4g4+CfKFex6cHGafkAb+gBCoUWMofXJCNr1b7FBc6Zi6xnBMHwhUnhEdj +LGCBSw0= +-----END CERTIFICATE----- diff --git a/openssl-1.1.0h/test/certs/sca-clientAuth.pem b/openssl-1.1.0h/test/certs/sca-clientAuth.pem new file mode 100644 index 0000000..62a98ff --- /dev/null +++ b/openssl-1.1.0h/test/certs/sca-clientAuth.pem @@ -0,0 +1,19 @@ +-----BEGIN TRUSTED CERTIFICATE----- +MIIDATCCAemgAwIBAgIBAjANBgkqhkiG9w0BAQsFADASMRAwDgYDVQQDDAdSb290 +IENBMCAXDTE2MDEyOTA0NDc0NloYDzIxMTYwMTMwMDQ0NzQ2WjANMQswCQYDVQQD +DAJDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJadpD0ASxxfxsvd +j9IxsogVzMSGLFziaYuE9KejU9+R479RifvwfBANO62sNWJ19X//9G5UjwWmkiOz +n1k50DkYsBBA3mJzik6wjt/c58lBIlSEgAgpvDU8ht8w3t20JP9+YqXAeugqFj/W +l9rFQtsvaWSRywjXVlp5fxuEQelNnXcJEKhsKTNExsBUZebo4/J1BWpklWzA9P0l +YW5INvDAAwcF1nzlEf0Y6Eot03IMNyg2MTE4hehxjdgCSci8GYnFirE/ojXqqpAc +ZGh7r2dqWgZUD1Dh+bT2vjrUzj8eTH3GdzI+oljt29102JIUaqj3yzRYkah8FLF9 +CLNNsUcCAwEAAaNlMGMwHQYDVR0OBBYEFLQRM/HX4l73U54gIhBPhga/H8leMB8G +A1UdIwQYMBaAFI71Ja8em2uEPXyAmslTnE1y96NSMAwGA1UdEwQFMAMBAf8wEwYD +VR0lBAwwCgYIKwYBBQUHAwEwDQYJKoZIhvcNAQELBQADggEBAB4hlnzu/V80J5+R +rT57HXi0ufIjXLTC4zEghc/xL3V5vKst2dDPTKJ6SqG6PWSlVg1nJJbjekR3kH+G +knFp8wMIDp4EZDt1vU2jHtEyLTEmuFPY/MiR2fnLtX4jlPk5EpuMCA7n69lBAD3I +rlyQxv/DVfBSxkXJYFKZCTghxYHsP7TrHvmI4qQ3Of0OXeH0vn7j8mqA8xBERUQl +ZCRUQWZoHd5zJX1ELv0iBaB7pQbV4f3ILhEBfWE04m8GxkbRNdEi4+i5BIvjSqw7 +SBKP9nn4g4+CfKFex6cHGafkAb+gBCoUWMofXJCNr1b7FBc6Zi6xnBMHwhUnhEdj +LGCBSw0wDKAKBggrBgEFBQcDAg== +-----END TRUSTED CERTIFICATE----- diff --git a/openssl-1.1.0h/test/certs/sca-serverAuth.pem b/openssl-1.1.0h/test/certs/sca-serverAuth.pem new file mode 100644 index 0000000..0620874 --- /dev/null +++ b/openssl-1.1.0h/test/certs/sca-serverAuth.pem @@ -0,0 +1,19 @@ +-----BEGIN TRUSTED CERTIFICATE----- +MIIDATCCAemgAwIBAgIBAjANBgkqhkiG9w0BAQsFADASMRAwDgYDVQQDDAdSb290 +IENBMCAXDTE2MDEyOTA0NDc0NloYDzIxMTYwMTMwMDQ0NzQ2WjANMQswCQYDVQQD +DAJDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJadpD0ASxxfxsvd +j9IxsogVzMSGLFziaYuE9KejU9+R479RifvwfBANO62sNWJ19X//9G5UjwWmkiOz +n1k50DkYsBBA3mJzik6wjt/c58lBIlSEgAgpvDU8ht8w3t20JP9+YqXAeugqFj/W +l9rFQtsvaWSRywjXVlp5fxuEQelNnXcJEKhsKTNExsBUZebo4/J1BWpklWzA9P0l +YW5INvDAAwcF1nzlEf0Y6Eot03IMNyg2MTE4hehxjdgCSci8GYnFirE/ojXqqpAc +ZGh7r2dqWgZUD1Dh+bT2vjrUzj8eTH3GdzI+oljt29102JIUaqj3yzRYkah8FLF9 +CLNNsUcCAwEAAaNlMGMwHQYDVR0OBBYEFLQRM/HX4l73U54gIhBPhga/H8leMB8G +A1UdIwQYMBaAFI71Ja8em2uEPXyAmslTnE1y96NSMAwGA1UdEwQFMAMBAf8wEwYD +VR0lBAwwCgYIKwYBBQUHAwEwDQYJKoZIhvcNAQELBQADggEBAB4hlnzu/V80J5+R +rT57HXi0ufIjXLTC4zEghc/xL3V5vKst2dDPTKJ6SqG6PWSlVg1nJJbjekR3kH+G +knFp8wMIDp4EZDt1vU2jHtEyLTEmuFPY/MiR2fnLtX4jlPk5EpuMCA7n69lBAD3I +rlyQxv/DVfBSxkXJYFKZCTghxYHsP7TrHvmI4qQ3Of0OXeH0vn7j8mqA8xBERUQl +ZCRUQWZoHd5zJX1ELv0iBaB7pQbV4f3ILhEBfWE04m8GxkbRNdEi4+i5BIvjSqw7 +SBKP9nn4g4+CfKFex6cHGafkAb+gBCoUWMofXJCNr1b7FBc6Zi6xnBMHwhUnhEdj +LGCBSw0wDKAKBggrBgEFBQcDAQ== +-----END TRUSTED CERTIFICATE----- diff --git a/openssl-1.1.0h/test/certs/server-trusted.pem b/openssl-1.1.0h/test/certs/server-trusted.pem new file mode 100644 index 0000000..7508cff --- /dev/null +++ b/openssl-1.1.0h/test/certs/server-trusted.pem @@ -0,0 +1,20 @@ +-----BEGIN TRUSTED CERTIFICATE----- +MIIDJTCCAg2gAwIBAgIBAjANBgkqhkiG9w0BAQsFADASMRAwDgYDVQQDDAdSb290 +IENBMCAXDTE2MDExNDIyMjk0NloYDzIxMTYwMTE1MjIyOTQ2WjAZMRcwFQYDVQQD +DA5zZXJ2ZXIuZXhhbXBsZTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB +ANVdYGrf/GHuSKqMEUhDpW22Ul2qmEmxYZI1sfw6BCUMbXn/tNXJ6VwcO+Crs7h9 +o95tveDd11q/FEcRQl6mgtBhwX/dE0bmCYUHDvLU/Bpk0gqtIKsga5bwrczEGVNV +3AEdpLPvirRJU12KBRzx3OFEv8XX4ncZV1yXC3XuiENxD8pswbSyUKd3RmxYDxG/ +8XYkWq45QrdRZynh0FUwbxfkkeqt+CjCQ2+iZKn7nZiSYkg+6w1PgkqK/z9y7pa1 +rqHBmLrvfZB1bf9aUp6r9cB+0IdD24UHBw99OHr90dPuZR3T6jlqhzfuStPgDW71 +cKzCvfFu85KVXqnwoWWVk40CAwEAAaN9MHswHQYDVR0OBBYEFMDnhL/oWSczELBS +T1FSLwbWwHrNMB8GA1UdIwQYMBaAFHB/Lq6DaFmYBCMqzes+F80k3QFJMAkGA1Ud +EwQCMAAwEwYDVR0lBAwwCgYIKwYBBQUHAwEwGQYDVR0RBBIwEIIOc2VydmVyLmV4 +YW1wbGUwDQYJKoZIhvcNAQELBQADggEBAHvTBEN1ig8RrsT716Ginv4gGNX0LzGI +RrZ1jO7lm5emuaPNYJpGw0iX5Zdo91qGNXPZaZ75X3S55pQTActq3OPEBOll2pyk +iyjz+Zp/v5cfRZLlBbFW5gv2R94eibYr4U3fSn4B0yPcl4xH/l/HzJhGDsSDW8qK +8VIJvmvsPwmL0JMCv+FR59F+NFYZdND/KCXet59WUpF9ICmFCoBEX3EyJXEPwhbi +X2sdPzJbCjx0HLli8e0HUKNttLQxCsBTRGo6iISLLamwN47mGDa9miBADwGSiz2q +YeeuLO02zToHhnQ6KbPXOrQAqcL1kngO4g+j/ru+4AZThFkdkGnltvkwDDAKBggr +BgEFBQcDAQ== +-----END TRUSTED CERTIFICATE----- diff --git a/openssl-1.1.0h/test/certs/servercert.pem b/openssl-1.1.0h/test/certs/servercert.pem new file mode 100644 index 0000000..cc17d3f --- /dev/null +++ b/openssl-1.1.0h/test/certs/servercert.pem @@ -0,0 +1,19 @@ +-----BEGIN CERTIFICATE----- +MIIDJTCCAg2gAwIBAgIBAjANBgkqhkiG9w0BAQsFADASMRAwDgYDVQQDDAdSb290 +IENBMCAXDTE2MDExNDIyMjk0NloYDzIxMTYwMTE1MjIyOTQ2WjAZMRcwFQYDVQQD +DA5zZXJ2ZXIuZXhhbXBsZTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB +ANVdYGrf/GHuSKqMEUhDpW22Ul2qmEmxYZI1sfw6BCUMbXn/tNXJ6VwcO+Crs7h9 +o95tveDd11q/FEcRQl6mgtBhwX/dE0bmCYUHDvLU/Bpk0gqtIKsga5bwrczEGVNV +3AEdpLPvirRJU12KBRzx3OFEv8XX4ncZV1yXC3XuiENxD8pswbSyUKd3RmxYDxG/ +8XYkWq45QrdRZynh0FUwbxfkkeqt+CjCQ2+iZKn7nZiSYkg+6w1PgkqK/z9y7pa1 +rqHBmLrvfZB1bf9aUp6r9cB+0IdD24UHBw99OHr90dPuZR3T6jlqhzfuStPgDW71 +cKzCvfFu85KVXqnwoWWVk40CAwEAAaN9MHswHQYDVR0OBBYEFMDnhL/oWSczELBS +T1FSLwbWwHrNMB8GA1UdIwQYMBaAFHB/Lq6DaFmYBCMqzes+F80k3QFJMAkGA1Ud +EwQCMAAwEwYDVR0lBAwwCgYIKwYBBQUHAwEwGQYDVR0RBBIwEIIOc2VydmVyLmV4 +YW1wbGUwDQYJKoZIhvcNAQELBQADggEBAHvTBEN1ig8RrsT716Ginv4gGNX0LzGI +RrZ1jO7lm5emuaPNYJpGw0iX5Zdo91qGNXPZaZ75X3S55pQTActq3OPEBOll2pyk +iyjz+Zp/v5cfRZLlBbFW5gv2R94eibYr4U3fSn4B0yPcl4xH/l/HzJhGDsSDW8qK +8VIJvmvsPwmL0JMCv+FR59F+NFYZdND/KCXet59WUpF9ICmFCoBEX3EyJXEPwhbi +X2sdPzJbCjx0HLli8e0HUKNttLQxCsBTRGo6iISLLamwN47mGDa9miBADwGSiz2q +YeeuLO02zToHhnQ6KbPXOrQAqcL1kngO4g+j/ru+4AZThFkdkGnltvk= +-----END CERTIFICATE----- diff --git a/openssl-1.1.0h/test/certs/serverkey.pem b/openssl-1.1.0h/test/certs/serverkey.pem new file mode 100644 index 0000000..0d7e404 --- /dev/null +++ b/openssl-1.1.0h/test/certs/serverkey.pem @@ -0,0 +1,28 @@ +-----BEGIN PRIVATE KEY----- +MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQDVXWBq3/xh7kiq +jBFIQ6VttlJdqphJsWGSNbH8OgQlDG15/7TVyelcHDvgq7O4faPebb3g3ddavxRH +EUJepoLQYcF/3RNG5gmFBw7y1PwaZNIKrSCrIGuW8K3MxBlTVdwBHaSz74q0SVNd +igUc8dzhRL/F1+J3GVdclwt17ohDcQ/KbMG0slCnd0ZsWA8Rv/F2JFquOUK3UWcp +4dBVMG8X5JHqrfgowkNvomSp+52YkmJIPusNT4JKiv8/cu6Wta6hwZi6732QdW3/ +WlKeq/XAftCHQ9uFBwcPfTh6/dHT7mUd0+o5aoc37krT4A1u9XCswr3xbvOSlV6p +8KFllZONAgMBAAECggEADLTt7A+A2Vg2jamf0dztejY0e42QWjstI2b9PZc67fXq +gyx+WYkX07t+uWegYWliG/oPJ9guXiIpE/5sJHToL37S5kmFP2CtynVcJ4wVo4DD +nY0n9+kLX0bgIuS+2V6wpoRcbbbjXM9NHrH8kfe5ftT4UtEDlLI2qLX6IcDd7p4u +OYjILChR8GSGTw96yIy2Ws/1Uq9PMw64JoT4RcK5QqnkcPMDFRH1SeLOL+zXP2c4 +nEl9yOy3HauZKxwl/Ry/XK1s3DdjopIAU29ut+hAuMiTb06kzZnumL9NoplKoZtU +otw/gVcCKhT+Ep+p6i8InLF0XEME8A0qUR0niWebgQKBgQD6vkxR49B8ZZQrzjw4 +XKs1lI9cP7cgPiuWlDHMNjYou3WbOaGrMeScvbB1Ldh9A8pjAhxlw8AaV/xs4qcA +trmVmSISVMVyc1wSGlJXWi2nUzTNs9OE3vj22SyStihf8UUZtWwX2b5Y4JrYhA/V ++ThGGqHR03oLNLShNLtJc2c7YQKBgQDZ1nkibEyrepexw/fnwkw61IJKq9wRIh1G +PREakhbe9wU5ie0knuf9razt7awzQiwFmlixmWqsM7UEtLuXNnNPciwdrKhhbvrd +vD/rkbIEHEPllIhFlDtOzn3hRBWTzWmXFjpou/2LvHTSbVis4IYVZymTp2jb1ZLs +7VbiG9JTrQKBgQDc6n75g1szzpdehQT/r33U5j/syeJBUSU8NPMu9fB/sLHsgjlT +SNEf2+y1QSBE/Or6kmiMrIv7advn30W+Vj9qc5HWTsPrk4HiHTjA553jl2alebN5 +lK4LZspjtIQcC8mS3goPdXPEgJdM/gWpwzr2YQ6DfOxBJT2j7n64NyoT4QKBgH7/ +yx+GhCx1DHtXBPDZFhg2TL+78lEK0oZgk9gp06up2CHzh44SFq6O0oLkTcCUk5Ww +poTkLIy4mJBlzfgahp+KsK2cO46SZS9g0ONFzcMXt33hWpE2Gl2XhUwPpYTF/QlY +rDTjZK5S8Mi9dzVSsNlJi7PJphiEK2R1+nFYRwcBAoGBANWoIG85jpXAOnq/Kcgx +Rl3YivR0Ke6r1tFlP58rT7X3EkiboXyQl5vLIFCAwUte6RGrLl1dy3Qyh80B9ySL +Jx6vj42CK7vgv6A96TuVYhnXTnEI6ZvwAQ2VGaw4BizhjALs/kdSE/og9aSCs3ws +KQypwAFz0tbHxaNag/bSAN0J +-----END PRIVATE KEY----- diff --git a/openssl-1.1.0h/test/certs/setup.sh b/openssl-1.1.0h/test/certs/setup.sh new file mode 100755 index 0000000..7e1086a --- /dev/null +++ b/openssl-1.1.0h/test/certs/setup.sh @@ -0,0 +1,346 @@ +#! /bin/sh + +# Primary root: root-cert +# root cert variants: CA:false, key2, DN2 +# trust variants: +serverAuth -serverAuth +clientAuth -clientAuth +anyEKU -anyEKU +# +./mkcert.sh genroot "Root CA" root-key root-cert +./mkcert.sh genss "Root CA" root-key root-nonca +./mkcert.sh genroot "Root CA" root-key2 root-cert2 +./mkcert.sh genroot "Root Cert 2" root-key root-name2 +# +openssl x509 -in root-cert.pem -trustout \ + -addtrust serverAuth -out root+serverAuth.pem +openssl x509 -in root-cert.pem -trustout \ + -addreject serverAuth -out root-serverAuth.pem +openssl x509 -in root-cert.pem -trustout \ + -addtrust clientAuth -out root+clientAuth.pem +openssl x509 -in root-cert.pem -trustout \ + -addreject clientAuth -out root-clientAuth.pem +openssl x509 -in root-cert.pem -trustout \ + -addreject anyExtendedKeyUsage -out root-anyEKU.pem +openssl x509 -in root-cert.pem -trustout \ + -addtrust anyExtendedKeyUsage -out root+anyEKU.pem +openssl x509 -in root-cert2.pem -trustout \ + -addtrust serverAuth -out root2+serverAuth.pem +openssl x509 -in root-cert2.pem -trustout \ + -addreject serverAuth -out root2-serverAuth.pem +openssl x509 -in root-cert2.pem -trustout \ + -addtrust clientAuth -out root2+clientAuth.pem +openssl x509 -in root-nonca.pem -trustout \ + -addtrust serverAuth -out nroot+serverAuth.pem +openssl x509 -in root-nonca.pem -trustout \ + -addtrust anyExtendedKeyUsage -out nroot+anyEKU.pem + +# Root CA security level variants: +# MD5 self-signature +OPENSSL_SIGALG=md5 \ +./mkcert.sh genroot "Root CA" root-key root-cert-md5 +# 768-bit key +OPENSSL_KEYBITS=768 \ +./mkcert.sh genroot "Root CA" root-key-768 root-cert-768 + +# primary client-EKU root: croot-cert +# trust variants: +serverAuth -serverAuth +clientAuth +anyEKU -anyEKU +# +./mkcert.sh genroot "Root CA" root-key croot-cert clientAuth +# +openssl x509 -in croot-cert.pem -trustout \ + -addtrust serverAuth -out croot+serverAuth.pem +openssl x509 -in croot-cert.pem -trustout \ + -addreject serverAuth -out croot-serverAuth.pem +openssl x509 -in croot-cert.pem -trustout \ + -addtrust clientAuth -out croot+clientAuth.pem +openssl x509 -in croot-cert.pem -trustout \ + -addreject clientAuth -out croot-clientAuth.pem +openssl x509 -in croot-cert.pem -trustout \ + -addreject anyExtendedKeyUsage -out croot-anyEKU.pem +openssl x509 -in croot-cert.pem -trustout \ + -addtrust anyExtendedKeyUsage -out croot+anyEKU.pem + +# primary server-EKU root: sroot-cert +# trust variants: +serverAuth -serverAuth +clientAuth +anyEKU -anyEKU +# +./mkcert.sh genroot "Root CA" root-key sroot-cert serverAuth +# +openssl x509 -in sroot-cert.pem -trustout \ + -addtrust serverAuth -out sroot+serverAuth.pem +openssl x509 -in sroot-cert.pem -trustout \ + -addreject serverAuth -out sroot-serverAuth.pem +openssl x509 -in sroot-cert.pem -trustout \ + -addtrust clientAuth -out sroot+clientAuth.pem +openssl x509 -in sroot-cert.pem -trustout \ + -addreject clientAuth -out sroot-clientAuth.pem +openssl x509 -in sroot-cert.pem -trustout \ + -addreject anyExtendedKeyUsage -out sroot-anyEKU.pem +openssl x509 -in sroot-cert.pem -trustout \ + -addtrust anyExtendedKeyUsage -out sroot+anyEKU.pem + +# Primary intermediate ca: ca-cert +# ca variants: CA:false, key2, DN2, issuer2, expired +# trust variants: +serverAuth, -serverAuth, +clientAuth, -clientAuth, -anyEKU, +anyEKU +# +./mkcert.sh genca "CA" ca-key ca-cert root-key root-cert +./mkcert.sh genee "CA" ca-key ca-nonca root-key root-cert +./mkcert.sh gen_nonbc_ca "CA" ca-key ca-nonbc root-key root-cert +./mkcert.sh genca "CA" ca-key2 ca-cert2 root-key root-cert +./mkcert.sh genca "CA2" ca-key ca-name2 root-key root-cert +./mkcert.sh genca "CA" ca-key ca-root2 root-key2 root-cert2 +DAYS=-1 ./mkcert.sh genca "CA" ca-key ca-expired root-key root-cert +# +openssl x509 -in ca-cert.pem -trustout \ + -addtrust serverAuth -out ca+serverAuth.pem +openssl x509 -in ca-cert.pem -trustout \ + -addreject serverAuth -out ca-serverAuth.pem +openssl x509 -in ca-cert.pem -trustout \ + -addtrust clientAuth -out ca+clientAuth.pem +openssl x509 -in ca-cert.pem -trustout \ + -addreject clientAuth -out ca-clientAuth.pem +openssl x509 -in ca-cert.pem -trustout \ + -addreject anyExtendedKeyUsage -out ca-anyEKU.pem +openssl x509 -in ca-cert.pem -trustout \ + -addtrust anyExtendedKeyUsage -out ca+anyEKU.pem +openssl x509 -in ca-nonca.pem -trustout \ + -addtrust serverAuth -out nca+serverAuth.pem +openssl x509 -in ca-nonca.pem -trustout \ + -addtrust serverAuth -out nca+anyEKU.pem + +# Intermediate CA security variants: +# MD5 issuer signature, +OPENSSL_SIGALG=md5 \ +./mkcert.sh genca "CA" ca-key ca-cert-md5 root-key root-cert +openssl x509 -in ca-cert-md5.pem -trustout \ + -addtrust anyExtendedKeyUsage -out ca-cert-md5-any.pem +# Issuer has 768-bit key +./mkcert.sh genca "CA" ca-key ca-cert-768i root-key-768 root-cert-768 +# CA has 768-bit key +OPENSSL_KEYBITS=768 \ +./mkcert.sh genca "CA" ca-key-768 ca-cert-768 root-key root-cert + +# client intermediate ca: cca-cert +# trust variants: +serverAuth, -serverAuth, +clientAuth, -clientAuth +# +./mkcert.sh genca "CA" ca-key cca-cert root-key root-cert clientAuth +# +openssl x509 -in cca-cert.pem -trustout \ + -addtrust serverAuth -out cca+serverAuth.pem +openssl x509 -in cca-cert.pem -trustout \ + -addreject serverAuth -out cca-serverAuth.pem +openssl x509 -in cca-cert.pem -trustout \ + -addtrust clientAuth -out cca+clientAuth.pem +openssl x509 -in cca-cert.pem -trustout \ + -addtrust clientAuth -out cca-clientAuth.pem +openssl x509 -in cca-cert.pem -trustout \ + -addreject anyExtendedKeyUsage -out cca-anyEKU.pem +openssl x509 -in cca-cert.pem -trustout \ + -addtrust anyExtendedKeyUsage -out cca+anyEKU.pem + +# server intermediate ca: sca-cert +# trust variants: +serverAuth, -serverAuth, +clientAuth, -clientAuth, -anyEKU, +anyEKU +# +./mkcert.sh genca "CA" ca-key sca-cert root-key root-cert serverAuth +# +openssl x509 -in sca-cert.pem -trustout \ + -addtrust serverAuth -out sca+serverAuth.pem +openssl x509 -in sca-cert.pem -trustout \ + -addreject serverAuth -out sca-serverAuth.pem +openssl x509 -in sca-cert.pem -trustout \ + -addtrust clientAuth -out sca+clientAuth.pem +openssl x509 -in sca-cert.pem -trustout \ + -addreject clientAuth -out sca-clientAuth.pem +openssl x509 -in sca-cert.pem -trustout \ + -addreject anyExtendedKeyUsage -out sca-anyEKU.pem +openssl x509 -in sca-cert.pem -trustout \ + -addtrust anyExtendedKeyUsage -out sca+anyEKU.pem + +# Primary leaf cert: ee-cert +# ee variants: expired, issuer-key2, issuer-name2 +# trust variants: +serverAuth, -serverAuth, +clientAuth, -clientAuth +# purpose variants: client +# +./mkcert.sh genee server.example ee-key ee-cert ca-key ca-cert +./mkcert.sh genee server.example ee-key ee-expired ca-key ca-cert -days -1 +./mkcert.sh genee server.example ee-key ee-cert2 ca-key2 ca-cert2 +./mkcert.sh genee server.example ee-key ee-name2 ca-key ca-name2 +./mkcert.sh genee -p clientAuth server.example ee-key ee-client ca-key ca-cert +# +openssl x509 -in ee-cert.pem -trustout \ + -addtrust serverAuth -out ee+serverAuth.pem +openssl x509 -in ee-cert.pem -trustout \ + -addreject serverAuth -out ee-serverAuth.pem +openssl x509 -in ee-client.pem -trustout \ + -addtrust clientAuth -out ee+clientAuth.pem +openssl x509 -in ee-client.pem -trustout \ + -addreject clientAuth -out ee-clientAuth.pem + +# Leaf cert security level variants +# MD5 issuer signature +OPENSSL_SIGALG=md5 \ +./mkcert.sh genee server.example ee-key ee-cert-md5 ca-key ca-cert +# 768-bit issuer key +./mkcert.sh genee server.example ee-key ee-cert-768i ca-key-768 ca-cert-768 +# 768-bit leaf key +OPENSSL_KEYBITS=768 \ +./mkcert.sh genee server.example ee-key-768 ee-cert-768 ca-key ca-cert + +# Proxy certificates, off of ee-client +# Start with some good ones +./mkcert.sh req pc1-key "0.CN = server.example" "1.CN = proxy 1" | \ + ./mkcert.sh genpc pc1-key pc1-cert ee-key ee-client \ + "language = id-ppl-anyLanguage" "pathlen = 1" "policy = text:AB" +./mkcert.sh req pc2-key "0.CN = server.example" "1.CN = proxy 1" "2.CN = proxy 2" | \ + ./mkcert.sh genpc pc2-key pc2-cert pc1-key pc1-cert \ + "language = id-ppl-anyLanguage" "pathlen = 0" "policy = text:AB" +# And now a couple of bad ones +# pc3: incorrect CN +./mkcert.sh req bad-pc3-key "0.CN = server.example" "1.CN = proxy 3" | \ + ./mkcert.sh genpc bad-pc3-key bad-pc3-cert pc1-key pc1-cert \ + "language = id-ppl-anyLanguage" "pathlen = 0" "policy = text:AB" +# pc4: incorrect pathlen +./mkcert.sh req bad-pc4-key "0.CN = server.example" "1.CN = proxy 1" "2.CN = proxy 4" | \ + ./mkcert.sh genpc bad-pc4-key bad-pc4-cert pc1-key pc1-cert \ + "language = id-ppl-anyLanguage" "pathlen = 1" "policy = text:AB" +# pc5: no policy +./mkcert.sh req pc5-key "0.CN = server.example" "1.CN = proxy 1" "2.CN = proxy 5" | \ + ./mkcert.sh genpc pc5-key pc5-cert pc1-key pc1-cert \ + "language = id-ppl-anyLanguage" "pathlen = 0" +# pc6: incorrect CN (made into a component of a multivalue RDN) +./mkcert.sh req bad-pc6-key "0.CN = server.example" "1.CN = proxy 1" "2.+CN = proxy 6" | \ + ./mkcert.sh genpc bad-pc6-key bad-pc6-cert pc1-key pc1-cert \ + "language = id-ppl-anyLanguage" "pathlen = 0" "policy = text:AB" + +# Name constraints test certificates. + +# NC CA1 only permits the host www.good.org and *.good.com email address +# good@good.org and *@good.com and IP addresses 127.0.0.1 and +# 192.168.0.0/16 + +NC="permitted;DNS:www.good.org, permitted;DNS:good.com," +NC="$NC permitted;email:good@good.org, permitted;email:good.com," +NC="$NC permitted;IP:127.0.0.1/255.255.255.255, permitted;IP:192.168.0.0/255.255.0.0" + +NC=$NC ./mkcert.sh genca "Test NC CA 1" ncca1-key ncca1-cert root-key root-cert + +# NC CA2 allows anything apart from hosts www.bad.org and *.bad.com +# and email addresses bad@bad.org and *@bad.com + +NC="excluded;DNS:www.bad.org, excluded;DNS:bad.com," +NC="$NC excluded;email:bad@bad.org, excluded;email:bad.com, " +NC="$NC excluded;IP:10.0.0.0/255.0.0.0" + +NC=$NC ./mkcert.sh genca "Test NC CA 2" ncca2-key ncca2-cert root-key root-cert + +# Name constraints subordinate CA. Adds www.good.net (which should be +# disallowed because parent CA doesn't permit it) adds ok.good.com +# (which should be allowed because parent allows *.good.com +# and now excludes bad.ok.good.com (allowed in permitted subtrees +# but explicitly excluded). + +NC="permitted;DNS:www.good.net, permitted;DNS:ok.good.com, " +NC="$NC excluded;DNS:bad.ok.good.com" +NC=$NC ./mkcert.sh genca "Test NC sub CA" ncca3-key ncca3-cert \ + ncca1-key ncca1-cert + +# all subjectAltNames allowed by CA1. + +./mkcert.sh req alt1-key "O = Good NC Test Certificate 1" \ + "1.CN=www.good.org" "2.CN=Joe Bloggs" "3.CN=any.good.com" | \ + ./mkcert.sh geneealt alt1-key alt1-cert ncca1-key ncca1-cert \ + "DNS.1 = www.good.org" "DNS.2 = any.good.com" \ + "email.1 = good@good.org" "email.2 = any@good.com" \ + "IP = 127.0.0.1" "IP = 192.168.0.1" + +# no subjectAltNames excluded by CA2. + +./mkcert.sh req alt2-key "O = Good NC Test Certificate 2" | \ + ./mkcert.sh geneealt alt2-key alt2-cert ncca2-key ncca2-cert \ + "DNS.1 = www.anything.org" "DNS.2 = any.other.com" \ + "email.1 = other@bad.org" "email.2 = any@something.com" + +# hostname other.good.org which is not allowed by CA1. + +./mkcert.sh req badalt1-key "O = Bad NC Test Certificate 1" | \ + ./mkcert.sh geneealt badalt1-key badalt1-cert ncca1-key ncca1-cert \ + "DNS.1 = other.good.org" "DNS.2 = any.good.com" \ + "email.1 = good@good.org" "email.2 = any@good.com" + +# any.bad.com is excluded by CA2. + +./mkcert.sh req badalt2-key 'O = Bad NC Test Certificate 2' | \ + ./mkcert.sh geneealt badalt2-key badalt2-cert ncca2-key ncca2-cert \ + "DNS.1 = www.good.org" "DNS.2 = any.bad.com" \ + "email.1 = good@good.org" "email.2 = any@good.com" + +# other@good.org not permitted by CA1 + +./mkcert.sh req badalt3-key "O = Bad NC Test Certificate 3" | \ + ./mkcert.sh geneealt badalt3-key badalt1-cert ncca1-key ncca1-cert \ + "DNS.1 = www.good.org" "DNS.2 = any.good.com" \ + "email.1 = other@good.org" "email.2 = any@good.com" + +# all subject alt names OK but subject email address not allowed by CA1. + +./mkcert.sh req badalt4-key 'O = Bad NC Test Certificate 4' \ + "emailAddress = any@other.com" | \ + ./mkcert.sh geneealt badalt4-key badalt4-cert ncca1-key ncca1-cert \ + "DNS.1 = www.good.org" "DNS.2 = any.good.com" \ + "email.1 = good@good.org" "email.2 = any@good.com" + +# IP address not allowed by CA1 +./mkcert.sh req badalt5-key "O = Bad NC Test Certificate 5" | \ + ./mkcert.sh geneealt badalt5-key badalt5-cert ncca1-key ncca1-cert \ + "DNS.1 = www.good.org" "DNS.2 = any.good.com" \ + "email.1 = good@good.org" "email.2 = any@good.com" \ + "IP = 127.0.0.2" + +# all subject alt names OK but subject CN not allowed by CA1. +./mkcert.sh req badalt6-key "O = Bad NC Test Certificate 6" \ + "1.CN=other.good.org" "2.CN=Joe Bloggs" "3.CN=any.good.com" | \ + ./mkcert.sh geneealt badalt6-key badalt6-cert ncca1-key ncca1-cert \ + "DNS.1 = www.good.org" "DNS.2 = any.good.com" \ + "email.1 = good@good.org" "email.2 = any@good.com" \ + "IP = 127.0.0.1" "IP = 192.168.0.1" + +# all subject alt names OK but subject CN not allowed by CA1, BMPSTRING +REQMASK=MASK:0x800 ./mkcert.sh req badalt7-key "O = Bad NC Test Certificate 7" \ + "1.CN=other.good.org" "2.CN=Joe Bloggs" "3.CN=any.good.com" | \ + ./mkcert.sh geneealt badalt7-key badalt7-cert ncca1-key ncca1-cert \ + "DNS.1 = www.good.org" "DNS.2 = any.good.com" \ + "email.1 = good@good.org" "email.2 = any@good.com" \ + "IP = 127.0.0.1" "IP = 192.168.0.1" + +# all subjectAltNames allowed by chain + +./mkcert.sh req alt3-key "O = Good NC Test Certificate 3" \ + "1.CN=www.ok.good.com" "2.CN=Joe Bloggs" | \ + ./mkcert.sh geneealt alt3-key alt3-cert ncca3-key ncca3-cert \ + "DNS.1 = www.ok.good.com" \ + "email.1 = good@good.org" "email.2 = any@good.com" \ + "IP = 127.0.0.1" "IP = 192.168.0.1" + +# www.good.net allowed by parent CA but not parent of parent + +./mkcert.sh req badalt8-key "O = Bad NC Test Certificate 8" \ + "1.CN=www.good.com" "2.CN=Joe Bloggs" | \ + ./mkcert.sh geneealt badalt8-key badalt8-cert ncca3-key ncca3-cert \ + "DNS.1 = www.ok.good.com" "DNS.2 = www.good.net" \ + "email.1 = good@good.org" "email.2 = any@good.com" \ + "IP = 127.0.0.1" "IP = 192.168.0.1" + +# other.good.com not allowed by parent CA but allowed by parent of parent + +./mkcert.sh req badalt9-key "O = Bad NC Test Certificate 9" \ + "1.CN=www.good.com" "2.CN=Joe Bloggs" | \ + ./mkcert.sh geneealt badalt9-key badalt9-cert ncca3-key ncca3-cert \ + "DNS.1 = www.good.com" "DNS.2 = other.good.com" \ + "email.1 = good@good.org" "email.2 = any@good.com" \ + "IP = 127.0.0.1" "IP = 192.168.0.1" + +# www.bad.net excluded by parent CA. + +./mkcert.sh req badalt10-key "O = Bad NC Test Certificate 10" \ + "1.CN=www.ok.good.com" "2.CN=Joe Bloggs" | \ + ./mkcert.sh geneealt badalt10-key badalt10-cert ncca3-key ncca3-cert \ + "DNS.1 = www.ok.good.com" "DNS.2 = bad.ok.good.com" \ + "email.1 = good@good.org" "email.2 = any@good.com" \ + "IP = 127.0.0.1" "IP = 192.168.0.1" diff --git a/openssl-1.1.0h/test/certs/some-names1.pem b/openssl-1.1.0h/test/certs/some-names1.pem new file mode 100644 index 0000000..21eed83 --- /dev/null +++ b/openssl-1.1.0h/test/certs/some-names1.pem @@ -0,0 +1,211 @@ +-----BEGIN CERTIFICATE----- +MIInDDCCJfSgAwIBAgIBBTANBgkqhkiG9w0BAQsFADANMQswCQYDVQQDEwJDQTAg +Fw0wMDAxMDEwMDAwMDBaGA8yMTAwMDEwMTAwMDAwMFowghmkMRAwDgYDVQQDEwd0 +MC50ZXN0MRYwFAYJKoZIhvcNAQkBFgd0MEB0ZXN0MRYwFAYJKoZIhvcNAQkBFgd0 +MUB0ZXN0MRYwFAYJKoZIhvcNAQkBFgd0MkB0ZXN0MRYwFAYJKoZIhvcNAQkBFgd0 +M0B0ZXN0MRYwFAYJKoZIhvcNAQkBFgd0NEB0ZXN0MRYwFAYJKoZIhvcNAQkBFgd0 +NUB0ZXN0MRYwFAYJKoZIhvcNAQkBFgd0NkB0ZXN0MRYwFAYJKoZIhvcNAQkBFgd0 +N0B0ZXN0MRYwFAYJKoZIhvcNAQkBFgd0OEB0ZXN0MRYwFAYJKoZIhvcNAQkBFgd0 +OUB0ZXN0MRcwFQYJKoZIhvcNAQkBFgh0MTBAdGVzdDEXMBUGCSqGSIb3DQEJARYI +dDExQHRlc3QxFzAVBgkqhkiG9w0BCQEWCHQxMkB0ZXN0MRcwFQYJKoZIhvcNAQkB +Fgh0MTNAdGVzdDEXMBUGCSqGSIb3DQEJARYIdDE0QHRlc3QxFzAVBgkqhkiG9w0B +CQEWCHQxNUB0ZXN0MRcwFQYJKoZIhvcNAQkBFgh0MTZAdGVzdDEXMBUGCSqGSIb3 +DQEJARYIdDE3QHRlc3QxFzAVBgkqhkiG9w0BCQEWCHQxOEB0ZXN0MRcwFQYJKoZI +hvcNAQkBFgh0MTlAdGVzdDEXMBUGCSqGSIb3DQEJARYIdDIwQHRlc3QxFzAVBgkq +hkiG9w0BCQEWCHQyMUB0ZXN0MRcwFQYJKoZIhvcNAQkBFgh0MjJAdGVzdDEXMBUG +CSqGSIb3DQEJARYIdDIzQHRlc3QxFzAVBgkqhkiG9w0BCQEWCHQyNEB0ZXN0MRcw +FQYJKoZIhvcNAQkBFgh0MjVAdGVzdDEXMBUGCSqGSIb3DQEJARYIdDI2QHRlc3Qx +FzAVBgkqhkiG9w0BCQEWCHQyN0B0ZXN0MRcwFQYJKoZIhvcNAQkBFgh0MjhAdGVz +dDEXMBUGCSqGSIb3DQEJARYIdDI5QHRlc3QxFzAVBgkqhkiG9w0BCQEWCHQzMEB0 +ZXN0MRcwFQYJKoZIhvcNAQkBFgh0MzFAdGVzdDEXMBUGCSqGSIb3DQEJARYIdDMy +QHRlc3QxFzAVBgkqhkiG9w0BCQEWCHQzM0B0ZXN0MRcwFQYJKoZIhvcNAQkBFgh0 +MzRAdGVzdDEXMBUGCSqGSIb3DQEJARYIdDM1QHRlc3QxFzAVBgkqhkiG9w0BCQEW +CHQzNkB0ZXN0MRcwFQYJKoZIhvcNAQkBFgh0MzdAdGVzdDEXMBUGCSqGSIb3DQEJ +ARYIdDM4QHRlc3QxFzAVBgkqhkiG9w0BCQEWCHQzOUB0ZXN0MRcwFQYJKoZIhvcN +AQkBFgh0NDBAdGVzdDEXMBUGCSqGSIb3DQEJARYIdDQxQHRlc3QxFzAVBgkqhkiG +9w0BCQEWCHQ0MkB0ZXN0MRcwFQYJKoZIhvcNAQkBFgh0NDNAdGVzdDEXMBUGCSqG +SIb3DQEJARYIdDQ0QHRlc3QxFzAVBgkqhkiG9w0BCQEWCHQ0NUB0ZXN0MRcwFQYJ +KoZIhvcNAQkBFgh0NDZAdGVzdDEXMBUGCSqGSIb3DQEJARYIdDQ3QHRlc3QxFzAV +BgkqhkiG9w0BCQEWCHQ0OEB0ZXN0MRcwFQYJKoZIhvcNAQkBFgh0NDlAdGVzdDEX +MBUGCSqGSIb3DQEJARYIdDUwQHRlc3QxFzAVBgkqhkiG9w0BCQEWCHQ1MUB0ZXN0 +MRcwFQYJKoZIhvcNAQkBFgh0NTJAdGVzdDEXMBUGCSqGSIb3DQEJARYIdDUzQHRl +c3QxFzAVBgkqhkiG9w0BCQEWCHQ1NEB0ZXN0MRcwFQYJKoZIhvcNAQkBFgh0NTVA +dGVzdDEXMBUGCSqGSIb3DQEJARYIdDU2QHRlc3QxFzAVBgkqhkiG9w0BCQEWCHQ1 +N0B0ZXN0MRcwFQYJKoZIhvcNAQkBFgh0NThAdGVzdDEXMBUGCSqGSIb3DQEJARYI +dDU5QHRlc3QxFzAVBgkqhkiG9w0BCQEWCHQ2MEB0ZXN0MRcwFQYJKoZIhvcNAQkB +Fgh0NjFAdGVzdDEXMBUGCSqGSIb3DQEJARYIdDYyQHRlc3QxFzAVBgkqhkiG9w0B +CQEWCHQ2M0B0ZXN0MRcwFQYJKoZIhvcNAQkBFgh0NjRAdGVzdDEXMBUGCSqGSIb3 +DQEJARYIdDY1QHRlc3QxFzAVBgkqhkiG9w0BCQEWCHQ2NkB0ZXN0MRcwFQYJKoZI +hvcNAQkBFgh0NjdAdGVzdDEXMBUGCSqGSIb3DQEJARYIdDY4QHRlc3QxFzAVBgkq +hkiG9w0BCQEWCHQ2OUB0ZXN0MRcwFQYJKoZIhvcNAQkBFgh0NzBAdGVzdDEXMBUG +CSqGSIb3DQEJARYIdDcxQHRlc3QxFzAVBgkqhkiG9w0BCQEWCHQ3MkB0ZXN0MRcw +FQYJKoZIhvcNAQkBFgh0NzNAdGVzdDEXMBUGCSqGSIb3DQEJARYIdDc0QHRlc3Qx +FzAVBgkqhkiG9w0BCQEWCHQ3NUB0ZXN0MRcwFQYJKoZIhvcNAQkBFgh0NzZAdGVz +dDEXMBUGCSqGSIb3DQEJARYIdDc3QHRlc3QxFzAVBgkqhkiG9w0BCQEWCHQ3OEB0 +ZXN0MRcwFQYJKoZIhvcNAQkBFgh0NzlAdGVzdDEXMBUGCSqGSIb3DQEJARYIdDgw +QHRlc3QxFzAVBgkqhkiG9w0BCQEWCHQ4MUB0ZXN0MRcwFQYJKoZIhvcNAQkBFgh0 +ODJAdGVzdDEXMBUGCSqGSIb3DQEJARYIdDgzQHRlc3QxFzAVBgkqhkiG9w0BCQEW +CHQ4NEB0ZXN0MRcwFQYJKoZIhvcNAQkBFgh0ODVAdGVzdDEXMBUGCSqGSIb3DQEJ +ARYIdDg2QHRlc3QxFzAVBgkqhkiG9w0BCQEWCHQ4N0B0ZXN0MRcwFQYJKoZIhvcN +AQkBFgh0ODhAdGVzdDEXMBUGCSqGSIb3DQEJARYIdDg5QHRlc3QxFzAVBgkqhkiG +9w0BCQEWCHQ5MEB0ZXN0MRcwFQYJKoZIhvcNAQkBFgh0OTFAdGVzdDEXMBUGCSqG +SIb3DQEJARYIdDkyQHRlc3QxFzAVBgkqhkiG9w0BCQEWCHQ5M0B0ZXN0MRcwFQYJ +KoZIhvcNAQkBFgh0OTRAdGVzdDEXMBUGCSqGSIb3DQEJARYIdDk1QHRlc3QxFzAV +BgkqhkiG9w0BCQEWCHQ5NkB0ZXN0MRcwFQYJKoZIhvcNAQkBFgh0OTdAdGVzdDEX +MBUGCSqGSIb3DQEJARYIdDk4QHRlc3QxFzAVBgkqhkiG9w0BCQEWCHQ5OUB0ZXN0 +MRgwFgYJKoZIhvcNAQkBFgl0MTAwQHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQxMDFA +dGVzdDEYMBYGCSqGSIb3DQEJARYJdDEwMkB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0 +MTAzQHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQxMDRAdGVzdDEYMBYGCSqGSIb3DQEJ +ARYJdDEwNUB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0MTA2QHRlc3QxGDAWBgkqhkiG +9w0BCQEWCXQxMDdAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDEwOEB0ZXN0MRgwFgYJ +KoZIhvcNAQkBFgl0MTA5QHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQxMTBAdGVzdDEY +MBYGCSqGSIb3DQEJARYJdDExMUB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0MTEyQHRl +c3QxGDAWBgkqhkiG9w0BCQEWCXQxMTNAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDEx +NEB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0MTE1QHRlc3QxGDAWBgkqhkiG9w0BCQEW +CXQxMTZAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDExN0B0ZXN0MRgwFgYJKoZIhvcN +AQkBFgl0MTE4QHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQxMTlAdGVzdDEYMBYGCSqG +SIb3DQEJARYJdDEyMEB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0MTIxQHRlc3QxGDAW +BgkqhkiG9w0BCQEWCXQxMjJAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDEyM0B0ZXN0 +MRgwFgYJKoZIhvcNAQkBFgl0MTI0QHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQxMjVA +dGVzdDEYMBYGCSqGSIb3DQEJARYJdDEyNkB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0 +MTI3QHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQxMjhAdGVzdDEYMBYGCSqGSIb3DQEJ +ARYJdDEyOUB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0MTMwQHRlc3QxGDAWBgkqhkiG +9w0BCQEWCXQxMzFAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDEzMkB0ZXN0MRgwFgYJ +KoZIhvcNAQkBFgl0MTMzQHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQxMzRAdGVzdDEY +MBYGCSqGSIb3DQEJARYJdDEzNUB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0MTM2QHRl +c3QxGDAWBgkqhkiG9w0BCQEWCXQxMzdAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDEz +OEB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0MTM5QHRlc3QxGDAWBgkqhkiG9w0BCQEW +CXQxNDBAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDE0MUB0ZXN0MRgwFgYJKoZIhvcN +AQkBFgl0MTQyQHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQxNDNAdGVzdDEYMBYGCSqG +SIb3DQEJARYJdDE0NEB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0MTQ1QHRlc3QxGDAW +BgkqhkiG9w0BCQEWCXQxNDZAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDE0N0B0ZXN0 +MRgwFgYJKoZIhvcNAQkBFgl0MTQ4QHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQxNDlA +dGVzdDEYMBYGCSqGSIb3DQEJARYJdDE1MEB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0 +MTUxQHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQxNTJAdGVzdDEYMBYGCSqGSIb3DQEJ +ARYJdDE1M0B0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0MTU0QHRlc3QxGDAWBgkqhkiG +9w0BCQEWCXQxNTVAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDE1NkB0ZXN0MRgwFgYJ +KoZIhvcNAQkBFgl0MTU3QHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQxNThAdGVzdDEY +MBYGCSqGSIb3DQEJARYJdDE1OUB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0MTYwQHRl +c3QxGDAWBgkqhkiG9w0BCQEWCXQxNjFAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDE2 +MkB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0MTYzQHRlc3QxGDAWBgkqhkiG9w0BCQEW +CXQxNjRAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDE2NUB0ZXN0MRgwFgYJKoZIhvcN +AQkBFgl0MTY2QHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQxNjdAdGVzdDEYMBYGCSqG +SIb3DQEJARYJdDE2OEB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0MTY5QHRlc3QxGDAW +BgkqhkiG9w0BCQEWCXQxNzBAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDE3MUB0ZXN0 +MRgwFgYJKoZIhvcNAQkBFgl0MTcyQHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQxNzNA +dGVzdDEYMBYGCSqGSIb3DQEJARYJdDE3NEB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0 +MTc1QHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQxNzZAdGVzdDEYMBYGCSqGSIb3DQEJ +ARYJdDE3N0B0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0MTc4QHRlc3QxGDAWBgkqhkiG +9w0BCQEWCXQxNzlAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDE4MEB0ZXN0MRgwFgYJ +KoZIhvcNAQkBFgl0MTgxQHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQxODJAdGVzdDEY +MBYGCSqGSIb3DQEJARYJdDE4M0B0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0MTg0QHRl +c3QxGDAWBgkqhkiG9w0BCQEWCXQxODVAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDE4 +NkB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0MTg3QHRlc3QxGDAWBgkqhkiG9w0BCQEW +CXQxODhAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDE4OUB0ZXN0MRgwFgYJKoZIhvcN +AQkBFgl0MTkwQHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQxOTFAdGVzdDEYMBYGCSqG +SIb3DQEJARYJdDE5MkB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0MTkzQHRlc3QxGDAW +BgkqhkiG9w0BCQEWCXQxOTRAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDE5NUB0ZXN0 +MRgwFgYJKoZIhvcNAQkBFgl0MTk2QHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQxOTdA +dGVzdDEYMBYGCSqGSIb3DQEJARYJdDE5OEB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0 +MTk5QHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQyMDBAdGVzdDEYMBYGCSqGSIb3DQEJ +ARYJdDIwMUB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0MjAyQHRlc3QxGDAWBgkqhkiG +9w0BCQEWCXQyMDNAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDIwNEB0ZXN0MRgwFgYJ +KoZIhvcNAQkBFgl0MjA1QHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQyMDZAdGVzdDEY +MBYGCSqGSIb3DQEJARYJdDIwN0B0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0MjA4QHRl +c3QxGDAWBgkqhkiG9w0BCQEWCXQyMDlAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDIx +MEB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0MjExQHRlc3QxGDAWBgkqhkiG9w0BCQEW +CXQyMTJAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDIxM0B0ZXN0MRgwFgYJKoZIhvcN +AQkBFgl0MjE0QHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQyMTVAdGVzdDEYMBYGCSqG +SIb3DQEJARYJdDIxNkB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0MjE3QHRlc3QxGDAW +BgkqhkiG9w0BCQEWCXQyMThAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDIxOUB0ZXN0 +MRgwFgYJKoZIhvcNAQkBFgl0MjIwQHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQyMjFA +dGVzdDEYMBYGCSqGSIb3DQEJARYJdDIyMkB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0 +MjIzQHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQyMjRAdGVzdDEYMBYGCSqGSIb3DQEJ +ARYJdDIyNUB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0MjI2QHRlc3QxGDAWBgkqhkiG +9w0BCQEWCXQyMjdAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDIyOEB0ZXN0MRgwFgYJ +KoZIhvcNAQkBFgl0MjI5QHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQyMzBAdGVzdDEY +MBYGCSqGSIb3DQEJARYJdDIzMUB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0MjMyQHRl +c3QxGDAWBgkqhkiG9w0BCQEWCXQyMzNAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDIz +NEB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0MjM1QHRlc3QxGDAWBgkqhkiG9w0BCQEW +CXQyMzZAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDIzN0B0ZXN0MRgwFgYJKoZIhvcN +AQkBFgl0MjM4QHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQyMzlAdGVzdDEYMBYGCSqG +SIb3DQEJARYJdDI0MEB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0MjQxQHRlc3QxGDAW +BgkqhkiG9w0BCQEWCXQyNDJAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDI0M0B0ZXN0 +MRgwFgYJKoZIhvcNAQkBFgl0MjQ0QHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQyNDVA +dGVzdDEYMBYGCSqGSIb3DQEJARYJdDI0NkB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0 +MjQ3QHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQyNDhAdGVzdDEYMBYGCSqGSIb3DQEJ +ARYJdDI0OUB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0MjUwQHRlc3QxGDAWBgkqhkiG +9w0BCQEWCXQyNTFAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDI1MkB0ZXN0MRgwFgYJ +KoZIhvcNAQkBFgl0MjUzQHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQyNTRAdGVzdDEY +MBYGCSqGSIb3DQEJARYJdDI1NUB0ZXN0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A +MIIBCgKCAQEAugvahBkSAUF1fC49vb1bvlPrcl80kop1iLpiuYoz4Qptwy57+EWs +sZBcHprZ5BkWf6PeGZ7F5AX1PyJbGHZLqvMCvViP6pd4MFox/igESISEHEixoiXC +zepBrhtp5UQSjHD4D4hKtgdMgVxX+LRtwgW3mnu/vBu7rzpr/DS8io99p3lqZ1Ak +y+aNlcMj6MYy8U+YFEevb/V0lRY9oqwmW7BHnXikm/vi6sjIS350U8zb/mRzYeIs +2R65LUduTL50+UMgat9ocewI2dv8aO9Dph+8NdGtg8LFYyTTHcUxJoMr1PTOgnmE +T19WJH4PrFwk7ZE1QJQQ1L4iKmPeQistuQIDAQABo4IK2jCCCtYwDgYDVR0PAQH/ +BAQDAgWgMBMGA1UdJQQMMAoGCCsGAQUFBwMBMAwGA1UdEwEB/wQCMAAwggqfBgNV +HREEggqWMIIKkoIHdDAudGVzdIIHdDEudGVzdIIHdDIudGVzdIIHdDMudGVzdIIH +dDQudGVzdIIHdDUudGVzdIIHdDYudGVzdIIHdDcudGVzdIIHdDgudGVzdIIHdDku +dGVzdIIIdDEwLnRlc3SCCHQxMS50ZXN0ggh0MTIudGVzdIIIdDEzLnRlc3SCCHQx +NC50ZXN0ggh0MTUudGVzdIIIdDE2LnRlc3SCCHQxNy50ZXN0ggh0MTgudGVzdIII +dDE5LnRlc3SCCHQyMC50ZXN0ggh0MjEudGVzdIIIdDIyLnRlc3SCCHQyMy50ZXN0 +ggh0MjQudGVzdIIIdDI1LnRlc3SCCHQyNi50ZXN0ggh0MjcudGVzdIIIdDI4LnRl +c3SCCHQyOS50ZXN0ggh0MzAudGVzdIIIdDMxLnRlc3SCCHQzMi50ZXN0ggh0MzMu +dGVzdIIIdDM0LnRlc3SCCHQzNS50ZXN0ggh0MzYudGVzdIIIdDM3LnRlc3SCCHQz +OC50ZXN0ggh0MzkudGVzdIIIdDQwLnRlc3SCCHQ0MS50ZXN0ggh0NDIudGVzdIII +dDQzLnRlc3SCCHQ0NC50ZXN0ggh0NDUudGVzdIIIdDQ2LnRlc3SCCHQ0Ny50ZXN0 +ggh0NDgudGVzdIIIdDQ5LnRlc3SCCHQ1MC50ZXN0ggh0NTEudGVzdIIIdDUyLnRl +c3SCCHQ1My50ZXN0ggh0NTQudGVzdIIIdDU1LnRlc3SCCHQ1Ni50ZXN0ggh0NTcu +dGVzdIIIdDU4LnRlc3SCCHQ1OS50ZXN0ggh0NjAudGVzdIIIdDYxLnRlc3SCCHQ2 +Mi50ZXN0ggh0NjMudGVzdIIIdDY0LnRlc3SCCHQ2NS50ZXN0ggh0NjYudGVzdIII +dDY3LnRlc3SCCHQ2OC50ZXN0ggh0NjkudGVzdIIIdDcwLnRlc3SCCHQ3MS50ZXN0 +ggh0NzIudGVzdIIIdDczLnRlc3SCCHQ3NC50ZXN0ggh0NzUudGVzdIIIdDc2LnRl +c3SCCHQ3Ny50ZXN0ggh0NzgudGVzdIIIdDc5LnRlc3SCCHQ4MC50ZXN0ggh0ODEu +dGVzdIIIdDgyLnRlc3SCCHQ4My50ZXN0ggh0ODQudGVzdIIIdDg1LnRlc3SCCHQ4 +Ni50ZXN0ggh0ODcudGVzdIIIdDg4LnRlc3SCCHQ4OS50ZXN0ggh0OTAudGVzdIII +dDkxLnRlc3SCCHQ5Mi50ZXN0ggh0OTMudGVzdIIIdDk0LnRlc3SCCHQ5NS50ZXN0 +ggh0OTYudGVzdIIIdDk3LnRlc3SCCHQ5OC50ZXN0ggh0OTkudGVzdIIJdDEwMC50 +ZXN0ggl0MTAxLnRlc3SCCXQxMDIudGVzdIIJdDEwMy50ZXN0ggl0MTA0LnRlc3SC +CXQxMDUudGVzdIIJdDEwNi50ZXN0ggl0MTA3LnRlc3SCCXQxMDgudGVzdIIJdDEw +OS50ZXN0ggl0MTEwLnRlc3SCCXQxMTEudGVzdIIJdDExMi50ZXN0ggl0MTEzLnRl +c3SCCXQxMTQudGVzdIIJdDExNS50ZXN0ggl0MTE2LnRlc3SCCXQxMTcudGVzdIIJ +dDExOC50ZXN0ggl0MTE5LnRlc3SCCXQxMjAudGVzdIIJdDEyMS50ZXN0ggl0MTIy +LnRlc3SCCXQxMjMudGVzdIIJdDEyNC50ZXN0ggl0MTI1LnRlc3SCCXQxMjYudGVz +dIIJdDEyNy50ZXN0ggl0MTI4LnRlc3SCCXQxMjkudGVzdIIJdDEzMC50ZXN0ggl0 +MTMxLnRlc3SCCXQxMzIudGVzdIIJdDEzMy50ZXN0ggl0MTM0LnRlc3SCCXQxMzUu +dGVzdIIJdDEzNi50ZXN0ggl0MTM3LnRlc3SCCXQxMzgudGVzdIIJdDEzOS50ZXN0 +ggl0MTQwLnRlc3SCCXQxNDEudGVzdIIJdDE0Mi50ZXN0ggl0MTQzLnRlc3SCCXQx +NDQudGVzdIIJdDE0NS50ZXN0ggl0MTQ2LnRlc3SCCXQxNDcudGVzdIIJdDE0OC50 +ZXN0ggl0MTQ5LnRlc3SCCXQxNTAudGVzdIIJdDE1MS50ZXN0ggl0MTUyLnRlc3SC +CXQxNTMudGVzdIIJdDE1NC50ZXN0ggl0MTU1LnRlc3SCCXQxNTYudGVzdIIJdDE1 +Ny50ZXN0ggl0MTU4LnRlc3SCCXQxNTkudGVzdIIJdDE2MC50ZXN0ggl0MTYxLnRl +c3SCCXQxNjIudGVzdIIJdDE2My50ZXN0ggl0MTY0LnRlc3SCCXQxNjUudGVzdIIJ +dDE2Ni50ZXN0ggl0MTY3LnRlc3SCCXQxNjgudGVzdIIJdDE2OS50ZXN0ggl0MTcw +LnRlc3SCCXQxNzEudGVzdIIJdDE3Mi50ZXN0ggl0MTczLnRlc3SCCXQxNzQudGVz +dIIJdDE3NS50ZXN0ggl0MTc2LnRlc3SCCXQxNzcudGVzdIIJdDE3OC50ZXN0ggl0 +MTc5LnRlc3SCCXQxODAudGVzdIIJdDE4MS50ZXN0ggl0MTgyLnRlc3SCCXQxODMu +dGVzdIIJdDE4NC50ZXN0ggl0MTg1LnRlc3SCCXQxODYudGVzdIIJdDE4Ny50ZXN0 +ggl0MTg4LnRlc3SCCXQxODkudGVzdIIJdDE5MC50ZXN0ggl0MTkxLnRlc3SCCXQx +OTIudGVzdIIJdDE5My50ZXN0ggl0MTk0LnRlc3SCCXQxOTUudGVzdIIJdDE5Ni50 +ZXN0ggl0MTk3LnRlc3SCCXQxOTgudGVzdIIJdDE5OS50ZXN0ggl0MjAwLnRlc3SC +CXQyMDEudGVzdIIJdDIwMi50ZXN0ggl0MjAzLnRlc3SCCXQyMDQudGVzdIIJdDIw +NS50ZXN0ggl0MjA2LnRlc3SCCXQyMDcudGVzdIIJdDIwOC50ZXN0ggl0MjA5LnRl +c3SCCXQyMTAudGVzdIIJdDIxMS50ZXN0ggl0MjEyLnRlc3SCCXQyMTMudGVzdIIJ +dDIxNC50ZXN0ggl0MjE1LnRlc3SCCXQyMTYudGVzdIIJdDIxNy50ZXN0ggl0MjE4 +LnRlc3SCCXQyMTkudGVzdIIJdDIyMC50ZXN0ggl0MjIxLnRlc3SCCXQyMjIudGVz +dIIJdDIyMy50ZXN0ggl0MjI0LnRlc3SCCXQyMjUudGVzdIIJdDIyNi50ZXN0ggl0 +MjI3LnRlc3SCCXQyMjgudGVzdIIJdDIyOS50ZXN0ggl0MjMwLnRlc3SCCXQyMzEu +dGVzdIIJdDIzMi50ZXN0ggl0MjMzLnRlc3SCCXQyMzQudGVzdIIJdDIzNS50ZXN0 +ggl0MjM2LnRlc3SCCXQyMzcudGVzdIIJdDIzOC50ZXN0ggl0MjM5LnRlc3SCCXQy +NDAudGVzdIIJdDI0MS50ZXN0ggl0MjQyLnRlc3SCCXQyNDMudGVzdIIJdDI0NC50 +ZXN0ggl0MjQ1LnRlc3SCCXQyNDYudGVzdIIJdDI0Ny50ZXN0ggl0MjQ4LnRlc3SC +CXQyNDkudGVzdIIJdDI1MC50ZXN0ggl0MjUxLnRlc3SCCXQyNTIudGVzdIIJdDI1 +My50ZXN0ggl0MjU0LnRlc3SCCXQyNTUudGVzdDANBgkqhkiG9w0BAQsFAAOCAQEA +JIFn5ymMVnj0DOFldXQzAjaosat0Z1dAca0BFO/4bf+IfvpaLvZCiSucInV0ejgR +dP3UsoiXV8qXBax1nr5t4k+yOGYbhgj3imHFtKhFaqJ45AqEJOmzCHWIN0LkN+YL +ME6JBJr86EB+diLPBS7iljmtvN7avvmJ8AbGFI6eB5BwSjewavWpv55u52zMWti7 +Ca2WpKffH74zhnGqkbMzEiiRa1L1+H/uQBJ0BEeAZbr+pSkJZJvzY/eH8a7fLHra +LfBqD4epDm6RI6gSNeJ+G7qSfpVSk7l9bsVh7rUTSSCKBxhcImudqBuLfswoa0Ub +ZoA33vstMRAur0m/blHQHA== +-----END CERTIFICATE----- diff --git a/openssl-1.1.0h/test/certs/some-names2.pem b/openssl-1.1.0h/test/certs/some-names2.pem new file mode 100644 index 0000000..328e3d1 --- /dev/null +++ b/openssl-1.1.0h/test/certs/some-names2.pem @@ -0,0 +1,133 @@ +-----BEGIN CERTIFICATE----- +MIIYgzCCF2ugAwIBAgIBBjANBgkqhkiG9w0BAQsFADANMQswCQYDVQQDEwJDQTAg +Fw0wMDAxMDEwMDAwMDBaGA8yMTAwMDEwMTAwMDAwMFowEjEQMA4GA1UEAxMHdDAu +dGVzdDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALoL2oQZEgFBdXwu +Pb29W75T63JfNJKKdYi6YrmKM+EKbcMue/hFrLGQXB6a2eQZFn+j3hmexeQF9T8i +Wxh2S6rzAr1Yj+qXeDBaMf4oBEiEhBxIsaIlws3qQa4baeVEEoxw+A+ISrYHTIFc +V/i0bcIFt5p7v7wbu686a/w0vIqPfad5amdQJMvmjZXDI+jGMvFPmBRHr2/1dJUW +PaKsJluwR514pJv74urIyEt+dFPM2/5kc2HiLNkeuS1Hbky+dPlDIGrfaHHsCNnb +/GjvQ6YfvDXRrYPCxWMk0x3FMSaDK9T0zoJ5hE9fViR+D6xcJO2RNUCUENS+Iipj +3kIrLbkCAwEAAaOCFeUwghXhMA4GA1UdDwEB/wQEAwIFoDATBgNVHSUEDDAKBggr +BgEFBQcDATAMBgNVHRMBAf8EAjAAMIIVqgYDVR0RBIIVoTCCFZ2CB3QwLnRlc3SC +B3QxLnRlc3SCB3QyLnRlc3SCB3QzLnRlc3SCB3Q0LnRlc3SCB3Q1LnRlc3SCB3Q2 +LnRlc3SCB3Q3LnRlc3SCB3Q4LnRlc3SCB3Q5LnRlc3SCCHQxMC50ZXN0ggh0MTEu +dGVzdIIIdDEyLnRlc3SCCHQxMy50ZXN0ggh0MTQudGVzdIIIdDE1LnRlc3SCCHQx +Ni50ZXN0ggh0MTcudGVzdIIIdDE4LnRlc3SCCHQxOS50ZXN0ggh0MjAudGVzdIII +dDIxLnRlc3SCCHQyMi50ZXN0ggh0MjMudGVzdIIIdDI0LnRlc3SCCHQyNS50ZXN0 +ggh0MjYudGVzdIIIdDI3LnRlc3SCCHQyOC50ZXN0ggh0MjkudGVzdIIIdDMwLnRl +c3SCCHQzMS50ZXN0ggh0MzIudGVzdIIIdDMzLnRlc3SCCHQzNC50ZXN0ggh0MzUu +dGVzdIIIdDM2LnRlc3SCCHQzNy50ZXN0ggh0MzgudGVzdIIIdDM5LnRlc3SCCHQ0 +MC50ZXN0ggh0NDEudGVzdIIIdDQyLnRlc3SCCHQ0My50ZXN0ggh0NDQudGVzdIII +dDQ1LnRlc3SCCHQ0Ni50ZXN0ggh0NDcudGVzdIIIdDQ4LnRlc3SCCHQ0OS50ZXN0 +ggh0NTAudGVzdIIIdDUxLnRlc3SCCHQ1Mi50ZXN0ggh0NTMudGVzdIIIdDU0LnRl +c3SCCHQ1NS50ZXN0ggh0NTYudGVzdIIIdDU3LnRlc3SCCHQ1OC50ZXN0ggh0NTku +dGVzdIIIdDYwLnRlc3SCCHQ2MS50ZXN0ggh0NjIudGVzdIIIdDYzLnRlc3SCCHQ2 +NC50ZXN0ggh0NjUudGVzdIIIdDY2LnRlc3SCCHQ2Ny50ZXN0ggh0NjgudGVzdIII +dDY5LnRlc3SCCHQ3MC50ZXN0ggh0NzEudGVzdIIIdDcyLnRlc3SCCHQ3My50ZXN0 +ggh0NzQudGVzdIIIdDc1LnRlc3SCCHQ3Ni50ZXN0ggh0NzcudGVzdIIIdDc4LnRl +c3SCCHQ3OS50ZXN0ggh0ODAudGVzdIIIdDgxLnRlc3SCCHQ4Mi50ZXN0ggh0ODMu +dGVzdIIIdDg0LnRlc3SCCHQ4NS50ZXN0ggh0ODYudGVzdIIIdDg3LnRlc3SCCHQ4 +OC50ZXN0ggh0ODkudGVzdIIIdDkwLnRlc3SCCHQ5MS50ZXN0ggh0OTIudGVzdIII +dDkzLnRlc3SCCHQ5NC50ZXN0ggh0OTUudGVzdIIIdDk2LnRlc3SCCHQ5Ny50ZXN0 +ggh0OTgudGVzdIIIdDk5LnRlc3SCCXQxMDAudGVzdIIJdDEwMS50ZXN0ggl0MTAy +LnRlc3SCCXQxMDMudGVzdIIJdDEwNC50ZXN0ggl0MTA1LnRlc3SCCXQxMDYudGVz +dIIJdDEwNy50ZXN0ggl0MTA4LnRlc3SCCXQxMDkudGVzdIIJdDExMC50ZXN0ggl0 +MTExLnRlc3SCCXQxMTIudGVzdIIJdDExMy50ZXN0ggl0MTE0LnRlc3SCCXQxMTUu +dGVzdIIJdDExNi50ZXN0ggl0MTE3LnRlc3SCCXQxMTgudGVzdIIJdDExOS50ZXN0 +ggl0MTIwLnRlc3SCCXQxMjEudGVzdIIJdDEyMi50ZXN0ggl0MTIzLnRlc3SCCXQx +MjQudGVzdIIJdDEyNS50ZXN0ggl0MTI2LnRlc3SCCXQxMjcudGVzdIIJdDEyOC50 +ZXN0ggl0MTI5LnRlc3SCCXQxMzAudGVzdIIJdDEzMS50ZXN0ggl0MTMyLnRlc3SC +CXQxMzMudGVzdIIJdDEzNC50ZXN0ggl0MTM1LnRlc3SCCXQxMzYudGVzdIIJdDEz +Ny50ZXN0ggl0MTM4LnRlc3SCCXQxMzkudGVzdIIJdDE0MC50ZXN0ggl0MTQxLnRl +c3SCCXQxNDIudGVzdIIJdDE0My50ZXN0ggl0MTQ0LnRlc3SCCXQxNDUudGVzdIIJ +dDE0Ni50ZXN0ggl0MTQ3LnRlc3SCCXQxNDgudGVzdIIJdDE0OS50ZXN0ggl0MTUw +LnRlc3SCCXQxNTEudGVzdIIJdDE1Mi50ZXN0ggl0MTUzLnRlc3SCCXQxNTQudGVz +dIIJdDE1NS50ZXN0ggl0MTU2LnRlc3SCCXQxNTcudGVzdIIJdDE1OC50ZXN0ggl0 +MTU5LnRlc3SCCXQxNjAudGVzdIIJdDE2MS50ZXN0ggl0MTYyLnRlc3SCCXQxNjMu +dGVzdIIJdDE2NC50ZXN0ggl0MTY1LnRlc3SCCXQxNjYudGVzdIIJdDE2Ny50ZXN0 +ggl0MTY4LnRlc3SCCXQxNjkudGVzdIIJdDE3MC50ZXN0ggl0MTcxLnRlc3SCCXQx +NzIudGVzdIIJdDE3My50ZXN0ggl0MTc0LnRlc3SCCXQxNzUudGVzdIIJdDE3Ni50 +ZXN0ggl0MTc3LnRlc3SCCXQxNzgudGVzdIIJdDE3OS50ZXN0ggl0MTgwLnRlc3SC +CXQxODEudGVzdIIJdDE4Mi50ZXN0ggl0MTgzLnRlc3SCCXQxODQudGVzdIIJdDE4 +NS50ZXN0ggl0MTg2LnRlc3SCCXQxODcudGVzdIIJdDE4OC50ZXN0ggl0MTg5LnRl +c3SCCXQxOTAudGVzdIIJdDE5MS50ZXN0ggl0MTkyLnRlc3SCCXQxOTMudGVzdIIJ +dDE5NC50ZXN0ggl0MTk1LnRlc3SCCXQxOTYudGVzdIIJdDE5Ny50ZXN0ggl0MTk4 +LnRlc3SCCXQxOTkudGVzdIIJdDIwMC50ZXN0ggl0MjAxLnRlc3SCCXQyMDIudGVz +dIIJdDIwMy50ZXN0ggl0MjA0LnRlc3SCCXQyMDUudGVzdIIJdDIwNi50ZXN0ggl0 +MjA3LnRlc3SCCXQyMDgudGVzdIIJdDIwOS50ZXN0ggl0MjEwLnRlc3SCCXQyMTEu +dGVzdIIJdDIxMi50ZXN0ggl0MjEzLnRlc3SCCXQyMTQudGVzdIIJdDIxNS50ZXN0 +ggl0MjE2LnRlc3SCCXQyMTcudGVzdIIJdDIxOC50ZXN0ggl0MjE5LnRlc3SCCXQy +MjAudGVzdIIJdDIyMS50ZXN0ggl0MjIyLnRlc3SCCXQyMjMudGVzdIIJdDIyNC50 +ZXN0ggl0MjI1LnRlc3SCCXQyMjYudGVzdIIJdDIyNy50ZXN0ggl0MjI4LnRlc3SC +CXQyMjkudGVzdIIJdDIzMC50ZXN0ggl0MjMxLnRlc3SCCXQyMzIudGVzdIIJdDIz +My50ZXN0ggl0MjM0LnRlc3SCCXQyMzUudGVzdIIJdDIzNi50ZXN0ggl0MjM3LnRl +c3SCCXQyMzgudGVzdIIJdDIzOS50ZXN0ggl0MjQwLnRlc3SCCXQyNDEudGVzdIIJ +dDI0Mi50ZXN0ggl0MjQzLnRlc3SCCXQyNDQudGVzdIIJdDI0NS50ZXN0ggl0MjQ2 +LnRlc3SCCXQyNDcudGVzdIIJdDI0OC50ZXN0ggl0MjQ5LnRlc3SCCXQyNTAudGVz +dIIJdDI1MS50ZXN0ggl0MjUyLnRlc3SCCXQyNTMudGVzdIIJdDI1NC50ZXN0ggl0 +MjU1LnRlc3SCCXQyNTYudGVzdIIJdDI1Ny50ZXN0ggl0MjU4LnRlc3SCCXQyNTku +dGVzdIIJdDI2MC50ZXN0ggl0MjYxLnRlc3SCCXQyNjIudGVzdIIJdDI2My50ZXN0 +ggl0MjY0LnRlc3SCCXQyNjUudGVzdIIJdDI2Ni50ZXN0ggl0MjY3LnRlc3SCCXQy +NjgudGVzdIIJdDI2OS50ZXN0ggl0MjcwLnRlc3SCCXQyNzEudGVzdIIJdDI3Mi50 +ZXN0ggl0MjczLnRlc3SCCXQyNzQudGVzdIIJdDI3NS50ZXN0ggl0Mjc2LnRlc3SC +CXQyNzcudGVzdIIJdDI3OC50ZXN0ggl0Mjc5LnRlc3SCCXQyODAudGVzdIIJdDI4 +MS50ZXN0ggl0MjgyLnRlc3SCCXQyODMudGVzdIIJdDI4NC50ZXN0ggl0Mjg1LnRl +c3SCCXQyODYudGVzdIIJdDI4Ny50ZXN0ggl0Mjg4LnRlc3SCCXQyODkudGVzdIIJ +dDI5MC50ZXN0ggl0MjkxLnRlc3SCCXQyOTIudGVzdIIJdDI5My50ZXN0ggl0Mjk0 +LnRlc3SCCXQyOTUudGVzdIIJdDI5Ni50ZXN0ggl0Mjk3LnRlc3SCCXQyOTgudGVz +dIIJdDI5OS50ZXN0ggl0MzAwLnRlc3SCCXQzMDEudGVzdIIJdDMwMi50ZXN0ggl0 +MzAzLnRlc3SCCXQzMDQudGVzdIIJdDMwNS50ZXN0ggl0MzA2LnRlc3SCCXQzMDcu +dGVzdIIJdDMwOC50ZXN0ggl0MzA5LnRlc3SCCXQzMTAudGVzdIIJdDMxMS50ZXN0 +ggl0MzEyLnRlc3SCCXQzMTMudGVzdIIJdDMxNC50ZXN0ggl0MzE1LnRlc3SCCXQz +MTYudGVzdIIJdDMxNy50ZXN0ggl0MzE4LnRlc3SCCXQzMTkudGVzdIIJdDMyMC50 +ZXN0ggl0MzIxLnRlc3SCCXQzMjIudGVzdIIJdDMyMy50ZXN0ggl0MzI0LnRlc3SC +CXQzMjUudGVzdIIJdDMyNi50ZXN0ggl0MzI3LnRlc3SCCXQzMjgudGVzdIIJdDMy +OS50ZXN0ggl0MzMwLnRlc3SCCXQzMzEudGVzdIIJdDMzMi50ZXN0ggl0MzMzLnRl +c3SCCXQzMzQudGVzdIIJdDMzNS50ZXN0ggl0MzM2LnRlc3SCCXQzMzcudGVzdIIJ +dDMzOC50ZXN0ggl0MzM5LnRlc3SCCXQzNDAudGVzdIIJdDM0MS50ZXN0ggl0MzQy +LnRlc3SCCXQzNDMudGVzdIIJdDM0NC50ZXN0ggl0MzQ1LnRlc3SCCXQzNDYudGVz +dIIJdDM0Ny50ZXN0ggl0MzQ4LnRlc3SCCXQzNDkudGVzdIIJdDM1MC50ZXN0ggl0 +MzUxLnRlc3SCCXQzNTIudGVzdIIJdDM1My50ZXN0ggl0MzU0LnRlc3SCCXQzNTUu +dGVzdIIJdDM1Ni50ZXN0ggl0MzU3LnRlc3SCCXQzNTgudGVzdIIJdDM1OS50ZXN0 +ggl0MzYwLnRlc3SCCXQzNjEudGVzdIIJdDM2Mi50ZXN0ggl0MzYzLnRlc3SCCXQz +NjQudGVzdIIJdDM2NS50ZXN0ggl0MzY2LnRlc3SCCXQzNjcudGVzdIIJdDM2OC50 +ZXN0ggl0MzY5LnRlc3SCCXQzNzAudGVzdIIJdDM3MS50ZXN0ggl0MzcyLnRlc3SC +CXQzNzMudGVzdIIJdDM3NC50ZXN0ggl0Mzc1LnRlc3SCCXQzNzYudGVzdIIJdDM3 +Ny50ZXN0ggl0Mzc4LnRlc3SCCXQzNzkudGVzdIIJdDM4MC50ZXN0ggl0MzgxLnRl +c3SCCXQzODIudGVzdIIJdDM4My50ZXN0ggl0Mzg0LnRlc3SCCXQzODUudGVzdIIJ +dDM4Ni50ZXN0ggl0Mzg3LnRlc3SCCXQzODgudGVzdIIJdDM4OS50ZXN0ggl0Mzkw +LnRlc3SCCXQzOTEudGVzdIIJdDM5Mi50ZXN0ggl0MzkzLnRlc3SCCXQzOTQudGVz +dIIJdDM5NS50ZXN0ggl0Mzk2LnRlc3SCCXQzOTcudGVzdIIJdDM5OC50ZXN0ggl0 +Mzk5LnRlc3SCCXQ0MDAudGVzdIIJdDQwMS50ZXN0ggl0NDAyLnRlc3SCCXQ0MDMu +dGVzdIIJdDQwNC50ZXN0ggl0NDA1LnRlc3SCCXQ0MDYudGVzdIIJdDQwNy50ZXN0 +ggl0NDA4LnRlc3SCCXQ0MDkudGVzdIIJdDQxMC50ZXN0ggl0NDExLnRlc3SCCXQ0 +MTIudGVzdIIJdDQxMy50ZXN0ggl0NDE0LnRlc3SCCXQ0MTUudGVzdIIJdDQxNi50 +ZXN0ggl0NDE3LnRlc3SCCXQ0MTgudGVzdIIJdDQxOS50ZXN0ggl0NDIwLnRlc3SC +CXQ0MjEudGVzdIIJdDQyMi50ZXN0ggl0NDIzLnRlc3SCCXQ0MjQudGVzdIIJdDQy +NS50ZXN0ggl0NDI2LnRlc3SCCXQ0MjcudGVzdIIJdDQyOC50ZXN0ggl0NDI5LnRl +c3SCCXQ0MzAudGVzdIIJdDQzMS50ZXN0ggl0NDMyLnRlc3SCCXQ0MzMudGVzdIIJ +dDQzNC50ZXN0ggl0NDM1LnRlc3SCCXQ0MzYudGVzdIIJdDQzNy50ZXN0ggl0NDM4 +LnRlc3SCCXQ0MzkudGVzdIIJdDQ0MC50ZXN0ggl0NDQxLnRlc3SCCXQ0NDIudGVz +dIIJdDQ0My50ZXN0ggl0NDQ0LnRlc3SCCXQ0NDUudGVzdIIJdDQ0Ni50ZXN0ggl0 +NDQ3LnRlc3SCCXQ0NDgudGVzdIIJdDQ0OS50ZXN0ggl0NDUwLnRlc3SCCXQ0NTEu +dGVzdIIJdDQ1Mi50ZXN0ggl0NDUzLnRlc3SCCXQ0NTQudGVzdIIJdDQ1NS50ZXN0 +ggl0NDU2LnRlc3SCCXQ0NTcudGVzdIIJdDQ1OC50ZXN0ggl0NDU5LnRlc3SCCXQ0 +NjAudGVzdIIJdDQ2MS50ZXN0ggl0NDYyLnRlc3SCCXQ0NjMudGVzdIIJdDQ2NC50 +ZXN0ggl0NDY1LnRlc3SCCXQ0NjYudGVzdIIJdDQ2Ny50ZXN0ggl0NDY4LnRlc3SC +CXQ0NjkudGVzdIIJdDQ3MC50ZXN0ggl0NDcxLnRlc3SCCXQ0NzIudGVzdIIJdDQ3 +My50ZXN0ggl0NDc0LnRlc3SCCXQ0NzUudGVzdIIJdDQ3Ni50ZXN0ggl0NDc3LnRl +c3SCCXQ0NzgudGVzdIIJdDQ3OS50ZXN0ggl0NDgwLnRlc3SCCXQ0ODEudGVzdIIJ +dDQ4Mi50ZXN0ggl0NDgzLnRlc3SCCXQ0ODQudGVzdIIJdDQ4NS50ZXN0ggl0NDg2 +LnRlc3SCCXQ0ODcudGVzdIIJdDQ4OC50ZXN0ggl0NDg5LnRlc3SCCXQ0OTAudGVz +dIIJdDQ5MS50ZXN0ggl0NDkyLnRlc3SCCXQ0OTMudGVzdIIJdDQ5NC50ZXN0ggl0 +NDk1LnRlc3SCCXQ0OTYudGVzdIIJdDQ5Ny50ZXN0ggl0NDk4LnRlc3SCCXQ0OTku +dGVzdIIJdDUwMC50ZXN0ggl0NTAxLnRlc3SCCXQ1MDIudGVzdIIJdDUwMy50ZXN0 +ggl0NTA0LnRlc3SCCXQ1MDUudGVzdIIJdDUwNi50ZXN0ggl0NTA3LnRlc3SCCXQ1 +MDgudGVzdIIJdDUwOS50ZXN0ggl0NTEwLnRlc3SCCXQ1MTEudGVzdIIJdDUxMi50 +ZXN0MA0GCSqGSIb3DQEBCwUAA4IBAQBjxDfYTobCREWVHPrt1T9iT2t0gieS7hVw +lQaezO1n+m0MerQ92DHhMXBROBiMXIWyvTa341xClpYAwPqqAIUEdS0L5r4Jq/Ep +4uglb+eZXMvTAm89KH3L8xTugc8UtHMqbfyo92v96wgFXBrcDDXIkGdPkLyz2s2J +QjpNVG/La/EYTQdHPgv6Rg0g+t6RNN1JJ0p1wQ5ItDc8d/bfWdlG/EViWVRsiSBh +7YRbkGWdnHnorCe0yIg0jKCk3UhgXaYY66/alpmE/QVXSaLgNvdmJ5m9mixY0ZaB +0niy+KzIgBczvDcxVdL5/fsxGvA4nI8Gi7Z+EJDKXeED+FwcTDJD +-----END CERTIFICATE----- diff --git a/openssl-1.1.0h/test/certs/some-names3.pem b/openssl-1.1.0h/test/certs/some-names3.pem new file mode 100644 index 0000000..a6d3ee7 --- /dev/null +++ b/openssl-1.1.0h/test/certs/some-names3.pem @@ -0,0 +1,293 @@ +-----BEGIN CERTIFICATE----- +MII2fzCCNWegAwIBAgIBBzANBgkqhkiG9w0BAQsFADANMQswCQYDVQQDEwJDQTAg +Fw0wMDAxMDEwMDAwMDBaGA8yMTAwMDEwMTAwMDAwMFowgjO+MRAwDgYDVQQDEwd0 +MC50ZXN0MRYwFAYJKoZIhvcNAQkBFgd0MEB0ZXN0MRYwFAYJKoZIhvcNAQkBFgd0 +MUB0ZXN0MRYwFAYJKoZIhvcNAQkBFgd0MkB0ZXN0MRYwFAYJKoZIhvcNAQkBFgd0 +M0B0ZXN0MRYwFAYJKoZIhvcNAQkBFgd0NEB0ZXN0MRYwFAYJKoZIhvcNAQkBFgd0 +NUB0ZXN0MRYwFAYJKoZIhvcNAQkBFgd0NkB0ZXN0MRYwFAYJKoZIhvcNAQkBFgd0 +N0B0ZXN0MRYwFAYJKoZIhvcNAQkBFgd0OEB0ZXN0MRYwFAYJKoZIhvcNAQkBFgd0 +OUB0ZXN0MRcwFQYJKoZIhvcNAQkBFgh0MTBAdGVzdDEXMBUGCSqGSIb3DQEJARYI +dDExQHRlc3QxFzAVBgkqhkiG9w0BCQEWCHQxMkB0ZXN0MRcwFQYJKoZIhvcNAQkB +Fgh0MTNAdGVzdDEXMBUGCSqGSIb3DQEJARYIdDE0QHRlc3QxFzAVBgkqhkiG9w0B +CQEWCHQxNUB0ZXN0MRcwFQYJKoZIhvcNAQkBFgh0MTZAdGVzdDEXMBUGCSqGSIb3 +DQEJARYIdDE3QHRlc3QxFzAVBgkqhkiG9w0BCQEWCHQxOEB0ZXN0MRcwFQYJKoZI +hvcNAQkBFgh0MTlAdGVzdDEXMBUGCSqGSIb3DQEJARYIdDIwQHRlc3QxFzAVBgkq +hkiG9w0BCQEWCHQyMUB0ZXN0MRcwFQYJKoZIhvcNAQkBFgh0MjJAdGVzdDEXMBUG +CSqGSIb3DQEJARYIdDIzQHRlc3QxFzAVBgkqhkiG9w0BCQEWCHQyNEB0ZXN0MRcw +FQYJKoZIhvcNAQkBFgh0MjVAdGVzdDEXMBUGCSqGSIb3DQEJARYIdDI2QHRlc3Qx +FzAVBgkqhkiG9w0BCQEWCHQyN0B0ZXN0MRcwFQYJKoZIhvcNAQkBFgh0MjhAdGVz +dDEXMBUGCSqGSIb3DQEJARYIdDI5QHRlc3QxFzAVBgkqhkiG9w0BCQEWCHQzMEB0 +ZXN0MRcwFQYJKoZIhvcNAQkBFgh0MzFAdGVzdDEXMBUGCSqGSIb3DQEJARYIdDMy +QHRlc3QxFzAVBgkqhkiG9w0BCQEWCHQzM0B0ZXN0MRcwFQYJKoZIhvcNAQkBFgh0 +MzRAdGVzdDEXMBUGCSqGSIb3DQEJARYIdDM1QHRlc3QxFzAVBgkqhkiG9w0BCQEW +CHQzNkB0ZXN0MRcwFQYJKoZIhvcNAQkBFgh0MzdAdGVzdDEXMBUGCSqGSIb3DQEJ +ARYIdDM4QHRlc3QxFzAVBgkqhkiG9w0BCQEWCHQzOUB0ZXN0MRcwFQYJKoZIhvcN +AQkBFgh0NDBAdGVzdDEXMBUGCSqGSIb3DQEJARYIdDQxQHRlc3QxFzAVBgkqhkiG +9w0BCQEWCHQ0MkB0ZXN0MRcwFQYJKoZIhvcNAQkBFgh0NDNAdGVzdDEXMBUGCSqG +SIb3DQEJARYIdDQ0QHRlc3QxFzAVBgkqhkiG9w0BCQEWCHQ0NUB0ZXN0MRcwFQYJ +KoZIhvcNAQkBFgh0NDZAdGVzdDEXMBUGCSqGSIb3DQEJARYIdDQ3QHRlc3QxFzAV +BgkqhkiG9w0BCQEWCHQ0OEB0ZXN0MRcwFQYJKoZIhvcNAQkBFgh0NDlAdGVzdDEX +MBUGCSqGSIb3DQEJARYIdDUwQHRlc3QxFzAVBgkqhkiG9w0BCQEWCHQ1MUB0ZXN0 +MRcwFQYJKoZIhvcNAQkBFgh0NTJAdGVzdDEXMBUGCSqGSIb3DQEJARYIdDUzQHRl +c3QxFzAVBgkqhkiG9w0BCQEWCHQ1NEB0ZXN0MRcwFQYJKoZIhvcNAQkBFgh0NTVA +dGVzdDEXMBUGCSqGSIb3DQEJARYIdDU2QHRlc3QxFzAVBgkqhkiG9w0BCQEWCHQ1 +N0B0ZXN0MRcwFQYJKoZIhvcNAQkBFgh0NThAdGVzdDEXMBUGCSqGSIb3DQEJARYI +dDU5QHRlc3QxFzAVBgkqhkiG9w0BCQEWCHQ2MEB0ZXN0MRcwFQYJKoZIhvcNAQkB +Fgh0NjFAdGVzdDEXMBUGCSqGSIb3DQEJARYIdDYyQHRlc3QxFzAVBgkqhkiG9w0B +CQEWCHQ2M0B0ZXN0MRcwFQYJKoZIhvcNAQkBFgh0NjRAdGVzdDEXMBUGCSqGSIb3 +DQEJARYIdDY1QHRlc3QxFzAVBgkqhkiG9w0BCQEWCHQ2NkB0ZXN0MRcwFQYJKoZI +hvcNAQkBFgh0NjdAdGVzdDEXMBUGCSqGSIb3DQEJARYIdDY4QHRlc3QxFzAVBgkq +hkiG9w0BCQEWCHQ2OUB0ZXN0MRcwFQYJKoZIhvcNAQkBFgh0NzBAdGVzdDEXMBUG +CSqGSIb3DQEJARYIdDcxQHRlc3QxFzAVBgkqhkiG9w0BCQEWCHQ3MkB0ZXN0MRcw +FQYJKoZIhvcNAQkBFgh0NzNAdGVzdDEXMBUGCSqGSIb3DQEJARYIdDc0QHRlc3Qx +FzAVBgkqhkiG9w0BCQEWCHQ3NUB0ZXN0MRcwFQYJKoZIhvcNAQkBFgh0NzZAdGVz +dDEXMBUGCSqGSIb3DQEJARYIdDc3QHRlc3QxFzAVBgkqhkiG9w0BCQEWCHQ3OEB0 +ZXN0MRcwFQYJKoZIhvcNAQkBFgh0NzlAdGVzdDEXMBUGCSqGSIb3DQEJARYIdDgw +QHRlc3QxFzAVBgkqhkiG9w0BCQEWCHQ4MUB0ZXN0MRcwFQYJKoZIhvcNAQkBFgh0 +ODJAdGVzdDEXMBUGCSqGSIb3DQEJARYIdDgzQHRlc3QxFzAVBgkqhkiG9w0BCQEW +CHQ4NEB0ZXN0MRcwFQYJKoZIhvcNAQkBFgh0ODVAdGVzdDEXMBUGCSqGSIb3DQEJ +ARYIdDg2QHRlc3QxFzAVBgkqhkiG9w0BCQEWCHQ4N0B0ZXN0MRcwFQYJKoZIhvcN +AQkBFgh0ODhAdGVzdDEXMBUGCSqGSIb3DQEJARYIdDg5QHRlc3QxFzAVBgkqhkiG +9w0BCQEWCHQ5MEB0ZXN0MRcwFQYJKoZIhvcNAQkBFgh0OTFAdGVzdDEXMBUGCSqG +SIb3DQEJARYIdDkyQHRlc3QxFzAVBgkqhkiG9w0BCQEWCHQ5M0B0ZXN0MRcwFQYJ +KoZIhvcNAQkBFgh0OTRAdGVzdDEXMBUGCSqGSIb3DQEJARYIdDk1QHRlc3QxFzAV +BgkqhkiG9w0BCQEWCHQ5NkB0ZXN0MRcwFQYJKoZIhvcNAQkBFgh0OTdAdGVzdDEX +MBUGCSqGSIb3DQEJARYIdDk4QHRlc3QxFzAVBgkqhkiG9w0BCQEWCHQ5OUB0ZXN0 +MRgwFgYJKoZIhvcNAQkBFgl0MTAwQHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQxMDFA +dGVzdDEYMBYGCSqGSIb3DQEJARYJdDEwMkB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0 +MTAzQHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQxMDRAdGVzdDEYMBYGCSqGSIb3DQEJ +ARYJdDEwNUB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0MTA2QHRlc3QxGDAWBgkqhkiG +9w0BCQEWCXQxMDdAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDEwOEB0ZXN0MRgwFgYJ +KoZIhvcNAQkBFgl0MTA5QHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQxMTBAdGVzdDEY +MBYGCSqGSIb3DQEJARYJdDExMUB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0MTEyQHRl +c3QxGDAWBgkqhkiG9w0BCQEWCXQxMTNAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDEx +NEB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0MTE1QHRlc3QxGDAWBgkqhkiG9w0BCQEW +CXQxMTZAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDExN0B0ZXN0MRgwFgYJKoZIhvcN +AQkBFgl0MTE4QHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQxMTlAdGVzdDEYMBYGCSqG +SIb3DQEJARYJdDEyMEB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0MTIxQHRlc3QxGDAW +BgkqhkiG9w0BCQEWCXQxMjJAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDEyM0B0ZXN0 +MRgwFgYJKoZIhvcNAQkBFgl0MTI0QHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQxMjVA +dGVzdDEYMBYGCSqGSIb3DQEJARYJdDEyNkB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0 +MTI3QHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQxMjhAdGVzdDEYMBYGCSqGSIb3DQEJ +ARYJdDEyOUB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0MTMwQHRlc3QxGDAWBgkqhkiG +9w0BCQEWCXQxMzFAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDEzMkB0ZXN0MRgwFgYJ +KoZIhvcNAQkBFgl0MTMzQHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQxMzRAdGVzdDEY +MBYGCSqGSIb3DQEJARYJdDEzNUB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0MTM2QHRl +c3QxGDAWBgkqhkiG9w0BCQEWCXQxMzdAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDEz +OEB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0MTM5QHRlc3QxGDAWBgkqhkiG9w0BCQEW +CXQxNDBAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDE0MUB0ZXN0MRgwFgYJKoZIhvcN +AQkBFgl0MTQyQHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQxNDNAdGVzdDEYMBYGCSqG +SIb3DQEJARYJdDE0NEB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0MTQ1QHRlc3QxGDAW +BgkqhkiG9w0BCQEWCXQxNDZAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDE0N0B0ZXN0 +MRgwFgYJKoZIhvcNAQkBFgl0MTQ4QHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQxNDlA +dGVzdDEYMBYGCSqGSIb3DQEJARYJdDE1MEB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0 +MTUxQHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQxNTJAdGVzdDEYMBYGCSqGSIb3DQEJ +ARYJdDE1M0B0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0MTU0QHRlc3QxGDAWBgkqhkiG +9w0BCQEWCXQxNTVAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDE1NkB0ZXN0MRgwFgYJ +KoZIhvcNAQkBFgl0MTU3QHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQxNThAdGVzdDEY +MBYGCSqGSIb3DQEJARYJdDE1OUB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0MTYwQHRl +c3QxGDAWBgkqhkiG9w0BCQEWCXQxNjFAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDE2 +MkB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0MTYzQHRlc3QxGDAWBgkqhkiG9w0BCQEW +CXQxNjRAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDE2NUB0ZXN0MRgwFgYJKoZIhvcN +AQkBFgl0MTY2QHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQxNjdAdGVzdDEYMBYGCSqG +SIb3DQEJARYJdDE2OEB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0MTY5QHRlc3QxGDAW +BgkqhkiG9w0BCQEWCXQxNzBAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDE3MUB0ZXN0 +MRgwFgYJKoZIhvcNAQkBFgl0MTcyQHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQxNzNA +dGVzdDEYMBYGCSqGSIb3DQEJARYJdDE3NEB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0 +MTc1QHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQxNzZAdGVzdDEYMBYGCSqGSIb3DQEJ +ARYJdDE3N0B0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0MTc4QHRlc3QxGDAWBgkqhkiG +9w0BCQEWCXQxNzlAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDE4MEB0ZXN0MRgwFgYJ +KoZIhvcNAQkBFgl0MTgxQHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQxODJAdGVzdDEY +MBYGCSqGSIb3DQEJARYJdDE4M0B0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0MTg0QHRl +c3QxGDAWBgkqhkiG9w0BCQEWCXQxODVAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDE4 +NkB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0MTg3QHRlc3QxGDAWBgkqhkiG9w0BCQEW +CXQxODhAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDE4OUB0ZXN0MRgwFgYJKoZIhvcN +AQkBFgl0MTkwQHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQxOTFAdGVzdDEYMBYGCSqG +SIb3DQEJARYJdDE5MkB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0MTkzQHRlc3QxGDAW +BgkqhkiG9w0BCQEWCXQxOTRAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDE5NUB0ZXN0 +MRgwFgYJKoZIhvcNAQkBFgl0MTk2QHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQxOTdA +dGVzdDEYMBYGCSqGSIb3DQEJARYJdDE5OEB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0 +MTk5QHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQyMDBAdGVzdDEYMBYGCSqGSIb3DQEJ +ARYJdDIwMUB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0MjAyQHRlc3QxGDAWBgkqhkiG +9w0BCQEWCXQyMDNAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDIwNEB0ZXN0MRgwFgYJ +KoZIhvcNAQkBFgl0MjA1QHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQyMDZAdGVzdDEY +MBYGCSqGSIb3DQEJARYJdDIwN0B0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0MjA4QHRl +c3QxGDAWBgkqhkiG9w0BCQEWCXQyMDlAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDIx +MEB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0MjExQHRlc3QxGDAWBgkqhkiG9w0BCQEW +CXQyMTJAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDIxM0B0ZXN0MRgwFgYJKoZIhvcN +AQkBFgl0MjE0QHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQyMTVAdGVzdDEYMBYGCSqG +SIb3DQEJARYJdDIxNkB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0MjE3QHRlc3QxGDAW +BgkqhkiG9w0BCQEWCXQyMThAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDIxOUB0ZXN0 +MRgwFgYJKoZIhvcNAQkBFgl0MjIwQHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQyMjFA +dGVzdDEYMBYGCSqGSIb3DQEJARYJdDIyMkB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0 +MjIzQHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQyMjRAdGVzdDEYMBYGCSqGSIb3DQEJ +ARYJdDIyNUB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0MjI2QHRlc3QxGDAWBgkqhkiG +9w0BCQEWCXQyMjdAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDIyOEB0ZXN0MRgwFgYJ +KoZIhvcNAQkBFgl0MjI5QHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQyMzBAdGVzdDEY +MBYGCSqGSIb3DQEJARYJdDIzMUB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0MjMyQHRl +c3QxGDAWBgkqhkiG9w0BCQEWCXQyMzNAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDIz +NEB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0MjM1QHRlc3QxGDAWBgkqhkiG9w0BCQEW +CXQyMzZAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDIzN0B0ZXN0MRgwFgYJKoZIhvcN +AQkBFgl0MjM4QHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQyMzlAdGVzdDEYMBYGCSqG +SIb3DQEJARYJdDI0MEB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0MjQxQHRlc3QxGDAW +BgkqhkiG9w0BCQEWCXQyNDJAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDI0M0B0ZXN0 +MRgwFgYJKoZIhvcNAQkBFgl0MjQ0QHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQyNDVA +dGVzdDEYMBYGCSqGSIb3DQEJARYJdDI0NkB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0 +MjQ3QHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQyNDhAdGVzdDEYMBYGCSqGSIb3DQEJ +ARYJdDI0OUB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0MjUwQHRlc3QxGDAWBgkqhkiG +9w0BCQEWCXQyNTFAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDI1MkB0ZXN0MRgwFgYJ +KoZIhvcNAQkBFgl0MjUzQHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQyNTRAdGVzdDEY +MBYGCSqGSIb3DQEJARYJdDI1NUB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0MjU2QHRl +c3QxGDAWBgkqhkiG9w0BCQEWCXQyNTdAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDI1 +OEB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0MjU5QHRlc3QxGDAWBgkqhkiG9w0BCQEW +CXQyNjBAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDI2MUB0ZXN0MRgwFgYJKoZIhvcN +AQkBFgl0MjYyQHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQyNjNAdGVzdDEYMBYGCSqG +SIb3DQEJARYJdDI2NEB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0MjY1QHRlc3QxGDAW +BgkqhkiG9w0BCQEWCXQyNjZAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDI2N0B0ZXN0 +MRgwFgYJKoZIhvcNAQkBFgl0MjY4QHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQyNjlA +dGVzdDEYMBYGCSqGSIb3DQEJARYJdDI3MEB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0 +MjcxQHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQyNzJAdGVzdDEYMBYGCSqGSIb3DQEJ +ARYJdDI3M0B0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0Mjc0QHRlc3QxGDAWBgkqhkiG +9w0BCQEWCXQyNzVAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDI3NkB0ZXN0MRgwFgYJ +KoZIhvcNAQkBFgl0Mjc3QHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQyNzhAdGVzdDEY +MBYGCSqGSIb3DQEJARYJdDI3OUB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0MjgwQHRl +c3QxGDAWBgkqhkiG9w0BCQEWCXQyODFAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDI4 +MkB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0MjgzQHRlc3QxGDAWBgkqhkiG9w0BCQEW +CXQyODRAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDI4NUB0ZXN0MRgwFgYJKoZIhvcN +AQkBFgl0Mjg2QHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQyODdAdGVzdDEYMBYGCSqG +SIb3DQEJARYJdDI4OEB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0Mjg5QHRlc3QxGDAW +BgkqhkiG9w0BCQEWCXQyOTBAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDI5MUB0ZXN0 +MRgwFgYJKoZIhvcNAQkBFgl0MjkyQHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQyOTNA +dGVzdDEYMBYGCSqGSIb3DQEJARYJdDI5NEB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0 +Mjk1QHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQyOTZAdGVzdDEYMBYGCSqGSIb3DQEJ +ARYJdDI5N0B0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0Mjk4QHRlc3QxGDAWBgkqhkiG +9w0BCQEWCXQyOTlAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDMwMEB0ZXN0MRgwFgYJ +KoZIhvcNAQkBFgl0MzAxQHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQzMDJAdGVzdDEY +MBYGCSqGSIb3DQEJARYJdDMwM0B0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0MzA0QHRl +c3QxGDAWBgkqhkiG9w0BCQEWCXQzMDVAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDMw +NkB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0MzA3QHRlc3QxGDAWBgkqhkiG9w0BCQEW +CXQzMDhAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDMwOUB0ZXN0MRgwFgYJKoZIhvcN +AQkBFgl0MzEwQHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQzMTFAdGVzdDEYMBYGCSqG +SIb3DQEJARYJdDMxMkB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0MzEzQHRlc3QxGDAW +BgkqhkiG9w0BCQEWCXQzMTRAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDMxNUB0ZXN0 +MRgwFgYJKoZIhvcNAQkBFgl0MzE2QHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQzMTdA +dGVzdDEYMBYGCSqGSIb3DQEJARYJdDMxOEB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0 +MzE5QHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQzMjBAdGVzdDEYMBYGCSqGSIb3DQEJ +ARYJdDMyMUB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0MzIyQHRlc3QxGDAWBgkqhkiG +9w0BCQEWCXQzMjNAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDMyNEB0ZXN0MRgwFgYJ +KoZIhvcNAQkBFgl0MzI1QHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQzMjZAdGVzdDEY +MBYGCSqGSIb3DQEJARYJdDMyN0B0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0MzI4QHRl +c3QxGDAWBgkqhkiG9w0BCQEWCXQzMjlAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDMz +MEB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0MzMxQHRlc3QxGDAWBgkqhkiG9w0BCQEW +CXQzMzJAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDMzM0B0ZXN0MRgwFgYJKoZIhvcN +AQkBFgl0MzM0QHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQzMzVAdGVzdDEYMBYGCSqG +SIb3DQEJARYJdDMzNkB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0MzM3QHRlc3QxGDAW +BgkqhkiG9w0BCQEWCXQzMzhAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDMzOUB0ZXN0 +MRgwFgYJKoZIhvcNAQkBFgl0MzQwQHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQzNDFA +dGVzdDEYMBYGCSqGSIb3DQEJARYJdDM0MkB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0 +MzQzQHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQzNDRAdGVzdDEYMBYGCSqGSIb3DQEJ +ARYJdDM0NUB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0MzQ2QHRlc3QxGDAWBgkqhkiG +9w0BCQEWCXQzNDdAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDM0OEB0ZXN0MRgwFgYJ +KoZIhvcNAQkBFgl0MzQ5QHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQzNTBAdGVzdDEY +MBYGCSqGSIb3DQEJARYJdDM1MUB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0MzUyQHRl +c3QxGDAWBgkqhkiG9w0BCQEWCXQzNTNAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDM1 +NEB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0MzU1QHRlc3QxGDAWBgkqhkiG9w0BCQEW +CXQzNTZAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDM1N0B0ZXN0MRgwFgYJKoZIhvcN +AQkBFgl0MzU4QHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQzNTlAdGVzdDEYMBYGCSqG +SIb3DQEJARYJdDM2MEB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0MzYxQHRlc3QxGDAW +BgkqhkiG9w0BCQEWCXQzNjJAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDM2M0B0ZXN0 +MRgwFgYJKoZIhvcNAQkBFgl0MzY0QHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQzNjVA +dGVzdDEYMBYGCSqGSIb3DQEJARYJdDM2NkB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0 +MzY3QHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQzNjhAdGVzdDEYMBYGCSqGSIb3DQEJ +ARYJdDM2OUB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0MzcwQHRlc3QxGDAWBgkqhkiG +9w0BCQEWCXQzNzFAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDM3MkB0ZXN0MRgwFgYJ +KoZIhvcNAQkBFgl0MzczQHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQzNzRAdGVzdDEY +MBYGCSqGSIb3DQEJARYJdDM3NUB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0Mzc2QHRl +c3QxGDAWBgkqhkiG9w0BCQEWCXQzNzdAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDM3 +OEB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0Mzc5QHRlc3QxGDAWBgkqhkiG9w0BCQEW +CXQzODBAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDM4MUB0ZXN0MRgwFgYJKoZIhvcN +AQkBFgl0MzgyQHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQzODNAdGVzdDEYMBYGCSqG +SIb3DQEJARYJdDM4NEB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0Mzg1QHRlc3QxGDAW +BgkqhkiG9w0BCQEWCXQzODZAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDM4N0B0ZXN0 +MRgwFgYJKoZIhvcNAQkBFgl0Mzg4QHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQzODlA +dGVzdDEYMBYGCSqGSIb3DQEJARYJdDM5MEB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0 +MzkxQHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQzOTJAdGVzdDEYMBYGCSqGSIb3DQEJ +ARYJdDM5M0B0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0Mzk0QHRlc3QxGDAWBgkqhkiG +9w0BCQEWCXQzOTVAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDM5NkB0ZXN0MRgwFgYJ +KoZIhvcNAQkBFgl0Mzk3QHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQzOThAdGVzdDEY +MBYGCSqGSIb3DQEJARYJdDM5OUB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0NDAwQHRl +c3QxGDAWBgkqhkiG9w0BCQEWCXQ0MDFAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDQw +MkB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0NDAzQHRlc3QxGDAWBgkqhkiG9w0BCQEW +CXQ0MDRAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDQwNUB0ZXN0MRgwFgYJKoZIhvcN +AQkBFgl0NDA2QHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQ0MDdAdGVzdDEYMBYGCSqG +SIb3DQEJARYJdDQwOEB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0NDA5QHRlc3QxGDAW +BgkqhkiG9w0BCQEWCXQ0MTBAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDQxMUB0ZXN0 +MRgwFgYJKoZIhvcNAQkBFgl0NDEyQHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQ0MTNA +dGVzdDEYMBYGCSqGSIb3DQEJARYJdDQxNEB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0 +NDE1QHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQ0MTZAdGVzdDEYMBYGCSqGSIb3DQEJ +ARYJdDQxN0B0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0NDE4QHRlc3QxGDAWBgkqhkiG +9w0BCQEWCXQ0MTlAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDQyMEB0ZXN0MRgwFgYJ +KoZIhvcNAQkBFgl0NDIxQHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQ0MjJAdGVzdDEY +MBYGCSqGSIb3DQEJARYJdDQyM0B0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0NDI0QHRl +c3QxGDAWBgkqhkiG9w0BCQEWCXQ0MjVAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDQy +NkB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0NDI3QHRlc3QxGDAWBgkqhkiG9w0BCQEW +CXQ0MjhAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDQyOUB0ZXN0MRgwFgYJKoZIhvcN +AQkBFgl0NDMwQHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQ0MzFAdGVzdDEYMBYGCSqG +SIb3DQEJARYJdDQzMkB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0NDMzQHRlc3QxGDAW +BgkqhkiG9w0BCQEWCXQ0MzRAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDQzNUB0ZXN0 +MRgwFgYJKoZIhvcNAQkBFgl0NDM2QHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQ0MzdA +dGVzdDEYMBYGCSqGSIb3DQEJARYJdDQzOEB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0 +NDM5QHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQ0NDBAdGVzdDEYMBYGCSqGSIb3DQEJ +ARYJdDQ0MUB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0NDQyQHRlc3QxGDAWBgkqhkiG +9w0BCQEWCXQ0NDNAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDQ0NEB0ZXN0MRgwFgYJ +KoZIhvcNAQkBFgl0NDQ1QHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQ0NDZAdGVzdDEY +MBYGCSqGSIb3DQEJARYJdDQ0N0B0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0NDQ4QHRl +c3QxGDAWBgkqhkiG9w0BCQEWCXQ0NDlAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDQ1 +MEB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0NDUxQHRlc3QxGDAWBgkqhkiG9w0BCQEW +CXQ0NTJAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDQ1M0B0ZXN0MRgwFgYJKoZIhvcN +AQkBFgl0NDU0QHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQ0NTVAdGVzdDEYMBYGCSqG +SIb3DQEJARYJdDQ1NkB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0NDU3QHRlc3QxGDAW +BgkqhkiG9w0BCQEWCXQ0NThAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDQ1OUB0ZXN0 +MRgwFgYJKoZIhvcNAQkBFgl0NDYwQHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQ0NjFA +dGVzdDEYMBYGCSqGSIb3DQEJARYJdDQ2MkB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0 +NDYzQHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQ0NjRAdGVzdDEYMBYGCSqGSIb3DQEJ +ARYJdDQ2NUB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0NDY2QHRlc3QxGDAWBgkqhkiG +9w0BCQEWCXQ0NjdAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDQ2OEB0ZXN0MRgwFgYJ +KoZIhvcNAQkBFgl0NDY5QHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQ0NzBAdGVzdDEY +MBYGCSqGSIb3DQEJARYJdDQ3MUB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0NDcyQHRl +c3QxGDAWBgkqhkiG9w0BCQEWCXQ0NzNAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDQ3 +NEB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0NDc1QHRlc3QxGDAWBgkqhkiG9w0BCQEW +CXQ0NzZAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDQ3N0B0ZXN0MRgwFgYJKoZIhvcN +AQkBFgl0NDc4QHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQ0NzlAdGVzdDEYMBYGCSqG +SIb3DQEJARYJdDQ4MEB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0NDgxQHRlc3QxGDAW +BgkqhkiG9w0BCQEWCXQ0ODJAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDQ4M0B0ZXN0 +MRgwFgYJKoZIhvcNAQkBFgl0NDg0QHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQ0ODVA +dGVzdDEYMBYGCSqGSIb3DQEJARYJdDQ4NkB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0 +NDg3QHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQ0ODhAdGVzdDEYMBYGCSqGSIb3DQEJ +ARYJdDQ4OUB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0NDkwQHRlc3QxGDAWBgkqhkiG +9w0BCQEWCXQ0OTFAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDQ5MkB0ZXN0MRgwFgYJ +KoZIhvcNAQkBFgl0NDkzQHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQ0OTRAdGVzdDEY +MBYGCSqGSIb3DQEJARYJdDQ5NUB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0NDk2QHRl +c3QxGDAWBgkqhkiG9w0BCQEWCXQ0OTdAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDQ5 +OEB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0NDk5QHRlc3QxGDAWBgkqhkiG9w0BCQEW +CXQ1MDBAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDUwMUB0ZXN0MRgwFgYJKoZIhvcN +AQkBFgl0NTAyQHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQ1MDNAdGVzdDEYMBYGCSqG +SIb3DQEJARYJdDUwNEB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0NTA1QHRlc3QxGDAW +BgkqhkiG9w0BCQEWCXQ1MDZAdGVzdDEYMBYGCSqGSIb3DQEJARYJdDUwN0B0ZXN0 +MRgwFgYJKoZIhvcNAQkBFgl0NTA4QHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQ1MDlA +dGVzdDEYMBYGCSqGSIb3DQEJARYJdDUxMEB0ZXN0MRgwFgYJKoZIhvcNAQkBFgl0 +NTExQHRlc3QxGDAWBgkqhkiG9w0BCQEWCXQ1MTJAdGVzdDCCASIwDQYJKoZIhvcN +AQEBBQADggEPADCCAQoCggEBALoL2oQZEgFBdXwuPb29W75T63JfNJKKdYi6YrmK +M+EKbcMue/hFrLGQXB6a2eQZFn+j3hmexeQF9T8iWxh2S6rzAr1Yj+qXeDBaMf4o +BEiEhBxIsaIlws3qQa4baeVEEoxw+A+ISrYHTIFcV/i0bcIFt5p7v7wbu686a/w0 +vIqPfad5amdQJMvmjZXDI+jGMvFPmBRHr2/1dJUWPaKsJluwR514pJv74urIyEt+ +dFPM2/5kc2HiLNkeuS1Hbky+dPlDIGrfaHHsCNnb/GjvQ6YfvDXRrYPCxWMk0x3F +MSaDK9T0zoJ5hE9fViR+D6xcJO2RNUCUENS+Iipj3kIrLbkCAwEAAaM1MDMwDgYD +VR0PAQH/BAQDAgWgMBMGA1UdJQQMMAoGCCsGAQUFBwMBMAwGA1UdEwEB/wQCMAAw +DQYJKoZIhvcNAQELBQADggEBAH6ad2kFE0qGDe3ErMdwTGjbBz3T12dDvAUVhGHQ +uZShOdPsXMHD2mUqFgLE0iJFeXB7jOSAKtzmKHNmxZ4W0UZ7eMPPogkgIbG3d3yR +8zBO21CUyOQWChywpKcAou9ji3Kq6pb4+mqq0a5TGIYyGJKSUTv09KI+iHgwteCX +DHzzhuTs8AhodmNO5K/F9YFWJWvQ1NrwyUmOFEw8/UcljyKxFrP2VEov0fWeiTRB +Ps6VaFBW7SEEi8fAM9W5kfsl+iWRvwFcFdXGQt1HbeywCu58DLI4uceHCFb+3MMO +Xv7wJ5UhQODuzwuq7CuZvlxR2tiFoPP+s5fPH0L8MBP5z6w= +-----END CERTIFICATE----- diff --git a/openssl-1.1.0h/test/certs/sroot+anyEKU.pem b/openssl-1.1.0h/test/certs/sroot+anyEKU.pem new file mode 100644 index 0000000..9beefa9 --- /dev/null +++ b/openssl-1.1.0h/test/certs/sroot+anyEKU.pem @@ -0,0 +1,19 @@ +-----BEGIN TRUSTED CERTIFICATE----- +MIIDBjCCAe6gAwIBAgIBATANBgkqhkiG9w0BAQsFADASMRAwDgYDVQQDDAdSb290 +IENBMCAXDTE2MDEyOTA0NDc0NloYDzIxMTYwMTMwMDQ0NzQ2WjASMRAwDgYDVQQD +DAdSb290IENBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4eYA9Qa8 +oEY4eQ8/HnEZE20C3yubdmv8rLAh7daRCEI7pWM17FJboKJKxdYAlAOXWj25ZyjS +feMhXKTtxjyNjoTRnVTDPdl0opZ2Z3H5xhpQd7P9eO5b4OOMiSPCmiLsPtQ3ngfN +wCtVERc6NEIcaQ06GLDtFZRexv2eh8Yc55QaksBfBcFzQ+UD3gmRySTO2I6Lfi7g +MUjRhipqVSZ66As2Tpex4KTJ2lxpSwOACFaDox+yKrjBTP7FsU3UwAGq7b7OJb3u +aa32B81uK6GJVPVo65gJ7clgZsszYkoDsGjWDqtfwTVVfv1G7rrr3Laio+2Ff3ff +tWgiQ35mJCOvxQIDAQABo2UwYzAdBgNVHQ4EFgQUjvUlrx6ba4Q9fICayVOcTXL3 +o1IwHwYDVR0jBBgwFoAUjvUlrx6ba4Q9fICayVOcTXL3o1IwDAYDVR0TBAUwAwEB +/zATBgNVHSUEDDAKBggrBgEFBQcDATANBgkqhkiG9w0BAQsFAAOCAQEAknUQhKHR +lI3BOPTuD+DMabjdfZ6Sb5ICpIOcvYFnlZV0lkyK3TuOw+iSlUUzHT3MlMos1w2a +mYPb1BpACTpB1vOcRZPaoSZqiOJrKzes+oUZG7R75lz+TK4Y1lQlWObsnUlFUDzr +c3P3mbCALr9RPee+Mqd10E/57jjIF0sb3Cq74l7MEzD/3JWKhxEtTmChG+Q29bzW +foaDqVaePdyk4M+TMQMioGqXYqu/4bzCnZyls1J5FfwBCtPGJ1/3wxLwk+Pavu9w +TSagWsC90QGRYH0EauS1KqlJ6dR6Tyf6G5HHmDPufzHT0ouL5Db6C59XSMWud6RG +E3ODKNXOOP3jsDAIMAYGBFUdJQA= +-----END TRUSTED CERTIFICATE----- diff --git a/openssl-1.1.0h/test/certs/sroot+clientAuth.pem b/openssl-1.1.0h/test/certs/sroot+clientAuth.pem new file mode 100644 index 0000000..939e3e8 --- /dev/null +++ b/openssl-1.1.0h/test/certs/sroot+clientAuth.pem @@ -0,0 +1,19 @@ +-----BEGIN TRUSTED CERTIFICATE----- +MIIDBjCCAe6gAwIBAgIBATANBgkqhkiG9w0BAQsFADASMRAwDgYDVQQDDAdSb290 +IENBMCAXDTE2MDEyOTA0NDc0NloYDzIxMTYwMTMwMDQ0NzQ2WjASMRAwDgYDVQQD +DAdSb290IENBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4eYA9Qa8 +oEY4eQ8/HnEZE20C3yubdmv8rLAh7daRCEI7pWM17FJboKJKxdYAlAOXWj25ZyjS +feMhXKTtxjyNjoTRnVTDPdl0opZ2Z3H5xhpQd7P9eO5b4OOMiSPCmiLsPtQ3ngfN +wCtVERc6NEIcaQ06GLDtFZRexv2eh8Yc55QaksBfBcFzQ+UD3gmRySTO2I6Lfi7g +MUjRhipqVSZ66As2Tpex4KTJ2lxpSwOACFaDox+yKrjBTP7FsU3UwAGq7b7OJb3u +aa32B81uK6GJVPVo65gJ7clgZsszYkoDsGjWDqtfwTVVfv1G7rrr3Laio+2Ff3ff +tWgiQ35mJCOvxQIDAQABo2UwYzAdBgNVHQ4EFgQUjvUlrx6ba4Q9fICayVOcTXL3 +o1IwHwYDVR0jBBgwFoAUjvUlrx6ba4Q9fICayVOcTXL3o1IwDAYDVR0TBAUwAwEB +/zATBgNVHSUEDDAKBggrBgEFBQcDATANBgkqhkiG9w0BAQsFAAOCAQEAknUQhKHR +lI3BOPTuD+DMabjdfZ6Sb5ICpIOcvYFnlZV0lkyK3TuOw+iSlUUzHT3MlMos1w2a +mYPb1BpACTpB1vOcRZPaoSZqiOJrKzes+oUZG7R75lz+TK4Y1lQlWObsnUlFUDzr +c3P3mbCALr9RPee+Mqd10E/57jjIF0sb3Cq74l7MEzD/3JWKhxEtTmChG+Q29bzW +foaDqVaePdyk4M+TMQMioGqXYqu/4bzCnZyls1J5FfwBCtPGJ1/3wxLwk+Pavu9w +TSagWsC90QGRYH0EauS1KqlJ6dR6Tyf6G5HHmDPufzHT0ouL5Db6C59XSMWud6RG +E3ODKNXOOP3jsDAMMAoGCCsGAQUFBwMC +-----END TRUSTED CERTIFICATE----- diff --git a/openssl-1.1.0h/test/certs/sroot+serverAuth.pem b/openssl-1.1.0h/test/certs/sroot+serverAuth.pem new file mode 100644 index 0000000..447d2e3 --- /dev/null +++ b/openssl-1.1.0h/test/certs/sroot+serverAuth.pem @@ -0,0 +1,19 @@ +-----BEGIN TRUSTED CERTIFICATE----- +MIIDBjCCAe6gAwIBAgIBATANBgkqhkiG9w0BAQsFADASMRAwDgYDVQQDDAdSb290 +IENBMCAXDTE2MDEyOTA0NDc0NloYDzIxMTYwMTMwMDQ0NzQ2WjASMRAwDgYDVQQD +DAdSb290IENBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4eYA9Qa8 +oEY4eQ8/HnEZE20C3yubdmv8rLAh7daRCEI7pWM17FJboKJKxdYAlAOXWj25ZyjS +feMhXKTtxjyNjoTRnVTDPdl0opZ2Z3H5xhpQd7P9eO5b4OOMiSPCmiLsPtQ3ngfN +wCtVERc6NEIcaQ06GLDtFZRexv2eh8Yc55QaksBfBcFzQ+UD3gmRySTO2I6Lfi7g +MUjRhipqVSZ66As2Tpex4KTJ2lxpSwOACFaDox+yKrjBTP7FsU3UwAGq7b7OJb3u +aa32B81uK6GJVPVo65gJ7clgZsszYkoDsGjWDqtfwTVVfv1G7rrr3Laio+2Ff3ff +tWgiQ35mJCOvxQIDAQABo2UwYzAdBgNVHQ4EFgQUjvUlrx6ba4Q9fICayVOcTXL3 +o1IwHwYDVR0jBBgwFoAUjvUlrx6ba4Q9fICayVOcTXL3o1IwDAYDVR0TBAUwAwEB +/zATBgNVHSUEDDAKBggrBgEFBQcDATANBgkqhkiG9w0BAQsFAAOCAQEAknUQhKHR +lI3BOPTuD+DMabjdfZ6Sb5ICpIOcvYFnlZV0lkyK3TuOw+iSlUUzHT3MlMos1w2a +mYPb1BpACTpB1vOcRZPaoSZqiOJrKzes+oUZG7R75lz+TK4Y1lQlWObsnUlFUDzr +c3P3mbCALr9RPee+Mqd10E/57jjIF0sb3Cq74l7MEzD/3JWKhxEtTmChG+Q29bzW +foaDqVaePdyk4M+TMQMioGqXYqu/4bzCnZyls1J5FfwBCtPGJ1/3wxLwk+Pavu9w +TSagWsC90QGRYH0EauS1KqlJ6dR6Tyf6G5HHmDPufzHT0ouL5Db6C59XSMWud6RG +E3ODKNXOOP3jsDAMMAoGCCsGAQUFBwMB +-----END TRUSTED CERTIFICATE----- diff --git a/openssl-1.1.0h/test/certs/sroot-anyEKU.pem b/openssl-1.1.0h/test/certs/sroot-anyEKU.pem new file mode 100644 index 0000000..7f1766a --- /dev/null +++ b/openssl-1.1.0h/test/certs/sroot-anyEKU.pem @@ -0,0 +1,19 @@ +-----BEGIN TRUSTED CERTIFICATE----- +MIIDBjCCAe6gAwIBAgIBATANBgkqhkiG9w0BAQsFADASMRAwDgYDVQQDDAdSb290 +IENBMCAXDTE2MDEyOTA0NDc0NloYDzIxMTYwMTMwMDQ0NzQ2WjASMRAwDgYDVQQD +DAdSb290IENBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4eYA9Qa8 +oEY4eQ8/HnEZE20C3yubdmv8rLAh7daRCEI7pWM17FJboKJKxdYAlAOXWj25ZyjS +feMhXKTtxjyNjoTRnVTDPdl0opZ2Z3H5xhpQd7P9eO5b4OOMiSPCmiLsPtQ3ngfN +wCtVERc6NEIcaQ06GLDtFZRexv2eh8Yc55QaksBfBcFzQ+UD3gmRySTO2I6Lfi7g +MUjRhipqVSZ66As2Tpex4KTJ2lxpSwOACFaDox+yKrjBTP7FsU3UwAGq7b7OJb3u +aa32B81uK6GJVPVo65gJ7clgZsszYkoDsGjWDqtfwTVVfv1G7rrr3Laio+2Ff3ff +tWgiQ35mJCOvxQIDAQABo2UwYzAdBgNVHQ4EFgQUjvUlrx6ba4Q9fICayVOcTXL3 +o1IwHwYDVR0jBBgwFoAUjvUlrx6ba4Q9fICayVOcTXL3o1IwDAYDVR0TBAUwAwEB +/zATBgNVHSUEDDAKBggrBgEFBQcDATANBgkqhkiG9w0BAQsFAAOCAQEAknUQhKHR +lI3BOPTuD+DMabjdfZ6Sb5ICpIOcvYFnlZV0lkyK3TuOw+iSlUUzHT3MlMos1w2a +mYPb1BpACTpB1vOcRZPaoSZqiOJrKzes+oUZG7R75lz+TK4Y1lQlWObsnUlFUDzr +c3P3mbCALr9RPee+Mqd10E/57jjIF0sb3Cq74l7MEzD/3JWKhxEtTmChG+Q29bzW +foaDqVaePdyk4M+TMQMioGqXYqu/4bzCnZyls1J5FfwBCtPGJ1/3wxLwk+Pavu9w +TSagWsC90QGRYH0EauS1KqlJ6dR6Tyf6G5HHmDPufzHT0ouL5Db6C59XSMWud6RG +E3ODKNXOOP3jsDAIoAYGBFUdJQA= +-----END TRUSTED CERTIFICATE----- diff --git a/openssl-1.1.0h/test/certs/sroot-cert.pem b/openssl-1.1.0h/test/certs/sroot-cert.pem new file mode 100644 index 0000000..55508d9 --- /dev/null +++ b/openssl-1.1.0h/test/certs/sroot-cert.pem @@ -0,0 +1,19 @@ +-----BEGIN CERTIFICATE----- +MIIDBjCCAe6gAwIBAgIBATANBgkqhkiG9w0BAQsFADASMRAwDgYDVQQDDAdSb290 +IENBMCAXDTE2MDEyOTA0NDc0NloYDzIxMTYwMTMwMDQ0NzQ2WjASMRAwDgYDVQQD +DAdSb290IENBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4eYA9Qa8 +oEY4eQ8/HnEZE20C3yubdmv8rLAh7daRCEI7pWM17FJboKJKxdYAlAOXWj25ZyjS +feMhXKTtxjyNjoTRnVTDPdl0opZ2Z3H5xhpQd7P9eO5b4OOMiSPCmiLsPtQ3ngfN +wCtVERc6NEIcaQ06GLDtFZRexv2eh8Yc55QaksBfBcFzQ+UD3gmRySTO2I6Lfi7g +MUjRhipqVSZ66As2Tpex4KTJ2lxpSwOACFaDox+yKrjBTP7FsU3UwAGq7b7OJb3u +aa32B81uK6GJVPVo65gJ7clgZsszYkoDsGjWDqtfwTVVfv1G7rrr3Laio+2Ff3ff +tWgiQ35mJCOvxQIDAQABo2UwYzAdBgNVHQ4EFgQUjvUlrx6ba4Q9fICayVOcTXL3 +o1IwHwYDVR0jBBgwFoAUjvUlrx6ba4Q9fICayVOcTXL3o1IwDAYDVR0TBAUwAwEB +/zATBgNVHSUEDDAKBggrBgEFBQcDATANBgkqhkiG9w0BAQsFAAOCAQEAknUQhKHR +lI3BOPTuD+DMabjdfZ6Sb5ICpIOcvYFnlZV0lkyK3TuOw+iSlUUzHT3MlMos1w2a +mYPb1BpACTpB1vOcRZPaoSZqiOJrKzes+oUZG7R75lz+TK4Y1lQlWObsnUlFUDzr +c3P3mbCALr9RPee+Mqd10E/57jjIF0sb3Cq74l7MEzD/3JWKhxEtTmChG+Q29bzW +foaDqVaePdyk4M+TMQMioGqXYqu/4bzCnZyls1J5FfwBCtPGJ1/3wxLwk+Pavu9w +TSagWsC90QGRYH0EauS1KqlJ6dR6Tyf6G5HHmDPufzHT0ouL5Db6C59XSMWud6RG +E3ODKNXOOP3jsA== +-----END CERTIFICATE----- diff --git a/openssl-1.1.0h/test/certs/sroot-clientAuth.pem b/openssl-1.1.0h/test/certs/sroot-clientAuth.pem new file mode 100644 index 0000000..e91f1d2 --- /dev/null +++ b/openssl-1.1.0h/test/certs/sroot-clientAuth.pem @@ -0,0 +1,19 @@ +-----BEGIN TRUSTED CERTIFICATE----- +MIIDBjCCAe6gAwIBAgIBATANBgkqhkiG9w0BAQsFADASMRAwDgYDVQQDDAdSb290 +IENBMCAXDTE2MDEyOTA0NDc0NloYDzIxMTYwMTMwMDQ0NzQ2WjASMRAwDgYDVQQD +DAdSb290IENBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4eYA9Qa8 +oEY4eQ8/HnEZE20C3yubdmv8rLAh7daRCEI7pWM17FJboKJKxdYAlAOXWj25ZyjS +feMhXKTtxjyNjoTRnVTDPdl0opZ2Z3H5xhpQd7P9eO5b4OOMiSPCmiLsPtQ3ngfN +wCtVERc6NEIcaQ06GLDtFZRexv2eh8Yc55QaksBfBcFzQ+UD3gmRySTO2I6Lfi7g +MUjRhipqVSZ66As2Tpex4KTJ2lxpSwOACFaDox+yKrjBTP7FsU3UwAGq7b7OJb3u +aa32B81uK6GJVPVo65gJ7clgZsszYkoDsGjWDqtfwTVVfv1G7rrr3Laio+2Ff3ff +tWgiQ35mJCOvxQIDAQABo2UwYzAdBgNVHQ4EFgQUjvUlrx6ba4Q9fICayVOcTXL3 +o1IwHwYDVR0jBBgwFoAUjvUlrx6ba4Q9fICayVOcTXL3o1IwDAYDVR0TBAUwAwEB +/zATBgNVHSUEDDAKBggrBgEFBQcDATANBgkqhkiG9w0BAQsFAAOCAQEAknUQhKHR +lI3BOPTuD+DMabjdfZ6Sb5ICpIOcvYFnlZV0lkyK3TuOw+iSlUUzHT3MlMos1w2a +mYPb1BpACTpB1vOcRZPaoSZqiOJrKzes+oUZG7R75lz+TK4Y1lQlWObsnUlFUDzr +c3P3mbCALr9RPee+Mqd10E/57jjIF0sb3Cq74l7MEzD/3JWKhxEtTmChG+Q29bzW +foaDqVaePdyk4M+TMQMioGqXYqu/4bzCnZyls1J5FfwBCtPGJ1/3wxLwk+Pavu9w +TSagWsC90QGRYH0EauS1KqlJ6dR6Tyf6G5HHmDPufzHT0ouL5Db6C59XSMWud6RG +E3ODKNXOOP3jsDAMoAoGCCsGAQUFBwMC +-----END TRUSTED CERTIFICATE----- diff --git a/openssl-1.1.0h/test/certs/sroot-serverAuth.pem b/openssl-1.1.0h/test/certs/sroot-serverAuth.pem new file mode 100644 index 0000000..2fd78cc --- /dev/null +++ b/openssl-1.1.0h/test/certs/sroot-serverAuth.pem @@ -0,0 +1,19 @@ +-----BEGIN TRUSTED CERTIFICATE----- +MIIDBjCCAe6gAwIBAgIBATANBgkqhkiG9w0BAQsFADASMRAwDgYDVQQDDAdSb290 +IENBMCAXDTE2MDEyOTA0NDc0NloYDzIxMTYwMTMwMDQ0NzQ2WjASMRAwDgYDVQQD +DAdSb290IENBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4eYA9Qa8 +oEY4eQ8/HnEZE20C3yubdmv8rLAh7daRCEI7pWM17FJboKJKxdYAlAOXWj25ZyjS +feMhXKTtxjyNjoTRnVTDPdl0opZ2Z3H5xhpQd7P9eO5b4OOMiSPCmiLsPtQ3ngfN +wCtVERc6NEIcaQ06GLDtFZRexv2eh8Yc55QaksBfBcFzQ+UD3gmRySTO2I6Lfi7g +MUjRhipqVSZ66As2Tpex4KTJ2lxpSwOACFaDox+yKrjBTP7FsU3UwAGq7b7OJb3u +aa32B81uK6GJVPVo65gJ7clgZsszYkoDsGjWDqtfwTVVfv1G7rrr3Laio+2Ff3ff +tWgiQ35mJCOvxQIDAQABo2UwYzAdBgNVHQ4EFgQUjvUlrx6ba4Q9fICayVOcTXL3 +o1IwHwYDVR0jBBgwFoAUjvUlrx6ba4Q9fICayVOcTXL3o1IwDAYDVR0TBAUwAwEB +/zATBgNVHSUEDDAKBggrBgEFBQcDATANBgkqhkiG9w0BAQsFAAOCAQEAknUQhKHR +lI3BOPTuD+DMabjdfZ6Sb5ICpIOcvYFnlZV0lkyK3TuOw+iSlUUzHT3MlMos1w2a +mYPb1BpACTpB1vOcRZPaoSZqiOJrKzes+oUZG7R75lz+TK4Y1lQlWObsnUlFUDzr +c3P3mbCALr9RPee+Mqd10E/57jjIF0sb3Cq74l7MEzD/3JWKhxEtTmChG+Q29bzW +foaDqVaePdyk4M+TMQMioGqXYqu/4bzCnZyls1J5FfwBCtPGJ1/3wxLwk+Pavu9w +TSagWsC90QGRYH0EauS1KqlJ6dR6Tyf6G5HHmDPufzHT0ouL5Db6C59XSMWud6RG +E3ODKNXOOP3jsDAMoAoGCCsGAQUFBwMB +-----END TRUSTED CERTIFICATE----- diff --git a/openssl-1.1.0h/test/certs/subinterCA-ss.pem b/openssl-1.1.0h/test/certs/subinterCA-ss.pem new file mode 100644 index 0000000..a436b4b --- /dev/null +++ b/openssl-1.1.0h/test/certs/subinterCA-ss.pem @@ -0,0 +1,21 @@ +-----BEGIN CERTIFICATE----- +MIIDhzCCAm+gAwIBAgIJAJTed6XmFiu/MA0GCSqGSIb3DQEBCwUAMFoxCzAJBgNV +BAYTAkFVMRMwEQYDVQQIDApTb21lLVN0YXRlMSEwHwYDVQQKDBhJbnRlcm5ldCBX +aWRnaXRzIFB0eSBMdGQxEzARBgNVBAMMCnN1YmludGVyQ0EwHhcNMTUwNzAyMTMy +MTU4WhcNMzUwNzAyMTMyMTU4WjBaMQswCQYDVQQGEwJBVTETMBEGA1UECAwKU29t +ZS1TdGF0ZTEhMB8GA1UECgwYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMRMwEQYD +VQQDDApzdWJpbnRlckNBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA +/zQjvhbU7RWDsRaEkVUBZWR/PqZ49GoE9p3OyRN4pkt1c1yb2ARVkYZP5e9gHb04 +wPVz2+FYy+2mNkl+uAZbcK5w5fWO3WJIEn57he4MkWu3ew1nJeSv3na8gyOoCheG +64kWVbA2YL92mR7QoSCo4SP7RmykLrwj6TlDxqgH6DxKSD/CpdCHE3DKAzAiri3G +Vc90OJAszYHlje4/maVIOayGROVET3xa5cbtRJl8IBgmqhMywtz4hhY/XZTvdEn2 +90aL857Hk7JjogA7mLKi07yKzknMxHV+k6JX7xJEttkcNQRFHONWZG1T4mRY1Drh +6VbJGb+0GNIldNLQqigkfwIDAQABo1AwTjAMBgNVHRMEBTADAQH/MB0GA1UdDgQW +BBTpZ30QdMGarrhMPwk+HHAV3R8aTzAfBgNVHSMEGDAWgBTpZ30QdMGarrhMPwk+ +HHAV3R8aTzANBgkqhkiG9w0BAQsFAAOCAQEAF8UAMtV1DClUWRw1h+THdAhjeo8S +9BOp6QphtlYuc9o+tQri5m+WqbyUZKIBEtumNhFb7QI1e4hO64y1kKbSs2AjWcJ2 +QxAyGiMM3wl2UfxPohDtgNhm0GFgQ1tUTeSnW3kAom9NqI7U/2lPpLh4rrFYTepR +wy0FV3NpRuHPtJE0VfqYnwWiTRdCJ7w1XzknKOUSHP/hRbyJVlwQp3VEQ9SIOYU6 +C+QEVGIgQiST6MRlCvoNP43guaRtrMuBZJaHKy/hLPvkdRpXHoUeKQFDuH77sZsF +sBv3EHNKoBvpSpSJndZN6UcH7Z1yn41Y6AnO4u492jiRAjQpP9+Nf/x1eg== +-----END CERTIFICATE----- diff --git a/openssl-1.1.0h/test/certs/subinterCA.key b/openssl-1.1.0h/test/certs/subinterCA.key new file mode 100644 index 0000000..c867af9 --- /dev/null +++ b/openssl-1.1.0h/test/certs/subinterCA.key @@ -0,0 +1,27 @@ +-----BEGIN RSA PRIVATE KEY----- +MIIEpQIBAAKCAQEA/zQjvhbU7RWDsRaEkVUBZWR/PqZ49GoE9p3OyRN4pkt1c1yb +2ARVkYZP5e9gHb04wPVz2+FYy+2mNkl+uAZbcK5w5fWO3WJIEn57he4MkWu3ew1n +JeSv3na8gyOoCheG64kWVbA2YL92mR7QoSCo4SP7RmykLrwj6TlDxqgH6DxKSD/C +pdCHE3DKAzAiri3GVc90OJAszYHlje4/maVIOayGROVET3xa5cbtRJl8IBgmqhMy +wtz4hhY/XZTvdEn290aL857Hk7JjogA7mLKi07yKzknMxHV+k6JX7xJEttkcNQRF +HONWZG1T4mRY1Drh6VbJGb+0GNIldNLQqigkfwIDAQABAoIBAQDg14MWGu+F4gqg +nwI1OPt95UjmXaz7Sd0NmoNxTKJjgN/9v33emBL7n6YNIxU/nlK+ToLBGo0tPjfO +ZHoskA1H/aiiMfKowcpV4PHbUZvpE0oYM/rIu+7mxR3ZPDT0jz3jjmgLHrEKFCXd +SfTtwOSJVzYvGdCdDE1nUXiRMcGlrJYxPf+0k3sGK7G90rYJkgffz92yuJote/s5 +P5nsK1h30yjKaWEzvf3ABladplykFN3GkICRGaCq0Nj5YWiG7qX9H9smYrioG0VH +VqgIbV2sHnmUYZaOTmC0RnwDWSZR25xOHVbugZ7rGnf4NdoM2S/oTI/SAXcDsaDX +lDpiEEuBAoGBAP/TISpeDRtUWzfVQxH+wbMdSbABjawf5sT7op7IsWsurY7u+KVh +ubhaSdeR7YbTyVUqbAc4mg9TIZxDe6+/I2S8LibQAa8wnv5aR1iPj/tZJOKrtu+Z +uHUyXMDR+8pIjQS0N+ukFp0tw9nicPNUt23JpqDFMvpASF+kUlnHOWAvAoGBAP9g +5rDid235QnnAhNJGkxE1ZwICPSo66AD/kF8XsMnAVasR0EPJCQ1+Zmh7wsXGq6Im +S65F4m0tsw4jeD67D1o5yuAnk/LLcdOdHW1w7iHuIhYKuWf1fqsOIqJLy7gdzwj4 +hImECoE40cqlLTge7xByxeHJwKF9ssXcwHFBIJyxAoGBAI5SeyUC5e/KYmURdBrS +zBhFtvUAKD0WEmCMTdBgfrPOaCgYsqPvVk9Fi8cuHCLiOCP1UdxClRLpgM1ajbkc +cShduJ9HIWjBd/KxbvfKBqQi1+5y8Xci4gfxWMC9EYNcEXgIewPRafNPvqG85HG7 +M8EUamsOymmG0bzDwjzIJRdpAoGAOUoVtmy3ehZG0WVc5ocqitu+BfdWnViln0O1 +sX9xC3F4Rm4ymGJLA5ntg1bwNMoCytdodun6h5+O4YcXfIseQJFib7KxP/Bf0qcW +aOzCnx36y5MQUMAD8H+1SU9TnjQhs9N8eBUE/kQu3BT99e8KllgJCEPoUNIP/s8s +5LtFg6ECgYEAgLwJoJ3hBwr0LmUi3kpFYdbZ+tAKIvKQH3xYMnQulOqtlXJFy0bu +ZcIAwsigRUqdCC2JuyAUw52HCtVVlpQjNs4BnUzaKooLOCm3w3i6X27mnHE0200S +zqC0rcB0xNz/IltGc7IP+T8UK5xX38uhJ/vUW75OvAjqheJSBwR9h5c= +-----END RSA PRIVATE KEY----- diff --git a/openssl-1.1.0h/test/certs/subinterCA.pem b/openssl-1.1.0h/test/certs/subinterCA.pem new file mode 100644 index 0000000..2cdf480 --- /dev/null +++ b/openssl-1.1.0h/test/certs/subinterCA.pem @@ -0,0 +1,21 @@ +-----BEGIN CERTIFICATE----- +MIIDhDCCAmygAwIBAgIJAJkv2OGshkmUMA0GCSqGSIb3DQEBCwUAMFcxCzAJBgNV +BAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBX +aWRnaXRzIFB0eSBMdGQxEDAOBgNVBAMTB2ludGVyQ0EwHhcNMTUwNzAyMTMxODIz +WhcNMzUwNzAyMTMxODIzWjBaMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1T +dGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMRMwEQYDVQQD +EwpzdWJpbnRlckNBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA/zQj +vhbU7RWDsRaEkVUBZWR/PqZ49GoE9p3OyRN4pkt1c1yb2ARVkYZP5e9gHb04wPVz +2+FYy+2mNkl+uAZbcK5w5fWO3WJIEn57he4MkWu3ew1nJeSv3na8gyOoCheG64kW +VbA2YL92mR7QoSCo4SP7RmykLrwj6TlDxqgH6DxKSD/CpdCHE3DKAzAiri3GVc90 +OJAszYHlje4/maVIOayGROVET3xa5cbtRJl8IBgmqhMywtz4hhY/XZTvdEn290aL +857Hk7JjogA7mLKi07yKzknMxHV+k6JX7xJEttkcNQRFHONWZG1T4mRY1Drh6VbJ +Gb+0GNIldNLQqigkfwIDAQABo1AwTjAMBgNVHRMEBTADAQH/MB0GA1UdDgQWBBTp +Z30QdMGarrhMPwk+HHAV3R8aTzAfBgNVHSMEGDAWgBQY+tYjuY9dXRN9Po+okcfZ +YcAXLjANBgkqhkiG9w0BAQsFAAOCAQEAgVUsOf9rdHlQDw4clP8GMY7QahfXbvd8 +8o++P18KeInQXH6+sCg0axZXzhOmKwn+Ina3EsOP7xk4aKIYwJ4A1xBuT7fKxquQ +pbJyjkEBsNRVLC9t4gOA0FC791v5bOCZjyff5uN+hy8r0828nVxha6CKLqwrPd+E +mC7DtilSZIgO2vwbTBL6ifmw9n1dd/Bl8Wdjnl7YJqTIf0Ozc2SZSMRUq9ryn4Wq +YrjRl8NwioGb1LfjEJ0wJi2ngL3IgaN94qmDn10OJs8hlsufwP1n+Bca3fsl0m5U +gUMG+CXxbF0kdCKZ9kQb1MJE4vOk6zfyBGQndmQnxHjt5botI/xpXg== +-----END CERTIFICATE----- diff --git a/openssl-1.1.0h/test/certs/untrusted.pem b/openssl-1.1.0h/test/certs/untrusted.pem new file mode 100644 index 0000000..d93d312 --- /dev/null +++ b/openssl-1.1.0h/test/certs/untrusted.pem @@ -0,0 +1,42 @@ +-----BEGIN CERTIFICATE----- +MIIDhDCCAmygAwIBAgIJAJkv2OGshkmUMA0GCSqGSIb3DQEBCwUAMFcxCzAJBgNV +BAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBX +aWRnaXRzIFB0eSBMdGQxEDAOBgNVBAMTB2ludGVyQ0EwHhcNMTUwNzAyMTMxODIz +WhcNMzUwNzAyMTMxODIzWjBaMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1T +dGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMRMwEQYDVQQD +EwpzdWJpbnRlckNBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA/zQj +vhbU7RWDsRaEkVUBZWR/PqZ49GoE9p3OyRN4pkt1c1yb2ARVkYZP5e9gHb04wPVz +2+FYy+2mNkl+uAZbcK5w5fWO3WJIEn57he4MkWu3ew1nJeSv3na8gyOoCheG64kW +VbA2YL92mR7QoSCo4SP7RmykLrwj6TlDxqgH6DxKSD/CpdCHE3DKAzAiri3GVc90 +OJAszYHlje4/maVIOayGROVET3xa5cbtRJl8IBgmqhMywtz4hhY/XZTvdEn290aL +857Hk7JjogA7mLKi07yKzknMxHV+k6JX7xJEttkcNQRFHONWZG1T4mRY1Drh6VbJ +Gb+0GNIldNLQqigkfwIDAQABo1AwTjAMBgNVHRMEBTADAQH/MB0GA1UdDgQWBBTp +Z30QdMGarrhMPwk+HHAV3R8aTzAfBgNVHSMEGDAWgBQY+tYjuY9dXRN9Po+okcfZ +YcAXLjANBgkqhkiG9w0BAQsFAAOCAQEAgVUsOf9rdHlQDw4clP8GMY7QahfXbvd8 +8o++P18KeInQXH6+sCg0axZXzhOmKwn+Ina3EsOP7xk4aKIYwJ4A1xBuT7fKxquQ +pbJyjkEBsNRVLC9t4gOA0FC791v5bOCZjyff5uN+hy8r0828nVxha6CKLqwrPd+E +mC7DtilSZIgO2vwbTBL6ifmw9n1dd/Bl8Wdjnl7YJqTIf0Ozc2SZSMRUq9ryn4Wq +YrjRl8NwioGb1LfjEJ0wJi2ngL3IgaN94qmDn10OJs8hlsufwP1n+Bca3fsl0m5U +gUMG+CXxbF0kdCKZ9kQb1MJE4vOk6zfyBGQndmQnxHjt5botI/xpXg== +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIDfjCCAmagAwIBAgIJAKRNsDKacUqNMA0GCSqGSIb3DQEBCwUAMFoxCzAJBgNV +BAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBX +aWRnaXRzIFB0eSBMdGQxEzARBgNVBAMTCnN1YmludGVyQ0EwHhcNMTUwNzAyMTMx +OTQ5WhcNMzUwNzAyMTMxOTQ5WjBUMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29t +ZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMQ0wCwYD +VQQDEwRsZWFmMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv0Qo9WC/ +BKA70LtQJdwVGSXqr9dut3cQmiFzTb/SaWldjOT1sRNDFxSzdTJjU/8cIDEZvaTI +wRxP/dtVQLjc+4jzrUwz93NuZYlsEWUEUg4Lrnfs0Nz50yHk4rJhVxWjb8Ii/wRB +ViWHFExP7CwTkXiTclC1bCqTuWkjxF3thTfTsttRyY7qNkz2JpNx0guD8v4otQoY +jA5AEZvK4IXLwOwxol5xBTMvIrvvff2kkh+c7OC2QVbUTow/oppjqIKCx2maNHCt +LFTJELf3fwtRJLJsy4fKGP0/6kpZc8Sp88WK4B4FauF9IV1CmoAJUC1vJxhagHIK +fVtFjUWs8GPobQIDAQABo00wSzAJBgNVHRMEAjAAMB0GA1UdDgQWBBQcHcT+8SVG +IRlN9YTuM9rlz7UZfzAfBgNVHSMEGDAWgBTpZ30QdMGarrhMPwk+HHAV3R8aTzAN +BgkqhkiG9w0BAQsFAAOCAQEAGjmSkF8is+v0/RLcnSRiCXENz+yNi4pFCAt6dOtT +6Gtpqa1tY5It9lVppfWb26JrygMIzOr/fB0r1Q7FtZ/7Ft3P6IXVdk3GDO0QsORD +2dRAejhYpc5c7joHxAw9oRfKrEqE+ihVPUTcfcIuBaalvuhkpQRmKP71ws5DVzOw +QhnMd0TtIrbKHaNQ4kNsmSY5fQolwB0LtNfTus7OEFdcZWhOXrWImKXN9jewPKdV +mSG34NfXOnA6qx0eQg06z+TkdrptH6j1Va2vS1/bL+h1GxjpTHlvTGaZYxaloIjw +y/EzY5jygRoABnR3eBm15CYZwwKL9izIq1H3OhymEi/Ycg== +-----END CERTIFICATE----- diff --git a/openssl-1.1.0h/test/certs/wrongcert.pem b/openssl-1.1.0h/test/certs/wrongcert.pem new file mode 100644 index 0000000..b8b3cfd --- /dev/null +++ b/openssl-1.1.0h/test/certs/wrongcert.pem @@ -0,0 +1,19 @@ +-----BEGIN CERTIFICATE----- +MIIC/TCCAeWgAwIBAgIBATANBgkqhkiG9w0BAQsFADAYMRYwFAYDVQQDDA1Xcm9u +ZyBSb290IENBMCAXDTE2MDExNDIyMjkwMVoYDzIxMTYwMTE1MjIyOTAxWjAYMRYw +FAYDVQQDDA1Xcm9uZyBSb290IENBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB +CgKCAQEA1qOM0wmfvpzDnuZbMaZd5VtYPVYFoYMhlSmUQWCH/I17zxzzWi2SCRvc +JXx+mZcK1l7KXYabewH1fxHzBGJYI/huxqEF3G7e0cqa60XAhyEKfop0VrKMpqDh +sNRxqC3PWaQQzijlD2XEY5h3u97qn/m4mAMO1RvKUtv0l0Go9G3VZVp0HSPxW2VM +0xDyOhlPSYzQ0solQgvb3Nir6dyxzOFz4kCJiVwOQQ4YFvRps72NcBV7q6OWpXHE +URIGlVlc7p/8ysGNMgj/G3mtPjVtb+AKFDESO+l9ZGi5JU1LJJf23A2BVUgP4eL1 +huZGrTsVNdIYMds1yHyoDfHABLI+TQIDAQABo1AwTjAdBgNVHQ4EFgQU0sgStYvh +Wvrkc0aam05HE5YMZFgwHwYDVR0jBBgwFoAU0sgStYvhWvrkc0aam05HE5YMZFgw +DAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAQEAT4DDpFvHBIzhKR1/LJx6 +1gsXYCAp1fre5luek/kGTRrInWg6OLZ7B2wLtGcfNlfpRCvLHCh1ORgctNaYwBgE +xOGWHTsbFDfq15cOcATXgDqRch8dLv/5XKm8rXDwmi6mUfbwUDF5qko4f3hpBWvA +EBRJSqPvaRxfiJs3SXGnCbiIcYEz0nAwgqfJl7QFXnD22Fu0FGczwzW/7kh0EeIW +tMsyrIvMR+s6AYzwYrRnUjXBNHjRxuiy5KmyvTMoFm5R6PsD2YfUN1xFkdRy48vb +8fVYApmiXoNWMBgVSija261L81OY4yZZw3BK8nAGrko5VmXjbfYIScpiMlZkXLHN +Ww== +-----END CERTIFICATE----- diff --git a/openssl-1.1.0h/test/certs/wrongkey.pem b/openssl-1.1.0h/test/certs/wrongkey.pem new file mode 100644 index 0000000..72ab17b --- /dev/null +++ b/openssl-1.1.0h/test/certs/wrongkey.pem @@ -0,0 +1,28 @@ +-----BEGIN PRIVATE KEY----- +MIIEvwIBADANBgkqhkiG9w0BAQEFAASCBKkwggSlAgEAAoIBAQDWo4zTCZ++nMOe +5lsxpl3lW1g9VgWhgyGVKZRBYIf8jXvPHPNaLZIJG9wlfH6ZlwrWXspdhpt7AfV/ +EfMEYlgj+G7GoQXcbt7RyprrRcCHIQp+inRWsoymoOGw1HGoLc9ZpBDOKOUPZcRj +mHe73uqf+biYAw7VG8pS2/SXQaj0bdVlWnQdI/FbZUzTEPI6GU9JjNDSyiVCC9vc +2Kvp3LHM4XPiQImJXA5BDhgW9GmzvY1wFXuro5alccRREgaVWVzun/zKwY0yCP8b +ea0+NW1v4AoUMRI76X1kaLklTUskl/bcDYFVSA/h4vWG5katOxU10hgx2zXIfKgN +8cAEsj5NAgMBAAECggEBAJBlHKMI0W/RVIT8oZMIQhi/V+CDk2wxpJENlNBamYFc +yVLvPgOHrrv0Aykw1JaNF1xaDrfWi5i4G6jtsVhctMEWK6fywdemur3WGFx442nE +36N7j4KXwamDh/GHKiMjFmBO0INw3ZB7PSBnfP1lnOAchoO1YvAZLwaJNMXhBUHR +uoGrL2nv2F6EDe1whuNd6ifNPT8aX+8kOP0ooe6+rEvoe8Q6N+ktMLcl/b6y7nqt +Tkl1CzuCnC/KJwY6LRRl6NUttw1c78IauqeNRuLYuaUKMXRjWkKTzPY7sHAdQbey +szC6Rowso6i26n7a0yJFnML8NDZPJAsJqj7NA1rfn4ECgYEA8K51eqVe9C0uNdcG +jxbzZZggPXM2SjGLwSz7DazN67kGkLY54B4BO1s428ZfpgsI364Cyg7vocDegAr2 +t9/+N+i/fF7c9yKICxefNcO/Q1i4hozTimQHEWpCDKgystBrWl+CopRrq/QMndGh +oFfeLzIwQ3m69lFgTBwyTRCDsi0CgYEA5EzEI3uGVfP639x06/7h2kLeBYUlvIaA +84O4t7oAvsIRHBsTvi5OKR2YB9ONkDLmdSEZaGg7KUgzPDBoJ2PDmGP6jEiW//bD +9ftXb6UPUuHMyQu92wzJW6qrNSZu13NqkQ0XTBYBYlYGTvESljJhbWTDLpUd7dlV +i4xxAkxJ8KECgYAD4MvDziZZiODVvUE9zQDfAjSCyPh2+ZVm53KkJcSrp6+TZVxJ +YDJk4nNoFyozYroh4Ivq9ZKm6JStO3/+Nn3CKN3tAxpMYSIQC7FlDGJok2VlxZ8i ++7mhbjTiP1ORzgnsyt0wAXQ6sRQC9v3Dt6a82/IrJCr/DRCgKVQmKb31gQKBgQC5 +IctYHr5UC1KgoGysR3es/9Z9UXjFhakiT+nGC265QjSPvyFmcrRtQRNdHV/J1Izv +5NRuxz9afbMWlwaPEqa1eDXf9qmEjf5hBd3kqkxf4L2pNv1Rme/bhu3pXu45ht2f +HKeMyrd6n9njwDhbViWNiU2CA+hOTZTCYjPuMiEvoQKBgQCY4styVO7gKdNc3j9c +iPAjnMjBBqLzEJdS4de2BFdKM4xhX4OWbNsO+GcMlq4k1Tt6dMKdcLmjnHWsdsqp +UFGEMMZDd/ez6kOAGInYajr7rmRjxAolZwK7mc1OQcDiNgjb5Qs0E5zM4TEg5r56 +sU+ewyfUH6y1dTTJhjIldEfUtw== +-----END PRIVATE KEY----- diff --git a/openssl-1.1.0h/test/cipherlist_test.c b/openssl-1.1.0h/test/cipherlist_test.c new file mode 100644 index 0000000..d6556e0 --- /dev/null +++ b/openssl-1.1.0h/test/cipherlist_test.c @@ -0,0 +1,199 @@ +/* + * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL licenses, (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * https://www.openssl.org/source/license.html + * or in the file LICENSE in the source distribution. + */ + +#include + +#include +#include +#include +#include +#include +#include + +#include "e_os.h" +#include "testutil.h" + +typedef struct cipherlist_test_fixture { + const char *test_case_name; + SSL_CTX *server; + SSL_CTX *client; +} CIPHERLIST_TEST_FIXTURE; + + +static CIPHERLIST_TEST_FIXTURE set_up(const char *const test_case_name) +{ + CIPHERLIST_TEST_FIXTURE fixture; + fixture.test_case_name = test_case_name; + fixture.server = SSL_CTX_new(TLS_server_method()); + fixture.client = SSL_CTX_new(TLS_client_method()); + OPENSSL_assert(fixture.client != NULL && fixture.server != NULL); + return fixture; +} + +/* + * All ciphers in the DEFAULT cipherlist meet the default security level. + * However, default supported ciphers exclude SRP and PSK ciphersuites + * for which no callbacks have been set up. + * + * Supported ciphers also exclude TLSv1.2 ciphers if TLSv1.2 is disabled, + * and individual disabled algorithms. However, NO_RSA, NO_AES and NO_SHA + * are currently broken and should be considered mission impossible in libssl. + */ +static const uint32_t default_ciphers_in_order[] = { +#ifndef OPENSSL_NO_TLS1_2 +# ifndef OPENSSL_NO_EC + TLS1_CK_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, + TLS1_CK_ECDHE_RSA_WITH_AES_256_GCM_SHA384, +# endif +# ifndef OPENSSL_NO_DH + TLS1_CK_DHE_RSA_WITH_AES_256_GCM_SHA384, +# endif + +# if !defined OPENSSL_NO_CHACHA && !defined OPENSSL_NO_POLY1305 +# ifndef OPENSSL_NO_EC + TLS1_CK_ECDHE_ECDSA_WITH_CHACHA20_POLY1305, + TLS1_CK_ECDHE_RSA_WITH_CHACHA20_POLY1305, +# endif +# ifndef OPENSSL_NO_DH + TLS1_CK_DHE_RSA_WITH_CHACHA20_POLY1305, +# endif +# endif /* !OPENSSL_NO_CHACHA && !OPENSSL_NO_POLY1305 */ + +# ifndef OPENSSL_NO_EC + TLS1_CK_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, + TLS1_CK_ECDHE_RSA_WITH_AES_128_GCM_SHA256, +# endif +# ifndef OPENSSL_NO_DH + TLS1_CK_DHE_RSA_WITH_AES_128_GCM_SHA256, +# endif +# ifndef OPENSSL_NO_EC + TLS1_CK_ECDHE_ECDSA_WITH_AES_256_SHA384, + TLS1_CK_ECDHE_RSA_WITH_AES_256_SHA384, +# endif +# ifndef OPENSSL_NO_DH + TLS1_CK_DHE_RSA_WITH_AES_256_SHA256, +# endif +# ifndef OPENSSL_NO_EC + TLS1_CK_ECDHE_ECDSA_WITH_AES_128_SHA256, + TLS1_CK_ECDHE_RSA_WITH_AES_128_SHA256, +# endif +# ifndef OPENSSL_NO_DH + TLS1_CK_DHE_RSA_WITH_AES_128_SHA256, +# endif +#endif /* !OPENSSL_NO_TLS1_2 */ + +#ifndef OPENSSL_NO_EC + TLS1_CK_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, + TLS1_CK_ECDHE_RSA_WITH_AES_256_CBC_SHA, +#endif +#ifndef OPENSSL_NO_DH + TLS1_CK_DHE_RSA_WITH_AES_256_SHA, +#endif +#ifndef OPENSSL_NO_EC + TLS1_CK_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, + TLS1_CK_ECDHE_RSA_WITH_AES_128_CBC_SHA, +#endif +#ifndef OPENSSL_NO_DH + TLS1_CK_DHE_RSA_WITH_AES_128_SHA, +#endif + +#ifndef OPENSSL_NO_TLS1_2 + TLS1_CK_RSA_WITH_AES_256_GCM_SHA384, + TLS1_CK_RSA_WITH_AES_128_GCM_SHA256, + TLS1_CK_RSA_WITH_AES_256_SHA256, + TLS1_CK_RSA_WITH_AES_128_SHA256, +#endif + + TLS1_CK_RSA_WITH_AES_256_SHA, + TLS1_CK_RSA_WITH_AES_128_SHA, +}; + +static int test_default_cipherlist(SSL_CTX *ctx) +{ + STACK_OF(SSL_CIPHER) *ciphers; + SSL *ssl; + int i, ret = 0, num_expected_ciphers, num_ciphers; + uint32_t expected_cipher_id, cipher_id; + + ssl = SSL_new(ctx); + OPENSSL_assert(ssl != NULL); + + ciphers = SSL_get1_supported_ciphers(ssl); + OPENSSL_assert(ciphers != NULL); + num_expected_ciphers = OSSL_NELEM(default_ciphers_in_order); + num_ciphers = sk_SSL_CIPHER_num(ciphers); + if (num_ciphers != num_expected_ciphers) { + fprintf(stderr, "Expected %d supported ciphers, got %d.\n", + num_expected_ciphers, num_ciphers); + goto err; + } + + for (i = 0; i < num_ciphers; i++) { + expected_cipher_id = default_ciphers_in_order[i]; + cipher_id = SSL_CIPHER_get_id(sk_SSL_CIPHER_value(ciphers, i)); + if (cipher_id != expected_cipher_id) { + fprintf(stderr, "Wrong cipher at position %d: expected %x, " + "got %x\n", i, expected_cipher_id, cipher_id); + goto err; + } + } + + ret = 1; + + err: + sk_SSL_CIPHER_free(ciphers); + SSL_free(ssl); + return ret; +} + +static int execute_test(CIPHERLIST_TEST_FIXTURE fixture) +{ + return test_default_cipherlist(fixture.server) + && test_default_cipherlist(fixture.client); +} + +static void tear_down(CIPHERLIST_TEST_FIXTURE fixture) +{ + SSL_CTX_free(fixture.server); + SSL_CTX_free(fixture.client); + ERR_print_errors_fp(stderr); +} + +#define SETUP_CIPHERLIST_TEST_FIXTURE() \ + SETUP_TEST_FIXTURE(CIPHERLIST_TEST_FIXTURE, set_up) + +#define EXECUTE_CIPHERLIST_TEST() \ + EXECUTE_TEST(execute_test, tear_down) + +static int test_default_cipherlist_implicit() +{ + SETUP_CIPHERLIST_TEST_FIXTURE(); + EXECUTE_CIPHERLIST_TEST(); +} + +static int test_default_cipherlist_explicit() +{ + SETUP_CIPHERLIST_TEST_FIXTURE(); + OPENSSL_assert(SSL_CTX_set_cipher_list(fixture.server, "DEFAULT")); + OPENSSL_assert(SSL_CTX_set_cipher_list(fixture.client, "DEFAULT")); + EXECUTE_CIPHERLIST_TEST(); +} + +int main(int argc, char **argv) +{ + int result = 0; + + ADD_TEST(test_default_cipherlist_implicit); + ADD_TEST(test_default_cipherlist_explicit); + + result = run_tests(argv[0]); + + return result; +} diff --git a/openssl-1.1.0h/test/clienthellotest.c b/openssl-1.1.0h/test/clienthellotest.c new file mode 100644 index 0000000..38a7637 --- /dev/null +++ b/openssl-1.1.0h/test/clienthellotest.c @@ -0,0 +1,147 @@ +/* + * Copyright 2015-2018 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#include + +#include +#include +#include +#include +#include +#include + +#include "../ssl/packet_locl.h" + +#define CLIENT_VERSION_LEN 2 + + +#define TOTAL_NUM_TESTS 1 + +/* + * Test that explicitly setting ticket data results in it appearing in the + * ClientHello for a negotiated SSL/TLS version + */ +#define TEST_SET_SESSION_TICK_DATA_VER_NEG 0 + +int main(int argc, char *argv[]) +{ + SSL_CTX *ctx = NULL; + SSL *con = NULL; + BIO *rbio; + BIO *wbio; + BIO *err; + long len; + unsigned char *data; + PACKET pkt, pkt2, pkt3; + char *dummytick = "Hello World!"; + unsigned int type; + int testresult = 0; + int currtest = 0; + + err = BIO_new_fp(stderr, BIO_NOCLOSE | BIO_FP_TEXT); + + CRYPTO_set_mem_debug(1); + CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON); + + /* + * For each test set up an SSL_CTX and SSL and see what ClientHello gets + * produced when we try to connect + */ + for (; currtest < TOTAL_NUM_TESTS; currtest++) { + testresult = 0; + ctx = SSL_CTX_new(TLS_method()); + if (!SSL_CTX_set_max_proto_version(ctx, TLS1_2_VERSION)) + goto end; + con = SSL_new(ctx); + + rbio = BIO_new(BIO_s_mem()); + wbio = BIO_new(BIO_s_mem()); + SSL_set_bio(con, rbio, wbio); + SSL_set_connect_state(con); + + if (currtest == TEST_SET_SESSION_TICK_DATA_VER_NEG) { + if (!SSL_set_session_ticket_ext(con, dummytick, strlen(dummytick))) + goto end; + } + + if (SSL_connect(con) > 0) { + /* This shouldn't succeed because we don't have a server! */ + goto end; + } + + len = BIO_get_mem_data(wbio, (char **)&data); + if (!PACKET_buf_init(&pkt, data, len)) + goto end; + + /* Skip the record header */ + if (!PACKET_forward(&pkt, SSL3_RT_HEADER_LENGTH)) + goto end; + + /* Skip the handshake message header */ + if (!PACKET_forward(&pkt, SSL3_HM_HEADER_LENGTH)) + goto end; + + /* Skip client version and random */ + if (!PACKET_forward(&pkt, CLIENT_VERSION_LEN + SSL3_RANDOM_SIZE)) + goto end; + + /* Skip session id */ + if (!PACKET_get_length_prefixed_1(&pkt, &pkt2)) + goto end; + + /* Skip ciphers */ + if (!PACKET_get_length_prefixed_2(&pkt, &pkt2)) + goto end; + + /* Skip compression */ + if (!PACKET_get_length_prefixed_1(&pkt, &pkt2)) + goto end; + + /* Extensions len */ + if (!PACKET_as_length_prefixed_2(&pkt, &pkt2)) + goto end; + + /* Loop through all extensions */ + while (PACKET_remaining(&pkt2)) { + + if (!PACKET_get_net_2(&pkt2, &type) || + !PACKET_get_length_prefixed_2(&pkt2, &pkt3)) + goto end; + + if (type == TLSEXT_TYPE_session_ticket) { + if (currtest == TEST_SET_SESSION_TICK_DATA_VER_NEG) { + if (PACKET_equal(&pkt3, dummytick, strlen(dummytick))) { + /* Ticket data is as we expected */ + testresult = 1; + } else { + printf("Received session ticket is not as expected\n"); + } + break; + } + } + + } + + end: + SSL_free(con); + SSL_CTX_free(ctx); + if (!testresult) { + printf("ClientHello test: FAILED (Test %d)\n", currtest); + break; + } + } + +#ifndef OPENSSL_NO_CRYPTO_MDEBUG + if (CRYPTO_mem_leaks(err) <= 0) + testresult = 0; +#endif + BIO_free(err); + + return testresult?0:1; +} diff --git a/openssl-1.1.0h/test/cms-examples.pl b/openssl-1.1.0h/test/cms-examples.pl new file mode 100644 index 0000000..ec1c5fa --- /dev/null +++ b/openssl-1.1.0h/test/cms-examples.pl @@ -0,0 +1,365 @@ +#! /usr/bin/env perl +# Copyright 2008-2016 The OpenSSL Project Authors. All Rights Reserved. +# +# Licensed under the OpenSSL license (the "License"). You may not use +# this file except in compliance with the License. You can obtain a copy +# in the file LICENSE in the source distribution or at +# https://www.openssl.org/source/license.html + +# Perl script to run tests against S/MIME examples in RFC4134 +# Assumes RFC is in current directory and called "rfc4134.txt" + +use MIME::Base64; + +my $badttest = 0; +my $verbose = 1; + +my $cmscmd; +my $exdir = "./"; +my $exfile = "./rfc4134.txt"; + +if (-f "../apps/openssl") + { + $cmscmd = "../util/shlib_wrap.sh ../apps/openssl cms"; + } +elsif (-f "..\\out32dll\\openssl.exe") + { + $cmscmd = "..\\out32dll\\openssl.exe cms"; + } +elsif (-f "..\\out32\\openssl.exe") + { + $cmscmd = "..\\out32\\openssl.exe cms"; + } + +my @test_list = ( + [ "3.1.bin" => "dataout" ], + [ "3.2.bin" => "encode, dataout" ], + [ "4.1.bin" => "encode, verifyder, cont, dss" ], + [ "4.2.bin" => "encode, verifyder, cont, rsa" ], + [ "4.3.bin" => "encode, verifyder, cont_extern, dss" ], + [ "4.4.bin" => "encode, verifyder, cont, dss" ], + [ "4.5.bin" => "verifyder, cont, rsa" ], + [ "4.6.bin" => "encode, verifyder, cont, dss" ], + [ "4.7.bin" => "encode, verifyder, cont, dss" ], + [ "4.8.eml" => "verifymime, dss" ], + [ "4.9.eml" => "verifymime, dss" ], + [ "4.10.bin" => "encode, verifyder, cont, dss" ], + [ "4.11.bin" => "encode, certsout" ], + [ "5.1.bin" => "encode, envelopeder, cont" ], + [ "5.2.bin" => "encode, envelopeder, cont" ], + [ "5.3.eml" => "envelopemime, cont" ], + [ "6.0.bin" => "encode, digest, cont" ], + [ "7.1.bin" => "encode, encrypted, cont" ], + [ "7.2.bin" => "encode, encrypted, cont" ] +); + +# Extract examples from RFC4134 text. +# Base64 decode all examples, certificates and +# private keys are converted to PEM format. + +my ( $filename, $data ); + +my @cleanup = ( "cms.out", "cms.err", "tmp.der", "tmp.txt" ); + +$data = ""; + +open( IN, $exfile ) || die "Can't Open RFC examples file $exfile"; + +while () { + next unless (/^\|/); + s/^\|//; + next if (/^\*/); + if (/^>(.*)$/) { + $filename = $1; + next; + } + if (/^$filename"; + binmode OUT; + print OUT $data; + close OUT; + push @cleanup, $filename; + } + elsif ( $filename =~ /\.cer$/ ) { + write_pem( $filename, "CERTIFICATE", $data ); + } + elsif ( $filename =~ /\.pri$/ ) { + write_pem( $filename, "PRIVATE KEY", $data ); + } + $data = ""; + $filename = ""; + } + else { + $data .= $_; + } + +} + +my $secretkey = + "73:7c:79:1f:25:ea:d0:e0:46:29:25:43:52:f7:dc:62:91:e5:cb:26:91:7a:da:32"; + +foreach (@test_list) { + my ( $file, $tlist ) = @$_; + print "Example file $file:\n"; + if ( $tlist =~ /encode/ ) { + run_reencode_test( $exdir, $file ); + } + if ( $tlist =~ /certsout/ ) { + run_certsout_test( $exdir, $file ); + } + if ( $tlist =~ /dataout/ ) { + run_dataout_test( $exdir, $file ); + } + if ( $tlist =~ /verify/ ) { + run_verify_test( $exdir, $tlist, $file ); + } + if ( $tlist =~ /digest/ ) { + run_digest_test( $exdir, $tlist, $file ); + } + if ( $tlist =~ /encrypted/ ) { + run_encrypted_test( $exdir, $tlist, $file, $secretkey ); + } + if ( $tlist =~ /envelope/ ) { + run_envelope_test( $exdir, $tlist, $file ); + } + +} + +foreach (@cleanup) { + unlink $_; +} + +if ($badtest) { + print "\n$badtest TESTS FAILED!!\n"; +} +else { + print "\n***All tests successful***\n"; +} + +sub write_pem { + my ( $filename, $str, $data ) = @_; + + $filename =~ s/\.[^.]*$/.pem/; + + push @cleanup, $filename; + + open OUT, ">$filename"; + + print OUT "-----BEGIN $str-----\n"; + print OUT $data; + print OUT "-----END $str-----\n"; + + close OUT; +} + +sub run_reencode_test { + my ( $cmsdir, $tfile ) = @_; + unlink "tmp.der"; + + system( "$cmscmd -cmsout -inform DER -outform DER" + . " -in $cmsdir/$tfile -out tmp.der" ); + + if ($?) { + print "\tReencode command FAILED!!\n"; + $badtest++; + } + elsif ( !cmp_files( "$cmsdir/$tfile", "tmp.der" ) ) { + print "\tReencode FAILED!!\n"; + $badtest++; + } + else { + print "\tReencode passed\n" if $verbose; + } +} + +sub run_certsout_test { + my ( $cmsdir, $tfile ) = @_; + unlink "tmp.der"; + unlink "tmp.pem"; + + system( "$cmscmd -cmsout -inform DER -certsout tmp.pem" + . " -in $cmsdir/$tfile -out tmp.der" ); + + if ($?) { + print "\tCertificate output command FAILED!!\n"; + $badtest++; + } + else { + print "\tCertificate output passed\n" if $verbose; + } +} + +sub run_dataout_test { + my ( $cmsdir, $tfile ) = @_; + unlink "tmp.txt"; + + system( + "$cmscmd -data_out -inform DER" . " -in $cmsdir/$tfile -out tmp.txt" ); + + if ($?) { + print "\tDataout command FAILED!!\n"; + $badtest++; + } + elsif ( !cmp_files( "$cmsdir/ExContent.bin", "tmp.txt" ) ) { + print "\tDataout compare FAILED!!\n"; + $badtest++; + } + else { + print "\tDataout passed\n" if $verbose; + } +} + +sub run_verify_test { + my ( $cmsdir, $tlist, $tfile ) = @_; + unlink "tmp.txt"; + + $form = "DER" if $tlist =~ /verifyder/; + $form = "SMIME" if $tlist =~ /verifymime/; + $cafile = "$cmsdir/CarlDSSSelf.pem" if $tlist =~ /dss/; + $cafile = "$cmsdir/CarlRSASelf.pem" if $tlist =~ /rsa/; + + $cmd = + "$cmscmd -verify -inform $form" + . " -CAfile $cafile" + . " -in $cmsdir/$tfile -out tmp.txt"; + + $cmd .= " -content $cmsdir/ExContent.bin" if $tlist =~ /cont_extern/; + + system("$cmd 2>cms.err 1>cms.out"); + + if ($?) { + print "\tVerify command FAILED!!\n"; + $badtest++; + } + elsif ( $tlist =~ /cont/ + && !cmp_files( "$cmsdir/ExContent.bin", "tmp.txt" ) ) + { + print "\tVerify content compare FAILED!!\n"; + $badtest++; + } + else { + print "\tVerify passed\n" if $verbose; + } +} + +sub run_envelope_test { + my ( $cmsdir, $tlist, $tfile ) = @_; + unlink "tmp.txt"; + + $form = "DER" if $tlist =~ /envelopeder/; + $form = "SMIME" if $tlist =~ /envelopemime/; + + $cmd = + "$cmscmd -decrypt -inform $form" + . " -recip $cmsdir/BobRSASignByCarl.pem" + . " -inkey $cmsdir/BobPrivRSAEncrypt.pem" + . " -in $cmsdir/$tfile -out tmp.txt"; + + system("$cmd 2>cms.err 1>cms.out"); + + if ($?) { + print "\tDecrypt command FAILED!!\n"; + $badtest++; + } + elsif ( $tlist =~ /cont/ + && !cmp_files( "$cmsdir/ExContent.bin", "tmp.txt" ) ) + { + print "\tDecrypt content compare FAILED!!\n"; + $badtest++; + } + else { + print "\tDecrypt passed\n" if $verbose; + } +} + +sub run_digest_test { + my ( $cmsdir, $tlist, $tfile ) = @_; + unlink "tmp.txt"; + + my $cmd = + "$cmscmd -digest_verify -inform DER" . " -in $cmsdir/$tfile -out tmp.txt"; + + system("$cmd 2>cms.err 1>cms.out"); + + if ($?) { + print "\tDigest verify command FAILED!!\n"; + $badtest++; + } + elsif ( $tlist =~ /cont/ + && !cmp_files( "$cmsdir/ExContent.bin", "tmp.txt" ) ) + { + print "\tDigest verify content compare FAILED!!\n"; + $badtest++; + } + else { + print "\tDigest verify passed\n" if $verbose; + } +} + +sub run_encrypted_test { + my ( $cmsdir, $tlist, $tfile, $key ) = @_; + unlink "tmp.txt"; + + system( "$cmscmd -EncryptedData_decrypt -inform DER" + . " -secretkey $key" + . " -in $cmsdir/$tfile -out tmp.txt" ); + + if ($?) { + print "\tEncrypted Data command FAILED!!\n"; + $badtest++; + } + elsif ( $tlist =~ /cont/ + && !cmp_files( "$cmsdir/ExContent.bin", "tmp.txt" ) ) + { + print "\tEncrypted Data content compare FAILED!!\n"; + $badtest++; + } + else { + print "\tEncryptedData verify passed\n" if $verbose; + } +} + +sub cmp_files { + my ( $f1, $f2 ) = @_; + my ( $fp1, $fp2 ); + + my ( $rd1, $rd2 ); + + if ( !open( $fp1, "<$f1" ) ) { + print STDERR "Can't Open file $f1\n"; + return 0; + } + + if ( !open( $fp2, "<$f2" ) ) { + print STDERR "Can't Open file $f2\n"; + return 0; + } + + binmode $fp1; + binmode $fp2; + + my $ret = 0; + + for ( ; ; ) { + $n1 = sysread $fp1, $rd1, 4096; + $n2 = sysread $fp2, $rd2, 4096; + last if ( $n1 != $n2 ); + last if ( $rd1 ne $rd2 ); + + if ( $n1 == 0 ) { + $ret = 1; + last; + } + + } + + close $fp1; + close $fp2; + + return $ret; + +} + diff --git a/openssl-1.1.0h/test/constant_time_test.c b/openssl-1.1.0h/test/constant_time_test.c new file mode 100644 index 0000000..3ee6a81 --- /dev/null +++ b/openssl-1.1.0h/test/constant_time_test.c @@ -0,0 +1,268 @@ +/* + * Copyright 2014-2016 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#include "internal/constant_time_locl.h" +#include "e_os.h" + +#include +#include +#include + +static const unsigned int CONSTTIME_TRUE = (unsigned)(~0); +static const unsigned int CONSTTIME_FALSE = 0; +static const unsigned char CONSTTIME_TRUE_8 = 0xff; +static const unsigned char CONSTTIME_FALSE_8 = 0; + +static int test_binary_op(unsigned int (*op) (unsigned int a, unsigned int b), + const char *op_name, unsigned int a, unsigned int b, + int is_true) +{ + unsigned c = op(a, b); + if (is_true && c != CONSTTIME_TRUE) { + fprintf(stderr, "Test failed for %s(%du, %du): expected %du " + "(TRUE), got %du\n", op_name, a, b, CONSTTIME_TRUE, c); + return 1; + } else if (!is_true && c != CONSTTIME_FALSE) { + fprintf(stderr, "Test failed for %s(%du, %du): expected %du " + "(FALSE), got %du\n", op_name, a, b, CONSTTIME_FALSE, c); + return 1; + } + return 0; +} + +static int test_binary_op_8(unsigned + char (*op) (unsigned int a, unsigned int b), + const char *op_name, unsigned int a, + unsigned int b, int is_true) +{ + unsigned char c = op(a, b); + if (is_true && c != CONSTTIME_TRUE_8) { + fprintf(stderr, "Test failed for %s(%du, %du): expected %u " + "(TRUE), got %u\n", op_name, a, b, CONSTTIME_TRUE_8, c); + return 1; + } else if (!is_true && c != CONSTTIME_FALSE_8) { + fprintf(stderr, "Test failed for %s(%du, %du): expected %u " + "(FALSE), got %u\n", op_name, a, b, CONSTTIME_FALSE_8, c); + return 1; + } + return 0; +} + +static int test_is_zero(unsigned int a) +{ + unsigned int c = constant_time_is_zero(a); + if (a == 0 && c != CONSTTIME_TRUE) { + fprintf(stderr, "Test failed for constant_time_is_zero(%du): " + "expected %du (TRUE), got %du\n", a, CONSTTIME_TRUE, c); + return 1; + } else if (a != 0 && c != CONSTTIME_FALSE) { + fprintf(stderr, "Test failed for constant_time_is_zero(%du): " + "expected %du (FALSE), got %du\n", a, CONSTTIME_FALSE, c); + return 1; + } + return 0; +} + +static int test_is_zero_8(unsigned int a) +{ + unsigned char c = constant_time_is_zero_8(a); + if (a == 0 && c != CONSTTIME_TRUE_8) { + fprintf(stderr, "Test failed for constant_time_is_zero(%du): " + "expected %u (TRUE), got %u\n", a, CONSTTIME_TRUE_8, c); + return 1; + } else if (a != 0 && c != CONSTTIME_FALSE) { + fprintf(stderr, "Test failed for constant_time_is_zero(%du): " + "expected %u (FALSE), got %u\n", a, CONSTTIME_FALSE_8, c); + return 1; + } + return 0; +} + +static int test_select(unsigned int a, unsigned int b) +{ + unsigned int selected = constant_time_select(CONSTTIME_TRUE, a, b); + if (selected != a) { + fprintf(stderr, "Test failed for constant_time_select(%du, %du," + "%du): expected %du(first value), got %du\n", + CONSTTIME_TRUE, a, b, a, selected); + return 1; + } + selected = constant_time_select(CONSTTIME_FALSE, a, b); + if (selected != b) { + fprintf(stderr, "Test failed for constant_time_select(%du, %du," + "%du): expected %du(second value), got %du\n", + CONSTTIME_FALSE, a, b, b, selected); + return 1; + } + return 0; +} + +static int test_select_8(unsigned char a, unsigned char b) +{ + unsigned char selected = constant_time_select_8(CONSTTIME_TRUE_8, a, b); + if (selected != a) { + fprintf(stderr, "Test failed for constant_time_select(%u, %u," + "%u): expected %u(first value), got %u\n", + CONSTTIME_TRUE, a, b, a, selected); + return 1; + } + selected = constant_time_select_8(CONSTTIME_FALSE_8, a, b); + if (selected != b) { + fprintf(stderr, "Test failed for constant_time_select(%u, %u," + "%u): expected %u(second value), got %u\n", + CONSTTIME_FALSE, a, b, b, selected); + return 1; + } + return 0; +} + +static int test_select_int(int a, int b) +{ + int selected = constant_time_select_int(CONSTTIME_TRUE, a, b); + if (selected != a) { + fprintf(stderr, "Test failed for constant_time_select(%du, %d," + "%d): expected %d(first value), got %d\n", + CONSTTIME_TRUE, a, b, a, selected); + return 1; + } + selected = constant_time_select_int(CONSTTIME_FALSE, a, b); + if (selected != b) { + fprintf(stderr, "Test failed for constant_time_select(%du, %d," + "%d): expected %d(second value), got %d\n", + CONSTTIME_FALSE, a, b, b, selected); + return 1; + } + return 0; +} + +static int test_eq_int(int a, int b) +{ + unsigned int equal = constant_time_eq_int(a, b); + if (a == b && equal != CONSTTIME_TRUE) { + fprintf(stderr, "Test failed for constant_time_eq_int(%d, %d): " + "expected %du(TRUE), got %du\n", a, b, CONSTTIME_TRUE, equal); + return 1; + } else if (a != b && equal != CONSTTIME_FALSE) { + fprintf(stderr, "Test failed for constant_time_eq_int(%d, %d): " + "expected %du(FALSE), got %du\n", + a, b, CONSTTIME_FALSE, equal); + return 1; + } + return 0; +} + +static int test_eq_int_8(int a, int b) +{ + unsigned char equal = constant_time_eq_int_8(a, b); + if (a == b && equal != CONSTTIME_TRUE_8) { + fprintf(stderr, "Test failed for constant_time_eq_int_8(%d, %d): " + "expected %u(TRUE), got %u\n", a, b, CONSTTIME_TRUE_8, equal); + return 1; + } else if (a != b && equal != CONSTTIME_FALSE_8) { + fprintf(stderr, "Test failed for constant_time_eq_int_8(%d, %d): " + "expected %u(FALSE), got %u\n", + a, b, CONSTTIME_FALSE_8, equal); + return 1; + } + return 0; +} + +static unsigned int test_values[] = + { 0, 1, 1024, 12345, 32000, UINT_MAX / 2 - 1, + UINT_MAX / 2, UINT_MAX / 2 + 1, UINT_MAX - 1, + UINT_MAX +}; + +static unsigned char test_values_8[] = + { 0, 1, 2, 20, 32, 127, 128, 129, 255 }; + +static int signed_test_values[] = { 0, 1, -1, 1024, -1024, 12345, -12345, + 32000, -32000, INT_MAX, INT_MIN, INT_MAX - 1, + INT_MIN + 1 +}; + +int main(int argc, char *argv[]) +{ + unsigned int a, b, i, j; + int c, d; + unsigned char e, f; + int num_failed = 0, num_all = 0; + fprintf(stdout, "Testing constant time operations...\n"); + + for (i = 0; i < OSSL_NELEM(test_values); ++i) { + a = test_values[i]; + num_failed += test_is_zero(a); + num_failed += test_is_zero_8(a); + num_all += 2; + for (j = 0; j < OSSL_NELEM(test_values); ++j) { + b = test_values[j]; + num_failed += test_binary_op(&constant_time_lt, + "constant_time_lt", a, b, a < b); + num_failed += test_binary_op_8(&constant_time_lt_8, + "constant_time_lt_8", a, b, a < b); + num_failed += test_binary_op(&constant_time_lt, + "constant_time_lt_8", b, a, b < a); + num_failed += test_binary_op_8(&constant_time_lt_8, + "constant_time_lt_8", b, a, b < a); + num_failed += test_binary_op(&constant_time_ge, + "constant_time_ge", a, b, a >= b); + num_failed += test_binary_op_8(&constant_time_ge_8, + "constant_time_ge_8", a, b, + a >= b); + num_failed += + test_binary_op(&constant_time_ge, "constant_time_ge", b, a, + b >= a); + num_failed += + test_binary_op_8(&constant_time_ge_8, "constant_time_ge_8", b, + a, b >= a); + num_failed += + test_binary_op(&constant_time_eq, "constant_time_eq", a, b, + a == b); + num_failed += + test_binary_op_8(&constant_time_eq_8, "constant_time_eq_8", a, + b, a == b); + num_failed += + test_binary_op(&constant_time_eq, "constant_time_eq", b, a, + b == a); + num_failed += + test_binary_op_8(&constant_time_eq_8, "constant_time_eq_8", b, + a, b == a); + num_failed += test_select(a, b); + num_all += 13; + } + } + + for (i = 0; i < OSSL_NELEM(signed_test_values); ++i) { + c = signed_test_values[i]; + for (j = 0; j < OSSL_NELEM(signed_test_values); ++j) { + d = signed_test_values[j]; + num_failed += test_select_int(c, d); + num_failed += test_eq_int(c, d); + num_failed += test_eq_int_8(c, d); + num_all += 3; + } + } + + for (i = 0; i < sizeof(test_values_8); ++i) { + e = test_values_8[i]; + for (j = 0; j < sizeof(test_values_8); ++j) { + f = test_values_8[j]; + num_failed += test_select_8(e, f); + num_all += 1; + } + } + + if (!num_failed) { + fprintf(stdout, "success (ran %d tests)\n", num_all); + return EXIT_SUCCESS; + } else { + fprintf(stdout, "%d of %d tests failed!\n", num_failed, num_all); + return EXIT_FAILURE; + } +} diff --git a/openssl-1.1.0h/test/crltest.c b/openssl-1.1.0h/test/crltest.c new file mode 100644 index 0000000..74db944 --- /dev/null +++ b/openssl-1.1.0h/test/crltest.c @@ -0,0 +1,378 @@ +/* + * Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#include +#include "../e_os.h" +#include +#include +#include +#include +#include +#include + +#include "testutil.h" + +#define PARAM_TIME 1474934400 /* Sep 27th, 2016 */ + +static const char *kCRLTestRoot[] = { + "-----BEGIN CERTIFICATE-----\n", + "MIIDbzCCAlegAwIBAgIJAODri7v0dDUFMA0GCSqGSIb3DQEBCwUAME4xCzAJBgNV\n", + "BAYTAlVTMRMwEQYDVQQIDApDYWxpZm9ybmlhMRYwFAYDVQQHDA1Nb3VudGFpbiBW\n", + "aWV3MRIwEAYDVQQKDAlCb3JpbmdTU0wwHhcNMTYwOTI2MTUwNjI2WhcNMjYwOTI0\n", + "MTUwNjI2WjBOMQswCQYDVQQGEwJVUzETMBEGA1UECAwKQ2FsaWZvcm5pYTEWMBQG\n", + "A1UEBwwNTW91bnRhaW4gVmlldzESMBAGA1UECgwJQm9yaW5nU1NMMIIBIjANBgkq\n", + "hkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAo16WiLWZuaymsD8n5SKPmxV1y6jjgr3B\n", + "S/dUBpbrzd1aeFzNlI8l2jfAnzUyp+I21RQ+nh/MhqjGElkTtK9xMn1Y+S9GMRh+\n", + "5R/Du0iCb1tCZIPY07Tgrb0KMNWe0v2QKVVruuYSgxIWodBfxlKO64Z8AJ5IbnWp\n", + "uRqO6rctN9qUoMlTIAB6dL4G0tDJ/PGFWOJYwOMEIX54bly2wgyYJVBKiRRt4f7n\n", + "8H922qmvPNA9idmX9G1VAtgV6x97XXi7ULORIQvn9lVQF6nTYDBJhyuPB+mLThbL\n", + "P2o9orxGx7aCtnnBZUIxUvHNOI0FaSaZH7Fi0xsZ/GkG2HZe7ImPJwIDAQABo1Aw\n", + "TjAdBgNVHQ4EFgQUWPt3N5cZ/CRvubbrkqfBnAqhq94wHwYDVR0jBBgwFoAUWPt3\n", + "N5cZ/CRvubbrkqfBnAqhq94wDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQsFAAOC\n", + "AQEAORu6M0MOwXy+3VEBwNilfTxyqDfruQsc1jA4PT8Oe8zora1WxE1JB4q2FJOz\n", + "EAuM3H/NXvEnBuN+ITvKZAJUfm4NKX97qmjMJwLKWe1gVv+VQTr63aR7mgWJReQN\n", + "XdMztlVeZs2dppV6uEg3ia1X0G7LARxGpA9ETbMyCpb39XxlYuTClcbA5ftDN99B\n", + "3Xg9KNdd++Ew22O3HWRDvdDpTO/JkzQfzi3sYwUtzMEonENhczJhGf7bQMmvL/w5\n", + "24Wxj4Z7KzzWIHsNqE/RIs6RV3fcW61j/mRgW2XyoWnMVeBzvcJr9NXp4VQYmFPw\n", + "amd8GKMZQvP0ufGnUn7D7uartA==\n", + "-----END CERTIFICATE-----\n", + NULL +}; + +static const char *kCRLTestLeaf[] = { + "-----BEGIN CERTIFICATE-----\n", + "MIIDkDCCAnigAwIBAgICEAAwDQYJKoZIhvcNAQELBQAwTjELMAkGA1UEBhMCVVMx\n", + "EzARBgNVBAgMCkNhbGlmb3JuaWExFjAUBgNVBAcMDU1vdW50YWluIFZpZXcxEjAQ\n", + "BgNVBAoMCUJvcmluZ1NTTDAeFw0xNjA5MjYxNTA4MzFaFw0xNzA5MjYxNTA4MzFa\n", + "MEsxCzAJBgNVBAYTAlVTMRMwEQYDVQQIDApDYWxpZm9ybmlhMRIwEAYDVQQKDAlC\n", + "b3JpbmdTU0wxEzARBgNVBAMMCmJvcmluZy5zc2wwggEiMA0GCSqGSIb3DQEBAQUA\n", + "A4IBDwAwggEKAoIBAQDc5v1S1M0W+QWM+raWfO0LH8uvqEwuJQgODqMaGnSlWUx9\n", + "8iQcnWfjyPja3lWg9K62hSOFDuSyEkysKHDxijz5R93CfLcfnVXjWQDJe7EJTTDP\n", + "ozEvxN6RjAeYv7CF000euYr3QT5iyBjg76+bon1p0jHZBJeNPP1KqGYgyxp+hzpx\n", + "e0gZmTlGAXd8JQK4v8kpdYwD6PPifFL/jpmQpqOtQmH/6zcLjY4ojmqpEdBqIKIX\n", + "+saA29hMq0+NK3K+wgg31RU+cVWxu3tLOIiesETkeDgArjWRS1Vkzbi4v9SJxtNu\n", + "OZuAxWiynRJw3JwH/OFHYZIvQqz68ZBoj96cepjPAgMBAAGjezB5MAkGA1UdEwQC\n", + "MAAwLAYJYIZIAYb4QgENBB8WHU9wZW5TU0wgR2VuZXJhdGVkIENlcnRpZmljYXRl\n", + "MB0GA1UdDgQWBBTGn0OVVh/aoYt0bvEKG+PIERqnDzAfBgNVHSMEGDAWgBRY+3c3\n", + "lxn8JG+5tuuSp8GcCqGr3jANBgkqhkiG9w0BAQsFAAOCAQEAd2nM8gCQN2Dc8QJw\n", + "XSZXyuI3DBGGCHcay/3iXu0JvTC3EiQo8J6Djv7WLI0N5KH8mkm40u89fJAB2lLZ\n", + "ShuHVtcC182bOKnePgwp9CNwQ21p0rDEu/P3X46ZvFgdxx82E9xLa0tBB8PiPDWh\n", + "lV16jbaKTgX5AZqjnsyjR5o9/mbZVupZJXx5Syq+XA8qiJfstSYJs4KyKK9UOjql\n", + "ICkJVKpi2ahDBqX4MOH4SLfzVk8pqSpviS6yaA1RXqjpkxiN45WWaXDldVHMSkhC\n", + "5CNXsXi4b1nAntu89crwSLA3rEwzCWeYj+BX7e1T9rr3oJdwOU/2KQtW1js1yQUG\n", + "tjJMFw==\n", + "-----END CERTIFICATE-----\n", + NULL +}; + +static const char *kBasicCRL[] = { + "-----BEGIN X509 CRL-----\n", + "MIIBpzCBkAIBATANBgkqhkiG9w0BAQsFADBOMQswCQYDVQQGEwJVUzETMBEGA1UE\n", + "CAwKQ2FsaWZvcm5pYTEWMBQGA1UEBwwNTW91bnRhaW4gVmlldzESMBAGA1UECgwJ\n", + "Qm9yaW5nU1NMFw0xNjA5MjYxNTEwNTVaFw0xNjEwMjYxNTEwNTVaoA4wDDAKBgNV\n", + "HRQEAwIBATANBgkqhkiG9w0BAQsFAAOCAQEAnrBKKgvd9x9zwK9rtUvVeFeJ7+LN\n", + "ZEAc+a5oxpPNEsJx6hXoApYEbzXMxuWBQoCs5iEBycSGudct21L+MVf27M38KrWo\n", + "eOkq0a2siqViQZO2Fb/SUFR0k9zb8xl86Zf65lgPplALun0bV/HT7MJcl04Tc4os\n", + "dsAReBs5nqTGNEd5AlC1iKHvQZkM//MD51DspKnDpsDiUVi54h9C1SpfZmX8H2Vv\n", + "diyu0fZ/bPAM3VAGawatf/SyWfBMyKpoPXEG39oAzmjjOj8en82psn7m474IGaho\n", + "/vBbhl1ms5qQiLYPjm4YELtnXQoFyC72tBjbdFd/ZE9k4CNKDbxFUXFbkw==\n", + "-----END X509 CRL-----\n", + NULL +}; + +static const char *kRevokedCRL[] = { + "-----BEGIN X509 CRL-----\n", + "MIIBvjCBpwIBATANBgkqhkiG9w0BAQsFADBOMQswCQYDVQQGEwJVUzETMBEGA1UE\n", + "CAwKQ2FsaWZvcm5pYTEWMBQGA1UEBwwNTW91bnRhaW4gVmlldzESMBAGA1UECgwJ\n", + "Qm9yaW5nU1NMFw0xNjA5MjYxNTEyNDRaFw0xNjEwMjYxNTEyNDRaMBUwEwICEAAX\n", + "DTE2MDkyNjE1MTIyNlqgDjAMMAoGA1UdFAQDAgECMA0GCSqGSIb3DQEBCwUAA4IB\n", + "AQCUGaM4DcWzlQKrcZvI8TMeR8BpsvQeo5BoI/XZu2a8h//PyRyMwYeaOM+3zl0d\n", + "sjgCT8b3C1FPgT+P2Lkowv7rJ+FHJRNQkogr+RuqCSPTq65ha4WKlRGWkMFybzVH\n", + "NloxC+aU3lgp/NlX9yUtfqYmJek1CDrOOGPrAEAwj1l/BUeYKNGqfBWYJQtPJu+5\n", + "OaSvIYGpETCZJscUWODmLEb/O3DM438vLvxonwGqXqS0KX37+CHpUlyhnSovxXxp\n", + "Pz4aF+L7OtczxL0GYtD2fR9B7TDMqsNmHXgQrixvvOY7MUdLGbd4RfJL3yA53hyO\n", + "xzfKY2TzxLiOmctG0hXFkH5J\n", + "-----END X509 CRL-----\n", + NULL +}; + +static const char *kBadIssuerCRL[] = { + "-----BEGIN X509 CRL-----\n", + "MIIBwjCBqwIBATANBgkqhkiG9w0BAQsFADBSMQswCQYDVQQGEwJVUzETMBEGA1UE\n", + "CAwKQ2FsaWZvcm5pYTEWMBQGA1UEBwwNTW91bnRhaW4gVmlldzEWMBQGA1UECgwN\n", + "Tm90IEJvcmluZ1NTTBcNMTYwOTI2MTUxMjQ0WhcNMTYxMDI2MTUxMjQ0WjAVMBMC\n", + "AhAAFw0xNjA5MjYxNTEyMjZaoA4wDDAKBgNVHRQEAwIBAjANBgkqhkiG9w0BAQsF\n", + "AAOCAQEAlBmjOA3Fs5UCq3GbyPEzHkfAabL0HqOQaCP12btmvIf/z8kcjMGHmjjP\n", + "t85dHbI4Ak/G9wtRT4E/j9i5KML+6yfhRyUTUJKIK/kbqgkj06uuYWuFipURlpDB\n", + "cm81RzZaMQvmlN5YKfzZV/clLX6mJiXpNQg6zjhj6wBAMI9ZfwVHmCjRqnwVmCUL\n", + "TybvuTmkryGBqREwmSbHFFjg5ixG/ztwzON/Ly78aJ8Bql6ktCl9+/gh6VJcoZ0q\n", + "L8V8aT8+Ghfi+zrXM8S9BmLQ9n0fQe0wzKrDZh14EK4sb7zmOzFHSxm3eEXyS98g\n", + "Od4cjsc3ymNk88S4jpnLRtIVxZB+SQ==\n", + "-----END X509 CRL-----\n", + NULL +}; + +/* + * This is kBasicCRL but with a critical issuing distribution point + * extension. + */ +static const char *kKnownCriticalCRL[] = { + "-----BEGIN X509 CRL-----\n", + "MIIBujCBowIBATANBgkqhkiG9w0BAQsFADBOMQswCQYDVQQGEwJVUzETMBEGA1UE\n", + "CAwKQ2FsaWZvcm5pYTEWMBQGA1UEBwwNTW91bnRhaW4gVmlldzESMBAGA1UECgwJ\n", + "Qm9yaW5nU1NMFw0xNjA5MjYxNTEwNTVaFw0xNjEwMjYxNTEwNTVaoCEwHzAKBgNV\n", + "HRQEAwIBATARBgNVHRwBAf8EBzAFoQMBAf8wDQYJKoZIhvcNAQELBQADggEBAA+3\n", + "i+5e5Ub8sccfgOBs6WVJFI9c8gvJjrJ8/dYfFIAuCyeocs7DFXn1n13CRZ+URR/Q\n", + "mVWgU28+xeusuSPYFpd9cyYTcVyNUGNTI3lwgcE/yVjPaOmzSZKdPakApRxtpKKQ\n", + "NN/56aQz3bnT/ZSHQNciRB8U6jiD9V30t0w+FDTpGaG+7bzzUH3UVF9xf9Ctp60A\n", + "3mfLe0scas7owSt4AEFuj2SPvcE7yvdOXbu+IEv21cEJUVExJAbhvIweHXh6yRW+\n", + "7VVeiNzdIjkZjyTmAzoXGha4+wbxXyBRbfH+XWcO/H+8nwyG8Gktdu2QB9S9nnIp\n", + "o/1TpfOMSGhMyMoyPrk=\n", + "-----END X509 CRL-----\n", + NULL +}; + +/* + * kUnknownCriticalCRL is kBasicCRL but with an unknown critical extension. + */ +static const char *kUnknownCriticalCRL[] = { + "-----BEGIN X509 CRL-----\n", + "MIIBvDCBpQIBATANBgkqhkiG9w0BAQsFADBOMQswCQYDVQQGEwJVUzETMBEGA1UE\n", + "CAwKQ2FsaWZvcm5pYTEWMBQGA1UEBwwNTW91bnRhaW4gVmlldzESMBAGA1UECgwJ\n", + "Qm9yaW5nU1NMFw0xNjA5MjYxNTEwNTVaFw0xNjEwMjYxNTEwNTVaoCMwITAKBgNV\n", + "HRQEAwIBATATBgwqhkiG9xIEAYS3CQABAf8EADANBgkqhkiG9w0BAQsFAAOCAQEA\n", + "GvBP0xqL509InMj/3493YVRV+ldTpBv5uTD6jewzf5XdaxEQ/VjTNe5zKnxbpAib\n", + "Kf7cwX0PMSkZjx7k7kKdDlEucwVvDoqC+O9aJcqVmM6GDyNb9xENxd0XCXja6MZC\n", + "yVgP4AwLauB2vSiEprYJyI1APph3iAEeDm60lTXX/wBM/tupQDDujKh2GPyvBRfJ\n", + "+wEDwGg3ICwvu4gO4zeC5qnFR+bpL9t5tOMAQnVZ0NWv+k7mkd2LbHdD44dxrfXC\n", + "nhtfERx99SDmC/jtUAJrGhtCO8acr7exCeYcduN7KKCm91OeCJKK6OzWst0Og1DB\n", + "kwzzU2rL3G65CrZ7H0SZsQ==\n", + "-----END X509 CRL-----\n", + NULL +}; + +/* + * kUnknownCriticalCRL2 is kBasicCRL but with a critical issuing distribution + * point extension followed by an unknown critical extension + */ +static const char *kUnknownCriticalCRL2[] = { + "-----BEGIN X509 CRL-----\n", + "MIIBzzCBuAIBATANBgkqhkiG9w0BAQsFADBOMQswCQYDVQQGEwJVUzETMBEGA1UE\n", + "CAwKQ2FsaWZvcm5pYTEWMBQGA1UEBwwNTW91bnRhaW4gVmlldzESMBAGA1UECgwJ\n", + "Qm9yaW5nU1NMFw0xNjA5MjYxNTEwNTVaFw0xNjEwMjYxNTEwNTVaoDYwNDAKBgNV\n", + "HRQEAwIBATARBgNVHRwBAf8EBzAFoQMBAf8wEwYMKoZIhvcSBAGEtwkAAQH/BAAw\n", + "DQYJKoZIhvcNAQELBQADggEBACTcpQC8jXL12JN5YzOcQ64ubQIe0XxRAd30p7qB\n", + "BTXGpgqBjrjxRfLms7EBYodEXB2oXMsDq3km0vT1MfYdsDD05S+SQ9CDsq/pUfaC\n", + "E2WNI5p8WircRnroYvbN2vkjlRbMd1+yNITohXYXCJwjEOAWOx3XIM10bwPYBv4R\n", + "rDobuLHoMgL3yHgMHmAkP7YpkBucNqeBV8cCdeAZLuhXFWi6yfr3r/X18yWbC/r2\n", + "2xXdkrSqXLFo7ToyP8YKTgiXpya4x6m53biEYwa2ULlas0igL6DK7wjYZX95Uy7H\n", + "GKljn9weIYiMPV/BzGymwfv2EW0preLwtyJNJPaxbdin6Jc=\n", + "-----END X509 CRL-----\n", + NULL +}; + + +/* + * Glue an array of strings together. Return a BIO and put the string + * into |*out| so we can free it. + */ +static BIO *glue(const char **pem, char **out) +{ + char *dest; + int i; + size_t s = 0; + + /* Glue the strings together. */ + for (i = 0; pem[i] != NULL; ++i) + s += strlen(pem[i]); + dest = *out = OPENSSL_malloc(s + 1); + if (dest == NULL) + return NULL; + for (i = 0; pem[i] != NULL; ++i) + dest += strlen(strcpy(dest, pem[i])); + return BIO_new_mem_buf(*out, s); +} + +/* + * Create a CRL from an array of strings. + */ +static X509_CRL *CRL_from_strings(const char **pem) +{ + char *p; + BIO *b = glue(pem, &p); + X509_CRL *crl = PEM_read_bio_X509_CRL(b, NULL, NULL, NULL); + + OPENSSL_free(p); + BIO_free(b); + return crl; +} + +/* + * Create an X509 from an array of strings. + */ +static X509 *X509_from_strings(const char **pem) +{ + char *p; + BIO *b = glue(pem, &p); + X509 *x = PEM_read_bio_X509(b, NULL, NULL, NULL); + + OPENSSL_free(p); + BIO_free(b); + return x; +} + +/* + * Verify |leaf| certificate (chained up to |root|). |crls| if + * not NULL, is a list of CRLs to include in the verification. It is + * also free'd before returning, which is kinda yucky but convenient. + * Returns a value from X509_V_ERR_xxx or X509_V_OK. + */ +static int verify(X509 *leaf, X509 *root, STACK_OF(X509_CRL) *crls, + unsigned long flags) +{ + X509_STORE_CTX *ctx = X509_STORE_CTX_new(); + X509_STORE *store = X509_STORE_new(); + X509_VERIFY_PARAM *param = X509_VERIFY_PARAM_new(); + STACK_OF(X509) *roots = sk_X509_new_null(); + int status = X509_V_ERR_UNSPECIFIED; + + if (ctx == NULL || store == NULL || param == NULL || roots == NULL) + goto err; + + /* Create a stack; upref the cert because we free it below. */ + X509_up_ref(root); + if (!sk_X509_push(roots, root)) + goto err; + + if (!X509_STORE_CTX_init(ctx, store, leaf, NULL)) + goto err; + X509_STORE_CTX_set0_trusted_stack(ctx, roots); + X509_STORE_CTX_set0_crls(ctx, crls); + X509_VERIFY_PARAM_set_time(param, PARAM_TIME); + if (X509_VERIFY_PARAM_get_time(param) != PARAM_TIME) { + fprintf(stderr, "set_time/get_time mismatch.\n"); + goto err; + } + X509_VERIFY_PARAM_set_depth(param, 16); + if (flags) + X509_VERIFY_PARAM_set_flags(param, flags); + X509_STORE_CTX_set0_param(ctx, param); + + ERR_clear_error(); + status = X509_verify_cert(ctx) == 1 ? X509_V_OK + : X509_STORE_CTX_get_error(ctx); +err: + sk_X509_pop_free(roots, X509_free); + sk_X509_CRL_pop_free(crls, X509_CRL_free); + X509_STORE_CTX_free(ctx); + X509_STORE_free(store); + return status; +} + +/* + * Create a stack of CRL's. Upref each one because we call pop_free on + * the stack and need to keep the CRL's around until the test exits. + * Yes this crashes on malloc failure; it forces us to debug. + */ +static STACK_OF(X509_CRL) *make_CRL_stack(X509_CRL *x1, X509_CRL *x2) +{ + STACK_OF(X509_CRL) *sk = sk_X509_CRL_new_null(); + + sk_X509_CRL_push(sk, x1); + X509_CRL_up_ref(x1); + if (x2 != NULL) { + sk_X509_CRL_push(sk, x2); + X509_CRL_up_ref(x2); + } + return sk; +} + +static int test_crl() +{ + X509 *root = X509_from_strings(kCRLTestRoot); + X509 *leaf = X509_from_strings(kCRLTestLeaf); + X509_CRL *basic_crl = CRL_from_strings(kBasicCRL); + X509_CRL *revoked_crl = CRL_from_strings(kRevokedCRL); + X509_CRL *bad_issuer_crl = CRL_from_strings(kBadIssuerCRL); + X509_CRL *known_critical_crl = CRL_from_strings(kKnownCriticalCRL); + X509_CRL *unknown_critical_crl = CRL_from_strings(kUnknownCriticalCRL); + X509_CRL *unknown_critical_crl2 = CRL_from_strings(kUnknownCriticalCRL2); + int status = 0; + + if (root == NULL || leaf == NULL || basic_crl == NULL + || revoked_crl == NULL || bad_issuer_crl == NULL + || known_critical_crl == NULL || unknown_critical_crl == NULL + || unknown_critical_crl2 == NULL) { + fprintf(stderr, "Failed to parse certificates and CRLs.\n"); + goto err; + } + + if (verify(leaf, root, make_CRL_stack(basic_crl, NULL), + X509_V_FLAG_CRL_CHECK) != X509_V_OK) { + fprintf(stderr, "Cert with CRL didn't verify.\n"); + goto err; + } + + if (verify(leaf, root, make_CRL_stack(basic_crl, revoked_crl), + X509_V_FLAG_CRL_CHECK) != X509_V_ERR_CERT_REVOKED) { + fprintf(stderr, "Revoked CRL wasn't checked.\n"); + goto err; + } + + if (verify(leaf, root, NULL, + X509_V_FLAG_CRL_CHECK) != X509_V_ERR_UNABLE_TO_GET_CRL) { + fprintf(stderr, "CRLs were not required.\n"); + goto err; + } + + if (verify(leaf, root, make_CRL_stack(bad_issuer_crl, NULL), + X509_V_FLAG_CRL_CHECK) != X509_V_ERR_UNABLE_TO_GET_CRL) { + fprintf(stderr, "Bad CRL issuer was unnoticed.\n"); + goto err; + } + + if (verify(leaf, root, make_CRL_stack(known_critical_crl, NULL), + X509_V_FLAG_CRL_CHECK) != X509_V_OK) { + fprintf(stderr, "CRL with known critical extension was rejected.\n"); + goto err; + } + + if (verify(leaf, root, make_CRL_stack(unknown_critical_crl, NULL), + X509_V_FLAG_CRL_CHECK) != + X509_V_ERR_UNHANDLED_CRITICAL_CRL_EXTENSION) { + fprintf(stderr, "CRL with unknown critical extension was accepted.\n"); + goto err; + } + + if (verify(leaf, root, make_CRL_stack(unknown_critical_crl2, NULL), + X509_V_FLAG_CRL_CHECK) != + X509_V_ERR_UNHANDLED_CRITICAL_CRL_EXTENSION) { + fprintf(stderr, "CRL with unknown critical extension (2) was accepted.\n"); + goto err; + } + + status = 1; + +err: + X509_free(root); + X509_free(leaf); + X509_CRL_free(basic_crl); + X509_CRL_free(revoked_crl); + X509_CRL_free(bad_issuer_crl); + X509_CRL_free(known_critical_crl); + X509_CRL_free(unknown_critical_crl); + X509_CRL_free(unknown_critical_crl2); + return status; +} + +int main() +{ + ADD_TEST(test_crl); + return run_tests("crltest"); +} diff --git a/openssl-1.1.0h/test/ct/log_list.conf b/openssl-1.1.0h/test/ct/log_list.conf new file mode 100644 index 0000000..4b68e53 --- /dev/null +++ b/openssl-1.1.0h/test/ct/log_list.conf @@ -0,0 +1,38 @@ +enabled_logs=test,pilot,aviator,rocketeer,digicert,certly,izempe,symantec,venafi + +[test] +description = https://github.com/google/certificate-transparency/tree/99218b6445906a81f219d84e9c6d2683e13e4e58/test/testdata +key = MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEmXg8sUUzwBYaWrRb+V0IopzQ6o3UyEJ04r5ZrRXGdpYM8K+hB0pXrGRLI0eeWz+3skXrS0IO83AhA3GpRL6s6w== + +[pilot] +description = Google Pilot Log +key = MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEfahLEimAoz2t01p3uMziiLOl/fHTDM0YDOhBRuiBARsV4UvxG2LdNgoIGLrtCzWE0J5APC2em4JlvR8EEEFMoA== + +[aviator] +description = Google Aviator log +key = MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE1/TMabLkDpCjiupacAlP7xNi0I1JYP8bQFAHDG1xhtolSY1l4QgNRzRrvSe8liE+NPWHdjGxfx3JhTsN9x8/6Q== + +[rocketeer] +description = Google Rocketeer log +key = MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEIFsYyDzBi7MxCAC/oJBXK7dHjG+1aLCOkHjpoHPqTyghLpzA9BYbqvnV16mAw04vUjyYASVGJCUoI3ctBcJAeg== + +[digicert] +description = DigiCert Log Server +key = MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEAkbFvhu7gkAW6MHSrBlpE1n4+HCFRkC5OLAjgqhkTH+/uzSfSl8ois8ZxAD2NgaTZe1M9akhYlrYkes4JECs6A== + +[certly] +description = Certly.IO log +key = MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAECyPLhWKYYUgEc+tUXfPQB4wtGS2MNvXrjwFCCnyYJifBtd2Sk7Cu+Js9DNhMTh35FftHaHu6ZrclnNBKwmbbSA== + +[izempe] +description = Izempe log +key = MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEJ2Q5DC3cUBj4IQCiDu0s6j51up+TZAkAEcQRF6tczw90rLWXkJMAW7jr9yc92bIKgV8vDXU4lDeZHvYHduDuvg== + +[symantec] +description = Symantec log +key = MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEluqsHEYMG1XcDfy1lCdGV0JwOmkY4r87xNuroPS2bMBTP01CEDPwWJePa75y9CrsHEKqAy8afig1dpkIPSEUhg== + +[venafi] +description = Venafi log +key = MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAolpIHxdSlTXLo1s6H1OCdpSj/4DyHDc8wLG9wVmLqy1lk9fz4ATVmm+/1iN2Nk8jmctUKK2MFUtlWXZBSpym97M7frGlSaQXUWyA3CqQUEuIJOmlEjKTBEiQAvpfDjCHjlV2Be4qTM6jamkJbiWtgnYPhJL6ONaGTiSPm7Byy57iaz/hbckldSOIoRhYBiMzeNoA0DiRZ9KmfSeXZ1rB8y8X5urSW+iBzf2SaOfzBvDpcoTuAaWx2DPazoOl28fP1hZ+kHUYvxbcMjttjauCFx+JII0dmuZNIwjfeG/GBb9frpSX219k1O4Wi6OEbHEr8at/XQ0y7gTikOxBn/s5wQIDAQAB + diff --git a/openssl-1.1.0h/test/ct/tls1.sct b/openssl-1.1.0h/test/ct/tls1.sct new file mode 100644 index 0000000..59362dc --- /dev/null +++ b/openssl-1.1.0h/test/ct/tls1.sct @@ -0,0 +1,12 @@ +Signed Certificate Timestamp: + Version : v1 (0x0) + Log ID : DF:1C:2E:C1:15:00:94:52:47:A9:61:68:32:5D:DC:5C: + 79:59:E8:F7:C6:D3:88:FC:00:2E:0B:BD:3F:74:D7:64 + Timestamp : Apr 5 17:04:16.275 2013 GMT + Extensions: none + Signature : ecdsa-with-SHA256 + 30:45:02:20:48:2F:67:51:AF:35:DB:A6:54:36:BE:1F: + D6:64:0F:3D:BF:9A:41:42:94:95:92:45:30:28:8F:A3: + E5:E2:3E:06:02:21:00:E4:ED:C0:DB:3A:C5:72:B1:E2: + F5:E8:AB:6A:68:06:53:98:7D:CF:41:02:7D:FE:FF:A1: + 05:51:9D:89:ED:BF:08 \ No newline at end of file diff --git a/openssl-1.1.0h/test/ct_test.c b/openssl-1.1.0h/test/ct_test.c new file mode 100644 index 0000000..ea90923 --- /dev/null +++ b/openssl-1.1.0h/test/ct_test.c @@ -0,0 +1,607 @@ +/* + * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#include +#include +#include +#include +#include + +#include +#include +#include +#include +#include +#include "testutil.h" + +#ifndef OPENSSL_NO_CT + +/* Used when declaring buffers to read text files into */ +#define CT_TEST_MAX_FILE_SIZE 8096 + +static char *certs_dir = NULL; +static char *ct_dir = NULL; + +typedef struct ct_test_fixture { + const char *test_case_name; + /* The current time in milliseconds */ + uint64_t epoch_time_in_ms; + /* The CT log store to use during tests */ + CTLOG_STORE* ctlog_store; + /* Set the following to test handling of SCTs in X509 certificates */ + const char *certs_dir; + char *certificate_file; + char *issuer_file; + /* Expected number of SCTs */ + int expected_sct_count; + /* Expected number of valid SCTS */ + int expected_valid_sct_count; + /* Set the following to test handling of SCTs in TLS format */ + const unsigned char *tls_sct_list; + size_t tls_sct_list_len; + STACK_OF(SCT) *sct_list; + /* + * A file to load the expected SCT text from. + * This text will be compared to the actual text output during the test. + * A maximum of |CT_TEST_MAX_FILE_SIZE| bytes will be read of this file. + */ + const char *sct_dir; + const char *sct_text_file; + /* Whether to test the validity of the SCT(s) */ + int test_validity; +} CT_TEST_FIXTURE; + +static CT_TEST_FIXTURE set_up(const char *const test_case_name) +{ + CT_TEST_FIXTURE fixture; + int setup_ok = 1; + + memset(&fixture, 0, sizeof(fixture)); + + fixture.test_case_name = test_case_name; + fixture.epoch_time_in_ms = 1473269626000; /* Sep 7 17:33:46 2016 GMT */ + fixture.ctlog_store = CTLOG_STORE_new(); + + if (fixture.ctlog_store == NULL) { + setup_ok = 0; + fprintf(stderr, "Failed to create a new CT log store\n"); + goto end; + } + + if (CTLOG_STORE_load_default_file(fixture.ctlog_store) != 1) { + setup_ok = 0; + fprintf(stderr, "Failed to load CT log list\n"); + goto end; + } + +end: + if (!setup_ok) { + CTLOG_STORE_free(fixture.ctlog_store); + exit(EXIT_FAILURE); + } + return fixture; +} + +static void tear_down(CT_TEST_FIXTURE fixture) +{ + CTLOG_STORE_free(fixture.ctlog_store); + SCT_LIST_free(fixture.sct_list); + ERR_print_errors_fp(stderr); +} + +static char *mk_file_path(const char *dir, const char *file) +{ + char *full_file = NULL; + size_t full_file_l = 0; + const char *sep = ""; +#ifndef OPENSSL_SYS_VMS + sep = "/"; +#endif + + full_file_l = strlen(dir) + strlen(sep) + strlen(file) + 1; + full_file = OPENSSL_zalloc(full_file_l); + if (full_file != NULL) { + OPENSSL_strlcpy(full_file, dir, full_file_l); + OPENSSL_strlcat(full_file, sep, full_file_l); + OPENSSL_strlcat(full_file, file, full_file_l); + } + + return full_file; +} + +static X509 *load_pem_cert(const char *dir, const char *file) +{ + X509 *cert = NULL; + char *file_path = mk_file_path(dir, file); + + if (file_path != NULL) { + BIO *cert_io = BIO_new_file(file_path, "r"); + OPENSSL_free(file_path); + + if (cert_io != NULL) + cert = PEM_read_bio_X509(cert_io, NULL, NULL, NULL); + + BIO_free(cert_io); + } + return cert; +} + +static int read_text_file(const char *dir, const char *file, + char *buffer, int buffer_length) +{ + int result = -1; + char *file_path = mk_file_path(dir, file); + + if (file_path != NULL) { + BIO *file_io = BIO_new_file(file_path, "r"); + OPENSSL_free(file_path); + + if (file_io != NULL) { + result = BIO_read(file_io, buffer, buffer_length); + BIO_free(file_io); + } + } + + return result; +} + +static int compare_sct_list_printout(STACK_OF(SCT) *sct, + const char *expected_output) +{ + BIO *text_buffer = NULL; + char *actual_output = NULL; + int result = 1; + + text_buffer = BIO_new(BIO_s_mem()); + if (text_buffer == NULL) { + fprintf(stderr, "Unable to allocate buffer\n"); + goto end; + } + + SCT_LIST_print(sct, text_buffer, 0, "\n", NULL); + + /* Append null terminator because we're about to use the buffer contents + * as a string. */ + if (BIO_write(text_buffer, "\0", 1) != 1) { + fprintf(stderr, "Failed to append null terminator to SCT text\n"); + goto end; + } + + BIO_get_mem_data(text_buffer, &actual_output); + result = strcmp(actual_output, expected_output); + + if (result != 0) { + fprintf(stderr, + "Expected SCT printout:\n%s\nActual SCT printout:\n%s\n", + expected_output, actual_output); + } + +end: + BIO_free(text_buffer); + return result; +} + +static int compare_extension_printout(X509_EXTENSION *extension, + const char *expected_output) +{ + BIO *text_buffer = NULL; + char *actual_output = NULL; + int result = 1; + + text_buffer = BIO_new(BIO_s_mem()); + if (text_buffer == NULL) { + fprintf(stderr, "Unable to allocate buffer\n"); + goto end; + } + + if (!X509V3_EXT_print(text_buffer, extension, X509V3_EXT_DEFAULT, 0)) { + fprintf(stderr, "Failed to print extension\n"); + goto end; + } + + /* Append null terminator because we're about to use the buffer contents + * as a string. */ + if (BIO_write(text_buffer, "\0", 1) != 1) { + fprintf(stderr, + "Failed to append null terminator to extension text\n"); + goto end; + } + + BIO_get_mem_data(text_buffer, &actual_output); + result = strcmp(actual_output, expected_output); + + if (result != 0) { + fprintf(stderr, + "Expected SCT printout:\n%s\nActual SCT printout:\n%s\n", + expected_output, actual_output); + } + +end: + BIO_free(text_buffer); + return result; +} + +static int assert_validity(CT_TEST_FIXTURE fixture, + STACK_OF(SCT) *scts, + CT_POLICY_EVAL_CTX *policy_ctx) { + int invalid_sct_count = 0; + int valid_sct_count = 0; + int i; + + if (SCT_LIST_validate(scts, policy_ctx) < 0) { + fprintf(stderr, "Error verifying SCTs\n"); + return 0; + } + + for (i = 0; i < sk_SCT_num(scts); ++i) { + SCT *sct_i = sk_SCT_value(scts, i); + switch (SCT_get_validation_status(sct_i)) { + case SCT_VALIDATION_STATUS_VALID: + ++valid_sct_count; + break; + case SCT_VALIDATION_STATUS_INVALID: + ++invalid_sct_count; + break; + default: + /* Ignore other validation statuses. */ + break; + } + } + + if (valid_sct_count != fixture.expected_valid_sct_count) { + int unverified_sct_count = sk_SCT_num(scts) - + invalid_sct_count - valid_sct_count; + + fprintf(stderr, + "%d SCTs failed verification\n" + "%d SCTs passed verification (%d expected)\n" + "%d SCTs were unverified\n", + invalid_sct_count, + valid_sct_count, + fixture.expected_valid_sct_count, + unverified_sct_count); + return 0; + } + + return 1; +} + +static int execute_cert_test(CT_TEST_FIXTURE fixture) +{ + int success = 0; + X509 *cert = NULL, *issuer = NULL; + STACK_OF(SCT) *scts = NULL; + SCT *sct = NULL; + char expected_sct_text[CT_TEST_MAX_FILE_SIZE]; + int sct_text_len = 0; + unsigned char *tls_sct_list = NULL; + size_t tls_sct_list_len = 0; + CT_POLICY_EVAL_CTX *ct_policy_ctx = CT_POLICY_EVAL_CTX_new(); + + if (fixture.sct_text_file != NULL) { + sct_text_len = read_text_file(fixture.sct_dir, fixture.sct_text_file, + expected_sct_text, + CT_TEST_MAX_FILE_SIZE - 1); + + if (sct_text_len < 0) { + fprintf(stderr, "Test data file not found: %s\n", + fixture.sct_text_file); + goto end; + } + + expected_sct_text[sct_text_len] = '\0'; + } + + CT_POLICY_EVAL_CTX_set_shared_CTLOG_STORE( + ct_policy_ctx, fixture.ctlog_store); + + CT_POLICY_EVAL_CTX_set_time(ct_policy_ctx, fixture.epoch_time_in_ms); + + if (fixture.certificate_file != NULL) { + int sct_extension_index; + X509_EXTENSION *sct_extension = NULL; + cert = load_pem_cert(fixture.certs_dir, fixture.certificate_file); + + if (cert == NULL) { + fprintf(stderr, "Unable to load certificate: %s\n", + fixture.certificate_file); + goto end; + } + + CT_POLICY_EVAL_CTX_set1_cert(ct_policy_ctx, cert); + + if (fixture.issuer_file != NULL) { + issuer = load_pem_cert(fixture.certs_dir, fixture.issuer_file); + + if (issuer == NULL) { + fprintf(stderr, "Unable to load issuer certificate: %s\n", + fixture.issuer_file); + goto end; + } + + CT_POLICY_EVAL_CTX_set1_issuer(ct_policy_ctx, issuer); + } + + sct_extension_index = + X509_get_ext_by_NID(cert, NID_ct_precert_scts, -1); + sct_extension = X509_get_ext(cert, sct_extension_index); + if (fixture.expected_sct_count > 0) { + if (sct_extension == NULL) { + fprintf(stderr, "SCT extension not found in: %s\n", + fixture.certificate_file); + goto end; + } + + if (fixture.sct_text_file + && compare_extension_printout(sct_extension, + expected_sct_text)) { + goto end; + } + + if (fixture.test_validity) { + int i; + + scts = X509V3_EXT_d2i(sct_extension); + for (i = 0; i < sk_SCT_num(scts); ++i) { + SCT *sct_i = sk_SCT_value(scts, i); + + if (!SCT_set_source(sct_i, SCT_SOURCE_X509V3_EXTENSION)) { + fprintf(stderr, + "Error setting SCT source to X509v3 extension\n"); + goto end; + } + } + + if (!assert_validity(fixture, scts, ct_policy_ctx)) + goto end; + } + } else if (sct_extension != NULL) { + fprintf(stderr, + "Expected no SCTs, but found SCT extension in: %s\n", + fixture.certificate_file); + goto end; + } + } + + if (fixture.tls_sct_list != NULL) { + const unsigned char *p = fixture.tls_sct_list; + if (o2i_SCT_LIST(&scts, &p, fixture.tls_sct_list_len) == NULL) { + fprintf(stderr, "Failed to decode SCTs from TLS format\n"); + goto end; + } + + if (fixture.test_validity && cert != NULL) { + if (!assert_validity(fixture, scts, ct_policy_ctx)) + goto end; + } + + if (fixture.sct_text_file + && compare_sct_list_printout(scts, expected_sct_text)) { + goto end; + } + + tls_sct_list_len = i2o_SCT_LIST(scts, &tls_sct_list); + if (tls_sct_list_len != fixture.tls_sct_list_len || + memcmp(fixture.tls_sct_list, tls_sct_list, tls_sct_list_len) != 0) { + fprintf(stderr, + "Failed to encode SCTs into TLS format correctly\n"); + goto end; + } + } + success = 1; + +end: + X509_free(cert); + X509_free(issuer); + SCT_LIST_free(scts); + SCT_free(sct); + CT_POLICY_EVAL_CTX_free(ct_policy_ctx); + OPENSSL_free(tls_sct_list); + return success; +} + +#define SETUP_CT_TEST_FIXTURE() SETUP_TEST_FIXTURE(CT_TEST_FIXTURE, set_up) +#define EXECUTE_CT_TEST() EXECUTE_TEST(execute_cert_test, tear_down) + +static int test_no_scts_in_certificate() +{ + SETUP_CT_TEST_FIXTURE(); + fixture.certs_dir = certs_dir; + fixture.certificate_file = "leaf.pem"; + fixture.issuer_file = "subinterCA.pem"; + fixture.expected_sct_count = 0; + EXECUTE_CT_TEST(); +} + +static int test_one_sct_in_certificate() +{ + SETUP_CT_TEST_FIXTURE(); + fixture.certs_dir = certs_dir; + fixture.certificate_file = "embeddedSCTs1.pem"; + fixture.issuer_file = "embeddedSCTs1_issuer.pem"; + fixture.expected_sct_count = 1; + fixture.sct_dir = certs_dir; + fixture.sct_text_file = "embeddedSCTs1.sct"; + EXECUTE_CT_TEST(); +} + +static int test_multiple_scts_in_certificate() +{ + SETUP_CT_TEST_FIXTURE(); + fixture.certs_dir = certs_dir; + fixture.certificate_file = "embeddedSCTs3.pem"; + fixture.issuer_file = "embeddedSCTs3_issuer.pem"; + fixture.expected_sct_count = 3; + fixture.sct_dir = certs_dir; + fixture.sct_text_file = "embeddedSCTs3.sct"; + EXECUTE_CT_TEST(); +} + +static int test_verify_one_sct() +{ + SETUP_CT_TEST_FIXTURE(); + fixture.certs_dir = certs_dir; + fixture.certificate_file = "embeddedSCTs1.pem"; + fixture.issuer_file = "embeddedSCTs1_issuer.pem"; + fixture.expected_sct_count = fixture.expected_valid_sct_count = 1; + fixture.test_validity = 1; + EXECUTE_CT_TEST(); +} + +static int test_verify_multiple_scts() +{ + SETUP_CT_TEST_FIXTURE(); + fixture.certs_dir = certs_dir; + fixture.certificate_file = "embeddedSCTs3.pem"; + fixture.issuer_file = "embeddedSCTs3_issuer.pem"; + fixture.expected_sct_count = fixture.expected_valid_sct_count = 3; + fixture.test_validity = 1; + EXECUTE_CT_TEST(); +} + +static int test_verify_fails_for_future_sct() +{ + SETUP_CT_TEST_FIXTURE(); + fixture.epoch_time_in_ms = 1365094800000; /* Apr 4 17:00:00 2013 GMT */ + fixture.certs_dir = certs_dir; + fixture.certificate_file = "embeddedSCTs1.pem"; + fixture.issuer_file = "embeddedSCTs1_issuer.pem"; + fixture.expected_sct_count = 1; + fixture.expected_valid_sct_count = 0; + fixture.test_validity = 1; + EXECUTE_CT_TEST(); +} + +static int test_decode_tls_sct() +{ + const unsigned char tls_sct_list[] = "\x00\x78" /* length of list */ + "\x00\x76" + "\x00" /* version */ + /* log ID */ + "\xDF\x1C\x2E\xC1\x15\x00\x94\x52\x47\xA9\x61\x68\x32\x5D\xDC\x5C\x79" + "\x59\xE8\xF7\xC6\xD3\x88\xFC\x00\x2E\x0B\xBD\x3F\x74\xD7\x64" + "\x00\x00\x01\x3D\xDB\x27\xDF\x93" /* timestamp */ + "\x00\x00" /* extensions length */ + "" /* extensions */ + "\x04\x03" /* hash and signature algorithms */ + "\x00\x47" /* signature length */ + /* signature */ + "\x30\x45\x02\x20\x48\x2F\x67\x51\xAF\x35\xDB\xA6\x54\x36\xBE\x1F\xD6" + "\x64\x0F\x3D\xBF\x9A\x41\x42\x94\x95\x92\x45\x30\x28\x8F\xA3\xE5\xE2" + "\x3E\x06\x02\x21\x00\xE4\xED\xC0\xDB\x3A\xC5\x72\xB1\xE2\xF5\xE8\xAB" + "\x6A\x68\x06\x53\x98\x7D\xCF\x41\x02\x7D\xFE\xFF\xA1\x05\x51\x9D\x89" + "\xED\xBF\x08"; + + SETUP_CT_TEST_FIXTURE(); + fixture.tls_sct_list = tls_sct_list; + fixture.tls_sct_list_len = 0x7a; + fixture.sct_dir = ct_dir; + fixture.sct_text_file = "tls1.sct"; + EXECUTE_CT_TEST(); +} + +static int test_encode_tls_sct() +{ + const char log_id[] = "3xwuwRUAlFJHqWFoMl3cXHlZ6PfG04j8AC4LvT9012Q="; + const uint64_t timestamp = 1; + const char extensions[] = ""; + const char signature[] = "BAMARzBAMiBIL2dRrzXbplQ2vh/WZA89v5pBQpSVkkUwKI+j5" + "eI+BgIhAOTtwNs6xXKx4vXoq2poBlOYfc9BAn3+/6EFUZ2J7b8I"; + SCT *sct = NULL; + + SETUP_CT_TEST_FIXTURE(); + + fixture.sct_list = sk_SCT_new_null(); + sct = SCT_new_from_base64(SCT_VERSION_V1, log_id, + CT_LOG_ENTRY_TYPE_X509, timestamp, + extensions, signature); + + if (sct == NULL) { + tear_down(fixture); + fprintf(stderr, "Failed to create SCT from base64-encoded test data\n"); + return 0; + } + + sk_SCT_push(fixture.sct_list, sct); + fixture.sct_dir = ct_dir; + fixture.sct_text_file = "tls1.sct"; + EXECUTE_CT_TEST(); +} + +/* + * Tests that the CT_POLICY_EVAL_CTX default time is approximately now. + * Allow +-10 minutes, as it may compensate for clock skew. + */ +static int test_default_ct_policy_eval_ctx_time_is_now() +{ + int success = 0; + CT_POLICY_EVAL_CTX *ct_policy_ctx = CT_POLICY_EVAL_CTX_new(); + const time_t default_time = CT_POLICY_EVAL_CTX_get_time(ct_policy_ctx) / + 1000; + const time_t time_tolerance = 600; /* 10 minutes */ + + if (fabs(difftime(time(NULL), default_time)) > time_tolerance) { + fprintf(stderr, + "Default CT_POLICY_EVAL_CTX time is not approximately now.\n"); + goto end; + } + + success = 1; +end: + CT_POLICY_EVAL_CTX_free(ct_policy_ctx); + return success; +} + +int main(int argc, char *argv[]) +{ + int result = 0; + char *tmp_env = NULL; + + tmp_env = getenv("OPENSSL_DEBUG_MEMORY"); + if (tmp_env != NULL && strcmp(tmp_env, "on") == 0) + CRYPTO_set_mem_debug(1); + CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON); + + tmp_env = getenv("CT_DIR"); + ct_dir = OPENSSL_strdup(tmp_env != NULL ? tmp_env : "ct"); + tmp_env = getenv("CERTS_DIR"); + certs_dir = OPENSSL_strdup(tmp_env != NULL ? tmp_env : "certs"); + + ADD_TEST(test_no_scts_in_certificate); + ADD_TEST(test_one_sct_in_certificate); + ADD_TEST(test_multiple_scts_in_certificate); + ADD_TEST(test_verify_one_sct); + ADD_TEST(test_verify_multiple_scts); + ADD_TEST(test_verify_fails_for_future_sct); + ADD_TEST(test_decode_tls_sct); + ADD_TEST(test_encode_tls_sct); + ADD_TEST(test_default_ct_policy_eval_ctx_time_is_now); + + result = run_tests(argv[0]); + ERR_print_errors_fp(stderr); + + OPENSSL_free(ct_dir); + OPENSSL_free(certs_dir); + +#ifndef OPENSSL_NO_CRYPTO_MDEBUG + if (CRYPTO_mem_leaks_fp(stderr) <= 0) + result = 1; +#endif + + return result; +} + +#else /* OPENSSL_NO_CT */ + +int main(int argc, char* argv[]) +{ + return EXIT_SUCCESS; +} + +#endif /* OPENSSL_NO_CT */ diff --git a/openssl-1.1.0h/test/d2i-tests/bad-cms.der b/openssl-1.1.0h/test/d2i-tests/bad-cms.der new file mode 100644 index 0000000..19cd3cc Binary files /dev/null and b/openssl-1.1.0h/test/d2i-tests/bad-cms.der differ diff --git a/openssl-1.1.0h/test/d2i-tests/bad-int-pad0.der b/openssl-1.1.0h/test/d2i-tests/bad-int-pad0.der new file mode 100644 index 0000000..46f6092 Binary files /dev/null and b/openssl-1.1.0h/test/d2i-tests/bad-int-pad0.der differ diff --git a/openssl-1.1.0h/test/d2i-tests/bad-int-padminus1.der b/openssl-1.1.0h/test/d2i-tests/bad-int-padminus1.der new file mode 100644 index 0000000..a4b6bb9 Binary files /dev/null and b/openssl-1.1.0h/test/d2i-tests/bad-int-padminus1.der differ diff --git a/openssl-1.1.0h/test/d2i-tests/bad_bio.der b/openssl-1.1.0h/test/d2i-tests/bad_bio.der new file mode 100644 index 0000000..8681f05 Binary files /dev/null and b/openssl-1.1.0h/test/d2i-tests/bad_bio.der differ diff --git a/openssl-1.1.0h/test/d2i-tests/bad_cert.der b/openssl-1.1.0h/test/d2i-tests/bad_cert.der new file mode 100644 index 0000000..f75efad Binary files /dev/null and b/openssl-1.1.0h/test/d2i-tests/bad_cert.der differ diff --git a/openssl-1.1.0h/test/d2i-tests/bad_generalname.der b/openssl-1.1.0h/test/d2i-tests/bad_generalname.der new file mode 100644 index 0000000..af45855 Binary files /dev/null and b/openssl-1.1.0h/test/d2i-tests/bad_generalname.der differ diff --git a/openssl-1.1.0h/test/d2i-tests/high_tag.der b/openssl-1.1.0h/test/d2i-tests/high_tag.der new file mode 100644 index 0000000..5c523ec Binary files /dev/null and b/openssl-1.1.0h/test/d2i-tests/high_tag.der differ diff --git a/openssl-1.1.0h/test/d2i-tests/int0.der b/openssl-1.1.0h/test/d2i-tests/int0.der new file mode 100644 index 0000000..bbfb76b Binary files /dev/null and b/openssl-1.1.0h/test/d2i-tests/int0.der differ diff --git a/openssl-1.1.0h/test/d2i-tests/int1.der b/openssl-1.1.0h/test/d2i-tests/int1.der new file mode 100644 index 0000000..26dd6b1 Binary files /dev/null and b/openssl-1.1.0h/test/d2i-tests/int1.der differ diff --git a/openssl-1.1.0h/test/d2i-tests/intminus1.der b/openssl-1.1.0h/test/d2i-tests/intminus1.der new file mode 100644 index 0000000..e7c1cea Binary files /dev/null and b/openssl-1.1.0h/test/d2i-tests/intminus1.der differ diff --git a/openssl-1.1.0h/test/d2i_test.c b/openssl-1.1.0h/test/d2i_test.c new file mode 100644 index 0000000..5274270 --- /dev/null +++ b/openssl-1.1.0h/test/d2i_test.c @@ -0,0 +1,222 @@ +/* + * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +/* Regression tests for ASN.1 parsing bugs. */ + +#include +#include + +#include "testutil.h" + +#include +#include +#include +#include +#include +#include +#ifndef OPENSSL_NO_CMS +# include +#endif +#include "e_os.h" + +static const ASN1_ITEM *item_type; +static const char *test_file; + +typedef enum { + ASN1_UNKNOWN, + ASN1_OK, + ASN1_BIO, + ASN1_DECODE, + ASN1_ENCODE, + ASN1_COMPARE +} expected_error_t; + +typedef struct { + const char *str; + expected_error_t code; +} error_enum; + +static expected_error_t expected_error = ASN1_UNKNOWN; + +typedef struct d2i_test_fixture { + const char *test_case_name; +} D2I_TEST_FIXTURE; + +static D2I_TEST_FIXTURE set_up(const char *const test_case_name) +{ + D2I_TEST_FIXTURE fixture; + fixture.test_case_name = test_case_name; + return fixture; +} + +static int execute_test(D2I_TEST_FIXTURE fixture) +{ + BIO *bio = NULL; + ASN1_VALUE *value = NULL; + int ret = 0; + unsigned char buf[2048]; + const unsigned char *buf_ptr = buf; + unsigned char *der = NULL; + int derlen; + int len; + + if ((bio = BIO_new_file(test_file, "r")) == NULL) + return 0; + + if (expected_error == ASN1_BIO) { + value = ASN1_item_d2i_bio(item_type, bio, NULL); + if (value == NULL) + ret = 1; + goto err; + } + + /* + * Unless we are testing it we don't use ASN1_item_d2i_bio because it + * performs sanity checks on the input and can reject it before the + * decoder is called. + */ + len = BIO_read(bio, buf, sizeof(buf)); + if (len < 0) + goto err; + + value = ASN1_item_d2i(NULL, &buf_ptr, len, item_type); + if (value == NULL) { + if (expected_error == ASN1_DECODE) + ret = 1; + goto err; + } + + derlen = ASN1_item_i2d(value, &der, item_type); + + if (der == NULL || derlen < 0) { + if (expected_error == ASN1_ENCODE) + ret = 1; + goto err; + } + + if (derlen != len || memcmp(der, buf, derlen) != 0) { + if (expected_error == ASN1_COMPARE) + ret = 1; + goto err; + } + + if (expected_error == ASN1_OK) + ret = 1; + + err: + /* Don't indicate success for memory allocation errors */ + if (ret == 1 && ERR_GET_REASON(ERR_peek_error()) == ERR_R_MALLOC_FAILURE) + ret = 0; + BIO_free(bio); + OPENSSL_free(der); + ASN1_item_free(value, item_type); + return ret; +} + +static void tear_down(D2I_TEST_FIXTURE fixture) +{ + ERR_print_errors_fp(stderr); +} + +#define SETUP_D2I_TEST_FIXTURE() \ + SETUP_TEST_FIXTURE(D2I_TEST_FIXTURE, set_up) + +#define EXECUTE_D2I_TEST() \ + EXECUTE_TEST(execute_test, tear_down) + +static int test_bad_asn1() +{ + SETUP_D2I_TEST_FIXTURE(); + EXECUTE_D2I_TEST(); +} + +/* + * Usage: d2i_test , e.g. + * d2i_test generalname bad_generalname.der + */ +int main(int argc, char **argv) +{ + int result = 0; + const char *test_type_name; + const char *expected_error_string; + const char *p = getenv("OPENSSL_DEBUG_MEMORY"); + + size_t i; + static ASN1_ITEM_EXP *items[] = { + ASN1_ITEM_ref(ASN1_ANY), + ASN1_ITEM_ref(X509), + ASN1_ITEM_ref(GENERAL_NAME), + ASN1_ITEM_ref(ASN1_INTEGER), +#ifndef OPENSSL_NO_CMS + ASN1_ITEM_ref(CMS_ContentInfo) +#endif + }; + + static error_enum expected_errors[] = { + {"OK", ASN1_OK}, + {"BIO", ASN1_BIO}, + {"decode", ASN1_DECODE}, + {"encode", ASN1_ENCODE}, + {"compare", ASN1_COMPARE} + }; + + if (p != NULL && strcmp(p, "on") == 0) + CRYPTO_set_mem_debug(1); + CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON); + + if (argc != 4) { + fprintf(stderr, + "Usage: d2i_test item_name expected_error file.der\n"); + return 1; + } + + test_type_name = argv[1]; + expected_error_string = argv[2]; + test_file = argv[3]; + + for (i = 0; i < OSSL_NELEM(items); i++) { + const ASN1_ITEM *it = ASN1_ITEM_ptr(items[i]); + if (strcmp(test_type_name, it->sname) == 0) { + item_type = it; + break; + } + } + if (item_type == NULL) { + fprintf(stderr, "Unknown type %s\n", test_type_name); + fprintf(stderr, "Supported types:\n"); + for (i = 0; i < OSSL_NELEM(items); i++) { + const ASN1_ITEM *it = ASN1_ITEM_ptr(items[i]); + fprintf(stderr, "\t%s\n", it->sname); + } + return 1; + } + + for (i = 0; i < OSSL_NELEM(expected_errors); i++) { + if (strcmp(expected_errors[i].str, expected_error_string) == 0) { + expected_error = expected_errors[i].code; + break; + } + } + + if (expected_error == ASN1_UNKNOWN) { + fprintf(stderr, "Unknown expected error %s\n", expected_error_string); + return 1; + } + + ADD_TEST(test_bad_asn1); + + result = run_tests(argv[0]); + +#ifndef OPENSSL_NO_CRYPTO_MDEBUG + if (CRYPTO_mem_leaks_fp(stderr) <= 0) + result = 1; +#endif + + return result; +} diff --git a/openssl-1.1.0h/test/danetest.c b/openssl-1.1.0h/test/danetest.c new file mode 100644 index 0000000..7fa6a2f --- /dev/null +++ b/openssl-1.1.0h/test/danetest.c @@ -0,0 +1,504 @@ +/* + * Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#include +#include +#include +#include +#include + +#include +#include +#include +#include +#include +#include +#ifndef OPENSSL_NO_ENGINE +#include +#endif + +#include "../e_os.h" + +#define _UC(c) ((unsigned char)(c)) + +static const char *progname; + +/* + * Forward declaration, of function that uses internal interfaces, from headers + * included at the end of this module. + */ +static void store_ctx_dane_init(X509_STORE_CTX *, SSL *); + +static int saved_errno; + +static void save_errno(void) +{ + saved_errno = errno; +} + +static int restore_errno(void) +{ + int ret = errno; + errno = saved_errno; + return ret; +} + +static void test_usage(void) +{ + fprintf(stderr, "usage: %s: danetest basedomain CAfile tlsafile\n", progname); +} + +static void print_errors(void) +{ + unsigned long err; + char buffer[1024]; + const char *file; + const char *data; + int line; + int flags; + + while ((err = ERR_get_error_line_data(&file, &line, &data, &flags)) != 0) { + ERR_error_string_n(err, buffer, sizeof(buffer)); + if (flags & ERR_TXT_STRING) + fprintf(stderr, "Error: %s:%s:%d:%s\n", buffer, file, line, data); + else + fprintf(stderr, "Error: %s:%s:%d\n", buffer, file, line); + } +} + +static int verify_chain(SSL *ssl, STACK_OF(X509) *chain) +{ + int ret = -1; + X509_STORE_CTX *store_ctx; + SSL_CTX *ssl_ctx = SSL_get_SSL_CTX(ssl); + X509_STORE *store = SSL_CTX_get_cert_store(ssl_ctx); + int store_ctx_idx = SSL_get_ex_data_X509_STORE_CTX_idx(); + X509 *cert = sk_X509_value(chain, 0); + + if ((store_ctx = X509_STORE_CTX_new()) == NULL) + return -1; + + if (!X509_STORE_CTX_init(store_ctx, store, cert, chain)) + goto end; + if (!X509_STORE_CTX_set_ex_data(store_ctx, store_ctx_idx, ssl)) + goto end; + + X509_STORE_CTX_set_default(store_ctx, + SSL_is_server(ssl) ? "ssl_client" : "ssl_server"); + X509_VERIFY_PARAM_set1(X509_STORE_CTX_get0_param(store_ctx), + SSL_get0_param(ssl)); + store_ctx_dane_init(store_ctx, ssl); + + if (SSL_get_verify_callback(ssl)) + X509_STORE_CTX_set_verify_cb(store_ctx, SSL_get_verify_callback(ssl)); + + ret = X509_verify_cert(store_ctx); + + SSL_set_verify_result(ssl, X509_STORE_CTX_get_error(store_ctx)); + X509_STORE_CTX_cleanup(store_ctx); +end: + X509_STORE_CTX_free(store_ctx); + + return (ret); +} + +static STACK_OF(X509) *load_chain(BIO *fp, int nelem) +{ + int count; + char *name = 0; + char *header = 0; + unsigned char *data = 0; + long len; + char *errtype = 0; /* if error: cert or pkey? */ + STACK_OF(X509) *chain; + typedef X509 *(*d2i_X509_t)(X509 **, const unsigned char **, long); + + if ((chain = sk_X509_new_null()) == 0) { + perror("malloc"); + exit(1); + } + + for (count = 0; + count < nelem && errtype == 0 + && PEM_read_bio(fp, &name, &header, &data, &len); + ++count) { + const unsigned char *p = data; + + if (strcmp(name, PEM_STRING_X509) == 0 + || strcmp(name, PEM_STRING_X509_TRUSTED) == 0 + || strcmp(name, PEM_STRING_X509_OLD) == 0) { + d2i_X509_t d = strcmp(name, PEM_STRING_X509_TRUSTED) ? + d2i_X509_AUX : d2i_X509; + X509 *cert = d(0, &p, len); + + if (cert == 0 || (p - data) != len) + errtype = "certificate"; + else if (sk_X509_push(chain, cert) == 0) { + perror("malloc"); + goto err; + } + } else { + fprintf(stderr, "unexpected chain file object: %s\n", name); + goto err; + } + + /* + * If any of these were null, PEM_read() would have failed. + */ + OPENSSL_free(name); + OPENSSL_free(header); + OPENSSL_free(data); + } + + if (errtype) { + fprintf(stderr, "error reading: malformed %s\n", errtype); + goto err; + } + + if (count == nelem) { + ERR_clear_error(); + return chain; + } + +err: + /* Some other PEM read error */ + sk_X509_pop_free(chain, X509_free); + print_errors(); + return NULL; +} + +static char *read_to_eol(BIO *f) +{ + static char buf[1024]; + int n; + + if (!BIO_gets(f, buf, sizeof(buf))) + return NULL; + + n = strlen(buf); + + if (buf[n-1] != '\n') { + if (n+1 == sizeof(buf)) { + fprintf(stderr, "%s: warning: input too long\n", progname); + } else { + fprintf(stderr, "%s: warning: EOF before newline\n", progname); + } + return NULL; + } + + /* Trim trailing whitespace */ + while (n > 0 && isspace(_UC(buf[n-1]))) + buf[--n] = '\0'; + + return buf; +} + +/* + * Hex decoder that tolerates optional whitespace + */ +static ossl_ssize_t hexdecode(const char *in, void *result) +{ + unsigned char **out = (unsigned char **)result; + unsigned char *ret = OPENSSL_malloc(strlen(in)/2); + unsigned char *cp = ret; + uint8_t byte; + int nibble = 0; + + if (ret == NULL) + return -1; + + for (byte = 0; *in; ++in) { + int x; + + if (isspace(_UC(*in))) + continue; + x = OPENSSL_hexchar2int(*in); + if (x < 0) { + OPENSSL_free(ret); + return 0; + } + byte |= (char)x; + if ((nibble ^= 1) == 0) { + *cp++ = byte; + byte = 0; + } else { + byte <<= 4; + } + } + if (nibble != 0) { + OPENSSL_free(ret); + return 0; + } + + return cp - (*out = ret); +} + +static ossl_ssize_t checked_uint8(const char *in, void *out) +{ + uint8_t *result = (uint8_t *)out; + const char *cp = in; + char *endp; + long v; + int e; + + save_errno(); + v = strtol(cp, &endp, 10); + e = restore_errno(); + + if (((v == LONG_MIN || v == LONG_MAX) && e == ERANGE) || + endp == cp || !isspace(_UC(*endp)) || + v != (*(uint8_t *)result = (uint8_t) v)) { + return -1; + } + for (cp = endp; isspace(_UC(*cp)); ++cp) + continue; + return cp - in; +} + +struct tlsa_field { + void *var; + const char *name; + ossl_ssize_t (*parser)(const char *, void *); +}; + +static int tlsa_import_rr(SSL *ssl, const char *rrdata) +{ + static uint8_t usage; + static uint8_t selector; + static uint8_t mtype; + static unsigned char *data = NULL; + static struct tlsa_field tlsa_fields[] = { + { &usage, "usage", checked_uint8 }, + { &selector, "selector", checked_uint8 }, + { &mtype, "mtype", checked_uint8 }, + { &data, "data", hexdecode }, + { NULL, } + }; + int ret; + struct tlsa_field *f; + const char *cp = rrdata; + ossl_ssize_t len = 0; + + for (f = tlsa_fields; f->var; ++f) { + if ((len = f->parser(cp += len, f->var)) <= 0) { + fprintf(stderr, "%s: warning: bad TLSA %s field in: %s\n", + progname, f->name, rrdata); + return 0; + } + } + ret = SSL_dane_tlsa_add(ssl, usage, selector, mtype, data, len); + OPENSSL_free(data); + + if (ret == 0) { + print_errors(); + fprintf(stderr, "%s: warning: unusable TLSA rrdata: %s\n", + progname, rrdata); + return 0; + } + if (ret < 0) { + fprintf(stderr, "%s: warning: error loading TLSA rrdata: %s\n", + progname, rrdata); + return 0; + } + return ret; +} + +static int allws(const char *cp) +{ + while (*cp) + if (!isspace(_UC(*cp++))) + return 0; + return 1; +} + +static int test_tlsafile(SSL_CTX *ctx, const char *base_name, + BIO *f, const char *path) +{ + char *line; + int testno = 0; + int ret = 1; + SSL *ssl; + + while (ret > 0 && (line = read_to_eol(f)) != NULL) { + STACK_OF(X509) *chain; + int ntlsa; + int ncert; + int noncheck; + int want; + int want_depth; + int off; + int i; + int ok; + int err; + int mdpth; + + if (*line == '\0' || *line == '#') + continue; + + ++testno; + if (sscanf(line, "%d %d %d %d %d%n", + &ntlsa, &ncert, &noncheck, &want, &want_depth, &off) != 5 + || !allws(line + off)) { + fprintf(stderr, "Expected tlsa count, cert count and result" + " at test %d of %s\n", testno, path); + return 0; + } + + if ((ssl = SSL_new(ctx)) == NULL) + return -1; + SSL_set_connect_state(ssl); + if (SSL_dane_enable(ssl, base_name) <= 0) { + SSL_free(ssl); + return -1; + } + if (noncheck) + SSL_dane_set_flags(ssl, DANE_FLAG_NO_DANE_EE_NAMECHECKS); + + for (i = 0; i < ntlsa; ++i) { + if ((line = read_to_eol(f)) == NULL || !tlsa_import_rr(ssl, line)) { + SSL_free(ssl); + return 0; + } + } + + /* Don't report old news */ + ERR_clear_error(); + chain = load_chain(f, ncert); + if (chain == NULL) { + SSL_free(ssl); + return -1; + } + + ok = verify_chain(ssl, chain); + sk_X509_pop_free(chain, X509_free); + err = SSL_get_verify_result(ssl); + /* + * Peek under the hood, normally TLSA match data is hidden when + * verification fails, we can obtain any suppressed data by setting the + * verification result to X509_V_OK before looking. + */ + SSL_set_verify_result(ssl, X509_V_OK); + mdpth = SSL_get0_dane_authority(ssl, NULL, NULL); + /* Not needed any more, but lead by example and put the error back. */ + SSL_set_verify_result(ssl, err); + SSL_free(ssl); + + if (ok < 0) { + ret = 0; + fprintf(stderr, "verify_chain internal error in %s test %d\n", + path, testno); + print_errors(); + continue; + } + if (err != want || (want == 0 && !ok)) { + ret = 0; + if (err != want) { + if (want == X509_V_OK) + fprintf(stderr, "Verification failure in %s test %d: %d: %s\n", + path, testno, err, X509_verify_cert_error_string(err)); + else + fprintf(stderr, "Unexpected error in %s test %d: %d: wanted %d\n", + path, testno, err, want); + } else { + fprintf(stderr, "Verification failure in %s test %d: ok=0\n", + path, testno); + } + print_errors(); + continue; + } + if (mdpth != want_depth) { + ret = 0; + fprintf(stderr, "Wrong match depth, in %s test %d: wanted %d, got: %d\n", + path, testno, want_depth, mdpth); + } + fprintf(stderr, "%s: test %d successful\n", path, testno); + } + ERR_clear_error(); + + return ret; +} + +int main(int argc, char *argv[]) +{ + BIO *f; + BIO *bio_err; + SSL_CTX *ctx = NULL; + const char *basedomain; + const char *CAfile; + const char *tlsafile; + const char *p; + int ret = 1; + + progname = argv[0]; + if (argc != 4) { + test_usage(); + EXIT(ret); + } + basedomain = argv[1]; + CAfile = argv[2]; + tlsafile = argv[3]; + + bio_err = BIO_new_fp(stderr, BIO_NOCLOSE | BIO_FP_TEXT); + + p = getenv("OPENSSL_DEBUG_MEMORY"); + if (p != NULL && strcmp(p, "on") == 0) + CRYPTO_set_mem_debug(1); + CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON); + + f = BIO_new_file(tlsafile, "r"); + if (f == NULL) { + fprintf(stderr, "%s: Error opening tlsa record file: '%s': %s\n", + progname, tlsafile, strerror(errno)); + EXIT(ret); + } + + ctx = SSL_CTX_new(TLS_client_method()); + if (SSL_CTX_dane_enable(ctx) <= 0) { + print_errors(); + goto end; + } + if (!SSL_CTX_load_verify_locations(ctx, CAfile, NULL)) { + print_errors(); + goto end; + } + if ((SSL_CTX_dane_mtype_set(ctx, EVP_sha512(), 2, 1)) <= 0) { + print_errors(); + goto end; + } + if ((SSL_CTX_dane_mtype_set(ctx, EVP_sha256(), 1, 2)) <= 0) { + print_errors(); + goto end; + } + + if (test_tlsafile(ctx, basedomain, f, tlsafile) <= 0) { + print_errors(); + goto end; + } + + ret = 0; + +end: + + BIO_free(f); + SSL_CTX_free(ctx); + +#ifndef OPENSSL_NO_CRYPTO_MDEBUG + if (CRYPTO_mem_leaks(bio_err) <= 0) + ret = 1; +#endif + BIO_free(bio_err); + EXIT(ret); +} + +#include + +static void store_ctx_dane_init(X509_STORE_CTX *store_ctx, SSL *ssl) +{ + X509_STORE_CTX_set0_dane(store_ctx, SSL_get0_dane(ssl)); +} diff --git a/openssl-1.1.0h/test/danetest.in b/openssl-1.1.0h/test/danetest.in new file mode 100644 index 0000000..0cedf10 --- /dev/null +++ b/openssl-1.1.0h/test/danetest.in @@ -0,0 +1,1878 @@ +# Copyright 2016-2016 The OpenSSL Project Authors. All Rights Reserved. +# +# Licensed under the OpenSSL license (the "License"). You may not use +# this file except in compliance with the License. You can obtain a copy +# in the file LICENSE in the source distribution or at +# https://www.openssl.org/source/license.html +# +# Blank and comment lines ignored. +# +# The first line in each block takes the form: +# +# +# +# It is followed by lines of the form: +# +# +# +# and finally, by certificates. + +# Test chain matching TLSA records +# -- +# subject= CN = example.com +# 3 0 0 308201943082013BA003020102020102300A06082A8648CE3D04030230143112301006035504030C094973737565722043413020170D3135313231333233323335325A180F33303135303431353233323335325A30163114301206035504030C0B6578616D706C652E636F6D3059301306072A8648CE3D020106082A8648CE3D03010703420004664995F47BDE35E7B4DE48B258E9E8A07ADEBBDB863B3D06F481A1946C83DA9F56CFF4D9389B855D2F364B1585B0C734FCFA263026964FF5A4308B3FC879BDB8A37A3078301D0603551D0E041604145B20CA417D9088C7A4C017CB6C0C1C739BB07D8A301F0603551D230418301680147AB75A3CD295CA5DF7C5150916E18FF5CC376A1530090603551D130402300030130603551D25040C300A06082B0601050507030130160603551D11040F300D820B6578616D706C652E636F6D300A06082A8648CE3D0403020347003044021F21C9032A5C8A93872D3F4AEF321A9574DD956D43BD93C369944C72D6902858022100C8B3290D7AF37E571A84D704DBAD339D2987D41852DC5936F212947063911181 +# 3 0 1 BEDC04764CECAE80AEE454D332758F50847DCA424216466E4012E0DEAE1F2E5F +# 3 0 2 F756CCD61F3CA50D017653911701CA0052AF0B29E273DD263DD23643D86D4369D03686BD1369EF54BB2DC2DAE3CE4F05AF39D54648F94D54AA86B259AEAD9923 +# 3 1 0 3059301306072A8648CE3D020106082A8648CE3D03010703420004664995F47BDE35E7B4DE48B258E9E8A07ADEBBDB863B3D06F481A1946C83DA9F56CFF4D9389B855D2F364B1585B0C734FCFA263026964FF5A4308B3FC879BDB8 +# 3 1 1 3111668338043DE264D0256A702248696C9484B6221A42740F920187B4C61838 +# 3 1 2 CB861AF6DDED185EE04472A9092052CCC735120C34785E72C996C94B122EBA6F329BE630B1B4C6E2756E7A75392C21E253C6AEACC31FD45FF4595DED375FAF62 +# -- +# subject= CN = Issuer CA +# 2 0 0 308201683082010DA003020102020102300A06082A8648CE3D04030230123110300E06035504030C07526F6F742043413020170D3135313231333233323030395A180F33303135303431353233323030395A30143112301006035504030C094973737565722043413059301306072A8648CE3D020106082A8648CE3D030107034200047D4BAE18B49F5DC69D0A3C85C66A3E2119DE92CFAD081FAD55C12D510EC97B6C00E13695A8D9713548FE60DF15573390433E2A1BD92DB4B7AA016EC6185DC5AFA350304E301D0603551D0E041604147AB75A3CD295CA5DF7C5150916E18FF5CC376A15301F0603551D23041830168014E4BD405F052A820DDF9883F93D7D3F90AAEC723F300C0603551D13040530030101FF300A06082A8648CE3D0403020349003046022100831DCD882DA8785D50E41020898C0248879DDDF72D701D1DC1DE6BE08155B43E022100B84B2FB519C4CD3CBC791603D4488F7707597DB7980D9C173E7FDD0ECD7CA308 +# 2 0 1 0DAA76425A1FC398C55A643D5A2485AE4CC2B64B9515A75054722B2E83C31BBD +# 2 0 2 6BC0C0F2500320A49392910965263A3EBDD594173D3E36CCE38A003D2EC3FAFBC315EDB776CD3139637DF494FB60359601542A4F821BF0542F926E6270C9762C +# 2 1 0 3059301306072A8648CE3D020106082A8648CE3D030107034200047D4BAE18B49F5DC69D0A3C85C66A3E2119DE92CFAD081FAD55C12D510EC97B6C00E13695A8D9713548FE60DF15573390433E2A1BD92DB4B7AA016EC6185DC5AF +# 2 1 1 65A457617072DA3E7F1152471EB3D406526530097D0A9AA34EB47C990A1FCDA3 +# 2 1 2 1F484106F765B6F1AC483CC509CDAD36486A83D1BA115F562516F407C1109303658408B455824DA0785A252B205DBEECB1AFB5DB869E8AAC242091B63F258F05 +# -- +# subject= CN = Root CA +# 2 0 0 308201643082010BA003020102020101300A06082A8648CE3D04030230123110300E06035504030C07526F6F742043413020170D3135313231333233313330385A180F33303135303431353233313330385A30123110300E06035504030C07526F6F742043413059301306072A8648CE3D020106082A8648CE3D03010703420004D1DA578FD18FB86456B0D91B5656BDD68D4DDBD250E337571127C75E0560F41D0AF91BFAF8805F80C28C026A14D4FE8C30A9673B9EC0C05A84AA810D1341B76CA350304E301D0603551D0E04160414E4BD405F052A820DDF9883F93D7D3F90AAEC723F301F0603551D23041830168014E4BD405F052A820DDF9883F93D7D3F90AAEC723F300C0603551D13040530030101FF300A06082A8648CE3D040302034700304402206869E6AA9F9B4D4BF308091A5A7AB2C30E3619B0D75E528819468E4BB926F4C9022017F1B8458611966FBC109CAED3582966BF25FC0598EABA6C793C58DCC3537CC5 +# 2 0 1 FE7C8E01110627A782765E468D8CB4D2CC7907EAC4BA5974CD92B540ED2AAC3C +# 2 0 2 361029F20A3B59DAFAAF05D41811EFC1A9439B972BC6B9D7F13BC5469570E49ACAE0CB0C877C75D58346590EA950AC7A39AED6E8AA8004EA7F5DE3AB9462047E +# 2 1 0 3059301306072A8648CE3D020106082A8648CE3D03010703420004D1DA578FD18FB86456B0D91B5656BDD68D4DDBD250E337571127C75E0560F41D0AF91BFAF8805F80C28C026A14D4FE8C30A9673B9EC0C05A84AA810D1341B76C +# 2 1 1 91D942E4A2D4226DDAF28CADAA7F13018E4ED0D9A43A529247E51C965188576C +# 2 1 2 5F414D4D7BFDF22E39952D9F46C51370FDD050F10C55B4CDB42E40FA98611FDE23EEE9B23315EE1ECDB198C7419E9A2D6742860E4806AF45164507799C3B452E + +# Renumber: +# << 'EOF' perl -pe 'BEGIN {$t = 0; $/="\n\n"} if (s/\A\s*# \d+\s*?\n//sm) {printf "# %d\n", ++$t}' + +## -- Anonymous and "never valid" leaf certificate DANE-EE(3) tests + +# 1 +1 1 1 0 0 +3 0 1 588FD5F414E3327EAFE3169DC040AE161247D1296BF38304AB9CF464850A1365 +subject= +issuer= +notBefore=Dec 14 00:10:34 2015 GMT +notAfter=Dec 13 00:10:34 2015 GMT +-----BEGIN CERTIFICATE----- +MIHsMIGToAMCAQICAQEwCgYIKoZIzj0EAwIwADAeFw0xNTEyMTQwMDEwMzRaFw0x +NTEyMTMwMDEwMzRaMAAwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAATFpP+gCO68 +A2m5dHmflHnLRzYFRPr8AsQgT7PfMeiKGk8YyFgx6T+YXFsjEJRUG0MWtcscnAyV +CIb+EUPzn2EJMAoGCCqGSM49BAMCA0gAMEUCIGrnt6hw3yEIHpqYlgIKr4VgmEh1 +yBKzbWcWMavIefhyAiEAsIia0rOBTuZL3dWn9qmN6kPLQ1BJRpy1CkQEy97uH9Y= +-----END CERTIFICATE----- + +# 2 +1 1 1 0 0 +3 1 1 05C66146D7909EAE2379825F6D0F5284146B79598DA12E403DC29C33147CF33E +subject= +issuer= +notBefore=Dec 14 00:10:34 2015 GMT +notAfter=Dec 13 00:10:34 2015 GMT +-----BEGIN CERTIFICATE----- +MIHsMIGToAMCAQICAQEwCgYIKoZIzj0EAwIwADAeFw0xNTEyMTQwMDEwMzRaFw0x +NTEyMTMwMDEwMzRaMAAwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAATFpP+gCO68 +A2m5dHmflHnLRzYFRPr8AsQgT7PfMeiKGk8YyFgx6T+YXFsjEJRUG0MWtcscnAyV +CIb+EUPzn2EJMAoGCCqGSM49BAMCA0gAMEUCIGrnt6hw3yEIHpqYlgIKr4VgmEh1 +yBKzbWcWMavIefhyAiEAsIia0rOBTuZL3dWn9qmN6kPLQ1BJRpy1CkQEy97uH9Y= +-----END CERTIFICATE----- + +# 3 +1 1 1 0 0 +3 0 2 42BEE929852C8063A0D619B53D0DD35703BBAD2FC25F2055F737C7A14DDFEA544491F8C00F50FA083BD0AD1B5C98529994FF811BBA5E5170CC6EE9F3ED5563E1 +subject= +issuer= +notBefore=Dec 14 00:10:34 2015 GMT +notAfter=Dec 13 00:10:34 2015 GMT +-----BEGIN CERTIFICATE----- +MIHsMIGToAMCAQICAQEwCgYIKoZIzj0EAwIwADAeFw0xNTEyMTQwMDEwMzRaFw0x +NTEyMTMwMDEwMzRaMAAwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAATFpP+gCO68 +A2m5dHmflHnLRzYFRPr8AsQgT7PfMeiKGk8YyFgx6T+YXFsjEJRUG0MWtcscnAyV +CIb+EUPzn2EJMAoGCCqGSM49BAMCA0gAMEUCIGrnt6hw3yEIHpqYlgIKr4VgmEh1 +yBKzbWcWMavIefhyAiEAsIia0rOBTuZL3dWn9qmN6kPLQ1BJRpy1CkQEy97uH9Y= +-----END CERTIFICATE----- + +# 4 +1 1 1 0 0 +3 1 2 D91A3E5DC34879CD77AD1E989F56FA78FACADF05EF8D445EDF5652BD58EE392C87C02F84C0119D62309041F2D5128A73399DF25D1F47BCD497357EAF1A1009A3 +subject= +issuer= +notBefore=Dec 14 00:10:34 2015 GMT +notAfter=Dec 13 00:10:34 2015 GMT +-----BEGIN CERTIFICATE----- +MIHsMIGToAMCAQICAQEwCgYIKoZIzj0EAwIwADAeFw0xNTEyMTQwMDEwMzRaFw0x +NTEyMTMwMDEwMzRaMAAwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAATFpP+gCO68 +A2m5dHmflHnLRzYFRPr8AsQgT7PfMeiKGk8YyFgx6T+YXFsjEJRUG0MWtcscnAyV +CIb+EUPzn2EJMAoGCCqGSM49BAMCA0gAMEUCIGrnt6hw3yEIHpqYlgIKr4VgmEh1 +yBKzbWcWMavIefhyAiEAsIia0rOBTuZL3dWn9qmN6kPLQ1BJRpy1CkQEy97uH9Y= +-----END CERTIFICATE----- + +# 5 +1 1 1 65 -1 +3 0 1 588FD5F414E3327EAFE3169DC040AE161247D1296BF38304AB9CF464850A1366 +subject= +issuer= +notBefore=Dec 14 00:10:34 2015 GMT +notAfter=Dec 13 00:10:34 2015 GMT +-----BEGIN CERTIFICATE----- +MIHsMIGToAMCAQICAQEwCgYIKoZIzj0EAwIwADAeFw0xNTEyMTQwMDEwMzRaFw0x +NTEyMTMwMDEwMzRaMAAwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAATFpP+gCO68 +A2m5dHmflHnLRzYFRPr8AsQgT7PfMeiKGk8YyFgx6T+YXFsjEJRUG0MWtcscnAyV +CIb+EUPzn2EJMAoGCCqGSM49BAMCA0gAMEUCIGrnt6hw3yEIHpqYlgIKr4VgmEh1 +yBKzbWcWMavIefhyAiEAsIia0rOBTuZL3dWn9qmN6kPLQ1BJRpy1CkQEy97uH9Y= +-----END CERTIFICATE----- + +# 6 +1 1 1 65 -1 +3 1 1 05C66146D7909EAE2379825F6D0F5284146B79598DA12E403DC29C33147CF33F +subject= +issuer= +notBefore=Dec 14 00:10:34 2015 GMT +notAfter=Dec 13 00:10:34 2015 GMT +-----BEGIN CERTIFICATE----- +MIHsMIGToAMCAQICAQEwCgYIKoZIzj0EAwIwADAeFw0xNTEyMTQwMDEwMzRaFw0x +NTEyMTMwMDEwMzRaMAAwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAATFpP+gCO68 +A2m5dHmflHnLRzYFRPr8AsQgT7PfMeiKGk8YyFgx6T+YXFsjEJRUG0MWtcscnAyV +CIb+EUPzn2EJMAoGCCqGSM49BAMCA0gAMEUCIGrnt6hw3yEIHpqYlgIKr4VgmEh1 +yBKzbWcWMavIefhyAiEAsIia0rOBTuZL3dWn9qmN6kPLQ1BJRpy1CkQEy97uH9Y= +-----END CERTIFICATE----- + +# 7 +1 1 1 65 -1 +3 0 2 42BEE929852C8063A0D619B53D0DD35703BBAD2FC25F2055F737C7A14DDFEA544491F8C00F50FA083BD0AD1B5C98529994FF811BBA5E5170CC6EE9F3ED5563E2 +subject= +issuer= +notBefore=Dec 14 00:10:34 2015 GMT +notAfter=Dec 13 00:10:34 2015 GMT +-----BEGIN CERTIFICATE----- +MIHsMIGToAMCAQICAQEwCgYIKoZIzj0EAwIwADAeFw0xNTEyMTQwMDEwMzRaFw0x +NTEyMTMwMDEwMzRaMAAwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAATFpP+gCO68 +A2m5dHmflHnLRzYFRPr8AsQgT7PfMeiKGk8YyFgx6T+YXFsjEJRUG0MWtcscnAyV +CIb+EUPzn2EJMAoGCCqGSM49BAMCA0gAMEUCIGrnt6hw3yEIHpqYlgIKr4VgmEh1 +yBKzbWcWMavIefhyAiEAsIia0rOBTuZL3dWn9qmN6kPLQ1BJRpy1CkQEy97uH9Y= +-----END CERTIFICATE----- + +# 8 +1 1 1 65 -1 +3 1 2 D91A3E5DC34879CD77AD1E989F56FA78FACADF05EF8D445EDF5652BD58EE392C87C02F84C0119D62309041F2D5128A73399DF25D1F47BCD497357EAF1A1009A4 +subject= +issuer= +notBefore=Dec 14 00:10:34 2015 GMT +notAfter=Dec 13 00:10:34 2015 GMT +-----BEGIN CERTIFICATE----- +MIHsMIGToAMCAQICAQEwCgYIKoZIzj0EAwIwADAeFw0xNTEyMTQwMDEwMzRaFw0x +NTEyMTMwMDEwMzRaMAAwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAATFpP+gCO68 +A2m5dHmflHnLRzYFRPr8AsQgT7PfMeiKGk8YyFgx6T+YXFsjEJRUG0MWtcscnAyV +CIb+EUPzn2EJMAoGCCqGSM49BAMCA0gAMEUCIGrnt6hw3yEIHpqYlgIKr4VgmEh1 +yBKzbWcWMavIefhyAiEAsIia0rOBTuZL3dWn9qmN6kPLQ1BJRpy1CkQEy97uH9Y= +-----END CERTIFICATE----- + +## -- DANE-?? chain tests -- + +# 9 +1 3 0 0 0 +3 0 1 BEDC04764CECAE80AEE454D332758F50847DCA424216466E4012E0DEAE1F2E5F +subject= /CN=example.com +issuer= /CN=Issuer CA +notBefore=Dec 13 23:23:52 2015 GMT +notAfter=Apr 15 23:23:52 3015 GMT +-----BEGIN CERTIFICATE----- +MIIBlDCCATugAwIBAgIBAjAKBggqhkjOPQQDAjAUMRIwEAYDVQQDDAlJc3N1ZXIg +Q0EwIBcNMTUxMjEzMjMyMzUyWhgPMzAxNTA0MTUyMzIzNTJaMBYxFDASBgNVBAMM +C2V4YW1wbGUuY29tMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEZkmV9HveNee0 +3kiyWOnooHreu9uGOz0G9IGhlGyD2p9Wz/TZOJuFXS82SxWFsMc0/PomMCaWT/Wk +MIs/yHm9uKN6MHgwHQYDVR0OBBYEFFsgykF9kIjHpMAXy2wMHHObsH2KMB8GA1Ud +IwQYMBaAFHq3WjzSlcpd98UVCRbhj/XMN2oVMAkGA1UdEwQCMAAwEwYDVR0lBAww +CgYIKwYBBQUHAwEwFgYDVR0RBA8wDYILZXhhbXBsZS5jb20wCgYIKoZIzj0EAwID +RwAwRAIfIckDKlyKk4ctP0rvMhqVdN2VbUO9k8NplExy1pAoWAIhAMizKQ16835X +GoTXBNutM50ph9QYUtxZNvISlHBjkRGB +-----END CERTIFICATE----- +subject= /CN=Issuer CA +issuer= /CN=Root CA +notBefore=Dec 13 23:20:09 2015 GMT +notAfter=Apr 15 23:20:09 3015 GMT +-----BEGIN CERTIFICATE----- +MIIBaDCCAQ2gAwIBAgIBAjAKBggqhkjOPQQDAjASMRAwDgYDVQQDDAdSb290IENB +MCAXDTE1MTIxMzIzMjAwOVoYDzMwMTUwNDE1MjMyMDA5WjAUMRIwEAYDVQQDDAlJ +c3N1ZXIgQ0EwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAR9S64YtJ9dxp0KPIXG +aj4hGd6Sz60IH61VwS1RDsl7bADhNpWo2XE1SP5g3xVXM5BDPiob2S20t6oBbsYY +XcWvo1AwTjAdBgNVHQ4EFgQUerdaPNKVyl33xRUJFuGP9cw3ahUwHwYDVR0jBBgw +FoAU5L1AXwUqgg3fmIP5PX0/kKrscj8wDAYDVR0TBAUwAwEB/zAKBggqhkjOPQQD +AgNJADBGAiEAgx3NiC2oeF1Q5BAgiYwCSIed3fctcB0dwd5r4IFVtD4CIQC4Sy+1 +GcTNPLx5FgPUSI93B1l9t5gNnBc+f90OzXyjCA== +-----END CERTIFICATE----- +subject= /CN=Root CA +issuer= /CN=Root CA +notBefore=Dec 13 23:13:08 2015 GMT +notAfter=Apr 15 23:13:08 3015 GMT +-----BEGIN CERTIFICATE----- +MIIBZDCCAQugAwIBAgIBATAKBggqhkjOPQQDAjASMRAwDgYDVQQDDAdSb290IENB +MCAXDTE1MTIxMzIzMTMwOFoYDzMwMTUwNDE1MjMxMzA4WjASMRAwDgYDVQQDDAdS +b290IENBMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE0dpXj9GPuGRWsNkbVla9 +1o1N29JQ4zdXESfHXgVg9B0K+Rv6+IBfgMKMAmoU1P6MMKlnO57AwFqEqoENE0G3 +bKNQME4wHQYDVR0OBBYEFOS9QF8FKoIN35iD+T19P5Cq7HI/MB8GA1UdIwQYMBaA +FOS9QF8FKoIN35iD+T19P5Cq7HI/MAwGA1UdEwQFMAMBAf8wCgYIKoZIzj0EAwID +RwAwRAIgaGnmqp+bTUvzCAkaWnqyww42GbDXXlKIGUaOS7km9MkCIBfxuEWGEZZv +vBCcrtNYKWa/JfwFmOq6bHk8WNzDU3zF +-----END CERTIFICATE----- + +# 10 +1 3 0 0 0 +3 1 1 3111668338043DE264D0256A702248696C9484B6221A42740F920187B4C61838 +subject= /CN=example.com +issuer= /CN=Issuer CA +notBefore=Dec 13 23:23:52 2015 GMT +notAfter=Apr 15 23:23:52 3015 GMT +-----BEGIN CERTIFICATE----- +MIIBlDCCATugAwIBAgIBAjAKBggqhkjOPQQDAjAUMRIwEAYDVQQDDAlJc3N1ZXIg +Q0EwIBcNMTUxMjEzMjMyMzUyWhgPMzAxNTA0MTUyMzIzNTJaMBYxFDASBgNVBAMM +C2V4YW1wbGUuY29tMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEZkmV9HveNee0 +3kiyWOnooHreu9uGOz0G9IGhlGyD2p9Wz/TZOJuFXS82SxWFsMc0/PomMCaWT/Wk +MIs/yHm9uKN6MHgwHQYDVR0OBBYEFFsgykF9kIjHpMAXy2wMHHObsH2KMB8GA1Ud +IwQYMBaAFHq3WjzSlcpd98UVCRbhj/XMN2oVMAkGA1UdEwQCMAAwEwYDVR0lBAww +CgYIKwYBBQUHAwEwFgYDVR0RBA8wDYILZXhhbXBsZS5jb20wCgYIKoZIzj0EAwID +RwAwRAIfIckDKlyKk4ctP0rvMhqVdN2VbUO9k8NplExy1pAoWAIhAMizKQ16835X +GoTXBNutM50ph9QYUtxZNvISlHBjkRGB +-----END CERTIFICATE----- +subject= /CN=Issuer CA +issuer= /CN=Root CA +notBefore=Dec 13 23:20:09 2015 GMT +notAfter=Apr 15 23:20:09 3015 GMT +-----BEGIN CERTIFICATE----- +MIIBaDCCAQ2gAwIBAgIBAjAKBggqhkjOPQQDAjASMRAwDgYDVQQDDAdSb290IENB +MCAXDTE1MTIxMzIzMjAwOVoYDzMwMTUwNDE1MjMyMDA5WjAUMRIwEAYDVQQDDAlJ +c3N1ZXIgQ0EwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAR9S64YtJ9dxp0KPIXG +aj4hGd6Sz60IH61VwS1RDsl7bADhNpWo2XE1SP5g3xVXM5BDPiob2S20t6oBbsYY +XcWvo1AwTjAdBgNVHQ4EFgQUerdaPNKVyl33xRUJFuGP9cw3ahUwHwYDVR0jBBgw +FoAU5L1AXwUqgg3fmIP5PX0/kKrscj8wDAYDVR0TBAUwAwEB/zAKBggqhkjOPQQD +AgNJADBGAiEAgx3NiC2oeF1Q5BAgiYwCSIed3fctcB0dwd5r4IFVtD4CIQC4Sy+1 +GcTNPLx5FgPUSI93B1l9t5gNnBc+f90OzXyjCA== +-----END CERTIFICATE----- +subject= /CN=Root CA +issuer= /CN=Root CA +notBefore=Dec 13 23:13:08 2015 GMT +notAfter=Apr 15 23:13:08 3015 GMT +-----BEGIN CERTIFICATE----- +MIIBZDCCAQugAwIBAgIBATAKBggqhkjOPQQDAjASMRAwDgYDVQQDDAdSb290IENB +MCAXDTE1MTIxMzIzMTMwOFoYDzMwMTUwNDE1MjMxMzA4WjASMRAwDgYDVQQDDAdS +b290IENBMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE0dpXj9GPuGRWsNkbVla9 +1o1N29JQ4zdXESfHXgVg9B0K+Rv6+IBfgMKMAmoU1P6MMKlnO57AwFqEqoENE0G3 +bKNQME4wHQYDVR0OBBYEFOS9QF8FKoIN35iD+T19P5Cq7HI/MB8GA1UdIwQYMBaA +FOS9QF8FKoIN35iD+T19P5Cq7HI/MAwGA1UdEwQFMAMBAf8wCgYIKoZIzj0EAwID +RwAwRAIgaGnmqp+bTUvzCAkaWnqyww42GbDXXlKIGUaOS7km9MkCIBfxuEWGEZZv +vBCcrtNYKWa/JfwFmOq6bHk8WNzDU3zF +-----END CERTIFICATE----- + +# 11 +1 3 0 0 0 +3 0 2 F756CCD61F3CA50D017653911701CA0052AF0B29E273DD263DD23643D86D4369D03686BD1369EF54BB2DC2DAE3CE4F05AF39D54648F94D54AA86B259AEAD9923 +subject= /CN=example.com +issuer= /CN=Issuer CA +notBefore=Dec 13 23:23:52 2015 GMT +notAfter=Apr 15 23:23:52 3015 GMT +-----BEGIN CERTIFICATE----- +MIIBlDCCATugAwIBAgIBAjAKBggqhkjOPQQDAjAUMRIwEAYDVQQDDAlJc3N1ZXIg +Q0EwIBcNMTUxMjEzMjMyMzUyWhgPMzAxNTA0MTUyMzIzNTJaMBYxFDASBgNVBAMM +C2V4YW1wbGUuY29tMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEZkmV9HveNee0 +3kiyWOnooHreu9uGOz0G9IGhlGyD2p9Wz/TZOJuFXS82SxWFsMc0/PomMCaWT/Wk +MIs/yHm9uKN6MHgwHQYDVR0OBBYEFFsgykF9kIjHpMAXy2wMHHObsH2KMB8GA1Ud +IwQYMBaAFHq3WjzSlcpd98UVCRbhj/XMN2oVMAkGA1UdEwQCMAAwEwYDVR0lBAww +CgYIKwYBBQUHAwEwFgYDVR0RBA8wDYILZXhhbXBsZS5jb20wCgYIKoZIzj0EAwID +RwAwRAIfIckDKlyKk4ctP0rvMhqVdN2VbUO9k8NplExy1pAoWAIhAMizKQ16835X +GoTXBNutM50ph9QYUtxZNvISlHBjkRGB +-----END CERTIFICATE----- +subject= /CN=Issuer CA +issuer= /CN=Root CA +notBefore=Dec 13 23:20:09 2015 GMT +notAfter=Apr 15 23:20:09 3015 GMT +-----BEGIN CERTIFICATE----- +MIIBaDCCAQ2gAwIBAgIBAjAKBggqhkjOPQQDAjASMRAwDgYDVQQDDAdSb290IENB +MCAXDTE1MTIxMzIzMjAwOVoYDzMwMTUwNDE1MjMyMDA5WjAUMRIwEAYDVQQDDAlJ +c3N1ZXIgQ0EwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAR9S64YtJ9dxp0KPIXG +aj4hGd6Sz60IH61VwS1RDsl7bADhNpWo2XE1SP5g3xVXM5BDPiob2S20t6oBbsYY +XcWvo1AwTjAdBgNVHQ4EFgQUerdaPNKVyl33xRUJFuGP9cw3ahUwHwYDVR0jBBgw +FoAU5L1AXwUqgg3fmIP5PX0/kKrscj8wDAYDVR0TBAUwAwEB/zAKBggqhkjOPQQD +AgNJADBGAiEAgx3NiC2oeF1Q5BAgiYwCSIed3fctcB0dwd5r4IFVtD4CIQC4Sy+1 +GcTNPLx5FgPUSI93B1l9t5gNnBc+f90OzXyjCA== +-----END CERTIFICATE----- +subject= /CN=Root CA +issuer= /CN=Root CA +notBefore=Dec 13 23:13:08 2015 GMT +notAfter=Apr 15 23:13:08 3015 GMT +-----BEGIN CERTIFICATE----- +MIIBZDCCAQugAwIBAgIBATAKBggqhkjOPQQDAjASMRAwDgYDVQQDDAdSb290IENB +MCAXDTE1MTIxMzIzMTMwOFoYDzMwMTUwNDE1MjMxMzA4WjASMRAwDgYDVQQDDAdS +b290IENBMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE0dpXj9GPuGRWsNkbVla9 +1o1N29JQ4zdXESfHXgVg9B0K+Rv6+IBfgMKMAmoU1P6MMKlnO57AwFqEqoENE0G3 +bKNQME4wHQYDVR0OBBYEFOS9QF8FKoIN35iD+T19P5Cq7HI/MB8GA1UdIwQYMBaA +FOS9QF8FKoIN35iD+T19P5Cq7HI/MAwGA1UdEwQFMAMBAf8wCgYIKoZIzj0EAwID +RwAwRAIgaGnmqp+bTUvzCAkaWnqyww42GbDXXlKIGUaOS7km9MkCIBfxuEWGEZZv +vBCcrtNYKWa/JfwFmOq6bHk8WNzDU3zF +-----END CERTIFICATE----- + +# 12 +1 3 0 0 0 +3 1 2 CB861AF6DDED185EE04472A9092052CCC735120C34785E72C996C94B122EBA6F329BE630B1B4C6E2756E7A75392C21E253C6AEACC31FD45FF4595DED375FAF62 +subject= /CN=example.com +issuer= /CN=Issuer CA +notBefore=Dec 13 23:23:52 2015 GMT +notAfter=Apr 15 23:23:52 3015 GMT +-----BEGIN CERTIFICATE----- +MIIBlDCCATugAwIBAgIBAjAKBggqhkjOPQQDAjAUMRIwEAYDVQQDDAlJc3N1ZXIg +Q0EwIBcNMTUxMjEzMjMyMzUyWhgPMzAxNTA0MTUyMzIzNTJaMBYxFDASBgNVBAMM +C2V4YW1wbGUuY29tMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEZkmV9HveNee0 +3kiyWOnooHreu9uGOz0G9IGhlGyD2p9Wz/TZOJuFXS82SxWFsMc0/PomMCaWT/Wk +MIs/yHm9uKN6MHgwHQYDVR0OBBYEFFsgykF9kIjHpMAXy2wMHHObsH2KMB8GA1Ud +IwQYMBaAFHq3WjzSlcpd98UVCRbhj/XMN2oVMAkGA1UdEwQCMAAwEwYDVR0lBAww +CgYIKwYBBQUHAwEwFgYDVR0RBA8wDYILZXhhbXBsZS5jb20wCgYIKoZIzj0EAwID +RwAwRAIfIckDKlyKk4ctP0rvMhqVdN2VbUO9k8NplExy1pAoWAIhAMizKQ16835X +GoTXBNutM50ph9QYUtxZNvISlHBjkRGB +-----END CERTIFICATE----- +subject= /CN=Issuer CA +issuer= /CN=Root CA +notBefore=Dec 13 23:20:09 2015 GMT +notAfter=Apr 15 23:20:09 3015 GMT +-----BEGIN CERTIFICATE----- +MIIBaDCCAQ2gAwIBAgIBAjAKBggqhkjOPQQDAjASMRAwDgYDVQQDDAdSb290IENB +MCAXDTE1MTIxMzIzMjAwOVoYDzMwMTUwNDE1MjMyMDA5WjAUMRIwEAYDVQQDDAlJ +c3N1ZXIgQ0EwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAR9S64YtJ9dxp0KPIXG +aj4hGd6Sz60IH61VwS1RDsl7bADhNpWo2XE1SP5g3xVXM5BDPiob2S20t6oBbsYY +XcWvo1AwTjAdBgNVHQ4EFgQUerdaPNKVyl33xRUJFuGP9cw3ahUwHwYDVR0jBBgw +FoAU5L1AXwUqgg3fmIP5PX0/kKrscj8wDAYDVR0TBAUwAwEB/zAKBggqhkjOPQQD +AgNJADBGAiEAgx3NiC2oeF1Q5BAgiYwCSIed3fctcB0dwd5r4IFVtD4CIQC4Sy+1 +GcTNPLx5FgPUSI93B1l9t5gNnBc+f90OzXyjCA== +-----END CERTIFICATE----- +subject= /CN=Root CA +issuer= /CN=Root CA +notBefore=Dec 13 23:13:08 2015 GMT +notAfter=Apr 15 23:13:08 3015 GMT +-----BEGIN CERTIFICATE----- +MIIBZDCCAQugAwIBAgIBATAKBggqhkjOPQQDAjASMRAwDgYDVQQDDAdSb290IENB +MCAXDTE1MTIxMzIzMTMwOFoYDzMwMTUwNDE1MjMxMzA4WjASMRAwDgYDVQQDDAdS +b290IENBMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE0dpXj9GPuGRWsNkbVla9 +1o1N29JQ4zdXESfHXgVg9B0K+Rv6+IBfgMKMAmoU1P6MMKlnO57AwFqEqoENE0G3 +bKNQME4wHQYDVR0OBBYEFOS9QF8FKoIN35iD+T19P5Cq7HI/MB8GA1UdIwQYMBaA +FOS9QF8FKoIN35iD+T19P5Cq7HI/MAwGA1UdEwQFMAMBAf8wCgYIKoZIzj0EAwID +RwAwRAIgaGnmqp+bTUvzCAkaWnqyww42GbDXXlKIGUaOS7km9MkCIBfxuEWGEZZv +vBCcrtNYKWa/JfwFmOq6bHk8WNzDU3zF +-----END CERTIFICATE----- + +# 13 +1 3 0 0 1 +2 0 1 0DAA76425A1FC398C55A643D5A2485AE4CC2B64B9515A75054722B2E83C31BBD +subject= /CN=example.com +issuer= /CN=Issuer CA +notBefore=Dec 13 23:23:52 2015 GMT +notAfter=Apr 15 23:23:52 3015 GMT +-----BEGIN CERTIFICATE----- +MIIBlDCCATugAwIBAgIBAjAKBggqhkjOPQQDAjAUMRIwEAYDVQQDDAlJc3N1ZXIg +Q0EwIBcNMTUxMjEzMjMyMzUyWhgPMzAxNTA0MTUyMzIzNTJaMBYxFDASBgNVBAMM +C2V4YW1wbGUuY29tMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEZkmV9HveNee0 +3kiyWOnooHreu9uGOz0G9IGhlGyD2p9Wz/TZOJuFXS82SxWFsMc0/PomMCaWT/Wk +MIs/yHm9uKN6MHgwHQYDVR0OBBYEFFsgykF9kIjHpMAXy2wMHHObsH2KMB8GA1Ud +IwQYMBaAFHq3WjzSlcpd98UVCRbhj/XMN2oVMAkGA1UdEwQCMAAwEwYDVR0lBAww +CgYIKwYBBQUHAwEwFgYDVR0RBA8wDYILZXhhbXBsZS5jb20wCgYIKoZIzj0EAwID +RwAwRAIfIckDKlyKk4ctP0rvMhqVdN2VbUO9k8NplExy1pAoWAIhAMizKQ16835X +GoTXBNutM50ph9QYUtxZNvISlHBjkRGB +-----END CERTIFICATE----- +subject= /CN=Issuer CA +issuer= /CN=Root CA +notBefore=Dec 13 23:20:09 2015 GMT +notAfter=Apr 15 23:20:09 3015 GMT +-----BEGIN CERTIFICATE----- +MIIBaDCCAQ2gAwIBAgIBAjAKBggqhkjOPQQDAjASMRAwDgYDVQQDDAdSb290IENB +MCAXDTE1MTIxMzIzMjAwOVoYDzMwMTUwNDE1MjMyMDA5WjAUMRIwEAYDVQQDDAlJ +c3N1ZXIgQ0EwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAR9S64YtJ9dxp0KPIXG +aj4hGd6Sz60IH61VwS1RDsl7bADhNpWo2XE1SP5g3xVXM5BDPiob2S20t6oBbsYY +XcWvo1AwTjAdBgNVHQ4EFgQUerdaPNKVyl33xRUJFuGP9cw3ahUwHwYDVR0jBBgw +FoAU5L1AXwUqgg3fmIP5PX0/kKrscj8wDAYDVR0TBAUwAwEB/zAKBggqhkjOPQQD +AgNJADBGAiEAgx3NiC2oeF1Q5BAgiYwCSIed3fctcB0dwd5r4IFVtD4CIQC4Sy+1 +GcTNPLx5FgPUSI93B1l9t5gNnBc+f90OzXyjCA== +-----END CERTIFICATE----- +subject= /CN=Root CA +issuer= /CN=Root CA +notBefore=Dec 13 23:13:08 2015 GMT +notAfter=Apr 15 23:13:08 3015 GMT +-----BEGIN CERTIFICATE----- +MIIBZDCCAQugAwIBAgIBATAKBggqhkjOPQQDAjASMRAwDgYDVQQDDAdSb290IENB +MCAXDTE1MTIxMzIzMTMwOFoYDzMwMTUwNDE1MjMxMzA4WjASMRAwDgYDVQQDDAdS +b290IENBMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE0dpXj9GPuGRWsNkbVla9 +1o1N29JQ4zdXESfHXgVg9B0K+Rv6+IBfgMKMAmoU1P6MMKlnO57AwFqEqoENE0G3 +bKNQME4wHQYDVR0OBBYEFOS9QF8FKoIN35iD+T19P5Cq7HI/MB8GA1UdIwQYMBaA +FOS9QF8FKoIN35iD+T19P5Cq7HI/MAwGA1UdEwQFMAMBAf8wCgYIKoZIzj0EAwID +RwAwRAIgaGnmqp+bTUvzCAkaWnqyww42GbDXXlKIGUaOS7km9MkCIBfxuEWGEZZv +vBCcrtNYKWa/JfwFmOq6bHk8WNzDU3zF +-----END CERTIFICATE----- + +# 14 +1 3 0 0 1 +2 1 1 65A457617072DA3E7F1152471EB3D406526530097D0A9AA34EB47C990A1FCDA3 +subject= /CN=example.com +issuer= /CN=Issuer CA +notBefore=Dec 13 23:23:52 2015 GMT +notAfter=Apr 15 23:23:52 3015 GMT +-----BEGIN CERTIFICATE----- +MIIBlDCCATugAwIBAgIBAjAKBggqhkjOPQQDAjAUMRIwEAYDVQQDDAlJc3N1ZXIg +Q0EwIBcNMTUxMjEzMjMyMzUyWhgPMzAxNTA0MTUyMzIzNTJaMBYxFDASBgNVBAMM +C2V4YW1wbGUuY29tMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEZkmV9HveNee0 +3kiyWOnooHreu9uGOz0G9IGhlGyD2p9Wz/TZOJuFXS82SxWFsMc0/PomMCaWT/Wk +MIs/yHm9uKN6MHgwHQYDVR0OBBYEFFsgykF9kIjHpMAXy2wMHHObsH2KMB8GA1Ud +IwQYMBaAFHq3WjzSlcpd98UVCRbhj/XMN2oVMAkGA1UdEwQCMAAwEwYDVR0lBAww +CgYIKwYBBQUHAwEwFgYDVR0RBA8wDYILZXhhbXBsZS5jb20wCgYIKoZIzj0EAwID +RwAwRAIfIckDKlyKk4ctP0rvMhqVdN2VbUO9k8NplExy1pAoWAIhAMizKQ16835X +GoTXBNutM50ph9QYUtxZNvISlHBjkRGB +-----END CERTIFICATE----- +subject= /CN=Issuer CA +issuer= /CN=Root CA +notBefore=Dec 13 23:20:09 2015 GMT +notAfter=Apr 15 23:20:09 3015 GMT +-----BEGIN CERTIFICATE----- +MIIBaDCCAQ2gAwIBAgIBAjAKBggqhkjOPQQDAjASMRAwDgYDVQQDDAdSb290IENB +MCAXDTE1MTIxMzIzMjAwOVoYDzMwMTUwNDE1MjMyMDA5WjAUMRIwEAYDVQQDDAlJ +c3N1ZXIgQ0EwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAR9S64YtJ9dxp0KPIXG +aj4hGd6Sz60IH61VwS1RDsl7bADhNpWo2XE1SP5g3xVXM5BDPiob2S20t6oBbsYY +XcWvo1AwTjAdBgNVHQ4EFgQUerdaPNKVyl33xRUJFuGP9cw3ahUwHwYDVR0jBBgw +FoAU5L1AXwUqgg3fmIP5PX0/kKrscj8wDAYDVR0TBAUwAwEB/zAKBggqhkjOPQQD +AgNJADBGAiEAgx3NiC2oeF1Q5BAgiYwCSIed3fctcB0dwd5r4IFVtD4CIQC4Sy+1 +GcTNPLx5FgPUSI93B1l9t5gNnBc+f90OzXyjCA== +-----END CERTIFICATE----- +subject= /CN=Root CA +issuer= /CN=Root CA +notBefore=Dec 13 23:13:08 2015 GMT +notAfter=Apr 15 23:13:08 3015 GMT +-----BEGIN CERTIFICATE----- +MIIBZDCCAQugAwIBAgIBATAKBggqhkjOPQQDAjASMRAwDgYDVQQDDAdSb290IENB +MCAXDTE1MTIxMzIzMTMwOFoYDzMwMTUwNDE1MjMxMzA4WjASMRAwDgYDVQQDDAdS +b290IENBMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE0dpXj9GPuGRWsNkbVla9 +1o1N29JQ4zdXESfHXgVg9B0K+Rv6+IBfgMKMAmoU1P6MMKlnO57AwFqEqoENE0G3 +bKNQME4wHQYDVR0OBBYEFOS9QF8FKoIN35iD+T19P5Cq7HI/MB8GA1UdIwQYMBaA +FOS9QF8FKoIN35iD+T19P5Cq7HI/MAwGA1UdEwQFMAMBAf8wCgYIKoZIzj0EAwID +RwAwRAIgaGnmqp+bTUvzCAkaWnqyww42GbDXXlKIGUaOS7km9MkCIBfxuEWGEZZv +vBCcrtNYKWa/JfwFmOq6bHk8WNzDU3zF +-----END CERTIFICATE----- + +# 15 +1 3 0 0 1 +2 0 2 6BC0C0F2500320A49392910965263A3EBDD594173D3E36CCE38A003D2EC3FAFBC315EDB776CD3139637DF494FB60359601542A4F821BF0542F926E6270C9762C +subject= /CN=example.com +issuer= /CN=Issuer CA +notBefore=Dec 13 23:23:52 2015 GMT +notAfter=Apr 15 23:23:52 3015 GMT +-----BEGIN CERTIFICATE----- +MIIBlDCCATugAwIBAgIBAjAKBggqhkjOPQQDAjAUMRIwEAYDVQQDDAlJc3N1ZXIg +Q0EwIBcNMTUxMjEzMjMyMzUyWhgPMzAxNTA0MTUyMzIzNTJaMBYxFDASBgNVBAMM +C2V4YW1wbGUuY29tMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEZkmV9HveNee0 +3kiyWOnooHreu9uGOz0G9IGhlGyD2p9Wz/TZOJuFXS82SxWFsMc0/PomMCaWT/Wk +MIs/yHm9uKN6MHgwHQYDVR0OBBYEFFsgykF9kIjHpMAXy2wMHHObsH2KMB8GA1Ud +IwQYMBaAFHq3WjzSlcpd98UVCRbhj/XMN2oVMAkGA1UdEwQCMAAwEwYDVR0lBAww +CgYIKwYBBQUHAwEwFgYDVR0RBA8wDYILZXhhbXBsZS5jb20wCgYIKoZIzj0EAwID +RwAwRAIfIckDKlyKk4ctP0rvMhqVdN2VbUO9k8NplExy1pAoWAIhAMizKQ16835X +GoTXBNutM50ph9QYUtxZNvISlHBjkRGB +-----END CERTIFICATE----- +subject= /CN=Issuer CA +issuer= /CN=Root CA +notBefore=Dec 13 23:20:09 2015 GMT +notAfter=Apr 15 23:20:09 3015 GMT +-----BEGIN CERTIFICATE----- +MIIBaDCCAQ2gAwIBAgIBAjAKBggqhkjOPQQDAjASMRAwDgYDVQQDDAdSb290IENB +MCAXDTE1MTIxMzIzMjAwOVoYDzMwMTUwNDE1MjMyMDA5WjAUMRIwEAYDVQQDDAlJ +c3N1ZXIgQ0EwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAR9S64YtJ9dxp0KPIXG +aj4hGd6Sz60IH61VwS1RDsl7bADhNpWo2XE1SP5g3xVXM5BDPiob2S20t6oBbsYY +XcWvo1AwTjAdBgNVHQ4EFgQUerdaPNKVyl33xRUJFuGP9cw3ahUwHwYDVR0jBBgw +FoAU5L1AXwUqgg3fmIP5PX0/kKrscj8wDAYDVR0TBAUwAwEB/zAKBggqhkjOPQQD +AgNJADBGAiEAgx3NiC2oeF1Q5BAgiYwCSIed3fctcB0dwd5r4IFVtD4CIQC4Sy+1 +GcTNPLx5FgPUSI93B1l9t5gNnBc+f90OzXyjCA== +-----END CERTIFICATE----- +subject= /CN=Root CA +issuer= /CN=Root CA +notBefore=Dec 13 23:13:08 2015 GMT +notAfter=Apr 15 23:13:08 3015 GMT +-----BEGIN CERTIFICATE----- +MIIBZDCCAQugAwIBAgIBATAKBggqhkjOPQQDAjASMRAwDgYDVQQDDAdSb290IENB +MCAXDTE1MTIxMzIzMTMwOFoYDzMwMTUwNDE1MjMxMzA4WjASMRAwDgYDVQQDDAdS +b290IENBMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE0dpXj9GPuGRWsNkbVla9 +1o1N29JQ4zdXESfHXgVg9B0K+Rv6+IBfgMKMAmoU1P6MMKlnO57AwFqEqoENE0G3 +bKNQME4wHQYDVR0OBBYEFOS9QF8FKoIN35iD+T19P5Cq7HI/MB8GA1UdIwQYMBaA +FOS9QF8FKoIN35iD+T19P5Cq7HI/MAwGA1UdEwQFMAMBAf8wCgYIKoZIzj0EAwID +RwAwRAIgaGnmqp+bTUvzCAkaWnqyww42GbDXXlKIGUaOS7km9MkCIBfxuEWGEZZv +vBCcrtNYKWa/JfwFmOq6bHk8WNzDU3zF +-----END CERTIFICATE----- + +# 16 +1 3 0 0 1 +2 1 2 1F484106F765B6F1AC483CC509CDAD36486A83D1BA115F562516F407C1109303658408B455824DA0785A252B205DBEECB1AFB5DB869E8AAC242091B63F258F05 +subject= /CN=example.com +issuer= /CN=Issuer CA +notBefore=Dec 13 23:23:52 2015 GMT +notAfter=Apr 15 23:23:52 3015 GMT +-----BEGIN CERTIFICATE----- +MIIBlDCCATugAwIBAgIBAjAKBggqhkjOPQQDAjAUMRIwEAYDVQQDDAlJc3N1ZXIg +Q0EwIBcNMTUxMjEzMjMyMzUyWhgPMzAxNTA0MTUyMzIzNTJaMBYxFDASBgNVBAMM +C2V4YW1wbGUuY29tMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEZkmV9HveNee0 +3kiyWOnooHreu9uGOz0G9IGhlGyD2p9Wz/TZOJuFXS82SxWFsMc0/PomMCaWT/Wk +MIs/yHm9uKN6MHgwHQYDVR0OBBYEFFsgykF9kIjHpMAXy2wMHHObsH2KMB8GA1Ud +IwQYMBaAFHq3WjzSlcpd98UVCRbhj/XMN2oVMAkGA1UdEwQCMAAwEwYDVR0lBAww +CgYIKwYBBQUHAwEwFgYDVR0RBA8wDYILZXhhbXBsZS5jb20wCgYIKoZIzj0EAwID +RwAwRAIfIckDKlyKk4ctP0rvMhqVdN2VbUO9k8NplExy1pAoWAIhAMizKQ16835X +GoTXBNutM50ph9QYUtxZNvISlHBjkRGB +-----END CERTIFICATE----- +subject= /CN=Issuer CA +issuer= /CN=Root CA +notBefore=Dec 13 23:20:09 2015 GMT +notAfter=Apr 15 23:20:09 3015 GMT +-----BEGIN CERTIFICATE----- +MIIBaDCCAQ2gAwIBAgIBAjAKBggqhkjOPQQDAjASMRAwDgYDVQQDDAdSb290IENB +MCAXDTE1MTIxMzIzMjAwOVoYDzMwMTUwNDE1MjMyMDA5WjAUMRIwEAYDVQQDDAlJ +c3N1ZXIgQ0EwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAR9S64YtJ9dxp0KPIXG +aj4hGd6Sz60IH61VwS1RDsl7bADhNpWo2XE1SP5g3xVXM5BDPiob2S20t6oBbsYY +XcWvo1AwTjAdBgNVHQ4EFgQUerdaPNKVyl33xRUJFuGP9cw3ahUwHwYDVR0jBBgw +FoAU5L1AXwUqgg3fmIP5PX0/kKrscj8wDAYDVR0TBAUwAwEB/zAKBggqhkjOPQQD +AgNJADBGAiEAgx3NiC2oeF1Q5BAgiYwCSIed3fctcB0dwd5r4IFVtD4CIQC4Sy+1 +GcTNPLx5FgPUSI93B1l9t5gNnBc+f90OzXyjCA== +-----END CERTIFICATE----- +subject= /CN=Root CA +issuer= /CN=Root CA +notBefore=Dec 13 23:13:08 2015 GMT +notAfter=Apr 15 23:13:08 3015 GMT +-----BEGIN CERTIFICATE----- +MIIBZDCCAQugAwIBAgIBATAKBggqhkjOPQQDAjASMRAwDgYDVQQDDAdSb290IENB +MCAXDTE1MTIxMzIzMTMwOFoYDzMwMTUwNDE1MjMxMzA4WjASMRAwDgYDVQQDDAdS +b290IENBMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE0dpXj9GPuGRWsNkbVla9 +1o1N29JQ4zdXESfHXgVg9B0K+Rv6+IBfgMKMAmoU1P6MMKlnO57AwFqEqoENE0G3 +bKNQME4wHQYDVR0OBBYEFOS9QF8FKoIN35iD+T19P5Cq7HI/MB8GA1UdIwQYMBaA +FOS9QF8FKoIN35iD+T19P5Cq7HI/MAwGA1UdEwQFMAMBAf8wCgYIKoZIzj0EAwID +RwAwRAIgaGnmqp+bTUvzCAkaWnqyww42GbDXXlKIGUaOS7km9MkCIBfxuEWGEZZv +vBCcrtNYKWa/JfwFmOq6bHk8WNzDU3zF +-----END CERTIFICATE----- + +# 17 +1 3 0 0 2 +2 0 1 FE7C8E01110627A782765E468D8CB4D2CC7907EAC4BA5974CD92B540ED2AAC3C +subject= /CN=example.com +issuer= /CN=Issuer CA +notBefore=Dec 13 23:23:52 2015 GMT +notAfter=Apr 15 23:23:52 3015 GMT +-----BEGIN CERTIFICATE----- +MIIBlDCCATugAwIBAgIBAjAKBggqhkjOPQQDAjAUMRIwEAYDVQQDDAlJc3N1ZXIg +Q0EwIBcNMTUxMjEzMjMyMzUyWhgPMzAxNTA0MTUyMzIzNTJaMBYxFDASBgNVBAMM +C2V4YW1wbGUuY29tMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEZkmV9HveNee0 +3kiyWOnooHreu9uGOz0G9IGhlGyD2p9Wz/TZOJuFXS82SxWFsMc0/PomMCaWT/Wk +MIs/yHm9uKN6MHgwHQYDVR0OBBYEFFsgykF9kIjHpMAXy2wMHHObsH2KMB8GA1Ud +IwQYMBaAFHq3WjzSlcpd98UVCRbhj/XMN2oVMAkGA1UdEwQCMAAwEwYDVR0lBAww +CgYIKwYBBQUHAwEwFgYDVR0RBA8wDYILZXhhbXBsZS5jb20wCgYIKoZIzj0EAwID +RwAwRAIfIckDKlyKk4ctP0rvMhqVdN2VbUO9k8NplExy1pAoWAIhAMizKQ16835X +GoTXBNutM50ph9QYUtxZNvISlHBjkRGB +-----END CERTIFICATE----- +subject= /CN=Issuer CA +issuer= /CN=Root CA +notBefore=Dec 13 23:20:09 2015 GMT +notAfter=Apr 15 23:20:09 3015 GMT +-----BEGIN CERTIFICATE----- +MIIBaDCCAQ2gAwIBAgIBAjAKBggqhkjOPQQDAjASMRAwDgYDVQQDDAdSb290IENB +MCAXDTE1MTIxMzIzMjAwOVoYDzMwMTUwNDE1MjMyMDA5WjAUMRIwEAYDVQQDDAlJ +c3N1ZXIgQ0EwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAR9S64YtJ9dxp0KPIXG +aj4hGd6Sz60IH61VwS1RDsl7bADhNpWo2XE1SP5g3xVXM5BDPiob2S20t6oBbsYY +XcWvo1AwTjAdBgNVHQ4EFgQUerdaPNKVyl33xRUJFuGP9cw3ahUwHwYDVR0jBBgw +FoAU5L1AXwUqgg3fmIP5PX0/kKrscj8wDAYDVR0TBAUwAwEB/zAKBggqhkjOPQQD +AgNJADBGAiEAgx3NiC2oeF1Q5BAgiYwCSIed3fctcB0dwd5r4IFVtD4CIQC4Sy+1 +GcTNPLx5FgPUSI93B1l9t5gNnBc+f90OzXyjCA== +-----END CERTIFICATE----- +subject= /CN=Root CA +issuer= /CN=Root CA +notBefore=Dec 13 23:13:08 2015 GMT +notAfter=Apr 15 23:13:08 3015 GMT +-----BEGIN CERTIFICATE----- +MIIBZDCCAQugAwIBAgIBATAKBggqhkjOPQQDAjASMRAwDgYDVQQDDAdSb290IENB +MCAXDTE1MTIxMzIzMTMwOFoYDzMwMTUwNDE1MjMxMzA4WjASMRAwDgYDVQQDDAdS +b290IENBMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE0dpXj9GPuGRWsNkbVla9 +1o1N29JQ4zdXESfHXgVg9B0K+Rv6+IBfgMKMAmoU1P6MMKlnO57AwFqEqoENE0G3 +bKNQME4wHQYDVR0OBBYEFOS9QF8FKoIN35iD+T19P5Cq7HI/MB8GA1UdIwQYMBaA +FOS9QF8FKoIN35iD+T19P5Cq7HI/MAwGA1UdEwQFMAMBAf8wCgYIKoZIzj0EAwID +RwAwRAIgaGnmqp+bTUvzCAkaWnqyww42GbDXXlKIGUaOS7km9MkCIBfxuEWGEZZv +vBCcrtNYKWa/JfwFmOq6bHk8WNzDU3zF +-----END CERTIFICATE----- + +# 18 +1 3 0 0 2 +2 1 1 91D942E4A2D4226DDAF28CADAA7F13018E4ED0D9A43A529247E51C965188576C +subject= /CN=example.com +issuer= /CN=Issuer CA +notBefore=Dec 13 23:23:52 2015 GMT +notAfter=Apr 15 23:23:52 3015 GMT +-----BEGIN CERTIFICATE----- +MIIBlDCCATugAwIBAgIBAjAKBggqhkjOPQQDAjAUMRIwEAYDVQQDDAlJc3N1ZXIg +Q0EwIBcNMTUxMjEzMjMyMzUyWhgPMzAxNTA0MTUyMzIzNTJaMBYxFDASBgNVBAMM +C2V4YW1wbGUuY29tMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEZkmV9HveNee0 +3kiyWOnooHreu9uGOz0G9IGhlGyD2p9Wz/TZOJuFXS82SxWFsMc0/PomMCaWT/Wk +MIs/yHm9uKN6MHgwHQYDVR0OBBYEFFsgykF9kIjHpMAXy2wMHHObsH2KMB8GA1Ud +IwQYMBaAFHq3WjzSlcpd98UVCRbhj/XMN2oVMAkGA1UdEwQCMAAwEwYDVR0lBAww +CgYIKwYBBQUHAwEwFgYDVR0RBA8wDYILZXhhbXBsZS5jb20wCgYIKoZIzj0EAwID +RwAwRAIfIckDKlyKk4ctP0rvMhqVdN2VbUO9k8NplExy1pAoWAIhAMizKQ16835X +GoTXBNutM50ph9QYUtxZNvISlHBjkRGB +-----END CERTIFICATE----- +subject= /CN=Issuer CA +issuer= /CN=Root CA +notBefore=Dec 13 23:20:09 2015 GMT +notAfter=Apr 15 23:20:09 3015 GMT +-----BEGIN CERTIFICATE----- +MIIBaDCCAQ2gAwIBAgIBAjAKBggqhkjOPQQDAjASMRAwDgYDVQQDDAdSb290IENB +MCAXDTE1MTIxMzIzMjAwOVoYDzMwMTUwNDE1MjMyMDA5WjAUMRIwEAYDVQQDDAlJ +c3N1ZXIgQ0EwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAR9S64YtJ9dxp0KPIXG +aj4hGd6Sz60IH61VwS1RDsl7bADhNpWo2XE1SP5g3xVXM5BDPiob2S20t6oBbsYY +XcWvo1AwTjAdBgNVHQ4EFgQUerdaPNKVyl33xRUJFuGP9cw3ahUwHwYDVR0jBBgw +FoAU5L1AXwUqgg3fmIP5PX0/kKrscj8wDAYDVR0TBAUwAwEB/zAKBggqhkjOPQQD +AgNJADBGAiEAgx3NiC2oeF1Q5BAgiYwCSIed3fctcB0dwd5r4IFVtD4CIQC4Sy+1 +GcTNPLx5FgPUSI93B1l9t5gNnBc+f90OzXyjCA== +-----END CERTIFICATE----- +subject= /CN=Root CA +issuer= /CN=Root CA +notBefore=Dec 13 23:13:08 2015 GMT +notAfter=Apr 15 23:13:08 3015 GMT +-----BEGIN CERTIFICATE----- +MIIBZDCCAQugAwIBAgIBATAKBggqhkjOPQQDAjASMRAwDgYDVQQDDAdSb290IENB +MCAXDTE1MTIxMzIzMTMwOFoYDzMwMTUwNDE1MjMxMzA4WjASMRAwDgYDVQQDDAdS +b290IENBMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE0dpXj9GPuGRWsNkbVla9 +1o1N29JQ4zdXESfHXgVg9B0K+Rv6+IBfgMKMAmoU1P6MMKlnO57AwFqEqoENE0G3 +bKNQME4wHQYDVR0OBBYEFOS9QF8FKoIN35iD+T19P5Cq7HI/MB8GA1UdIwQYMBaA +FOS9QF8FKoIN35iD+T19P5Cq7HI/MAwGA1UdEwQFMAMBAf8wCgYIKoZIzj0EAwID +RwAwRAIgaGnmqp+bTUvzCAkaWnqyww42GbDXXlKIGUaOS7km9MkCIBfxuEWGEZZv +vBCcrtNYKWa/JfwFmOq6bHk8WNzDU3zF +-----END CERTIFICATE----- + +# 19 +1 3 0 0 2 +2 0 2 361029F20A3B59DAFAAF05D41811EFC1A9439B972BC6B9D7F13BC5469570E49ACAE0CB0C877C75D58346590EA950AC7A39AED6E8AA8004EA7F5DE3AB9462047E +subject= /CN=example.com +issuer= /CN=Issuer CA +notBefore=Dec 13 23:23:52 2015 GMT +notAfter=Apr 15 23:23:52 3015 GMT +-----BEGIN CERTIFICATE----- +MIIBlDCCATugAwIBAgIBAjAKBggqhkjOPQQDAjAUMRIwEAYDVQQDDAlJc3N1ZXIg +Q0EwIBcNMTUxMjEzMjMyMzUyWhgPMzAxNTA0MTUyMzIzNTJaMBYxFDASBgNVBAMM +C2V4YW1wbGUuY29tMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEZkmV9HveNee0 +3kiyWOnooHreu9uGOz0G9IGhlGyD2p9Wz/TZOJuFXS82SxWFsMc0/PomMCaWT/Wk +MIs/yHm9uKN6MHgwHQYDVR0OBBYEFFsgykF9kIjHpMAXy2wMHHObsH2KMB8GA1Ud +IwQYMBaAFHq3WjzSlcpd98UVCRbhj/XMN2oVMAkGA1UdEwQCMAAwEwYDVR0lBAww +CgYIKwYBBQUHAwEwFgYDVR0RBA8wDYILZXhhbXBsZS5jb20wCgYIKoZIzj0EAwID +RwAwRAIfIckDKlyKk4ctP0rvMhqVdN2VbUO9k8NplExy1pAoWAIhAMizKQ16835X +GoTXBNutM50ph9QYUtxZNvISlHBjkRGB +-----END CERTIFICATE----- +subject= /CN=Issuer CA +issuer= /CN=Root CA +notBefore=Dec 13 23:20:09 2015 GMT +notAfter=Apr 15 23:20:09 3015 GMT +-----BEGIN CERTIFICATE----- +MIIBaDCCAQ2gAwIBAgIBAjAKBggqhkjOPQQDAjASMRAwDgYDVQQDDAdSb290IENB +MCAXDTE1MTIxMzIzMjAwOVoYDzMwMTUwNDE1MjMyMDA5WjAUMRIwEAYDVQQDDAlJ +c3N1ZXIgQ0EwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAR9S64YtJ9dxp0KPIXG +aj4hGd6Sz60IH61VwS1RDsl7bADhNpWo2XE1SP5g3xVXM5BDPiob2S20t6oBbsYY +XcWvo1AwTjAdBgNVHQ4EFgQUerdaPNKVyl33xRUJFuGP9cw3ahUwHwYDVR0jBBgw +FoAU5L1AXwUqgg3fmIP5PX0/kKrscj8wDAYDVR0TBAUwAwEB/zAKBggqhkjOPQQD +AgNJADBGAiEAgx3NiC2oeF1Q5BAgiYwCSIed3fctcB0dwd5r4IFVtD4CIQC4Sy+1 +GcTNPLx5FgPUSI93B1l9t5gNnBc+f90OzXyjCA== +-----END CERTIFICATE----- +subject= /CN=Root CA +issuer= /CN=Root CA +notBefore=Dec 13 23:13:08 2015 GMT +notAfter=Apr 15 23:13:08 3015 GMT +-----BEGIN CERTIFICATE----- +MIIBZDCCAQugAwIBAgIBATAKBggqhkjOPQQDAjASMRAwDgYDVQQDDAdSb290IENB +MCAXDTE1MTIxMzIzMTMwOFoYDzMwMTUwNDE1MjMxMzA4WjASMRAwDgYDVQQDDAdS +b290IENBMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE0dpXj9GPuGRWsNkbVla9 +1o1N29JQ4zdXESfHXgVg9B0K+Rv6+IBfgMKMAmoU1P6MMKlnO57AwFqEqoENE0G3 +bKNQME4wHQYDVR0OBBYEFOS9QF8FKoIN35iD+T19P5Cq7HI/MB8GA1UdIwQYMBaA +FOS9QF8FKoIN35iD+T19P5Cq7HI/MAwGA1UdEwQFMAMBAf8wCgYIKoZIzj0EAwID +RwAwRAIgaGnmqp+bTUvzCAkaWnqyww42GbDXXlKIGUaOS7km9MkCIBfxuEWGEZZv +vBCcrtNYKWa/JfwFmOq6bHk8WNzDU3zF +-----END CERTIFICATE----- + +# 20 +1 3 0 0 2 +2 1 2 5F414D4D7BFDF22E39952D9F46C51370FDD050F10C55B4CDB42E40FA98611FDE23EEE9B23315EE1ECDB198C7419E9A2D6742860E4806AF45164507799C3B452E +subject= /CN=example.com +issuer= /CN=Issuer CA +notBefore=Dec 13 23:23:52 2015 GMT +notAfter=Apr 15 23:23:52 3015 GMT +-----BEGIN CERTIFICATE----- +MIIBlDCCATugAwIBAgIBAjAKBggqhkjOPQQDAjAUMRIwEAYDVQQDDAlJc3N1ZXIg +Q0EwIBcNMTUxMjEzMjMyMzUyWhgPMzAxNTA0MTUyMzIzNTJaMBYxFDASBgNVBAMM +C2V4YW1wbGUuY29tMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEZkmV9HveNee0 +3kiyWOnooHreu9uGOz0G9IGhlGyD2p9Wz/TZOJuFXS82SxWFsMc0/PomMCaWT/Wk +MIs/yHm9uKN6MHgwHQYDVR0OBBYEFFsgykF9kIjHpMAXy2wMHHObsH2KMB8GA1Ud +IwQYMBaAFHq3WjzSlcpd98UVCRbhj/XMN2oVMAkGA1UdEwQCMAAwEwYDVR0lBAww +CgYIKwYBBQUHAwEwFgYDVR0RBA8wDYILZXhhbXBsZS5jb20wCgYIKoZIzj0EAwID +RwAwRAIfIckDKlyKk4ctP0rvMhqVdN2VbUO9k8NplExy1pAoWAIhAMizKQ16835X +GoTXBNutM50ph9QYUtxZNvISlHBjkRGB +-----END CERTIFICATE----- +subject= /CN=Issuer CA +issuer= /CN=Root CA +notBefore=Dec 13 23:20:09 2015 GMT +notAfter=Apr 15 23:20:09 3015 GMT +-----BEGIN CERTIFICATE----- +MIIBaDCCAQ2gAwIBAgIBAjAKBggqhkjOPQQDAjASMRAwDgYDVQQDDAdSb290IENB +MCAXDTE1MTIxMzIzMjAwOVoYDzMwMTUwNDE1MjMyMDA5WjAUMRIwEAYDVQQDDAlJ +c3N1ZXIgQ0EwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAR9S64YtJ9dxp0KPIXG +aj4hGd6Sz60IH61VwS1RDsl7bADhNpWo2XE1SP5g3xVXM5BDPiob2S20t6oBbsYY +XcWvo1AwTjAdBgNVHQ4EFgQUerdaPNKVyl33xRUJFuGP9cw3ahUwHwYDVR0jBBgw +FoAU5L1AXwUqgg3fmIP5PX0/kKrscj8wDAYDVR0TBAUwAwEB/zAKBggqhkjOPQQD +AgNJADBGAiEAgx3NiC2oeF1Q5BAgiYwCSIed3fctcB0dwd5r4IFVtD4CIQC4Sy+1 +GcTNPLx5FgPUSI93B1l9t5gNnBc+f90OzXyjCA== +-----END CERTIFICATE----- +subject= /CN=Root CA +issuer= /CN=Root CA +notBefore=Dec 13 23:13:08 2015 GMT +notAfter=Apr 15 23:13:08 3015 GMT +-----BEGIN CERTIFICATE----- +MIIBZDCCAQugAwIBAgIBATAKBggqhkjOPQQDAjASMRAwDgYDVQQDDAdSb290IENB +MCAXDTE1MTIxMzIzMTMwOFoYDzMwMTUwNDE1MjMxMzA4WjASMRAwDgYDVQQDDAdS +b290IENBMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE0dpXj9GPuGRWsNkbVla9 +1o1N29JQ4zdXESfHXgVg9B0K+Rv6+IBfgMKMAmoU1P6MMKlnO57AwFqEqoENE0G3 +bKNQME4wHQYDVR0OBBYEFOS9QF8FKoIN35iD+T19P5Cq7HI/MB8GA1UdIwQYMBaA +FOS9QF8FKoIN35iD+T19P5Cq7HI/MAwGA1UdEwQFMAMBAf8wCgYIKoZIzj0EAwID +RwAwRAIgaGnmqp+bTUvzCAkaWnqyww42GbDXXlKIGUaOS7km9MkCIBfxuEWGEZZv +vBCcrtNYKWa/JfwFmOq6bHk8WNzDU3zF +-----END CERTIFICATE----- + +## -- PKIX-?? chain tests -- + +# 21 +1 2 0 0 0 +1 0 1 BEDC04764CECAE80AEE454D332758F50847DCA424216466E4012E0DEAE1F2E5F +subject= /CN=example.com +issuer= /CN=Issuer CA +notBefore=Dec 13 23:23:52 2015 GMT +notAfter=Apr 15 23:23:52 3015 GMT +-----BEGIN CERTIFICATE----- +MIIBlDCCATugAwIBAgIBAjAKBggqhkjOPQQDAjAUMRIwEAYDVQQDDAlJc3N1ZXIg +Q0EwIBcNMTUxMjEzMjMyMzUyWhgPMzAxNTA0MTUyMzIzNTJaMBYxFDASBgNVBAMM +C2V4YW1wbGUuY29tMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEZkmV9HveNee0 +3kiyWOnooHreu9uGOz0G9IGhlGyD2p9Wz/TZOJuFXS82SxWFsMc0/PomMCaWT/Wk +MIs/yHm9uKN6MHgwHQYDVR0OBBYEFFsgykF9kIjHpMAXy2wMHHObsH2KMB8GA1Ud +IwQYMBaAFHq3WjzSlcpd98UVCRbhj/XMN2oVMAkGA1UdEwQCMAAwEwYDVR0lBAww +CgYIKwYBBQUHAwEwFgYDVR0RBA8wDYILZXhhbXBsZS5jb20wCgYIKoZIzj0EAwID +RwAwRAIfIckDKlyKk4ctP0rvMhqVdN2VbUO9k8NplExy1pAoWAIhAMizKQ16835X +GoTXBNutM50ph9QYUtxZNvISlHBjkRGB +-----END CERTIFICATE----- +subject= /CN=Issuer CA +issuer= /CN=Root CA +notBefore=Dec 13 23:20:09 2015 GMT +notAfter=Apr 15 23:20:09 3015 GMT +-----BEGIN CERTIFICATE----- +MIIBaDCCAQ2gAwIBAgIBAjAKBggqhkjOPQQDAjASMRAwDgYDVQQDDAdSb290IENB +MCAXDTE1MTIxMzIzMjAwOVoYDzMwMTUwNDE1MjMyMDA5WjAUMRIwEAYDVQQDDAlJ +c3N1ZXIgQ0EwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAR9S64YtJ9dxp0KPIXG +aj4hGd6Sz60IH61VwS1RDsl7bADhNpWo2XE1SP5g3xVXM5BDPiob2S20t6oBbsYY +XcWvo1AwTjAdBgNVHQ4EFgQUerdaPNKVyl33xRUJFuGP9cw3ahUwHwYDVR0jBBgw +FoAU5L1AXwUqgg3fmIP5PX0/kKrscj8wDAYDVR0TBAUwAwEB/zAKBggqhkjOPQQD +AgNJADBGAiEAgx3NiC2oeF1Q5BAgiYwCSIed3fctcB0dwd5r4IFVtD4CIQC4Sy+1 +GcTNPLx5FgPUSI93B1l9t5gNnBc+f90OzXyjCA== +-----END CERTIFICATE----- + +# 22 +1 2 0 0 0 +1 1 1 3111668338043DE264D0256A702248696C9484B6221A42740F920187B4C61838 +subject= /CN=example.com +issuer= /CN=Issuer CA +notBefore=Dec 13 23:23:52 2015 GMT +notAfter=Apr 15 23:23:52 3015 GMT +-----BEGIN CERTIFICATE----- +MIIBlDCCATugAwIBAgIBAjAKBggqhkjOPQQDAjAUMRIwEAYDVQQDDAlJc3N1ZXIg +Q0EwIBcNMTUxMjEzMjMyMzUyWhgPMzAxNTA0MTUyMzIzNTJaMBYxFDASBgNVBAMM +C2V4YW1wbGUuY29tMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEZkmV9HveNee0 +3kiyWOnooHreu9uGOz0G9IGhlGyD2p9Wz/TZOJuFXS82SxWFsMc0/PomMCaWT/Wk +MIs/yHm9uKN6MHgwHQYDVR0OBBYEFFsgykF9kIjHpMAXy2wMHHObsH2KMB8GA1Ud +IwQYMBaAFHq3WjzSlcpd98UVCRbhj/XMN2oVMAkGA1UdEwQCMAAwEwYDVR0lBAww +CgYIKwYBBQUHAwEwFgYDVR0RBA8wDYILZXhhbXBsZS5jb20wCgYIKoZIzj0EAwID +RwAwRAIfIckDKlyKk4ctP0rvMhqVdN2VbUO9k8NplExy1pAoWAIhAMizKQ16835X +GoTXBNutM50ph9QYUtxZNvISlHBjkRGB +-----END CERTIFICATE----- +subject= /CN=Issuer CA +issuer= /CN=Root CA +notBefore=Dec 13 23:20:09 2015 GMT +notAfter=Apr 15 23:20:09 3015 GMT +-----BEGIN CERTIFICATE----- +MIIBaDCCAQ2gAwIBAgIBAjAKBggqhkjOPQQDAjASMRAwDgYDVQQDDAdSb290IENB +MCAXDTE1MTIxMzIzMjAwOVoYDzMwMTUwNDE1MjMyMDA5WjAUMRIwEAYDVQQDDAlJ +c3N1ZXIgQ0EwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAR9S64YtJ9dxp0KPIXG +aj4hGd6Sz60IH61VwS1RDsl7bADhNpWo2XE1SP5g3xVXM5BDPiob2S20t6oBbsYY +XcWvo1AwTjAdBgNVHQ4EFgQUerdaPNKVyl33xRUJFuGP9cw3ahUwHwYDVR0jBBgw +FoAU5L1AXwUqgg3fmIP5PX0/kKrscj8wDAYDVR0TBAUwAwEB/zAKBggqhkjOPQQD +AgNJADBGAiEAgx3NiC2oeF1Q5BAgiYwCSIed3fctcB0dwd5r4IFVtD4CIQC4Sy+1 +GcTNPLx5FgPUSI93B1l9t5gNnBc+f90OzXyjCA== +-----END CERTIFICATE----- + +# 23 +1 3 0 0 0 +1 0 2 F756CCD61F3CA50D017653911701CA0052AF0B29E273DD263DD23643D86D4369D03686BD1369EF54BB2DC2DAE3CE4F05AF39D54648F94D54AA86B259AEAD9923 +subject= /CN=example.com +issuer= /CN=Issuer CA +notBefore=Dec 13 23:23:52 2015 GMT +notAfter=Apr 15 23:23:52 3015 GMT +-----BEGIN CERTIFICATE----- +MIIBlDCCATugAwIBAgIBAjAKBggqhkjOPQQDAjAUMRIwEAYDVQQDDAlJc3N1ZXIg +Q0EwIBcNMTUxMjEzMjMyMzUyWhgPMzAxNTA0MTUyMzIzNTJaMBYxFDASBgNVBAMM +C2V4YW1wbGUuY29tMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEZkmV9HveNee0 +3kiyWOnooHreu9uGOz0G9IGhlGyD2p9Wz/TZOJuFXS82SxWFsMc0/PomMCaWT/Wk +MIs/yHm9uKN6MHgwHQYDVR0OBBYEFFsgykF9kIjHpMAXy2wMHHObsH2KMB8GA1Ud +IwQYMBaAFHq3WjzSlcpd98UVCRbhj/XMN2oVMAkGA1UdEwQCMAAwEwYDVR0lBAww +CgYIKwYBBQUHAwEwFgYDVR0RBA8wDYILZXhhbXBsZS5jb20wCgYIKoZIzj0EAwID +RwAwRAIfIckDKlyKk4ctP0rvMhqVdN2VbUO9k8NplExy1pAoWAIhAMizKQ16835X +GoTXBNutM50ph9QYUtxZNvISlHBjkRGB +-----END CERTIFICATE----- +subject= /CN=Issuer CA +issuer= /CN=Root CA +notBefore=Dec 13 23:20:09 2015 GMT +notAfter=Apr 15 23:20:09 3015 GMT +-----BEGIN CERTIFICATE----- +MIIBaDCCAQ2gAwIBAgIBAjAKBggqhkjOPQQDAjASMRAwDgYDVQQDDAdSb290IENB +MCAXDTE1MTIxMzIzMjAwOVoYDzMwMTUwNDE1MjMyMDA5WjAUMRIwEAYDVQQDDAlJ +c3N1ZXIgQ0EwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAR9S64YtJ9dxp0KPIXG +aj4hGd6Sz60IH61VwS1RDsl7bADhNpWo2XE1SP5g3xVXM5BDPiob2S20t6oBbsYY +XcWvo1AwTjAdBgNVHQ4EFgQUerdaPNKVyl33xRUJFuGP9cw3ahUwHwYDVR0jBBgw +FoAU5L1AXwUqgg3fmIP5PX0/kKrscj8wDAYDVR0TBAUwAwEB/zAKBggqhkjOPQQD +AgNJADBGAiEAgx3NiC2oeF1Q5BAgiYwCSIed3fctcB0dwd5r4IFVtD4CIQC4Sy+1 +GcTNPLx5FgPUSI93B1l9t5gNnBc+f90OzXyjCA== +-----END CERTIFICATE----- +subject= /CN=Root CA +issuer= /CN=Root CA +notBefore=Dec 13 23:13:08 2015 GMT +notAfter=Apr 15 23:13:08 3015 GMT +-----BEGIN CERTIFICATE----- +MIIBZDCCAQugAwIBAgIBATAKBggqhkjOPQQDAjASMRAwDgYDVQQDDAdSb290IENB +MCAXDTE1MTIxMzIzMTMwOFoYDzMwMTUwNDE1MjMxMzA4WjASMRAwDgYDVQQDDAdS +b290IENBMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE0dpXj9GPuGRWsNkbVla9 +1o1N29JQ4zdXESfHXgVg9B0K+Rv6+IBfgMKMAmoU1P6MMKlnO57AwFqEqoENE0G3 +bKNQME4wHQYDVR0OBBYEFOS9QF8FKoIN35iD+T19P5Cq7HI/MB8GA1UdIwQYMBaA +FOS9QF8FKoIN35iD+T19P5Cq7HI/MAwGA1UdEwQFMAMBAf8wCgYIKoZIzj0EAwID +RwAwRAIgaGnmqp+bTUvzCAkaWnqyww42GbDXXlKIGUaOS7km9MkCIBfxuEWGEZZv +vBCcrtNYKWa/JfwFmOq6bHk8WNzDU3zF +-----END CERTIFICATE----- + +# 24 +1 3 0 0 0 +1 1 2 CB861AF6DDED185EE04472A9092052CCC735120C34785E72C996C94B122EBA6F329BE630B1B4C6E2756E7A75392C21E253C6AEACC31FD45FF4595DED375FAF62 +subject= /CN=example.com +issuer= /CN=Issuer CA +notBefore=Dec 13 23:23:52 2015 GMT +notAfter=Apr 15 23:23:52 3015 GMT +-----BEGIN CERTIFICATE----- +MIIBlDCCATugAwIBAgIBAjAKBggqhkjOPQQDAjAUMRIwEAYDVQQDDAlJc3N1ZXIg +Q0EwIBcNMTUxMjEzMjMyMzUyWhgPMzAxNTA0MTUyMzIzNTJaMBYxFDASBgNVBAMM +C2V4YW1wbGUuY29tMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEZkmV9HveNee0 +3kiyWOnooHreu9uGOz0G9IGhlGyD2p9Wz/TZOJuFXS82SxWFsMc0/PomMCaWT/Wk +MIs/yHm9uKN6MHgwHQYDVR0OBBYEFFsgykF9kIjHpMAXy2wMHHObsH2KMB8GA1Ud +IwQYMBaAFHq3WjzSlcpd98UVCRbhj/XMN2oVMAkGA1UdEwQCMAAwEwYDVR0lBAww +CgYIKwYBBQUHAwEwFgYDVR0RBA8wDYILZXhhbXBsZS5jb20wCgYIKoZIzj0EAwID +RwAwRAIfIckDKlyKk4ctP0rvMhqVdN2VbUO9k8NplExy1pAoWAIhAMizKQ16835X +GoTXBNutM50ph9QYUtxZNvISlHBjkRGB +-----END CERTIFICATE----- +subject= /CN=Issuer CA +issuer= /CN=Root CA +notBefore=Dec 13 23:20:09 2015 GMT +notAfter=Apr 15 23:20:09 3015 GMT +-----BEGIN CERTIFICATE----- +MIIBaDCCAQ2gAwIBAgIBAjAKBggqhkjOPQQDAjASMRAwDgYDVQQDDAdSb290IENB +MCAXDTE1MTIxMzIzMjAwOVoYDzMwMTUwNDE1MjMyMDA5WjAUMRIwEAYDVQQDDAlJ +c3N1ZXIgQ0EwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAR9S64YtJ9dxp0KPIXG +aj4hGd6Sz60IH61VwS1RDsl7bADhNpWo2XE1SP5g3xVXM5BDPiob2S20t6oBbsYY +XcWvo1AwTjAdBgNVHQ4EFgQUerdaPNKVyl33xRUJFuGP9cw3ahUwHwYDVR0jBBgw +FoAU5L1AXwUqgg3fmIP5PX0/kKrscj8wDAYDVR0TBAUwAwEB/zAKBggqhkjOPQQD +AgNJADBGAiEAgx3NiC2oeF1Q5BAgiYwCSIed3fctcB0dwd5r4IFVtD4CIQC4Sy+1 +GcTNPLx5FgPUSI93B1l9t5gNnBc+f90OzXyjCA== +-----END CERTIFICATE----- +subject= /CN=Root CA +issuer= /CN=Root CA +notBefore=Dec 13 23:13:08 2015 GMT +notAfter=Apr 15 23:13:08 3015 GMT +-----BEGIN CERTIFICATE----- +MIIBZDCCAQugAwIBAgIBATAKBggqhkjOPQQDAjASMRAwDgYDVQQDDAdSb290IENB +MCAXDTE1MTIxMzIzMTMwOFoYDzMwMTUwNDE1MjMxMzA4WjASMRAwDgYDVQQDDAdS +b290IENBMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE0dpXj9GPuGRWsNkbVla9 +1o1N29JQ4zdXESfHXgVg9B0K+Rv6+IBfgMKMAmoU1P6MMKlnO57AwFqEqoENE0G3 +bKNQME4wHQYDVR0OBBYEFOS9QF8FKoIN35iD+T19P5Cq7HI/MB8GA1UdIwQYMBaA +FOS9QF8FKoIN35iD+T19P5Cq7HI/MAwGA1UdEwQFMAMBAf8wCgYIKoZIzj0EAwID +RwAwRAIgaGnmqp+bTUvzCAkaWnqyww42GbDXXlKIGUaOS7km9MkCIBfxuEWGEZZv +vBCcrtNYKWa/JfwFmOq6bHk8WNzDU3zF +-----END CERTIFICATE----- + +# 25 +1 2 0 0 1 +0 0 1 0DAA76425A1FC398C55A643D5A2485AE4CC2B64B9515A75054722B2E83C31BBD +subject= /CN=example.com +issuer= /CN=Issuer CA +notBefore=Dec 13 23:23:52 2015 GMT +notAfter=Apr 15 23:23:52 3015 GMT +-----BEGIN CERTIFICATE----- +MIIBlDCCATugAwIBAgIBAjAKBggqhkjOPQQDAjAUMRIwEAYDVQQDDAlJc3N1ZXIg +Q0EwIBcNMTUxMjEzMjMyMzUyWhgPMzAxNTA0MTUyMzIzNTJaMBYxFDASBgNVBAMM +C2V4YW1wbGUuY29tMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEZkmV9HveNee0 +3kiyWOnooHreu9uGOz0G9IGhlGyD2p9Wz/TZOJuFXS82SxWFsMc0/PomMCaWT/Wk +MIs/yHm9uKN6MHgwHQYDVR0OBBYEFFsgykF9kIjHpMAXy2wMHHObsH2KMB8GA1Ud +IwQYMBaAFHq3WjzSlcpd98UVCRbhj/XMN2oVMAkGA1UdEwQCMAAwEwYDVR0lBAww +CgYIKwYBBQUHAwEwFgYDVR0RBA8wDYILZXhhbXBsZS5jb20wCgYIKoZIzj0EAwID +RwAwRAIfIckDKlyKk4ctP0rvMhqVdN2VbUO9k8NplExy1pAoWAIhAMizKQ16835X +GoTXBNutM50ph9QYUtxZNvISlHBjkRGB +-----END CERTIFICATE----- +subject= /CN=Issuer CA +issuer= /CN=Root CA +notBefore=Dec 13 23:20:09 2015 GMT +notAfter=Apr 15 23:20:09 3015 GMT +-----BEGIN CERTIFICATE----- +MIIBaDCCAQ2gAwIBAgIBAjAKBggqhkjOPQQDAjASMRAwDgYDVQQDDAdSb290IENB +MCAXDTE1MTIxMzIzMjAwOVoYDzMwMTUwNDE1MjMyMDA5WjAUMRIwEAYDVQQDDAlJ +c3N1ZXIgQ0EwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAR9S64YtJ9dxp0KPIXG +aj4hGd6Sz60IH61VwS1RDsl7bADhNpWo2XE1SP5g3xVXM5BDPiob2S20t6oBbsYY +XcWvo1AwTjAdBgNVHQ4EFgQUerdaPNKVyl33xRUJFuGP9cw3ahUwHwYDVR0jBBgw +FoAU5L1AXwUqgg3fmIP5PX0/kKrscj8wDAYDVR0TBAUwAwEB/zAKBggqhkjOPQQD +AgNJADBGAiEAgx3NiC2oeF1Q5BAgiYwCSIed3fctcB0dwd5r4IFVtD4CIQC4Sy+1 +GcTNPLx5FgPUSI93B1l9t5gNnBc+f90OzXyjCA== +-----END CERTIFICATE----- + +# 26 +1 2 0 0 1 +0 1 1 65A457617072DA3E7F1152471EB3D406526530097D0A9AA34EB47C990A1FCDA3 +subject= /CN=example.com +issuer= /CN=Issuer CA +notBefore=Dec 13 23:23:52 2015 GMT +notAfter=Apr 15 23:23:52 3015 GMT +-----BEGIN CERTIFICATE----- +MIIBlDCCATugAwIBAgIBAjAKBggqhkjOPQQDAjAUMRIwEAYDVQQDDAlJc3N1ZXIg +Q0EwIBcNMTUxMjEzMjMyMzUyWhgPMzAxNTA0MTUyMzIzNTJaMBYxFDASBgNVBAMM +C2V4YW1wbGUuY29tMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEZkmV9HveNee0 +3kiyWOnooHreu9uGOz0G9IGhlGyD2p9Wz/TZOJuFXS82SxWFsMc0/PomMCaWT/Wk +MIs/yHm9uKN6MHgwHQYDVR0OBBYEFFsgykF9kIjHpMAXy2wMHHObsH2KMB8GA1Ud +IwQYMBaAFHq3WjzSlcpd98UVCRbhj/XMN2oVMAkGA1UdEwQCMAAwEwYDVR0lBAww +CgYIKwYBBQUHAwEwFgYDVR0RBA8wDYILZXhhbXBsZS5jb20wCgYIKoZIzj0EAwID +RwAwRAIfIckDKlyKk4ctP0rvMhqVdN2VbUO9k8NplExy1pAoWAIhAMizKQ16835X +GoTXBNutM50ph9QYUtxZNvISlHBjkRGB +-----END CERTIFICATE----- +subject= /CN=Issuer CA +issuer= /CN=Root CA +notBefore=Dec 13 23:20:09 2015 GMT +notAfter=Apr 15 23:20:09 3015 GMT +-----BEGIN CERTIFICATE----- +MIIBaDCCAQ2gAwIBAgIBAjAKBggqhkjOPQQDAjASMRAwDgYDVQQDDAdSb290IENB +MCAXDTE1MTIxMzIzMjAwOVoYDzMwMTUwNDE1MjMyMDA5WjAUMRIwEAYDVQQDDAlJ +c3N1ZXIgQ0EwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAR9S64YtJ9dxp0KPIXG +aj4hGd6Sz60IH61VwS1RDsl7bADhNpWo2XE1SP5g3xVXM5BDPiob2S20t6oBbsYY +XcWvo1AwTjAdBgNVHQ4EFgQUerdaPNKVyl33xRUJFuGP9cw3ahUwHwYDVR0jBBgw +FoAU5L1AXwUqgg3fmIP5PX0/kKrscj8wDAYDVR0TBAUwAwEB/zAKBggqhkjOPQQD +AgNJADBGAiEAgx3NiC2oeF1Q5BAgiYwCSIed3fctcB0dwd5r4IFVtD4CIQC4Sy+1 +GcTNPLx5FgPUSI93B1l9t5gNnBc+f90OzXyjCA== +-----END CERTIFICATE----- + +# 27 +1 3 0 0 1 +0 0 2 6BC0C0F2500320A49392910965263A3EBDD594173D3E36CCE38A003D2EC3FAFBC315EDB776CD3139637DF494FB60359601542A4F821BF0542F926E6270C9762C +subject= /CN=example.com +issuer= /CN=Issuer CA +notBefore=Dec 13 23:23:52 2015 GMT +notAfter=Apr 15 23:23:52 3015 GMT +-----BEGIN CERTIFICATE----- +MIIBlDCCATugAwIBAgIBAjAKBggqhkjOPQQDAjAUMRIwEAYDVQQDDAlJc3N1ZXIg +Q0EwIBcNMTUxMjEzMjMyMzUyWhgPMzAxNTA0MTUyMzIzNTJaMBYxFDASBgNVBAMM +C2V4YW1wbGUuY29tMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEZkmV9HveNee0 +3kiyWOnooHreu9uGOz0G9IGhlGyD2p9Wz/TZOJuFXS82SxWFsMc0/PomMCaWT/Wk +MIs/yHm9uKN6MHgwHQYDVR0OBBYEFFsgykF9kIjHpMAXy2wMHHObsH2KMB8GA1Ud +IwQYMBaAFHq3WjzSlcpd98UVCRbhj/XMN2oVMAkGA1UdEwQCMAAwEwYDVR0lBAww +CgYIKwYBBQUHAwEwFgYDVR0RBA8wDYILZXhhbXBsZS5jb20wCgYIKoZIzj0EAwID +RwAwRAIfIckDKlyKk4ctP0rvMhqVdN2VbUO9k8NplExy1pAoWAIhAMizKQ16835X +GoTXBNutM50ph9QYUtxZNvISlHBjkRGB +-----END CERTIFICATE----- +subject= /CN=Issuer CA +issuer= /CN=Root CA +notBefore=Dec 13 23:20:09 2015 GMT +notAfter=Apr 15 23:20:09 3015 GMT +-----BEGIN CERTIFICATE----- +MIIBaDCCAQ2gAwIBAgIBAjAKBggqhkjOPQQDAjASMRAwDgYDVQQDDAdSb290IENB +MCAXDTE1MTIxMzIzMjAwOVoYDzMwMTUwNDE1MjMyMDA5WjAUMRIwEAYDVQQDDAlJ +c3N1ZXIgQ0EwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAR9S64YtJ9dxp0KPIXG +aj4hGd6Sz60IH61VwS1RDsl7bADhNpWo2XE1SP5g3xVXM5BDPiob2S20t6oBbsYY +XcWvo1AwTjAdBgNVHQ4EFgQUerdaPNKVyl33xRUJFuGP9cw3ahUwHwYDVR0jBBgw +FoAU5L1AXwUqgg3fmIP5PX0/kKrscj8wDAYDVR0TBAUwAwEB/zAKBggqhkjOPQQD +AgNJADBGAiEAgx3NiC2oeF1Q5BAgiYwCSIed3fctcB0dwd5r4IFVtD4CIQC4Sy+1 +GcTNPLx5FgPUSI93B1l9t5gNnBc+f90OzXyjCA== +-----END CERTIFICATE----- +subject= /CN=Root CA +issuer= /CN=Root CA +notBefore=Dec 13 23:13:08 2015 GMT +notAfter=Apr 15 23:13:08 3015 GMT +-----BEGIN CERTIFICATE----- +MIIBZDCCAQugAwIBAgIBATAKBggqhkjOPQQDAjASMRAwDgYDVQQDDAdSb290IENB +MCAXDTE1MTIxMzIzMTMwOFoYDzMwMTUwNDE1MjMxMzA4WjASMRAwDgYDVQQDDAdS +b290IENBMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE0dpXj9GPuGRWsNkbVla9 +1o1N29JQ4zdXESfHXgVg9B0K+Rv6+IBfgMKMAmoU1P6MMKlnO57AwFqEqoENE0G3 +bKNQME4wHQYDVR0OBBYEFOS9QF8FKoIN35iD+T19P5Cq7HI/MB8GA1UdIwQYMBaA +FOS9QF8FKoIN35iD+T19P5Cq7HI/MAwGA1UdEwQFMAMBAf8wCgYIKoZIzj0EAwID +RwAwRAIgaGnmqp+bTUvzCAkaWnqyww42GbDXXlKIGUaOS7km9MkCIBfxuEWGEZZv +vBCcrtNYKWa/JfwFmOq6bHk8WNzDU3zF +-----END CERTIFICATE----- + +# 28 +1 3 0 0 1 +0 1 2 1F484106F765B6F1AC483CC509CDAD36486A83D1BA115F562516F407C1109303658408B455824DA0785A252B205DBEECB1AFB5DB869E8AAC242091B63F258F05 +subject= /CN=example.com +issuer= /CN=Issuer CA +notBefore=Dec 13 23:23:52 2015 GMT +notAfter=Apr 15 23:23:52 3015 GMT +-----BEGIN CERTIFICATE----- +MIIBlDCCATugAwIBAgIBAjAKBggqhkjOPQQDAjAUMRIwEAYDVQQDDAlJc3N1ZXIg +Q0EwIBcNMTUxMjEzMjMyMzUyWhgPMzAxNTA0MTUyMzIzNTJaMBYxFDASBgNVBAMM +C2V4YW1wbGUuY29tMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEZkmV9HveNee0 +3kiyWOnooHreu9uGOz0G9IGhlGyD2p9Wz/TZOJuFXS82SxWFsMc0/PomMCaWT/Wk +MIs/yHm9uKN6MHgwHQYDVR0OBBYEFFsgykF9kIjHpMAXy2wMHHObsH2KMB8GA1Ud +IwQYMBaAFHq3WjzSlcpd98UVCRbhj/XMN2oVMAkGA1UdEwQCMAAwEwYDVR0lBAww +CgYIKwYBBQUHAwEwFgYDVR0RBA8wDYILZXhhbXBsZS5jb20wCgYIKoZIzj0EAwID +RwAwRAIfIckDKlyKk4ctP0rvMhqVdN2VbUO9k8NplExy1pAoWAIhAMizKQ16835X +GoTXBNutM50ph9QYUtxZNvISlHBjkRGB +-----END CERTIFICATE----- +subject= /CN=Issuer CA +issuer= /CN=Root CA +notBefore=Dec 13 23:20:09 2015 GMT +notAfter=Apr 15 23:20:09 3015 GMT +-----BEGIN CERTIFICATE----- +MIIBaDCCAQ2gAwIBAgIBAjAKBggqhkjOPQQDAjASMRAwDgYDVQQDDAdSb290IENB +MCAXDTE1MTIxMzIzMjAwOVoYDzMwMTUwNDE1MjMyMDA5WjAUMRIwEAYDVQQDDAlJ +c3N1ZXIgQ0EwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAR9S64YtJ9dxp0KPIXG +aj4hGd6Sz60IH61VwS1RDsl7bADhNpWo2XE1SP5g3xVXM5BDPiob2S20t6oBbsYY +XcWvo1AwTjAdBgNVHQ4EFgQUerdaPNKVyl33xRUJFuGP9cw3ahUwHwYDVR0jBBgw +FoAU5L1AXwUqgg3fmIP5PX0/kKrscj8wDAYDVR0TBAUwAwEB/zAKBggqhkjOPQQD +AgNJADBGAiEAgx3NiC2oeF1Q5BAgiYwCSIed3fctcB0dwd5r4IFVtD4CIQC4Sy+1 +GcTNPLx5FgPUSI93B1l9t5gNnBc+f90OzXyjCA== +-----END CERTIFICATE----- +subject= /CN=Root CA +issuer= /CN=Root CA +notBefore=Dec 13 23:13:08 2015 GMT +notAfter=Apr 15 23:13:08 3015 GMT +-----BEGIN CERTIFICATE----- +MIIBZDCCAQugAwIBAgIBATAKBggqhkjOPQQDAjASMRAwDgYDVQQDDAdSb290IENB +MCAXDTE1MTIxMzIzMTMwOFoYDzMwMTUwNDE1MjMxMzA4WjASMRAwDgYDVQQDDAdS +b290IENBMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE0dpXj9GPuGRWsNkbVla9 +1o1N29JQ4zdXESfHXgVg9B0K+Rv6+IBfgMKMAmoU1P6MMKlnO57AwFqEqoENE0G3 +bKNQME4wHQYDVR0OBBYEFOS9QF8FKoIN35iD+T19P5Cq7HI/MB8GA1UdIwQYMBaA +FOS9QF8FKoIN35iD+T19P5Cq7HI/MAwGA1UdEwQFMAMBAf8wCgYIKoZIzj0EAwID +RwAwRAIgaGnmqp+bTUvzCAkaWnqyww42GbDXXlKIGUaOS7km9MkCIBfxuEWGEZZv +vBCcrtNYKWa/JfwFmOq6bHk8WNzDU3zF +-----END CERTIFICATE----- + +# 29 +1 2 0 0 2 +0 0 1 FE7C8E01110627A782765E468D8CB4D2CC7907EAC4BA5974CD92B540ED2AAC3C +subject= /CN=example.com +issuer= /CN=Issuer CA +notBefore=Dec 13 23:23:52 2015 GMT +notAfter=Apr 15 23:23:52 3015 GMT +-----BEGIN CERTIFICATE----- +MIIBlDCCATugAwIBAgIBAjAKBggqhkjOPQQDAjAUMRIwEAYDVQQDDAlJc3N1ZXIg +Q0EwIBcNMTUxMjEzMjMyMzUyWhgPMzAxNTA0MTUyMzIzNTJaMBYxFDASBgNVBAMM +C2V4YW1wbGUuY29tMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEZkmV9HveNee0 +3kiyWOnooHreu9uGOz0G9IGhlGyD2p9Wz/TZOJuFXS82SxWFsMc0/PomMCaWT/Wk +MIs/yHm9uKN6MHgwHQYDVR0OBBYEFFsgykF9kIjHpMAXy2wMHHObsH2KMB8GA1Ud +IwQYMBaAFHq3WjzSlcpd98UVCRbhj/XMN2oVMAkGA1UdEwQCMAAwEwYDVR0lBAww +CgYIKwYBBQUHAwEwFgYDVR0RBA8wDYILZXhhbXBsZS5jb20wCgYIKoZIzj0EAwID +RwAwRAIfIckDKlyKk4ctP0rvMhqVdN2VbUO9k8NplExy1pAoWAIhAMizKQ16835X +GoTXBNutM50ph9QYUtxZNvISlHBjkRGB +-----END CERTIFICATE----- +subject= /CN=Issuer CA +issuer= /CN=Root CA +notBefore=Dec 13 23:20:09 2015 GMT +notAfter=Apr 15 23:20:09 3015 GMT +-----BEGIN CERTIFICATE----- +MIIBaDCCAQ2gAwIBAgIBAjAKBggqhkjOPQQDAjASMRAwDgYDVQQDDAdSb290IENB +MCAXDTE1MTIxMzIzMjAwOVoYDzMwMTUwNDE1MjMyMDA5WjAUMRIwEAYDVQQDDAlJ +c3N1ZXIgQ0EwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAR9S64YtJ9dxp0KPIXG +aj4hGd6Sz60IH61VwS1RDsl7bADhNpWo2XE1SP5g3xVXM5BDPiob2S20t6oBbsYY +XcWvo1AwTjAdBgNVHQ4EFgQUerdaPNKVyl33xRUJFuGP9cw3ahUwHwYDVR0jBBgw +FoAU5L1AXwUqgg3fmIP5PX0/kKrscj8wDAYDVR0TBAUwAwEB/zAKBggqhkjOPQQD +AgNJADBGAiEAgx3NiC2oeF1Q5BAgiYwCSIed3fctcB0dwd5r4IFVtD4CIQC4Sy+1 +GcTNPLx5FgPUSI93B1l9t5gNnBc+f90OzXyjCA== +-----END CERTIFICATE----- + +# 30 +1 2 0 0 2 +0 1 1 91D942E4A2D4226DDAF28CADAA7F13018E4ED0D9A43A529247E51C965188576C +subject= /CN=example.com +issuer= /CN=Issuer CA +notBefore=Dec 13 23:23:52 2015 GMT +notAfter=Apr 15 23:23:52 3015 GMT +-----BEGIN CERTIFICATE----- +MIIBlDCCATugAwIBAgIBAjAKBggqhkjOPQQDAjAUMRIwEAYDVQQDDAlJc3N1ZXIg +Q0EwIBcNMTUxMjEzMjMyMzUyWhgPMzAxNTA0MTUyMzIzNTJaMBYxFDASBgNVBAMM +C2V4YW1wbGUuY29tMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEZkmV9HveNee0 +3kiyWOnooHreu9uGOz0G9IGhlGyD2p9Wz/TZOJuFXS82SxWFsMc0/PomMCaWT/Wk +MIs/yHm9uKN6MHgwHQYDVR0OBBYEFFsgykF9kIjHpMAXy2wMHHObsH2KMB8GA1Ud +IwQYMBaAFHq3WjzSlcpd98UVCRbhj/XMN2oVMAkGA1UdEwQCMAAwEwYDVR0lBAww +CgYIKwYBBQUHAwEwFgYDVR0RBA8wDYILZXhhbXBsZS5jb20wCgYIKoZIzj0EAwID +RwAwRAIfIckDKlyKk4ctP0rvMhqVdN2VbUO9k8NplExy1pAoWAIhAMizKQ16835X +GoTXBNutM50ph9QYUtxZNvISlHBjkRGB +-----END CERTIFICATE----- +subject= /CN=Issuer CA +issuer= /CN=Root CA +notBefore=Dec 13 23:20:09 2015 GMT +notAfter=Apr 15 23:20:09 3015 GMT +-----BEGIN CERTIFICATE----- +MIIBaDCCAQ2gAwIBAgIBAjAKBggqhkjOPQQDAjASMRAwDgYDVQQDDAdSb290IENB +MCAXDTE1MTIxMzIzMjAwOVoYDzMwMTUwNDE1MjMyMDA5WjAUMRIwEAYDVQQDDAlJ +c3N1ZXIgQ0EwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAR9S64YtJ9dxp0KPIXG +aj4hGd6Sz60IH61VwS1RDsl7bADhNpWo2XE1SP5g3xVXM5BDPiob2S20t6oBbsYY +XcWvo1AwTjAdBgNVHQ4EFgQUerdaPNKVyl33xRUJFuGP9cw3ahUwHwYDVR0jBBgw +FoAU5L1AXwUqgg3fmIP5PX0/kKrscj8wDAYDVR0TBAUwAwEB/zAKBggqhkjOPQQD +AgNJADBGAiEAgx3NiC2oeF1Q5BAgiYwCSIed3fctcB0dwd5r4IFVtD4CIQC4Sy+1 +GcTNPLx5FgPUSI93B1l9t5gNnBc+f90OzXyjCA== +-----END CERTIFICATE----- + +# 31 +1 3 0 0 2 +0 0 2 361029F20A3B59DAFAAF05D41811EFC1A9439B972BC6B9D7F13BC5469570E49ACAE0CB0C877C75D58346590EA950AC7A39AED6E8AA8004EA7F5DE3AB9462047E +subject= /CN=example.com +issuer= /CN=Issuer CA +notBefore=Dec 13 23:23:52 2015 GMT +notAfter=Apr 15 23:23:52 3015 GMT +-----BEGIN CERTIFICATE----- +MIIBlDCCATugAwIBAgIBAjAKBggqhkjOPQQDAjAUMRIwEAYDVQQDDAlJc3N1ZXIg +Q0EwIBcNMTUxMjEzMjMyMzUyWhgPMzAxNTA0MTUyMzIzNTJaMBYxFDASBgNVBAMM +C2V4YW1wbGUuY29tMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEZkmV9HveNee0 +3kiyWOnooHreu9uGOz0G9IGhlGyD2p9Wz/TZOJuFXS82SxWFsMc0/PomMCaWT/Wk +MIs/yHm9uKN6MHgwHQYDVR0OBBYEFFsgykF9kIjHpMAXy2wMHHObsH2KMB8GA1Ud +IwQYMBaAFHq3WjzSlcpd98UVCRbhj/XMN2oVMAkGA1UdEwQCMAAwEwYDVR0lBAww +CgYIKwYBBQUHAwEwFgYDVR0RBA8wDYILZXhhbXBsZS5jb20wCgYIKoZIzj0EAwID +RwAwRAIfIckDKlyKk4ctP0rvMhqVdN2VbUO9k8NplExy1pAoWAIhAMizKQ16835X +GoTXBNutM50ph9QYUtxZNvISlHBjkRGB +-----END CERTIFICATE----- +subject= /CN=Issuer CA +issuer= /CN=Root CA +notBefore=Dec 13 23:20:09 2015 GMT +notAfter=Apr 15 23:20:09 3015 GMT +-----BEGIN CERTIFICATE----- +MIIBaDCCAQ2gAwIBAgIBAjAKBggqhkjOPQQDAjASMRAwDgYDVQQDDAdSb290IENB +MCAXDTE1MTIxMzIzMjAwOVoYDzMwMTUwNDE1MjMyMDA5WjAUMRIwEAYDVQQDDAlJ +c3N1ZXIgQ0EwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAR9S64YtJ9dxp0KPIXG +aj4hGd6Sz60IH61VwS1RDsl7bADhNpWo2XE1SP5g3xVXM5BDPiob2S20t6oBbsYY +XcWvo1AwTjAdBgNVHQ4EFgQUerdaPNKVyl33xRUJFuGP9cw3ahUwHwYDVR0jBBgw +FoAU5L1AXwUqgg3fmIP5PX0/kKrscj8wDAYDVR0TBAUwAwEB/zAKBggqhkjOPQQD +AgNJADBGAiEAgx3NiC2oeF1Q5BAgiYwCSIed3fctcB0dwd5r4IFVtD4CIQC4Sy+1 +GcTNPLx5FgPUSI93B1l9t5gNnBc+f90OzXyjCA== +-----END CERTIFICATE----- +subject= /CN=Root CA +issuer= /CN=Root CA +notBefore=Dec 13 23:13:08 2015 GMT +notAfter=Apr 15 23:13:08 3015 GMT +-----BEGIN CERTIFICATE----- +MIIBZDCCAQugAwIBAgIBATAKBggqhkjOPQQDAjASMRAwDgYDVQQDDAdSb290IENB +MCAXDTE1MTIxMzIzMTMwOFoYDzMwMTUwNDE1MjMxMzA4WjASMRAwDgYDVQQDDAdS +b290IENBMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE0dpXj9GPuGRWsNkbVla9 +1o1N29JQ4zdXESfHXgVg9B0K+Rv6+IBfgMKMAmoU1P6MMKlnO57AwFqEqoENE0G3 +bKNQME4wHQYDVR0OBBYEFOS9QF8FKoIN35iD+T19P5Cq7HI/MB8GA1UdIwQYMBaA +FOS9QF8FKoIN35iD+T19P5Cq7HI/MAwGA1UdEwQFMAMBAf8wCgYIKoZIzj0EAwID +RwAwRAIgaGnmqp+bTUvzCAkaWnqyww42GbDXXlKIGUaOS7km9MkCIBfxuEWGEZZv +vBCcrtNYKWa/JfwFmOq6bHk8WNzDU3zF +-----END CERTIFICATE----- + +# 32 +1 3 0 0 2 +0 1 2 5F414D4D7BFDF22E39952D9F46C51370FDD050F10C55B4CDB42E40FA98611FDE23EEE9B23315EE1ECDB198C7419E9A2D6742860E4806AF45164507799C3B452E +subject= /CN=example.com +issuer= /CN=Issuer CA +notBefore=Dec 13 23:23:52 2015 GMT +notAfter=Apr 15 23:23:52 3015 GMT +-----BEGIN CERTIFICATE----- +MIIBlDCCATugAwIBAgIBAjAKBggqhkjOPQQDAjAUMRIwEAYDVQQDDAlJc3N1ZXIg +Q0EwIBcNMTUxMjEzMjMyMzUyWhgPMzAxNTA0MTUyMzIzNTJaMBYxFDASBgNVBAMM +C2V4YW1wbGUuY29tMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEZkmV9HveNee0 +3kiyWOnooHreu9uGOz0G9IGhlGyD2p9Wz/TZOJuFXS82SxWFsMc0/PomMCaWT/Wk +MIs/yHm9uKN6MHgwHQYDVR0OBBYEFFsgykF9kIjHpMAXy2wMHHObsH2KMB8GA1Ud +IwQYMBaAFHq3WjzSlcpd98UVCRbhj/XMN2oVMAkGA1UdEwQCMAAwEwYDVR0lBAww +CgYIKwYBBQUHAwEwFgYDVR0RBA8wDYILZXhhbXBsZS5jb20wCgYIKoZIzj0EAwID +RwAwRAIfIckDKlyKk4ctP0rvMhqVdN2VbUO9k8NplExy1pAoWAIhAMizKQ16835X +GoTXBNutM50ph9QYUtxZNvISlHBjkRGB +-----END CERTIFICATE----- +subject= /CN=Issuer CA +issuer= /CN=Root CA +notBefore=Dec 13 23:20:09 2015 GMT +notAfter=Apr 15 23:20:09 3015 GMT +-----BEGIN CERTIFICATE----- +MIIBaDCCAQ2gAwIBAgIBAjAKBggqhkjOPQQDAjASMRAwDgYDVQQDDAdSb290IENB +MCAXDTE1MTIxMzIzMjAwOVoYDzMwMTUwNDE1MjMyMDA5WjAUMRIwEAYDVQQDDAlJ +c3N1ZXIgQ0EwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAR9S64YtJ9dxp0KPIXG +aj4hGd6Sz60IH61VwS1RDsl7bADhNpWo2XE1SP5g3xVXM5BDPiob2S20t6oBbsYY +XcWvo1AwTjAdBgNVHQ4EFgQUerdaPNKVyl33xRUJFuGP9cw3ahUwHwYDVR0jBBgw +FoAU5L1AXwUqgg3fmIP5PX0/kKrscj8wDAYDVR0TBAUwAwEB/zAKBggqhkjOPQQD +AgNJADBGAiEAgx3NiC2oeF1Q5BAgiYwCSIed3fctcB0dwd5r4IFVtD4CIQC4Sy+1 +GcTNPLx5FgPUSI93B1l9t5gNnBc+f90OzXyjCA== +-----END CERTIFICATE----- +subject= /CN=Root CA +issuer= /CN=Root CA +notBefore=Dec 13 23:13:08 2015 GMT +notAfter=Apr 15 23:13:08 3015 GMT +-----BEGIN CERTIFICATE----- +MIIBZDCCAQugAwIBAgIBATAKBggqhkjOPQQDAjASMRAwDgYDVQQDDAdSb290IENB +MCAXDTE1MTIxMzIzMTMwOFoYDzMwMTUwNDE1MjMxMzA4WjASMRAwDgYDVQQDDAdS +b290IENBMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE0dpXj9GPuGRWsNkbVla9 +1o1N29JQ4zdXESfHXgVg9B0K+Rv6+IBfgMKMAmoU1P6MMKlnO57AwFqEqoENE0G3 +bKNQME4wHQYDVR0OBBYEFOS9QF8FKoIN35iD+T19P5Cq7HI/MB8GA1UdIwQYMBaA +FOS9QF8FKoIN35iD+T19P5Cq7HI/MAwGA1UdEwQFMAMBAf8wCgYIKoZIzj0EAwID +RwAwRAIgaGnmqp+bTUvzCAkaWnqyww42GbDXXlKIGUaOS7km9MkCIBfxuEWGEZZv +vBCcrtNYKWa/JfwFmOq6bHk8WNzDU3zF +-----END CERTIFICATE----- + +## -- PKIX-?? chain failures -- + +# 33 +# Missing intermediate CA +1 1 0 20 0 +1 0 1 BEDC04764CECAE80AEE454D332758F50847DCA424216466E4012E0DEAE1F2E5F +subject= /CN=example.com +issuer= /CN=Issuer CA +notBefore=Dec 13 23:23:52 2015 GMT +notAfter=Apr 15 23:23:52 3015 GMT +-----BEGIN CERTIFICATE----- +MIIBlDCCATugAwIBAgIBAjAKBggqhkjOPQQDAjAUMRIwEAYDVQQDDAlJc3N1ZXIg +Q0EwIBcNMTUxMjEzMjMyMzUyWhgPMzAxNTA0MTUyMzIzNTJaMBYxFDASBgNVBAMM +C2V4YW1wbGUuY29tMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEZkmV9HveNee0 +3kiyWOnooHreu9uGOz0G9IGhlGyD2p9Wz/TZOJuFXS82SxWFsMc0/PomMCaWT/Wk +MIs/yHm9uKN6MHgwHQYDVR0OBBYEFFsgykF9kIjHpMAXy2wMHHObsH2KMB8GA1Ud +IwQYMBaAFHq3WjzSlcpd98UVCRbhj/XMN2oVMAkGA1UdEwQCMAAwEwYDVR0lBAww +CgYIKwYBBQUHAwEwFgYDVR0RBA8wDYILZXhhbXBsZS5jb20wCgYIKoZIzj0EAwID +RwAwRAIfIckDKlyKk4ctP0rvMhqVdN2VbUO9k8NplExy1pAoWAIhAMizKQ16835X +GoTXBNutM50ph9QYUtxZNvISlHBjkRGB +-----END CERTIFICATE----- + +# 34 +# Missing PKIX intermediate, provided via DNS +2 1 0 0 0 +1 1 1 3111668338043DE264D0256A702248696C9484B6221A42740F920187B4C61838 +0 0 0 308201683082010DA003020102020102300A06082A8648CE3D04030230123110300E06035504030C07526F6F742043413020170D3135313231333233323030395A180F33303135303431353233323030395A30143112301006035504030C094973737565722043413059301306072A8648CE3D020106082A8648CE3D030107034200047D4BAE18B49F5DC69D0A3C85C66A3E2119DE92CFAD081FAD55C12D510EC97B6C00E13695A8D9713548FE60DF15573390433E2A1BD92DB4B7AA016EC6185DC5AFA350304E301D0603551D0E041604147AB75A3CD295CA5DF7C5150916E18FF5CC376A15301F0603551D23041830168014E4BD405F052A820DDF9883F93D7D3F90AAEC723F300C0603551D13040530030101FF300A06082A8648CE3D0403020349003046022100831DCD882DA8785D50E41020898C0248879DDDF72D701D1DC1DE6BE08155B43E022100B84B2FB519C4CD3CBC791603D4488F7707597DB7980D9C173E7FDD0ECD7CA308 +subject= /CN=example.com +issuer= /CN=Issuer CA +notBefore=Dec 13 23:23:52 2015 GMT +notAfter=Apr 15 23:23:52 3015 GMT +-----BEGIN CERTIFICATE----- +MIIBlDCCATugAwIBAgIBAjAKBggqhkjOPQQDAjAUMRIwEAYDVQQDDAlJc3N1ZXIg +Q0EwIBcNMTUxMjEzMjMyMzUyWhgPMzAxNTA0MTUyMzIzNTJaMBYxFDASBgNVBAMM +C2V4YW1wbGUuY29tMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEZkmV9HveNee0 +3kiyWOnooHreu9uGOz0G9IGhlGyD2p9Wz/TZOJuFXS82SxWFsMc0/PomMCaWT/Wk +MIs/yHm9uKN6MHgwHQYDVR0OBBYEFFsgykF9kIjHpMAXy2wMHHObsH2KMB8GA1Ud +IwQYMBaAFHq3WjzSlcpd98UVCRbhj/XMN2oVMAkGA1UdEwQCMAAwEwYDVR0lBAww +CgYIKwYBBQUHAwEwFgYDVR0RBA8wDYILZXhhbXBsZS5jb20wCgYIKoZIzj0EAwID +RwAwRAIfIckDKlyKk4ctP0rvMhqVdN2VbUO9k8NplExy1pAoWAIhAMizKQ16835X +GoTXBNutM50ph9QYUtxZNvISlHBjkRGB +-----END CERTIFICATE----- + +# 35 +# Wrong leaf digest +1 3 0 65 -1 +1 0 2 F756CCD61F3CA50D017653911701CA0052AF0B29E273DD263DD23643D86D4369D03686BD1369EF54BB2DC2DAE3CE4F05AF39D54648F94D54AA86B259AEAD9924 +subject= /CN=example.com +issuer= /CN=Issuer CA +notBefore=Dec 13 23:23:52 2015 GMT +notAfter=Apr 15 23:23:52 3015 GMT +-----BEGIN CERTIFICATE----- +MIIBlDCCATugAwIBAgIBAjAKBggqhkjOPQQDAjAUMRIwEAYDVQQDDAlJc3N1ZXIg +Q0EwIBcNMTUxMjEzMjMyMzUyWhgPMzAxNTA0MTUyMzIzNTJaMBYxFDASBgNVBAMM +C2V4YW1wbGUuY29tMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEZkmV9HveNee0 +3kiyWOnooHreu9uGOz0G9IGhlGyD2p9Wz/TZOJuFXS82SxWFsMc0/PomMCaWT/Wk +MIs/yHm9uKN6MHgwHQYDVR0OBBYEFFsgykF9kIjHpMAXy2wMHHObsH2KMB8GA1Ud +IwQYMBaAFHq3WjzSlcpd98UVCRbhj/XMN2oVMAkGA1UdEwQCMAAwEwYDVR0lBAww +CgYIKwYBBQUHAwEwFgYDVR0RBA8wDYILZXhhbXBsZS5jb20wCgYIKoZIzj0EAwID +RwAwRAIfIckDKlyKk4ctP0rvMhqVdN2VbUO9k8NplExy1pAoWAIhAMizKQ16835X +GoTXBNutM50ph9QYUtxZNvISlHBjkRGB +-----END CERTIFICATE----- +subject= /CN=Issuer CA +issuer= /CN=Root CA +notBefore=Dec 13 23:20:09 2015 GMT +notAfter=Apr 15 23:20:09 3015 GMT +-----BEGIN CERTIFICATE----- +MIIBaDCCAQ2gAwIBAgIBAjAKBggqhkjOPQQDAjASMRAwDgYDVQQDDAdSb290IENB +MCAXDTE1MTIxMzIzMjAwOVoYDzMwMTUwNDE1MjMyMDA5WjAUMRIwEAYDVQQDDAlJ +c3N1ZXIgQ0EwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAR9S64YtJ9dxp0KPIXG +aj4hGd6Sz60IH61VwS1RDsl7bADhNpWo2XE1SP5g3xVXM5BDPiob2S20t6oBbsYY +XcWvo1AwTjAdBgNVHQ4EFgQUerdaPNKVyl33xRUJFuGP9cw3ahUwHwYDVR0jBBgw +FoAU5L1AXwUqgg3fmIP5PX0/kKrscj8wDAYDVR0TBAUwAwEB/zAKBggqhkjOPQQD +AgNJADBGAiEAgx3NiC2oeF1Q5BAgiYwCSIed3fctcB0dwd5r4IFVtD4CIQC4Sy+1 +GcTNPLx5FgPUSI93B1l9t5gNnBc+f90OzXyjCA== +-----END CERTIFICATE----- +subject= /CN=Root CA +issuer= /CN=Root CA +notBefore=Dec 13 23:13:08 2015 GMT +notAfter=Apr 15 23:13:08 3015 GMT +-----BEGIN CERTIFICATE----- +MIIBZDCCAQugAwIBAgIBATAKBggqhkjOPQQDAjASMRAwDgYDVQQDDAdSb290IENB +MCAXDTE1MTIxMzIzMTMwOFoYDzMwMTUwNDE1MjMxMzA4WjASMRAwDgYDVQQDDAdS +b290IENBMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE0dpXj9GPuGRWsNkbVla9 +1o1N29JQ4zdXESfHXgVg9B0K+Rv6+IBfgMKMAmoU1P6MMKlnO57AwFqEqoENE0G3 +bKNQME4wHQYDVR0OBBYEFOS9QF8FKoIN35iD+T19P5Cq7HI/MB8GA1UdIwQYMBaA +FOS9QF8FKoIN35iD+T19P5Cq7HI/MAwGA1UdEwQFMAMBAf8wCgYIKoZIzj0EAwID +RwAwRAIgaGnmqp+bTUvzCAkaWnqyww42GbDXXlKIGUaOS7km9MkCIBfxuEWGEZZv +vBCcrtNYKWa/JfwFmOq6bHk8WNzDU3zF +-----END CERTIFICATE----- + +# 36 +# Wrong intermediate digest +1 2 0 65 -1 +0 0 1 0DAA76425A1FC398C55A643D5A2485AE4CC2B64B9515A75054722B2E83C31BBE +subject= /CN=example.com +issuer= /CN=Issuer CA +notBefore=Dec 13 23:23:52 2015 GMT +notAfter=Apr 15 23:23:52 3015 GMT +-----BEGIN CERTIFICATE----- +MIIBlDCCATugAwIBAgIBAjAKBggqhkjOPQQDAjAUMRIwEAYDVQQDDAlJc3N1ZXIg +Q0EwIBcNMTUxMjEzMjMyMzUyWhgPMzAxNTA0MTUyMzIzNTJaMBYxFDASBgNVBAMM +C2V4YW1wbGUuY29tMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEZkmV9HveNee0 +3kiyWOnooHreu9uGOz0G9IGhlGyD2p9Wz/TZOJuFXS82SxWFsMc0/PomMCaWT/Wk +MIs/yHm9uKN6MHgwHQYDVR0OBBYEFFsgykF9kIjHpMAXy2wMHHObsH2KMB8GA1Ud +IwQYMBaAFHq3WjzSlcpd98UVCRbhj/XMN2oVMAkGA1UdEwQCMAAwEwYDVR0lBAww +CgYIKwYBBQUHAwEwFgYDVR0RBA8wDYILZXhhbXBsZS5jb20wCgYIKoZIzj0EAwID +RwAwRAIfIckDKlyKk4ctP0rvMhqVdN2VbUO9k8NplExy1pAoWAIhAMizKQ16835X +GoTXBNutM50ph9QYUtxZNvISlHBjkRGB +-----END CERTIFICATE----- +subject= /CN=Issuer CA +issuer= /CN=Root CA +notBefore=Dec 13 23:20:09 2015 GMT +notAfter=Apr 15 23:20:09 3015 GMT +-----BEGIN CERTIFICATE----- +MIIBaDCCAQ2gAwIBAgIBAjAKBggqhkjOPQQDAjASMRAwDgYDVQQDDAdSb290IENB +MCAXDTE1MTIxMzIzMjAwOVoYDzMwMTUwNDE1MjMyMDA5WjAUMRIwEAYDVQQDDAlJ +c3N1ZXIgQ0EwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAR9S64YtJ9dxp0KPIXG +aj4hGd6Sz60IH61VwS1RDsl7bADhNpWo2XE1SP5g3xVXM5BDPiob2S20t6oBbsYY +XcWvo1AwTjAdBgNVHQ4EFgQUerdaPNKVyl33xRUJFuGP9cw3ahUwHwYDVR0jBBgw +FoAU5L1AXwUqgg3fmIP5PX0/kKrscj8wDAYDVR0TBAUwAwEB/zAKBggqhkjOPQQD +AgNJADBGAiEAgx3NiC2oeF1Q5BAgiYwCSIed3fctcB0dwd5r4IFVtD4CIQC4Sy+1 +GcTNPLx5FgPUSI93B1l9t5gNnBc+f90OzXyjCA== +-----END CERTIFICATE----- + +# 37 +# Wrong root digest +1 2 0 65 -1 +0 0 1 FE7C8E01110627A782765E468D8CB4D2CC7907EAC4BA5974CD92B540ED2AAC3D +subject= /CN=example.com +issuer= /CN=Issuer CA +notBefore=Dec 13 23:23:52 2015 GMT +notAfter=Apr 15 23:23:52 3015 GMT +-----BEGIN CERTIFICATE----- +MIIBlDCCATugAwIBAgIBAjAKBggqhkjOPQQDAjAUMRIwEAYDVQQDDAlJc3N1ZXIg +Q0EwIBcNMTUxMjEzMjMyMzUyWhgPMzAxNTA0MTUyMzIzNTJaMBYxFDASBgNVBAMM +C2V4YW1wbGUuY29tMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEZkmV9HveNee0 +3kiyWOnooHreu9uGOz0G9IGhlGyD2p9Wz/TZOJuFXS82SxWFsMc0/PomMCaWT/Wk +MIs/yHm9uKN6MHgwHQYDVR0OBBYEFFsgykF9kIjHpMAXy2wMHHObsH2KMB8GA1Ud +IwQYMBaAFHq3WjzSlcpd98UVCRbhj/XMN2oVMAkGA1UdEwQCMAAwEwYDVR0lBAww +CgYIKwYBBQUHAwEwFgYDVR0RBA8wDYILZXhhbXBsZS5jb20wCgYIKoZIzj0EAwID +RwAwRAIfIckDKlyKk4ctP0rvMhqVdN2VbUO9k8NplExy1pAoWAIhAMizKQ16835X +GoTXBNutM50ph9QYUtxZNvISlHBjkRGB +-----END CERTIFICATE----- +subject= /CN=Issuer CA +issuer= /CN=Root CA +notBefore=Dec 13 23:20:09 2015 GMT +notAfter=Apr 15 23:20:09 3015 GMT +-----BEGIN CERTIFICATE----- +MIIBaDCCAQ2gAwIBAgIBAjAKBggqhkjOPQQDAjASMRAwDgYDVQQDDAdSb290IENB +MCAXDTE1MTIxMzIzMjAwOVoYDzMwMTUwNDE1MjMyMDA5WjAUMRIwEAYDVQQDDAlJ +c3N1ZXIgQ0EwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAR9S64YtJ9dxp0KPIXG +aj4hGd6Sz60IH61VwS1RDsl7bADhNpWo2XE1SP5g3xVXM5BDPiob2S20t6oBbsYY +XcWvo1AwTjAdBgNVHQ4EFgQUerdaPNKVyl33xRUJFuGP9cw3ahUwHwYDVR0jBBgw +FoAU5L1AXwUqgg3fmIP5PX0/kKrscj8wDAYDVR0TBAUwAwEB/zAKBggqhkjOPQQD +AgNJADBGAiEAgx3NiC2oeF1Q5BAgiYwCSIed3fctcB0dwd5r4IFVtD4CIQC4Sy+1 +GcTNPLx5FgPUSI93B1l9t5gNnBc+f90OzXyjCA== +-----END CERTIFICATE----- + +## -- Mixed usage cases + +# 38 +# DANE-EE(3) beats DANE-TA(2) +1 3 0 0 0 +3 1 2 CB861AF6DDED185EE04472A9092052CCC735120C34785E72C996C94B122EBA6F329BE630B1B4C6E2756E7A75392C21E253C6AEACC31FD45FF4595DED375FAF62 +2 1 2 5F414D4D7BFDF22E39952D9F46C51370FDD050F10C55B4CDB42E40FA98611FDE23EEE9B23315EE1ECDB198C7419E9A2D6742860E4806AF45164507799C3B452E +subject= /CN=example.com +issuer= /CN=Issuer CA +notBefore=Dec 13 23:23:52 2015 GMT +notAfter=Apr 15 23:23:52 3015 GMT +-----BEGIN CERTIFICATE----- +MIIBlDCCATugAwIBAgIBAjAKBggqhkjOPQQDAjAUMRIwEAYDVQQDDAlJc3N1ZXIg +Q0EwIBcNMTUxMjEzMjMyMzUyWhgPMzAxNTA0MTUyMzIzNTJaMBYxFDASBgNVBAMM +C2V4YW1wbGUuY29tMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEZkmV9HveNee0 +3kiyWOnooHreu9uGOz0G9IGhlGyD2p9Wz/TZOJuFXS82SxWFsMc0/PomMCaWT/Wk +MIs/yHm9uKN6MHgwHQYDVR0OBBYEFFsgykF9kIjHpMAXy2wMHHObsH2KMB8GA1Ud +IwQYMBaAFHq3WjzSlcpd98UVCRbhj/XMN2oVMAkGA1UdEwQCMAAwEwYDVR0lBAww +CgYIKwYBBQUHAwEwFgYDVR0RBA8wDYILZXhhbXBsZS5jb20wCgYIKoZIzj0EAwID +RwAwRAIfIckDKlyKk4ctP0rvMhqVdN2VbUO9k8NplExy1pAoWAIhAMizKQ16835X +GoTXBNutM50ph9QYUtxZNvISlHBjkRGB +-----END CERTIFICATE----- +subject= /CN=Issuer CA +issuer= /CN=Root CA +notBefore=Dec 13 23:20:09 2015 GMT +notAfter=Apr 15 23:20:09 3015 GMT +-----BEGIN CERTIFICATE----- +MIIBaDCCAQ2gAwIBAgIBAjAKBggqhkjOPQQDAjASMRAwDgYDVQQDDAdSb290IENB +MCAXDTE1MTIxMzIzMjAwOVoYDzMwMTUwNDE1MjMyMDA5WjAUMRIwEAYDVQQDDAlJ +c3N1ZXIgQ0EwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAR9S64YtJ9dxp0KPIXG +aj4hGd6Sz60IH61VwS1RDsl7bADhNpWo2XE1SP5g3xVXM5BDPiob2S20t6oBbsYY +XcWvo1AwTjAdBgNVHQ4EFgQUerdaPNKVyl33xRUJFuGP9cw3ahUwHwYDVR0jBBgw +FoAU5L1AXwUqgg3fmIP5PX0/kKrscj8wDAYDVR0TBAUwAwEB/zAKBggqhkjOPQQD +AgNJADBGAiEAgx3NiC2oeF1Q5BAgiYwCSIed3fctcB0dwd5r4IFVtD4CIQC4Sy+1 +GcTNPLx5FgPUSI93B1l9t5gNnBc+f90OzXyjCA== +-----END CERTIFICATE----- +subject= /CN=Root CA +issuer= /CN=Root CA +notBefore=Dec 13 23:13:08 2015 GMT +notAfter=Apr 15 23:13:08 3015 GMT +-----BEGIN CERTIFICATE----- +MIIBZDCCAQugAwIBAgIBATAKBggqhkjOPQQDAjASMRAwDgYDVQQDDAdSb290IENB +MCAXDTE1MTIxMzIzMTMwOFoYDzMwMTUwNDE1MjMxMzA4WjASMRAwDgYDVQQDDAdS +b290IENBMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE0dpXj9GPuGRWsNkbVla9 +1o1N29JQ4zdXESfHXgVg9B0K+Rv6+IBfgMKMAmoU1P6MMKlnO57AwFqEqoENE0G3 +bKNQME4wHQYDVR0OBBYEFOS9QF8FKoIN35iD+T19P5Cq7HI/MB8GA1UdIwQYMBaA +FOS9QF8FKoIN35iD+T19P5Cq7HI/MAwGA1UdEwQFMAMBAf8wCgYIKoZIzj0EAwID +RwAwRAIgaGnmqp+bTUvzCAkaWnqyww42GbDXXlKIGUaOS7km9MkCIBfxuEWGEZZv +vBCcrtNYKWa/JfwFmOq6bHk8WNzDU3zF +-----END CERTIFICATE----- + +# 39 +# DANE-TA(2) depth 1 beats DANE-TA(2) depth 2 +1 3 0 0 1 +2 1 2 1F484106F765B6F1AC483CC509CDAD36486A83D1BA115F562516F407C1109303658408B455824DA0785A252B205DBEECB1AFB5DB869E8AAC242091B63F258F05 +2 1 2 5F414D4D7BFDF22E39952D9F46C51370FDD050F10C55B4CDB42E40FA98611FDE23EEE9B23315EE1ECDB198C7419E9A2D6742860E4806AF45164507799C3B452E +subject= /CN=example.com +issuer= /CN=Issuer CA +notBefore=Dec 13 23:23:52 2015 GMT +notAfter=Apr 15 23:23:52 3015 GMT +-----BEGIN CERTIFICATE----- +MIIBlDCCATugAwIBAgIBAjAKBggqhkjOPQQDAjAUMRIwEAYDVQQDDAlJc3N1ZXIg +Q0EwIBcNMTUxMjEzMjMyMzUyWhgPMzAxNTA0MTUyMzIzNTJaMBYxFDASBgNVBAMM +C2V4YW1wbGUuY29tMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEZkmV9HveNee0 +3kiyWOnooHreu9uGOz0G9IGhlGyD2p9Wz/TZOJuFXS82SxWFsMc0/PomMCaWT/Wk +MIs/yHm9uKN6MHgwHQYDVR0OBBYEFFsgykF9kIjHpMAXy2wMHHObsH2KMB8GA1Ud +IwQYMBaAFHq3WjzSlcpd98UVCRbhj/XMN2oVMAkGA1UdEwQCMAAwEwYDVR0lBAww +CgYIKwYBBQUHAwEwFgYDVR0RBA8wDYILZXhhbXBsZS5jb20wCgYIKoZIzj0EAwID +RwAwRAIfIckDKlyKk4ctP0rvMhqVdN2VbUO9k8NplExy1pAoWAIhAMizKQ16835X +GoTXBNutM50ph9QYUtxZNvISlHBjkRGB +-----END CERTIFICATE----- +subject= /CN=Issuer CA +issuer= /CN=Root CA +notBefore=Dec 13 23:20:09 2015 GMT +notAfter=Apr 15 23:20:09 3015 GMT +-----BEGIN CERTIFICATE----- +MIIBaDCCAQ2gAwIBAgIBAjAKBggqhkjOPQQDAjASMRAwDgYDVQQDDAdSb290IENB +MCAXDTE1MTIxMzIzMjAwOVoYDzMwMTUwNDE1MjMyMDA5WjAUMRIwEAYDVQQDDAlJ +c3N1ZXIgQ0EwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAR9S64YtJ9dxp0KPIXG +aj4hGd6Sz60IH61VwS1RDsl7bADhNpWo2XE1SP5g3xVXM5BDPiob2S20t6oBbsYY +XcWvo1AwTjAdBgNVHQ4EFgQUerdaPNKVyl33xRUJFuGP9cw3ahUwHwYDVR0jBBgw +FoAU5L1AXwUqgg3fmIP5PX0/kKrscj8wDAYDVR0TBAUwAwEB/zAKBggqhkjOPQQD +AgNJADBGAiEAgx3NiC2oeF1Q5BAgiYwCSIed3fctcB0dwd5r4IFVtD4CIQC4Sy+1 +GcTNPLx5FgPUSI93B1l9t5gNnBc+f90OzXyjCA== +-----END CERTIFICATE----- +subject= /CN=Root CA +issuer= /CN=Root CA +notBefore=Dec 13 23:13:08 2015 GMT +notAfter=Apr 15 23:13:08 3015 GMT +-----BEGIN CERTIFICATE----- +MIIBZDCCAQugAwIBAgIBATAKBggqhkjOPQQDAjASMRAwDgYDVQQDDAdSb290IENB +MCAXDTE1MTIxMzIzMTMwOFoYDzMwMTUwNDE1MjMxMzA4WjASMRAwDgYDVQQDDAdS +b290IENBMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE0dpXj9GPuGRWsNkbVla9 +1o1N29JQ4zdXESfHXgVg9B0K+Rv6+IBfgMKMAmoU1P6MMKlnO57AwFqEqoENE0G3 +bKNQME4wHQYDVR0OBBYEFOS9QF8FKoIN35iD+T19P5Cq7HI/MB8GA1UdIwQYMBaA +FOS9QF8FKoIN35iD+T19P5Cq7HI/MAwGA1UdEwQFMAMBAf8wCgYIKoZIzj0EAwID +RwAwRAIgaGnmqp+bTUvzCAkaWnqyww42GbDXXlKIGUaOS7km9MkCIBfxuEWGEZZv +vBCcrtNYKWa/JfwFmOq6bHk8WNzDU3zF +-----END CERTIFICATE----- + +# 40 +# DANE-TA(2) depth 2 beats PKIX-TA(0) depth 1 +1 3 0 0 2 +2 0 1 FE7C8E01110627A782765E468D8CB4D2CC7907EAC4BA5974CD92B540ED2AAC3C +0 0 1 0DAA76425A1FC398C55A643D5A2485AE4CC2B64B9515A75054722B2E83C31BBD +subject= /CN=example.com +issuer= /CN=Issuer CA +notBefore=Dec 13 23:23:52 2015 GMT +notAfter=Apr 15 23:23:52 3015 GMT +-----BEGIN CERTIFICATE----- +MIIBlDCCATugAwIBAgIBAjAKBggqhkjOPQQDAjAUMRIwEAYDVQQDDAlJc3N1ZXIg +Q0EwIBcNMTUxMjEzMjMyMzUyWhgPMzAxNTA0MTUyMzIzNTJaMBYxFDASBgNVBAMM +C2V4YW1wbGUuY29tMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEZkmV9HveNee0 +3kiyWOnooHreu9uGOz0G9IGhlGyD2p9Wz/TZOJuFXS82SxWFsMc0/PomMCaWT/Wk +MIs/yHm9uKN6MHgwHQYDVR0OBBYEFFsgykF9kIjHpMAXy2wMHHObsH2KMB8GA1Ud +IwQYMBaAFHq3WjzSlcpd98UVCRbhj/XMN2oVMAkGA1UdEwQCMAAwEwYDVR0lBAww +CgYIKwYBBQUHAwEwFgYDVR0RBA8wDYILZXhhbXBsZS5jb20wCgYIKoZIzj0EAwID +RwAwRAIfIckDKlyKk4ctP0rvMhqVdN2VbUO9k8NplExy1pAoWAIhAMizKQ16835X +GoTXBNutM50ph9QYUtxZNvISlHBjkRGB +-----END CERTIFICATE----- +subject= /CN=Issuer CA +issuer= /CN=Root CA +notBefore=Dec 13 23:20:09 2015 GMT +notAfter=Apr 15 23:20:09 3015 GMT +-----BEGIN CERTIFICATE----- +MIIBaDCCAQ2gAwIBAgIBAjAKBggqhkjOPQQDAjASMRAwDgYDVQQDDAdSb290IENB +MCAXDTE1MTIxMzIzMjAwOVoYDzMwMTUwNDE1MjMyMDA5WjAUMRIwEAYDVQQDDAlJ +c3N1ZXIgQ0EwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAR9S64YtJ9dxp0KPIXG +aj4hGd6Sz60IH61VwS1RDsl7bADhNpWo2XE1SP5g3xVXM5BDPiob2S20t6oBbsYY +XcWvo1AwTjAdBgNVHQ4EFgQUerdaPNKVyl33xRUJFuGP9cw3ahUwHwYDVR0jBBgw +FoAU5L1AXwUqgg3fmIP5PX0/kKrscj8wDAYDVR0TBAUwAwEB/zAKBggqhkjOPQQD +AgNJADBGAiEAgx3NiC2oeF1Q5BAgiYwCSIed3fctcB0dwd5r4IFVtD4CIQC4Sy+1 +GcTNPLx5FgPUSI93B1l9t5gNnBc+f90OzXyjCA== +-----END CERTIFICATE----- +subject= /CN=Root CA +issuer= /CN=Root CA +notBefore=Dec 13 23:13:08 2015 GMT +notAfter=Apr 15 23:13:08 3015 GMT +-----BEGIN CERTIFICATE----- +MIIBZDCCAQugAwIBAgIBATAKBggqhkjOPQQDAjASMRAwDgYDVQQDDAdSb290IENB +MCAXDTE1MTIxMzIzMTMwOFoYDzMwMTUwNDE1MjMxMzA4WjASMRAwDgYDVQQDDAdS +b290IENBMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE0dpXj9GPuGRWsNkbVla9 +1o1N29JQ4zdXESfHXgVg9B0K+Rv6+IBfgMKMAmoU1P6MMKlnO57AwFqEqoENE0G3 +bKNQME4wHQYDVR0OBBYEFOS9QF8FKoIN35iD+T19P5Cq7HI/MB8GA1UdIwQYMBaA +FOS9QF8FKoIN35iD+T19P5Cq7HI/MAwGA1UdEwQFMAMBAf8wCgYIKoZIzj0EAwID +RwAwRAIgaGnmqp+bTUvzCAkaWnqyww42GbDXXlKIGUaOS7km9MkCIBfxuEWGEZZv +vBCcrtNYKWa/JfwFmOq6bHk8WNzDU3zF +-----END CERTIFICATE----- + +# 41 +# DANE-TA(2) depth 2 beats PKIX-EE depth 0 +1 3 0 0 2 +2 0 1 FE7C8E01110627A782765E468D8CB4D2CC7907EAC4BA5974CD92B540ED2AAC3C +0 0 1 0DAA76425A1FC398C55A643D5A2485AE4CC2B64B9515A75054722B2E83C31BBD +subject= /CN=example.com +issuer= /CN=Issuer CA +notBefore=Dec 13 23:23:52 2015 GMT +notAfter=Apr 15 23:23:52 3015 GMT +-----BEGIN CERTIFICATE----- +MIIBlDCCATugAwIBAgIBAjAKBggqhkjOPQQDAjAUMRIwEAYDVQQDDAlJc3N1ZXIg +Q0EwIBcNMTUxMjEzMjMyMzUyWhgPMzAxNTA0MTUyMzIzNTJaMBYxFDASBgNVBAMM +C2V4YW1wbGUuY29tMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEZkmV9HveNee0 +3kiyWOnooHreu9uGOz0G9IGhlGyD2p9Wz/TZOJuFXS82SxWFsMc0/PomMCaWT/Wk +MIs/yHm9uKN6MHgwHQYDVR0OBBYEFFsgykF9kIjHpMAXy2wMHHObsH2KMB8GA1Ud +IwQYMBaAFHq3WjzSlcpd98UVCRbhj/XMN2oVMAkGA1UdEwQCMAAwEwYDVR0lBAww +CgYIKwYBBQUHAwEwFgYDVR0RBA8wDYILZXhhbXBsZS5jb20wCgYIKoZIzj0EAwID +RwAwRAIfIckDKlyKk4ctP0rvMhqVdN2VbUO9k8NplExy1pAoWAIhAMizKQ16835X +GoTXBNutM50ph9QYUtxZNvISlHBjkRGB +-----END CERTIFICATE----- +subject= /CN=Issuer CA +issuer= /CN=Root CA +notBefore=Dec 13 23:20:09 2015 GMT +notAfter=Apr 15 23:20:09 3015 GMT +-----BEGIN CERTIFICATE----- +MIIBaDCCAQ2gAwIBAgIBAjAKBggqhkjOPQQDAjASMRAwDgYDVQQDDAdSb290IENB +MCAXDTE1MTIxMzIzMjAwOVoYDzMwMTUwNDE1MjMyMDA5WjAUMRIwEAYDVQQDDAlJ +c3N1ZXIgQ0EwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAR9S64YtJ9dxp0KPIXG +aj4hGd6Sz60IH61VwS1RDsl7bADhNpWo2XE1SP5g3xVXM5BDPiob2S20t6oBbsYY +XcWvo1AwTjAdBgNVHQ4EFgQUerdaPNKVyl33xRUJFuGP9cw3ahUwHwYDVR0jBBgw +FoAU5L1AXwUqgg3fmIP5PX0/kKrscj8wDAYDVR0TBAUwAwEB/zAKBggqhkjOPQQD +AgNJADBGAiEAgx3NiC2oeF1Q5BAgiYwCSIed3fctcB0dwd5r4IFVtD4CIQC4Sy+1 +GcTNPLx5FgPUSI93B1l9t5gNnBc+f90OzXyjCA== +-----END CERTIFICATE----- +subject= /CN=Root CA +issuer= /CN=Root CA +notBefore=Dec 13 23:13:08 2015 GMT +notAfter=Apr 15 23:13:08 3015 GMT +-----BEGIN CERTIFICATE----- +MIIBZDCCAQugAwIBAgIBATAKBggqhkjOPQQDAjASMRAwDgYDVQQDDAdSb290IENB +MCAXDTE1MTIxMzIzMTMwOFoYDzMwMTUwNDE1MjMxMzA4WjASMRAwDgYDVQQDDAdS +b290IENBMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE0dpXj9GPuGRWsNkbVla9 +1o1N29JQ4zdXESfHXgVg9B0K+Rv6+IBfgMKMAmoU1P6MMKlnO57AwFqEqoENE0G3 +bKNQME4wHQYDVR0OBBYEFOS9QF8FKoIN35iD+T19P5Cq7HI/MB8GA1UdIwQYMBaA +FOS9QF8FKoIN35iD+T19P5Cq7HI/MAwGA1UdEwQFMAMBAf8wCgYIKoZIzj0EAwID +RwAwRAIgaGnmqp+bTUvzCAkaWnqyww42GbDXXlKIGUaOS7km9MkCIBfxuEWGEZZv +vBCcrtNYKWa/JfwFmOq6bHk8WNzDU3zF +-----END CERTIFICATE----- + +# 42 +# DANE-TA(2) Full(0) root "from DNS": +1 2 0 0 2 +2 0 0 308201643082010BA003020102020101300A06082A8648CE3D04030230123110300E06035504030C07526F6F742043413020170D3135313231333233313330385A180F33303135303431353233313330385A30123110300E06035504030C07526F6F742043413059301306072A8648CE3D020106082A8648CE3D03010703420004D1DA578FD18FB86456B0D91B5656BDD68D4DDBD250E337571127C75E0560F41D0AF91BFAF8805F80C28C026A14D4FE8C30A9673B9EC0C05A84AA810D1341B76CA350304E301D0603551D0E04160414E4BD405F052A820DDF9883F93D7D3F90AAEC723F301F0603551D23041830168014E4BD405F052A820DDF9883F93D7D3F90AAEC723F300C0603551D13040530030101FF300A06082A8648CE3D040302034700304402206869E6AA9F9B4D4BF308091A5A7AB2C30E3619B0D75E528819468E4BB926F4C9022017F1B8458611966FBC109CAED3582966BF25FC0598EABA6C793C58DCC3537CC5 +subject= /CN=example.com +issuer= /CN=Issuer CA +notBefore=Dec 13 23:23:52 2015 GMT +notAfter=Apr 15 23:23:52 3015 GMT +-----BEGIN CERTIFICATE----- +MIIBlDCCATugAwIBAgIBAjAKBggqhkjOPQQDAjAUMRIwEAYDVQQDDAlJc3N1ZXIg +Q0EwIBcNMTUxMjEzMjMyMzUyWhgPMzAxNTA0MTUyMzIzNTJaMBYxFDASBgNVBAMM +C2V4YW1wbGUuY29tMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEZkmV9HveNee0 +3kiyWOnooHreu9uGOz0G9IGhlGyD2p9Wz/TZOJuFXS82SxWFsMc0/PomMCaWT/Wk +MIs/yHm9uKN6MHgwHQYDVR0OBBYEFFsgykF9kIjHpMAXy2wMHHObsH2KMB8GA1Ud +IwQYMBaAFHq3WjzSlcpd98UVCRbhj/XMN2oVMAkGA1UdEwQCMAAwEwYDVR0lBAww +CgYIKwYBBQUHAwEwFgYDVR0RBA8wDYILZXhhbXBsZS5jb20wCgYIKoZIzj0EAwID +RwAwRAIfIckDKlyKk4ctP0rvMhqVdN2VbUO9k8NplExy1pAoWAIhAMizKQ16835X +GoTXBNutM50ph9QYUtxZNvISlHBjkRGB +-----END CERTIFICATE----- +subject= /CN=Issuer CA +issuer= /CN=Root CA +notBefore=Dec 13 23:20:09 2015 GMT +notAfter=Apr 15 23:20:09 3015 GMT +-----BEGIN CERTIFICATE----- +MIIBaDCCAQ2gAwIBAgIBAjAKBggqhkjOPQQDAjASMRAwDgYDVQQDDAdSb290IENB +MCAXDTE1MTIxMzIzMjAwOVoYDzMwMTUwNDE1MjMyMDA5WjAUMRIwEAYDVQQDDAlJ +c3N1ZXIgQ0EwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAR9S64YtJ9dxp0KPIXG +aj4hGd6Sz60IH61VwS1RDsl7bADhNpWo2XE1SP5g3xVXM5BDPiob2S20t6oBbsYY +XcWvo1AwTjAdBgNVHQ4EFgQUerdaPNKVyl33xRUJFuGP9cw3ahUwHwYDVR0jBBgw +FoAU5L1AXwUqgg3fmIP5PX0/kKrscj8wDAYDVR0TBAUwAwEB/zAKBggqhkjOPQQD +AgNJADBGAiEAgx3NiC2oeF1Q5BAgiYwCSIed3fctcB0dwd5r4IFVtD4CIQC4Sy+1 +GcTNPLx5FgPUSI93B1l9t5gNnBc+f90OzXyjCA== +-----END CERTIFICATE----- + +# 43 +# DANE-TA(2) Full(0) intermediate "from DNS": +1 1 0 0 1 +2 0 0 308201683082010DA003020102020102300A06082A8648CE3D04030230123110300E06035504030C07526F6F742043413020170D3135313231333233323030395A180F33303135303431353233323030395A30143112301006035504030C094973737565722043413059301306072A8648CE3D020106082A8648CE3D030107034200047D4BAE18B49F5DC69D0A3C85C66A3E2119DE92CFAD081FAD55C12D510EC97B6C00E13695A8D9713548FE60DF15573390433E2A1BD92DB4B7AA016EC6185DC5AFA350304E301D0603551D0E041604147AB75A3CD295CA5DF7C5150916E18FF5CC376A15301F0603551D23041830168014E4BD405F052A820DDF9883F93D7D3F90AAEC723F300C0603551D13040530030101FF300A06082A8648CE3D0403020349003046022100831DCD882DA8785D50E41020898C0248879DDDF72D701D1DC1DE6BE08155B43E022100B84B2FB519C4CD3CBC791603D4488F7707597DB7980D9C173E7FDD0ECD7CA308 +subject= /CN=example.com +issuer= /CN=Issuer CA +notBefore=Dec 13 23:23:52 2015 GMT +notAfter=Apr 15 23:23:52 3015 GMT +-----BEGIN CERTIFICATE----- +MIIBlDCCATugAwIBAgIBAjAKBggqhkjOPQQDAjAUMRIwEAYDVQQDDAlJc3N1ZXIg +Q0EwIBcNMTUxMjEzMjMyMzUyWhgPMzAxNTA0MTUyMzIzNTJaMBYxFDASBgNVBAMM +C2V4YW1wbGUuY29tMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEZkmV9HveNee0 +3kiyWOnooHreu9uGOz0G9IGhlGyD2p9Wz/TZOJuFXS82SxWFsMc0/PomMCaWT/Wk +MIs/yHm9uKN6MHgwHQYDVR0OBBYEFFsgykF9kIjHpMAXy2wMHHObsH2KMB8GA1Ud +IwQYMBaAFHq3WjzSlcpd98UVCRbhj/XMN2oVMAkGA1UdEwQCMAAwEwYDVR0lBAww +CgYIKwYBBQUHAwEwFgYDVR0RBA8wDYILZXhhbXBsZS5jb20wCgYIKoZIzj0EAwID +RwAwRAIfIckDKlyKk4ctP0rvMhqVdN2VbUO9k8NplExy1pAoWAIhAMizKQ16835X +GoTXBNutM50ph9QYUtxZNvISlHBjkRGB +-----END CERTIFICATE----- + +# 44 +# DANE-TA(2) SPKI(1) Full(0) intermediate "from DNS": +1 1 0 0 0 +2 1 0 3059301306072A8648CE3D020106082A8648CE3D030107034200047D4BAE18B49F5DC69D0A3C85C66A3E2119DE92CFAD081FAD55C12D510EC97B6C00E13695A8D9713548FE60DF15573390433E2A1BD92DB4B7AA016EC6185DC5AF +subject= /CN=example.com +issuer= /CN=Issuer CA +notBefore=Dec 13 23:23:52 2015 GMT +notAfter=Apr 15 23:23:52 3015 GMT +-----BEGIN CERTIFICATE----- +MIIBlDCCATugAwIBAgIBAjAKBggqhkjOPQQDAjAUMRIwEAYDVQQDDAlJc3N1ZXIg +Q0EwIBcNMTUxMjEzMjMyMzUyWhgPMzAxNTA0MTUyMzIzNTJaMBYxFDASBgNVBAMM +C2V4YW1wbGUuY29tMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEZkmV9HveNee0 +3kiyWOnooHreu9uGOz0G9IGhlGyD2p9Wz/TZOJuFXS82SxWFsMc0/PomMCaWT/Wk +MIs/yHm9uKN6MHgwHQYDVR0OBBYEFFsgykF9kIjHpMAXy2wMHHObsH2KMB8GA1Ud +IwQYMBaAFHq3WjzSlcpd98UVCRbhj/XMN2oVMAkGA1UdEwQCMAAwEwYDVR0lBAww +CgYIKwYBBQUHAwEwFgYDVR0RBA8wDYILZXhhbXBsZS5jb20wCgYIKoZIzj0EAwID +RwAwRAIfIckDKlyKk4ctP0rvMhqVdN2VbUO9k8NplExy1pAoWAIhAMizKQ16835X +GoTXBNutM50ph9QYUtxZNvISlHBjkRGB +-----END CERTIFICATE----- + +# 45 +# DANE-TA(2) SPKI(1) Full(0) root "from DNS": +1 2 0 0 1 +2 1 0 3059301306072A8648CE3D020106082A8648CE3D03010703420004D1DA578FD18FB86456B0D91B5656BDD68D4DDBD250E337571127C75E0560F41D0AF91BFAF8805F80C28C026A14D4FE8C30A9673B9EC0C05A84AA810D1341B76C +subject= /CN=example.com +issuer= /CN=Issuer CA +notBefore=Dec 13 23:23:52 2015 GMT +notAfter=Apr 15 23:23:52 3015 GMT +-----BEGIN CERTIFICATE----- +MIIBlDCCATugAwIBAgIBAjAKBggqhkjOPQQDAjAUMRIwEAYDVQQDDAlJc3N1ZXIg +Q0EwIBcNMTUxMjEzMjMyMzUyWhgPMzAxNTA0MTUyMzIzNTJaMBYxFDASBgNVBAMM +C2V4YW1wbGUuY29tMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEZkmV9HveNee0 +3kiyWOnooHreu9uGOz0G9IGhlGyD2p9Wz/TZOJuFXS82SxWFsMc0/PomMCaWT/Wk +MIs/yHm9uKN6MHgwHQYDVR0OBBYEFFsgykF9kIjHpMAXy2wMHHObsH2KMB8GA1Ud +IwQYMBaAFHq3WjzSlcpd98UVCRbhj/XMN2oVMAkGA1UdEwQCMAAwEwYDVR0lBAww +CgYIKwYBBQUHAwEwFgYDVR0RBA8wDYILZXhhbXBsZS5jb20wCgYIKoZIzj0EAwID +RwAwRAIfIckDKlyKk4ctP0rvMhqVdN2VbUO9k8NplExy1pAoWAIhAMizKQ16835X +GoTXBNutM50ph9QYUtxZNvISlHBjkRGB +-----END CERTIFICATE----- +subject= /CN=Issuer CA +issuer= /CN=Root CA +notBefore=Dec 13 23:20:09 2015 GMT +notAfter=Apr 15 23:20:09 3015 GMT +-----BEGIN CERTIFICATE----- +MIIBaDCCAQ2gAwIBAgIBAjAKBggqhkjOPQQDAjASMRAwDgYDVQQDDAdSb290IENB +MCAXDTE1MTIxMzIzMjAwOVoYDzMwMTUwNDE1MjMyMDA5WjAUMRIwEAYDVQQDDAlJ +c3N1ZXIgQ0EwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAR9S64YtJ9dxp0KPIXG +aj4hGd6Sz60IH61VwS1RDsl7bADhNpWo2XE1SP5g3xVXM5BDPiob2S20t6oBbsYY +XcWvo1AwTjAdBgNVHQ4EFgQUerdaPNKVyl33xRUJFuGP9cw3ahUwHwYDVR0jBBgw +FoAU5L1AXwUqgg3fmIP5PX0/kKrscj8wDAYDVR0TBAUwAwEB/zAKBggqhkjOPQQD +AgNJADBGAiEAgx3NiC2oeF1Q5BAgiYwCSIed3fctcB0dwd5r4IFVtD4CIQC4Sy+1 +GcTNPLx5FgPUSI93B1l9t5gNnBc+f90OzXyjCA== +-----END CERTIFICATE----- + +# 46 +# Mismatched name "example.org", should still succeed given a +# DANE-EE(3) match. +1 3 1 0 0 +3 1 1 ee1477190203f5d8b4767f4451b89e7367cdec7f6965a4988227983562ac8270 +subject= CN = example.org +issuer= CN = CA2 +notBefore=Feb 6 22:39:47 2016 GMT +notAfter=Feb 7 22:39:47 2116 GMT +-----BEGIN CERTIFICATE----- +MIIBkDCCATWgAwIBAgIBAjAKBggqhkjOPQQDAjAOMQwwCgYDVQQDDANDQTIwIBcN +MTYwMjA2MjIzOTQ3WhgPMjExNjAyMDcyMjM5NDdaMBYxFDASBgNVBAMMC2V4YW1w +bGUub3JnMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE/YCEn0pxClPTvpjioxU4 +ajopRa4j/6XTqxy9zqn1AcMCiVWp6j22B6RpLmKEHoRHQxFzebd2juTXIDq81CID +z6N6MHgwHQYDVR0OBBYEFOrSA+2YKXa5KR6k0687CZuhai5OMB8GA1UdIwQYMBaA +FLTY4vqgjcQ01aCcB8AYVbUhEU7VMAkGA1UdEwQCMAAwEwYDVR0lBAwwCgYIKwYB +BQUHAwEwFgYDVR0RBA8wDYILZXhhbXBsZS5vcmcwCgYIKoZIzj0EAwIDSQAwRgIh +AKSsLwlidPiSrgda6XWihov4D4KHu6ZX3ZAAZ2uiBAefAiEArCq5WiO3Zeunl0Ct +PyDiaL1QKbJ7lnqPQCS1o8xn+RI= +-----END CERTIFICATE----- +subject= CN = CA2 +issuer= CN = Root CA2 +notBefore=Feb 6 22:39:13 2016 GMT +notAfter=Feb 7 22:39:13 2116 GMT +-----BEGIN CERTIFICATE----- +MIIBYjCCAQigAwIBAgIBAjAKBggqhkjOPQQDAjATMREwDwYDVQQDDAhSb290IENB +MjAgFw0xNjAyMDYyMjM5MTNaGA8yMTE2MDIwNzIyMzkxM1owDjEMMAoGA1UEAwwD +Q0EyMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEYr6zgBxpsxA31IFiGyb6uaGC +CQdNMyJfDgqCihsU1eOEuauzXO7tydCbjfRmhqQK1EGd254IjcGY+37tZEbvPKNQ +ME4wHQYDVR0OBBYEFLTY4vqgjcQ01aCcB8AYVbUhEU7VMB8GA1UdIwQYMBaAFBRb ++/qrntsksembakoZTwTZk8AXMAwGA1UdEwQFMAMBAf8wCgYIKoZIzj0EAwIDSAAw +RQIgX2fmMykyiuryf1AeKyc1j8HgmM8u/nyQfJnTCwvYUcECIQC6JHd3ybV9eJQo +7sfr/jV+rRlZY2iaRv160BWYd82L7g== +-----END CERTIFICATE----- +subject= CN = Root CA2 +issuer= CN = Root CA2 +notBefore=Feb 6 22:38:48 2016 GMT +notAfter=Feb 7 22:38:48 2116 GMT +-----BEGIN CERTIFICATE----- +MIIBaDCCAQ2gAwIBAgIBATAKBggqhkjOPQQDAjATMREwDwYDVQQDDAhSb290IENB +MjAgFw0xNjAyMDYyMjM4NDhaGA8yMTE2MDIwNzIyMzg0OFowEzERMA8GA1UEAwwI +Um9vdCBDQTIwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAATlTxAPKteg+L1LmxMl +sbAFMxj6/322nR5RRGeF07KZRBFPaFZLgwZ1DuNrwM3wxxNdUyoZ6iAyDmwNf3K1 +42/Uo1AwTjAdBgNVHQ4EFgQUFFv7+que2ySx6ZtqShlPBNmTwBcwHwYDVR0jBBgw +FoAUFFv7+que2ySx6ZtqShlPBNmTwBcwDAYDVR0TBAUwAwEB/zAKBggqhkjOPQQD +AgNJADBGAiEAumhPWZ37swl10awM/amX+jv0UlUyJBf8RGA6QMG5bwICIQDbinER +fEevg+GOsr1P6nNMCAsQd9NwsvTQ+jm+TBArWQ== +-----END CERTIFICATE----- + +# 47 +# Mismatched name "example.org", should fail despite a DANE-TA(2) +# match for the intermediate CA. +1 3 0 62 1 +2 1 1 946af0956378efaba7ee1bbedc17af110ea8de19c079a98e77398724a3708a1f +subject= CN = example.org +issuer= CN = CA2 +notBefore=Feb 6 22:39:47 2016 GMT +notAfter=Feb 7 22:39:47 2116 GMT +-----BEGIN CERTIFICATE----- +MIIBkDCCATWgAwIBAgIBAjAKBggqhkjOPQQDAjAOMQwwCgYDVQQDDANDQTIwIBcN +MTYwMjA2MjIzOTQ3WhgPMjExNjAyMDcyMjM5NDdaMBYxFDASBgNVBAMMC2V4YW1w +bGUub3JnMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE/YCEn0pxClPTvpjioxU4 +ajopRa4j/6XTqxy9zqn1AcMCiVWp6j22B6RpLmKEHoRHQxFzebd2juTXIDq81CID +z6N6MHgwHQYDVR0OBBYEFOrSA+2YKXa5KR6k0687CZuhai5OMB8GA1UdIwQYMBaA +FLTY4vqgjcQ01aCcB8AYVbUhEU7VMAkGA1UdEwQCMAAwEwYDVR0lBAwwCgYIKwYB +BQUHAwEwFgYDVR0RBA8wDYILZXhhbXBsZS5vcmcwCgYIKoZIzj0EAwIDSQAwRgIh +AKSsLwlidPiSrgda6XWihov4D4KHu6ZX3ZAAZ2uiBAefAiEArCq5WiO3Zeunl0Ct +PyDiaL1QKbJ7lnqPQCS1o8xn+RI= +-----END CERTIFICATE----- +subject= CN = CA2 +issuer= CN = Root CA2 +notBefore=Feb 6 22:39:13 2016 GMT +notAfter=Feb 7 22:39:13 2116 GMT +-----BEGIN CERTIFICATE----- +MIIBYjCCAQigAwIBAgIBAjAKBggqhkjOPQQDAjATMREwDwYDVQQDDAhSb290IENB +MjAgFw0xNjAyMDYyMjM5MTNaGA8yMTE2MDIwNzIyMzkxM1owDjEMMAoGA1UEAwwD +Q0EyMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEYr6zgBxpsxA31IFiGyb6uaGC +CQdNMyJfDgqCihsU1eOEuauzXO7tydCbjfRmhqQK1EGd254IjcGY+37tZEbvPKNQ +ME4wHQYDVR0OBBYEFLTY4vqgjcQ01aCcB8AYVbUhEU7VMB8GA1UdIwQYMBaAFBRb ++/qrntsksembakoZTwTZk8AXMAwGA1UdEwQFMAMBAf8wCgYIKoZIzj0EAwIDSAAw +RQIgX2fmMykyiuryf1AeKyc1j8HgmM8u/nyQfJnTCwvYUcECIQC6JHd3ybV9eJQo +7sfr/jV+rRlZY2iaRv160BWYd82L7g== +-----END CERTIFICATE----- +subject= CN = Root CA2 +issuer= CN = Root CA2 +notBefore=Feb 6 22:38:48 2016 GMT +notAfter=Feb 7 22:38:48 2116 GMT +-----BEGIN CERTIFICATE----- +MIIBaDCCAQ2gAwIBAgIBATAKBggqhkjOPQQDAjATMREwDwYDVQQDDAhSb290IENB +MjAgFw0xNjAyMDYyMjM4NDhaGA8yMTE2MDIwNzIyMzg0OFowEzERMA8GA1UEAwwI +Um9vdCBDQTIwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAATlTxAPKteg+L1LmxMl +sbAFMxj6/322nR5RRGeF07KZRBFPaFZLgwZ1DuNrwM3wxxNdUyoZ6iAyDmwNf3K1 +42/Uo1AwTjAdBgNVHQ4EFgQUFFv7+que2ySx6ZtqShlPBNmTwBcwHwYDVR0jBBgw +FoAUFFv7+que2ySx6ZtqShlPBNmTwBcwDAYDVR0TBAUwAwEB/zAKBggqhkjOPQQD +AgNJADBGAiEAumhPWZ37swl10awM/amX+jv0UlUyJBf8RGA6QMG5bwICIQDbinER +fEevg+GOsr1P6nNMCAsQd9NwsvTQ+jm+TBArWQ== +-----END CERTIFICATE----- + +# 48 +# Mismatched name "example.org", should fail despite a DANE-TA(2) +# match for the root CA. +1 3 0 62 2 +2 1 1 34474f2fbc39da44dfbd11215bdafadf9507406c04de1f65dbd2a1bc4f2165cc +subject= CN = example.org +issuer= CN = CA2 +notBefore=Feb 6 22:39:47 2016 GMT +notAfter=Feb 7 22:39:47 2116 GMT +-----BEGIN CERTIFICATE----- +MIIBkDCCATWgAwIBAgIBAjAKBggqhkjOPQQDAjAOMQwwCgYDVQQDDANDQTIwIBcN +MTYwMjA2MjIzOTQ3WhgPMjExNjAyMDcyMjM5NDdaMBYxFDASBgNVBAMMC2V4YW1w +bGUub3JnMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE/YCEn0pxClPTvpjioxU4 +ajopRa4j/6XTqxy9zqn1AcMCiVWp6j22B6RpLmKEHoRHQxFzebd2juTXIDq81CID +z6N6MHgwHQYDVR0OBBYEFOrSA+2YKXa5KR6k0687CZuhai5OMB8GA1UdIwQYMBaA +FLTY4vqgjcQ01aCcB8AYVbUhEU7VMAkGA1UdEwQCMAAwEwYDVR0lBAwwCgYIKwYB +BQUHAwEwFgYDVR0RBA8wDYILZXhhbXBsZS5vcmcwCgYIKoZIzj0EAwIDSQAwRgIh +AKSsLwlidPiSrgda6XWihov4D4KHu6ZX3ZAAZ2uiBAefAiEArCq5WiO3Zeunl0Ct +PyDiaL1QKbJ7lnqPQCS1o8xn+RI= +-----END CERTIFICATE----- +subject= CN = CA2 +issuer= CN = Root CA2 +notBefore=Feb 6 22:39:13 2016 GMT +notAfter=Feb 7 22:39:13 2116 GMT +-----BEGIN CERTIFICATE----- +MIIBYjCCAQigAwIBAgIBAjAKBggqhkjOPQQDAjATMREwDwYDVQQDDAhSb290IENB +MjAgFw0xNjAyMDYyMjM5MTNaGA8yMTE2MDIwNzIyMzkxM1owDjEMMAoGA1UEAwwD +Q0EyMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEYr6zgBxpsxA31IFiGyb6uaGC +CQdNMyJfDgqCihsU1eOEuauzXO7tydCbjfRmhqQK1EGd254IjcGY+37tZEbvPKNQ +ME4wHQYDVR0OBBYEFLTY4vqgjcQ01aCcB8AYVbUhEU7VMB8GA1UdIwQYMBaAFBRb ++/qrntsksembakoZTwTZk8AXMAwGA1UdEwQFMAMBAf8wCgYIKoZIzj0EAwIDSAAw +RQIgX2fmMykyiuryf1AeKyc1j8HgmM8u/nyQfJnTCwvYUcECIQC6JHd3ybV9eJQo +7sfr/jV+rRlZY2iaRv160BWYd82L7g== +-----END CERTIFICATE----- +subject= CN = Root CA2 +issuer= CN = Root CA2 +notBefore=Feb 6 22:38:48 2016 GMT +notAfter=Feb 7 22:38:48 2116 GMT +-----BEGIN CERTIFICATE----- +MIIBaDCCAQ2gAwIBAgIBATAKBggqhkjOPQQDAjATMREwDwYDVQQDDAhSb290IENB +MjAgFw0xNjAyMDYyMjM4NDhaGA8yMTE2MDIwNzIyMzg0OFowEzERMA8GA1UEAwwI +Um9vdCBDQTIwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAATlTxAPKteg+L1LmxMl +sbAFMxj6/322nR5RRGeF07KZRBFPaFZLgwZ1DuNrwM3wxxNdUyoZ6iAyDmwNf3K1 +42/Uo1AwTjAdBgNVHQ4EFgQUFFv7+que2ySx6ZtqShlPBNmTwBcwHwYDVR0jBBgw +FoAUFFv7+que2ySx6ZtqShlPBNmTwBcwDAYDVR0TBAUwAwEB/zAKBggqhkjOPQQD +AgNJADBGAiEAumhPWZ37swl10awM/amX+jv0UlUyJBf8RGA6QMG5bwICIQDbinER +fEevg+GOsr1P6nNMCAsQd9NwsvTQ+jm+TBArWQ== +-----END CERTIFICATE----- + +# 49 +# Mismatched name "example.org", should fail when name checks +# are not disabled for DANE-EE(3). +1 3 0 62 0 +3 1 1 ee1477190203f5d8b4767f4451b89e7367cdec7f6965a4988227983562ac8270 +subject= CN = example.org +issuer= CN = CA2 +notBefore=Feb 6 22:39:47 2016 GMT +notAfter=Feb 7 22:39:47 2116 GMT +-----BEGIN CERTIFICATE----- +MIIBkDCCATWgAwIBAgIBAjAKBggqhkjOPQQDAjAOMQwwCgYDVQQDDANDQTIwIBcN +MTYwMjA2MjIzOTQ3WhgPMjExNjAyMDcyMjM5NDdaMBYxFDASBgNVBAMMC2V4YW1w +bGUub3JnMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE/YCEn0pxClPTvpjioxU4 +ajopRa4j/6XTqxy9zqn1AcMCiVWp6j22B6RpLmKEHoRHQxFzebd2juTXIDq81CID +z6N6MHgwHQYDVR0OBBYEFOrSA+2YKXa5KR6k0687CZuhai5OMB8GA1UdIwQYMBaA +FLTY4vqgjcQ01aCcB8AYVbUhEU7VMAkGA1UdEwQCMAAwEwYDVR0lBAwwCgYIKwYB +BQUHAwEwFgYDVR0RBA8wDYILZXhhbXBsZS5vcmcwCgYIKoZIzj0EAwIDSQAwRgIh +AKSsLwlidPiSrgda6XWihov4D4KHu6ZX3ZAAZ2uiBAefAiEArCq5WiO3Zeunl0Ct +PyDiaL1QKbJ7lnqPQCS1o8xn+RI= +-----END CERTIFICATE----- +subject= CN = CA2 +issuer= CN = Root CA2 +notBefore=Feb 6 22:39:13 2016 GMT +notAfter=Feb 7 22:39:13 2116 GMT +-----BEGIN CERTIFICATE----- +MIIBYjCCAQigAwIBAgIBAjAKBggqhkjOPQQDAjATMREwDwYDVQQDDAhSb290IENB +MjAgFw0xNjAyMDYyMjM5MTNaGA8yMTE2MDIwNzIyMzkxM1owDjEMMAoGA1UEAwwD +Q0EyMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEYr6zgBxpsxA31IFiGyb6uaGC +CQdNMyJfDgqCihsU1eOEuauzXO7tydCbjfRmhqQK1EGd254IjcGY+37tZEbvPKNQ +ME4wHQYDVR0OBBYEFLTY4vqgjcQ01aCcB8AYVbUhEU7VMB8GA1UdIwQYMBaAFBRb ++/qrntsksembakoZTwTZk8AXMAwGA1UdEwQFMAMBAf8wCgYIKoZIzj0EAwIDSAAw +RQIgX2fmMykyiuryf1AeKyc1j8HgmM8u/nyQfJnTCwvYUcECIQC6JHd3ybV9eJQo +7sfr/jV+rRlZY2iaRv160BWYd82L7g== +-----END CERTIFICATE----- +subject= CN = Root CA2 +issuer= CN = Root CA2 +notBefore=Feb 6 22:38:48 2016 GMT +notAfter=Feb 7 22:38:48 2116 GMT +-----BEGIN CERTIFICATE----- +MIIBaDCCAQ2gAwIBAgIBATAKBggqhkjOPQQDAjATMREwDwYDVQQDDAhSb290IENB +MjAgFw0xNjAyMDYyMjM4NDhaGA8yMTE2MDIwNzIyMzg0OFowEzERMA8GA1UEAwwI +Um9vdCBDQTIwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAATlTxAPKteg+L1LmxMl +sbAFMxj6/322nR5RRGeF07KZRBFPaFZLgwZ1DuNrwM3wxxNdUyoZ6iAyDmwNf3K1 +42/Uo1AwTjAdBgNVHQ4EFgQUFFv7+que2ySx6ZtqShlPBNmTwBcwHwYDVR0jBBgw +FoAUFFv7+que2ySx6ZtqShlPBNmTwBcwDAYDVR0TBAUwAwEB/zAKBggqhkjOPQQD +AgNJADBGAiEAumhPWZ37swl10awM/amX+jv0UlUyJBf8RGA6QMG5bwICIQDbinER +fEevg+GOsr1P6nNMCAsQd9NwsvTQ+jm+TBArWQ== +-----END CERTIFICATE----- diff --git a/openssl-1.1.0h/test/danetest.pem b/openssl-1.1.0h/test/danetest.pem new file mode 100644 index 0000000..68d4f44 --- /dev/null +++ b/openssl-1.1.0h/test/danetest.pem @@ -0,0 +1,14 @@ +subject= /CN=Root CA +issuer= /CN=Root CA +notBefore=Dec 13 23:13:08 2015 GMT +notAfter=Apr 15 23:13:08 3015 GMT +-----BEGIN CERTIFICATE----- +MIIBZDCCAQugAwIBAgIBATAKBggqhkjOPQQDAjASMRAwDgYDVQQDDAdSb290IENB +MCAXDTE1MTIxMzIzMTMwOFoYDzMwMTUwNDE1MjMxMzA4WjASMRAwDgYDVQQDDAdS +b290IENBMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE0dpXj9GPuGRWsNkbVla9 +1o1N29JQ4zdXESfHXgVg9B0K+Rv6+IBfgMKMAmoU1P6MMKlnO57AwFqEqoENE0G3 +bKNQME4wHQYDVR0OBBYEFOS9QF8FKoIN35iD+T19P5Cq7HI/MB8GA1UdIwQYMBaA +FOS9QF8FKoIN35iD+T19P5Cq7HI/MAwGA1UdEwQFMAMBAf8wCgYIKoZIzj0EAwID +RwAwRAIgaGnmqp+bTUvzCAkaWnqyww42GbDXXlKIGUaOS7km9MkCIBfxuEWGEZZv +vBCcrtNYKWa/JfwFmOq6bHk8WNzDU3zF +-----END CERTIFICATE----- diff --git a/openssl-1.1.0h/test/destest.c b/openssl-1.1.0h/test/destest.c new file mode 100644 index 0000000..84d753d --- /dev/null +++ b/openssl-1.1.0h/test/destest.c @@ -0,0 +1,804 @@ +/* + * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#include +#include + +#include +#if defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_WINDOWS) +# ifndef OPENSSL_SYS_MSDOS +# define OPENSSL_SYS_MSDOS +# endif +#endif + +#ifndef OPENSSL_SYS_MSDOS +# if !defined(OPENSSL_SYS_VMS) || defined(OPENSSL_SYS_VMS_DECC) +# include OPENSSL_UNISTD +# endif +#else +# include +#endif +#include + +#ifdef OPENSSL_NO_DES +int main(int argc, char *argv[]) +{ + printf("No DES support\n"); + return (0); +} +#else +# include + +/* tisk tisk - the test keys don't all have odd parity :-( */ +/* test data */ +# define NUM_TESTS 34 +static unsigned char key_data[NUM_TESTS][8] = { + {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, + {0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF}, + {0x30, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, + {0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11}, + {0x01, 0x23, 0x45, 0x67, 0x89, 0xAB, 0xCD, 0xEF}, + {0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11}, + {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, + {0xFE, 0xDC, 0xBA, 0x98, 0x76, 0x54, 0x32, 0x10}, + {0x7C, 0xA1, 0x10, 0x45, 0x4A, 0x1A, 0x6E, 0x57}, + {0x01, 0x31, 0xD9, 0x61, 0x9D, 0xC1, 0x37, 0x6E}, + {0x07, 0xA1, 0x13, 0x3E, 0x4A, 0x0B, 0x26, 0x86}, + {0x38, 0x49, 0x67, 0x4C, 0x26, 0x02, 0x31, 0x9E}, + {0x04, 0xB9, 0x15, 0xBA, 0x43, 0xFE, 0xB5, 0xB6}, + {0x01, 0x13, 0xB9, 0x70, 0xFD, 0x34, 0xF2, 0xCE}, + {0x01, 0x70, 0xF1, 0x75, 0x46, 0x8F, 0xB5, 0xE6}, + {0x43, 0x29, 0x7F, 0xAD, 0x38, 0xE3, 0x73, 0xFE}, + {0x07, 0xA7, 0x13, 0x70, 0x45, 0xDA, 0x2A, 0x16}, + {0x04, 0x68, 0x91, 0x04, 0xC2, 0xFD, 0x3B, 0x2F}, + {0x37, 0xD0, 0x6B, 0xB5, 0x16, 0xCB, 0x75, 0x46}, + {0x1F, 0x08, 0x26, 0x0D, 0x1A, 0xC2, 0x46, 0x5E}, + {0x58, 0x40, 0x23, 0x64, 0x1A, 0xBA, 0x61, 0x76}, + {0x02, 0x58, 0x16, 0x16, 0x46, 0x29, 0xB0, 0x07}, + {0x49, 0x79, 0x3E, 0xBC, 0x79, 0xB3, 0x25, 0x8F}, + {0x4F, 0xB0, 0x5E, 0x15, 0x15, 0xAB, 0x73, 0xA7}, + {0x49, 0xE9, 0x5D, 0x6D, 0x4C, 0xA2, 0x29, 0xBF}, + {0x01, 0x83, 0x10, 0xDC, 0x40, 0x9B, 0x26, 0xD6}, + {0x1C, 0x58, 0x7F, 0x1C, 0x13, 0x92, 0x4F, 0xEF}, + {0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01}, + {0x1F, 0x1F, 0x1F, 0x1F, 0x0E, 0x0E, 0x0E, 0x0E}, + {0xE0, 0xFE, 0xE0, 0xFE, 0xF1, 0xFE, 0xF1, 0xFE}, + {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, + {0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF}, + {0x01, 0x23, 0x45, 0x67, 0x89, 0xAB, 0xCD, 0xEF}, + {0xFE, 0xDC, 0xBA, 0x98, 0x76, 0x54, 0x32, 0x10} +}; + +static unsigned char plain_data[NUM_TESTS][8] = { + {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, + {0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF}, + {0x10, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01}, + {0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11}, + {0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11}, + {0x01, 0x23, 0x45, 0x67, 0x89, 0xAB, 0xCD, 0xEF}, + {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, + {0x01, 0x23, 0x45, 0x67, 0x89, 0xAB, 0xCD, 0xEF}, + {0x01, 0xA1, 0xD6, 0xD0, 0x39, 0x77, 0x67, 0x42}, + {0x5C, 0xD5, 0x4C, 0xA8, 0x3D, 0xEF, 0x57, 0xDA}, + {0x02, 0x48, 0xD4, 0x38, 0x06, 0xF6, 0x71, 0x72}, + {0x51, 0x45, 0x4B, 0x58, 0x2D, 0xDF, 0x44, 0x0A}, + {0x42, 0xFD, 0x44, 0x30, 0x59, 0x57, 0x7F, 0xA2}, + {0x05, 0x9B, 0x5E, 0x08, 0x51, 0xCF, 0x14, 0x3A}, + {0x07, 0x56, 0xD8, 0xE0, 0x77, 0x47, 0x61, 0xD2}, + {0x76, 0x25, 0x14, 0xB8, 0x29, 0xBF, 0x48, 0x6A}, + {0x3B, 0xDD, 0x11, 0x90, 0x49, 0x37, 0x28, 0x02}, + {0x26, 0x95, 0x5F, 0x68, 0x35, 0xAF, 0x60, 0x9A}, + {0x16, 0x4D, 0x5E, 0x40, 0x4F, 0x27, 0x52, 0x32}, + {0x6B, 0x05, 0x6E, 0x18, 0x75, 0x9F, 0x5C, 0xCA}, + {0x00, 0x4B, 0xD6, 0xEF, 0x09, 0x17, 0x60, 0x62}, + {0x48, 0x0D, 0x39, 0x00, 0x6E, 0xE7, 0x62, 0xF2}, + {0x43, 0x75, 0x40, 0xC8, 0x69, 0x8F, 0x3C, 0xFA}, + {0x07, 0x2D, 0x43, 0xA0, 0x77, 0x07, 0x52, 0x92}, + {0x02, 0xFE, 0x55, 0x77, 0x81, 0x17, 0xF1, 0x2A}, + {0x1D, 0x9D, 0x5C, 0x50, 0x18, 0xF7, 0x28, 0xC2}, + {0x30, 0x55, 0x32, 0x28, 0x6D, 0x6F, 0x29, 0x5A}, + {0x01, 0x23, 0x45, 0x67, 0x89, 0xAB, 0xCD, 0xEF}, + {0x01, 0x23, 0x45, 0x67, 0x89, 0xAB, 0xCD, 0xEF}, + {0x01, 0x23, 0x45, 0x67, 0x89, 0xAB, 0xCD, 0xEF}, + {0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF}, + {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, + {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, + {0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF} +}; + +static unsigned char cipher_data[NUM_TESTS][8] = { + {0x8C, 0xA6, 0x4D, 0xE9, 0xC1, 0xB1, 0x23, 0xA7}, + {0x73, 0x59, 0xB2, 0x16, 0x3E, 0x4E, 0xDC, 0x58}, + {0x95, 0x8E, 0x6E, 0x62, 0x7A, 0x05, 0x55, 0x7B}, + {0xF4, 0x03, 0x79, 0xAB, 0x9E, 0x0E, 0xC5, 0x33}, + {0x17, 0x66, 0x8D, 0xFC, 0x72, 0x92, 0x53, 0x2D}, + {0x8A, 0x5A, 0xE1, 0xF8, 0x1A, 0xB8, 0xF2, 0xDD}, + {0x8C, 0xA6, 0x4D, 0xE9, 0xC1, 0xB1, 0x23, 0xA7}, + {0xED, 0x39, 0xD9, 0x50, 0xFA, 0x74, 0xBC, 0xC4}, + {0x69, 0x0F, 0x5B, 0x0D, 0x9A, 0x26, 0x93, 0x9B}, + {0x7A, 0x38, 0x9D, 0x10, 0x35, 0x4B, 0xD2, 0x71}, + {0x86, 0x8E, 0xBB, 0x51, 0xCA, 0xB4, 0x59, 0x9A}, + {0x71, 0x78, 0x87, 0x6E, 0x01, 0xF1, 0x9B, 0x2A}, + {0xAF, 0x37, 0xFB, 0x42, 0x1F, 0x8C, 0x40, 0x95}, + {0x86, 0xA5, 0x60, 0xF1, 0x0E, 0xC6, 0xD8, 0x5B}, + {0x0C, 0xD3, 0xDA, 0x02, 0x00, 0x21, 0xDC, 0x09}, + {0xEA, 0x67, 0x6B, 0x2C, 0xB7, 0xDB, 0x2B, 0x7A}, + {0xDF, 0xD6, 0x4A, 0x81, 0x5C, 0xAF, 0x1A, 0x0F}, + {0x5C, 0x51, 0x3C, 0x9C, 0x48, 0x86, 0xC0, 0x88}, + {0x0A, 0x2A, 0xEE, 0xAE, 0x3F, 0xF4, 0xAB, 0x77}, + {0xEF, 0x1B, 0xF0, 0x3E, 0x5D, 0xFA, 0x57, 0x5A}, + {0x88, 0xBF, 0x0D, 0xB6, 0xD7, 0x0D, 0xEE, 0x56}, + {0xA1, 0xF9, 0x91, 0x55, 0x41, 0x02, 0x0B, 0x56}, + {0x6F, 0xBF, 0x1C, 0xAF, 0xCF, 0xFD, 0x05, 0x56}, + {0x2F, 0x22, 0xE4, 0x9B, 0xAB, 0x7C, 0xA1, 0xAC}, + {0x5A, 0x6B, 0x61, 0x2C, 0xC2, 0x6C, 0xCE, 0x4A}, + {0x5F, 0x4C, 0x03, 0x8E, 0xD1, 0x2B, 0x2E, 0x41}, + {0x63, 0xFA, 0xC0, 0xD0, 0x34, 0xD9, 0xF7, 0x93}, + {0x61, 0x7B, 0x3A, 0x0C, 0xE8, 0xF0, 0x71, 0x00}, + {0xDB, 0x95, 0x86, 0x05, 0xF8, 0xC8, 0xC6, 0x06}, + {0xED, 0xBF, 0xD1, 0xC6, 0x6C, 0x29, 0xCC, 0xC7}, + {0x35, 0x55, 0x50, 0xB2, 0x15, 0x0E, 0x24, 0x51}, + {0xCA, 0xAA, 0xAF, 0x4D, 0xEA, 0xF1, 0xDB, 0xAE}, + {0xD5, 0xD4, 0x4F, 0xF7, 0x20, 0x68, 0x3D, 0x0D}, + {0x2A, 0x2B, 0xB0, 0x08, 0xDF, 0x97, 0xC2, 0xF2} +}; + +static unsigned char cipher_ecb2[NUM_TESTS - 1][8] = { + {0x92, 0x95, 0xB5, 0x9B, 0xB3, 0x84, 0x73, 0x6E}, + {0x19, 0x9E, 0x9D, 0x6D, 0xF3, 0x9A, 0xA8, 0x16}, + {0x2A, 0x4B, 0x4D, 0x24, 0x52, 0x43, 0x84, 0x27}, + {0x35, 0x84, 0x3C, 0x01, 0x9D, 0x18, 0xC5, 0xB6}, + {0x4A, 0x5B, 0x2F, 0x42, 0xAA, 0x77, 0x19, 0x25}, + {0xA0, 0x6B, 0xA9, 0xB8, 0xCA, 0x5B, 0x17, 0x8A}, + {0xAB, 0x9D, 0xB7, 0xFB, 0xED, 0x95, 0xF2, 0x74}, + {0x3D, 0x25, 0x6C, 0x23, 0xA7, 0x25, 0x2F, 0xD6}, + {0xB7, 0x6F, 0xAB, 0x4F, 0xBD, 0xBD, 0xB7, 0x67}, + {0x8F, 0x68, 0x27, 0xD6, 0x9C, 0xF4, 0x1A, 0x10}, + {0x82, 0x57, 0xA1, 0xD6, 0x50, 0x5E, 0x81, 0x85}, + {0xA2, 0x0F, 0x0A, 0xCD, 0x80, 0x89, 0x7D, 0xFA}, + {0xCD, 0x2A, 0x53, 0x3A, 0xDB, 0x0D, 0x7E, 0xF3}, + {0xD2, 0xC2, 0xBE, 0x27, 0xE8, 0x1B, 0x68, 0xE3}, + {0xE9, 0x24, 0xCF, 0x4F, 0x89, 0x3C, 0x5B, 0x0A}, + {0xA7, 0x18, 0xC3, 0x9F, 0xFA, 0x9F, 0xD7, 0x69}, + {0x77, 0x2C, 0x79, 0xB1, 0xD2, 0x31, 0x7E, 0xB1}, + {0x49, 0xAB, 0x92, 0x7F, 0xD0, 0x22, 0x00, 0xB7}, + {0xCE, 0x1C, 0x6C, 0x7D, 0x85, 0xE3, 0x4A, 0x6F}, + {0xBE, 0x91, 0xD6, 0xE1, 0x27, 0xB2, 0xE9, 0x87}, + {0x70, 0x28, 0xAE, 0x8F, 0xD1, 0xF5, 0x74, 0x1A}, + {0xAA, 0x37, 0x80, 0xBB, 0xF3, 0x22, 0x1D, 0xDE}, + {0xA6, 0xC4, 0xD2, 0x5E, 0x28, 0x93, 0xAC, 0xB3}, + {0x22, 0x07, 0x81, 0x5A, 0xE4, 0xB7, 0x1A, 0xAD}, + {0xDC, 0xCE, 0x05, 0xE7, 0x07, 0xBD, 0xF5, 0x84}, + {0x26, 0x1D, 0x39, 0x2C, 0xB3, 0xBA, 0xA5, 0x85}, + {0xB4, 0xF7, 0x0F, 0x72, 0xFB, 0x04, 0xF0, 0xDC}, + {0x95, 0xBA, 0xA9, 0x4E, 0x87, 0x36, 0xF2, 0x89}, + {0xD4, 0x07, 0x3A, 0xF1, 0x5A, 0x17, 0x82, 0x0E}, + {0xEF, 0x6F, 0xAF, 0xA7, 0x66, 0x1A, 0x7E, 0x89}, + {0xC1, 0x97, 0xF5, 0x58, 0x74, 0x8A, 0x20, 0xE7}, + {0x43, 0x34, 0xCF, 0xDA, 0x22, 0xC4, 0x86, 0xC8}, + {0x08, 0xD7, 0xB4, 0xFB, 0x62, 0x9D, 0x08, 0x85} +}; + +static unsigned char cbc_key[8] = + { 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef }; +static unsigned char cbc2_key[8] = + { 0xf1, 0xe0, 0xd3, 0xc2, 0xb5, 0xa4, 0x97, 0x86 }; +static unsigned char cbc3_key[8] = + { 0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10 }; +static unsigned char cbc_iv[8] = + { 0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10 }; +/* + * Changed the following text constant to binary so it will work on ebcdic + * machines :-) + */ +/* static char cbc_data[40]="7654321 Now is the time for \0001"; */ +static unsigned char cbc_data[40] = { + 0x37, 0x36, 0x35, 0x34, 0x33, 0x32, 0x31, 0x20, + 0x4E, 0x6F, 0x77, 0x20, 0x69, 0x73, 0x20, 0x74, + 0x68, 0x65, 0x20, 0x74, 0x69, 0x6D, 0x65, 0x20, + 0x66, 0x6F, 0x72, 0x20, 0x00, 0x31, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, +}; + +static unsigned char cbc_ok[32] = { + 0xcc, 0xd1, 0x73, 0xff, 0xab, 0x20, 0x39, 0xf4, + 0xac, 0xd8, 0xae, 0xfd, 0xdf, 0xd8, 0xa1, 0xeb, + 0x46, 0x8e, 0x91, 0x15, 0x78, 0x88, 0xba, 0x68, + 0x1d, 0x26, 0x93, 0x97, 0xf7, 0xfe, 0x62, 0xb4 +}; + +# ifdef SCREW_THE_PARITY +# error "SCREW_THE_PARITY is not meant to be defined." +# error "Original vectors are preserved for reference only." +static unsigned char cbc2_key[8] = + { 0xf0, 0xe1, 0xd2, 0xc3, 0xb4, 0xa5, 0x96, 0x87 }; +static unsigned char xcbc_ok[32] = { + 0x86, 0x74, 0x81, 0x0D, 0x61, 0xA4, 0xA5, 0x48, + 0xB9, 0x93, 0x03, 0xE1, 0xB8, 0xBB, 0xBD, 0xBD, + 0x64, 0x30, 0x0B, 0xB9, 0x06, 0x65, 0x81, 0x76, + 0x04, 0x1D, 0x77, 0x62, 0x17, 0xCA, 0x2B, 0xD2, +}; +# else +static unsigned char xcbc_ok[32] = { + 0x84, 0x6B, 0x29, 0x14, 0x85, 0x1E, 0x9A, 0x29, + 0x54, 0x73, 0x2F, 0x8A, 0xA0, 0xA6, 0x11, 0xC1, + 0x15, 0xCD, 0xC2, 0xD7, 0x95, 0x1B, 0x10, 0x53, + 0xA6, 0x3C, 0x5E, 0x03, 0xB2, 0x1A, 0xA3, 0xC4, +}; +# endif + +static unsigned char cbc3_ok[32] = { + 0x3F, 0xE3, 0x01, 0xC9, 0x62, 0xAC, 0x01, 0xD0, + 0x22, 0x13, 0x76, 0x3C, 0x1C, 0xBD, 0x4C, 0xDC, + 0x79, 0x96, 0x57, 0xC0, 0x64, 0xEC, 0xF5, 0xD4, + 0x1C, 0x67, 0x38, 0x12, 0xCF, 0xDE, 0x96, 0x75 +}; + +static unsigned char pcbc_ok[32] = { + 0xcc, 0xd1, 0x73, 0xff, 0xab, 0x20, 0x39, 0xf4, + 0x6d, 0xec, 0xb4, 0x70, 0xa0, 0xe5, 0x6b, 0x15, + 0xae, 0xa6, 0xbf, 0x61, 0xed, 0x7d, 0x9c, 0x9f, + 0xf7, 0x17, 0x46, 0x3b, 0x8a, 0xb3, 0xcc, 0x88 +}; + +static unsigned char cfb_key[8] = + { 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef }; +static unsigned char cfb_iv[8] = + { 0x12, 0x34, 0x56, 0x78, 0x90, 0xab, 0xcd, 0xef }; +static unsigned char cfb_buf1[40], cfb_buf2[40], cfb_tmp[8]; +static unsigned char plain[24] = { + 0x4e, 0x6f, 0x77, 0x20, 0x69, 0x73, + 0x20, 0x74, 0x68, 0x65, 0x20, 0x74, + 0x69, 0x6d, 0x65, 0x20, 0x66, 0x6f, + 0x72, 0x20, 0x61, 0x6c, 0x6c, 0x20 +}; + +static unsigned char cfb_cipher8[24] = { + 0xf3, 0x1f, 0xda, 0x07, 0x01, 0x14, 0x62, 0xee, 0x18, 0x7f, 0x43, 0xd8, + 0x0a, 0x7c, 0xd9, 0xb5, 0xb0, 0xd2, 0x90, 0xda, 0x6e, 0x5b, 0x9a, 0x87 +}; + +static unsigned char cfb_cipher16[24] = { + 0xF3, 0x09, 0x87, 0x87, 0x7F, 0x57, 0xF7, 0x3C, 0x36, 0xB6, 0xDB, 0x70, + 0xD8, 0xD5, 0x34, 0x19, 0xD3, 0x86, 0xB2, 0x23, 0xB7, 0xB2, 0xAD, 0x1B +}; + +static unsigned char cfb_cipher32[24] = { + 0xF3, 0x09, 0x62, 0x49, 0xA4, 0xDF, 0xA4, 0x9F, 0x33, 0xDC, 0x7B, 0xAD, + 0x4C, 0xC8, 0x9F, 0x64, 0xE4, 0x53, 0xE5, 0xEC, 0x67, 0x20, 0xDA, 0xB6 +}; + +static unsigned char cfb_cipher48[24] = { + 0xF3, 0x09, 0x62, 0x49, 0xC7, 0xF4, 0x30, 0xB5, 0x15, 0xEC, 0xBB, 0x85, + 0x97, 0x5A, 0x13, 0x8C, 0x68, 0x60, 0xE2, 0x38, 0x34, 0x3C, 0xDC, 0x1F +}; + +static unsigned char cfb_cipher64[24] = { + 0xF3, 0x09, 0x62, 0x49, 0xC7, 0xF4, 0x6E, 0x51, 0xA6, 0x9E, 0x83, 0x9B, + 0x1A, 0x92, 0xF7, 0x84, 0x03, 0x46, 0x71, 0x33, 0x89, 0x8E, 0xA6, 0x22 +}; + +static unsigned char ofb_key[8] = + { 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef }; +static unsigned char ofb_iv[8] = + { 0x12, 0x34, 0x56, 0x78, 0x90, 0xab, 0xcd, 0xef }; +static unsigned char ofb_buf1[24], ofb_buf2[24], ofb_tmp[8]; +static unsigned char ofb_cipher[24] = { + 0xf3, 0x09, 0x62, 0x49, 0xc7, 0xf4, 0x6e, 0x51, + 0x35, 0xf2, 0x4a, 0x24, 0x2e, 0xeb, 0x3d, 0x3f, + 0x3d, 0x6d, 0x5b, 0xe3, 0x25, 0x5a, 0xf8, 0xc3 +}; +static DES_LONG cbc_cksum_ret = 0xF7FE62B4L; +static unsigned char cbc_cksum_data[8] = + { 0x1D, 0x26, 0x93, 0x97, 0xf7, 0xfe, 0x62, 0xb4 }; + +static char *pt(unsigned char *p); +static int cfb_test(int bits, unsigned char *cfb_cipher); +static int cfb64_test(unsigned char *cfb_cipher); +static int ede_cfb64_test(unsigned char *cfb_cipher); +int main(int argc, char *argv[]) +{ + int j, err = 0; + unsigned int i; + DES_cblock in, out, outin, iv3; + DES_key_schedule ks, ks2, ks3; + unsigned char cbc_in[40]; + unsigned char cbc_out[40]; + DES_LONG cs; + unsigned char cret[8]; + DES_LONG lqret[4]; + int num; + char *str; + + printf("Doing ecb\n"); + for (i = 0; i < NUM_TESTS; i++) { + DES_set_key_unchecked(&key_data[i], &ks); + memcpy(in, plain_data[i], 8); + memset(out, 0, 8); + memset(outin, 0, 8); + DES_ecb_encrypt(&in, &out, &ks, DES_ENCRYPT); + DES_ecb_encrypt(&out, &outin, &ks, DES_DECRYPT); + + if (memcmp(out, cipher_data[i], 8) != 0) { + printf("Encryption error %2d\nk=%s p=%s o=%s act=%s\n", + i + 1, pt(key_data[i]), pt(in), pt(cipher_data[i]), + pt(out)); + err = 1; + } + if (memcmp(in, outin, 8) != 0) { + printf("Decryption error %2d\nk=%s p=%s o=%s act=%s\n", + i + 1, pt(key_data[i]), pt(out), pt(in), pt(outin)); + err = 1; + } + } + +# ifndef LIBDES_LIT + printf("Doing ede ecb\n"); + for (i = 0; i < (NUM_TESTS - 2); i++) { + DES_set_key_unchecked(&key_data[i], &ks); + DES_set_key_unchecked(&key_data[i + 1], &ks2); + DES_set_key_unchecked(&key_data[i + 2], &ks3); + memcpy(in, plain_data[i], 8); + memset(out, 0, 8); + memset(outin, 0, 8); + DES_ecb3_encrypt(&in,&out,&ks,&ks2,&ks,DES_ENCRYPT); + DES_ecb3_encrypt(&out,&outin,&ks,&ks2,&ks,DES_DECRYPT); + + if (memcmp(out, cipher_ecb2[i], 8) != 0) { + printf("Encryption error %2d\nk=%s p=%s o=%s act=%s\n", + i + 1, pt(key_data[i]), pt(in), pt(cipher_ecb2[i]), + pt(out)); + err = 1; + } + if (memcmp(in, outin, 8) != 0) { + printf("Decryption error %2d\nk=%s p=%s o=%s act=%s\n", + i + 1, pt(key_data[i]), pt(out), pt(in), pt(outin)); + err = 1; + } + } +# endif + + printf("Doing cbc\n"); + if ((j = DES_set_key_checked(&cbc_key, &ks)) != 0) { + printf("Key error %d\n", j); + err = 1; + } + memset(cbc_out, 0, 40); + memset(cbc_in, 0, 40); + memcpy(iv3, cbc_iv, sizeof(cbc_iv)); + DES_ncbc_encrypt(cbc_data, cbc_out, strlen((char *)cbc_data) + 1, &ks, + &iv3, DES_ENCRYPT); + if (memcmp(cbc_out, cbc_ok, 32) != 0) { + printf("cbc_encrypt encrypt error\n"); + err = 1; + } + + memcpy(iv3, cbc_iv, sizeof(cbc_iv)); + DES_ncbc_encrypt(cbc_out, cbc_in, strlen((char *)cbc_data) + 1, &ks, + &iv3, DES_DECRYPT); + if (memcmp(cbc_in, cbc_data, strlen((char *)cbc_data)) != 0) { + printf("cbc_encrypt decrypt error\n"); + err = 1; + } +# ifndef LIBDES_LIT + printf("Doing desx cbc\n"); + if ((j = DES_set_key_checked(&cbc_key, &ks)) != 0) { + printf("Key error %d\n", j); + err = 1; + } + memset(cbc_out, 0, 40); + memset(cbc_in, 0, 40); + memcpy(iv3, cbc_iv, sizeof(cbc_iv)); + DES_xcbc_encrypt(cbc_data, cbc_out, strlen((char *)cbc_data) + 1, &ks, + &iv3, &cbc2_key, &cbc3_key, DES_ENCRYPT); + if (memcmp(cbc_out, xcbc_ok, 32) != 0) { + printf("des_xcbc_encrypt encrypt error\n"); + err = 1; + } + memcpy(iv3, cbc_iv, sizeof(cbc_iv)); + DES_xcbc_encrypt(cbc_out, cbc_in, strlen((char *)cbc_data) + 1, &ks, + &iv3, &cbc2_key, &cbc3_key, DES_DECRYPT); + if (memcmp(cbc_in, cbc_data, strlen((char *)cbc_data) + 1) != 0) { + printf("des_xcbc_encrypt decrypt error\n"); + err = 1; + } +# endif + + printf("Doing ede cbc\n"); + if ((j = DES_set_key_checked(&cbc_key, &ks)) != 0) { + printf("Key error %d\n", j); + err = 1; + } + if ((j = DES_set_key_checked(&cbc2_key, &ks2)) != 0) { + printf("Key error %d\n", j); + err = 1; + } + if ((j = DES_set_key_checked(&cbc3_key, &ks3)) != 0) { + printf("Key error %d\n", j); + err = 1; + } + memset(cbc_out, 0, 40); + memset(cbc_in, 0, 40); + i = strlen((char *)cbc_data) + 1; + /* i=((i+7)/8)*8; */ + memcpy(iv3, cbc_iv, sizeof(cbc_iv)); + + DES_ede3_cbc_encrypt(cbc_data, cbc_out, 16L, &ks, &ks2, &ks3, &iv3, + DES_ENCRYPT); + DES_ede3_cbc_encrypt(&(cbc_data[16]), &(cbc_out[16]), i - 16, &ks, &ks2, + &ks3, &iv3, DES_ENCRYPT); + if (memcmp + (cbc_out, cbc3_ok, + (unsigned int)(strlen((char *)cbc_data) + 1 + 7) / 8 * 8) != 0) { + unsigned int n; + + printf("des_ede3_cbc_encrypt encrypt error\n"); + for (n = 0; n < i; ++n) + printf(" %02x", cbc_out[n]); + printf("\n"); + for (n = 0; n < i; ++n) + printf(" %02x", cbc3_ok[n]); + printf("\n"); + err = 1; + } + + memcpy(iv3, cbc_iv, sizeof(cbc_iv)); + DES_ede3_cbc_encrypt(cbc_out, cbc_in, i, &ks, &ks2, &ks3, &iv3, DES_DECRYPT); + if (memcmp(cbc_in, cbc_data, strlen((char *)cbc_data) + 1) != 0) { + unsigned int n; + + printf("DES_ede3_cbc_encrypt decrypt error\n"); + for (n = 0; n < i; ++n) + printf(" %02x", cbc_data[n]); + printf("\n"); + for (n = 0; n < i; ++n) + printf(" %02x", cbc_in[n]); + printf("\n"); + err = 1; + } +# ifndef LIBDES_LIT + printf("Doing pcbc\n"); + if ((j = DES_set_key_checked(&cbc_key, &ks)) != 0) { + printf("Key error %d\n", j); + err = 1; + } + memset(cbc_out, 0, 40); + memset(cbc_in, 0, 40); + DES_pcbc_encrypt(cbc_data, cbc_out, strlen((char *)cbc_data) + 1, &ks, + &cbc_iv, DES_ENCRYPT); + if (memcmp(cbc_out, pcbc_ok, 32) != 0) { + printf("pcbc_encrypt encrypt error\n"); + err = 1; + } + DES_pcbc_encrypt(cbc_out, cbc_in, strlen((char *)cbc_data) + 1, &ks, + &cbc_iv, DES_DECRYPT); + if (memcmp(cbc_in, cbc_data, strlen((char *)cbc_data) + 1) != 0) { + printf("pcbc_encrypt decrypt error\n"); + err = 1; + } + + printf("Doing "); + printf("cfb8 "); + err += cfb_test(8, cfb_cipher8); + printf("cfb16 "); + err += cfb_test(16, cfb_cipher16); + printf("cfb32 "); + err += cfb_test(32, cfb_cipher32); + printf("cfb48 "); + err += cfb_test(48, cfb_cipher48); + printf("cfb64 "); + err += cfb_test(64, cfb_cipher64); + + printf("cfb64() "); + err += cfb64_test(cfb_cipher64); + + memcpy(cfb_tmp, cfb_iv, sizeof(cfb_iv)); + for (i = 0; i < sizeof(plain); i++) + DES_cfb_encrypt(&(plain[i]), &(cfb_buf1[i]), + 8, 1, &ks, &cfb_tmp, DES_ENCRYPT); + if (memcmp(cfb_cipher8, cfb_buf1, sizeof(plain)) != 0) { + printf("cfb_encrypt small encrypt error\n"); + err = 1; + } + + memcpy(cfb_tmp, cfb_iv, sizeof(cfb_iv)); + for (i = 0; i < sizeof(plain); i++) + DES_cfb_encrypt(&(cfb_buf1[i]), &(cfb_buf2[i]), + 8, 1, &ks, &cfb_tmp, DES_DECRYPT); + if (memcmp(plain, cfb_buf2, sizeof(plain)) != 0) { + printf("cfb_encrypt small decrypt error\n"); + err = 1; + } + + printf("ede_cfb64() "); + err += ede_cfb64_test(cfb_cipher64); + + printf("done\n"); + + printf("Doing ofb\n"); + DES_set_key_checked(&ofb_key, &ks); + memcpy(ofb_tmp, ofb_iv, sizeof(ofb_iv)); + DES_ofb_encrypt(plain, ofb_buf1, 64, sizeof(plain) / 8, &ks, &ofb_tmp); + if (memcmp(ofb_cipher, ofb_buf1, sizeof(ofb_buf1)) != 0) { + printf("ofb_encrypt encrypt error\n"); + printf("%02X %02X %02X %02X %02X %02X %02X %02X\n", + ofb_buf1[8 + 0], ofb_buf1[8 + 1], ofb_buf1[8 + 2], + ofb_buf1[8 + 3], ofb_buf1[8 + 4], ofb_buf1[8 + 5], + ofb_buf1[8 + 6], ofb_buf1[8 + 7]); + printf("%02X %02X %02X %02X %02X %02X %02X %02X\n", ofb_buf1[8 + 0], + ofb_cipher[8 + 1], ofb_cipher[8 + 2], ofb_cipher[8 + 3], + ofb_buf1[8 + 4], ofb_cipher[8 + 5], ofb_cipher[8 + 6], + ofb_cipher[8 + 7]); + err = 1; + } + memcpy(ofb_tmp, ofb_iv, sizeof(ofb_iv)); + DES_ofb_encrypt(ofb_buf1, ofb_buf2, 64, sizeof(ofb_buf1) / 8, &ks, + &ofb_tmp); + if (memcmp(plain, ofb_buf2, sizeof(ofb_buf2)) != 0) { + printf("ofb_encrypt decrypt error\n"); + printf("%02X %02X %02X %02X %02X %02X %02X %02X\n", + ofb_buf2[8 + 0], ofb_buf2[8 + 1], ofb_buf2[8 + 2], + ofb_buf2[8 + 3], ofb_buf2[8 + 4], ofb_buf2[8 + 5], + ofb_buf2[8 + 6], ofb_buf2[8 + 7]); + printf("%02X %02X %02X %02X %02X %02X %02X %02X\n", plain[8 + 0], + plain[8 + 1], plain[8 + 2], plain[8 + 3], plain[8 + 4], + plain[8 + 5], plain[8 + 6], plain[8 + 7]); + err = 1; + } + + printf("Doing ofb64\n"); + DES_set_key_checked(&ofb_key, &ks); + memcpy(ofb_tmp, ofb_iv, sizeof(ofb_iv)); + memset(ofb_buf1, 0, sizeof(ofb_buf1)); + memset(ofb_buf2, 0, sizeof(ofb_buf1)); + num = 0; + for (i = 0; i < sizeof(plain); i++) { + DES_ofb64_encrypt(&(plain[i]), &(ofb_buf1[i]), 1, &ks, &ofb_tmp, &num); + } + if (memcmp(ofb_cipher, ofb_buf1, sizeof(ofb_buf1)) != 0) { + printf("ofb64_encrypt encrypt error\n"); + err = 1; + } + memcpy(ofb_tmp, ofb_iv, sizeof(ofb_iv)); + num = 0; + DES_ofb64_encrypt(ofb_buf1, ofb_buf2, sizeof(ofb_buf1), &ks, &ofb_tmp, + &num); + if (memcmp(plain, ofb_buf2, sizeof(ofb_buf2)) != 0) { + printf("ofb64_encrypt decrypt error\n"); + err = 1; + } + + printf("Doing ede_ofb64\n"); + DES_set_key_checked(&ofb_key, &ks); + memcpy(ofb_tmp, ofb_iv, sizeof(ofb_iv)); + memset(ofb_buf1, 0, sizeof(ofb_buf1)); + memset(ofb_buf2, 0, sizeof(ofb_buf1)); + num = 0; + for (i = 0; i < sizeof(plain); i++) { + DES_ede3_ofb64_encrypt(&(plain[i]), &(ofb_buf1[i]), 1, &ks, &ks, + &ks, &ofb_tmp, &num); + } + if (memcmp(ofb_cipher, ofb_buf1, sizeof(ofb_buf1)) != 0) { + printf("ede_ofb64_encrypt encrypt error\n"); + err = 1; + } + memcpy(ofb_tmp, ofb_iv, sizeof(ofb_iv)); + num = 0; + DES_ede3_ofb64_encrypt(ofb_buf1, ofb_buf2, sizeof(ofb_buf1), &ks, &ks, &ks, + &ofb_tmp, &num); + if (memcmp(plain, ofb_buf2, sizeof(ofb_buf2)) != 0) { + printf("ede_ofb64_encrypt decrypt error\n"); + err = 1; + } + + printf("Doing cbc_cksum\n"); + DES_set_key_checked(&cbc_key, &ks); + cs = DES_cbc_cksum(cbc_data, &cret, strlen((char *)cbc_data), &ks, + &cbc_iv); + if (cs != cbc_cksum_ret) { + printf("bad return value (%08lX), should be %08lX\n", + (unsigned long)cs, (unsigned long)cbc_cksum_ret); + err = 1; + } + if (memcmp(cret, cbc_cksum_data, 8) != 0) { + printf("bad cbc_cksum block returned\n"); + err = 1; + } + + printf("Doing quad_cksum\n"); + cs = DES_quad_cksum(cbc_data, (DES_cblock *)lqret, + (long)strlen((char *)cbc_data), 2, + (DES_cblock *)cbc_iv); + if (cs != 0x70d7a63aL) { + printf("quad_cksum error, ret %08lx should be 70d7a63a\n", + (unsigned long)cs); + err = 1; + } + if (lqret[0] != 0x327eba8dL) { + printf("quad_cksum error, out[0] %08lx is not %08lx\n", + (unsigned long)lqret[0], 0x327eba8dUL); + err = 1; + } + if (lqret[1] != 0x201a49ccL) { + printf("quad_cksum error, out[1] %08lx is not %08lx\n", + (unsigned long)lqret[1], 0x201a49ccUL); + err = 1; + } + if (lqret[2] != 0x70d7a63aL) { + printf("quad_cksum error, out[2] %08lx is not %08lx\n", + (unsigned long)lqret[2], 0x70d7a63aUL); + err = 1; + } + if (lqret[3] != 0x501c2c26L) { + printf("quad_cksum error, out[3] %08lx is not %08lx\n", + (unsigned long)lqret[3], 0x501c2c26UL); + err = 1; + } +# endif + + printf("input word alignment test"); + for (i = 0; i < 4; i++) { + printf(" %d", i); + DES_ncbc_encrypt(&(cbc_out[i]), cbc_in, + strlen((char *)cbc_data) + 1, &ks, + &cbc_iv, DES_ENCRYPT); + } + printf("\noutput word alignment test"); + for (i = 0; i < 4; i++) { + printf(" %d", i); + DES_ncbc_encrypt(cbc_out, &(cbc_in[i]), + strlen((char *)cbc_data) + 1, &ks, + &cbc_iv, DES_ENCRYPT); + } + printf("\n"); + printf("fast crypt test "); + str = DES_crypt("testing", "ef"); + if (strcmp("efGnQx2725bI2", str) != 0) { + printf("fast crypt error, %s should be efGnQx2725bI2\n", str); + err = 1; + } + str = DES_crypt("bca76;23", "yA"); + if (strcmp("yA1Rp/1hZXIJk", str) != 0) { + printf("fast crypt error, %s should be yA1Rp/1hZXIJk\n", str); + err = 1; + } + str = DES_crypt("testing", "y\202"); + if (str != NULL) { + printf("salt error only usascii are accepted\n"); + err = 1; + } + str = DES_crypt("testing", "\0A"); + if (str != NULL) { + printf("salt error cannot contain null terminator\n"); + err = 1; + } + str = DES_crypt("testing", "A"); + if (str != NULL) { + printf("salt error must be at least 2\n"); + err = 1; + } + printf("\n"); + return (err); +} + +static char *pt(unsigned char *p) +{ + static char bufs[10][20]; + static int bnum = 0; + char *ret; + int i; + static char *f = "0123456789ABCDEF"; + + ret = &(bufs[bnum++][0]); + bnum %= 10; + for (i = 0; i < 8; i++) { + ret[i * 2] = f[(p[i] >> 4) & 0xf]; + ret[i * 2 + 1] = f[p[i] & 0xf]; + } + ret[16] = '\0'; + return (ret); +} + +# ifndef LIBDES_LIT + +static int cfb_test(int bits, unsigned char *cfb_cipher) +{ + DES_key_schedule ks; + int i, err = 0; + + DES_set_key_checked(&cfb_key, &ks); + memcpy(cfb_tmp, cfb_iv, sizeof(cfb_iv)); + DES_cfb_encrypt(plain, cfb_buf1, bits, sizeof(plain), &ks, &cfb_tmp, + DES_ENCRYPT); + if (memcmp(cfb_cipher, cfb_buf1, sizeof(plain)) != 0) { + err = 1; + printf("cfb_encrypt encrypt error\n"); + for (i = 0; i < 24; i += 8) + printf("%s\n", pt(&(cfb_buf1[i]))); + } + memcpy(cfb_tmp, cfb_iv, sizeof(cfb_iv)); + DES_cfb_encrypt(cfb_buf1, cfb_buf2, bits, sizeof(plain), &ks, &cfb_tmp, + DES_DECRYPT); + if (memcmp(plain, cfb_buf2, sizeof(plain)) != 0) { + err = 1; + printf("cfb_encrypt decrypt error\n"); + for (i = 0; i < 24; i += 8) + printf("%s\n", pt(&(cfb_buf1[i]))); + } + return (err); +} + +static int cfb64_test(unsigned char *cfb_cipher) +{ + DES_key_schedule ks; + int err = 0, i, n; + + DES_set_key_checked(&cfb_key, &ks); + memcpy(cfb_tmp, cfb_iv, sizeof(cfb_iv)); + n = 0; + DES_cfb64_encrypt(plain, cfb_buf1, 12, &ks, &cfb_tmp, &n, DES_ENCRYPT); + DES_cfb64_encrypt(&(plain[12]), &(cfb_buf1[12]), sizeof(plain) - 12, &ks, + &cfb_tmp, &n, DES_ENCRYPT); + if (memcmp(cfb_cipher, cfb_buf1, sizeof(plain)) != 0) { + err = 1; + printf("cfb_encrypt encrypt error\n"); + for (i = 0; i < 24; i += 8) + printf("%s\n", pt(&(cfb_buf1[i]))); + } + memcpy(cfb_tmp, cfb_iv, sizeof(cfb_iv)); + n = 0; + DES_cfb64_encrypt(cfb_buf1, cfb_buf2, 17, &ks, &cfb_tmp, &n, DES_DECRYPT); + DES_cfb64_encrypt(&(cfb_buf1[17]), &(cfb_buf2[17]), + sizeof(plain) - 17, &ks, &cfb_tmp, &n, DES_DECRYPT); + if (memcmp(plain, cfb_buf2, sizeof(plain)) != 0) { + err = 1; + printf("cfb_encrypt decrypt error\n"); + for (i = 0; i < 24; i += 8) + printf("%s\n", pt(&(cfb_buf2[i]))); + } + return (err); +} + +static int ede_cfb64_test(unsigned char *cfb_cipher) +{ + DES_key_schedule ks; + int err = 0, i, n; + + DES_set_key_checked(&cfb_key, &ks); + memcpy(cfb_tmp, cfb_iv, sizeof(cfb_iv)); + n = 0; + DES_ede3_cfb64_encrypt(plain, cfb_buf1, 12, &ks, &ks, &ks, &cfb_tmp, &n, + DES_ENCRYPT); + DES_ede3_cfb64_encrypt(&(plain[12]), &(cfb_buf1[12]), + sizeof(plain) - 12, &ks, &ks, &ks, + &cfb_tmp, &n, DES_ENCRYPT); + if (memcmp(cfb_cipher, cfb_buf1, sizeof(plain)) != 0) { + err = 1; + printf("ede_cfb_encrypt encrypt error\n"); + for (i = 0; i < 24; i += 8) + printf("%s\n", pt(&(cfb_buf1[i]))); + } + memcpy(cfb_tmp, cfb_iv, sizeof(cfb_iv)); + n = 0; + DES_ede3_cfb64_encrypt(cfb_buf1, cfb_buf2, (long)17, &ks, &ks, &ks, + &cfb_tmp, &n, DES_DECRYPT); + DES_ede3_cfb64_encrypt(&(cfb_buf1[17]), &(cfb_buf2[17]), + sizeof(plain) - 17, &ks, &ks, &ks, + &cfb_tmp, &n, DES_DECRYPT); + if (memcmp(plain, cfb_buf2, sizeof(plain)) != 0) { + err = 1; + printf("ede_cfb_encrypt decrypt error\n"); + for (i = 0; i < 24; i += 8) + printf("%s\n", pt(&(cfb_buf2[i]))); + } + return (err); +} + +# endif +#endif diff --git a/openssl-1.1.0h/test/dhtest.c b/openssl-1.1.0h/test/dhtest.c new file mode 100644 index 0000000..ecf2d9d --- /dev/null +++ b/openssl-1.1.0h/test/dhtest.c @@ -0,0 +1,626 @@ +/* + * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#include +#include +#include + +#include "../e_os.h" + +#include +#include +#include +#include +#include + +#ifdef OPENSSL_NO_DH +int main(int argc, char *argv[]) +{ + printf("No DH support\n"); + return (0); +} +#else +# include + +static int cb(int p, int n, BN_GENCB *arg); + +static const char rnd_seed[] = + "string to make the random number generator think it has entropy"; + +static int run_rfc5114_tests(void); + +int main(int argc, char *argv[]) +{ + BN_GENCB *_cb = NULL; + DH *a = NULL; + DH *b = NULL; + DH *c = NULL; + const BIGNUM *ap = NULL, *ag = NULL, *apub_key = NULL, *priv_key = NULL; + const BIGNUM *bpub_key = NULL; + BIGNUM *bp = NULL, *bg = NULL, *cpriv_key = NULL; + char buf[12] = {0}; + unsigned char *abuf = NULL; + unsigned char *bbuf = NULL; + unsigned char *cbuf = NULL; + int i, alen, blen, clen, aout, bout, cout; + int ret = 1; + BIO *out = NULL; + + CRYPTO_set_mem_debug(1); + CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON); + + RAND_seed(rnd_seed, sizeof(rnd_seed)); + + out = BIO_new(BIO_s_file()); + if (out == NULL) + EXIT(1); + BIO_set_fp(out, stdout, BIO_NOCLOSE | BIO_FP_TEXT); + + _cb = BN_GENCB_new(); + if (_cb == NULL) + goto err; + BN_GENCB_set(_cb, &cb, out); + if (((a = DH_new()) == NULL) + || (!DH_generate_parameters_ex(a, 64, DH_GENERATOR_5, _cb))) + goto err; + + if (!DH_check(a, &i)) + goto err; + if (i & DH_CHECK_P_NOT_PRIME) + BIO_puts(out, "p value is not prime\n"); + if (i & DH_CHECK_P_NOT_SAFE_PRIME) + BIO_puts(out, "p value is not a safe prime\n"); + if (i & DH_UNABLE_TO_CHECK_GENERATOR) + BIO_puts(out, "unable to check the generator value\n"); + if (i & DH_NOT_SUITABLE_GENERATOR) + BIO_puts(out, "the g value is not a generator\n"); + + DH_get0_pqg(a, &ap, NULL, &ag); + BIO_puts(out, "\np ="); + BN_print(out, ap); + BIO_puts(out, "\ng ="); + BN_print(out, ag); + BIO_puts(out, "\n"); + + b = DH_new(); + if (b == NULL) + goto err; + + bp = BN_dup(ap); + bg = BN_dup(ag); + if ((bp == NULL) || (bg == NULL) || !DH_set0_pqg(b, bp, NULL, bg)) + goto err; + bp = bg = NULL; + + if (!DH_generate_key(a)) + goto err; + DH_get0_key(a, &apub_key, &priv_key); + BIO_puts(out, "pri 1="); + BN_print(out, priv_key); + BIO_puts(out, "\npub 1="); + BN_print(out, apub_key); + BIO_puts(out, "\n"); + + if (!DH_generate_key(b)) + goto err; + DH_get0_key(b, &bpub_key, &priv_key); + BIO_puts(out, "pri 2="); + BN_print(out, priv_key); + BIO_puts(out, "\npub 2="); + BN_print(out, bpub_key); + BIO_puts(out, "\n"); + + /* Also test with a private-key-only copy of |b|. */ + if ((c = DHparams_dup(b)) == NULL + || (cpriv_key = BN_dup(priv_key)) == NULL + || !DH_set0_key(c, NULL, cpriv_key)) + goto err; + cpriv_key = NULL; + + alen = DH_size(a); + abuf = OPENSSL_malloc(alen); + if (abuf == NULL) + goto err; + + aout = DH_compute_key(abuf, bpub_key, a); + + BIO_puts(out, "key1 ="); + for (i = 0; i < aout; i++) { + sprintf(buf, "%02X", abuf[i]); + BIO_puts(out, buf); + } + BIO_puts(out, "\n"); + + blen = DH_size(b); + bbuf = OPENSSL_malloc(blen); + if (bbuf == NULL) + goto err; + + bout = DH_compute_key(bbuf, apub_key, b); + + BIO_puts(out, "key2 ="); + for (i = 0; i < bout; i++) { + sprintf(buf, "%02X", bbuf[i]); + BIO_puts(out, buf); + } + BIO_puts(out, "\n"); + + clen = DH_size(c); + cbuf = OPENSSL_malloc(clen); + if (cbuf == NULL) + goto err; + + cout = DH_compute_key(cbuf, apub_key, c); + + BIO_puts(out, "key3 ="); + for (i = 0; i < cout; i++) { + sprintf(buf, "%02X", cbuf[i]); + BIO_puts(out, buf); + } + BIO_puts(out, "\n"); + + if ((aout < 4) || (bout != aout) || (memcmp(abuf, bbuf, aout) != 0) + || (cout != aout) || (memcmp(abuf, cbuf, aout) != 0)) { + fprintf(stderr, "Error in DH routines\n"); + ret = 1; + } else + ret = 0; + if (!run_rfc5114_tests()) + ret = 1; + err: + (void)BIO_flush(out); + ERR_print_errors_fp(stderr); + + OPENSSL_free(abuf); + OPENSSL_free(bbuf); + OPENSSL_free(cbuf); + DH_free(b); + DH_free(a); + DH_free(c); + BN_free(bp); + BN_free(bg); + BN_free(cpriv_key); + BN_GENCB_free(_cb); + BIO_free(out); + +#ifndef OPENSSL_NO_CRYPTO_MDEBUG + if (CRYPTO_mem_leaks_fp(stderr) <= 0) + ret = 1; +#endif + + EXIT(ret); +} + +static int cb(int p, int n, BN_GENCB *arg) +{ + char c = '*'; + + if (p == 0) + c = '.'; + if (p == 1) + c = '+'; + if (p == 2) + c = '*'; + if (p == 3) + c = '\n'; + BIO_write(BN_GENCB_get_arg(arg), &c, 1); + (void)BIO_flush(BN_GENCB_get_arg(arg)); + return 1; +} + +/* Test data from RFC 5114 */ + +static const unsigned char dhtest_1024_160_xA[] = { + 0xB9, 0xA3, 0xB3, 0xAE, 0x8F, 0xEF, 0xC1, 0xA2, 0x93, 0x04, 0x96, 0x50, + 0x70, 0x86, 0xF8, 0x45, 0x5D, 0x48, 0x94, 0x3E +}; + +static const unsigned char dhtest_1024_160_yA[] = { + 0x2A, 0x85, 0x3B, 0x3D, 0x92, 0x19, 0x75, 0x01, 0xB9, 0x01, 0x5B, 0x2D, + 0xEB, 0x3E, 0xD8, 0x4F, 0x5E, 0x02, 0x1D, 0xCC, 0x3E, 0x52, 0xF1, 0x09, + 0xD3, 0x27, 0x3D, 0x2B, 0x75, 0x21, 0x28, 0x1C, 0xBA, 0xBE, 0x0E, 0x76, + 0xFF, 0x57, 0x27, 0xFA, 0x8A, 0xCC, 0xE2, 0x69, 0x56, 0xBA, 0x9A, 0x1F, + 0xCA, 0x26, 0xF2, 0x02, 0x28, 0xD8, 0x69, 0x3F, 0xEB, 0x10, 0x84, 0x1D, + 0x84, 0xA7, 0x36, 0x00, 0x54, 0xEC, 0xE5, 0xA7, 0xF5, 0xB7, 0xA6, 0x1A, + 0xD3, 0xDF, 0xB3, 0xC6, 0x0D, 0x2E, 0x43, 0x10, 0x6D, 0x87, 0x27, 0xDA, + 0x37, 0xDF, 0x9C, 0xCE, 0x95, 0xB4, 0x78, 0x75, 0x5D, 0x06, 0xBC, 0xEA, + 0x8F, 0x9D, 0x45, 0x96, 0x5F, 0x75, 0xA5, 0xF3, 0xD1, 0xDF, 0x37, 0x01, + 0x16, 0x5F, 0xC9, 0xE5, 0x0C, 0x42, 0x79, 0xCE, 0xB0, 0x7F, 0x98, 0x95, + 0x40, 0xAE, 0x96, 0xD5, 0xD8, 0x8E, 0xD7, 0x76 +}; + +static const unsigned char dhtest_1024_160_xB[] = { + 0x93, 0x92, 0xC9, 0xF9, 0xEB, 0x6A, 0x7A, 0x6A, 0x90, 0x22, 0xF7, 0xD8, + 0x3E, 0x72, 0x23, 0xC6, 0x83, 0x5B, 0xBD, 0xDA +}; + +static const unsigned char dhtest_1024_160_yB[] = { + 0x71, 0x7A, 0x6C, 0xB0, 0x53, 0x37, 0x1F, 0xF4, 0xA3, 0xB9, 0x32, 0x94, + 0x1C, 0x1E, 0x56, 0x63, 0xF8, 0x61, 0xA1, 0xD6, 0xAD, 0x34, 0xAE, 0x66, + 0x57, 0x6D, 0xFB, 0x98, 0xF6, 0xC6, 0xCB, 0xF9, 0xDD, 0xD5, 0xA5, 0x6C, + 0x78, 0x33, 0xF6, 0xBC, 0xFD, 0xFF, 0x09, 0x55, 0x82, 0xAD, 0x86, 0x8E, + 0x44, 0x0E, 0x8D, 0x09, 0xFD, 0x76, 0x9E, 0x3C, 0xEC, 0xCD, 0xC3, 0xD3, + 0xB1, 0xE4, 0xCF, 0xA0, 0x57, 0x77, 0x6C, 0xAA, 0xF9, 0x73, 0x9B, 0x6A, + 0x9F, 0xEE, 0x8E, 0x74, 0x11, 0xF8, 0xD6, 0xDA, 0xC0, 0x9D, 0x6A, 0x4E, + 0xDB, 0x46, 0xCC, 0x2B, 0x5D, 0x52, 0x03, 0x09, 0x0E, 0xAE, 0x61, 0x26, + 0x31, 0x1E, 0x53, 0xFD, 0x2C, 0x14, 0xB5, 0x74, 0xE6, 0xA3, 0x10, 0x9A, + 0x3D, 0xA1, 0xBE, 0x41, 0xBD, 0xCE, 0xAA, 0x18, 0x6F, 0x5C, 0xE0, 0x67, + 0x16, 0xA2, 0xB6, 0xA0, 0x7B, 0x3C, 0x33, 0xFE +}; + +static const unsigned char dhtest_1024_160_Z[] = { + 0x5C, 0x80, 0x4F, 0x45, 0x4D, 0x30, 0xD9, 0xC4, 0xDF, 0x85, 0x27, 0x1F, + 0x93, 0x52, 0x8C, 0x91, 0xDF, 0x6B, 0x48, 0xAB, 0x5F, 0x80, 0xB3, 0xB5, + 0x9C, 0xAA, 0xC1, 0xB2, 0x8F, 0x8A, 0xCB, 0xA9, 0xCD, 0x3E, 0x39, 0xF3, + 0xCB, 0x61, 0x45, 0x25, 0xD9, 0x52, 0x1D, 0x2E, 0x64, 0x4C, 0x53, 0xB8, + 0x07, 0xB8, 0x10, 0xF3, 0x40, 0x06, 0x2F, 0x25, 0x7D, 0x7D, 0x6F, 0xBF, + 0xE8, 0xD5, 0xE8, 0xF0, 0x72, 0xE9, 0xB6, 0xE9, 0xAF, 0xDA, 0x94, 0x13, + 0xEA, 0xFB, 0x2E, 0x8B, 0x06, 0x99, 0xB1, 0xFB, 0x5A, 0x0C, 0xAC, 0xED, + 0xDE, 0xAE, 0xAD, 0x7E, 0x9C, 0xFB, 0xB3, 0x6A, 0xE2, 0xB4, 0x20, 0x83, + 0x5B, 0xD8, 0x3A, 0x19, 0xFB, 0x0B, 0x5E, 0x96, 0xBF, 0x8F, 0xA4, 0xD0, + 0x9E, 0x34, 0x55, 0x25, 0x16, 0x7E, 0xCD, 0x91, 0x55, 0x41, 0x6F, 0x46, + 0xF4, 0x08, 0xED, 0x31, 0xB6, 0x3C, 0x6E, 0x6D +}; + +static const unsigned char dhtest_2048_224_xA[] = { + 0x22, 0xE6, 0x26, 0x01, 0xDB, 0xFF, 0xD0, 0x67, 0x08, 0xA6, 0x80, 0xF7, + 0x47, 0xF3, 0x61, 0xF7, 0x6D, 0x8F, 0x4F, 0x72, 0x1A, 0x05, 0x48, 0xE4, + 0x83, 0x29, 0x4B, 0x0C +}; + +static const unsigned char dhtest_2048_224_yA[] = { + 0x1B, 0x3A, 0x63, 0x45, 0x1B, 0xD8, 0x86, 0xE6, 0x99, 0xE6, 0x7B, 0x49, + 0x4E, 0x28, 0x8B, 0xD7, 0xF8, 0xE0, 0xD3, 0x70, 0xBA, 0xDD, 0xA7, 0xA0, + 0xEF, 0xD2, 0xFD, 0xE7, 0xD8, 0xF6, 0x61, 0x45, 0xCC, 0x9F, 0x28, 0x04, + 0x19, 0x97, 0x5E, 0xB8, 0x08, 0x87, 0x7C, 0x8A, 0x4C, 0x0C, 0x8E, 0x0B, + 0xD4, 0x8D, 0x4A, 0x54, 0x01, 0xEB, 0x1E, 0x87, 0x76, 0xBF, 0xEE, 0xE1, + 0x34, 0xC0, 0x38, 0x31, 0xAC, 0x27, 0x3C, 0xD9, 0xD6, 0x35, 0xAB, 0x0C, + 0xE0, 0x06, 0xA4, 0x2A, 0x88, 0x7E, 0x3F, 0x52, 0xFB, 0x87, 0x66, 0xB6, + 0x50, 0xF3, 0x80, 0x78, 0xBC, 0x8E, 0xE8, 0x58, 0x0C, 0xEF, 0xE2, 0x43, + 0x96, 0x8C, 0xFC, 0x4F, 0x8D, 0xC3, 0xDB, 0x08, 0x45, 0x54, 0x17, 0x1D, + 0x41, 0xBF, 0x2E, 0x86, 0x1B, 0x7B, 0xB4, 0xD6, 0x9D, 0xD0, 0xE0, 0x1E, + 0xA3, 0x87, 0xCB, 0xAA, 0x5C, 0xA6, 0x72, 0xAF, 0xCB, 0xE8, 0xBD, 0xB9, + 0xD6, 0x2D, 0x4C, 0xE1, 0x5F, 0x17, 0xDD, 0x36, 0xF9, 0x1E, 0xD1, 0xEE, + 0xDD, 0x65, 0xCA, 0x4A, 0x06, 0x45, 0x5C, 0xB9, 0x4C, 0xD4, 0x0A, 0x52, + 0xEC, 0x36, 0x0E, 0x84, 0xB3, 0xC9, 0x26, 0xE2, 0x2C, 0x43, 0x80, 0xA3, + 0xBF, 0x30, 0x9D, 0x56, 0x84, 0x97, 0x68, 0xB7, 0xF5, 0x2C, 0xFD, 0xF6, + 0x55, 0xFD, 0x05, 0x3A, 0x7E, 0xF7, 0x06, 0x97, 0x9E, 0x7E, 0x58, 0x06, + 0xB1, 0x7D, 0xFA, 0xE5, 0x3A, 0xD2, 0xA5, 0xBC, 0x56, 0x8E, 0xBB, 0x52, + 0x9A, 0x7A, 0x61, 0xD6, 0x8D, 0x25, 0x6F, 0x8F, 0xC9, 0x7C, 0x07, 0x4A, + 0x86, 0x1D, 0x82, 0x7E, 0x2E, 0xBC, 0x8C, 0x61, 0x34, 0x55, 0x31, 0x15, + 0xB7, 0x0E, 0x71, 0x03, 0x92, 0x0A, 0xA1, 0x6D, 0x85, 0xE5, 0x2B, 0xCB, + 0xAB, 0x8D, 0x78, 0x6A, 0x68, 0x17, 0x8F, 0xA8, 0xFF, 0x7C, 0x2F, 0x5C, + 0x71, 0x64, 0x8D, 0x6F +}; + +static const unsigned char dhtest_2048_224_xB[] = { + 0x4F, 0xF3, 0xBC, 0x96, 0xC7, 0xFC, 0x6A, 0x6D, 0x71, 0xD3, 0xB3, 0x63, + 0x80, 0x0A, 0x7C, 0xDF, 0xEF, 0x6F, 0xC4, 0x1B, 0x44, 0x17, 0xEA, 0x15, + 0x35, 0x3B, 0x75, 0x90 +}; + +static const unsigned char dhtest_2048_224_yB[] = { + 0x4D, 0xCE, 0xE9, 0x92, 0xA9, 0x76, 0x2A, 0x13, 0xF2, 0xF8, 0x38, 0x44, + 0xAD, 0x3D, 0x77, 0xEE, 0x0E, 0x31, 0xC9, 0x71, 0x8B, 0x3D, 0xB6, 0xC2, + 0x03, 0x5D, 0x39, 0x61, 0x18, 0x2C, 0x3E, 0x0B, 0xA2, 0x47, 0xEC, 0x41, + 0x82, 0xD7, 0x60, 0xCD, 0x48, 0xD9, 0x95, 0x99, 0x97, 0x06, 0x22, 0xA1, + 0x88, 0x1B, 0xBA, 0x2D, 0xC8, 0x22, 0x93, 0x9C, 0x78, 0xC3, 0x91, 0x2C, + 0x66, 0x61, 0xFA, 0x54, 0x38, 0xB2, 0x07, 0x66, 0x22, 0x2B, 0x75, 0xE2, + 0x4C, 0x2E, 0x3A, 0xD0, 0xC7, 0x28, 0x72, 0x36, 0x12, 0x95, 0x25, 0xEE, + 0x15, 0xB5, 0xDD, 0x79, 0x98, 0xAA, 0x04, 0xC4, 0xA9, 0x69, 0x6C, 0xAC, + 0xD7, 0x17, 0x20, 0x83, 0xA9, 0x7A, 0x81, 0x66, 0x4E, 0xAD, 0x2C, 0x47, + 0x9E, 0x44, 0x4E, 0x4C, 0x06, 0x54, 0xCC, 0x19, 0xE2, 0x8D, 0x77, 0x03, + 0xCE, 0xE8, 0xDA, 0xCD, 0x61, 0x26, 0xF5, 0xD6, 0x65, 0xEC, 0x52, 0xC6, + 0x72, 0x55, 0xDB, 0x92, 0x01, 0x4B, 0x03, 0x7E, 0xB6, 0x21, 0xA2, 0xAC, + 0x8E, 0x36, 0x5D, 0xE0, 0x71, 0xFF, 0xC1, 0x40, 0x0A, 0xCF, 0x07, 0x7A, + 0x12, 0x91, 0x3D, 0xD8, 0xDE, 0x89, 0x47, 0x34, 0x37, 0xAB, 0x7B, 0xA3, + 0x46, 0x74, 0x3C, 0x1B, 0x21, 0x5D, 0xD9, 0xC1, 0x21, 0x64, 0xA7, 0xE4, + 0x05, 0x31, 0x18, 0xD1, 0x99, 0xBE, 0xC8, 0xEF, 0x6F, 0xC5, 0x61, 0x17, + 0x0C, 0x84, 0xC8, 0x7D, 0x10, 0xEE, 0x9A, 0x67, 0x4A, 0x1F, 0xA8, 0xFF, + 0xE1, 0x3B, 0xDF, 0xBA, 0x1D, 0x44, 0xDE, 0x48, 0x94, 0x6D, 0x68, 0xDC, + 0x0C, 0xDD, 0x77, 0x76, 0x35, 0xA7, 0xAB, 0x5B, 0xFB, 0x1E, 0x4B, 0xB7, + 0xB8, 0x56, 0xF9, 0x68, 0x27, 0x73, 0x4C, 0x18, 0x41, 0x38, 0xE9, 0x15, + 0xD9, 0xC3, 0x00, 0x2E, 0xBC, 0xE5, 0x31, 0x20, 0x54, 0x6A, 0x7E, 0x20, + 0x02, 0x14, 0x2B, 0x6C +}; + +static const unsigned char dhtest_2048_224_Z[] = { + 0x34, 0xD9, 0xBD, 0xDC, 0x1B, 0x42, 0x17, 0x6C, 0x31, 0x3F, 0xEA, 0x03, + 0x4C, 0x21, 0x03, 0x4D, 0x07, 0x4A, 0x63, 0x13, 0xBB, 0x4E, 0xCD, 0xB3, + 0x70, 0x3F, 0xFF, 0x42, 0x45, 0x67, 0xA4, 0x6B, 0xDF, 0x75, 0x53, 0x0E, + 0xDE, 0x0A, 0x9D, 0xA5, 0x22, 0x9D, 0xE7, 0xD7, 0x67, 0x32, 0x28, 0x6C, + 0xBC, 0x0F, 0x91, 0xDA, 0x4C, 0x3C, 0x85, 0x2F, 0xC0, 0x99, 0xC6, 0x79, + 0x53, 0x1D, 0x94, 0xC7, 0x8A, 0xB0, 0x3D, 0x9D, 0xEC, 0xB0, 0xA4, 0xE4, + 0xCA, 0x8B, 0x2B, 0xB4, 0x59, 0x1C, 0x40, 0x21, 0xCF, 0x8C, 0xE3, 0xA2, + 0x0A, 0x54, 0x1D, 0x33, 0x99, 0x40, 0x17, 0xD0, 0x20, 0x0A, 0xE2, 0xC9, + 0x51, 0x6E, 0x2F, 0xF5, 0x14, 0x57, 0x79, 0x26, 0x9E, 0x86, 0x2B, 0x0F, + 0xB4, 0x74, 0xA2, 0xD5, 0x6D, 0xC3, 0x1E, 0xD5, 0x69, 0xA7, 0x70, 0x0B, + 0x4C, 0x4A, 0xB1, 0x6B, 0x22, 0xA4, 0x55, 0x13, 0x53, 0x1E, 0xF5, 0x23, + 0xD7, 0x12, 0x12, 0x07, 0x7B, 0x5A, 0x16, 0x9B, 0xDE, 0xFF, 0xAD, 0x7A, + 0xD9, 0x60, 0x82, 0x84, 0xC7, 0x79, 0x5B, 0x6D, 0x5A, 0x51, 0x83, 0xB8, + 0x70, 0x66, 0xDE, 0x17, 0xD8, 0xD6, 0x71, 0xC9, 0xEB, 0xD8, 0xEC, 0x89, + 0x54, 0x4D, 0x45, 0xEC, 0x06, 0x15, 0x93, 0xD4, 0x42, 0xC6, 0x2A, 0xB9, + 0xCE, 0x3B, 0x1C, 0xB9, 0x94, 0x3A, 0x1D, 0x23, 0xA5, 0xEA, 0x3B, 0xCF, + 0x21, 0xA0, 0x14, 0x71, 0xE6, 0x7E, 0x00, 0x3E, 0x7F, 0x8A, 0x69, 0xC7, + 0x28, 0xBE, 0x49, 0x0B, 0x2F, 0xC8, 0x8C, 0xFE, 0xB9, 0x2D, 0xB6, 0xA2, + 0x15, 0xE5, 0xD0, 0x3C, 0x17, 0xC4, 0x64, 0xC9, 0xAC, 0x1A, 0x46, 0xE2, + 0x03, 0xE1, 0x3F, 0x95, 0x29, 0x95, 0xFB, 0x03, 0xC6, 0x9D, 0x3C, 0xC4, + 0x7F, 0xCB, 0x51, 0x0B, 0x69, 0x98, 0xFF, 0xD3, 0xAA, 0x6D, 0xE7, 0x3C, + 0xF9, 0xF6, 0x38, 0x69 +}; + +static const unsigned char dhtest_2048_256_xA[] = { + 0x08, 0x81, 0x38, 0x2C, 0xDB, 0x87, 0x66, 0x0C, 0x6D, 0xC1, 0x3E, 0x61, + 0x49, 0x38, 0xD5, 0xB9, 0xC8, 0xB2, 0xF2, 0x48, 0x58, 0x1C, 0xC5, 0xE3, + 0x1B, 0x35, 0x45, 0x43, 0x97, 0xFC, 0xE5, 0x0E +}; + +static const unsigned char dhtest_2048_256_yA[] = { + 0x2E, 0x93, 0x80, 0xC8, 0x32, 0x3A, 0xF9, 0x75, 0x45, 0xBC, 0x49, 0x41, + 0xDE, 0xB0, 0xEC, 0x37, 0x42, 0xC6, 0x2F, 0xE0, 0xEC, 0xE8, 0x24, 0xA6, + 0xAB, 0xDB, 0xE6, 0x6C, 0x59, 0xBE, 0xE0, 0x24, 0x29, 0x11, 0xBF, 0xB9, + 0x67, 0x23, 0x5C, 0xEB, 0xA3, 0x5A, 0xE1, 0x3E, 0x4E, 0xC7, 0x52, 0xBE, + 0x63, 0x0B, 0x92, 0xDC, 0x4B, 0xDE, 0x28, 0x47, 0xA9, 0xC6, 0x2C, 0xB8, + 0x15, 0x27, 0x45, 0x42, 0x1F, 0xB7, 0xEB, 0x60, 0xA6, 0x3C, 0x0F, 0xE9, + 0x15, 0x9F, 0xCC, 0xE7, 0x26, 0xCE, 0x7C, 0xD8, 0x52, 0x3D, 0x74, 0x50, + 0x66, 0x7E, 0xF8, 0x40, 0xE4, 0x91, 0x91, 0x21, 0xEB, 0x5F, 0x01, 0xC8, + 0xC9, 0xB0, 0xD3, 0xD6, 0x48, 0xA9, 0x3B, 0xFB, 0x75, 0x68, 0x9E, 0x82, + 0x44, 0xAC, 0x13, 0x4A, 0xF5, 0x44, 0x71, 0x1C, 0xE7, 0x9A, 0x02, 0xDC, + 0xC3, 0x42, 0x26, 0x68, 0x47, 0x80, 0xDD, 0xDC, 0xB4, 0x98, 0x59, 0x41, + 0x06, 0xC3, 0x7F, 0x5B, 0xC7, 0x98, 0x56, 0x48, 0x7A, 0xF5, 0xAB, 0x02, + 0x2A, 0x2E, 0x5E, 0x42, 0xF0, 0x98, 0x97, 0xC1, 0xA8, 0x5A, 0x11, 0xEA, + 0x02, 0x12, 0xAF, 0x04, 0xD9, 0xB4, 0xCE, 0xBC, 0x93, 0x7C, 0x3C, 0x1A, + 0x3E, 0x15, 0xA8, 0xA0, 0x34, 0x2E, 0x33, 0x76, 0x15, 0xC8, 0x4E, 0x7F, + 0xE3, 0xB8, 0xB9, 0xB8, 0x7F, 0xB1, 0xE7, 0x3A, 0x15, 0xAF, 0x12, 0xA3, + 0x0D, 0x74, 0x6E, 0x06, 0xDF, 0xC3, 0x4F, 0x29, 0x0D, 0x79, 0x7C, 0xE5, + 0x1A, 0xA1, 0x3A, 0xA7, 0x85, 0xBF, 0x66, 0x58, 0xAF, 0xF5, 0xE4, 0xB0, + 0x93, 0x00, 0x3C, 0xBE, 0xAF, 0x66, 0x5B, 0x3C, 0x2E, 0x11, 0x3A, 0x3A, + 0x4E, 0x90, 0x52, 0x69, 0x34, 0x1D, 0xC0, 0x71, 0x14, 0x26, 0x68, 0x5F, + 0x4E, 0xF3, 0x7E, 0x86, 0x8A, 0x81, 0x26, 0xFF, 0x3F, 0x22, 0x79, 0xB5, + 0x7C, 0xA6, 0x7E, 0x29 +}; + +static const unsigned char dhtest_2048_256_xB[] = { + 0x7D, 0x62, 0xA7, 0xE3, 0xEF, 0x36, 0xDE, 0x61, 0x7B, 0x13, 0xD1, 0xAF, + 0xB8, 0x2C, 0x78, 0x0D, 0x83, 0xA2, 0x3B, 0xD4, 0xEE, 0x67, 0x05, 0x64, + 0x51, 0x21, 0xF3, 0x71, 0xF5, 0x46, 0xA5, 0x3D +}; + +static const unsigned char dhtest_2048_256_yB[] = { + 0x57, 0x5F, 0x03, 0x51, 0xBD, 0x2B, 0x1B, 0x81, 0x74, 0x48, 0xBD, 0xF8, + 0x7A, 0x6C, 0x36, 0x2C, 0x1E, 0x28, 0x9D, 0x39, 0x03, 0xA3, 0x0B, 0x98, + 0x32, 0xC5, 0x74, 0x1F, 0xA2, 0x50, 0x36, 0x3E, 0x7A, 0xCB, 0xC7, 0xF7, + 0x7F, 0x3D, 0xAC, 0xBC, 0x1F, 0x13, 0x1A, 0xDD, 0x8E, 0x03, 0x36, 0x7E, + 0xFF, 0x8F, 0xBB, 0xB3, 0xE1, 0xC5, 0x78, 0x44, 0x24, 0x80, 0x9B, 0x25, + 0xAF, 0xE4, 0xD2, 0x26, 0x2A, 0x1A, 0x6F, 0xD2, 0xFA, 0xB6, 0x41, 0x05, + 0xCA, 0x30, 0xA6, 0x74, 0xE0, 0x7F, 0x78, 0x09, 0x85, 0x20, 0x88, 0x63, + 0x2F, 0xC0, 0x49, 0x23, 0x37, 0x91, 0xAD, 0x4E, 0xDD, 0x08, 0x3A, 0x97, + 0x8B, 0x88, 0x3E, 0xE6, 0x18, 0xBC, 0x5E, 0x0D, 0xD0, 0x47, 0x41, 0x5F, + 0x2D, 0x95, 0xE6, 0x83, 0xCF, 0x14, 0x82, 0x6B, 0x5F, 0xBE, 0x10, 0xD3, + 0xCE, 0x41, 0xC6, 0xC1, 0x20, 0xC7, 0x8A, 0xB2, 0x00, 0x08, 0xC6, 0x98, + 0xBF, 0x7F, 0x0B, 0xCA, 0xB9, 0xD7, 0xF4, 0x07, 0xBE, 0xD0, 0xF4, 0x3A, + 0xFB, 0x29, 0x70, 0xF5, 0x7F, 0x8D, 0x12, 0x04, 0x39, 0x63, 0xE6, 0x6D, + 0xDD, 0x32, 0x0D, 0x59, 0x9A, 0xD9, 0x93, 0x6C, 0x8F, 0x44, 0x13, 0x7C, + 0x08, 0xB1, 0x80, 0xEC, 0x5E, 0x98, 0x5C, 0xEB, 0xE1, 0x86, 0xF3, 0xD5, + 0x49, 0x67, 0x7E, 0x80, 0x60, 0x73, 0x31, 0xEE, 0x17, 0xAF, 0x33, 0x80, + 0xA7, 0x25, 0xB0, 0x78, 0x23, 0x17, 0xD7, 0xDD, 0x43, 0xF5, 0x9D, 0x7A, + 0xF9, 0x56, 0x8A, 0x9B, 0xB6, 0x3A, 0x84, 0xD3, 0x65, 0xF9, 0x22, 0x44, + 0xED, 0x12, 0x09, 0x88, 0x21, 0x93, 0x02, 0xF4, 0x29, 0x24, 0xC7, 0xCA, + 0x90, 0xB8, 0x9D, 0x24, 0xF7, 0x1B, 0x0A, 0xB6, 0x97, 0x82, 0x3D, 0x7D, + 0xEB, 0x1A, 0xFF, 0x5B, 0x0E, 0x8E, 0x4A, 0x45, 0xD4, 0x9F, 0x7F, 0x53, + 0x75, 0x7E, 0x19, 0x13 +}; + +static const unsigned char dhtest_2048_256_Z[] = { + 0x86, 0xC7, 0x0B, 0xF8, 0xD0, 0xBB, 0x81, 0xBB, 0x01, 0x07, 0x8A, 0x17, + 0x21, 0x9C, 0xB7, 0xD2, 0x72, 0x03, 0xDB, 0x2A, 0x19, 0xC8, 0x77, 0xF1, + 0xD1, 0xF1, 0x9F, 0xD7, 0xD7, 0x7E, 0xF2, 0x25, 0x46, 0xA6, 0x8F, 0x00, + 0x5A, 0xD5, 0x2D, 0xC8, 0x45, 0x53, 0xB7, 0x8F, 0xC6, 0x03, 0x30, 0xBE, + 0x51, 0xEA, 0x7C, 0x06, 0x72, 0xCA, 0xC1, 0x51, 0x5E, 0x4B, 0x35, 0xC0, + 0x47, 0xB9, 0xA5, 0x51, 0xB8, 0x8F, 0x39, 0xDC, 0x26, 0xDA, 0x14, 0xA0, + 0x9E, 0xF7, 0x47, 0x74, 0xD4, 0x7C, 0x76, 0x2D, 0xD1, 0x77, 0xF9, 0xED, + 0x5B, 0xC2, 0xF1, 0x1E, 0x52, 0xC8, 0x79, 0xBD, 0x95, 0x09, 0x85, 0x04, + 0xCD, 0x9E, 0xEC, 0xD8, 0xA8, 0xF9, 0xB3, 0xEF, 0xBD, 0x1F, 0x00, 0x8A, + 0xC5, 0x85, 0x30, 0x97, 0xD9, 0xD1, 0x83, 0x7F, 0x2B, 0x18, 0xF7, 0x7C, + 0xD7, 0xBE, 0x01, 0xAF, 0x80, 0xA7, 0xC7, 0xB5, 0xEA, 0x3C, 0xA5, 0x4C, + 0xC0, 0x2D, 0x0C, 0x11, 0x6F, 0xEE, 0x3F, 0x95, 0xBB, 0x87, 0x39, 0x93, + 0x85, 0x87, 0x5D, 0x7E, 0x86, 0x74, 0x7E, 0x67, 0x6E, 0x72, 0x89, 0x38, + 0xAC, 0xBF, 0xF7, 0x09, 0x8E, 0x05, 0xBE, 0x4D, 0xCF, 0xB2, 0x40, 0x52, + 0xB8, 0x3A, 0xEF, 0xFB, 0x14, 0x78, 0x3F, 0x02, 0x9A, 0xDB, 0xDE, 0x7F, + 0x53, 0xFA, 0xE9, 0x20, 0x84, 0x22, 0x40, 0x90, 0xE0, 0x07, 0xCE, 0xE9, + 0x4D, 0x4B, 0xF2, 0xBA, 0xCE, 0x9F, 0xFD, 0x4B, 0x57, 0xD2, 0xAF, 0x7C, + 0x72, 0x4D, 0x0C, 0xAA, 0x19, 0xBF, 0x05, 0x01, 0xF6, 0xF1, 0x7B, 0x4A, + 0xA1, 0x0F, 0x42, 0x5E, 0x3E, 0xA7, 0x60, 0x80, 0xB4, 0xB9, 0xD6, 0xB3, + 0xCE, 0xFE, 0xA1, 0x15, 0xB2, 0xCE, 0xB8, 0x78, 0x9B, 0xB8, 0xA3, 0xB0, + 0xEA, 0x87, 0xFE, 0xBE, 0x63, 0xB6, 0xC8, 0xF8, 0x46, 0xEC, 0x6D, 0xB0, + 0xC2, 0x6C, 0x5D, 0x7C +}; + +static const unsigned char dhtest_rfc5114_2048_224_bad_y[] = { + 0x45, 0x32, 0x5F, 0x51, 0x07, 0xE5, 0xDF, 0x1C, 0xD6, 0x02, 0x82, 0xB3, + 0x32, 0x8F, 0xA4, 0x0F, 0x87, 0xB8, 0x41, 0xFE, 0xB9, 0x35, 0xDE, 0xAD, + 0xC6, 0x26, 0x85, 0xB4, 0xFF, 0x94, 0x8C, 0x12, 0x4C, 0xBF, 0x5B, 0x20, + 0xC4, 0x46, 0xA3, 0x26, 0xEB, 0xA4, 0x25, 0xB7, 0x68, 0x8E, 0xCC, 0x67, + 0xBA, 0xEA, 0x58, 0xD0, 0xF2, 0xE9, 0xD2, 0x24, 0x72, 0x60, 0xDA, 0x88, + 0x18, 0x9C, 0xE0, 0x31, 0x6A, 0xAD, 0x50, 0x6D, 0x94, 0x35, 0x8B, 0x83, + 0x4A, 0x6E, 0xFA, 0x48, 0x73, 0x0F, 0x83, 0x87, 0xFF, 0x6B, 0x66, 0x1F, + 0xA8, 0x82, 0xC6, 0x01, 0xE5, 0x80, 0xB5, 0xB0, 0x52, 0xD0, 0xE9, 0xD8, + 0x72, 0xF9, 0x7D, 0x5B, 0x8B, 0xA5, 0x4C, 0xA5, 0x25, 0x95, 0x74, 0xE2, + 0x7A, 0x61, 0x4E, 0xA7, 0x8F, 0x12, 0xE2, 0xD2, 0x9D, 0x8C, 0x02, 0x70, + 0x34, 0x44, 0x32, 0xC7, 0xB2, 0xF3, 0xB9, 0xFE, 0x17, 0x2B, 0xD6, 0x1F, + 0x8B, 0x7E, 0x4A, 0xFA, 0xA3, 0xB5, 0x3E, 0x7A, 0x81, 0x9A, 0x33, 0x66, + 0x62, 0xA4, 0x50, 0x18, 0x3E, 0xA2, 0x5F, 0x00, 0x07, 0xD8, 0x9B, 0x22, + 0xE4, 0xEC, 0x84, 0xD5, 0xEB, 0x5A, 0xF3, 0x2A, 0x31, 0x23, 0xD8, 0x44, + 0x22, 0x2A, 0x8B, 0x37, 0x44, 0xCC, 0xC6, 0x87, 0x4B, 0xBE, 0x50, 0x9D, + 0x4A, 0xC4, 0x8E, 0x45, 0xCF, 0x72, 0x4D, 0xC0, 0x89, 0xB3, 0x72, 0xED, + 0x33, 0x2C, 0xBC, 0x7F, 0x16, 0x39, 0x3B, 0xEB, 0xD2, 0xDD, 0xA8, 0x01, + 0x73, 0x84, 0x62, 0xB9, 0x29, 0xD2, 0xC9, 0x51, 0x32, 0x9E, 0x7A, 0x6A, + 0xCF, 0xC1, 0x0A, 0xDB, 0x0E, 0xE0, 0x62, 0x77, 0x6F, 0x59, 0x62, 0x72, + 0x5A, 0x69, 0xA6, 0x5B, 0x70, 0xCA, 0x65, 0xC4, 0x95, 0x6F, 0x9A, 0xC2, + 0xDF, 0x72, 0x6D, 0xB1, 0x1E, 0x54, 0x7B, 0x51, 0xB4, 0xEF, 0x7F, 0x89, + 0x93, 0x74, 0x89, 0x59 +}; + +typedef struct { + DH *(*get_param) (void); + const unsigned char *xA; + size_t xA_len; + const unsigned char *yA; + size_t yA_len; + const unsigned char *xB; + size_t xB_len; + const unsigned char *yB; + size_t yB_len; + const unsigned char *Z; + size_t Z_len; +} rfc5114_td; + +# define make_rfc5114_td(pre) { \ + DH_get_##pre, \ + dhtest_##pre##_xA, sizeof(dhtest_##pre##_xA), \ + dhtest_##pre##_yA, sizeof(dhtest_##pre##_yA), \ + dhtest_##pre##_xB, sizeof(dhtest_##pre##_xB), \ + dhtest_##pre##_yB, sizeof(dhtest_##pre##_yB), \ + dhtest_##pre##_Z, sizeof(dhtest_##pre##_Z) \ + } + +static const rfc5114_td rfctd[] = { + make_rfc5114_td(1024_160), + make_rfc5114_td(2048_224), + make_rfc5114_td(2048_256) +}; + +static int run_rfc5114_tests(void) +{ + int i; + DH *dhA = NULL; + DH *dhB = NULL; + unsigned char *Z1 = NULL; + unsigned char *Z2 = NULL; + const rfc5114_td *td = NULL; + BIGNUM *bady = NULL, *priv_key = NULL, *pub_key = NULL; + const BIGNUM *pub_key_tmp; + + for (i = 0; i < (int)OSSL_NELEM(rfctd); i++) { + td = rfctd + i; + /* Set up DH structures setting key components */ + dhA = td->get_param(); + dhB = td->get_param(); + if ((dhA == NULL) || (dhB == NULL)) + goto bad_err; + + priv_key = BN_bin2bn(td->xA, td->xA_len, NULL); + pub_key = BN_bin2bn(td->yA, td->yA_len, NULL); + if (priv_key == NULL || pub_key == NULL + || !DH_set0_key(dhA, pub_key, priv_key)) + goto bad_err; + + priv_key = BN_bin2bn(td->xB, td->xB_len, NULL); + pub_key = BN_bin2bn(td->yB, td->yB_len, NULL); + + if (priv_key == NULL || pub_key == NULL + || !DH_set0_key(dhB, pub_key, priv_key)) + goto bad_err; + priv_key = pub_key = NULL; + + if ((td->Z_len != (size_t)DH_size(dhA)) + || (td->Z_len != (size_t)DH_size(dhB))) + goto err; + + Z1 = OPENSSL_malloc(DH_size(dhA)); + Z2 = OPENSSL_malloc(DH_size(dhB)); + if ((Z1 == NULL) || (Z2 == NULL)) + goto bad_err; + /* + * Work out shared secrets using both sides and compare with expected + * values. + */ + DH_get0_key(dhB, &pub_key_tmp, NULL); + if (DH_compute_key(Z1, pub_key_tmp, dhA) == -1) + goto bad_err; + + DH_get0_key(dhA, &pub_key_tmp, NULL); + if (DH_compute_key(Z2, pub_key_tmp, dhB) == -1) + goto bad_err; + + if (memcmp(Z1, td->Z, td->Z_len)) + goto err; + if (memcmp(Z2, td->Z, td->Z_len)) + goto err; + + printf("RFC5114 parameter test %d OK\n", i + 1); + + DH_free(dhA); + DH_free(dhB); + OPENSSL_free(Z1); + OPENSSL_free(Z2); + dhA = NULL; + dhB = NULL; + Z1 = NULL; + Z2 = NULL; + } + + /* Now i == OSSL_NELEM(rfctd) */ + /* RFC5114 uses unsafe primes, so now test an invalid y value */ + dhA = DH_get_2048_224(); + if (dhA == NULL) + goto bad_err; + Z1 = OPENSSL_malloc(DH_size(dhA)); + if (Z1 == NULL) + goto bad_err; + + bady = BN_bin2bn(dhtest_rfc5114_2048_224_bad_y, + sizeof(dhtest_rfc5114_2048_224_bad_y), NULL); + if (bady == NULL) + goto bad_err; + + if (!DH_generate_key(dhA)) + goto bad_err; + + if (DH_compute_key(Z1, bady, dhA) != -1) { + /* + * DH_compute_key should fail with -1. If we get here we unexpectedly + * allowed an invalid y value + */ + goto err; + } + /* We'll have a stale error on the queue from the above test so clear it */ + ERR_clear_error(); + + printf("RFC5114 parameter test %d OK\n", i + 1); + + BN_free(bady); + DH_free(dhA); + OPENSSL_free(Z1); + + return 1; + bad_err: + BN_free(bady); + DH_free(dhA); + DH_free(dhB); + BN_free(pub_key); + BN_free(priv_key); + OPENSSL_free(Z1); + OPENSSL_free(Z2); + + fprintf(stderr, "Initialisation error RFC5114 set %d\n", i + 1); + ERR_print_errors_fp(stderr); + return 0; + err: + BN_free(bady); + DH_free(dhA); + DH_free(dhB); + OPENSSL_free(Z1); + OPENSSL_free(Z2); + + fprintf(stderr, "Test failed RFC5114 set %d\n", i + 1); + return 0; +} + +#endif diff --git a/openssl-1.1.0h/test/dsatest.c b/openssl-1.1.0h/test/dsatest.c new file mode 100644 index 0000000..3a62eb6 --- /dev/null +++ b/openssl-1.1.0h/test/dsatest.c @@ -0,0 +1,196 @@ +/* + * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#include +#include +#include +#include +#include + +#include "../e_os.h" + +#include +#include +#include +#include +#include + +#ifdef OPENSSL_NO_DSA +int main(int argc, char *argv[]) +{ + printf("No DSA support\n"); + return (0); +} +#else +# include + +static int dsa_cb(int p, int n, BN_GENCB *arg); + +/* + * seed, out_p, out_q, out_g are taken from the updated Appendix 5 to FIPS + * PUB 186 and also appear in Appendix 5 to FIPS PIB 186-1 + */ +static unsigned char seed[20] = { + 0xd5, 0x01, 0x4e, 0x4b, 0x60, 0xef, 0x2b, 0xa8, 0xb6, 0x21, 0x1b, 0x40, + 0x62, 0xba, 0x32, 0x24, 0xe0, 0x42, 0x7d, 0xd3, +}; + +static unsigned char out_p[] = { + 0x8d, 0xf2, 0xa4, 0x94, 0x49, 0x22, 0x76, 0xaa, + 0x3d, 0x25, 0x75, 0x9b, 0xb0, 0x68, 0x69, 0xcb, + 0xea, 0xc0, 0xd8, 0x3a, 0xfb, 0x8d, 0x0c, 0xf7, + 0xcb, 0xb8, 0x32, 0x4f, 0x0d, 0x78, 0x82, 0xe5, + 0xd0, 0x76, 0x2f, 0xc5, 0xb7, 0x21, 0x0e, 0xaf, + 0xc2, 0xe9, 0xad, 0xac, 0x32, 0xab, 0x7a, 0xac, + 0x49, 0x69, 0x3d, 0xfb, 0xf8, 0x37, 0x24, 0xc2, + 0xec, 0x07, 0x36, 0xee, 0x31, 0xc8, 0x02, 0x91, +}; + +static unsigned char out_q[] = { + 0xc7, 0x73, 0x21, 0x8c, 0x73, 0x7e, 0xc8, 0xee, + 0x99, 0x3b, 0x4f, 0x2d, 0xed, 0x30, 0xf4, 0x8e, + 0xda, 0xce, 0x91, 0x5f, +}; + +static unsigned char out_g[] = { + 0x62, 0x6d, 0x02, 0x78, 0x39, 0xea, 0x0a, 0x13, + 0x41, 0x31, 0x63, 0xa5, 0x5b, 0x4c, 0xb5, 0x00, + 0x29, 0x9d, 0x55, 0x22, 0x95, 0x6c, 0xef, 0xcb, + 0x3b, 0xff, 0x10, 0xf3, 0x99, 0xce, 0x2c, 0x2e, + 0x71, 0xcb, 0x9d, 0xe5, 0xfa, 0x24, 0xba, 0xbf, + 0x58, 0xe5, 0xb7, 0x95, 0x21, 0x92, 0x5c, 0x9c, + 0xc4, 0x2e, 0x9f, 0x6f, 0x46, 0x4b, 0x08, 0x8c, + 0xc5, 0x72, 0xaf, 0x53, 0xe6, 0xd7, 0x88, 0x02, +}; + +static const unsigned char str1[] = "12345678901234567890"; + +static const char rnd_seed[] = + "string to make the random number generator think it has entropy"; + +static BIO *bio_err = NULL; + +int main(int argc, char **argv) +{ + BN_GENCB *cb; + DSA *dsa = NULL; + int counter, ret = 0, i, j; + unsigned char buf[256]; + unsigned long h; + unsigned char sig[256]; + unsigned int siglen; + const BIGNUM *p = NULL, *q = NULL, *g = NULL; + + if (bio_err == NULL) + bio_err = BIO_new_fp(stderr, BIO_NOCLOSE | BIO_FP_TEXT); + + CRYPTO_set_mem_debug(1); + CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON); + + RAND_seed(rnd_seed, sizeof(rnd_seed)); + + BIO_printf(bio_err, "test generation of DSA parameters\n"); + + cb = BN_GENCB_new(); + if (!cb) + goto end; + + BN_GENCB_set(cb, dsa_cb, bio_err); + if (((dsa = DSA_new()) == NULL) || !DSA_generate_parameters_ex(dsa, 512, + seed, 20, + &counter, + &h, cb)) + goto end; + + BIO_printf(bio_err, "seed\n"); + for (i = 0; i < 20; i += 4) { + BIO_printf(bio_err, "%02X%02X%02X%02X ", + seed[i], seed[i + 1], seed[i + 2], seed[i + 3]); + } + BIO_printf(bio_err, "\ncounter=%d h=%ld\n", counter, h); + + DSA_print(bio_err, dsa, 0); + if (counter != 105) { + BIO_printf(bio_err, "counter should be 105\n"); + goto end; + } + if (h != 2) { + BIO_printf(bio_err, "h should be 2\n"); + goto end; + } + + DSA_get0_pqg(dsa, &p, &q, &g); + i = BN_bn2bin(q, buf); + j = sizeof(out_q); + if ((i != j) || (memcmp(buf, out_q, i) != 0)) { + BIO_printf(bio_err, "q value is wrong\n"); + goto end; + } + + i = BN_bn2bin(p, buf); + j = sizeof(out_p); + if ((i != j) || (memcmp(buf, out_p, i) != 0)) { + BIO_printf(bio_err, "p value is wrong\n"); + goto end; + } + + i = BN_bn2bin(g, buf); + j = sizeof(out_g); + if ((i != j) || (memcmp(buf, out_g, i) != 0)) { + BIO_printf(bio_err, "g value is wrong\n"); + goto end; + } + + DSA_generate_key(dsa); + DSA_sign(0, str1, 20, sig, &siglen, dsa); + if (DSA_verify(0, str1, 20, sig, siglen, dsa) == 1) + ret = 1; + + end: + if (!ret) + ERR_print_errors(bio_err); + DSA_free(dsa); + BN_GENCB_free(cb); + +#ifndef OPENSSL_NO_CRYPTO_MDEBUG + if (CRYPTO_mem_leaks(bio_err) <= 0) + ret = 0; +#endif + BIO_free(bio_err); + bio_err = NULL; + EXIT(!ret); +} + +static int dsa_cb(int p, int n, BN_GENCB *arg) +{ + char c = '*'; + static int ok = 0, num = 0; + + if (p == 0) { + c = '.'; + num++; + }; + if (p == 1) + c = '+'; + if (p == 2) { + c = '*'; + ok++; + } + if (p == 3) + c = '\n'; + BIO_write(BN_GENCB_get_arg(arg), &c, 1); + (void)BIO_flush(BN_GENCB_get_arg(arg)); + + if (!ok && (p == 0) && (num > 1)) { + BIO_printf(BN_GENCB_get_arg(arg), "error in dsatest\n"); + return 0; + } + return 1; +} +#endif diff --git a/openssl-1.1.0h/test/dtlstest.c b/openssl-1.1.0h/test/dtlstest.c new file mode 100644 index 0000000..8200fac --- /dev/null +++ b/openssl-1.1.0h/test/dtlstest.c @@ -0,0 +1,143 @@ +/* + * Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#include +#include +#include +#include + +#include "ssltestlib.h" +#include "testutil.h" + +static char *cert = NULL; +static char *privkey = NULL; + +#define NUM_TESTS 2 + + +#define DUMMY_CERT_STATUS_LEN 12 + +static unsigned char certstatus[] = { + SSL3_RT_HANDSHAKE, /* Content type */ + 0xfe, 0xfd, /* Record version */ + 0, 1, /* Epoch */ + 0, 0, 0, 0, 0, 0x0f, /* Record sequence number */ + 0, DTLS1_HM_HEADER_LENGTH + DUMMY_CERT_STATUS_LEN - 2, + SSL3_MT_CERTIFICATE_STATUS, /* Cert Status handshake message type */ + 0, 0, DUMMY_CERT_STATUS_LEN, /* Message len */ + 0, 5, /* Message sequence */ + 0, 0, 0, /* Fragment offset */ + 0, 0, DUMMY_CERT_STATUS_LEN - 2, /* Fragment len */ + 0x80, 0x80, 0x80, 0x80, 0x80, + 0x80, 0x80, 0x80, 0x80, 0x80 /* Dummy data */ +}; + +#define RECORD_SEQUENCE 10 + +static int test_dtls_unprocessed(int testidx) +{ + SSL_CTX *sctx = NULL, *cctx = NULL; + SSL *serverssl1 = NULL, *clientssl1 = NULL; + BIO *c_to_s_fbio, *c_to_s_mempacket; + int testresult = 0; + + printf("Starting Test %d\n", testidx); + + if (!create_ssl_ctx_pair(DTLS_server_method(), DTLS_client_method(), + DTLS1_VERSION, DTLS_MAX_VERSION, &sctx, &cctx, + cert, privkey)) { + printf("Unable to create SSL_CTX pair\n"); + return 0; + } + + if (!SSL_CTX_set_cipher_list(cctx, "AES128-SHA")) { + printf("Failed setting cipher list\n"); + } + + c_to_s_fbio = BIO_new(bio_f_tls_dump_filter()); + if (c_to_s_fbio == NULL) { + printf("Failed to create filter BIO\n"); + goto end; + } + + /* BIO is freed by create_ssl_connection on error */ + if (!create_ssl_objects(sctx, cctx, &serverssl1, &clientssl1, NULL, + c_to_s_fbio)) { + printf("Unable to create SSL objects\n"); + ERR_print_errors_fp(stdout); + goto end; + } + + if (testidx == 1) + certstatus[RECORD_SEQUENCE] = 0xff; + + /* + * Inject a dummy record from the next epoch. In test 0, this should never + * get used because the message sequence number is too big. In test 1 we set + * the record sequence number to be way off in the future. This should not + * have an impact on the record replay protection because the record should + * be dropped before it is marked as arrived + */ + c_to_s_mempacket = SSL_get_wbio(clientssl1); + c_to_s_mempacket = BIO_next(c_to_s_mempacket); + mempacket_test_inject(c_to_s_mempacket, (char *)certstatus, + sizeof(certstatus), 1, INJECT_PACKET_IGNORE_REC_SEQ); + + if (!create_ssl_connection(serverssl1, clientssl1)) { + printf("Unable to create SSL connection\n"); + ERR_print_errors_fp(stdout); + goto end; + } + + testresult = 1; + end: + SSL_free(serverssl1); + SSL_free(clientssl1); + SSL_CTX_free(sctx); + SSL_CTX_free(cctx); + + return testresult; +} + +int main(int argc, char *argv[]) +{ + BIO *err = NULL; + int testresult = 1; + + if (argc != 3) { + printf("Invalid argument count\n"); + return 1; + } + + cert = argv[1]; + privkey = argv[2]; + + err = BIO_new_fp(stderr, BIO_NOCLOSE | BIO_FP_TEXT); + + CRYPTO_set_mem_debug(1); + CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON); + + ADD_ALL_TESTS(test_dtls_unprocessed, NUM_TESTS); + + testresult = run_tests(argv[0]); + + bio_f_tls_dump_filter_free(); + bio_s_mempacket_test_free(); + +#ifndef OPENSSL_NO_CRYPTO_MDEBUG + if (CRYPTO_mem_leaks(err) <= 0) + testresult = 1; +#endif + BIO_free(err); + + if (!testresult) + printf("PASS\n"); + + return testresult; +} diff --git a/openssl-1.1.0h/test/dtlsv1listentest.c b/openssl-1.1.0h/test/dtlsv1listentest.c new file mode 100644 index 0000000..91d78e1 --- /dev/null +++ b/openssl-1.1.0h/test/dtlsv1listentest.c @@ -0,0 +1,426 @@ +/* + * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#include +#include +#include +#include +#include +#ifndef OPENSSL_NO_ENGINE + #include +#endif +#include "e_os.h" + +#ifndef OPENSSL_NO_SOCK + +/* Just a ClientHello without a cookie */ +static const unsigned char clienthello_nocookie[] = { + 0x16, /* Handshake */ + 0xFE, 0xFF, /* DTLSv1.0 */ + 0x00, 0x00, /* Epoch */ + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, /* Record sequence number */ + 0x00, 0x3A, /* Record Length */ + 0x01, /* ClientHello */ + 0x00, 0x00, 0x2E, /* Message length */ + 0x00, 0x00, /* Message sequence */ + 0x00, 0x00, 0x00, /* Fragment offset */ + 0x00, 0x00, 0x2E, /* Fragment length */ + 0xFE, 0xFD, /* DTLSv1.2 */ + 0xCA, 0x18, 0x9F, 0x76, 0xEC, 0x57, 0xCE, 0xE5, 0xB3, 0xAB, 0x79, 0x90, + 0xAD, 0xAC, 0x6E, 0xD1, 0x58, 0x35, 0x03, 0x97, 0x16, 0x10, 0x82, 0x56, + 0xD8, 0x55, 0xFF, 0xE1, 0x8A, 0xA3, 0x2E, 0xF6, /* Random */ + 0x00, /* Session id len */ + 0x00, /* Cookie len */ + 0x00, 0x04, /* Ciphersuites len */ + 0x00, 0x2f, /* AES128-SHA */ + 0x00, 0xff, /* Empty reneg info SCSV */ + 0x01, /* Compression methods len */ + 0x00, /* Null compression */ + 0x00, 0x00 /* Extensions len */ +}; + +/* First fragment of a ClientHello without a cookie */ +static const unsigned char clienthello_nocookie_frag[] = { + 0x16, /* Handshake */ + 0xFE, 0xFF, /* DTLSv1.0 */ + 0x00, 0x00, /* Epoch */ + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, /* Record sequence number */ + 0x00, 0x30, /* Record Length */ + 0x01, /* ClientHello */ + 0x00, 0x00, 0x2E, /* Message length */ + 0x00, 0x00, /* Message sequence */ + 0x00, 0x00, 0x00, /* Fragment offset */ + 0x00, 0x00, 0x24, /* Fragment length */ + 0xFE, 0xFD, /* DTLSv1.2 */ + 0xCA, 0x18, 0x9F, 0x76, 0xEC, 0x57, 0xCE, 0xE5, 0xB3, 0xAB, 0x79, 0x90, + 0xAD, 0xAC, 0x6E, 0xD1, 0x58, 0x35, 0x03, 0x97, 0x16, 0x10, 0x82, 0x56, + 0xD8, 0x55, 0xFF, 0xE1, 0x8A, 0xA3, 0x2E, 0xF6, /* Random */ + 0x00, /* Session id len */ + 0x00 /* Cookie len */ +}; + +/* First fragment of a ClientHello which is too short */ +static const unsigned char clienthello_nocookie_short[] = { + 0x16, /* Handshake */ + 0xFE, 0xFF, /* DTLSv1.0 */ + 0x00, 0x00, /* Epoch */ + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, /* Record sequence number */ + 0x00, 0x2F, /* Record Length */ + 0x01, /* ClientHello */ + 0x00, 0x00, 0x2E, /* Message length */ + 0x00, 0x00, /* Message sequence */ + 0x00, 0x00, 0x00, /* Fragment offset */ + 0x00, 0x00, 0x23, /* Fragment length */ + 0xFE, 0xFD, /* DTLSv1.2 */ + 0xCA, 0x18, 0x9F, 0x76, 0xEC, 0x57, 0xCE, 0xE5, 0xB3, 0xAB, 0x79, 0x90, + 0xAD, 0xAC, 0x6E, 0xD1, 0x58, 0x35, 0x03, 0x97, 0x16, 0x10, 0x82, 0x56, + 0xD8, 0x55, 0xFF, 0xE1, 0x8A, 0xA3, 0x2E, 0xF6, /* Random */ + 0x00 /* Session id len */ +}; + +/* Second fragment of a ClientHello */ +static const unsigned char clienthello_2ndfrag[] = { + 0x16, /* Handshake */ + 0xFE, 0xFF, /* DTLSv1.0 */ + 0x00, 0x00, /* Epoch */ + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, /* Record sequence number */ + 0x00, 0x38, /* Record Length */ + 0x01, /* ClientHello */ + 0x00, 0x00, 0x2E, /* Message length */ + 0x00, 0x00, /* Message sequence */ + 0x00, 0x00, 0x02, /* Fragment offset */ + 0x00, 0x00, 0x2C, /* Fragment length */ + /* Version skipped - sent in first fragment */ + 0xCA, 0x18, 0x9F, 0x76, 0xEC, 0x57, 0xCE, 0xE5, 0xB3, 0xAB, 0x79, 0x90, + 0xAD, 0xAC, 0x6E, 0xD1, 0x58, 0x35, 0x03, 0x97, 0x16, 0x10, 0x82, 0x56, + 0xD8, 0x55, 0xFF, 0xE1, 0x8A, 0xA3, 0x2E, 0xF6, /* Random */ + 0x00, /* Session id len */ + 0x00, /* Cookie len */ + 0x00, 0x04, /* Ciphersuites len */ + 0x00, 0x2f, /* AES128-SHA */ + 0x00, 0xff, /* Empty reneg info SCSV */ + 0x01, /* Compression methods len */ + 0x00, /* Null compression */ + 0x00, 0x00 /* Extensions len */ +}; + +/* A ClientHello with a good cookie */ +static const unsigned char clienthello_cookie[] = { + 0x16, /* Handshake */ + 0xFE, 0xFF, /* DTLSv1.0 */ + 0x00, 0x00, /* Epoch */ + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, /* Record sequence number */ + 0x00, 0x4E, /* Record Length */ + 0x01, /* ClientHello */ + 0x00, 0x00, 0x42, /* Message length */ + 0x00, 0x00, /* Message sequence */ + 0x00, 0x00, 0x00, /* Fragment offset */ + 0x00, 0x00, 0x42, /* Fragment length */ + 0xFE, 0xFD, /* DTLSv1.2 */ + 0xCA, 0x18, 0x9F, 0x76, 0xEC, 0x57, 0xCE, 0xE5, 0xB3, 0xAB, 0x79, 0x90, + 0xAD, 0xAC, 0x6E, 0xD1, 0x58, 0x35, 0x03, 0x97, 0x16, 0x10, 0x82, 0x56, + 0xD8, 0x55, 0xFF, 0xE1, 0x8A, 0xA3, 0x2E, 0xF6, /* Random */ + 0x00, /* Session id len */ + 0x14, /* Cookie len */ + 0x00, 0x01, 0x02, 0x03, 0x04, 005, 0x06, 007, 0x08, 0x09, 0x0A, 0x0B, 0x0C, + 0x0D, 0x0E, 0x0F, 0x10, 0x11, 0x12, 0x13, /* Cookie */ + 0x00, 0x04, /* Ciphersuites len */ + 0x00, 0x2f, /* AES128-SHA */ + 0x00, 0xff, /* Empty reneg info SCSV */ + 0x01, /* Compression methods len */ + 0x00, /* Null compression */ + 0x00, 0x00 /* Extensions len */ +}; + +/* A fragmented ClientHello with a good cookie */ +static const unsigned char clienthello_cookie_frag[] = { + 0x16, /* Handshake */ + 0xFE, 0xFF, /* DTLSv1.0 */ + 0x00, 0x00, /* Epoch */ + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, /* Record sequence number */ + 0x00, 0x44, /* Record Length */ + 0x01, /* ClientHello */ + 0x00, 0x00, 0x42, /* Message length */ + 0x00, 0x00, /* Message sequence */ + 0x00, 0x00, 0x00, /* Fragment offset */ + 0x00, 0x00, 0x38, /* Fragment length */ + 0xFE, 0xFD, /* DTLSv1.2 */ + 0xCA, 0x18, 0x9F, 0x76, 0xEC, 0x57, 0xCE, 0xE5, 0xB3, 0xAB, 0x79, 0x90, + 0xAD, 0xAC, 0x6E, 0xD1, 0x58, 0x35, 0x03, 0x97, 0x16, 0x10, 0x82, 0x56, + 0xD8, 0x55, 0xFF, 0xE1, 0x8A, 0xA3, 0x2E, 0xF6, /* Random */ + 0x00, /* Session id len */ + 0x14, /* Cookie len */ + 0x00, 0x01, 0x02, 0x03, 0x04, 005, 0x06, 007, 0x08, 0x09, 0x0A, 0x0B, 0x0C, + 0x0D, 0x0E, 0x0F, 0x10, 0x11, 0x12, 0x13 /* Cookie */ +}; + + +/* A ClientHello with a bad cookie */ +static const unsigned char clienthello_badcookie[] = { + 0x16, /* Handshake */ + 0xFE, 0xFF, /* DTLSv1.0 */ + 0x00, 0x00, /* Epoch */ + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, /* Record sequence number */ + 0x00, 0x4E, /* Record Length */ + 0x01, /* ClientHello */ + 0x00, 0x00, 0x42, /* Message length */ + 0x00, 0x00, /* Message sequence */ + 0x00, 0x00, 0x00, /* Fragment offset */ + 0x00, 0x00, 0x42, /* Fragment length */ + 0xFE, 0xFD, /* DTLSv1.2 */ + 0xCA, 0x18, 0x9F, 0x76, 0xEC, 0x57, 0xCE, 0xE5, 0xB3, 0xAB, 0x79, 0x90, + 0xAD, 0xAC, 0x6E, 0xD1, 0x58, 0x35, 0x03, 0x97, 0x16, 0x10, 0x82, 0x56, + 0xD8, 0x55, 0xFF, 0xE1, 0x8A, 0xA3, 0x2E, 0xF6, /* Random */ + 0x00, /* Session id len */ + 0x14, /* Cookie len */ + 0x01, 0x01, 0x02, 0x03, 0x04, 005, 0x06, 007, 0x08, 0x09, 0x0A, 0x0B, 0x0C, + 0x0D, 0x0E, 0x0F, 0x10, 0x11, 0x12, 0x13, /* Cookie */ + 0x00, 0x04, /* Ciphersuites len */ + 0x00, 0x2f, /* AES128-SHA */ + 0x00, 0xff, /* Empty reneg info SCSV */ + 0x01, /* Compression methods len */ + 0x00, /* Null compression */ + 0x00, 0x00 /* Extensions len */ +}; + +/* A fragmented ClientHello with the fragment boundary mid cookie */ +static const unsigned char clienthello_cookie_short[] = { + 0x16, /* Handshake */ + 0xFE, 0xFF, /* DTLSv1.0 */ + 0x00, 0x00, /* Epoch */ + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, /* Record sequence number */ + 0x00, 0x43, /* Record Length */ + 0x01, /* ClientHello */ + 0x00, 0x00, 0x42, /* Message length */ + 0x00, 0x00, /* Message sequence */ + 0x00, 0x00, 0x00, /* Fragment offset */ + 0x00, 0x00, 0x37, /* Fragment length */ + 0xFE, 0xFD, /* DTLSv1.2 */ + 0xCA, 0x18, 0x9F, 0x76, 0xEC, 0x57, 0xCE, 0xE5, 0xB3, 0xAB, 0x79, 0x90, + 0xAD, 0xAC, 0x6E, 0xD1, 0x58, 0x35, 0x03, 0x97, 0x16, 0x10, 0x82, 0x56, + 0xD8, 0x55, 0xFF, 0xE1, 0x8A, 0xA3, 0x2E, 0xF6, /* Random */ + 0x00, /* Session id len */ + 0x14, /* Cookie len */ + 0x00, 0x01, 0x02, 0x03, 0x04, 005, 0x06, 007, 0x08, 0x09, 0x0A, 0x0B, 0x0C, + 0x0D, 0x0E, 0x0F, 0x10, 0x11, 0x12 /* Cookie */ +}; + +/* Bad record - too short */ +static const unsigned char record_short[] = { + 0x16, /* Handshake */ + 0xFE, 0xFF, /* DTLSv1.0 */ + 0x00, 0x00, /* Epoch */ + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 /* Record sequence number */ +}; + +static const unsigned char verify[] = { + 0x16, /* Handshake */ + 0xFE, 0xFF, /* DTLSv1.0 */ + 0x00, 0x00, /* Epoch */ + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, /* Record sequence number */ + 0x00, 0x23, /* Record Length */ + 0x03, /* HelloVerifyRequest */ + 0x00, 0x00, 0x17, /* Message length */ + 0x00, 0x00, /* Message sequence */ + 0x00, 0x00, 0x00, /* Fragment offset */ + 0x00, 0x00, 0x17, /* Fragment length */ + 0xFE, 0xFF, /* DTLSv1.0 */ + 0x14, /* Cookie len */ + 0x00, 0x01, 0x02, 0x03, 0x04, 005, 0x06, 007, 0x08, 0x09, 0x0A, 0x0B, 0x0C, + 0x0D, 0x0E, 0x0F, 0x10, 0x11, 0x12, 0x13 /* Cookie */ +}; + +static struct { + const unsigned char *in; + unsigned int inlen; + /* + * GOOD == positive return value from DTLSv1_listen, no output yet + * VERIFY == 0 return value, HelloVerifyRequest sent + * DROP == 0 return value, no output + */ + enum {GOOD, VERIFY, DROP} outtype; +} testpackets[9] = { + { + clienthello_nocookie, + sizeof(clienthello_nocookie), + VERIFY + }, + { + clienthello_nocookie_frag, + sizeof(clienthello_nocookie_frag), + VERIFY + }, + { + clienthello_nocookie_short, + sizeof(clienthello_nocookie_short), + DROP + }, + { + clienthello_2ndfrag, + sizeof(clienthello_2ndfrag), + DROP + }, + { + clienthello_cookie, + sizeof(clienthello_cookie), + GOOD + }, + { + clienthello_cookie_frag, + sizeof(clienthello_cookie_frag), + GOOD + }, + { + clienthello_badcookie, + sizeof(clienthello_badcookie), + VERIFY + }, + { + clienthello_cookie_short, + sizeof(clienthello_cookie_short), + DROP + }, + { + record_short, + sizeof(record_short), + DROP + } +}; + +# define COOKIE_LEN 20 + +static int cookie_gen(SSL *ssl, unsigned char *cookie, unsigned int *cookie_len) +{ + unsigned int i; + + for (i = 0; i < COOKIE_LEN; i++, cookie++) { + *cookie = i; + } + *cookie_len = COOKIE_LEN; + + return 1; +} + +static int cookie_verify(SSL *ssl, const unsigned char *cookie, + unsigned int cookie_len) +{ + unsigned int i; + + if (cookie_len != COOKIE_LEN) + return 0; + + for (i = 0; i < COOKIE_LEN; i++, cookie++) { + if (*cookie != i) + return 0; + } + + return 1; +} +#endif + +int main(void) +{ +#ifndef OPENSSL_NO_SOCK + SSL_CTX *ctx = NULL; + SSL *ssl = NULL; + BIO *outbio = NULL; + BIO *inbio = NULL; + BIO_ADDR *peer = BIO_ADDR_new(); + char *data; + long datalen; + int ret, success = 0; + long i; + + ctx = SSL_CTX_new(DTLS_server_method()); + if (ctx == NULL || peer == NULL) + goto err; + + SSL_CTX_set_cookie_generate_cb(ctx, cookie_gen); + SSL_CTX_set_cookie_verify_cb(ctx, cookie_verify); + + /* Create an SSL object for the connection */ + ssl = SSL_new(ctx); + if (ssl == NULL) + goto err; + + outbio = BIO_new(BIO_s_mem()); + if (outbio == NULL) + goto err; + SSL_set0_wbio(ssl, outbio); + + success = 1; + for (i = 0; i < (long)OSSL_NELEM(testpackets) && success; i++) { + inbio = BIO_new_mem_buf((char *)testpackets[i].in, + testpackets[i].inlen); + if (inbio == NULL) { + success = 0; + goto err; + } + /* Set Non-blocking IO behaviour */ + BIO_set_mem_eof_return(inbio, -1); + + SSL_set0_rbio(ssl, inbio); + + /* Process the incoming packet */ + ret = DTLSv1_listen(ssl, peer); + if (ret < 0) { + success = 0; + goto err; + } + + datalen = BIO_get_mem_data(outbio, &data); + + if (testpackets[i].outtype == VERIFY) { + if (ret == 0) { + if (datalen != sizeof(verify) + || (memcmp(data, verify, sizeof(verify)) != 0)) { + printf("Test %ld failure: incorrect HelloVerifyRequest\n", i); + success = 0; + } else { + printf("Test %ld success\n", i); + } + } else { + printf ("Test %ld failure: should not have succeeded\n", i); + success = 0; + } + } else if (datalen == 0) { + if ((ret == 0 && testpackets[i].outtype == DROP) + || (ret == 1 && testpackets[i].outtype == GOOD)) { + printf("Test %ld success\n", i); + } else { + printf("Test %ld failure: wrong return value\n", i); + success = 0; + } + } else { + printf("Test %ld failure: Unexpected data output\n", i); + success = 0; + } + (void)BIO_reset(outbio); + inbio = NULL; + /* Frees up inbio */ + SSL_set0_rbio(ssl, NULL); + } + + err: + if (!success) + ERR_print_errors_fp(stderr); + /* Also frees up outbio */ + SSL_free(ssl); + SSL_CTX_free(ctx); + BIO_free(inbio); + OPENSSL_free(peer); +# ifndef OPENSSL_NO_CRYPTO_MDEBUG + CRYPTO_mem_leaks_fp(stderr); +# endif + return success ? 0 : 1; +#else + printf("DTLSv1_listen() is not supported by this build - skipping\n"); + return 0; +#endif +} diff --git a/openssl-1.1.0h/test/ecdsatest.c b/openssl-1.1.0h/test/ecdsatest.c new file mode 100644 index 0000000..ce73778 --- /dev/null +++ b/openssl-1.1.0h/test/ecdsatest.c @@ -0,0 +1,519 @@ +/* + * Copyright 2002-2016 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +/* ==================================================================== + * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED. + * + * Portions of the attached software ("Contribution") are developed by + * SUN MICROSYSTEMS, INC., and are contributed to the OpenSSL project. + * + * The Contribution is licensed pursuant to the OpenSSL open source + * license provided above. + * + * The elliptic curve binary polynomial software is originally written by + * Sheueling Chang Shantz and Douglas Stebila of Sun Microsystems Laboratories. + * + */ + +#include +#include +#include + +#include /* To see if OPENSSL_NO_EC is defined */ + +#ifdef OPENSSL_NO_EC +int main(int argc, char *argv[]) +{ + puts("Elliptic curves are disabled."); + return 0; +} +#else + +# include +# include +# include +# include +# include +# ifndef OPENSSL_NO_ENGINE +# include +# endif +# include +# include + +static const char rnd_seed[] = "string to make the random number generator " + "think it has entropy"; + +/* declaration of the test functions */ +int x9_62_tests(BIO *); +int x9_62_test_internal(BIO *out, int nid, const char *r, const char *s); +int test_builtin(BIO *); + +/* functions to change the RAND_METHOD */ +int change_rand(void); +int restore_rand(void); +int fbytes(unsigned char *buf, int num); + +static RAND_METHOD fake_rand; +static const RAND_METHOD *old_rand; + +int change_rand(void) +{ + /* save old rand method */ + if ((old_rand = RAND_get_rand_method()) == NULL) + return 0; + + fake_rand.seed = old_rand->seed; + fake_rand.cleanup = old_rand->cleanup; + fake_rand.add = old_rand->add; + fake_rand.status = old_rand->status; + /* use own random function */ + fake_rand.bytes = fbytes; + fake_rand.pseudorand = old_rand->bytes; + /* set new RAND_METHOD */ + if (!RAND_set_rand_method(&fake_rand)) + return 0; + return 1; +} + +int restore_rand(void) +{ + if (!RAND_set_rand_method(old_rand)) + return 0; + else + return 1; +} + +static int fbytes_counter = 0, use_fake = 0; +static const char *numbers[8] = { + "651056770906015076056810763456358567190100156695615665659", + "6140507067065001063065065565667405560006161556565665656654", + "8763001015071075675010661307616710783570106710677817767166" + "71676178726717", + "7000000175690566466555057817571571075705015757757057795755" + "55657156756655", + "1275552191113212300012030439187146164646146646466749494799", + "1542725565216523985789236956265265265235675811949404040041", + "1456427555219115346513212300075341203043918714616464614664" + "64667494947990", + "1712787255652165239672857892369562652652652356758119494040" + "40041670216363" +}; + +int fbytes(unsigned char *buf, int num) +{ + int ret; + BIGNUM *tmp = NULL; + + if (use_fake == 0) + return old_rand->bytes(buf, num); + + use_fake = 0; + + if (fbytes_counter >= 8) + return 0; + tmp = BN_new(); + if (!tmp) + return 0; + if (!BN_dec2bn(&tmp, numbers[fbytes_counter])) { + BN_free(tmp); + return 0; + } + fbytes_counter++; + if (num != BN_num_bytes(tmp) || !BN_bn2bin(tmp, buf)) + ret = 0; + else + ret = 1; + BN_free(tmp); + return ret; +} + +/* some tests from the X9.62 draft */ +int x9_62_test_internal(BIO *out, int nid, const char *r_in, const char *s_in) +{ + int ret = 0; + const char message[] = "abc"; + unsigned char digest[20]; + unsigned int dgst_len = 0; + EVP_MD_CTX *md_ctx = EVP_MD_CTX_new(); + EC_KEY *key = NULL; + ECDSA_SIG *signature = NULL; + BIGNUM *r = NULL, *s = NULL; + BIGNUM *kinv = NULL, *rp = NULL; + const BIGNUM *sig_r, *sig_s; + + if (md_ctx == NULL) + goto x962_int_err; + + /* get the message digest */ + if (!EVP_DigestInit(md_ctx, EVP_sha1()) + || !EVP_DigestUpdate(md_ctx, (const void *)message, 3) + || !EVP_DigestFinal(md_ctx, digest, &dgst_len)) + goto x962_int_err; + + BIO_printf(out, "testing %s: ", OBJ_nid2sn(nid)); + /* create the key */ + if ((key = EC_KEY_new_by_curve_name(nid)) == NULL) + goto x962_int_err; + use_fake = 1; + if (!EC_KEY_generate_key(key)) + goto x962_int_err; + BIO_printf(out, "."); + (void)BIO_flush(out); + /* create the signature */ + use_fake = 1; + /* Use ECDSA_sign_setup to avoid use of ECDSA nonces */ + if (!ECDSA_sign_setup(key, NULL, &kinv, &rp)) + goto x962_int_err; + signature = ECDSA_do_sign_ex(digest, 20, kinv, rp, key); + if (signature == NULL) + goto x962_int_err; + BIO_printf(out, "."); + (void)BIO_flush(out); + /* compare the created signature with the expected signature */ + if ((r = BN_new()) == NULL || (s = BN_new()) == NULL) + goto x962_int_err; + if (!BN_dec2bn(&r, r_in) || !BN_dec2bn(&s, s_in)) + goto x962_int_err; + ECDSA_SIG_get0(signature, &sig_r, &sig_s); + if (BN_cmp(sig_r, r) || BN_cmp(sig_s, s)) + goto x962_int_err; + BIO_printf(out, "."); + (void)BIO_flush(out); + /* verify the signature */ + if (ECDSA_do_verify(digest, 20, signature, key) != 1) + goto x962_int_err; + BIO_printf(out, "."); + (void)BIO_flush(out); + + BIO_printf(out, " ok\n"); + ret = 1; + x962_int_err: + if (!ret) + BIO_printf(out, " failed\n"); + EC_KEY_free(key); + ECDSA_SIG_free(signature); + BN_free(r); + BN_free(s); + EVP_MD_CTX_free(md_ctx); + BN_clear_free(kinv); + BN_clear_free(rp); + return ret; +} + +int x9_62_tests(BIO *out) +{ + int ret = 0; + + BIO_printf(out, "some tests from X9.62:\n"); + + /* set own rand method */ + if (!change_rand()) + goto x962_err; + + if (!x9_62_test_internal(out, NID_X9_62_prime192v1, + "3342403536405981729393488334694600415596881826869351677613", + "5735822328888155254683894997897571951568553642892029982342")) + goto x962_err; + if (!x9_62_test_internal(out, NID_X9_62_prime239v1, + "3086361431751678114926225473006680188549593787585317781474" + "62058306432176", + "3238135532097973577080787768312505059318910517550078427819" + "78505179448783")) + goto x962_err; +# ifndef OPENSSL_NO_EC2M + if (!x9_62_test_internal(out, NID_X9_62_c2tnb191v1, + "87194383164871543355722284926904419997237591535066528048", + "308992691965804947361541664549085895292153777025772063598")) + goto x962_err; + if (!x9_62_test_internal(out, NID_X9_62_c2tnb239v1, + "2159633321041961198501834003903461262881815148684178964245" + "5876922391552", + "1970303740007316867383349976549972270528498040721988191026" + "49413465737174")) + goto x962_err; +# endif + ret = 1; + x962_err: + if (!restore_rand()) + ret = 0; + return ret; +} + +int test_builtin(BIO *out) +{ + EC_builtin_curve *curves = NULL; + size_t crv_len = 0, n = 0; + EC_KEY *eckey = NULL, *wrong_eckey = NULL; + EC_GROUP *group; + ECDSA_SIG *ecdsa_sig = NULL, *modified_sig = NULL; + unsigned char digest[20], wrong_digest[20]; + unsigned char *signature = NULL; + const unsigned char *sig_ptr; + unsigned char *sig_ptr2; + unsigned char *raw_buf = NULL; + const BIGNUM *sig_r, *sig_s; + BIGNUM *modified_r = NULL, *modified_s = NULL; + BIGNUM *unmodified_r = NULL, *unmodified_s = NULL; + unsigned int sig_len, degree, r_len, s_len, bn_len, buf_len; + int nid, ret = 0; + + /* fill digest values with some random data */ + if (RAND_bytes(digest, 20) <= 0 || RAND_bytes(wrong_digest, 20) <= 0) { + BIO_printf(out, "ERROR: unable to get random data\n"); + goto builtin_err; + } + + /* + * create and verify a ecdsa signature with every available curve (with ) + */ + BIO_printf(out, "\ntesting ECDSA_sign() and ECDSA_verify() " + "with some internal curves:\n"); + + /* get a list of all internal curves */ + crv_len = EC_get_builtin_curves(NULL, 0); + curves = OPENSSL_malloc(sizeof(*curves) * crv_len); + if (curves == NULL) { + BIO_printf(out, "malloc error\n"); + goto builtin_err; + } + + if (!EC_get_builtin_curves(curves, crv_len)) { + BIO_printf(out, "unable to get internal curves\n"); + goto builtin_err; + } + + /* now create and verify a signature for every curve */ + for (n = 0; n < crv_len; n++) { + unsigned char dirt, offset; + + nid = curves[n].nid; + if (nid == NID_ipsec4 || nid == NID_X25519) + continue; + /* create new ecdsa key (== EC_KEY) */ + if ((eckey = EC_KEY_new()) == NULL) + goto builtin_err; + group = EC_GROUP_new_by_curve_name(nid); + if (group == NULL) + goto builtin_err; + if (EC_KEY_set_group(eckey, group) == 0) + goto builtin_err; + EC_GROUP_free(group); + degree = EC_GROUP_get_degree(EC_KEY_get0_group(eckey)); + if (degree < 160) { + /* drop the curve */ + EC_KEY_free(eckey); + eckey = NULL; + continue; + } + BIO_printf(out, "%s: ", OBJ_nid2sn(nid)); + /* create key */ + if (!EC_KEY_generate_key(eckey)) { + BIO_printf(out, " failed\n"); + goto builtin_err; + } + /* create second key */ + if ((wrong_eckey = EC_KEY_new()) == NULL) + goto builtin_err; + group = EC_GROUP_new_by_curve_name(nid); + if (group == NULL) + goto builtin_err; + if (EC_KEY_set_group(wrong_eckey, group) == 0) + goto builtin_err; + EC_GROUP_free(group); + if (!EC_KEY_generate_key(wrong_eckey)) { + BIO_printf(out, " failed\n"); + goto builtin_err; + } + + BIO_printf(out, "."); + (void)BIO_flush(out); + /* check key */ + if (!EC_KEY_check_key(eckey)) { + BIO_printf(out, " failed\n"); + goto builtin_err; + } + BIO_printf(out, "."); + (void)BIO_flush(out); + /* create signature */ + sig_len = ECDSA_size(eckey); + if ((signature = OPENSSL_malloc(sig_len)) == NULL) + goto builtin_err; + if (!ECDSA_sign(0, digest, 20, signature, &sig_len, eckey)) { + BIO_printf(out, " failed\n"); + goto builtin_err; + } + BIO_printf(out, "."); + (void)BIO_flush(out); + /* verify signature */ + if (ECDSA_verify(0, digest, 20, signature, sig_len, eckey) != 1) { + BIO_printf(out, " failed\n"); + goto builtin_err; + } + BIO_printf(out, "."); + (void)BIO_flush(out); + /* verify signature with the wrong key */ + if (ECDSA_verify(0, digest, 20, signature, sig_len, wrong_eckey) == 1) { + BIO_printf(out, " failed\n"); + goto builtin_err; + } + BIO_printf(out, "."); + (void)BIO_flush(out); + /* wrong digest */ + if (ECDSA_verify(0, wrong_digest, 20, signature, sig_len, eckey) == 1) { + BIO_printf(out, " failed\n"); + goto builtin_err; + } + BIO_printf(out, "."); + (void)BIO_flush(out); + /* wrong length */ + if (ECDSA_verify(0, digest, 20, signature, sig_len - 1, eckey) == 1) { + BIO_printf(out, " failed\n"); + goto builtin_err; + } + BIO_printf(out, "."); + (void)BIO_flush(out); + + /* + * Modify a single byte of the signature: to ensure we don't garble + * the ASN1 structure, we read the raw signature and modify a byte in + * one of the bignums directly. + */ + sig_ptr = signature; + if ((ecdsa_sig = d2i_ECDSA_SIG(NULL, &sig_ptr, sig_len)) == NULL) { + BIO_printf(out, " failed\n"); + goto builtin_err; + } + + ECDSA_SIG_get0(ecdsa_sig, &sig_r, &sig_s); + + /* Store the two BIGNUMs in raw_buf. */ + r_len = BN_num_bytes(sig_r); + s_len = BN_num_bytes(sig_s); + bn_len = (degree + 7) / 8; + if ((r_len > bn_len) || (s_len > bn_len)) { + BIO_printf(out, " failed\n"); + goto builtin_err; + } + buf_len = 2 * bn_len; + if ((raw_buf = OPENSSL_zalloc(buf_len)) == NULL) + goto builtin_err; + BN_bn2bin(sig_r, raw_buf + bn_len - r_len); + BN_bn2bin(sig_s, raw_buf + buf_len - s_len); + + /* Modify a single byte in the buffer. */ + offset = raw_buf[10] % buf_len; + dirt = raw_buf[11] ? raw_buf[11] : 1; + raw_buf[offset] ^= dirt; + /* Now read the BIGNUMs back in from raw_buf. */ + modified_sig = ECDSA_SIG_new(); + if (modified_sig == NULL) + goto builtin_err; + if (((modified_r = BN_bin2bn(raw_buf, bn_len, NULL)) == NULL) + || ((modified_s = BN_bin2bn(raw_buf + bn_len, bn_len, NULL)) == NULL) + || !ECDSA_SIG_set0(modified_sig, modified_r, modified_s)) { + BN_free(modified_r); + BN_free(modified_s); + goto builtin_err; + } + sig_ptr2 = signature; + sig_len = i2d_ECDSA_SIG(modified_sig, &sig_ptr2); + if (ECDSA_verify(0, digest, 20, signature, sig_len, eckey) == 1) { + BIO_printf(out, " failed\n"); + goto builtin_err; + } + /* + * Sanity check: undo the modification and verify signature. + */ + raw_buf[offset] ^= dirt; + if (((unmodified_r = BN_bin2bn(raw_buf, bn_len, NULL)) == NULL) + || ((unmodified_s = BN_bin2bn(raw_buf + bn_len, bn_len, NULL)) == NULL) + || !ECDSA_SIG_set0(modified_sig, unmodified_r, unmodified_s)) { + BN_free(unmodified_r); + BN_free(unmodified_s); + goto builtin_err; + } + + sig_ptr2 = signature; + sig_len = i2d_ECDSA_SIG(modified_sig, &sig_ptr2); + if (ECDSA_verify(0, digest, 20, signature, sig_len, eckey) != 1) { + BIO_printf(out, " failed\n"); + goto builtin_err; + } + BIO_printf(out, "."); + (void)BIO_flush(out); + + BIO_printf(out, " ok\n"); + /* cleanup */ + /* clean bogus errors */ + ERR_clear_error(); + OPENSSL_free(signature); + signature = NULL; + EC_KEY_free(eckey); + eckey = NULL; + EC_KEY_free(wrong_eckey); + wrong_eckey = NULL; + ECDSA_SIG_free(ecdsa_sig); + ecdsa_sig = NULL; + ECDSA_SIG_free(modified_sig); + modified_sig = NULL; + OPENSSL_free(raw_buf); + raw_buf = NULL; + } + + ret = 1; + builtin_err: + EC_KEY_free(eckey); + EC_KEY_free(wrong_eckey); + ECDSA_SIG_free(ecdsa_sig); + ECDSA_SIG_free(modified_sig); + OPENSSL_free(signature); + OPENSSL_free(raw_buf); + OPENSSL_free(curves); + + return ret; +} + +int main(void) +{ + int ret = 1; + BIO *out; + char *p; + + out = BIO_new_fp(stdout, BIO_NOCLOSE | BIO_FP_TEXT); + + p = getenv("OPENSSL_DEBUG_MEMORY"); + if (p != NULL && strcmp(p, "on") == 0) + CRYPTO_set_mem_debug(1); + + /* initialize the prng */ + RAND_seed(rnd_seed, sizeof(rnd_seed)); + + /* the tests */ + if (!x9_62_tests(out)) + goto err; + if (!test_builtin(out)) + goto err; + + ret = 0; + err: + if (ret) + BIO_printf(out, "\nECDSA test failed\n"); + else + BIO_printf(out, "\nECDSA test passed\n"); + if (ret) + ERR_print_errors(out); + +#ifndef OPENSSL_NO_CRYPTO_MDEBUG + if (CRYPTO_mem_leaks(out) <= 0) + ret = 1; +#endif + BIO_free(out); + return ret; +} +#endif diff --git a/openssl-1.1.0h/test/ectest.c b/openssl-1.1.0h/test/ectest.c new file mode 100644 index 0000000..d7b1432 --- /dev/null +++ b/openssl-1.1.0h/test/ectest.c @@ -0,0 +1,1776 @@ +/* + * Copyright 2001-2016 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +/* ==================================================================== + * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED. + * + * Portions of the attached software ("Contribution") are developed by + * SUN MICROSYSTEMS, INC., and are contributed to the OpenSSL project. + * + * The Contribution is licensed pursuant to the OpenSSL open source + * license provided above. + * + * The elliptic curve binary polynomial software is originally written by + * Sheueling Chang Shantz and Douglas Stebila of Sun Microsystems Laboratories. + * + */ + +#include +#include +#ifdef FLAT_INC +# include "e_os.h" +#else +# include "../e_os.h" +#endif +#include +#include + +#ifdef OPENSSL_NO_EC +int main(int argc, char *argv[]) +{ + puts("Elliptic curves are disabled."); + return 0; +} +#else + +# include +# ifndef OPENSSL_NO_ENGINE +# include +# endif +# include +# include +# include +# include +# include +# include + +# if defined(_MSC_VER) && defined(_MIPS_) && (_MSC_VER/100==12) +/* suppress "too big too optimize" warning */ +# pragma warning(disable:4959) +# endif + +# define ABORT do { \ + fflush(stdout); \ + fprintf(stderr, "%s:%d: ABORT\n", __FILE__, __LINE__); \ + ERR_print_errors_fp(stderr); \ + EXIT(1); \ +} while (0) + +# define TIMING_BASE_PT 0 +# define TIMING_RAND_PT 1 +# define TIMING_SIMUL 2 + +/* test multiplication with group order, long and negative scalars */ +static void group_order_tests(EC_GROUP *group) +{ + BIGNUM *n1, *n2, *order; + EC_POINT *P = EC_POINT_new(group); + EC_POINT *Q = EC_POINT_new(group); + EC_POINT *R = EC_POINT_new(group); + EC_POINT *S = EC_POINT_new(group); + BN_CTX *ctx = BN_CTX_new(); + int i; + + n1 = BN_new(); + n2 = BN_new(); + order = BN_new(); + fprintf(stdout, "verify group order ..."); + fflush(stdout); + if (!EC_GROUP_get_order(group, order, ctx)) + ABORT; + if (!EC_POINT_mul(group, Q, order, NULL, NULL, ctx)) + ABORT; + if (!EC_POINT_is_at_infinity(group, Q)) + ABORT; + fprintf(stdout, "."); + fflush(stdout); + if (!EC_GROUP_precompute_mult(group, ctx)) + ABORT; + if (!EC_POINT_mul(group, Q, order, NULL, NULL, ctx)) + ABORT; + if (!EC_POINT_is_at_infinity(group, Q)) + ABORT; + fprintf(stdout, " ok\n"); + fprintf(stdout, "long/negative scalar tests "); + for (i = 1; i <= 2; i++) { + const BIGNUM *scalars[6]; + const EC_POINT *points[6]; + + fprintf(stdout, i == 1 ? + "allowing precomputation ... " : + "without precomputation ... "); + if (!BN_set_word(n1, i)) + ABORT; + /* + * If i == 1, P will be the predefined generator for which + * EC_GROUP_precompute_mult has set up precomputation. + */ + if (!EC_POINT_mul(group, P, n1, NULL, NULL, ctx)) + ABORT; + + if (!BN_one(n1)) + ABORT; + /* n1 = 1 - order */ + if (!BN_sub(n1, n1, order)) + ABORT; + if (!EC_POINT_mul(group, Q, NULL, P, n1, ctx)) + ABORT; + if (0 != EC_POINT_cmp(group, Q, P, ctx)) + ABORT; + + /* n2 = 1 + order */ + if (!BN_add(n2, order, BN_value_one())) + ABORT; + if (!EC_POINT_mul(group, Q, NULL, P, n2, ctx)) + ABORT; + if (0 != EC_POINT_cmp(group, Q, P, ctx)) + ABORT; + + /* n2 = (1 - order) * (1 + order) = 1 - order^2 */ + if (!BN_mul(n2, n1, n2, ctx)) + ABORT; + if (!EC_POINT_mul(group, Q, NULL, P, n2, ctx)) + ABORT; + if (0 != EC_POINT_cmp(group, Q, P, ctx)) + ABORT; + + /* n2 = order^2 - 1 */ + BN_set_negative(n2, 0); + if (!EC_POINT_mul(group, Q, NULL, P, n2, ctx)) + ABORT; + /* Add P to verify the result. */ + if (!EC_POINT_add(group, Q, Q, P, ctx)) + ABORT; + if (!EC_POINT_is_at_infinity(group, Q)) + ABORT; + + /* Exercise EC_POINTs_mul, including corner cases. */ + if (EC_POINT_is_at_infinity(group, P)) + ABORT; + + scalars[0] = scalars[1] = BN_value_one(); + points[0] = points[1] = P; + + if (!EC_POINTs_mul(group, R, NULL, 2, points, scalars, ctx)) + ABORT; + if (!EC_POINT_dbl(group, S, points[0], ctx)) + ABORT; + if (0 != EC_POINT_cmp(group, R, S, ctx)) + ABORT; + + scalars[0] = n1; + points[0] = Q; /* => infinity */ + scalars[1] = n2; + points[1] = P; /* => -P */ + scalars[2] = n1; + points[2] = Q; /* => infinity */ + scalars[3] = n2; + points[3] = Q; /* => infinity */ + scalars[4] = n1; + points[4] = P; /* => P */ + scalars[5] = n2; + points[5] = Q; /* => infinity */ + if (!EC_POINTs_mul(group, P, NULL, 6, points, scalars, ctx)) + ABORT; + if (!EC_POINT_is_at_infinity(group, P)) + ABORT; + } + fprintf(stdout, "ok\n"); + + EC_POINT_free(P); + EC_POINT_free(Q); + EC_POINT_free(R); + EC_POINT_free(S); + BN_free(n1); + BN_free(n2); + BN_free(order); + BN_CTX_free(ctx); +} + +static void prime_field_tests(void) +{ + BN_CTX *ctx = NULL; + BIGNUM *p, *a, *b; + EC_GROUP *group; + EC_GROUP *P_160 = NULL, *P_192 = NULL, *P_224 = NULL, *P_256 = + NULL, *P_384 = NULL, *P_521 = NULL; + EC_POINT *P, *Q, *R; + BIGNUM *x, *y, *z, *yplusone; + unsigned char buf[100]; + size_t i, len; + int k; + + ctx = BN_CTX_new(); + if (!ctx) + ABORT; + + p = BN_new(); + a = BN_new(); + b = BN_new(); + if (!p || !a || !b) + ABORT; + + if (!BN_hex2bn(&p, "17")) + ABORT; + if (!BN_hex2bn(&a, "1")) + ABORT; + if (!BN_hex2bn(&b, "1")) + ABORT; + + group = EC_GROUP_new(EC_GFp_mont_method()); /* applications should use + * EC_GROUP_new_curve_GFp so + * that the library gets to + * choose the EC_METHOD */ + if (!group) + ABORT; + + if (!EC_GROUP_set_curve_GFp(group, p, a, b, ctx)) + ABORT; + + { + EC_GROUP *tmp; + tmp = EC_GROUP_new(EC_GROUP_method_of(group)); + if (!tmp) + ABORT; + if (!EC_GROUP_copy(tmp, group)) + ABORT; + EC_GROUP_free(group); + group = tmp; + } + + if (!EC_GROUP_get_curve_GFp(group, p, a, b, ctx)) + ABORT; + + fprintf(stdout, + "Curve defined by Weierstrass equation\n y^2 = x^3 + a*x + b (mod 0x"); + BN_print_fp(stdout, p); + fprintf(stdout, ")\n a = 0x"); + BN_print_fp(stdout, a); + fprintf(stdout, "\n b = 0x"); + BN_print_fp(stdout, b); + fprintf(stdout, "\n"); + + P = EC_POINT_new(group); + Q = EC_POINT_new(group); + R = EC_POINT_new(group); + if (!P || !Q || !R) + ABORT; + + if (!EC_POINT_set_to_infinity(group, P)) + ABORT; + if (!EC_POINT_is_at_infinity(group, P)) + ABORT; + + buf[0] = 0; + if (!EC_POINT_oct2point(group, Q, buf, 1, ctx)) + ABORT; + + if (!EC_POINT_add(group, P, P, Q, ctx)) + ABORT; + if (!EC_POINT_is_at_infinity(group, P)) + ABORT; + + x = BN_new(); + y = BN_new(); + z = BN_new(); + yplusone = BN_new(); + if (x == NULL || y == NULL || z == NULL || yplusone == NULL) + ABORT; + + if (!BN_hex2bn(&x, "D")) + ABORT; + if (!EC_POINT_set_compressed_coordinates_GFp(group, Q, x, 1, ctx)) + ABORT; + if (EC_POINT_is_on_curve(group, Q, ctx) <= 0) { + if (!EC_POINT_get_affine_coordinates_GFp(group, Q, x, y, ctx)) + ABORT; + fprintf(stderr, "Point is not on curve: x = 0x"); + BN_print_fp(stderr, x); + fprintf(stderr, ", y = 0x"); + BN_print_fp(stderr, y); + fprintf(stderr, "\n"); + ABORT; + } + + fprintf(stdout, "A cyclic subgroup:\n"); + k = 100; + do { + if (k-- == 0) + ABORT; + + if (EC_POINT_is_at_infinity(group, P)) + fprintf(stdout, " point at infinity\n"); + else { + if (!EC_POINT_get_affine_coordinates_GFp(group, P, x, y, ctx)) + ABORT; + + fprintf(stdout, " x = 0x"); + BN_print_fp(stdout, x); + fprintf(stdout, ", y = 0x"); + BN_print_fp(stdout, y); + fprintf(stdout, "\n"); + } + + if (!EC_POINT_copy(R, P)) + ABORT; + if (!EC_POINT_add(group, P, P, Q, ctx)) + ABORT; + + } + while (!EC_POINT_is_at_infinity(group, P)); + + if (!EC_POINT_add(group, P, Q, R, ctx)) + ABORT; + if (!EC_POINT_is_at_infinity(group, P)) + ABORT; + + len = + EC_POINT_point2oct(group, Q, POINT_CONVERSION_COMPRESSED, buf, + sizeof(buf), ctx); + if (len == 0) + ABORT; + if (!EC_POINT_oct2point(group, P, buf, len, ctx)) + ABORT; + if (0 != EC_POINT_cmp(group, P, Q, ctx)) + ABORT; + fprintf(stdout, "Generator as octet string, compressed form:\n "); + for (i = 0; i < len; i++) + fprintf(stdout, "%02X", buf[i]); + + len = + EC_POINT_point2oct(group, Q, POINT_CONVERSION_UNCOMPRESSED, buf, + sizeof(buf), ctx); + if (len == 0) + ABORT; + if (!EC_POINT_oct2point(group, P, buf, len, ctx)) + ABORT; + if (0 != EC_POINT_cmp(group, P, Q, ctx)) + ABORT; + fprintf(stdout, "\nGenerator as octet string, uncompressed form:\n "); + for (i = 0; i < len; i++) + fprintf(stdout, "%02X", buf[i]); + + len = + EC_POINT_point2oct(group, Q, POINT_CONVERSION_HYBRID, buf, sizeof(buf), + ctx); + if (len == 0) + ABORT; + if (!EC_POINT_oct2point(group, P, buf, len, ctx)) + ABORT; + if (0 != EC_POINT_cmp(group, P, Q, ctx)) + ABORT; + fprintf(stdout, "\nGenerator as octet string, hybrid form:\n "); + for (i = 0; i < len; i++) + fprintf(stdout, "%02X", buf[i]); + + if (!EC_POINT_get_Jprojective_coordinates_GFp(group, R, x, y, z, ctx)) + ABORT; + fprintf(stdout, + "\nA representation of the inverse of that generator in\nJacobian projective coordinates:\n X = 0x"); + BN_print_fp(stdout, x); + fprintf(stdout, ", Y = 0x"); + BN_print_fp(stdout, y); + fprintf(stdout, ", Z = 0x"); + BN_print_fp(stdout, z); + fprintf(stdout, "\n"); + + if (!EC_POINT_invert(group, P, ctx)) + ABORT; + if (0 != EC_POINT_cmp(group, P, R, ctx)) + ABORT; + + /* + * Curve secp160r1 (Certicom Research SEC 2 Version 1.0, section 2.4.2, + * 2000) -- not a NIST curve, but commonly used + */ + + if (!BN_hex2bn(&p, "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF7FFFFFFF")) + ABORT; + if (1 != BN_is_prime_ex(p, BN_prime_checks, ctx, NULL)) + ABORT; + if (!BN_hex2bn(&a, "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF7FFFFFFC")) + ABORT; + if (!BN_hex2bn(&b, "1C97BEFC54BD7A8B65ACF89F81D4D4ADC565FA45")) + ABORT; + if (!EC_GROUP_set_curve_GFp(group, p, a, b, ctx)) + ABORT; + + if (!BN_hex2bn(&x, "4A96B5688EF573284664698968C38BB913CBFC82")) + ABORT; + if (!BN_hex2bn(&y, "23a628553168947d59dcc912042351377ac5fb32")) + ABORT; + if (!BN_add(yplusone, y, BN_value_one())) + ABORT; + /* + * When (x, y) is on the curve, (x, y + 1) is, as it happens, not, + * and therefore setting the coordinates should fail. + */ + if (EC_POINT_set_affine_coordinates_GFp(group, P, x, yplusone, ctx)) + ABORT; + if (!EC_POINT_set_affine_coordinates_GFp(group, P, x, y, ctx)) + ABORT; + if (EC_POINT_is_on_curve(group, P, ctx) <= 0) + ABORT; + if (!BN_hex2bn(&z, "0100000000000000000001F4C8F927AED3CA752257")) + ABORT; + if (!EC_GROUP_set_generator(group, P, z, BN_value_one())) + ABORT; + + if (!EC_POINT_get_affine_coordinates_GFp(group, P, x, y, ctx)) + ABORT; + fprintf(stdout, "\nSEC2 curve secp160r1 -- Generator:\n x = 0x"); + BN_print_fp(stdout, x); + fprintf(stdout, "\n y = 0x"); + BN_print_fp(stdout, y); + fprintf(stdout, "\n"); + /* G_y value taken from the standard: */ + if (!BN_hex2bn(&z, "23a628553168947d59dcc912042351377ac5fb32")) + ABORT; + if (0 != BN_cmp(y, z)) + ABORT; + + fprintf(stdout, "verify degree ..."); + if (EC_GROUP_get_degree(group) != 160) + ABORT; + fprintf(stdout, " ok\n"); + + group_order_tests(group); + + if ((P_160 = EC_GROUP_new(EC_GROUP_method_of(group))) == NULL) + ABORT; + if (!EC_GROUP_copy(P_160, group)) + ABORT; + + /* Curve P-192 (FIPS PUB 186-2, App. 6) */ + + if (!BN_hex2bn(&p, "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFFFFFFFFFF")) + ABORT; + if (1 != BN_is_prime_ex(p, BN_prime_checks, ctx, NULL)) + ABORT; + if (!BN_hex2bn(&a, "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFFFFFFFFFC")) + ABORT; + if (!BN_hex2bn(&b, "64210519E59C80E70FA7E9AB72243049FEB8DEECC146B9B1")) + ABORT; + if (!EC_GROUP_set_curve_GFp(group, p, a, b, ctx)) + ABORT; + + if (!BN_hex2bn(&x, "188DA80EB03090F67CBF20EB43A18800F4FF0AFD82FF1012")) + ABORT; + if (!EC_POINT_set_compressed_coordinates_GFp(group, P, x, 1, ctx)) + ABORT; + if (EC_POINT_is_on_curve(group, P, ctx) <= 0) + ABORT; + if (!BN_hex2bn(&z, "FFFFFFFFFFFFFFFFFFFFFFFF99DEF836146BC9B1B4D22831")) + ABORT; + if (!EC_GROUP_set_generator(group, P, z, BN_value_one())) + ABORT; + + if (!EC_POINT_get_affine_coordinates_GFp(group, P, x, y, ctx)) + ABORT; + fprintf(stdout, "\nNIST curve P-192 -- Generator:\n x = 0x"); + BN_print_fp(stdout, x); + fprintf(stdout, "\n y = 0x"); + BN_print_fp(stdout, y); + fprintf(stdout, "\n"); + /* G_y value taken from the standard: */ + if (!BN_hex2bn(&z, "07192B95FFC8DA78631011ED6B24CDD573F977A11E794811")) + ABORT; + if (0 != BN_cmp(y, z)) + ABORT; + + if (!BN_add(yplusone, y, BN_value_one())) + ABORT; + /* + * When (x, y) is on the curve, (x, y + 1) is, as it happens, not, + * and therefore setting the coordinates should fail. + */ + if (EC_POINT_set_affine_coordinates_GFp(group, P, x, yplusone, ctx)) + ABORT; + + fprintf(stdout, "verify degree ..."); + if (EC_GROUP_get_degree(group) != 192) + ABORT; + fprintf(stdout, " ok\n"); + + group_order_tests(group); + + if ((P_192 = EC_GROUP_new(EC_GROUP_method_of(group))) == NULL) + ABORT; + if (!EC_GROUP_copy(P_192, group)) + ABORT; + + /* Curve P-224 (FIPS PUB 186-2, App. 6) */ + + if (!BN_hex2bn + (&p, "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF000000000000000000000001")) + ABORT; + if (1 != BN_is_prime_ex(p, BN_prime_checks, ctx, NULL)) + ABORT; + if (!BN_hex2bn + (&a, "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFFFFFFFFFFFFFFFFFE")) + ABORT; + if (!BN_hex2bn + (&b, "B4050A850C04B3ABF54132565044B0B7D7BFD8BA270B39432355FFB4")) + ABORT; + if (!EC_GROUP_set_curve_GFp(group, p, a, b, ctx)) + ABORT; + + if (!BN_hex2bn + (&x, "B70E0CBD6BB4BF7F321390B94A03C1D356C21122343280D6115C1D21")) + ABORT; + if (!EC_POINT_set_compressed_coordinates_GFp(group, P, x, 0, ctx)) + ABORT; + if (EC_POINT_is_on_curve(group, P, ctx) <= 0) + ABORT; + if (!BN_hex2bn + (&z, "FFFFFFFFFFFFFFFFFFFFFFFFFFFF16A2E0B8F03E13DD29455C5C2A3D")) + ABORT; + if (!EC_GROUP_set_generator(group, P, z, BN_value_one())) + ABORT; + + if (!EC_POINT_get_affine_coordinates_GFp(group, P, x, y, ctx)) + ABORT; + fprintf(stdout, "\nNIST curve P-224 -- Generator:\n x = 0x"); + BN_print_fp(stdout, x); + fprintf(stdout, "\n y = 0x"); + BN_print_fp(stdout, y); + fprintf(stdout, "\n"); + /* G_y value taken from the standard: */ + if (!BN_hex2bn + (&z, "BD376388B5F723FB4C22DFE6CD4375A05A07476444D5819985007E34")) + ABORT; + if (0 != BN_cmp(y, z)) + ABORT; + + if (!BN_add(yplusone, y, BN_value_one())) + ABORT; + /* + * When (x, y) is on the curve, (x, y + 1) is, as it happens, not, + * and therefore setting the coordinates should fail. + */ + if (EC_POINT_set_affine_coordinates_GFp(group, P, x, yplusone, ctx)) + ABORT; + + fprintf(stdout, "verify degree ..."); + if (EC_GROUP_get_degree(group) != 224) + ABORT; + fprintf(stdout, " ok\n"); + + group_order_tests(group); + + if ((P_224 = EC_GROUP_new(EC_GROUP_method_of(group))) == NULL) + ABORT; + if (!EC_GROUP_copy(P_224, group)) + ABORT; + + /* Curve P-256 (FIPS PUB 186-2, App. 6) */ + + if (!BN_hex2bn + (&p, + "FFFFFFFF00000001000000000000000000000000FFFFFFFFFFFFFFFFFFFFFFFF")) + ABORT; + if (1 != BN_is_prime_ex(p, BN_prime_checks, ctx, NULL)) + ABORT; + if (!BN_hex2bn + (&a, + "FFFFFFFF00000001000000000000000000000000FFFFFFFFFFFFFFFFFFFFFFFC")) + ABORT; + if (!BN_hex2bn + (&b, + "5AC635D8AA3A93E7B3EBBD55769886BC651D06B0CC53B0F63BCE3C3E27D2604B")) + ABORT; + if (!EC_GROUP_set_curve_GFp(group, p, a, b, ctx)) + ABORT; + + if (!BN_hex2bn + (&x, + "6B17D1F2E12C4247F8BCE6E563A440F277037D812DEB33A0F4A13945D898C296")) + ABORT; + if (!EC_POINT_set_compressed_coordinates_GFp(group, P, x, 1, ctx)) + ABORT; + if (EC_POINT_is_on_curve(group, P, ctx) <= 0) + ABORT; + if (!BN_hex2bn(&z, "FFFFFFFF00000000FFFFFFFFFFFFFFFFBCE6FAADA7179E" + "84F3B9CAC2FC632551")) + ABORT; + if (!EC_GROUP_set_generator(group, P, z, BN_value_one())) + ABORT; + + if (!EC_POINT_get_affine_coordinates_GFp(group, P, x, y, ctx)) + ABORT; + fprintf(stdout, "\nNIST curve P-256 -- Generator:\n x = 0x"); + BN_print_fp(stdout, x); + fprintf(stdout, "\n y = 0x"); + BN_print_fp(stdout, y); + fprintf(stdout, "\n"); + /* G_y value taken from the standard: */ + if (!BN_hex2bn + (&z, + "4FE342E2FE1A7F9B8EE7EB4A7C0F9E162BCE33576B315ECECBB6406837BF51F5")) + ABORT; + if (0 != BN_cmp(y, z)) + ABORT; + + if (!BN_add(yplusone, y, BN_value_one())) + ABORT; + /* + * When (x, y) is on the curve, (x, y + 1) is, as it happens, not, + * and therefore setting the coordinates should fail. + */ + if (EC_POINT_set_affine_coordinates_GFp(group, P, x, yplusone, ctx)) + ABORT; + + fprintf(stdout, "verify degree ..."); + if (EC_GROUP_get_degree(group) != 256) + ABORT; + fprintf(stdout, " ok\n"); + + group_order_tests(group); + + if ((P_256 = EC_GROUP_new(EC_GROUP_method_of(group))) == NULL) + ABORT; + if (!EC_GROUP_copy(P_256, group)) + ABORT; + + /* Curve P-384 (FIPS PUB 186-2, App. 6) */ + + if (!BN_hex2bn(&p, "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF" + "FFFFFFFFFFFFFFFFFEFFFFFFFF0000000000000000FFFFFFFF")) + ABORT; + if (1 != BN_is_prime_ex(p, BN_prime_checks, ctx, NULL)) + ABORT; + if (!BN_hex2bn(&a, "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF" + "FFFFFFFFFFFFFFFFFEFFFFFFFF0000000000000000FFFFFFFC")) + ABORT; + if (!BN_hex2bn(&b, "B3312FA7E23EE7E4988E056BE3F82D19181D9C6EFE8141" + "120314088F5013875AC656398D8A2ED19D2A85C8EDD3EC2AEF")) + ABORT; + if (!EC_GROUP_set_curve_GFp(group, p, a, b, ctx)) + ABORT; + + if (!BN_hex2bn(&x, "AA87CA22BE8B05378EB1C71EF320AD746E1D3B628BA79B" + "9859F741E082542A385502F25DBF55296C3A545E3872760AB7")) + ABORT; + if (!EC_POINT_set_compressed_coordinates_GFp(group, P, x, 1, ctx)) + ABORT; + if (EC_POINT_is_on_curve(group, P, ctx) <= 0) + ABORT; + if (!BN_hex2bn(&z, "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF" + "FFC7634D81F4372DDF581A0DB248B0A77AECEC196ACCC52973")) + ABORT; + if (!EC_GROUP_set_generator(group, P, z, BN_value_one())) + ABORT; + + if (!EC_POINT_get_affine_coordinates_GFp(group, P, x, y, ctx)) + ABORT; + fprintf(stdout, "\nNIST curve P-384 -- Generator:\n x = 0x"); + BN_print_fp(stdout, x); + fprintf(stdout, "\n y = 0x"); + BN_print_fp(stdout, y); + fprintf(stdout, "\n"); + /* G_y value taken from the standard: */ + if (!BN_hex2bn(&z, "3617DE4A96262C6F5D9E98BF9292DC29F8F41DBD289A14" + "7CE9DA3113B5F0B8C00A60B1CE1D7E819D7A431D7C90EA0E5F")) + ABORT; + if (0 != BN_cmp(y, z)) + ABORT; + + if (!BN_add(yplusone, y, BN_value_one())) + ABORT; + /* + * When (x, y) is on the curve, (x, y + 1) is, as it happens, not, + * and therefore setting the coordinates should fail. + */ + if (EC_POINT_set_affine_coordinates_GFp(group, P, x, yplusone, ctx)) + ABORT; + + fprintf(stdout, "verify degree ..."); + if (EC_GROUP_get_degree(group) != 384) + ABORT; + fprintf(stdout, " ok\n"); + + group_order_tests(group); + + if ((P_384 = EC_GROUP_new(EC_GROUP_method_of(group))) == NULL) + ABORT; + if (!EC_GROUP_copy(P_384, group)) + ABORT; + + /* Curve P-521 (FIPS PUB 186-2, App. 6) */ + + if (!BN_hex2bn(&p, "1FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF" + "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF" + "FFFFFFFFFFFFFFFFFFFFFFFFFFFF")) + ABORT; + if (1 != BN_is_prime_ex(p, BN_prime_checks, ctx, NULL)) + ABORT; + if (!BN_hex2bn(&a, "1FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF" + "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF" + "FFFFFFFFFFFFFFFFFFFFFFFFFFFC")) + ABORT; + if (!BN_hex2bn(&b, "051953EB9618E1C9A1F929A21A0B68540EEA2DA725B99B" + "315F3B8B489918EF109E156193951EC7E937B1652C0BD3BB1BF073573" + "DF883D2C34F1EF451FD46B503F00")) + ABORT; + if (!EC_GROUP_set_curve_GFp(group, p, a, b, ctx)) + ABORT; + + if (!BN_hex2bn(&x, "C6858E06B70404E9CD9E3ECB662395B4429C648139053F" + "B521F828AF606B4D3DBAA14B5E77EFE75928FE1DC127A2FFA8DE3348B" + "3C1856A429BF97E7E31C2E5BD66")) + ABORT; + if (!EC_POINT_set_compressed_coordinates_GFp(group, P, x, 0, ctx)) + ABORT; + if (EC_POINT_is_on_curve(group, P, ctx) <= 0) + ABORT; + if (!BN_hex2bn(&z, "1FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF" + "FFFFFFFFFFFFFFFFFFFFA51868783BF2F966B7FCC0148F709A5D03BB5" + "C9B8899C47AEBB6FB71E91386409")) + ABORT; + if (!EC_GROUP_set_generator(group, P, z, BN_value_one())) + ABORT; + + if (!EC_POINT_get_affine_coordinates_GFp(group, P, x, y, ctx)) + ABORT; + fprintf(stdout, "\nNIST curve P-521 -- Generator:\n x = 0x"); + BN_print_fp(stdout, x); + fprintf(stdout, "\n y = 0x"); + BN_print_fp(stdout, y); + fprintf(stdout, "\n"); + /* G_y value taken from the standard: */ + if (!BN_hex2bn(&z, "11839296A789A3BC0045C8A5FB42C7D1BD998F54449579" + "B446817AFBD17273E662C97EE72995EF42640C550B9013FAD0761353C" + "7086A272C24088BE94769FD16650")) + ABORT; + if (0 != BN_cmp(y, z)) + ABORT; + + if (!BN_add(yplusone, y, BN_value_one())) + ABORT; + /* + * When (x, y) is on the curve, (x, y + 1) is, as it happens, not, + * and therefore setting the coordinates should fail. + */ + if (EC_POINT_set_affine_coordinates_GFp(group, P, x, yplusone, ctx)) + ABORT; + + fprintf(stdout, "verify degree ..."); + if (EC_GROUP_get_degree(group) != 521) + ABORT; + fprintf(stdout, " ok\n"); + + group_order_tests(group); + + if ((P_521 = EC_GROUP_new(EC_GROUP_method_of(group))) == NULL) + ABORT; + if (!EC_GROUP_copy(P_521, group)) + ABORT; + + /* more tests using the last curve */ + + /* Restore the point that got mangled in the (x, y + 1) test. */ + if (!EC_POINT_set_affine_coordinates_GFp(group, P, x, y, ctx)) + ABORT; + + if (!EC_POINT_copy(Q, P)) + ABORT; + if (EC_POINT_is_at_infinity(group, Q)) + ABORT; + if (!EC_POINT_dbl(group, P, P, ctx)) + ABORT; + if (EC_POINT_is_on_curve(group, P, ctx) <= 0) + ABORT; + if (!EC_POINT_invert(group, Q, ctx)) + ABORT; /* P = -2Q */ + + if (!EC_POINT_add(group, R, P, Q, ctx)) + ABORT; + if (!EC_POINT_add(group, R, R, Q, ctx)) + ABORT; + if (!EC_POINT_is_at_infinity(group, R)) + ABORT; /* R = P + 2Q */ + + { + const EC_POINT *points[4]; + const BIGNUM *scalars[4]; + BIGNUM *scalar3; + + if (EC_POINT_is_at_infinity(group, Q)) + ABORT; + points[0] = Q; + points[1] = Q; + points[2] = Q; + points[3] = Q; + + if (!EC_GROUP_get_order(group, z, ctx)) + ABORT; + if (!BN_add(y, z, BN_value_one())) + ABORT; + if (BN_is_odd(y)) + ABORT; + if (!BN_rshift1(y, y)) + ABORT; + scalars[0] = y; /* (group order + 1)/2, so y*Q + y*Q = Q */ + scalars[1] = y; + + fprintf(stdout, "combined multiplication ..."); + fflush(stdout); + + /* z is still the group order */ + if (!EC_POINTs_mul(group, P, NULL, 2, points, scalars, ctx)) + ABORT; + if (!EC_POINTs_mul(group, R, z, 2, points, scalars, ctx)) + ABORT; + if (0 != EC_POINT_cmp(group, P, R, ctx)) + ABORT; + if (0 != EC_POINT_cmp(group, R, Q, ctx)) + ABORT; + + fprintf(stdout, "."); + fflush(stdout); + + if (!BN_pseudo_rand(y, BN_num_bits(y), 0, 0)) + ABORT; + if (!BN_add(z, z, y)) + ABORT; + BN_set_negative(z, 1); + scalars[0] = y; + scalars[1] = z; /* z = -(order + y) */ + + if (!EC_POINTs_mul(group, P, NULL, 2, points, scalars, ctx)) + ABORT; + if (!EC_POINT_is_at_infinity(group, P)) + ABORT; + + fprintf(stdout, "."); + fflush(stdout); + + if (!BN_pseudo_rand(x, BN_num_bits(y) - 1, 0, 0)) + ABORT; + if (!BN_add(z, x, y)) + ABORT; + BN_set_negative(z, 1); + scalars[0] = x; + scalars[1] = y; + scalars[2] = z; /* z = -(x+y) */ + + scalar3 = BN_new(); + if (!scalar3) + ABORT; + BN_zero(scalar3); + scalars[3] = scalar3; + + if (!EC_POINTs_mul(group, P, NULL, 4, points, scalars, ctx)) + ABORT; + if (!EC_POINT_is_at_infinity(group, P)) + ABORT; + + fprintf(stdout, " ok\n\n"); + + BN_free(scalar3); + } + + BN_CTX_free(ctx); + BN_free(p); + BN_free(a); + BN_free(b); + EC_GROUP_free(group); + EC_POINT_free(P); + EC_POINT_free(Q); + EC_POINT_free(R); + BN_free(x); + BN_free(y); + BN_free(z); + BN_free(yplusone); + + EC_GROUP_free(P_160); + EC_GROUP_free(P_192); + EC_GROUP_free(P_224); + EC_GROUP_free(P_256); + EC_GROUP_free(P_384); + EC_GROUP_free(P_521); + +} + +/* Change test based on whether binary point compression is enabled or not. */ +# ifdef OPENSSL_EC_BIN_PT_COMP +# define CHAR2_CURVE_TEST_INTERNAL(_name, _p, _a, _b, _x, _y, _y_bit, _order, _cof, _degree, _variable) \ + if (!BN_hex2bn(&x, _x)) ABORT; \ + if (!BN_hex2bn(&y, _y)) ABORT; \ + if (!BN_add(yplusone, y, BN_value_one())) ABORT; \ + /* \ + * When (x, y) is on the curve, (x, y + 1) is, as it happens, not, \ + * and therefore setting the coordinates should fail. \ + */ \ + if (EC_POINT_set_affine_coordinates_GF2m(group, P, x, yplusone, ctx)) ABORT; \ + if (!EC_POINT_set_compressed_coordinates_GF2m(group, P, x, _y_bit, ctx)) ABORT; \ + if (EC_POINT_is_on_curve(group, P, ctx) <= 0) ABORT; \ + if (!BN_hex2bn(&z, _order)) ABORT; \ + if (!BN_hex2bn(&cof, _cof)) ABORT; \ + if (!EC_GROUP_set_generator(group, P, z, cof)) ABORT; \ + if (!EC_POINT_get_affine_coordinates_GF2m(group, P, x, y, ctx)) ABORT; \ + fprintf(stdout, "\n%s -- Generator:\n x = 0x", _name); \ + BN_print_fp(stdout, x); \ + fprintf(stdout, "\n y = 0x"); \ + BN_print_fp(stdout, y); \ + fprintf(stdout, "\n"); \ + /* G_y value taken from the standard: */ \ + if (!BN_hex2bn(&z, _y)) ABORT; \ + if (0 != BN_cmp(y, z)) ABORT; +# else +# define CHAR2_CURVE_TEST_INTERNAL(_name, _p, _a, _b, _x, _y, _y_bit, _order, _cof, _degree, _variable) \ + if (!BN_hex2bn(&x, _x)) ABORT; \ + if (!BN_hex2bn(&y, _y)) ABORT; \ + if (!BN_add(yplusone, y, BN_value_one())) ABORT; \ + /* \ + * When (x, y) is on the curve, (x, y + 1) is, as it happens, not, \ + * and therefore setting the coordinates should fail. \ + */ \ + if (EC_POINT_set_affine_coordinates_GF2m(group, P, x, yplusone, ctx)) ABORT; \ + if (!EC_POINT_set_affine_coordinates_GF2m(group, P, x, y, ctx)) ABORT; \ + if (EC_POINT_is_on_curve(group, P, ctx) <= 0) ABORT; \ + if (!BN_hex2bn(&z, _order)) ABORT; \ + if (!BN_hex2bn(&cof, _cof)) ABORT; \ + if (!EC_GROUP_set_generator(group, P, z, cof)) ABORT; \ + fprintf(stdout, "\n%s -- Generator:\n x = 0x", _name); \ + BN_print_fp(stdout, x); \ + fprintf(stdout, "\n y = 0x"); \ + BN_print_fp(stdout, y); \ + fprintf(stdout, "\n"); +# endif + +# define CHAR2_CURVE_TEST(_name, _p, _a, _b, _x, _y, _y_bit, _order, _cof, _degree, _variable) \ + if (!BN_hex2bn(&p, _p)) ABORT; \ + if (!BN_hex2bn(&a, _a)) ABORT; \ + if (!BN_hex2bn(&b, _b)) ABORT; \ + if (!EC_GROUP_set_curve_GF2m(group, p, a, b, ctx)) ABORT; \ + CHAR2_CURVE_TEST_INTERNAL(_name, _p, _a, _b, _x, _y, _y_bit, _order, _cof, _degree, _variable) \ + fprintf(stdout, "verify degree ..."); \ + if (EC_GROUP_get_degree(group) != _degree) ABORT; \ + fprintf(stdout, " ok\n"); \ + group_order_tests(group); \ + if ((_variable = EC_GROUP_new(EC_GROUP_method_of(group))) == NULL) ABORT; \ + if (!EC_GROUP_copy(_variable, group)) ABORT; \ + +# ifndef OPENSSL_NO_EC2M + +static void char2_field_tests(void) +{ + BN_CTX *ctx = NULL; + BIGNUM *p, *a, *b; + EC_GROUP *group; + EC_GROUP *C2_K163 = NULL, *C2_K233 = NULL, *C2_K283 = NULL, *C2_K409 = + NULL, *C2_K571 = NULL; + EC_GROUP *C2_B163 = NULL, *C2_B233 = NULL, *C2_B283 = NULL, *C2_B409 = + NULL, *C2_B571 = NULL; + EC_POINT *P, *Q, *R; + BIGNUM *x, *y, *z, *cof, *yplusone; + unsigned char buf[100]; + size_t i, len; + int k; + + ctx = BN_CTX_new(); + if (!ctx) + ABORT; + + p = BN_new(); + a = BN_new(); + b = BN_new(); + if (p == NULL || a == NULL || b == NULL) + ABORT; + + if (!BN_hex2bn(&p, "13")) + ABORT; + if (!BN_hex2bn(&a, "3")) + ABORT; + if (!BN_hex2bn(&b, "1")) + ABORT; + + group = EC_GROUP_new(EC_GF2m_simple_method()); /* applications should use + * EC_GROUP_new_curve_GF2m + * so that the library gets + * to choose the EC_METHOD */ + if (!group) + ABORT; + if (!EC_GROUP_set_curve_GF2m(group, p, a, b, ctx)) + ABORT; + + { + EC_GROUP *tmp; + tmp = EC_GROUP_new(EC_GROUP_method_of(group)); + if (!tmp) + ABORT; + if (!EC_GROUP_copy(tmp, group)) + ABORT; + EC_GROUP_free(group); + group = tmp; + } + + if (!EC_GROUP_get_curve_GF2m(group, p, a, b, ctx)) + ABORT; + + fprintf(stdout, + "Curve defined by Weierstrass equation\n y^2 + x*y = x^3 + a*x^2 + b (mod 0x"); + BN_print_fp(stdout, p); + fprintf(stdout, ")\n a = 0x"); + BN_print_fp(stdout, a); + fprintf(stdout, "\n b = 0x"); + BN_print_fp(stdout, b); + fprintf(stdout, "\n(0x... means binary polynomial)\n"); + + P = EC_POINT_new(group); + Q = EC_POINT_new(group); + R = EC_POINT_new(group); + if (!P || !Q || !R) + ABORT; + + if (!EC_POINT_set_to_infinity(group, P)) + ABORT; + if (!EC_POINT_is_at_infinity(group, P)) + ABORT; + + buf[0] = 0; + if (!EC_POINT_oct2point(group, Q, buf, 1, ctx)) + ABORT; + + if (!EC_POINT_add(group, P, P, Q, ctx)) + ABORT; + if (!EC_POINT_is_at_infinity(group, P)) + ABORT; + + x = BN_new(); + y = BN_new(); + z = BN_new(); + cof = BN_new(); + yplusone = BN_new(); + if (x == NULL || y == NULL || z == NULL || cof == NULL || yplusone == NULL) + ABORT; + + if (!BN_hex2bn(&x, "6")) + ABORT; +/* Change test based on whether binary point compression is enabled or not. */ +# ifdef OPENSSL_EC_BIN_PT_COMP + if (!EC_POINT_set_compressed_coordinates_GF2m(group, Q, x, 1, ctx)) + ABORT; +# else + if (!BN_hex2bn(&y, "8")) + ABORT; + if (!EC_POINT_set_affine_coordinates_GF2m(group, Q, x, y, ctx)) + ABORT; +# endif + if (EC_POINT_is_on_curve(group, Q, ctx) <= 0) { +/* Change test based on whether binary point compression is enabled or not. */ +# ifdef OPENSSL_EC_BIN_PT_COMP + if (!EC_POINT_get_affine_coordinates_GF2m(group, Q, x, y, ctx)) + ABORT; +# endif + fprintf(stderr, "Point is not on curve: x = 0x"); + BN_print_fp(stderr, x); + fprintf(stderr, ", y = 0x"); + BN_print_fp(stderr, y); + fprintf(stderr, "\n"); + ABORT; + } + + fprintf(stdout, "A cyclic subgroup:\n"); + k = 100; + do { + if (k-- == 0) + ABORT; + + if (EC_POINT_is_at_infinity(group, P)) + fprintf(stdout, " point at infinity\n"); + else { + if (!EC_POINT_get_affine_coordinates_GF2m(group, P, x, y, ctx)) + ABORT; + + fprintf(stdout, " x = 0x"); + BN_print_fp(stdout, x); + fprintf(stdout, ", y = 0x"); + BN_print_fp(stdout, y); + fprintf(stdout, "\n"); + } + + if (!EC_POINT_copy(R, P)) + ABORT; + if (!EC_POINT_add(group, P, P, Q, ctx)) + ABORT; + } + while (!EC_POINT_is_at_infinity(group, P)); + + if (!EC_POINT_add(group, P, Q, R, ctx)) + ABORT; + if (!EC_POINT_is_at_infinity(group, P)) + ABORT; + +/* Change test based on whether binary point compression is enabled or not. */ +# ifdef OPENSSL_EC_BIN_PT_COMP + len = + EC_POINT_point2oct(group, Q, POINT_CONVERSION_COMPRESSED, buf, + sizeof(buf), ctx); + if (len == 0) + ABORT; + if (!EC_POINT_oct2point(group, P, buf, len, ctx)) + ABORT; + if (0 != EC_POINT_cmp(group, P, Q, ctx)) + ABORT; + fprintf(stdout, "Generator as octet string, compressed form:\n "); + for (i = 0; i < len; i++) + fprintf(stdout, "%02X", buf[i]); +# endif + + len = + EC_POINT_point2oct(group, Q, POINT_CONVERSION_UNCOMPRESSED, buf, + sizeof(buf), ctx); + if (len == 0) + ABORT; + if (!EC_POINT_oct2point(group, P, buf, len, ctx)) + ABORT; + if (0 != EC_POINT_cmp(group, P, Q, ctx)) + ABORT; + fprintf(stdout, "\nGenerator as octet string, uncompressed form:\n "); + for (i = 0; i < len; i++) + fprintf(stdout, "%02X", buf[i]); + +/* Change test based on whether binary point compression is enabled or not. */ +# ifdef OPENSSL_EC_BIN_PT_COMP + len = + EC_POINT_point2oct(group, Q, POINT_CONVERSION_HYBRID, buf, sizeof(buf), + ctx); + if (len == 0) + ABORT; + if (!EC_POINT_oct2point(group, P, buf, len, ctx)) + ABORT; + if (0 != EC_POINT_cmp(group, P, Q, ctx)) + ABORT; + fprintf(stdout, "\nGenerator as octet string, hybrid form:\n "); + for (i = 0; i < len; i++) + fprintf(stdout, "%02X", buf[i]); +# endif + + fprintf(stdout, "\n"); + + if (!EC_POINT_invert(group, P, ctx)) + ABORT; + if (0 != EC_POINT_cmp(group, P, R, ctx)) + ABORT; + + /* Curve K-163 (FIPS PUB 186-2, App. 6) */ + CHAR2_CURVE_TEST + ("NIST curve K-163", + "0800000000000000000000000000000000000000C9", + "1", + "1", + "02FE13C0537BBC11ACAA07D793DE4E6D5E5C94EEE8", + "0289070FB05D38FF58321F2E800536D538CCDAA3D9", + 1, "04000000000000000000020108A2E0CC0D99F8A5EF", "2", 163, C2_K163); + + /* Curve B-163 (FIPS PUB 186-2, App. 6) */ + CHAR2_CURVE_TEST + ("NIST curve B-163", + "0800000000000000000000000000000000000000C9", + "1", + "020A601907B8C953CA1481EB10512F78744A3205FD", + "03F0EBA16286A2D57EA0991168D4994637E8343E36", + "00D51FBC6C71A0094FA2CDD545B11C5C0C797324F1", + 1, "040000000000000000000292FE77E70C12A4234C33", "2", 163, C2_B163); + + /* Curve K-233 (FIPS PUB 186-2, App. 6) */ + CHAR2_CURVE_TEST + ("NIST curve K-233", + "020000000000000000000000000000000000000004000000000000000001", + "0", + "1", + "017232BA853A7E731AF129F22FF4149563A419C26BF50A4C9D6EEFAD6126", + "01DB537DECE819B7F70F555A67C427A8CD9BF18AEB9B56E0C11056FAE6A3", + 0, + "008000000000000000000000000000069D5BB915BCD46EFB1AD5F173ABDF", + "4", 233, C2_K233); + + /* Curve B-233 (FIPS PUB 186-2, App. 6) */ + CHAR2_CURVE_TEST + ("NIST curve B-233", + "020000000000000000000000000000000000000004000000000000000001", + "000000000000000000000000000000000000000000000000000000000001", + "0066647EDE6C332C7F8C0923BB58213B333B20E9CE4281FE115F7D8F90AD", + "00FAC9DFCBAC8313BB2139F1BB755FEF65BC391F8B36F8F8EB7371FD558B", + "01006A08A41903350678E58528BEBF8A0BEFF867A7CA36716F7E01F81052", + 1, + "01000000000000000000000000000013E974E72F8A6922031D2603CFE0D7", + "2", 233, C2_B233); + + /* Curve K-283 (FIPS PUB 186-2, App. 6) */ + CHAR2_CURVE_TEST + ("NIST curve K-283", + "0800000000000000000000000000000000000000000000000000000000000000000010A1", + "0", + "1", + "0503213F78CA44883F1A3B8162F188E553CD265F23C1567A16876913B0C2AC2458492836", + "01CCDA380F1C9E318D90F95D07E5426FE87E45C0E8184698E45962364E34116177DD2259", + 0, + "01FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFE9AE2ED07577265DFF7F94451E061E163C61", + "4", 283, C2_K283); + + /* Curve B-283 (FIPS PUB 186-2, App. 6) */ + CHAR2_CURVE_TEST + ("NIST curve B-283", + "0800000000000000000000000000000000000000000000000000000000000000000010A1", + "000000000000000000000000000000000000000000000000000000000000000000000001", + "027B680AC8B8596DA5A4AF8A19A0303FCA97FD7645309FA2A581485AF6263E313B79A2F5", + "05F939258DB7DD90E1934F8C70B0DFEC2EED25B8557EAC9C80E2E198F8CDBECD86B12053", + "03676854FE24141CB98FE6D4B20D02B4516FF702350EDDB0826779C813F0DF45BE8112F4", + 1, + "03FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEF90399660FC938A90165B042A7CEFADB307", + "2", 283, C2_B283); + + /* Curve K-409 (FIPS PUB 186-2, App. 6) */ + CHAR2_CURVE_TEST + ("NIST curve K-409", + "02000000000000000000000000000000000000000000000000000000000000000000000000000000008000000000000000000001", + "0", + "1", + "0060F05F658F49C1AD3AB1890F7184210EFD0987E307C84C27ACCFB8F9F67CC2C460189EB5AAAA62EE222EB1B35540CFE9023746", + "01E369050B7C4E42ACBA1DACBF04299C3460782F918EA427E6325165E9EA10E3DA5F6C42E9C55215AA9CA27A5863EC48D8E0286B", + 1, + "007FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFE5F83B2D4EA20400EC4557D5ED3E3E7CA5B4B5C83B8E01E5FCF", + "4", 409, C2_K409); + + /* Curve B-409 (FIPS PUB 186-2, App. 6) */ + CHAR2_CURVE_TEST + ("NIST curve B-409", + "02000000000000000000000000000000000000000000000000000000000000000000000000000000008000000000000000000001", + "00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001", + "0021A5C2C8EE9FEB5C4B9A753B7B476B7FD6422EF1F3DD674761FA99D6AC27C8A9A197B272822F6CD57A55AA4F50AE317B13545F", + "015D4860D088DDB3496B0C6064756260441CDE4AF1771D4DB01FFE5B34E59703DC255A868A1180515603AEAB60794E54BB7996A7", + "0061B1CFAB6BE5F32BBFA78324ED106A7636B9C5A7BD198D0158AA4F5488D08F38514F1FDF4B4F40D2181B3681C364BA0273C706", + 1, + "010000000000000000000000000000000000000000000000000001E2AAD6A612F33307BE5FA47C3C9E052F838164CD37D9A21173", + "2", 409, C2_B409); + + /* Curve K-571 (FIPS PUB 186-2, App. 6) */ + CHAR2_CURVE_TEST + ("NIST curve K-571", + "80000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000425", + "0", + "1", + "026EB7A859923FBC82189631F8103FE4AC9CA2970012D5D46024804801841CA44370958493B205E647DA304DB4CEB08CBBD1BA39494776FB988B47174DCA88C7E2945283A01C8972", + "0349DC807F4FBF374F4AEADE3BCA95314DD58CEC9F307A54FFC61EFC006D8A2C9D4979C0AC44AEA74FBEBBB9F772AEDCB620B01A7BA7AF1B320430C8591984F601CD4C143EF1C7A3", + 0, + "020000000000000000000000000000000000000000000000000000000000000000000000131850E1F19A63E4B391A8DB917F4138B630D84BE5D639381E91DEB45CFE778F637C1001", + "4", 571, C2_K571); + + /* Curve B-571 (FIPS PUB 186-2, App. 6) */ + CHAR2_CURVE_TEST + ("NIST curve B-571", + "80000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000425", + "000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001", + "02F40E7E2221F295DE297117B7F3D62F5C6A97FFCB8CEFF1CD6BA8CE4A9A18AD84FFABBD8EFA59332BE7AD6756A66E294AFD185A78FF12AA520E4DE739BACA0C7FFEFF7F2955727A", + "0303001D34B856296C16C0D40D3CD7750A93D1D2955FA80AA5F40FC8DB7B2ABDBDE53950F4C0D293CDD711A35B67FB1499AE60038614F1394ABFA3B4C850D927E1E7769C8EEC2D19", + "037BF27342DA639B6DCCFFFEB73D69D78C6C27A6009CBBCA1980F8533921E8A684423E43BAB08A576291AF8F461BB2A8B3531D2F0485C19B16E2F1516E23DD3C1A4827AF1B8AC15B", + 1, + "03FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFE661CE18FF55987308059B186823851EC7DD9CA1161DE93D5174D66E8382E9BB2FE84E47", + "2", 571, C2_B571); + + /* more tests using the last curve */ + + if (!EC_POINT_copy(Q, P)) + ABORT; + if (EC_POINT_is_at_infinity(group, Q)) + ABORT; + if (!EC_POINT_dbl(group, P, P, ctx)) + ABORT; + if (EC_POINT_is_on_curve(group, P, ctx) <= 0) + ABORT; + if (!EC_POINT_invert(group, Q, ctx)) + ABORT; /* P = -2Q */ + + if (!EC_POINT_add(group, R, P, Q, ctx)) + ABORT; + if (!EC_POINT_add(group, R, R, Q, ctx)) + ABORT; + if (!EC_POINT_is_at_infinity(group, R)) + ABORT; /* R = P + 2Q */ + + { + const EC_POINT *points[3]; + const BIGNUM *scalars[3]; + + if (EC_POINT_is_at_infinity(group, Q)) + ABORT; + points[0] = Q; + points[1] = Q; + points[2] = Q; + + if (!BN_add(y, z, BN_value_one())) + ABORT; + if (BN_is_odd(y)) + ABORT; + if (!BN_rshift1(y, y)) + ABORT; + scalars[0] = y; /* (group order + 1)/2, so y*Q + y*Q = Q */ + scalars[1] = y; + + fprintf(stdout, "combined multiplication ..."); + fflush(stdout); + + /* z is still the group order */ + if (!EC_POINTs_mul(group, P, NULL, 2, points, scalars, ctx)) + ABORT; + if (!EC_POINTs_mul(group, R, z, 2, points, scalars, ctx)) + ABORT; + if (0 != EC_POINT_cmp(group, P, R, ctx)) + ABORT; + if (0 != EC_POINT_cmp(group, R, Q, ctx)) + ABORT; + + fprintf(stdout, "."); + fflush(stdout); + + if (!BN_pseudo_rand(y, BN_num_bits(y), 0, 0)) + ABORT; + if (!BN_add(z, z, y)) + ABORT; + BN_set_negative(z, 1); + scalars[0] = y; + scalars[1] = z; /* z = -(order + y) */ + + if (!EC_POINTs_mul(group, P, NULL, 2, points, scalars, ctx)) + ABORT; + if (!EC_POINT_is_at_infinity(group, P)) + ABORT; + + fprintf(stdout, "."); + fflush(stdout); + + if (!BN_pseudo_rand(x, BN_num_bits(y) - 1, 0, 0)) + ABORT; + if (!BN_add(z, x, y)) + ABORT; + BN_set_negative(z, 1); + scalars[0] = x; + scalars[1] = y; + scalars[2] = z; /* z = -(x+y) */ + + if (!EC_POINTs_mul(group, P, NULL, 3, points, scalars, ctx)) + ABORT; + if (!EC_POINT_is_at_infinity(group, P)) + ABORT; + + fprintf(stdout, " ok\n\n"); + } + + BN_CTX_free(ctx); + BN_free(p); + BN_free(a); + BN_free(b); + EC_GROUP_free(group); + EC_POINT_free(P); + EC_POINT_free(Q); + EC_POINT_free(R); + BN_free(x); + BN_free(y); + BN_free(z); + BN_free(cof); + BN_free(yplusone); + + EC_GROUP_free(C2_K163); + EC_GROUP_free(C2_B163); + EC_GROUP_free(C2_K233); + EC_GROUP_free(C2_B233); + EC_GROUP_free(C2_K283); + EC_GROUP_free(C2_B283); + EC_GROUP_free(C2_K409); + EC_GROUP_free(C2_B409); + EC_GROUP_free(C2_K571); + EC_GROUP_free(C2_B571); + +} +# endif + +static void internal_curve_test(void) +{ + EC_builtin_curve *curves = NULL; + size_t crv_len = 0, n = 0; + int ok = 1; + + crv_len = EC_get_builtin_curves(NULL, 0); + curves = OPENSSL_malloc(sizeof(*curves) * crv_len); + if (curves == NULL) + return; + + if (!EC_get_builtin_curves(curves, crv_len)) { + OPENSSL_free(curves); + return; + } + + fprintf(stdout, "testing internal curves: "); + + for (n = 0; n < crv_len; n++) { + EC_GROUP *group = NULL; + int nid = curves[n].nid; + if ((group = EC_GROUP_new_by_curve_name(nid)) == NULL) { + ok = 0; + fprintf(stdout, "\nEC_GROUP_new_curve_name() failed with" + " curve %s\n", OBJ_nid2sn(nid)); + /* try next curve */ + continue; + } + if (!EC_GROUP_check(group, NULL)) { + ok = 0; + fprintf(stdout, "\nEC_GROUP_check() failed with" + " curve %s\n", OBJ_nid2sn(nid)); + EC_GROUP_free(group); + /* try the next curve */ + continue; + } + fprintf(stdout, "."); + fflush(stdout); + EC_GROUP_free(group); + } + if (ok) + fprintf(stdout, " ok\n\n"); + else { + fprintf(stdout, " failed\n\n"); + ABORT; + } + + /* Test all built-in curves and let the library choose the EC_METHOD */ + for (n = 0; n < crv_len; n++) { + EC_GROUP *group = NULL; + int nid = curves[n].nid; + /* + * Skip for X25519 because low level operations such as EC_POINT_mul() + * are not supported for this curve + */ + if (nid == NID_X25519) + continue; + fprintf(stdout, "%s:\n", OBJ_nid2sn(nid)); + fflush(stdout); + if ((group = EC_GROUP_new_by_curve_name(nid)) == NULL) { + ABORT; + } + group_order_tests(group); + EC_GROUP_free(group); + } + + OPENSSL_free(curves); + return; +} + +# ifndef OPENSSL_NO_EC_NISTP_64_GCC_128 +/* + * nistp_test_params contains magic numbers for testing our optimized + * implementations of several NIST curves with characteristic > 3. + */ +struct nistp_test_params { + const EC_METHOD *(*meth) (); + int degree; + /* + * Qx, Qy and D are taken from + * http://csrc.nist.gov/groups/ST/toolkit/documents/Examples/ECDSA_Prime.pdf + * Otherwise, values are standard curve parameters from FIPS 180-3 + */ + const char *p, *a, *b, *Qx, *Qy, *Gx, *Gy, *order, *d; +}; + +static const struct nistp_test_params nistp_tests_params[] = { + { + /* P-224 */ + EC_GFp_nistp224_method, + 224, + /* p */ + "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF000000000000000000000001", + /* a */ + "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFFFFFFFFFFFFFFFFFE", + /* b */ + "B4050A850C04B3ABF54132565044B0B7D7BFD8BA270B39432355FFB4", + /* Qx */ + "E84FB0B8E7000CB657D7973CF6B42ED78B301674276DF744AF130B3E", + /* Qy */ + "4376675C6FC5612C21A0FF2D2A89D2987DF7A2BC52183B5982298555", + /* Gx */ + "B70E0CBD6BB4BF7F321390B94A03C1D356C21122343280D6115C1D21", + /* Gy */ + "BD376388B5F723FB4C22DFE6CD4375A05A07476444D5819985007E34", + /* order */ + "FFFFFFFFFFFFFFFFFFFFFFFFFFFF16A2E0B8F03E13DD29455C5C2A3D", + /* d */ + "3F0C488E987C80BE0FEE521F8D90BE6034EC69AE11CA72AA777481E8", + }, + { + /* P-256 */ + EC_GFp_nistp256_method, + 256, + /* p */ + "ffffffff00000001000000000000000000000000ffffffffffffffffffffffff", + /* a */ + "ffffffff00000001000000000000000000000000fffffffffffffffffffffffc", + /* b */ + "5ac635d8aa3a93e7b3ebbd55769886bc651d06b0cc53b0f63bce3c3e27d2604b", + /* Qx */ + "b7e08afdfe94bad3f1dc8c734798ba1c62b3a0ad1e9ea2a38201cd0889bc7a19", + /* Qy */ + "3603f747959dbf7a4bb226e41928729063adc7ae43529e61b563bbc606cc5e09", + /* Gx */ + "6b17d1f2e12c4247f8bce6e563a440f277037d812deb33a0f4a13945d898c296", + /* Gy */ + "4fe342e2fe1a7f9b8ee7eb4a7c0f9e162bce33576b315ececbb6406837bf51f5", + /* order */ + "ffffffff00000000ffffffffffffffffbce6faada7179e84f3b9cac2fc632551", + /* d */ + "c477f9f65c22cce20657faa5b2d1d8122336f851a508a1ed04e479c34985bf96", + }, + { + /* P-521 */ + EC_GFp_nistp521_method, + 521, + /* p */ + "1ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff", + /* a */ + "1fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffc", + /* b */ + "051953eb9618e1c9a1f929a21a0b68540eea2da725b99b315f3b8b489918ef109e156193951ec7e937b1652c0bd3bb1bf073573df883d2c34f1ef451fd46b503f00", + /* Qx */ + "0098e91eef9a68452822309c52fab453f5f117c1da8ed796b255e9ab8f6410cca16e59df403a6bdc6ca467a37056b1e54b3005d8ac030decfeb68df18b171885d5c4", + /* Qy */ + "0164350c321aecfc1cca1ba4364c9b15656150b4b78d6a48d7d28e7f31985ef17be8554376b72900712c4b83ad668327231526e313f5f092999a4632fd50d946bc2e", + /* Gx */ + "c6858e06b70404e9cd9e3ecb662395b4429c648139053fb521f828af606b4d3dbaa14b5e77efe75928fe1dc127a2ffa8de3348b3c1856a429bf97e7e31c2e5bd66", + /* Gy */ + "11839296a789a3bc0045c8a5fb42c7d1bd998f54449579b446817afbd17273e662c97ee72995ef42640c550b9013fad0761353c7086a272c24088be94769fd16650", + /* order */ + "1fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffa51868783bf2f966b7fcc0148f709a5d03bb5c9b8899c47aebb6fb71e91386409", + /* d */ + "0100085f47b8e1b8b11b7eb33028c0b2888e304bfc98501955b45bba1478dc184eeedf09b86a5f7c21994406072787205e69a63709fe35aa93ba333514b24f961722", + }, +}; + +static void nistp_single_test(const struct nistp_test_params *test) +{ + BN_CTX *ctx; + BIGNUM *p, *a, *b, *x, *y, *n, *m, *order, *yplusone; + EC_GROUP *NISTP; + EC_POINT *G, *P, *Q, *Q_CHECK; + + fprintf(stdout, "\nNIST curve P-%d (optimised implementation):\n", + test->degree); + ctx = BN_CTX_new(); + p = BN_new(); + a = BN_new(); + b = BN_new(); + x = BN_new(); + y = BN_new(); + m = BN_new(); + n = BN_new(); + order = BN_new(); + yplusone = BN_new(); + + NISTP = EC_GROUP_new(test->meth()); + if (!NISTP) + ABORT; + if (!BN_hex2bn(&p, test->p)) + ABORT; + if (1 != BN_is_prime_ex(p, BN_prime_checks, ctx, NULL)) + ABORT; + if (!BN_hex2bn(&a, test->a)) + ABORT; + if (!BN_hex2bn(&b, test->b)) + ABORT; + if (!EC_GROUP_set_curve_GFp(NISTP, p, a, b, ctx)) + ABORT; + G = EC_POINT_new(NISTP); + P = EC_POINT_new(NISTP); + Q = EC_POINT_new(NISTP); + Q_CHECK = EC_POINT_new(NISTP); + if (!BN_hex2bn(&x, test->Qx)) + ABORT; + if (!BN_hex2bn(&y, test->Qy)) + ABORT; + if (!BN_add(yplusone, y, BN_value_one())) + ABORT; + /* + * When (x, y) is on the curve, (x, y + 1) is, as it happens, not, + * and therefore setting the coordinates should fail. + */ + if (EC_POINT_set_affine_coordinates_GFp(NISTP, Q_CHECK, x, yplusone, ctx)) + ABORT; + if (!EC_POINT_set_affine_coordinates_GFp(NISTP, Q_CHECK, x, y, ctx)) + ABORT; + if (!BN_hex2bn(&x, test->Gx)) + ABORT; + if (!BN_hex2bn(&y, test->Gy)) + ABORT; + if (!EC_POINT_set_affine_coordinates_GFp(NISTP, G, x, y, ctx)) + ABORT; + if (!BN_hex2bn(&order, test->order)) + ABORT; + if (!EC_GROUP_set_generator(NISTP, G, order, BN_value_one())) + ABORT; + + fprintf(stdout, "verify degree ... "); + if (EC_GROUP_get_degree(NISTP) != test->degree) + ABORT; + fprintf(stdout, "ok\n"); + + fprintf(stdout, "NIST test vectors ... "); + if (!BN_hex2bn(&n, test->d)) + ABORT; + /* fixed point multiplication */ + EC_POINT_mul(NISTP, Q, n, NULL, NULL, ctx); + if (0 != EC_POINT_cmp(NISTP, Q, Q_CHECK, ctx)) + ABORT; + /* random point multiplication */ + EC_POINT_mul(NISTP, Q, NULL, G, n, ctx); + if (0 != EC_POINT_cmp(NISTP, Q, Q_CHECK, ctx)) + ABORT; + + /* set generator to P = 2*G, where G is the standard generator */ + if (!EC_POINT_dbl(NISTP, P, G, ctx)) + ABORT; + if (!EC_GROUP_set_generator(NISTP, P, order, BN_value_one())) + ABORT; + /* set the scalar to m=n/2, where n is the NIST test scalar */ + if (!BN_rshift(m, n, 1)) + ABORT; + + /* test the non-standard generator */ + /* fixed point multiplication */ + EC_POINT_mul(NISTP, Q, m, NULL, NULL, ctx); + if (0 != EC_POINT_cmp(NISTP, Q, Q_CHECK, ctx)) + ABORT; + /* random point multiplication */ + EC_POINT_mul(NISTP, Q, NULL, P, m, ctx); + if (0 != EC_POINT_cmp(NISTP, Q, Q_CHECK, ctx)) + ABORT; + + /* + * We have not performed precomputation so have_precompute mult should be + * false + */ + if (EC_GROUP_have_precompute_mult(NISTP)) + ABORT; + + /* now repeat all tests with precomputation */ + if (!EC_GROUP_precompute_mult(NISTP, ctx)) + ABORT; + if (!EC_GROUP_have_precompute_mult(NISTP)) + ABORT; + + /* fixed point multiplication */ + EC_POINT_mul(NISTP, Q, m, NULL, NULL, ctx); + if (0 != EC_POINT_cmp(NISTP, Q, Q_CHECK, ctx)) + ABORT; + /* random point multiplication */ + EC_POINT_mul(NISTP, Q, NULL, P, m, ctx); + if (0 != EC_POINT_cmp(NISTP, Q, Q_CHECK, ctx)) + ABORT; + + /* reset generator */ + if (!EC_GROUP_set_generator(NISTP, G, order, BN_value_one())) + ABORT; + /* fixed point multiplication */ + EC_POINT_mul(NISTP, Q, n, NULL, NULL, ctx); + if (0 != EC_POINT_cmp(NISTP, Q, Q_CHECK, ctx)) + ABORT; + /* random point multiplication */ + EC_POINT_mul(NISTP, Q, NULL, G, n, ctx); + if (0 != EC_POINT_cmp(NISTP, Q, Q_CHECK, ctx)) + ABORT; + + fprintf(stdout, "ok\n"); + group_order_tests(NISTP); + EC_GROUP_free(NISTP); + EC_POINT_free(G); + EC_POINT_free(P); + EC_POINT_free(Q); + EC_POINT_free(Q_CHECK); + BN_free(n); + BN_free(m); + BN_free(p); + BN_free(a); + BN_free(b); + BN_free(x); + BN_free(y); + BN_free(order); + BN_free(yplusone); + BN_CTX_free(ctx); +} + +static void nistp_tests() +{ + unsigned i; + + for (i = 0; i < OSSL_NELEM(nistp_tests_params); i++) { + nistp_single_test(&nistp_tests_params[i]); + } +} +# endif + +static void parameter_test(void) +{ + EC_GROUP *group, *group2; + ECPARAMETERS *ecparameters; + + fprintf(stderr, "\ntesting ecparameters conversion ..."); + + group = EC_GROUP_new_by_curve_name(NID_secp112r1); + if (!group) + ABORT; + + ecparameters = EC_GROUP_get_ecparameters(group, NULL); + if (!ecparameters) + ABORT; + group2 = EC_GROUP_new_from_ecparameters(ecparameters); + if (!group2) + ABORT; + if (EC_GROUP_cmp(group, group2, NULL)) + ABORT; + + fprintf(stderr, " ok\n"); + + EC_GROUP_free(group); + EC_GROUP_free(group2); + ECPARAMETERS_free(ecparameters); +} + +static const char rnd_seed[] = + "string to make the random number generator think it has entropy"; + +int main(int argc, char *argv[]) +{ + char *p; + + p = getenv("OPENSSL_DEBUG_MEMORY"); + if (p != NULL && strcmp(p, "on") == 0) + CRYPTO_set_mem_debug(1); + CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON); + + RAND_seed(rnd_seed, sizeof(rnd_seed)); /* or BN_generate_prime may fail */ + + prime_field_tests(); + puts(""); +# ifndef OPENSSL_NO_EC2M + char2_field_tests(); +# endif +# ifndef OPENSSL_NO_EC_NISTP_64_GCC_128 + nistp_tests(); +# endif + /* test the internal curves */ + internal_curve_test(); + + parameter_test(); + +#ifndef OPENSSL_NO_CRYPTO_MDEBUG + if (CRYPTO_mem_leaks_fp(stderr) <= 0) + return 1; +#endif + + return 0; +} +#endif diff --git a/openssl-1.1.0h/test/enginetest.c b/openssl-1.1.0h/test/enginetest.c new file mode 100644 index 0000000..0a8c185 --- /dev/null +++ b/openssl-1.1.0h/test/enginetest.c @@ -0,0 +1,408 @@ +/* + * Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#include +#include +#include + +#ifdef OPENSSL_NO_ENGINE +int main(int argc, char *argv[]) +{ + printf("No ENGINE support\n"); + return (0); +} +#else +# include +# include +# include +# include +# include +# include + +static void display_engine_list(void) +{ + ENGINE *h; + int loop; + + h = ENGINE_get_first(); + loop = 0; + printf("listing available engine types\n"); + while (h) { + printf("engine %i, id = \"%s\", name = \"%s\"\n", + loop++, ENGINE_get_id(h), ENGINE_get_name(h)); + h = ENGINE_get_next(h); + } + printf("end of list\n"); + /* + * ENGINE_get_first() increases the struct_ref counter, so we must call + * ENGINE_free() to decrease it again + */ + ENGINE_free(h); +} + +/* Test EVP_PKEY method */ +static EVP_PKEY_METHOD *test_rsa = NULL; + +static int called_encrypt = 0; + +/* Test function to check operation has been redirected */ +static int test_encrypt(EVP_PKEY_CTX *ctx, unsigned char *sig, + size_t *siglen, const unsigned char *tbs, size_t tbslen) +{ + called_encrypt = 1; + return 1; +} + +static int test_pkey_meths(ENGINE *e, EVP_PKEY_METHOD **pmeth, + const int **pnids, int nid) +{ + static const int rnid = EVP_PKEY_RSA; + if (pmeth == NULL) { + *pnids = &rnid; + return 1; + } + + if (nid == EVP_PKEY_RSA) { + *pmeth = test_rsa; + return 1; + } + + *pmeth = NULL; + return 0; +} + +/* Return a test EVP_PKEY value */ + +static EVP_PKEY *get_test_pkey(void) +{ + static unsigned char n[] = + "\x00\xAA\x36\xAB\xCE\x88\xAC\xFD\xFF\x55\x52\x3C\x7F\xC4\x52\x3F" + "\x90\xEF\xA0\x0D\xF3\x77\x4A\x25\x9F\x2E\x62\xB4\xC5\xD9\x9C\xB5" + "\xAD\xB3\x00\xA0\x28\x5E\x53\x01\x93\x0E\x0C\x70\xFB\x68\x76\x93" + "\x9C\xE6\x16\xCE\x62\x4A\x11\xE0\x08\x6D\x34\x1E\xBC\xAC\xA0\xA1" + "\xF5"; + static unsigned char e[] = "\x11"; + + RSA *rsa = RSA_new(); + EVP_PKEY *pk = EVP_PKEY_new(); + + if (rsa == NULL || pk == NULL || !EVP_PKEY_assign_RSA(pk, rsa)) { + RSA_free(rsa); + EVP_PKEY_free(pk); + return NULL; + } + + if (!RSA_set0_key(rsa, BN_bin2bn(n, sizeof(n)-1, NULL), + BN_bin2bn(e, sizeof(e)-1, NULL), NULL)) { + EVP_PKEY_free(pk); + return NULL; + } + + return pk; +} + +static int test_redirect(void) +{ + const unsigned char pt[] = "Hello World\n"; + unsigned char *tmp = NULL; + size_t len; + EVP_PKEY_CTX *ctx = NULL; + ENGINE *e = NULL; + EVP_PKEY *pkey = NULL; + + int to_return = 0; + + printf("\nRedirection test\n"); + + if ((pkey = get_test_pkey()) == NULL) { + printf("Get test key failed\n"); + goto err; + } + + len = EVP_PKEY_size(pkey); + if ((tmp = OPENSSL_malloc(len)) == NULL) { + printf("Buffer alloc failed\n"); + goto err; + } + + if ((ctx = EVP_PKEY_CTX_new(pkey, NULL)) == NULL) { + printf("Key context allocation failure\n"); + goto err; + } + printf("EVP_PKEY_encrypt test: no redirection\n"); + /* Encrypt some data: should succeed but not be redirected */ + if (EVP_PKEY_encrypt_init(ctx) <= 0 + || EVP_PKEY_encrypt(ctx, tmp, &len, pt, sizeof(pt)) <= 0 + || called_encrypt) { + printf("Test encryption failure\n"); + goto err; + } + EVP_PKEY_CTX_free(ctx); + ctx = NULL; + + /* Create a test ENGINE */ + if ((e = ENGINE_new()) == NULL + || !ENGINE_set_id(e, "Test redirect engine") + || !ENGINE_set_name(e, "Test redirect engine")) { + printf("Redirection engine setup failure\n"); + goto err; + } + + /* + * Try to create a context for this engine and test key. + * Try setting test key engine. Both should fail because the + * engine has no public key methods. + */ + if (EVP_PKEY_CTX_new(pkey, e) != NULL + || EVP_PKEY_set1_engine(pkey, e) > 0) { + printf("Unexpected redirection success\n"); + goto err; + } + + /* Setup an empty test EVP_PKEY_METHOD and set callback to return it */ + if ((test_rsa = EVP_PKEY_meth_new(EVP_PKEY_RSA, 0)) == NULL) { + printf("Test RSA algorithm setup failure\n"); + goto err; + } + ENGINE_set_pkey_meths(e, test_pkey_meths); + + /* Getting a context for test ENGINE should now succeed */ + if ((ctx = EVP_PKEY_CTX_new(pkey, e)) == NULL) { + printf("Redirected context allocation failed\n"); + goto err; + } + /* Encrypt should fail because operation is not supported */ + if (EVP_PKEY_encrypt_init(ctx) > 0) { + printf("Encryption redirect unexpected success\n"); + goto err; + } + EVP_PKEY_CTX_free(ctx); + ctx = NULL; + + /* Add test encrypt operation to method */ + EVP_PKEY_meth_set_encrypt(test_rsa, 0, test_encrypt); + + printf("EVP_PKEY_encrypt test: redirection via EVP_PKEY_CTX_new()\n"); + if ((ctx = EVP_PKEY_CTX_new(pkey, e)) == NULL) { + printf("Redirected context allocation failed\n"); + goto err; + } + /* Encrypt some data: should succeed and be redirected */ + if (EVP_PKEY_encrypt_init(ctx) <= 0 + || EVP_PKEY_encrypt(ctx, tmp, &len, pt, sizeof(pt)) <= 0 + || !called_encrypt) { + printf("Redirected key context encryption failed\n"); + goto err; + } + + EVP_PKEY_CTX_free(ctx); + ctx = NULL; + called_encrypt = 0; + + printf("EVP_PKEY_encrypt test: check default operation not redirected\n"); + + /* Create context with default engine: should not be redirected */ + if ((ctx = EVP_PKEY_CTX_new(pkey, NULL)) == NULL + || EVP_PKEY_encrypt_init(ctx) <= 0 + || EVP_PKEY_encrypt(ctx, tmp, &len, pt, sizeof(pt)) <= 0 + || called_encrypt) { + printf("Unredirected key context encryption failed\n"); + goto err; + } + + EVP_PKEY_CTX_free(ctx); + ctx = NULL; + + /* Set engine explicitly for test key */ + if (!EVP_PKEY_set1_engine(pkey, e)) { + printf("Key engine set failed\n"); + goto err; + } + + printf("EVP_PKEY_encrypt test: redirection via EVP_PKEY_set1_engine()\n"); + + /* Create context with default engine: should be redirected now */ + if ((ctx = EVP_PKEY_CTX_new(pkey, NULL)) == NULL + || EVP_PKEY_encrypt_init(ctx) <= 0 + || EVP_PKEY_encrypt(ctx, tmp, &len, pt, sizeof(pt)) <= 0 + || !called_encrypt) { + printf("Key redirection failure\n"); + goto err; + } + + to_return = 1; + + err: + EVP_PKEY_CTX_free(ctx); + EVP_PKEY_free(pkey); + ENGINE_free(e); + OPENSSL_free(tmp); + return to_return; +} + +int main(int argc, char *argv[]) +{ + ENGINE *block[512]; + char buf[256]; + const char *id, *name, *p; + ENGINE *ptr; + int loop; + int to_return = 1; + ENGINE *new_h1 = NULL; + ENGINE *new_h2 = NULL; + ENGINE *new_h3 = NULL; + ENGINE *new_h4 = NULL; + + p = getenv("OPENSSL_DEBUG_MEMORY"); + if (p != NULL && strcmp(p, "on") == 0) + CRYPTO_set_mem_debug(1); + + memset(block, 0, sizeof(block)); + if (((new_h1 = ENGINE_new()) == NULL) || + !ENGINE_set_id(new_h1, "test_id0") || + !ENGINE_set_name(new_h1, "First test item") || + ((new_h2 = ENGINE_new()) == NULL) || + !ENGINE_set_id(new_h2, "test_id1") || + !ENGINE_set_name(new_h2, "Second test item") || + ((new_h3 = ENGINE_new()) == NULL) || + !ENGINE_set_id(new_h3, "test_id2") || + !ENGINE_set_name(new_h3, "Third test item") || + ((new_h4 = ENGINE_new()) == NULL) || + !ENGINE_set_id(new_h4, "test_id3") || + !ENGINE_set_name(new_h4, "Fourth test item")) { + printf("Couldn't set up test ENGINE structures\n"); + goto end; + } + printf("\nenginetest beginning\n\n"); + display_engine_list(); + if (!ENGINE_add(new_h1)) { + printf("Add failed!\n"); + goto end; + } + display_engine_list(); + ptr = ENGINE_get_first(); + if (!ENGINE_remove(ptr)) { + printf("Remove failed!\n"); + goto end; + } + ENGINE_free(ptr); + display_engine_list(); + if (!ENGINE_add(new_h3) || !ENGINE_add(new_h2)) { + printf("Add failed!\n"); + goto end; + } + display_engine_list(); + if (!ENGINE_remove(new_h2)) { + printf("Remove failed!\n"); + goto end; + } + display_engine_list(); + if (!ENGINE_add(new_h4)) { + printf("Add failed!\n"); + goto end; + } + display_engine_list(); + if (ENGINE_add(new_h3)) { + printf("Add *should* have failed but didn't!\n"); + goto end; + } else + printf("Add that should fail did.\n"); + ERR_clear_error(); + if (ENGINE_remove(new_h2)) { + printf("Remove *should* have failed but didn't!\n"); + goto end; + } else + printf("Remove that should fail did.\n"); + ERR_clear_error(); + if (!ENGINE_remove(new_h3)) { + printf("Remove failed!\n"); + goto end; + } + display_engine_list(); + if (!ENGINE_remove(new_h4)) { + printf("Remove failed!\n"); + goto end; + } + display_engine_list(); + /* + * Depending on whether there's any hardware support compiled in, this + * remove may be destined to fail. + */ + ptr = ENGINE_get_first(); + if (ptr) + if (!ENGINE_remove(ptr)) + printf("Remove failed!i - probably no hardware " + "support present.\n"); + ENGINE_free(ptr); + display_engine_list(); + if (!ENGINE_add(new_h1) || !ENGINE_remove(new_h1)) { + printf("Couldn't add and remove to an empty list!\n"); + goto end; + } else + printf("Successfully added and removed to an empty list!\n"); + printf("About to beef up the engine-type list\n"); + for (loop = 0; loop < 512; loop++) { + sprintf(buf, "id%i", loop); + id = OPENSSL_strdup(buf); + sprintf(buf, "Fake engine type %i", loop); + name = OPENSSL_strdup(buf); + if (((block[loop] = ENGINE_new()) == NULL) || + !ENGINE_set_id(block[loop], id) || + !ENGINE_set_name(block[loop], name)) { + printf("Couldn't create block of ENGINE structures.\n" + "I'll probably also core-dump now, damn.\n"); + goto end; + } + } + for (loop = 0; loop < 512; loop++) { + if (!ENGINE_add(block[loop])) { + printf("\nAdding stopped at %i, (%s,%s)\n", + loop, ENGINE_get_id(block[loop]), + ENGINE_get_name(block[loop])); + goto cleanup_loop; + } else + printf("."); + fflush(stdout); + } + cleanup_loop: + printf("\nAbout to empty the engine-type list\n"); + while ((ptr = ENGINE_get_first()) != NULL) { + if (!ENGINE_remove(ptr)) { + printf("\nRemove failed!\n"); + goto end; + } + ENGINE_free(ptr); + printf("."); + fflush(stdout); + } + for (loop = 0; loop < 512; loop++) { + OPENSSL_free((void *)ENGINE_get_id(block[loop])); + OPENSSL_free((void *)ENGINE_get_name(block[loop])); + } + if (!test_redirect()) + goto end; + printf("\nTests completed happily\n"); + to_return = 0; + end: + if (to_return) + ERR_print_errors_fp(stderr); + ENGINE_free(new_h1); + ENGINE_free(new_h2); + ENGINE_free(new_h3); + ENGINE_free(new_h4); + for (loop = 0; loop < 512; loop++) + ENGINE_free(block[loop]); + +#ifndef OPENSSL_NO_CRYPTO_MDEBUG + if (CRYPTO_mem_leaks_fp(stderr) <= 0) + to_return = 1; +#endif + return to_return; +} +#endif diff --git a/openssl-1.1.0h/test/evp_extra_test.c b/openssl-1.1.0h/test/evp_extra_test.c new file mode 100644 index 0000000..9217f3a --- /dev/null +++ b/openssl-1.1.0h/test/evp_extra_test.c @@ -0,0 +1,409 @@ +/* + * Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#include +#include +#include +#include +#include +#include +#include +#include + +/* + * kExampleRSAKeyDER is an RSA private key in ASN.1, DER format. Of course, you + * should never use this key anywhere but in an example. + */ +static const unsigned char kExampleRSAKeyDER[] = { + 0x30, 0x82, 0x02, 0x5c, 0x02, 0x01, 0x00, 0x02, 0x81, 0x81, 0x00, 0xf8, + 0xb8, 0x6c, 0x83, 0xb4, 0xbc, 0xd9, 0xa8, 0x57, 0xc0, 0xa5, 0xb4, 0x59, + 0x76, 0x8c, 0x54, 0x1d, 0x79, 0xeb, 0x22, 0x52, 0x04, 0x7e, 0xd3, 0x37, + 0xeb, 0x41, 0xfd, 0x83, 0xf9, 0xf0, 0xa6, 0x85, 0x15, 0x34, 0x75, 0x71, + 0x5a, 0x84, 0xa8, 0x3c, 0xd2, 0xef, 0x5a, 0x4e, 0xd3, 0xde, 0x97, 0x8a, + 0xdd, 0xff, 0xbb, 0xcf, 0x0a, 0xaa, 0x86, 0x92, 0xbe, 0xb8, 0x50, 0xe4, + 0xcd, 0x6f, 0x80, 0x33, 0x30, 0x76, 0x13, 0x8f, 0xca, 0x7b, 0xdc, 0xec, + 0x5a, 0xca, 0x63, 0xc7, 0x03, 0x25, 0xef, 0xa8, 0x8a, 0x83, 0x58, 0x76, + 0x20, 0xfa, 0x16, 0x77, 0xd7, 0x79, 0x92, 0x63, 0x01, 0x48, 0x1a, 0xd8, + 0x7b, 0x67, 0xf1, 0x52, 0x55, 0x49, 0x4e, 0xd6, 0x6e, 0x4a, 0x5c, 0xd7, + 0x7a, 0x37, 0x36, 0x0c, 0xde, 0xdd, 0x8f, 0x44, 0xe8, 0xc2, 0xa7, 0x2c, + 0x2b, 0xb5, 0xaf, 0x64, 0x4b, 0x61, 0x07, 0x02, 0x03, 0x01, 0x00, 0x01, + 0x02, 0x81, 0x80, 0x74, 0x88, 0x64, 0x3f, 0x69, 0x45, 0x3a, 0x6d, 0xc7, + 0x7f, 0xb9, 0xa3, 0xc0, 0x6e, 0xec, 0xdc, 0xd4, 0x5a, 0xb5, 0x32, 0x85, + 0x5f, 0x19, 0xd4, 0xf8, 0xd4, 0x3f, 0x3c, 0xfa, 0xc2, 0xf6, 0x5f, 0xee, + 0xe6, 0xba, 0x87, 0x74, 0x2e, 0xc7, 0x0c, 0xd4, 0x42, 0xb8, 0x66, 0x85, + 0x9c, 0x7b, 0x24, 0x61, 0xaa, 0x16, 0x11, 0xf6, 0xb5, 0xb6, 0xa4, 0x0a, + 0xc9, 0x55, 0x2e, 0x81, 0xa5, 0x47, 0x61, 0xcb, 0x25, 0x8f, 0xc2, 0x15, + 0x7b, 0x0e, 0x7c, 0x36, 0x9f, 0x3a, 0xda, 0x58, 0x86, 0x1c, 0x5b, 0x83, + 0x79, 0xe6, 0x2b, 0xcc, 0xe6, 0xfa, 0x2c, 0x61, 0xf2, 0x78, 0x80, 0x1b, + 0xe2, 0xf3, 0x9d, 0x39, 0x2b, 0x65, 0x57, 0x91, 0x3d, 0x71, 0x99, 0x73, + 0xa5, 0xc2, 0x79, 0x20, 0x8c, 0x07, 0x4f, 0xe5, 0xb4, 0x60, 0x1f, 0x99, + 0xa2, 0xb1, 0x4f, 0x0c, 0xef, 0xbc, 0x59, 0x53, 0x00, 0x7d, 0xb1, 0x02, + 0x41, 0x00, 0xfc, 0x7e, 0x23, 0x65, 0x70, 0xf8, 0xce, 0xd3, 0x40, 0x41, + 0x80, 0x6a, 0x1d, 0x01, 0xd6, 0x01, 0xff, 0xb6, 0x1b, 0x3d, 0x3d, 0x59, + 0x09, 0x33, 0x79, 0xc0, 0x4f, 0xde, 0x96, 0x27, 0x4b, 0x18, 0xc6, 0xd9, + 0x78, 0xf1, 0xf4, 0x35, 0x46, 0xe9, 0x7c, 0x42, 0x7a, 0x5d, 0x9f, 0xef, + 0x54, 0xb8, 0xf7, 0x9f, 0xc4, 0x33, 0x6c, 0xf3, 0x8c, 0x32, 0x46, 0x87, + 0x67, 0x30, 0x7b, 0xa7, 0xac, 0xe3, 0x02, 0x41, 0x00, 0xfc, 0x2c, 0xdf, + 0x0c, 0x0d, 0x88, 0xf5, 0xb1, 0x92, 0xa8, 0x93, 0x47, 0x63, 0x55, 0xf5, + 0xca, 0x58, 0x43, 0xba, 0x1c, 0xe5, 0x9e, 0xb6, 0x95, 0x05, 0xcd, 0xb5, + 0x82, 0xdf, 0xeb, 0x04, 0x53, 0x9d, 0xbd, 0xc2, 0x38, 0x16, 0xb3, 0x62, + 0xdd, 0xa1, 0x46, 0xdb, 0x6d, 0x97, 0x93, 0x9f, 0x8a, 0xc3, 0x9b, 0x64, + 0x7e, 0x42, 0xe3, 0x32, 0x57, 0x19, 0x1b, 0xd5, 0x6e, 0x85, 0xfa, 0xb8, + 0x8d, 0x02, 0x41, 0x00, 0xbc, 0x3d, 0xde, 0x6d, 0xd6, 0x97, 0xe8, 0xba, + 0x9e, 0x81, 0x37, 0x17, 0xe5, 0xa0, 0x64, 0xc9, 0x00, 0xb7, 0xe7, 0xfe, + 0xf4, 0x29, 0xd9, 0x2e, 0x43, 0x6b, 0x19, 0x20, 0xbd, 0x99, 0x75, 0xe7, + 0x76, 0xf8, 0xd3, 0xae, 0xaf, 0x7e, 0xb8, 0xeb, 0x81, 0xf4, 0x9d, 0xfe, + 0x07, 0x2b, 0x0b, 0x63, 0x0b, 0x5a, 0x55, 0x90, 0x71, 0x7d, 0xf1, 0xdb, + 0xd9, 0xb1, 0x41, 0x41, 0x68, 0x2f, 0x4e, 0x39, 0x02, 0x40, 0x5a, 0x34, + 0x66, 0xd8, 0xf5, 0xe2, 0x7f, 0x18, 0xb5, 0x00, 0x6e, 0x26, 0x84, 0x27, + 0x14, 0x93, 0xfb, 0xfc, 0xc6, 0x0f, 0x5e, 0x27, 0xe6, 0xe1, 0xe9, 0xc0, + 0x8a, 0xe4, 0x34, 0xda, 0xe9, 0xa2, 0x4b, 0x73, 0xbc, 0x8c, 0xb9, 0xba, + 0x13, 0x6c, 0x7a, 0x2b, 0x51, 0x84, 0xa3, 0x4a, 0xe0, 0x30, 0x10, 0x06, + 0x7e, 0xed, 0x17, 0x5a, 0x14, 0x00, 0xc9, 0xef, 0x85, 0xea, 0x52, 0x2c, + 0xbc, 0x65, 0x02, 0x40, 0x51, 0xe3, 0xf2, 0x83, 0x19, 0x9b, 0xc4, 0x1e, + 0x2f, 0x50, 0x3d, 0xdf, 0x5a, 0xa2, 0x18, 0xca, 0x5f, 0x2e, 0x49, 0xaf, + 0x6f, 0xcc, 0xfa, 0x65, 0x77, 0x94, 0xb5, 0xa1, 0x0a, 0xa9, 0xd1, 0x8a, + 0x39, 0x37, 0xf4, 0x0b, 0xa0, 0xd7, 0x82, 0x27, 0x5e, 0xae, 0x17, 0x17, + 0xa1, 0x1e, 0x54, 0x34, 0xbf, 0x6e, 0xc4, 0x8e, 0x99, 0x5d, 0x08, 0xf1, + 0x2d, 0x86, 0x9d, 0xa5, 0x20, 0x1b, 0xe5, 0xdf, +}; + +static const unsigned char kMsg[] = { 1, 2, 3, 4 }; + +static const unsigned char kSignature[] = { + 0xa5, 0xf0, 0x8a, 0x47, 0x5d, 0x3c, 0xb3, 0xcc, 0xa9, 0x79, 0xaf, 0x4d, + 0x8c, 0xae, 0x4c, 0x14, 0xef, 0xc2, 0x0b, 0x34, 0x36, 0xde, 0xf4, 0x3e, + 0x3d, 0xbb, 0x4a, 0x60, 0x5c, 0xc8, 0x91, 0x28, 0xda, 0xfb, 0x7e, 0x04, + 0x96, 0x7e, 0x63, 0x13, 0x90, 0xce, 0xb9, 0xb4, 0x62, 0x7a, 0xfd, 0x09, + 0x3d, 0xc7, 0x67, 0x78, 0x54, 0x04, 0xeb, 0x52, 0x62, 0x6e, 0x24, 0x67, + 0xb4, 0x40, 0xfc, 0x57, 0x62, 0xc6, 0xf1, 0x67, 0xc1, 0x97, 0x8f, 0x6a, + 0xa8, 0xae, 0x44, 0x46, 0x5e, 0xab, 0x67, 0x17, 0x53, 0x19, 0x3a, 0xda, + 0x5a, 0xc8, 0x16, 0x3e, 0x86, 0xd5, 0xc5, 0x71, 0x2f, 0xfc, 0x23, 0x48, + 0xd9, 0x0b, 0x13, 0xdd, 0x7b, 0x5a, 0x25, 0x79, 0xef, 0xa5, 0x7b, 0x04, + 0xed, 0x44, 0xf6, 0x18, 0x55, 0xe4, 0x0a, 0xe9, 0x57, 0x79, 0x5d, 0xd7, + 0x55, 0xa7, 0xab, 0x45, 0x02, 0x97, 0x60, 0x42, +}; + +/* + * kExampleRSAKeyPKCS8 is kExampleRSAKeyDER encoded in a PKCS #8 + * PrivateKeyInfo. + */ +static const unsigned char kExampleRSAKeyPKCS8[] = { + 0x30, 0x82, 0x02, 0x76, 0x02, 0x01, 0x00, 0x30, 0x0d, 0x06, 0x09, 0x2a, + 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01, 0x05, 0x00, 0x04, 0x82, + 0x02, 0x60, 0x30, 0x82, 0x02, 0x5c, 0x02, 0x01, 0x00, 0x02, 0x81, 0x81, + 0x00, 0xf8, 0xb8, 0x6c, 0x83, 0xb4, 0xbc, 0xd9, 0xa8, 0x57, 0xc0, 0xa5, + 0xb4, 0x59, 0x76, 0x8c, 0x54, 0x1d, 0x79, 0xeb, 0x22, 0x52, 0x04, 0x7e, + 0xd3, 0x37, 0xeb, 0x41, 0xfd, 0x83, 0xf9, 0xf0, 0xa6, 0x85, 0x15, 0x34, + 0x75, 0x71, 0x5a, 0x84, 0xa8, 0x3c, 0xd2, 0xef, 0x5a, 0x4e, 0xd3, 0xde, + 0x97, 0x8a, 0xdd, 0xff, 0xbb, 0xcf, 0x0a, 0xaa, 0x86, 0x92, 0xbe, 0xb8, + 0x50, 0xe4, 0xcd, 0x6f, 0x80, 0x33, 0x30, 0x76, 0x13, 0x8f, 0xca, 0x7b, + 0xdc, 0xec, 0x5a, 0xca, 0x63, 0xc7, 0x03, 0x25, 0xef, 0xa8, 0x8a, 0x83, + 0x58, 0x76, 0x20, 0xfa, 0x16, 0x77, 0xd7, 0x79, 0x92, 0x63, 0x01, 0x48, + 0x1a, 0xd8, 0x7b, 0x67, 0xf1, 0x52, 0x55, 0x49, 0x4e, 0xd6, 0x6e, 0x4a, + 0x5c, 0xd7, 0x7a, 0x37, 0x36, 0x0c, 0xde, 0xdd, 0x8f, 0x44, 0xe8, 0xc2, + 0xa7, 0x2c, 0x2b, 0xb5, 0xaf, 0x64, 0x4b, 0x61, 0x07, 0x02, 0x03, 0x01, + 0x00, 0x01, 0x02, 0x81, 0x80, 0x74, 0x88, 0x64, 0x3f, 0x69, 0x45, 0x3a, + 0x6d, 0xc7, 0x7f, 0xb9, 0xa3, 0xc0, 0x6e, 0xec, 0xdc, 0xd4, 0x5a, 0xb5, + 0x32, 0x85, 0x5f, 0x19, 0xd4, 0xf8, 0xd4, 0x3f, 0x3c, 0xfa, 0xc2, 0xf6, + 0x5f, 0xee, 0xe6, 0xba, 0x87, 0x74, 0x2e, 0xc7, 0x0c, 0xd4, 0x42, 0xb8, + 0x66, 0x85, 0x9c, 0x7b, 0x24, 0x61, 0xaa, 0x16, 0x11, 0xf6, 0xb5, 0xb6, + 0xa4, 0x0a, 0xc9, 0x55, 0x2e, 0x81, 0xa5, 0x47, 0x61, 0xcb, 0x25, 0x8f, + 0xc2, 0x15, 0x7b, 0x0e, 0x7c, 0x36, 0x9f, 0x3a, 0xda, 0x58, 0x86, 0x1c, + 0x5b, 0x83, 0x79, 0xe6, 0x2b, 0xcc, 0xe6, 0xfa, 0x2c, 0x61, 0xf2, 0x78, + 0x80, 0x1b, 0xe2, 0xf3, 0x9d, 0x39, 0x2b, 0x65, 0x57, 0x91, 0x3d, 0x71, + 0x99, 0x73, 0xa5, 0xc2, 0x79, 0x20, 0x8c, 0x07, 0x4f, 0xe5, 0xb4, 0x60, + 0x1f, 0x99, 0xa2, 0xb1, 0x4f, 0x0c, 0xef, 0xbc, 0x59, 0x53, 0x00, 0x7d, + 0xb1, 0x02, 0x41, 0x00, 0xfc, 0x7e, 0x23, 0x65, 0x70, 0xf8, 0xce, 0xd3, + 0x40, 0x41, 0x80, 0x6a, 0x1d, 0x01, 0xd6, 0x01, 0xff, 0xb6, 0x1b, 0x3d, + 0x3d, 0x59, 0x09, 0x33, 0x79, 0xc0, 0x4f, 0xde, 0x96, 0x27, 0x4b, 0x18, + 0xc6, 0xd9, 0x78, 0xf1, 0xf4, 0x35, 0x46, 0xe9, 0x7c, 0x42, 0x7a, 0x5d, + 0x9f, 0xef, 0x54, 0xb8, 0xf7, 0x9f, 0xc4, 0x33, 0x6c, 0xf3, 0x8c, 0x32, + 0x46, 0x87, 0x67, 0x30, 0x7b, 0xa7, 0xac, 0xe3, 0x02, 0x41, 0x00, 0xfc, + 0x2c, 0xdf, 0x0c, 0x0d, 0x88, 0xf5, 0xb1, 0x92, 0xa8, 0x93, 0x47, 0x63, + 0x55, 0xf5, 0xca, 0x58, 0x43, 0xba, 0x1c, 0xe5, 0x9e, 0xb6, 0x95, 0x05, + 0xcd, 0xb5, 0x82, 0xdf, 0xeb, 0x04, 0x53, 0x9d, 0xbd, 0xc2, 0x38, 0x16, + 0xb3, 0x62, 0xdd, 0xa1, 0x46, 0xdb, 0x6d, 0x97, 0x93, 0x9f, 0x8a, 0xc3, + 0x9b, 0x64, 0x7e, 0x42, 0xe3, 0x32, 0x57, 0x19, 0x1b, 0xd5, 0x6e, 0x85, + 0xfa, 0xb8, 0x8d, 0x02, 0x41, 0x00, 0xbc, 0x3d, 0xde, 0x6d, 0xd6, 0x97, + 0xe8, 0xba, 0x9e, 0x81, 0x37, 0x17, 0xe5, 0xa0, 0x64, 0xc9, 0x00, 0xb7, + 0xe7, 0xfe, 0xf4, 0x29, 0xd9, 0x2e, 0x43, 0x6b, 0x19, 0x20, 0xbd, 0x99, + 0x75, 0xe7, 0x76, 0xf8, 0xd3, 0xae, 0xaf, 0x7e, 0xb8, 0xeb, 0x81, 0xf4, + 0x9d, 0xfe, 0x07, 0x2b, 0x0b, 0x63, 0x0b, 0x5a, 0x55, 0x90, 0x71, 0x7d, + 0xf1, 0xdb, 0xd9, 0xb1, 0x41, 0x41, 0x68, 0x2f, 0x4e, 0x39, 0x02, 0x40, + 0x5a, 0x34, 0x66, 0xd8, 0xf5, 0xe2, 0x7f, 0x18, 0xb5, 0x00, 0x6e, 0x26, + 0x84, 0x27, 0x14, 0x93, 0xfb, 0xfc, 0xc6, 0x0f, 0x5e, 0x27, 0xe6, 0xe1, + 0xe9, 0xc0, 0x8a, 0xe4, 0x34, 0xda, 0xe9, 0xa2, 0x4b, 0x73, 0xbc, 0x8c, + 0xb9, 0xba, 0x13, 0x6c, 0x7a, 0x2b, 0x51, 0x84, 0xa3, 0x4a, 0xe0, 0x30, + 0x10, 0x06, 0x7e, 0xed, 0x17, 0x5a, 0x14, 0x00, 0xc9, 0xef, 0x85, 0xea, + 0x52, 0x2c, 0xbc, 0x65, 0x02, 0x40, 0x51, 0xe3, 0xf2, 0x83, 0x19, 0x9b, + 0xc4, 0x1e, 0x2f, 0x50, 0x3d, 0xdf, 0x5a, 0xa2, 0x18, 0xca, 0x5f, 0x2e, + 0x49, 0xaf, 0x6f, 0xcc, 0xfa, 0x65, 0x77, 0x94, 0xb5, 0xa1, 0x0a, 0xa9, + 0xd1, 0x8a, 0x39, 0x37, 0xf4, 0x0b, 0xa0, 0xd7, 0x82, 0x27, 0x5e, 0xae, + 0x17, 0x17, 0xa1, 0x1e, 0x54, 0x34, 0xbf, 0x6e, 0xc4, 0x8e, 0x99, 0x5d, + 0x08, 0xf1, 0x2d, 0x86, 0x9d, 0xa5, 0x20, 0x1b, 0xe5, 0xdf, +}; + +#ifndef OPENSSL_NO_EC +/* + * kExampleECKeyDER is a sample EC private key encoded as an ECPrivateKey + * structure. + */ +static const unsigned char kExampleECKeyDER[] = { + 0x30, 0x77, 0x02, 0x01, 0x01, 0x04, 0x20, 0x07, 0x0f, 0x08, 0x72, 0x7a, + 0xd4, 0xa0, 0x4a, 0x9c, 0xdd, 0x59, 0xc9, 0x4d, 0x89, 0x68, 0x77, 0x08, + 0xb5, 0x6f, 0xc9, 0x5d, 0x30, 0x77, 0x0e, 0xe8, 0xd1, 0xc9, 0xce, 0x0a, + 0x8b, 0xb4, 0x6a, 0xa0, 0x0a, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, + 0x03, 0x01, 0x07, 0xa1, 0x44, 0x03, 0x42, 0x00, 0x04, 0xe6, 0x2b, 0x69, + 0xe2, 0xbf, 0x65, 0x9f, 0x97, 0xbe, 0x2f, 0x1e, 0x0d, 0x94, 0x8a, 0x4c, + 0xd5, 0x97, 0x6b, 0xb7, 0xa9, 0x1e, 0x0d, 0x46, 0xfb, 0xdd, 0xa9, 0xa9, + 0x1e, 0x9d, 0xdc, 0xba, 0x5a, 0x01, 0xe7, 0xd6, 0x97, 0xa8, 0x0a, 0x18, + 0xf9, 0xc3, 0xc4, 0xa3, 0x1e, 0x56, 0xe2, 0x7c, 0x83, 0x48, 0xdb, 0x16, + 0x1a, 0x1c, 0xf5, 0x1d, 0x7e, 0xf1, 0x94, 0x2d, 0x4b, 0xcf, 0x72, 0x22, + 0xc1, +}; + +/* + * kExampleBadECKeyDER is a sample EC private key encoded as an ECPrivateKey + * structure. The private key is equal to the order and will fail to import + */ +static const unsigned char kExampleBadECKeyDER[] = { + 0x30, 0x66, 0x02, 0x01, 0x00, 0x30, 0x13, 0x06, 0x07, 0x2A, 0x86, 0x48, + 0xCE, 0x3D, 0x02, 0x01, 0x06, 0x08, 0x2A, 0x86, 0x48, 0xCE, 0x3D, 0x03, + 0x01, 0x07, 0x04, 0x4C, 0x30, 0x4A, 0x02, 0x01, 0x01, 0x04, 0x20, 0xFF, + 0xFF, 0xFF, 0xFF, 0x00, 0x00, 0x00, 0x00, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, + 0xFF, 0xFF, 0xFF, 0xBC, 0xE6, 0xFA, 0xAD, 0xA7, 0x17, 0x9E, 0x84, 0xF3, + 0xB9, 0xCA, 0xC2, 0xFC, 0x63, 0x25, 0x51, 0xA1, 0x23, 0x03, 0x21, 0x00, + 0x00, 0xFF, 0xFF, 0xFF, 0x00, 0x00, 0x00, 0x00, 0xFF, 0xFF, 0xFF, 0xFF, + 0xFF, 0xFF, 0xFF, 0xFF, 0xBC, 0xE6, 0xFA, 0xAD, 0xA7, 0x17, 0x9E, 0x84, + 0xF3, 0xB9, 0xCA, 0xC2, 0xFC, 0x63, 0x25, 0x51 +}; +#endif + +static EVP_PKEY *load_example_rsa_key(void) +{ + EVP_PKEY *ret = NULL; + const unsigned char *derp = kExampleRSAKeyDER; + EVP_PKEY *pkey = NULL; + RSA *rsa = NULL; + + if (!d2i_RSAPrivateKey(&rsa, &derp, sizeof(kExampleRSAKeyDER))) { + return NULL; + } + + pkey = EVP_PKEY_new(); + if (pkey == NULL || !EVP_PKEY_set1_RSA(pkey, rsa)) { + goto out; + } + + ret = pkey; + pkey = NULL; + + out: + EVP_PKEY_free(pkey); + RSA_free(rsa); + + return ret; +} + +static int test_EVP_DigestSignInit(void) +{ + int ret = 0; + EVP_PKEY *pkey = NULL; + unsigned char *sig = NULL; + size_t sig_len = 0; + EVP_MD_CTX *md_ctx, *md_ctx_verify; + + md_ctx = EVP_MD_CTX_new(); + md_ctx_verify = EVP_MD_CTX_new(); + if (md_ctx == NULL || md_ctx_verify == NULL) + goto out; + + pkey = load_example_rsa_key(); + if (pkey == NULL || + !EVP_DigestSignInit(md_ctx, NULL, EVP_sha256(), NULL, pkey) || + !EVP_DigestSignUpdate(md_ctx, kMsg, sizeof(kMsg))) { + goto out; + } + /* Determine the size of the signature. */ + if (!EVP_DigestSignFinal(md_ctx, NULL, &sig_len)) { + goto out; + } + /* Sanity check for testing. */ + if (sig_len != (size_t)EVP_PKEY_size(pkey)) { + fprintf(stderr, "sig_len mismatch\n"); + goto out; + } + + sig = OPENSSL_malloc(sig_len); + if (sig == NULL || !EVP_DigestSignFinal(md_ctx, sig, &sig_len)) { + goto out; + } + + /* Ensure that the signature round-trips. */ + if (!EVP_DigestVerifyInit(md_ctx_verify, NULL, EVP_sha256(), NULL, pkey) + || !EVP_DigestVerifyUpdate(md_ctx_verify, kMsg, sizeof(kMsg)) + || !EVP_DigestVerifyFinal(md_ctx_verify, sig, sig_len)) { + goto out; + } + + ret = 1; + + out: + if (!ret) { + ERR_print_errors_fp(stderr); + } + + EVP_MD_CTX_free(md_ctx); + EVP_MD_CTX_free(md_ctx_verify); + EVP_PKEY_free(pkey); + OPENSSL_free(sig); + + return ret; +} + +static int test_EVP_DigestVerifyInit(void) +{ + int ret = 0; + EVP_PKEY *pkey = NULL; + EVP_MD_CTX *md_ctx; + + md_ctx = EVP_MD_CTX_new(); + + pkey = load_example_rsa_key(); + if (pkey == NULL || + !EVP_DigestVerifyInit(md_ctx, NULL, EVP_sha256(), NULL, pkey) || + !EVP_DigestVerifyUpdate(md_ctx, kMsg, sizeof(kMsg)) || + !EVP_DigestVerifyFinal(md_ctx, kSignature, sizeof(kSignature))) { + goto out; + } + ret = 1; + + out: + if (!ret) { + ERR_print_errors_fp(stderr); + } + + EVP_MD_CTX_free(md_ctx); + EVP_PKEY_free(pkey); + + return ret; +} + +static int test_d2i_AutoPrivateKey(const unsigned char *input, + size_t input_len, int expected_id) +{ + int ret = 0; + const unsigned char *p; + EVP_PKEY *pkey = NULL; + + p = input; + pkey = d2i_AutoPrivateKey(NULL, &p, input_len); + if (pkey == NULL || p != input + input_len) { + fprintf(stderr, "d2i_AutoPrivateKey failed\n"); + goto done; + } + + if (EVP_PKEY_id(pkey) != expected_id) { + fprintf(stderr, "Did not decode expected type\n"); + goto done; + } + + ret = 1; + + done: + if (!ret) { + ERR_print_errors_fp(stderr); + } + + EVP_PKEY_free(pkey); + return ret; +} + +#ifndef OPENSSL_NO_EC +/* Tests loading a bad key in PKCS8 format */ +static int test_EVP_PKCS82PKEY(void) +{ + int ret = 0; + const unsigned char *derp = kExampleBadECKeyDER; + PKCS8_PRIV_KEY_INFO *p8inf = NULL; + EVP_PKEY *pkey = NULL; + + p8inf = d2i_PKCS8_PRIV_KEY_INFO(NULL, &derp, sizeof(kExampleBadECKeyDER)); + + if (!p8inf || derp != kExampleBadECKeyDER + sizeof(kExampleBadECKeyDER)) { + fprintf(stderr, "Failed to parse key\n"); + goto done; + } + + pkey = EVP_PKCS82PKEY(p8inf); + if (pkey) { + fprintf(stderr, "Imported invalid EC key\n"); + goto done; + } + + ret = 1; + + done: + PKCS8_PRIV_KEY_INFO_free(p8inf); + EVP_PKEY_free(pkey); + + return ret; +} +#endif + +int main(void) +{ + CRYPTO_set_mem_debug(1); + CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON); + + + if (!test_EVP_DigestSignInit()) { + fprintf(stderr, "EVP_DigestSignInit failed\n"); + return 1; + } + + if (!test_EVP_DigestVerifyInit()) { + fprintf(stderr, "EVP_DigestVerifyInit failed\n"); + return 1; + } + + if (!test_d2i_AutoPrivateKey(kExampleRSAKeyDER, sizeof(kExampleRSAKeyDER), + EVP_PKEY_RSA)) { + fprintf(stderr, "d2i_AutoPrivateKey(kExampleRSAKeyDER) failed\n"); + return 1; + } + + if (!test_d2i_AutoPrivateKey + (kExampleRSAKeyPKCS8, sizeof(kExampleRSAKeyPKCS8), EVP_PKEY_RSA)) { + fprintf(stderr, "d2i_AutoPrivateKey(kExampleRSAKeyPKCS8) failed\n"); + return 1; + } + +#ifndef OPENSSL_NO_EC + if (!test_d2i_AutoPrivateKey(kExampleECKeyDER, sizeof(kExampleECKeyDER), + EVP_PKEY_EC)) { + fprintf(stderr, "d2i_AutoPrivateKey(kExampleECKeyDER) failed\n"); + return 1; + } + + if (!test_EVP_PKCS82PKEY()) { + fprintf(stderr, "test_EVP_PKCS82PKEY failed\n"); + return 1; + } +#endif + +#ifndef OPENSSL_NO_CRYPTO_MDEBUG + if (CRYPTO_mem_leaks_fp(stderr) <= 0) + return 1; +#endif + + printf("PASS\n"); + return 0; +} diff --git a/openssl-1.1.0h/test/evp_test.c b/openssl-1.1.0h/test/evp_test.c new file mode 100644 index 0000000..fb2ca27 --- /dev/null +++ b/openssl-1.1.0h/test/evp_test.c @@ -0,0 +1,2172 @@ +/* + * Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include "internal/numbers.h" + +/* Remove spaces from beginning and end of a string */ + +static void remove_space(char **pval) +{ + unsigned char *p = (unsigned char *)*pval; + + while (isspace(*p)) + p++; + + *pval = (char *)p; + + p = p + strlen(*pval) - 1; + + /* Remove trailing space */ + while (isspace(*p)) + *p-- = 0; +} + +/* + * Given a line of the form: + * name = value # comment + * extract name and value. NB: modifies passed buffer. + */ + +static int parse_line(char **pkw, char **pval, char *linebuf) +{ + char *p; + + p = linebuf + strlen(linebuf) - 1; + + if (*p != '\n') { + fprintf(stderr, "FATAL: missing EOL\n"); + exit(1); + } + + /* Look for # */ + + p = strchr(linebuf, '#'); + + if (p) + *p = '\0'; + + /* Look for = sign */ + p = strchr(linebuf, '='); + + /* If no '=' exit */ + if (!p) + return 0; + + *p++ = '\0'; + + *pkw = linebuf; + *pval = p; + + /* Remove spaces from keyword and value */ + remove_space(pkw); + remove_space(pval); + + return 1; +} + +/* + * Unescape some escape sequences in string literals. + * Return the result in a newly allocated buffer. + * Currently only supports '\n'. + * If the input length is 0, returns a valid 1-byte buffer, but sets + * the length to 0. + */ +static unsigned char* unescape(const char *input, size_t input_len, + size_t *out_len) +{ + unsigned char *ret, *p; + size_t i; + if (input_len == 0) { + *out_len = 0; + return OPENSSL_zalloc(1); + } + + /* Escaping is non-expanding; over-allocate original size for simplicity. */ + ret = p = OPENSSL_malloc(input_len); + if (ret == NULL) + return NULL; + + for (i = 0; i < input_len; i++) { + if (input[i] == '\\') { + if (i == input_len - 1 || input[i+1] != 'n') + goto err; + *p++ = '\n'; + i++; + } else { + *p++ = input[i]; + } + } + + *out_len = p - ret; + return ret; + + err: + OPENSSL_free(ret); + return NULL; +} + +/* For a hex string "value" convert to a binary allocated buffer */ +static int test_bin(const char *value, unsigned char **buf, size_t *buflen) +{ + long len; + + *buflen = 0; + + /* Check for empty value */ + if (!*value) { + /* + * Don't return NULL for zero length buffer. + * This is needed for some tests with empty keys: HMAC_Init_ex() expects + * a non-NULL key buffer even if the key length is 0, in order to detect + * key reset. + */ + *buf = OPENSSL_malloc(1); + if (!*buf) + return 0; + **buf = 0; + *buflen = 0; + return 1; + } + + /* Check for NULL literal */ + if (strcmp(value, "NULL") == 0) { + *buf = NULL; + *buflen = 0; + return 1; + } + + /* Check for string literal */ + if (value[0] == '"') { + size_t vlen; + value++; + vlen = strlen(value); + if (value[vlen - 1] != '"') + return 0; + vlen--; + *buf = unescape(value, vlen, buflen); + if (*buf == NULL) + return 0; + return 1; + } + + /* Otherwise assume as hex literal and convert it to binary buffer */ + *buf = OPENSSL_hexstr2buf(value, &len); + if (!*buf) { + fprintf(stderr, "Value=%s\n", value); + ERR_print_errors_fp(stderr); + return -1; + } + /* Size of input buffer means we'll never overflow */ + *buflen = len; + return 1; +} +#ifndef OPENSSL_NO_SCRYPT +/* Currently only used by scrypt tests */ +/* Parse unsigned decimal 64 bit integer value */ +static int test_uint64(const char *value, uint64_t *pr) +{ + const char *p = value; + if (!*p) { + fprintf(stderr, "Invalid empty integer value\n"); + return -1; + } + *pr = 0; + while (*p) { + if (*pr > UINT64_MAX/10) { + fprintf(stderr, "Integer string overflow value=%s\n", value); + return -1; + } + *pr *= 10; + if (*p < '0' || *p > '9') { + fprintf(stderr, "Invalid integer string value=%s\n", value); + return -1; + } + *pr += *p - '0'; + p++; + } + return 1; +} +#endif + +/* Structure holding test information */ +struct evp_test { + /* file being read */ + BIO *in; + /* temp memory BIO for reading in keys */ + BIO *key; + /* List of public and private keys */ + struct key_list *private; + struct key_list *public; + /* method for this test */ + const struct evp_test_method *meth; + /* current line being processed */ + unsigned int line; + /* start line of current test */ + unsigned int start_line; + /* Error string for test */ + const char *err, *aux_err; + /* Expected error value of test */ + char *expected_err; + /* Expected error function string */ + char *func; + /* Expected error reason string */ + char *reason; + /* Number of tests */ + int ntests; + /* Error count */ + int errors; + /* Number of tests skipped */ + int nskip; + /* If output mismatch expected and got value */ + unsigned char *out_received; + size_t out_received_len; + unsigned char *out_expected; + size_t out_expected_len; + /* test specific data */ + void *data; + /* Current test should be skipped */ + int skip; +}; + +struct key_list { + char *name; + EVP_PKEY *key; + struct key_list *next; +}; + +/* Test method structure */ +struct evp_test_method { + /* Name of test as it appears in file */ + const char *name; + /* Initialise test for "alg" */ + int (*init) (struct evp_test * t, const char *alg); + /* Clean up method */ + void (*cleanup) (struct evp_test * t); + /* Test specific name value pair processing */ + int (*parse) (struct evp_test * t, const char *name, const char *value); + /* Run the test itself */ + int (*run_test) (struct evp_test * t); +}; + +static const struct evp_test_method digest_test_method, cipher_test_method; +static const struct evp_test_method mac_test_method; +static const struct evp_test_method psign_test_method, pverify_test_method; +static const struct evp_test_method pdecrypt_test_method; +static const struct evp_test_method pverify_recover_test_method; +static const struct evp_test_method pderive_test_method; +static const struct evp_test_method pbe_test_method; +static const struct evp_test_method encode_test_method; +static const struct evp_test_method kdf_test_method; +static const struct evp_test_method keypair_test_method; + +static const struct evp_test_method *evp_test_list[] = { + &digest_test_method, + &cipher_test_method, + &mac_test_method, + &psign_test_method, + &pverify_test_method, + &pdecrypt_test_method, + &pverify_recover_test_method, + &pderive_test_method, + &pbe_test_method, + &encode_test_method, + &kdf_test_method, + &keypair_test_method, + NULL +}; + +static const struct evp_test_method *evp_find_test(const char *name) +{ + const struct evp_test_method **tt; + + for (tt = evp_test_list; *tt; tt++) { + if (strcmp(name, (*tt)->name) == 0) + return *tt; + } + return NULL; +} + +static void hex_print(const char *name, const unsigned char *buf, size_t len) +{ + size_t i; + fprintf(stderr, "%s ", name); + for (i = 0; i < len; i++) + fprintf(stderr, "%02X", buf[i]); + fputs("\n", stderr); +} + +static void free_expected(struct evp_test *t) +{ + OPENSSL_free(t->expected_err); + t->expected_err = NULL; + OPENSSL_free(t->func); + t->func = NULL; + OPENSSL_free(t->reason); + t->reason = NULL; + OPENSSL_free(t->out_expected); + OPENSSL_free(t->out_received); + t->out_expected = NULL; + t->out_received = NULL; + t->out_expected_len = 0; + t->out_received_len = 0; + /* Literals. */ + t->err = NULL; +} + +static void print_expected(struct evp_test *t) +{ + if (t->out_expected == NULL && t->out_received == NULL) + return; + hex_print("Expected:", t->out_expected, t->out_expected_len); + hex_print("Got: ", t->out_received, t->out_received_len); + free_expected(t); +} + +static int check_test_error(struct evp_test *t) +{ + unsigned long err; + const char *func; + const char *reason; + if (!t->err && !t->expected_err) + return 1; + if (t->err && !t->expected_err) { + if (t->aux_err != NULL) { + fprintf(stderr, "Test line %d(%s): unexpected error %s\n", + t->start_line, t->aux_err, t->err); + } else { + fprintf(stderr, "Test line %d: unexpected error %s\n", + t->start_line, t->err); + } + print_expected(t); + return 0; + } + if (!t->err && t->expected_err) { + fprintf(stderr, "Test line %d: succeeded expecting %s\n", + t->start_line, t->expected_err); + return 0; + } + + if (strcmp(t->err, t->expected_err) != 0) { + fprintf(stderr, "Test line %d: expecting %s got %s\n", + t->start_line, t->expected_err, t->err); + return 0; + } + + if (t->func == NULL && t->reason == NULL) + return 1; + + if (t->func == NULL || t->reason == NULL) { + fprintf(stderr, "Test line %d: missing function or reason code\n", + t->start_line); + return 0; + } + + err = ERR_peek_error(); + if (err == 0) { + fprintf(stderr, "Test line %d, expected error \"%s:%s\" not set\n", + t->start_line, t->func, t->reason); + return 0; + } + + func = ERR_func_error_string(err); + reason = ERR_reason_error_string(err); + + if (func == NULL && reason == NULL) { + fprintf(stderr, "Test line %d: expected error \"%s:%s\", no strings available. Skipping...\n", + t->start_line, t->func, t->reason); + return 1; + } + + if (strcmp(func, t->func) == 0 && strcmp(reason, t->reason) == 0) + return 1; + + fprintf(stderr, "Test line %d: expected error \"%s:%s\", got \"%s:%s\"\n", + t->start_line, t->func, t->reason, func, reason); + + return 0; +} + +/* Setup a new test, run any existing test */ + +static int setup_test(struct evp_test *t, const struct evp_test_method *tmeth) +{ + /* If we already have a test set up run it */ + if (t->meth) { + t->ntests++; + if (t->skip) { + t->nskip++; + } else { + /* run the test */ + if (t->err == NULL && t->meth->run_test(t) != 1) { + fprintf(stderr, "%s test error line %d\n", + t->meth->name, t->start_line); + return 0; + } + if (!check_test_error(t)) { + if (t->err) + ERR_print_errors_fp(stderr); + t->errors++; + } + } + /* clean it up */ + ERR_clear_error(); + if (t->data != NULL) { + t->meth->cleanup(t); + OPENSSL_free(t->data); + t->data = NULL; + } + OPENSSL_free(t->expected_err); + t->expected_err = NULL; + free_expected(t); + } + t->meth = tmeth; + return 1; +} + +static int find_key(EVP_PKEY **ppk, const char *name, struct key_list *lst) +{ + for (; lst; lst = lst->next) { + if (strcmp(lst->name, name) == 0) { + if (ppk) + *ppk = lst->key; + return 1; + } + } + return 0; +} + +static void free_key_list(struct key_list *lst) +{ + while (lst != NULL) { + struct key_list *ltmp; + EVP_PKEY_free(lst->key); + OPENSSL_free(lst->name); + ltmp = lst->next; + OPENSSL_free(lst); + lst = ltmp; + } +} + +static int check_unsupported() +{ + long err = ERR_peek_error(); + if (ERR_GET_LIB(err) == ERR_LIB_EVP + && ERR_GET_REASON(err) == EVP_R_UNSUPPORTED_ALGORITHM) { + ERR_clear_error(); + return 1; + } +#ifndef OPENSSL_NO_EC + /* + * If EC support is enabled we should catch also EC_R_UNKNOWN_GROUP as an + * hint to an unsupported algorithm/curve (e.g. if binary EC support is + * disabled). + */ + if (ERR_GET_LIB(err) == ERR_LIB_EC + && ERR_GET_REASON(err) == EC_R_UNKNOWN_GROUP) { + ERR_clear_error(); + return 1; + } +#endif /* OPENSSL_NO_EC */ + return 0; +} + + +static int read_key(struct evp_test *t) +{ + char tmpbuf[80]; + if (t->key == NULL) + t->key = BIO_new(BIO_s_mem()); + else if (BIO_reset(t->key) <= 0) + return 0; + if (t->key == NULL) { + fprintf(stderr, "Error allocating key memory BIO\n"); + return 0; + } + /* Read to PEM end line and place content in memory BIO */ + while (BIO_gets(t->in, tmpbuf, sizeof(tmpbuf))) { + t->line++; + if (BIO_puts(t->key, tmpbuf) <= 0) { + fprintf(stderr, "Error writing to key memory BIO\n"); + return 0; + } + if (strncmp(tmpbuf, "-----END", 8) == 0) + return 1; + } + fprintf(stderr, "Can't find key end\n"); + return 0; +} + +static int process_test(struct evp_test *t, char *buf, int verbose) +{ + char *keyword = NULL, *value = NULL; + int rv = 0, add_key = 0; + struct key_list **lst = NULL, *key = NULL; + EVP_PKEY *pk = NULL; + const struct evp_test_method *tmeth = NULL; + if (verbose) + fputs(buf, stdout); + if (!parse_line(&keyword, &value, buf)) + return 1; + if (strcmp(keyword, "PrivateKey") == 0) { + if (!read_key(t)) + return 0; + pk = PEM_read_bio_PrivateKey(t->key, NULL, 0, NULL); + if (pk == NULL && !check_unsupported()) { + fprintf(stderr, "Error reading private key %s\n", value); + ERR_print_errors_fp(stderr); + return 0; + } + lst = &t->private; + add_key = 1; + } + if (strcmp(keyword, "PublicKey") == 0) { + if (!read_key(t)) + return 0; + pk = PEM_read_bio_PUBKEY(t->key, NULL, 0, NULL); + if (pk == NULL && !check_unsupported()) { + fprintf(stderr, "Error reading public key %s\n", value); + ERR_print_errors_fp(stderr); + return 0; + } + lst = &t->public; + add_key = 1; + } + /* If we have a key add to list */ + if (add_key) { + if (find_key(NULL, value, *lst)) { + fprintf(stderr, "Duplicate key %s\n", value); + return 0; + } + key = OPENSSL_malloc(sizeof(*key)); + if (!key) + return 0; + key->name = OPENSSL_strdup(value); + key->key = pk; + key->next = *lst; + *lst = key; + return 1; + } + + /* See if keyword corresponds to a test start */ + tmeth = evp_find_test(keyword); + if (tmeth) { + if (!setup_test(t, tmeth)) + return 0; + t->start_line = t->line; + t->skip = 0; + if (!tmeth->init(t, value)) { + fprintf(stderr, "Unknown %s: %s\n", keyword, value); + return 0; + } + return 1; + } else if (t->skip) { + return 1; + } else if (strcmp(keyword, "Result") == 0) { + if (t->expected_err) { + fprintf(stderr, "Line %d: multiple result lines\n", t->line); + return 0; + } + t->expected_err = OPENSSL_strdup(value); + if (t->expected_err == NULL) + return 0; + } else if (strcmp(keyword, "Function") == 0) { + if (t->func != NULL) { + fprintf(stderr, "Line %d: multiple function lines\n", t->line); + return 0; + } + t->func = OPENSSL_strdup(value); + if (t->func == NULL) + return 0; + } else if (strcmp(keyword, "Reason") == 0) { + if (t->reason != NULL) { + fprintf(stderr, "Line %d: multiple reason lines\n", t->line); + return 0; + } + t->reason = OPENSSL_strdup(value); + if (t->reason == NULL) + return 0; + } else { + /* Must be test specific line: try to parse it */ + if (t->meth) + rv = t->meth->parse(t, keyword, value); + + if (rv == 0) + fprintf(stderr, "line %d: unexpected keyword %s\n", + t->line, keyword); + + if (rv < 0) + fprintf(stderr, "line %d: error processing keyword %s\n", + t->line, keyword); + if (rv <= 0) + return 0; + } + return 1; +} + +static int check_var_length_output(struct evp_test *t, + const unsigned char *expected, + size_t expected_len, + const unsigned char *received, + size_t received_len) +{ + if (expected_len == received_len && + memcmp(expected, received, expected_len) == 0) { + return 0; + } + + /* The result printing code expects a non-NULL buffer. */ + t->out_expected = OPENSSL_memdup(expected, expected_len ? expected_len : 1); + t->out_expected_len = expected_len; + t->out_received = OPENSSL_memdup(received, received_len ? received_len : 1); + t->out_received_len = received_len; + if (t->out_expected == NULL || t->out_received == NULL) { + fprintf(stderr, "Memory allocation error!\n"); + exit(1); + } + return 1; +} + +static int check_output(struct evp_test *t, + const unsigned char *expected, + const unsigned char *received, + size_t len) +{ + return check_var_length_output(t, expected, len, received, len); +} + +int main(int argc, char **argv) +{ + BIO *in = NULL; + char buf[10240]; + struct evp_test t; + + if (argc != 2) { + fprintf(stderr, "usage: evp_test testfile.txt\n"); + return 1; + } + + CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON); + + memset(&t, 0, sizeof(t)); + t.start_line = -1; + in = BIO_new_file(argv[1], "rb"); + if (in == NULL) { + fprintf(stderr, "Can't open %s for reading\n", argv[1]); + return 1; + } + t.in = in; + t.err = NULL; + while (BIO_gets(in, buf, sizeof(buf))) { + t.line++; + if (!process_test(&t, buf, 0)) + exit(1); + } + /* Run any final test we have */ + if (!setup_test(&t, NULL)) + exit(1); + fprintf(stderr, "%d tests completed with %d errors, %d skipped\n", + t.ntests, t.errors, t.nskip); + free_key_list(t.public); + free_key_list(t.private); + BIO_free(t.key); + BIO_free(in); + +#ifndef OPENSSL_NO_CRYPTO_MDEBUG + if (CRYPTO_mem_leaks_fp(stderr) <= 0) + return 1; +#endif + if (t.errors) + return 1; + return 0; +} + +static void test_free(void *d) +{ + OPENSSL_free(d); +} + +/* Message digest tests */ + +struct digest_data { + /* Digest this test is for */ + const EVP_MD *digest; + /* Input to digest */ + unsigned char *input; + size_t input_len; + /* Repeat count for input */ + size_t nrpt; + /* Expected output */ + unsigned char *output; + size_t output_len; +}; + +static int digest_test_init(struct evp_test *t, const char *alg) +{ + const EVP_MD *digest; + struct digest_data *mdat; + digest = EVP_get_digestbyname(alg); + if (!digest) { + /* If alg has an OID assume disabled algorithm */ + if (OBJ_sn2nid(alg) != NID_undef || OBJ_ln2nid(alg) != NID_undef) { + t->skip = 1; + return 1; + } + return 0; + } + mdat = OPENSSL_malloc(sizeof(*mdat)); + mdat->digest = digest; + mdat->input = NULL; + mdat->output = NULL; + mdat->nrpt = 1; + t->data = mdat; + return 1; +} + +static void digest_test_cleanup(struct evp_test *t) +{ + struct digest_data *mdat = t->data; + test_free(mdat->input); + test_free(mdat->output); +} + +static int digest_test_parse(struct evp_test *t, + const char *keyword, const char *value) +{ + struct digest_data *mdata = t->data; + if (strcmp(keyword, "Input") == 0) + return test_bin(value, &mdata->input, &mdata->input_len); + if (strcmp(keyword, "Output") == 0) + return test_bin(value, &mdata->output, &mdata->output_len); + if (strcmp(keyword, "Count") == 0) { + long nrpt = atoi(value); + if (nrpt <= 0) + return 0; + mdata->nrpt = (size_t)nrpt; + return 1; + } + return 0; +} + +static int digest_test_run(struct evp_test *t) +{ + struct digest_data *mdata = t->data; + size_t i; + const char *err = "INTERNAL_ERROR"; + EVP_MD_CTX *mctx; + unsigned char md[EVP_MAX_MD_SIZE]; + unsigned int md_len; + mctx = EVP_MD_CTX_new(); + if (!mctx) + goto err; + err = "DIGESTINIT_ERROR"; + if (!EVP_DigestInit_ex(mctx, mdata->digest, NULL)) + goto err; + err = "DIGESTUPDATE_ERROR"; + for (i = 0; i < mdata->nrpt; i++) { + if (!EVP_DigestUpdate(mctx, mdata->input, mdata->input_len)) + goto err; + } + err = "DIGESTFINAL_ERROR"; + if (!EVP_DigestFinal(mctx, md, &md_len)) + goto err; + err = "DIGEST_LENGTH_MISMATCH"; + if (md_len != mdata->output_len) + goto err; + err = "DIGEST_MISMATCH"; + if (check_output(t, mdata->output, md, md_len)) + goto err; + err = NULL; + err: + EVP_MD_CTX_free(mctx); + t->err = err; + return 1; +} + +static const struct evp_test_method digest_test_method = { + "Digest", + digest_test_init, + digest_test_cleanup, + digest_test_parse, + digest_test_run +}; + +/* Cipher tests */ +struct cipher_data { + const EVP_CIPHER *cipher; + int enc; + /* EVP_CIPH_GCM_MODE, EVP_CIPH_CCM_MODE or EVP_CIPH_OCB_MODE if AEAD */ + int aead; + unsigned char *key; + size_t key_len; + unsigned char *iv; + size_t iv_len; + unsigned char *plaintext; + size_t plaintext_len; + unsigned char *ciphertext; + size_t ciphertext_len; + /* GCM, CCM only */ + unsigned char *aad; + size_t aad_len; + unsigned char *tag; + size_t tag_len; +}; + +static int cipher_test_init(struct evp_test *t, const char *alg) +{ + const EVP_CIPHER *cipher; + struct cipher_data *cdat = t->data; + cipher = EVP_get_cipherbyname(alg); + if (!cipher) { + /* If alg has an OID assume disabled algorithm */ + if (OBJ_sn2nid(alg) != NID_undef || OBJ_ln2nid(alg) != NID_undef) { + t->skip = 1; + return 1; + } + return 0; + } + cdat = OPENSSL_malloc(sizeof(*cdat)); + cdat->cipher = cipher; + cdat->enc = -1; + cdat->key = NULL; + cdat->iv = NULL; + cdat->ciphertext = NULL; + cdat->plaintext = NULL; + cdat->aad = NULL; + cdat->tag = NULL; + t->data = cdat; + if (EVP_CIPHER_mode(cipher) == EVP_CIPH_GCM_MODE + || EVP_CIPHER_mode(cipher) == EVP_CIPH_OCB_MODE + || EVP_CIPHER_mode(cipher) == EVP_CIPH_CCM_MODE) + cdat->aead = EVP_CIPHER_mode(cipher); + else if (EVP_CIPHER_flags(cipher) & EVP_CIPH_FLAG_AEAD_CIPHER) + cdat->aead = -1; + else + cdat->aead = 0; + + return 1; +} + +static void cipher_test_cleanup(struct evp_test *t) +{ + struct cipher_data *cdat = t->data; + test_free(cdat->key); + test_free(cdat->iv); + test_free(cdat->ciphertext); + test_free(cdat->plaintext); + test_free(cdat->aad); + test_free(cdat->tag); +} + +static int cipher_test_parse(struct evp_test *t, const char *keyword, + const char *value) +{ + struct cipher_data *cdat = t->data; + if (strcmp(keyword, "Key") == 0) + return test_bin(value, &cdat->key, &cdat->key_len); + if (strcmp(keyword, "IV") == 0) + return test_bin(value, &cdat->iv, &cdat->iv_len); + if (strcmp(keyword, "Plaintext") == 0) + return test_bin(value, &cdat->plaintext, &cdat->plaintext_len); + if (strcmp(keyword, "Ciphertext") == 0) + return test_bin(value, &cdat->ciphertext, &cdat->ciphertext_len); + if (cdat->aead) { + if (strcmp(keyword, "AAD") == 0) + return test_bin(value, &cdat->aad, &cdat->aad_len); + if (strcmp(keyword, "Tag") == 0) + return test_bin(value, &cdat->tag, &cdat->tag_len); + } + + if (strcmp(keyword, "Operation") == 0) { + if (strcmp(value, "ENCRYPT") == 0) + cdat->enc = 1; + else if (strcmp(value, "DECRYPT") == 0) + cdat->enc = 0; + else + return 0; + return 1; + } + return 0; +} + +static int cipher_test_enc(struct evp_test *t, int enc, + size_t out_misalign, size_t inp_misalign, int frag) +{ + struct cipher_data *cdat = t->data; + unsigned char *in, *out, *tmp = NULL; + size_t in_len, out_len, donelen = 0; + int tmplen, chunklen, tmpflen; + EVP_CIPHER_CTX *ctx = NULL; + const char *err; + err = "INTERNAL_ERROR"; + ctx = EVP_CIPHER_CTX_new(); + if (!ctx) + goto err; + EVP_CIPHER_CTX_set_flags(ctx, EVP_CIPHER_CTX_FLAG_WRAP_ALLOW); + if (enc) { + in = cdat->plaintext; + in_len = cdat->plaintext_len; + out = cdat->ciphertext; + out_len = cdat->ciphertext_len; + } else { + in = cdat->ciphertext; + in_len = cdat->ciphertext_len; + out = cdat->plaintext; + out_len = cdat->plaintext_len; + } + if (inp_misalign == (size_t)-1) { + /* + * Exercise in-place encryption + */ + tmp = OPENSSL_malloc(out_misalign + in_len + 2 * EVP_MAX_BLOCK_LENGTH); + if (!tmp) + goto err; + in = memcpy(tmp + out_misalign, in, in_len); + } else { + inp_misalign += 16 - ((out_misalign + in_len) & 15); + /* + * 'tmp' will store both output and copy of input. We make the copy + * of input to specifically aligned part of 'tmp'. So we just + * figured out how much padding would ensure the required alignment, + * now we allocate extended buffer and finally copy the input just + * past inp_misalign in expression below. Output will be written + * past out_misalign... + */ + tmp = OPENSSL_malloc(out_misalign + in_len + 2 * EVP_MAX_BLOCK_LENGTH + + inp_misalign + in_len); + if (!tmp) + goto err; + in = memcpy(tmp + out_misalign + in_len + 2 * EVP_MAX_BLOCK_LENGTH + + inp_misalign, in, in_len); + } + err = "CIPHERINIT_ERROR"; + if (!EVP_CipherInit_ex(ctx, cdat->cipher, NULL, NULL, NULL, enc)) + goto err; + err = "INVALID_IV_LENGTH"; + if (cdat->iv) { + if (cdat->aead) { + if (!EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_IVLEN, + cdat->iv_len, 0)) + goto err; + } else if (cdat->iv_len != (size_t)EVP_CIPHER_CTX_iv_length(ctx)) + goto err; + } + if (cdat->aead) { + unsigned char *tag; + /* + * If encrypting or OCB just set tag length initially, otherwise + * set tag length and value. + */ + if (enc || cdat->aead == EVP_CIPH_OCB_MODE) { + err = "TAG_LENGTH_SET_ERROR"; + tag = NULL; + } else { + err = "TAG_SET_ERROR"; + tag = cdat->tag; + } + if (tag || cdat->aead != EVP_CIPH_GCM_MODE) { + if (!EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_TAG, + cdat->tag_len, tag)) + goto err; + } + } + + err = "INVALID_KEY_LENGTH"; + if (!EVP_CIPHER_CTX_set_key_length(ctx, cdat->key_len)) + goto err; + err = "KEY_SET_ERROR"; + if (!EVP_CipherInit_ex(ctx, NULL, NULL, cdat->key, cdat->iv, -1)) + goto err; + + if (!enc && cdat->aead == EVP_CIPH_OCB_MODE) { + if (!EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_TAG, + cdat->tag_len, cdat->tag)) { + err = "TAG_SET_ERROR"; + goto err; + } + } + + if (cdat->aead == EVP_CIPH_CCM_MODE) { + if (!EVP_CipherUpdate(ctx, NULL, &tmplen, NULL, out_len)) { + err = "CCM_PLAINTEXT_LENGTH_SET_ERROR"; + goto err; + } + } + if (cdat->aad) { + err = "AAD_SET_ERROR"; + if (!frag) { + if (!EVP_CipherUpdate(ctx, NULL, &chunklen, cdat->aad, + cdat->aad_len)) + goto err; + } else { + /* + * Supply the AAD in chunks less than the block size where possible + */ + if (cdat->aad_len > 0) { + if (!EVP_CipherUpdate(ctx, NULL, &chunklen, cdat->aad, 1)) + goto err; + donelen++; + } + if (cdat->aad_len > 2) { + if (!EVP_CipherUpdate(ctx, NULL, &chunklen, cdat->aad + donelen, + cdat->aad_len - 2)) + goto err; + donelen += cdat->aad_len - 2; + } + if (cdat->aad_len > 1 + && !EVP_CipherUpdate(ctx, NULL, &chunklen, + cdat->aad + donelen, 1)) + goto err; + } + } + EVP_CIPHER_CTX_set_padding(ctx, 0); + err = "CIPHERUPDATE_ERROR"; + tmplen = 0; + if (!frag) { + /* We supply the data all in one go */ + if (!EVP_CipherUpdate(ctx, tmp + out_misalign, &tmplen, in, in_len)) + goto err; + } else { + /* Supply the data in chunks less than the block size where possible */ + if (in_len > 0) { + if (!EVP_CipherUpdate(ctx, tmp + out_misalign, &chunklen, in, 1)) + goto err; + tmplen += chunklen; + in++; + in_len--; + } + if (in_len > 1) { + if (!EVP_CipherUpdate(ctx, tmp + out_misalign + tmplen, &chunklen, + in, in_len - 1)) + goto err; + tmplen += chunklen; + in += in_len - 1; + in_len = 1; + } + if (in_len > 0 ) { + if (!EVP_CipherUpdate(ctx, tmp + out_misalign + tmplen, &chunklen, + in, 1)) + goto err; + tmplen += chunklen; + } + } + if (cdat->aead == EVP_CIPH_CCM_MODE) + tmpflen = 0; + else { + err = "CIPHERFINAL_ERROR"; + if (!EVP_CipherFinal_ex(ctx, tmp + out_misalign + tmplen, &tmpflen)) + goto err; + } + err = "LENGTH_MISMATCH"; + if (out_len != (size_t)(tmplen + tmpflen)) + goto err; + err = "VALUE_MISMATCH"; + if (check_output(t, out, tmp + out_misalign, out_len)) + goto err; + if (enc && cdat->aead) { + unsigned char rtag[16]; + if (cdat->tag_len > sizeof(rtag)) { + err = "TAG_LENGTH_INTERNAL_ERROR"; + goto err; + } + if (!EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_GET_TAG, + cdat->tag_len, rtag)) { + err = "TAG_RETRIEVE_ERROR"; + goto err; + } + if (check_output(t, cdat->tag, rtag, cdat->tag_len)) { + err = "TAG_VALUE_MISMATCH"; + goto err; + } + } + err = NULL; + err: + OPENSSL_free(tmp); + EVP_CIPHER_CTX_free(ctx); + t->err = err; + return err ? 0 : 1; +} + +static int cipher_test_run(struct evp_test *t) +{ + struct cipher_data *cdat = t->data; + int rv, frag = 0; + size_t out_misalign, inp_misalign; + + if (!cdat->key) { + t->err = "NO_KEY"; + return 0; + } + if (!cdat->iv && EVP_CIPHER_iv_length(cdat->cipher)) { + /* IV is optional and usually omitted in wrap mode */ + if (EVP_CIPHER_mode(cdat->cipher) != EVP_CIPH_WRAP_MODE) { + t->err = "NO_IV"; + return 0; + } + } + if (cdat->aead && !cdat->tag) { + t->err = "NO_TAG"; + return 0; + } + for (out_misalign = 0; out_misalign <= 1;) { + static char aux_err[64]; + t->aux_err = aux_err; + for (inp_misalign = (size_t)-1; inp_misalign != 2; inp_misalign++) { + if (inp_misalign == (size_t)-1) { + /* kludge: inp_misalign == -1 means "exercise in-place" */ + BIO_snprintf(aux_err, sizeof(aux_err), + "%s in-place, %sfragmented", + out_misalign ? "misaligned" : "aligned", + frag ? "" : "not "); + } else { + BIO_snprintf(aux_err, sizeof(aux_err), + "%s output and %s input, %sfragmented", + out_misalign ? "misaligned" : "aligned", + inp_misalign ? "misaligned" : "aligned", + frag ? "" : "not "); + } + if (cdat->enc) { + rv = cipher_test_enc(t, 1, out_misalign, inp_misalign, frag); + /* Not fatal errors: return */ + if (rv != 1) { + if (rv < 0) + return 0; + return 1; + } + } + if (cdat->enc != 1) { + rv = cipher_test_enc(t, 0, out_misalign, inp_misalign, frag); + /* Not fatal errors: return */ + if (rv != 1) { + if (rv < 0) + return 0; + return 1; + } + } + } + + if (out_misalign == 1 && frag == 0) { + /* + * XTS, CCM and Wrap modes have special requirements about input + * lengths so we don't fragment for those + */ + if (cdat->aead == EVP_CIPH_CCM_MODE + || EVP_CIPHER_mode(cdat->cipher) == EVP_CIPH_XTS_MODE + || EVP_CIPHER_mode(cdat->cipher) == EVP_CIPH_WRAP_MODE) + break; + out_misalign = 0; + frag++; + } else { + out_misalign++; + } + } + t->aux_err = NULL; + + return 1; +} + +static const struct evp_test_method cipher_test_method = { + "Cipher", + cipher_test_init, + cipher_test_cleanup, + cipher_test_parse, + cipher_test_run +}; + +struct mac_data { + /* MAC type */ + int type; + /* Algorithm string for this MAC */ + char *alg; + /* MAC key */ + unsigned char *key; + size_t key_len; + /* Input to MAC */ + unsigned char *input; + size_t input_len; + /* Expected output */ + unsigned char *output; + size_t output_len; +}; + +static int mac_test_init(struct evp_test *t, const char *alg) +{ + int type; + struct mac_data *mdat; + if (strcmp(alg, "HMAC") == 0) { + type = EVP_PKEY_HMAC; + } else if (strcmp(alg, "CMAC") == 0) { +#ifndef OPENSSL_NO_CMAC + type = EVP_PKEY_CMAC; +#else + t->skip = 1; + return 1; +#endif + } else + return 0; + + mdat = OPENSSL_malloc(sizeof(*mdat)); + mdat->type = type; + mdat->alg = NULL; + mdat->key = NULL; + mdat->input = NULL; + mdat->output = NULL; + t->data = mdat; + return 1; +} + +static void mac_test_cleanup(struct evp_test *t) +{ + struct mac_data *mdat = t->data; + test_free(mdat->alg); + test_free(mdat->key); + test_free(mdat->input); + test_free(mdat->output); +} + +static int mac_test_parse(struct evp_test *t, + const char *keyword, const char *value) +{ + struct mac_data *mdata = t->data; + if (strcmp(keyword, "Key") == 0) + return test_bin(value, &mdata->key, &mdata->key_len); + if (strcmp(keyword, "Algorithm") == 0) { + mdata->alg = OPENSSL_strdup(value); + if (!mdata->alg) + return 0; + return 1; + } + if (strcmp(keyword, "Input") == 0) + return test_bin(value, &mdata->input, &mdata->input_len); + if (strcmp(keyword, "Output") == 0) + return test_bin(value, &mdata->output, &mdata->output_len); + return 0; +} + +static int mac_test_run(struct evp_test *t) +{ + struct mac_data *mdata = t->data; + const char *err = "INTERNAL_ERROR"; + EVP_MD_CTX *mctx = NULL; + EVP_PKEY_CTX *pctx = NULL, *genctx = NULL; + EVP_PKEY *key = NULL; + const EVP_MD *md = NULL; + unsigned char *mac = NULL; + size_t mac_len; + +#ifdef OPENSSL_NO_DES + if (mdata->alg != NULL && strstr(mdata->alg, "DES") != NULL) { + /* Skip DES */ + err = NULL; + goto err; + } +#endif + + err = "MAC_PKEY_CTX_ERROR"; + genctx = EVP_PKEY_CTX_new_id(mdata->type, NULL); + if (!genctx) + goto err; + + err = "MAC_KEYGEN_INIT_ERROR"; + if (EVP_PKEY_keygen_init(genctx) <= 0) + goto err; + if (mdata->type == EVP_PKEY_CMAC) { + err = "MAC_ALGORITHM_SET_ERROR"; + if (EVP_PKEY_CTX_ctrl_str(genctx, "cipher", mdata->alg) <= 0) + goto err; + } + + err = "MAC_KEY_SET_ERROR"; + if (EVP_PKEY_CTX_set_mac_key(genctx, mdata->key, mdata->key_len) <= 0) + goto err; + + err = "MAC_KEY_GENERATE_ERROR"; + if (EVP_PKEY_keygen(genctx, &key) <= 0) + goto err; + if (mdata->type == EVP_PKEY_HMAC) { + err = "MAC_ALGORITHM_SET_ERROR"; + md = EVP_get_digestbyname(mdata->alg); + if (!md) + goto err; + } + mctx = EVP_MD_CTX_new(); + if (!mctx) + goto err; + err = "DIGESTSIGNINIT_ERROR"; + if (!EVP_DigestSignInit(mctx, &pctx, md, NULL, key)) + goto err; + + err = "DIGESTSIGNUPDATE_ERROR"; + if (!EVP_DigestSignUpdate(mctx, mdata->input, mdata->input_len)) + goto err; + err = "DIGESTSIGNFINAL_LENGTH_ERROR"; + if (!EVP_DigestSignFinal(mctx, NULL, &mac_len)) + goto err; + mac = OPENSSL_malloc(mac_len); + if (!mac) { + fprintf(stderr, "Error allocating mac buffer!\n"); + exit(1); + } + if (!EVP_DigestSignFinal(mctx, mac, &mac_len)) + goto err; + err = "MAC_LENGTH_MISMATCH"; + if (mac_len != mdata->output_len) + goto err; + err = "MAC_MISMATCH"; + if (check_output(t, mdata->output, mac, mac_len)) + goto err; + err = NULL; + err: + EVP_MD_CTX_free(mctx); + OPENSSL_free(mac); + EVP_PKEY_CTX_free(genctx); + EVP_PKEY_free(key); + t->err = err; + return 1; +} + +static const struct evp_test_method mac_test_method = { + "MAC", + mac_test_init, + mac_test_cleanup, + mac_test_parse, + mac_test_run +}; + +/* + * Public key operations. These are all very similar and can share + * a lot of common code. + */ + +struct pkey_data { + /* Context for this operation */ + EVP_PKEY_CTX *ctx; + /* Key operation to perform */ + int (*keyop) (EVP_PKEY_CTX *ctx, + unsigned char *sig, size_t *siglen, + const unsigned char *tbs, size_t tbslen); + /* Input to MAC */ + unsigned char *input; + size_t input_len; + /* Expected output */ + unsigned char *output; + size_t output_len; +}; + +/* + * Perform public key operation setup: lookup key, allocated ctx and call + * the appropriate initialisation function + */ +static int pkey_test_init(struct evp_test *t, const char *name, + int use_public, + int (*keyopinit) (EVP_PKEY_CTX *ctx), + int (*keyop) (EVP_PKEY_CTX *ctx, + unsigned char *sig, size_t *siglen, + const unsigned char *tbs, + size_t tbslen) + ) +{ + struct pkey_data *kdata; + EVP_PKEY *pkey = NULL; + int rv = 0; + if (use_public) + rv = find_key(&pkey, name, t->public); + if (!rv) + rv = find_key(&pkey, name, t->private); + if (!rv || pkey == NULL) { + t->skip = 1; + return 1; + } + + kdata = OPENSSL_malloc(sizeof(*kdata)); + if (!kdata) { + EVP_PKEY_free(pkey); + return 0; + } + kdata->ctx = NULL; + kdata->input = NULL; + kdata->output = NULL; + kdata->keyop = keyop; + t->data = kdata; + kdata->ctx = EVP_PKEY_CTX_new(pkey, NULL); + if (!kdata->ctx) + return 0; + if (keyopinit(kdata->ctx) <= 0) + t->err = "KEYOP_INIT_ERROR"; + return 1; +} + +static void pkey_test_cleanup(struct evp_test *t) +{ + struct pkey_data *kdata = t->data; + + OPENSSL_free(kdata->input); + OPENSSL_free(kdata->output); + EVP_PKEY_CTX_free(kdata->ctx); +} + +static int pkey_test_ctrl(struct evp_test *t, EVP_PKEY_CTX *pctx, + const char *value) +{ + int rv; + char *p, *tmpval; + + tmpval = OPENSSL_strdup(value); + if (tmpval == NULL) + return 0; + p = strchr(tmpval, ':'); + if (p != NULL) + *p++ = 0; + rv = EVP_PKEY_CTX_ctrl_str(pctx, tmpval, p); + if (rv == -2) { + t->err = "PKEY_CTRL_INVALID"; + rv = 1; + } else if (p != NULL && rv <= 0) { + /* If p has an OID and lookup fails assume disabled algorithm */ + int nid = OBJ_sn2nid(p); + if (nid == NID_undef) + nid = OBJ_ln2nid(p); + if ((nid != NID_undef) && EVP_get_digestbynid(nid) == NULL && + EVP_get_cipherbynid(nid) == NULL) { + t->skip = 1; + rv = 1; + } else { + t->err = "PKEY_CTRL_ERROR"; + rv = 1; + } + } + OPENSSL_free(tmpval); + return rv > 0; +} + +static int pkey_test_parse(struct evp_test *t, + const char *keyword, const char *value) +{ + struct pkey_data *kdata = t->data; + if (strcmp(keyword, "Input") == 0) + return test_bin(value, &kdata->input, &kdata->input_len); + if (strcmp(keyword, "Output") == 0) + return test_bin(value, &kdata->output, &kdata->output_len); + if (strcmp(keyword, "Ctrl") == 0) + return pkey_test_ctrl(t, kdata->ctx, value); + return 0; +} + +static int pkey_test_run(struct evp_test *t) +{ + struct pkey_data *kdata = t->data; + unsigned char *out = NULL; + size_t out_len; + const char *err = "KEYOP_LENGTH_ERROR"; + if (kdata->keyop(kdata->ctx, NULL, &out_len, kdata->input, + kdata->input_len) <= 0) + goto err; + out = OPENSSL_malloc(out_len); + if (!out) { + fprintf(stderr, "Error allocating output buffer!\n"); + exit(1); + } + err = "KEYOP_ERROR"; + if (kdata->keyop + (kdata->ctx, out, &out_len, kdata->input, kdata->input_len) <= 0) + goto err; + err = "KEYOP_LENGTH_MISMATCH"; + if (out_len != kdata->output_len) + goto err; + err = "KEYOP_MISMATCH"; + if (check_output(t, kdata->output, out, out_len)) + goto err; + err = NULL; + err: + OPENSSL_free(out); + t->err = err; + return 1; +} + +static int sign_test_init(struct evp_test *t, const char *name) +{ + return pkey_test_init(t, name, 0, EVP_PKEY_sign_init, EVP_PKEY_sign); +} + +static const struct evp_test_method psign_test_method = { + "Sign", + sign_test_init, + pkey_test_cleanup, + pkey_test_parse, + pkey_test_run +}; + +static int verify_recover_test_init(struct evp_test *t, const char *name) +{ + return pkey_test_init(t, name, 1, EVP_PKEY_verify_recover_init, + EVP_PKEY_verify_recover); +} + +static const struct evp_test_method pverify_recover_test_method = { + "VerifyRecover", + verify_recover_test_init, + pkey_test_cleanup, + pkey_test_parse, + pkey_test_run +}; + +static int decrypt_test_init(struct evp_test *t, const char *name) +{ + return pkey_test_init(t, name, 0, EVP_PKEY_decrypt_init, + EVP_PKEY_decrypt); +} + +static const struct evp_test_method pdecrypt_test_method = { + "Decrypt", + decrypt_test_init, + pkey_test_cleanup, + pkey_test_parse, + pkey_test_run +}; + +static int verify_test_init(struct evp_test *t, const char *name) +{ + return pkey_test_init(t, name, 1, EVP_PKEY_verify_init, 0); +} + +static int verify_test_run(struct evp_test *t) +{ + struct pkey_data *kdata = t->data; + if (EVP_PKEY_verify(kdata->ctx, kdata->output, kdata->output_len, + kdata->input, kdata->input_len) <= 0) + t->err = "VERIFY_ERROR"; + return 1; +} + +static const struct evp_test_method pverify_test_method = { + "Verify", + verify_test_init, + pkey_test_cleanup, + pkey_test_parse, + verify_test_run +}; + + +static int pderive_test_init(struct evp_test *t, const char *name) +{ + return pkey_test_init(t, name, 0, EVP_PKEY_derive_init, 0); +} + +static int pderive_test_parse(struct evp_test *t, + const char *keyword, const char *value) +{ + struct pkey_data *kdata = t->data; + + if (strcmp(keyword, "PeerKey") == 0) { + EVP_PKEY *peer; + if (find_key(&peer, value, t->public) == 0) + return 0; + if (EVP_PKEY_derive_set_peer(kdata->ctx, peer) <= 0) + return 0; + return 1; + } + if (strcmp(keyword, "SharedSecret") == 0) + return test_bin(value, &kdata->output, &kdata->output_len); + if (strcmp(keyword, "Ctrl") == 0) + return pkey_test_ctrl(t, kdata->ctx, value); + return 0; +} + +static int pderive_test_run(struct evp_test *t) +{ + struct pkey_data *kdata = t->data; + unsigned char *out = NULL; + size_t out_len; + const char *err = "INTERNAL_ERROR"; + + out_len = kdata->output_len; + out = OPENSSL_malloc(out_len); + if (!out) { + fprintf(stderr, "Error allocating output buffer!\n"); + exit(1); + } + err = "DERIVE_ERROR"; + if (EVP_PKEY_derive(kdata->ctx, out, &out_len) <= 0) + goto err; + err = "SHARED_SECRET_LENGTH_MISMATCH"; + if (out_len != kdata->output_len) + goto err; + err = "SHARED_SECRET_MISMATCH"; + if (check_output(t, kdata->output, out, out_len)) + goto err; + err = NULL; + err: + OPENSSL_free(out); + t->err = err; + return 1; +} + +static const struct evp_test_method pderive_test_method = { + "Derive", + pderive_test_init, + pkey_test_cleanup, + pderive_test_parse, + pderive_test_run +}; + +/* PBE tests */ + +#define PBE_TYPE_SCRYPT 1 +#define PBE_TYPE_PBKDF2 2 +#define PBE_TYPE_PKCS12 3 + +struct pbe_data { + + int pbe_type; + + /* scrypt parameters */ + uint64_t N, r, p, maxmem; + + /* PKCS#12 parameters */ + int id, iter; + const EVP_MD *md; + + /* password */ + unsigned char *pass; + size_t pass_len; + + /* salt */ + unsigned char *salt; + size_t salt_len; + + /* Expected output */ + unsigned char *key; + size_t key_len; +}; + +#ifndef OPENSSL_NO_SCRYPT +static int scrypt_test_parse(struct evp_test *t, + const char *keyword, const char *value) +{ + struct pbe_data *pdata = t->data; + + if (strcmp(keyword, "N") == 0) + return test_uint64(value, &pdata->N); + if (strcmp(keyword, "p") == 0) + return test_uint64(value, &pdata->p); + if (strcmp(keyword, "r") == 0) + return test_uint64(value, &pdata->r); + if (strcmp(keyword, "maxmem") == 0) + return test_uint64(value, &pdata->maxmem); + return 0; +} +#endif + +static int pbkdf2_test_parse(struct evp_test *t, + const char *keyword, const char *value) +{ + struct pbe_data *pdata = t->data; + + if (strcmp(keyword, "iter") == 0) { + pdata->iter = atoi(value); + if (pdata->iter <= 0) + return 0; + return 1; + } + if (strcmp(keyword, "MD") == 0) { + pdata->md = EVP_get_digestbyname(value); + if (pdata->md == NULL) + return 0; + return 1; + } + return 0; +} + +static int pkcs12_test_parse(struct evp_test *t, + const char *keyword, const char *value) +{ + struct pbe_data *pdata = t->data; + + if (strcmp(keyword, "id") == 0) { + pdata->id = atoi(value); + if (pdata->id <= 0) + return 0; + return 1; + } + return pbkdf2_test_parse(t, keyword, value); +} + +static int pbe_test_init(struct evp_test *t, const char *alg) +{ + struct pbe_data *pdat; + int pbe_type = 0; + + if (strcmp(alg, "scrypt") == 0) { +#ifndef OPENSSL_NO_SCRYPT + pbe_type = PBE_TYPE_SCRYPT; +#else + t->skip = 1; + return 1; +#endif + } else if (strcmp(alg, "pbkdf2") == 0) { + pbe_type = PBE_TYPE_PBKDF2; + } else if (strcmp(alg, "pkcs12") == 0) { + pbe_type = PBE_TYPE_PKCS12; + } else { + fprintf(stderr, "Unknown pbe algorithm %s\n", alg); + } + pdat = OPENSSL_malloc(sizeof(*pdat)); + pdat->pbe_type = pbe_type; + pdat->pass = NULL; + pdat->salt = NULL; + pdat->N = 0; + pdat->r = 0; + pdat->p = 0; + pdat->maxmem = 0; + pdat->id = 0; + pdat->iter = 0; + pdat->md = NULL; + t->data = pdat; + return 1; +} + +static void pbe_test_cleanup(struct evp_test *t) +{ + struct pbe_data *pdat = t->data; + test_free(pdat->pass); + test_free(pdat->salt); + test_free(pdat->key); +} + +static int pbe_test_parse(struct evp_test *t, + const char *keyword, const char *value) +{ + struct pbe_data *pdata = t->data; + + if (strcmp(keyword, "Password") == 0) + return test_bin(value, &pdata->pass, &pdata->pass_len); + if (strcmp(keyword, "Salt") == 0) + return test_bin(value, &pdata->salt, &pdata->salt_len); + if (strcmp(keyword, "Key") == 0) + return test_bin(value, &pdata->key, &pdata->key_len); + if (pdata->pbe_type == PBE_TYPE_PBKDF2) + return pbkdf2_test_parse(t, keyword, value); + else if (pdata->pbe_type == PBE_TYPE_PKCS12) + return pkcs12_test_parse(t, keyword, value); +#ifndef OPENSSL_NO_SCRYPT + else if (pdata->pbe_type == PBE_TYPE_SCRYPT) + return scrypt_test_parse(t, keyword, value); +#endif + return 0; +} + +static int pbe_test_run(struct evp_test *t) +{ + struct pbe_data *pdata = t->data; + const char *err = "INTERNAL_ERROR"; + unsigned char *key; + + key = OPENSSL_malloc(pdata->key_len); + if (!key) + goto err; + if (pdata->pbe_type == PBE_TYPE_PBKDF2) { + err = "PBKDF2_ERROR"; + if (PKCS5_PBKDF2_HMAC((char *)pdata->pass, pdata->pass_len, + pdata->salt, pdata->salt_len, + pdata->iter, pdata->md, + pdata->key_len, key) == 0) + goto err; +#ifndef OPENSSL_NO_SCRYPT + } else if (pdata->pbe_type == PBE_TYPE_SCRYPT) { + err = "SCRYPT_ERROR"; + if (EVP_PBE_scrypt((const char *)pdata->pass, pdata->pass_len, + pdata->salt, pdata->salt_len, + pdata->N, pdata->r, pdata->p, pdata->maxmem, + key, pdata->key_len) == 0) + goto err; +#endif + } else if (pdata->pbe_type == PBE_TYPE_PKCS12) { + err = "PKCS12_ERROR"; + if (PKCS12_key_gen_uni(pdata->pass, pdata->pass_len, + pdata->salt, pdata->salt_len, + pdata->id, pdata->iter, pdata->key_len, + key, pdata->md) == 0) + goto err; + } + err = "KEY_MISMATCH"; + if (check_output(t, pdata->key, key, pdata->key_len)) + goto err; + err = NULL; + err: + OPENSSL_free(key); + t->err = err; + return 1; +} + +static const struct evp_test_method pbe_test_method = { + "PBE", + pbe_test_init, + pbe_test_cleanup, + pbe_test_parse, + pbe_test_run +}; + +/* Base64 tests */ + +typedef enum { + BASE64_CANONICAL_ENCODING = 0, + BASE64_VALID_ENCODING = 1, + BASE64_INVALID_ENCODING = 2 +} base64_encoding_type; + +struct encode_data { + /* Input to encoding */ + unsigned char *input; + size_t input_len; + /* Expected output */ + unsigned char *output; + size_t output_len; + base64_encoding_type encoding; +}; + +static int encode_test_init(struct evp_test *t, const char *encoding) +{ + struct encode_data *edata = OPENSSL_zalloc(sizeof(*edata)); + + if (strcmp(encoding, "canonical") == 0) { + edata->encoding = BASE64_CANONICAL_ENCODING; + } else if (strcmp(encoding, "valid") == 0) { + edata->encoding = BASE64_VALID_ENCODING; + } else if (strcmp(encoding, "invalid") == 0) { + edata->encoding = BASE64_INVALID_ENCODING; + t->expected_err = OPENSSL_strdup("DECODE_ERROR"); + if (t->expected_err == NULL) + return 0; + } else { + fprintf(stderr, "Bad encoding: %s. Should be one of " + "{canonical, valid, invalid}\n", encoding); + return 0; + } + t->data = edata; + return 1; +} + +static void encode_test_cleanup(struct evp_test *t) +{ + struct encode_data *edata = t->data; + test_free(edata->input); + test_free(edata->output); + memset(edata, 0, sizeof(*edata)); +} + +static int encode_test_parse(struct evp_test *t, + const char *keyword, const char *value) +{ + struct encode_data *edata = t->data; + if (strcmp(keyword, "Input") == 0) + return test_bin(value, &edata->input, &edata->input_len); + if (strcmp(keyword, "Output") == 0) + return test_bin(value, &edata->output, &edata->output_len); + return 0; +} + +static int encode_test_run(struct evp_test *t) +{ + struct encode_data *edata = t->data; + unsigned char *encode_out = NULL, *decode_out = NULL; + int output_len, chunk_len; + const char *err = "INTERNAL_ERROR"; + EVP_ENCODE_CTX *decode_ctx = EVP_ENCODE_CTX_new(); + + if (decode_ctx == NULL) + goto err; + + if (edata->encoding == BASE64_CANONICAL_ENCODING) { + EVP_ENCODE_CTX *encode_ctx = EVP_ENCODE_CTX_new(); + if (encode_ctx == NULL) + goto err; + encode_out = OPENSSL_malloc(EVP_ENCODE_LENGTH(edata->input_len)); + if (encode_out == NULL) + goto err; + + EVP_EncodeInit(encode_ctx); + EVP_EncodeUpdate(encode_ctx, encode_out, &chunk_len, + edata->input, edata->input_len); + output_len = chunk_len; + + EVP_EncodeFinal(encode_ctx, encode_out + chunk_len, &chunk_len); + output_len += chunk_len; + + EVP_ENCODE_CTX_free(encode_ctx); + + if (check_var_length_output(t, edata->output, edata->output_len, + encode_out, output_len)) { + err = "BAD_ENCODING"; + goto err; + } + } + + decode_out = OPENSSL_malloc(EVP_DECODE_LENGTH(edata->output_len)); + if (decode_out == NULL) + goto err; + + EVP_DecodeInit(decode_ctx); + if (EVP_DecodeUpdate(decode_ctx, decode_out, &chunk_len, edata->output, + edata->output_len) < 0) { + err = "DECODE_ERROR"; + goto err; + } + output_len = chunk_len; + + if (EVP_DecodeFinal(decode_ctx, decode_out + chunk_len, &chunk_len) != 1) { + err = "DECODE_ERROR"; + goto err; + } + output_len += chunk_len; + + if (edata->encoding != BASE64_INVALID_ENCODING && + check_var_length_output(t, edata->input, edata->input_len, + decode_out, output_len)) { + err = "BAD_DECODING"; + goto err; + } + + err = NULL; + err: + t->err = err; + OPENSSL_free(encode_out); + OPENSSL_free(decode_out); + EVP_ENCODE_CTX_free(decode_ctx); + return 1; +} + +static const struct evp_test_method encode_test_method = { + "Encoding", + encode_test_init, + encode_test_cleanup, + encode_test_parse, + encode_test_run, +}; + +/* KDF operations */ + +struct kdf_data { + /* Context for this operation */ + EVP_PKEY_CTX *ctx; + /* Expected output */ + unsigned char *output; + size_t output_len; +}; + +/* + * Perform public key operation setup: lookup key, allocated ctx and call + * the appropriate initialisation function + */ +static int kdf_test_init(struct evp_test *t, const char *name) +{ + struct kdf_data *kdata; + + kdata = OPENSSL_malloc(sizeof(*kdata)); + if (kdata == NULL) + return 0; + kdata->ctx = NULL; + kdata->output = NULL; + t->data = kdata; + kdata->ctx = EVP_PKEY_CTX_new_id(OBJ_sn2nid(name), NULL); + if (kdata->ctx == NULL) + return 0; + if (EVP_PKEY_derive_init(kdata->ctx) <= 0) + return 0; + return 1; +} + +static void kdf_test_cleanup(struct evp_test *t) +{ + struct kdf_data *kdata = t->data; + OPENSSL_free(kdata->output); + EVP_PKEY_CTX_free(kdata->ctx); +} + +static int kdf_test_parse(struct evp_test *t, + const char *keyword, const char *value) +{ + struct kdf_data *kdata = t->data; + if (strcmp(keyword, "Output") == 0) + return test_bin(value, &kdata->output, &kdata->output_len); + if (strncmp(keyword, "Ctrl", 4) == 0) + return pkey_test_ctrl(t, kdata->ctx, value); + return 0; +} + +static int kdf_test_run(struct evp_test *t) +{ + struct kdf_data *kdata = t->data; + unsigned char *out = NULL; + size_t out_len = kdata->output_len; + const char *err = "INTERNAL_ERROR"; + out = OPENSSL_malloc(out_len); + if (!out) { + fprintf(stderr, "Error allocating output buffer!\n"); + exit(1); + } + err = "KDF_DERIVE_ERROR"; + if (EVP_PKEY_derive(kdata->ctx, out, &out_len) <= 0) + goto err; + err = "KDF_LENGTH_MISMATCH"; + if (out_len != kdata->output_len) + goto err; + err = "KDF_MISMATCH"; + if (check_output(t, kdata->output, out, out_len)) + goto err; + err = NULL; + err: + OPENSSL_free(out); + t->err = err; + return 1; +} + +static const struct evp_test_method kdf_test_method = { + "KDF", + kdf_test_init, + kdf_test_cleanup, + kdf_test_parse, + kdf_test_run +}; + +struct keypair_test_data { + EVP_PKEY *privk; + EVP_PKEY *pubk; +}; + +static int keypair_test_init(struct evp_test *t, const char *pair) +{ + int rv = 0; + EVP_PKEY *pk = NULL, *pubk = NULL; + char *pub, *priv = NULL; + const char *err = "INTERNAL_ERROR"; + struct keypair_test_data *data; + + priv = OPENSSL_strdup(pair); + if (priv == NULL) + return 0; + pub = strchr(priv, ':'); + if ( pub == NULL ) { + fprintf(stderr, "Wrong syntax \"%s\"\n", pair); + goto end; + } + *pub++ = 0; /* split priv and pub strings */ + + if (find_key(&pk, priv, t->private) == 0) { + fprintf(stderr, "Cannot find private key: %s\n", priv); + err = "MISSING_PRIVATE_KEY"; + goto end; + } + if (find_key(&pubk, pub, t->public) == 0) { + fprintf(stderr, "Cannot find public key: %s\n", pub); + err = "MISSING_PUBLIC_KEY"; + goto end; + } + + if (pk == NULL && pubk == NULL) { + /* Both keys are listed but unsupported: skip this test */ + t->skip = 1; + rv = 1; + goto end; + } + + data = OPENSSL_malloc(sizeof(*data)); + if (data == NULL ) + goto end; + + data->privk = pk; + data->pubk = pubk; + t->data = data; + + rv = 1; + err = NULL; + +end: + if (priv) + OPENSSL_free(priv); + t->err = err; + return rv; +} + +static void keypair_test_cleanup(struct evp_test *t) +{ + struct keypair_test_data *data = t->data; + t->data = NULL; + if (data) + test_free(data); + return; +} + +/* For test that do not accept any custom keyword: + * return 0 if called + */ +static int void_test_parse(struct evp_test *t, const char *keyword, const char *value) +{ + return 0; +} + +static int keypair_test_run(struct evp_test *t) +{ + int rv = 0; + const struct keypair_test_data *pair = t->data; + const char *err = "INTERNAL_ERROR"; + + if (pair == NULL) + goto end; + + if (pair->privk == NULL || pair->pubk == NULL) { + /* this can only happen if only one of the keys is not set + * which means that one of them was unsupported while the + * other isn't: hence a key type mismatch. + */ + err = "KEYPAIR_TYPE_MISMATCH"; + rv = 1; + goto end; + } + + if ((rv = EVP_PKEY_cmp(pair->privk, pair->pubk)) != 1 ) { + if ( 0 == rv ) { + err = "KEYPAIR_MISMATCH"; + } else if ( -1 == rv ) { + err = "KEYPAIR_TYPE_MISMATCH"; + } else if ( -2 == rv ) { + err = "UNSUPPORTED_KEY_COMPARISON"; + } else { + fprintf(stderr, "Unexpected error in key comparison\n"); + rv = 0; + goto end; + } + rv = 1; + goto end; + } + + rv = 1; + err = NULL; + +end: + t->err = err; + return rv; +} + +static const struct evp_test_method keypair_test_method = { + "PrivPubKeyPair", + keypair_test_init, + keypair_test_cleanup, + void_test_parse, + keypair_test_run +}; + diff --git a/openssl-1.1.0h/test/evptests.txt b/openssl-1.1.0h/test/evptests.txt new file mode 100644 index 0000000..fd8d98d --- /dev/null +++ b/openssl-1.1.0h/test/evptests.txt @@ -0,0 +1,19244 @@ +# +# Copyright 2001-2016 The OpenSSL Project Authors. All Rights Reserved. +# +# Licensed under the OpenSSL license (the "License"). You may not use +# this file except in compliance with the License. You can obtain a copy +# in the file LICENSE in the source distribution or at +# https://www.openssl.org/source/license.html + +#cipher:key:iv:plaintext:ciphertext:0/1(decrypt/encrypt) +#aadcipher:key:iv:plaintext:ciphertext:aad:tag:0/1(decrypt/encrypt) +#digest:::input:output + +# BLAKE2 tests, using same inputs as MD5 +# There are no official BLAKE2 test vectors we can use since they all use a key +# Which is currently unsupported by OpenSSL. They were generated using the +# reference implementation. RFC7693 also mentions the 616263 / "abc" values. +Digest = BLAKE2s256 +Input = +Output = 69217a3079908094e11121d042354a7c1f55b6482ca1a51e1b250dfd1ed0eef9 + +Digest = BLAKE2s256 +Input = 61 +Output = 4a0d129873403037c2cd9b9048203687f6233fb6738956e0349bd4320fec3e90 + +Digest = BLAKE2s256 +Input = 616263 +Output = 508c5e8c327c14e2e1a72ba34eeb452f37458b209ed63a294d999b4c86675982 + +Digest = BLAKE2s256 +Input = 6d65737361676520646967657374 +Output = fa10ab775acf89b7d3c8a6e823d586f6b67bdbac4ce207fe145b7d3ac25cd28c + +Digest = BLAKE2s256 +Input = 6162636465666768696a6b6c6d6e6f707172737475767778797a +Output = bdf88eb1f86a0cdf0e840ba88fa118508369df186c7355b4b16cf79fa2710a12 + +Digest = BLAKE2s256 +Input = 4142434445464748494a4b4c4d4e4f505152535455565758595a6162636465666768696a6b6c6d6e6f707172737475767778797a30313233343536373839 +Output = c75439ea17e1de6fa4510c335dc3d3f343e6f9e1ce2773e25b4174f1df8b119b + +Digest = BLAKE2s256 +Input = 3132333435363738393031323334353637383930313233343536373839303132333435363738393031323334353637383930313233343536373839303132333435363738393031323334353637383930 +Output = fdaedb290a0d5af9870864fec2e090200989dc9cd53a3c092129e8535e8b4f66 + +Digest = BLAKE2s256 +Input = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E3F404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F606162636465666768696A6B6C6D6E6F707172737475767778797A7B7C7D7E7F +Output = 1FA877DE67259D19863A2A34BCC6962A2B25FCBF5CBECD7EDE8F1FA36688A796 + +Digest = BLAKE2s256 +Input = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E3F404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F606162636465666768696A6B6C6D6E6F707172737475767778797A7B7C7D7E7F8081 +Output = C80ABEEBB669AD5DEEB5F5EC8EA6B7A05DDF7D31EC4C0A2EE20B0B98CAEC6746 + +Digest = BLAKE2b512 +Input = +Output = 786a02f742015903c6c6fd852552d272912f4740e15847618a86e217f71f5419d25e1031afee585313896444934eb04b903a685b1448b755d56f701afe9be2ce + +Digest = BLAKE2b512 +Input = 61 +Output = 333fcb4ee1aa7c115355ec66ceac917c8bfd815bf7587d325aec1864edd24e34d5abe2c6b1b5ee3face62fed78dbef802f2a85cb91d455a8f5249d330853cb3c + +Digest = BLAKE2b512 +Input = 616263 +Output = ba80a53f981c4d0d6a2797b69f12f6e94c212f14685ac4b74b12bb6fdbffa2d17d87c5392aab792dc252d5de4533cc9518d38aa8dbf1925ab92386edd4009923 + +Digest = BLAKE2b512 +Input = 6d65737361676520646967657374 +Output = 3c26ce487b1c0f062363afa3c675ebdbf5f4ef9bdc022cfbef91e3111cdc283840d8331fc30a8a0906cff4bcdbcd230c61aaec60fdfad457ed96b709a382359a + +Digest = BLAKE2b512 +Input = 6162636465666768696a6b6c6d6e6f707172737475767778797a +Output = c68ede143e416eb7b4aaae0d8e48e55dd529eafed10b1df1a61416953a2b0a5666c761e7d412e6709e31ffe221b7a7a73908cb95a4d120b8b090a87d1fbedb4c + +Digest = BLAKE2b512 +Input = 4142434445464748494a4b4c4d4e4f505152535455565758595a6162636465666768696a6b6c6d6e6f707172737475767778797a30313233343536373839 +Output = 99964802e5c25e703722905d3fb80046b6bca698ca9e2cc7e49b4fe1fa087c2edf0312dfbb275cf250a1e542fd5dc2edd313f9c491127c2e8c0c9b24168e2d50 + +Digest = BLAKE2b512 +Input = 3132333435363738393031323334353637383930313233343536373839303132333435363738393031323334353637383930313233343536373839303132333435363738393031323334353637383930 +Output = 686f41ec5afff6e87e1f076f542aa466466ff5fbde162c48481ba48a748d842799f5b30f5b67fc684771b33b994206d05cc310f31914edd7b97e41860d77d282 + +Digest = BLAKE2b512 +Input = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E3F404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F606162636465666768696A6B6C6D6E6F707172737475767778797A7B7C7D7E7F +Output = 2319E3789C47E2DAA5FE807F61BEC2A1A6537FA03F19FF32E87EECBFD64B7E0E8CCFF439AC333B040F19B0C4DDD11A61E24AC1FE0F10A039806C5DCC0DA3D115 + +Digest = BLAKE2b512 +Input = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E3F404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F606162636465666768696A6B6C6D6E6F707172737475767778797A7B7C7D7E7F8081 +Output = DF0A9D0C212843A6A934E3902B2DD30D17FBA5F969D2030B12A546D8A6A45E80CF5635F071F0452E9C919275DA99BED51EB1173C1AF0518726B75B0EC3BAE2B5 + +# SHA(1) tests (from shatest.c) +Digest = SHA1 +Input = 616263 +Output = a9993e364706816aba3e25717850c26c9cd0d89d + + +# MD5 tests (from md5test.c) +Digest = MD5 +Input = +Output = d41d8cd98f00b204e9800998ecf8427e + +Digest = MD5 +Input = 61 +Output = 0cc175b9c0f1b6a831c399e269772661 + +Digest = MD5 +Input = 616263 +Output = 900150983cd24fb0d6963f7d28e17f72 + +Digest = MD5 +Input = 6d65737361676520646967657374 +Output = f96b697d7cb7938d525a2f31aaf161d0 + +Digest = MD5 +Input = 6162636465666768696a6b6c6d6e6f707172737475767778797a +Output = c3fcd3d76192e4007dfb496cca67e13b + +Digest = MD5 +Input = 4142434445464748494a4b4c4d4e4f505152535455565758595a6162636465666768696a6b6c6d6e6f707172737475767778797a30313233343536373839 +Output = d174ab98d277d9f5a5611c2c9f419d9f + +Digest = MD5 +Input = 3132333435363738393031323334353637383930313233343536373839303132333435363738393031323334353637383930313233343536373839303132333435363738393031323334353637383930 +Output = 57edf4a22be3c955ac49da2e2107b67a + +# MD4 tests from md4test.c +Digest = MD4 +Input = "" +Output = 31d6cfe0d16ae931b73c59d7e0c089c0 + +Digest = MD4 +Input = "a" +Output = bde52cb31de33e46245e05fbdbd6fb24 + +Digest = MD4 +Input = "abc" +Output = a448017aaf21d8525fc10ae87aa6729d + +Digest = MD4 +Input = "message digest" +Output = d9130a8164549fe818874806e1c7014b + +Digest = MD4 +Input = "abcdefghijklmnopqrstuvwxyz" +Output = d79e1c308aa5bbcdeea8ed63df412da9 + +Digest = MD4 +Input = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789" +Output = 043f8582f241db351ce627e153e7f0e4 + +Digest = MD4 +Input = "12345678901234567890123456789012345678901234567890123456789012345678901234567890" +Output = e33b4ddc9c38f2199c3e7b164fcc0536 + +# RIPEMD160 tests from rmdtest.c +Digest = RIPEMD160 +Input = "" +Output = 9c1185a5c5e9fc54612808977ee8f548b2258d31 + +Digest = RIPEMD160 +Input = "a" +Output = 0bdc9d2d256b3ee9daae347be6f4dc835a467ffe + +Digest = RIPEMD160 +Input = "abc" +Output = 8eb208f7e05d987a9b044a8e98c6b087f15a0bfc + +Digest = RIPEMD160 +Input = "message digest" +Output = 5d0689ef49d2fae572b881b123a85ffa21595f36 + +Digest = RIPEMD160 +Input = "abcdefghijklmnopqrstuvwxyz" +Output = f71c27109c692c1b56bbdceb5b9d2865b3708dbc + +Digest = RIPEMD160 +Input = "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq" +Output = 12a053384a9c0c88e405a06c27dcf49ada62eb2b + +Digest = RIPEMD160 +Input = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789" +Output = b0e20b6e3116640286ed3a87a5713079b21f5189 + +Digest = RIPEMD160 +Input = "12345678901234567890123456789012345678901234567890123456789012345678901234567890" +Output = 9b752e45573d4b39f4dbd3323cab82bf63326bfb + +# whirlpool tests from wp_test.c +Digest = whirlpool +Input = "" +Output = 19FA61D75522A4669B44E39C1D2E1726C530232130D407F89AFEE0964997F7A73E83BE698B288FEBCF88E3E03C4F0757EA8964E59B63D93708B138CC42A66EB3 + +Digest = whirlpool +Input = "a" +Output = 8ACA2602792AEC6F11A67206531FB7D7F0DFF59413145E6973C45001D0087B42D11BC645413AEFF63A42391A39145A591A92200D560195E53B478584FDAE231A + +Digest = whirlpool +Input = "abc" +Output = 4E2448A4C6F486BB16B6562C73B4020BF3043E3A731BCE721AE1B303D97E6D4C7181EEBDB6C57E277D0E34957114CBD6C797FC9D95D8B582D225292076D4EEF5 + +Digest = whirlpool +Input = "message digest" +Output = 378C84A4126E2DC6E56DCC7458377AAC838D00032230F53CE1F5700C0FFB4D3B8421557659EF55C106B4B52AC5A4AAA692ED920052838F3362E86DBD37A8903E + +Digest = whirlpool +Input = "abcdefghijklmnopqrstuvwxyz" +Output = F1D754662636FFE92C82EBB9212A484A8D38631EAD4238F5442EE13B8054E41B08BF2A9251C30B6A0B8AAE86177AB4A6F68F673E7207865D5D9819A3DBA4EB3B + +Digest = whirlpool +Input = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789" +Output = DC37E008CF9EE69BF11F00ED9ABA26901DD7C28CDEC066CC6AF42E40F82F3A1E08EBA26629129D8FB7CB57211B9281A65517CC879D7B962142C65F5A7AF01467 + +Digest = whirlpool +Input = "12345678901234567890123456789012345678901234567890123456789012345678901234567890" +Output = 466EF18BABB0154D25B9D38A6414F5C08784372BCCB204D6549C4AFADB6014294D5BD8DF2A6C44E538CD047B2681A51A2C60481E88C5A20B2C2A80CF3A9A083B + +Digest = whirlpool +Input = "abcdbcdecdefdefgefghfghighijhijk" +Output = 2A987EA40F917061F5D6F0A0E4644F488A7A5A52DEEE656207C562F988E95C6916BDC8031BC5BE1B7B947639FE050B56939BAAA0ADFF9AE6745B7B181C3BE3FD + +Digest = whirlpool +Input = "aaaaaaaaaa" +Count = 100000 +Output = 0C99005BEB57EFF50A7CF005560DDF5D29057FD86B20BFD62DECA0F1CCEA4AF51FC15490EDDC47AF32BB2B66C34FF9AD8C6008AD677F77126953B226E4ED8B01 + +# DES EDE3 CFB1 +# echo -n "Hello World" | +# apps/openssl enc -des-ede3-cfb1 \ +# -K 000102030405060708090A0B0C0D0E0F1011121314151617 -iv 0001020304050607 | +# xxd -ps -u + +Cipher = DES-EDE3-CFB1 +Key = 000102030405060708090A0B0C0D0E0F1011121314151617 +IV = 0001020304050607 +Plaintext = "Hello World" +Ciphertext = 3CF55D656E9C0664513358 + +Cipher = DES-EDE3-CFB1 +Key = 000102030405060708090A0B0C0D0E0F1011121314151617 +IV = 0001020304050607 +Operation = DECRYPT +Plaintext = "Hello World" +Ciphertext = 3CF55D656E9C0664513358 + +# AES 128 ECB tests (from FIPS-197 test vectors, encrypt) + +Cipher = AES-128-ECB +Key = 000102030405060708090A0B0C0D0E0F +Operation = ENCRYPT +Plaintext = 00112233445566778899AABBCCDDEEFF +Ciphertext = 69C4E0D86A7B0430D8CDB78070B4C55A + +# AES 192 ECB tests (from FIPS-197 test vectors, encrypt) + +Cipher = AES-192-ECB +Key = 000102030405060708090A0B0C0D0E0F1011121314151617 +Operation = ENCRYPT +Plaintext = 00112233445566778899AABBCCDDEEFF +Ciphertext = DDA97CA4864CDFE06EAF70A0EC0D7191 + + +# AES 256 ECB tests (from FIPS-197 test vectors, encrypt) + +Cipher = AES-256-ECB +Key = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F +Operation = ENCRYPT +Plaintext = 00112233445566778899AABBCCDDEEFF +Ciphertext = 8EA2B7CA516745BFEAFC49904B496089 + + +# AES 128 ECB tests (from NIST test vectors, encrypt) + +#AES-128-ECB:00000000000000000000000000000000::00000000000000000000000000000000:C34C052CC0DA8D73451AFE5F03BE297F:1 + +# AES 128 ECB tests (from NIST test vectors, decrypt) + +#AES-128-ECB:00000000000000000000000000000000::44416AC2D1F53C583303917E6BE9EBE0:00000000000000000000000000000000:0 + +# AES 192 ECB tests (from NIST test vectors, decrypt) + +#AES-192-ECB:000000000000000000000000000000000000000000000000::48E31E9E256718F29229319C19F15BA4:00000000000000000000000000000000:0 + +# AES 256 ECB tests (from NIST test vectors, decrypt) + +#AES-256-ECB:0000000000000000000000000000000000000000000000000000000000000000::058CCFFDBBCB382D1F6F56585D8A4ADE:00000000000000000000000000000000:0 + +# AES 128 CBC tests (from NIST test vectors, encrypt) + +#AES-128-CBC:00000000000000000000000000000000:00000000000000000000000000000000:00000000000000000000000000000000:8A05FC5E095AF4848A08D328D3688E3D:1 + +# AES 192 CBC tests (from NIST test vectors, encrypt) + +#AES-192-CBC:000000000000000000000000000000000000000000000000:00000000000000000000000000000000:00000000000000000000000000000000:7BD966D53AD8C1BB85D2ADFAE87BB104:1 + +# AES 256 CBC tests (from NIST test vectors, encrypt) + +#AES-256-CBC:0000000000000000000000000000000000000000000000000000000000000000:00000000000000000000000000000000:00000000000000000000000000000000:FE3C53653E2F45B56FCD88B2CC898FF0:1 + +# AES 128 CBC tests (from NIST test vectors, decrypt) + +#AES-128-CBC:00000000000000000000000000000000:00000000000000000000000000000000:FACA37E0B0C85373DF706E73F7C9AF86:00000000000000000000000000000000:0 + +# AES tests from NIST document SP800-38A +# For all ECB encrypts and decrypts, the transformed sequence is +# AES-bits-ECB:key::plaintext:ciphertext:encdec +# ECB-AES128.Encrypt and ECB-AES128.Decrypt +Cipher = AES-128-ECB +Key = 2B7E151628AED2A6ABF7158809CF4F3C +Plaintext = 6BC1BEE22E409F96E93D7E117393172A +Ciphertext = 3AD77BB40D7A3660A89ECAF32466EF97 + +Cipher = AES-128-ECB +Key = 2B7E151628AED2A6ABF7158809CF4F3C +Plaintext = AE2D8A571E03AC9C9EB76FAC45AF8E51 +Ciphertext = F5D3D58503B9699DE785895A96FDBAAF + +Cipher = AES-128-ECB +Key = 2B7E151628AED2A6ABF7158809CF4F3C +Plaintext = 30C81C46A35CE411E5FBC1191A0A52EF +Ciphertext = 43B1CD7F598ECE23881B00E3ED030688 + +Cipher = AES-128-ECB +Key = 2B7E151628AED2A6ABF7158809CF4F3C +Plaintext = F69F2445DF4F9B17AD2B417BE66C3710 +Ciphertext = 7B0C785E27E8AD3F8223207104725DD4 + +# ECB-AES192.Encrypt and ECB-AES192.Decrypt +Cipher = AES-192-ECB +Key = 8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B +Plaintext = 6BC1BEE22E409F96E93D7E117393172A +Ciphertext = BD334F1D6E45F25FF712A214571FA5CC + +Cipher = AES-192-ECB +Key = 8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B +Plaintext = AE2D8A571E03AC9C9EB76FAC45AF8E51 +Ciphertext = 974104846D0AD3AD7734ECB3ECEE4EEF + +Cipher = AES-192-ECB +Key = 8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B +Plaintext = 30C81C46A35CE411E5FBC1191A0A52EF +Ciphertext = EF7AFD2270E2E60ADCE0BA2FACE6444E + +Cipher = AES-192-ECB +Key = 8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B +Plaintext = F69F2445DF4F9B17AD2B417BE66C3710 +Ciphertext = 9A4B41BA738D6C72FB16691603C18E0E + +# ECB-AES256.Encrypt and ECB-AES256.Decrypt +Cipher = AES-256-ECB +Key = 603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4 +Plaintext = 6BC1BEE22E409F96E93D7E117393172A +Ciphertext = F3EED1BDB5D2A03C064B5A7E3DB181F8 + +Cipher = AES-256-ECB +Key = 603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4 +Plaintext = AE2D8A571E03AC9C9EB76FAC45AF8E51 +Ciphertext = 591CCB10D410ED26DC5BA74A31362870 + +Cipher = AES-256-ECB +Key = 603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4 +Plaintext = 30C81C46A35CE411E5FBC1191A0A52EF +Ciphertext = B6ED21B99CA6F4F9F153E7B1BEAFED1D + +Cipher = AES-256-ECB +Key = 603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4 +Plaintext = F69F2445DF4F9B17AD2B417BE66C3710 +Ciphertext = 23304B7A39F9F3FF067D8D8F9E24ECC7 + +# For all CBC encrypts and decrypts, the transformed sequence is +# AES-bits-CBC:key:IV/ciphertext':plaintext:ciphertext:encdec +# CBC-AES128.Encrypt and CBC-AES128.Decrypt +Cipher = AES-128-CBC +Key = 2B7E151628AED2A6ABF7158809CF4F3C +IV = 000102030405060708090A0B0C0D0E0F +Plaintext = 6BC1BEE22E409F96E93D7E117393172A +Ciphertext = 7649ABAC8119B246CEE98E9B12E9197D + +Cipher = AES-128-CBC +Key = 2B7E151628AED2A6ABF7158809CF4F3C +IV = 7649ABAC8119B246CEE98E9B12E9197D +Plaintext = AE2D8A571E03AC9C9EB76FAC45AF8E51 +Ciphertext = 5086CB9B507219EE95DB113A917678B2 + +Cipher = AES-128-CBC +Key = 2B7E151628AED2A6ABF7158809CF4F3C +IV = 5086CB9B507219EE95DB113A917678B2 +Plaintext = 30C81C46A35CE411E5FBC1191A0A52EF +Ciphertext = 73BED6B8E3C1743B7116E69E22229516 + +Cipher = AES-128-CBC +Key = 2B7E151628AED2A6ABF7158809CF4F3C +IV = 73BED6B8E3C1743B7116E69E22229516 +Plaintext = F69F2445DF4F9B17AD2B417BE66C3710 +Ciphertext = 3FF1CAA1681FAC09120ECA307586E1A7 + +# CBC-AES192.Encrypt and CBC-AES192.Decrypt +Cipher = AES-192-CBC +Key = 8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B +IV = 000102030405060708090A0B0C0D0E0F +Plaintext = 6BC1BEE22E409F96E93D7E117393172A +Ciphertext = 4F021DB243BC633D7178183A9FA071E8 + +Cipher = AES-192-CBC +Key = 8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B +IV = 4F021DB243BC633D7178183A9FA071E8 +Plaintext = AE2D8A571E03AC9C9EB76FAC45AF8E51 +Ciphertext = B4D9ADA9AD7DEDF4E5E738763F69145A + +Cipher = AES-192-CBC +Key = 8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B +IV = B4D9ADA9AD7DEDF4E5E738763F69145A +Plaintext = 30C81C46A35CE411E5FBC1191A0A52EF +Ciphertext = 571B242012FB7AE07FA9BAAC3DF102E0 + +Cipher = AES-192-CBC +Key = 8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B +IV = 571B242012FB7AE07FA9BAAC3DF102E0 +Plaintext = F69F2445DF4F9B17AD2B417BE66C3710 +Ciphertext = 08B0E27988598881D920A9E64F5615CD + +# CBC-AES256.Encrypt and CBC-AES256.Decrypt +Cipher = AES-256-CBC +Key = 603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4 +IV = 000102030405060708090A0B0C0D0E0F +Plaintext = 6BC1BEE22E409F96E93D7E117393172A +Ciphertext = F58C4C04D6E5F1BA779EABFB5F7BFBD6 + +Cipher = AES-256-CBC +Key = 603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4 +IV = F58C4C04D6E5F1BA779EABFB5F7BFBD6 +Plaintext = AE2D8A571E03AC9C9EB76FAC45AF8E51 +Ciphertext = 9CFC4E967EDB808D679F777BC6702C7D + +Cipher = AES-256-CBC +Key = 603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4 +IV = 9CFC4E967EDB808D679F777BC6702C7D +Plaintext = 30C81C46A35CE411E5FBC1191A0A52EF +Ciphertext = 39F23369A9D9BACFA530E26304231461 + +Cipher = AES-256-CBC +Key = 603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4 +IV = 39F23369A9D9BACFA530E26304231461 +Plaintext = F69F2445DF4F9B17AD2B417BE66C3710 +Ciphertext = B2EB05E2C39BE9FCDA6C19078C6A9D1B + +# We don't support CFB{1,8}-AESxxx.{En,De}crypt +# For all CFB128 encrypts and decrypts, the transformed sequence is +# AES-bits-CFB:key:IV/ciphertext':plaintext:ciphertext:encdec +# CFB128-AES128.Encrypt +Cipher = AES-128-CFB +Key = 2B7E151628AED2A6ABF7158809CF4F3C +IV = 000102030405060708090A0B0C0D0E0F +Operation = ENCRYPT +Plaintext = 6BC1BEE22E409F96E93D7E117393172A +Ciphertext = 3B3FD92EB72DAD20333449F8E83CFB4A + +Cipher = AES-128-CFB +Key = 2B7E151628AED2A6ABF7158809CF4F3C +IV = 3B3FD92EB72DAD20333449F8E83CFB4A +Operation = ENCRYPT +Plaintext = AE2D8A571E03AC9C9EB76FAC45AF8E51 +Ciphertext = C8A64537A0B3A93FCDE3CDAD9F1CE58B + +Cipher = AES-128-CFB +Key = 2B7E151628AED2A6ABF7158809CF4F3C +IV = C8A64537A0B3A93FCDE3CDAD9F1CE58B +Operation = ENCRYPT +Plaintext = 30C81C46A35CE411E5FBC1191A0A52EF +Ciphertext = 26751F67A3CBB140B1808CF187A4F4DF + +Cipher = AES-128-CFB +Key = 2B7E151628AED2A6ABF7158809CF4F3C +IV = 26751F67A3CBB140B1808CF187A4F4DF +Operation = ENCRYPT +Plaintext = F69F2445DF4F9B17AD2B417BE66C3710 +Ciphertext = C04B05357C5D1C0EEAC4C66F9FF7F2E6 + +# CFB128-AES128.Decrypt +Cipher = AES-128-CFB +Key = 2B7E151628AED2A6ABF7158809CF4F3C +IV = 000102030405060708090A0B0C0D0E0F +Operation = DECRYPT +Plaintext = 6BC1BEE22E409F96E93D7E117393172A +Ciphertext = 3B3FD92EB72DAD20333449F8E83CFB4A + +Cipher = AES-128-CFB +Key = 2B7E151628AED2A6ABF7158809CF4F3C +IV = 3B3FD92EB72DAD20333449F8E83CFB4A +Operation = DECRYPT +Plaintext = AE2D8A571E03AC9C9EB76FAC45AF8E51 +Ciphertext = C8A64537A0B3A93FCDE3CDAD9F1CE58B + +Cipher = AES-128-CFB +Key = 2B7E151628AED2A6ABF7158809CF4F3C +IV = C8A64537A0B3A93FCDE3CDAD9F1CE58B +Operation = DECRYPT +Plaintext = 30C81C46A35CE411E5FBC1191A0A52EF +Ciphertext = 26751F67A3CBB140B1808CF187A4F4DF + +Cipher = AES-128-CFB +Key = 2B7E151628AED2A6ABF7158809CF4F3C +IV = 26751F67A3CBB140B1808CF187A4F4DF +Operation = DECRYPT +Plaintext = F69F2445DF4F9B17AD2B417BE66C3710 +Ciphertext = C04B05357C5D1C0EEAC4C66F9FF7F2E6 + +# CFB128-AES192.Encrypt +Cipher = AES-192-CFB +Key = 8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B +IV = 000102030405060708090A0B0C0D0E0F +Operation = ENCRYPT +Plaintext = 6BC1BEE22E409F96E93D7E117393172A +Ciphertext = CDC80D6FDDF18CAB34C25909C99A4174 + +Cipher = AES-192-CFB +Key = 8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B +IV = CDC80D6FDDF18CAB34C25909C99A4174 +Operation = ENCRYPT +Plaintext = AE2D8A571E03AC9C9EB76FAC45AF8E51 +Ciphertext = 67CE7F7F81173621961A2B70171D3D7A + +Cipher = AES-192-CFB +Key = 8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B +IV = 67CE7F7F81173621961A2B70171D3D7A +Operation = ENCRYPT +Plaintext = 30C81C46A35CE411E5FBC1191A0A52EF +Ciphertext = 2E1E8A1DD59B88B1C8E60FED1EFAC4C9 + +Cipher = AES-192-CFB +Key = 8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B +IV = 2E1E8A1DD59B88B1C8E60FED1EFAC4C9 +Operation = ENCRYPT +Plaintext = F69F2445DF4F9B17AD2B417BE66C3710 +Ciphertext = C05F9F9CA9834FA042AE8FBA584B09FF + +# CFB128-AES192.Decrypt +Cipher = AES-192-CFB +Key = 8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B +IV = 000102030405060708090A0B0C0D0E0F +Operation = DECRYPT +Plaintext = 6BC1BEE22E409F96E93D7E117393172A +Ciphertext = CDC80D6FDDF18CAB34C25909C99A4174 + +Cipher = AES-192-CFB +Key = 8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B +IV = CDC80D6FDDF18CAB34C25909C99A4174 +Operation = DECRYPT +Plaintext = AE2D8A571E03AC9C9EB76FAC45AF8E51 +Ciphertext = 67CE7F7F81173621961A2B70171D3D7A + +Cipher = AES-192-CFB +Key = 8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B +IV = 67CE7F7F81173621961A2B70171D3D7A +Operation = DECRYPT +Plaintext = 30C81C46A35CE411E5FBC1191A0A52EF +Ciphertext = 2E1E8A1DD59B88B1C8E60FED1EFAC4C9 + +Cipher = AES-192-CFB +Key = 8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B +IV = 2E1E8A1DD59B88B1C8E60FED1EFAC4C9 +Operation = DECRYPT +Plaintext = F69F2445DF4F9B17AD2B417BE66C3710 +Ciphertext = C05F9F9CA9834FA042AE8FBA584B09FF + +# CFB128-AES256.Encrypt +Cipher = AES-256-CFB +Key = 603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4 +IV = 000102030405060708090A0B0C0D0E0F +Operation = ENCRYPT +Plaintext = 6BC1BEE22E409F96E93D7E117393172A +Ciphertext = DC7E84BFDA79164B7ECD8486985D3860 + +Cipher = AES-256-CFB +Key = 603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4 +IV = DC7E84BFDA79164B7ECD8486985D3860 +Operation = ENCRYPT +Plaintext = AE2D8A571E03AC9C9EB76FAC45AF8E51 +Ciphertext = 39FFED143B28B1C832113C6331E5407B + +Cipher = AES-256-CFB +Key = 603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4 +IV = 39FFED143B28B1C832113C6331E5407B +Operation = ENCRYPT +Plaintext = 30C81C46A35CE411E5FBC1191A0A52EF +Ciphertext = DF10132415E54B92A13ED0A8267AE2F9 + +Cipher = AES-256-CFB +Key = 603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4 +IV = DF10132415E54B92A13ED0A8267AE2F9 +Operation = ENCRYPT +Plaintext = F69F2445DF4F9B17AD2B417BE66C3710 +Ciphertext = 75A385741AB9CEF82031623D55B1E471 + +# CFB128-AES256.Decrypt +Cipher = AES-256-CFB +Key = 603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4 +IV = 000102030405060708090A0B0C0D0E0F +Operation = DECRYPT +Plaintext = 6BC1BEE22E409F96E93D7E117393172A +Ciphertext = DC7E84BFDA79164B7ECD8486985D3860 + +Cipher = AES-256-CFB +Key = 603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4 +IV = DC7E84BFDA79164B7ECD8486985D3860 +Operation = DECRYPT +Plaintext = AE2D8A571E03AC9C9EB76FAC45AF8E51 +Ciphertext = 39FFED143B28B1C832113C6331E5407B + +Cipher = AES-256-CFB +Key = 603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4 +IV = 39FFED143B28B1C832113C6331E5407B +Operation = DECRYPT +Plaintext = 30C81C46A35CE411E5FBC1191A0A52EF +Ciphertext = DF10132415E54B92A13ED0A8267AE2F9 + +Cipher = AES-256-CFB +Key = 603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4 +IV = DF10132415E54B92A13ED0A8267AE2F9 +Operation = DECRYPT +Plaintext = F69F2445DF4F9B17AD2B417BE66C3710 +Ciphertext = 75A385741AB9CEF82031623D55B1E471 + +# For all OFB encrypts and decrypts, the transformed sequence is +# AES-bits-CFB:key:IV/output':plaintext:ciphertext:encdec +# OFB-AES128.Encrypt +Cipher = AES-128-OFB +Key = 2B7E151628AED2A6ABF7158809CF4F3C +IV = 000102030405060708090A0B0C0D0E0F +Operation = ENCRYPT +Plaintext = 6BC1BEE22E409F96E93D7E117393172A +Ciphertext = 3B3FD92EB72DAD20333449F8E83CFB4A + +Cipher = AES-128-OFB +Key = 2B7E151628AED2A6ABF7158809CF4F3C +IV = 50FE67CC996D32B6DA0937E99BAFEC60 +Operation = ENCRYPT +Plaintext = AE2D8A571E03AC9C9EB76FAC45AF8E51 +Ciphertext = 7789508D16918F03F53C52DAC54ED825 + +Cipher = AES-128-OFB +Key = 2B7E151628AED2A6ABF7158809CF4F3C +IV = D9A4DADA0892239F6B8B3D7680E15674 +Operation = ENCRYPT +Plaintext = 30C81C46A35CE411E5FBC1191A0A52EF +Ciphertext = 9740051E9C5FECF64344F7A82260EDCC + +Cipher = AES-128-OFB +Key = 2B7E151628AED2A6ABF7158809CF4F3C +IV = A78819583F0308E7A6BF36B1386ABF23 +Operation = ENCRYPT +Plaintext = F69F2445DF4F9B17AD2B417BE66C3710 +Ciphertext = 304C6528F659C77866A510D9C1D6AE5E + +# OFB-AES128.Decrypt +Cipher = AES-128-OFB +Key = 2B7E151628AED2A6ABF7158809CF4F3C +IV = 000102030405060708090A0B0C0D0E0F +Operation = DECRYPT +Plaintext = 6BC1BEE22E409F96E93D7E117393172A +Ciphertext = 3B3FD92EB72DAD20333449F8E83CFB4A + +Cipher = AES-128-OFB +Key = 2B7E151628AED2A6ABF7158809CF4F3C +IV = 50FE67CC996D32B6DA0937E99BAFEC60 +Operation = DECRYPT +Plaintext = AE2D8A571E03AC9C9EB76FAC45AF8E51 +Ciphertext = 7789508D16918F03F53C52DAC54ED825 + +Cipher = AES-128-OFB +Key = 2B7E151628AED2A6ABF7158809CF4F3C +IV = D9A4DADA0892239F6B8B3D7680E15674 +Operation = DECRYPT +Plaintext = 30C81C46A35CE411E5FBC1191A0A52EF +Ciphertext = 9740051E9C5FECF64344F7A82260EDCC + +Cipher = AES-128-OFB +Key = 2B7E151628AED2A6ABF7158809CF4F3C +IV = A78819583F0308E7A6BF36B1386ABF23 +Operation = DECRYPT +Plaintext = F69F2445DF4F9B17AD2B417BE66C3710 +Ciphertext = 304C6528F659C77866A510D9C1D6AE5E + +# OFB-AES192.Encrypt +Cipher = AES-192-OFB +Key = 8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B +IV = 000102030405060708090A0B0C0D0E0F +Operation = ENCRYPT +Plaintext = 6BC1BEE22E409F96E93D7E117393172A +Ciphertext = CDC80D6FDDF18CAB34C25909C99A4174 + +Cipher = AES-192-OFB +Key = 8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B +IV = A609B38DF3B1133DDDFF2718BA09565E +Operation = ENCRYPT +Plaintext = AE2D8A571E03AC9C9EB76FAC45AF8E51 +Ciphertext = FCC28B8D4C63837C09E81700C1100401 + +Cipher = AES-192-OFB +Key = 8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B +IV = 52EF01DA52602FE0975F78AC84BF8A50 +Operation = ENCRYPT +Plaintext = 30C81C46A35CE411E5FBC1191A0A52EF +Ciphertext = 8D9A9AEAC0F6596F559C6D4DAF59A5F2 + +Cipher = AES-192-OFB +Key = 8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B +IV = BD5286AC63AABD7EB067AC54B553F71D +Operation = ENCRYPT +Plaintext = F69F2445DF4F9B17AD2B417BE66C3710 +Ciphertext = 6D9F200857CA6C3E9CAC524BD9ACC92A + +# OFB-AES192.Decrypt +Cipher = AES-192-OFB +Key = 8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B +IV = 000102030405060708090A0B0C0D0E0F +Operation = ENCRYPT +Plaintext = 6BC1BEE22E409F96E93D7E117393172A +Ciphertext = CDC80D6FDDF18CAB34C25909C99A4174 + +Cipher = AES-192-OFB +Key = 8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B +IV = A609B38DF3B1133DDDFF2718BA09565E +Operation = ENCRYPT +Plaintext = AE2D8A571E03AC9C9EB76FAC45AF8E51 +Ciphertext = FCC28B8D4C63837C09E81700C1100401 + +Cipher = AES-192-OFB +Key = 8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B +IV = 52EF01DA52602FE0975F78AC84BF8A50 +Operation = ENCRYPT +Plaintext = 30C81C46A35CE411E5FBC1191A0A52EF +Ciphertext = 8D9A9AEAC0F6596F559C6D4DAF59A5F2 + +Cipher = AES-192-OFB +Key = 8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B +IV = BD5286AC63AABD7EB067AC54B553F71D +Operation = ENCRYPT +Plaintext = F69F2445DF4F9B17AD2B417BE66C3710 +Ciphertext = 6D9F200857CA6C3E9CAC524BD9ACC92A + +# OFB-AES256.Encrypt +Cipher = AES-256-OFB +Key = 603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4 +IV = 000102030405060708090A0B0C0D0E0F +Operation = ENCRYPT +Plaintext = 6BC1BEE22E409F96E93D7E117393172A +Ciphertext = DC7E84BFDA79164B7ECD8486985D3860 + +Cipher = AES-256-OFB +Key = 603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4 +IV = B7BF3A5DF43989DD97F0FA97EBCE2F4A +Operation = ENCRYPT +Plaintext = AE2D8A571E03AC9C9EB76FAC45AF8E51 +Ciphertext = 4FEBDC6740D20B3AC88F6AD82A4FB08D + +Cipher = AES-256-OFB +Key = 603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4 +IV = E1C656305ED1A7A6563805746FE03EDC +Operation = ENCRYPT +Plaintext = 30C81C46A35CE411E5FBC1191A0A52EF +Ciphertext = 71AB47A086E86EEDF39D1C5BBA97C408 + +Cipher = AES-256-OFB +Key = 603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4 +IV = 41635BE625B48AFC1666DD42A09D96E7 +Operation = ENCRYPT +Plaintext = F69F2445DF4F9B17AD2B417BE66C3710 +Ciphertext = 0126141D67F37BE8538F5A8BE740E484 + +# OFB-AES256.Decrypt +Cipher = AES-256-OFB +Key = 603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4 +IV = 000102030405060708090A0B0C0D0E0F +Operation = DECRYPT +Plaintext = 6BC1BEE22E409F96E93D7E117393172A +Ciphertext = DC7E84BFDA79164B7ECD8486985D3860 + +Cipher = AES-256-OFB +Key = 603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4 +IV = B7BF3A5DF43989DD97F0FA97EBCE2F4A +Operation = DECRYPT +Plaintext = AE2D8A571E03AC9C9EB76FAC45AF8E51 +Ciphertext = 4FEBDC6740D20B3AC88F6AD82A4FB08D + +Cipher = AES-256-OFB +Key = 603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4 +IV = E1C656305ED1A7A6563805746FE03EDC +Operation = DECRYPT +Plaintext = 30C81C46A35CE411E5FBC1191A0A52EF +Ciphertext = 71AB47A086E86EEDF39D1C5BBA97C408 + +Cipher = AES-256-OFB +Key = 603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4 +IV = 41635BE625B48AFC1666DD42A09D96E7 +Operation = DECRYPT +Plaintext = F69F2445DF4F9B17AD2B417BE66C3710 +Ciphertext = 0126141D67F37BE8538F5A8BE740E484 + + +# AES Counter test vectors from RFC3686 +Cipher = aes-128-ctr +Key = AE6852F8121067CC4BF7A5765577F39E +IV = 00000030000000000000000000000001 +Operation = ENCRYPT +Plaintext = 53696E676C6520626C6F636B206D7367 +Ciphertext = E4095D4FB7A7B3792D6175A3261311B8 + +Cipher = aes-128-ctr +Key = 7E24067817FAE0D743D6CE1F32539163 +IV = 006CB6DBC0543B59DA48D90B00000001 +Operation = ENCRYPT +Plaintext = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F +Ciphertext = 5104A106168A72D9790D41EE8EDAD388EB2E1EFC46DA57C8FCE630DF9141BE28 + +Cipher = aes-128-ctr +Key = 7691BE035E5020A8AC6E618529F9A0DC +IV = 00E0017B27777F3F4A1786F000000001 +Operation = ENCRYPT +Plaintext = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F20212223 +Ciphertext = C1CF48A89F2FFDD9CF4652E9EFDB72D74540A42BDE6D7836D59A5CEAAEF3105325B2072F + + +Cipher = aes-192-ctr +Key = 16AF5B145FC9F579C175F93E3BFB0EED863D06CCFDB78515 +IV = 0000004836733C147D6D93CB00000001 +Operation = ENCRYPT +Plaintext = 53696E676C6520626C6F636B206D7367 +Ciphertext = 4B55384FE259C9C84E7935A003CBE928 + +Cipher = aes-192-ctr +Key = 7C5CB2401B3DC33C19E7340819E0F69C678C3DB8E6F6A91A +IV = 0096B03B020C6EADC2CB500D00000001 +Operation = ENCRYPT +Plaintext = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F +Ciphertext = 453243FC609B23327EDFAAFA7131CD9F8490701C5AD4A79CFC1FE0FF42F4FB00 + +Cipher = aes-192-ctr +Key = 02BF391EE8ECB159B959617B0965279BF59B60A786D3E0FE +IV = 0007BDFD5CBD60278DCC091200000001 +Operation = ENCRYPT +Plaintext = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F20212223 +Ciphertext = 96893FC55E5C722F540B7DD1DDF7E758D288BC95C69165884536C811662F2188ABEE0935 + + +Cipher = aes-256-ctr +Key = 776BEFF2851DB06F4C8A0542C8696F6C6A81AF1EEC96B4D37FC1D689E6C1C104 +IV = 00000060DB5672C97AA8F0B200000001 +Operation = ENCRYPT +Plaintext = 53696E676C6520626C6F636B206D7367 +Ciphertext = 145AD01DBF824EC7560863DC71E3E0C0 + +Cipher = aes-256-ctr +Key = F6D66D6BD52D59BB0796365879EFF886C66DD51A5B6A99744B50590C87A23884 +IV = 00FAAC24C1585EF15A43D87500000001 +Operation = ENCRYPT +Plaintext = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F +Ciphertext = F05E231B3894612C49EE000B804EB2A9B8306B508F839D6A5530831D9344AF1C + +Cipher = aes-256-ctr +Key = FF7A617CE69148E4F1726E2F43581DE2AA62D9F805532EDFF1EED687FB54153D +IV = 001CC5B751A51D70A1C1114800000001 +Operation = ENCRYPT +Plaintext = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F20212223 +Ciphertext = EB6C52821D0BBBF7CE7594462ACA4FAAB407DF866569FD07F48CC0B583D6071F1EC0E6B8 + + +# Self-generated vector to trigger false carry on big-endian platforms +Cipher = aes-128-ctr +Key = 7E24067817FAE0D743D6CE1F32539163 +IV = 00000000000000007FFFFFFFFFFFFFFF +Operation = ENCRYPT +Plaintext = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F +Ciphertext = A2D459477E6432BD74184B1B5370D2243CDC202BC43583B2A55D288CDBBD1E03 + +# DES ECB tests (from destest) + +Cipher = DES-ECB +Key = 0000000000000000 +Plaintext = 0000000000000000 +Ciphertext = 8CA64DE9C1B123A7 + +Cipher = DES-ECB +Key = FFFFFFFFFFFFFFFF +Plaintext = FFFFFFFFFFFFFFFF +Ciphertext = 7359B2163E4EDC58 + +Cipher = DES-ECB +Key = 3000000000000000 +Plaintext = 1000000000000001 +Ciphertext = 958E6E627A05557B + +Cipher = DES-ECB +Key = 1111111111111111 +Plaintext = 1111111111111111 +Ciphertext = F40379AB9E0EC533 + +Cipher = DES-ECB +Key = 0123456789ABCDEF +Plaintext = 1111111111111111 +Ciphertext = 17668DFC7292532D + +Cipher = DES-ECB +Key = 1111111111111111 +Plaintext = 0123456789ABCDEF +Ciphertext = 8A5AE1F81AB8F2DD + +Cipher = DES-ECB +Key = FEDCBA9876543210 +Plaintext = 0123456789ABCDEF +Ciphertext = ED39D950FA74BCC4 + + +# DESX-CBC tests (from destest) +Cipher = DESX-CBC +Key = 0123456789abcdeff1e0d3c2b5a49786fedcba9876543210 +IV = fedcba9876543210 +Plaintext = 37363534333231204E6F77206973207468652074696D6520666F722000000000 +Ciphertext = 846B2914851E9A2954732F8AA0A611C115CDC2D7951B1053A63C5E03B21AA3C4 + + +# DES EDE3 CBC tests (from destest) +Cipher = DES-EDE3-CBC +Key = 0123456789abcdeff1e0d3c2b5a49786fedcba9876543210 +IV = fedcba9876543210 +Plaintext = 37363534333231204E6F77206973207468652074696D6520666F722000000000 +Ciphertext = 3FE301C962AC01D02213763C1CBD4CDC799657C064ECF5D41C673812CFDE9675 + + +# RC4 tests (from rc4test) +Cipher = RC4 +Key = 0123456789abcdef0123456789abcdef +Plaintext = 0123456789abcdef +Ciphertext = 75b7878099e0c596 + +Cipher = RC4 +Key = 0123456789abcdef0123456789abcdef +Plaintext = 0000000000000000 +Ciphertext = 7494c2e7104b0879 + +Cipher = RC4 +Key = 00000000000000000000000000000000 +Plaintext = 0000000000000000 +Ciphertext = de188941a3375d3a + +Cipher = RC4 +Key = ef012345ef012345ef012345ef012345 +Plaintext = 0000000000000000000000000000000000000000 +Ciphertext = d6a141a7ec3c38dfbd615a1162e1c7ba36b67858 + +Cipher = RC4 +Key = 0123456789abcdef0123456789abcdef +Plaintext = 123456789ABCDEF0123456789ABCDEF0123456789ABCDEF012345678 +Ciphertext = 66a0949f8af7d6891f7f832ba833c00c892ebe30143ce28740011ecf + +Cipher = RC4 +Key = ef012345ef012345ef012345ef012345 +Plaintext = 00000000000000000000 +Ciphertext = d6a141a7ec3c38dfbd61 + + + +# Camellia tests from RFC3713 +# For all ECB encrypts and decrypts, the transformed sequence is +# CAMELLIA-bits-ECB:key::plaintext:ciphertext:encdec +Cipher = CAMELLIA-128-ECB +Key = 0123456789abcdeffedcba9876543210 +Plaintext = 0123456789abcdeffedcba9876543210 +Ciphertext = 67673138549669730857065648eabe43 + +Cipher = CAMELLIA-192-ECB +Key = 0123456789abcdeffedcba98765432100011223344556677 +Plaintext = 0123456789abcdeffedcba9876543210 +Ciphertext = b4993401b3e996f84ee5cee7d79b09b9 + +Cipher = CAMELLIA-256-ECB +Key = 0123456789abcdeffedcba987654321000112233445566778899aabbccddeeff +Plaintext = 0123456789abcdeffedcba9876543210 +Ciphertext = 9acc237dff16d76c20ef7c919e3a7509 + + +# ECB-CAMELLIA128.Encrypt +Cipher = CAMELLIA-128-ECB +Key = 000102030405060708090A0B0C0D0E0F +Operation = ENCRYPT +Plaintext = 00112233445566778899AABBCCDDEEFF +Ciphertext = 77CF412067AF8270613529149919546F + +Cipher = CAMELLIA-192-ECB +Key = 000102030405060708090A0B0C0D0E0F1011121314151617 +Operation = ENCRYPT +Plaintext = 00112233445566778899AABBCCDDEEFF +Ciphertext = B22F3C36B72D31329EEE8ADDC2906C68 + +Cipher = CAMELLIA-256-ECB +Key = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F +Operation = ENCRYPT +Plaintext = 00112233445566778899AABBCCDDEEFF +Ciphertext = 2EDF1F3418D53B88841FC8985FB1ECF2 + + +# ECB-CAMELLIA128.Encrypt and ECB-CAMELLIA128.Decrypt +Cipher = CAMELLIA-128-ECB +Key = 2B7E151628AED2A6ABF7158809CF4F3C +Plaintext = 6BC1BEE22E409F96E93D7E117393172A +Ciphertext = 432FC5DCD628115B7C388D770B270C96 + +Cipher = CAMELLIA-128-ECB +Key = 2B7E151628AED2A6ABF7158809CF4F3C +Plaintext = AE2D8A571E03AC9C9EB76FAC45AF8E51 +Ciphertext = 0BE1F14023782A22E8384C5ABB7FAB2B + +Cipher = CAMELLIA-128-ECB +Key = 2B7E151628AED2A6ABF7158809CF4F3C +Plaintext = 30C81C46A35CE411E5FBC1191A0A52EF +Ciphertext = A0A1ABCD1893AB6FE0FE5B65DF5F8636 + +Cipher = CAMELLIA-128-ECB +Key = 2B7E151628AED2A6ABF7158809CF4F3C +Plaintext = F69F2445DF4F9B17AD2B417BE66C3710 +Ciphertext = E61925E0D5DFAA9BB29F815B3076E51A + + +# ECB-CAMELLIA192.Encrypt and ECB-CAMELLIA192.Decrypt +Cipher = CAMELLIA-192-ECB +Key = 8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B +Plaintext = 6BC1BEE22E409F96E93D7E117393172A +Ciphertext = CCCC6C4E138B45848514D48D0D3439D3 + +Cipher = CAMELLIA-192-ECB +Key = 8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B +Plaintext = AE2D8A571E03AC9C9EB76FAC45AF8E51 +Ciphertext = 5713C62C14B2EC0F8393B6AFD6F5785A + +Cipher = CAMELLIA-192-ECB +Key = 8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B +Plaintext = 30C81C46A35CE411E5FBC1191A0A52EF +Ciphertext = B40ED2B60EB54D09D030CF511FEEF366 + +Cipher = CAMELLIA-192-ECB +Key = 8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B +Plaintext = F69F2445DF4F9B17AD2B417BE66C3710 +Ciphertext = 909DBD95799096748CB27357E73E1D26 + + +# ECB-CAMELLIA256.Encrypt and ECB-CAMELLIA256.Decrypt +Cipher = CAMELLIA-256-ECB +Key = 603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4 +Plaintext = 6BC1BEE22E409F96E93D7E117393172A +Ciphertext = BEFD219B112FA00098919CD101C9CCFA + +Cipher = CAMELLIA-256-ECB +Key = 603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4 +Plaintext = AE2D8A571E03AC9C9EB76FAC45AF8E51 +Ciphertext = C91D3A8F1AEA08A9386CF4B66C0169EA + +Cipher = CAMELLIA-256-ECB +Key = 603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4 +Plaintext = 30C81C46A35CE411E5FBC1191A0A52EF +Ciphertext = A623D711DC5F25A51BB8A80D56397D28 + +Cipher = CAMELLIA-256-ECB +Key = 603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4 +Plaintext = F69F2445DF4F9B17AD2B417BE66C3710 +Ciphertext = 7960109FB6DC42947FCFE59EA3C5EB6B + + +# For all CBC encrypts and decrypts, the transformed sequence is +# CAMELLIA-bits-CBC:key:IV/ciphertext':plaintext:ciphertext:encdec +# CBC-CAMELLIA128.Encrypt and CBC-CAMELLIA128.Decrypt +Cipher = CAMELLIA-128-CBC +Key = 2B7E151628AED2A6ABF7158809CF4F3C +IV = 000102030405060708090A0B0C0D0E0F +Plaintext = 6BC1BEE22E409F96E93D7E117393172A +Ciphertext = 1607CF494B36BBF00DAEB0B503C831AB + +Cipher = CAMELLIA-128-CBC +Key = 2B7E151628AED2A6ABF7158809CF4F3C +IV = 1607CF494B36BBF00DAEB0B503C831AB +Plaintext = AE2D8A571E03AC9C9EB76FAC45AF8E51 +Ciphertext = A2F2CF671629EF7840C5A5DFB5074887 + +Cipher = CAMELLIA-128-CBC +Key = 2B7E151628AED2A6ABF7158809CF4F3C +IV = A2F2CF671629EF7840C5A5DFB5074887 +Plaintext = 30C81C46A35CE411E5FBC1191A0A52EF +Ciphertext = 0F06165008CF8B8B5A63586362543E54 + +Cipher = CAMELLIA-128-CBC +Key = 2B7E151628AED2A6ABF7158809CF4F3C +IV = 36A84CDAFD5F9A85ADA0F0A993D6D577 +Plaintext = F69F2445DF4F9B17AD2B417BE66C3710 +Ciphertext = 74C64268CDB8B8FAF5B34E8AF3732980 + + +# CBC-CAMELLIA192.Encrypt and CBC-CAMELLIA192.Decrypt +Cipher = CAMELLIA-192-CBC +Key = 8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B +IV = 000102030405060708090A0B0C0D0E0F +Plaintext = 6BC1BEE22E409F96E93D7E117393172A +Ciphertext = 2A4830AB5AC4A1A2405955FD2195CF93 + +Cipher = CAMELLIA-192-CBC +Key = 8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B +IV = 2A4830AB5AC4A1A2405955FD2195CF93 +Plaintext = AE2D8A571E03AC9C9EB76FAC45AF8E51 +Ciphertext = 5D5A869BD14CE54264F892A6DD2EC3D5 + +Cipher = CAMELLIA-192-CBC +Key = 8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B +IV = 5D5A869BD14CE54264F892A6DD2EC3D5 +Plaintext = 30C81C46A35CE411E5FBC1191A0A52EF +Ciphertext = 37D359C3349836D884E310ADDF68C449 + +Cipher = CAMELLIA-192-CBC +Key = 8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B +IV = 37D359C3349836D884E310ADDF68C449 +Plaintext = F69F2445DF4F9B17AD2B417BE66C3710 +Ciphertext = 01FAAA930B4AB9916E9668E1428C6B08 + + +# CBC-CAMELLIA256.Encrypt and CBC-CAMELLIA256.Decrypt +Cipher = CAMELLIA-256-CBC +Key = 603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4 +IV = 000102030405060708090A0B0C0D0E0F +Plaintext = 6BC1BEE22E409F96E93D7E117393172A +Ciphertext = E6CFA35FC02B134A4D2C0B6737AC3EDA + +Cipher = CAMELLIA-256-CBC +Key = 603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4 +IV = E6CFA35FC02B134A4D2C0B6737AC3EDA +Plaintext = AE2D8A571E03AC9C9EB76FAC45AF8E51 +Ciphertext = 36CBEB73BD504B4070B1B7DE2B21EB50 + +Cipher = CAMELLIA-256-CBC +Key = 603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4 +IV = 36CBEB73BD504B4070B1B7DE2B21EB50 +Plaintext = 30C81C46A35CE411E5FBC1191A0A52EF +Ciphertext = E31A6055297D96CA3330CDF1B1860A83 + +Cipher = CAMELLIA-256-CBC +Key = 603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4 +IV = E31A6055297D96CA3330CDF1B1860A83 +Plaintext = F69F2445DF4F9B17AD2B417BE66C3710 +Ciphertext = 5D563F6D1CCCF236051C0C5C1C58F28F + + +# We don't support CFB{1,8}-CAMELLIAxxx.{En,De}crypt +# For all CFB128 encrypts and decrypts, the transformed sequence is +# CAMELLIA-bits-CFB:key:IV/ciphertext':plaintext:ciphertext:encdec +# CFB128-CAMELLIA128.Encrypt +Cipher = CAMELLIA-128-CFB +Key = 2B7E151628AED2A6ABF7158809CF4F3C +IV = 000102030405060708090A0B0C0D0E0F +Operation = ENCRYPT +Plaintext = 6BC1BEE22E409F96E93D7E117393172A +Ciphertext = 14F7646187817EB586599146B82BD719 + +Cipher = CAMELLIA-128-CFB +Key = 2B7E151628AED2A6ABF7158809CF4F3C +IV = 14F7646187817EB586599146B82BD719 +Operation = ENCRYPT +Plaintext = AE2D8A571E03AC9C9EB76FAC45AF8E51 +Ciphertext = A53D28BB82DF741103EA4F921A44880B + +Cipher = CAMELLIA-128-CFB +Key = 2B7E151628AED2A6ABF7158809CF4F3C +IV = A53D28BB82DF741103EA4F921A44880B +Operation = ENCRYPT +Plaintext = 30C81C46A35CE411E5FBC1191A0A52EF +Ciphertext = 9C2157A664626D1DEF9EA420FDE69B96 + +Cipher = CAMELLIA-128-CFB +Key = 2B7E151628AED2A6ABF7158809CF4F3C +IV = 9C2157A664626D1DEF9EA420FDE69B96 +Operation = ENCRYPT +Plaintext = F69F2445DF4F9B17AD2B417BE66C3710 +Ciphertext = 742A25F0542340C7BAEF24CA8482BB09 + + +# CFB128-CAMELLIA128.Decrypt +Cipher = CAMELLIA-128-CFB +Key = 2B7E151628AED2A6ABF7158809CF4F3C +IV = 000102030405060708090A0B0C0D0E0F +Operation = DECRYPT +Plaintext = 6BC1BEE22E409F96E93D7E117393172A +Ciphertext = 14F7646187817EB586599146B82BD719 + +Cipher = CAMELLIA-128-CFB +Key = 2B7E151628AED2A6ABF7158809CF4F3C +IV = 14F7646187817EB586599146B82BD719 +Operation = DECRYPT +Plaintext = AE2D8A571E03AC9C9EB76FAC45AF8E51 +Ciphertext = A53D28BB82DF741103EA4F921A44880B + +Cipher = CAMELLIA-128-CFB +Key = 2B7E151628AED2A6ABF7158809CF4F3C +IV = A53D28BB82DF741103EA4F921A44880B +Operation = DECRYPT +Plaintext = 30C81C46A35CE411E5FBC1191A0A52EF +Ciphertext = 9C2157A664626D1DEF9EA420FDE69B96 + +Cipher = CAMELLIA-128-CFB +Key = 2B7E151628AED2A6ABF7158809CF4F3C +IV = 9C2157A664626D1DEF9EA420FDE69B96 +Operation = DECRYPT +Plaintext = F69F2445DF4F9B17AD2B417BE66C3710 +Ciphertext = 742A25F0542340C7BAEF24CA8482BB09 + + +# CFB128-CAMELLIA192.Encrypt +Cipher = CAMELLIA-192-CFB +Key = 8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B +IV = 000102030405060708090A0B0C0D0E0F +Operation = ENCRYPT +Plaintext = 6BC1BEE22E409F96E93D7E117393172A +Ciphertext = C832BB9780677DAA82D9B6860DCD565E + +Cipher = CAMELLIA-192-CFB +Key = 8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B +IV = C832BB9780677DAA82D9B6860DCD565E +Operation = ENCRYPT +Plaintext = AE2D8A571E03AC9C9EB76FAC45AF8E51 +Ciphertext = 86F8491627906D780C7A6D46EA331F98 + +Cipher = CAMELLIA-192-CFB +Key = 8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B +IV = 86F8491627906D780C7A6D46EA331F98 +Operation = ENCRYPT +Plaintext = 30C81C46A35CE411E5FBC1191A0A52EF +Ciphertext = 69511CCE594CF710CB98BB63D7221F01 + +Cipher = CAMELLIA-192-CFB +Key = 8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B +IV = 69511CCE594CF710CB98BB63D7221F01 +Operation = ENCRYPT +Plaintext = F69F2445DF4F9B17AD2B417BE66C3710 +Ciphertext = D5B5378A3ABED55803F25565D8907B84 + + +# CFB128-CAMELLIA192.Decrypt +Cipher = CAMELLIA-192-CFB +Key = 8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B +IV = 000102030405060708090A0B0C0D0E0F +Operation = DECRYPT +Plaintext = 6BC1BEE22E409F96E93D7E117393172A +Ciphertext = C832BB9780677DAA82D9B6860DCD565E + +Cipher = CAMELLIA-192-CFB +Key = 8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B +IV = C832BB9780677DAA82D9B6860DCD565E +Operation = DECRYPT +Plaintext = AE2D8A571E03AC9C9EB76FAC45AF8E51 +Ciphertext = 86F8491627906D780C7A6D46EA331F98 + +Cipher = CAMELLIA-192-CFB +Key = 8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B +IV = 86F8491627906D780C7A6D46EA331F98 +Operation = DECRYPT +Plaintext = 30C81C46A35CE411E5FBC1191A0A52EF +Ciphertext = 69511CCE594CF710CB98BB63D7221F01 + +Cipher = CAMELLIA-192-CFB +Key = 8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B +IV = 69511CCE594CF710CB98BB63D7221F01 +Operation = DECRYPT +Plaintext = F69F2445DF4F9B17AD2B417BE66C3710 +Ciphertext = D5B5378A3ABED55803F25565D8907B84 + + +# CFB128-CAMELLIA256.Encrypt +Cipher = CAMELLIA-256-CFB +Key = 603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4 +IV = 000102030405060708090A0B0C0D0E0F +Operation = ENCRYPT +Plaintext = 6BC1BEE22E409F96E93D7E117393172A +Ciphertext = CF6107BB0CEA7D7FB1BD31F5E7B06C93 + +Cipher = CAMELLIA-256-CFB +Key = 603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4 +IV = CF6107BB0CEA7D7FB1BD31F5E7B06C93 +Operation = ENCRYPT +Plaintext = AE2D8A571E03AC9C9EB76FAC45AF8E51 +Ciphertext = 89BEDB4CCDD864EA11BA4CBE849B5E2B + +Cipher = CAMELLIA-256-CFB +Key = 603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4 +IV = 89BEDB4CCDD864EA11BA4CBE849B5E2B +Operation = ENCRYPT +Plaintext = 30C81C46A35CE411E5FBC1191A0A52EF +Ciphertext = 555FC3F34BDD2D54C62D9E3BF338C1C4 + +Cipher = CAMELLIA-256-CFB +Key = 603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4 +IV = 555FC3F34BDD2D54C62D9E3BF338C1C4 +Operation = ENCRYPT +Plaintext = F69F2445DF4F9B17AD2B417BE66C3710 +Ciphertext = 5953ADCE14DB8C7F39F1BD39F359BFFA + + +# CFB128-CAMELLIA256.Decrypt +Cipher = CAMELLIA-256-CFB +Key = 603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4 +IV = 000102030405060708090A0B0C0D0E0F +Operation = DECRYPT +Plaintext = 6BC1BEE22E409F96E93D7E117393172A +Ciphertext = CF6107BB0CEA7D7FB1BD31F5E7B06C93 + +Cipher = CAMELLIA-256-CFB +Key = 603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4 +IV = CF6107BB0CEA7D7FB1BD31F5E7B06C93 +Operation = DECRYPT +Plaintext = AE2D8A571E03AC9C9EB76FAC45AF8E51 +Ciphertext = 89BEDB4CCDD864EA11BA4CBE849B5E2B + +Cipher = CAMELLIA-256-CFB +Key = 603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4 +IV = 89BEDB4CCDD864EA11BA4CBE849B5E2B +Operation = DECRYPT +Plaintext = 30C81C46A35CE411E5FBC1191A0A52EF +Ciphertext = 555FC3F34BDD2D54C62D9E3BF338C1C4 + +Cipher = CAMELLIA-256-CFB +Key = 603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4 +IV = 555FC3F34BDD2D54C62D9E3BF338C1C4 +Operation = DECRYPT +Plaintext = F69F2445DF4F9B17AD2B417BE66C3710 +Ciphertext = 5953ADCE14DB8C7F39F1BD39F359BFFA + + +# For all OFB encrypts and decrypts, the transformed sequence is +# CAMELLIA-bits-OFB:key:IV/output':plaintext:ciphertext:encdec +# OFB-CAMELLIA128.Encrypt +Cipher = CAMELLIA-128-OFB +Key = 2B7E151628AED2A6ABF7158809CF4F3C +IV = 000102030405060708090A0B0C0D0E0F +Operation = ENCRYPT +Plaintext = 6BC1BEE22E409F96E93D7E117393172A +Ciphertext = 14F7646187817EB586599146B82BD719 + +Cipher = CAMELLIA-128-OFB +Key = 2B7E151628AED2A6ABF7158809CF4F3C +IV = 50FE67CC996D32B6DA0937E99BAFEC60 +Operation = ENCRYPT +Plaintext = AE2D8A571E03AC9C9EB76FAC45AF8E51 +Ciphertext = 25623DB569CA51E01482649977E28D84 + +Cipher = CAMELLIA-128-OFB +Key = 2B7E151628AED2A6ABF7158809CF4F3C +IV = D9A4DADA0892239F6B8B3D7680E15674 +Operation = ENCRYPT +Plaintext = 30C81C46A35CE411E5FBC1191A0A52EF +Ciphertext = C776634A60729DC657D12B9FCA801E98 + +Cipher = CAMELLIA-128-OFB +Key = 2B7E151628AED2A6ABF7158809CF4F3C +IV = A78819583F0308E7A6BF36B1386ABF23 +Operation = ENCRYPT +Plaintext = F69F2445DF4F9B17AD2B417BE66C3710 +Ciphertext = D776379BE0E50825E681DA1A4C980E8E + + +# OFB-CAMELLIA128.Decrypt +Cipher = CAMELLIA-128-OFB +Key = 2B7E151628AED2A6ABF7158809CF4F3C +IV = 000102030405060708090A0B0C0D0E0F +Operation = DECRYPT +Plaintext = 6BC1BEE22E409F96E93D7E117393172A +Ciphertext = 14F7646187817EB586599146B82BD719 + +Cipher = CAMELLIA-128-OFB +Key = 2B7E151628AED2A6ABF7158809CF4F3C +IV = 50FE67CC996D32B6DA0937E99BAFEC60 +Operation = DECRYPT +Plaintext = AE2D8A571E03AC9C9EB76FAC45AF8E51 +Ciphertext = 25623DB569CA51E01482649977E28D84 + +Cipher = CAMELLIA-128-OFB +Key = 2B7E151628AED2A6ABF7158809CF4F3C +IV = D9A4DADA0892239F6B8B3D7680E15674 +Operation = DECRYPT +Plaintext = 30C81C46A35CE411E5FBC1191A0A52EF +Ciphertext = C776634A60729DC657D12B9FCA801E98 + +Cipher = CAMELLIA-128-OFB +Key = 2B7E151628AED2A6ABF7158809CF4F3C +IV = A78819583F0308E7A6BF36B1386ABF23 +Operation = DECRYPT +Plaintext = F69F2445DF4F9B17AD2B417BE66C3710 +Ciphertext = D776379BE0E50825E681DA1A4C980E8E + + +# OFB-CAMELLIA192.Encrypt +Cipher = CAMELLIA-192-OFB +Key = 8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B +IV = 000102030405060708090A0B0C0D0E0F +Operation = ENCRYPT +Plaintext = 6BC1BEE22E409F96E93D7E117393172A +Ciphertext = C832BB9780677DAA82D9B6860DCD565E + +Cipher = CAMELLIA-192-OFB +Key = 8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B +IV = A609B38DF3B1133DDDFF2718BA09565E +Operation = ENCRYPT +Plaintext = AE2D8A571E03AC9C9EB76FAC45AF8E51 +Ciphertext = 8ECEB7D0350D72C7F78562AEBDF99339 + +Cipher = CAMELLIA-192-OFB +Key = 8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B +IV = 52EF01DA52602FE0975F78AC84BF8A50 +Operation = ENCRYPT +Plaintext = 30C81C46A35CE411E5FBC1191A0A52EF +Ciphertext = BDD62DBBB9700846C53B507F544696F0 + +Cipher = CAMELLIA-192-OFB +Key = 8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B +IV = BD5286AC63AABD7EB067AC54B553F71D +Operation = ENCRYPT +Plaintext = F69F2445DF4F9B17AD2B417BE66C3710 +Ciphertext = E28014E046B802F385C4C2E13EAD4A72 + + +# OFB-CAMELLIA192.Decrypt +Cipher = CAMELLIA-192-OFB +Key = 8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B +IV = 000102030405060708090A0B0C0D0E0F +Operation = DECRYPT +Plaintext = 6BC1BEE22E409F96E93D7E117393172A +Ciphertext = C832BB9780677DAA82D9B6860DCD565E + +Cipher = CAMELLIA-192-OFB +Key = 8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B +IV = A609B38DF3B1133DDDFF2718BA09565E +Operation = DECRYPT +Plaintext = AE2D8A571E03AC9C9EB76FAC45AF8E51 +Ciphertext = 8ECEB7D0350D72C7F78562AEBDF99339 + +Cipher = CAMELLIA-192-OFB +Key = 8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B +IV = 52EF01DA52602FE0975F78AC84BF8A50 +Operation = DECRYPT +Plaintext = 30C81C46A35CE411E5FBC1191A0A52EF +Ciphertext = BDD62DBBB9700846C53B507F544696F0 + +Cipher = CAMELLIA-192-OFB +Key = 8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B +IV = BD5286AC63AABD7EB067AC54B553F71D +Operation = DECRYPT +Plaintext = F69F2445DF4F9B17AD2B417BE66C3710 +Ciphertext = E28014E046B802F385C4C2E13EAD4A72 + + +# OFB-CAMELLIA256.Encrypt +Cipher = CAMELLIA-256-OFB +Key = 603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4 +IV = 000102030405060708090A0B0C0D0E0F +Operation = ENCRYPT +Plaintext = 6BC1BEE22E409F96E93D7E117393172A +Ciphertext = CF6107BB0CEA7D7FB1BD31F5E7B06C93 + +Cipher = CAMELLIA-256-OFB +Key = 603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4 +IV = B7BF3A5DF43989DD97F0FA97EBCE2F4A +Operation = ENCRYPT +Plaintext = AE2D8A571E03AC9C9EB76FAC45AF8E51 +Ciphertext = 127AD97E8E3994E4820027D7BA109368 + +Cipher = CAMELLIA-256-OFB +Key = 603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4 +IV = E1C656305ED1A7A6563805746FE03EDC +Operation = ENCRYPT +Plaintext = 30C81C46A35CE411E5FBC1191A0A52EF +Ciphertext = 6BFF6265A6A6B7A535BC65A80B17214E + +Cipher = CAMELLIA-256-OFB +Key = 603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4 +IV = 41635BE625B48AFC1666DD42A09D96E7 +Operation = ENCRYPT +Plaintext = F69F2445DF4F9B17AD2B417BE66C3710 +Ciphertext = 0A4A0404E26AA78A27CB271E8BF3CF20 + + +# OFB-CAMELLIA256.Decrypt +Cipher = CAMELLIA-256-OFB +Key = 603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4 +IV = 000102030405060708090A0B0C0D0E0F +Operation = DECRYPT +Plaintext = 6BC1BEE22E409F96E93D7E117393172A +Ciphertext = CF6107BB0CEA7D7FB1BD31F5E7B06C93 + +Cipher = CAMELLIA-256-OFB +Key = 603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4 +IV = B7BF3A5DF43989DD97F0FA97EBCE2F4A +Operation = DECRYPT +Plaintext = AE2D8A571E03AC9C9EB76FAC45AF8E51 +Ciphertext = 127AD97E8E3994E4820027D7BA109368 + +Cipher = CAMELLIA-256-OFB +Key = 603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4 +IV = E1C656305ED1A7A6563805746FE03EDC +Operation = DECRYPT +Plaintext = 30C81C46A35CE411E5FBC1191A0A52EF +Ciphertext = 6BFF6265A6A6B7A535BC65A80B17214E + +Cipher = CAMELLIA-256-OFB +Key = 603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4 +IV = 41635BE625B48AFC1666DD42A09D96E7 +Operation = DECRYPT +Plaintext = F69F2445DF4F9B17AD2B417BE66C3710 +Ciphertext = 0A4A0404E26AA78A27CB271E8BF3CF20 + + +# Camellia test vectors from RFC5528 +Cipher = CAMELLIA-128-CTR +Key = AE6852F8121067CC4BF7A5765577F39E +IV = 00000030000000000000000000000001 +Operation = ENCRYPT +Plaintext = 53696E676C6520626C6F636B206D7367 +Ciphertext = D09DC29A8214619A20877C76DB1F0B3F + +Cipher = CAMELLIA-128-CTR +Key = 7E24067817FAE0D743D6CE1F32539163 +IV = 006CB6DBC0543B59DA48D90B00000001 +Operation = ENCRYPT +Plaintext = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F +Ciphertext = DBF3C78DC08396D4DA7C907765BBCB442B8E8E0F31F0DCA72C7417E35360E048 + +Cipher = CAMELLIA-128-CTR +Key = 7691BE035E5020A8AC6E618529F9A0DC +IV = 00E0017B27777F3F4A1786F000000001 +Operation = ENCRYPT +Plaintext = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F20212223 +Ciphertext = B19D1FCDCB75EB882F849CE24D85CF739CE64B2B5C9D73F14F2D5D9DCE9889CDDF508696 + +Cipher = CAMELLIA-192-CTR +Key = 16AF5B145FC9F579C175F93E3BFB0EED863D06CCFDB78515 +IV = 0000004836733C147D6D93CB00000001 +Operation = ENCRYPT +Plaintext = 53696E676C6520626C6F636B206D7367 +Ciphertext = 2379399E8A8D2B2B16702FC78B9E9696 + +Cipher = CAMELLIA-192-CTR +Key = 7C5CB2401B3DC33C19E7340819E0F69C678C3DB8E6F6A91A +IV = 0096B03B020C6EADC2CB500D00000001 +Operation = ENCRYPT +Plaintext = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F +Ciphertext = 7DEF34F7A5D0E415674B7FFCAE67C75DD018B86FF23051E056392A99F35A4CED + +Cipher = CAMELLIA-192-CTR +Key = 02BF391EE8ECB159B959617B0965279BF59B60A786D3E0FE +IV = 0007BDFD5CBD60278DCC091200000001 +Operation = ENCRYPT +Plaintext = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F20212223 +Ciphertext = 5710E556E1487A20B5AC0E73F19E4E7876F37FDC91B1EF4D4DADE8E666A64D0ED557AB57 + +Cipher = CAMELLIA-256-CTR +Key = 776BEFF2851DB06F4C8A0542C8696F6C6A81AF1EEC96B4D37FC1D689E6C1C104 +IV = 00000060DB5672C97AA8F0B200000001 +Operation = ENCRYPT +Plaintext = 53696E676C6520626C6F636B206D7367 +Ciphertext = 3401F9C8247EFFCEBD6994714C1BBB11 + +Cipher = CAMELLIA-256-CTR +Key = F6D66D6BD52D59BB0796365879EFF886C66DD51A5B6A99744B50590C87A23884 +IV = 00FAAC24C1585EF15A43D87500000001 +Operation = ENCRYPT +Plaintext = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F +Ciphertext = D6C30392246F7808A83C2B22A8839E45E51CD48A1CDF406EBC9CC2D3AB834108 + +Cipher = CAMELLIA-256-CTR +Key = FF7A617CE69148E4F1726E2F43581DE2AA62D9F805532EDFF1EED687FB54153D +IV = 001CC5B751A51D70A1C1114800000001 +Operation = ENCRYPT +Plaintext = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F20212223 +Ciphertext = A4DA23FCE6A5FFAA6D64AE9A0652A42CD161A34B65F9679F75C01F101F71276F15EF0D8D + +# SEED test vectors from RFC4269 +Cipher = SEED-ECB +Key = 00000000000000000000000000000000 +Operation = DECRYPT +Plaintext = 000102030405060708090A0B0C0D0E0F +Ciphertext = 5EBAC6E0054E166819AFF1CC6D346CDB + +Cipher = SEED-ECB +Key = 000102030405060708090A0B0C0D0E0F +Operation = DECRYPT +Plaintext = 00000000000000000000000000000000 +Ciphertext = C11F22F20140505084483597E4370F43 + +Cipher = SEED-ECB +Key = 4706480851E61BE85D74BFB3FD956185 +Operation = DECRYPT +Plaintext = 83A2F8A288641FB9A4E9A5CC2F131C7D +Ciphertext = EE54D13EBCAE706D226BC3142CD40D4A + +Cipher = SEED-ECB +Key = 28DBC3BC49FFD87DCFA509B11D422BE7 +Operation = DECRYPT +Plaintext = B41E6BE2EBA84A148E2EED84593C5EC7 +Ciphertext = 9B9B7BFCD1813CB95D0B3618F40F5122 + +Cipher = SEED-ECB +Key = 00000000000000000000000000000000 +Operation = ENCRYPT +Plaintext = 000102030405060708090A0B0C0D0E0F +Ciphertext = 5EBAC6E0054E166819AFF1CC6D346CDB + +Cipher = SEED-ECB +Key = 000102030405060708090A0B0C0D0E0F +Operation = ENCRYPT +Plaintext = 00000000000000000000000000000000 +Ciphertext = C11F22F20140505084483597E4370F43 + +Cipher = SEED-ECB +Key = 4706480851E61BE85D74BFB3FD956185 +Operation = ENCRYPT +Plaintext = 83A2F8A288641FB9A4E9A5CC2F131C7D +Ciphertext = EE54D13EBCAE706D226BC3142CD40D4A + +Cipher = SEED-ECB +Key = 28DBC3BC49FFD87DCFA509B11D422BE7 +Operation = ENCRYPT +Plaintext = B41E6BE2EBA84A148E2EED84593C5EC7 +Ciphertext = 9B9B7BFCD1813CB95D0B3618F40F5122 + + +# AES CCM 256 bit key +Cipher = aes-256-ccm +Key = 1bde3251d41a8b5ea013c195ae128b218b3e0306376357077ef1c1c78548b92e +IV = 5b8e40746f6b98e00f1d13ff41 +AAD = c17a32514eb6103f3249e076d4c871dc97e04b286699e54491dc18f6d734d4c0 +Tag = 2024931d73bca480c24a24ece6b6c2bf +Plaintext = 53bd72a97089e312422bf72e242377b3c6ee3e2075389b999c4ef7f28bd2b80a +Ciphertext = 9a5fcccdb4cf04e7293d2775cc76a488f042382d949b43b7d6bb2b9864786726 + +Cipher = aes-256-ccm +Key = 1bde3251d41a8b5ea013c195ae128b218b3e0306376357077ef1c1c78548b92e +IV = 5b8e40746f6b98e00f1d13ff41 +AAD = c17a32514eb6103f3249e076d4c871dc97e04b286699e54491dc18f6d734d4c0 +Tag = 2024931d73bca480c24a24ece6b6c2be +Plaintext = 53bd72a97089e312422bf72e242377b3c6ee3e2075389b999c4ef7f28bd2b80a +Ciphertext = 9a5fcccdb4cf04e7293d2775cc76a488f042382d949b43b7d6bb2b9864786726 +Operation = DECRYPT +Result = CIPHERUPDATE_ERROR + +# AES GCM test vectors from http://csrc.nist.gov/groups/ST/toolkit/BCM/documents/proposedmodes/gcm/gcm-spec.pdf +Cipher = aes-128-gcm +Key = 00000000000000000000000000000000 +IV = 000000000000000000000000 +AAD = +Tag = 58e2fccefa7e3061367f1d57a4e7455a +Plaintext = +Ciphertext = + +Cipher = aes-128-gcm +Key = 00000000000000000000000000000000 +IV = 000000000000000000000000 +AAD = +Tag = ab6e47d42cec13bdf53a67b21257bddf +Plaintext = 00000000000000000000000000000000 +Ciphertext = 0388dace60b6a392f328c2b971b2fe78 + +Cipher = aes-128-gcm +Key = feffe9928665731c6d6a8f9467308308 +IV = cafebabefacedbaddecaf888 +AAD = +Tag = 4d5c2af327cd64a62cf35abd2ba6fab4 +Plaintext = d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c95956809532fcf0e2449a6b525b16aedf5aa0de657ba637b391aafd255 +Ciphertext = 42831ec2217774244b7221b784d0d49ce3aa212f2c02a4e035c17e2329aca12e21d514b25466931c7d8f6a5aac84aa051ba30b396a0aac973d58e091473f5985 + +Cipher = aes-128-gcm +Key = feffe9928665731c6d6a8f9467308308 +IV = cafebabefacedbaddecaf888 +AAD = feedfacedeadbeeffeedfacedeadbeefabaddad2 +Tag = 5bc94fbc3221a5db94fae95ae7121a47 +Plaintext = d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c95956809532fcf0e2449a6b525b16aedf5aa0de657ba637b39 +Ciphertext = 42831ec2217774244b7221b784d0d49ce3aa212f2c02a4e035c17e2329aca12e21d514b25466931c7d8f6a5aac84aa051ba30b396a0aac973d58e091 + +Cipher = aes-128-gcm +Key = feffe9928665731c6d6a8f9467308308 +IV = cafebabefacedbad +AAD = feedfacedeadbeeffeedfacedeadbeefabaddad2 +Tag = 3612d2e79e3b0785561be14aaca2fccb +Plaintext = d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c95956809532fcf0e2449a6b525b16aedf5aa0de657ba637b39 +Ciphertext = 61353b4c2806934a777ff51fa22a4755699b2a714fcdc6f83766e5f97b6c742373806900e49f24b22b097544d4896b424989b5e1ebac0f07c23f4598 + +Cipher = aes-128-gcm +Key = feffe9928665731c6d6a8f9467308308 +IV = 9313225df88406e555909c5aff5269aa6a7a9538534f7da1e4c303d2a318a728c3c0c95156809539fcf0e2429a6b525416aedbf5a0de6a57a637b39b +AAD = feedfacedeadbeeffeedfacedeadbeefabaddad2 +Tag = 619cc5aefffe0bfa462af43c1699d050 +Plaintext = d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c95956809532fcf0e2449a6b525b16aedf5aa0de657ba637b39 +Ciphertext = 8ce24998625615b603a033aca13fb894be9112a5c3a211a8ba262a3cca7e2ca701e4a9a4fba43c90ccdcb281d48c7c6fd62875d2aca417034c34aee5 + +Cipher = aes-128-gcm +Key = feffe9928665731c6d6a8f9467308308 +IV = 9313225df88406e555909c5aff5269aa6a7a9538534f7da1e4c303d2a318a728c3c0c95156809539fcf0e2429a6b525416aedbf5a0de6a57a637b39b +AAD = feedfacedeadbeeffeedfacedeadbeefabaddad2 +Tag = 619cc5aefffe0bfa462af43c1699d051 +Plaintext = d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c95956809532fcf0e2449a6b525b16aedf5aa0de657ba637b39 +Ciphertext = 8ce24998625615b603a033aca13fb894be9112a5c3a211a8ba262a3cca7e2ca701e4a9a4fba43c90ccdcb281d48c7c6fd62875d2aca417034c34aee5 +Operation = DECRYPT +Result = CIPHERFINAL_ERROR + +Cipher = aes-192-gcm +Key = 000000000000000000000000000000000000000000000000 +IV = 000000000000000000000000 +AAD = +Tag = cd33b28ac773f74ba00ed1f312572435 +Plaintext = +Ciphertext = + +Cipher = aes-192-gcm +Key = 000000000000000000000000000000000000000000000000 +IV = 000000000000000000000000 +AAD = +Tag = 2ff58d80033927ab8ef4d4587514f0fb +Plaintext = 00000000000000000000000000000000 +Ciphertext = 98e7247c07f0fe411c267e4384b0f600 + +Cipher = aes-192-gcm +Key = feffe9928665731c6d6a8f9467308308feffe9928665731c +IV = cafebabefacedbaddecaf888 +AAD = +Tag = 9924a7c8587336bfb118024db8674a14 +Plaintext = d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c95956809532fcf0e2449a6b525b16aedf5aa0de657ba637b391aafd255 +Ciphertext = 3980ca0b3c00e841eb06fac4872a2757859e1ceaa6efd984628593b40ca1e19c7d773d00c144c525ac619d18c84a3f4718e2448b2fe324d9ccda2710acade256 + +Cipher = aes-192-gcm +Key = feffe9928665731c6d6a8f9467308308feffe9928665731c +IV = cafebabefacedbaddecaf888 +AAD = feedfacedeadbeeffeedfacedeadbeefabaddad2 +Tag = 2519498e80f1478f37ba55bd6d27618c +Plaintext = d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c95956809532fcf0e2449a6b525b16aedf5aa0de657ba637b39 +Ciphertext = 3980ca0b3c00e841eb06fac4872a2757859e1ceaa6efd984628593b40ca1e19c7d773d00c144c525ac619d18c84a3f4718e2448b2fe324d9ccda2710 + +Cipher = aes-192-gcm +Key = feffe9928665731c6d6a8f9467308308feffe9928665731c +IV = cafebabefacedbad +AAD = feedfacedeadbeeffeedfacedeadbeefabaddad2 +Tag = 65dcc57fcf623a24094fcca40d3533f8 +Plaintext = d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c95956809532fcf0e2449a6b525b16aedf5aa0de657ba637b39 +Ciphertext = 0f10f599ae14a154ed24b36e25324db8c566632ef2bbb34f8347280fc4507057fddc29df9a471f75c66541d4d4dad1c9e93a19a58e8b473fa0f062f7 + +Cipher = aes-192-gcm +Key = feffe9928665731c6d6a8f9467308308feffe9928665731c +IV = 9313225df88406e555909c5aff5269aa6a7a9538534f7da1e4c303d2a318a728c3c0c95156809539fcf0e2429a6b525416aedbf5a0de6a57a637b39b +AAD = feedfacedeadbeeffeedfacedeadbeefabaddad2 +Tag = dcf566ff291c25bbb8568fc3d376a6d9 +Plaintext = d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c95956809532fcf0e2449a6b525b16aedf5aa0de657ba637b39 +Ciphertext = d27e88681ce3243c4830165a8fdcf9ff1de9a1d8e6b447ef6ef7b79828666e4581e79012af34ddd9e2f037589b292db3e67c036745fa22e7e9b7373b + +Cipher = aes-192-gcm +Key = feffe9928665731c6d6a8f9467308308feffe9928665731c +IV = 9313225df88406e555909c5aff5269aa6a7a9538534f7da1e4c303d2a318a728c3c0c95156809539fcf0e2429a6b525416aedbf5a0de6a57a637b39b +AAD = feedfacedeadbeeffeedfacedeadbeefabaddad2 +Tag = dcf566ff291c25bbb8568fc3d376a6d8 +Plaintext = d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c95956809532fcf0e2449a6b525b16aedf5aa0de657ba637b39 +Ciphertext = d27e88681ce3243c4830165a8fdcf9ff1de9a1d8e6b447ef6ef7b79828666e4581e79012af34ddd9e2f037589b292db3e67c036745fa22e7e9b7373b +Operation = DECRYPT +Result = CIPHERFINAL_ERROR + +Cipher = aes-256-gcm +Key = 0000000000000000000000000000000000000000000000000000000000000000 +IV = 000000000000000000000000 +AAD = +Tag = 530f8afbc74536b9a963b4f1c4cb738b +Plaintext = +Ciphertext = + +Cipher = aes-256-gcm +Key = 0000000000000000000000000000000000000000000000000000000000000000 +IV = 000000000000000000000000 +AAD = +Tag = d0d1c8a799996bf0265b98b5d48ab919 +Plaintext = 00000000000000000000000000000000 +Ciphertext = cea7403d4d606b6e074ec5d3baf39d18 + +Cipher = aes-256-gcm +Key = feffe9928665731c6d6a8f9467308308feffe9928665731c6d6a8f9467308308 +IV = cafebabefacedbaddecaf888 +AAD = +Tag = b094dac5d93471bdec1a502270e3cc6c +Plaintext = d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c95956809532fcf0e2449a6b525b16aedf5aa0de657ba637b391aafd255 +Ciphertext = 522dc1f099567d07f47f37a32a84427d643a8cdcbfe5c0c97598a2bd2555d1aa8cb08e48590dbb3da7b08b1056828838c5f61e6393ba7a0abcc9f662898015ad + +Cipher = aes-256-gcm +Key = feffe9928665731c6d6a8f9467308308feffe9928665731c6d6a8f9467308308 +IV = cafebabefacedbaddecaf888 +AAD = feedfacedeadbeeffeedfacedeadbeefabaddad2 +Tag = 76fc6ece0f4e1768cddf8853bb2d551b +Plaintext = d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c95956809532fcf0e2449a6b525b16aedf5aa0de657ba637b39 +Ciphertext = 522dc1f099567d07f47f37a32a84427d643a8cdcbfe5c0c97598a2bd2555d1aa8cb08e48590dbb3da7b08b1056828838c5f61e6393ba7a0abcc9f662 + +Cipher = aes-256-gcm +Key = feffe9928665731c6d6a8f9467308308feffe9928665731c6d6a8f9467308308 +IV = cafebabefacedbad +AAD = feedfacedeadbeeffeedfacedeadbeefabaddad2 +Tag = 3a337dbf46a792c45e454913fe2ea8f2 +Plaintext = d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c95956809532fcf0e2449a6b525b16aedf5aa0de657ba637b39 +Ciphertext = c3762df1ca787d32ae47c13bf19844cbaf1ae14d0b976afac52ff7d79bba9de0feb582d33934a4f0954cc2363bc73f7862ac430e64abe499f47c9b1f + +Cipher = aes-256-gcm +Key = feffe9928665731c6d6a8f9467308308feffe9928665731c6d6a8f9467308308 +IV = 9313225df88406e555909c5aff5269aa6a7a9538534f7da1e4c303d2a318a728c3c0c95156809539fcf0e2429a6b525416aedbf5a0de6a57a637b39b +AAD = feedfacedeadbeeffeedfacedeadbeefabaddad2 +Tag = a44a8266ee1c8eb0c8b5d4cf5ae9f19a +Plaintext = d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c95956809532fcf0e2449a6b525b16aedf5aa0de657ba637b39 +Ciphertext = 5a8def2f0c9e53f1f75d7853659e2a20eeb2b22aafde6419a058ab4f6f746bf40fc0c3b780f244452da3ebf1c5d82cdea2418997200ef82e44ae7e3f + +Cipher = aes-256-gcm +Key = feffe9928665731c6d6a8f9467308308feffe9928665731c6d6a8f9467308308 +IV = 9313225df88406e555909c5aff5269aa6a7a9538534f7da1e4c303d2a318a728c3c0c95156809539fcf0e2429a6b525416aedbf5a0de6a57a637b39b +AAD = feedfacedeadbeeffeedfacedeadbeefabaddad2 +Tag = a44a8266ee1c8eb0c8b5d4cf5ae9f19b +Plaintext = d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c95956809532fcf0e2449a6b525b16aedf5aa0de657ba637b39 +Ciphertext = 5a8def2f0c9e53f1f75d7853659e2a20eeb2b22aafde6419a058ab4f6f746bf40fc0c3b780f244452da3ebf1c5d82cdea2418997200ef82e44ae7e3f +Operation = DECRYPT +Result = CIPHERFINAL_ERROR + +# local add-ons, primarily streaming ghash tests +# 128 bytes aad +Cipher = aes-128-gcm +Key = 00000000000000000000000000000000 +IV = 000000000000000000000000 +AAD = d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c95956809532fcf0e2449a6b525b16aedf5aa0de657ba637b391aafd255522dc1f099567d07f47f37a32a84427d643a8cdcbfe5c0c97598a2bd2555d1aa8cb08e48590dbb3da7b08b1056828838c5f61e6393ba7a0abcc9f662898015ad +Tag = 5fea793a2d6f974d37e68e0cb8ff9492 +Plaintext = +Ciphertext = + +# 48 bytes plaintext +Cipher = aes-128-gcm +Key = 00000000000000000000000000000000 +IV = 000000000000000000000000 +AAD = +Tag = 9dd0a376b08e40eb00c35f29f9ea61a4 +Plaintext = 000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 +Ciphertext = 0388dace60b6a392f328c2b971b2fe78f795aaab494b5923f7fd89ff948bc1e0200211214e7394da2089b6acd093abe0 + +# 80 bytes plaintext +Cipher = aes-128-gcm +Key = 00000000000000000000000000000000 +IV = 000000000000000000000000 +AAD = +Tag = 98885a3a22bd4742fe7b72172193b163 +Plaintext = 0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 +Ciphertext = 0388dace60b6a392f328c2b971b2fe78f795aaab494b5923f7fd89ff948bc1e0200211214e7394da2089b6acd093abe0c94da219118e297d7b7ebcbcc9c388f28ade7d85a8ee35616f7124a9d5270291 + +# 128 bytes plaintext +Cipher = aes-128-gcm +Key = 00000000000000000000000000000000 +IV = 000000000000000000000000 +AAD = +Tag = cac45f60e31efd3b5a43b98a22ce1aa1 +Plaintext = 0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 +Ciphertext = 0388dace60b6a392f328c2b971b2fe78f795aaab494b5923f7fd89ff948bc1e0200211214e7394da2089b6acd093abe0c94da219118e297d7b7ebcbcc9c388f28ade7d85a8ee35616f7124a9d527029195b84d1b96c690ff2f2de30bf2ec89e00253786e126504f0dab90c48a30321de3345e6b0461e7c9e6c6b7afedde83f40 + +# 192 bytes plaintext, iv is chosen so that initial counter LSB is 0xFF +Cipher = aes-128-gcm +Key = 00000000000000000000000000000000 +IV = ffffffff000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 +AAD = +Tag = 566f8ef683078bfdeeffa869d751a017 +Plaintext = 000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 +Ciphertext = 56b3373ca9ef6e4a2b64fe1e9a17b61425f10d47a75a5fce13efc6bc784af24f4141bdd48cf7c770887afd573cca5418a9aeffcd7c5ceddfc6a78397b9a85b499da558257267caab2ad0b23ca476a53cb17fb41c4b8b475cb4f3f7165094c229c9e8c4dc0a2a5ff1903e501511221376a1cdb8364c5061a20cae74bc4acd76ceb0abc9fd3217ef9f8c90be402ddf6d8697f4f880dff15bfb7a6b28241ec8fe183c2d59e3f9dfff653c7126f0acb9e64211f42bae12af462b1070bef1ab5e3606 + +# 240 bytes plaintext, iv is chosen so that initial counter LSB is 0xFF +Cipher = aes-128-gcm +Key = 00000000000000000000000000000000 +IV = ffffffff000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 +AAD = +Tag = fd0c7011ff07f0071324bdfb2d0f3a29 +Plaintext = 000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 +Ciphertext = 56b3373ca9ef6e4a2b64fe1e9a17b61425f10d47a75a5fce13efc6bc784af24f4141bdd48cf7c770887afd573cca5418a9aeffcd7c5ceddfc6a78397b9a85b499da558257267caab2ad0b23ca476a53cb17fb41c4b8b475cb4f3f7165094c229c9e8c4dc0a2a5ff1903e501511221376a1cdb8364c5061a20cae74bc4acd76ceb0abc9fd3217ef9f8c90be402ddf6d8697f4f880dff15bfb7a6b28241ec8fe183c2d59e3f9dfff653c7126f0acb9e64211f42bae12af462b1070bef1ab5e3606872ca10dee15b3249b1a1b958f23134c4bccb7d03200bce420a2f8eb66dcf3644d1423c1b5699003c13ecef4bf38a3b6 + +# 288 bytes plaintext, iv is chosen so that initial counter LSB is 0xFF +Cipher = aes-128-gcm +Key = 00000000000000000000000000000000 +IV = ffffffff000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 +AAD = +Tag = 8b307f6b33286d0ab026a9ed3fe1e85f +Plaintext = 000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 +Ciphertext = 56b3373ca9ef6e4a2b64fe1e9a17b61425f10d47a75a5fce13efc6bc784af24f4141bdd48cf7c770887afd573cca5418a9aeffcd7c5ceddfc6a78397b9a85b499da558257267caab2ad0b23ca476a53cb17fb41c4b8b475cb4f3f7165094c229c9e8c4dc0a2a5ff1903e501511221376a1cdb8364c5061a20cae74bc4acd76ceb0abc9fd3217ef9f8c90be402ddf6d8697f4f880dff15bfb7a6b28241ec8fe183c2d59e3f9dfff653c7126f0acb9e64211f42bae12af462b1070bef1ab5e3606872ca10dee15b3249b1a1b958f23134c4bccb7d03200bce420a2f8eb66dcf3644d1423c1b5699003c13ecef4bf38a3b60eedc34033bac1902783dc6d89e2e774188a439c7ebcc0672dbda4ddcfb2794613b0be41315ef778708a70ee7d75165c + +# 80 bytes plaintext, submitted by Intel +Cipher = aes-128-gcm +Key = 843ffcf5d2b72694d19ed01d01249412 +IV = dbcca32ebf9b804617c3aa9e +AAD = 00000000000000000000000000000000101112131415161718191a1b1c1d1e1f +Tag = 3b629ccfbc1119b7319e1dce2cd6fd6d +Plaintext = 000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f404142434445464748494a4b4c4d4e4f +Ciphertext = 6268c6fa2a80b2d137467f092f657ac04d89be2beaa623d61b5a868c8f03ff95d3dcee23ad2f1ab3a6c80eaf4b140eb05de3457f0fbc111a6b43d0763aa422a3013cf1dc37fe417d1fbfc449b75d4cc5 + +#AES OCB Test vectors +Cipher = aes-128-ocb +Key = 000102030405060708090A0B0C0D0E0F +IV = 000102030405060708090A0B +AAD = +Tag = 197B9C3C441D3C83EAFB2BEF633B9182 +Plaintext = +Ciphertext = + +Cipher = aes-128-ocb +Key = 000102030405060708090A0B0C0D0E0F +IV = 000102030405060708090A0B +AAD = 0001020304050607 +Tag = 16DC76A46D47E1EAD537209E8A96D14E +Plaintext = 0001020304050607 +Ciphertext = 92B657130A74B85A + +Cipher = aes-128-ocb +Key = 000102030405060708090A0B0C0D0E0F +IV = 000102030405060708090A0B +AAD = 0001020304050607 +Tag = 98B91552C8C009185044E30A6EB2FE21 +Plaintext = +Ciphertext = + +Cipher = aes-128-ocb +Key = 000102030405060708090A0B0C0D0E0F +IV = 000102030405060708090A0B +AAD = +Tag = 971EFFCAE19AD4716F88E87B871FBEED +Plaintext = 0001020304050607 +Ciphertext = 92B657130A74B85A + +Cipher = aes-128-ocb +Key = 000102030405060708090A0B0C0D0E0F +IV = 000102030405060708090A0B +AAD = 000102030405060708090A0B0C0D0E0F +Tag = 776C9924D6723A1FC4524532AC3E5BEB +Plaintext = 000102030405060708090A0B0C0D0E0F +Ciphertext = BEA5E8798DBE7110031C144DA0B26122 + +Cipher = aes-128-ocb +Key = 000102030405060708090A0B0C0D0E0F +IV = 000102030405060708090A0B +AAD = 000102030405060708090A0B0C0D0E0F +Tag = 7DDB8E6CEA6814866212509619B19CC6 +Plaintext = +Ciphertext = + +Cipher = aes-128-ocb +Key = 000102030405060708090A0B0C0D0E0F +IV = 000102030405060708090A0B +AAD = +Tag = 13CC8B747807121A4CBB3E4BD6B456AF +Plaintext = 000102030405060708090A0B0C0D0E0F +Ciphertext = BEA5E8798DBE7110031C144DA0B26122 + +Cipher = aes-128-ocb +Key = 000102030405060708090A0B0C0D0E0F +IV = 000102030405060708090A0B +AAD = 000102030405060708090A0B0C0D0E0F1011121314151617 +Tag = 5FA94FC3F38820F1DC3F3D1FD4E55E1C +Plaintext = 000102030405060708090A0B0C0D0E0F1011121314151617 +Ciphertext = BEA5E8798DBE7110031C144DA0B26122FCFCEE7A2A8D4D48 + +Cipher = aes-128-ocb +Key = 000102030405060708090A0B0C0D0E0F +IV = 000102030405060708090A0B +AAD = 000102030405060708090A0B0C0D0E0F1011121314151617 +Tag = 282026DA3068BC9FA118681D559F10F6 +Plaintext = +Ciphertext = + +Cipher = aes-128-ocb +Key = 000102030405060708090A0B0C0D0E0F +IV = 000102030405060708090A0B +AAD = +Tag = 6EF2F52587FDA0ED97DC7EEDE241DF68 +Plaintext = 000102030405060708090A0B0C0D0E0F1011121314151617 +Ciphertext = BEA5E8798DBE7110031C144DA0B26122FCFCEE7A2A8D4D48 + +Cipher = aes-128-ocb +Key = 000102030405060708090A0B0C0D0E0F +IV = 000102030405060708090A0B +AAD = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F +Tag = B2A040DD3BD5164372D76D7BB6824240 +Plaintext = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F +Ciphertext = BEA5E8798DBE7110031C144DA0B26122CEAAB9B05DF771A657149D53773463CB + +Cipher = aes-128-ocb +Key = 000102030405060708090A0B0C0D0E0F +IV = 000102030405060708090A0B +AAD = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F +Tag = E1E072633BADE51A60E85951D9C42A1B +Plaintext = +Ciphertext = + +Cipher = aes-128-ocb +Key = 000102030405060708090A0B0C0D0E0F +IV = 000102030405060708090A0B +AAD = +Tag = 4A3BAE824465CFDAF8C41FC50C7DF9D9 +Plaintext = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F +Ciphertext = BEA5E8798DBE7110031C144DA0B26122CEAAB9B05DF771A657149D53773463CB + +Cipher = aes-128-ocb +Key = 000102030405060708090A0B0C0D0E0F +IV = 000102030405060708090A0B +AAD = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F2021222324252627 +Tag = 659C623211DEEA0DE30D2C381879F4C8 +Plaintext = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F2021222324252627 +Ciphertext = BEA5E8798DBE7110031C144DA0B26122CEAAB9B05DF771A657149D53773463CB68C65778B058A635 + +Cipher = aes-128-ocb +Key = 000102030405060708090A0B0C0D0E0F +IV = 000102030405060708090A0B +AAD = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F2021222324252627 +Tag = 7AEB7A69A1687DD082CA27B0D9A37096 +Plaintext = +Ciphertext = + +Cipher = aes-128-ocb +Key = 000102030405060708090A0B0C0D0E0F +IV = 000102030405060708090A0B +AAD = +Tag = 060C8467F4ABAB5E8B3C2067A2E115DC +Plaintext = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F2021222324252627 +Ciphertext = BEA5E8798DBE7110031C144DA0B26122CEAAB9B05DF771A657149D53773463CB68C65778B058A635 + +#AES OCB Non standard test vectors - generated from reference implementation +Cipher = aes-128-ocb +Key = 000102030405060708090A0B0C0D0E0F +IV = 000102030405060708090A0B +AAD = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F2021222324252627 +Tag = 1b6c44f34e3abb3cbf8976e7 +Plaintext = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F2021222324252627 +Ciphertext = 09a4fd29de949d9a9aa9924248422097ad4883b4713e6c214ff6567ada08a96766fc4e2ee3e3a5a1 + +Cipher = aes-128-ocb +Key = 000102030405060708090A0B0C0D0E0F +IV = 000102030405060708090A0B0C0D0E +AAD = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F2021222324252627 +Tag = 1ad62009901f40cba7cd7156f94a7324 +Plaintext = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F2021222324252627 +Ciphertext = 5e2fa7367ffbdb3938845cfd415fcc71ec79634eb31451609d27505f5e2978f43c44213d8fa441ee + +Cipher = aes-128-ocb +Key = 000102030405060708090A0B0C0D0E0F +IV = 000102030405060708090A0B +AAD = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F2021222324252627 +Tag = C203F98CE28F7DAD3F31C021 +Plaintext = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F3031 +Ciphertext = 09A4FD29DE949D9A9AA9924248422097AD4883B4713E6C214FF6567ADA08A967B2176C12F110DD441B7CAA3A509B13C822D6 + +Cipher = aes-128-ocb +Key = 000102030405060708090A0B0C0D0E0F +IV = 000102030405060708090A0B +AAD = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F2021222324252627 +Tag = 8346D7D47C5D893ED472F5AB +Plaintext = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E3F4041 +Ciphertext = 09A4FD29DE949D9A9AA9924248422097AD4883B4713E6C214FF6567ADA08A967B2176C12F110DD441B7CAA3A509B13C86A023AFCEE998BEE42028D44507B15F714FF + +Cipher = aes-128-ocb +Key = 000102030405060708090A0B0C0D0E0F +IV = 000102030405060708090A0B +AAD = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F2021222324252627 +Tag = 5822A9A70FDF55D29D2984A6 +Plaintext = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E3F404142434445464748494A4B4C4D4E4F5051 +Ciphertext = 09A4FD29DE949D9A9AA9924248422097AD4883B4713E6C214FF6567ADA08A967B2176C12F110DD441B7CAA3A509B13C86A023AFCEE998BEE42028D44507B15F77C528A1DE6406B519BCEE8FCB8294170634D + +Cipher = aes-128-ocb +Key = 000102030405060708090A0B0C0D0E0F +IV = 000102030405060708090A0B +AAD = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F2021222324252627 +Tag = 81772B6741ABB4ECA9D2DEB2 +Plaintext = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E3F404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F6061 +Ciphertext = 09A4FD29DE949D9A9AA9924248422097AD4883B4713E6C214FF6567ADA08A967B2176C12F110DD441B7CAA3A509B13C86A023AFCEE998BEE42028D44507B15F77C528A1DE6406B519BCEE8FCB829417001E54E15A7576C4DF32366E0F439C7050FAA + +Cipher = aes-128-ocb +Key = 000102030405060708090A0B0C0D0E0F +IV = 000102030405060708090A0B +AAD = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F2021222324252627 +Tag = 3E52A01D068DE85456DB03B7 +Plaintext = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E3F404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F606162636465666768696A6B6C6D6E6F7071 +Ciphertext = 09A4FD29DE949D9A9AA9924248422097AD4883B4713E6C214FF6567ADA08A967B2176C12F110DD441B7CAA3A509B13C86A023AFCEE998BEE42028D44507B15F77C528A1DE6406B519BCEE8FCB829417001E54E15A7576C4DF32366E0F439C7051CB4824B8114E9A720CBC1CE0185B156B486 + +Cipher = aes-128-ocb +Key = 000102030405060708090A0B0C0D0E0F +IV = 000102030405060708090A0B +AAD = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F2021222324252627 +Tag = 3E52A01D068DE85456DB03B6 +Plaintext = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E3F404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F606162636465666768696A6B6C6D6E6F7071 +Ciphertext = 09A4FD29DE949D9A9AA9924248422097AD4883B4713E6C214FF6567ADA08A967B2176C12F110DD441B7CAA3A509B13C86A023AFCEE998BEE42028D44507B15F77C528A1DE6406B519BCEE8FCB829417001E54E15A7576C4DF32366E0F439C7051CB4824B8114E9A720CBC1CE0185B156B486 +Operation = DECRYPT +Result = CIPHERFINAL_ERROR + +# AES XTS test vectors from IEEE Std 1619-2007 +Cipher = aes-128-xts +Key = 0000000000000000000000000000000000000000000000000000000000000000 +IV = 00000000000000000000000000000000 +Plaintext = 0000000000000000000000000000000000000000000000000000000000000000 +Ciphertext = 917cf69ebd68b2ec9b9fe9a3eadda692cd43d2f59598ed858c02c2652fbf922e + +Cipher = aes-128-xts +Key = 1111111111111111111111111111111122222222222222222222222222222222 +IV = 33333333330000000000000000000000 +Plaintext = 4444444444444444444444444444444444444444444444444444444444444444 +Ciphertext = c454185e6a16936e39334038acef838bfb186fff7480adc4289382ecd6d394f0 + +Cipher = aes-128-xts +Key = fffefdfcfbfaf9f8f7f6f5f4f3f2f1f022222222222222222222222222222222 +IV = 33333333330000000000000000000000 +Plaintext = 4444444444444444444444444444444444444444444444444444444444444444 +Ciphertext = af85336b597afc1a900b2eb21ec949d292df4c047e0b21532186a5971a227a89 + +Cipher = aes-128-xts +Key = 2718281828459045235360287471352631415926535897932384626433832795 +IV = 00000000000000000000000000000000 +Plaintext = 000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f404142434445464748494a4b4c4d4e4f505152535455565758595a5b5c5d5e5f606162636465666768696a6b6c6d6e6f707172737475767778797a7b7c7d7e7f808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9fa0a1a2a3a4a5a6a7a8a9aaabacadaeafb0b1b2b3b4b5b6b7b8b9babbbcbdbebfc0c1c2c3c4c5c6c7c8c9cacbcccdcecfd0d1d2d3d4d5d6d7d8d9dadbdcdddedfe0e1e2e3e4e5e6e7e8e9eaebecedeeeff0f1f2f3f4f5f6f7f8f9fafbfcfdfeff000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f404142434445464748494a4b4c4d4e4f505152535455565758595a5b5c5d5e5f606162636465666768696a6b6c6d6e6f707172737475767778797a7b7c7d7e7f808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9fa0a1a2a3a4a5a6a7a8a9aaabacadaeafb0b1b2b3b4b5b6b7b8b9babbbcbdbebfc0c1c2c3c4c5c6c7c8c9cacbcccdcecfd0d1d2d3d4d5d6d7d8d9dadbdcdddedfe0e1e2e3e4e5e6e7e8e9eaebecedeeeff0f1f2f3f4f5f6f7f8f9fafbfcfdfeff +Ciphertext = 27a7479befa1d476489f308cd4cfa6e2a96e4bbe3208ff25287dd3819616e89cc78cf7f5e543445f8333d8fa7f56000005279fa5d8b5e4ad40e736ddb4d35412328063fd2aab53e5ea1e0a9f332500a5df9487d07a5c92cc512c8866c7e860ce93fdf166a24912b422976146ae20ce846bb7dc9ba94a767aaef20c0d61ad02655ea92dc4c4e41a8952c651d33174be51a10c421110e6d81588ede82103a252d8a750e8768defffed9122810aaeb99f9172af82b604dc4b8e51bcb08235a6f4341332e4ca60482a4ba1a03b3e65008fc5da76b70bf1690db4eae29c5f1badd03c5ccf2a55d705ddcd86d449511ceb7ec30bf12b1fa35b913f9f747a8afd1b130e94bff94effd01a91735ca1726acd0b197c4e5b03393697e126826fb6bbde8ecc1e08298516e2c9ed03ff3c1b7860f6de76d4cecd94c8119855ef5297ca67e9f3e7ff72b1e99785ca0a7e7720c5b36dc6d72cac9574c8cbbc2f801e23e56fd344b07f22154beba0f08ce8891e643ed995c94d9a69c9f1b5f499027a78572aeebd74d20cc39881c213ee770b1010e4bea718846977ae119f7a023ab58cca0ad752afe656bb3c17256a9f6e9bf19fdd5a38fc82bbe872c5539edb609ef4f79c203ebb140f2e583cb2ad15b4aa5b655016a8449277dbd477ef2c8d6c017db738b18deb4a427d1923ce3ff262735779a418f20a282df920147beabe421ee5319d0568 + +Cipher = aes-128-xts +Key = 2718281828459045235360287471352631415926535897932384626433832795 +IV = 01000000000000000000000000000000 +Plaintext = 27a7479befa1d476489f308cd4cfa6e2a96e4bbe3208ff25287dd3819616e89cc78cf7f5e543445f8333d8fa7f56000005279fa5d8b5e4ad40e736ddb4d35412328063fd2aab53e5ea1e0a9f332500a5df9487d07a5c92cc512c8866c7e860ce93fdf166a24912b422976146ae20ce846bb7dc9ba94a767aaef20c0d61ad02655ea92dc4c4e41a8952c651d33174be51a10c421110e6d81588ede82103a252d8a750e8768defffed9122810aaeb99f9172af82b604dc4b8e51bcb08235a6f4341332e4ca60482a4ba1a03b3e65008fc5da76b70bf1690db4eae29c5f1badd03c5ccf2a55d705ddcd86d449511ceb7ec30bf12b1fa35b913f9f747a8afd1b130e94bff94effd01a91735ca1726acd0b197c4e5b03393697e126826fb6bbde8ecc1e08298516e2c9ed03ff3c1b7860f6de76d4cecd94c8119855ef5297ca67e9f3e7ff72b1e99785ca0a7e7720c5b36dc6d72cac9574c8cbbc2f801e23e56fd344b07f22154beba0f08ce8891e643ed995c94d9a69c9f1b5f499027a78572aeebd74d20cc39881c213ee770b1010e4bea718846977ae119f7a023ab58cca0ad752afe656bb3c17256a9f6e9bf19fdd5a38fc82bbe872c5539edb609ef4f79c203ebb140f2e583cb2ad15b4aa5b655016a8449277dbd477ef2c8d6c017db738b18deb4a427d1923ce3ff262735779a418f20a282df920147beabe421ee5319d0568 +Ciphertext = 264d3ca8512194fec312c8c9891f279fefdd608d0c027b60483a3fa811d65ee59d52d9e40ec5672d81532b38b6b089ce951f0f9c35590b8b978d175213f329bb1c2fd30f2f7f30492a61a532a79f51d36f5e31a7c9a12c286082ff7d2394d18f783e1a8e72c722caaaa52d8f065657d2631fd25bfd8e5baad6e527d763517501c68c5edc3cdd55435c532d7125c8614deed9adaa3acade5888b87bef641c4c994c8091b5bcd387f3963fb5bc37aa922fbfe3df4e5b915e6eb514717bdd2a74079a5073f5c4bfd46adf7d282e7a393a52579d11a028da4d9cd9c77124f9648ee383b1ac763930e7162a8d37f350b2f74b8472cf09902063c6b32e8c2d9290cefbd7346d1c779a0df50edcde4531da07b099c638e83a755944df2aef1aa31752fd323dcb710fb4bfbb9d22b925bc3577e1b8949e729a90bbafeacf7f7879e7b1147e28ba0bae940db795a61b15ecf4df8db07b824bb062802cc98a9545bb2aaeed77cb3fc6db15dcd7d80d7d5bc406c4970a3478ada8899b329198eb61c193fb6275aa8ca340344a75a862aebe92eee1ce032fd950b47d7704a3876923b4ad62844bf4a09c4dbe8b4397184b7471360c9564880aedddb9baa4af2e75394b08cd32ff479c57a07d3eab5d54de5f9738b8d27f27a9f0ab11799d7b7ffefb2704c95c6ad12c39f1e867a4b7b1d7818a4b753dfd2a89ccb45e001a03a867b187f225dd + +Cipher = aes-128-xts +Key = 2718281828459045235360287471352631415926535897932384626433832795 +IV = 02000000000000000000000000000000 +Plaintext = 264d3ca8512194fec312c8c9891f279fefdd608d0c027b60483a3fa811d65ee59d52d9e40ec5672d81532b38b6b089ce951f0f9c35590b8b978d175213f329bb1c2fd30f2f7f30492a61a532a79f51d36f5e31a7c9a12c286082ff7d2394d18f783e1a8e72c722caaaa52d8f065657d2631fd25bfd8e5baad6e527d763517501c68c5edc3cdd55435c532d7125c8614deed9adaa3acade5888b87bef641c4c994c8091b5bcd387f3963fb5bc37aa922fbfe3df4e5b915e6eb514717bdd2a74079a5073f5c4bfd46adf7d282e7a393a52579d11a028da4d9cd9c77124f9648ee383b1ac763930e7162a8d37f350b2f74b8472cf09902063c6b32e8c2d9290cefbd7346d1c779a0df50edcde4531da07b099c638e83a755944df2aef1aa31752fd323dcb710fb4bfbb9d22b925bc3577e1b8949e729a90bbafeacf7f7879e7b1147e28ba0bae940db795a61b15ecf4df8db07b824bb062802cc98a9545bb2aaeed77cb3fc6db15dcd7d80d7d5bc406c4970a3478ada8899b329198eb61c193fb6275aa8ca340344a75a862aebe92eee1ce032fd950b47d7704a3876923b4ad62844bf4a09c4dbe8b4397184b7471360c9564880aedddb9baa4af2e75394b08cd32ff479c57a07d3eab5d54de5f9738b8d27f27a9f0ab11799d7b7ffefb2704c95c6ad12c39f1e867a4b7b1d7818a4b753dfd2a89ccb45e001a03a867b187f225dd +Ciphertext = fa762a3680b76007928ed4a4f49a9456031b704782e65e16cecb54ed7d017b5e18abd67b338e81078f21edb7868d901ebe9c731a7c18b5e6dec1d6a72e078ac9a4262f860beefa14f4e821018272e411a951502b6e79066e84252c3346f3aa62344351a291d4bedc7a07618bdea2af63145cc7a4b8d4070691ae890cd65733e7946e9021a1dffc4c59f159425ee6d50ca9b135fa6162cea18a939838dc000fb386fad086acce5ac07cb2ece7fd580b00cfa5e98589631dc25e8e2a3daf2ffdec26531659912c9d8f7a15e5865ea8fb5816d6207052bd7128cd743c12c8118791a4736811935eb982a532349e31dd401e0b660a568cb1a4711f552f55ded59f1f15bf7196b3ca12a91e488ef59d64f3a02bf45239499ac6176ae321c4a211ec545365971c5d3f4f09d4eb139bfdf2073d33180b21002b65cc9865e76cb24cd92c874c24c18350399a936ab3637079295d76c417776b94efce3a0ef7206b15110519655c956cbd8b2489405ee2b09a6b6eebe0c53790a12a8998378b33a5b71159625f4ba49d2a2fdba59fbf0897bc7aabd8d707dc140a80f0f309f835d3da54ab584e501dfa0ee977fec543f74186a802b9a37adb3e8291eca04d66520d229e60401e7282bef486ae059aa70696e0e305d777140a7a883ecdcb69b9ff938e8a4231864c69ca2c2043bed007ff3e605e014bcf518138dc3a25c5e236171a2d01d6 + +Cipher = aes-128-xts +Key = 2718281828459045235360287471352631415926535897932384626433832795 +IV = fd000000000000000000000000000000 +Plaintext = 8e41b78c390b5af9d758bb214a67e9f6bf7727b09ac6124084c37611398fa45daad94868600ed391fb1acd4857a95b466e62ef9f4b377244d1c152e7b30d731aad30c716d214b707aed99eb5b5e580b3e887cf7497465651d4b60e6042051da3693c3b78c14489543be8b6ad0ba629565bba202313ba7b0d0c94a3252b676f46cc02ce0f8a7d34c0ed229129673c1f61aed579d08a9203a25aac3a77e9db60267996db38df637356d9dcd1632e369939f2a29d89345c66e05066f1a3677aef18dea4113faeb629e46721a66d0a7e785d3e29af2594eb67dfa982affe0aac058f6e15864269b135418261fc3afb089472cf68c45dd7f231c6249ba0255e1e033833fc4d00a3fe02132d7bc3873614b8aee34273581ea0325c81f0270affa13641d052d36f0757d484014354d02d6883ca15c24d8c3956b1bd027bcf41f151fd8023c5340e5606f37e90fdb87c86fb4fa634b3718a30bace06a66eaf8f63c4aa3b637826a87fe8cfa44282e92cb1615af3a28e53bc74c7cba1a0977be9065d0c1a5dec6c54ae38d37f37aa35283e048e5530a85c4e7a29d7b92ec0c3169cdf2a805c7604bce60049b9fb7b8eaac10f51ae23794ceba68bb58112e293b9b692ca721b37c662f8574ed4dba6f88e170881c82cddc1034a0ca7e284bf0962b6b26292d836fa9f73c1ac770eef0f2d3a1eaf61d3e03555fd424eedd67e18a18094f888 +Ciphertext = d55f684f81f4426e9fde92a5ff02df2ac896af63962888a97910c1379e20b0a3b1db613fb7fe2e07004329ea5c22bfd33e3dbe4cf58cc608c2c26c19a2e2fe22f98732c2b5cb844cc6c0702d91e1d50fc4382a7eba5635cd602432a2306ac4ce82f8d70c8d9bc15f918fe71e74c622d5cf71178bf6e0b9cc9f2b41dd8dbe441c41cd0c73a6dc47a348f6702f9d0e9b1b1431e948e299b9ec2272ab2c5f0c7be86affa5dec87a0bee81d3d50007edaa2bcfccb35605155ff36ed8edd4a40dcd4b243acd11b2b987bdbfaf91a7cac27e9c5aea525ee53de7b2d3332c8644402b823e94a7db26276d2d23aa07180f76b4fd29b9c0823099c9d62c519880aee7e9697617c1497d47bf3e571950311421b6b734d38b0db91eb85331b91ea9f61530f54512a5a52a4bad589eb69781d537f23297bb459bdad2948a29e1550bf4787e0be95bb173cf5fab17dab7a13a052a63453d97ccec1a321954886b7a1299faaeecae35c6eaaca753b041b5e5f093bf83397fd21dd6b3012066fcc058cc32c3b09d7562dee29509b5839392c9ff05f51f3166aaac4ac5f238038a3045e6f72e48ef0fe8bc675e82c318a268e43970271bf119b81bf6a982746554f84e72b9f00280a320a08142923c23c883423ff949827f29bbacdc1ccdb04938ce6098c95ba6b32528f4ef78eed778b2e122ddfd1cbdd11d1c0a6783e011fc536d63d053260637 + +Cipher = aes-128-xts +Key = 2718281828459045235360287471352631415926535897932384626433832795 +IV = fe000000000000000000000000000000 +Plaintext = d55f684f81f4426e9fde92a5ff02df2ac896af63962888a97910c1379e20b0a3b1db613fb7fe2e07004329ea5c22bfd33e3dbe4cf58cc608c2c26c19a2e2fe22f98732c2b5cb844cc6c0702d91e1d50fc4382a7eba5635cd602432a2306ac4ce82f8d70c8d9bc15f918fe71e74c622d5cf71178bf6e0b9cc9f2b41dd8dbe441c41cd0c73a6dc47a348f6702f9d0e9b1b1431e948e299b9ec2272ab2c5f0c7be86affa5dec87a0bee81d3d50007edaa2bcfccb35605155ff36ed8edd4a40dcd4b243acd11b2b987bdbfaf91a7cac27e9c5aea525ee53de7b2d3332c8644402b823e94a7db26276d2d23aa07180f76b4fd29b9c0823099c9d62c519880aee7e9697617c1497d47bf3e571950311421b6b734d38b0db91eb85331b91ea9f61530f54512a5a52a4bad589eb69781d537f23297bb459bdad2948a29e1550bf4787e0be95bb173cf5fab17dab7a13a052a63453d97ccec1a321954886b7a1299faaeecae35c6eaaca753b041b5e5f093bf83397fd21dd6b3012066fcc058cc32c3b09d7562dee29509b5839392c9ff05f51f3166aaac4ac5f238038a3045e6f72e48ef0fe8bc675e82c318a268e43970271bf119b81bf6a982746554f84e72b9f00280a320a08142923c23c883423ff949827f29bbacdc1ccdb04938ce6098c95ba6b32528f4ef78eed778b2e122ddfd1cbdd11d1c0a6783e011fc536d63d053260637 +Ciphertext = 72efc1ebfe1ee25975a6eb3aa8589dda2b261f1c85bdab442a9e5b2dd1d7c3957a16fc08e526d4b1223f1b1232a11af274c3d70dac57f83e0983c498f1a6f1aecb021c3e70085a1e527f1ce41ee5911a82020161529cd82773762daf5459de94a0a82adae7e1703c808543c29ed6fb32d9e004327c1355180c995a07741493a09c21ba01a387882da4f62534b87bb15d60d197201c0fd3bf30c1500a3ecfecdd66d8721f90bcc4c17ee925c61b0a03727a9c0d5f5ca462fbfa0af1c2513a9d9d4b5345bd27a5f6e653f751693e6b6a2b8ead57d511e00e58c45b7b8d005af79288f5c7c22fd4f1bf7a898b03a5634c6a1ae3f9fae5de4f296a2896b23e7ed43ed14fa5a2803f4d28f0d3ffcf24757677aebdb47bb388378708948a8d4126ed1839e0da29a537a8c198b3c66ab00712dd261674bf45a73d67f76914f830ca014b65596f27e4cf62de66125a5566df9975155628b400fbfb3a29040ed50faffdbb18aece7c5c44693260aab386c0a37b11b114f1c415aebb653be468179428d43a4d8bc3ec38813eca30a13cf1bb18d524f1992d44d8b1a42ea30b22e6c95b199d8d182f8840b09d059585c31ad691fa0619ff038aca2c39a943421157361717c49d322028a74648113bd8c9d7ec77cf3c89c1ec8718ceff8516d96b34c3c614f10699c9abc4ed0411506223bea16af35c883accdbe1104eef0cfdb54e12fb230a + +Cipher = aes-128-xts +Key = 2718281828459045235360287471352631415926535897932384626433832795 +IV = ff000000000000000000000000000000 +Plaintext = 72efc1ebfe1ee25975a6eb3aa8589dda2b261f1c85bdab442a9e5b2dd1d7c3957a16fc08e526d4b1223f1b1232a11af274c3d70dac57f83e0983c498f1a6f1aecb021c3e70085a1e527f1ce41ee5911a82020161529cd82773762daf5459de94a0a82adae7e1703c808543c29ed6fb32d9e004327c1355180c995a07741493a09c21ba01a387882da4f62534b87bb15d60d197201c0fd3bf30c1500a3ecfecdd66d8721f90bcc4c17ee925c61b0a03727a9c0d5f5ca462fbfa0af1c2513a9d9d4b5345bd27a5f6e653f751693e6b6a2b8ead57d511e00e58c45b7b8d005af79288f5c7c22fd4f1bf7a898b03a5634c6a1ae3f9fae5de4f296a2896b23e7ed43ed14fa5a2803f4d28f0d3ffcf24757677aebdb47bb388378708948a8d4126ed1839e0da29a537a8c198b3c66ab00712dd261674bf45a73d67f76914f830ca014b65596f27e4cf62de66125a5566df9975155628b400fbfb3a29040ed50faffdbb18aece7c5c44693260aab386c0a37b11b114f1c415aebb653be468179428d43a4d8bc3ec38813eca30a13cf1bb18d524f1992d44d8b1a42ea30b22e6c95b199d8d182f8840b09d059585c31ad691fa0619ff038aca2c39a943421157361717c49d322028a74648113bd8c9d7ec77cf3c89c1ec8718ceff8516d96b34c3c614f10699c9abc4ed0411506223bea16af35c883accdbe1104eef0cfdb54e12fb230a +Ciphertext = 3260ae8dad1f4a32c5cafe3ab0eb95549d461a67ceb9e5aa2d3afb62dece0553193ba50c75be251e08d1d08f1088576c7efdfaaf3f459559571e12511753b07af073f35da06af0ce0bbf6b8f5ccc5cea500ec1b211bd51f63b606bf6528796ca12173ba39b8935ee44ccce646f90a45bf9ccc567f0ace13dc2d53ebeedc81f58b2e41179dddf0d5a5c42f5d8506c1a5d2f8f59f3ea873cbcd0eec19acbf325423bd3dcb8c2b1bf1d1eaed0eba7f0698e4314fbeb2f1566d1b9253008cbccf45a2b0d9c5c9c21474f4076e02be26050b99dee4fd68a4cf890e496e4fcae7b70f94ea5a9062da0daeba1993d2ccd1dd3c244b8428801495a58b216547e7e847c46d1d756377b6242d2e5fb83bf752b54e0df71e889f3a2bb0f4c10805bf3c590376e3c24e22ff57f7fa965577375325cea5d920db94b9c336b455f6e894c01866fe9fbb8c8d3f70a2957285f6dfb5dcd8cbf54782f8fe7766d4723819913ac773421e3a31095866bad22c86a6036b2518b2059b4229d18c8c2ccbdf906c6cc6e82464ee57bddb0bebcb1dc645325bfb3e665ef7251082c88ebb1cf203bd779fdd38675713c8daadd17e1cabee432b09787b6ddf3304e38b731b45df5df51b78fcfb3d32466028d0ba36555e7e11ab0ee0666061d1645d962444bc47a38188930a84b4d561395c73c087021927ca638b7afc8a8679ccb84c26555440ec7f10445cd + + +Cipher = aes-256-xts +Key = 27182818284590452353602874713526624977572470936999595749669676273141592653589793238462643383279502884197169399375105820974944592 +IV = ff000000000000000000000000000000 +Plaintext = 000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f404142434445464748494a4b4c4d4e4f505152535455565758595a5b5c5d5e5f606162636465666768696a6b6c6d6e6f707172737475767778797a7b7c7d7e7f808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9fa0a1a2a3a4a5a6a7a8a9aaabacadaeafb0b1b2b3b4b5b6b7b8b9babbbcbdbebfc0c1c2c3c4c5c6c7c8c9cacbcccdcecfd0d1d2d3d4d5d6d7d8d9dadbdcdddedfe0e1e2e3e4e5e6e7e8e9eaebecedeeeff0f1f2f3f4f5f6f7f8f9fafbfcfdfeff000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f404142434445464748494a4b4c4d4e4f505152535455565758595a5b5c5d5e5f606162636465666768696a6b6c6d6e6f707172737475767778797a7b7c7d7e7f808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9fa0a1a2a3a4a5a6a7a8a9aaabacadaeafb0b1b2b3b4b5b6b7b8b9babbbcbdbebfc0c1c2c3c4c5c6c7c8c9cacbcccdcecfd0d1d2d3d4d5d6d7d8d9dadbdcdddedfe0e1e2e3e4e5e6e7e8e9eaebecedeeeff0f1f2f3f4f5f6f7f8f9fafbfcfdfeff +Ciphertext = 1c3b3a102f770386e4836c99e370cf9bea00803f5e482357a4ae12d414a3e63b5d31e276f8fe4a8d66b317f9ac683f44680a86ac35adfc3345befecb4bb188fd5776926c49a3095eb108fd1098baec70aaa66999a72a82f27d848b21d4a741b0c5cd4d5fff9dac89aeba122961d03a757123e9870f8acf1000020887891429ca2a3e7a7d7df7b10355165c8b9a6d0a7de8b062c4500dc4cd120c0f7418dae3d0b5781c34803fa75421c790dfe1de1834f280d7667b327f6c8cd7557e12ac3a0f93ec05c52e0493ef31a12d3d9260f79a289d6a379bc70c50841473d1a8cc81ec583e9645e07b8d9670655ba5bbcfecc6dc3966380ad8fecb17b6ba02469a020a84e18e8f84252070c13e9f1f289be54fbc481457778f616015e1327a02b140f1505eb309326d68378f8374595c849d84f4c333ec4423885143cb47bd71c5edae9be69a2ffeceb1bec9de244fbe15992b11b77c040f12bd8f6a975a44a0f90c29a9abc3d4d893927284c58754cce294529f8614dcd2aba991925fedc4ae74ffac6e333b93eb4aff0479da9a410e4450e0dd7ae4c6e2910900575da401fc07059f645e8b7e9bfdef33943054ff84011493c27b3429eaedb4ed5376441a77ed43851ad77f16f541dfd269d50d6a5f14fb0aab1cbb4c1550be97f7ab4066193c4caa773dad38014bd2092fa755c824bb5e54c4f36ffda9fcea70b9c6e693e148c151 + +Cipher = aes-256-xts +Key = 27182818284590452353602874713526624977572470936999595749669676273141592653589793238462643383279502884197169399375105820974944592 +IV = ffff0000000000000000000000000000 +Plaintext = 000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f404142434445464748494a4b4c4d4e4f505152535455565758595a5b5c5d5e5f606162636465666768696a6b6c6d6e6f707172737475767778797a7b7c7d7e7f808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9fa0a1a2a3a4a5a6a7a8a9aaabacadaeafb0b1b2b3b4b5b6b7b8b9babbbcbdbebfc0c1c2c3c4c5c6c7c8c9cacbcccdcecfd0d1d2d3d4d5d6d7d8d9dadbdcdddedfe0e1e2e3e4e5e6e7e8e9eaebecedeeeff0f1f2f3f4f5f6f7f8f9fafbfcfdfeff000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f404142434445464748494a4b4c4d4e4f505152535455565758595a5b5c5d5e5f606162636465666768696a6b6c6d6e6f707172737475767778797a7b7c7d7e7f808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9fa0a1a2a3a4a5a6a7a8a9aaabacadaeafb0b1b2b3b4b5b6b7b8b9babbbcbdbebfc0c1c2c3c4c5c6c7c8c9cacbcccdcecfd0d1d2d3d4d5d6d7d8d9dadbdcdddedfe0e1e2e3e4e5e6e7e8e9eaebecedeeeff0f1f2f3f4f5f6f7f8f9fafbfcfdfeff +Ciphertext = 77a31251618a15e6b92d1d66dffe7b50b50bad552305ba0217a610688eff7e11e1d0225438e093242d6db274fde801d4cae06f2092c728b2478559df58e837c2469ee4a4fa794e4bbc7f39bc026e3cb72c33b0888f25b4acf56a2a9804f1ce6d3d6e1dc6ca181d4b546179d55544aa7760c40d06741539c7e3cd9d2f6650b2013fd0eeb8c2b8e3d8d240ccae2d4c98320a7442e1c8d75a42d6e6cfa4c2eca1798d158c7aecdf82490f24bb9b38e108bcda12c3faf9a21141c3613b58367f922aaa26cd22f23d708dae699ad7cb40a8ad0b6e2784973dcb605684c08b8d6998c69aac049921871ebb65301a4619ca80ecb485a31d744223ce8ddc2394828d6a80470c092f5ba413c3378fa6054255c6f9df4495862bbb3287681f931b687c888abf844dfc8fc28331e579928cd12bd2390ae123cf03818d14dedde5c0c24c8ab018bfca75ca096f2d531f3d1619e785f1ada437cab92e980558b3dce1474afb75bfedbf8ff54cb2618e0244c9ac0d3c66fb51598cd2db11f9be39791abe447c63094f7c453b7ff87cb5bb36b7c79efb0872d17058b83b15ab0866ad8a58656c5a7e20dbdf308b2461d97c0ec0024a2715055249cf3b478ddd4740de654f75ca686e0d7345c69ed50cdc2a8b332b1f8824108ac937eb050585608ee734097fc09054fbff89eeaeea791f4a7ab1f9868294a4f9e27b42af8100cb9d59cef9645803 + +Cipher = aes-256-xts +Key = 27182818284590452353602874713526624977572470936999595749669676273141592653589793238462643383279502884197169399375105820974944592 +IV = ffffff00000000000000000000000000 +Plaintext = 000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f404142434445464748494a4b4c4d4e4f505152535455565758595a5b5c5d5e5f606162636465666768696a6b6c6d6e6f707172737475767778797a7b7c7d7e7f808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9fa0a1a2a3a4a5a6a7a8a9aaabacadaeafb0b1b2b3b4b5b6b7b8b9babbbcbdbebfc0c1c2c3c4c5c6c7c8c9cacbcccdcecfd0d1d2d3d4d5d6d7d8d9dadbdcdddedfe0e1e2e3e4e5e6e7e8e9eaebecedeeeff0f1f2f3f4f5f6f7f8f9fafbfcfdfeff000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f404142434445464748494a4b4c4d4e4f505152535455565758595a5b5c5d5e5f606162636465666768696a6b6c6d6e6f707172737475767778797a7b7c7d7e7f808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9fa0a1a2a3a4a5a6a7a8a9aaabacadaeafb0b1b2b3b4b5b6b7b8b9babbbcbdbebfc0c1c2c3c4c5c6c7c8c9cacbcccdcecfd0d1d2d3d4d5d6d7d8d9dadbdcdddedfe0e1e2e3e4e5e6e7e8e9eaebecedeeeff0f1f2f3f4f5f6f7f8f9fafbfcfdfeff +Ciphertext = e387aaa58ba483afa7e8eb469778317ecf4cf573aa9d4eac23f2cdf914e4e200a8b490e42ee646802dc6ee2b471b278195d60918ececb44bf79966f83faba0499298ebc699c0c8634715a320bb4f075d622e74c8c932004f25b41e361025b5a87815391f6108fc4afa6a05d9303c6ba68a128a55705d415985832fdeaae6c8e19110e84d1b1f199a2692119edc96132658f09da7c623efcec712537a3d94c0bf5d7e352ec94ae5797fdb377dc1551150721adf15bd26a8efc2fcaad56881fa9e62462c28f30ae1ceaca93c345cf243b73f542e2074a705bd2643bb9f7cc79bb6e7091ea6e232df0f9ad0d6cf502327876d82207abf2115cdacf6d5a48f6c1879a65b115f0f8b3cb3c59d15dd8c769bc014795a1837f3901b5845eb491adfefe097b1fa30a12fc1f65ba22905031539971a10f2f36c321bb51331cdefb39e3964c7ef079994f5b69b2edd83a71ef549971ee93f44eac3938fcdd61d01fa71799da3a8091c4c48aa9ed263ff0749df95d44fef6a0bb578ec69456aa5408ae32c7af08ad7ba8921287e3bbee31b767be06a0e705c864a769137df28292283ea81a2480241b44d9921cdbec1bc28dc1fda114bd8e5217ac9d8ebafa720e9da4f9ace231cc949e5b96fe76ffc21063fddc83a6b8679c00d35e09576a875305bed5f36ed242c8900dd1fa965bc950dfce09b132263a1eef52dd6888c309f5a7d712826 + +Cipher = aes-256-xts +Key = 27182818284590452353602874713526624977572470936999595749669676273141592653589793238462643383279502884197169399375105820974944592 +IV = ffffffff000000000000000000000000 +Plaintext = 000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f404142434445464748494a4b4c4d4e4f505152535455565758595a5b5c5d5e5f606162636465666768696a6b6c6d6e6f707172737475767778797a7b7c7d7e7f808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9fa0a1a2a3a4a5a6a7a8a9aaabacadaeafb0b1b2b3b4b5b6b7b8b9babbbcbdbebfc0c1c2c3c4c5c6c7c8c9cacbcccdcecfd0d1d2d3d4d5d6d7d8d9dadbdcdddedfe0e1e2e3e4e5e6e7e8e9eaebecedeeeff0f1f2f3f4f5f6f7f8f9fafbfcfdfeff000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f404142434445464748494a4b4c4d4e4f505152535455565758595a5b5c5d5e5f606162636465666768696a6b6c6d6e6f707172737475767778797a7b7c7d7e7f808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9fa0a1a2a3a4a5a6a7a8a9aaabacadaeafb0b1b2b3b4b5b6b7b8b9babbbcbdbebfc0c1c2c3c4c5c6c7c8c9cacbcccdcecfd0d1d2d3d4d5d6d7d8d9dadbdcdddedfe0e1e2e3e4e5e6e7e8e9eaebecedeeeff0f1f2f3f4f5f6f7f8f9fafbfcfdfeff +Ciphertext = bf53d2dade78e822a4d949a9bc6766b01b06a8ef70d26748c6a7fc36d80ae4c5520f7c4ab0ac8544424fa405162fef5a6b7f229498063618d39f0003cb5fb8d1c86b643497da1ff945c8d3bedeca4f479702a7a735f043ddb1d6aaade3c4a0ac7ca7f3fa5279bef56f82cd7a2f38672e824814e10700300a055e1630b8f1cb0e919f5e942010a416e2bf48cb46993d3cb6a51c19bacf864785a00bc2ecff15d350875b246ed53e68be6f55bd7e05cfc2b2ed6432198a6444b6d8c247fab941f569768b5c429366f1d3f00f0345b96123d56204c01c63b22ce78baf116e525ed90fdea39fa469494d3866c31e05f295ff21fea8d4e6e13d67e47ce722e9698a1c1048d68ebcde76b86fcf976eab8aa9790268b7068e017a8b9b749409514f1053027fd16c3786ea1bac5f15cb79711ee2abe82f5cf8b13ae73030ef5b9e4457e75d1304f988d62dd6fc4b94ed38ba831da4b7634971b6cd8ec325d9c61c00f1df73627ed3745a5e8489f3a95c69639c32cd6e1d537a85f75cc844726e8a72fc0077ad22000f1d5078f6b866318c668f1ad03d5a5fced5219f2eabbd0aa5c0f460d183f04404a0d6f469558e81fab24a167905ab4c7878502ad3e38fdbe62a41556cec37325759533ce8f25f367c87bb5578d667ae93f9e2fd99bcbc5f2fbba88cf6516139420fcff3b7361d86322c4bd84c82f335abb152c4a93411373aaa8220 + +Cipher = aes-256-xts +Key = 27182818284590452353602874713526624977572470936999595749669676273141592653589793238462643383279502884197169399375105820974944592 +IV = ffffffffff0000000000000000000000 +Plaintext = 000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f404142434445464748494a4b4c4d4e4f505152535455565758595a5b5c5d5e5f606162636465666768696a6b6c6d6e6f707172737475767778797a7b7c7d7e7f808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9fa0a1a2a3a4a5a6a7a8a9aaabacadaeafb0b1b2b3b4b5b6b7b8b9babbbcbdbebfc0c1c2c3c4c5c6c7c8c9cacbcccdcecfd0d1d2d3d4d5d6d7d8d9dadbdcdddedfe0e1e2e3e4e5e6e7e8e9eaebecedeeeff0f1f2f3f4f5f6f7f8f9fafbfcfdfeff000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f404142434445464748494a4b4c4d4e4f505152535455565758595a5b5c5d5e5f606162636465666768696a6b6c6d6e6f707172737475767778797a7b7c7d7e7f808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9fa0a1a2a3a4a5a6a7a8a9aaabacadaeafb0b1b2b3b4b5b6b7b8b9babbbcbdbebfc0c1c2c3c4c5c6c7c8c9cacbcccdcecfd0d1d2d3d4d5d6d7d8d9dadbdcdddedfe0e1e2e3e4e5e6e7e8e9eaebecedeeeff0f1f2f3f4f5f6f7f8f9fafbfcfdfeff +Ciphertext = 64497e5a831e4a932c09be3e5393376daa599548b816031d224bbf50a818ed2350eae7e96087c8a0db51ad290bd00c1ac1620857635bf246c176ab463be30b808da548081ac847b158e1264be25bb0910bbc92647108089415d45fab1b3d2604e8a8eff1ae4020cfa39936b66827b23f371b92200be90251e6d73c5f86de5fd4a950781933d79a28272b782a2ec313efdfcc0628f43d744c2dc2ff3dcb66999b50c7ca895b0c64791eeaa5f29499fb1c026f84ce5b5c72ba1083cddb5ce45434631665c333b60b11593fb253c5179a2c8db813782a004856a1653011e93fb6d876c18366dd8683f53412c0c180f9c848592d593f8609ca736317d356e13e2bff3a9f59cd9aeb19cd482593d8c46128bb32423b37a9adfb482b99453fbe25a41bf6feb4aa0bef5ed24bf73c762978025482c13115e4015aac992e5613a3b5c2f685b84795cb6e9b2656d8c88157e52c42f978d8634c43d06fea928f2822e465aa6576e9bf419384506cc3ce3c54ac1a6f67dc66f3b30191e698380bc999b05abce19dc0c6dcc2dd001ec535ba18deb2df1a101023108318c75dc98611a09dc48a0acdec676fabdf222f07e026f059b672b56e5cbc8e1d21bbd867dd927212054681d70ea737134cdfce93b6f82ae22423274e58a0821cc5502e2d0ab4585e94de6975be5e0b4efce51cd3e70c25a1fbbbd609d273ad5b0d59631c531f6a0a57b9 + + +Cipher = aes-128-xts +Key = fffefdfcfbfaf9f8f7f6f5f4f3f2f1f0bfbebdbcbbbab9b8b7b6b5b4b3b2b1b0 +IV = 9a785634120000000000000000000000 +Plaintext = 000102030405060708090a0b0c0d0e0f10 +Ciphertext = 6c1625db4671522d3d7599601de7ca09ed + +Cipher = aes-128-xts +Key = fffefdfcfbfaf9f8f7f6f5f4f3f2f1f0bfbebdbcbbbab9b8b7b6b5b4b3b2b1b0 +IV = 9a785634120000000000000000000000 +Plaintext = 000102030405060708090a0b0c0d0e0f1011 +Ciphertext = d069444b7a7e0cab09e24447d24deb1fedbf + +Cipher = aes-128-xts +Key = fffefdfcfbfaf9f8f7f6f5f4f3f2f1f0bfbebdbcbbbab9b8b7b6b5b4b3b2b1b0 +IV = 9a785634120000000000000000000000 +Plaintext = 000102030405060708090a0b0c0d0e0f101112 +Ciphertext = e5df1351c0544ba1350b3363cd8ef4beedbf9d + +Cipher = aes-128-xts +Key = fffefdfcfbfaf9f8f7f6f5f4f3f2f1f0bfbebdbcbbbab9b8b7b6b5b4b3b2b1b0 +IV = 9a785634120000000000000000000000 +Plaintext = 000102030405060708090a0b0c0d0e0f10111213 +Ciphertext = 9d84c813f719aa2c7be3f66171c7c5c2edbf9dac + +Cipher = aes-128-xts +Key = e0e1e2e3e4e5e6e7e8e9eaebecedeeefc0c1c2c3c4c5c6c7c8c9cacbcccdcecf +IV = 21436587a90000000000000000000000 +Plaintext = 000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f404142434445464748494a4b4c4d4e4f505152535455565758595a5b5c5d5e5f606162636465666768696a6b6c6d6e6f707172737475767778797a7b7c7d7e7f808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9fa0a1a2a3a4a5a6a7a8a9aaabacadaeafb0b1b2b3b4b5b6b7b8b9babbbcbdbebfc0c1c2c3c4c5c6c7c8c9cacbcccdcecfd0d1d2d3d4d5d6d7d8d9dadbdcdddedfe0e1e2e3e4e5e6e7e8e9eaebecedeeeff0f1f2f3f4f5f6f7f8f9fafbfcfdfeff000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f404142434445464748494a4b4c4d4e4f505152535455565758595a5b5c5d5e5f606162636465666768696a6b6c6d6e6f707172737475767778797a7b7c7d7e7f808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9fa0a1a2a3a4a5a6a7a8a9aaabacadaeafb0b1b2b3b4b5b6b7b8b9babbbcbdbebfc0c1c2c3c4c5c6c7c8c9cacbcccdcecfd0d1d2d3d4d5d6d7d8d9dadbdcdddedfe0e1e2e3e4e5e6e7e8e9eaebecedeeeff0f1f2f3f4f5f6f7f8f9fafbfcfdfeff +Ciphertext = 38b45812ef43a05bd957e545907e223b954ab4aaf088303ad910eadf14b42be68b2461149d8c8ba85f992be970bc621f1b06573f63e867bf5875acafa04e42ccbd7bd3c2a0fb1fff791ec5ec36c66ae4ac1e806d81fbf709dbe29e471fad38549c8e66f5345d7c1eb94f405d1ec785cc6f6a68f6254dd8339f9d84057e01a17741990482999516b5611a38f41bb6478e6f173f320805dd71b1932fc333cb9ee39936beea9ad96fa10fb4112b901734ddad40bc1878995f8e11aee7d141a2f5d48b7a4e1e7f0b2c04830e69a4fd1378411c2f287edf48c6c4e5c247a19680f7fe41cefbd49b582106e3616cbbe4dfb2344b2ae9519391f3e0fb4922254b1d6d2d19c6d4d537b3a26f3bcc51588b32f3eca0829b6a5ac72578fb814fb43cf80d64a233e3f997a3f02683342f2b33d25b492536b93becb2f5e1a8b82f5b883342729e8ae09d16938841a21a97fb543eea3bbff59f13c1a18449e398701c1ad51648346cbc04c27bb2da3b93a1372ccae548fb53bee476f9e9c91773b1bb19828394d55d3e1a20ed69113a860b6829ffa847224604435070221b257e8dff783615d2cae4803a93aa4334ab482a0afac9c0aeda70b45a481df5dec5df8cc0f423c77a5fd46cd312021d4b438862419a791be03bb4d97c0e59578542531ba466a83baf92cefc151b5cc1611a167893819b63fb8a6b18e86de60290fa72b797b0ce59f3 + +# Exercise different lengths covering even ciphertext stealing cases +Cipher = aes-128-xts +Key = 2718281828459045235360287471352631415926535897932384626433832795 +IV = 00000000000000000000000000000000 +Plaintext = 000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f404142434445464748494a4b4c4d4e4f505152535455565758595a5b5c5d5e5f +Ciphertext = 27a7479befa1d476489f308cd4cfa6e2a96e4bbe3208ff25287dd3819616e89cc78cf7f5e543445f8333d8fa7f56000005279fa5d8b5e4ad40e736ddb4d35412328063fd2aab53e5ea1e0a9f332500a5df9487d07a5c92cc512c8866c7e860ce + +Cipher = aes-128-xts +Key = 2718281828459045235360287471352631415926535897932384626433832795 +IV = 00000000000000000000000000000000 +Plaintext = 000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f404142434445464748494a4b4c4d4e4f505152535455565758595a5b5c5d5e5f6061 +Ciphertext = 27A7479BEFA1D476489F308CD4CFA6E2A96E4BBE3208FF25287DD3819616E89CC78CF7F5E543445F8333D8FA7F56000005279FA5D8B5E4AD40E736DDB4D35412328063FD2AAB53E5EA1E0A9F332500A5B079C6307EA0914559C6D2FB6384F8AADF94 + +Cipher = aes-128-xts +Key = 2718281828459045235360287471352631415926535897932384626433832795 +IV = 00000000000000000000000000000000 +Plaintext = 000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f404142434445464748494a4b4c4d4e4f505152535455565758595a5b5c5d5e5f606162636465666768696a6b6c6d6e6f +Ciphertext = 27a7479befa1d476489f308cd4cfa6e2a96e4bbe3208ff25287dd3819616e89cc78cf7f5e543445f8333d8fa7f56000005279fa5d8b5e4ad40e736ddb4d35412328063fd2aab53e5ea1e0a9f332500a5df9487d07a5c92cc512c8866c7e860ce93fdf166a24912b422976146ae20ce84 + +Cipher = aes-128-xts +Key = 2718281828459045235360287471352631415926535897932384626433832795 +IV = 00000000000000000000000000000000 +Plaintext = 000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f404142434445464748494a4b4c4d4e4f505152535455565758595a5b5c5d5e5f606162636465666768696a6b6c6d6e6f7071 +Ciphertext = 27A7479BEFA1D476489F308CD4CFA6E2A96E4BBE3208FF25287DD3819616E89CC78CF7F5E543445F8333D8FA7F56000005279FA5D8B5E4AD40E736DDB4D35412328063FD2AAB53E5EA1E0A9F332500A5DF9487D07A5C92CC512C8866C7E860CEF4F253466EF4953ADC8FE2F5BC1FF57593FD + +Cipher = aes-128-xts +Key = 2718281828459045235360287471352631415926535897932384626433832795 +IV = 00000000000000000000000000000000 +Plaintext = 000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f404142434445464748494a4b4c4d4e4f505152535455565758595a5b5c5d5e5f606162636465666768696a6b6c6d6e6f707172737475767778797a7b7c7d7e7f +Ciphertext = 27a7479befa1d476489f308cd4cfa6e2a96e4bbe3208ff25287dd3819616e89cc78cf7f5e543445f8333d8fa7f56000005279fa5d8b5e4ad40e736ddb4d35412328063fd2aab53e5ea1e0a9f332500a5df9487d07a5c92cc512c8866c7e860ce93fdf166a24912b422976146ae20ce846bb7dc9ba94a767aaef20c0d61ad0265 + +Cipher = aes-128-xts +Key = 2718281828459045235360287471352631415926535897932384626433832795 +IV = 00000000000000000000000000000000 +Plaintext = 000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f404142434445464748494a4b4c4d4e4f505152535455565758595a5b5c5d5e5f606162636465666768696a6b6c6d6e6f707172737475767778797a7b7c7d7e7f8081 +Ciphertext = 27A7479BEFA1D476489F308CD4CFA6E2A96E4BBE3208FF25287DD3819616E89CC78CF7F5E543445F8333D8FA7F56000005279FA5D8B5E4AD40E736DDB4D35412328063FD2AAB53E5EA1E0A9F332500A5DF9487D07A5C92CC512C8866C7E860CE93FDF166A24912B422976146AE20CE842973C68248EDDFE26FB9B096659C8A5D6BB7 + +Cipher = aes-128-xts +Key = 2718281828459045235360287471352631415926535897932384626433832795 +IV = 00000000000000000000000000000000 +Plaintext = 000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f404142434445464748494a4b4c4d4e4f505152535455565758595a5b5c5d5e5f606162636465666768696a6b6c6d6e6f707172737475767778797a7b7c7d7e7f808182838485868788898a8b8c8d8e8f +Ciphertext = 27a7479befa1d476489f308cd4cfa6e2a96e4bbe3208ff25287dd3819616e89cc78cf7f5e543445f8333d8fa7f56000005279fa5d8b5e4ad40e736ddb4d35412328063fd2aab53e5ea1e0a9f332500a5df9487d07a5c92cc512c8866c7e860ce93fdf166a24912b422976146ae20ce846bb7dc9ba94a767aaef20c0d61ad02655ea92dc4c4e41a8952c651d33174be51 + +Cipher = aes-128-xts +Key = 2718281828459045235360287471352631415926535897932384626433832795 +IV = 00000000000000000000000000000000 +Plaintext = 000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f404142434445464748494a4b4c4d4e4f505152535455565758595a5b5c5d5e5f606162636465666768696a6b6c6d6e6f707172737475767778797a7b7c7d7e7f808182838485868788898a8b8c8d8e8f9091 +Ciphertext = 27A7479BEFA1D476489F308CD4CFA6E2A96E4BBE3208FF25287DD3819616E89CC78CF7F5E543445F8333D8FA7F56000005279FA5D8B5E4AD40E736DDB4D35412328063FD2AAB53E5EA1E0A9F332500A5DF9487D07A5C92CC512C8866C7E860CE93FDF166A24912B422976146AE20CE846BB7DC9BA94A767AAEF20C0D61AD0265C4DD16E65A24575A709F174593F19FF85EA9 + +Cipher = aes-128-xts +Key = 2718281828459045235360287471352631415926535897932384626433832795 +IV = 00000000000000000000000000000000 +Plaintext = 000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f404142434445464748494a4b4c4d4e4f505152535455565758595a5b5c5d5e5f606162636465666768696a6b6c6d6e6f707172737475767778797a7b7c7d7e7f808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f +Ciphertext = 27a7479befa1d476489f308cd4cfa6e2a96e4bbe3208ff25287dd3819616e89cc78cf7f5e543445f8333d8fa7f56000005279fa5d8b5e4ad40e736ddb4d35412328063fd2aab53e5ea1e0a9f332500a5df9487d07a5c92cc512c8866c7e860ce93fdf166a24912b422976146ae20ce846bb7dc9ba94a767aaef20c0d61ad02655ea92dc4c4e41a8952c651d33174be51a10c421110e6d81588ede82103a252d8 + +Cipher = aes-128-xts +Key = 2718281828459045235360287471352631415926535897932384626433832795 +IV = 00000000000000000000000000000000 +Plaintext = 000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f404142434445464748494a4b4c4d4e4f505152535455565758595a5b5c5d5e5f606162636465666768696a6b6c6d6e6f707172737475767778797a7b7c7d7e7f808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9fa0a1 +Ciphertext = 27A7479BEFA1D476489F308CD4CFA6E2A96E4BBE3208FF25287DD3819616E89CC78CF7F5E543445F8333D8FA7F56000005279FA5D8B5E4AD40E736DDB4D35412328063FD2AAB53E5EA1E0A9F332500A5DF9487D07A5C92CC512C8866C7E860CE93FDF166A24912B422976146AE20CE846BB7DC9BA94A767AAEF20C0D61AD02655EA92DC4C4E41A8952C651D33174BE519215FA160C664D4B07D757A034AB3B35A10C + +Cipher = aes-128-xts +Key = 2718281828459045235360287471352631415926535897932384626433832795 +IV = 00000000000000000000000000000000 +Plaintext = 000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f404142434445464748494a4b4c4d4e4f505152535455565758595a5b5c5d5e5f606162636465666768696a6b6c6d6e6f707172737475767778797a7b7c7d7e7f808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9fa0a1a2a3a4a5a6a7a8a9aaabacadaeaf +Ciphertext = 27a7479befa1d476489f308cd4cfa6e2a96e4bbe3208ff25287dd3819616e89cc78cf7f5e543445f8333d8fa7f56000005279fa5d8b5e4ad40e736ddb4d35412328063fd2aab53e5ea1e0a9f332500a5df9487d07a5c92cc512c8866c7e860ce93fdf166a24912b422976146ae20ce846bb7dc9ba94a767aaef20c0d61ad02655ea92dc4c4e41a8952c651d33174be51a10c421110e6d81588ede82103a252d8a750e8768defffed9122810aaeb99f91 + +Cipher = aes-128-xts +Key = 2718281828459045235360287471352631415926535897932384626433832795 +IV = 00000000000000000000000000000000 +Plaintext = 000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f404142434445464748494a4b4c4d4e4f505152535455565758595a5b5c5d5e5f606162636465666768696a6b6c6d6e6f707172737475767778797a7b7c7d7e7f808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9fa0a1a2a3a4a5a6a7a8a9aaabacadaeafb0b1 +Ciphertext = 27A7479BEFA1D476489F308CD4CFA6E2A96E4BBE3208FF25287DD3819616E89CC78CF7F5E543445F8333D8FA7F56000005279FA5D8B5E4AD40E736DDB4D35412328063FD2AAB53E5EA1E0A9F332500A5DF9487D07A5C92CC512C8866C7E860CE93FDF166A24912B422976146AE20CE846BB7DC9BA94A767AAEF20C0D61AD02655EA92DC4C4E41A8952C651D33174BE51A10C421110E6D81588EDE82103A252D82C6CBC24F9357BD1FB882AA4B2CC2E7FA750 + +Cipher = aes-128-xts +Key = 2718281828459045235360287471352631415926535897932384626433832795 +IV = 00000000000000000000000000000000 +Plaintext = 000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f404142434445464748494a4b4c4d4e4f505152535455565758595a5b5c5d5e5f606162636465666768696a6b6c6d6e6f707172737475767778797a7b7c7d7e7f808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9fa0a1a2a3a4a5a6a7a8a9aaabacadaeafb0b1b2b3b4b5b6b7b8b9babbbcbdbebf +Ciphertext = 27a7479befa1d476489f308cd4cfa6e2a96e4bbe3208ff25287dd3819616e89cc78cf7f5e543445f8333d8fa7f56000005279fa5d8b5e4ad40e736ddb4d35412328063fd2aab53e5ea1e0a9f332500a5df9487d07a5c92cc512c8866c7e860ce93fdf166a24912b422976146ae20ce846bb7dc9ba94a767aaef20c0d61ad02655ea92dc4c4e41a8952c651d33174be51a10c421110e6d81588ede82103a252d8a750e8768defffed9122810aaeb99f9172af82b604dc4b8e51bcb08235a6f434 + +Cipher = aes-128-xts +Key = 2718281828459045235360287471352631415926535897932384626433832795 +IV = 00000000000000000000000000000000 +Plaintext = 000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f404142434445464748494a4b4c4d4e4f505152535455565758595a5b5c5d5e5f606162636465666768696a6b6c6d6e6f707172737475767778797a7b7c7d7e7f808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9fa0a1a2a3a4a5a6a7a8a9aaabacadaeafb0b1b2b3b4b5b6b7b8b9babbbcbdbebfc0c1 +Ciphertext = 27A7479BEFA1D476489F308CD4CFA6E2A96E4BBE3208FF25287DD3819616E89CC78CF7F5E543445F8333D8FA7F56000005279FA5D8B5E4AD40E736DDB4D35412328063FD2AAB53E5EA1E0A9F332500A5DF9487D07A5C92CC512C8866C7E860CE93FDF166A24912B422976146AE20CE846BB7DC9BA94A767AAEF20C0D61AD02655EA92DC4C4E41A8952C651D33174BE51A10C421110E6D81588EDE82103A252D8A750E8768DEFFFED9122810AAEB99F910409B03D164E727C31290FD4E039500872AF + +# AES wrap tests from RFC3394 +Cipher = id-aes128-wrap +Key = 000102030405060708090A0B0C0D0E0F +Plaintext = 00112233445566778899AABBCCDDEEFF +Ciphertext = 1FA68B0A8112B447AEF34BD8FB5A7B829D3E862371D2CFE5 + +Cipher = id-aes192-wrap +Key = 000102030405060708090A0B0C0D0E0F1011121314151617 +Plaintext = 00112233445566778899AABBCCDDEEFF +Ciphertext = 96778B25AE6CA435F92B5B97C050AED2468AB8A17AD84E5D + +Cipher = id-aes256-wrap +Key = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F +Plaintext = 00112233445566778899AABBCCDDEEFF +Ciphertext = 64E8C3F9CE0F5BA263E9777905818A2A93C8191E7D6E8AE7 + +Cipher = id-aes192-wrap +Key = 000102030405060708090A0B0C0D0E0F1011121314151617 +Plaintext = 00112233445566778899AABBCCDDEEFF0001020304050607 +Ciphertext = 031D33264E15D33268F24EC260743EDCE1C6C7DDEE725A936BA814915C6762D2 + +Cipher = id-aes256-wrap +Key = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F +Plaintext = 00112233445566778899AABBCCDDEEFF0001020304050607 +Ciphertext = A8F9BC1612C68B3FF6E6F4FBE30E71E4769C8B80A32CB8958CD5D17D6B254DA1 + +Cipher = id-aes256-wrap +Key = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F +Plaintext = 00112233445566778899AABBCCDDEEFF000102030405060708090A0B0C0D0E0F +Ciphertext = 28C9F404C4B810F4CBCCB35CFB87F8263F5786E2D80ED326CBC7F0E71A99F43BFB988B9B7A02DD21 + +# Same as previous example but with invalid unwrap key: should be rejected +# without returning any plaintext +Cipher = id-aes256-wrap +Operation = DECRYPT +Key = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E00 +Plaintext = 00112233445566778899AABBCCDDEEFF000102030405060708090A0B0C0D0E0F +Ciphertext = 28C9F404C4B810F4CBCCB35CFB87F8263F5786E2D80ED326CBC7F0E71A99F43BFB988B9B7A02DD21 +Result = CIPHERUPDATE_ERROR + +# AES wrap tests from RFC5649 +Cipher = id-aes192-wrap-pad +Key = 5840df6e29b02af1ab493b705bf16ea1ae8338f4dcc176a8 +Plaintext = c37b7e6492584340bed12207808941155068f738 +Ciphertext = 138bdeaa9b8fa7fc61f97742e72248ee5ae6ae5360d1ae6a5f54f373fa543b6a + +Cipher = id-aes192-wrap-pad +Key = 5840df6e29b02af1ab493b705bf16ea1ae8338f4dcc176a8 +Plaintext = 466f7250617369 +Ciphertext = afbeb0f07dfbf5419200f2ccb50bb24f + +# HMAC tests from RFC2104 +MAC = HMAC +Algorithm = MD5 +Key = 0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b +Input = "Hi There" +Output = 9294727a3638bb1c13f48ef8158bfc9d + +MAC = HMAC +Algorithm = MD5 +Key = "Jefe" +Input = "what do ya want for nothing?" +Output = 750c783e6ab0b503eaa86e310a5db738 + +MAC = HMAC +Algorithm = MD5 +Key = AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +Input = DDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDD +Output = 56be34521d144c88dbb8c733f0e8b3f6 + +# HMAC tests from NIST test data + +MAC = HMAC +Algorithm = SHA1 +Input = "Sample message for keylen=blocklen" +Key = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E3F +Output = 5FD596EE78D5553C8FF4E72D266DFD192366DA29 + +MAC = HMAC +Algorithm = SHA1 +Input = "Sample message for keylen +#include +#include +#include + +static long saved_argl; +static void *saved_argp; +static int saved_idx; +static int saved_idx2; + +/* + * SIMPLE EX_DATA IMPLEMENTATION + * Apps explicitly set/get ex_data as needed + */ + +static void exnew(void *parent, void *ptr, CRYPTO_EX_DATA *ad, + int idx, long argl, void *argp) +{ + OPENSSL_assert(idx == saved_idx); + OPENSSL_assert(argl == saved_argl); + OPENSSL_assert(argp == saved_argp); + OPENSSL_assert(ptr == NULL); +} + +static int exdup(CRYPTO_EX_DATA *to, const CRYPTO_EX_DATA *from, + void *from_d, int idx, long argl, void *argp) +{ + OPENSSL_assert(idx == saved_idx); + OPENSSL_assert(argl == saved_argl); + OPENSSL_assert(argp == saved_argp); + OPENSSL_assert(from_d != NULL); + return 1; +} + +static void exfree(void *parent, void *ptr, CRYPTO_EX_DATA *ad, + int idx, long argl, void *argp) +{ + OPENSSL_assert(idx == saved_idx); + OPENSSL_assert(argl == saved_argl); + OPENSSL_assert(argp == saved_argp); +} + +/* + * PRE-ALLOCATED EX_DATA IMPLEMENTATION + * Extended data structure is allocated in exnew2/freed in exfree2 + * Data is stored inside extended data structure + */ + +typedef struct myobj_ex_data_st { + char *hello; + int new; + int dup; +} MYOBJ_EX_DATA; + +static void exnew2(void *parent, void *ptr, CRYPTO_EX_DATA *ad, + int idx, long argl, void *argp) +{ + int ret; + MYOBJ_EX_DATA *ex_data; + + OPENSSL_assert(idx == saved_idx2); + OPENSSL_assert(argl == saved_argl); + OPENSSL_assert(argp == saved_argp); + OPENSSL_assert(ptr == NULL); + + ex_data = OPENSSL_zalloc(sizeof(*ex_data)); + OPENSSL_assert(ex_data != NULL); + ret = CRYPTO_set_ex_data(ad, saved_idx2, ex_data); + OPENSSL_assert(ret); + + ex_data->new = 1; +} + +static int exdup2(CRYPTO_EX_DATA *to, const CRYPTO_EX_DATA *from, + void *from_d, int idx, long argl, void *argp) +{ + MYOBJ_EX_DATA **update_ex_data = (MYOBJ_EX_DATA**)from_d; + MYOBJ_EX_DATA *ex_data = CRYPTO_get_ex_data(to, saved_idx2); + + OPENSSL_assert(idx == saved_idx2); + OPENSSL_assert(argl == saved_argl); + OPENSSL_assert(argp == saved_argp); + OPENSSL_assert(from_d != NULL); + OPENSSL_assert(*update_ex_data != NULL); + OPENSSL_assert(ex_data != NULL); + OPENSSL_assert(ex_data->new); + + /* Copy hello over */ + ex_data->hello = (*update_ex_data)->hello; + /* indicate this is a dup */ + ex_data->dup = 1; + /* Keep my original ex_data */ + *update_ex_data = ex_data; + return 1; +} + +static void exfree2(void *parent, void *ptr, CRYPTO_EX_DATA *ad, + int idx, long argl, void *argp) +{ + MYOBJ_EX_DATA *ex_data = CRYPTO_get_ex_data(ad, saved_idx2); + int ret; + + OPENSSL_assert(ex_data != NULL); + OPENSSL_free(ex_data); + OPENSSL_assert(idx == saved_idx2); + OPENSSL_assert(argl == saved_argl); + OPENSSL_assert(argp == saved_argp); + ret = CRYPTO_set_ex_data(ad, saved_idx2, NULL); + OPENSSL_assert(ret); +} + +typedef struct myobj_st { + CRYPTO_EX_DATA ex_data; + int id; + int st; +} MYOBJ; + +static MYOBJ *MYOBJ_new() +{ + static int count = 0; + MYOBJ *obj = OPENSSL_malloc(sizeof(*obj)); + + obj->id = ++count; + obj->st = CRYPTO_new_ex_data(CRYPTO_EX_INDEX_APP, obj, &obj->ex_data); + OPENSSL_assert(obj->st != 0); + return obj; +} + +static void MYOBJ_sethello(MYOBJ *obj, char *cp) +{ + obj->st = CRYPTO_set_ex_data(&obj->ex_data, saved_idx, cp); + OPENSSL_assert(obj->st != 0); +} + +static char *MYOBJ_gethello(MYOBJ *obj) +{ + return CRYPTO_get_ex_data(&obj->ex_data, saved_idx); +} + +static void MYOBJ_sethello2(MYOBJ *obj, char *cp) +{ + MYOBJ_EX_DATA* ex_data = CRYPTO_get_ex_data(&obj->ex_data, saved_idx2); + if (ex_data != NULL) + ex_data->hello = cp; + else + obj->st = 0; +} + +static char *MYOBJ_gethello2(MYOBJ *obj) +{ + MYOBJ_EX_DATA* ex_data = CRYPTO_get_ex_data(&obj->ex_data, saved_idx2); + if (ex_data != NULL) + return ex_data->hello; + + obj->st = 0; + return NULL; +} + +static void MYOBJ_free(MYOBJ *obj) +{ + CRYPTO_free_ex_data(CRYPTO_EX_INDEX_APP, obj, &obj->ex_data); + OPENSSL_free(obj); +} + +static MYOBJ *MYOBJ_dup(MYOBJ *in) +{ + MYOBJ *obj = MYOBJ_new(); + + obj->st = CRYPTO_dup_ex_data(CRYPTO_EX_INDEX_APP, &obj->ex_data, + &in->ex_data); + OPENSSL_assert(obj->st != 0); + return obj; +} + +int main() +{ + MYOBJ *t1, *t2, *t3; + MYOBJ_EX_DATA *ex_data; + const char *cp; + char *p; + + p = OPENSSL_strdup("hello world"); + saved_argl = 21; + saved_argp = OPENSSL_malloc(1); + saved_idx = CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_APP, + saved_argl, saved_argp, + exnew, exdup, exfree); + saved_idx2 = CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_APP, + saved_argl, saved_argp, + exnew2, exdup2, exfree2); + t1 = MYOBJ_new(); + t2 = MYOBJ_new(); + OPENSSL_assert(t1->st && t2->st); + ex_data = CRYPTO_get_ex_data(&t1->ex_data, saved_idx2); + OPENSSL_assert(ex_data != NULL); + ex_data = CRYPTO_get_ex_data(&t2->ex_data, saved_idx2); + OPENSSL_assert(ex_data != NULL); + MYOBJ_sethello(t1, p); + cp = MYOBJ_gethello(t1); + OPENSSL_assert(cp == p); + cp = MYOBJ_gethello(t2); + OPENSSL_assert(cp == NULL); + MYOBJ_sethello2(t1, p); + cp = MYOBJ_gethello2(t1); + OPENSSL_assert(cp == p); + OPENSSL_assert(t1->st); + cp = MYOBJ_gethello2(t2); + OPENSSL_assert(cp == NULL); + OPENSSL_assert(t2->st); + t3 = MYOBJ_dup(t1); + ex_data = CRYPTO_get_ex_data(&t3->ex_data, saved_idx2); + OPENSSL_assert(ex_data != NULL); + OPENSSL_assert(ex_data->dup); + cp = MYOBJ_gethello(t3); + OPENSSL_assert(cp == p); + cp = MYOBJ_gethello2(t3); + OPENSSL_assert(cp == p); + OPENSSL_assert(t3->st); + MYOBJ_free(t1); + MYOBJ_free(t2); + MYOBJ_free(t3); + OPENSSL_free(saved_argp); + OPENSSL_free(p); + return 0; +} diff --git a/openssl-1.1.0h/test/exptest.c b/openssl-1.1.0h/test/exptest.c new file mode 100644 index 0000000..9bc6e75 --- /dev/null +++ b/openssl-1.1.0h/test/exptest.c @@ -0,0 +1,270 @@ +/* + * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#include +#include +#include + +#include "../e_os.h" + +#include +#include +#include +#include + +#define NUM_BITS (BN_BITS2 * 4) + +static const char rnd_seed[] = + "string to make the random number generator think it has entropy"; + +/* + * Test that r == 0 in test_exp_mod_zero(). Returns one on success, + * returns zero and prints debug output otherwise. + */ +static int a_is_zero_mod_one(const char *method, const BIGNUM *r, + const BIGNUM *a) { + if (!BN_is_zero(r)) { + fprintf(stderr, "%s failed:\n", method); + fprintf(stderr, "a ** 0 mod 1 = r (should be 0)\n"); + fprintf(stderr, "a = "); + BN_print_fp(stderr, a); + fprintf(stderr, "\nr = "); + BN_print_fp(stderr, r); + fprintf(stderr, "\n"); + return 0; + } + return 1; +} + +/* + * test_exp_mod_zero tests that x**0 mod 1 == 0. It returns zero on success. + */ +static int test_exp_mod_zero() +{ + BIGNUM *a = NULL, *p = NULL, *m = NULL; + BIGNUM *r = NULL; + BN_ULONG one_word = 1; + BN_CTX *ctx = BN_CTX_new(); + int ret = 1, failed = 0; + + m = BN_new(); + if (!m) + goto err; + BN_one(m); + + a = BN_new(); + if (!a) + goto err; + BN_one(a); + + p = BN_new(); + if (!p) + goto err; + BN_zero(p); + + r = BN_new(); + if (!r) + goto err; + + if (!BN_rand(a, 1024, BN_RAND_TOP_ONE, BN_RAND_BOTTOM_ANY)) + goto err; + + if (!BN_mod_exp(r, a, p, m, ctx)) + goto err; + + if (!a_is_zero_mod_one("BN_mod_exp", r, a)) + failed = 1; + + if (!BN_mod_exp_recp(r, a, p, m, ctx)) + goto err; + + if (!a_is_zero_mod_one("BN_mod_exp_recp", r, a)) + failed = 1; + + if (!BN_mod_exp_simple(r, a, p, m, ctx)) + goto err; + + if (!a_is_zero_mod_one("BN_mod_exp_simple", r, a)) + failed = 1; + + if (!BN_mod_exp_mont(r, a, p, m, ctx, NULL)) + goto err; + + if (!a_is_zero_mod_one("BN_mod_exp_mont", r, a)) + failed = 1; + + if (!BN_mod_exp_mont_consttime(r, a, p, m, ctx, NULL)) { + goto err; + } + + if (!a_is_zero_mod_one("BN_mod_exp_mont_consttime", r, a)) + failed = 1; + + /* + * A different codepath exists for single word multiplication + * in non-constant-time only. + */ + if (!BN_mod_exp_mont_word(r, one_word, p, m, ctx, NULL)) + goto err; + + if (!BN_is_zero(r)) { + fprintf(stderr, "BN_mod_exp_mont_word failed:\n"); + fprintf(stderr, "1 ** 0 mod 1 = r (should be 0)\n"); + fprintf(stderr, "r = "); + BN_print_fp(stderr, r); + fprintf(stderr, "\n"); + return 0; + } + + ret = failed; + + err: + BN_free(r); + BN_free(a); + BN_free(p); + BN_free(m); + BN_CTX_free(ctx); + + return ret; +} + +int main(int argc, char *argv[]) +{ + BN_CTX *ctx; + BIO *out = NULL; + int i, ret; + unsigned char c; + BIGNUM *r_mont, *r_mont_const, *r_recp, *r_simple, *a, *b, *m; + + /* + * Seed or BN_rand may fail, and we don't even check its return + * value (which we should) + */ + RAND_seed(rnd_seed, sizeof(rnd_seed)); + + ctx = BN_CTX_new(); + if (ctx == NULL) + EXIT(1); + r_mont = BN_new(); + r_mont_const = BN_new(); + r_recp = BN_new(); + r_simple = BN_new(); + a = BN_new(); + b = BN_new(); + m = BN_new(); + if ((r_mont == NULL) || (r_recp == NULL) || (a == NULL) || (b == NULL)) + goto err; + + out = BIO_new(BIO_s_file()); + + if (out == NULL) + EXIT(1); + BIO_set_fp(out, stdout, BIO_NOCLOSE | BIO_FP_TEXT); + + for (i = 0; i < 200; i++) { + RAND_bytes(&c, 1); + c = (c % BN_BITS) - BN_BITS2; + BN_rand(a, NUM_BITS + c, BN_RAND_TOP_ONE, BN_RAND_BOTTOM_ANY); + + RAND_bytes(&c, 1); + c = (c % BN_BITS) - BN_BITS2; + BN_rand(b, NUM_BITS + c, BN_RAND_TOP_ONE, BN_RAND_BOTTOM_ANY); + + RAND_bytes(&c, 1); + c = (c % BN_BITS) - BN_BITS2; + BN_rand(m, NUM_BITS + c, BN_RAND_TOP_ONE, BN_RAND_BOTTOM_ODD); + + BN_mod(a, a, m, ctx); + BN_mod(b, b, m, ctx); + + ret = BN_mod_exp_mont(r_mont, a, b, m, ctx, NULL); + if (ret <= 0) { + printf("BN_mod_exp_mont() problems\n"); + ERR_print_errors(out); + EXIT(1); + } + + ret = BN_mod_exp_recp(r_recp, a, b, m, ctx); + if (ret <= 0) { + printf("BN_mod_exp_recp() problems\n"); + ERR_print_errors(out); + EXIT(1); + } + + ret = BN_mod_exp_simple(r_simple, a, b, m, ctx); + if (ret <= 0) { + printf("BN_mod_exp_simple() problems\n"); + ERR_print_errors(out); + EXIT(1); + } + + ret = BN_mod_exp_mont_consttime(r_mont_const, a, b, m, ctx, NULL); + if (ret <= 0) { + printf("BN_mod_exp_mont_consttime() problems\n"); + ERR_print_errors(out); + EXIT(1); + } + + if (BN_cmp(r_simple, r_mont) == 0 + && BN_cmp(r_simple, r_recp) == 0 + && BN_cmp(r_simple, r_mont_const) == 0) { + printf("."); + fflush(stdout); + } else { + if (BN_cmp(r_simple, r_mont) != 0) + printf("\nsimple and mont results differ\n"); + if (BN_cmp(r_simple, r_mont_const) != 0) + printf("\nsimple and mont const time results differ\n"); + if (BN_cmp(r_simple, r_recp) != 0) + printf("\nsimple and recp results differ\n"); + + printf("a (%3d) = ", BN_num_bits(a)); + BN_print(out, a); + printf("\nb (%3d) = ", BN_num_bits(b)); + BN_print(out, b); + printf("\nm (%3d) = ", BN_num_bits(m)); + BN_print(out, m); + printf("\nsimple ="); + BN_print(out, r_simple); + printf("\nrecp ="); + BN_print(out, r_recp); + printf("\nmont ="); + BN_print(out, r_mont); + printf("\nmont_ct ="); + BN_print(out, r_mont_const); + printf("\n"); + EXIT(1); + } + } + BN_free(r_mont); + BN_free(r_mont_const); + BN_free(r_recp); + BN_free(r_simple); + BN_free(a); + BN_free(b); + BN_free(m); + BN_CTX_free(ctx); + + if (test_exp_mod_zero() != 0) + goto err; + +#ifndef OPENSSL_NO_CRYPTO_MDEBUG + if (CRYPTO_mem_leaks(out) <= 0) + goto err; +#endif + BIO_free(out); + printf("\n"); + + printf("done\n"); + + EXIT(0); + err: + ERR_print_errors(out); + EXIT(1); +} diff --git a/openssl-1.1.0h/test/fatalerrtest.c b/openssl-1.1.0h/test/fatalerrtest.c new file mode 100644 index 0000000..d52daa2 --- /dev/null +++ b/openssl-1.1.0h/test/fatalerrtest.c @@ -0,0 +1,125 @@ +/* + * Copyright 2017-2018 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#include +#include +#include "ssltestlib.h" +#include "testutil.h" +#include + +static char *cert = NULL; +static char *privkey = NULL; + +static int test_fatalerr(void) +{ + SSL_CTX *sctx = NULL, *cctx = NULL; + SSL *sssl = NULL, *cssl = NULL; + const char *msg = "Dummy"; + BIO *wbio = NULL; + int ret = 0, len; + char buf[80]; + unsigned char dummyrec[] = { + 0x17, 0x03, 0x03, 0x00, 0x05, 'D', 'u', 'm', 'm', 'y' + }; + + if (!create_ssl_ctx_pair(SSLv23_method(), SSLv23_method(), + SSL3_VERSION, TLS_MAX_VERSION, &sctx, &cctx, + cert, privkey)) { + printf("Failed to create SSL_CTX pair\n"); + goto err; + } + + /* + * Deliberately set the cipher lists for client and server to be different + * to force a handshake failure. + */ + if (!SSL_CTX_set_cipher_list(sctx, "AES128-SHA") + || !SSL_CTX_set_cipher_list(cctx, "AES256-SHA")) { + printf("Failed to set cipher lists\n"); + goto err; + } + + if (!create_ssl_objects(sctx, cctx, &sssl, &cssl, NULL, NULL)) { + printf("Failed to create SSL objectx\n"); + goto err; + } + + wbio = SSL_get_wbio(cssl); + if (wbio == NULL) { + printf("Unexpected NULL bio received\n"); + goto err; + } + + if (create_ssl_connection(sssl, cssl)) { + printf("Unexpected success creating a connection\n"); + goto err; + } + + ERR_clear_error(); + + /* Inject a plaintext record from client to server */ + if (BIO_write(wbio, dummyrec, sizeof(dummyrec)) <= 0) { + printf("Unexpected failure injecting dummy record\n"); + goto err; + } + + /* SSL_read()/SSL_write should fail because of a previous fatal error */ + if ((len = SSL_read(sssl, buf, sizeof(buf) - 1)) > 0) { + buf[len] = '\0'; + printf("Unexpected success reading data: %s\n", buf); + goto err; + } + if (SSL_write(sssl, msg, strlen(msg)) > 0) { + printf("Unexpected success writing data\n"); + goto err; + } + + ret = 1; + err: + SSL_free(sssl); + SSL_free(cssl); + SSL_CTX_free(sctx); + SSL_CTX_free(cctx); + + return ret; +} + +int main(int argc, char *argv[]) +{ + BIO *err = NULL; + int testresult = 1; + + if (argc != 3) { + printf("Invalid argument count\n"); + return 1; + } + + cert = argv[1]; + privkey = argv[2]; + + err = BIO_new_fp(stderr, BIO_NOCLOSE | BIO_FP_TEXT); + + CRYPTO_set_mem_debug(1); + CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON); + + ADD_TEST(test_fatalerr); + + testresult = run_tests(argv[0]); + +#ifndef OPENSSL_NO_CRYPTO_MDEBUG + if (CRYPTO_mem_leaks(err) <= 0) + testresult = 1; +#endif + BIO_free(err); + + if (!testresult) + printf("PASS\n"); + + return testresult; +} diff --git a/openssl-1.1.0h/test/generate_buildtest.pl b/openssl-1.1.0h/test/generate_buildtest.pl new file mode 100644 index 0000000..0a9d879 --- /dev/null +++ b/openssl-1.1.0h/test/generate_buildtest.pl @@ -0,0 +1,34 @@ +#! /usr/bin/env perl +# Copyright 2016 The OpenSSL Project Authors. All Rights Reserved. +# +# Licensed under the OpenSSL license (the "License"). You may not use +# this file except in compliance with the License. You can obtain a copy +# in the file LICENSE in the source distribution or at +# https://www.openssl.org/source/license.html + +use strict; +use warnings; + +# First argument is name; +my $name = shift @ARGV; +my $name_uc = uc $name; +# All other arguments are ignored for now + +print <<"_____"; +/* + * Generated with test/generate_buildtest.pl, to check that such a simple + * program builds. + */ +#include +#ifndef OPENSSL_NO_STDIO +# include +#endif +#ifndef OPENSSL_NO_${name_uc} +# include +#endif + +int main() +{ + return 0; +} +_____ diff --git a/openssl-1.1.0h/test/generate_ssl_tests.pl b/openssl-1.1.0h/test/generate_ssl_tests.pl new file mode 100644 index 0000000..47a328c --- /dev/null +++ b/openssl-1.1.0h/test/generate_ssl_tests.pl @@ -0,0 +1,141 @@ +#! /usr/bin/env perl +# Copyright 2016 The OpenSSL Project Authors. All Rights Reserved. +# +# Licensed under the OpenSSL license (the "License"). You may not use +# this file except in compliance with the License. You can obtain a copy +# in the file LICENSE in the source distribution or at +# https://www.openssl.org/source/license.html + +## SSL testcase generator + +use strict; +use warnings; + +use File::Basename; +use File::Spec::Functions; + +use OpenSSL::Test qw/srctop_dir srctop_file/; +use OpenSSL::Test::Utils; + +# This block needs to run before 'use lib srctop_dir' directives. +BEGIN { + OpenSSL::Test::setup("no_test_here"); +} + +use lib srctop_dir("util", "perl"); # for with_fallback +use lib srctop_dir("test", "ssl-tests"); # for ssltests_base + +use with_fallback qw(Text::Template); + +use vars qw/@ISA/; +push (@ISA, qw/Text::Template/); + +use ssltests_base; + +sub print_templates { + my $source = srctop_file("test", "ssl_test.tmpl"); + my $template = Text::Template->new(TYPE => 'FILE', SOURCE => $source); + + print "# Generated with generate_ssl_tests.pl\n\n"; + + my $num = scalar @ssltests::tests; + + # Add the implicit base configuration. + foreach my $test (@ssltests::tests) { + $test->{"server"} = { (%ssltests::base_server, %{$test->{"server"}}) }; + if (defined $test->{"server2"}) { + $test->{"server2"} = { (%ssltests::base_server, %{$test->{"server2"}}) }; + } else { + if ($test->{"server"}->{"extra"} && + defined $test->{"server"}->{"extra"}->{"ServerNameCallback"}) { + # Default is the same as server. + $test->{"reuse_server2"} = 1; + } + # Do not emit an empty/duplicate "server2" section. + $test->{"server2"} = { }; + } + if (defined $test->{"resume_server"}) { + $test->{"resume_server"} = { (%ssltests::base_server, %{$test->{"resume_server"}}) }; + } else { + if (defined $test->{"test"}->{"HandshakeMode"} && + $test->{"test"}->{"HandshakeMode"} eq "Resume") { + # Default is the same as server. + $test->{"reuse_resume_server"} = 1; + } + # Do not emit an empty/duplicate "resume-server" section. + $test->{"resume_server"} = { }; + } + $test->{"client"} = { (%ssltests::base_client, %{$test->{"client"}}) }; + if (defined $test->{"resume_client"}) { + $test->{"resume_client"} = { (%ssltests::base_client, %{$test->{"resume_client"}}) }; + } else { + if (defined $test->{"test"}->{"HandshakeMode"} && + $test->{"test"}->{"HandshakeMode"} eq "Resume") { + # Default is the same as client. + $test->{"reuse_resume_client"} = 1; + } + # Do not emit an empty/duplicate "resume-client" section. + $test->{"resume_client"} = { }; + } + } + + # ssl_test expects to find a + # + # num_tests = n + # + # directive in the file. It'll then look for configuration directives + # for n tests, that each look like this: + # + # test-n = test-section + # + # [test-section] + # (SSL modules for client and server configuration go here.) + # + # [test-n] + # (Test configuration goes here.) + print "num_tests = $num\n\n"; + + # The conf module locations must come before everything else, because + # they look like + # + # test-n = test-section + # + # and you can't mix and match them with sections. + my $idx = 0; + + foreach my $test (@ssltests::tests) { + my $testname = "${idx}-" . $test->{'name'}; + print "test-$idx = $testname\n"; + $idx++; + } + + $idx = 0; + + foreach my $test (@ssltests::tests) { + my $testname = "${idx}-" . $test->{'name'}; + my $text = $template->fill_in( + HASH => [{ idx => $idx, testname => $testname } , $test], + DELIMITERS => [ "{-", "-}" ]); + print "# ===========================================================\n\n"; + print "$text\n"; + $idx++; + } +} + +# Shamelessly copied from Configure. +sub read_config { + my $fname = shift; + open(INPUT, "< $fname") or die "Can't open input file '$fname'!\n"; + local $/ = undef; + my $content = ; + close(INPUT); + eval $content; + warn $@ if $@; +} + +my $input_file = shift; +# Reads the tests into ssltests::tests. +read_config($input_file); +print_templates(); + +1; diff --git a/openssl-1.1.0h/test/gmdifftest.c b/openssl-1.1.0h/test/gmdifftest.c new file mode 100644 index 0000000..73c910d --- /dev/null +++ b/openssl-1.1.0h/test/gmdifftest.c @@ -0,0 +1,81 @@ +/* + * Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#include +#include + +#define SECS_PER_DAY (24 * 60 * 60) + +/* + * Time checking test code. Check times are identical for a wide range of + * offsets. This should be run on a machine with 64 bit time_t or it will + * trigger the very errors the routines fix. + */ + +static int check_time(long offset) +{ + struct tm tm1, tm2, o1; + int off_day, off_sec; + long toffset; + time_t t1, t2; + time(&t1); + + t2 = t1 + offset; + OPENSSL_gmtime(&t2, &tm2); + OPENSSL_gmtime(&t1, &tm1); + o1 = tm1; + OPENSSL_gmtime_adj(&tm1, 0, offset); + if ((tm1.tm_year != tm2.tm_year) || + (tm1.tm_mon != tm2.tm_mon) || + (tm1.tm_mday != tm2.tm_mday) || + (tm1.tm_hour != tm2.tm_hour) || + (tm1.tm_min != tm2.tm_min) || (tm1.tm_sec != tm2.tm_sec)) { + fprintf(stderr, "TIME ERROR!!\n"); + fprintf(stderr, "Time1: %d/%d/%d, %d:%02d:%02d\n", + tm2.tm_mday, tm2.tm_mon + 1, tm2.tm_year + 1900, + tm2.tm_hour, tm2.tm_min, tm2.tm_sec); + fprintf(stderr, "Time2: %d/%d/%d, %d:%02d:%02d\n", + tm1.tm_mday, tm1.tm_mon + 1, tm1.tm_year + 1900, + tm1.tm_hour, tm1.tm_min, tm1.tm_sec); + return 0; + } + if (!OPENSSL_gmtime_diff(&off_day, &off_sec, &o1, &tm1)) + return 0; + toffset = (long)off_day *SECS_PER_DAY + off_sec; + if (offset != toffset) { + fprintf(stderr, "TIME OFFSET ERROR!!\n"); + fprintf(stderr, "Expected %ld, Got %ld (%d:%d)\n", + offset, toffset, off_day, off_sec); + return 0; + } + return 1; +} + +int main(int argc, char **argv) +{ + long offset; + int fails; + + if (sizeof(time_t) < 8) { + fprintf(stderr, "Skipping; time_t is less than 64-bits\n"); + return 0; + } + for (fails = 0, offset = 0; offset < 1000000; offset++) { + if (!check_time(offset)) + fails++; + if (!check_time(-offset)) + fails++; + if (!check_time(offset * 1000)) + fails++; + if (!check_time(-offset * 1000)) + fails++; + } + + return fails ? 1 : 0; +} diff --git a/openssl-1.1.0h/test/handshake_helper.c b/openssl-1.1.0h/test/handshake_helper.c new file mode 100644 index 0000000..41a2c00 --- /dev/null +++ b/openssl-1.1.0h/test/handshake_helper.c @@ -0,0 +1,1106 @@ +/* + * Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#include + +#include +#include +#include + +#include "handshake_helper.h" +#include "testutil.h" + +HANDSHAKE_RESULT *HANDSHAKE_RESULT_new() +{ + HANDSHAKE_RESULT *ret = OPENSSL_zalloc(sizeof(*ret)); + TEST_check(ret != NULL); + return ret; +} + +void HANDSHAKE_RESULT_free(HANDSHAKE_RESULT *result) +{ + if (result == NULL) + return; + OPENSSL_free(result->client_npn_negotiated); + OPENSSL_free(result->server_npn_negotiated); + OPENSSL_free(result->client_alpn_negotiated); + OPENSSL_free(result->server_alpn_negotiated); + OPENSSL_free(result); +} + +/* + * Since there appears to be no way to extract the sent/received alert + * from the SSL object directly, we use the info callback and stash + * the result in ex_data. + */ +typedef struct handshake_ex_data_st { + int alert_sent; + int num_fatal_alerts_sent; + int alert_received; + int session_ticket_do_not_call; + ssl_servername_t servername; +} HANDSHAKE_EX_DATA; + +typedef struct ctx_data_st { + unsigned char *npn_protocols; + size_t npn_protocols_len; + unsigned char *alpn_protocols; + size_t alpn_protocols_len; +} CTX_DATA; + +/* |ctx_data| itself is stack-allocated. */ +static void ctx_data_free_data(CTX_DATA *ctx_data) +{ + OPENSSL_free(ctx_data->npn_protocols); + ctx_data->npn_protocols = NULL; + OPENSSL_free(ctx_data->alpn_protocols); + ctx_data->alpn_protocols = NULL; +} + +static int ex_data_idx; + +static void info_cb(const SSL *s, int where, int ret) +{ + if (where & SSL_CB_ALERT) { + HANDSHAKE_EX_DATA *ex_data = + (HANDSHAKE_EX_DATA*)(SSL_get_ex_data(s, ex_data_idx)); + if (where & SSL_CB_WRITE) { + ex_data->alert_sent = ret; + if (strcmp(SSL_alert_type_string(ret), "F") == 0 + || strcmp(SSL_alert_desc_string(ret), "CN") == 0) + ex_data->num_fatal_alerts_sent++; + } else { + ex_data->alert_received = ret; + } + } +} + +/* Select the appropriate server CTX. + * Returns SSL_TLSEXT_ERR_OK if a match was found. + * If |ignore| is 1, returns SSL_TLSEXT_ERR_NOACK on mismatch. + * Otherwise, returns SSL_TLSEXT_ERR_ALERT_FATAL on mismatch. + * An empty SNI extension also returns SSL_TSLEXT_ERR_NOACK. + */ +static int select_server_ctx(SSL *s, void *arg, int ignore) +{ + const char *servername = SSL_get_servername(s, TLSEXT_NAMETYPE_host_name); + HANDSHAKE_EX_DATA *ex_data = + (HANDSHAKE_EX_DATA*)(SSL_get_ex_data(s, ex_data_idx)); + + if (servername == NULL) { + ex_data->servername = SSL_TEST_SERVERNAME_SERVER1; + return SSL_TLSEXT_ERR_NOACK; + } + + if (strcmp(servername, "server2") == 0) { + SSL_CTX *new_ctx = (SSL_CTX*)arg; + SSL_set_SSL_CTX(s, new_ctx); + /* + * Copy over all the SSL_CTX options - reasonable behavior + * allows testing of cases where the options between two + * contexts differ/conflict + */ + SSL_clear_options(s, 0xFFFFFFFFL); + SSL_set_options(s, SSL_CTX_get_options(new_ctx)); + + ex_data->servername = SSL_TEST_SERVERNAME_SERVER2; + return SSL_TLSEXT_ERR_OK; + } else if (strcmp(servername, "server1") == 0) { + ex_data->servername = SSL_TEST_SERVERNAME_SERVER1; + return SSL_TLSEXT_ERR_OK; + } else if (ignore) { + ex_data->servername = SSL_TEST_SERVERNAME_SERVER1; + return SSL_TLSEXT_ERR_NOACK; + } else { + /* Don't set an explicit alert, to test library defaults. */ + return SSL_TLSEXT_ERR_ALERT_FATAL; + } +} + +/* + * (RFC 6066): + * If the server understood the ClientHello extension but + * does not recognize the server name, the server SHOULD take one of two + * actions: either abort the handshake by sending a fatal-level + * unrecognized_name(112) alert or continue the handshake. + * + * This behaviour is up to the application to configure; we test both + * configurations to ensure the state machine propagates the result + * correctly. + */ +static int servername_ignore_cb(SSL *s, int *ad, void *arg) +{ + return select_server_ctx(s, arg, 1); +} + +static int servername_reject_cb(SSL *s, int *ad, void *arg) +{ + return select_server_ctx(s, arg, 0); +} + +static unsigned char dummy_ocsp_resp_good_val = 0xff; +static unsigned char dummy_ocsp_resp_bad_val = 0xfe; + +static int server_ocsp_cb(SSL *s, void *arg) +{ + unsigned char *resp; + + resp = OPENSSL_malloc(1); + if (resp == NULL) + return SSL_TLSEXT_ERR_ALERT_FATAL; + /* + * For the purposes of testing we just send back a dummy OCSP response + */ + *resp = *(unsigned char *)arg; + if (!SSL_set_tlsext_status_ocsp_resp(s, resp, 1)) + return SSL_TLSEXT_ERR_ALERT_FATAL; + + return SSL_TLSEXT_ERR_OK; +} + +static int client_ocsp_cb(SSL *s, void *arg) +{ + const unsigned char *resp; + int len; + + len = SSL_get_tlsext_status_ocsp_resp(s, &resp); + if (len != 1 || *resp != dummy_ocsp_resp_good_val) + return 0; + + return 1; +} + +static int verify_reject_cb(X509_STORE_CTX *ctx, void *arg) { + X509_STORE_CTX_set_error(ctx, X509_V_ERR_APPLICATION_VERIFICATION); + return 0; +} + +static int verify_accept_cb(X509_STORE_CTX *ctx, void *arg) { + return 1; +} + +static int broken_session_ticket_cb(SSL *s, unsigned char *key_name, unsigned char *iv, + EVP_CIPHER_CTX *ctx, HMAC_CTX *hctx, int enc) +{ + return 0; +} + +static int do_not_call_session_ticket_cb(SSL *s, unsigned char *key_name, + unsigned char *iv, + EVP_CIPHER_CTX *ctx, + HMAC_CTX *hctx, int enc) +{ + HANDSHAKE_EX_DATA *ex_data = + (HANDSHAKE_EX_DATA*)(SSL_get_ex_data(s, ex_data_idx)); + ex_data->session_ticket_do_not_call = 1; + return 0; +} + +/* Parse the comma-separated list into TLS format. */ +static void parse_protos(const char *protos, unsigned char **out, size_t *outlen) +{ + size_t len, i, prefix; + + len = strlen(protos); + + /* Should never have reuse. */ + TEST_check(*out == NULL); + + /* Test values are small, so we omit length limit checks. */ + *out = OPENSSL_malloc(len + 1); + TEST_check(*out != NULL); + *outlen = len + 1; + + /* + * foo => '3', 'f', 'o', 'o' + * foo,bar => '3', 'f', 'o', 'o', '3', 'b', 'a', 'r' + */ + memcpy(*out + 1, protos, len); + + prefix = 0; + i = prefix + 1; + while (i <= len) { + if ((*out)[i] == ',') { + TEST_check(i - 1 - prefix > 0); + (*out)[prefix] = i - 1 - prefix; + prefix = i; + } + i++; + } + TEST_check(len - prefix > 0); + (*out)[prefix] = len - prefix; +} + +#ifndef OPENSSL_NO_NEXTPROTONEG +/* + * The client SHOULD select the first protocol advertised by the server that it + * also supports. In the event that the client doesn't support any of server's + * protocols, or the server doesn't advertise any, it SHOULD select the first + * protocol that it supports. + */ +static int client_npn_cb(SSL *s, unsigned char **out, unsigned char *outlen, + const unsigned char *in, unsigned int inlen, + void *arg) +{ + CTX_DATA *ctx_data = (CTX_DATA*)(arg); + int ret; + + ret = SSL_select_next_proto(out, outlen, in, inlen, + ctx_data->npn_protocols, + ctx_data->npn_protocols_len); + /* Accept both OPENSSL_NPN_NEGOTIATED and OPENSSL_NPN_NO_OVERLAP. */ + TEST_check(ret == OPENSSL_NPN_NEGOTIATED || ret == OPENSSL_NPN_NO_OVERLAP); + return SSL_TLSEXT_ERR_OK; +} + +static int server_npn_cb(SSL *s, const unsigned char **data, + unsigned int *len, void *arg) +{ + CTX_DATA *ctx_data = (CTX_DATA*)(arg); + *data = ctx_data->npn_protocols; + *len = ctx_data->npn_protocols_len; + return SSL_TLSEXT_ERR_OK; +} +#endif + +/* + * The server SHOULD select the most highly preferred protocol that it supports + * and that is also advertised by the client. In the event that the server + * supports no protocols that the client advertises, then the server SHALL + * respond with a fatal "no_application_protocol" alert. + */ +static int server_alpn_cb(SSL *s, const unsigned char **out, + unsigned char *outlen, const unsigned char *in, + unsigned int inlen, void *arg) +{ + CTX_DATA *ctx_data = (CTX_DATA*)(arg); + int ret; + + /* SSL_select_next_proto isn't const-correct... */ + unsigned char *tmp_out; + + /* + * The result points either to |in| or to |ctx_data->alpn_protocols|. + * The callback is allowed to point to |in| or to a long-lived buffer, + * so we can return directly without storing a copy. + */ + ret = SSL_select_next_proto(&tmp_out, outlen, + ctx_data->alpn_protocols, + ctx_data->alpn_protocols_len, in, inlen); + + *out = tmp_out; + /* Unlike NPN, we don't tolerate a mismatch. */ + return ret == OPENSSL_NPN_NEGOTIATED ? SSL_TLSEXT_ERR_OK + : SSL_TLSEXT_ERR_ALERT_FATAL; +} + +/* + * Configure callbacks and other properties that can't be set directly + * in the server/client CONF. + */ +static void configure_handshake_ctx(SSL_CTX *server_ctx, SSL_CTX *server2_ctx, + SSL_CTX *client_ctx, + const SSL_TEST_CTX *test, + const SSL_TEST_EXTRA_CONF *extra, + CTX_DATA *server_ctx_data, + CTX_DATA *server2_ctx_data, + CTX_DATA *client_ctx_data) +{ + unsigned char *ticket_keys; + size_t ticket_key_len; + + TEST_check(SSL_CTX_set_max_send_fragment(server_ctx, + test->max_fragment_size) == 1); + if (server2_ctx != NULL) { + TEST_check(SSL_CTX_set_max_send_fragment(server2_ctx, + test->max_fragment_size) == 1); + } + TEST_check(SSL_CTX_set_max_send_fragment(client_ctx, + test->max_fragment_size) == 1); + + switch (extra->client.verify_callback) { + case SSL_TEST_VERIFY_ACCEPT_ALL: + SSL_CTX_set_cert_verify_callback(client_ctx, &verify_accept_cb, + NULL); + break; + case SSL_TEST_VERIFY_REJECT_ALL: + SSL_CTX_set_cert_verify_callback(client_ctx, &verify_reject_cb, + NULL); + break; + default: + break; + } + + /* link the two contexts for SNI purposes */ + switch (extra->server.servername_callback) { + case SSL_TEST_SERVERNAME_IGNORE_MISMATCH: + SSL_CTX_set_tlsext_servername_callback(server_ctx, servername_ignore_cb); + SSL_CTX_set_tlsext_servername_arg(server_ctx, server2_ctx); + break; + case SSL_TEST_SERVERNAME_REJECT_MISMATCH: + SSL_CTX_set_tlsext_servername_callback(server_ctx, servername_reject_cb); + SSL_CTX_set_tlsext_servername_arg(server_ctx, server2_ctx); + break; + default: + break; + } + + if (extra->server.cert_status != SSL_TEST_CERT_STATUS_NONE) { + SSL_CTX_set_tlsext_status_type(client_ctx, TLSEXT_STATUSTYPE_ocsp); + SSL_CTX_set_tlsext_status_cb(client_ctx, client_ocsp_cb); + SSL_CTX_set_tlsext_status_arg(client_ctx, NULL); + SSL_CTX_set_tlsext_status_cb(server_ctx, server_ocsp_cb); + SSL_CTX_set_tlsext_status_arg(server_ctx, + ((extra->server.cert_status == SSL_TEST_CERT_STATUS_GOOD_RESPONSE) + ? &dummy_ocsp_resp_good_val : &dummy_ocsp_resp_bad_val)); + } + + /* + * The initial_ctx/session_ctx always handles the encrypt/decrypt of the + * session ticket. This ticket_key callback is assigned to the second + * session (assigned via SNI), and should never be invoked + */ + if (server2_ctx != NULL) + SSL_CTX_set_tlsext_ticket_key_cb(server2_ctx, + do_not_call_session_ticket_cb); + + if (extra->server.broken_session_ticket) { + SSL_CTX_set_tlsext_ticket_key_cb(server_ctx, broken_session_ticket_cb); + } +#ifndef OPENSSL_NO_NEXTPROTONEG + if (extra->server.npn_protocols != NULL) { + parse_protos(extra->server.npn_protocols, + &server_ctx_data->npn_protocols, + &server_ctx_data->npn_protocols_len); + SSL_CTX_set_next_protos_advertised_cb(server_ctx, server_npn_cb, + server_ctx_data); + } + if (extra->server2.npn_protocols != NULL) { + parse_protos(extra->server2.npn_protocols, + &server2_ctx_data->npn_protocols, + &server2_ctx_data->npn_protocols_len); + TEST_check(server2_ctx != NULL); + SSL_CTX_set_next_protos_advertised_cb(server2_ctx, server_npn_cb, + server2_ctx_data); + } + if (extra->client.npn_protocols != NULL) { + parse_protos(extra->client.npn_protocols, + &client_ctx_data->npn_protocols, + &client_ctx_data->npn_protocols_len); + SSL_CTX_set_next_proto_select_cb(client_ctx, client_npn_cb, + client_ctx_data); + } +#endif + if (extra->server.alpn_protocols != NULL) { + parse_protos(extra->server.alpn_protocols, + &server_ctx_data->alpn_protocols, + &server_ctx_data->alpn_protocols_len); + SSL_CTX_set_alpn_select_cb(server_ctx, server_alpn_cb, server_ctx_data); + } + if (extra->server2.alpn_protocols != NULL) { + TEST_check(server2_ctx != NULL); + parse_protos(extra->server2.alpn_protocols, + &server2_ctx_data->alpn_protocols, + &server2_ctx_data->alpn_protocols_len); + SSL_CTX_set_alpn_select_cb(server2_ctx, server_alpn_cb, server2_ctx_data); + } + if (extra->client.alpn_protocols != NULL) { + unsigned char *alpn_protos = NULL; + size_t alpn_protos_len; + parse_protos(extra->client.alpn_protocols, + &alpn_protos, &alpn_protos_len); + /* Reversed return value convention... */ + TEST_check(SSL_CTX_set_alpn_protos(client_ctx, alpn_protos, + alpn_protos_len) == 0); + OPENSSL_free(alpn_protos); + } + + /* + * Use fixed session ticket keys so that we can decrypt a ticket created with + * one CTX in another CTX. Don't address server2 for the moment. + */ + ticket_key_len = SSL_CTX_set_tlsext_ticket_keys(server_ctx, NULL, 0); + ticket_keys = OPENSSL_zalloc(ticket_key_len); + TEST_check(ticket_keys != NULL); + TEST_check(SSL_CTX_set_tlsext_ticket_keys(server_ctx, ticket_keys, + ticket_key_len) == 1); + OPENSSL_free(ticket_keys); + + /* The default log list includes EC keys, so CT can't work without EC. */ +#if !defined(OPENSSL_NO_CT) && !defined(OPENSSL_NO_EC) + TEST_check(SSL_CTX_set_default_ctlog_list_file(client_ctx)); + switch (extra->client.ct_validation) { + case SSL_TEST_CT_VALIDATION_PERMISSIVE: + TEST_check(SSL_CTX_enable_ct(client_ctx, SSL_CT_VALIDATION_PERMISSIVE)); + break; + case SSL_TEST_CT_VALIDATION_STRICT: + TEST_check(SSL_CTX_enable_ct(client_ctx, SSL_CT_VALIDATION_STRICT)); + break; + case SSL_TEST_CT_VALIDATION_NONE: + break; + } +#endif +} + +/* Configure per-SSL callbacks and other properties. */ +static void configure_handshake_ssl(SSL *server, SSL *client, + const SSL_TEST_EXTRA_CONF *extra) +{ + if (extra->client.servername != SSL_TEST_SERVERNAME_NONE) + SSL_set_tlsext_host_name(client, + ssl_servername_name(extra->client.servername)); +} + +/* The status for each connection phase. */ +typedef enum { + PEER_SUCCESS, + PEER_RETRY, + PEER_ERROR +} peer_status_t; + +/* An SSL object and associated read-write buffers. */ +typedef struct peer_st { + SSL *ssl; + /* Buffer lengths are int to match the SSL read/write API. */ + unsigned char *write_buf; + int write_buf_len; + unsigned char *read_buf; + int read_buf_len; + int bytes_to_write; + int bytes_to_read; + peer_status_t status; +} PEER; + +static void create_peer(PEER *peer, SSL_CTX *ctx) +{ + static const int peer_buffer_size = 64 * 1024; + + peer->ssl = SSL_new(ctx); + TEST_check(peer->ssl != NULL); + peer->write_buf = OPENSSL_zalloc(peer_buffer_size); + TEST_check(peer->write_buf != NULL); + peer->read_buf = OPENSSL_zalloc(peer_buffer_size); + TEST_check(peer->read_buf != NULL); + peer->write_buf_len = peer->read_buf_len = peer_buffer_size; +} + +static void peer_free_data(PEER *peer) +{ + SSL_free(peer->ssl); + OPENSSL_free(peer->write_buf); + OPENSSL_free(peer->read_buf); +} + +/* + * Note that we could do the handshake transparently under an SSL_write, + * but separating the steps is more helpful for debugging test failures. + */ +static void do_handshake_step(PEER *peer) +{ + int ret; + + if (peer->status != PEER_RETRY) { + peer->status = PEER_ERROR; + return; + } + + ret = SSL_do_handshake(peer->ssl); + + if (ret == 1) { + peer->status = PEER_SUCCESS; + } else if (ret == 0) { + peer->status = PEER_ERROR; + } else { + int error = SSL_get_error(peer->ssl, ret); + /* Memory bios should never block with SSL_ERROR_WANT_WRITE. */ + if (error != SSL_ERROR_WANT_READ) + peer->status = PEER_ERROR; + } +} + +/*- + * Send/receive some application data. The read-write sequence is + * Peer A: (R) W - first read will yield no data + * Peer B: R W + * ... + * Peer A: R W + * Peer B: R W + * Peer A: R + */ +static void do_app_data_step(PEER *peer) +{ + int ret = 1, write_bytes; + + TEST_check(peer->status == PEER_RETRY); + + /* We read everything available... */ + while (ret > 0 && peer->bytes_to_read) { + ret = SSL_read(peer->ssl, peer->read_buf, peer->read_buf_len); + if (ret > 0) { + TEST_check(ret <= peer->bytes_to_read); + peer->bytes_to_read -= ret; + } else if (ret == 0) { + peer->status = PEER_ERROR; + return; + } else { + int error = SSL_get_error(peer->ssl, ret); + if (error != SSL_ERROR_WANT_READ) { + peer->status = PEER_ERROR; + return; + } /* Else continue with write. */ + } + } + + /* ... but we only write one write-buffer-full of data. */ + write_bytes = peer->bytes_to_write < peer->write_buf_len ? peer->bytes_to_write : + peer->write_buf_len; + if (write_bytes) { + ret = SSL_write(peer->ssl, peer->write_buf, write_bytes); + if (ret > 0) { + /* SSL_write will only succeed with a complete write. */ + TEST_check(ret == write_bytes); + peer->bytes_to_write -= ret; + } else { + /* + * We should perhaps check for SSL_ERROR_WANT_READ/WRITE here + * but this doesn't yet occur with current app data sizes. + */ + peer->status = PEER_ERROR; + return; + } + } + + /* + * We could simply finish when there was nothing to read, and we have + * nothing left to write. But keeping track of the expected number of bytes + * to read gives us somewhat better guarantees that all data sent is in fact + * received. + */ + if (!peer->bytes_to_write && !peer->bytes_to_read) { + peer->status = PEER_SUCCESS; + } +} + +static void do_reneg_setup_step(const SSL_TEST_CTX *test_ctx, PEER *peer) +{ + int ret; + char buf; + + if (peer->status == PEER_SUCCESS) { + /* + * We are a client that succeeded this step previously, but the server + * wanted to retry. Probably there is a no_renegotiation warning alert + * waiting for us. Attempt to continue the handshake. + */ + peer->status = PEER_RETRY; + do_handshake_step(peer); + return; + } + + TEST_check(peer->status == PEER_RETRY); + TEST_check(test_ctx->handshake_mode == SSL_TEST_HANDSHAKE_RENEG_SERVER + || test_ctx->handshake_mode == SSL_TEST_HANDSHAKE_RENEG_CLIENT); + + /* Check if we are the peer that is going to initiate */ + if ((test_ctx->handshake_mode == SSL_TEST_HANDSHAKE_RENEG_SERVER + && SSL_is_server(peer->ssl)) + || (test_ctx->handshake_mode == SSL_TEST_HANDSHAKE_RENEG_CLIENT + && !SSL_is_server(peer->ssl))) { + /* + * If we already asked for a renegotiation then fall through to the + * SSL_read() below. + */ + if (!SSL_renegotiate_pending(peer->ssl)) { + /* + * If we are the client we will always attempt to resume the + * session. The server may or may not resume dependant on the + * setting of SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION + */ + if (SSL_is_server(peer->ssl)) { + ret = SSL_renegotiate(peer->ssl); + } else { + if (test_ctx->extra.client.reneg_ciphers != NULL) { + if (!SSL_set_cipher_list(peer->ssl, + test_ctx->extra.client.reneg_ciphers)) { + peer->status = PEER_ERROR; + return; + } + ret = SSL_renegotiate(peer->ssl); + } else { + ret = SSL_renegotiate_abbreviated(peer->ssl); + } + } + if (!ret) { + peer->status = PEER_ERROR; + return; + } + do_handshake_step(peer); + /* + * If status is PEER_RETRY it means we're waiting on the peer to + * continue the handshake. As far as setting up the renegotiation is + * concerned that is a success. The next step will continue the + * handshake to its conclusion. + * + * If status is PEER_SUCCESS then we are the server and we have + * successfully sent the HelloRequest. We need to continue to wait + * until the handshake arrives from the client. + */ + if (peer->status == PEER_RETRY) + peer->status = PEER_SUCCESS; + else if (peer->status == PEER_SUCCESS) + peer->status = PEER_RETRY; + return; + } + } + + /* + * The SSL object is still expecting app data, even though it's going to + * get a handshake message. We try to read, and it should fail - after which + * we should be in a handshake + */ + ret = SSL_read(peer->ssl, &buf, sizeof(buf)); + if (ret >= 0) { + /* + * We're not actually expecting data - we're expecting a reneg to + * start + */ + peer->status = PEER_ERROR; + return; + } else { + int error = SSL_get_error(peer->ssl, ret); + if (error != SSL_ERROR_WANT_READ) { + peer->status = PEER_ERROR; + return; + } + /* If we're no in init yet then we're not done with setup yet */ + if (!SSL_in_init(peer->ssl)) + return; + } + + peer->status = PEER_SUCCESS; +} + + +/* + * RFC 5246 says: + * + * Note that as of TLS 1.1, + * failure to properly close a connection no longer requires that a + * session not be resumed. This is a change from TLS 1.0 to conform + * with widespread implementation practice. + * + * However, + * (a) OpenSSL requires that a connection be shutdown for all protocol versions. + * (b) We test lower versions, too. + * So we just implement shutdown. We do a full bidirectional shutdown so that we + * can compare sent and received close_notify alerts and get some test coverage + * for SSL_shutdown as a bonus. + */ +static void do_shutdown_step(PEER *peer) +{ + int ret; + + TEST_check(peer->status == PEER_RETRY); + ret = SSL_shutdown(peer->ssl); + + if (ret == 1) { + peer->status = PEER_SUCCESS; + } else if (ret < 0) { /* On 0, we retry. */ + int error = SSL_get_error(peer->ssl, ret); + /* Memory bios should never block with SSL_ERROR_WANT_WRITE. */ + if (error != SSL_ERROR_WANT_READ) + peer->status = PEER_ERROR; + } +} + +typedef enum { + HANDSHAKE, + RENEG_APPLICATION_DATA, + RENEG_SETUP, + RENEG_HANDSHAKE, + APPLICATION_DATA, + SHUTDOWN, + CONNECTION_DONE +} connect_phase_t; + +static connect_phase_t next_phase(const SSL_TEST_CTX *test_ctx, + connect_phase_t phase) +{ + switch (phase) { + case HANDSHAKE: + if (test_ctx->handshake_mode == SSL_TEST_HANDSHAKE_RENEG_SERVER + || test_ctx->handshake_mode == SSL_TEST_HANDSHAKE_RENEG_CLIENT) + return RENEG_APPLICATION_DATA; + return APPLICATION_DATA; + case RENEG_APPLICATION_DATA: + return RENEG_SETUP; + case RENEG_SETUP: + return RENEG_HANDSHAKE; + case RENEG_HANDSHAKE: + return APPLICATION_DATA; + case APPLICATION_DATA: + return SHUTDOWN; + case SHUTDOWN: + return CONNECTION_DONE; + default: + TEST_check(0); /* Should never call next_phase when done. */ + } +} + +static void do_connect_step(const SSL_TEST_CTX *test_ctx, PEER *peer, + connect_phase_t phase) +{ + switch (phase) { + case HANDSHAKE: + do_handshake_step(peer); + break; + case RENEG_APPLICATION_DATA: + do_app_data_step(peer); + break; + case RENEG_SETUP: + do_reneg_setup_step(test_ctx, peer); + break; + case RENEG_HANDSHAKE: + do_handshake_step(peer); + break; + case APPLICATION_DATA: + do_app_data_step(peer); + break; + case SHUTDOWN: + do_shutdown_step(peer); + break; + default: + TEST_check(0); + } +} + +typedef enum { + /* Both parties succeeded. */ + HANDSHAKE_SUCCESS, + /* Client errored. */ + CLIENT_ERROR, + /* Server errored. */ + SERVER_ERROR, + /* Peers are in inconsistent state. */ + INTERNAL_ERROR, + /* One or both peers not done. */ + HANDSHAKE_RETRY +} handshake_status_t; + +/* + * Determine the handshake outcome. + * last_status: the status of the peer to have acted last. + * previous_status: the status of the peer that didn't act last. + * client_spoke_last: 1 if the client went last. + */ +static handshake_status_t handshake_status(peer_status_t last_status, + peer_status_t previous_status, + int client_spoke_last) +{ + switch (last_status) { + case PEER_SUCCESS: + switch (previous_status) { + case PEER_SUCCESS: + /* Both succeeded. */ + return HANDSHAKE_SUCCESS; + case PEER_RETRY: + /* Let the first peer finish. */ + return HANDSHAKE_RETRY; + case PEER_ERROR: + /* + * Second peer succeeded despite the fact that the first peer + * already errored. This shouldn't happen. + */ + return INTERNAL_ERROR; + } + break; + + case PEER_RETRY: + return HANDSHAKE_RETRY; + + case PEER_ERROR: + switch (previous_status) { + case PEER_SUCCESS: + /* + * First peer succeeded but second peer errored. + * TODO(emilia): we should be able to continue here (with some + * application data?) to ensure the first peer receives the + * alert / close_notify. + * (No tests currently exercise this branch.) + */ + return client_spoke_last ? CLIENT_ERROR : SERVER_ERROR; + case PEER_RETRY: + /* We errored; let the peer finish. */ + return HANDSHAKE_RETRY; + case PEER_ERROR: + /* Both peers errored. Return the one that errored first. */ + return client_spoke_last ? SERVER_ERROR : CLIENT_ERROR; + } + } + /* Control should never reach here. */ + return INTERNAL_ERROR; +} + +/* Convert unsigned char buf's that shouldn't contain any NUL-bytes to char. */ +static char *dup_str(const unsigned char *in, size_t len) +{ + char *ret; + + if(len == 0) + return NULL; + + /* Assert that the string does not contain NUL-bytes. */ + TEST_check(OPENSSL_strnlen((const char*)(in), len) == len); + ret = OPENSSL_strndup((const char*)(in), len); + TEST_check(ret != NULL); + return ret; +} + +/* + * Note that |extra| points to the correct client/server configuration + * within |test_ctx|. When configuring the handshake, general mode settings + * are taken from |test_ctx|, and client/server-specific settings should be + * taken from |extra|. + * + * The configuration code should never reach into |test_ctx->extra| or + * |test_ctx->resume_extra| directly. + * + * (We could refactor test mode settings into a substructure. This would result + * in cleaner argument passing but would complicate the test configuration + * parsing.) + */ +static HANDSHAKE_RESULT *do_handshake_internal( + SSL_CTX *server_ctx, SSL_CTX *server2_ctx, SSL_CTX *client_ctx, + const SSL_TEST_CTX *test_ctx, const SSL_TEST_EXTRA_CONF *extra, + SSL_SESSION *session_in, SSL_SESSION **session_out) +{ + PEER server, client; + BIO *client_to_server, *server_to_client; + HANDSHAKE_EX_DATA server_ex_data, client_ex_data; + CTX_DATA client_ctx_data, server_ctx_data, server2_ctx_data; + HANDSHAKE_RESULT *ret = HANDSHAKE_RESULT_new(); + int client_turn = 1, client_turn_count = 0; + connect_phase_t phase = HANDSHAKE; + handshake_status_t status = HANDSHAKE_RETRY; + const unsigned char* tick = NULL; + size_t tick_len = 0; + SSL_SESSION* sess = NULL; + const unsigned char *proto = NULL; + /* API dictates unsigned int rather than size_t. */ + unsigned int proto_len = 0; + EVP_PKEY *tmp_key; + + memset(&server_ctx_data, 0, sizeof(server_ctx_data)); + memset(&server2_ctx_data, 0, sizeof(server2_ctx_data)); + memset(&client_ctx_data, 0, sizeof(client_ctx_data)); + memset(&server, 0, sizeof(server)); + memset(&client, 0, sizeof(client)); + + configure_handshake_ctx(server_ctx, server2_ctx, client_ctx, test_ctx, extra, + &server_ctx_data, &server2_ctx_data, &client_ctx_data); + + /* Setup SSL and buffers; additional configuration happens below. */ + create_peer(&server, server_ctx); + create_peer(&client, client_ctx); + + server.bytes_to_write = client.bytes_to_read = test_ctx->app_data_size; + client.bytes_to_write = server.bytes_to_read = test_ctx->app_data_size; + + configure_handshake_ssl(server.ssl, client.ssl, extra); + if (session_in != NULL) { + /* In case we're testing resumption without tickets. */ + TEST_check(SSL_CTX_add_session(server_ctx, session_in)); + TEST_check(SSL_set_session(client.ssl, session_in)); + } + + memset(&server_ex_data, 0, sizeof(server_ex_data)); + memset(&client_ex_data, 0, sizeof(client_ex_data)); + + ret->result = SSL_TEST_INTERNAL_ERROR; + + client_to_server = BIO_new(BIO_s_mem()); + server_to_client = BIO_new(BIO_s_mem()); + + TEST_check(client_to_server != NULL); + TEST_check(server_to_client != NULL); + + /* Non-blocking bio. */ + BIO_set_nbio(client_to_server, 1); + BIO_set_nbio(server_to_client, 1); + + SSL_set_connect_state(client.ssl); + SSL_set_accept_state(server.ssl); + + /* The bios are now owned by the SSL object. */ + SSL_set_bio(client.ssl, server_to_client, client_to_server); + TEST_check(BIO_up_ref(server_to_client) > 0); + TEST_check(BIO_up_ref(client_to_server) > 0); + SSL_set_bio(server.ssl, client_to_server, server_to_client); + + ex_data_idx = SSL_get_ex_new_index(0, "ex data", NULL, NULL, NULL); + TEST_check(ex_data_idx >= 0); + + TEST_check(SSL_set_ex_data(server.ssl, ex_data_idx, &server_ex_data) == 1); + TEST_check(SSL_set_ex_data(client.ssl, ex_data_idx, &client_ex_data) == 1); + + SSL_set_info_callback(server.ssl, &info_cb); + SSL_set_info_callback(client.ssl, &info_cb); + + client.status = server.status = PEER_RETRY; + + /* + * Half-duplex handshake loop. + * Client and server speak to each other synchronously in the same process. + * We use non-blocking BIOs, so whenever one peer blocks for read, it + * returns PEER_RETRY to indicate that it's the other peer's turn to write. + * The handshake succeeds once both peers have succeeded. If one peer + * errors out, we also let the other peer retry (and presumably fail). + */ + for(;;) { + if (client_turn) { + do_connect_step(test_ctx, &client, phase); + status = handshake_status(client.status, server.status, + 1 /* client went last */); + } else { + do_connect_step(test_ctx, &server, phase); + status = handshake_status(server.status, client.status, + 0 /* server went last */); + } + + switch (status) { + case HANDSHAKE_SUCCESS: + client_turn_count = 0; + phase = next_phase(test_ctx, phase); + if (phase == CONNECTION_DONE) { + ret->result = SSL_TEST_SUCCESS; + goto err; + } else { + client.status = server.status = PEER_RETRY; + /* + * For now, client starts each phase. Since each phase is + * started separately, we can later control this more + * precisely, for example, to test client-initiated and + * server-initiated shutdown. + */ + client_turn = 1; + break; + } + case CLIENT_ERROR: + ret->result = SSL_TEST_CLIENT_FAIL; + goto err; + case SERVER_ERROR: + ret->result = SSL_TEST_SERVER_FAIL; + goto err; + case INTERNAL_ERROR: + ret->result = SSL_TEST_INTERNAL_ERROR; + goto err; + case HANDSHAKE_RETRY: + if (client_turn_count++ >= 2000) { + /* + * At this point, there's been so many PEER_RETRY in a row + * that it's likely both sides are stuck waiting for a read. + * It's time to give up. + */ + ret->result = SSL_TEST_INTERNAL_ERROR; + goto err; + } + + /* Continue. */ + client_turn ^= 1; + break; + } + } + err: + ret->server_alert_sent = server_ex_data.alert_sent; + ret->server_num_fatal_alerts_sent = server_ex_data.num_fatal_alerts_sent; + ret->server_alert_received = client_ex_data.alert_received; + ret->client_alert_sent = client_ex_data.alert_sent; + ret->client_num_fatal_alerts_sent = client_ex_data.num_fatal_alerts_sent; + ret->client_alert_received = server_ex_data.alert_received; + ret->server_protocol = SSL_version(server.ssl); + ret->client_protocol = SSL_version(client.ssl); + ret->servername = server_ex_data.servername; + if ((sess = SSL_get0_session(client.ssl)) != NULL) + SSL_SESSION_get0_ticket(sess, &tick, &tick_len); + if (tick == NULL || tick_len == 0) + ret->session_ticket = SSL_TEST_SESSION_TICKET_NO; + else + ret->session_ticket = SSL_TEST_SESSION_TICKET_YES; + ret->session_ticket_do_not_call = server_ex_data.session_ticket_do_not_call; + +#ifndef OPENSSL_NO_NEXTPROTONEG + SSL_get0_next_proto_negotiated(client.ssl, &proto, &proto_len); + ret->client_npn_negotiated = dup_str(proto, proto_len); + + SSL_get0_next_proto_negotiated(server.ssl, &proto, &proto_len); + ret->server_npn_negotiated = dup_str(proto, proto_len); +#endif + + SSL_get0_alpn_selected(client.ssl, &proto, &proto_len); + ret->client_alpn_negotiated = dup_str(proto, proto_len); + + SSL_get0_alpn_selected(server.ssl, &proto, &proto_len); + ret->server_alpn_negotiated = dup_str(proto, proto_len); + + ret->client_resumed = SSL_session_reused(client.ssl); + ret->server_resumed = SSL_session_reused(server.ssl); + + if (session_out != NULL) + *session_out = SSL_get1_session(client.ssl); + + if (SSL_get_server_tmp_key(client.ssl, &tmp_key)) { + int nid = EVP_PKEY_id(tmp_key); + +#ifndef OPENSSL_NO_EC + if (nid == EVP_PKEY_EC) { + EC_KEY *ec = EVP_PKEY_get0_EC_KEY(tmp_key); + nid = EC_GROUP_get_curve_name(EC_KEY_get0_group(ec)); + } +#endif + EVP_PKEY_free(tmp_key); + ret->tmp_key_type = nid; + } + + ctx_data_free_data(&server_ctx_data); + ctx_data_free_data(&server2_ctx_data); + ctx_data_free_data(&client_ctx_data); + + peer_free_data(&server); + peer_free_data(&client); + return ret; +} + +HANDSHAKE_RESULT *do_handshake(SSL_CTX *server_ctx, SSL_CTX *server2_ctx, + SSL_CTX *client_ctx, SSL_CTX *resume_server_ctx, + SSL_CTX *resume_client_ctx, + const SSL_TEST_CTX *test_ctx) +{ + HANDSHAKE_RESULT *result; + SSL_SESSION *session = NULL; + + result = do_handshake_internal(server_ctx, server2_ctx, client_ctx, + test_ctx, &test_ctx->extra, + NULL, &session); + if (test_ctx->handshake_mode != SSL_TEST_HANDSHAKE_RESUME) + goto end; + + if (result->result != SSL_TEST_SUCCESS) { + result->result = SSL_TEST_FIRST_HANDSHAKE_FAILED; + goto end; + } + + HANDSHAKE_RESULT_free(result); + /* We don't support SNI on second handshake yet, so server2_ctx is NULL. */ + result = do_handshake_internal(resume_server_ctx, NULL, resume_client_ctx, + test_ctx, &test_ctx->resume_extra, + session, NULL); + end: + SSL_SESSION_free(session); + return result; +} diff --git a/openssl-1.1.0h/test/handshake_helper.h b/openssl-1.1.0h/test/handshake_helper.h new file mode 100644 index 0000000..4f70592 --- /dev/null +++ b/openssl-1.1.0h/test/handshake_helper.h @@ -0,0 +1,59 @@ +/* + * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef HEADER_HANDSHAKE_HELPER_H +#define HEADER_HANDSHAKE_HELPER_H + +#include "ssl_test_ctx.h" + +typedef struct handshake_result { + ssl_test_result_t result; + /* These alerts are in the 2-byte format returned by the info_callback. */ + /* (Latest) alert sent by the client; 0 if no alert. */ + int client_alert_sent; + /* Number of fatal or close_notify alerts sent. */ + int client_num_fatal_alerts_sent; + /* (Latest) alert received by the server; 0 if no alert. */ + int client_alert_received; + /* (Latest) alert sent by the server; 0 if no alert. */ + int server_alert_sent; + /* Number of fatal or close_notify alerts sent. */ + int server_num_fatal_alerts_sent; + /* (Latest) alert received by the client; 0 if no alert. */ + int server_alert_received; + /* Negotiated protocol. On success, these should always match. */ + int server_protocol; + int client_protocol; + /* Server connection */ + ssl_servername_t servername; + /* Session ticket status */ + ssl_session_ticket_t session_ticket; + /* Was this called on the second context? */ + int session_ticket_do_not_call; + char *client_npn_negotiated; + char *server_npn_negotiated; + char *client_alpn_negotiated; + char *server_alpn_negotiated; + /* Was the handshake resumed? */ + int client_resumed; + int server_resumed; + /* Temporary key type */ + int tmp_key_type; +} HANDSHAKE_RESULT; + +HANDSHAKE_RESULT *HANDSHAKE_RESULT_new(void); +void HANDSHAKE_RESULT_free(HANDSHAKE_RESULT *result); + +/* Do a handshake and report some information about the result. */ +HANDSHAKE_RESULT *do_handshake(SSL_CTX *server_ctx, SSL_CTX *server2_ctx, + SSL_CTX *client_ctx, SSL_CTX *resume_server_ctx, + SSL_CTX *resume_client_ctx, + const SSL_TEST_CTX *test_ctx); + +#endif /* HEADER_HANDSHAKE_HELPER_H */ diff --git a/openssl-1.1.0h/test/heartbeat_test.c b/openssl-1.1.0h/test/heartbeat_test.c new file mode 100644 index 0000000..906736c --- /dev/null +++ b/openssl-1.1.0h/test/heartbeat_test.c @@ -0,0 +1,378 @@ +/* + * Copyright 2014-2016 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +/*- + * Unit test for TLS heartbeats. + * + * Acts as a regression test against the Heartbleed bug (CVE-2014-0160). + * + * Author: Mike Bland (mbland@acm.org, http://mike-bland.com/) + * Date: 2014-04-12 + * License: Creative Commons Attribution 4.0 International (CC By 4.0) + * http://creativecommons.org/licenses/by/4.0/deed.en_US + * + * OUTPUT + * ------ + * The program returns zero on success. It will print a message with a count + * of the number of failed tests and return nonzero if any tests fail. + * + * It will print the contents of the request and response buffers for each + * failing test. In a "fixed" version, all the tests should pass and there + * should be no output. + * + * In a "bleeding" version, you'll see: + * + * test_dtls1_heartbleed failed: + * expected payload len: 0 + * received: 1024 + * sent 26 characters + * "HEARTBLEED " + * received 1024 characters + * "HEARTBLEED \xde\xad\xbe\xef..." + * ** test_dtls1_heartbleed failed ** + * + * The contents of the returned buffer in the failing test will depend on the + * contents of memory on your machine. + * + * MORE INFORMATION + * ---------------- + * http://mike-bland.com/2014/04/12/heartbleed.html + * http://mike-bland.com/tags/heartbleed.html + */ + +#define OPENSSL_UNIT_TEST + +#include "../ssl/ssl_locl.h" + +#include "testutil.h" +#include +#include +#include +#include + +#if !defined(OPENSSL_NO_HEARTBEATS) && !defined(OPENSSL_NO_UNIT_TEST) + +/* As per https://tools.ietf.org/html/rfc6520#section-4 */ +# define MIN_PADDING_SIZE 16 + +/* Maximum number of payload characters to print as test output */ +# define MAX_PRINTABLE_CHARACTERS 1024 + +typedef struct heartbeat_test_fixture { + SSL_CTX *ctx; + SSL *s; + const char *test_case_name; + int (*process_heartbeat) (SSL *s, unsigned char *p, unsigned int length); + unsigned char *payload; + int sent_payload_len; + int expected_return_value; + int return_payload_offset; + int expected_payload_len; + const char *expected_return_payload; +} HEARTBEAT_TEST_FIXTURE; + +static HEARTBEAT_TEST_FIXTURE set_up(const char *const test_case_name, + const SSL_METHOD *meth) +{ + HEARTBEAT_TEST_FIXTURE fixture; + int setup_ok = 1; + memset(&fixture, 0, sizeof(fixture)); + fixture.test_case_name = test_case_name; + + fixture.ctx = SSL_CTX_new(meth); + if (!fixture.ctx) { + fprintf(stderr, "Failed to allocate SSL_CTX for test: %s\n", + test_case_name); + setup_ok = 0; + goto fail; + } + + fixture.s = SSL_new(fixture.ctx); + if (!fixture.s) { + fprintf(stderr, "Failed to allocate SSL for test: %s\n", + test_case_name); + setup_ok = 0; + goto fail; + } + + if (!ssl_init_wbio_buffer(fixture.s)) { + fprintf(stderr, "Failed to set up wbio buffer for test: %s\n", + test_case_name); + setup_ok = 0; + goto fail; + } + + if (!ssl3_setup_buffers(fixture.s)) { + fprintf(stderr, "Failed to setup buffers for test: %s\n", + test_case_name); + setup_ok = 0; + goto fail; + } + + /* + * Clear the memory for the return buffer, since this isn't automatically + * zeroed in opt mode and will cause spurious test failures that will + * change with each execution. + */ + memset(fixture.s->rlayer.wbuf.buf, 0, fixture.s->rlayer.wbuf.len); + + fail: + if (!setup_ok) { + ERR_print_errors_fp(stderr); + exit(EXIT_FAILURE); + } + return fixture; +} + +static HEARTBEAT_TEST_FIXTURE set_up_dtls(const char *const test_case_name) +{ + HEARTBEAT_TEST_FIXTURE fixture = set_up(test_case_name, + DTLS_server_method()); + fixture.process_heartbeat = dtls1_process_heartbeat; + + /* + * As per dtls1_get_record(), skipping the following from the beginning + * of the returned heartbeat message: type-1 byte; version-2 bytes; + * sequence number-8 bytes; length-2 bytes And then skipping the 1-byte + * type encoded by process_heartbeat for a total of 14 bytes, at which + * point we can grab the length and the payload we seek. + */ + fixture.return_payload_offset = 14; + return fixture; +} + +/* Needed by ssl3_write_bytes() */ +static int dummy_handshake(SSL *s) +{ + return 1; +} + +static void tear_down(HEARTBEAT_TEST_FIXTURE fixture) +{ + ERR_print_errors_fp(stderr); + SSL_free(fixture.s); + SSL_CTX_free(fixture.ctx); +} + +static void print_payload(const char *const prefix, + const unsigned char *payload, const int n) +{ + const int end = n < MAX_PRINTABLE_CHARACTERS ? n + : MAX_PRINTABLE_CHARACTERS; + int i = 0; + + printf("%s %d character%s", prefix, n, n == 1 ? "" : "s"); + if (end != n) + printf(" (first %d shown)", end); + printf("\n \""); + + for (; i != end; ++i) { + const unsigned char c = payload[i]; + if (isprint(c)) + fputc(c, stdout); + else + printf("\\x%02x", c); + } + printf("\"\n"); +} + +static int execute_heartbeat(HEARTBEAT_TEST_FIXTURE fixture) +{ + int result = 0; + SSL *s = fixture.s; + unsigned char *payload = fixture.payload; + unsigned char sent_buf[MAX_PRINTABLE_CHARACTERS + 1]; + int return_value; + unsigned const char *p; + int actual_payload_len; + + s->rlayer.rrec.data = payload; + s->rlayer.rrec.length = strlen((const char *)payload); + *payload++ = TLS1_HB_REQUEST; + s2n(fixture.sent_payload_len, payload); + + /* + * Make a local copy of the request, since it gets overwritten at some + * point + */ + memcpy(sent_buf, payload, sizeof(sent_buf)); + + return_value = fixture.process_heartbeat(s, s->rlayer.rrec.data, + s->rlayer.rrec.length); + + if (return_value != fixture.expected_return_value) { + printf("%s failed: expected return value %d, received %d\n", + fixture.test_case_name, fixture.expected_return_value, + return_value); + result = 1; + } + + /* + * If there is any byte alignment, it will be stored in wbuf.offset. + */ + p = &(s->rlayer. + wbuf.buf[fixture.return_payload_offset + s->rlayer.wbuf.offset]); + actual_payload_len = 0; + n2s(p, actual_payload_len); + + if (actual_payload_len != fixture.expected_payload_len) { + printf("%s failed:\n expected payload len: %d\n received: %d\n", + fixture.test_case_name, fixture.expected_payload_len, + actual_payload_len); + print_payload("sent", sent_buf, strlen((const char *)sent_buf)); + print_payload("received", p, actual_payload_len); + result = 1; + } else { + char *actual_payload = + OPENSSL_strndup((const char *)p, actual_payload_len); + if (strcmp(actual_payload, fixture.expected_return_payload) != 0) { + printf + ("%s failed:\n expected payload: \"%s\"\n received: \"%s\"\n", + fixture.test_case_name, fixture.expected_return_payload, + actual_payload); + result = 1; + } + OPENSSL_free(actual_payload); + } + + if (result != 0) { + printf("** %s failed **\n--------\n", fixture.test_case_name); + } + return result; +} + +static int honest_payload_size(unsigned char payload_buf[]) +{ + /* Omit three-byte pad at the beginning for type and payload length */ + return strlen((const char *)&payload_buf[3]) - MIN_PADDING_SIZE; +} + +# define SETUP_HEARTBEAT_TEST_FIXTURE(type)\ + SETUP_TEST_FIXTURE(HEARTBEAT_TEST_FIXTURE, set_up_##type) + +# define EXECUTE_HEARTBEAT_TEST()\ + EXECUTE_TEST(execute_heartbeat, tear_down) + +static int test_dtls1_not_bleeding() +{ + SETUP_HEARTBEAT_TEST_FIXTURE(dtls); + /* Three-byte pad at the beginning for type and payload length */ + unsigned char payload_buf[MAX_PRINTABLE_CHARACTERS + 4] = + " Not bleeding, sixteen spaces of padding" " "; + const int payload_buf_len = honest_payload_size(payload_buf); + + fixture.payload = &payload_buf[0]; + fixture.sent_payload_len = payload_buf_len; + fixture.expected_return_value = 0; + fixture.expected_payload_len = payload_buf_len; + fixture.expected_return_payload = + "Not bleeding, sixteen spaces of padding"; + EXECUTE_HEARTBEAT_TEST(); +} + +static int test_dtls1_not_bleeding_empty_payload() +{ + int payload_buf_len; + + SETUP_HEARTBEAT_TEST_FIXTURE(dtls); + /* + * Three-byte pad at the beginning for type and payload length, plus a + * NUL at the end + */ + unsigned char payload_buf[4 + MAX_PRINTABLE_CHARACTERS]; + memset(payload_buf, ' ', MIN_PADDING_SIZE + 3); + payload_buf[MIN_PADDING_SIZE + 3] = '\0'; + payload_buf_len = honest_payload_size(payload_buf); + + fixture.payload = &payload_buf[0]; + fixture.sent_payload_len = payload_buf_len; + fixture.expected_return_value = 0; + fixture.expected_payload_len = payload_buf_len; + fixture.expected_return_payload = ""; + EXECUTE_HEARTBEAT_TEST(); +} + +static int test_dtls1_heartbleed() +{ + SETUP_HEARTBEAT_TEST_FIXTURE(dtls); + /* Three-byte pad at the beginning for type and payload length */ + unsigned char payload_buf[4 + MAX_PRINTABLE_CHARACTERS] = + " HEARTBLEED "; + + fixture.payload = &payload_buf[0]; + fixture.sent_payload_len = MAX_PRINTABLE_CHARACTERS; + fixture.expected_return_value = 0; + fixture.expected_payload_len = 0; + fixture.expected_return_payload = ""; + EXECUTE_HEARTBEAT_TEST(); +} + +static int test_dtls1_heartbleed_empty_payload() +{ + SETUP_HEARTBEAT_TEST_FIXTURE(dtls); + /* + * Excluding the NUL at the end, one byte short of type + payload length + * + minimum padding + */ + unsigned char payload_buf[MAX_PRINTABLE_CHARACTERS + 4]; + memset(payload_buf, ' ', MIN_PADDING_SIZE + 2); + payload_buf[MIN_PADDING_SIZE + 2] = '\0'; + + fixture.payload = &payload_buf[0]; + fixture.sent_payload_len = MAX_PRINTABLE_CHARACTERS; + fixture.expected_return_value = 0; + fixture.expected_payload_len = 0; + fixture.expected_return_payload = ""; + EXECUTE_HEARTBEAT_TEST(); +} + +static int test_dtls1_heartbleed_excessive_plaintext_length() +{ + SETUP_HEARTBEAT_TEST_FIXTURE(dtls); + /* + * Excluding the NUL at the end, one byte in excess of maximum allowed + * heartbeat message length + */ + unsigned char payload_buf[SSL3_RT_MAX_PLAIN_LENGTH + 2]; + memset(payload_buf, ' ', sizeof(payload_buf)); + payload_buf[sizeof(payload_buf) - 1] = '\0'; + + fixture.payload = &payload_buf[0]; + fixture.sent_payload_len = honest_payload_size(payload_buf); + fixture.expected_return_value = 0; + fixture.expected_payload_len = 0; + fixture.expected_return_payload = ""; + EXECUTE_HEARTBEAT_TEST(); +} + +# undef EXECUTE_HEARTBEAT_TEST +# undef SETUP_HEARTBEAT_TEST_FIXTURE + +int main(int argc, char *argv[]) +{ + int result = 0; + + ADD_TEST(test_dtls1_not_bleeding); + ADD_TEST(test_dtls1_not_bleeding_empty_payload); + ADD_TEST(test_dtls1_heartbleed); + ADD_TEST(test_dtls1_heartbleed_empty_payload); + ADD_TEST(test_dtls1_heartbleed_excessive_plaintext_length); + + result = run_tests(argv[0]); + ERR_print_errors_fp(stderr); + return result; +} + +#else /* OPENSSL_NO_HEARTBEATS */ + +int main(int argc, char *argv[]) +{ + return EXIT_SUCCESS; +} +#endif /* OPENSSL_NO_HEARTBEATS */ diff --git a/openssl-1.1.0h/test/hmactest.c b/openssl-1.1.0h/test/hmactest.c new file mode 100644 index 0000000..a5c6e74 --- /dev/null +++ b/openssl-1.1.0h/test/hmactest.c @@ -0,0 +1,312 @@ +/* + * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#include +#include +#include + +#include "../e_os.h" + +# include +# include +# ifndef OPENSSL_NO_MD5 +# include +# endif + +# ifdef CHARSET_EBCDIC +# include +# endif + +# ifndef OPENSSL_NO_MD5 +static struct test_st { + unsigned char key[16]; + int key_len; + unsigned char data[64]; + int data_len; + unsigned char *digest; +} test[8] = { + { + "", 0, "More text test vectors to stuff up EBCDIC machines :-)", 54, + (unsigned char *)"e9139d1e6ee064ef8cf514fc7dc83e86", + }, + { + { + 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, + 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, + }, 16, "Hi There", 8, + (unsigned char *)"9294727a3638bb1c13f48ef8158bfc9d", + }, + { + "Jefe", 4, "what do ya want for nothing?", 28, + (unsigned char *)"750c783e6ab0b503eaa86e310a5db738", + }, + { + { + 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, + 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, + }, 16, { + 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, + 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, + 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, + 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, + 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd + }, 50, (unsigned char *)"56be34521d144c88dbb8c733f0e8b3f6", + }, + { + "", 0, "My test data", 12, + (unsigned char *)"61afdecb95429ef494d61fdee15990cabf0826fc" + }, + { + "", 0, "My test data", 12, + (unsigned char *)"2274b195d90ce8e03406f4b526a47e0787a88a65479938f1a5baa3ce0f079776" + }, + { + "123456", 6, "My test data", 12, + (unsigned char *)"bab53058ae861a7f191abe2d0145cbb123776a6369ee3f9d79ce455667e411dd" + }, + { + "12345", 5, "My test data again", 18, + (unsigned char *)"a12396ceddd2a85f4c656bc1e0aa50c78cffde3e" + } +}; +# endif + +static char *pt(unsigned char *md, unsigned int len); + +int main(int argc, char *argv[]) +{ +# ifndef OPENSSL_NO_MD5 + int i; + char *p; +# endif + int err = 0; + HMAC_CTX *ctx = NULL, *ctx2 = NULL; + unsigned char buf[EVP_MAX_MD_SIZE]; + unsigned int len; + +# ifdef OPENSSL_NO_MD5 + printf("test skipped: MD5 disabled\n"); +# else + +# ifdef CHARSET_EBCDIC + ebcdic2ascii(test[0].data, test[0].data, test[0].data_len); + ebcdic2ascii(test[1].data, test[1].data, test[1].data_len); + ebcdic2ascii(test[2].key, test[2].key, test[2].key_len); + ebcdic2ascii(test[2].data, test[2].data, test[2].data_len); +# endif + + for (i = 0; i < 4; i++) { + p = pt(HMAC(EVP_md5(), + test[i].key, test[i].key_len, + test[i].data, test[i].data_len, NULL, NULL), + MD5_DIGEST_LENGTH); + + if (strcmp(p, (char *)test[i].digest) != 0) { + printf("Error calculating HMAC on %d entry'\n", i); + printf("got %s instead of %s\n", p, test[i].digest); + err++; + } else + printf("test %d ok\n", i); + } +# endif /* OPENSSL_NO_MD5 */ + +/* test4 */ + ctx = HMAC_CTX_new(); + if (ctx == NULL) { + printf("HMAC malloc failure (test 4)\n"); + err++; + goto end; + } + if (HMAC_CTX_get_md(ctx) != NULL) { + printf("Message digest not NULL for HMAC (test 4)\n"); + err++; + goto test5; + } + if (HMAC_Init_ex(ctx, NULL, 0, NULL, NULL)) { + printf("Should fail to initialise HMAC with empty MD and key (test 4)\n"); + err++; + goto test5; + } + if (HMAC_Update(ctx, test[4].data, test[4].data_len)) { + printf("Should fail HMAC_Update with ctx not set up (test 4)\n"); + err++; + goto test5; + } + if (HMAC_Init_ex(ctx, NULL, 0, EVP_sha1(), NULL)) { + printf("Should fail to initialise HMAC with empty key (test 4)\n"); + err++; + goto test5; + } + if (HMAC_Update(ctx, test[4].data, test[4].data_len)) { + printf("Should fail HMAC_Update with ctx not set up (test 4)\n"); + err++; + goto test5; + } + printf("test 4 ok\n"); +test5: + /* Test 5 has empty key; test that single-shot accepts a NULL key. */ + p = pt(HMAC(EVP_sha1(), NULL, 0, test[4].data, test[4].data_len, + NULL, NULL), SHA_DIGEST_LENGTH); + if (strcmp(p, (char *)test[4].digest) != 0) { + printf("Error calculating HMAC on %d entry'\n", i); + printf("got %s instead of %s\n", p, test[4].digest); + err++; + } + + HMAC_CTX_reset(ctx); + if (HMAC_CTX_get_md(ctx) != NULL) { + printf("Message digest not NULL for HMAC (test 5)\n"); + err++; + goto test6; + } + if (HMAC_Init_ex(ctx, test[4].key, test[4].key_len, NULL, NULL)) { + printf("Should fail to initialise HMAC with empty MD (test 5)\n"); + err++; + goto test6; + } + if (HMAC_Update(ctx, test[4].data, test[4].data_len)) { + printf("Should fail HMAC_Update with ctx not set up (test 5)\n"); + err++; + goto test6; + } + if (HMAC_Init_ex(ctx, test[4].key, -1, EVP_sha1(), NULL)) { + printf("Should fail to initialise HMAC with invalid key len(test 5)\n"); + err++; + goto test6; + } + if (!HMAC_Init_ex(ctx, test[4].key, test[4].key_len, EVP_sha1(), NULL)) { + printf("Failed to initialise HMAC (test 5)\n"); + err++; + goto test6; + } + if (!HMAC_Update(ctx, test[4].data, test[4].data_len)) { + printf("Error updating HMAC with data (test 5)\n"); + err++; + goto test6; + } + if (!HMAC_Final(ctx, buf, &len)) { + printf("Error finalising data (test 5)\n"); + err++; + goto test6; + } + p = pt(buf, len); + if (strcmp(p, (char *)test[4].digest) != 0) { + printf("Error calculating interim HMAC on test 5\n"); + printf("got %s instead of %s\n", p, test[4].digest); + err++; + goto test6; + } + if (HMAC_Init_ex(ctx, NULL, 0, EVP_sha256(), NULL)) { + printf("Should disallow changing MD without a new key (test 5)\n"); + err++; + goto test6; + } + if (!HMAC_Init_ex(ctx, test[5].key, test[5].key_len, EVP_sha256(), NULL)) { + printf("Failed to reinitialise HMAC (test 5)\n"); + err++; + goto test6; + } + if (HMAC_CTX_get_md(ctx) != EVP_sha256()) { + printf("Unexpected message digest for HMAC (test 5)\n"); + err++; + goto test6; + } + if (!HMAC_Update(ctx, test[5].data, test[5].data_len)) { + printf("Error updating HMAC with data (sha256) (test 5)\n"); + err++; + goto test6; + } + if (!HMAC_Final(ctx, buf, &len)) { + printf("Error finalising data (sha256) (test 5)\n"); + err++; + goto test6; + } + p = pt(buf, len); + if (strcmp(p, (char *)test[5].digest) != 0) { + printf("Error calculating 2nd interim HMAC on test 5\n"); + printf("got %s instead of %s\n", p, test[5].digest); + err++; + goto test6; + } + if (!HMAC_Init_ex(ctx, test[6].key, test[6].key_len, NULL, NULL)) { + printf("Failed to reinitialise HMAC with key (test 5)\n"); + err++; + goto test6; + } + if (!HMAC_Update(ctx, test[6].data, test[6].data_len)) { + printf("Error updating HMAC with data (new key) (test 5)\n"); + err++; + goto test6; + } + if (!HMAC_Final(ctx, buf, &len)) { + printf("Error finalising data (new key) (test 5)\n"); + err++; + goto test6; + } + p = pt(buf, len); + if (strcmp(p, (char *)test[6].digest) != 0) { + printf("error calculating HMAC on test 5\n"); + printf("got %s instead of %s\n", p, test[6].digest); + err++; + } else { + printf("test 5 ok\n"); + } +test6: + HMAC_CTX_reset(ctx); + ctx2 = HMAC_CTX_new(); + if (ctx2 == NULL) { + printf("HMAC malloc failure (test 6)\n"); + err++; + goto end; + } + if (!HMAC_Init_ex(ctx, test[7].key, test[7].key_len, EVP_sha1(), NULL)) { + printf("Failed to initialise HMAC (test 6)\n"); + err++; + goto end; + } + if (!HMAC_Update(ctx, test[7].data, test[7].data_len)) { + printf("Error updating HMAC with data (test 6)\n"); + err++; + goto end; + } + if (!HMAC_CTX_copy(ctx2, ctx)) { + printf("Failed to copy HMAC_CTX (test 6)\n"); + err++; + goto end; + } + if (!HMAC_Final(ctx2, buf, &len)) { + printf("Error finalising data (test 6)\n"); + err++; + goto end; + } + p = pt(buf, len); + if (strcmp(p, (char *)test[7].digest) != 0) { + printf("Error calculating HMAC on test 6\n"); + printf("got %s instead of %s\n", p, test[7].digest); + err++; + } else { + printf("test 6 ok\n"); + } +end: + HMAC_CTX_free(ctx2); + HMAC_CTX_free(ctx); + EXIT(err); +} + +# ifndef OPENSSL_NO_MD5 +static char *pt(unsigned char *md, unsigned int len) +{ + unsigned int i; + static char buf[80]; + + for (i = 0; i < len; i++) + sprintf(&(buf[i * 2]), "%02x", md[i]); + return (buf); +} +# endif diff --git a/openssl-1.1.0h/test/ideatest.c b/openssl-1.1.0h/test/ideatest.c new file mode 100644 index 0000000..3849670 --- /dev/null +++ b/openssl-1.1.0h/test/ideatest.c @@ -0,0 +1,178 @@ +/* + * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#include +#include +#include + +#include "../e_os.h" + +#ifdef OPENSSL_NO_IDEA +int main(int argc, char *argv[]) +{ + printf("No IDEA support\n"); + return (0); +} +#else +# include + +static const unsigned char k[16] = { + 0x00, 0x01, 0x00, 0x02, 0x00, 0x03, 0x00, 0x04, + 0x00, 0x05, 0x00, 0x06, 0x00, 0x07, 0x00, 0x08 +}; + +static const unsigned char in[8] = { 0x00, 0x00, 0x00, 0x01, 0x00, 0x02, 0x00, 0x03 }; +static const unsigned char c[8] = { 0x11, 0xFB, 0xED, 0x2B, 0x01, 0x98, 0x6D, 0xE5 }; + +static unsigned char out[80]; + +static const char text[] = "Hello to all people out there"; + +static const unsigned char cfb_key[16] = { + 0xe1, 0xf0, 0xc3, 0xd2, 0xa5, 0xb4, 0x87, 0x96, + 0x69, 0x78, 0x4b, 0x5a, 0x2d, 0x3c, 0x0f, 0x1e, +}; +static const unsigned char cfb_iv[80] = + { 0x34, 0x12, 0x78, 0x56, 0xab, 0x90, 0xef, 0xcd }; +static unsigned char cfb_buf1[40], cfb_buf2[40], cfb_tmp[8]; +# define CFB_TEST_SIZE 24 +static const unsigned char plain[CFB_TEST_SIZE] = { + 0x4e, 0x6f, 0x77, 0x20, 0x69, 0x73, + 0x20, 0x74, 0x68, 0x65, 0x20, 0x74, + 0x69, 0x6d, 0x65, 0x20, 0x66, 0x6f, + 0x72, 0x20, 0x61, 0x6c, 0x6c, 0x20 +}; + +static const unsigned char cfb_cipher64[CFB_TEST_SIZE] = { + 0x59, 0xD8, 0xE2, 0x65, 0x00, 0x58, 0x6C, 0x3F, + 0x2C, 0x17, 0x25, 0xD0, 0x1A, 0x38, 0xB7, 0x2A, + 0x39, 0x61, 0x37, 0xDC, 0x79, 0xFB, 0x9F, 0x45 +/*- 0xF9,0x78,0x32,0xB5,0x42,0x1A,0x6B,0x38, + 0x9A,0x44,0xD6,0x04,0x19,0x43,0xC4,0xD9, + 0x3D,0x1E,0xAE,0x47,0xFC,0xCF,0x29,0x0B,*/ +}; + +static int cfb64_test(const unsigned char *cfb_cipher); +static char *pt(unsigned char *p); +int main(int argc, char *argv[]) +{ + int i, err = 0; + IDEA_KEY_SCHEDULE key, dkey; + unsigned char iv[8]; + + IDEA_set_encrypt_key(k, &key); + IDEA_ecb_encrypt(in, out, &key); + if (memcmp(out, c, 8) != 0) { + printf("ecb idea error encrypting\n"); + printf("got :"); + for (i = 0; i < 8; i++) + printf("%02X ", out[i]); + printf("\n"); + printf("expected:"); + for (i = 0; i < 8; i++) + printf("%02X ", c[i]); + err = 20; + printf("\n"); + } + + IDEA_set_decrypt_key(&key, &dkey); + IDEA_ecb_encrypt(c, out, &dkey); + if (memcmp(out, in, 8) != 0) { + printf("ecb idea error decrypting\n"); + printf("got :"); + for (i = 0; i < 8; i++) + printf("%02X ", out[i]); + printf("\n"); + printf("expected:"); + for (i = 0; i < 8; i++) + printf("%02X ", in[i]); + printf("\n"); + err = 3; + } + + if (err == 0) + printf("ecb idea ok\n"); + + memcpy(iv, k, 8); + IDEA_cbc_encrypt((unsigned char *)text, out, strlen(text) + 1, &key, iv, + 1); + memcpy(iv, k, 8); + IDEA_cbc_encrypt(out, out, 8, &dkey, iv, 0); + IDEA_cbc_encrypt(&(out[8]), &(out[8]), strlen(text) + 1 - 8, &dkey, iv, + 0); + if (memcmp(text, out, strlen(text) + 1) != 0) { + printf("cbc idea bad\n"); + err = 4; + } else + printf("cbc idea ok\n"); + + printf("cfb64 idea "); + if (cfb64_test(cfb_cipher64)) { + printf("bad\n"); + err = 5; + } else + printf("ok\n"); + + EXIT(err); +} + +static int cfb64_test(const unsigned char *cfb_cipher) +{ + IDEA_KEY_SCHEDULE eks, dks; + int err = 0, i, n; + + IDEA_set_encrypt_key(cfb_key, &eks); + IDEA_set_decrypt_key(&eks, &dks); + memcpy(cfb_tmp, cfb_iv, 8); + n = 0; + IDEA_cfb64_encrypt(plain, cfb_buf1, (long)12, &eks, + cfb_tmp, &n, IDEA_ENCRYPT); + IDEA_cfb64_encrypt(&(plain[12]), &(cfb_buf1[12]), + (long)CFB_TEST_SIZE - 12, &eks, + cfb_tmp, &n, IDEA_ENCRYPT); + if (memcmp(cfb_cipher, cfb_buf1, CFB_TEST_SIZE) != 0) { + err = 1; + printf("IDEA_cfb64_encrypt encrypt error\n"); + for (i = 0; i < CFB_TEST_SIZE; i += 8) + printf("%s\n", pt(&(cfb_buf1[i]))); + } + memcpy(cfb_tmp, cfb_iv, 8); + n = 0; + IDEA_cfb64_encrypt(cfb_buf1, cfb_buf2, (long)13, &eks, + cfb_tmp, &n, IDEA_DECRYPT); + IDEA_cfb64_encrypt(&(cfb_buf1[13]), &(cfb_buf2[13]), + (long)CFB_TEST_SIZE - 13, &eks, + cfb_tmp, &n, IDEA_DECRYPT); + if (memcmp(plain, cfb_buf2, CFB_TEST_SIZE) != 0) { + err = 1; + printf("IDEA_cfb_encrypt decrypt error\n"); + for (i = 0; i < 24; i += 8) + printf("%s\n", pt(&(cfb_buf2[i]))); + } + return (err); +} + +static char *pt(unsigned char *p) +{ + static char bufs[10][20]; + static int bnum = 0; + char *ret; + int i; + static char *f = "0123456789ABCDEF"; + + ret = &(bufs[bnum++][0]); + bnum %= 10; + for (i = 0; i < 8; i++) { + ret[i * 2] = f[(p[i] >> 4) & 0xf]; + ret[i * 2 + 1] = f[p[i] & 0xf]; + } + ret[16] = '\0'; + return (ret); +} +#endif diff --git a/openssl-1.1.0h/test/igetest.c b/openssl-1.1.0h/test/igetest.c new file mode 100644 index 0000000..fe5bbf1 --- /dev/null +++ b/openssl-1.1.0h/test/igetest.c @@ -0,0 +1,441 @@ +/* + * Copyright 2006-2016 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#include +#include +#include +#include +#include +#include +#include "e_os.h" + +#define TEST_SIZE 128 +#define BIG_TEST_SIZE 10240 + +static void hexdump(FILE *f, const char *title, const unsigned char *s, int l) +{ + int n = 0; + + fprintf(f, "%s", title); + for (; n < l; ++n) { + if ((n % 16) == 0) + fprintf(f, "\n%04x", n); + fprintf(f, " %02x", s[n]); + } + fprintf(f, "\n"); +} + +#define MAX_VECTOR_SIZE 64 + +struct ige_test { + const unsigned char key[16]; + const unsigned char iv[32]; + const unsigned char in[MAX_VECTOR_SIZE]; + const unsigned char out[MAX_VECTOR_SIZE]; + const size_t length; + const int encrypt; +}; + +static struct ige_test const ige_test_vectors[] = { + {{0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, + 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f}, /* key */ + {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, + 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, + 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, + 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f}, /* iv */ + {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, /* in */ + {0x1a, 0x85, 0x19, 0xa6, 0x55, 0x7b, 0xe6, 0x52, + 0xe9, 0xda, 0x8e, 0x43, 0xda, 0x4e, 0xf4, 0x45, + 0x3c, 0xf4, 0x56, 0xb4, 0xca, 0x48, 0x8a, 0xa3, + 0x83, 0xc7, 0x9c, 0x98, 0xb3, 0x47, 0x97, 0xcb}, /* out */ + 32, AES_ENCRYPT}, /* test vector 0 */ + + {{0x54, 0x68, 0x69, 0x73, 0x20, 0x69, 0x73, 0x20, + 0x61, 0x6e, 0x20, 0x69, 0x6d, 0x70, 0x6c, 0x65}, /* key */ + {0x6d, 0x65, 0x6e, 0x74, 0x61, 0x74, 0x69, 0x6f, + 0x6e, 0x20, 0x6f, 0x66, 0x20, 0x49, 0x47, 0x45, + 0x20, 0x6d, 0x6f, 0x64, 0x65, 0x20, 0x66, 0x6f, + 0x72, 0x20, 0x4f, 0x70, 0x65, 0x6e, 0x53, 0x53}, /* iv */ + {0x4c, 0x2e, 0x20, 0x4c, 0x65, 0x74, 0x27, 0x73, + 0x20, 0x68, 0x6f, 0x70, 0x65, 0x20, 0x42, 0x65, + 0x6e, 0x20, 0x67, 0x6f, 0x74, 0x20, 0x69, 0x74, + 0x20, 0x72, 0x69, 0x67, 0x68, 0x74, 0x21, 0x0a}, /* in */ + {0x99, 0x70, 0x64, 0x87, 0xa1, 0xcd, 0xe6, 0x13, + 0xbc, 0x6d, 0xe0, 0xb6, 0xf2, 0x4b, 0x1c, 0x7a, + 0xa4, 0x48, 0xc8, 0xb9, 0xc3, 0x40, 0x3e, 0x34, + 0x67, 0xa8, 0xca, 0xd8, 0x93, 0x40, 0xf5, 0x3b}, /* out */ + 32, AES_DECRYPT}, /* test vector 1 */ +}; + +struct bi_ige_test { + const unsigned char key1[32]; + const unsigned char key2[32]; + const unsigned char iv[64]; + const unsigned char in[MAX_VECTOR_SIZE]; + const unsigned char out[MAX_VECTOR_SIZE]; + const size_t keysize; + const size_t length; + const int encrypt; +}; + +static struct bi_ige_test const bi_ige_test_vectors[] = { + {{0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, + 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f}, /* key1 */ + {0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, + 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f}, /* key2 */ + {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, + 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, + 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, + 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f, + 0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27, + 0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f, + 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, + 0x38, 0x39, 0x3a, 0x3b, 0x3c, 0x3d, 0x3e, 0x3f}, /* iv */ + {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, /* in */ + {0x14, 0x40, 0x6f, 0xae, 0xa2, 0x79, 0xf2, 0x56, + 0x1f, 0x86, 0xeb, 0x3b, 0x7d, 0xff, 0x53, 0xdc, + 0x4e, 0x27, 0x0c, 0x03, 0xde, 0x7c, 0xe5, 0x16, + 0x6a, 0x9c, 0x20, 0x33, 0x9d, 0x33, 0xfe, 0x12}, /* out */ + 16, 32, AES_ENCRYPT}, /* test vector 0 */ + {{0x58, 0x0a, 0x06, 0xe9, 0x97, 0x07, 0x59, 0x5c, + 0x9e, 0x19, 0xd2, 0xa7, 0xbb, 0x40, 0x2b, 0x7a, + 0xc7, 0xd8, 0x11, 0x9e, 0x4c, 0x51, 0x35, 0x75, + 0x64, 0x28, 0x0f, 0x23, 0xad, 0x74, 0xac, 0x37}, /* key1 */ + {0xd1, 0x80, 0xa0, 0x31, 0x47, 0xa3, 0x11, 0x13, + 0x86, 0x26, 0x9e, 0x6d, 0xff, 0xaf, 0x72, 0x74, + 0x5b, 0xa2, 0x35, 0x81, 0xd2, 0xa6, 0x3d, 0x21, + 0x67, 0x7b, 0x58, 0xa8, 0x18, 0xf9, 0x72, 0xe4}, /* key2 */ + {0x80, 0x3d, 0xbd, 0x4c, 0xe6, 0x7b, 0x06, 0xa9, + 0x53, 0x35, 0xd5, 0x7e, 0x71, 0xc1, 0x70, 0x70, + 0x74, 0x9a, 0x00, 0x28, 0x0c, 0xbf, 0x6c, 0x42, + 0x9b, 0xa4, 0xdd, 0x65, 0x11, 0x77, 0x7c, 0x67, + 0xfe, 0x76, 0x0a, 0xf0, 0xd5, 0xc6, 0x6e, 0x6a, + 0xe7, 0x5e, 0x4c, 0xf2, 0x7e, 0x9e, 0xf9, 0x20, + 0x0e, 0x54, 0x6f, 0x2d, 0x8a, 0x8d, 0x7e, 0xbd, + 0x48, 0x79, 0x37, 0x99, 0xff, 0x27, 0x93, 0xa3}, /* iv */ + {0xf1, 0x54, 0x3d, 0xca, 0xfe, 0xb5, 0xef, 0x1c, + 0x4f, 0xa6, 0x43, 0xf6, 0xe6, 0x48, 0x57, 0xf0, + 0xee, 0x15, 0x7f, 0xe3, 0xe7, 0x2f, 0xd0, 0x2f, + 0x11, 0x95, 0x7a, 0x17, 0x00, 0xab, 0xa7, 0x0b, + 0xbe, 0x44, 0x09, 0x9c, 0xcd, 0xac, 0xa8, 0x52, + 0xa1, 0x8e, 0x7b, 0x75, 0xbc, 0xa4, 0x92, 0x5a, + 0xab, 0x46, 0xd3, 0x3a, 0xa0, 0xd5, 0x35, 0x1c, + 0x55, 0xa4, 0xb3, 0xa8, 0x40, 0x81, 0xa5, 0x0b}, /* in */ + {0x42, 0xe5, 0x28, 0x30, 0x31, 0xc2, 0xa0, 0x23, + 0x68, 0x49, 0x4e, 0xb3, 0x24, 0x59, 0x92, 0x79, + 0xc1, 0xa5, 0xcc, 0xe6, 0x76, 0x53, 0xb1, 0xcf, + 0x20, 0x86, 0x23, 0xe8, 0x72, 0x55, 0x99, 0x92, + 0x0d, 0x16, 0x1c, 0x5a, 0x2f, 0xce, 0xcb, 0x51, + 0xe2, 0x67, 0xfa, 0x10, 0xec, 0xcd, 0x3d, 0x67, + 0xa5, 0xe6, 0xf7, 0x31, 0x26, 0xb0, 0x0d, 0x76, + 0x5e, 0x28, 0xdc, 0x7f, 0x01, 0xc5, 0xa5, 0x4c}, /* out */ + 32, 64, AES_ENCRYPT}, /* test vector 1 */ + +}; + +static int run_test_vectors(void) +{ + unsigned int n; + int errs = 0; + + for (n = 0; n < OSSL_NELEM(ige_test_vectors); ++n) { + const struct ige_test *const v = &ige_test_vectors[n]; + AES_KEY key; + unsigned char buf[MAX_VECTOR_SIZE]; + unsigned char iv[AES_BLOCK_SIZE * 2]; + + assert(v->length <= MAX_VECTOR_SIZE); + + if (v->encrypt == AES_ENCRYPT) + AES_set_encrypt_key(v->key, 8 * sizeof(v->key), &key); + else + AES_set_decrypt_key(v->key, 8 * sizeof(v->key), &key); + memcpy(iv, v->iv, sizeof(iv)); + AES_ige_encrypt(v->in, buf, v->length, &key, iv, v->encrypt); + + if (memcmp(v->out, buf, v->length)) { + printf("IGE test vector %d failed\n", n); + hexdump(stdout, "key", v->key, sizeof(v->key)); + hexdump(stdout, "iv", v->iv, sizeof(v->iv)); + hexdump(stdout, "in", v->in, v->length); + hexdump(stdout, "expected", v->out, v->length); + hexdump(stdout, "got", buf, v->length); + + ++errs; + } + + /* try with in == out */ + memcpy(iv, v->iv, sizeof(iv)); + memcpy(buf, v->in, v->length); + AES_ige_encrypt(buf, buf, v->length, &key, iv, v->encrypt); + + if (memcmp(v->out, buf, v->length)) { + printf("IGE test vector %d failed (with in == out)\n", n); + hexdump(stdout, "key", v->key, sizeof(v->key)); + hexdump(stdout, "iv", v->iv, sizeof(v->iv)); + hexdump(stdout, "in", v->in, v->length); + hexdump(stdout, "expected", v->out, v->length); + hexdump(stdout, "got", buf, v->length); + + ++errs; + } + } + + for (n = 0; n < OSSL_NELEM(bi_ige_test_vectors); ++n) { + const struct bi_ige_test *const v = &bi_ige_test_vectors[n]; + AES_KEY key1; + AES_KEY key2; + unsigned char buf[MAX_VECTOR_SIZE]; + + assert(v->length <= MAX_VECTOR_SIZE); + + if (v->encrypt == AES_ENCRYPT) { + AES_set_encrypt_key(v->key1, 8 * v->keysize, &key1); + AES_set_encrypt_key(v->key2, 8 * v->keysize, &key2); + } else { + AES_set_decrypt_key(v->key1, 8 * v->keysize, &key1); + AES_set_decrypt_key(v->key2, 8 * v->keysize, &key2); + } + + AES_bi_ige_encrypt(v->in, buf, v->length, &key1, &key2, v->iv, + v->encrypt); + + if (memcmp(v->out, buf, v->length)) { + printf("Bidirectional IGE test vector %d failed\n", n); + hexdump(stdout, "key 1", v->key1, sizeof(v->key1)); + hexdump(stdout, "key 2", v->key2, sizeof(v->key2)); + hexdump(stdout, "iv", v->iv, sizeof(v->iv)); + hexdump(stdout, "in", v->in, v->length); + hexdump(stdout, "expected", v->out, v->length); + hexdump(stdout, "got", buf, v->length); + + ++errs; + } + } + + return errs; +} + +int main(int argc, char **argv) +{ + unsigned char rkey[16]; + unsigned char rkey2[16]; + AES_KEY key; + AES_KEY key2; + unsigned char plaintext[BIG_TEST_SIZE]; + unsigned char ciphertext[BIG_TEST_SIZE]; + unsigned char checktext[BIG_TEST_SIZE]; + unsigned char iv[AES_BLOCK_SIZE * 4]; + unsigned char saved_iv[AES_BLOCK_SIZE * 4]; + int err = 0; + unsigned int n; + unsigned matches; + + assert(BIG_TEST_SIZE >= TEST_SIZE); + + RAND_bytes(rkey, sizeof(rkey)); + RAND_bytes(plaintext, sizeof(plaintext)); + RAND_bytes(iv, sizeof(iv)); + memcpy(saved_iv, iv, sizeof(saved_iv)); + + /* Forward IGE only... */ + + /* Straight encrypt/decrypt */ + AES_set_encrypt_key(rkey, 8 * sizeof(rkey), &key); + AES_ige_encrypt(plaintext, ciphertext, TEST_SIZE, &key, iv, AES_ENCRYPT); + + AES_set_decrypt_key(rkey, 8 * sizeof(rkey), &key); + memcpy(iv, saved_iv, sizeof(iv)); + AES_ige_encrypt(ciphertext, checktext, TEST_SIZE, &key, iv, AES_DECRYPT); + + if (memcmp(checktext, plaintext, TEST_SIZE)) { + printf("Encrypt+decrypt doesn't match\n"); + hexdump(stdout, "Plaintext", plaintext, TEST_SIZE); + hexdump(stdout, "Checktext", checktext, TEST_SIZE); + ++err; + } + + /* Now check encrypt chaining works */ + AES_set_encrypt_key(rkey, 8 * sizeof(rkey), &key); + memcpy(iv, saved_iv, sizeof(iv)); + AES_ige_encrypt(plaintext, ciphertext, TEST_SIZE / 2, &key, iv, + AES_ENCRYPT); + AES_ige_encrypt(plaintext + TEST_SIZE / 2, + ciphertext + TEST_SIZE / 2, TEST_SIZE / 2, + &key, iv, AES_ENCRYPT); + + AES_set_decrypt_key(rkey, 8 * sizeof(rkey), &key); + memcpy(iv, saved_iv, sizeof(iv)); + AES_ige_encrypt(ciphertext, checktext, TEST_SIZE, &key, iv, AES_DECRYPT); + + if (memcmp(checktext, plaintext, TEST_SIZE)) { + printf("Chained encrypt+decrypt doesn't match\n"); + hexdump(stdout, "Plaintext", plaintext, TEST_SIZE); + hexdump(stdout, "Checktext", checktext, TEST_SIZE); + ++err; + } + + /* And check decrypt chaining */ + AES_set_encrypt_key(rkey, 8 * sizeof(rkey), &key); + memcpy(iv, saved_iv, sizeof(iv)); + AES_ige_encrypt(plaintext, ciphertext, TEST_SIZE / 2, &key, iv, + AES_ENCRYPT); + AES_ige_encrypt(plaintext + TEST_SIZE / 2, + ciphertext + TEST_SIZE / 2, TEST_SIZE / 2, + &key, iv, AES_ENCRYPT); + + AES_set_decrypt_key(rkey, 8 * sizeof(rkey), &key); + memcpy(iv, saved_iv, sizeof(iv)); + AES_ige_encrypt(ciphertext, checktext, TEST_SIZE / 2, &key, iv, + AES_DECRYPT); + AES_ige_encrypt(ciphertext + TEST_SIZE / 2, + checktext + TEST_SIZE / 2, TEST_SIZE / 2, &key, iv, + AES_DECRYPT); + + if (memcmp(checktext, plaintext, TEST_SIZE)) { + printf("Chained encrypt+chained decrypt doesn't match\n"); + hexdump(stdout, "Plaintext", plaintext, TEST_SIZE); + hexdump(stdout, "Checktext", checktext, TEST_SIZE); + ++err; + } + + /* make sure garble extends forwards only */ + AES_set_encrypt_key(rkey, 8 * sizeof(rkey),&key); + memcpy(iv, saved_iv, sizeof(iv)); + AES_ige_encrypt(plaintext, ciphertext, sizeof(plaintext), &key, iv, + AES_ENCRYPT); + + /* corrupt halfway through */ + ++ciphertext[sizeof(ciphertext) / 2]; + AES_set_decrypt_key(rkey, 8 * sizeof(rkey), &key); + memcpy(iv, saved_iv, sizeof(iv)); + AES_ige_encrypt(ciphertext, checktext, sizeof(checktext), &key, iv, + AES_DECRYPT); + + matches = 0; + for (n = 0; n < sizeof(checktext); ++n) + if (checktext[n] == plaintext[n]) + ++matches; + + if (matches > sizeof(checktext) / 2 + sizeof(checktext) / 100) { + printf("More than 51%% matches after garbling\n"); + ++err; + } + + if (matches < sizeof(checktext) / 2) { + printf("Garble extends backwards!\n"); + ++err; + } + + /* Bi-directional IGE */ + + /* + * Note that we don't have to recover the IV, because chaining isn't + */ + /* possible with biIGE, so the IV is not updated. */ + + RAND_bytes(rkey2, sizeof(rkey2)); + + /* Straight encrypt/decrypt */ + AES_set_encrypt_key(rkey, 8 * sizeof(rkey), &key); + AES_set_encrypt_key(rkey2, 8 * sizeof(rkey2), &key2); + AES_bi_ige_encrypt(plaintext, ciphertext, TEST_SIZE, &key, &key2, iv, + AES_ENCRYPT); + + AES_set_decrypt_key(rkey, 8 * sizeof(rkey), &key); + AES_set_decrypt_key(rkey2, 8 * sizeof(rkey2), &key2); + AES_bi_ige_encrypt(ciphertext, checktext, TEST_SIZE, &key, &key2, iv, + AES_DECRYPT); + + if (memcmp(checktext, plaintext, TEST_SIZE)) { + printf("Encrypt+decrypt doesn't match\n"); + hexdump(stdout, "Plaintext", plaintext, TEST_SIZE); + hexdump(stdout, "Checktext", checktext, TEST_SIZE); + ++err; + } + + /* make sure garble extends both ways */ + AES_set_encrypt_key(rkey, 8 * sizeof(rkey), &key); + AES_set_encrypt_key(rkey2, 8 * sizeof(rkey2), &key2); + AES_ige_encrypt(plaintext, ciphertext, sizeof(plaintext), &key, iv, + AES_ENCRYPT); + + /* corrupt halfway through */ + ++ciphertext[sizeof(ciphertext) / 2]; + AES_set_decrypt_key(rkey, 8 * sizeof(rkey), &key); + AES_set_decrypt_key(rkey2, 8 * sizeof(rkey2), &key2); + AES_ige_encrypt(ciphertext, checktext, sizeof(checktext), &key, iv, + AES_DECRYPT); + + matches = 0; + for (n = 0; n < sizeof(checktext); ++n) + if (checktext[n] == plaintext[n]) + ++matches; + + if (matches > sizeof(checktext) / 100) { + printf("More than 1%% matches after bidirectional garbling\n"); + ++err; + } + + /* make sure garble extends both ways (2) */ + AES_set_encrypt_key(rkey, 8 * sizeof(rkey), &key); + AES_set_encrypt_key(rkey2, 8 * sizeof(rkey2), &key2); + AES_ige_encrypt(plaintext, ciphertext, sizeof(plaintext), &key, iv, + AES_ENCRYPT); + + /* corrupt right at the end */ + ++ciphertext[sizeof(ciphertext) - 1]; + AES_set_decrypt_key(rkey, 8 * sizeof(rkey), &key); + AES_set_decrypt_key(rkey2, 8 * sizeof(rkey2), &key2); + AES_ige_encrypt(ciphertext, checktext, sizeof(checktext), &key, iv, + AES_DECRYPT); + + matches = 0; + for (n = 0; n < sizeof(checktext); ++n) + if (checktext[n] == plaintext[n]) + ++matches; + + if (matches > sizeof(checktext) / 100) { + printf("More than 1%% matches after bidirectional garbling (2)\n"); + ++err; + } + + /* make sure garble extends both ways (3) */ + AES_set_encrypt_key(rkey, 8 * sizeof(rkey), &key); + AES_set_encrypt_key(rkey2, 8 * sizeof(rkey2), &key2); + AES_ige_encrypt(plaintext, ciphertext, sizeof(plaintext), &key, iv, + AES_ENCRYPT); + + /* corrupt right at the start */ + ++ciphertext[0]; + AES_set_decrypt_key(rkey, 8 * sizeof(rkey), &key); + AES_set_decrypt_key(rkey2, 8 * sizeof(rkey2), &key2); + AES_ige_encrypt(ciphertext, checktext, sizeof(checktext), &key, iv, + AES_DECRYPT); + + matches = 0; + for (n = 0; n < sizeof(checktext); ++n) + if (checktext[n] == plaintext[n]) + ++matches; + + if (matches > sizeof(checktext) / 100) { + printf("More than 1%% matches after bidirectional garbling (3)\n"); + ++err; + } + + err += run_test_vectors(); + + return err; +} diff --git a/openssl-1.1.0h/test/md2test.c b/openssl-1.1.0h/test/md2test.c new file mode 100644 index 0000000..cb667cb --- /dev/null +++ b/openssl-1.1.0h/test/md2test.c @@ -0,0 +1,92 @@ +/* + * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#include +#include +#include + +#include "../e_os.h" + +#ifdef OPENSSL_NO_MD2 +int main(int argc, char *argv[]) +{ + printf("No MD2 support\n"); + return (0); +} +#else +# include +# include + +# ifdef CHARSET_EBCDIC +# include +# endif + +static char *test[] = { + "", + "a", + "abc", + "message digest", + "abcdefghijklmnopqrstuvwxyz", + "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789", + "12345678901234567890123456789012345678901234567890123456789012345678901234567890", + NULL, +}; + +static char *ret[] = { + "8350e5a3e24c153df2275c9f80692773", + "32ec01ec4a6dac72c0ab96fb34c0b5d1", + "da853b0d3f88d99b30283a69e6ded6bb", + "ab4f496bfb2a530b219ff33031fe06b0", + "4e8ddff3650292ab5a4108c3aa47940b", + "da33def2a42df13975352846c30338cd", + "d5976f79d83d3a0dc9806c3c66f3efd8", +}; + +static char *pt(unsigned char *md); +int main(int argc, char *argv[]) +{ + int i, err = 0; + char **P, **R; + char *p; + unsigned char md[MD2_DIGEST_LENGTH]; + + P = test; + R = ret; + i = 1; + while (*P != NULL) { + if (!EVP_Digest((unsigned char *)*P, strlen(*P), md, NULL, EVP_md2(), + NULL)) { + printf("EVP Digest error.\n"); + EXIT(1); + } + p = pt(md); + if (strcmp(p, *R) != 0) { + printf("error calculating MD2 on '%s'\n", *P); + printf("got %s instead of %s\n", p, *R); + err++; + } else + printf("test %d ok\n", i); + i++; + R++; + P++; + } + EXIT(err); + return err; +} + +static char *pt(unsigned char *md) +{ + int i; + static char buf[80]; + + for (i = 0; i < MD2_DIGEST_LENGTH; i++) + sprintf(&(buf[i * 2]), "%02x", md[i]); + return (buf); +} +#endif diff --git a/openssl-1.1.0h/test/md4test.c b/openssl-1.1.0h/test/md4test.c new file mode 100644 index 0000000..448f9b7 --- /dev/null +++ b/openssl-1.1.0h/test/md4test.c @@ -0,0 +1,87 @@ +/* + * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#include +#include +#include + +#include "../e_os.h" + +#ifdef OPENSSL_NO_MD4 +int main(int argc, char *argv[]) +{ + printf("No MD4 support\n"); + return (0); +} +#else +# include +# include + +static char *test[] = { + "", + "a", + "abc", + "message digest", + "abcdefghijklmnopqrstuvwxyz", + "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789", + "12345678901234567890123456789012345678901234567890123456789012345678901234567890", + NULL, +}; + +static char *ret[] = { + "31d6cfe0d16ae931b73c59d7e0c089c0", + "bde52cb31de33e46245e05fbdbd6fb24", + "a448017aaf21d8525fc10ae87aa6729d", + "d9130a8164549fe818874806e1c7014b", + "d79e1c308aa5bbcdeea8ed63df412da9", + "043f8582f241db351ce627e153e7f0e4", + "e33b4ddc9c38f2199c3e7b164fcc0536", +}; + +static char *pt(unsigned char *md); +int main(int argc, char *argv[]) +{ + int i, err = 0; + char **P, **R; + char *p; + unsigned char md[MD4_DIGEST_LENGTH]; + + P = test; + R = ret; + i = 1; + while (*P != NULL) { + if (!EVP_Digest(&(P[0][0]), strlen((char *)*P), md, NULL, EVP_md4(), + NULL)) { + printf("EVP Digest error.\n"); + EXIT(1); + } + p = pt(md); + if (strcmp(p, (char *)*R) != 0) { + printf("error calculating MD4 on '%s'\n", *P); + printf("got %s instead of %s\n", p, *R); + err++; + } else + printf("test %d ok\n", i); + i++; + R++; + P++; + } + EXIT(err); +} + +static char *pt(unsigned char *md) +{ + int i; + static char buf[80]; + + for (i = 0; i < MD4_DIGEST_LENGTH; i++) + sprintf(&(buf[i * 2]), "%02x", md[i]); + return (buf); +} +#endif diff --git a/openssl-1.1.0h/test/md5test.c b/openssl-1.1.0h/test/md5test.c new file mode 100644 index 0000000..ec6c692 --- /dev/null +++ b/openssl-1.1.0h/test/md5test.c @@ -0,0 +1,88 @@ +/* + * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#include +#include +#include + +#include "../e_os.h" + +#ifdef OPENSSL_NO_MD5 +int main(int argc, char *argv[]) +{ + printf("No MD5 support\n"); + return (0); +} +#else +# include +# include + +static char *test[] = { + "", + "a", + "abc", + "message digest", + "abcdefghijklmnopqrstuvwxyz", + "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789", + "12345678901234567890123456789012345678901234567890123456789012345678901234567890", + NULL, +}; + +static char *ret[] = { + "d41d8cd98f00b204e9800998ecf8427e", + "0cc175b9c0f1b6a831c399e269772661", + "900150983cd24fb0d6963f7d28e17f72", + "f96b697d7cb7938d525a2f31aaf161d0", + "c3fcd3d76192e4007dfb496cca67e13b", + "d174ab98d277d9f5a5611c2c9f419d9f", + "57edf4a22be3c955ac49da2e2107b67a", +}; + +static char *pt(unsigned char *md); +int main(int argc, char *argv[]) +{ + int i, err = 0; + char **P, **R; + char *p; + unsigned char md[MD5_DIGEST_LENGTH]; + + P = test; + R = ret; + i = 1; + while (*P != NULL) { + if (!EVP_Digest(&(P[0][0]), strlen((char *)*P), md, NULL, EVP_md5(), + NULL)) { + printf("EVP Digest error.\n"); + EXIT(1); + } + p = pt(md); + if (strcmp(p, (char *)*R) != 0) { + printf("error calculating MD5 on '%s'\n", *P); + printf("got %s instead of %s\n", p, *R); + err++; + } else + printf("test %d ok\n", i); + i++; + R++; + P++; + } + + EXIT(err); +} + +static char *pt(unsigned char *md) +{ + int i; + static char buf[80]; + + for (i = 0; i < MD5_DIGEST_LENGTH; i++) + sprintf(&(buf[i * 2]), "%02x", md[i]); + return (buf); +} +#endif diff --git a/openssl-1.1.0h/test/mdc2test.c b/openssl-1.1.0h/test/mdc2test.c new file mode 100644 index 0000000..d56bdcd --- /dev/null +++ b/openssl-1.1.0h/test/mdc2test.c @@ -0,0 +1,99 @@ +/* + * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#include +#include +#include + +#include "../e_os.h" + +#if defined(OPENSSL_NO_DES) && !defined(OPENSSL_NO_MDC2) +# define OPENSSL_NO_MDC2 +#endif + +#ifdef OPENSSL_NO_MDC2 +int main(int argc, char *argv[]) +{ + printf("No MDC2 support\n"); + return (0); +} +#else +# include +# include + +# ifdef CHARSET_EBCDIC +# include +# endif + +static unsigned char pad1[16] = { + 0x42, 0xE5, 0x0C, 0xD2, 0x24, 0xBA, 0xCE, 0xBA, + 0x76, 0x0B, 0xDD, 0x2B, 0xD4, 0x09, 0x28, 0x1A +}; + +static unsigned char pad2[16] = { + 0x2E, 0x46, 0x79, 0xB5, 0xAD, 0xD9, 0xCA, 0x75, + 0x35, 0xD8, 0x7A, 0xFE, 0xAB, 0x33, 0xBE, 0xE2 +}; + +int main(int argc, char *argv[]) +{ + int ret = 1; + unsigned char md[MDC2_DIGEST_LENGTH]; + int i; + EVP_MD_CTX *c; + static char text[] = "Now is the time for all "; + +# ifdef CHARSET_EBCDIC + ebcdic2ascii(text, text, strlen(text)); +# endif + + c = EVP_MD_CTX_new(); + if (c == NULL + || !EVP_DigestInit_ex(c, EVP_mdc2(), NULL) + || !EVP_DigestUpdate(c, (unsigned char *)text, strlen(text)) + || !EVP_DigestFinal_ex(c, &(md[0]), NULL)) + goto err; + + if (memcmp(md, pad1, MDC2_DIGEST_LENGTH) != 0) { + for (i = 0; i < MDC2_DIGEST_LENGTH; i++) + printf("%02X", md[i]); + printf(" <- generated\n"); + for (i = 0; i < MDC2_DIGEST_LENGTH; i++) + printf("%02X", pad1[i]); + printf(" <- correct\n"); + goto err; + } else { + printf("pad1 - ok\n"); + } + + if (!EVP_DigestInit_ex(c, EVP_mdc2(), NULL)) + goto err; + /* FIXME: use a ctl function? */ + ((MDC2_CTX *)EVP_MD_CTX_md_data(c))->pad_type = 2; + if (!EVP_DigestUpdate(c, (unsigned char *)text, strlen(text)) + || !EVP_DigestFinal_ex(c, &(md[0]), NULL)) + goto err; + + if (memcmp(md, pad2, MDC2_DIGEST_LENGTH) != 0) { + for (i = 0; i < MDC2_DIGEST_LENGTH; i++) + printf("%02X", md[i]); + printf(" <- generated\n"); + for (i = 0; i < MDC2_DIGEST_LENGTH; i++) + printf("%02X", pad2[i]); + printf(" <- correct\n"); + } else { + printf("pad2 - ok\n"); + ret = 0; + } + + err: + EVP_MD_CTX_free(c); + EXIT(ret); +} +#endif diff --git a/openssl-1.1.0h/test/memleaktest.c b/openssl-1.1.0h/test/memleaktest.c new file mode 100644 index 0000000..2b23df7 --- /dev/null +++ b/openssl-1.1.0h/test/memleaktest.c @@ -0,0 +1,46 @@ +/* + * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#include +#include +#include +#include + +int main(int argc, char **argv) +{ +#ifndef OPENSSL_NO_CRYPTO_MDEBUG + char *p; + char *lost; + int noleak; + + p = getenv("OPENSSL_DEBUG_MEMORY"); + if (p != NULL && strcmp(p, "on") == 0) + CRYPTO_set_mem_debug(1); + CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON); + + lost = OPENSSL_malloc(3); + if (lost == NULL) { + fprintf(stderr, "OPENSSL_malloc failed\n"); + return 1; + } + + if (argv[1] && strcmp(argv[1], "freeit") == 0) { + OPENSSL_free(lost); + lost = NULL; + } + + noleak = CRYPTO_mem_leaks_fp(stderr); + /* If -1 return value something bad happened */ + if (noleak == -1) + return 1; + return ((lost != NULL) ^ (noleak == 0)); +#else + return 0; +#endif +} diff --git a/openssl-1.1.0h/test/methtest.c b/openssl-1.1.0h/test/methtest.c new file mode 100644 index 0000000..11aa233 --- /dev/null +++ b/openssl-1.1.0h/test/methtest.c @@ -0,0 +1,57 @@ +/* + * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#include +#include +#include +#include +#include "meth.h" +#include + +int main(argc, argv) +int argc; +char *argv[]; +{ + METHOD_CTX *top, *tmp1, *tmp2; + + top = METH_new(x509_lookup()); /* get a top level context */ + if (top == NULL) + goto err; + + tmp1 = METH_new(x509_by_file()); + if (top == NULL) + goto err; + METH_arg(tmp1, METH_TYPE_FILE, "cafile1"); + METH_arg(tmp1, METH_TYPE_FILE, "cafile2"); + METH_push(top, METH_X509_CA_BY_SUBJECT, tmp1); + + tmp2 = METH_new(x509_by_dir()); + METH_arg(tmp2, METH_TYPE_DIR, "/home/eay/.CAcerts"); + METH_arg(tmp2, METH_TYPE_DIR, "/home/eay/SSLeay/certs"); + METH_arg(tmp2, METH_TYPE_DIR, "/usr/local/ssl/certs"); + METH_push(top, METH_X509_CA_BY_SUBJECT, tmp2); + +/*- tmp=METH_new(x509_by_issuer_dir); + METH_arg(tmp,METH_TYPE_DIR,"/home/eay/.mycerts"); + METH_push(top,METH_X509_BY_ISSUER,tmp); + + tmp=METH_new(x509_by_issuer_primary); + METH_arg(tmp,METH_TYPE_FILE,"/home/eay/.mycerts/primary.pem"); + METH_push(top,METH_X509_BY_ISSUER,tmp); +*/ + + METH_init(top); + METH_control(tmp1, METH_CONTROL_DUMP, stdout); + METH_control(tmp2, METH_CONTROL_DUMP, stdout); + EXIT(0); + err: + ERR_print_errors_fp(stderr); + EXIT(1); + return (0); +} diff --git a/openssl-1.1.0h/test/ocsp-tests/D1.ors b/openssl-1.1.0h/test/ocsp-tests/D1.ors new file mode 100644 index 0000000..3fa4a11 --- /dev/null +++ b/openssl-1.1.0h/test/ocsp-tests/D1.ors @@ -0,0 +1,32 @@ +MIIFzwoBAKCCBcgwggXEBgkrBgEFBQcwAQEEggW1MIIFsTCBoKIWBBRf2uQDFpGg +Ywh4P1y2H9bZ2/BQNBgPMjAxMjEwMjMxMDI1MzZaMHUwczBLMAkGBSsOAwIaBQAE +FKByDqBqfGICVPKo9Z3Se6Tzty+kBBSwsEr9HHUo+BxhqhP2+sGQPWsWowISESG8 +vx4IzALnkqQG05AvM+2bgAAYDzIwMTIxMDIzMDcwMDAwWqARGA8yMDEyMTAzMDA4 +MDAwMFowCwYJKoZIhvcNAQEFA4IBAQAJU3hXN7NApN50/vlZTG2p8+QQJp4uaod3 +wyBQ0Ux3DoQZQ9RG6/7Mm4qpOLCCSTh/lJjZ0fD+9eB3gcp/JupN1JrU+dgTyv/Y +9MOctJz7y+VoU9I+qB8knV4sQCwohAVm8GmA9s4p/rHq5Oymci0SuG/QCfkVxOub +rI1bWjbHLvvXyvF3PoGMORVHG3SA+jJ9VkHWJyi6brHxY+QR/iYxer8lJsBtpyc7 +q2itFgvax/OHwne3lxsck9q0QgKpmEdJu2LuGyWFIhrEwR3b7ASEu1G/nKClv3dR +vyOXMm1XIwuUhCjAcpNEKiOMorFwnLS1F8LhfqFWTAFG0JbWpAi8oIID+DCCA/Qw +ggPwMIIC2KADAgECAhIRISdENsrz1CSWG3VIBwfQERQwDQYJKoZIhvcNAQEFBQAw +WTELMAkGA1UEBhMCQkUxGTAXBgNVBAoTEEdsb2JhbFNpZ24gbnYtc2ExLzAtBgNV +BAMTJkdsb2JhbFNpZ24gRXh0ZW5kZWQgVmFsaWRhdGlvbiBDQSAtIEcyMB4XDTEy +MDkxOTA3NDA1MFoXDTEyMTIxOTA4NDA1MFowgYUxCzAJBgNVBAYTAkJFMRkwFwYD +VQQKExBHbG9iYWxTaWduIG52LXNhMUIwQAYDVQQDEzlHbG9iYWxTaWduIEV4dGVu +ZGVkIFZhbGlkYXRpb24gQ0EgLSBHMiBPQ1NQIHJlc3BvbmRlciAtIDIxFzAVBgNV +BAUTDjIwMTIwOTE5MDk0MDAwMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC +AQEAnCgMsBO+IxIqCnXCOfXJoIC3wj+f0s4DV9h2gJBzisWXkaJD2DfNrd0kHUXK +qVVPUxnA4G5iZu0Z385/KiOt1/P6vQ/Z2/AsEh/8Z/hIyeZCHL31wrSZW4yLeZwi +M76wPiBHJxPun681HQlVs/OGKSHnbHc1XJAIeA/M8u+lLWqIKB+AJ82TrOqUMj1s +LjGhQNs84xPliONN5K7DrEy+Y65X/rFxN77Smw+UtcH1GgH2NgaHH8dpt1m25sgm +UxZWhdx66opB/lbRQwWdGt7MC0kJFaWHDZq64DTuYoekFYSxAFu0nd0EekEHEJEi +9mquB9cv/96SuEJl8BcUWU/1LwIDAQABo4GEMIGBMAkGA1UdEwQCMAAwDgYDVR0P +AQH/BAQDAgeAMBMGA1UdJQQMMAoGCCsGAQUFBwMJMA8GCSsGAQUFBzABBQQCBQAw +HQYDVR0OBBYEFF/a5AMWkaBjCHg/XLYf1tnb8FA0MB8GA1UdIwQYMBaAFLCwSv0c +dSj4HGGqE/b6wZA9axajMA0GCSqGSIb3DQEBBQUAA4IBAQCKRl1iXFmOQtLseDWP +Y5icDDBGiRi17CGgvIzGJi/ha0PhbO+X0TmQIEnRX3Mu0Er/Mm4RZSjMtJ2iZRh3 +tGf4Dn+jKgKOmgXC3oOG/l8RPHLf0yaPSdn/z0TXtA30vTFBLlFeWnhbfhovea4+ +snPdBxLqWZdtxmiwojgqA7YATCWwavizrBr09YRyDwzgtpZ2BwMruGuFuV9FsEwL +PCM53yFlrM32oFghyfyE5kYjgnnueKM+pw1kA0jgb1CnVJRrMEN1TXuXDAZLtHKG +5X/drah1JtkoZhCzxzZ3bYdVDQJ90OHFqM58lwGD6z3XuPKrHDKZKt+CPIsl5g7p +4J2l diff --git a/openssl-1.1.0h/test/ocsp-tests/D1_Cert_EE.pem b/openssl-1.1.0h/test/ocsp-tests/D1_Cert_EE.pem new file mode 100644 index 0000000..c5b993c --- /dev/null +++ b/openssl-1.1.0h/test/ocsp-tests/D1_Cert_EE.pem @@ -0,0 +1,38 @@ +-----BEGIN CERTIFICATE----- +MIIGujCCBaKgAwIBAgISESG8vx4IzALnkqQG05AvM+2bMA0GCSqGSIb3DQEBBQUA +MFkxCzAJBgNVBAYTAkJFMRkwFwYDVQQKExBHbG9iYWxTaWduIG52LXNhMS8wLQYD +VQQDEyZHbG9iYWxTaWduIEV4dGVuZGVkIFZhbGlkYXRpb24gQ0EgLSBHMjAeFw0x +MjA4MTQxMjM1MDJaFw0xMzA4MTUxMDMxMjlaMIIBCjEdMBsGA1UEDwwUUHJpdmF0 +ZSBPcmdhbml6YXRpb24xDzANBgNVBAUTBjU3ODYxMTETMBEGCysGAQQBgjc8AgED +EwJVUzEeMBwGCysGAQQBgjc8AgECEw1OZXcgSGFtcHNoaXJlMQswCQYDVQQGEwJV +UzEWMBQGA1UECAwNTmV3IEhhbXBzaGlyZTETMBEGA1UEBwwKUG9ydHNtb3V0aDEg +MB4GA1UECRMXVHdvIEludGVybmF0aW9uYWwgRHJpdmUxDTALBgNVBAsMBC5DT00x +GzAZBgNVBAoMEkdNTyBHbG9iYWxTaWduIEluYzEbMBkGA1UEAwwSd3d3Lmdsb2Jh +bHNpZ24uY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqx/nHBP4 +6s5KKMDlfZS4qFDiAWsoPSRn6WO4nrUF/G2S3I/AdJ0IcSDOHb48/3APj5alqbgo +o4IzdG6KLAbENpHMl0L3pHBq/5tJPTi02SbiYUHfp2fhueMauRo8spfEk6fNRnDn +QpyMFRkYd7Jz+KMerTO1xAcOH+xp0KkcP0i2jFTEuM3LwR0yTms1rry+RryjDDt5 +7W0DLnNFWhyGd6YymzNkCPeL6weV8uk2uYRKKf2XOAzgIpNo3zU6iakZOzlQB9h9 +qRuIks2AU/cZ89cBkDjHua0ezX5rG3/Url33jAT9cR5zCXHWtj7VzlOjDXXnn16b +L9/AWsvGMNkYHQIDAQABo4ICxzCCAsMwDgYDVR0PAQH/BAQDAgWgMEwGA1UdIARF +MEMwQQYJKwYBBAGgMgEBMDQwMgYIKwYBBQUHAgEWJmh0dHBzOi8vd3d3Lmdsb2Jh +bHNpZ24uY29tL3JlcG9zaXRvcnkvMIIBKwYDVR0RBIIBIjCCAR6CEnd3dy5nbG9i +YWxzaWduLmNvbYIVc3RhdHVzLmdsb2JhbHNpZ24uY29tghF0aC5nbG9iYWxzaWdu +LmNvbYISZGV2Lmdsb2JhbHNpZ24uY29tghNpbmZvLmdsb2JhbHNpZ24uY29tghZh +cmNoaXZlLmdsb2JhbHNpZ24uY29tghZzdGF0aWMxLmdsb2JhbHNpZ24uY29tghZz +dGF0aWMyLmdsb2JhbHNpZ24uY29tghNibG9nLmdsb2JhbHNpZ24uY29tghdzc2xj +aGVjay5nbG9iYWxzaWduLmNvbYIVc3lzdGVtLmdsb2JhbHNpZ24uY29tghhvcGVy +YXRpb24uZ2xvYmFsc2lnbi5jb22CDmdsb2JhbHNpZ24uY29tMAkGA1UdEwQCMAAw +HQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMD8GA1UdHwQ4MDYwNKAyoDCG +Lmh0dHA6Ly9jcmwuZ2xvYmFsc2lnbi5jb20vZ3MvZ3NleHRlbmR2YWxnMi5jcmww +gYgGCCsGAQUFBwEBBHwwejBBBggrBgEFBQcwAoY1aHR0cDovL3NlY3VyZS5nbG9i +YWxzaWduLmNvbS9jYWNlcnQvZ3NleHRlbmR2YWxnMi5jcnQwNQYIKwYBBQUHMAGG +KWh0dHA6Ly9vY3NwMi5nbG9iYWxzaWduLmNvbS9nc2V4dGVuZHZhbGcyMB0GA1Ud +DgQWBBSvMoTDlFB0aVgVrNkkS1QSmYfx1zAfBgNVHSMEGDAWgBSwsEr9HHUo+Bxh +qhP2+sGQPWsWozANBgkqhkiG9w0BAQUFAAOCAQEAgnohm8IRw1ukfc0GmArK3ZLC +DLGpsefwWMvNrclqwrgtVrBx4pfe5xGAjqyQ2QI8V8a8a1ytVMCSC1AMWiWxawvW +fw48fHunqtpTYNDyEe1Q+7tTGZ0SQ3HljYY9toVEjAMDhiM0Szl6ERRO5S7BTCen +mDpWZF8w3ScRRY2UJc8xwWFiYyGWDNzNL1O8R2Y95QIkHUgQpSD3cjl4YvF/Xx/o +hBEzl884uNAggIyQRu0ImLEetEtHWB2w0pZG3nTAqjOAAAyH2Q8IHoJtjQzvg6fy +IQEO1C5GoQ7isiKIjKBXVYOm+gKSQXlzwj1BlU/OW6kEe24IiERhAN9ILA24wA== +-----END CERTIFICATE----- diff --git a/openssl-1.1.0h/test/ocsp-tests/D1_Issuer_ICA.pem b/openssl-1.1.0h/test/ocsp-tests/D1_Issuer_ICA.pem new file mode 100644 index 0000000..b650f38 --- /dev/null +++ b/openssl-1.1.0h/test/ocsp-tests/D1_Issuer_ICA.pem @@ -0,0 +1,27 @@ +-----BEGIN CERTIFICATE----- +MIIEhjCCA26gAwIBAgILBAAAAAABL07hXdQwDQYJKoZIhvcNAQEFBQAwTDEgMB4G +A1UECxMXR2xvYmFsU2lnbiBSb290IENBIC0gUjIxEzARBgNVBAoTCkdsb2JhbFNp +Z24xEzARBgNVBAMTCkdsb2JhbFNpZ24wHhcNMTEwNDEzMTAwMDAwWhcNMjIwNDEz +MTAwMDAwWjBZMQswCQYDVQQGEwJCRTEZMBcGA1UEChMQR2xvYmFsU2lnbiBudi1z +YTEvMC0GA1UEAxMmR2xvYmFsU2lnbiBFeHRlbmRlZCBWYWxpZGF0aW9uIENBIC0g +RzIwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDNoUbMUpq4pbR/WNnN +2EugcgyXW6aIIMO5PUbc0FxSMPb6WU+FX7DbiLSpXysjSKyr9ZJ4FLYyD/tcaoVb +AJDgu2X1WvlPZ37HbCnsk8ArysRe2LDb1r4/mwvAj6ldrvcAAqT8umYROHf+IyAl +VRDFvYK5TLFoxuJwe4NcE2fBofN8C6iZmtDimyUxyCuNQPZSY7GgrVou9Xk2bTUs +Dt0F5NDiB0i3KF4r1VjVbNAMoQFGAVqPxq9kx1UBXeHRxmxQJaAFrQCrDI1la93r +wnJUyQ88ABeHIu/buYZ4FlGud9mmKE3zWI2DZ7k0JZscUYBR84OSaqOuR5rW5Isb +wO2xAgMBAAGjggFaMIIBVjAOBgNVHQ8BAf8EBAMCAQYwEgYDVR0TAQH/BAgwBgEB +/wIBADAdBgNVHQ4EFgQUsLBK/Rx1KPgcYaoT9vrBkD1rFqMwRwYDVR0gBEAwPjA8 +BgRVHSAAMDQwMgYIKwYBBQUHAgEWJmh0dHBzOi8vd3d3Lmdsb2JhbHNpZ24uY29t +L3JlcG9zaXRvcnkvMDYGA1UdHwQvMC0wK6ApoCeGJWh0dHA6Ly9jcmwuZ2xvYmFs +c2lnbi5uZXQvcm9vdC1yMi5jcmwwRAYIKwYBBQUHAQEEODA2MDQGCCsGAQUFBzAB +hihodHRwOi8vb2NzcC5nbG9iYWxzaWduLmNvbS9FeHRlbmRlZFNTTENBMCkGA1Ud +JQQiMCAGCCsGAQUFBwMBBggrBgEFBQcDAgYKKwYBBAGCNwoDAzAfBgNVHSMEGDAW +gBSb4gdXZxwewGoG3lm0mi3f3BmGLjANBgkqhkiG9w0BAQUFAAOCAQEAL0m28rZa +pJWrnlrpK4KbzJBrfHRFIOde2Mcj7ig1sTVlKqVR4FU/9oNntOQ2KbDa7JeVqYoF +o0X+Iy5SiLQfEICt0oufo1+oxetz3nmIQZgz7qdgGLFGyUAQB5yPClLJExoGbqCb +LTr2rk/no1E1KlsYBRLlUdy2NmLz4aQP++TPw5S/EauhWTEB8MxT7I9j12yW00gq +iiPtRVaoZkHqAblH7qFHDBTxI+Egc8p9UHxkOFejj0qcm+ltRc9Ea01gIEBxJbVG +qmwIft/I+shWKpLLg7h5CZctXqEBzgbttJfJBNxB7+BPNk3kQHNG7BESfIhbNCYl +TercGL7FG81kwA== +-----END CERTIFICATE----- diff --git a/openssl-1.1.0h/test/ocsp-tests/D2.ors b/openssl-1.1.0h/test/ocsp-tests/D2.ors new file mode 100644 index 0000000..dcbd4d4 --- /dev/null +++ b/openssl-1.1.0h/test/ocsp-tests/D2.ors @@ -0,0 +1,32 @@ +MIIF4AoBAKCCBdkwggXVBgkrBgEFBQcwAQEEggXGMIIFwjCBmaIWBBTqlwecTarB +yVdbHxANRLCFYj1mqBgPMjAxMjEwMjMxMDI1MzZaMG4wbDBEMAkGBSsOAwIaBQAE +FLdXtbacB/gWIxOOkMkqDr4yAaoxBBRge2YaRQ2XyolQL30EzTSo//z9SwILBAAA +AAABL07hRxCAABgPMjAxMjEwMDEwNjAwMDBaoBEYDzIwMTMwNDE1MDYwMDAwWjAL +BgkqhkiG9w0BAQUDggEBAEJN4FuPQPnizPIwEj4Q8Ht765gI6QqMNrvj3UykxYeu +qUajKcqA+V1zaDHTaz+eCQthtmCNKC9T+zVkjGelVsd7Kn2fVKWqp+5wVPI8dVkm +6Gs/IGZ16HDnQ/siTrY3ILWCRz4Hf6lnHpIErQuQRQyjlGKNcE7RYmjGw4w0bxx8 +vHN/baCMApBL0D0zeBqlpJCMUZqJJ3D1+87HxHYR1MkMZDC9rOPIhlpEP4yL17gx +ckrPf+w+A/3kC++jVeA3b8Xtr+MaWOFH4xVn6BTxopczZKVl18tSYqgwITlx5/cL +LpYEdllC0l83E8GRzsOp0SvFxo0NBotgFNZQQujpOzagggQQMIIEDDCCBAgwggLw +oAMCAQICCwQAAAAAAThXovYBMA0GCSqGSIb3DQEBBQUAMFcxCzAJBgNVBAYTAkJF +MRkwFwYDVQQKExBHbG9iYWxTaWduIG52LXNhMRAwDgYDVQQLEwdSb290IENBMRsw +GQYDVQQDExJHbG9iYWxTaWduIFJvb3QgQ0EwHhcNMTIwNzA1MTgwMDAwWhcNMTMw +NzA1MTgwMDAwWjBZMQswCQYDVQQGEwJCRTEZMBcGA1UEChMQR2xvYmFsU2lnbiBu +di1zYTEvMC0GA1UEAxMmR2xvYmFsU2lnbiBPQ1NQIGZvciBSb290IFIxIC0gQnJh +bmNoIDEwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDP2QF8p0+Fb7ID +MwwD1gEr2oazjqbW28EZr3YEyMPk+7VFaGePSO1xjBGIE48Q7m7d6p6ZXCzlBZEi +oudrHSr3WDqdIVKLDrZIDkgEgdjJE72Hq6Pf5CEGXyebbODm4sV96EfewSvOOYLL +866g3aoVhLDK02ny+Q5OsokW7nhnmGMMh10tZqR5VmdQTiw8MgeqUxBEaEO4WH2J +ltgSsgNJBNBYuDgnn5ryzVqhvmCJvYZMYeN6qZFKy1MgHcR+wEpGLPlRL4ttu6e5 +MJrVta7dVFobHUHoFog97LtQT1PY0Ubaihswjge5O04bYeCrgSSjr1e4xH/KDxRw +yyhoscaFAgMBAAGjgdIwgc8wDgYDVR0PAQH/BAQDAgeAMB0GA1UdDgQWBBTqlwec +TarByVdbHxANRLCFYj1mqDBMBgNVHSAERTBDMEEGCSsGAQQBoDIBXzA0MDIGCCsG +AQUFBwIBFiZodHRwczovL3d3dy5nbG9iYWxzaWduLmNvbS9yZXBvc2l0b3J5LzAJ +BgNVHRMEAjAAMBMGA1UdJQQMMAoGCCsGAQUFBwMJMB8GA1UdIwQYMBaAFGB7ZhpF +DZfKiVAvfQTNNKj//P1LMA8GCSsGAQUFBzABBQQCBQAwDQYJKoZIhvcNAQEFBQAD +ggEBAHiC6N1uF29d7CmiVapA8Nr1xLSVeIkBd4A8yHsUTQ7ATI7bwT14QUV4awe7 +8cvmO5ZND8YG1ViwN162WFm9ivSoWBzvWDbU2JhQFb+XzrzCcdn0YbNiTxJh/vYm +uDuxto00dpBgujSOAQv8B90iDEJ+sZpYRzDRj62qStRey0zpq5eX+pA+gdppMUFb +4QvJf0El8TbLCWLN4TjrFe6ju7ZaN9zmgVYGQ2fMHKIGNScLuIA950nYwzRkIfHa +YW6HqP1rCR1EiYmstEeCQyDxJx+RUlh+q8L1BKzaMYhS6s63MZzQuGseYStaCmbC +fBIRKjnK621vAWvc7UR+0hqnZ+U= diff --git a/openssl-1.1.0h/test/ocsp-tests/D2_Cert_ICA.pem b/openssl-1.1.0h/test/ocsp-tests/D2_Cert_ICA.pem new file mode 100644 index 0000000..459f98e --- /dev/null +++ b/openssl-1.1.0h/test/ocsp-tests/D2_Cert_ICA.pem @@ -0,0 +1,26 @@ +-----BEGIN CERTIFICATE----- +MIIEdzCCA1+gAwIBAgILBAAAAAABL07hRxAwDQYJKoZIhvcNAQEFBQAwVzELMAkG +A1UEBhMCQkUxGTAXBgNVBAoTEEdsb2JhbFNpZ24gbnYtc2ExEDAOBgNVBAsTB1Jv +b3QgQ0ExGzAZBgNVBAMTEkdsb2JhbFNpZ24gUm9vdCBDQTAeFw0wNjEyMTUwODAw +MDBaFw0yODAxMjgxMjAwMDBaMEwxIDAeBgNVBAsTF0dsb2JhbFNpZ24gUm9vdCBD +QSAtIFIyMRMwEQYDVQQKEwpHbG9iYWxTaWduMRMwEQYDVQQDEwpHbG9iYWxTaWdu +MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAps8kDr4ubyiZRULEqz4h +VJsL03+EcPoSs8u/h1/Gf4bTsjBc1v2t8Xvc5fhglgmSEPXQU977e35ziKxSiHtK +pspJpl6op4xaEbx6guu+jOmzrJYlB5dKmSoHL7Qed7+KD7UCfBuWuMW5Oiy81hK5 +61l94tAGhl9eSWq1OV6INOy8eAwImIRsqM1LtKB9DHlN8LgtyyHK1WxbfeGgKYSh ++dOUScskYpEgvN0L1dnM+eonCitzkcadG6zIy+jgoPQvkItN+7A2G/YZeoXgbfJh +E4hcn+CTClGXilrOr6vV96oJqmC93Nlf33KpYBNeAAHJSvo/pOoHAyECjoLKA8Kb +jwIDAQABo4IBTTCCAUkwDgYDVR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8w +HQYDVR0OBBYEFJviB1dnHB7AagbeWbSaLd/cGYYuMEcGA1UdIARAMD4wPAYEVR0g +ADA0MDIGCCsGAQUFBwIBFiZodHRwczovL3d3dy5nbG9iYWxzaWduLmNvbS9yZXBv +c2l0b3J5LzAzBgNVHR8ELDAqMCigJqAkhiJodHRwOi8vY3JsLmdsb2JhbHNpZ24u +bmV0L3Jvb3QuY3JsMD0GCCsGAQUFBwEBBDEwLzAtBggrBgEFBQcwAYYhaHR0cDov +L29jc3AuZ2xvYmFsc2lnbi5jb20vcm9vdHIxMCkGA1UdJQQiMCAGCCsGAQUFBwMB +BggrBgEFBQcDAgYKKwYBBAGCNwoDAzAfBgNVHSMEGDAWgBRge2YaRQ2XyolQL30E +zTSo//z9SzANBgkqhkiG9w0BAQUFAAOCAQEAOg/NJk04MAioxvxc2Ah67/ocKgPO +Mq5EluFSA5UKUtZnr1uWfN0ZizBbNjprbqAVxoKhyzlmAFeLAqJuhfusVVq4FVAa +kN4JSOyo9lccGDG9xn3IvevCpzlRbaL/HHjeHCcE4c8klegO5NUfsPn7UMrLbp5i +JniG9cT1eI/dcq9uLtWe3c48y7jHLVRg1+WcAkuGRPBXUSvNCps8sfU6TB2KxfAw +PmWHxA5fbkqsiqge5/rkM4AVhFZlJZv7njCIy5EWwQXDqSTsIdLVsPy3I0annff3 +xlMSeDe0E3OPN5deBJv5mYuTPiZCl5/9HrXVy4hINKJmoPqsco/dRy+CdA== +-----END CERTIFICATE----- diff --git a/openssl-1.1.0h/test/ocsp-tests/D2_Issuer_Root.pem b/openssl-1.1.0h/test/ocsp-tests/D2_Issuer_Root.pem new file mode 100644 index 0000000..f4ce4ca --- /dev/null +++ b/openssl-1.1.0h/test/ocsp-tests/D2_Issuer_Root.pem @@ -0,0 +1,21 @@ +-----BEGIN CERTIFICATE----- +MIIDdTCCAl2gAwIBAgILBAAAAAABFUtaw5QwDQYJKoZIhvcNAQEFBQAwVzELMAkG +A1UEBhMCQkUxGTAXBgNVBAoTEEdsb2JhbFNpZ24gbnYtc2ExEDAOBgNVBAsTB1Jv +b3QgQ0ExGzAZBgNVBAMTEkdsb2JhbFNpZ24gUm9vdCBDQTAeFw05ODA5MDExMjAw +MDBaFw0yODAxMjgxMjAwMDBaMFcxCzAJBgNVBAYTAkJFMRkwFwYDVQQKExBHbG9i +YWxTaWduIG52LXNhMRAwDgYDVQQLEwdSb290IENBMRswGQYDVQQDExJHbG9iYWxT +aWduIFJvb3QgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDaDuaZ +jc6j40+Kfvvxi4Mla+pIH/EqsLmVEQS98GPR4mdmzxzdzxtIK+6NiY6arymAZavp +xy0Sy6scTHAHoT0KMM0VjU/43dSMUBUc71DuxC73/OlS8pF94G3VNTCOXkNz8kHp +1Wrjsok6Vjk4bwY8iGlbKk3Fp1S4bInMm/k8yuX9ifUSPJJ4ltbcdG6TRGHRjcdG +snUOhugZitVtbNV4FpWi6cgKOOvyJBNPc1STE4U6G7weNLWLBYy5d4ux2x8gkasJ +U26Qzns3dLlwR5EiUWMWea6xrkEmCMgZK9FGqkjWZCrXgzT/LCrBbBlDSgeF59N8 +9iFo7+ryUp9/k5DPAgMBAAGjQjBAMA4GA1UdDwEB/wQEAwIBBjAPBgNVHRMBAf8E +BTADAQH/MB0GA1UdDgQWBBRge2YaRQ2XyolQL30EzTSo//z9SzANBgkqhkiG9w0B +AQUFAAOCAQEA1nPnfE920I2/7LqivjTFKDK1fPxsnCwrvQmeU79rXqoRSLblCKOz +yj1hTdNGCbM+w6DjY1Ub8rrvrTnhQ7k4o+YviiY776BQVvnGCv04zcQLcFGUl5gE +38NflNUVyRRBnMRddWQVDf9VMOyGj/8N7yy5Y0b2qvzfvGn9LhJIZJrglfCm7ymP +AbEVtQwdpf5pLGkkeB6zpxxxYu7KyJesF12KwvhHhm4qxFYxldBniYUr+WymXUad +DKqC5JlR3XC321Y9YeRq4VzW9v493kHMB65jUr9TU/Qr6cf9tveCX4XSQRjbgbME +HMUfpIBvFSDJ3gyICh3WZlXi/EjJKSZp4A== +-----END CERTIFICATE----- diff --git a/openssl-1.1.0h/test/ocsp-tests/D3.ors b/openssl-1.1.0h/test/ocsp-tests/D3.ors new file mode 100644 index 0000000..d66439b --- /dev/null +++ b/openssl-1.1.0h/test/ocsp-tests/D3.ors @@ -0,0 +1,38 @@ +MIIG8AoBAKCCBukwggblBgkrBgEFBQcwAQEEggbWMIIG0jCB+aF+MHwxCzAJBgNV +BAYTAkFVMQwwCgYDVQQIEwNOU1cxDzANBgNVBAcTBlN5ZG5leTEUMBIGA1UEChML +Q0FjZXJ0IEluYy4xHjAcBgNVBAsTFVNlcnZlciBBZG1pbmlzdHJhdGlvbjEYMBYG +A1UEAxMPb2NzcC5jYWNlcnQub3JnGA8yMDEyMTAyMzEwMzkzMFowZjBkMDwwCQYF +Kw4DAhoFAAQUi6TJyxcpGUU+u45zCZG5JfKDImUEFBa1MhvUx/Pg5o7zvdKwOu6y +ORjRAgMLs8aAABgPMjAxMjEwMjMwOTU5MTJaoBEYDzIwMTIxMDI1MTAzOTMwWjAN +BgkqhkiG9w0BAQUFAAOCAQEAYaaAzW26JQGFRyawj9ROtnSdJ9QPJ6B/wfpJif8e +QU9lmKx0zIDdTum3Mc5tfxML71W025UW9jzowAfQ5bZbqa4nwZlWX5Py3hKebeYo +WiND4pvhS4BRkheSkycEok0bj1FJYWYiJVpnTqKAPnOKrlL4qvGC2IOHk2toS/Je +iLyoUwxrPtqaXt4Caoa3I70HE3H1QqvPIGIY6V4bxV7Km/xv99QOutkbfANGiNsx +W7EDB3TRNhldzMnjEwG58X5Pe3xwEVqjCiBL+wQ8JALn08bJzFn9E04aYrqCGc8s +gw1dgaBoZt+0vbQUN71KEocwMj5mzJqottOyqNwo7FZnBaCCBL4wggS6MIIEtjCC +Ap6gAwIBAgIDCpvzMA0GCSqGSIb3DQEBBQUAMHkxEDAOBgNVBAoTB1Jvb3QgQ0Ex +HjAcBgNVBAsTFWh0dHA6Ly93d3cuY2FjZXJ0Lm9yZzEiMCAGA1UEAxMZQ0EgQ2Vy +dCBTaWduaW5nIEF1dGhvcml0eTEhMB8GCSqGSIb3DQEJARYSc3VwcG9ydEBjYWNl +cnQub3JnMB4XDTExMDgyMzAwMDI1NloXDTEzMDgyMjAwMDI1NlowfDELMAkGA1UE +BhMCQVUxDDAKBgNVBAgTA05TVzEPMA0GA1UEBxMGU3lkbmV5MRQwEgYDVQQKEwtD +QWNlcnQgSW5jLjEeMBwGA1UECxMVU2VydmVyIEFkbWluaXN0cmF0aW9uMRgwFgYD +VQQDEw9vY3NwLmNhY2VydC5vcmcwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK +AoIBAQCcxtRv5CPHw3BLdR/k/K72YsRgodbP+UdAONmvBvWzhwm6B8h6O+M64sFr +2w6be7SYBECIyOQgNJ1flK4MoAWhdBA/H5NtxaDOKbAqA27tO9GaevcPp7c518O0 +3hVnlPLvsN1f48nY0jQOXUTfv5nYXmD0OSSK/V3IRo0KsWB6T9UnMGCeEwb4Oqqz +uzM0b4SBflzMEony/m6Tg/qL7qs2TLZAqe77+BZaVdFkDUnaBN7RyMruXySxeXiz +mogT3WhROeloMa/X+E01bWBYBEK7VZIY9pgBpXQ7vDbbIGgYuIXUi20wh03WMy16 +VDYdV0IUXHpidNUeK9W/BPP/7APBAgMBAAGjRDBCMAwGA1UdEwEB/wQCMAAwJwYD +VR0lBCAwHgYIKwYBBQUHAwIGCCsGAQUFBwMBBggrBgEFBQcDCTAJBgNVHREEAjAA +MA0GCSqGSIb3DQEBBQUAA4ICAQAoT6p5f3cGprAcgrnzdenfTmDe9LCW7k2VnazA +MAzpsD6gXcSlo4+3hoHem/SpKRH2tqi34DmImCiv/S6fxsKM4Gfn5rlkAFviuTvS +r5Zrwh4ZKSfaoWv4bmbzmcAxvuxdMWHf/5PbjegjzFTbBMekVPZY/abYtD6kdHQZ +VNgzwZVfTBfYhfa+Rg72I2zjKpMsjxMqWfTmUzW6wfK6LFudZqu0U1NnJw+IlnVU +6WtjL885ebQrmcRqWz3nMhVLIu5L3w/s+VTLvm7If6jcMDNUjz8s2BPcJeCXg3TE +STsyl6tvk17RRz2+9JskxVOk11xIn96xR4FCERIid2ek9z1xi7oYOajQF50i/9Gj +ReDEfRSyb4/LzoKDOY+h4Q6jryeHh7WIHFiK5qrBN2y8qOoRJ/OqQnqci/BJBNpe +g9Q9PJRgGSzRndTXNHiYRbeLpq7eGo3sPqlR9qBQ3rd98XGOU0RCMnzjKhENC3qo +5PkSF2xs8RmjWktFSTDwjYo0qf1teo7CGHjgaPjQ7JE8Q4ysFOQndSWmLpqwDcI9 +HfIvPwUIWArQrJRh9LCNSyvHVgLqY9kw8NW4TlMxV2WqaYCkiKi3XVRrSFR3ahS1 +VBvRZ8KpplrV7rhXjVSSqqfLk1sX3l72Ck2F9ON+qbNFmvhgNjSiBY9neMgo804a +wG/pag== diff --git a/openssl-1.1.0h/test/ocsp-tests/D3_Cert_EE.pem b/openssl-1.1.0h/test/ocsp-tests/D3_Cert_EE.pem new file mode 100644 index 0000000..f371ed1 --- /dev/null +++ b/openssl-1.1.0h/test/ocsp-tests/D3_Cert_EE.pem @@ -0,0 +1,31 @@ +-----BEGIN CERTIFICATE----- +MIIFZDCCA0ygAwIBAgIDC7PGMA0GCSqGSIb3DQEBBQUAMHkxEDAOBgNVBAoTB1Jv +b3QgQ0ExHjAcBgNVBAsTFWh0dHA6Ly93d3cuY2FjZXJ0Lm9yZzEiMCAGA1UEAxMZ +Q0EgQ2VydCBTaWduaW5nIEF1dGhvcml0eTEhMB8GCSqGSIb3DQEJARYSc3VwcG9y +dEBjYWNlcnQub3JnMB4XDTEyMDUwNjE4NDY0MVoXDTE0MDUwNjE4NDY0MVowWzEL +MAkGA1UEBhMCQVUxDDAKBgNVBAgTA05TVzEPMA0GA1UEBxMGU3lkbmV5MRQwEgYD +VQQKEwtDQWNlcnQgSW5jLjEXMBUGA1UEAxMOd3d3LmNhY2VydC5vcmcwggEiMA0G +CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDeNSAxSFtymeN6rQD69eXIJEnCCP7Z +24/fdOgxRDSBhfQDUVhdmsuDOvuziOoWGqRxZPcWdMEMRcJ5SrA2aHIstvnaLhUl +xp2fuaeXx9XMCJ9ZmzHZbH4wqLaU+UlhcSsdkPzapf3N3HaUAW8kT4bHEGzObYVC +UBxxhpY01EoGRQmnFojzLNF3+0O1npQzXg5MeIWHW/Z+9jE+6odL6IXgg1bvrP4d +FgoveTcG6BmJu+50RwHaUad7hQuNeS+pNsVzCiDdMF2qoCQXtAGhnEQ9/KHpBD2z +ISBVIyEbYxdyU/WxnkaOof63Mf/TAgMNzVN9duqEtFyvvMrQY1XkBBwfAgMBAAGj +ggERMIIBDTAMBgNVHRMBAf8EAjAAMDQGA1UdJQQtMCsGCCsGAQUFBwMCBggrBgEF +BQcDAQYJYIZIAYb4QgQBBgorBgEEAYI3CgMDMAsGA1UdDwQEAwIFoDAzBggrBgEF +BQcBAQQnMCUwIwYIKwYBBQUHMAGGF2h0dHA6Ly9vY3NwLmNhY2VydC5vcmcvMIGE +BgNVHREEfTB7gg53d3cuY2FjZXJ0Lm9yZ4IRc2VjdXJlLmNhY2VydC5vcmeCEnd3 +d21haWwuY2FjZXJ0Lm9yZ4IKY2FjZXJ0Lm9yZ4IOd3d3LmNhY2VydC5uZXSCCmNh +Y2VydC5uZXSCDnd3dy5jYWNlcnQuY29tggpjYWNlcnQuY29tMA0GCSqGSIb3DQEB +BQUAA4ICAQA2+uCGX18kZD8gyfj44TlwV4TXJ5BrT0M9qogg2k5u057i+X2ePy3D +iE2REyLkU+i5ekH5gvTl74uSJKtpSf/hMyJEByyPyIULhlXCl46z2Z60drYzO4ig +apCdkm0JthVGvk6/hjdaxgBGhUvSTEP5nLNkDa+uYVHJI58wfX2oh9gqxf8VnMJ8 +/A8Zi6mYCWUlFUobNd/ozyDZ6WVntrLib85sAFhds93nkoUYxgx1N9Xg/I31/jcL +6bqmpRAZcbPtvEom0RyqPLM+AOgySWiYbg1Nl8nKx25C2AuXk63NN4CVwkXpdFF3 +q5qk1izPruvJ68jNW0pG7nrMQsiY2BCesfGyEzY8vfrMjeR5MLNv5r+obeYFnC1j +uYp6JBt+thW+xPFzHYLjohKPwo/NbMOjIUM9gv/Pq3rVRPgWru4/8yYWhrmEK370 +rtlYBUSGRUdR8xed1Jvs+4qJ3s9t41mLSXvUfwyPsT7eoloUAfw3RhdwOzXoC2P6 +ftmniyu/b/HuYH1AWK+HFtFi9CHiMIqOJMhj/LnzL9udrQOpir7bVej/mlb3kSRo +2lZymKOvuMymMpJkvBvUU/QEbCxWZAkTyqL2qlcQhHv7W366DOFjxDqpthaTRD69 +T8i/2AnsBDjYFxa47DisIvR57rLmE+fILjSvd94N/IpGs3lSOS5JeA== +-----END CERTIFICATE----- diff --git a/openssl-1.1.0h/test/ocsp-tests/D3_Issuer_Root.pem b/openssl-1.1.0h/test/ocsp-tests/D3_Issuer_Root.pem new file mode 100644 index 0000000..3ccc18e --- /dev/null +++ b/openssl-1.1.0h/test/ocsp-tests/D3_Issuer_Root.pem @@ -0,0 +1,83 @@ +-----BEGIN CERTIFICATE----- +MIIHPTCCBSWgAwIBAgIBADANBgkqhkiG9w0BAQQFADB5MRAwDgYDVQQKEwdSb290 +IENBMR4wHAYDVQQLExVodHRwOi8vd3d3LmNhY2VydC5vcmcxIjAgBgNVBAMTGUNB +IENlcnQgU2lnbmluZyBBdXRob3JpdHkxITAfBgkqhkiG9w0BCQEWEnN1cHBvcnRA +Y2FjZXJ0Lm9yZzAeFw0wMzAzMzAxMjI5NDlaFw0zMzAzMjkxMjI5NDlaMHkxEDAO +BgNVBAoTB1Jvb3QgQ0ExHjAcBgNVBAsTFWh0dHA6Ly93d3cuY2FjZXJ0Lm9yZzEi +MCAGA1UEAxMZQ0EgQ2VydCBTaWduaW5nIEF1dGhvcml0eTEhMB8GCSqGSIb3DQEJ +ARYSc3VwcG9ydEBjYWNlcnQub3JnMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIIC +CgKCAgEAziLA4kZ97DYoB1CW8qAzQIxL8TtmPzHlawI229Z89vGIj053NgVBlfkJ +8BLPRoZzYLdufujAWGSuzbCtRRcMY/pnCujW0r8+55jE8Ez64AO7NV1sId6eINm6 +zWYyN3L69wj1x81YyY7nDl7qPv4coRQKFWyGhFtkZip6qUtTefWIonvuLwphK42y +fk1WpRPs6tqSnqxEQR5YYGUFZvjARL3LlPdCfgv3ZWiYUQXw8wWRBB0bF4LsyFe7 +w2t6iPGwcswlWyCR7BYCEo8y6RcYSNDHBS4CMEK4JZwFaz+qOqfrU0j36NK2B5jc +G8Y0f3/JHIJ6BVgrCFvzOKKrF11myZjXnhCLotLddJr3cQxyYN/Nb5gznZY0dj4k +epKwDpUeb+agRThHqtdB7Uq3EvbXG4OKDy7YCbZZ16oE/9KTfWgu3YtLq1i6L43q +laegw1SJpfvbi1EinbLDvhG+LJGGi5Z4rSDTii8aP8bQUWWHIbEZAWV/RRyH9XzQ +QUxPKZgh/TMfdQwEUfoZd9vUFBzugcMd9Zi3aQaRIt0AUMyBMawSB3s42mhb5ivU +fslfrejrckzzAeVLIL+aplfKkQABi6F1ITe1Yw1nPkZPcCBnzsXWWdsC4PDSy826 +YreQQejdIOQpvGQpQsgi3Hia/0PsmBsJUUtaWsJx8cTLc6nloQsCAwEAAaOCAc4w +ggHKMB0GA1UdDgQWBBQWtTIb1Mfz4OaO873SsDrusjkY0TCBowYDVR0jBIGbMIGY +gBQWtTIb1Mfz4OaO873SsDrusjkY0aF9pHsweTEQMA4GA1UEChMHUm9vdCBDQTEe +MBwGA1UECxMVaHR0cDovL3d3dy5jYWNlcnQub3JnMSIwIAYDVQQDExlDQSBDZXJ0 +IFNpZ25pbmcgQXV0aG9yaXR5MSEwHwYJKoZIhvcNAQkBFhJzdXBwb3J0QGNhY2Vy +dC5vcmeCAQAwDwYDVR0TAQH/BAUwAwEB/zAyBgNVHR8EKzApMCegJaAjhiFodHRw +czovL3d3dy5jYWNlcnQub3JnL3Jldm9rZS5jcmwwMAYJYIZIAYb4QgEEBCMWIWh0 +dHBzOi8vd3d3LmNhY2VydC5vcmcvcmV2b2tlLmNybDA0BglghkgBhvhCAQgEJxYl +aHR0cDovL3d3dy5jYWNlcnQub3JnL2luZGV4LnBocD9pZD0xMDBWBglghkgBhvhC +AQ0ESRZHVG8gZ2V0IHlvdXIgb3duIGNlcnRpZmljYXRlIGZvciBGUkVFIGhlYWQg +b3ZlciB0byBodHRwOi8vd3d3LmNhY2VydC5vcmcwDQYJKoZIhvcNAQEEBQADggIB +ACjH7pyCArpcgBLKNQodgW+JapnM8mgPf6fhjViVPr3yBsOQWqy1YPaZQwGjiHCc +nWKdpIevZ1gNMDY75q1I08t0AoZxPuIrA2jxNGJARjtT6ij0rPtmlVOKTV39O9lg +18p5aTuxZZKmxoGCXJzN600BiqXfEVWqFcofN8CCmHBh22p8lqOOLlQ+TyGpkO/c +gr/c6EWtTZBzCDyUZbAEmXZ/4rzCahWqlwQ3JNgelE5tDlG+1sSPypZt90Pf6DBl +Jzt7u0NDY8RD97LsaMzhGY4i+5jhe1o+ATc7iwiwovOVThrLm82asduycPAtStvY +sONvRUgzEv/+PDIqVPfE94rwiCPCR/5kenHA0R6mY7AHfqQv0wGP3J8rtsYIqQ+T +SCX8Ev2fQtzzxD72V7DX3WnRBnc0CkvSyqD/HMaMyRa+xMwyN2hzXwj7UfdJUzYF +CpUCTPJ5GhD22Dp1nPMd8aINcGeGG7MW9S/lpOt5hvk9C8JzC6WZrG/8Z7jlLwum +GCSNe9FINSkYQKyTYOGWhlC0elnYjyELn8+CkcY7v2vcB5G5l1YjqrZslMZIBjzk +zk6q5PYvCdxTby78dOs6Y5nCpqyJvKeyRKANihDjbPIky/qbn3BHLt4Ui9SyIAmW +omTxJBzcoTWcFbLUvFUufQb1nA5V9FrWk9p2rSVzTMVD +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIHWTCCBUGgAwIBAgIDCkGKMA0GCSqGSIb3DQEBCwUAMHkxEDAOBgNVBAoTB1Jv +b3QgQ0ExHjAcBgNVBAsTFWh0dHA6Ly93d3cuY2FjZXJ0Lm9yZzEiMCAGA1UEAxMZ +Q0EgQ2VydCBTaWduaW5nIEF1dGhvcml0eTEhMB8GCSqGSIb3DQEJARYSc3VwcG9y +dEBjYWNlcnQub3JnMB4XDTExMDUyMzE3NDgwMloXDTIxMDUyMDE3NDgwMlowVDEU +MBIGA1UEChMLQ0FjZXJ0IEluYy4xHjAcBgNVBAsTFWh0dHA6Ly93d3cuQ0FjZXJ0 +Lm9yZzEcMBoGA1UEAxMTQ0FjZXJ0IENsYXNzIDMgUm9vdDCCAiIwDQYJKoZIhvcN +AQEBBQADggIPADCCAgoCggIBAKtJNRFIfNImflOUz0Op3SjXQiqL84d4GVh8D57a +iX3h++tykA10oZZkq5+gJJlz2uJVdscXe/UErEa4w75/ZI0QbCTzYZzA8pD6Ueb1 +aQFjww9W4kpCz+JEjCUoqMV5CX1GuYrz6fM0KQhF5Byfy5QEHIGoFLOYZcRD7E6C +jQnRvapbjZLQ7N6QxX8KwuPr5jFaXnQ+lzNZ6MMDPWAzv/fRb0fEze5ig1JuLgia +pNkVGJGmhZJHsK5I6223IeyFGmhyNav/8BBdwPSUp2rVO5J+TJAFfpPBLIukjmJ0 +FXFuC3ED6q8VOJrU0gVyb4z5K+taciX5OUbjchs+BMNkJyIQKopPWKcDrb60LhPt +XapI19V91Cp7XPpGBFDkzA5CW4zt2/LP/JaT4NsRNlRiNDiPDGCbO5dWOK3z0luL +oFvqTpa4fNfVoIZwQNORKbeiPK31jLvPGpKK5DR7wNhsX+kKwsOnIJpa3yxdUly6 +R9Wb7yQocDggL9V/KcCyQQNokszgnMyXS0XvOhAKq3A6mJVwrTWx6oUrpByAITGp +rmB6gCZIALgBwJNjVSKRPFbnr9s6JfOPMVTqJouBWfmh0VMRxXudA/Z0EeBtsSw/ +LIaRmXGapneLNGDRFLQsrJ2vjBDTn8Rq+G8T/HNZ92ZCdB6K4/jc0m+YnMtHmJVA +BfvpAgMBAAGjggINMIICCTAdBgNVHQ4EFgQUdahxYEyIE/B42Yl3tW3Fid+8sXow +gaMGA1UdIwSBmzCBmIAUFrUyG9TH8+DmjvO90rA67rI5GNGhfaR7MHkxEDAOBgNV +BAoTB1Jvb3QgQ0ExHjAcBgNVBAsTFWh0dHA6Ly93d3cuY2FjZXJ0Lm9yZzEiMCAG +A1UEAxMZQ0EgQ2VydCBTaWduaW5nIEF1dGhvcml0eTEhMB8GCSqGSIb3DQEJARYS +c3VwcG9ydEBjYWNlcnQub3JnggEAMA8GA1UdEwEB/wQFMAMBAf8wXQYIKwYBBQUH +AQEEUTBPMCMGCCsGAQUFBzABhhdodHRwOi8vb2NzcC5DQWNlcnQub3JnLzAoBggr +BgEFBQcwAoYcaHR0cDovL3d3dy5DQWNlcnQub3JnL2NhLmNydDBKBgNVHSAEQzBB +MD8GCCsGAQQBgZBKMDMwMQYIKwYBBQUHAgEWJWh0dHA6Ly93d3cuQ0FjZXJ0Lm9y +Zy9pbmRleC5waHA/aWQ9MTAwNAYJYIZIAYb4QgEIBCcWJWh0dHA6Ly93d3cuQ0Fj +ZXJ0Lm9yZy9pbmRleC5waHA/aWQ9MTAwUAYJYIZIAYb4QgENBEMWQVRvIGdldCB5 +b3VyIG93biBjZXJ0aWZpY2F0ZSBmb3IgRlJFRSwgZ28gdG8gaHR0cDovL3d3dy5D +QWNlcnQub3JnMA0GCSqGSIb3DQEBCwUAA4ICAQApKIWuRKm5r6R5E/CooyuXYPNc +7uMvwfbiZqARrjY3OnYVBFPqQvX56sAV2KaC2eRhrnILKVyQQ+hBsuF32wITRHhH +Va9Y/MyY9kW50SD42CEH/m2qc9SzxgfpCYXMO/K2viwcJdVxjDm1Luq+GIG6sJO4 +D+Pm1yaMMVpyA4RS5qb1MyJFCsgLDYq4Nm+QCaGrvdfVTi5xotSu+qdUK+s1jVq3 +VIgv7nSf7UgWyg1I0JTTrKSi9iTfkuO960NAkW4cGI5WtIIS86mTn9S8nK2cde5a +lxuV53QtHA+wLJef+6kzOXrnAzqSjiL2jA3k2X4Ndhj3AfnvlpaiVXPAPHG0HRpW +Q7fDCo1y/OIQCQtBzoyUoPkD/XFzS4pXM+WOdH4VAQDmzEoc53+VGS3FpQyLu7Xt +hbNc09+4ufLKxw0BFKxwWMWMjTPUnWajGlCVI/xI4AZDEtnNp4Y5LzZyo4AQ5OHz +0ctbGsDkgJp8E3MGT9ujayQKurMcvEp4u+XjdTilSKeiHq921F73OIZWWonO1sOn +ebJSoMbxhbQljPI/lrMQ2Y1sVzufb4Y6GIIiNsiwkTjbKqGTqoQ/9SdlrnPVyNXT +d+pLncdBu8fA46A/5H2kjXPmEkvfoXNzczqA6NXLji/L6hOn1kGLrPo8idck9U60 +4GGSt/M3mMS+lqO3ig== +-----END CERTIFICATE----- diff --git a/openssl-1.1.0h/test/ocsp-tests/ISDOSC_D1.ors b/openssl-1.1.0h/test/ocsp-tests/ISDOSC_D1.ors new file mode 100644 index 0000000..66a60a2 --- /dev/null +++ b/openssl-1.1.0h/test/ocsp-tests/ISDOSC_D1.ors @@ -0,0 +1,32 @@ +MIIFzwoBAKCCBcgwggXEBgkrBgEFBQcwAQEEggW1MIIFsTCBoKIWBBSpTXftIZX0 +lLT9zwVSQC5Jfp3pqhgPMjAxMjEwMTAxNDU0NDNaMHUwczBLMAkGBSsOAwIaBQAE +FKByDqBqfGICVPKo9Z3Se6Tzty+kBBSwsEr9HHUo+BxhqhP2+sGQPWsWowISESG8 +vx4IzALnkqQG05AvM+2bgAAYDzIwMTIxMDEwMTMwMDAwWqARGA8yMDEyMTAxNzEz +MDAwMFowCwYJKoZIhvcNAQEFA4IBAQBw5Z+0ggEddRTIq7cXlMoxG9Nrx4HtutsH +itIUoZp/rlLoxHsJTo/VmdZvTTGIc7Ok9XuoH61lY/x9glAKsGRjz4Myc9+5rx0O +675lwmOS+uaf3/hRkicVrVr7Pt2ug3R7OXm2MJrohjNKP8lqtLJ0hHP88a8rotKA +r9uz/qHm7K4Uh7dRt/Pnu9MPG74tZeFNN4M1ONMEiRdG39FqzFDXWxwQ3NmyC0Wo +DQn+NklZMknr8mm7IBWpzgU1fTD9R0yv0zdhUZGiEXxvdhm7GJrTET5jS30Ksm5j +o+n39YVu/vGbjyyYx3+WdeQLEyipaGvldSuJpT+R684/RuFWNetcoIID+DCCA/Qw +ggPwMIIC2KADAgECAhIRIcYjwu4UNkR1VGrDbSdFei8wDQYJKoZIhvcNAQEFBQAw +WTELMAkGA1UEBhMCQkUxGTAXBgNVBAoTEEdsb2JhbFNpZ24gbnYtc2ExLzAtBgNV +BAMTJkdsb2JhbFNpZ24gRXh0ZW5kZWQgVmFsaWRhdGlvbiBDQSAtIEcyMB4XDTEy +MDkxOTA3NDAzMVoXDTEyMTIxOTA4NDAzMVowgYUxCzAJBgNVBAYTAkJFMRkwFwYD +VQQKExBHbG9iYWxTaWduIG52LXNhMUIwQAYDVQQDEzlHbG9iYWxTaWduIEV4dGVu +ZGVkIFZhbGlkYXRpb24gQ0EgLSBHMiBPQ1NQIHJlc3BvbmRlciAtIDExFzAVBgNV +BAUTDjIwMTIwOTE5MDkzOTAwMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC +AQEAxkkb6QhDH3sEDj4zaysjVzYelq9lZ1cso4R2IyQxaoPaG6GkaCmHA4sz6KP+ +m3ADqplibEUBa/mzCxHW8/oy3NhGMFdbezduZrnRFLbzakOTeIo8VEIM3JPfgREv +CX8nj6Xu7ERD6JO/ZQ9Xr7YVzKKN+3cVZlcMHoGBnOPcO2Sz0AcYyk5m5IsGBRoT +T86j6Cr9PhOPTVwXL6Wxy1KVHsUZXUwnRacV0O4SHWQ4zM9Sablus9fTbh1CgIqW +sKDyzVB4yECXkBVeUlA+cuCaRRVHRiR+jPDSgbU62nnNudEpGG7dyoop6IOvXv2O +ydncWzaukxIVvQ/Ij85kHqs7HQIDAQABo4GEMIGBMAkGA1UdEwQCMAAwDgYDVR0P +AQH/BAQDAgeAMBMGA1UdJQQMMAoGCCsGAQUFBwMJMA8GCSsGAQUFBzABBQQCBQAw +HQYDVR0OBBYEFKlNd+0hlfSUtP3PBVJALkl+nemqMB8GA1UdIwQYMBaAFLCwSv0c +dSj4HGGqE/b6wZA9axajMA0GCSqGSIb3DQEBBQUAA4IBAQCe4rZg61Dmwygl/Uae +BJZog64/FvuB1sfCqKLJTjKOfLcugSTX1TT7bLJbzXRGPQuorI3TIZEOwldIw01d +DTLlsOCHrfHd+bpxgijxPkUuaA4NYnpvqTEMJqPKOC8QYfKupNjAPSuHvwqvqCfO +RCe3jY6xQDO0WCTZ8/xMsOkw+J/YEYqALETf2Ug7k5eRL/TvfLd8Sgi7vPfmUeiW +ptlsbhMOWQoQc+JA3vCI01rrjNq+0kIZ/r8nPGvablRr0Aakk6eDuS2dcReaPwuK +0xE136pJYiXdQ3SA7uwmlorjxmejavyoPCr23TU74DQEt6hhc6uIcabsa4Y8KvJy +RI4F diff --git a/openssl-1.1.0h/test/ocsp-tests/ISDOSC_D2.ors b/openssl-1.1.0h/test/ocsp-tests/ISDOSC_D2.ors new file mode 100644 index 0000000..664c8d2 --- /dev/null +++ b/openssl-1.1.0h/test/ocsp-tests/ISDOSC_D2.ors @@ -0,0 +1,32 @@ +MIIF4AoBAKCCBdkwggXVBgkrBgEFBQcwAQEEggXGMIIFwjCBmaIWBBTqlwecTarB +yVdbHxANRLCFYj1mqBgPMjAxMjEwMTEwOTE1MzNaMG4wbDBEMAkGBSsOAwIaBQAE +FLdXtbacB/gWIxOOkMkqDr4yAaoxBBRge2YaRQ2XyolQL30EzTSo//z9SwILBAAA +AAABL07hRxCAABgPMjAxMjEwMDEwNjAwMDBaoBEYDzIwMTMwNDE1MDYwMDAwWjAL +BgkqhkiG9w0BAQUDggEBAF/9ByrCS+pCCK4qovqUAH/yoWckmpLFCzKJGHkErJeY +FlUbAJuu/Gs0IdLmLp+2VbStjsL4vLtDU2Q4e417C1fm8+ixh+kP7qPRd8cxyMBx +cmD2m1v0CgbrflCZEC71cTrrWpcW+6jg623lI4Ug3A4zlizbT/f9IrxuV9VB9/G5 +6kPI5dYOVZM0ColIxmJsafuxfr6ONQLPHKTlZJK3SyWebs25006OmrSyfBi0j26j +WU5d6B2NJZBKqvDVMXxZ0q6QOgKxOs8WD+6DaA1d1f7gTOl45XJZWz5KnRePyRxM +Fp0ak6XYbE1y2vHE2RWp1w4lcVJ0BUQXWxx+g86F5W2gggQQMIIEDDCCBAgwggLw +oAMCAQICCwQAAAAAAThXovYBMA0GCSqGSIb3DQEBBQUAMFcxCzAJBgNVBAYTAkJF +MRkwFwYDVQQKExBHbG9iYWxTaWduIG52LXNhMRAwDgYDVQQLEwdSb290IENBMRsw +GQYDVQQDExJHbG9iYWxTaWduIFJvb3QgQ0EwHhcNMTIwNzA1MTgwMDAwWhcNMTMw +NzA1MTgwMDAwWjBZMQswCQYDVQQGEwJCRTEZMBcGA1UEChMQR2xvYmFsU2lnbiBu +di1zYTEvMC0GA1UEAxMmR2xvYmFsU2lnbiBPQ1NQIGZvciBSb290IFIxIC0gQnJh +bmNoIDEwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDP2QF8p0+Fb7ID +MwwD1gEr2oazjqbW28EZr3YEyMPk+7VFaGePSO1xjBGIE48Q7m7d6p6ZXCzlBZEi +oudrHSr3WDqdIVKLDrZIDkgEgdjJE72Hq6Pf5CEGXyebbODm4sV96EfewSvOOYLL +866g3aoVhLDK02ny+Q5OsokW7nhnmGMMh10tZqR5VmdQTiw8MgeqUxBEaEO4WH2J +ltgSsgNJBNBYuDgnn5ryzVqhvmCJvYZMYeN6qZFKy1MgHcR+wEpGLPlRL4ttu6e5 +MJrVta7dVFobHUHoFog97LtQT1PY0Ubaihswjge5O04bYeCrgSSjr1e4xH/KDxRw +yyhoscaFAgMBAAGjgdIwgc8wDgYDVR0PAQH/BAQDAgeAMB0GA1UdDgQWBBTqlwec +TarByVdbHxANRLCFYj1mqDBMBgNVHSAERTBDMEEGCSsGAQQBoDIBXzA0MDIGCCsG +AQUFBwIBFiZodHRwczovL3d3dy5nbG9iYWxzaWduLmNvbS9yZXBvc2l0b3J5LzAJ +BgNVHRMEAjAAMBMGA1UdJQQMMAoGCCsGAQUFBwMJMB8GA1UdIwQYMBaAFGB7ZhpF +DZfKiVAvfQTNNKj//P1LMA8GCSsGAQUFBzABBQQCBQAwDQYJKoZIhvcNAQEFBQAD +ggEBAHiC6N1uF29d7CmiVapA8Nr1xLSVeIkBd4A8yHsUTQ7ATI7bwT14QUV4awe7 +8cvmO5ZND8YG1ViwN162WFm9ivSoWBzvWDbU2JhQFb+XzrzCcdn0YbNiTxJh/vYm +uDuxto00dpBgujSOAQv8B90iDEJ+sZpYRzDRj62qStRey0zpq5eX+pA+gdppMUFb +4QvJf0El8TbLCWLN4TjrFe6ju7ZaN9zmgVYGQ2fMHKIGNScLuIA950nYwzRkIfHa +YW6HqP1rCR1EiYmstEeCQyDxJx+RUlh+q8L1BKzaMYhS6s63MZzQuGseYStaCmbC +fBIRKjnK621vAWvc7UR+0hqnZ+Y= diff --git a/openssl-1.1.0h/test/ocsp-tests/ISDOSC_D3.ors b/openssl-1.1.0h/test/ocsp-tests/ISDOSC_D3.ors new file mode 100644 index 0000000..ac2bb25 --- /dev/null +++ b/openssl-1.1.0h/test/ocsp-tests/ISDOSC_D3.ors @@ -0,0 +1,38 @@ +MIIG8AoBAKCCBukwggblBgkrBgEFBQcwAQEEggbWMIIG0jCB+aF+MHwxCzAJBgNV +BAYTAkFVMQwwCgYDVQQIEwNOU1cxDzANBgNVBAcTBlN5ZG5leTEUMBIGA1UEChML +Q0FjZXJ0IEluYy4xHjAcBgNVBAsTFVNlcnZlciBBZG1pbmlzdHJhdGlvbjEYMBYG +A1UEAxMPb2NzcC5jYWNlcnQub3JnGA8yMDEyMTAxMTEwMTAyMVowZjBkMDwwCQYF +Kw4DAhoFAAQUi6TJyxcpGUU+u45zCZG5JfKDImUEFBa1MhvUx/Pg5o7zvdKwOu6y +ORjRAgMLs8aAABgPMjAxMjEwMTEwOTUyNDJaoBEYDzIwMTIxMDEzMTAxMDIxWjAN +BgkqhkiG9w0BAQUFAAOCAQEAWX7faLDXkmIdOv/IKBh7awhPmGUhFPVSrMI4dc9/ +fcPDOYhFwWr9evKT/QdXRGpZY493mfa4Z6eEDxRDTexOloaiaJzVpSeV9hoJUxoS +8NEWDyi33bDlIJH6zru4kk1LpuSMiSWsvLaeoRhHmW3EPDeadpCa5tYX2yNW5hdP +iCfphDJ34/hWHHwHP6mLd1wEO1Rw6nymqeDbuLk1FviD/ZWXMGzK8Sv++tmsQ0Tg +7XrkIPcSrozPKOTCf/1iJVF5KeQVIb0Ju1PvGUKtGaVTX8IZQmer2WQ1D6OOUcsS +cWA6NSpWmScX/0/uBpXdSDX0AnGUS9SNrPNEolz6rA5OUaCCBL4wggS6MIIEtjCC +Ap6gAwIBAgIDCpvzMA0GCSqGSIb3DQEBBQUAMHkxEDAOBgNVBAoTB1Jvb3QgQ0Ex +HjAcBgNVBAsTFWh0dHA6Ly93d3cuY2FjZXJ0Lm9yZzEiMCAGA1UEAxMZQ0EgQ2Vy +dCBTaWduaW5nIEF1dGhvcml0eTEhMB8GCSqGSIb3DQEJARYSc3VwcG9ydEBjYWNl +cnQub3JnMB4XDTExMDgyMzAwMDI1NloXDTEzMDgyMjAwMDI1NlowfDELMAkGA1UE +BhMCQVUxDDAKBgNVBAgTA05TVzEPMA0GA1UEBxMGU3lkbmV5MRQwEgYDVQQKEwtD +QWNlcnQgSW5jLjEeMBwGA1UECxMVU2VydmVyIEFkbWluaXN0cmF0aW9uMRgwFgYD +VQQDEw9vY3NwLmNhY2VydC5vcmcwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK +AoIBAQCcxtRv5CPHw3BLdR/k/K72YsRgodbP+UdAONmvBvWzhwm6B8h6O+M64sFr +2w6be7SYBECIyOQgNJ1flK4MoAWhdBA/H5NtxaDOKbAqA27tO9GaevcPp7c518O0 +3hVnlPLvsN1f48nY0jQOXUTfv5nYXmD0OSSK/V3IRo0KsWB6T9UnMGCeEwb4Oqqz +uzM0b4SBflzMEony/m6Tg/qL7qs2TLZAqe77+BZaVdFkDUnaBN7RyMruXySxeXiz +mogT3WhROeloMa/X+E01bWBYBEK7VZIY9pgBpXQ7vDbbIGgYuIXUi20wh03WMy16 +VDYdV0IUXHpidNUeK9W/BPP/7APBAgMBAAGjRDBCMAwGA1UdEwEB/wQCMAAwJwYD +VR0lBCAwHgYIKwYBBQUHAwIGCCsGAQUFBwMBBggrBgEFBQcDCTAJBgNVHREEAjAA +MA0GCSqGSIb3DQEBBQUAA4ICAQAoT6p5f3cGprAcgrnzdenfTmDe9LCW7k2VnazA +MAzpsD6gXcSlo4+3hoHem/SpKRH2tqi34DmImCiv/S6fxsKM4Gfn5rlkAFviuTvS +r5Zrwh4ZKSfaoWv4bmbzmcAxvuxdMWHf/5PbjegjzFTbBMekVPZY/abYtD6kdHQZ +VNgzwZVfTBfYhfa+Rg72I2zjKpMsjxMqWfTmUzW6wfK6LFudZqu0U1NnJw+IlnVU +6WtjL885ebQrmcRqWz3nMhVLIu5L3w/s+VTLvm7If6jcMDNUjz8s2BPcJeCXg3TE +STsyl6tvk17RRz2+9JskxVOk11xIn96xR4FCERIid2ek9z1xi7oYOajQF50i/9Gj +ReDEfRSyb4/LzoKDOY+h4Q6jryeHh7WIHFiK5qrBN2y8qOoRJ/OqQnqci/BJBNpe +g9Q9PJRgGSzRndTXNHiYRbeLpq7eGo3sPqlR9qBQ3rd98XGOU0RCMnzjKhENC3qo +5PkSF2xs8RmjWktFSTDwjYo0qf1teo7CGHjgaPjQ7JE8Q4ysFOQndSWmLpqwDcI9 +HfIvPwUIWArQrJRh9LCNSyvHVgLqY9kw8NW4TlMxV2WqaYCkiKi3XVRrSFR3ahS1 +VBvRZ8KpplrV7rhXjVSSqqfLk1sX3l72Ck2F9ON+qbNFmvhgNjSiBY9neMgo804a +wG/paw== diff --git a/openssl-1.1.0h/test/ocsp-tests/ISIC_D1_Issuer_ICA.pem b/openssl-1.1.0h/test/ocsp-tests/ISIC_D1_Issuer_ICA.pem new file mode 100644 index 0000000..b884775 --- /dev/null +++ b/openssl-1.1.0h/test/ocsp-tests/ISIC_D1_Issuer_ICA.pem @@ -0,0 +1,27 @@ +-----BEGIN CERTIFICATE----- +MIIEhjCCA26gAwIBAgILBAAAAAABL07hXdQwDQYJKoZIhvcNAQEFBQAwTDEgMB4G +A1UECxMXR2xvYmFsU2lnbiBSb290IENBIC0gUjIxEzARBgNVBAoTCkdsb2JhbFNp +Z24xEzARBgNVBAMTCkdsb2JhbFNpZ24wHhcNMTEwNDEzMTAwMDAwWhcNMjIwNDEz +MTAwMDAwWjBZMQswCQYDVQQGEwJCRTEZMBcGA1UEChMQR2xvYmFsU2lnbiBudi1z +YTEvMC0GA1UEAxMmR2xvYmFsU2lnbiBFeHRlbmRlZCBWYWxpZGF0aW9uIENBIC0g +RzIwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDNoUbMUpq4pbR/WNnN +2EugcgyXW6aIIMO5PUbc0FxSMPb6WU+FX7DbiLSpXysjSKyr9ZJ4FLYyD/tcaoVb +AJDgu2X1WvlPZ37HbCnsk8ArysRe2LDb1r4/mwvAj6ldrvcAAqT8umYROHf+IyAl +VRDFvYK5TLFoxuJwe4NcE2fBofN8C6iZmtDimyUxyCuNQPZSY7GgrVou9Xk2bTUs +Dt0F5NDiB0i3KF4r1VjVbNAMoQFGAVqPxq9kx1UBXeHRxmxQJaAFrQCrDI1la93r +wnJUyQ88ABeHIu/buYZ4FlGud9mmKE3zWI2DZ7k0JZscUYBR84OSaqOuR5rW5Isb +wO2xAgMBAAGjggFaMIIBVjAOBgNVHQ8BAf8EBAMCAQYwEgYDVR0TAQH/BAgwBgEB +/wIBADAdBgNVHQ4EFgQUsLBK/Rx1KPgcYaoT9vrBkD1rFqMwRwYDVR0gBEAwPjA8 +BgRVHSAAMDQwMgYIKwYBBQUHAgEWJmh0dHBzOi8vd3d3Lmdsb2JhbHNpZ24uY29t +L3JlcG9zaXRvcnkvMDYGA1UdHwQvMC0wK6ApoCeGJWh0dHA6Ly9jcmwuZ2xvYmFs +c2lnbi5uZXQvcm9vdC1yMi5jcmwwRAYIKwYBBQUHAQEEODA2MDQGCCsGAQUFBzAB +hihodHRwOi8vb2NzcC5nbG9iYWxzaWduLmNvbS9FeHRlbmRlZFNTTENBMCkGA1Ud +JQQiMCAGCCsGAQUFBwMBBggrBgEFBQcDAgYKKwYBBAGCNwoDAzAfBgNVHSMEGDAW +gBSb4gdXZxwewGoG3lm0mi3f3BmGLjANBgkqhkiG9w0BAQUFAAOCAQEAL0m28rZa +pJWrnlrpK4KbzJBrfHRFIOde2Mcj7ig1sTVlKqVR4FU/9oNntOQ2KbDa7JeVqYoF +o0X+Iy5SiLQfEICt0oufo1+oxetz3nmIQZgz7qdgGLFGyUAQB5yPClLJExoGbqCb +LTr2rk/no1E1KlsYBRLlUdy2NmLz4aQP++TPw5S/EauhWTEB8MxT7I9j12yW00gq +iiPtRVaoZkHqAblH7qFHDBTxI+Egc8p9UHxkOFejj0qcm+ltRc9Ea01gIEBxJbVG +qmwIft/I+shWKpLLg7h5CZctXqEBzgbttJfJBNxB7+BPNk3kQHNG7BESfIhbNCYl +TercGL7FG81kwQ== +-----END CERTIFICATE----- diff --git a/openssl-1.1.0h/test/ocsp-tests/ISIC_D2_Issuer_Root.pem b/openssl-1.1.0h/test/ocsp-tests/ISIC_D2_Issuer_Root.pem new file mode 100644 index 0000000..22f34cb --- /dev/null +++ b/openssl-1.1.0h/test/ocsp-tests/ISIC_D2_Issuer_Root.pem @@ -0,0 +1,21 @@ +-----BEGIN CERTIFICATE----- +MIIDdTCCAl2gAwIBAgILBAAAAAABFUtaw5QwDQYJKoZIhvcNAQEFBQAwVzELMAkG +A1UEBhMCQkUxGTAXBgNVBAoTEEdsb2JhbFNpZ24gbnYtc2ExEDAOBgNVBAsTB1Jv +b3QgQ0ExGzAZBgNVBAMTEkdsb2JhbFNpZ24gUm9vdCBDQTAeFw05ODA5MDExMjAw +MDBaFw0yODAxMjgxMjAwMDBaMFcxCzAJBgNVBAYTAkJFMRkwFwYDVQQKExBHbG9i +YWxTaWduIG52LXNhMRAwDgYDVQQLEwdSb290IENBMRswGQYDVQQDExJHbG9iYWxT +aWduIFJvb3QgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDaDuaZ +jc6j40+Kfvvxi4Mla+pIH/EqsLmVEQS98GPR4mdmzxzdzxtIK+6NiY6arymAZavp +xy0Sy6scTHAHoT0KMM0VjU/43dSMUBUc71DuxC73/OlS8pF94G3VNTCOXkNz8kHp +1Wrjsok6Vjk4bwY8iGlbKk3Fp1S4bInMm/k8yuX9ifUSPJJ4ltbcdG6TRGHRjcdG +snUOhugZitVtbNV4FpWi6cgKOOvyJBNPc1STE4U6G7weNLWLBYy5d4ux2x8gkasJ +U26Qzns3dLlwR5EiUWMWea6xrkEmCMgZK9FGqkjWZCrXgzT/LCrBbBlDSgeF59N8 +9iFo7+ryUp9/k5DPAgMBAAGjQjBAMA4GA1UdDwEB/wQEAwIBBjAPBgNVHRMBAf8E +BTADAQH/MB0GA1UdDgQWBBRge2YaRQ2XyolQL30EzTSo//z9SzANBgkqhkiG9w0B +AQUFAAOCAQEA1nPnfE920I2/7LqivjTFKDK1fPxsnCwrvQmeU79rXqoRSLblCKOz +yj1hTdNGCbM+w6DjY1Ub8rrvrTnhQ7k4o+YviiY776BQVvnGCv04zcQLcFGUl5gE +38NflNUVyRRBnMRddWQVDf9VMOyGj/8N7yy5Y0b2qvzfvGn9LhJIZJrglfCm7ymP +AbEVtQwdpf5pLGkkeB6zpxxxYu7KyJesF12KwvhHhm4qxFYxldBniYUr+WymXUad +DKqC5JlR3XC321Y9YeRq4VzW9v493kHMB65jUr9TU/Qr6cf9tveCX4XSQRjbgbME +HMUfpIBvFSDJ3gyICh3WZlXi/EjJKSZp4Q== +-----END CERTIFICATE----- diff --git a/openssl-1.1.0h/test/ocsp-tests/ISIC_D3_Issuer_Root.pem b/openssl-1.1.0h/test/ocsp-tests/ISIC_D3_Issuer_Root.pem new file mode 100644 index 0000000..c1752e6 --- /dev/null +++ b/openssl-1.1.0h/test/ocsp-tests/ISIC_D3_Issuer_Root.pem @@ -0,0 +1,41 @@ +-----BEGIN CERTIFICATE----- +MIIHPTCCBSWgAwIBAgIBADANBgkqhkiG9w0BAQQFADB5MRAwDgYDVQQKEwdSb290 +IENBMR4wHAYDVQQLExVodHRwOi8vd3d3LmNhY2VydC5vcmcxIjAgBgNVBAMTGUNB +IENlcnQgU2lnbmluZyBBdXRob3JpdHkxITAfBgkqhkiG9w0BCQEWEnN1cHBvcnRA +Y2FjZXJ0Lm9yZzAeFw0wMzAzMzAxMjI5NDlaFw0zMzAzMjkxMjI5NDlaMHkxEDAO +BgNVBAoTB1Jvb3QgQ0ExHjAcBgNVBAsTFWh0dHA6Ly93d3cuY2FjZXJ0Lm9yZzEi +MCAGA1UEAxMZQ0EgQ2VydCBTaWduaW5nIEF1dGhvcml0eTEhMB8GCSqGSIb3DQEJ +ARYSc3VwcG9ydEBjYWNlcnQub3JnMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIIC +CgKCAgEAziLA4kZ97DYoB1CW8qAzQIxL8TtmPzHlawI229Z89vGIj053NgVBlfkJ +8BLPRoZzYLdufujAWGSuzbCtRRcMY/pnCujW0r8+55jE8Ez64AO7NV1sId6eINm6 +zWYyN3L69wj1x81YyY7nDl7qPv4coRQKFWyGhFtkZip6qUtTefWIonvuLwphK42y +fk1WpRPs6tqSnqxEQR5YYGUFZvjARL3LlPdCfgv3ZWiYUQXw8wWRBB0bF4LsyFe7 +w2t6iPGwcswlWyCR7BYCEo8y6RcYSNDHBS4CMEK4JZwFaz+qOqfrU0j36NK2B5jc +G8Y0f3/JHIJ6BVgrCFvzOKKrF11myZjXnhCLotLddJr3cQxyYN/Nb5gznZY0dj4k +epKwDpUeb+agRThHqtdB7Uq3EvbXG4OKDy7YCbZZ16oE/9KTfWgu3YtLq1i6L43q +laegw1SJpfvbi1EinbLDvhG+LJGGi5Z4rSDTii8aP8bQUWWHIbEZAWV/RRyH9XzQ +QUxPKZgh/TMfdQwEUfoZd9vUFBzugcMd9Zi3aQaRIt0AUMyBMawSB3s42mhb5ivU +fslfrejrckzzAeVLIL+aplfKkQABi6F1ITe1Yw1nPkZPcCBnzsXWWdsC4PDSy826 +YreQQejdIOQpvGQpQsgi3Hia/0PsmBsJUUtaWsJx8cTLc6nloQsCAwEAAaOCAc4w +ggHKMB0GA1UdDgQWBBQWtTIb1Mfz4OaO873SsDrusjkY0TCBowYDVR0jBIGbMIGY +gBQWtTIb1Mfz4OaO873SsDrusjkY0aF9pHsweTEQMA4GA1UEChMHUm9vdCBDQTEe +MBwGA1UECxMVaHR0cDovL3d3dy5jYWNlcnQub3JnMSIwIAYDVQQDExlDQSBDZXJ0 +IFNpZ25pbmcgQXV0aG9yaXR5MSEwHwYJKoZIhvcNAQkBFhJzdXBwb3J0QGNhY2Vy +dC5vcmeCAQAwDwYDVR0TAQH/BAUwAwEB/zAyBgNVHR8EKzApMCegJaAjhiFodHRw +czovL3d3dy5jYWNlcnQub3JnL3Jldm9rZS5jcmwwMAYJYIZIAYb4QgEEBCMWIWh0 +dHBzOi8vd3d3LmNhY2VydC5vcmcvcmV2b2tlLmNybDA0BglghkgBhvhCAQgEJxYl +aHR0cDovL3d3dy5jYWNlcnQub3JnL2luZGV4LnBocD9pZD0xMDBWBglghkgBhvhC +AQ0ESRZHVG8gZ2V0IHlvdXIgb3duIGNlcnRpZmljYXRlIGZvciBGUkVFIGhlYWQg +b3ZlciB0byBodHRwOi8vd3d3LmNhY2VydC5vcmcwDQYJKoZIhvcNAQEEBQADggIB +ACjH7pyCArpcgBLKNQodgW+JapnM8mgPf6fhjViVPr3yBsOQWqy1YPaZQwGjiHCc +nWKdpIevZ1gNMDY75q1I08t0AoZxPuIrA2jxNGJARjtT6ij0rPtmlVOKTV39O9lg +18p5aTuxZZKmxoGCXJzN600BiqXfEVWqFcofN8CCmHBh22p8lqOOLlQ+TyGpkO/c +gr/c6EWtTZBzCDyUZbAEmXZ/4rzCahWqlwQ3JNgelE5tDlG+1sSPypZt90Pf6DBl +Jzt7u0NDY8RD97LsaMzhGY4i+5jhe1o+ATc7iwiwovOVThrLm82asduycPAtStvY +sONvRUgzEv/+PDIqVPfE94rwiCPCR/5kenHA0R6mY7AHfqQv0wGP3J8rtsYIqQ+T +SCX8Ev2fQtzzxD72V7DX3WnRBnc0CkvSyqD/HMaMyRa+xMwyN2hzXwj7UfdJUzYF +CpUCTPJ5GhD22Dp1nPMd8aINcGeGG7MW9S/lpOt5hvk9C8JzC6WZrG/8Z7jlLwum +GCSNe9FINSkYQKyTYOGWhlC0elnYjyELn8+CkcY7v2vcB5G5l1YjqrZslMZIBjzk +zk6q5PYvCdxTby78dOs6Y5nCpqyJvKeyRKANihDjbPIky/qbn3BHLt4Ui9SyIAmW +omTxJBzcoTWcFbLUvFUufQb1nA5V9FrWk9p2rSVzTMVE +-----END CERTIFICATE----- diff --git a/openssl-1.1.0h/test/ocsp-tests/ISIC_ND1_Issuer_ICA.pem b/openssl-1.1.0h/test/ocsp-tests/ISIC_ND1_Issuer_ICA.pem new file mode 100644 index 0000000..25bb90f --- /dev/null +++ b/openssl-1.1.0h/test/ocsp-tests/ISIC_ND1_Issuer_ICA.pem @@ -0,0 +1,29 @@ +-----BEGIN CERTIFICATE----- +MIIFBjCCA+6gAwIBAgIQEaO00OyNt3+doM1dLVEvQjANBgkqhkiG9w0BAQUFADCB +gTELMAkGA1UEBhMCR0IxGzAZBgNVBAgTEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4G +A1UEBxMHU2FsZm9yZDEaMBgGA1UEChMRQ09NT0RPIENBIExpbWl0ZWQxJzAlBgNV +BAMTHkNPTU9ETyBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAeFw0xMDA1MjQwMDAw +MDBaFw0yMDA1MzAxMDQ4MzhaMIGOMQswCQYDVQQGEwJHQjEbMBkGA1UECBMSR3Jl +YXRlciBNYW5jaGVzdGVyMRAwDgYDVQQHEwdTYWxmb3JkMRowGAYDVQQKExFDT01P +RE8gQ0EgTGltaXRlZDE0MDIGA1UEAxMrQ09NT0RPIEV4dGVuZGVkIFZhbGlkYXRp +b24gU2VjdXJlIFNlcnZlciBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC +ggEBAMxKljPNJY1n7iiWN4dG8PYEooR/U6qW5h+xAhxu7X0h1Nc8HqLYaS+ot/Wi +7WRYZOFEZTZJQSABjTsT4gjzDPJXOZM3txyTRIOOvy3xoQV12m7ue28b6naDKHRK +HCvT9cQDcpOvhs4JjDx11MkKL3Lzrb0OMDyEoXMfAyUUpY/D1vS15N2GevUZumjy +hVSiMBHK0ZLLO3QGEqA3q2rYVBHfbJoWlLm0p2XGdC0x801S6VVRn8s+oo12mHDS +b6ZlRS8bhbtbbfnywARmE4R6nc4n2PREnr+svpnba0/bWCGwiSe0jzLWS15ykV7f +BZ3ZSS/0tm9QH3XLgJ3m0+TR8tMCAwEAAaOCAWkwggFlMB8GA1UdIwQYMBaAFAtY +5YvGTBU3pECpMKkhvkc2Wlb/MB0GA1UdDgQWBBSIRFH/UCppXi2I9CG62Qzyzsvq +fDAOBgNVHQ8BAf8EBAMCAQYwEgYDVR0TAQH/BAgwBgEB/wIBADA+BgNVHSAENzA1 +MDMGBFUdIAAwKzApBggrBgEFBQcCARYdaHR0cHM6Ly9zZWN1cmUuY29tb2RvLmNv +bS9DUFMwSQYDVR0fBEIwQDA+oDygOoY4aHR0cDovL2NybC5jb21vZG9jYS5jb20v +Q09NT0RPQ2VydGlmaWNhdGlvbkF1dGhvcml0eS5jcmwwdAYIKwYBBQUHAQEEaDBm +MD4GCCsGAQUFBzAChjJodHRwOi8vY3J0LmNvbW9kb2NhLmNvbS9DT01PRE9BZGRU +cnVzdFNlcnZlckNBLmNydDAkBggrBgEFBQcwAYYYaHR0cDovL29jc3AuY29tb2Rv +Y2EuY29tMA0GCSqGSIb3DQEBBQUAA4IBAQCaQ7+vpHJezX1vf/T8PYy7cOYe3QT9 +P9ydn7+JdpvyhjH8f7PtKpFTLOKqsOPILHH3FYojHPFpLoH7sbxiC6saVBzZIl40 +TKX2Iw9dej3bQ81pfhc3Us1TocIR1FN4J2TViUFNFlW7kMvw2OTd3dMJZEgo/zIj +hC+Me1UvzymINzR4DzOq/7fylqSbRIC1vmxWVKukgZ4lGChUOn8sY89ZIIwYazgs +tN3t40DeDDYlV5rA0WCeXgNol64aO+pF11GZSe5EWVYLXrGPaOqKnsrSyaADfnAl +9DLJTlCDh6I0SD1PNXf82Ijq9n0ezkO21cJqfjhmY03n7jLvDyToKmf7 +-----END CERTIFICATE----- diff --git a/openssl-1.1.0h/test/ocsp-tests/ISIC_ND2_Issuer_Root.pem b/openssl-1.1.0h/test/ocsp-tests/ISIC_ND2_Issuer_Root.pem new file mode 100644 index 0000000..129eb4b --- /dev/null +++ b/openssl-1.1.0h/test/ocsp-tests/ISIC_ND2_Issuer_Root.pem @@ -0,0 +1,23 @@ +-----BEGIN CERTIFICATE----- +MIID0DCCArigAwIBAgIQIKTEf93f4cdTYwcTiHdgEjANBgkqhkiG9w0BAQUFADCB +gTELMAkGA1UEBhMCR0IxGzAZBgNVBAgTEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4G +A1UEBxMHU2FsZm9yZDEaMBgGA1UEChMRQ09NT0RPIENBIExpbWl0ZWQxJzAlBgNV +BAMTHkNPTU9ETyBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAeFw0xMTAxMDEwMDAw +MDBaFw0zMDEyMzEyMzU5NTlaMIGBMQswCQYDVQQGEwJHQjEbMBkGA1UECBMSR3Jl +YXRlciBNYW5jaGVzdGVyMRAwDgYDVQQHEwdTYWxmb3JkMRowGAYDVQQKExFDT01P +RE8gQ0EgTGltaXRlZDEnMCUGA1UEAxMeQ09NT0RPIENlcnRpZmljYXRpb24gQXV0 +aG9yaXR5MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0ECLi3LjkRv3 +UcEbVASY06m/weaKXTuH+7uIzg3jLz8GlvCiKVCZrts7oVewdFFxze1CkU1B/qnI +2GqGd0S7WWaXUF601CxwRM/aN5VCaTwwxHGzUvAhTaHYujl8HJ6jJJ3ygxaYqhZ8 +Q5sVW7euNJH+1GImGEaaP+vB+fGQV+useg2L23IwambV4EajcNxo2f8ESIl33rXp ++2dtQem8Ob0y2WIC8bGoPW43nOIv4tOiJovGuFVDiOEjPqXSJDlqR6sA1KGzqSX+ +DT+nHbrTUcELpNqsOO9VUCQFZUaTNE8tja3G1CEZ0o7KBWFxB3NH5YoZEr0ETc5O +nKVIrLsm9wIDAQABo0IwQDAdBgNVHQ4EFgQUC1jli8ZMFTekQKkwqSG+RzZaVv8w +DgYDVR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQEFBQAD +ggEBAC/JxBwHO89hAgCx2SFRdXIDMLDEFh9sAIsQrK/xR9SuEDwMGvjUk2ysEDd8 +t6aDZK3N3w6HM503sMZ7OHKx8xoOo/lVem0DZgMXlUrxsXrfViEGQo+x06iF3u6X +HWLrp+cxEmbDD6ZLLkGC9/3JG6gbr+48zuOcrigHoSybJMIPIyaDMouGDx8rEkYl +Fo92kANr3ryqImhrjKGsKxE5pttwwn1y6TPn/CbxdFqR5p2ErPioBhlG5qfpqjQi +pKGfeq23sqSaM4hxAjwu1nqyH6LKwN0vEJT9s4yEIHlG1QXUEOTS22RPuFvuG8Ug +R1uUq27UlTMdphVx8fiUylQ5PsI= +-----END CERTIFICATE----- diff --git a/openssl-1.1.0h/test/ocsp-tests/ISIC_ND3_Issuer_Root.pem b/openssl-1.1.0h/test/ocsp-tests/ISIC_ND3_Issuer_Root.pem new file mode 100644 index 0000000..4904a32 --- /dev/null +++ b/openssl-1.1.0h/test/ocsp-tests/ISIC_ND3_Issuer_Root.pem @@ -0,0 +1,25 @@ +-----BEGIN CERTIFICATE----- +MIIENjCCAx6gAwIBAgIBATANBgkqhkiG9w0BAQUFADBvMQswCQYDVQQGEwJTRTEU +MBIGA1UEChMLQWRkVHJ1c3QgQUIxJjAkBgNVBAsTHUFkZFRydXN0IEV4dGVybmFs +IFRUUCBOZXR3b3JrMSIwIAYDVQQDExlBZGRUcnVzdCBFeHRlcm5hbCBDQSBSb290 +MB4XDTAwMDUzMDEwNDgzOFoXDTIwMDUzMDEwNDgzOFowbzELMAkGA1UEBhMCU0Ux +FDASBgNVBAoTC0FkZFRydXN0IEFCMSYwJAYDVQQLEx1BZGRUcnVzdCBFeHRlcm5h +bCBUVFAgTmV0d29yazEiMCAGA1UEAxMZQWRkVHJ1c3QgRXh0ZXJuYWwgQ0EgUm9v +dDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALf3GjPm8gAELTngTlvt +H7xsD821+iO2zt6bETOXpClMfZOfvUq8k+0DGuOPz+VtUFrWlymUWoCwSXrbLpX9 +uMq/NzgtHj6RQa1wVsfwTz/oMp50ysiQVOnGXw94nZpAPA6sYapeFI+eh6FqUNzX +mk6vBbOmcZSccbNQYArHE504B4YCqOmoaSYYkKtMsE8jqzpPhNjfzp/haW+710LX +a0Tkx63ubUFfclpxCDezeWWkWaCUN/cALw3CknLa0Dhy2xSoRcRdKn23tNbE7qzN +E0S3ySvdQwAl+mG5aWpYIxG3pzOPVnVZ9c0p10a3CitlttNCbxWyuHv77+ldU9U0 +WicCAwEAAaOB3DCB2TAdBgNVHQ4EFgQUrb2YejS0Jvf6xCZU7wO94CTLVBowCwYD +VR0PBAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wgZkGA1UdIwSBkTCBjoAUrb2YejS0 +Jvf6xCZU7wO94CTLVBqhc6RxMG8xCzAJBgNVBAYTAlNFMRQwEgYDVQQKEwtBZGRU +cnVzdCBBQjEmMCQGA1UECxMdQWRkVHJ1c3QgRXh0ZXJuYWwgVFRQIE5ldHdvcmsx +IjAgBgNVBAMTGUFkZFRydXN0IEV4dGVybmFsIENBIFJvb3SCAQEwDQYJKoZIhvcN +AQEFBQADggEBALCb4IUlwtYj4g+WBpKdQZic2YR5gdkeWxQHIzZlj7DYd7usQWxH +YINRsPkyPef89iYTx4AWpb9a/IfPeHmJIZriTAcKhjW88t5RxNKWt9x+Tu5w/Rw5 +6wwCURQtjr0W4MHfRnXnJK3s9EK0hZNwEGe6nQY1ShjTK3rMUUKhemPR5ruhxSvC +Nr4TDea9Y355e6cJDUCrat2PisP29owaQgVR1EX1n6diIWgVIEM8med8vSTYqZEX +c4g/VhsxOBi0cQ+azcgOno4uG+GMmIPLHzHxREzGBHNJdmAPx/i9F4BrLunMTA5a +mnkPIAou1Z5jJh5VkpTYghdae9C8x49OhgU= +-----END CERTIFICATE----- diff --git a/openssl-1.1.0h/test/ocsp-tests/ISOP_D1.ors b/openssl-1.1.0h/test/ocsp-tests/ISOP_D1.ors new file mode 100644 index 0000000..d28c9ec --- /dev/null +++ b/openssl-1.1.0h/test/ocsp-tests/ISOP_D1.ors @@ -0,0 +1,32 @@ +MIIFzwoBAKCCBcgwggXEBgkrBgEFBQcwAQEEggW1MIIFsTCBoKIWBBSpTXftIZX0 +lLT9zwVSQC5Jfp3pqhgPMjAxMjEwMTAxMTU1NDVaMHUwczBLMAkGBSsOAwIaBQAE +FKByDqBqfGICVPKo9Z3Se6Tzty+kBBSwsEr9HHUo+BxhqhP2+sGQPWsWowISESG8 +vx4IzALnkqQG05AvM+2bgAAYDzIwMTIxMDEwMTAwMDAwWqARGA8yMDEyMTAxNzEw +MDAwMFowCwYJKoZIhvcNAQEFA4IBAQCaiUf6TuPaSmZR2i3hUwqdEfhjcZkcCXPu +9diWuDZbaL6ubthfeTwx6OsZ0eM3Q+WPhBNlYQ9Sm8PDUQsQiq3YvuYu+QUisChx +PN6BUEwFQZAGz+FX2h5+kAmK1M/xZeXMBCXJWJCClagiw5hOJfeV0ue7RUZRVuZv +am0ZjyIeLsxsIrxghlcaJRosFmYNoM++euu5lvclutv1UQ5yyNxlYy0T/jA9gS07 +WJ/i38+zxnXTuAPOm67p5N1IkEAEg/7OPRIG17Ig1C38NctN74vAOdTU1d/ay05V +Bz4ZiI9PffkUkPgW2QRQCEjv50i80wYkKH5pIbT/mTk4t53DUK1UoIID+DCCA/Qw +ggPwMIIC2KADAgECAhIRIcYjwu4UNkR1VGrDbSdFei8wDQYJKoZIhvcNAQEFBQAw +WTELMAkGA1UEBhMCQkUxGTAXBgNVBAoTEEdsb2JhbFNpZ24gbnYtc2ExLzAtBgNV +BAMTJkdsb2JhbFNpZ24gRXh0ZW5kZWQgVmFsaWRhdGlvbiBDQSAtIEcyMB4XDTEy +MDkxOTA3NDAzMVoXDTEyMTIxOTA4NDAzMVowgYUxCzAJBgNVBAYTAkJFMRkwFwYD +VQQKExBHbG9iYWxTaWduIG52LXNhMUIwQAYDVQQDEzlHbG9iYWxTaWduIEV4dGVu +ZGVkIFZhbGlkYXRpb24gQ0EgLSBHMiBPQ1NQIHJlc3BvbmRlciAtIDExFzAVBgNV +BAUTDjIwMTIwOTE5MDkzOTAwMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC +AQEAxkkb6QhDH3sEDj4zaysjVzYelq9lZ1cso4R2IyQxaoPaG6GkaCmHA4sz6KP+ +m3ADqplibEUBa/mzCxHW8/oy3NhGMFdbezduZrnRFLbzakOTeIo8VEIM3JPfgREv +CX8nj6Xu7ERD6JO/ZQ9Xr7YVzKKN+3cVZlcMHoGBnOPcO2Sz0AcYyk5m5IsGBRoT +T86j6Cr9PhOPTVwXL6Wxy1KVHsUZXUwnRacV0O4SHWQ4zM9Sablus9fTbh1CgIqW +sKDyzVB4yECXkBVeUlA+cuCaRRVHRiR+jPDSgbU62nnNudEpGG7dyoop6IOvXv2O +ydncWzaukxIVvQ/Ij85kHqs7HQIDAQABo4GEMIGBMAkGA1UdEwQCMAAwDgYDVR0P +AQH/BAQDAgeAMBMGA1UdJQQMMAoGCCsGAQUFBwMJMA8GCSsGAQUFBzABBQQCBQAw +HQYDVR0OBBYEFKlNd+0hlfSUtP3PBVJALkl+nemqMB8GA1UdIwQYMBaAFLCwSv0c +dSj4HGGqE/b6wZA9axajMA0GCSqGSIb3DQEBBQUAA4IBAQCe4rZg61Dmwygl/Uae +BJZog64/FvuB1sfCqKLJTjKOfLcugSTX1TT7bLJbzXRGPQuorI3TIZEOwldIw01d +DTLlsOCHrfHd+bpxgijxPkUuaA4NYnpvqTEMJqPKOC8QYfKupNjAPSuHvwqvqCfO +RCe3jY6xQDO0WCTZ8/xMsOkw+J/YEYqALETf2Ug7k5eRL/TvfLd8Sgi7vPfmUeiW +ptlsbhMOWQoQc+JA3vCI01rrjNq+0kIZ/r8nPGvablRr0Aakk6eDuS2dcReaPwuK +0xE136pJYiXdQ3SA7uwmlorjxmejavyoPCr23TU74DQEt6hhc6uIcabsa4Y8KvJy +RI4G diff --git a/openssl-1.1.0h/test/ocsp-tests/ISOP_D2.ors b/openssl-1.1.0h/test/ocsp-tests/ISOP_D2.ors new file mode 100644 index 0000000..b6c541d --- /dev/null +++ b/openssl-1.1.0h/test/ocsp-tests/ISOP_D2.ors @@ -0,0 +1,32 @@ +MIIF4AoBAKCCBdkwggXVBgkrBgEFBQcwAQEEggXGMIIFwjCBmaIWBBT0zghPr/K8 +jV5hpjGMML9Q+DwzShgPMjAxMjEwMTAxMjA5NTlaMG4wbDBEMAkGBSsOAwIaBQAE +FLdXtbacB/gWIxOOkMkqDr4yAaoxBBRge2YaRQ2XyolQL30EzTSo//z9SwILBAAA +AAABL07hRxCAABgPMjAxMjEwMDEwNjAwMDBaoBEYDzIwMTMwNDE1MDYwMDAwWjAL +BgkqhkiG9w0BAQUDggEBAGZY28eFWl169g7puLnKSeEzi6Ma5/rErOveFRp052ck +785B83HWkNmW/Bgw7Ws6Y7jBJce6ZQ5TMhwgNP34HuG/mVyn2ZjtCe4KKFBVnZV7 +mHGx93jgKkQvdp4pbNKxZ504eZDp8UOlR9+uwWOWHVObn7o+2N8iWKErSbZ2uX54 +Ajk8Hg/XN5wI4RUtcK3QpZSf3Ren5iit4NInwCpmTOkDz/IVK96BWaEQICq4VlHG +ziD0H0SlBQCdcSPzZndGoCtIhNyJEL3O2y3Grg4X1XH7VeeyGesuTLEIAEMHJPJD +TOVNoe5YPRK9Tqb+6jsubw8X/1b72kw3xVgb6MfC0tqgggQQMIIEDDCCBAgwggLw +oAMCAQICCwQAAAAAAThXoveHMA0GCSqGSIb3DQEBBQUAMFcxCzAJBgNVBAYTAkJF +MRkwFwYDVQQKExBHbG9iYWxTaWduIG52LXNhMRAwDgYDVQQLEwdSb290IENBMRsw +GQYDVQQDExJHbG9iYWxTaWduIFJvb3QgQ0EwHhcNMTIwNzA1MTgwMDAwWhcNMTMw +NzA1MTgwMDAwWjBZMQswCQYDVQQGEwJCRTEZMBcGA1UEChMQR2xvYmFsU2lnbiBu +di1zYTEvMC0GA1UEAxMmR2xvYmFsU2lnbiBPQ1NQIGZvciBSb290IFIxIC0gQnJh +bmNoIDIwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDMQY/h5DSRT24n +mMtD19lrn8WZzOoIl+Z9qOsrLLjEQeTMDlL7JPZh5pLaHHb6kSWT+O/RcEwpw6Dq +H9jtAgDOsGoN7gCK7wJbIvn4MdmkXZqVBcVl3uLuII3v1CPnlc/zoz5d9qXcZKb6 +YuzseyzhDPecQ+7l2NVAUOFUj8GXOZi//bIveMsm+/zSLMfriIC84Uym2QY649SC +aFNbtF/tR6upvLCLe0b2D1g+OBfGqZasi3QI5uX6lT0gHbCnPhRo3uxG2+S4KL3M +9sndMByrR5K6QuVf7UqA1vt0CfbA2OUXwcH5x3/TsHxtXDj2F/fWnC9QBBSN5n4I +G8K7ZpYtAgMBAAGjgdIwgc8wDgYDVR0PAQH/BAQDAgeAMB0GA1UdDgQWBBT0zghP +r/K8jV5hpjGMML9Q+DwzSjBMBgNVHSAERTBDMEEGCSsGAQQBoDIBXzA0MDIGCCsG +AQUFBwIBFiZodHRwczovL3d3dy5nbG9iYWxzaWduLmNvbS9yZXBvc2l0b3J5LzAJ +BgNVHRMEAjAAMBMGA1UdJQQMMAoGCCsGAQUFBwMJMB8GA1UdIwQYMBaAFGB7ZhpF +DZfKiVAvfQTNNKj//P1LMA8GCSsGAQUFBzABBQQCBQAwDQYJKoZIhvcNAQEFBQAD +ggEBAGU9HIQImzhTHkQLyA178dUdnF5E3DdzmNtwVV3cxGrFOLMpciMQLioQ/xp5 +t6j5Mshlp59imFylqowRRxRy4aN5TtMCufNh7yHIxI2Dt4O6qpPM946t5CJkMy+k +63pXz2xFIxaJDzAmzpWzu70OY0jrh3dZa8NR4AvhtoZ8zFE6suva6ZGK7JIoINaA +j5uyZ0qU+7vFwV1awdReNV6494z/HRjs1n956mNbalB9mKp9XXyfZlix/nN5mTJd +NlJqz7QjnCzZRM/Gfamzk8L3/CPS3XmSblFyn6SeZ92Vms4PNqZiEUNa2TMKXQR1 +EMiDRMkyfIIMI80VgRvvzCiOt0c= diff --git a/openssl-1.1.0h/test/ocsp-tests/ISOP_D3.ors b/openssl-1.1.0h/test/ocsp-tests/ISOP_D3.ors new file mode 100644 index 0000000..a8a2f91 --- /dev/null +++ b/openssl-1.1.0h/test/ocsp-tests/ISOP_D3.ors @@ -0,0 +1,38 @@ +MIIG8AoBAKCCBukwggblBgkrBgEFBQcwAQEEggbWMIIG0jCB+aF+MHwxCzAJBgNV +BAYTAkFVMQwwCgYDVQQIEwNOU1cxDzANBgNVBAcTBlN5ZG5leTEUMBIGA1UEChML +Q0FjZXJ0IEluYy4xHjAcBgNVBAsTFVNlcnZlciBBZG1pbmlzdHJhdGlvbjEYMBYG +A1UEAxMPb2NzcC5jYWNlcnQub3JnGA8yMDEyMTAxMDEzMjE1OVowZjBkMDwwCQYF +Kw4DAhoFAAQUi6TJyxcpGUU+u45zCZG5JfKDImUEFBa1MhvUx/Pg5o7zvdKwOu6y +ORjRAgMLs8aAABgPMjAxMjEwMTAxMzA1MjBaoBEYDzIwMTIxMDEyMTMyMTU5WjAN +BgkqhkiG9w0BAQUFAAOCAQEAH1auyXFf1fOdfShSnAFkg5JsRUvajrilUioTkPIn +IGYV//huaPNZwZGCC2haZIdUuKB6G2OCXeZVskBTXPjt8/6JmoHgsZeI3x5xKXxZ +vddLC0PgYp0cA3FqjXR2UCpdBF+GK37rnfZsdW2vD9JaEBXxTV4+ICDAg15ZphJW +lLGmdP3mQqPURIwamcYam8tntARimgEpA0KgfVue2A+izjcxC7qk9BQYG72Fh3hC +ZFxi5u6xKNUQ2EBF9KXZyP9d2i/bYCZAUeUSRtir+fsOXHlihYRih9npKyAPwpHd +NqhwK9NhKed8gmkX3cSaK0arBx7ev7avhM4Dqem+BzppjKCCBL4wggS6MIIEtjCC +Ap6gAwIBAgIDCpvzMA0GCSqGSIb3DQEBBQUAMHkxEDAOBgNVBAoTB1Jvb3QgQ0Ex +HjAcBgNVBAsTFWh0dHA6Ly93d3cuY2FjZXJ0Lm9yZzEiMCAGA1UEAxMZQ0EgQ2Vy +dCBTaWduaW5nIEF1dGhvcml0eTEhMB8GCSqGSIb3DQEJARYSc3VwcG9ydEBjYWNl +cnQub3JnMB4XDTExMDgyMzAwMDI1NloXDTEzMDgyMjAwMDI1NlowfDELMAkGA1UE +BhMCQVUxDDAKBgNVBAgTA05TVzEPMA0GA1UEBxMGU3lkbmV5MRQwEgYDVQQKEwtD +QWNlcnQgSW5jLjEeMBwGA1UECxMVU2VydmVyIEFkbWluaXN0cmF0aW9uMRgwFgYD +VQQDEw9vY3NwLmNhY2VydC5vcmcwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK +AoIBAQCcxtRv5CPHw3BLdR/k/K72YsRgodbP+UdAONmvBvWzhwm6B8h6O+M64sFr +2w6be7SYBECIyOQgNJ1flK4MoAWhdBA/H5NtxaDOKbAqA27tO9GaevcPp7c518O0 +3hVnlPLvsN1f48nY0jQOXUTfv5nYXmD0OSSK/V3IRo0KsWB6T9UnMGCeEwb4Oqqz +uzM0b4SBflzMEony/m6Tg/qL7qs2TLZAqe77+BZaVdFkDUnaBN7RyMruXySxeXiz +mogT3WhROeloMa/X+E01bWBYBEK7VZIY9pgBpXQ7vDbbIGgYuIXUi20wh03WMy16 +VDYdV0IUXHpidNUeK9W/BPP/7APBAgMBAAGjRDBCMAwGA1UdEwEB/wQCMAAwJwYD +VR0lBCAwHgYIKwYBBQUHAwIGCCsGAQUFBwMBBggrBgEFBQcDCTAJBgNVHREEAjAA +MA0GCSqGSIb3DQEBBQUAA4ICAQAoT6p5f3cGprAcgrnzdenfTmDe9LCW7k2VnazA +MAzpsD6gXcSlo4+3hoHem/SpKRH2tqi34DmImCiv/S6fxsKM4Gfn5rlkAFviuTvS +r5Zrwh4ZKSfaoWv4bmbzmcAxvuxdMWHf/5PbjegjzFTbBMekVPZY/abYtD6kdHQZ +VNgzwZVfTBfYhfa+Rg72I2zjKpMsjxMqWfTmUzW6wfK6LFudZqu0U1NnJw+IlnVU +6WtjL885ebQrmcRqWz3nMhVLIu5L3w/s+VTLvm7If6jcMDNUjz8s2BPcJeCXg3TE +STsyl6tvk17RRz2+9JskxVOk11xIn96xR4FCERIid2ek9z1xi7oYOajQF50i/9Gj +ReDEfRSyb4/LzoKDOY+h4Q6jryeHh7WIHFiK5qrBN2y8qOoRJ/OqQnqci/BJBNpe +g9Q9PJRgGSzRndTXNHiYRbeLpq7eGo3sPqlR9qBQ3rd98XGOU0RCMnzjKhENC3qo +5PkSF2xs8RmjWktFSTDwjYo0qf1teo7CGHjgaPjQ7JE8Q4ysFOQndSWmLpqwDcI9 +HfIvPwUIWArQrJRh9LCNSyvHVgLqY9kw8NW4TlMxV2WqaYCkiKi3XVRrSFR3ahS1 +VBvRZ8KpplrV7rhXjVSSqqfLk1sX3l72Ck2F9ON+qbNFmvhgNjSiBY9neMgo804a +wG/pag== diff --git a/openssl-1.1.0h/test/ocsp-tests/ISOP_ND1.ors b/openssl-1.1.0h/test/ocsp-tests/ISOP_ND1.ors new file mode 100644 index 0000000..b230622 --- /dev/null +++ b/openssl-1.1.0h/test/ocsp-tests/ISOP_ND1.ors @@ -0,0 +1,10 @@ +MIIB0woBAKCCAcwwggHIBgkrBgEFBQcwAQEEggG5MIIBtTCBnqIWBBSIRFH/UCpp +Xi2I9CG62QzyzsvqfBgPMjAxMjEwMTAwODU0NDVaMHMwcTBJMAkGBSsOAwIaBQAE +FEi2DTgjjfhFbk7lhD6jlBEYApefBBSIRFH/UCppXi2I9CG62QzyzsvqfAIQIuEz +IiCgSN8psr+aMcKbB4AAGA8yMDEyMTAxMDA4NTQ0NVqgERgPMjAxMjEwMTQwODU0 +NDVaMA0GCSqGSIb3DQEBBQUAA4IBAQDHKDxWTbAHRXY7HapfhE99T+OSa/AfRYqX +H9yIeMRa5VftXMyvBFuvVm/qLRwK6mxhkiVIvF/Pk5yxMjbm7xPO26D+WHOdQML4 ++M4OX9BO76FjZRin5x+4b0Xo5SuSU1ulqfvSZnx+nG+hMbt/3Y7ODCEUWCYFoXNp +U+TXTbv2mwJ9AL8Q/zjL4P8NJHzFJBKjEs+AAVRxTY/5RHHKU9dcm7ux/gsWoDUM +w677Xxzn6icd8mqn72/HmzPnMrLHKKJFe2escbJn7JlV6qbZ9EWbrr+3OH0IJy5I +E3LcPIsNZ//QEc6vS6J+j8ljV8Xne6rS1EmiOwV9NgubvYwDCm4R diff --git a/openssl-1.1.0h/test/ocsp-tests/ISOP_ND2.ors b/openssl-1.1.0h/test/ocsp-tests/ISOP_ND2.ors new file mode 100644 index 0000000..d14efb9 --- /dev/null +++ b/openssl-1.1.0h/test/ocsp-tests/ISOP_ND2.ors @@ -0,0 +1,10 @@ +MIIB0woBAKCCAcwwggHIBgkrBgEFBQcwAQEEggG5MIIBtTCBnqIWBBQLWOWLxkwV +N6RAqTCpIb5HNlpW/xgPMjAxMjEwMTAwMDI1NTdaMHMwcTBJMAkGBSsOAwIaBQAE +FOy+ZAvtiWulchtVZmfKU1ZI9ewTBBQLWOWLxkwVN6RAqTCpIb5HNlpW/wIQEaO0 +0OyNt3+doM1dLVEvQoAAGA8yMDEyMTAxMDAwMjU1N1qgERgPMjAxMjEwMTQwMDI1 +NTdaMA0GCSqGSIb3DQEBBQUAA4IBAQCJRXcrz4wJe7bqWBHULu/QDXVz74OhSNlu +swI0J4h+UmzJuW1GpdhTwJcTG3ARVwCLKz3evvpvHSumcsop0G3NolryNLP/oGD0 +Vf6PbLrJ8v+NxUNugPbtWM985Ti/B2a+XjbzYlH2vS3KOTL4X1zWSL07IQFNXc2h +yHBscKpYgt0mZcFZFxN3NTCNpT6IjJzZzTG9xTYZ3hZdMQQ3DYO+/Hv4J+U1/Ybq +CjuMWRak/0R/BiBDJdGhbThlvV7bNUxYY7DVaOiLER8ptpmhnzlB/vsTAxZqX48J +mJdv2bxoTby98Pm/BMydEA9qcFqyP1XvqhzIY35ngoS/1XREyW7t diff --git a/openssl-1.1.0h/test/ocsp-tests/ISOP_ND3.ors b/openssl-1.1.0h/test/ocsp-tests/ISOP_ND3.ors new file mode 100644 index 0000000..3ee7158 --- /dev/null +++ b/openssl-1.1.0h/test/ocsp-tests/ISOP_ND3.ors @@ -0,0 +1,10 @@ +MIIB1AoBAKCCAc0wggHJBgkrBgEFBQcwAQEEggG6MIIBtjCBn6IWBBStvZh6NLQm +9/rEJlTvA73gJMtUGhgPMjAxMjEwMDkxNjAxNTNaMHQwcjBKMAkGBSsOAwIaBQAE +FHyxZlScq9tE7mImFq30ZXv3etWUBBStvZh6NLQm9/rEJlTvA73gJMtUGgIRAKcN +bJWejX5BTb8DmevkCauAABgPMjAxMjEwMDkxNjAxNTNaoBEYDzIwMTIxMDEzMTYw +MTUzWjANBgkqhkiG9w0BAQUFAAOCAQEAFnJAzuT8P4KKyTI6sdj5HkQ352qEu5CN +K9M2kU/eg9kPfwLv8z3yArobwgx+/IDRajbVAKrk8UPCGUqkDc0OiU5c0+jpn+nT +20VVCtWsBSWDfzKqYln/NGrblhv+/iuFZJpyfud5nWguW5nogPC8IAfgt9FMDMl6 +wlQWLSWEkgAJWvhNR3nzgvyMnuDuMIVQgB9/+vAIxA7nlpEEh6KTswyGqE9+u1yC +kvrz4PwKZQMT6r1eRCLs6NaagOZT84QHhZ6TAA+QHjfK406KL8F9mFgbGKbW+st2 +QHm+giUhrgZMv+1Yaxe34BjDS439LCPjdZ29On8FeZr3F55T+s3VzA== diff --git a/openssl-1.1.0h/test/ocsp-tests/ND1.ors b/openssl-1.1.0h/test/ocsp-tests/ND1.ors new file mode 100644 index 0000000..7452741 --- /dev/null +++ b/openssl-1.1.0h/test/ocsp-tests/ND1.ors @@ -0,0 +1,10 @@ +MIIB0woBAKCCAcwwggHIBgkrBgEFBQcwAQEEggG5MIIBtTCBnqIWBBSIRFH/UCpp +Xi2I9CG62QzyzsvqfBgPMjAxMjEwMTEwODQxMTNaMHMwcTBJMAkGBSsOAwIaBQAE +FEi2DTgjjfhFbk7lhD6jlBEYApefBBSIRFH/UCppXi2I9CG62QzyzsvqfAIQIuEz +IiCgSN8psr+aMcKbB4AAGA8yMDEyMTAxMTA4NDExM1qgERgPMjAxMjEwMTUwODQx +MTNaMA0GCSqGSIb3DQEBBQUAA4IBAQCNnhlBMxxh9z5AKfzAxiKs90CfxUsqfYfk +8XlyF9VIfWRfEwzS6MF1pEzLnghRxTAmjrFgK+sxD9wk+S5Mdgw3nbED9DVFH2Hs +RGKm/t9wkvrYOX6yRQqw6uRvU/5cibMjcyzKB/VQMwk4p4FwSUgBv88A5sTkKr2V +eYdEm34hg2TZVkipPMBiyTyBLXs8D/9oALtnczg4xlTRSjDUvqoXL5haqY4QK2Pv +mNwna6ACkwLmSuMe29UQ8IX2PUB4R5Etni5czyiKGxZLm+4NAhuEwWFNEzCyImPc +087gHGU1zx+qVSlajqMJ/9ZXYjbt7WiWdhOTGEv4VMn8dHhRUs32 diff --git a/openssl-1.1.0h/test/ocsp-tests/ND1_Cert_EE.pem b/openssl-1.1.0h/test/ocsp-tests/ND1_Cert_EE.pem new file mode 100644 index 0000000..e646162 --- /dev/null +++ b/openssl-1.1.0h/test/ocsp-tests/ND1_Cert_EE.pem @@ -0,0 +1,36 @@ +-----BEGIN CERTIFICATE----- +MIIGTTCCBTWgAwIBAgIQIuEzIiCgSN8psr+aMcKbBzANBgkqhkiG9w0BAQUFADCB +jjELMAkGA1UEBhMCR0IxGzAZBgNVBAgTEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4G +A1UEBxMHU2FsZm9yZDEaMBgGA1UEChMRQ09NT0RPIENBIExpbWl0ZWQxNDAyBgNV +BAMTK0NPTU9ETyBFeHRlbmRlZCBWYWxpZGF0aW9uIFNlY3VyZSBTZXJ2ZXIgQ0Ew +HhcNMTEwMzMxMDAwMDAwWhcNMTMwNjI3MjM1OTU5WjCCAT8xETAPBgNVBAUTCDA0 +MDU4NjkwMRMwEQYLKwYBBAGCNzwCAQMTAkdCMR0wGwYDVQQPExRQcml2YXRlIE9y +Z2FuaXphdGlvbjELMAkGA1UEBhMCR0IxDzANBgNVBBETBk01IDNFUTEbMBkGA1UE +CBMSR3JlYXRlciBNYW5jaGVzdGVyMRAwDgYDVQQHEwdTYWxmb3JkMRYwFAYDVQQJ +Ew1UcmFmZm9yZCBSb2FkMRYwFAYDVQQJEw1FeGNoYW5nZSBRdWF5MSUwIwYDVQQJ +ExwzcmQgRmxvb3IsIDI2IE9mZmljZSBWaWxsYWdlMRowGAYDVQQKExFDT01PRE8g +Q0EgTGltaXRlZDEaMBgGA1UECxMRQ29tb2RvIEVWIFNHQyBTU0wxGjAYBgNVBAMT +EXNlY3VyZS5jb21vZG8uY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC +AQEA168izw0zK6cChTGFuAwNARwTu1Ky/z+dXHkSmB0tQrAk3bq7mnUPtmQ+td8r +G2hlhQPd+YXQVYEW3RuopydmdB9wMlEGCCfU2ZqohsC9uut+HenCVbYvn4sSB0KJ +VdOXLPCEnfdk/FmcNWcYv73HmoJXZjT0THNQmnfpo6mMGAOerenMgNuCpq1buZ8c +fFUeUY18ZGLZKZyRNM6GPgVA37Dm8Ru+9Cf8/rm7NSIoVWH4BDztM3Y1BZvZ0d4G +49jRA4MXbhsDEMYzaSCDmaRHSFhCtrGkN2S4A1ZxoSoxQVCLcnnInVd+J0X8J6pa +Efio/aD6UQBQq29HyTsWVe6BewIDAQABo4IB8TCCAe0wHwYDVR0jBBgwFoAUiERR +/1AqaV4tiPQhutkM8s7L6nwwHQYDVR0OBBYEFKvAXKp4bYRmxU4SlM8k8FbWiXiL +MA4GA1UdDwEB/wQEAwIFoDAMBgNVHRMBAf8EAjAAMDQGA1UdJQQtMCsGCCsGAQUF +BwMBBggrBgEFBQcDAgYKKwYBBAGCNwoDAwYJYIZIAYb4QgQBMEYGA1UdIAQ/MD0w +OwYMKwYBBAGyMQECAQUBMCswKQYIKwYBBQUHAgEWHWh0dHBzOi8vc2VjdXJlLmNv +bW9kby5jb20vQ1BTMFMGA1UdHwRMMEowSKBGoESGQmh0dHA6Ly9jcmwuY29tb2Rv +Y2EuY29tL0NPTU9ET0V4dGVuZGVkVmFsaWRhdGlvblNlY3VyZVNlcnZlckNBLmNy +bDCBhAYIKwYBBQUHAQEEeDB2ME4GCCsGAQUFBzAChkJodHRwOi8vY3J0LmNvbW9k +b2NhLmNvbS9DT01PRE9FeHRlbmRlZFZhbGlkYXRpb25TZWN1cmVTZXJ2ZXJDQS5j +cnQwJAYIKwYBBQUHMAGGGGh0dHA6Ly9vY3NwLmNvbW9kb2NhLmNvbTAzBgNVHREE +LDAqghFzZWN1cmUuY29tb2RvLmNvbYIVd3d3LnNlY3VyZS5jb21vZG8uY29tMA0G +CSqGSIb3DQEBBQUAA4IBAQC9SoVG+B40khDWAzlz+G0WDBM3OuqK5n8vY/XxdPS5 +qyv6K05S4VRGR/6PQa1UVzMbnhfLh54OWrpnalRGabpTmKDu8Pa912pzDSzMxg4U +Rff4/hVLd1n/58q+riLxdtkIigLUjtFfwUrE1H89QODOCb4nw7f9BQaDoug+ovM3 +KO9rxVZ/3TshaxW0mPVM/cMbX+6RrQ7+d1y5fdX/fksCZhOW+P25+FPlaorQEWNa +s0UZNQ6qVuxB7CPmnLqmLBfAKTbeKcQFxx//0eyyZqCkzIvYUNjeRR0Q7DnxXq4C +Pj1Y6VcPJDmZOeogte5/vNIdU8Wq55IJJ1G/uKXztwVT +-----END CERTIFICATE----- diff --git a/openssl-1.1.0h/test/ocsp-tests/ND1_Cross_Root.pem b/openssl-1.1.0h/test/ocsp-tests/ND1_Cross_Root.pem new file mode 100644 index 0000000..20585f1 --- /dev/null +++ b/openssl-1.1.0h/test/ocsp-tests/ND1_Cross_Root.pem @@ -0,0 +1,25 @@ +-----BEGIN CERTIFICATE----- +MIIENjCCAx6gAwIBAgIBATANBgkqhkiG9w0BAQUFADBvMQswCQYDVQQGEwJTRTEU +MBIGA1UEChMLQWRkVHJ1c3QgQUIxJjAkBgNVBAsTHUFkZFRydXN0IEV4dGVybmFs +IFRUUCBOZXR3b3JrMSIwIAYDVQQDExlBZGRUcnVzdCBFeHRlcm5hbCBDQSBSb290 +MB4XDTAwMDUzMDEwNDgzOFoXDTIwMDUzMDEwNDgzOFowbzELMAkGA1UEBhMCU0Ux +FDASBgNVBAoTC0FkZFRydXN0IEFCMSYwJAYDVQQLEx1BZGRUcnVzdCBFeHRlcm5h +bCBUVFAgTmV0d29yazEiMCAGA1UEAxMZQWRkVHJ1c3QgRXh0ZXJuYWwgQ0EgUm9v +dDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALf3GjPm8gAELTngTlvt +H7xsD821+iO2zt6bETOXpClMfZOfvUq8k+0DGuOPz+VtUFrWlymUWoCwSXrbLpX9 +uMq/NzgtHj6RQa1wVsfwTz/oMp50ysiQVOnGXw94nZpAPA6sYapeFI+eh6FqUNzX +mk6vBbOmcZSccbNQYArHE504B4YCqOmoaSYYkKtMsE8jqzpPhNjfzp/haW+710LX +a0Tkx63ubUFfclpxCDezeWWkWaCUN/cALw3CknLa0Dhy2xSoRcRdKn23tNbE7qzN +E0S3ySvdQwAl+mG5aWpYIxG3pzOPVnVZ9c0p10a3CitlttNCbxWyuHv77+ldU9U0 +WicCAwEAAaOB3DCB2TAdBgNVHQ4EFgQUrb2YejS0Jvf6xCZU7wO94CTLVBowCwYD +VR0PBAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wgZkGA1UdIwSBkTCBjoAUrb2YejS0 +Jvf6xCZU7wO94CTLVBqhc6RxMG8xCzAJBgNVBAYTAlNFMRQwEgYDVQQKEwtBZGRU +cnVzdCBBQjEmMCQGA1UECxMdQWRkVHJ1c3QgRXh0ZXJuYWwgVFRQIE5ldHdvcmsx +IjAgBgNVBAMTGUFkZFRydXN0IEV4dGVybmFsIENBIFJvb3SCAQEwDQYJKoZIhvcN +AQEFBQADggEBALCb4IUlwtYj4g+WBpKdQZic2YR5gdkeWxQHIzZlj7DYd7usQWxH +YINRsPkyPef89iYTx4AWpb9a/IfPeHmJIZriTAcKhjW88t5RxNKWt9x+Tu5w/Rw5 +6wwCURQtjr0W4MHfRnXnJK3s9EK0hZNwEGe6nQY1ShjTK3rMUUKhemPR5ruhxSvC +Nr4TDea9Y355e6cJDUCrat2PisP29owaQgVR1EX1n6diIWgVIEM8med8vSTYqZEX +c4g/VhsxOBi0cQ+azcgOno4uG+GMmIPLHzHxREzGBHNJdmAPx/i9F4BrLunMTA5a +mnkPIAou1Z5jJh5VkpTYghdae9C8x49OhgQ= +-----END CERTIFICATE----- diff --git a/openssl-1.1.0h/test/ocsp-tests/ND1_Issuer_ICA-Cross.pem b/openssl-1.1.0h/test/ocsp-tests/ND1_Issuer_ICA-Cross.pem new file mode 100644 index 0000000..08f04f6 --- /dev/null +++ b/openssl-1.1.0h/test/ocsp-tests/ND1_Issuer_ICA-Cross.pem @@ -0,0 +1,58 @@ +-----BEGIN CERTIFICATE----- +MIIFBjCCA+6gAwIBAgIQEaO00OyNt3+doM1dLVEvQjANBgkqhkiG9w0BAQUFADCB +gTELMAkGA1UEBhMCR0IxGzAZBgNVBAgTEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4G +A1UEBxMHU2FsZm9yZDEaMBgGA1UEChMRQ09NT0RPIENBIExpbWl0ZWQxJzAlBgNV +BAMTHkNPTU9ETyBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAeFw0xMDA1MjQwMDAw +MDBaFw0yMDA1MzAxMDQ4MzhaMIGOMQswCQYDVQQGEwJHQjEbMBkGA1UECBMSR3Jl +YXRlciBNYW5jaGVzdGVyMRAwDgYDVQQHEwdTYWxmb3JkMRowGAYDVQQKExFDT01P +RE8gQ0EgTGltaXRlZDE0MDIGA1UEAxMrQ09NT0RPIEV4dGVuZGVkIFZhbGlkYXRp +b24gU2VjdXJlIFNlcnZlciBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC +ggEBAMxKljPNJY1n7iiWN4dG8PYEooR/U6qW5h+xAhxu7X0h1Nc8HqLYaS+ot/Wi +7WRYZOFEZTZJQSABjTsT4gjzDPJXOZM3txyTRIOOvy3xoQV12m7ue28b6naDKHRK +HCvT9cQDcpOvhs4JjDx11MkKL3Lzrb0OMDyEoXMfAyUUpY/D1vS15N2GevUZumjy +hVSiMBHK0ZLLO3QGEqA3q2rYVBHfbJoWlLm0p2XGdC0x801S6VVRn8s+oo12mHDS +b6ZlRS8bhbtbbfnywARmE4R6nc4n2PREnr+svpnba0/bWCGwiSe0jzLWS15ykV7f +BZ3ZSS/0tm9QH3XLgJ3m0+TR8tMCAwEAAaOCAWkwggFlMB8GA1UdIwQYMBaAFAtY +5YvGTBU3pECpMKkhvkc2Wlb/MB0GA1UdDgQWBBSIRFH/UCppXi2I9CG62Qzyzsvq +fDAOBgNVHQ8BAf8EBAMCAQYwEgYDVR0TAQH/BAgwBgEB/wIBADA+BgNVHSAENzA1 +MDMGBFUdIAAwKzApBggrBgEFBQcCARYdaHR0cHM6Ly9zZWN1cmUuY29tb2RvLmNv +bS9DUFMwSQYDVR0fBEIwQDA+oDygOoY4aHR0cDovL2NybC5jb21vZG9jYS5jb20v +Q09NT0RPQ2VydGlmaWNhdGlvbkF1dGhvcml0eS5jcmwwdAYIKwYBBQUHAQEEaDBm +MD4GCCsGAQUFBzAChjJodHRwOi8vY3J0LmNvbW9kb2NhLmNvbS9DT01PRE9BZGRU +cnVzdFNlcnZlckNBLmNydDAkBggrBgEFBQcwAYYYaHR0cDovL29jc3AuY29tb2Rv +Y2EuY29tMA0GCSqGSIb3DQEBBQUAA4IBAQCaQ7+vpHJezX1vf/T8PYy7cOYe3QT9 +P9ydn7+JdpvyhjH8f7PtKpFTLOKqsOPILHH3FYojHPFpLoH7sbxiC6saVBzZIl40 +TKX2Iw9dej3bQ81pfhc3Us1TocIR1FN4J2TViUFNFlW7kMvw2OTd3dMJZEgo/zIj +hC+Me1UvzymINzR4DzOq/7fylqSbRIC1vmxWVKukgZ4lGChUOn8sY89ZIIwYazgs +tN3t40DeDDYlV5rA0WCeXgNol64aO+pF11GZSe5EWVYLXrGPaOqKnsrSyaADfnAl +9DLJTlCDh6I0SD1PNXf82Ijq9n0ezkO21cJqfjhmY03n7jLvDyToKmf6 +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIE8TCCA9mgAwIBAgIQbyXcFa/fXqMIVgw7ek/H+DANBgkqhkiG9w0BAQUFADBv +MQswCQYDVQQGEwJTRTEUMBIGA1UEChMLQWRkVHJ1c3QgQUIxJjAkBgNVBAsTHUFk +ZFRydXN0IEV4dGVybmFsIFRUUCBOZXR3b3JrMSIwIAYDVQQDExlBZGRUcnVzdCBF +eHRlcm5hbCBDQSBSb290MB4XDTAwMDUzMDEwNDgzOFoXDTIwMDUzMDEwNDgzOFow +gYExCzAJBgNVBAYTAkdCMRswGQYDVQQIExJHcmVhdGVyIE1hbmNoZXN0ZXIxEDAO +BgNVBAcTB1NhbGZvcmQxGjAYBgNVBAoTEUNPTU9ETyBDQSBMaW1pdGVkMScwJQYD +VQQDEx5DT01PRE8gQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwggEiMA0GCSqGSIb3 +DQEBAQUAA4IBDwAwggEKAoIBAQDQQIuLcuORG/dRwRtUBJjTqb/B5opdO4f7u4jO +DeMvPwaW8KIpUJmu2zuhV7B0UXHN7UKRTUH+qcjYaoZ3RLtZZpdQXrTULHBEz9o3 +lUJpPDDEcbNS8CFNodi6OXwcnqMknfKDFpiqFnxDmxVbt640kf7UYiYYRpo/68H5 +8ZBX66x6DYvbcjBqZtXgRqNw3GjZ/wRIiXfeten7Z21B6bw5vTLZYgLxsag9bjec +4i/i06Imi8a4VUOI4SM+pdIkOWpHqwDUobOpJf4NP6cdutNRwQuk2qw471VQJAVl +RpM0Ty2NrcbUIRnSjsoFYXEHc0flihkSvQRNzk6cpUisuyb3AgMBAAGjggF0MIIB +cDAfBgNVHSMEGDAWgBStvZh6NLQm9/rEJlTvA73gJMtUGjAdBgNVHQ4EFgQUC1jl +i8ZMFTekQKkwqSG+RzZaVv8wDgYDVR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMB +Af8wEQYDVR0gBAowCDAGBgRVHSAAMEQGA1UdHwQ9MDswOaA3oDWGM2h0dHA6Ly9j +cmwudXNlcnRydXN0LmNvbS9BZGRUcnVzdEV4dGVybmFsQ0FSb290LmNybDCBswYI +KwYBBQUHAQEEgaYwgaMwPwYIKwYBBQUHMAKGM2h0dHA6Ly9jcnQudXNlcnRydXN0 +LmNvbS9BZGRUcnVzdEV4dGVybmFsQ0FSb290LnA3YzA5BggrBgEFBQcwAoYtaHR0 +cDovL2NydC51c2VydHJ1c3QuY29tL0FkZFRydXN0VVROU0dDQ0EuY3J0MCUGCCsG +AQUFBzABhhlodHRwOi8vb2NzcC51c2VydHJ1c3QuY29tMA0GCSqGSIb3DQEBBQUA +A4IBAQAHYJOZqs7Q00fQNzPeP2S35S6jJQzVMx0Njav2fkZ7WQaS44LE5/X289kF +z0k0LTdf9CXH8PtrI3fx8UDXTLtJRTHdAChntylMdagfeTHJNjcPyjVPjPF+3vxG +q79om3AjMC63xVx7ivsYE3lLkkKM3CyrbCK3KFOzGkrOG/soDrc6pNoN90AyT99v +uwFQ/IfTdtn8+7aEA8rJNhj33Wzbu7qBHKat/ij5z7micV0ZBepKRtxzQe+JlEKx +Q4hvNRevHmCDrHqMEHufyfaDbZ76iO4+3e6esL/garnQnweyCROa9aTlyFt5p0c1 +M2jlVZ6qW8swC53HD79oRIGXi1FK +-----END CERTIFICATE----- diff --git a/openssl-1.1.0h/test/ocsp-tests/ND1_Issuer_ICA.pem b/openssl-1.1.0h/test/ocsp-tests/ND1_Issuer_ICA.pem new file mode 100644 index 0000000..3260db3 --- /dev/null +++ b/openssl-1.1.0h/test/ocsp-tests/ND1_Issuer_ICA.pem @@ -0,0 +1,29 @@ +-----BEGIN CERTIFICATE----- +MIIFBjCCA+6gAwIBAgIQEaO00OyNt3+doM1dLVEvQjANBgkqhkiG9w0BAQUFADCB +gTELMAkGA1UEBhMCR0IxGzAZBgNVBAgTEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4G +A1UEBxMHU2FsZm9yZDEaMBgGA1UEChMRQ09NT0RPIENBIExpbWl0ZWQxJzAlBgNV +BAMTHkNPTU9ETyBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAeFw0xMDA1MjQwMDAw +MDBaFw0yMDA1MzAxMDQ4MzhaMIGOMQswCQYDVQQGEwJHQjEbMBkGA1UECBMSR3Jl +YXRlciBNYW5jaGVzdGVyMRAwDgYDVQQHEwdTYWxmb3JkMRowGAYDVQQKExFDT01P +RE8gQ0EgTGltaXRlZDE0MDIGA1UEAxMrQ09NT0RPIEV4dGVuZGVkIFZhbGlkYXRp +b24gU2VjdXJlIFNlcnZlciBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC +ggEBAMxKljPNJY1n7iiWN4dG8PYEooR/U6qW5h+xAhxu7X0h1Nc8HqLYaS+ot/Wi +7WRYZOFEZTZJQSABjTsT4gjzDPJXOZM3txyTRIOOvy3xoQV12m7ue28b6naDKHRK +HCvT9cQDcpOvhs4JjDx11MkKL3Lzrb0OMDyEoXMfAyUUpY/D1vS15N2GevUZumjy +hVSiMBHK0ZLLO3QGEqA3q2rYVBHfbJoWlLm0p2XGdC0x801S6VVRn8s+oo12mHDS +b6ZlRS8bhbtbbfnywARmE4R6nc4n2PREnr+svpnba0/bWCGwiSe0jzLWS15ykV7f +BZ3ZSS/0tm9QH3XLgJ3m0+TR8tMCAwEAAaOCAWkwggFlMB8GA1UdIwQYMBaAFAtY +5YvGTBU3pECpMKkhvkc2Wlb/MB0GA1UdDgQWBBSIRFH/UCppXi2I9CG62Qzyzsvq +fDAOBgNVHQ8BAf8EBAMCAQYwEgYDVR0TAQH/BAgwBgEB/wIBADA+BgNVHSAENzA1 +MDMGBFUdIAAwKzApBggrBgEFBQcCARYdaHR0cHM6Ly9zZWN1cmUuY29tb2RvLmNv +bS9DUFMwSQYDVR0fBEIwQDA+oDygOoY4aHR0cDovL2NybC5jb21vZG9jYS5jb20v +Q09NT0RPQ2VydGlmaWNhdGlvbkF1dGhvcml0eS5jcmwwdAYIKwYBBQUHAQEEaDBm +MD4GCCsGAQUFBzAChjJodHRwOi8vY3J0LmNvbW9kb2NhLmNvbS9DT01PRE9BZGRU +cnVzdFNlcnZlckNBLmNydDAkBggrBgEFBQcwAYYYaHR0cDovL29jc3AuY29tb2Rv +Y2EuY29tMA0GCSqGSIb3DQEBBQUAA4IBAQCaQ7+vpHJezX1vf/T8PYy7cOYe3QT9 +P9ydn7+JdpvyhjH8f7PtKpFTLOKqsOPILHH3FYojHPFpLoH7sbxiC6saVBzZIl40 +TKX2Iw9dej3bQ81pfhc3Us1TocIR1FN4J2TViUFNFlW7kMvw2OTd3dMJZEgo/zIj +hC+Me1UvzymINzR4DzOq/7fylqSbRIC1vmxWVKukgZ4lGChUOn8sY89ZIIwYazgs +tN3t40DeDDYlV5rA0WCeXgNol64aO+pF11GZSe5EWVYLXrGPaOqKnsrSyaADfnAl +9DLJTlCDh6I0SD1PNXf82Ijq9n0ezkO21cJqfjhmY03n7jLvDyToKmf6 +-----END CERTIFICATE----- diff --git a/openssl-1.1.0h/test/ocsp-tests/ND2.ors b/openssl-1.1.0h/test/ocsp-tests/ND2.ors new file mode 100644 index 0000000..24c1cb2 --- /dev/null +++ b/openssl-1.1.0h/test/ocsp-tests/ND2.ors @@ -0,0 +1,10 @@ +MIIB0woBAKCCAcwwggHIBgkrBgEFBQcwAQEEggG5MIIBtTCBnqIWBBQLWOWLxkwV +N6RAqTCpIb5HNlpW/xgPMjAxMjEwMTAyMzAzMTlaMHMwcTBJMAkGBSsOAwIaBQAE +FOy+ZAvtiWulchtVZmfKU1ZI9ewTBBQLWOWLxkwVN6RAqTCpIb5HNlpW/wIQEaO0 +0OyNt3+doM1dLVEvQoAAGA8yMDEyMTAxMDIzMDMxOVqgERgPMjAxMjEwMTQyMzAz +MTlaMA0GCSqGSIb3DQEBBQUAA4IBAQCHn2nGfEUX/EJruMkTgh7GgB0u9cpAepaD +sPv9gtl3KLUZyR+NbGMIa5/bpoJp0yg1z5VL6CLMusy3AF6Cn2fyaioDxG+yc+gA +PcPFdEqiIMr+TP8s7qcEiE6WZddSSCqCn90VZSCWkpDhnCjDRwJLBBPU3803fdMz +oguvyr7y6Koxik8X/iUe8EpSzAvmm4GZL3veTI+x7IezJSrhCS9zM0ZHjySjoDxC ++ljGH0EuWPTmFEqZVGIq3cuahIYzKItUbYnXU6ipi/2p42qbsFeok7eEN0EYsY1a +vRATHGRmU7Q5HLCq4rQtZC1cis52Mvc9x1W4z/Gt5A3FtgElXXNA diff --git a/openssl-1.1.0h/test/ocsp-tests/ND2_Cert_ICA.pem b/openssl-1.1.0h/test/ocsp-tests/ND2_Cert_ICA.pem new file mode 100644 index 0000000..3260db3 --- /dev/null +++ b/openssl-1.1.0h/test/ocsp-tests/ND2_Cert_ICA.pem @@ -0,0 +1,29 @@ +-----BEGIN CERTIFICATE----- +MIIFBjCCA+6gAwIBAgIQEaO00OyNt3+doM1dLVEvQjANBgkqhkiG9w0BAQUFADCB +gTELMAkGA1UEBhMCR0IxGzAZBgNVBAgTEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4G +A1UEBxMHU2FsZm9yZDEaMBgGA1UEChMRQ09NT0RPIENBIExpbWl0ZWQxJzAlBgNV +BAMTHkNPTU9ETyBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAeFw0xMDA1MjQwMDAw +MDBaFw0yMDA1MzAxMDQ4MzhaMIGOMQswCQYDVQQGEwJHQjEbMBkGA1UECBMSR3Jl +YXRlciBNYW5jaGVzdGVyMRAwDgYDVQQHEwdTYWxmb3JkMRowGAYDVQQKExFDT01P +RE8gQ0EgTGltaXRlZDE0MDIGA1UEAxMrQ09NT0RPIEV4dGVuZGVkIFZhbGlkYXRp +b24gU2VjdXJlIFNlcnZlciBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC +ggEBAMxKljPNJY1n7iiWN4dG8PYEooR/U6qW5h+xAhxu7X0h1Nc8HqLYaS+ot/Wi +7WRYZOFEZTZJQSABjTsT4gjzDPJXOZM3txyTRIOOvy3xoQV12m7ue28b6naDKHRK +HCvT9cQDcpOvhs4JjDx11MkKL3Lzrb0OMDyEoXMfAyUUpY/D1vS15N2GevUZumjy +hVSiMBHK0ZLLO3QGEqA3q2rYVBHfbJoWlLm0p2XGdC0x801S6VVRn8s+oo12mHDS +b6ZlRS8bhbtbbfnywARmE4R6nc4n2PREnr+svpnba0/bWCGwiSe0jzLWS15ykV7f +BZ3ZSS/0tm9QH3XLgJ3m0+TR8tMCAwEAAaOCAWkwggFlMB8GA1UdIwQYMBaAFAtY +5YvGTBU3pECpMKkhvkc2Wlb/MB0GA1UdDgQWBBSIRFH/UCppXi2I9CG62Qzyzsvq +fDAOBgNVHQ8BAf8EBAMCAQYwEgYDVR0TAQH/BAgwBgEB/wIBADA+BgNVHSAENzA1 +MDMGBFUdIAAwKzApBggrBgEFBQcCARYdaHR0cHM6Ly9zZWN1cmUuY29tb2RvLmNv +bS9DUFMwSQYDVR0fBEIwQDA+oDygOoY4aHR0cDovL2NybC5jb21vZG9jYS5jb20v +Q09NT0RPQ2VydGlmaWNhdGlvbkF1dGhvcml0eS5jcmwwdAYIKwYBBQUHAQEEaDBm +MD4GCCsGAQUFBzAChjJodHRwOi8vY3J0LmNvbW9kb2NhLmNvbS9DT01PRE9BZGRU +cnVzdFNlcnZlckNBLmNydDAkBggrBgEFBQcwAYYYaHR0cDovL29jc3AuY29tb2Rv +Y2EuY29tMA0GCSqGSIb3DQEBBQUAA4IBAQCaQ7+vpHJezX1vf/T8PYy7cOYe3QT9 +P9ydn7+JdpvyhjH8f7PtKpFTLOKqsOPILHH3FYojHPFpLoH7sbxiC6saVBzZIl40 +TKX2Iw9dej3bQ81pfhc3Us1TocIR1FN4J2TViUFNFlW7kMvw2OTd3dMJZEgo/zIj +hC+Me1UvzymINzR4DzOq/7fylqSbRIC1vmxWVKukgZ4lGChUOn8sY89ZIIwYazgs +tN3t40DeDDYlV5rA0WCeXgNol64aO+pF11GZSe5EWVYLXrGPaOqKnsrSyaADfnAl +9DLJTlCDh6I0SD1PNXf82Ijq9n0ezkO21cJqfjhmY03n7jLvDyToKmf6 +-----END CERTIFICATE----- diff --git a/openssl-1.1.0h/test/ocsp-tests/ND2_Issuer_Root.pem b/openssl-1.1.0h/test/ocsp-tests/ND2_Issuer_Root.pem new file mode 100644 index 0000000..dc99810 --- /dev/null +++ b/openssl-1.1.0h/test/ocsp-tests/ND2_Issuer_Root.pem @@ -0,0 +1,23 @@ +-----BEGIN CERTIFICATE----- +MIID0DCCArigAwIBAgIQIKTEf93f4cdTYwcTiHdgEjANBgkqhkiG9w0BAQUFADCB +gTELMAkGA1UEBhMCR0IxGzAZBgNVBAgTEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4G +A1UEBxMHU2FsZm9yZDEaMBgGA1UEChMRQ09NT0RPIENBIExpbWl0ZWQxJzAlBgNV +BAMTHkNPTU9ETyBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAeFw0xMTAxMDEwMDAw +MDBaFw0zMDEyMzEyMzU5NTlaMIGBMQswCQYDVQQGEwJHQjEbMBkGA1UECBMSR3Jl +YXRlciBNYW5jaGVzdGVyMRAwDgYDVQQHEwdTYWxmb3JkMRowGAYDVQQKExFDT01P +RE8gQ0EgTGltaXRlZDEnMCUGA1UEAxMeQ09NT0RPIENlcnRpZmljYXRpb24gQXV0 +aG9yaXR5MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0ECLi3LjkRv3 +UcEbVASY06m/weaKXTuH+7uIzg3jLz8GlvCiKVCZrts7oVewdFFxze1CkU1B/qnI +2GqGd0S7WWaXUF601CxwRM/aN5VCaTwwxHGzUvAhTaHYujl8HJ6jJJ3ygxaYqhZ8 +Q5sVW7euNJH+1GImGEaaP+vB+fGQV+useg2L23IwambV4EajcNxo2f8ESIl33rXp ++2dtQem8Ob0y2WIC8bGoPW43nOIv4tOiJovGuFVDiOEjPqXSJDlqR6sA1KGzqSX+ +DT+nHbrTUcELpNqsOO9VUCQFZUaTNE8tja3G1CEZ0o7KBWFxB3NH5YoZEr0ETc5O +nKVIrLsm9wIDAQABo0IwQDAdBgNVHQ4EFgQUC1jli8ZMFTekQKkwqSG+RzZaVv8w +DgYDVR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQEFBQAD +ggEBAC/JxBwHO89hAgCx2SFRdXIDMLDEFh9sAIsQrK/xR9SuEDwMGvjUk2ysEDd8 +t6aDZK3N3w6HM503sMZ7OHKx8xoOo/lVem0DZgMXlUrxsXrfViEGQo+x06iF3u6X +HWLrp+cxEmbDD6ZLLkGC9/3JG6gbr+48zuOcrigHoSybJMIPIyaDMouGDx8rEkYl +Fo92kANr3ryqImhrjKGsKxE5pttwwn1y6TPn/CbxdFqR5p2ErPioBhlG5qfpqjQi +pKGfeq23sqSaM4hxAjwu1nqyH6LKwN0vEJT9s4yEIHlG1QXUEOTS22RPuFvuG8Ug +R1uUq27UlTMdphVx8fiUylQ5PsE= +-----END CERTIFICATE----- diff --git a/openssl-1.1.0h/test/ocsp-tests/ND3.ors b/openssl-1.1.0h/test/ocsp-tests/ND3.ors new file mode 100644 index 0000000..2008418 --- /dev/null +++ b/openssl-1.1.0h/test/ocsp-tests/ND3.ors @@ -0,0 +1,10 @@ +MIIB1AoBAKCCAc0wggHJBgkrBgEFBQcwAQEEggG6MIIBtjCBn6IWBBStvZh6NLQm +9/rEJlTvA73gJMtUGhgPMjAxMjEwMTExMTM2NDdaMHQwcjBKMAkGBSsOAwIaBQAE +FHyxZlScq9tE7mImFq30ZXv3etWUBBStvZh6NLQm9/rEJlTvA73gJMtUGgIRAKcN +bJWejX5BTb8DmevkCauAABgPMjAxMjEwMTExMTM2NDdaoBEYDzIwMTIxMDE1MTEz +NjQ3WjANBgkqhkiG9w0BAQUFAAOCAQEAfnj3nh6z+USW6VlDWRytWpNmC1ZRwWlg +P2+G4UF4HE8bMJkuiFLcZEVYTxlTYv+xAEpSFxdInFM2Q5C+O6pWOZ9NbikeR4oZ +FTI1kAZ0Uw+YMpVM4ztvKBIpUSqlbi69iNJ9WGF6qzxVeqobSOyrjjwtTsuglUbR ++mshp/SP7Br2IIK+KM1vgsmVExPfGPYANyk7ki/Q8uUnjqkreeSa9WC2iJLGcybW +YavDhYWALebUGukNeedkloYhdjPboPPxDkKNjakwIG8EkbJK7uXewMOHHOFvFTX3 +K388me8u5iQf4f3fj6ilEgs6f5Szzmb+vklPX0zIny/TVk2+Az7HmA== diff --git a/openssl-1.1.0h/test/ocsp-tests/ND3_Cert_EE.pem b/openssl-1.1.0h/test/ocsp-tests/ND3_Cert_EE.pem new file mode 100644 index 0000000..c6a76d6 --- /dev/null +++ b/openssl-1.1.0h/test/ocsp-tests/ND3_Cert_EE.pem @@ -0,0 +1,34 @@ +-----BEGIN CERTIFICATE----- +MIIF3TCCBMWgAwIBAgIRAKcNbJWejX5BTb8DmevkCaswDQYJKoZIhvcNAQEFBQAw +bzELMAkGA1UEBhMCU0UxFDASBgNVBAoTC0FkZFRydXN0IEFCMSYwJAYDVQQLEx1B +ZGRUcnVzdCBFeHRlcm5hbCBUVFAgTmV0d29yazEiMCAGA1UEAxMZQWRkVHJ1c3Qg +RXh0ZXJuYWwgQ0EgUm9vdDAeFw0xMDA1MDQwMDAwMDBaFw0xNTA1MDQyMzU5NTla +MIIBCjELMAkGA1UEBhMCR0IxDzANBgNVBBETBk01IDNFUTEbMBkGA1UECBMSR3Jl +YXRlciBNYW5jaGVzdGVyMRAwDgYDVQQHEwdTYWxmb3JkMRYwFAYDVQQJEw1UcmFm +Zm9yZCBSb2FkMRYwFAYDVQQJEw1FeGNoYW5nZSBRdWF5MSUwIwYDVQQJExwzcmQg +Rmxvb3IsIDI2IE9mZmljZSBWaWxsYWdlMRowGAYDVQQKExFDT01PRE8gQ0EgTGlt +aXRlZDEaMBgGA1UECxMRQ29tb2RvIFByZW1pdW1TU0wxLDAqBgNVBAMTI2FkZHRy +dXN0ZXh0ZXJuYWxjYXJvb3QuY29tb2RvY2EuY29tMIIBIjANBgkqhkiG9w0BAQEF +AAOCAQ8AMIIBCgKCAQEAz5MM/mco91yFJNtF3t9c0x/bGds+zGAqJlHBXCR43og+ +3vgsBkCcn5M3PAqmL6XxilpsrEfS6RqtNcLfxwDyl7rr3qpJSM537Km1ZGOTHs0C +i0JA4YBZFOxBwPO2nHQGD+t9kJx3auFdBLnjJc5Q3jFUmnyJ8D2h3P9BrHgOoIbO +KYOUc/3zcqE6NttdbiuUMzlad8guhnXlWPCh2NJtNtMLDQxG7DWWDEm/Kt+CdKAR +jko6kEp7nqBKyujjJoGD2nEtEnuuqiB9n6sgSXR1NGtecJrW8IqIS7hkcsxhGTI9 +jnY73+NiMV3nglejkNseTUdcEi6L94EdifXuVLgEAwIDAQABo4IB1TCCAdEwHwYD +VR0jBBgwFoAUrb2YejS0Jvf6xCZU7wO94CTLVBowHQYDVR0OBBYEFDXpt6NocCrd +7XZ2MLUa116TIesKMA4GA1UdDwEB/wQEAwIFoDAMBgNVHRMBAf8EAjAAMB0GA1Ud +JQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjBGBgNVHSAEPzA9MDsGDCsGAQQBsjEB +AgEDBDArMCkGCCsGAQUFBwIBFh1odHRwczovL3NlY3VyZS5jb21vZG8ubmV0L0NQ +UzB7BgNVHR8EdDByMDigNqA0hjJodHRwOi8vY3JsLmNvbW9kb2NhLmNvbS9BZGRU +cnVzdEV4dGVybmFsQ0FSb290LmNybDA2oDSgMoYwaHR0cDovL2NybC5jb21vZG8u +bmV0L0FkZFRydXN0RXh0ZXJuYWxDQVJvb3QuY3JsMDQGCCsGAQUFBwEBBCgwJjAk +BggrBgEFBQcwAYYYaHR0cDovL29jc3AuY29tb2RvY2EuY29tMFcGA1UdEQRQME6C +I2FkZHRydXN0ZXh0ZXJuYWxjYXJvb3QuY29tb2RvY2EuY29tgid3d3cuYWRkdHJ1 +c3RleHRlcm5hbGNhcm9vdC5jb21vZG9jYS5jb20wDQYJKoZIhvcNAQEFBQADggEB +AF2TF6xg8ZoBICoiQvjD2Z0SKcJRw1Dhj3HpGzV9F+Y0e/MxCXhYA+340JZxnC2P +VA968QKFrNwDWiS9Klc+cs4k3HIeiZp3uHw1ezElqXXNa+S1CrSS03FqWeeugSrB +xpuXCWDJSfD4DJq835hlEuXgxmAjsbuRUjaq1lxwSWnNoBkfMCCAgVlHtFljTlqq +nwfBZcnj73+yiERgTvhN4gEL59ZzjFliKEUuXHZoe8klhn73cnY+XoRV0e7wU+Xj +PzLoAhjGkS35hfDQTHdCwNBaN3iI2Q+HBjhfffAYFdK+Jo3kSXq12s7CJD7utAho +xxRhA0l1ziJgrEubLi6ItNg= +-----END CERTIFICATE----- diff --git a/openssl-1.1.0h/test/ocsp-tests/ND3_Issuer_Root.pem b/openssl-1.1.0h/test/ocsp-tests/ND3_Issuer_Root.pem new file mode 100644 index 0000000..20585f1 --- /dev/null +++ b/openssl-1.1.0h/test/ocsp-tests/ND3_Issuer_Root.pem @@ -0,0 +1,25 @@ +-----BEGIN CERTIFICATE----- +MIIENjCCAx6gAwIBAgIBATANBgkqhkiG9w0BAQUFADBvMQswCQYDVQQGEwJTRTEU +MBIGA1UEChMLQWRkVHJ1c3QgQUIxJjAkBgNVBAsTHUFkZFRydXN0IEV4dGVybmFs +IFRUUCBOZXR3b3JrMSIwIAYDVQQDExlBZGRUcnVzdCBFeHRlcm5hbCBDQSBSb290 +MB4XDTAwMDUzMDEwNDgzOFoXDTIwMDUzMDEwNDgzOFowbzELMAkGA1UEBhMCU0Ux +FDASBgNVBAoTC0FkZFRydXN0IEFCMSYwJAYDVQQLEx1BZGRUcnVzdCBFeHRlcm5h +bCBUVFAgTmV0d29yazEiMCAGA1UEAxMZQWRkVHJ1c3QgRXh0ZXJuYWwgQ0EgUm9v +dDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALf3GjPm8gAELTngTlvt +H7xsD821+iO2zt6bETOXpClMfZOfvUq8k+0DGuOPz+VtUFrWlymUWoCwSXrbLpX9 +uMq/NzgtHj6RQa1wVsfwTz/oMp50ysiQVOnGXw94nZpAPA6sYapeFI+eh6FqUNzX +mk6vBbOmcZSccbNQYArHE504B4YCqOmoaSYYkKtMsE8jqzpPhNjfzp/haW+710LX +a0Tkx63ubUFfclpxCDezeWWkWaCUN/cALw3CknLa0Dhy2xSoRcRdKn23tNbE7qzN +E0S3ySvdQwAl+mG5aWpYIxG3pzOPVnVZ9c0p10a3CitlttNCbxWyuHv77+ldU9U0 +WicCAwEAAaOB3DCB2TAdBgNVHQ4EFgQUrb2YejS0Jvf6xCZU7wO94CTLVBowCwYD +VR0PBAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wgZkGA1UdIwSBkTCBjoAUrb2YejS0 +Jvf6xCZU7wO94CTLVBqhc6RxMG8xCzAJBgNVBAYTAlNFMRQwEgYDVQQKEwtBZGRU +cnVzdCBBQjEmMCQGA1UECxMdQWRkVHJ1c3QgRXh0ZXJuYWwgVFRQIE5ldHdvcmsx +IjAgBgNVBAMTGUFkZFRydXN0IEV4dGVybmFsIENBIFJvb3SCAQEwDQYJKoZIhvcN +AQEFBQADggEBALCb4IUlwtYj4g+WBpKdQZic2YR5gdkeWxQHIzZlj7DYd7usQWxH +YINRsPkyPef89iYTx4AWpb9a/IfPeHmJIZriTAcKhjW88t5RxNKWt9x+Tu5w/Rw5 +6wwCURQtjr0W4MHfRnXnJK3s9EK0hZNwEGe6nQY1ShjTK3rMUUKhemPR5ruhxSvC +Nr4TDea9Y355e6cJDUCrat2PisP29owaQgVR1EX1n6diIWgVIEM8med8vSTYqZEX +c4g/VhsxOBi0cQ+azcgOno4uG+GMmIPLHzHxREzGBHNJdmAPx/i9F4BrLunMTA5a +mnkPIAou1Z5jJh5VkpTYghdae9C8x49OhgQ= +-----END CERTIFICATE----- diff --git a/openssl-1.1.0h/test/ocsp-tests/WIKH_D1.ors b/openssl-1.1.0h/test/ocsp-tests/WIKH_D1.ors new file mode 100644 index 0000000..c8ce8d8 --- /dev/null +++ b/openssl-1.1.0h/test/ocsp-tests/WIKH_D1.ors @@ -0,0 +1,32 @@ +MIIFzwoBAKCCBcgwggXEBgkrBgEFBQcwAQEEggW1MIIFsTCBoKIWBBRf2uQDFpGg +Ywh4P1y2H9bZ2/BQNBgPMjAxMjEwMTExMzI5NDJaMHUwczBLMAkGBSsOAwIaBQAE +FKByDqBqfGICVPKo9Z3Se6Tzty+kBBSxsEr9HHUo+BxhqhP2+sGQPWsWowISESG8 +vx4IzALnkqQG05AvM+2bgAAYDzIwMTIxMDExMTAwMDAwWqARGA8yMDEyMTAxODEw +MDAwMFowCwYJKoZIhvcNAQEFA4IBAQCX3gEX+JVfxuYmxBBxC9sNCi3o76ODIicr +XMvm0DTO9VSyDBl7LDsMMgNMIDtO3flQSlBNZ2B9ikwyckXOSWXiXzybZVMdA/uq +NchgkM9aChrlhG0AHZyYe/+dJSmEBFXkIomy+S6YQ7Mcs2s6WxCeWU7gB4XOy1zO +/CvWjv0WQV1J2lZZ6pkvtECKAEjrVP275LA38HInFbYvVPXWzl4sDcX2TAxwUa4S +xAJAfwl+B+oZSerZWGRo6KjZuB/OB31cB5n/lABmRez6Obi27D0UUCRv/eSbwOF4 +Ofaa/XzJt7sF7WpVgoR41HI88W7aN4vtcw1zcVsBmfRMUNYZSqtfoIID+DCCA/Qw +ggPwMIIC2KADAgECAhIRISdENsrz1CSWG3VIBwfQERQwDQYJKoZIhvcNAQEFBQAw +WTELMAkGA1UEBhMCQkUxGTAXBgNVBAoTEEdsb2JhbFNpZ24gbnYtc2ExLzAtBgNV +BAMTJkdsb2JhbFNpZ24gRXh0ZW5kZWQgVmFsaWRhdGlvbiBDQSAtIEcyMB4XDTEy +MDkxOTA3NDA1MFoXDTEyMTIxOTA4NDA1MFowgYUxCzAJBgNVBAYTAkJFMRkwFwYD +VQQKExBHbG9iYWxTaWduIG52LXNhMUIwQAYDVQQDEzlHbG9iYWxTaWduIEV4dGVu +ZGVkIFZhbGlkYXRpb24gQ0EgLSBHMiBPQ1NQIHJlc3BvbmRlciAtIDIxFzAVBgNV +BAUTDjIwMTIwOTE5MDk0MDAwMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC +AQEAnCgMsBO+IxIqCnXCOfXJoIC3wj+f0s4DV9h2gJBzisWXkaJD2DfNrd0kHUXK +qVVPUxnA4G5iZu0Z385/KiOt1/P6vQ/Z2/AsEh/8Z/hIyeZCHL31wrSZW4yLeZwi +M76wPiBHJxPun681HQlVs/OGKSHnbHc1XJAIeA/M8u+lLWqIKB+AJ82TrOqUMj1s +LjGhQNs84xPliONN5K7DrEy+Y65X/rFxN77Smw+UtcH1GgH2NgaHH8dpt1m25sgm +UxZWhdx66opB/lbRQwWdGt7MC0kJFaWHDZq64DTuYoekFYSxAFu0nd0EekEHEJEi +9mquB9cv/96SuEJl8BcUWU/1LwIDAQABo4GEMIGBMAkGA1UdEwQCMAAwDgYDVR0P +AQH/BAQDAgeAMBMGA1UdJQQMMAoGCCsGAQUFBwMJMA8GCSsGAQUFBzABBQQCBQAw +HQYDVR0OBBYEFF/a5AMWkaBjCHg/XLYf1tnb8FA0MB8GA1UdIwQYMBaAFLCwSv0c +dSj4HGGqE/b6wZA9axajMA0GCSqGSIb3DQEBBQUAA4IBAQCKRl1iXFmOQtLseDWP +Y5icDDBGiRi17CGgvIzGJi/ha0PhbO+X0TmQIEnRX3Mu0Er/Mm4RZSjMtJ2iZRh3 +tGf4Dn+jKgKOmgXC3oOG/l8RPHLf0yaPSdn/z0TXtA30vTFBLlFeWnhbfhovea4+ +snPdBxLqWZdtxmiwojgqA7YATCWwavizrBr09YRyDwzgtpZ2BwMruGuFuV9FsEwL +PCM53yFlrM32oFghyfyE5kYjgnnueKM+pw1kA0jgb1CnVJRrMEN1TXuXDAZLtHKG +5X/drah1JtkoZhCzxzZ3bYdVDQJ90OHFqM58lwGD6z3XuPKrHDKZKt+CPIsl5g7p +4J2l diff --git a/openssl-1.1.0h/test/ocsp-tests/WIKH_D2.ors b/openssl-1.1.0h/test/ocsp-tests/WIKH_D2.ors new file mode 100644 index 0000000..1d562fa --- /dev/null +++ b/openssl-1.1.0h/test/ocsp-tests/WIKH_D2.ors @@ -0,0 +1,32 @@ +MIIF4AoBAKCCBdkwggXVBgkrBgEFBQcwAQEEggXGMIIFwjCBmaIWBBTqlwecTarB +yVdbHxANRLCFYj1mqBgPMjAxMjEwMTExMzMwMTBaMG4wbDBEMAkGBSsOAwIaBQAE +FLdXtbacB/gWIxOOkMkqDr4yAaoxBBRhe2YaRQ2XyolQL30EzTSo//z9SwILBAAA +AAABL07hRxCAABgPMjAxMjEwMDEwNjAwMDBaoBEYDzIwMTMwNDE1MDYwMDAwWjAL +BgkqhkiG9w0BAQUDggEBAA0H7bvcULg1GayFtQVrYDyW0feOEMNGLmgaGuwRdrY3 +KuWyNJLUUJKQZnOkdT8A4RpVX8xD4EgVyOqRACUahgdgp0g3QOn+vf2Zyf+NJIgW +woF5qaJgCOeIOw5O6F4r1vUhp8NvqXHotswgG58Nzz6UMD+uyIgq5o8uzOjryEm6 +wO2X+KvN9sMzkeZhNvAHkgBQL8CG4CggWnzn7At1DmhhsizfhDrosigM4Zr6Sm6z +v1YfSPznD0b3TQ7RzvpbJPofF2aJXMIMxdKR5pemuevTDR2+JCXjVPsD/ZODFykc +rsQeqx2vTOIg84PRKboXjCAwHn4rIN7JJtQqebLtD9egggQQMIIEDDCCBAgwggLw +oAMCAQICCwQAAAAAAThXovYBMA0GCSqGSIb3DQEBBQUAMFcxCzAJBgNVBAYTAkJF +MRkwFwYDVQQKExBHbG9iYWxTaWduIG52LXNhMRAwDgYDVQQLEwdSb290IENBMRsw +GQYDVQQDExJHbG9iYWxTaWduIFJvb3QgQ0EwHhcNMTIwNzA1MTgwMDAwWhcNMTMw +NzA1MTgwMDAwWjBZMQswCQYDVQQGEwJCRTEZMBcGA1UEChMQR2xvYmFsU2lnbiBu +di1zYTEvMC0GA1UEAxMmR2xvYmFsU2lnbiBPQ1NQIGZvciBSb290IFIxIC0gQnJh +bmNoIDEwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDP2QF8p0+Fb7ID +MwwD1gEr2oazjqbW28EZr3YEyMPk+7VFaGePSO1xjBGIE48Q7m7d6p6ZXCzlBZEi +oudrHSr3WDqdIVKLDrZIDkgEgdjJE72Hq6Pf5CEGXyebbODm4sV96EfewSvOOYLL +866g3aoVhLDK02ny+Q5OsokW7nhnmGMMh10tZqR5VmdQTiw8MgeqUxBEaEO4WH2J +ltgSsgNJBNBYuDgnn5ryzVqhvmCJvYZMYeN6qZFKy1MgHcR+wEpGLPlRL4ttu6e5 +MJrVta7dVFobHUHoFog97LtQT1PY0Ubaihswjge5O04bYeCrgSSjr1e4xH/KDxRw +yyhoscaFAgMBAAGjgdIwgc8wDgYDVR0PAQH/BAQDAgeAMB0GA1UdDgQWBBTqlwec +TarByVdbHxANRLCFYj1mqDBMBgNVHSAERTBDMEEGCSsGAQQBoDIBXzA0MDIGCCsG +AQUFBwIBFiZodHRwczovL3d3dy5nbG9iYWxzaWduLmNvbS9yZXBvc2l0b3J5LzAJ +BgNVHRMEAjAAMBMGA1UdJQQMMAoGCCsGAQUFBwMJMB8GA1UdIwQYMBaAFGB7ZhpF +DZfKiVAvfQTNNKj//P1LMA8GCSsGAQUFBzABBQQCBQAwDQYJKoZIhvcNAQEFBQAD +ggEBAHiC6N1uF29d7CmiVapA8Nr1xLSVeIkBd4A8yHsUTQ7ATI7bwT14QUV4awe7 +8cvmO5ZND8YG1ViwN162WFm9ivSoWBzvWDbU2JhQFb+XzrzCcdn0YbNiTxJh/vYm +uDuxto00dpBgujSOAQv8B90iDEJ+sZpYRzDRj62qStRey0zpq5eX+pA+gdppMUFb +4QvJf0El8TbLCWLN4TjrFe6ju7ZaN9zmgVYGQ2fMHKIGNScLuIA950nYwzRkIfHa +YW6HqP1rCR1EiYmstEeCQyDxJx+RUlh+q8L1BKzaMYhS6s63MZzQuGseYStaCmbC +fBIRKjnK621vAWvc7UR+0hqnZ+U= diff --git a/openssl-1.1.0h/test/ocsp-tests/WIKH_D3.ors b/openssl-1.1.0h/test/ocsp-tests/WIKH_D3.ors new file mode 100644 index 0000000..cbac8e8 --- /dev/null +++ b/openssl-1.1.0h/test/ocsp-tests/WIKH_D3.ors @@ -0,0 +1,38 @@ +MIIG8AoBAKCCBukwggblBgkrBgEFBQcwAQEEggbWMIIG0jCB+aF+MHwxCzAJBgNV +BAYTAkFVMQwwCgYDVQQIEwNOU1cxDzANBgNVBAcTBlN5ZG5leTEUMBIGA1UEChML +Q0FjZXJ0IEluYy4xHjAcBgNVBAsTFVNlcnZlciBBZG1pbmlzdHJhdGlvbjEYMBYG +A1UEAxMPb2NzcC5jYWNlcnQub3JnGA8yMDEyMTAxMTE0MDYzNlowZjBkMDwwCQYF +Kw4DAhoFAAQUi6TJyxcpGUU+u45zCZG5JfKDImUEFBe1MhvUx/Pg5o7zvdKwOu6y +ORjRAgMLs8aAABgPMjAxMjEwMTExMzU4MTBaoBEYDzIwMTIxMDEzMTQwNjM2WjAN +BgkqhkiG9w0BAQUFAAOCAQEAjcryO6FUK5+TcPBxJKixVt9q07Xy3qv1e/VFuJ0f +tnYDcu83Q5yCta49PXaA13nFDFZ445wCDivDBLolS6JKSh+JrLpAxSBzak7Ps8wz +DPNAtexZz9/hPPzHnGOMlRtew07jk+NX5ZgCxDZGmBHIHOGyab2WoqmpRTll0oP4 +b/DzI3mzrur5lm2NAT3ZJ8bVaWsAJBVTfUye3S4GRWlfGSRVAMk0QHnCkYP42okc +psIKbvdIoS2gxo6kBTMevxciPV2lPIiSrIWH0IGm7AqGM5+Vz7IdbD6fOQd1I3uw +O+1NugMYfScB6jCvSW2uESeRZ+qW/HMXQbU1eiH+x88UIKCCBL4wggS6MIIEtjCC +Ap6gAwIBAgIDCpvzMA0GCSqGSIb3DQEBBQUAMHkxEDAOBgNVBAoTB1Jvb3QgQ0Ex +HjAcBgNVBAsTFWh0dHA6Ly93d3cuY2FjZXJ0Lm9yZzEiMCAGA1UEAxMZQ0EgQ2Vy +dCBTaWduaW5nIEF1dGhvcml0eTEhMB8GCSqGSIb3DQEJARYSc3VwcG9ydEBjYWNl +cnQub3JnMB4XDTExMDgyMzAwMDI1NloXDTEzMDgyMjAwMDI1NlowfDELMAkGA1UE +BhMCQVUxDDAKBgNVBAgTA05TVzEPMA0GA1UEBxMGU3lkbmV5MRQwEgYDVQQKEwtD +QWNlcnQgSW5jLjEeMBwGA1UECxMVU2VydmVyIEFkbWluaXN0cmF0aW9uMRgwFgYD +VQQDEw9vY3NwLmNhY2VydC5vcmcwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK +AoIBAQCcxtRv5CPHw3BLdR/k/K72YsRgodbP+UdAONmvBvWzhwm6B8h6O+M64sFr +2w6be7SYBECIyOQgNJ1flK4MoAWhdBA/H5NtxaDOKbAqA27tO9GaevcPp7c518O0 +3hVnlPLvsN1f48nY0jQOXUTfv5nYXmD0OSSK/V3IRo0KsWB6T9UnMGCeEwb4Oqqz +uzM0b4SBflzMEony/m6Tg/qL7qs2TLZAqe77+BZaVdFkDUnaBN7RyMruXySxeXiz +mogT3WhROeloMa/X+E01bWBYBEK7VZIY9pgBpXQ7vDbbIGgYuIXUi20wh03WMy16 +VDYdV0IUXHpidNUeK9W/BPP/7APBAgMBAAGjRDBCMAwGA1UdEwEB/wQCMAAwJwYD +VR0lBCAwHgYIKwYBBQUHAwIGCCsGAQUFBwMBBggrBgEFBQcDCTAJBgNVHREEAjAA +MA0GCSqGSIb3DQEBBQUAA4ICAQAoT6p5f3cGprAcgrnzdenfTmDe9LCW7k2VnazA +MAzpsD6gXcSlo4+3hoHem/SpKRH2tqi34DmImCiv/S6fxsKM4Gfn5rlkAFviuTvS +r5Zrwh4ZKSfaoWv4bmbzmcAxvuxdMWHf/5PbjegjzFTbBMekVPZY/abYtD6kdHQZ +VNgzwZVfTBfYhfa+Rg72I2zjKpMsjxMqWfTmUzW6wfK6LFudZqu0U1NnJw+IlnVU +6WtjL885ebQrmcRqWz3nMhVLIu5L3w/s+VTLvm7If6jcMDNUjz8s2BPcJeCXg3TE +STsyl6tvk17RRz2+9JskxVOk11xIn96xR4FCERIid2ek9z1xi7oYOajQF50i/9Gj +ReDEfRSyb4/LzoKDOY+h4Q6jryeHh7WIHFiK5qrBN2y8qOoRJ/OqQnqci/BJBNpe +g9Q9PJRgGSzRndTXNHiYRbeLpq7eGo3sPqlR9qBQ3rd98XGOU0RCMnzjKhENC3qo +5PkSF2xs8RmjWktFSTDwjYo0qf1teo7CGHjgaPjQ7JE8Q4ysFOQndSWmLpqwDcI9 +HfIvPwUIWArQrJRh9LCNSyvHVgLqY9kw8NW4TlMxV2WqaYCkiKi3XVRrSFR3ahS1 +VBvRZ8KpplrV7rhXjVSSqqfLk1sX3l72Ck2F9ON+qbNFmvhgNjSiBY9neMgo804a +wG/pag== diff --git a/openssl-1.1.0h/test/ocsp-tests/WIKH_ND1.ors b/openssl-1.1.0h/test/ocsp-tests/WIKH_ND1.ors new file mode 100644 index 0000000..a16476f --- /dev/null +++ b/openssl-1.1.0h/test/ocsp-tests/WIKH_ND1.ors @@ -0,0 +1,10 @@ +MIIB0woBAKCCAcwwggHIBgkrBgEFBQcwAQEEggG5MIIBtTCBnqIWBBSIRFH/UCpp +Xi2I9CG62QzyzsvqfBgPMjAxMjEwMTEwODQxMTNaMHMwcTBJMAkGBSsOAwIaBQAE +FEi2DTgjjfhFbk7lhD6jlBEYApefBBSJRFH/UCppXi2I9CG62QzyzsvqfAIQIuEz +IiCgSN8psr+aMcKbB4AAGA8yMDEyMTAxMTA4NDExM1qgERgPMjAxMjEwMTUwODQx +MTNaMA0GCSqGSIb3DQEBBQUAA4IBAQCNnhlBMxxh9z5AKfzAxiKs90CfxUsqfYfk +8XlyF9VIfWRfEwzS6MF1pEzLnghRxTAmjrFgK+sxD9wk+S5Mdgw3nbED9DVFH2Hs +RGKm/t9wkvrYOX6yRQqw6uRvU/5cibMjcyzKB/VQMwk4p4FwSUgBv88A5sTkKr2V +eYdEm34hg2TZVkipPMBiyTyBLXs8D/9oALtnczg4xlTRSjDUvqoXL5haqY4QK2Pv +mNwna6ACkwLmSuMe29UQ8IX2PUB4R5Etni5czyiKGxZLm+4NAhuEwWFNEzCyImPc +087gHGU1zx+qVSlajqMJ/9ZXYjbt7WiWdhOTGEv4VMn8dHhRUs32 diff --git a/openssl-1.1.0h/test/ocsp-tests/WIKH_ND2.ors b/openssl-1.1.0h/test/ocsp-tests/WIKH_ND2.ors new file mode 100644 index 0000000..5aff2ab --- /dev/null +++ b/openssl-1.1.0h/test/ocsp-tests/WIKH_ND2.ors @@ -0,0 +1,10 @@ +MIIB0woBAKCCAcwwggHIBgkrBgEFBQcwAQEEggG5MIIBtTCBnqIWBBQLWOWLxkwV +N6RAqTCpIb5HNlpW/xgPMjAxMjEwMTAyMzAzMTlaMHMwcTBJMAkGBSsOAwIaBQAE +FOy+ZAvtiWulchtVZmfKU1ZI9ewTBBQMWOWLxkwVN6RAqTCpIb5HNlpW/wIQEaO0 +0OyNt3+doM1dLVEvQoAAGA8yMDEyMTAxMDIzMDMxOVqgERgPMjAxMjEwMTQyMzAz +MTlaMA0GCSqGSIb3DQEBBQUAA4IBAQCHn2nGfEUX/EJruMkTgh7GgB0u9cpAepaD +sPv9gtl3KLUZyR+NbGMIa5/bpoJp0yg1z5VL6CLMusy3AF6Cn2fyaioDxG+yc+gA +PcPFdEqiIMr+TP8s7qcEiE6WZddSSCqCn90VZSCWkpDhnCjDRwJLBBPU3803fdMz +oguvyr7y6Koxik8X/iUe8EpSzAvmm4GZL3veTI+x7IezJSrhCS9zM0ZHjySjoDxC ++ljGH0EuWPTmFEqZVGIq3cuahIYzKItUbYnXU6ipi/2p42qbsFeok7eEN0EYsY1a +vRATHGRmU7Q5HLCq4rQtZC1cis52Mvc9x1W4z/Gt5A3FtgElXXNA diff --git a/openssl-1.1.0h/test/ocsp-tests/WIKH_ND3.ors b/openssl-1.1.0h/test/ocsp-tests/WIKH_ND3.ors new file mode 100644 index 0000000..4f8a6ea --- /dev/null +++ b/openssl-1.1.0h/test/ocsp-tests/WIKH_ND3.ors @@ -0,0 +1,10 @@ +MIIB1AoBAKCCAc0wggHJBgkrBgEFBQcwAQEEggG6MIIBtjCBn6IWBBStvZh6NLQm +9/rEJlTvA73gJMtUGhgPMjAxMjEwMTExMTM2NDdaMHQwcjBKMAkGBSsOAwIaBQAE +FHyxZlScq9tE7mImFq30ZXv3etWUBBSuvZh6NLQm9/rEJlTvA73gJMtUGgIRAKcN +bJWejX5BTb8DmevkCauAABgPMjAxMjEwMTExMTM2NDdaoBEYDzIwMTIxMDE1MTEz +NjQ3WjANBgkqhkiG9w0BAQUFAAOCAQEAfnj3nh6z+USW6VlDWRytWpNmC1ZRwWlg +P2+G4UF4HE8bMJkuiFLcZEVYTxlTYv+xAEpSFxdInFM2Q5C+O6pWOZ9NbikeR4oZ +FTI1kAZ0Uw+YMpVM4ztvKBIpUSqlbi69iNJ9WGF6qzxVeqobSOyrjjwtTsuglUbR ++mshp/SP7Br2IIK+KM1vgsmVExPfGPYANyk7ki/Q8uUnjqkreeSa9WC2iJLGcybW +YavDhYWALebUGukNeedkloYhdjPboPPxDkKNjakwIG8EkbJK7uXewMOHHOFvFTX3 +K388me8u5iQf4f3fj6ilEgs6f5Szzmb+vklPX0zIny/TVk2+Az7HmA== diff --git a/openssl-1.1.0h/test/ocsp-tests/WINH_D1.ors b/openssl-1.1.0h/test/ocsp-tests/WINH_D1.ors new file mode 100644 index 0000000..ed627ba --- /dev/null +++ b/openssl-1.1.0h/test/ocsp-tests/WINH_D1.ors @@ -0,0 +1,32 @@ +MIIFzwoBAKCCBcgwggXEBgkrBgEFBQcwAQEEggW1MIIFsTCBoKIWBBRf2uQDFpGg +Ywh4P1y2H9bZ2/BQNBgPMjAxMjEwMTExMzI5NDJaMHUwczBLMAkGBSsOAwIaBQAE +FKFyDqBqfGICVPKo9Z3Se6Tzty+kBBSwsEr9HHUo+BxhqhP2+sGQPWsWowISESG8 +vx4IzALnkqQG05AvM+2bgAAYDzIwMTIxMDExMTAwMDAwWqARGA8yMDEyMTAxODEw +MDAwMFowCwYJKoZIhvcNAQEFA4IBAQCX3gEX+JVfxuYmxBBxC9sNCi3o76ODIicr +XMvm0DTO9VSyDBl7LDsMMgNMIDtO3flQSlBNZ2B9ikwyckXOSWXiXzybZVMdA/uq +NchgkM9aChrlhG0AHZyYe/+dJSmEBFXkIomy+S6YQ7Mcs2s6WxCeWU7gB4XOy1zO +/CvWjv0WQV1J2lZZ6pkvtECKAEjrVP275LA38HInFbYvVPXWzl4sDcX2TAxwUa4S +xAJAfwl+B+oZSerZWGRo6KjZuB/OB31cB5n/lABmRez6Obi27D0UUCRv/eSbwOF4 +Ofaa/XzJt7sF7WpVgoR41HI88W7aN4vtcw1zcVsBmfRMUNYZSqtfoIID+DCCA/Qw +ggPwMIIC2KADAgECAhIRISdENsrz1CSWG3VIBwfQERQwDQYJKoZIhvcNAQEFBQAw +WTELMAkGA1UEBhMCQkUxGTAXBgNVBAoTEEdsb2JhbFNpZ24gbnYtc2ExLzAtBgNV +BAMTJkdsb2JhbFNpZ24gRXh0ZW5kZWQgVmFsaWRhdGlvbiBDQSAtIEcyMB4XDTEy +MDkxOTA3NDA1MFoXDTEyMTIxOTA4NDA1MFowgYUxCzAJBgNVBAYTAkJFMRkwFwYD +VQQKExBHbG9iYWxTaWduIG52LXNhMUIwQAYDVQQDEzlHbG9iYWxTaWduIEV4dGVu +ZGVkIFZhbGlkYXRpb24gQ0EgLSBHMiBPQ1NQIHJlc3BvbmRlciAtIDIxFzAVBgNV +BAUTDjIwMTIwOTE5MDk0MDAwMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC +AQEAnCgMsBO+IxIqCnXCOfXJoIC3wj+f0s4DV9h2gJBzisWXkaJD2DfNrd0kHUXK +qVVPUxnA4G5iZu0Z385/KiOt1/P6vQ/Z2/AsEh/8Z/hIyeZCHL31wrSZW4yLeZwi +M76wPiBHJxPun681HQlVs/OGKSHnbHc1XJAIeA/M8u+lLWqIKB+AJ82TrOqUMj1s +LjGhQNs84xPliONN5K7DrEy+Y65X/rFxN77Smw+UtcH1GgH2NgaHH8dpt1m25sgm +UxZWhdx66opB/lbRQwWdGt7MC0kJFaWHDZq64DTuYoekFYSxAFu0nd0EekEHEJEi +9mquB9cv/96SuEJl8BcUWU/1LwIDAQABo4GEMIGBMAkGA1UdEwQCMAAwDgYDVR0P +AQH/BAQDAgeAMBMGA1UdJQQMMAoGCCsGAQUFBwMJMA8GCSsGAQUFBzABBQQCBQAw +HQYDVR0OBBYEFF/a5AMWkaBjCHg/XLYf1tnb8FA0MB8GA1UdIwQYMBaAFLCwSv0c +dSj4HGGqE/b6wZA9axajMA0GCSqGSIb3DQEBBQUAA4IBAQCKRl1iXFmOQtLseDWP +Y5icDDBGiRi17CGgvIzGJi/ha0PhbO+X0TmQIEnRX3Mu0Er/Mm4RZSjMtJ2iZRh3 +tGf4Dn+jKgKOmgXC3oOG/l8RPHLf0yaPSdn/z0TXtA30vTFBLlFeWnhbfhovea4+ +snPdBxLqWZdtxmiwojgqA7YATCWwavizrBr09YRyDwzgtpZ2BwMruGuFuV9FsEwL +PCM53yFlrM32oFghyfyE5kYjgnnueKM+pw1kA0jgb1CnVJRrMEN1TXuXDAZLtHKG +5X/drah1JtkoZhCzxzZ3bYdVDQJ90OHFqM58lwGD6z3XuPKrHDKZKt+CPIsl5g7p +4J2l diff --git a/openssl-1.1.0h/test/ocsp-tests/WINH_D2.ors b/openssl-1.1.0h/test/ocsp-tests/WINH_D2.ors new file mode 100644 index 0000000..b89fcf8 --- /dev/null +++ b/openssl-1.1.0h/test/ocsp-tests/WINH_D2.ors @@ -0,0 +1,32 @@ +MIIF4AoBAKCCBdkwggXVBgkrBgEFBQcwAQEEggXGMIIFwjCBmaIWBBTqlwecTarB +yVdbHxANRLCFYj1mqBgPMjAxMjEwMTExMzMwMTBaMG4wbDBEMAkGBSsOAwIaBQAE +FLhXtbacB/gWIxOOkMkqDr4yAaoxBBRge2YaRQ2XyolQL30EzTSo//z9SwILBAAA +AAABL07hRxCAABgPMjAxMjEwMDEwNjAwMDBaoBEYDzIwMTMwNDE1MDYwMDAwWjAL +BgkqhkiG9w0BAQUDggEBAA0H7bvcULg1GayFtQVrYDyW0feOEMNGLmgaGuwRdrY3 +KuWyNJLUUJKQZnOkdT8A4RpVX8xD4EgVyOqRACUahgdgp0g3QOn+vf2Zyf+NJIgW +woF5qaJgCOeIOw5O6F4r1vUhp8NvqXHotswgG58Nzz6UMD+uyIgq5o8uzOjryEm6 +wO2X+KvN9sMzkeZhNvAHkgBQL8CG4CggWnzn7At1DmhhsizfhDrosigM4Zr6Sm6z +v1YfSPznD0b3TQ7RzvpbJPofF2aJXMIMxdKR5pemuevTDR2+JCXjVPsD/ZODFykc +rsQeqx2vTOIg84PRKboXjCAwHn4rIN7JJtQqebLtD9egggQQMIIEDDCCBAgwggLw +oAMCAQICCwQAAAAAAThXovYBMA0GCSqGSIb3DQEBBQUAMFcxCzAJBgNVBAYTAkJF +MRkwFwYDVQQKExBHbG9iYWxTaWduIG52LXNhMRAwDgYDVQQLEwdSb290IENBMRsw +GQYDVQQDExJHbG9iYWxTaWduIFJvb3QgQ0EwHhcNMTIwNzA1MTgwMDAwWhcNMTMw +NzA1MTgwMDAwWjBZMQswCQYDVQQGEwJCRTEZMBcGA1UEChMQR2xvYmFsU2lnbiBu +di1zYTEvMC0GA1UEAxMmR2xvYmFsU2lnbiBPQ1NQIGZvciBSb290IFIxIC0gQnJh +bmNoIDEwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDP2QF8p0+Fb7ID +MwwD1gEr2oazjqbW28EZr3YEyMPk+7VFaGePSO1xjBGIE48Q7m7d6p6ZXCzlBZEi +oudrHSr3WDqdIVKLDrZIDkgEgdjJE72Hq6Pf5CEGXyebbODm4sV96EfewSvOOYLL +866g3aoVhLDK02ny+Q5OsokW7nhnmGMMh10tZqR5VmdQTiw8MgeqUxBEaEO4WH2J +ltgSsgNJBNBYuDgnn5ryzVqhvmCJvYZMYeN6qZFKy1MgHcR+wEpGLPlRL4ttu6e5 +MJrVta7dVFobHUHoFog97LtQT1PY0Ubaihswjge5O04bYeCrgSSjr1e4xH/KDxRw +yyhoscaFAgMBAAGjgdIwgc8wDgYDVR0PAQH/BAQDAgeAMB0GA1UdDgQWBBTqlwec +TarByVdbHxANRLCFYj1mqDBMBgNVHSAERTBDMEEGCSsGAQQBoDIBXzA0MDIGCCsG +AQUFBwIBFiZodHRwczovL3d3dy5nbG9iYWxzaWduLmNvbS9yZXBvc2l0b3J5LzAJ +BgNVHRMEAjAAMBMGA1UdJQQMMAoGCCsGAQUFBwMJMB8GA1UdIwQYMBaAFGB7ZhpF +DZfKiVAvfQTNNKj//P1LMA8GCSsGAQUFBzABBQQCBQAwDQYJKoZIhvcNAQEFBQAD +ggEBAHiC6N1uF29d7CmiVapA8Nr1xLSVeIkBd4A8yHsUTQ7ATI7bwT14QUV4awe7 +8cvmO5ZND8YG1ViwN162WFm9ivSoWBzvWDbU2JhQFb+XzrzCcdn0YbNiTxJh/vYm +uDuxto00dpBgujSOAQv8B90iDEJ+sZpYRzDRj62qStRey0zpq5eX+pA+gdppMUFb +4QvJf0El8TbLCWLN4TjrFe6ju7ZaN9zmgVYGQ2fMHKIGNScLuIA950nYwzRkIfHa +YW6HqP1rCR1EiYmstEeCQyDxJx+RUlh+q8L1BKzaMYhS6s63MZzQuGseYStaCmbC +fBIRKjnK621vAWvc7UR+0hqnZ+U= diff --git a/openssl-1.1.0h/test/ocsp-tests/WINH_D3.ors b/openssl-1.1.0h/test/ocsp-tests/WINH_D3.ors new file mode 100644 index 0000000..c3d7c94 --- /dev/null +++ b/openssl-1.1.0h/test/ocsp-tests/WINH_D3.ors @@ -0,0 +1,38 @@ +MIIG8AoBAKCCBukwggblBgkrBgEFBQcwAQEEggbWMIIG0jCB+aF+MHwxCzAJBgNV +BAYTAkFVMQwwCgYDVQQIEwNOU1cxDzANBgNVBAcTBlN5ZG5leTEUMBIGA1UEChML +Q0FjZXJ0IEluYy4xHjAcBgNVBAsTFVNlcnZlciBBZG1pbmlzdHJhdGlvbjEYMBYG +A1UEAxMPb2NzcC5jYWNlcnQub3JnGA8yMDEyMTAxMTE0MzkxOFowZjBkMDwwCQYF +Kw4DAhoFAAQUjKTJyxcpGUU+u45zCZG5JfKDImUEFBa1MhvUx/Pg5o7zvdKwOu6y +ORjRAgMLs8aAABgPMjAxMjEwMTExNDIzMjVaoBEYDzIwMTIxMDEzMTQzOTE4WjAN +BgkqhkiG9w0BAQUFAAOCAQEAgdrf+v+BwEhG0ghTLMVmuxWprJr/9VFtpKpxQrTo +egSoW+5JOPCUAStfw3R3u7QM8sJf9bnPorgoCoY1hPKcWNLhvf1Ng3QlVkNa6NcO +EonbuI4KE9Rhoflpf//pD/3AFKzU+ecRs04KtYezKrUvC1RayGabd7bgtIpdFss4 +ZCZ22riqjFtqD3+2//AHg7VaqiJMKlRt05CMmGe+HKn5PEN9HaeI52nsTf+L1Jeh +ItnaDPfV76vFHHXyUhR3iIgnqQDCig0q3yj7BQqH50+K+myiMAY+p8cuVqebno1i +BzXxxpZl/fw1KnTFdEa7p2jtmXw3KZiHAWAddwg1F1tHTaCCBL4wggS6MIIEtjCC +Ap6gAwIBAgIDCpvzMA0GCSqGSIb3DQEBBQUAMHkxEDAOBgNVBAoTB1Jvb3QgQ0Ex +HjAcBgNVBAsTFWh0dHA6Ly93d3cuY2FjZXJ0Lm9yZzEiMCAGA1UEAxMZQ0EgQ2Vy +dCBTaWduaW5nIEF1dGhvcml0eTEhMB8GCSqGSIb3DQEJARYSc3VwcG9ydEBjYWNl +cnQub3JnMB4XDTExMDgyMzAwMDI1NloXDTEzMDgyMjAwMDI1NlowfDELMAkGA1UE +BhMCQVUxDDAKBgNVBAgTA05TVzEPMA0GA1UEBxMGU3lkbmV5MRQwEgYDVQQKEwtD +QWNlcnQgSW5jLjEeMBwGA1UECxMVU2VydmVyIEFkbWluaXN0cmF0aW9uMRgwFgYD +VQQDEw9vY3NwLmNhY2VydC5vcmcwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK +AoIBAQCcxtRv5CPHw3BLdR/k/K72YsRgodbP+UdAONmvBvWzhwm6B8h6O+M64sFr +2w6be7SYBECIyOQgNJ1flK4MoAWhdBA/H5NtxaDOKbAqA27tO9GaevcPp7c518O0 +3hVnlPLvsN1f48nY0jQOXUTfv5nYXmD0OSSK/V3IRo0KsWB6T9UnMGCeEwb4Oqqz +uzM0b4SBflzMEony/m6Tg/qL7qs2TLZAqe77+BZaVdFkDUnaBN7RyMruXySxeXiz +mogT3WhROeloMa/X+E01bWBYBEK7VZIY9pgBpXQ7vDbbIGgYuIXUi20wh03WMy16 +VDYdV0IUXHpidNUeK9W/BPP/7APBAgMBAAGjRDBCMAwGA1UdEwEB/wQCMAAwJwYD +VR0lBCAwHgYIKwYBBQUHAwIGCCsGAQUFBwMBBggrBgEFBQcDCTAJBgNVHREEAjAA +MA0GCSqGSIb3DQEBBQUAA4ICAQAoT6p5f3cGprAcgrnzdenfTmDe9LCW7k2VnazA +MAzpsD6gXcSlo4+3hoHem/SpKRH2tqi34DmImCiv/S6fxsKM4Gfn5rlkAFviuTvS +r5Zrwh4ZKSfaoWv4bmbzmcAxvuxdMWHf/5PbjegjzFTbBMekVPZY/abYtD6kdHQZ +VNgzwZVfTBfYhfa+Rg72I2zjKpMsjxMqWfTmUzW6wfK6LFudZqu0U1NnJw+IlnVU +6WtjL885ebQrmcRqWz3nMhVLIu5L3w/s+VTLvm7If6jcMDNUjz8s2BPcJeCXg3TE +STsyl6tvk17RRz2+9JskxVOk11xIn96xR4FCERIid2ek9z1xi7oYOajQF50i/9Gj +ReDEfRSyb4/LzoKDOY+h4Q6jryeHh7WIHFiK5qrBN2y8qOoRJ/OqQnqci/BJBNpe +g9Q9PJRgGSzRndTXNHiYRbeLpq7eGo3sPqlR9qBQ3rd98XGOU0RCMnzjKhENC3qo +5PkSF2xs8RmjWktFSTDwjYo0qf1teo7CGHjgaPjQ7JE8Q4ysFOQndSWmLpqwDcI9 +HfIvPwUIWArQrJRh9LCNSyvHVgLqY9kw8NW4TlMxV2WqaYCkiKi3XVRrSFR3ahS1 +VBvRZ8KpplrV7rhXjVSSqqfLk1sX3l72Ck2F9ON+qbNFmvhgNjSiBY9neMgo804a +wG/pag== diff --git a/openssl-1.1.0h/test/ocsp-tests/WINH_ND1.ors b/openssl-1.1.0h/test/ocsp-tests/WINH_ND1.ors new file mode 100644 index 0000000..af47552 --- /dev/null +++ b/openssl-1.1.0h/test/ocsp-tests/WINH_ND1.ors @@ -0,0 +1,10 @@ +MIIB0woBAKCCAcwwggHIBgkrBgEFBQcwAQEEggG5MIIBtTCBnqIWBBSIRFH/UCpp +Xi2I9CG62QzyzsvqfBgPMjAxMjEwMTEwODQxMTNaMHMwcTBJMAkGBSsOAwIaBQAE +FEm2DTgjjfhFbk7lhD6jlBEYApefBBSIRFH/UCppXi2I9CG62QzyzsvqfAIQIuEz +IiCgSN8psr+aMcKbB4AAGA8yMDEyMTAxMTA4NDExM1qgERgPMjAxMjEwMTUwODQx +MTNaMA0GCSqGSIb3DQEBBQUAA4IBAQCNnhlBMxxh9z5AKfzAxiKs90CfxUsqfYfk +8XlyF9VIfWRfEwzS6MF1pEzLnghRxTAmjrFgK+sxD9wk+S5Mdgw3nbED9DVFH2Hs +RGKm/t9wkvrYOX6yRQqw6uRvU/5cibMjcyzKB/VQMwk4p4FwSUgBv88A5sTkKr2V +eYdEm34hg2TZVkipPMBiyTyBLXs8D/9oALtnczg4xlTRSjDUvqoXL5haqY4QK2Pv +mNwna6ACkwLmSuMe29UQ8IX2PUB4R5Etni5czyiKGxZLm+4NAhuEwWFNEzCyImPc +087gHGU1zx+qVSlajqMJ/9ZXYjbt7WiWdhOTGEv4VMn8dHhRUs32 diff --git a/openssl-1.1.0h/test/ocsp-tests/WINH_ND2.ors b/openssl-1.1.0h/test/ocsp-tests/WINH_ND2.ors new file mode 100644 index 0000000..99417f7 --- /dev/null +++ b/openssl-1.1.0h/test/ocsp-tests/WINH_ND2.ors @@ -0,0 +1,10 @@ +MIIB0woBAKCCAcwwggHIBgkrBgEFBQcwAQEEggG5MIIBtTCBnqIWBBQLWOWLxkwV +N6RAqTCpIb5HNlpW/xgPMjAxMjEwMTAyMzAzMTlaMHMwcTBJMAkGBSsOAwIaBQAE +FO2+ZAvtiWulchtVZmfKU1ZI9ewTBBQLWOWLxkwVN6RAqTCpIb5HNlpW/wIQEaO0 +0OyNt3+doM1dLVEvQoAAGA8yMDEyMTAxMDIzMDMxOVqgERgPMjAxMjEwMTQyMzAz +MTlaMA0GCSqGSIb3DQEBBQUAA4IBAQCHn2nGfEUX/EJruMkTgh7GgB0u9cpAepaD +sPv9gtl3KLUZyR+NbGMIa5/bpoJp0yg1z5VL6CLMusy3AF6Cn2fyaioDxG+yc+gA +PcPFdEqiIMr+TP8s7qcEiE6WZddSSCqCn90VZSCWkpDhnCjDRwJLBBPU3803fdMz +oguvyr7y6Koxik8X/iUe8EpSzAvmm4GZL3veTI+x7IezJSrhCS9zM0ZHjySjoDxC ++ljGH0EuWPTmFEqZVGIq3cuahIYzKItUbYnXU6ipi/2p42qbsFeok7eEN0EYsY1a +vRATHGRmU7Q5HLCq4rQtZC1cis52Mvc9x1W4z/Gt5A3FtgElXXNA diff --git a/openssl-1.1.0h/test/ocsp-tests/WINH_ND3.ors b/openssl-1.1.0h/test/ocsp-tests/WINH_ND3.ors new file mode 100644 index 0000000..73dc42d --- /dev/null +++ b/openssl-1.1.0h/test/ocsp-tests/WINH_ND3.ors @@ -0,0 +1,10 @@ +MIIB1AoBAKCCAc0wggHJBgkrBgEFBQcwAQEEggG6MIIBtjCBn6IWBBStvZh6NLQm +9/rEJlTvA73gJMtUGhgPMjAxMjEwMTExMTM2NDdaMHQwcjBKMAkGBSsOAwIaBQAE +FH2xZlScq9tE7mImFq30ZXv3etWUBBStvZh6NLQm9/rEJlTvA73gJMtUGgIRAKcN +bJWejX5BTb8DmevkCauAABgPMjAxMjEwMTExMTM2NDdaoBEYDzIwMTIxMDE1MTEz +NjQ3WjANBgkqhkiG9w0BAQUFAAOCAQEAfnj3nh6z+USW6VlDWRytWpNmC1ZRwWlg +P2+G4UF4HE8bMJkuiFLcZEVYTxlTYv+xAEpSFxdInFM2Q5C+O6pWOZ9NbikeR4oZ +FTI1kAZ0Uw+YMpVM4ztvKBIpUSqlbi69iNJ9WGF6qzxVeqobSOyrjjwtTsuglUbR ++mshp/SP7Br2IIK+KM1vgsmVExPfGPYANyk7ki/Q8uUnjqkreeSa9WC2iJLGcybW +YavDhYWALebUGukNeedkloYhdjPboPPxDkKNjakwIG8EkbJK7uXewMOHHOFvFTX3 +K388me8u5iQf4f3fj6ilEgs6f5Szzmb+vklPX0zIny/TVk2+Az7HmA== diff --git a/openssl-1.1.0h/test/ocsp-tests/WKDOSC_D1.ors b/openssl-1.1.0h/test/ocsp-tests/WKDOSC_D1.ors new file mode 100644 index 0000000..d7566cf --- /dev/null +++ b/openssl-1.1.0h/test/ocsp-tests/WKDOSC_D1.ors @@ -0,0 +1,32 @@ +MIIFzwoBAKCCBcgwggXEBgkrBgEFBQcwAQEEggW1MIIFsTCBoKIWBBSpTXftIZX0 +lLT9zwVSQC5Jfp3pqhgPMjAxMjEwMTAxNDU0NDNaMHUwczBLMAkGBSsOAwIaBQAE +FKByDqBqfGICVPKo9Z3Se6Tzty+kBBSwsEr9HHUo+BxhqhP2+sGQPWsWowISESG8 +vx4IzALnkqQG05AvM+2bgAAYDzIwMTIxMDEwMTMwMDAwWqARGA8yMDEyMTAxNzEz +MDAwMFowCwYJKoZIhvcNAQEFA4IBAQBw5Z+0ggEddRTIq7cXlMoxG9Nrx4HtutsH +itIUoZp/rlLoxHsJTo/VmdZvTTGIc7Ok9XuoH61lY/x9glAKsGRjz4Myc9+5rx0O +675lwmOS+uaf3/hRkicVrVr7Pt2ug3R7OXm2MJrohjNKP8lqtLJ0hHP88a8rotKA +r9uz/qHm7K4Uh7dRt/Pnu9MPG74tZeFNN4M1ONMEiRdG39FqzFDXWxwQ3NmyC0Wo +DQn+NklZMknr8mm7IBWpzgU1fTD9R0yv0zdhUZGiEXxvdhm7GJrTET5jS30Ksm5j +o+n39YVu/vGbjyyYx3+WdeQLEyipaGvldSuJpT+R684/RuFWNetcoIID+DCCA/Qw +ggPwMIIC2KADAgECAhIRIcYjwu4UNkR1VGrDbSdFei8wDQYJKoZIhvcNAQEFBQAw +WTELMAkGA1UEBhMCQkUxGTAXBgNVBAoTEEdsb2JhbFNpZ24gbnYtc2ExLzAtBgNV +BAMTJkdsb2JhbFNpZ24gRXh0ZW5kZWQgVmFsaWRhdGlvbiBDQSAtIEcyMB4XDTEy +MDkxOTA3NDAzMVoXDTEyMTIxOTA4NDAzMVowgYUxCzAJBgNVBAYTAkJFMRkwFwYD +VQQKExBHbG9iYWxTaWduIG52LXNhMUIwQAYDVQQDEzlHbG9iYWxTaWduIEV4dGVu +ZGVkIFZhbGlkYXRpb24gQ0EgLSBHMiBPQ1NQIHJlc3BvbmRlciAtIDExFzAVBgNV +BAUTDjIwMTIwOTE5MDkzOTAwMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC +AQEAx0kb6QhDH3sEDj4zaysjVzYelq9lZ1cso4R2IyQxaoPaG6GkaCmHA4sz6KP+ +m3ADqplibEUBa/mzCxHW8/oy3NhGMFdbezduZrnRFLbzakOTeIo8VEIM3JPfgREv +CX8nj6Xu7ERD6JO/ZQ9Xr7YVzKKN+3cVZlcMHoGBnOPcO2Sz0AcYyk5m5IsGBRoT +T86j6Cr9PhOPTVwXL6Wxy1KVHsUZXUwnRacV0O4SHWQ4zM9Sablus9fTbh1CgIqW +sKDyzVB4yECXkBVeUlA+cuCaRRVHRiR+jPDSgbU62nnNudEpGG7dyoop6IOvXv2O +ydncWzaukxIVvQ/Ij85kHqs7HQIDAQABo4GEMIGBMAkGA1UdEwQCMAAwDgYDVR0P +AQH/BAQDAgeAMBMGA1UdJQQMMAoGCCsGAQUFBwMJMA8GCSsGAQUFBzABBQQCBQAw +HQYDVR0OBBYEFKlNd+0hlfSUtP3PBVJALkl+nemqMB8GA1UdIwQYMBaAFLCwSv0c +dSj4HGGqE/b6wZA9axajMA0GCSqGSIb3DQEBBQUAA4IBAQCe4rZg61Dmwygl/Uae +BJZog64/FvuB1sfCqKLJTjKOfLcugSTX1TT7bLJbzXRGPQuorI3TIZEOwldIw01d +DTLlsOCHrfHd+bpxgijxPkUuaA4NYnpvqTEMJqPKOC8QYfKupNjAPSuHvwqvqCfO +RCe3jY6xQDO0WCTZ8/xMsOkw+J/YEYqALETf2Ug7k5eRL/TvfLd8Sgi7vPfmUeiW +ptlsbhMOWQoQc+JA3vCI01rrjNq+0kIZ/r8nPGvablRr0Aakk6eDuS2dcReaPwuK +0xE136pJYiXdQ3SA7uwmlorjxmejavyoPCr23TU74DQEt6hhc6uIcabsa4Y8KvJy +RI4G diff --git a/openssl-1.1.0h/test/ocsp-tests/WKDOSC_D2.ors b/openssl-1.1.0h/test/ocsp-tests/WKDOSC_D2.ors new file mode 100644 index 0000000..757db75 --- /dev/null +++ b/openssl-1.1.0h/test/ocsp-tests/WKDOSC_D2.ors @@ -0,0 +1,32 @@ +MIIF4AoBAKCCBdkwggXVBgkrBgEFBQcwAQEEggXGMIIFwjCBmaIWBBTqlwecTarB +yVdbHxANRLCFYj1mqBgPMjAxMjEwMTAxNDU0NDhaMG4wbDBEMAkGBSsOAwIaBQAE +FLdXtbacB/gWIxOOkMkqDr4yAaoxBBRge2YaRQ2XyolQL30EzTSo//z9SwILBAAA +AAABL07hRxCAABgPMjAxMjEwMDEwNjAwMDBaoBEYDzIwMTMwNDE1MDYwMDAwWjAL +BgkqhkiG9w0BAQUDggEBACkGyoGefA2WuktIerofBoPgeyT8Mry57DxF7IEvX8dI +Adk+MZRo5suYIE2AJty8bohYYiIxS7sZ5nsUM+iyu5cIdmsIwt/YifYsSdHc6DKz +l3Yh4bS27QX05/Vuok3HmEMsRBmensKATMfvGP+TOwhuFeHWAK8KHSCmUbGZFP3A +WKtrhRh/qC4qetMt07z/OKZcqHUYegEpO3xqRJ4MdqRJpV1urjdL/852US0mWAOL +/EPoexWiHiKJmsNy7HAEKFQ+daqdZYM1BTGbS2aj3go/BVqf0xEhRLT0fsdof4Is +1Cy2ZHGbaVEyOQpXsxUEAqEdJcFRcLFGhdgnUjcQ9lqgggQQMIIEDDCCBAgwggLw +oAMCAQICCwQAAAAAAThXovYBMA0GCSqGSIb3DQEBBQUAMFcxCzAJBgNVBAYTAkJF +MRkwFwYDVQQKExBHbG9iYWxTaWduIG52LXNhMRAwDgYDVQQLEwdSb290IENBMRsw +GQYDVQQDExJHbG9iYWxTaWduIFJvb3QgQ0EwHhcNMTIwNzA1MTgwMDAwWhcNMTMw +NzA1MTgwMDAwWjBZMQswCQYDVQQGEwJCRTEZMBcGA1UEChMQR2xvYmFsU2lnbiBu +di1zYTEvMC0GA1UEAxMmR2xvYmFsU2lnbiBPQ1NQIGZvciBSb290IFIxIC0gQnJh +bmNoIDEwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDQ2QF8p0+Fb7ID +MwwD1gEr2oazjqbW28EZr3YEyMPk+7VFaGePSO1xjBGIE48Q7m7d6p6ZXCzlBZEi +oudrHSr3WDqdIVKLDrZIDkgEgdjJE72Hq6Pf5CEGXyebbODm4sV96EfewSvOOYLL +866g3aoVhLDK02ny+Q5OsokW7nhnmGMMh10tZqR5VmdQTiw8MgeqUxBEaEO4WH2J +ltgSsgNJBNBYuDgnn5ryzVqhvmCJvYZMYeN6qZFKy1MgHcR+wEpGLPlRL4ttu6e5 +MJrVta7dVFobHUHoFog97LtQT1PY0Ubaihswjge5O04bYeCrgSSjr1e4xH/KDxRw +yyhoscaFAgMBAAGjgdIwgc8wDgYDVR0PAQH/BAQDAgeAMB0GA1UdDgQWBBTqlwec +TarByVdbHxANRLCFYj1mqDBMBgNVHSAERTBDMEEGCSsGAQQBoDIBXzA0MDIGCCsG +AQUFBwIBFiZodHRwczovL3d3dy5nbG9iYWxzaWduLmNvbS9yZXBvc2l0b3J5LzAJ +BgNVHRMEAjAAMBMGA1UdJQQMMAoGCCsGAQUFBwMJMB8GA1UdIwQYMBaAFGB7ZhpF +DZfKiVAvfQTNNKj//P1LMA8GCSsGAQUFBzABBQQCBQAwDQYJKoZIhvcNAQEFBQAD +ggEBAHiC6N1uF29d7CmiVapA8Nr1xLSVeIkBd4A8yHsUTQ7ATI7bwT14QUV4awe7 +8cvmO5ZND8YG1ViwN162WFm9ivSoWBzvWDbU2JhQFb+XzrzCcdn0YbNiTxJh/vYm +uDuxto00dpBgujSOAQv8B90iDEJ+sZpYRzDRj62qStRey0zpq5eX+pA+gdppMUFb +4QvJf0El8TbLCWLN4TjrFe6ju7ZaN9zmgVYGQ2fMHKIGNScLuIA950nYwzRkIfHa +YW6HqP1rCR1EiYmstEeCQyDxJx+RUlh+q8L1BKzaMYhS6s63MZzQuGseYStaCmbC +fBIRKjnK621vAWvc7UR+0hqnZ+U= diff --git a/openssl-1.1.0h/test/ocsp-tests/WKDOSC_D3.ors b/openssl-1.1.0h/test/ocsp-tests/WKDOSC_D3.ors new file mode 100644 index 0000000..c33179c --- /dev/null +++ b/openssl-1.1.0h/test/ocsp-tests/WKDOSC_D3.ors @@ -0,0 +1,38 @@ +MIIG8AoBAKCCBukwggblBgkrBgEFBQcwAQEEggbWMIIG0jCB+aF+MHwxCzAJBgNV +BAYTAkFVMQwwCgYDVQQIEwNOU1cxDzANBgNVBAcTBlN5ZG5leTEUMBIGA1UEChML +Q0FjZXJ0IEluYy4xHjAcBgNVBAsTFVNlcnZlciBBZG1pbmlzdHJhdGlvbjEYMBYG +A1UEAxMPb2NzcC5jYWNlcnQub3JnGA8yMDEyMTAxMDE1MTkzOVowZjBkMDwwCQYF +Kw4DAhoFAAQUi6TJyxcpGUU+u45zCZG5JfKDImUEFBa1MhvUx/Pg5o7zvdKwOu6y +ORjRAgMLs8aAABgPMjAxMjEwMTAxNDU2MTdaoBEYDzIwMTIxMDEyMTUxOTM5WjAN +BgkqhkiG9w0BAQUFAAOCAQEAH1Bs3glJoAvCHhgVtN4F/avlKA1St74v7yuD1DIu +cBf/4YRJdxZATXMI8I0TPjSl8L+rRAiUTVd8sPhWQ9XD9WaYKkTEjuQSPp851/81 +zDihz9Kj5Rzo5PYpFsbSps/ALMQSRkrtuX4DCm9fbK7xC+adpbhQDnWW/GXM1+Ob +lv3pHDQXLh2GQbRsaJBgLeSUxIIE7RWJv1N+Ugi5zF8rja5qnJ9DnkilEqMeXQp8 +SThaI+TOe+KHK+7wTp5QkFNIE5l/uKgvSNIOwLe9HDevlSl1wYF6e+mAz3uoQyJa +Ucx8FIoV6CIr+wUd+P8CmNXiQ7M59I8gm3FCDiEvWDQGEaCCBL4wggS6MIIEtjCC +Ap6gAwIBAgIDCpvzMA0GCSqGSIb3DQEBBQUAMHkxEDAOBgNVBAoTB1Jvb3QgQ0Ex +HjAcBgNVBAsTFWh0dHA6Ly93d3cuY2FjZXJ0Lm9yZzEiMCAGA1UEAxMZQ0EgQ2Vy +dCBTaWduaW5nIEF1dGhvcml0eTEhMB8GCSqGSIb3DQEJARYSc3VwcG9ydEBjYWNl +cnQub3JnMB4XDTExMDgyMzAwMDI1NloXDTEzMDgyMjAwMDI1NlowfDELMAkGA1UE +BhMCQVUxDDAKBgNVBAgTA05TVzEPMA0GA1UEBxMGU3lkbmV5MRQwEgYDVQQKEwtD +QWNlcnQgSW5jLjEeMBwGA1UECxMVU2VydmVyIEFkbWluaXN0cmF0aW9uMRgwFgYD +VQQDEw9vY3NwLmNhY2VydC5vcmcwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK +AoIBAQCdxtRv5CPHw3BLdR/k/K72YsRgodbP+UdAONmvBvWzhwm6B8h6O+M64sFr +2w6be7SYBECIyOQgNJ1flK4MoAWhdBA/H5NtxaDOKbAqA27tO9GaevcPp7c518O0 +3hVnlPLvsN1f48nY0jQOXUTfv5nYXmD0OSSK/V3IRo0KsWB6T9UnMGCeEwb4Oqqz +uzM0b4SBflzMEony/m6Tg/qL7qs2TLZAqe77+BZaVdFkDUnaBN7RyMruXySxeXiz +mogT3WhROeloMa/X+E01bWBYBEK7VZIY9pgBpXQ7vDbbIGgYuIXUi20wh03WMy16 +VDYdV0IUXHpidNUeK9W/BPP/7APBAgMBAAGjRDBCMAwGA1UdEwEB/wQCMAAwJwYD +VR0lBCAwHgYIKwYBBQUHAwIGCCsGAQUFBwMBBggrBgEFBQcDCTAJBgNVHREEAjAA +MA0GCSqGSIb3DQEBBQUAA4ICAQAoT6p5f3cGprAcgrnzdenfTmDe9LCW7k2VnazA +MAzpsD6gXcSlo4+3hoHem/SpKRH2tqi34DmImCiv/S6fxsKM4Gfn5rlkAFviuTvS +r5Zrwh4ZKSfaoWv4bmbzmcAxvuxdMWHf/5PbjegjzFTbBMekVPZY/abYtD6kdHQZ +VNgzwZVfTBfYhfa+Rg72I2zjKpMsjxMqWfTmUzW6wfK6LFudZqu0U1NnJw+IlnVU +6WtjL885ebQrmcRqWz3nMhVLIu5L3w/s+VTLvm7If6jcMDNUjz8s2BPcJeCXg3TE +STsyl6tvk17RRz2+9JskxVOk11xIn96xR4FCERIid2ek9z1xi7oYOajQF50i/9Gj +ReDEfRSyb4/LzoKDOY+h4Q6jryeHh7WIHFiK5qrBN2y8qOoRJ/OqQnqci/BJBNpe +g9Q9PJRgGSzRndTXNHiYRbeLpq7eGo3sPqlR9qBQ3rd98XGOU0RCMnzjKhENC3qo +5PkSF2xs8RmjWktFSTDwjYo0qf1teo7CGHjgaPjQ7JE8Q4ysFOQndSWmLpqwDcI9 +HfIvPwUIWArQrJRh9LCNSyvHVgLqY9kw8NW4TlMxV2WqaYCkiKi3XVRrSFR3ahS1 +VBvRZ8KpplrV7rhXjVSSqqfLk1sX3l72Ck2F9ON+qbNFmvhgNjSiBY9neMgo804a +wG/pag== diff --git a/openssl-1.1.0h/test/ocsp-tests/WKIC_D1_Issuer_ICA.pem b/openssl-1.1.0h/test/ocsp-tests/WKIC_D1_Issuer_ICA.pem new file mode 100644 index 0000000..93fb70d --- /dev/null +++ b/openssl-1.1.0h/test/ocsp-tests/WKIC_D1_Issuer_ICA.pem @@ -0,0 +1,27 @@ +-----BEGIN CERTIFICATE----- +MIIEhjCCA26gAwIBAgILBAAAAAABL07hXdQwDQYJKoZIhvcNAQEFBQAwTDEgMB4G +A1UECxMXR2xvYmFsU2lnbiBSb290IENBIC0gUjIxEzARBgNVBAoTCkdsb2JhbFNp +Z24xEzARBgNVBAMTCkdsb2JhbFNpZ24wHhcNMTEwNDEzMTAwMDAwWhcNMjIwNDEz +MTAwMDAwWjBZMQswCQYDVQQGEwJCRTEZMBcGA1UEChMQR2xvYmFsU2lnbiBudi1z +YTEvMC0GA1UEAxMmR2xvYmFsU2lnbiBFeHRlbmRlZCBWYWxpZGF0aW9uIENBIC0g +RzIwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDOoUbMUpq4pbR/WNnN +2EugcgyXW6aIIMO5PUbc0FxSMPb6WU+FX7DbiLSpXysjSKyr9ZJ4FLYyD/tcaoVb +AJDgu2X1WvlPZ37HbCnsk8ArysRe2LDb1r4/mwvAj6ldrvcAAqT8umYROHf+IyAl +VRDFvYK5TLFoxuJwe4NcE2fBofN8C6iZmtDimyUxyCuNQPZSY7GgrVou9Xk2bTUs +Dt0F5NDiB0i3KF4r1VjVbNAMoQFGAVqPxq9kx1UBXeHRxmxQJaAFrQCrDI1la93r +wnJUyQ88ABeHIu/buYZ4FlGud9mmKE3zWI2DZ7k0JZscUYBR84OSaqOuR5rW5Isb +wO2xAgMBAAGjggFaMIIBVjAOBgNVHQ8BAf8EBAMCAQYwEgYDVR0TAQH/BAgwBgEB +/wIBADAdBgNVHQ4EFgQUsLBK/Rx1KPgcYaoT9vrBkD1rFqMwRwYDVR0gBEAwPjA8 +BgRVHSAAMDQwMgYIKwYBBQUHAgEWJmh0dHBzOi8vd3d3Lmdsb2JhbHNpZ24uY29t +L3JlcG9zaXRvcnkvMDYGA1UdHwQvMC0wK6ApoCeGJWh0dHA6Ly9jcmwuZ2xvYmFs +c2lnbi5uZXQvcm9vdC1yMi5jcmwwRAYIKwYBBQUHAQEEODA2MDQGCCsGAQUFBzAB +hihodHRwOi8vb2NzcC5nbG9iYWxzaWduLmNvbS9FeHRlbmRlZFNTTENBMCkGA1Ud +JQQiMCAGCCsGAQUFBwMBBggrBgEFBQcDAgYKKwYBBAGCNwoDAzAfBgNVHSMEGDAW +gBSb4gdXZxwewGoG3lm0mi3f3BmGLjANBgkqhkiG9w0BAQUFAAOCAQEAL0m28rZa +pJWrnlrpK4KbzJBrfHRFIOde2Mcj7ig1sTVlKqVR4FU/9oNntOQ2KbDa7JeVqYoF +o0X+Iy5SiLQfEICt0oufo1+oxetz3nmIQZgz7qdgGLFGyUAQB5yPClLJExoGbqCb +LTr2rk/no1E1KlsYBRLlUdy2NmLz4aQP++TPw5S/EauhWTEB8MxT7I9j12yW00gq +iiPtRVaoZkHqAblH7qFHDBTxI+Egc8p9UHxkOFejj0qcm+ltRc9Ea01gIEBxJbVG +qmwIft/I+shWKpLLg7h5CZctXqEBzgbttJfJBNxB7+BPNk3kQHNG7BESfIhbNCYl +TercGL7FG81kwA== +-----END CERTIFICATE----- diff --git a/openssl-1.1.0h/test/ocsp-tests/WKIC_D2_Issuer_Root.pem b/openssl-1.1.0h/test/ocsp-tests/WKIC_D2_Issuer_Root.pem new file mode 100644 index 0000000..61db7ae --- /dev/null +++ b/openssl-1.1.0h/test/ocsp-tests/WKIC_D2_Issuer_Root.pem @@ -0,0 +1,21 @@ +-----BEGIN CERTIFICATE----- +MIIDdTCCAl2gAwIBAgILBAAAAAABFUtaw5QwDQYJKoZIhvcNAQEFBQAwVzELMAkG +A1UEBhMCQkUxGTAXBgNVBAoTEEdsb2JhbFNpZ24gbnYtc2ExEDAOBgNVBAsTB1Jv +b3QgQ0ExGzAZBgNVBAMTEkdsb2JhbFNpZ24gUm9vdCBDQTAeFw05ODA5MDExMjAw +MDBaFw0yODAxMjgxMjAwMDBaMFcxCzAJBgNVBAYTAkJFMRkwFwYDVQQKExBHbG9i +YWxTaWduIG52LXNhMRAwDgYDVQQLEwdSb290IENBMRswGQYDVQQDExJHbG9iYWxT +aWduIFJvb3QgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDbDuaZ +jc6j40+Kfvvxi4Mla+pIH/EqsLmVEQS98GPR4mdmzxzdzxtIK+6NiY6arymAZavp +xy0Sy6scTHAHoT0KMM0VjU/43dSMUBUc71DuxC73/OlS8pF94G3VNTCOXkNz8kHp +1Wrjsok6Vjk4bwY8iGlbKk3Fp1S4bInMm/k8yuX9ifUSPJJ4ltbcdG6TRGHRjcdG +snUOhugZitVtbNV4FpWi6cgKOOvyJBNPc1STE4U6G7weNLWLBYy5d4ux2x8gkasJ +U26Qzns3dLlwR5EiUWMWea6xrkEmCMgZK9FGqkjWZCrXgzT/LCrBbBlDSgeF59N8 +9iFo7+ryUp9/k5DPAgMBAAGjQjBAMA4GA1UdDwEB/wQEAwIBBjAPBgNVHRMBAf8E +BTADAQH/MB0GA1UdDgQWBBRge2YaRQ2XyolQL30EzTSo//z9SzANBgkqhkiG9w0B +AQUFAAOCAQEA1nPnfE920I2/7LqivjTFKDK1fPxsnCwrvQmeU79rXqoRSLblCKOz +yj1hTdNGCbM+w6DjY1Ub8rrvrTnhQ7k4o+YviiY776BQVvnGCv04zcQLcFGUl5gE +38NflNUVyRRBnMRddWQVDf9VMOyGj/8N7yy5Y0b2qvzfvGn9LhJIZJrglfCm7ymP +AbEVtQwdpf5pLGkkeB6zpxxxYu7KyJesF12KwvhHhm4qxFYxldBniYUr+WymXUad +DKqC5JlR3XC321Y9YeRq4VzW9v493kHMB65jUr9TU/Qr6cf9tveCX4XSQRjbgbME +HMUfpIBvFSDJ3gyICh3WZlXi/EjJKSZp4A== +-----END CERTIFICATE----- diff --git a/openssl-1.1.0h/test/ocsp-tests/WKIC_D3_Issuer_Root.pem b/openssl-1.1.0h/test/ocsp-tests/WKIC_D3_Issuer_Root.pem new file mode 100644 index 0000000..f03432b --- /dev/null +++ b/openssl-1.1.0h/test/ocsp-tests/WKIC_D3_Issuer_Root.pem @@ -0,0 +1,41 @@ +-----BEGIN CERTIFICATE----- +MIIHPTCCBSWgAwIBAgIBADANBgkqhkiG9w0BAQQFADB5MRAwDgYDVQQKEwdSb290 +IENBMR4wHAYDVQQLExVodHRwOi8vd3d3LmNhY2VydC5vcmcxIjAgBgNVBAMTGUNB +IENlcnQgU2lnbmluZyBBdXRob3JpdHkxITAfBgkqhkiG9w0BCQEWEnN1cHBvcnRA +Y2FjZXJ0Lm9yZzAeFw0wMzAzMzAxMjI5NDlaFw0zMzAzMjkxMjI5NDlaMHkxEDAO +BgNVBAoTB1Jvb3QgQ0ExHjAcBgNVBAsTFWh0dHA6Ly93d3cuY2FjZXJ0Lm9yZzEi +MCAGA1UEAxMZQ0EgQ2VydCBTaWduaW5nIEF1dGhvcml0eTEhMB8GCSqGSIb3DQEJ +ARYSc3VwcG9ydEBjYWNlcnQub3JnMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIIC +CgKCAgEAzyLA4kZ97DYoB1CW8qAzQIxL8TtmPzHlawI229Z89vGIj053NgVBlfkJ +8BLPRoZzYLdufujAWGSuzbCtRRcMY/pnCujW0r8+55jE8Ez64AO7NV1sId6eINm6 +zWYyN3L69wj1x81YyY7nDl7qPv4coRQKFWyGhFtkZip6qUtTefWIonvuLwphK42y +fk1WpRPs6tqSnqxEQR5YYGUFZvjARL3LlPdCfgv3ZWiYUQXw8wWRBB0bF4LsyFe7 +w2t6iPGwcswlWyCR7BYCEo8y6RcYSNDHBS4CMEK4JZwFaz+qOqfrU0j36NK2B5jc +G8Y0f3/JHIJ6BVgrCFvzOKKrF11myZjXnhCLotLddJr3cQxyYN/Nb5gznZY0dj4k +epKwDpUeb+agRThHqtdB7Uq3EvbXG4OKDy7YCbZZ16oE/9KTfWgu3YtLq1i6L43q +laegw1SJpfvbi1EinbLDvhG+LJGGi5Z4rSDTii8aP8bQUWWHIbEZAWV/RRyH9XzQ +QUxPKZgh/TMfdQwEUfoZd9vUFBzugcMd9Zi3aQaRIt0AUMyBMawSB3s42mhb5ivU +fslfrejrckzzAeVLIL+aplfKkQABi6F1ITe1Yw1nPkZPcCBnzsXWWdsC4PDSy826 +YreQQejdIOQpvGQpQsgi3Hia/0PsmBsJUUtaWsJx8cTLc6nloQsCAwEAAaOCAc4w +ggHKMB0GA1UdDgQWBBQWtTIb1Mfz4OaO873SsDrusjkY0TCBowYDVR0jBIGbMIGY +gBQWtTIb1Mfz4OaO873SsDrusjkY0aF9pHsweTEQMA4GA1UEChMHUm9vdCBDQTEe +MBwGA1UECxMVaHR0cDovL3d3dy5jYWNlcnQub3JnMSIwIAYDVQQDExlDQSBDZXJ0 +IFNpZ25pbmcgQXV0aG9yaXR5MSEwHwYJKoZIhvcNAQkBFhJzdXBwb3J0QGNhY2Vy +dC5vcmeCAQAwDwYDVR0TAQH/BAUwAwEB/zAyBgNVHR8EKzApMCegJaAjhiFodHRw +czovL3d3dy5jYWNlcnQub3JnL3Jldm9rZS5jcmwwMAYJYIZIAYb4QgEEBCMWIWh0 +dHBzOi8vd3d3LmNhY2VydC5vcmcvcmV2b2tlLmNybDA0BglghkgBhvhCAQgEJxYl +aHR0cDovL3d3dy5jYWNlcnQub3JnL2luZGV4LnBocD9pZD0xMDBWBglghkgBhvhC +AQ0ESRZHVG8gZ2V0IHlvdXIgb3duIGNlcnRpZmljYXRlIGZvciBGUkVFIGhlYWQg +b3ZlciB0byBodHRwOi8vd3d3LmNhY2VydC5vcmcwDQYJKoZIhvcNAQEEBQADggIB +ACjH7pyCArpcgBLKNQodgW+JapnM8mgPf6fhjViVPr3yBsOQWqy1YPaZQwGjiHCc +nWKdpIevZ1gNMDY75q1I08t0AoZxPuIrA2jxNGJARjtT6ij0rPtmlVOKTV39O9lg +18p5aTuxZZKmxoGCXJzN600BiqXfEVWqFcofN8CCmHBh22p8lqOOLlQ+TyGpkO/c +gr/c6EWtTZBzCDyUZbAEmXZ/4rzCahWqlwQ3JNgelE5tDlG+1sSPypZt90Pf6DBl +Jzt7u0NDY8RD97LsaMzhGY4i+5jhe1o+ATc7iwiwovOVThrLm82asduycPAtStvY +sONvRUgzEv/+PDIqVPfE94rwiCPCR/5kenHA0R6mY7AHfqQv0wGP3J8rtsYIqQ+T +SCX8Ev2fQtzzxD72V7DX3WnRBnc0CkvSyqD/HMaMyRa+xMwyN2hzXwj7UfdJUzYF +CpUCTPJ5GhD22Dp1nPMd8aINcGeGG7MW9S/lpOt5hvk9C8JzC6WZrG/8Z7jlLwum +GCSNe9FINSkYQKyTYOGWhlC0elnYjyELn8+CkcY7v2vcB5G5l1YjqrZslMZIBjzk +zk6q5PYvCdxTby78dOs6Y5nCpqyJvKeyRKANihDjbPIky/qbn3BHLt4Ui9SyIAmW +omTxJBzcoTWcFbLUvFUufQb1nA5V9FrWk9p2rSVzTMVD +-----END CERTIFICATE----- diff --git a/openssl-1.1.0h/test/ocsp-tests/WKIC_ND1_Issuer_ICA.pem b/openssl-1.1.0h/test/ocsp-tests/WKIC_ND1_Issuer_ICA.pem new file mode 100644 index 0000000..f0d9811 --- /dev/null +++ b/openssl-1.1.0h/test/ocsp-tests/WKIC_ND1_Issuer_ICA.pem @@ -0,0 +1,29 @@ +-----BEGIN CERTIFICATE----- +MIIFBjCCA+6gAwIBAgIQEaO00OyNt3+doM1dLVEvQjANBgkqhkiG9w0BAQUFADCB +gTELMAkGA1UEBhMCR0IxGzAZBgNVBAgTEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4G +A1UEBxMHU2FsZm9yZDEaMBgGA1UEChMRQ09NT0RPIENBIExpbWl0ZWQxJzAlBgNV +BAMTHkNPTU9ETyBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAeFw0xMDA1MjQwMDAw +MDBaFw0yMDA1MzAxMDQ4MzhaMIGOMQswCQYDVQQGEwJHQjEbMBkGA1UECBMSR3Jl +YXRlciBNYW5jaGVzdGVyMRAwDgYDVQQHEwdTYWxmb3JkMRowGAYDVQQKExFDT01P +RE8gQ0EgTGltaXRlZDE0MDIGA1UEAxMrQ09NT0RPIEV4dGVuZGVkIFZhbGlkYXRp +b24gU2VjdXJlIFNlcnZlciBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC +ggEBAM1KljPNJY1n7iiWN4dG8PYEooR/U6qW5h+xAhxu7X0h1Nc8HqLYaS+ot/Wi +7WRYZOFEZTZJQSABjTsT4gjzDPJXOZM3txyTRIOOvy3xoQV12m7ue28b6naDKHRK +HCvT9cQDcpOvhs4JjDx11MkKL3Lzrb0OMDyEoXMfAyUUpY/D1vS15N2GevUZumjy +hVSiMBHK0ZLLO3QGEqA3q2rYVBHfbJoWlLm0p2XGdC0x801S6VVRn8s+oo12mHDS +b6ZlRS8bhbtbbfnywARmE4R6nc4n2PREnr+svpnba0/bWCGwiSe0jzLWS15ykV7f +BZ3ZSS/0tm9QH3XLgJ3m0+TR8tMCAwEAAaOCAWkwggFlMB8GA1UdIwQYMBaAFAtY +5YvGTBU3pECpMKkhvkc2Wlb/MB0GA1UdDgQWBBSIRFH/UCppXi2I9CG62Qzyzsvq +fDAOBgNVHQ8BAf8EBAMCAQYwEgYDVR0TAQH/BAgwBgEB/wIBADA+BgNVHSAENzA1 +MDMGBFUdIAAwKzApBggrBgEFBQcCARYdaHR0cHM6Ly9zZWN1cmUuY29tb2RvLmNv +bS9DUFMwSQYDVR0fBEIwQDA+oDygOoY4aHR0cDovL2NybC5jb21vZG9jYS5jb20v +Q09NT0RPQ2VydGlmaWNhdGlvbkF1dGhvcml0eS5jcmwwdAYIKwYBBQUHAQEEaDBm +MD4GCCsGAQUFBzAChjJodHRwOi8vY3J0LmNvbW9kb2NhLmNvbS9DT01PRE9BZGRU +cnVzdFNlcnZlckNBLmNydDAkBggrBgEFBQcwAYYYaHR0cDovL29jc3AuY29tb2Rv +Y2EuY29tMA0GCSqGSIb3DQEBBQUAA4IBAQCaQ7+vpHJezX1vf/T8PYy7cOYe3QT9 +P9ydn7+JdpvyhjH8f7PtKpFTLOKqsOPILHH3FYojHPFpLoH7sbxiC6saVBzZIl40 +TKX2Iw9dej3bQ81pfhc3Us1TocIR1FN4J2TViUFNFlW7kMvw2OTd3dMJZEgo/zIj +hC+Me1UvzymINzR4DzOq/7fylqSbRIC1vmxWVKukgZ4lGChUOn8sY89ZIIwYazgs +tN3t40DeDDYlV5rA0WCeXgNol64aO+pF11GZSe5EWVYLXrGPaOqKnsrSyaADfnAl +9DLJTlCDh6I0SD1PNXf82Ijq9n0ezkO21cJqfjhmY03n7jLvDyToKmf6 +-----END CERTIFICATE----- diff --git a/openssl-1.1.0h/test/ocsp-tests/WKIC_ND2_Issuer_Root.pem b/openssl-1.1.0h/test/ocsp-tests/WKIC_ND2_Issuer_Root.pem new file mode 100644 index 0000000..14d35cf --- /dev/null +++ b/openssl-1.1.0h/test/ocsp-tests/WKIC_ND2_Issuer_Root.pem @@ -0,0 +1,23 @@ +-----BEGIN CERTIFICATE----- +MIID0DCCArigAwIBAgIQIKTEf93f4cdTYwcTiHdgEjANBgkqhkiG9w0BAQUFADCB +gTELMAkGA1UEBhMCR0IxGzAZBgNVBAgTEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4G +A1UEBxMHU2FsZm9yZDEaMBgGA1UEChMRQ09NT0RPIENBIExpbWl0ZWQxJzAlBgNV +BAMTHkNPTU9ETyBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAeFw0xMTAxMDEwMDAw +MDBaFw0zMDEyMzEyMzU5NTlaMIGBMQswCQYDVQQGEwJHQjEbMBkGA1UECBMSR3Jl +YXRlciBNYW5jaGVzdGVyMRAwDgYDVQQHEwdTYWxmb3JkMRowGAYDVQQKExFDT01P +RE8gQ0EgTGltaXRlZDEnMCUGA1UEAxMeQ09NT0RPIENlcnRpZmljYXRpb24gQXV0 +aG9yaXR5MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0UCLi3LjkRv3 +UcEbVASY06m/weaKXTuH+7uIzg3jLz8GlvCiKVCZrts7oVewdFFxze1CkU1B/qnI +2GqGd0S7WWaXUF601CxwRM/aN5VCaTwwxHGzUvAhTaHYujl8HJ6jJJ3ygxaYqhZ8 +Q5sVW7euNJH+1GImGEaaP+vB+fGQV+useg2L23IwambV4EajcNxo2f8ESIl33rXp ++2dtQem8Ob0y2WIC8bGoPW43nOIv4tOiJovGuFVDiOEjPqXSJDlqR6sA1KGzqSX+ +DT+nHbrTUcELpNqsOO9VUCQFZUaTNE8tja3G1CEZ0o7KBWFxB3NH5YoZEr0ETc5O +nKVIrLsm9wIDAQABo0IwQDAdBgNVHQ4EFgQUC1jli8ZMFTekQKkwqSG+RzZaVv8w +DgYDVR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQEFBQAD +ggEBAC/JxBwHO89hAgCx2SFRdXIDMLDEFh9sAIsQrK/xR9SuEDwMGvjUk2ysEDd8 +t6aDZK3N3w6HM503sMZ7OHKx8xoOo/lVem0DZgMXlUrxsXrfViEGQo+x06iF3u6X +HWLrp+cxEmbDD6ZLLkGC9/3JG6gbr+48zuOcrigHoSybJMIPIyaDMouGDx8rEkYl +Fo92kANr3ryqImhrjKGsKxE5pttwwn1y6TPn/CbxdFqR5p2ErPioBhlG5qfpqjQi +pKGfeq23sqSaM4hxAjwu1nqyH6LKwN0vEJT9s4yEIHlG1QXUEOTS22RPuFvuG8Ug +R1uUq27UlTMdphVx8fiUylQ5PsE= +-----END CERTIFICATE----- diff --git a/openssl-1.1.0h/test/ocsp-tests/WKIC_ND3_Issuer_Root.pem b/openssl-1.1.0h/test/ocsp-tests/WKIC_ND3_Issuer_Root.pem new file mode 100644 index 0000000..ba7fb8d --- /dev/null +++ b/openssl-1.1.0h/test/ocsp-tests/WKIC_ND3_Issuer_Root.pem @@ -0,0 +1,25 @@ +-----BEGIN CERTIFICATE----- +MIIENjCCAx6gAwIBAgIBATANBgkqhkiG9w0BAQUFADBvMQswCQYDVQQGEwJTRTEU +MBIGA1UEChMLQWRkVHJ1c3QgQUIxJjAkBgNVBAsTHUFkZFRydXN0IEV4dGVybmFs +IFRUUCBOZXR3b3JrMSIwIAYDVQQDExlBZGRUcnVzdCBFeHRlcm5hbCBDQSBSb290 +MB4XDTAwMDUzMDEwNDgzOFoXDTIwMDUzMDEwNDgzOFowbzELMAkGA1UEBhMCU0Ux +FDASBgNVBAoTC0FkZFRydXN0IEFCMSYwJAYDVQQLEx1BZGRUcnVzdCBFeHRlcm5h +bCBUVFAgTmV0d29yazEiMCAGA1UEAxMZQWRkVHJ1c3QgRXh0ZXJuYWwgQ0EgUm9v +dDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALj3GjPm8gAELTngTlvt +H7xsD821+iO2zt6bETOXpClMfZOfvUq8k+0DGuOPz+VtUFrWlymUWoCwSXrbLpX9 +uMq/NzgtHj6RQa1wVsfwTz/oMp50ysiQVOnGXw94nZpAPA6sYapeFI+eh6FqUNzX +mk6vBbOmcZSccbNQYArHE504B4YCqOmoaSYYkKtMsE8jqzpPhNjfzp/haW+710LX +a0Tkx63ubUFfclpxCDezeWWkWaCUN/cALw3CknLa0Dhy2xSoRcRdKn23tNbE7qzN +E0S3ySvdQwAl+mG5aWpYIxG3pzOPVnVZ9c0p10a3CitlttNCbxWyuHv77+ldU9U0 +WicCAwEAAaOB3DCB2TAdBgNVHQ4EFgQUrb2YejS0Jvf6xCZU7wO94CTLVBowCwYD +VR0PBAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wgZkGA1UdIwSBkTCBjoAUrb2YejS0 +Jvf6xCZU7wO94CTLVBqhc6RxMG8xCzAJBgNVBAYTAlNFMRQwEgYDVQQKEwtBZGRU +cnVzdCBBQjEmMCQGA1UECxMdQWRkVHJ1c3QgRXh0ZXJuYWwgVFRQIE5ldHdvcmsx +IjAgBgNVBAMTGUFkZFRydXN0IEV4dGVybmFsIENBIFJvb3SCAQEwDQYJKoZIhvcN +AQEFBQADggEBALCb4IUlwtYj4g+WBpKdQZic2YR5gdkeWxQHIzZlj7DYd7usQWxH +YINRsPkyPef89iYTx4AWpb9a/IfPeHmJIZriTAcKhjW88t5RxNKWt9x+Tu5w/Rw5 +6wwCURQtjr0W4MHfRnXnJK3s9EK0hZNwEGe6nQY1ShjTK3rMUUKhemPR5ruhxSvC +Nr4TDea9Y355e6cJDUCrat2PisP29owaQgVR1EX1n6diIWgVIEM8med8vSTYqZEX +c4g/VhsxOBi0cQ+azcgOno4uG+GMmIPLHzHxREzGBHNJdmAPx/i9F4BrLunMTA5a +mnkPIAou1Z5jJh5VkpTYghdae9C8x49OhgQ= +-----END CERTIFICATE----- diff --git a/openssl-1.1.0h/test/ocsp-tests/WRID_D1.ors b/openssl-1.1.0h/test/ocsp-tests/WRID_D1.ors new file mode 100644 index 0000000..6589782 --- /dev/null +++ b/openssl-1.1.0h/test/ocsp-tests/WRID_D1.ors @@ -0,0 +1,32 @@ +MIIFzwoBAKCCBcgwggXEBgkrBgEFBQcwAQEEggW1MIIFsTCBoKIWBBRg2uQDFpGg +Ywh4P1y2H9bZ2/BQNBgPMjAxMjEwMTExMTI1MjJaMHUwczBLMAkGBSsOAwIaBQAE +FKByDqBqfGICVPKo9Z3Se6Tzty+kBBSwsEr9HHUo+BxhqhP2+sGQPWsWowISESG8 +vx4IzALnkqQG05AvM+2bgAAYDzIwMTIxMDExMTAwMDAwWqARGA8yMDEyMTAxODEw +MDAwMFowCwYJKoZIhvcNAQEFA4IBAQAHQBPHdHWNzaFs5bfBvQcvxBWsDnsCFXNs +a1fECiWDFNt6Nz4MCBY4rC7n0nhQfvg4m1woNcTAZVO8lacYomwUU/5/XpeFM6yc +NeFcVbfVXA48GWPANitNQCwyRL5hGfIqNy1I9T1BHlBqYusmJKy65r2iqpmld/hD +7S1dsCd4fXhjBQQORPmBqhKvWEU08Dh5aoaDAuaZoxRH8B1q+mUs0ODOIu34L84y +JcxTKccd/HCwI8oxwLoBtyXSHb+dCzc7zSjFvQhbT5dOCvJNNe/fk6+EhMtQ6ybC +D7p9EShCvU5jAdw54bZWk5wIQSvsWk9axUmYFFLYI3hAaoybpFVroIID+DCCA/Qw +ggPwMIIC2KADAgECAhIRISdENsrz1CSWG3VIBwfQERQwDQYJKoZIhvcNAQEFBQAw +WTELMAkGA1UEBhMCQkUxGTAXBgNVBAoTEEdsb2JhbFNpZ24gbnYtc2ExLzAtBgNV +BAMTJkdsb2JhbFNpZ24gRXh0ZW5kZWQgVmFsaWRhdGlvbiBDQSAtIEcyMB4XDTEy +MDkxOTA3NDA1MFoXDTEyMTIxOTA4NDA1MFowgYUxCzAJBgNVBAYTAkJFMRkwFwYD +VQQKExBHbG9iYWxTaWduIG52LXNhMUIwQAYDVQQDEzlHbG9iYWxTaWduIEV4dGVu +ZGVkIFZhbGlkYXRpb24gQ0EgLSBHMiBPQ1NQIHJlc3BvbmRlciAtIDIxFzAVBgNV +BAUTDjIwMTIwOTE5MDk0MDAwMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC +AQEAnCgMsBO+IxIqCnXCOfXJoIC3wj+f0s4DV9h2gJBzisWXkaJD2DfNrd0kHUXK +qVVPUxnA4G5iZu0Z385/KiOt1/P6vQ/Z2/AsEh/8Z/hIyeZCHL31wrSZW4yLeZwi +M76wPiBHJxPun681HQlVs/OGKSHnbHc1XJAIeA/M8u+lLWqIKB+AJ82TrOqUMj1s +LjGhQNs84xPliONN5K7DrEy+Y65X/rFxN77Smw+UtcH1GgH2NgaHH8dpt1m25sgm +UxZWhdx66opB/lbRQwWdGt7MC0kJFaWHDZq64DTuYoekFYSxAFu0nd0EekEHEJEi +9mquB9cv/96SuEJl8BcUWU/1LwIDAQABo4GEMIGBMAkGA1UdEwQCMAAwDgYDVR0P +AQH/BAQDAgeAMBMGA1UdJQQMMAoGCCsGAQUFBwMJMA8GCSsGAQUFBzABBQQCBQAw +HQYDVR0OBBYEFF/a5AMWkaBjCHg/XLYf1tnb8FA0MB8GA1UdIwQYMBaAFLCwSv0c +dSj4HGGqE/b6wZA9axajMA0GCSqGSIb3DQEBBQUAA4IBAQCKRl1iXFmOQtLseDWP +Y5icDDBGiRi17CGgvIzGJi/ha0PhbO+X0TmQIEnRX3Mu0Er/Mm4RZSjMtJ2iZRh3 +tGf4Dn+jKgKOmgXC3oOG/l8RPHLf0yaPSdn/z0TXtA30vTFBLlFeWnhbfhovea4+ +snPdBxLqWZdtxmiwojgqA7YATCWwavizrBr09YRyDwzgtpZ2BwMruGuFuV9FsEwL +PCM53yFlrM32oFghyfyE5kYjgnnueKM+pw1kA0jgb1CnVJRrMEN1TXuXDAZLtHKG +5X/drah1JtkoZhCzxzZ3bYdVDQJ90OHFqM58lwGD6z3XuPKrHDKZKt+CPIsl5g7p +4J2l diff --git a/openssl-1.1.0h/test/ocsp-tests/WRID_D2.ors b/openssl-1.1.0h/test/ocsp-tests/WRID_D2.ors new file mode 100644 index 0000000..4e11e4b --- /dev/null +++ b/openssl-1.1.0h/test/ocsp-tests/WRID_D2.ors @@ -0,0 +1,32 @@ +MIIF4AoBAKCCBdkwggXVBgkrBgEFBQcwAQEEggXGMIIFwjCBmaIWBBTrlwecTarB +yVdbHxANRLCFYj1mqBgPMjAxMjEwMTExMTI1MjVaMG4wbDBEMAkGBSsOAwIaBQAE +FLdXtbacB/gWIxOOkMkqDr4yAaoxBBRge2YaRQ2XyolQL30EzTSo//z9SwILBAAA +AAABL07hRxCAABgPMjAxMjEwMDEwNjAwMDBaoBEYDzIwMTMwNDE1MDYwMDAwWjAL +BgkqhkiG9w0BAQUDggEBAHThkPoy6eA7qX9y5C5b1ElRSwdjzsd15OJSqP2yjQbS +Ol1K8DWtX0UhTfRH+CrIPoWL40g2HjXtIVeMD6s3hakYimZUenIJ/IRRSVWp+EXU +MewgTVPz/wJN/9dJIkSbOI/BmpIGlaaBaLwcb39nJjZMq0sXj8jRI5i0isotOAFz +Zc0R20viBEH099KuGktB2fKKEpVbbWPljTxKzkIBs9SXZBIqd/X2MWzQWcLKzhL0 +oynkvqxTFqNVjjZKcKSXPS/XEUufLrv/E3xQZYAfTJr778kFkyA8JzrXiH6W5DX6 +UbqsnO5DaPZvMDfvlQWETkoS1j+Qgu2mIWzdiw7sPrOgggQQMIIEDDCCBAgwggLw +oAMCAQICCwQAAAAAAThXovYBMA0GCSqGSIb3DQEBBQUAMFcxCzAJBgNVBAYTAkJF +MRkwFwYDVQQKExBHbG9iYWxTaWduIG52LXNhMRAwDgYDVQQLEwdSb290IENBMRsw +GQYDVQQDExJHbG9iYWxTaWduIFJvb3QgQ0EwHhcNMTIwNzA1MTgwMDAwWhcNMTMw +NzA1MTgwMDAwWjBZMQswCQYDVQQGEwJCRTEZMBcGA1UEChMQR2xvYmFsU2lnbiBu +di1zYTEvMC0GA1UEAxMmR2xvYmFsU2lnbiBPQ1NQIGZvciBSb290IFIxIC0gQnJh +bmNoIDEwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDP2QF8p0+Fb7ID +MwwD1gEr2oazjqbW28EZr3YEyMPk+7VFaGePSO1xjBGIE48Q7m7d6p6ZXCzlBZEi +oudrHSr3WDqdIVKLDrZIDkgEgdjJE72Hq6Pf5CEGXyebbODm4sV96EfewSvOOYLL +866g3aoVhLDK02ny+Q5OsokW7nhnmGMMh10tZqR5VmdQTiw8MgeqUxBEaEO4WH2J +ltgSsgNJBNBYuDgnn5ryzVqhvmCJvYZMYeN6qZFKy1MgHcR+wEpGLPlRL4ttu6e5 +MJrVta7dVFobHUHoFog97LtQT1PY0Ubaihswjge5O04bYeCrgSSjr1e4xH/KDxRw +yyhoscaFAgMBAAGjgdIwgc8wDgYDVR0PAQH/BAQDAgeAMB0GA1UdDgQWBBTqlwec +TarByVdbHxANRLCFYj1mqDBMBgNVHSAERTBDMEEGCSsGAQQBoDIBXzA0MDIGCCsG +AQUFBwIBFiZodHRwczovL3d3dy5nbG9iYWxzaWduLmNvbS9yZXBvc2l0b3J5LzAJ +BgNVHRMEAjAAMBMGA1UdJQQMMAoGCCsGAQUFBwMJMB8GA1UdIwQYMBaAFGB7ZhpF +DZfKiVAvfQTNNKj//P1LMA8GCSsGAQUFBzABBQQCBQAwDQYJKoZIhvcNAQEFBQAD +ggEBAHiC6N1uF29d7CmiVapA8Nr1xLSVeIkBd4A8yHsUTQ7ATI7bwT14QUV4awe7 +8cvmO5ZND8YG1ViwN162WFm9ivSoWBzvWDbU2JhQFb+XzrzCcdn0YbNiTxJh/vYm +uDuxto00dpBgujSOAQv8B90iDEJ+sZpYRzDRj62qStRey0zpq5eX+pA+gdppMUFb +4QvJf0El8TbLCWLN4TjrFe6ju7ZaN9zmgVYGQ2fMHKIGNScLuIA950nYwzRkIfHa +YW6HqP1rCR1EiYmstEeCQyDxJx+RUlh+q8L1BKzaMYhS6s63MZzQuGseYStaCmbC +fBIRKjnK621vAWvc7UR+0hqnZ+U= diff --git a/openssl-1.1.0h/test/ocsp-tests/WRID_D3.ors b/openssl-1.1.0h/test/ocsp-tests/WRID_D3.ors new file mode 100644 index 0000000..61e2d09 --- /dev/null +++ b/openssl-1.1.0h/test/ocsp-tests/WRID_D3.ors @@ -0,0 +1,38 @@ +MIIG8AoBAKCCBukwggblBgkrBgEFBQcwAQEEggbWMIIG0jCB+aF+MHwxCzAJBgNV +BAYTAlVTMQwwCgYDVQQIEwNOU1cxDzANBgNVBAcTBlN5ZG5leTEUMBIGA1UEChML +Q0FjZXJ0IEluYy4xHjAcBgNVBAsTFVNlcnZlciBBZG1pbmlzdHJhdGlvbjEYMBYG +A1UEAxMPb2NzcC5jYWNlcnQub3JnGA8yMDEyMTAxMTEzMjE0MVowZjBkMDwwCQYF +Kw4DAhoFAAQUi6TJyxcpGUU+u45zCZG5JfKDImUEFBa1MhvUx/Pg5o7zvdKwOu6y +ORjRAgMLs8aAABgPMjAxMjEwMTExMjQyMTZaoBEYDzIwMTIxMDEzMTMyMTQxWjAN +BgkqhkiG9w0BAQUFAAOCAQEAEWd9kKEfaurOXDV98OVtU27TmK4L4MeGEPdkg1i+ +fbPMe1mouWlVm23W6yaM7mM2NMXLW+hTNzqfyMPM7rByXNaFAAniCPTXNO3eJRIA +Zf0F10OSdBQ/ln4igHQCVZCnXR30/aP5/PMb4u3/LTuC9aW6K7mLXcuCvJztGnXO +v3r64q/qTGG/b4eS65exykV9riSFuGp1rzLAy5fSYTBWTOBQ679PFjQnL60GkrZA +Egtxw2ozEDwo+X0WamEouxN8mjX/VQlMdEbykUFDuPD3vZydZ04BV9f18RJZOU9j +gCwMzd9gb4jUL4ykdWiLmO+YPDWFyNSYEIfnGgk1VvPHuaCCBL4wggS6MIIEtjCC +Ap6gAwIBAgIDCpvzMA0GCSqGSIb3DQEBBQUAMHkxEDAOBgNVBAoTB1Jvb3QgQ0Ex +HjAcBgNVBAsTFWh0dHA6Ly93d3cuY2FjZXJ0Lm9yZzEiMCAGA1UEAxMZQ0EgQ2Vy +dCBTaWduaW5nIEF1dGhvcml0eTEhMB8GCSqGSIb3DQEJARYSc3VwcG9ydEBjYWNl +cnQub3JnMB4XDTExMDgyMzAwMDI1NloXDTEzMDgyMjAwMDI1NlowfDELMAkGA1UE +BhMCQVUxDDAKBgNVBAgTA05TVzEPMA0GA1UEBxMGU3lkbmV5MRQwEgYDVQQKEwtD +QWNlcnQgSW5jLjEeMBwGA1UECxMVU2VydmVyIEFkbWluaXN0cmF0aW9uMRgwFgYD +VQQDEw9vY3NwLmNhY2VydC5vcmcwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK +AoIBAQCcxtRv5CPHw3BLdR/k/K72YsRgodbP+UdAONmvBvWzhwm6B8h6O+M64sFr +2w6be7SYBECIyOQgNJ1flK4MoAWhdBA/H5NtxaDOKbAqA27tO9GaevcPp7c518O0 +3hVnlPLvsN1f48nY0jQOXUTfv5nYXmD0OSSK/V3IRo0KsWB6T9UnMGCeEwb4Oqqz +uzM0b4SBflzMEony/m6Tg/qL7qs2TLZAqe77+BZaVdFkDUnaBN7RyMruXySxeXiz +mogT3WhROeloMa/X+E01bWBYBEK7VZIY9pgBpXQ7vDbbIGgYuIXUi20wh03WMy16 +VDYdV0IUXHpidNUeK9W/BPP/7APBAgMBAAGjRDBCMAwGA1UdEwEB/wQCMAAwJwYD +VR0lBCAwHgYIKwYBBQUHAwIGCCsGAQUFBwMBBggrBgEFBQcDCTAJBgNVHREEAjAA +MA0GCSqGSIb3DQEBBQUAA4ICAQAoT6p5f3cGprAcgrnzdenfTmDe9LCW7k2VnazA +MAzpsD6gXcSlo4+3hoHem/SpKRH2tqi34DmImCiv/S6fxsKM4Gfn5rlkAFviuTvS +r5Zrwh4ZKSfaoWv4bmbzmcAxvuxdMWHf/5PbjegjzFTbBMekVPZY/abYtD6kdHQZ +VNgzwZVfTBfYhfa+Rg72I2zjKpMsjxMqWfTmUzW6wfK6LFudZqu0U1NnJw+IlnVU +6WtjL885ebQrmcRqWz3nMhVLIu5L3w/s+VTLvm7If6jcMDNUjz8s2BPcJeCXg3TE +STsyl6tvk17RRz2+9JskxVOk11xIn96xR4FCERIid2ek9z1xi7oYOajQF50i/9Gj +ReDEfRSyb4/LzoKDOY+h4Q6jryeHh7WIHFiK5qrBN2y8qOoRJ/OqQnqci/BJBNpe +g9Q9PJRgGSzRndTXNHiYRbeLpq7eGo3sPqlR9qBQ3rd98XGOU0RCMnzjKhENC3qo +5PkSF2xs8RmjWktFSTDwjYo0qf1teo7CGHjgaPjQ7JE8Q4ysFOQndSWmLpqwDcI9 +HfIvPwUIWArQrJRh9LCNSyvHVgLqY9kw8NW4TlMxV2WqaYCkiKi3XVRrSFR3ahS1 +VBvRZ8KpplrV7rhXjVSSqqfLk1sX3l72Ck2F9ON+qbNFmvhgNjSiBY9neMgo804a +wG/pag== diff --git a/openssl-1.1.0h/test/ocsp-tests/WRID_ND1.ors b/openssl-1.1.0h/test/ocsp-tests/WRID_ND1.ors new file mode 100644 index 0000000..b6fadc5 --- /dev/null +++ b/openssl-1.1.0h/test/ocsp-tests/WRID_ND1.ors @@ -0,0 +1,10 @@ +MIIB0woBAKCCAcwwggHIBgkrBgEFBQcwAQEEggG5MIIBtTCBnqIWBBSJRFH/UCpp +Xi2I9CG62QzyzsvqfBgPMjAxMjEwMTEwODQxMTNaMHMwcTBJMAkGBSsOAwIaBQAE +FEi2DTgjjfhFbk7lhD6jlBEYApefBBSIRFH/UCppXi2I9CG62QzyzsvqfAIQIuEz +IiCgSN8psr+aMcKbB4AAGA8yMDEyMTAxMTA4NDExM1qgERgPMjAxMjEwMTUwODQx +MTNaMA0GCSqGSIb3DQEBBQUAA4IBAQCNnhlBMxxh9z5AKfzAxiKs90CfxUsqfYfk +8XlyF9VIfWRfEwzS6MF1pEzLnghRxTAmjrFgK+sxD9wk+S5Mdgw3nbED9DVFH2Hs +RGKm/t9wkvrYOX6yRQqw6uRvU/5cibMjcyzKB/VQMwk4p4FwSUgBv88A5sTkKr2V +eYdEm34hg2TZVkipPMBiyTyBLXs8D/9oALtnczg4xlTRSjDUvqoXL5haqY4QK2Pv +mNwna6ACkwLmSuMe29UQ8IX2PUB4R5Etni5czyiKGxZLm+4NAhuEwWFNEzCyImPc +087gHGU1zx+qVSlajqMJ/9ZXYjbt7WiWdhOTGEv4VMn8dHhRUs32 diff --git a/openssl-1.1.0h/test/ocsp-tests/WRID_ND2.ors b/openssl-1.1.0h/test/ocsp-tests/WRID_ND2.ors new file mode 100644 index 0000000..251f0df --- /dev/null +++ b/openssl-1.1.0h/test/ocsp-tests/WRID_ND2.ors @@ -0,0 +1,10 @@ +MIIB0woBAKCCAcwwggHIBgkrBgEFBQcwAQEEggG5MIIBtTCBnqIWBBQMWOWLxkwV +N6RAqTCpIb5HNlpW/xgPMjAxMjEwMTAyMzAzMTlaMHMwcTBJMAkGBSsOAwIaBQAE +FOy+ZAvtiWulchtVZmfKU1ZI9ewTBBQLWOWLxkwVN6RAqTCpIb5HNlpW/wIQEaO0 +0OyNt3+doM1dLVEvQoAAGA8yMDEyMTAxMDIzMDMxOVqgERgPMjAxMjEwMTQyMzAz +MTlaMA0GCSqGSIb3DQEBBQUAA4IBAQCHn2nGfEUX/EJruMkTgh7GgB0u9cpAepaD +sPv9gtl3KLUZyR+NbGMIa5/bpoJp0yg1z5VL6CLMusy3AF6Cn2fyaioDxG+yc+gA +PcPFdEqiIMr+TP8s7qcEiE6WZddSSCqCn90VZSCWkpDhnCjDRwJLBBPU3803fdMz +oguvyr7y6Koxik8X/iUe8EpSzAvmm4GZL3veTI+x7IezJSrhCS9zM0ZHjySjoDxC ++ljGH0EuWPTmFEqZVGIq3cuahIYzKItUbYnXU6ipi/2p42qbsFeok7eEN0EYsY1a +vRATHGRmU7Q5HLCq4rQtZC1cis52Mvc9x1W4z/Gt5A3FtgElXXNA diff --git a/openssl-1.1.0h/test/ocsp-tests/WRID_ND3.ors b/openssl-1.1.0h/test/ocsp-tests/WRID_ND3.ors new file mode 100644 index 0000000..19641f5 --- /dev/null +++ b/openssl-1.1.0h/test/ocsp-tests/WRID_ND3.ors @@ -0,0 +1,10 @@ +MIIB1AoBAKCCAc0wggHJBgkrBgEFBQcwAQEEggG6MIIBtjCBn6IWBBSuvZh6NLQm +9/rEJlTvA73gJMtUGhgPMjAxMjEwMTAxMzA3NDZaMHQwcjBKMAkGBSsOAwIaBQAE +FHyxZlScq9tE7mImFq30ZXv3etWUBBStvZh6NLQm9/rEJlTvA73gJMtUGgIRAKcN +bJWejX5BTb8DmevkCauAABgPMjAxMjEwMTAxMzA3NDZaoBEYDzIwMTIxMDE0MTMw +NzQ2WjANBgkqhkiG9w0BAQUFAAOCAQEAA70+GYJoFuUBwIN9KHMqmOOtnmoLBBlm +HL2Su70ZEqSmL4zTt3iHY3m2YaNYSPphgDlQ4lY8zGAkCSrZ3ulpJun3RRy+gD29 +0ks155tChMbYNZrFm46vKWabBjh2p+623daymlcbgizi5Z+P4oJL68VrOqh+DArE +MpHH16BTGaF+bAjzTRSbS90xUReqwnnEpRBrmcQVo4uKpSkbyrx7iMLqsJ2vGpgh +xqj1kNPT9g3+gegmdU9QpFV0l9ZV8X/f0uz5nT4I0NL81d/KDHGx2rd+bftLODeL +ZAWAzFbr5B5EMqPGoh/SQXpcuVOqMHjh8fi8PBXBcitlIFzdDKXDvA== diff --git a/openssl-1.1.0h/test/ocsp-tests/WSNIC_D1_Issuer_ICA.pem b/openssl-1.1.0h/test/ocsp-tests/WSNIC_D1_Issuer_ICA.pem new file mode 100644 index 0000000..3f1c053 --- /dev/null +++ b/openssl-1.1.0h/test/ocsp-tests/WSNIC_D1_Issuer_ICA.pem @@ -0,0 +1,27 @@ +-----BEGIN CERTIFICATE----- +MIIEhjCCA26gAwIBAgILBAAAAAABL07hXdQwDQYJKoZIhvcNAQEFBQAwTDEgMB4G +A1UECxMXR2xvYmFsU2lnbiBSb290IENBIC0gUjIxEzARBgNVBAoTCkdsb2JhbFNp +Z24xEzARBgNVBAMTCkdsb2JhbFNpZ24wHhcNMTEwNDEzMTAwMDAwWhcNMjIwNDEz +MTAwMDAwWjBZMQswCQYDVQQGEwJVUzEZMBcGA1UEChMQR2xvYmFsU2lnbiBudi1z +YTEvMC0GA1UEAxMmR2xvYmFsU2lnbiBFeHRlbmRlZCBWYWxpZGF0aW9uIENBIC0g +RzIwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDNoUbMUpq4pbR/WNnN +2EugcgyXW6aIIMO5PUbc0FxSMPb6WU+FX7DbiLSpXysjSKyr9ZJ4FLYyD/tcaoVb +AJDgu2X1WvlPZ37HbCnsk8ArysRe2LDb1r4/mwvAj6ldrvcAAqT8umYROHf+IyAl +VRDFvYK5TLFoxuJwe4NcE2fBofN8C6iZmtDimyUxyCuNQPZSY7GgrVou9Xk2bTUs +Dt0F5NDiB0i3KF4r1VjVbNAMoQFGAVqPxq9kx1UBXeHRxmxQJaAFrQCrDI1la93r +wnJUyQ88ABeHIu/buYZ4FlGud9mmKE3zWI2DZ7k0JZscUYBR84OSaqOuR5rW5Isb +wO2xAgMBAAGjggFaMIIBVjAOBgNVHQ8BAf8EBAMCAQYwEgYDVR0TAQH/BAgwBgEB +/wIBADAdBgNVHQ4EFgQUsLBK/Rx1KPgcYaoT9vrBkD1rFqMwRwYDVR0gBEAwPjA8 +BgRVHSAAMDQwMgYIKwYBBQUHAgEWJmh0dHBzOi8vd3d3Lmdsb2JhbHNpZ24uY29t +L3JlcG9zaXRvcnkvMDYGA1UdHwQvMC0wK6ApoCeGJWh0dHA6Ly9jcmwuZ2xvYmFs +c2lnbi5uZXQvcm9vdC1yMi5jcmwwRAYIKwYBBQUHAQEEODA2MDQGCCsGAQUFBzAB +hihodHRwOi8vb2NzcC5nbG9iYWxzaWduLmNvbS9FeHRlbmRlZFNTTENBMCkGA1Ud +JQQiMCAGCCsGAQUFBwMBBggrBgEFBQcDAgYKKwYBBAGCNwoDAzAfBgNVHSMEGDAW +gBSb4gdXZxwewGoG3lm0mi3f3BmGLjANBgkqhkiG9w0BAQUFAAOCAQEAL0m28rZa +pJWrnlrpK4KbzJBrfHRFIOde2Mcj7ig1sTVlKqVR4FU/9oNntOQ2KbDa7JeVqYoF +o0X+Iy5SiLQfEICt0oufo1+oxetz3nmIQZgz7qdgGLFGyUAQB5yPClLJExoGbqCb +LTr2rk/no1E1KlsYBRLlUdy2NmLz4aQP++TPw5S/EauhWTEB8MxT7I9j12yW00gq +iiPtRVaoZkHqAblH7qFHDBTxI+Egc8p9UHxkOFejj0qcm+ltRc9Ea01gIEBxJbVG +qmwIft/I+shWKpLLg7h5CZctXqEBzgbttJfJBNxB7+BPNk3kQHNG7BESfIhbNCYl +TercGL7FG81kwA== +-----END CERTIFICATE----- diff --git a/openssl-1.1.0h/test/ocsp-tests/WSNIC_D2_Issuer_Root.pem b/openssl-1.1.0h/test/ocsp-tests/WSNIC_D2_Issuer_Root.pem new file mode 100644 index 0000000..af1b8b0 --- /dev/null +++ b/openssl-1.1.0h/test/ocsp-tests/WSNIC_D2_Issuer_Root.pem @@ -0,0 +1,21 @@ +-----BEGIN CERTIFICATE----- +MIIDdTCCAl2gAwIBAgILBAAAAAABFUtaw5QwDQYJKoZIhvcNAQEFBQAwVzELMAkG +A1UEBhMCVVMxGTAXBgNVBAoTEEdsb2JhbFNpZ24gbnYtc2ExEDAOBgNVBAsTB1Jv +b3QgQ0ExGzAZBgNVBAMTEkdsb2JhbFNpZ24gUm9vdCBDQTAeFw05ODA5MDExMjAw +MDBaFw0yODAxMjgxMjAwMDBaMFcxCzAJBgNVBAYTAlVTMRkwFwYDVQQKExBHbG9i +YWxTaWduIG52LXNhMRAwDgYDVQQLEwdSb290IENBMRswGQYDVQQDExJHbG9iYWxT +aWduIFJvb3QgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDaDuaZ +jc6j40+Kfvvxi4Mla+pIH/EqsLmVEQS98GPR4mdmzxzdzxtIK+6NiY6arymAZavp +xy0Sy6scTHAHoT0KMM0VjU/43dSMUBUc71DuxC73/OlS8pF94G3VNTCOXkNz8kHp +1Wrjsok6Vjk4bwY8iGlbKk3Fp1S4bInMm/k8yuX9ifUSPJJ4ltbcdG6TRGHRjcdG +snUOhugZitVtbNV4FpWi6cgKOOvyJBNPc1STE4U6G7weNLWLBYy5d4ux2x8gkasJ +U26Qzns3dLlwR5EiUWMWea6xrkEmCMgZK9FGqkjWZCrXgzT/LCrBbBlDSgeF59N8 +9iFo7+ryUp9/k5DPAgMBAAGjQjBAMA4GA1UdDwEB/wQEAwIBBjAPBgNVHRMBAf8E +BTADAQH/MB0GA1UdDgQWBBRge2YaRQ2XyolQL30EzTSo//z9SzANBgkqhkiG9w0B +AQUFAAOCAQEA1nPnfE920I2/7LqivjTFKDK1fPxsnCwrvQmeU79rXqoRSLblCKOz +yj1hTdNGCbM+w6DjY1Ub8rrvrTnhQ7k4o+YviiY776BQVvnGCv04zcQLcFGUl5gE +38NflNUVyRRBnMRddWQVDf9VMOyGj/8N7yy5Y0b2qvzfvGn9LhJIZJrglfCm7ymP +AbEVtQwdpf5pLGkkeB6zpxxxYu7KyJesF12KwvhHhm4qxFYxldBniYUr+WymXUad +DKqC5JlR3XC321Y9YeRq4VzW9v493kHMB65jUr9TU/Qr6cf9tveCX4XSQRjbgbME +HMUfpIBvFSDJ3gyICh3WZlXi/EjJKSZp4A== +-----END CERTIFICATE----- diff --git a/openssl-1.1.0h/test/ocsp-tests/WSNIC_D3_Issuer_Root.pem b/openssl-1.1.0h/test/ocsp-tests/WSNIC_D3_Issuer_Root.pem new file mode 100644 index 0000000..764797a --- /dev/null +++ b/openssl-1.1.0h/test/ocsp-tests/WSNIC_D3_Issuer_Root.pem @@ -0,0 +1,41 @@ +-----BEGIN CERTIFICATE----- +MIIHPTCCBSWgAwIBAgIBADANBgkqhkiG9w0BAQQFADB5MRAwDgYDVQQKEwdUZXN0 +IENBMR4wHAYDVQQLExVodHRwOi8vd3d3LmNhY2VydC5vcmcxIjAgBgNVBAMTGUNB +IENlcnQgU2lnbmluZyBBdXRob3JpdHkxITAfBgkqhkiG9w0BCQEWEnN1cHBvcnRA +Y2FjZXJ0Lm9yZzAeFw0wMzAzMzAxMjI5NDlaFw0zMzAzMjkxMjI5NDlaMHkxEDAO +BgNVBAoTB1Rlc3QgQ0ExHjAcBgNVBAsTFWh0dHA6Ly93d3cuY2FjZXJ0Lm9yZzEi +MCAGA1UEAxMZQ0EgQ2VydCBTaWduaW5nIEF1dGhvcml0eTEhMB8GCSqGSIb3DQEJ +ARYSc3VwcG9ydEBjYWNlcnQub3JnMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIIC +CgKCAgEAziLA4kZ97DYoB1CW8qAzQIxL8TtmPzHlawI229Z89vGIj053NgVBlfkJ +8BLPRoZzYLdufujAWGSuzbCtRRcMY/pnCujW0r8+55jE8Ez64AO7NV1sId6eINm6 +zWYyN3L69wj1x81YyY7nDl7qPv4coRQKFWyGhFtkZip6qUtTefWIonvuLwphK42y +fk1WpRPs6tqSnqxEQR5YYGUFZvjARL3LlPdCfgv3ZWiYUQXw8wWRBB0bF4LsyFe7 +w2t6iPGwcswlWyCR7BYCEo8y6RcYSNDHBS4CMEK4JZwFaz+qOqfrU0j36NK2B5jc +G8Y0f3/JHIJ6BVgrCFvzOKKrF11myZjXnhCLotLddJr3cQxyYN/Nb5gznZY0dj4k +epKwDpUeb+agRThHqtdB7Uq3EvbXG4OKDy7YCbZZ16oE/9KTfWgu3YtLq1i6L43q +laegw1SJpfvbi1EinbLDvhG+LJGGi5Z4rSDTii8aP8bQUWWHIbEZAWV/RRyH9XzQ +QUxPKZgh/TMfdQwEUfoZd9vUFBzugcMd9Zi3aQaRIt0AUMyBMawSB3s42mhb5ivU +fslfrejrckzzAeVLIL+aplfKkQABi6F1ITe1Yw1nPkZPcCBnzsXWWdsC4PDSy826 +YreQQejdIOQpvGQpQsgi3Hia/0PsmBsJUUtaWsJx8cTLc6nloQsCAwEAAaOCAc4w +ggHKMB0GA1UdDgQWBBQWtTIb1Mfz4OaO873SsDrusjkY0TCBowYDVR0jBIGbMIGY +gBQWtTIb1Mfz4OaO873SsDrusjkY0aF9pHsweTEQMA4GA1UEChMHUm9vdCBDQTEe +MBwGA1UECxMVaHR0cDovL3d3dy5jYWNlcnQub3JnMSIwIAYDVQQDExlDQSBDZXJ0 +IFNpZ25pbmcgQXV0aG9yaXR5MSEwHwYJKoZIhvcNAQkBFhJzdXBwb3J0QGNhY2Vy +dC5vcmeCAQAwDwYDVR0TAQH/BAUwAwEB/zAyBgNVHR8EKzApMCegJaAjhiFodHRw +czovL3d3dy5jYWNlcnQub3JnL3Jldm9rZS5jcmwwMAYJYIZIAYb4QgEEBCMWIWh0 +dHBzOi8vd3d3LmNhY2VydC5vcmcvcmV2b2tlLmNybDA0BglghkgBhvhCAQgEJxYl +aHR0cDovL3d3dy5jYWNlcnQub3JnL2luZGV4LnBocD9pZD0xMDBWBglghkgBhvhC +AQ0ESRZHVG8gZ2V0IHlvdXIgb3duIGNlcnRpZmljYXRlIGZvciBGUkVFIGhlYWQg +b3ZlciB0byBodHRwOi8vd3d3LmNhY2VydC5vcmcwDQYJKoZIhvcNAQEEBQADggIB +ACjH7pyCArpcgBLKNQodgW+JapnM8mgPf6fhjViVPr3yBsOQWqy1YPaZQwGjiHCc +nWKdpIevZ1gNMDY75q1I08t0AoZxPuIrA2jxNGJARjtT6ij0rPtmlVOKTV39O9lg +18p5aTuxZZKmxoGCXJzN600BiqXfEVWqFcofN8CCmHBh22p8lqOOLlQ+TyGpkO/c +gr/c6EWtTZBzCDyUZbAEmXZ/4rzCahWqlwQ3JNgelE5tDlG+1sSPypZt90Pf6DBl +Jzt7u0NDY8RD97LsaMzhGY4i+5jhe1o+ATc7iwiwovOVThrLm82asduycPAtStvY +sONvRUgzEv/+PDIqVPfE94rwiCPCR/5kenHA0R6mY7AHfqQv0wGP3J8rtsYIqQ+T +SCX8Ev2fQtzzxD72V7DX3WnRBnc0CkvSyqD/HMaMyRa+xMwyN2hzXwj7UfdJUzYF +CpUCTPJ5GhD22Dp1nPMd8aINcGeGG7MW9S/lpOt5hvk9C8JzC6WZrG/8Z7jlLwum +GCSNe9FINSkYQKyTYOGWhlC0elnYjyELn8+CkcY7v2vcB5G5l1YjqrZslMZIBjzk +zk6q5PYvCdxTby78dOs6Y5nCpqyJvKeyRKANihDjbPIky/qbn3BHLt4Ui9SyIAmW +omTxJBzcoTWcFbLUvFUufQb1nA5V9FrWk9p2rSVzTMVD +-----END CERTIFICATE----- diff --git a/openssl-1.1.0h/test/ocsp-tests/WSNIC_ND1_Issuer_ICA.pem b/openssl-1.1.0h/test/ocsp-tests/WSNIC_ND1_Issuer_ICA.pem new file mode 100644 index 0000000..06b6908 --- /dev/null +++ b/openssl-1.1.0h/test/ocsp-tests/WSNIC_ND1_Issuer_ICA.pem @@ -0,0 +1,29 @@ +-----BEGIN CERTIFICATE----- +MIIFBjCCA+6gAwIBAgIQEaO00OyNt3+doM1dLVEvQjANBgkqhkiG9w0BAQUFADCB +gTELMAkGA1UEBhMCR0IxGzAZBgNVBAgTEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4G +A1UEBxMHU2FsZm9yZDEaMBgGA1UEChMRQ09NT0RPIENBIExpbWl0ZWQxJzAlBgNV +BAMTHkNPTU9ETyBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAeFw0xMDA1MjQwMDAw +MDBaFw0yMDA1MzAxMDQ4MzhaMIGOMQswCQYDVQQGEwJVUzEbMBkGA1UECBMSR3Jl +YXRlciBNYW5jaGVzdGVyMRAwDgYDVQQHEwdTYWxmb3JkMRowGAYDVQQKExFDT01P +RE8gQ0EgTGltaXRlZDE0MDIGA1UEAxMrQ09NT0RPIEV4dGVuZGVkIFZhbGlkYXRp +b24gU2VjdXJlIFNlcnZlciBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC +ggEBAMxKljPNJY1n7iiWN4dG8PYEooR/U6qW5h+xAhxu7X0h1Nc8HqLYaS+ot/Wi +7WRYZOFEZTZJQSABjTsT4gjzDPJXOZM3txyTRIOOvy3xoQV12m7ue28b6naDKHRK +HCvT9cQDcpOvhs4JjDx11MkKL3Lzrb0OMDyEoXMfAyUUpY/D1vS15N2GevUZumjy +hVSiMBHK0ZLLO3QGEqA3q2rYVBHfbJoWlLm0p2XGdC0x801S6VVRn8s+oo12mHDS +b6ZlRS8bhbtbbfnywARmE4R6nc4n2PREnr+svpnba0/bWCGwiSe0jzLWS15ykV7f +BZ3ZSS/0tm9QH3XLgJ3m0+TR8tMCAwEAAaOCAWkwggFlMB8GA1UdIwQYMBaAFAtY +5YvGTBU3pECpMKkhvkc2Wlb/MB0GA1UdDgQWBBSIRFH/UCppXi2I9CG62Qzyzsvq +fDAOBgNVHQ8BAf8EBAMCAQYwEgYDVR0TAQH/BAgwBgEB/wIBADA+BgNVHSAENzA1 +MDMGBFUdIAAwKzApBggrBgEFBQcCARYdaHR0cHM6Ly9zZWN1cmUuY29tb2RvLmNv +bS9DUFMwSQYDVR0fBEIwQDA+oDygOoY4aHR0cDovL2NybC5jb21vZG9jYS5jb20v +Q09NT0RPQ2VydGlmaWNhdGlvbkF1dGhvcml0eS5jcmwwdAYIKwYBBQUHAQEEaDBm +MD4GCCsGAQUFBzAChjJodHRwOi8vY3J0LmNvbW9kb2NhLmNvbS9DT01PRE9BZGRU +cnVzdFNlcnZlckNBLmNydDAkBggrBgEFBQcwAYYYaHR0cDovL29jc3AuY29tb2Rv +Y2EuY29tMA0GCSqGSIb3DQEBBQUAA4IBAQCaQ7+vpHJezX1vf/T8PYy7cOYe3QT9 +P9ydn7+JdpvyhjH8f7PtKpFTLOKqsOPILHH3FYojHPFpLoH7sbxiC6saVBzZIl40 +TKX2Iw9dej3bQ81pfhc3Us1TocIR1FN4J2TViUFNFlW7kMvw2OTd3dMJZEgo/zIj +hC+Me1UvzymINzR4DzOq/7fylqSbRIC1vmxWVKukgZ4lGChUOn8sY89ZIIwYazgs +tN3t40DeDDYlV5rA0WCeXgNol64aO+pF11GZSe5EWVYLXrGPaOqKnsrSyaADfnAl +9DLJTlCDh6I0SD1PNXf82Ijq9n0ezkO21cJqfjhmY03n7jLvDyToKmf6 +-----END CERTIFICATE----- diff --git a/openssl-1.1.0h/test/ocsp-tests/WSNIC_ND2_Issuer_Root.pem b/openssl-1.1.0h/test/ocsp-tests/WSNIC_ND2_Issuer_Root.pem new file mode 100644 index 0000000..1b46fcf --- /dev/null +++ b/openssl-1.1.0h/test/ocsp-tests/WSNIC_ND2_Issuer_Root.pem @@ -0,0 +1,23 @@ +-----BEGIN CERTIFICATE----- +MIID0DCCArigAwIBAgIQIKTEf93f4cdTYwcTiHdgEjANBgkqhkiG9w0BAQUFADCB +gTELMAkGA1UEBhMCR0IxGzAZBgNVBAgTEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4G +A1UEBxMHU2FsZm9yZDEaMBgGA1UEChMRQ09NT0RPIENBIExpbWl0ZWQxJzAlBgNV +BAMTHkNPTU9ETyBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAeFw0xMTAxMDEwMDAw +MDBaFw0zMDEyMzEyMzU5NTlaMIGBMQswCQYDVQQGEwJVUzEbMBkGA1UECBMSR3Jl +YXRlciBNYW5jaGVzdGVyMRAwDgYDVQQHEwdTYWxmb3JkMRowGAYDVQQKExFDT01P +RE8gQ0EgTGltaXRlZDEnMCUGA1UEAxMeQ09NT0RPIENlcnRpZmljYXRpb24gQXV0 +aG9yaXR5MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0ECLi3LjkRv3 +UcEbVASY06m/weaKXTuH+7uIzg3jLz8GlvCiKVCZrts7oVewdFFxze1CkU1B/qnI +2GqGd0S7WWaXUF601CxwRM/aN5VCaTwwxHGzUvAhTaHYujl8HJ6jJJ3ygxaYqhZ8 +Q5sVW7euNJH+1GImGEaaP+vB+fGQV+useg2L23IwambV4EajcNxo2f8ESIl33rXp ++2dtQem8Ob0y2WIC8bGoPW43nOIv4tOiJovGuFVDiOEjPqXSJDlqR6sA1KGzqSX+ +DT+nHbrTUcELpNqsOO9VUCQFZUaTNE8tja3G1CEZ0o7KBWFxB3NH5YoZEr0ETc5O +nKVIrLsm9wIDAQABo0IwQDAdBgNVHQ4EFgQUC1jli8ZMFTekQKkwqSG+RzZaVv8w +DgYDVR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQEFBQAD +ggEBAC/JxBwHO89hAgCx2SFRdXIDMLDEFh9sAIsQrK/xR9SuEDwMGvjUk2ysEDd8 +t6aDZK3N3w6HM503sMZ7OHKx8xoOo/lVem0DZgMXlUrxsXrfViEGQo+x06iF3u6X +HWLrp+cxEmbDD6ZLLkGC9/3JG6gbr+48zuOcrigHoSybJMIPIyaDMouGDx8rEkYl +Fo92kANr3ryqImhrjKGsKxE5pttwwn1y6TPn/CbxdFqR5p2ErPioBhlG5qfpqjQi +pKGfeq23sqSaM4hxAjwu1nqyH6LKwN0vEJT9s4yEIHlG1QXUEOTS22RPuFvuG8Ug +R1uUq27UlTMdphVx8fiUylQ5PsE= +-----END CERTIFICATE----- diff --git a/openssl-1.1.0h/test/ocsp-tests/WSNIC_ND3_Issuer_Root.pem b/openssl-1.1.0h/test/ocsp-tests/WSNIC_ND3_Issuer_Root.pem new file mode 100644 index 0000000..4d1f454 --- /dev/null +++ b/openssl-1.1.0h/test/ocsp-tests/WSNIC_ND3_Issuer_Root.pem @@ -0,0 +1,25 @@ +-----BEGIN CERTIFICATE----- +MIIENjCCAx6gAwIBAgIBATANBgkqhkiG9w0BAQUFADBvMQswCQYDVQQGEwJTRTEU +MBIGA1UEChMLQWRkVHJ1c3QgQUIxJjAkBgNVBAsTHUFkZFRydXN0IEV4dGVybmFs +IFRUUCBOZXR3b3JrMSIwIAYDVQQDExlBZGRUcnVzdCBFeHRlcm5hbCBDQSBSb290 +MB4XDTAwMDUzMDEwNDgzOFoXDTIwMDUzMDEwNDgzOFowbzELMAkGA1UEBhMCVVMx +FDASBgNVBAoTC0FkZFRydXN0IEFCMSYwJAYDVQQLEx1BZGRUcnVzdCBFeHRlcm5h +bCBUVFAgTmV0d29yazEiMCAGA1UEAxMZQWRkVHJ1c3QgRXh0ZXJuYWwgQ0EgUm9v +dDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALf3GjPm8gAELTngTlvt +H7xsD821+iO2zt6bETOXpClMfZOfvUq8k+0DGuOPz+VtUFrWlymUWoCwSXrbLpX9 +uMq/NzgtHj6RQa1wVsfwTz/oMp50ysiQVOnGXw94nZpAPA6sYapeFI+eh6FqUNzX +mk6vBbOmcZSccbNQYArHE504B4YCqOmoaSYYkKtMsE8jqzpPhNjfzp/haW+710LX +a0Tkx63ubUFfclpxCDezeWWkWaCUN/cALw3CknLa0Dhy2xSoRcRdKn23tNbE7qzN +E0S3ySvdQwAl+mG5aWpYIxG3pzOPVnVZ9c0p10a3CitlttNCbxWyuHv77+ldU9U0 +WicCAwEAAaOB3DCB2TAdBgNVHQ4EFgQUrb2YejS0Jvf6xCZU7wO94CTLVBowCwYD +VR0PBAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wgZkGA1UdIwSBkTCBjoAUrb2YejS0 +Jvf6xCZU7wO94CTLVBqhc6RxMG8xCzAJBgNVBAYTAlNFMRQwEgYDVQQKEwtBZGRU +cnVzdCBBQjEmMCQGA1UECxMdQWRkVHJ1c3QgRXh0ZXJuYWwgVFRQIE5ldHdvcmsx +IjAgBgNVBAMTGUFkZFRydXN0IEV4dGVybmFsIENBIFJvb3SCAQEwDQYJKoZIhvcN +AQEFBQADggEBALCb4IUlwtYj4g+WBpKdQZic2YR5gdkeWxQHIzZlj7DYd7usQWxH +YINRsPkyPef89iYTx4AWpb9a/IfPeHmJIZriTAcKhjW88t5RxNKWt9x+Tu5w/Rw5 +6wwCURQtjr0W4MHfRnXnJK3s9EK0hZNwEGe6nQY1ShjTK3rMUUKhemPR5ruhxSvC +Nr4TDea9Y355e6cJDUCrat2PisP29owaQgVR1EX1n6diIWgVIEM8med8vSTYqZEX +c4g/VhsxOBi0cQ+azcgOno4uG+GMmIPLHzHxREzGBHNJdmAPx/i9F4BrLunMTA5a +mnkPIAou1Z5jJh5VkpTYghdae9C8x49OhgQ= +-----END CERTIFICATE----- diff --git a/openssl-1.1.0h/test/ocspapitest.c b/openssl-1.1.0h/test/ocspapitest.c new file mode 100644 index 0000000..42befe7 --- /dev/null +++ b/openssl-1.1.0h/test/ocspapitest.c @@ -0,0 +1,168 @@ +/* + * Copyright 2017 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#include + +#include +#include +#include +#include +#include +#include + +#include "testutil.h" + +static const char *certstr; +static const char *privkeystr; + +#ifndef OPENSSL_NO_OCSP +static int get_cert_and_key(X509 **cert_out, EVP_PKEY **key_out) +{ + BIO *certbio, *keybio; + X509 *cert = NULL; + EVP_PKEY *key = NULL; + + if ((certbio = BIO_new_file(certstr, "r")) == NULL) + return 0; + cert = PEM_read_bio_X509(certbio, NULL, NULL, NULL); + BIO_free(certbio); + if ((keybio = BIO_new_file(privkeystr, "r")) == NULL) + goto end; + key = PEM_read_bio_PrivateKey(keybio, NULL, NULL, NULL); + BIO_free(keybio); + if (cert == NULL || key == NULL) + goto end; + *cert_out = cert; + *key_out = key; + return 1; + end: + X509_free(cert); + EVP_PKEY_free(key); + return 0; +} + +static OCSP_BASICRESP *make_dummy_resp(void) +{ + const unsigned char namestr[] = "openssl.example.com"; + unsigned char keybytes[128] = {7}; + OCSP_BASICRESP *bs = OCSP_BASICRESP_new(); + OCSP_BASICRESP *bs_out = NULL; + OCSP_CERTID *cid = NULL; + ASN1_TIME *thisupd = ASN1_TIME_set(NULL, time(NULL)); + ASN1_TIME *nextupd = ASN1_TIME_set(NULL, time(NULL) + 200); + X509_NAME *name = X509_NAME_new(); + ASN1_BIT_STRING *key = ASN1_BIT_STRING_new(); + ASN1_INTEGER *serial = ASN1_INTEGER_new(); + + if (!X509_NAME_add_entry_by_NID(name, NID_commonName, MBSTRING_ASC, + namestr, -1, -1, 1) + || !ASN1_BIT_STRING_set(key, keybytes, sizeof(keybytes)) + || !ASN1_INTEGER_set_uint64(serial, (uint64_t)1)) + goto err; + cid = OCSP_cert_id_new(EVP_sha256(), name, key, serial); + if (bs == NULL + || thisupd == NULL + || nextupd == NULL + || cid == NULL + || !OCSP_basic_add1_status(bs, cid, + V_OCSP_CERTSTATUS_UNKNOWN, + 0, NULL, thisupd, nextupd)) + goto err; + bs_out = bs; + bs = NULL; + err: + ASN1_TIME_free(thisupd); + ASN1_TIME_free(nextupd); + ASN1_BIT_STRING_free(key); + ASN1_INTEGER_free(serial); + OCSP_CERTID_free(cid); + OCSP_BASICRESP_free(bs); + X509_NAME_free(name); + return bs_out; +} + +static int test_resp_signer(void) +{ + OCSP_BASICRESP *bs = NULL; + X509 *signer = NULL, *tmp; + EVP_PKEY *key = NULL; + STACK_OF(X509) *extra_certs = NULL; + int ret = 0; + + /* + * Test a response with no certs at all; get the signer from the + * extra certs given to OCSP_resp_get0_signer(). + */ + bs = make_dummy_resp(); + extra_certs = sk_X509_new_null(); + if (bs == NULL + || extra_certs == NULL + || !get_cert_and_key(&signer, &key) + || !sk_X509_push(extra_certs, signer) + || !OCSP_basic_sign(bs, signer, key, EVP_sha1(), + NULL, OCSP_NOCERTS)) + goto err; + if (!OCSP_resp_get0_signer(bs, &tmp, extra_certs) + || X509_cmp(tmp, signer) != 0) + goto err; + OCSP_BASICRESP_free(bs); + + /* Do it again but include the signer cert */ + bs = make_dummy_resp(); + tmp = NULL; + if (bs == NULL + || !OCSP_basic_sign(bs, signer, key, EVP_sha1(), + NULL, 0)) + goto err; + if (!OCSP_resp_get0_signer(bs, &tmp, NULL) + || X509_cmp(tmp, signer) != 0) + goto err; + ret = 1; + err: + OCSP_BASICRESP_free(bs); + sk_X509_free(extra_certs); + X509_free(signer); + EVP_PKEY_free(key); + return ret; +} +#endif + +int main(int argc, char *argv[]) +{ + int testresult = 1; + BIO *err = NULL; + + if (argc != 3) { + printf("Invalid argument count\n"); + return 1; + } + if ((certstr = argv[1]) == NULL + || (privkeystr = argv[2]) == NULL) + return 1; + err = BIO_new_fp(stderr, BIO_NOCLOSE | BIO_FP_TEXT); + + CRYPTO_set_mem_debug(1); + CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON); + +#ifndef OPENSSL_NO_OCSP + ADD_TEST(test_resp_signer); +#endif + testresult = run_tests(argv[0]); + +#ifndef OPENSSL_NO_CRYPTO_MDEBUG + if (CRYPTO_mem_leaks(err) <= 0) + testresult = 1; +#endif + BIO_free(err); + + if (!testresult) + printf("PASS\n"); + + return testresult; +} diff --git a/openssl-1.1.0h/test/p5_crpt2_test.c b/openssl-1.1.0h/test/p5_crpt2_test.c new file mode 100644 index 0000000..4a40c26 --- /dev/null +++ b/openssl-1.1.0h/test/p5_crpt2_test.c @@ -0,0 +1,159 @@ +/* + * Copyright 2013-2016 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#include +#include + +#include "../e_os.h" + +#include +#include +#include +#include + +typedef struct { + const char *pass; + int passlen; + const char *salt; + int saltlen; + int iter; +} testdata; + +static testdata test_cases[] = { + {"password", 8, "salt", 4, 1}, + {"password", 8, "salt", 4, 2}, + {"password", 8, "salt", 4, 4096}, + {"passwordPASSWORDpassword", 24, + "saltSALTsaltSALTsaltSALTsaltSALTsalt", 36, 4096}, + {"pass\0word", 9, "sa\0lt", 5, 4096}, + {NULL}, +}; + +static const char *sha1_results[] = { + "0c60c80f961f0e71f3a9b524af6012062fe037a6", + "ea6c014dc72d6f8ccd1ed92ace1d41f0d8de8957", + "4b007901b765489abead49d926f721d065a429c1", + "3d2eec4fe41c849b80c8d83662c0e44a8b291a964cf2f07038", + "56fa6aa75548099dcc37d7f03425e0c3", +}; + +static const char *sha256_results[] = { + "120fb6cffcf8b32c43e7225256c4f837a86548c92ccc35480805987cb70be17b", + "ae4d0c95af6b46d32d0adff928f06dd02a303f8ef3c251dfd6e2d85a95474c43", + "c5e478d59288c841aa530db6845c4c8d962893a001ce4e11a4963873aa98134a", + "348c89dbcbd32b2f32d814b8116e84cf2b17347ebc1800181c4e2a1fb8dd53e1c63551" + "8c7dac47e9", + "89b69d0516f829893c696226650a8687", +}; + +static const char *sha512_results[] = { + "867f70cf1ade02cff3752599a3a53dc4af34c7a669815ae5d513554e1c8cf252c02d47" + "0a285a0501bad999bfe943c08f050235d7d68b1da55e63f73b60a57fce", + "e1d9c16aa681708a45f5c7c4e215ceb66e011a2e9f0040713f18aefdb866d53cf76cab" + "2868a39b9f7840edce4fef5a82be67335c77a6068e04112754f27ccf4e", + "d197b1b33db0143e018b12f3d1d1479e6cdebdcc97c5c0f87f6902e072f457b5143f30" + "602641b3d55cd335988cb36b84376060ecd532e039b742a239434af2d5", + "8c0511f4c6e597c6ac6315d8f0362e225f3c501495ba23b868c005174dc4ee71115b59" + "f9e60cd9532fa33e0f75aefe30225c583a186cd82bd4daea9724a3d3b8", + "9d9e9c4cd21fe4be24d5b8244c759665", +}; + +static void hexdump(FILE *f, const char *title, const unsigned char *s, int l) +{ + int i; + fprintf(f, "%s", title); + for (i = 0; i < l; i++) { + fprintf(f, "%02x", s[i]); + } + fprintf(f, "\n"); +} + +static void convert(unsigned char *dst, const unsigned char *src, int len) +{ + int i; + for (i = 0; i < len; i++, dst++, src += 2) { + unsigned int n; + sscanf((char *)src, "%2x", &n); + *dst = (unsigned char)n; + } + *dst = 0; +} + +static void +test_p5_pbkdf2(int i, char *digestname, testdata *test, const char *hex) +{ + const EVP_MD *digest; + unsigned char *out; + unsigned char *expected; + int keylen, r; + + digest = EVP_get_digestbyname(digestname); + if (digest == NULL) { + fprintf(stderr, "unknown digest %s\n", digestname); + EXIT(5); + } + + if ((strlen(hex) % 2) != 0) { + fprintf(stderr, "odd hex digest %s %i\n", digestname, i); + EXIT(5); + } + keylen = strlen(hex) / 2; + expected = OPENSSL_malloc(keylen + 1); + out = OPENSSL_malloc(keylen + 1); + if ((expected == NULL) || (out == NULL)) { + fprintf(stderr, "malloc() failed\n"); + EXIT(5); + } + convert(expected, (const unsigned char *)hex, keylen); + + r = PKCS5_PBKDF2_HMAC(test->pass, test->passlen, + (const unsigned char *)test->salt, test->saltlen, + test->iter, digest, keylen, out); + + if (r == 0) { + fprintf(stderr, "PKCS5_PBKDF2_HMAC(%s) failure test %i\n", + digestname, i); + EXIT(3); + } + if (memcmp(expected, out, keylen) != 0) { + fprintf(stderr, "Wrong result for PKCS5_PBKDF2_HMAC(%s) test %i\n", + digestname, i); + hexdump(stderr, "expected: ", expected, keylen); + hexdump(stderr, "result: ", out, keylen); + EXIT(2); + } + OPENSSL_free(expected); + OPENSSL_free(out); +} + +int main(int argc, char **argv) +{ + int i; + testdata *test = test_cases; + + CRYPTO_set_mem_debug(1); + CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON); + + OPENSSL_init_crypto(OPENSSL_INIT_ENGINE_ALL_BUILTIN, NULL); + + printf("PKCS5_PBKDF2_HMAC() tests "); + for (i = 0; test->pass != NULL; i++, test++) { + test_p5_pbkdf2(i, "sha1", test, sha1_results[i]); + test_p5_pbkdf2(i, "sha256", test, sha256_results[i]); + test_p5_pbkdf2(i, "sha512", test, sha512_results[i]); + printf("."); + } + printf(" done\n"); + +#ifndef OPENSSL_NO_CRYPTO_MDEBUG + if (CRYPTO_mem_leaks_fp(stderr) <= 0) + return 1; +# endif + return 0; +} diff --git a/openssl-1.1.0h/test/packettest.c b/openssl-1.1.0h/test/packettest.c new file mode 100644 index 0000000..58fc752 --- /dev/null +++ b/openssl-1.1.0h/test/packettest.c @@ -0,0 +1,537 @@ +/* + * Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#include "../ssl/packet_locl.h" + +#define BUF_LEN 255 + +static int test_PACKET_remaining(unsigned char buf[BUF_LEN]) +{ + PACKET pkt; + + if ( !PACKET_buf_init(&pkt, buf, BUF_LEN) + || PACKET_remaining(&pkt) != BUF_LEN + || !PACKET_forward(&pkt, BUF_LEN - 1) + || PACKET_remaining(&pkt) != 1 + || !PACKET_forward(&pkt, 1) + || PACKET_remaining(&pkt) != 0) { + fprintf(stderr, "test_PACKET_remaining() failed\n"); + return 0; + } + + return 1; +} + +static int test_PACKET_end(unsigned char buf[BUF_LEN]) +{ + PACKET pkt; + + if ( !PACKET_buf_init(&pkt, buf, BUF_LEN) + || PACKET_remaining(&pkt) != BUF_LEN + || PACKET_end(&pkt) != buf + BUF_LEN + || !PACKET_forward(&pkt, BUF_LEN - 1) + || PACKET_end(&pkt) != buf + BUF_LEN + || !PACKET_forward(&pkt, 1) + || PACKET_end(&pkt) != buf + BUF_LEN) { + fprintf(stderr, "test_PACKET_end() failed\n"); + return 0; + } + + return 1; +} + +static int test_PACKET_get_1(unsigned char buf[BUF_LEN]) +{ + unsigned int i; + PACKET pkt; + + if ( !PACKET_buf_init(&pkt, buf, BUF_LEN) + || !PACKET_get_1(&pkt, &i) + || i != 0x02 + || !PACKET_forward(&pkt, BUF_LEN - 2) + || !PACKET_get_1(&pkt, &i) + || i != 0xfe + || PACKET_get_1(&pkt, &i)) { + fprintf(stderr, "test_PACKET_get_1() failed\n"); + return 0; + } + + return 1; +} + +static int test_PACKET_get_4(unsigned char buf[BUF_LEN]) +{ + unsigned long i; + PACKET pkt; + + if ( !PACKET_buf_init(&pkt, buf, BUF_LEN) + || !PACKET_get_4(&pkt, &i) + || i != 0x08060402UL + || !PACKET_forward(&pkt, BUF_LEN - 8) + || !PACKET_get_4(&pkt, &i) + || i != 0xfefcfaf8UL + || PACKET_get_4(&pkt, &i)) { + fprintf(stderr, "test_PACKET_get_4() failed\n"); + return 0; + } + + return 1; +} + +static int test_PACKET_get_net_2(unsigned char buf[BUF_LEN]) +{ + unsigned int i; + PACKET pkt; + + if ( !PACKET_buf_init(&pkt, buf, BUF_LEN) + || !PACKET_get_net_2(&pkt, &i) + || i != 0x0204 + || !PACKET_forward(&pkt, BUF_LEN - 4) + || !PACKET_get_net_2(&pkt, &i) + || i != 0xfcfe + || PACKET_get_net_2(&pkt, &i)) { + fprintf(stderr, "test_PACKET_get_net_2() failed\n"); + return 0; + } + + return 1; +} + +static int test_PACKET_get_net_3(unsigned char buf[BUF_LEN]) +{ + unsigned long i; + PACKET pkt; + + if ( !PACKET_buf_init(&pkt, buf, BUF_LEN) + || !PACKET_get_net_3(&pkt, &i) + || i != 0x020406UL + || !PACKET_forward(&pkt, BUF_LEN - 6) + || !PACKET_get_net_3(&pkt, &i) + || i != 0xfafcfeUL + || PACKET_get_net_3(&pkt, &i)) { + fprintf(stderr, "test_PACKET_get_net_3() failed\n"); + return 0; + } + + return 1; +} + +static int test_PACKET_get_net_4(unsigned char buf[BUF_LEN]) +{ + unsigned long i; + PACKET pkt; + + if ( !PACKET_buf_init(&pkt, buf, BUF_LEN) + || !PACKET_get_net_4(&pkt, &i) + || i != 0x02040608UL + || !PACKET_forward(&pkt, BUF_LEN - 8) + || !PACKET_get_net_4(&pkt, &i) + || i != 0xf8fafcfeUL + || PACKET_get_net_4(&pkt, &i)) { + fprintf(stderr, "test_PACKET_get_net_4() failed\n"); + return 0; + } + + return 1; +} + +static int test_PACKET_get_sub_packet(unsigned char buf[BUF_LEN]) +{ + PACKET pkt, subpkt; + unsigned long i; + + if ( !PACKET_buf_init(&pkt, buf, BUF_LEN) + || !PACKET_get_sub_packet(&pkt, &subpkt, 4) + || !PACKET_get_net_4(&subpkt, &i) + || i != 0x02040608UL + || PACKET_remaining(&subpkt) + || !PACKET_forward(&pkt, BUF_LEN - 8) + || !PACKET_get_sub_packet(&pkt, &subpkt, 4) + || !PACKET_get_net_4(&subpkt, &i) + || i != 0xf8fafcfeUL + || PACKET_remaining(&subpkt) + || PACKET_get_sub_packet(&pkt, &subpkt, 4)) { + fprintf(stderr, "test_PACKET_get_sub_packet() failed\n"); + return 0; + } + + return 1; +} + +static int test_PACKET_get_bytes(unsigned char buf[BUF_LEN]) +{ + const unsigned char *bytes; + PACKET pkt; + + if ( !PACKET_buf_init(&pkt, buf, BUF_LEN) + || !PACKET_get_bytes(&pkt, &bytes, 4) + || bytes[0] != 2 || bytes[1] != 4 + || bytes[2] != 6 || bytes[3] != 8 + || PACKET_remaining(&pkt) != BUF_LEN -4 + || !PACKET_forward(&pkt, BUF_LEN - 8) + || !PACKET_get_bytes(&pkt, &bytes, 4) + || bytes[0] != 0xf8 || bytes[1] != 0xfa + || bytes[2] != 0xfc || bytes[3] != 0xfe + || PACKET_remaining(&pkt)) { + fprintf(stderr, "test_PACKET_get_bytes() failed\n"); + return 0; + } + + return 1; +} + +static int test_PACKET_copy_bytes(unsigned char buf[BUF_LEN]) +{ + unsigned char bytes[4]; + PACKET pkt; + + if ( !PACKET_buf_init(&pkt, buf, BUF_LEN) + || !PACKET_copy_bytes(&pkt, bytes, 4) + || bytes[0] != 2 || bytes[1] != 4 + || bytes[2] != 6 || bytes[3] != 8 + || PACKET_remaining(&pkt) != BUF_LEN - 4 + || !PACKET_forward(&pkt, BUF_LEN - 8) + || !PACKET_copy_bytes(&pkt, bytes, 4) + || bytes[0] != 0xf8 || bytes[1] != 0xfa + || bytes[2] != 0xfc || bytes[3] != 0xfe + || PACKET_remaining(&pkt)) { + fprintf(stderr, "test_PACKET_copy_bytes() failed\n"); + return 0; + } + + return 1; +} + +static int test_PACKET_copy_all(unsigned char buf[BUF_LEN]) +{ + unsigned char tmp[BUF_LEN]; + PACKET pkt; + size_t len; + + if ( !PACKET_buf_init(&pkt, buf, BUF_LEN) + || !PACKET_copy_all(&pkt, tmp, BUF_LEN, &len) + || len != BUF_LEN + || memcmp(buf, tmp, BUF_LEN) != 0 + || PACKET_remaining(&pkt) != BUF_LEN + || PACKET_copy_all(&pkt, tmp, BUF_LEN - 1, &len)) { + fprintf(stderr, "test_PACKET_copy_bytes() failed\n"); + return 0; + } + + return 1; +} + +static int test_PACKET_memdup(unsigned char buf[BUF_LEN]) +{ + unsigned char *data = NULL; + size_t len; + PACKET pkt; + + if ( !PACKET_buf_init(&pkt, buf, BUF_LEN) + || !PACKET_memdup(&pkt, &data, &len) + || len != BUF_LEN + || memcmp(data, PACKET_data(&pkt), len) + || !PACKET_forward(&pkt, 10) + || !PACKET_memdup(&pkt, &data, &len) + || len != BUF_LEN - 10 + || memcmp(data, PACKET_data(&pkt), len)) { + fprintf(stderr, "test_PACKET_memdup() failed\n"); + OPENSSL_free(data); + return 0; + } + + OPENSSL_free(data); + return 1; +} + +static int test_PACKET_strndup() +{ + char buf[10], buf2[10]; + char *data = NULL; + PACKET pkt; + + memset(buf, 'x', 10); + memset(buf2, 'y', 10); + buf2[5] = '\0'; + + if ( !PACKET_buf_init(&pkt, (unsigned char*)buf, 10) + || !PACKET_strndup(&pkt, &data) + || strlen(data) != 10 + || strncmp(data, buf, 10) + || !PACKET_buf_init(&pkt, (unsigned char*)buf2, 10) + || !PACKET_strndup(&pkt, &data) + || strlen(data) != 5 + || strcmp(data, buf2)) { + fprintf(stderr, "test_PACKET_strndup failed\n"); + OPENSSL_free(data); + return 0; + } + + OPENSSL_free(data); + return 1; +} + +static int test_PACKET_contains_zero_byte() +{ + char buf[10], buf2[10]; + PACKET pkt; + + memset(buf, 'x', 10); + memset(buf2, 'y', 10); + buf2[5] = '\0'; + + if ( !PACKET_buf_init(&pkt, (unsigned char*)buf, 10) + || PACKET_contains_zero_byte(&pkt) + || !PACKET_buf_init(&pkt, (unsigned char*)buf2, 10) + || !PACKET_contains_zero_byte(&pkt)) { + fprintf(stderr, "test_PACKET_contains_zero_byte failed\n"); + return 0; + } + + return 1; +} + +static int test_PACKET_forward(unsigned char buf[BUF_LEN]) +{ + const unsigned char *byte; + PACKET pkt; + + if ( !PACKET_buf_init(&pkt, buf, BUF_LEN) + || !PACKET_forward(&pkt, 1) + || !PACKET_get_bytes(&pkt, &byte, 1) + || byte[0] != 4 + || !PACKET_forward(&pkt, BUF_LEN - 3) + || !PACKET_get_bytes(&pkt, &byte, 1) + || byte[0] != 0xfe) { + fprintf(stderr, "test_PACKET_forward() failed\n"); + return 0; + } + + return 1; +} + +static int test_PACKET_buf_init() +{ + unsigned char buf[BUF_LEN]; + PACKET pkt; + + /* Also tests PACKET_remaining() */ + if ( !PACKET_buf_init(&pkt, buf, 4) + || PACKET_remaining(&pkt) != 4 + || !PACKET_buf_init(&pkt, buf, BUF_LEN) + || PACKET_remaining(&pkt) != BUF_LEN + || PACKET_buf_init(&pkt, buf, -1)) { + fprintf(stderr, "test_PACKET_buf_init() failed\n"); + return 0; + } + + return 1; +} + +static int test_PACKET_null_init() +{ + PACKET pkt; + + PACKET_null_init(&pkt); + if ( PACKET_remaining(&pkt) != 0 + || PACKET_forward(&pkt, 1)) { + fprintf(stderr, "test_PACKET_null_init() failed\n"); + return 0; + } + + return 1; +} + +static int test_PACKET_equal(unsigned char buf[BUF_LEN]) +{ + PACKET pkt; + + if ( !PACKET_buf_init(&pkt, buf, 4) + || !PACKET_equal(&pkt, buf, 4) + || PACKET_equal(&pkt, buf + 1, 4) + || !PACKET_buf_init(&pkt, buf, BUF_LEN) + || !PACKET_equal(&pkt, buf, BUF_LEN) + || PACKET_equal(&pkt, buf, BUF_LEN - 1) + || PACKET_equal(&pkt, buf, BUF_LEN + 1) + || PACKET_equal(&pkt, buf, 0)) { + fprintf(stderr, "test_PACKET_equal() failed\n"); + return 0; + } + + return 1; +} + +static int test_PACKET_get_length_prefixed_1() +{ + unsigned char buf[BUF_LEN]; + const size_t len = 16; + unsigned int i; + PACKET pkt, short_pkt, subpkt; + + buf[0] = len; + for (i = 1; i < BUF_LEN; i++) { + buf[i] = (i * 2) & 0xff; + } + + if ( !PACKET_buf_init(&pkt, buf, BUF_LEN) + || !PACKET_buf_init(&short_pkt, buf, len) + || !PACKET_get_length_prefixed_1(&pkt, &subpkt) + || PACKET_remaining(&subpkt) != len + || !PACKET_get_net_2(&subpkt, &i) + || i != 0x0204 + || PACKET_get_length_prefixed_1(&short_pkt, &subpkt) + || PACKET_remaining(&short_pkt) != len) { + fprintf(stderr, "test_PACKET_get_length_prefixed_1() failed\n"); + return 0; + } + + return 1; +} + +static int test_PACKET_get_length_prefixed_2() +{ + unsigned char buf[1024]; + const size_t len = 516; /* 0x0204 */ + unsigned int i; + PACKET pkt, short_pkt, subpkt; + + for (i = 1; i <= 1024; i++) { + buf[i-1] = (i * 2) & 0xff; + } + + if ( !PACKET_buf_init(&pkt, buf, 1024) + || !PACKET_buf_init(&short_pkt, buf, len) + || !PACKET_get_length_prefixed_2(&pkt, &subpkt) + || PACKET_remaining(&subpkt) != len + || !PACKET_get_net_2(&subpkt, &i) + || i != 0x0608 + || PACKET_get_length_prefixed_2(&short_pkt, &subpkt) + || PACKET_remaining(&short_pkt) != len) { + fprintf(stderr, "test_PACKET_get_length_prefixed_2() failed\n"); + return 0; + } + + return 1; +} + +static int test_PACKET_get_length_prefixed_3() +{ + unsigned char buf[1024]; + const size_t len = 516; /* 0x000204 */ + unsigned int i; + PACKET pkt, short_pkt, subpkt; + + for (i = 0; i < 1024; i++) { + buf[i] = (i * 2) & 0xff; + } + + if ( !PACKET_buf_init(&pkt, buf, 1024) + || !PACKET_buf_init(&short_pkt, buf, len) + || !PACKET_get_length_prefixed_3(&pkt, &subpkt) + || PACKET_remaining(&subpkt) != len + || !PACKET_get_net_2(&subpkt, &i) + || i != 0x0608 + || PACKET_get_length_prefixed_3(&short_pkt, &subpkt) + || PACKET_remaining(&short_pkt) != len) { + fprintf(stderr, "test_PACKET_get_length_prefixed_3() failed\n"); + return 0; + } + + return 1; +} + +static int test_PACKET_as_length_prefixed_1() +{ + unsigned char buf[BUF_LEN]; + const size_t len = 16; + unsigned int i; + PACKET pkt, exact_pkt, subpkt; + + buf[0] = len; + for (i = 1; i < BUF_LEN; i++) { + buf[i] = (i * 2) & 0xff; + } + + if ( !PACKET_buf_init(&pkt, buf, BUF_LEN) + || !PACKET_buf_init(&exact_pkt, buf, len + 1) + || PACKET_as_length_prefixed_1(&pkt, &subpkt) + || PACKET_remaining(&pkt) != BUF_LEN + || !PACKET_as_length_prefixed_1(&exact_pkt, &subpkt) + || PACKET_remaining(&exact_pkt) != 0 + || PACKET_remaining(&subpkt) != len) { + fprintf(stderr, "test_PACKET_as_length_prefixed_1() failed\n"); + return 0; + } + + return 1; +} + +static int test_PACKET_as_length_prefixed_2() +{ + unsigned char buf[1024]; + const size_t len = 516; /* 0x0204 */ + unsigned int i; + PACKET pkt, exact_pkt, subpkt; + + for (i = 1; i <= 1024; i++) { + buf[i-1] = (i * 2) & 0xff; + } + + if ( !PACKET_buf_init(&pkt, buf, 1024) + || !PACKET_buf_init(&exact_pkt, buf, len + 2) + || PACKET_as_length_prefixed_2(&pkt, &subpkt) + || PACKET_remaining(&pkt) != 1024 + || !PACKET_as_length_prefixed_2(&exact_pkt, &subpkt) + || PACKET_remaining(&exact_pkt) != 0 + || PACKET_remaining(&subpkt) != len) { + fprintf(stderr, "test_PACKET_as_length_prefixed_2() failed\n"); + return 0; + } + + return 1; +} + +int main(int argc, char **argv) +{ + unsigned char buf[BUF_LEN]; + unsigned int i; + + for (i=1; i<=BUF_LEN; i++) { + buf[i-1] = (i * 2) & 0xff; + } + i = 0; + + if ( !test_PACKET_buf_init() + || !test_PACKET_null_init() + || !test_PACKET_remaining(buf) + || !test_PACKET_end(buf) + || !test_PACKET_equal(buf) + || !test_PACKET_get_1(buf) + || !test_PACKET_get_4(buf) + || !test_PACKET_get_net_2(buf) + || !test_PACKET_get_net_3(buf) + || !test_PACKET_get_net_4(buf) + || !test_PACKET_get_sub_packet(buf) + || !test_PACKET_get_bytes(buf) + || !test_PACKET_copy_bytes(buf) + || !test_PACKET_copy_all(buf) + || !test_PACKET_memdup(buf) + || !test_PACKET_strndup() + || !test_PACKET_contains_zero_byte() + || !test_PACKET_forward(buf) + || !test_PACKET_get_length_prefixed_1() + || !test_PACKET_get_length_prefixed_2() + || !test_PACKET_get_length_prefixed_3() + || !test_PACKET_as_length_prefixed_1() + || !test_PACKET_as_length_prefixed_2()) { + return 1; + } + printf("PASS\n"); + return 0; +} diff --git a/openssl-1.1.0h/test/pbelutest.c b/openssl-1.1.0h/test/pbelutest.c new file mode 100644 index 0000000..e226d43 --- /dev/null +++ b/openssl-1.1.0h/test/pbelutest.c @@ -0,0 +1,47 @@ +/* + * Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#include +#include +#include + +/* + * Password based encryption (PBE) table ordering test. + * Attempt to look up all supported algorithms. + */ + +int main(int argc, char **argv) +{ + size_t i; + int rv = 0; + int pbe_type, pbe_nid; + int last_type = -1, last_nid = -1; + for (i = 0; EVP_PBE_get(&pbe_type, &pbe_nid, i) != 0; i++) { + if (EVP_PBE_find(pbe_type, pbe_nid, NULL, NULL, 0) == 0) { + rv = 1; + break; + } + } + if (rv == 0) + return 0; + /* Error: print out whole table */ + for (i = 0; EVP_PBE_get(&pbe_type, &pbe_nid, i) != 0; i++) { + if (pbe_type > last_type) + rv = 0; + else if (pbe_type < last_type || pbe_nid < last_nid) + rv = 1; + else + rv = 0; + fprintf(stderr, "PBE type=%d %d (%s): %s\n", pbe_type, pbe_nid, + OBJ_nid2sn(pbe_nid), rv ? "ERROR" : "OK"); + last_type = pbe_type; + last_nid = pbe_nid; + } + return 1; +} diff --git a/openssl-1.1.0h/test/pkcs7-1.pem b/openssl-1.1.0h/test/pkcs7-1.pem new file mode 100644 index 0000000..c47b27a --- /dev/null +++ b/openssl-1.1.0h/test/pkcs7-1.pem @@ -0,0 +1,15 @@ +-----BEGIN PKCS7----- +MIICUAYJKoZIhvcNAQcCoIICQTCCAj0CAQExDjAMBggqhkiG9w0CAgUAMCgGCSqG +SIb3DQEHAaAbBBlFdmVyeW9uZSBnZXRzIEZyaWRheSBvZmYuoIIBXjCCAVowggEE +AgQUAAApMA0GCSqGSIb3DQEBAgUAMCwxCzAJBgNVBAYTAlVTMR0wGwYDVQQKExRF +eGFtcGxlIE9yZ2FuaXphdGlvbjAeFw05MjA5MDkyMjE4MDZaFw05NDA5MDkyMjE4 +MDVaMEIxCzAJBgNVBAYTAlVTMR0wGwYDVQQKExRFeGFtcGxlIE9yZ2FuaXphdGlv +bjEUMBIGA1UEAxMLVGVzdCBVc2VyIDEwWzANBgkqhkiG9w0BAQEFAANKADBHAkAK +ZnkdxpiBaN56t3QZu3+wwAHGJxAnAHUUKULhmo2MUdBTs+N4Kh3l3Fr06+mUaBcB +FKHf5nzcmpr1XWVWILurAgMBAAEwDQYJKoZIhvcNAQECBQADQQBFGqHhqncgSl/N +9XYGnQL3MsJvNnsNV4puZPOakR9Hld8JlDQFEaDR30ogsmp3TMrvdfxpLlTCoZN8 +BxEmnZsWMYGbMIGYAgEBMDQwLDELMAkGA1UEBhMCVVMxHTAbBgNVBAoTFEV4YW1w +bGUgT3JnYW5pemF0aW9uAgQUAAApMAwGCCqGSIb3DQICBQAwDQYJKoZIhvcNAQEB +BQAEQAX6aoEvx9+L9PJUJQngPoRuEbnGIL4gCe+0QO+8xmkhaZSsBPNBtX0FIC1C +j7Kie1x339mxW/w9VZNTUDQQweHh +-----END PKCS7----- diff --git a/openssl-1.1.0h/test/pkcs7.pem b/openssl-1.1.0h/test/pkcs7.pem new file mode 100644 index 0000000..d55c60b --- /dev/null +++ b/openssl-1.1.0h/test/pkcs7.pem @@ -0,0 +1,54 @@ + MIAGCSqGSIb3DQEHAqCAMIACAQExADCABgkqhkiG9w0BBwEAAKCAMIIE+DCCBGGg + AwIBAgIQaGSF/JpbS1C223+yrc+N1DANBgkqhkiG9w0BAQQFADBiMREwDwYDVQQH + EwhJbnRlcm5ldDEXMBUGA1UEChMOVmVyaVNpZ24sIEluYy4xNDAyBgNVBAsTK1Zl + cmlTaWduIENsYXNzIDEgQ0EgLSBJbmRpdmlkdWFsIFN1YnNjcmliZXIwHhcNOTYw + ODEyMDAwMDAwWhcNOTYwODE3MjM1OTU5WjCCASAxETAPBgNVBAcTCEludGVybmV0 + MRcwFQYDVQQKEw5WZXJpU2lnbiwgSW5jLjE0MDIGA1UECxMrVmVyaVNpZ24gQ2xh + c3MgMSBDQSAtIEluZGl2aWR1YWwgU3Vic2NyaWJlcjE3MDUGA1UECxMuRGlnaXRh + bCBJRCBDbGFzcyAxIC0gU01JTUUgVmVyaVNpZ24sIEluYy4gVEVTVDFGMEQGA1UE + CxM9d3d3LnZlcmlzaWduLmNvbS9yZXBvc2l0b3J5L0NQUyBJbmNvcnAuIGJ5IFJl + Zi4sTElBQi5MVEQoYyk5NjEZMBcGA1UEAxMQQWxleGFuZHJlIERlYWNvbjEgMB4G + CSqGSIb3DQEJARYRYWxleEB2ZXJpc2lnbi5jb20wWzANBgkqhkiG9w0BAQEFAANK + ADBHAkAOy7xxCAIkOfuIA2LyRpxgKlDORl8htdXYhF5iBGUx1GYaK6KF+bK/CCI0 + l4j2OfWGFBUrwGoWqxTNcWgTfMzRAgMBAAGjggIyMIICLjAJBgNVHRMEAjAAMIIC + HwYDVR0DBIICFjCCAhIwggIOMIICCgYLYIZIAYb4RQEHAQEwggH5FoIBp1RoaXMg + Y2VydGlmaWNhdGUgaW5jb3Jwb3JhdGVzIGJ5IHJlZmVyZW5jZSwgYW5kIGl0cyB1 + c2UgaXMgc3RyaWN0bHkgc3ViamVjdCB0bywgdGhlIFZlcmlTaWduIENlcnRpZmlj + YXRpb24gUHJhY3RpY2UgU3RhdGVtZW50IChDUFMpLCBhdmFpbGFibGUgYXQ6IGh0 + dHBzOi8vd3d3LnZlcmlzaWduLmNvbS9DUFM7IGJ5IEUtbWFpbCBhdCBDUFMtcmVx + dWVzdHNAdmVyaXNpZ24uY29tOyBvciBieSBtYWlsIGF0IFZlcmlTaWduLCBJbmMu + LCAyNTkzIENvYXN0IEF2ZS4sIE1vdW50YWluIFZpZXcsIENBIDk0MDQzIFVTQSBU + ZWwuICsxICg0MTUpIDk2MS04ODMwIENvcHlyaWdodCAoYykgMTk5NiBWZXJpU2ln + biwgSW5jLiAgQWxsIFJpZ2h0cyBSZXNlcnZlZC4gQ0VSVEFJTiBXQVJSQU5USUVT + IERJU0NMQUlNRUQgYW5kIExJQUJJTElUWSBMSU1JVEVELqAOBgxghkgBhvhFAQcB + AQGhDgYMYIZIAYb4RQEHAQECMCwwKhYoaHR0cHM6Ly93d3cudmVyaXNpZ24uY29t + L3JlcG9zaXRvcnkvQ1BTIDANBgkqhkiG9w0BAQQFAAOBgQAimWMGQwwwxk+b3KAL + HlSWXtU7LWHe29CEG8XeVNTvrqs6SBqT7OoENOkGxpfdpVgZ3Qw2SKjxDvbvpfSF + slsqcxWSgB/hWuaVuZCkvTw/dYGGOxkTJGxvDCfl1PZjX4dKbatslsi9Z9HpGWT7 + ttItRwKqcBKgmCJvKi1pGWED0zCCAnkwggHioAMCAQICEDURpVKQb+fQKaRAGdQR + /D4wDQYJKoZIhvcNAQECBQAwXzELMAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlT + aWduLCBJbmMuMTcwNQYDVQQLEy5DbGFzcyAxIFB1YmxpYyBQcmltYXJ5IENlcnRp + ZmljYXRpb24gQXV0aG9yaXR5MB4XDTk2MDYyNzAwMDAwMFoXDTk3MDYyNzIzNTk1 + OVowYjERMA8GA1UEBxMISW50ZXJuZXQxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMu + MTQwMgYDVQQLEytWZXJpU2lnbiBDbGFzcyAxIENBIC0gSW5kaXZpZHVhbCBTdWJz + Y3JpYmVyMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC2FKbPTdAFDdjKI9Bv + qrQpkmOOLPhvltcunXZLEbE2jVfJw/0cxrr+Hgi6M8qV6r7jW80GqLd5HUQq7XPy + sVKDaBBwZJHXPmv5912dFEObbpdFmIFH0S3L3bty10w/cariQPJUObwW7s987Lrb + P2wqsxaxhhKdrpM01bjV0Pc+qQIDAQABozMwMTAPBgNVHRMECDAGAQH/AgEBMAsG + A1UdDwQEAwIBBjARBglghkgBhvhCAQEEBAMCAgQwDQYJKoZIhvcNAQECBQADgYEA + KeXHoBmnbxRCgk0jM9e9mDppdxpsipIna/J8DOHEUuD4nONAr4+xOg73SBl026n7 + Bk55A2wvAMGo7+kKTZ+rHaFDDcmq4O+rzFri2RIOeGAncj1IcGptAQhvXoIhFMG4 + Jlzg1KlHZHqy7D3jex78zcSU7kKOu8f5tAX1jC3+sToAAKGAMIIBJzCBkTANBgkq + hkiG9w0BAQIFADBiMREwDwYDVQQHEwhJbnRlcm5ldDEXMBUGA1UEChMOVmVyaVNp + Z24sIEluYy4xNDAyBgNVBAsTK1ZlcmlTaWduIENsYXNzIDEgQ0EgLSBJbmRpdmlk + dWFsIFN1YnNjcmliZXIXDTk2MDcwMTE3MzA0MFoXDTk3MDcwMTAwMDAwMFowDQYJ + KoZIhvcNAQECBQADgYEAGLuQ6PX8A7AiqBEtWzYtl6lZNSDI0bR5YUo+D2Jzkw30 + dxQnJSbKXEc6XYuzAW5HvrzATXu5c19WWPT4cRDwmjH71i9QcDysWwf/wE0qGTiW + I3tQT0I5VGh7jIJD07nlBw3R4Xl8dH9kr85JsWinqDH5YKpIo9o8knY5n7+qjOow + ggEkMIGOMA0GCSqGSIb3DQEBAgUAMF8xCzAJBgNVBAYTAlVTMRcwFQYDVQQKEw5W + ZXJpU2lnbiwgSW5jLjE3MDUGA1UECxMuQ2xhc3MgMSBQdWJsaWMgUHJpbWFyeSBD + ZXJ0aWZpY2F0aW9uIEF1dGhvcml0eRcNOTYwNzE2MjMxMTI5WhcNOTYwODE1MDAw + MDAwWjANBgkqhkiG9w0BAQIFAAOBgQAXsLE4vnsY6sY67QrmWec7iaU2ehzxanEK + /9wKHZNuhlNzk+qGZZw2evxfUe2OaRbYpl8zuZvhK9BHD3ad14OSe9/zx5hOPgP/ + DQXt6R4R8Q/1JheBrolrgbavjvI2wKS8/Psp2prBrkF4T48+AKRmS8Zzh1guxgvP + b+xSu/jH0gAAMYAAAAAAAAAAAA== diff --git a/openssl-1.1.0h/test/pkits-test.pl b/openssl-1.1.0h/test/pkits-test.pl new file mode 100644 index 0000000..ae7279c --- /dev/null +++ b/openssl-1.1.0h/test/pkits-test.pl @@ -0,0 +1,905 @@ +#! /usr/bin/env perl +# Copyright 2008-2016 The OpenSSL Project Authors. All Rights Reserved. +# +# Licensed under the OpenSSL license (the "License"). You may not use +# this file except in compliance with the License. You can obtain a copy +# in the file LICENSE in the source distribution or at +# https://www.openssl.org/source/license.html + +# Perl utility to run PKITS tests for RFC3280 compliance. + +my $ossl_path; + +if ( -f "../apps/openssl" ) { + $ossl_path = "../util/shlib_wrap.sh ../apps/openssl"; +} +elsif ( -f "..\\out32dll\\openssl.exe" ) { + $ossl_path = "..\\out32dll\\openssl.exe"; +} +elsif ( -f "..\\out32\\openssl.exe" ) { + $ossl_path = "..\\out32\\openssl.exe"; +} +else { + die "Can't find OpenSSL executable"; +} + +my $pkitsdir = "pkits/smime"; +my $pkitsta = "pkits/certs/TrustAnchorRootCertificate.crt"; + +die "Can't find PKITS test data" if !-d $pkitsdir; + +my $nist1 = "2.16.840.1.101.3.2.1.48.1"; +my $nist2 = "2.16.840.1.101.3.2.1.48.2"; +my $nist3 = "2.16.840.1.101.3.2.1.48.3"; +my $nist4 = "2.16.840.1.101.3.2.1.48.4"; +my $nist5 = "2.16.840.1.101.3.2.1.48.5"; +my $nist6 = "2.16.840.1.101.3.2.1.48.6"; + +my $apolicy = "X509v3 Any Policy"; + +# This table contains the chapter headings of the accompanying PKITS +# document. They provide useful informational output and their names +# can be converted into the filename to test. + +my @testlists = ( + [ "4.1", "Signature Verification" ], + [ "4.1.1", "Valid Signatures Test1", 0 ], + [ "4.1.2", "Invalid CA Signature Test2", 7 ], + [ "4.1.3", "Invalid EE Signature Test3", 7 ], + [ "4.1.4", "Valid DSA Signatures Test4", 0 ], + [ "4.1.5", "Valid DSA Parameter Inheritance Test5", 0 ], + [ "4.1.6", "Invalid DSA Signature Test6", 7 ], + [ "4.2", "Validity Periods" ], + [ "4.2.1", "Invalid CA notBefore Date Test1", 9 ], + [ "4.2.2", "Invalid EE notBefore Date Test2", 9 ], + [ "4.2.3", "Valid pre2000 UTC notBefore Date Test3", 0 ], + [ "4.2.4", "Valid GeneralizedTime notBefore Date Test4", 0 ], + [ "4.2.5", "Invalid CA notAfter Date Test5", 10 ], + [ "4.2.6", "Invalid EE notAfter Date Test6", 10 ], + [ "4.2.7", "Invalid pre2000 UTC EE notAfter Date Test7", 10 ], + [ "4.2.8", "Valid GeneralizedTime notAfter Date Test8", 0 ], + [ "4.3", "Verifying Name Chaining" ], + [ "4.3.1", "Invalid Name Chaining EE Test1", 20 ], + [ "4.3.2", "Invalid Name Chaining Order Test2", 20 ], + [ "4.3.3", "Valid Name Chaining Whitespace Test3", 0 ], + [ "4.3.4", "Valid Name Chaining Whitespace Test4", 0 ], + [ "4.3.5", "Valid Name Chaining Capitalization Test5", 0 ], + [ "4.3.6", "Valid Name Chaining UIDs Test6", 0 ], + [ "4.3.7", "Valid RFC3280 Mandatory Attribute Types Test7", 0 ], + [ "4.3.8", "Valid RFC3280 Optional Attribute Types Test8", 0 ], + [ "4.3.9", "Valid UTF8String Encoded Names Test9", 0 ], + [ "4.3.10", "Valid Rollover from PrintableString to UTF8String Test10", 0 ], + [ "4.3.11", "Valid UTF8String Case Insensitive Match Test11", 0 ], + [ "4.4", "Basic Certificate Revocation Tests" ], + [ "4.4.1", "Missing CRL Test1", 3 ], + [ "4.4.2", "Invalid Revoked CA Test2", 23 ], + [ "4.4.3", "Invalid Revoked EE Test3", 23 ], + [ "4.4.4", "Invalid Bad CRL Signature Test4", 8 ], + [ "4.4.5", "Invalid Bad CRL Issuer Name Test5", 3 ], + [ "4.4.6", "Invalid Wrong CRL Test6", 3 ], + [ "4.4.7", "Valid Two CRLs Test7", 0 ], + + # The test document suggests these should return certificate revoked... + # Subsquent discussion has concluded they should not due to unhandle + # critical CRL extensions. + [ "4.4.8", "Invalid Unknown CRL Entry Extension Test8", 36 ], + [ "4.4.9", "Invalid Unknown CRL Extension Test9", 36 ], + + [ "4.4.10", "Invalid Unknown CRL Extension Test10", 36 ], + [ "4.4.11", "Invalid Old CRL nextUpdate Test11", 12 ], + [ "4.4.12", "Invalid pre2000 CRL nextUpdate Test12", 12 ], + [ "4.4.13", "Valid GeneralizedTime CRL nextUpdate Test13", 0 ], + [ "4.4.14", "Valid Negative Serial Number Test14", 0 ], + [ "4.4.15", "Invalid Negative Serial Number Test15", 23 ], + [ "4.4.16", "Valid Long Serial Number Test16", 0 ], + [ "4.4.17", "Valid Long Serial Number Test17", 0 ], + [ "4.4.18", "Invalid Long Serial Number Test18", 23 ], + [ "4.4.19", "Valid Separate Certificate and CRL Keys Test19", 0 ], + [ "4.4.20", "Invalid Separate Certificate and CRL Keys Test20", 23 ], + + # CRL path is revoked so get a CRL path validation error + [ "4.4.21", "Invalid Separate Certificate and CRL Keys Test21", 54 ], + [ "4.5", "Verifying Paths with Self-Issued Certificates" ], + [ "4.5.1", "Valid Basic Self-Issued Old With New Test1", 0 ], + [ "4.5.2", "Invalid Basic Self-Issued Old With New Test2", 23 ], + [ "4.5.3", "Valid Basic Self-Issued New With Old Test3", 0 ], + [ "4.5.4", "Valid Basic Self-Issued New With Old Test4", 0 ], + [ "4.5.5", "Invalid Basic Self-Issued New With Old Test5", 23 ], + [ "4.5.6", "Valid Basic Self-Issued CRL Signing Key Test6", 0 ], + [ "4.5.7", "Invalid Basic Self-Issued CRL Signing Key Test7", 23 ], + [ "4.5.8", "Invalid Basic Self-Issued CRL Signing Key Test8", 20 ], + [ "4.6", "Verifying Basic Constraints" ], + [ "4.6.1", "Invalid Missing basicConstraints Test1", 24 ], + [ "4.6.2", "Invalid cA False Test2", 24 ], + [ "4.6.3", "Invalid cA False Test3", 24 ], + [ "4.6.4", "Valid basicConstraints Not Critical Test4", 0 ], + [ "4.6.5", "Invalid pathLenConstraint Test5", 25 ], + [ "4.6.6", "Invalid pathLenConstraint Test6", 25 ], + [ "4.6.7", "Valid pathLenConstraint Test7", 0 ], + [ "4.6.8", "Valid pathLenConstraint Test8", 0 ], + [ "4.6.9", "Invalid pathLenConstraint Test9", 25 ], + [ "4.6.10", "Invalid pathLenConstraint Test10", 25 ], + [ "4.6.11", "Invalid pathLenConstraint Test11", 25 ], + [ "4.6.12", "Invalid pathLenConstraint Test12", 25 ], + [ "4.6.13", "Valid pathLenConstraint Test13", 0 ], + [ "4.6.14", "Valid pathLenConstraint Test14", 0 ], + [ "4.6.15", "Valid Self-Issued pathLenConstraint Test15", 0 ], + [ "4.6.16", "Invalid Self-Issued pathLenConstraint Test16", 25 ], + [ "4.6.17", "Valid Self-Issued pathLenConstraint Test17", 0 ], + [ "4.7", "Key Usage" ], + [ "4.7.1", "Invalid keyUsage Critical keyCertSign False Test1", 20 ], + [ "4.7.2", "Invalid keyUsage Not Critical keyCertSign False Test2", 20 ], + [ "4.7.3", "Valid keyUsage Not Critical Test3", 0 ], + [ "4.7.4", "Invalid keyUsage Critical cRLSign False Test4", 35 ], + [ "4.7.5", "Invalid keyUsage Not Critical cRLSign False Test5", 35 ], + + # Certificate policy tests need special handling. They can have several + # sub tests and we need to check the outputs are correct. + + [ "4.8", "Certificate Policies" ], + [ + "4.8.1.1", + "All Certificates Same Policy Test1", + "-policy anyPolicy -explicit_policy", + "True", $nist1, $nist1, 0 + ], + [ + "4.8.1.2", + "All Certificates Same Policy Test1", + "-policy $nist1 -explicit_policy", + "True", $nist1, $nist1, 0 + ], + [ + "4.8.1.3", + "All Certificates Same Policy Test1", + "-policy $nist2 -explicit_policy", + "True", $nist1, "", 43 + ], + [ + "4.8.1.4", + "All Certificates Same Policy Test1", + "-policy $nist1 -policy $nist2 -explicit_policy", + "True", $nist1, $nist1, 0 + ], + [ + "4.8.2.1", + "All Certificates No Policies Test2", + "-policy anyPolicy", + "False", "", "", 0 + ], + [ + "4.8.2.2", + "All Certificates No Policies Test2", + "-policy anyPolicy -explicit_policy", + "True", "", "", 43 + ], + [ + "4.8.3.1", + "Different Policies Test3", + "-policy anyPolicy", + "False", "", "", 0 + ], + [ + "4.8.3.2", + "Different Policies Test3", + "-policy anyPolicy -explicit_policy", + "True", "", "", 43 + ], + [ + "4.8.3.3", + "Different Policies Test3", + "-policy $nist1 -policy $nist2 -explicit_policy", + "True", "", "", 43 + ], + + [ + "4.8.4", + "Different Policies Test4", + "-policy anyPolicy", + "True", "", "", 43 + ], + [ + "4.8.5", + "Different Policies Test5", + "-policy anyPolicy", + "True", "", "", 43 + ], + [ + "4.8.6.1", + "Overlapping Policies Test6", + "-policy anyPolicy", + "True", $nist1, $nist1, 0 + ], + [ + "4.8.6.2", + "Overlapping Policies Test6", + "-policy $nist1", + "True", $nist1, $nist1, 0 + ], + [ + "4.8.6.3", + "Overlapping Policies Test6", + "-policy $nist2", + "True", $nist1, "", 43 + ], + [ + "4.8.7", + "Different Policies Test7", + "-policy anyPolicy", + "True", "", "", 43 + ], + [ + "4.8.8", + "Different Policies Test8", + "-policy anyPolicy", + "True", "", "", 43 + ], + [ + "4.8.9", + "Different Policies Test9", + "-policy anyPolicy", + "True", "", "", 43 + ], + [ + "4.8.10.1", + "All Certificates Same Policies Test10", + "-policy $nist1", + "True", "$nist1:$nist2", "$nist1", 0 + ], + [ + "4.8.10.2", + "All Certificates Same Policies Test10", + "-policy $nist2", + "True", "$nist1:$nist2", "$nist2", 0 + ], + [ + "4.8.10.3", + "All Certificates Same Policies Test10", + "-policy anyPolicy", + "True", "$nist1:$nist2", "$nist1:$nist2", 0 + ], + [ + "4.8.11.1", + "All Certificates AnyPolicy Test11", + "-policy anyPolicy", + "True", "$apolicy", "$apolicy", 0 + ], + [ + "4.8.11.2", + "All Certificates AnyPolicy Test11", + "-policy $nist1", + "True", "$apolicy", "$nist1", 0 + ], + [ + "4.8.12", + "Different Policies Test12", + "-policy anyPolicy", + "True", "", "", 43 + ], + [ + "4.8.13.1", + "All Certificates Same Policies Test13", + "-policy $nist1", + "True", "$nist1:$nist2:$nist3", "$nist1", 0 + ], + [ + "4.8.13.2", + "All Certificates Same Policies Test13", + "-policy $nist2", + "True", "$nist1:$nist2:$nist3", "$nist2", 0 + ], + [ + "4.8.13.3", + "All Certificates Same Policies Test13", + "-policy $nist3", + "True", "$nist1:$nist2:$nist3", "$nist3", 0 + ], + [ + "4.8.14.1", "AnyPolicy Test14", + "-policy $nist1", "True", + "$nist1", "$nist1", + 0 + ], + [ + "4.8.14.2", "AnyPolicy Test14", + "-policy $nist2", "True", + "$nist1", "", + 43 + ], + [ + "4.8.15", + "User Notice Qualifier Test15", + "-policy anyPolicy", + "False", "$nist1", "$nist1", 0 + ], + [ + "4.8.16", + "User Notice Qualifier Test16", + "-policy anyPolicy", + "False", "$nist1", "$nist1", 0 + ], + [ + "4.8.17", + "User Notice Qualifier Test17", + "-policy anyPolicy", + "False", "$nist1", "$nist1", 0 + ], + [ + "4.8.18.1", + "User Notice Qualifier Test18", + "-policy $nist1", + "True", "$nist1:$nist2", "$nist1", 0 + ], + [ + "4.8.18.2", + "User Notice Qualifier Test18", + "-policy $nist2", + "True", "$nist1:$nist2", "$nist2", 0 + ], + [ + "4.8.19", + "User Notice Qualifier Test19", + "-policy anyPolicy", + "False", "$nist1", "$nist1", 0 + ], + [ + "4.8.20", + "CPS Pointer Qualifier Test20", + "-policy anyPolicy -explicit_policy", + "True", "$nist1", "$nist1", 0 + ], + [ "4.9", "Require Explicit Policy" ], + [ + "4.9.1", + "Valid RequireExplicitPolicy Test1", + "-policy anyPolicy", + "False", "", "", 0 + ], + [ + "4.9.2", + "Valid RequireExplicitPolicy Test2", + "-policy anyPolicy", + "False", "", "", 0 + ], + [ + "4.9.3", + "Invalid RequireExplicitPolicy Test3", + "-policy anyPolicy", + "True", "", "", 43 + ], + [ + "4.9.4", + "Valid RequireExplicitPolicy Test4", + "-policy anyPolicy", + "True", "$nist1", "$nist1", 0 + ], + [ + "4.9.5", + "Invalid RequireExplicitPolicy Test5", + "-policy anyPolicy", + "True", "", "", 43 + ], + [ + "4.9.6", + "Valid Self-Issued requireExplicitPolicy Test6", + "-policy anyPolicy", + "False", "", "", 0 + ], + [ + "4.9.7", + "Invalid Self-Issued requireExplicitPolicy Test7", + "-policy anyPolicy", + "True", "", "", 43 + ], + [ + "4.9.8", + "Invalid Self-Issued requireExplicitPolicy Test8", + "-policy anyPolicy", + "True", "", "", 43 + ], + [ "4.10", "Policy Mappings" ], + [ + "4.10.1.1", + "Valid Policy Mapping Test1", + "-policy $nist1", + "True", "$nist1", "$nist1", 0 + ], + [ + "4.10.1.2", + "Valid Policy Mapping Test1", + "-policy $nist2", + "True", "$nist1", "", 43 + ], + [ + "4.10.1.3", + "Valid Policy Mapping Test1", + "-policy anyPolicy -inhibit_map", + "True", "", "", 43 + ], + [ + "4.10.2.1", + "Invalid Policy Mapping Test2", + "-policy anyPolicy", + "True", "", "", 43 + ], + [ + "4.10.2.2", + "Invalid Policy Mapping Test2", + "-policy anyPolicy -inhibit_map", + "True", "", "", 43 + ], + [ + "4.10.3.1", + "Valid Policy Mapping Test3", + "-policy $nist1", + "True", "$nist2", "", 43 + ], + [ + "4.10.3.2", + "Valid Policy Mapping Test3", + "-policy $nist2", + "True", "$nist2", "$nist2", 0 + ], + [ + "4.10.4", + "Invalid Policy Mapping Test4", + "-policy anyPolicy", + "True", "", "", 43 + ], + [ + "4.10.5.1", + "Valid Policy Mapping Test5", + "-policy $nist1", + "True", "$nist1", "$nist1", 0 + ], + [ + "4.10.5.2", + "Valid Policy Mapping Test5", + "-policy $nist6", + "True", "$nist1", "", 43 + ], + [ + "4.10.6.1", + "Valid Policy Mapping Test6", + "-policy $nist1", + "True", "$nist1", "$nist1", 0 + ], + [ + "4.10.6.2", + "Valid Policy Mapping Test6", + "-policy $nist6", + "True", "$nist1", "", 43 + ], + [ "4.10.7", "Invalid Mapping From anyPolicy Test7", 42 ], + [ "4.10.8", "Invalid Mapping To anyPolicy Test8", 42 ], + [ + "4.10.9", + "Valid Policy Mapping Test9", + "-policy anyPolicy", + "True", "$nist1", "$nist1", 0 + ], + [ + "4.10.10", + "Invalid Policy Mapping Test10", + "-policy anyPolicy", + "True", "", "", 43 + ], + [ + "4.10.11", + "Valid Policy Mapping Test11", + "-policy anyPolicy", + "True", "$nist1", "$nist1", 0 + ], + + # TODO: check notice display + [ + "4.10.12.1", + "Valid Policy Mapping Test12", + "-policy $nist1", + "True", "$nist1:$nist2", "$nist1", 0 + ], + + # TODO: check notice display + [ + "4.10.12.2", + "Valid Policy Mapping Test12", + "-policy $nist2", + "True", "$nist1:$nist2", "$nist2", 0 + ], + [ + "4.10.13", + "Valid Policy Mapping Test13", + "-policy anyPolicy", + "True", "$nist1", "$nist1", 0 + ], + + # TODO: check notice display + [ + "4.10.14", + "Valid Policy Mapping Test14", + "-policy anyPolicy", + "True", "$nist1", "$nist1", 0 + ], + [ "4.11", "Inhibit Policy Mapping" ], + [ + "4.11.1", + "Invalid inhibitPolicyMapping Test1", + "-policy anyPolicy", + "True", "", "", 43 + ], + [ + "4.11.2", + "Valid inhibitPolicyMapping Test2", + "-policy anyPolicy", + "True", "$nist1", "$nist1", 0 + ], + [ + "4.11.3", + "Invalid inhibitPolicyMapping Test3", + "-policy anyPolicy", + "True", "", "", 43 + ], + [ + "4.11.4", + "Valid inhibitPolicyMapping Test4", + "-policy anyPolicy", + "True", "$nist2", "$nist2", 0 + ], + [ + "4.11.5", + "Invalid inhibitPolicyMapping Test5", + "-policy anyPolicy", + "True", "", "", 43 + ], + [ + "4.11.6", + "Invalid inhibitPolicyMapping Test6", + "-policy anyPolicy", + "True", "", "", 43 + ], + [ + "4.11.7", + "Valid Self-Issued inhibitPolicyMapping Test7", + "-policy anyPolicy", + "True", "$nist1", "$nist1", 0 + ], + [ + "4.11.8", + "Invalid Self-Issued inhibitPolicyMapping Test8", + "-policy anyPolicy", + "True", "", "", 43 + ], + [ + "4.11.9", + "Invalid Self-Issued inhibitPolicyMapping Test9", + "-policy anyPolicy", + "True", "", "", 43 + ], + [ + "4.11.10", + "Invalid Self-Issued inhibitPolicyMapping Test10", + "-policy anyPolicy", + "True", "", "", 43 + ], + [ + "4.11.11", + "Invalid Self-Issued inhibitPolicyMapping Test11", + "-policy anyPolicy", + "True", "", "", 43 + ], + [ "4.12", "Inhibit Any Policy" ], + [ + "4.12.1", + "Invalid inhibitAnyPolicy Test1", + "-policy anyPolicy", + "True", "", "", 43 + ], + [ + "4.12.2", + "Valid inhibitAnyPolicy Test2", + "-policy anyPolicy", + "True", "$nist1", "$nist1", 0 + ], + [ + "4.12.3.1", + "inhibitAnyPolicy Test3", + "-policy anyPolicy", + "True", "$nist1", "$nist1", 0 + ], + [ + "4.12.3.2", + "inhibitAnyPolicy Test3", + "-policy anyPolicy -inhibit_any", + "True", "", "", 43 + ], + [ + "4.12.4", + "Invalid inhibitAnyPolicy Test4", + "-policy anyPolicy", + "True", "", "", 43 + ], + [ + "4.12.5", + "Invalid inhibitAnyPolicy Test5", + "-policy anyPolicy", + "True", "", "", 43 + ], + [ + "4.12.6", + "Invalid inhibitAnyPolicy Test6", + "-policy anyPolicy", + "True", "", "", 43 + ], + [ "4.12.7", "Valid Self-Issued inhibitAnyPolicy Test7", 0 ], + [ "4.12.8", "Invalid Self-Issued inhibitAnyPolicy Test8", 43 ], + [ "4.12.9", "Valid Self-Issued inhibitAnyPolicy Test9", 0 ], + [ "4.12.10", "Invalid Self-Issued inhibitAnyPolicy Test10", 43 ], + [ "4.13", "Name Constraints" ], + [ "4.13.1", "Valid DN nameConstraints Test1", 0 ], + [ "4.13.2", "Invalid DN nameConstraints Test2", 47 ], + [ "4.13.3", "Invalid DN nameConstraints Test3", 47 ], + [ "4.13.4", "Valid DN nameConstraints Test4", 0 ], + [ "4.13.5", "Valid DN nameConstraints Test5", 0 ], + [ "4.13.6", "Valid DN nameConstraints Test6", 0 ], + [ "4.13.7", "Invalid DN nameConstraints Test7", 48 ], + [ "4.13.8", "Invalid DN nameConstraints Test8", 48 ], + [ "4.13.9", "Invalid DN nameConstraints Test9", 48 ], + [ "4.13.10", "Invalid DN nameConstraints Test10", 48 ], + [ "4.13.11", "Valid DN nameConstraints Test11", 0 ], + [ "4.13.12", "Invalid DN nameConstraints Test12", 47 ], + [ "4.13.13", "Invalid DN nameConstraints Test13", 47 ], + [ "4.13.14", "Valid DN nameConstraints Test14", 0 ], + [ "4.13.15", "Invalid DN nameConstraints Test15", 48 ], + [ "4.13.16", "Invalid DN nameConstraints Test16", 48 ], + [ "4.13.17", "Invalid DN nameConstraints Test17", 48 ], + [ "4.13.18", "Valid DN nameConstraints Test18", 0 ], + [ "4.13.19", "Valid Self-Issued DN nameConstraints Test19", 0 ], + [ "4.13.20", "Invalid Self-Issued DN nameConstraints Test20", 47 ], + [ "4.13.21", "Valid RFC822 nameConstraints Test21", 0 ], + [ "4.13.22", "Invalid RFC822 nameConstraints Test22", 47 ], + [ "4.13.23", "Valid RFC822 nameConstraints Test23", 0 ], + [ "4.13.24", "Invalid RFC822 nameConstraints Test24", 47 ], + [ "4.13.25", "Valid RFC822 nameConstraints Test25", 0 ], + [ "4.13.26", "Invalid RFC822 nameConstraints Test26", 48 ], + [ "4.13.27", "Valid DN and RFC822 nameConstraints Test27", 0 ], + [ "4.13.28", "Invalid DN and RFC822 nameConstraints Test28", 47 ], + [ "4.13.29", "Invalid DN and RFC822 nameConstraints Test29", 47 ], + [ "4.13.30", "Valid DNS nameConstraints Test30", 0 ], + [ "4.13.31", "Invalid DNS nameConstraints Test31", 47 ], + [ "4.13.32", "Valid DNS nameConstraints Test32", 0 ], + [ "4.13.33", "Invalid DNS nameConstraints Test33", 48 ], + [ "4.13.34", "Valid URI nameConstraints Test34", 0 ], + [ "4.13.35", "Invalid URI nameConstraints Test35", 47 ], + [ "4.13.36", "Valid URI nameConstraints Test36", 0 ], + [ "4.13.37", "Invalid URI nameConstraints Test37", 48 ], + [ "4.13.38", "Invalid DNS nameConstraints Test38", 47 ], + [ "4.14", "Distribution Points" ], + [ "4.14.1", "Valid distributionPoint Test1", 0 ], + [ "4.14.2", "Invalid distributionPoint Test2", 23 ], + [ "4.14.3", "Invalid distributionPoint Test3", 44 ], + [ "4.14.4", "Valid distributionPoint Test4", 0 ], + [ "4.14.5", "Valid distributionPoint Test5", 0 ], + [ "4.14.6", "Invalid distributionPoint Test6", 23 ], + [ "4.14.7", "Valid distributionPoint Test7", 0 ], + [ "4.14.8", "Invalid distributionPoint Test8", 44 ], + [ "4.14.9", "Invalid distributionPoint Test9", 44 ], + [ "4.14.10", "Valid No issuingDistributionPoint Test10", 0 ], + [ "4.14.11", "Invalid onlyContainsUserCerts CRL Test11", 44 ], + [ "4.14.12", "Invalid onlyContainsCACerts CRL Test12", 44 ], + [ "4.14.13", "Valid onlyContainsCACerts CRL Test13", 0 ], + [ "4.14.14", "Invalid onlyContainsAttributeCerts Test14", 44 ], + [ "4.14.15", "Invalid onlySomeReasons Test15", 23 ], + [ "4.14.16", "Invalid onlySomeReasons Test16", 23 ], + [ "4.14.17", "Invalid onlySomeReasons Test17", 3 ], + [ "4.14.18", "Valid onlySomeReasons Test18", 0 ], + [ "4.14.19", "Valid onlySomeReasons Test19", 0 ], + [ "4.14.20", "Invalid onlySomeReasons Test20", 23 ], + [ "4.14.21", "Invalid onlySomeReasons Test21", 23 ], + [ "4.14.22", "Valid IDP with indirectCRL Test22", 0 ], + [ "4.14.23", "Invalid IDP with indirectCRL Test23", 23 ], + [ "4.14.24", "Valid IDP with indirectCRL Test24", 0 ], + [ "4.14.25", "Valid IDP with indirectCRL Test25", 0 ], + [ "4.14.26", "Invalid IDP with indirectCRL Test26", 44 ], + [ "4.14.27", "Invalid cRLIssuer Test27", 3 ], + [ "4.14.28", "Valid cRLIssuer Test28", 0 ], + [ "4.14.29", "Valid cRLIssuer Test29", 0 ], + + # Although this test is valid it has a circular dependency. As a result + # an attempt is made to reursively checks a CRL path and rejected due to + # a CRL path validation error. PKITS notes suggest this test does not + # need to be run due to this issue. + [ "4.14.30", "Valid cRLIssuer Test30", 54 ], + [ "4.14.31", "Invalid cRLIssuer Test31", 23 ], + [ "4.14.32", "Invalid cRLIssuer Test32", 23 ], + [ "4.14.33", "Valid cRLIssuer Test33", 0 ], + [ "4.14.34", "Invalid cRLIssuer Test34", 23 ], + [ "4.14.35", "Invalid cRLIssuer Test35", 44 ], + [ "4.15", "Delta-CRLs" ], + [ "4.15.1", "Invalid deltaCRLIndicator No Base Test1", 3 ], + [ "4.15.2", "Valid delta-CRL Test2", 0 ], + [ "4.15.3", "Invalid delta-CRL Test3", 23 ], + [ "4.15.4", "Invalid delta-CRL Test4", 23 ], + [ "4.15.5", "Valid delta-CRL Test5", 0 ], + [ "4.15.6", "Invalid delta-CRL Test6", 23 ], + [ "4.15.7", "Valid delta-CRL Test7", 0 ], + [ "4.15.8", "Valid delta-CRL Test8", 0 ], + [ "4.15.9", "Invalid delta-CRL Test9", 23 ], + [ "4.15.10", "Invalid delta-CRL Test10", 12 ], + [ "4.16", "Private Certificate Extensions" ], + [ "4.16.1", "Valid Unknown Not Critical Certificate Extension Test1", 0 ], + [ "4.16.2", "Invalid Unknown Critical Certificate Extension Test2", 34 ], +); + + +my $verbose = 1; + +my $numtest = 0; +my $numfail = 0; + +my $ossl = "ossl/apps/openssl"; + +my $ossl_cmd = "$ossl_path cms -verify -verify_retcode "; +$ossl_cmd .= "-CAfile pkitsta.pem -crl_check_all -x509_strict "; + +# Check for expiry of trust anchor +system "$ossl_path x509 -inform DER -in $pkitsta -checkend 0"; +if ($? == 256) + { + print STDERR "WARNING: using older expired data\n"; + $ossl_cmd .= "-attime 1291940972 "; + } + +$ossl_cmd .= "-policy_check -extended_crl -use_deltas -out /dev/null 2>&1 "; + +system "$ossl_path x509 -inform DER -in $pkitsta -out pkitsta.pem"; + +die "Can't create trust anchor file" if $?; + +print "Running PKITS tests:\n" if $verbose; + +foreach (@testlists) { + my $argnum = @$_; + if ( $argnum == 2 ) { + my ( $tnum, $title ) = @$_; + print "$tnum $title\n" if $verbose; + } + elsif ( $argnum == 3 ) { + my ( $tnum, $title, $exp_ret ) = @$_; + my $filename = $title; + $exp_ret += 32 if $exp_ret; + $filename =~ tr/ -//d; + $filename = "Signed${filename}.eml"; + if ( !-f "$pkitsdir/$filename" ) { + print "\"$filename\" not found\n"; + } + else { + my $ret; + my $test_fail = 0; + my $errmsg = ""; + my $cmd = $ossl_cmd; + $cmd .= "-in $pkitsdir/$filename -policy anyPolicy"; + my $cmdout = `$cmd`; + $ret = $? >> 8; + if ( $? & 0xff ) { + $errmsg .= "Abnormal OpenSSL termination\n"; + $test_fail = 1; + } + if ( $exp_ret != $ret ) { + $errmsg .= "Return code:$ret, "; + $errmsg .= "expected $exp_ret\n"; + $test_fail = 1; + } + if ($test_fail) { + print "$tnum $title : Failed!\n"; + print "Filename: $pkitsdir/$filename\n"; + print $errmsg; + print "Command output:\n$cmdout\n"; + $numfail++; + } + $numtest++; + } + } + elsif ( $argnum == 7 ) { + my ( $tnum, $title, $exargs, $exp_epol, $exp_aset, $exp_uset, $exp_ret ) + = @$_; + my $filename = $title; + $exp_ret += 32 if $exp_ret; + $filename =~ tr/ -//d; + $filename = "Signed${filename}.eml"; + if ( !-f "$pkitsdir/$filename" ) { + print "\"$filename\" not found\n"; + } + else { + my $ret; + my $cmdout = ""; + my $errmsg = ""; + my $epol = ""; + my $aset = ""; + my $uset = ""; + my $pol = -1; + my $test_fail = 0; + my $cmd = $ossl_cmd; + $cmd .= "-in $pkitsdir/$filename $exargs -policy_print"; + @oparr = `$cmd`; + $ret = $? >> 8; + + if ( $? & 0xff ) { + $errmsg .= "Abnormal OpenSSL termination\n"; + $test_fail = 1; + } + foreach (@oparr) { + my $test_failed = 0; + $cmdout .= $_; + if (/^Require explicit Policy: (.*)$/) { + $epol = $1; + } + if (/^Authority Policies/) { + if (/empty/) { + $aset = ""; + } + else { + $pol = 1; + } + } + $test_fail = 1 if (/leak/i); + if (/^User Policies/) { + if (/empty/) { + $uset = ""; + } + else { + $pol = 2; + } + } + if (/\s+Policy: (.*)$/) { + if ( $pol == 1 ) { + $aset .= ":" if $aset ne ""; + $aset .= $1; + } + elsif ( $pol == 2 ) { + $uset .= ":" if $uset ne ""; + $uset .= $1; + } + } + } + + if ( $epol ne $exp_epol ) { + $errmsg .= "Explicit policy:$epol, "; + $errmsg .= "expected $exp_epol\n"; + $test_fail = 1; + } + if ( $aset ne $exp_aset ) { + $errmsg .= "Authority policy set :$aset, "; + $errmsg .= "expected $exp_aset\n"; + $test_fail = 1; + } + if ( $uset ne $exp_uset ) { + $errmsg .= "User policy set :$uset, "; + $errmsg .= "expected $exp_uset\n"; + $test_fail = 1; + } + + if ( $exp_ret != $ret ) { + print "Return code:$ret, expected $exp_ret\n"; + $test_fail = 1; + } + + if ($test_fail) { + print "$tnum $title : Failed!\n"; + print "Filename: $pkitsdir/$filename\n"; + print "Command output:\n$cmdout\n"; + $numfail++; + } + $numtest++; + } + } +} + +if ($numfail) { + print "$numfail tests failed out of $numtest\n"; +} +else { + print "All Tests Successful.\n"; +} + +unlink "pkitsta.pem"; + diff --git a/openssl-1.1.0h/test/r160test.c b/openssl-1.1.0h/test/r160test.c new file mode 100644 index 0000000..06033eb --- /dev/null +++ b/openssl-1.1.0h/test/r160test.c @@ -0,0 +1,9 @@ +/* + * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + diff --git a/openssl-1.1.0h/test/randtest.c b/openssl-1.1.0h/test/randtest.c new file mode 100644 index 0000000..9f7a037 --- /dev/null +++ b/openssl-1.1.0h/test/randtest.c @@ -0,0 +1,145 @@ +/* + * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#include +#include +#include + +#include "../e_os.h" + +/* some FIPS 140-1 random number test */ +/* some simple tests */ + +int main(int argc, char **argv) +{ + unsigned char buf[2500]; + int i, j, k, s, sign, nsign, err = 0; + unsigned long n1; + unsigned long n2[16]; + unsigned long runs[2][34]; + /* + * double d; + */ + long d; + + i = RAND_bytes(buf, 2500); + if (i <= 0) { + printf("init failed, the rand method is not properly installed\n"); + err++; + goto err; + } + + n1 = 0; + for (i = 0; i < 16; i++) + n2[i] = 0; + for (i = 0; i < 34; i++) + runs[0][i] = runs[1][i] = 0; + + /* test 1 and 2 */ + sign = 0; + nsign = 0; + for (i = 0; i < 2500; i++) { + j = buf[i]; + + n2[j & 0x0f]++; + n2[(j >> 4) & 0x0f]++; + + for (k = 0; k < 8; k++) { + s = (j & 0x01); + if (s == sign) + nsign++; + else { + if (nsign > 34) + nsign = 34; + if (nsign != 0) { + runs[sign][nsign - 1]++; + if (nsign > 6) + runs[sign][5]++; + } + sign = s; + nsign = 1; + } + + if (s) + n1++; + j >>= 1; + } + } + if (nsign > 34) + nsign = 34; + if (nsign != 0) + runs[sign][nsign - 1]++; + + /* test 1 */ + if (!((9654 < n1) && (n1 < 10346))) { + printf("test 1 failed, X=%lu\n", n1); + err++; + } + printf("test 1 done\n"); + + /* test 2 */ + d = 0; + for (i = 0; i < 16; i++) + d += n2[i] * n2[i]; + d = (d * 8) / 25 - 500000; + if (!((103 < d) && (d < 5740))) { + printf("test 2 failed, X=%ld.%02ld\n", d / 100L, d % 100L); + err++; + } + printf("test 2 done\n"); + + /* test 3 */ + for (i = 0; i < 2; i++) { + if (!((2267 < runs[i][0]) && (runs[i][0] < 2733))) { + printf("test 3 failed, bit=%d run=%d num=%lu\n", + i, 1, runs[i][0]); + err++; + } + if (!((1079 < runs[i][1]) && (runs[i][1] < 1421))) { + printf("test 3 failed, bit=%d run=%d num=%lu\n", + i, 2, runs[i][1]); + err++; + } + if (!((502 < runs[i][2]) && (runs[i][2] < 748))) { + printf("test 3 failed, bit=%d run=%d num=%lu\n", + i, 3, runs[i][2]); + err++; + } + if (!((223 < runs[i][3]) && (runs[i][3] < 402))) { + printf("test 3 failed, bit=%d run=%d num=%lu\n", + i, 4, runs[i][3]); + err++; + } + if (!((90 < runs[i][4]) && (runs[i][4] < 223))) { + printf("test 3 failed, bit=%d run=%d num=%lu\n", + i, 5, runs[i][4]); + err++; + } + if (!((90 < runs[i][5]) && (runs[i][5] < 223))) { + printf("test 3 failed, bit=%d run=%d num=%lu\n", + i, 6, runs[i][5]); + err++; + } + } + printf("test 3 done\n"); + + /* test 4 */ + if (runs[0][33] != 0) { + printf("test 4 failed, bit=%d run=%d num=%lu\n", 0, 34, runs[0][33]); + err++; + } + if (runs[1][33] != 0) { + printf("test 4 failed, bit=%d run=%d num=%lu\n", 1, 34, runs[1][33]); + err++; + } + printf("test 4 done\n"); + err: + err = ((err) ? 1 : 0); + EXIT(err); +} diff --git a/openssl-1.1.0h/test/rc2test.c b/openssl-1.1.0h/test/rc2test.c new file mode 100644 index 0000000..2d0a01d --- /dev/null +++ b/openssl-1.1.0h/test/rc2test.c @@ -0,0 +1,99 @@ +/* + * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +/* + * This has been a quickly hacked 'ideatest.c'. When I add tests for other + * RC2 modes, more of the code will be uncommented. + */ + +#include +#include +#include + +#include "../e_os.h" + +#ifdef OPENSSL_NO_RC2 +int main(int argc, char *argv[]) +{ + printf("No RC2 support\n"); + return (0); +} +#else +# include + +static unsigned char RC2key[4][16] = { + {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, + {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01}, + {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, + {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, + 0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F}, +}; + +static unsigned char RC2plain[4][8] = { + {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, + {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, + {0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF}, + {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, +}; + +static unsigned char RC2cipher[4][8] = { + {0x1C, 0x19, 0x8A, 0x83, 0x8D, 0xF0, 0x28, 0xB7}, + {0x21, 0x82, 0x9C, 0x78, 0xA9, 0xF9, 0xC0, 0x74}, + {0x13, 0xDB, 0x35, 0x17, 0xD3, 0x21, 0x86, 0x9E}, + {0x50, 0xDC, 0x01, 0x62, 0xBD, 0x75, 0x7F, 0x31}, +}; + +int main(int argc, char *argv[]) +{ + int i, n, err = 0; + RC2_KEY key; + unsigned char buf[8], buf2[8]; + + for (n = 0; n < 4; n++) { + RC2_set_key(&key, 16, &(RC2key[n][0]), 0 /* or 1024 */ ); + + RC2_ecb_encrypt(&(RC2plain[n][0]), buf, &key, RC2_ENCRYPT); + if (memcmp(&(RC2cipher[n][0]), buf, 8) != 0) { + printf("ecb rc2 error encrypting\n"); + printf("got :"); + for (i = 0; i < 8; i++) + printf("%02X ", buf[i]); + printf("\n"); + printf("expected:"); + for (i = 0; i < 8; i++) + printf("%02X ", RC2cipher[n][i]); + err = 20; + printf("\n"); + } + + RC2_ecb_encrypt(buf, buf2, &key, RC2_DECRYPT); + if (memcmp(&(RC2plain[n][0]), buf2, 8) != 0) { + printf("ecb RC2 error decrypting\n"); + printf("got :"); + for (i = 0; i < 8; i++) + printf("%02X ", buf[i]); + printf("\n"); + printf("expected:"); + for (i = 0; i < 8; i++) + printf("%02X ", RC2plain[n][i]); + printf("\n"); + err = 3; + } + } + + if (err == 0) + printf("ecb RC2 ok\n"); + + EXIT(err); +} + +#endif diff --git a/openssl-1.1.0h/test/rc4test.c b/openssl-1.1.0h/test/rc4test.c new file mode 100644 index 0000000..7a77b82 --- /dev/null +++ b/openssl-1.1.0h/test/rc4test.c @@ -0,0 +1,175 @@ +/* + * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#include +#include +#include + +#include "../e_os.h" + +#ifdef OPENSSL_NO_RC4 +int main(int argc, char *argv[]) +{ + printf("No RC4 support\n"); + return (0); +} +#else +# include +# include + +static unsigned char keys[7][30] = { + {8, 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef}, + {8, 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef}, + {8, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, + {4, 0xef, 0x01, 0x23, 0x45}, + {8, 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef}, + {4, 0xef, 0x01, 0x23, 0x45}, +}; + +static unsigned char data_len[7] = { 8, 8, 8, 20, 28, 10 }; + +static unsigned char data[7][30] = { + {0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef, 0xff}, + {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xff}, + {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xff}, + {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0xff}, + {0x12, 0x34, 0x56, 0x78, 0x9A, 0xBC, 0xDE, 0xF0, + 0x12, 0x34, 0x56, 0x78, 0x9A, 0xBC, 0xDE, 0xF0, + 0x12, 0x34, 0x56, 0x78, 0x9A, 0xBC, 0xDE, 0xF0, + 0x12, 0x34, 0x56, 0x78, 0xff}, + {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xff}, + {0}, +}; + +static unsigned char output[7][30] = { + {0x75, 0xb7, 0x87, 0x80, 0x99, 0xe0, 0xc5, 0x96, 0x00}, + {0x74, 0x94, 0xc2, 0xe7, 0x10, 0x4b, 0x08, 0x79, 0x00}, + {0xde, 0x18, 0x89, 0x41, 0xa3, 0x37, 0x5d, 0x3a, 0x00}, + {0xd6, 0xa1, 0x41, 0xa7, 0xec, 0x3c, 0x38, 0xdf, + 0xbd, 0x61, 0x5a, 0x11, 0x62, 0xe1, 0xc7, 0xba, + 0x36, 0xb6, 0x78, 0x58, 0x00}, + {0x66, 0xa0, 0x94, 0x9f, 0x8a, 0xf7, 0xd6, 0x89, + 0x1f, 0x7f, 0x83, 0x2b, 0xa8, 0x33, 0xc0, 0x0c, + 0x89, 0x2e, 0xbe, 0x30, 0x14, 0x3c, 0xe2, 0x87, + 0x40, 0x01, 0x1e, 0xcf, 0x00}, + {0xd6, 0xa1, 0x41, 0xa7, 0xec, 0x3c, 0x38, 0xdf, 0xbd, 0x61, 0x00}, + {0}, +}; + +int main(int argc, char *argv[]) +{ + int i, err = 0; + int j; + unsigned char *p; + RC4_KEY key; + unsigned char obuf[512]; + + for (i = 0; i < 6; i++) { + RC4_set_key(&key, keys[i][0], &(keys[i][1])); + memset(obuf, 0, sizeof(obuf)); + RC4(&key, data_len[i], &(data[i][0]), obuf); + if (memcmp(obuf, output[i], data_len[i] + 1) != 0) { + printf("error calculating RC4\n"); + printf("output:"); + for (j = 0; j < data_len[i] + 1; j++) + printf(" %02x", obuf[j]); + printf("\n"); + printf("expect:"); + p = &(output[i][0]); + for (j = 0; j < data_len[i] + 1; j++) + printf(" %02x", *(p++)); + printf("\n"); + err++; + } else + printf("test %d ok\n", i); + } + printf("test end processing "); + for (i = 0; i < data_len[3]; i++) { + RC4_set_key(&key, keys[3][0], &(keys[3][1])); + memset(obuf, 0, sizeof(obuf)); + RC4(&key, i, &(data[3][0]), obuf); + if ((memcmp(obuf, output[3], i) != 0) || (obuf[i] != 0)) { + printf("error in RC4 length processing\n"); + printf("output:"); + for (j = 0; j < i + 1; j++) + printf(" %02x", obuf[j]); + printf("\n"); + printf("expect:"); + p = &(output[3][0]); + for (j = 0; j < i; j++) + printf(" %02x", *(p++)); + printf(" 00\n"); + err++; + } else { + printf("."); + fflush(stdout); + } + } + printf("done\n"); + printf("test multi-call "); + for (i = 0; i < data_len[3]; i++) { + RC4_set_key(&key, keys[3][0], &(keys[3][1])); + memset(obuf, 0, sizeof(obuf)); + RC4(&key, i, &(data[3][0]), obuf); + RC4(&key, data_len[3] - i, &(data[3][i]), &(obuf[i])); + if (memcmp(obuf, output[3], data_len[3] + 1) != 0) { + printf("error in RC4 multi-call processing\n"); + printf("output:"); + for (j = 0; j < data_len[3] + 1; j++) + printf(" %02x", obuf[j]); + printf("\n"); + printf("expect:"); + p = &(output[3][0]); + for (j = 0; j < data_len[3] + 1; j++) + printf(" %02x", *(p++)); + err++; + } else { + printf("."); + fflush(stdout); + } + } + printf("done\n"); + printf("bulk test "); + { + unsigned char buf[513]; + SHA_CTX c; + unsigned char md[SHA_DIGEST_LENGTH]; + static unsigned char expected[] = { + 0xa4, 0x7b, 0xcc, 0x00, 0x3d, 0xd0, 0xbd, 0xe1, 0xac, 0x5f, + 0x12, 0x1e, 0x45, 0xbc, 0xfb, 0x1a, 0xa1, 0xf2, 0x7f, 0xc5 + }; + + RC4_set_key(&key, keys[0][0], &(keys[3][1])); + memset(buf, 0, sizeof(buf)); + SHA1_Init(&c); + for (i = 0; i < 2571; i++) { + RC4(&key, sizeof(buf), buf, buf); + SHA1_Update(&c, buf, sizeof(buf)); + } + SHA1_Final(md, &c); + + if (memcmp(md, expected, sizeof(md))) { + printf("error in RC4 bulk test\n"); + printf("output:"); + for (j = 0; j < (int)sizeof(md); j++) + printf(" %02x", md[j]); + printf("\n"); + printf("expect:"); + for (j = 0; j < (int)sizeof(md); j++) + printf(" %02x", expected[j]); + printf("\n"); + err++; + } else + printf("ok\n"); + } + EXIT(err); +} +#endif diff --git a/openssl-1.1.0h/test/rc5test.c b/openssl-1.1.0h/test/rc5test.c new file mode 100644 index 0000000..6567bcb --- /dev/null +++ b/openssl-1.1.0h/test/rc5test.c @@ -0,0 +1,276 @@ +/* + * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +/* + * This has been a quickly hacked 'ideatest.c'. When I add tests for other + * RC5 modes, more of the code will be uncommented. + */ + +#include +#include +#include + +#include "../e_os.h" + +#ifdef OPENSSL_NO_RC5 +int main(int argc, char *argv[]) +{ + printf("No RC5 support\n"); + return (0); +} +#else +# include + +static unsigned char RC5key[5][16] = { + {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, + {0x91, 0x5f, 0x46, 0x19, 0xbe, 0x41, 0xb2, 0x51, + 0x63, 0x55, 0xa5, 0x01, 0x10, 0xa9, 0xce, 0x91}, + {0x78, 0x33, 0x48, 0xe7, 0x5a, 0xeb, 0x0f, 0x2f, + 0xd7, 0xb1, 0x69, 0xbb, 0x8d, 0xc1, 0x67, 0x87}, + {0xdc, 0x49, 0xdb, 0x13, 0x75, 0xa5, 0x58, 0x4f, + 0x64, 0x85, 0xb4, 0x13, 0xb5, 0xf1, 0x2b, 0xaf}, + {0x52, 0x69, 0xf1, 0x49, 0xd4, 0x1b, 0xa0, 0x15, + 0x24, 0x97, 0x57, 0x4d, 0x7f, 0x15, 0x31, 0x25}, +}; + +static unsigned char RC5plain[5][8] = { + {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, + {0x21, 0xA5, 0xDB, 0xEE, 0x15, 0x4B, 0x8F, 0x6D}, + {0xF7, 0xC0, 0x13, 0xAC, 0x5B, 0x2B, 0x89, 0x52}, + {0x2F, 0x42, 0xB3, 0xB7, 0x03, 0x69, 0xFC, 0x92}, + {0x65, 0xC1, 0x78, 0xB2, 0x84, 0xD1, 0x97, 0xCC}, +}; + +static unsigned char RC5cipher[5][8] = { + {0x21, 0xA5, 0xDB, 0xEE, 0x15, 0x4B, 0x8F, 0x6D}, + {0xF7, 0xC0, 0x13, 0xAC, 0x5B, 0x2B, 0x89, 0x52}, + {0x2F, 0x42, 0xB3, 0xB7, 0x03, 0x69, 0xFC, 0x92}, + {0x65, 0xC1, 0x78, 0xB2, 0x84, 0xD1, 0x97, 0xCC}, + {0xEB, 0x44, 0xE4, 0x15, 0xDA, 0x31, 0x98, 0x24}, +}; + +# define RC5_CBC_NUM 27 +static unsigned char rc5_cbc_cipher[RC5_CBC_NUM][8] = { + {0x7a, 0x7b, 0xba, 0x4d, 0x79, 0x11, 0x1d, 0x1e}, + {0x79, 0x7b, 0xba, 0x4d, 0x78, 0x11, 0x1d, 0x1e}, + {0x7a, 0x7b, 0xba, 0x4d, 0x79, 0x11, 0x1d, 0x1f}, + {0x7a, 0x7b, 0xba, 0x4d, 0x79, 0x11, 0x1d, 0x1f}, + {0x8b, 0x9d, 0xed, 0x91, 0xce, 0x77, 0x94, 0xa6}, + {0x2f, 0x75, 0x9f, 0xe7, 0xad, 0x86, 0xa3, 0x78}, + {0xdc, 0xa2, 0x69, 0x4b, 0xf4, 0x0e, 0x07, 0x88}, + {0xdc, 0xa2, 0x69, 0x4b, 0xf4, 0x0e, 0x07, 0x88}, + {0xdc, 0xfe, 0x09, 0x85, 0x77, 0xec, 0xa5, 0xff}, + {0x96, 0x46, 0xfb, 0x77, 0x63, 0x8f, 0x9c, 0xa8}, + {0xb2, 0xb3, 0x20, 0x9d, 0xb6, 0x59, 0x4d, 0xa4}, + {0x54, 0x5f, 0x7f, 0x32, 0xa5, 0xfc, 0x38, 0x36}, + {0x82, 0x85, 0xe7, 0xc1, 0xb5, 0xbc, 0x74, 0x02}, + {0xfc, 0x58, 0x6f, 0x92, 0xf7, 0x08, 0x09, 0x34}, + {0xcf, 0x27, 0x0e, 0xf9, 0x71, 0x7f, 0xf7, 0xc4}, + {0xe4, 0x93, 0xf1, 0xc1, 0xbb, 0x4d, 0x6e, 0x8c}, + {0x5c, 0x4c, 0x04, 0x1e, 0x0f, 0x21, 0x7a, 0xc3}, + {0x92, 0x1f, 0x12, 0x48, 0x53, 0x73, 0xb4, 0xf7}, + {0x5b, 0xa0, 0xca, 0x6b, 0xbe, 0x7f, 0x5f, 0xad}, + {0xc5, 0x33, 0x77, 0x1c, 0xd0, 0x11, 0x0e, 0x63}, + {0x29, 0x4d, 0xdb, 0x46, 0xb3, 0x27, 0x8d, 0x60}, + {0xda, 0xd6, 0xbd, 0xa9, 0xdf, 0xe8, 0xf7, 0xe8}, + {0x97, 0xe0, 0x78, 0x78, 0x37, 0xed, 0x31, 0x7f}, + {0x78, 0x75, 0xdb, 0xf6, 0x73, 0x8c, 0x64, 0x78}, + {0x8f, 0x34, 0xc3, 0xc6, 0x81, 0xc9, 0x96, 0x95}, + {0x7c, 0xb3, 0xf1, 0xdf, 0x34, 0xf9, 0x48, 0x11}, + {0x7f, 0xd1, 0xa0, 0x23, 0xa5, 0xbb, 0xa2, 0x17}, +}; + +static unsigned char rc5_cbc_key[RC5_CBC_NUM][17] = { + {1, 0x00}, + {1, 0x00}, + {1, 0x00}, + {1, 0x00}, + {1, 0x00}, + {1, 0x11}, + {1, 0x00}, + {4, 0x00, 0x00, 0x00, 0x00}, + {1, 0x00}, + {1, 0x00}, + {1, 0x00}, + {1, 0x00}, + {4, 0x01, 0x02, 0x03, 0x04}, + {4, 0x01, 0x02, 0x03, 0x04}, + {4, 0x01, 0x02, 0x03, 0x04}, + {8, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08}, + {8, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08}, + {8, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08}, + {8, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08}, + {16, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, + 0x10, 0x20, 0x30, 0x40, 0x50, 0x60, 0x70, 0x80}, + {16, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, + 0x10, 0x20, 0x30, 0x40, 0x50, 0x60, 0x70, 0x80}, + {16, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, + 0x10, 0x20, 0x30, 0x40, 0x50, 0x60, 0x70, 0x80}, + {5, 0x01, 0x02, 0x03, 0x04, 0x05}, + {5, 0x01, 0x02, 0x03, 0x04, 0x05}, + {5, 0x01, 0x02, 0x03, 0x04, 0x05}, + {5, 0x01, 0x02, 0x03, 0x04, 0x05}, + {5, 0x01, 0x02, 0x03, 0x04, 0x05}, +}; + +static unsigned char rc5_cbc_plain[RC5_CBC_NUM][8] = { + {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, + {0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff}, + {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, + {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01}, + {0x10, 0x20, 0x30, 0x40, 0x50, 0x60, 0x70, 0x80}, + {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, + {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, + {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, + {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, + {0x10, 0x20, 0x30, 0x40, 0x50, 0x60, 0x70, 0x80}, + {0x10, 0x20, 0x30, 0x40, 0x50, 0x60, 0x70, 0x80}, + {0x10, 0x20, 0x30, 0x40, 0x50, 0x60, 0x70, 0x80}, + {0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff}, + {0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff}, + {0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff}, + {0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff}, + {0x10, 0x20, 0x30, 0x40, 0x50, 0x60, 0x70, 0x80}, + {0x10, 0x20, 0x30, 0x40, 0x50, 0x60, 0x70, 0x80}, + {0x10, 0x20, 0x30, 0x40, 0x50, 0x60, 0x70, 0x80}, + {0x10, 0x20, 0x30, 0x40, 0x50, 0x60, 0x70, 0x80}, + {0x10, 0x20, 0x30, 0x40, 0x50, 0x60, 0x70, 0x80}, + {0x10, 0x20, 0x30, 0x40, 0x50, 0x60, 0x70, 0x80}, + {0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff}, + {0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff}, + {0x08, 0x08, 0x08, 0x08, 0x08, 0x08, 0x08, 0x08}, + {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, + {0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77, 0x01}, +}; + +static int rc5_cbc_rounds[RC5_CBC_NUM] = { + 0, 0, 0, 0, 0, 1, 2, 2, + 8, 8, 12, 16, 8, 12, 16, 12, + 8, 12, 16, 8, 12, 16, 12, 8, + 8, 8, 8, +}; + +static unsigned char rc5_cbc_iv[RC5_CBC_NUM][8] = { + {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, + {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, + {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01}, + {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, + {0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08}, + {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, + {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, + {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, + {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, + {0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08}, + {0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08}, + {0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08}, + {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, + {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, + {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, + {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, + {0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08}, + {0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08}, + {0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08}, + {0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08}, + {0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08}, + {0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08}, + {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, + {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, + {0x78, 0x75, 0xdb, 0xf6, 0x73, 0x8c, 0x64, 0x78}, + {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, + {0x7c, 0xb3, 0xf1, 0xdf, 0x34, 0xf9, 0x48, 0x11}, +}; + +int main(int argc, char *argv[]) +{ + int i, n, err = 0; + RC5_32_KEY key; + unsigned char buf[8], buf2[8], ivb[8]; + + for (n = 0; n < 5; n++) { + RC5_32_set_key(&key, 16, &(RC5key[n][0]), 12); + + RC5_32_ecb_encrypt(&(RC5plain[n][0]), buf, &key, RC5_ENCRYPT); + if (memcmp(&(RC5cipher[n][0]), buf, 8) != 0) { + printf("ecb RC5 error encrypting (%d)\n", n + 1); + printf("got :"); + for (i = 0; i < 8; i++) + printf("%02X ", buf[i]); + printf("\n"); + printf("expected:"); + for (i = 0; i < 8; i++) + printf("%02X ", RC5cipher[n][i]); + err = 20; + printf("\n"); + } + + RC5_32_ecb_encrypt(buf, buf2, &key, RC5_DECRYPT); + if (memcmp(&(RC5plain[n][0]), buf2, 8) != 0) { + printf("ecb RC5 error decrypting (%d)\n", n + 1); + printf("got :"); + for (i = 0; i < 8; i++) + printf("%02X ", buf2[i]); + printf("\n"); + printf("expected:"); + for (i = 0; i < 8; i++) + printf("%02X ", RC5plain[n][i]); + printf("\n"); + err = 3; + } + } + if (err == 0) + printf("ecb RC5 ok\n"); + + for (n = 0; n < RC5_CBC_NUM; n++) { + i = rc5_cbc_rounds[n]; + if (i < 8) + continue; + + RC5_32_set_key(&key, rc5_cbc_key[n][0], &(rc5_cbc_key[n][1]), i); + + memcpy(ivb, &(rc5_cbc_iv[n][0]), 8); + RC5_32_cbc_encrypt(&(rc5_cbc_plain[n][0]), buf, 8, + &key, &(ivb[0]), RC5_ENCRYPT); + + if (memcmp(&(rc5_cbc_cipher[n][0]), buf, 8) != 0) { + printf("cbc RC5 error encrypting (%d)\n", n + 1); + printf("got :"); + for (i = 0; i < 8; i++) + printf("%02X ", buf[i]); + printf("\n"); + printf("expected:"); + for (i = 0; i < 8; i++) + printf("%02X ", rc5_cbc_cipher[n][i]); + err = 30; + printf("\n"); + } + + memcpy(ivb, &(rc5_cbc_iv[n][0]), 8); + RC5_32_cbc_encrypt(buf, buf2, 8, &key, &(ivb[0]), RC5_DECRYPT); + if (memcmp(&(rc5_cbc_plain[n][0]), buf2, 8) != 0) { + printf("cbc RC5 error decrypting (%d)\n", n + 1); + printf("got :"); + for (i = 0; i < 8; i++) + printf("%02X ", buf2[i]); + printf("\n"); + printf("expected:"); + for (i = 0; i < 8; i++) + printf("%02X ", rc5_cbc_plain[n][i]); + printf("\n"); + err = 3; + } + } + if (err == 0) + printf("cbc RC5 ok\n"); + + EXIT(err); + return (err); +} + +#endif diff --git a/openssl-1.1.0h/test/recipes/01-test_abort.t b/openssl-1.1.0h/test/recipes/01-test_abort.t new file mode 100644 index 0000000..2f121e2 --- /dev/null +++ b/openssl-1.1.0h/test/recipes/01-test_abort.t @@ -0,0 +1,16 @@ +#! /usr/bin/env perl +# Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved. +# +# Licensed under the OpenSSL license (the "License"). You may not use +# this file except in compliance with the License. You can obtain a copy +# in the file LICENSE in the source distribution or at +# https://www.openssl.org/source/license.html + + +use OpenSSL::Test; + +setup("test_abort"); + +plan tests => 1; + +is(run(test(["aborttest"])), 0, "Testing that abort is caught correctly"); diff --git a/openssl-1.1.0h/test/recipes/01-test_sanity.t b/openssl-1.1.0h/test/recipes/01-test_sanity.t new file mode 100644 index 0000000..f01466d --- /dev/null +++ b/openssl-1.1.0h/test/recipes/01-test_sanity.t @@ -0,0 +1,12 @@ +#! /usr/bin/env perl +# Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved. +# +# Licensed under the OpenSSL license (the "License"). You may not use +# this file except in compliance with the License. You can obtain a copy +# in the file LICENSE in the source distribution or at +# https://www.openssl.org/source/license.html + + +use OpenSSL::Test::Simple; + +simple_test("test_sanity", "sanitytest"); diff --git a/openssl-1.1.0h/test/recipes/01-test_symbol_presence.t b/openssl-1.1.0h/test/recipes/01-test_symbol_presence.t new file mode 100644 index 0000000..7f2a2d7 --- /dev/null +++ b/openssl-1.1.0h/test/recipes/01-test_symbol_presence.t @@ -0,0 +1,116 @@ +#! /usr/bin/env perl +# -*- mode: Perl -*- +# Copyright 2016 The OpenSSL Project Authors. All Rights Reserved. +# +# Licensed under the OpenSSL license (the "License"). You may not use +# this file except in compliance with the License. You can obtain a copy +# in the file LICENSE in the source distribution or at +# https://www.openssl.org/source/license.html + +use strict; +use File::Spec::Functions qw(devnull); +use OpenSSL::Test qw(:DEFAULT srctop_file bldtop_dir bldtop_file); +use OpenSSL::Test::Utils; + +setup("test_symbol_presence"); + +plan skip_all => "Only useful when building shared libraries" + if disabled("shared"); + +my @libnames = ("crypto", "ssl"); +my $testcount = scalar @libnames; + +plan tests => $testcount * 2; + +note + "NOTE: developer test! It's possible that it won't run on your\n", + "platform, and that's perfectly fine. This is mainly for developers\n", + "on Unix to check that our shared libraries are consistent with the\n", + "ordinals (util/*.num in the source tree), something that should be\n", + "good enough a check for the other platforms as well.\n"; + +foreach my $libname (@libnames) { + SKIP: + { + my $shlibpath = bldtop_file("lib" . $libname . ".so"); + *OSTDERR = *STDERR; + *OSTDOUT = *STDOUT; + open STDERR, ">", devnull(); + open STDOUT, ">", devnull(); + my @nm_lines = map { s|\R$||; $_ } `nm -Pg $shlibpath 2> /dev/null`; + close STDERR; + close STDOUT; + *STDERR = *OSTDERR; + *STDOUT = *OSTDOUT; + skip "Can't run 'nm -Pg $shlibpath' => $?... ignoring", 2 + unless $? == 0; + + my $bldtop = bldtop_dir(); + my @def_lines; + indir $bldtop => sub { + my $mkdefpath = srctop_file("util", "mkdef.pl"); + @def_lines = map { s|\R$||; $_ } `$^X $mkdefpath $libname linux 2> /dev/null`; + ok($? == 0, "running 'cd $bldtop; $^X $mkdefpath $libname linux' => $?"); + }, create => 0, cleanup => 0; + + note "Number of lines in \@nm_lines before massaging: ", scalar @nm_lines; + note "Number of lines in \@def_lines before massaging: ", scalar @def_lines; + + # Massage the nm output to only contain defined symbols + @nm_lines = sort map { s| .*||; $_ } grep(m|.* [BCDST] .*|, @nm_lines); + + # Massage the mkdef.pl output to only contain global symbols + # The output we got is in Unix .map format, which has a global + # and a local section. We're only interested in the global + # section. + my $in_global = 0; + @def_lines = + sort + map { s|;||; s|\s+||g; $_ } + grep { $in_global = 1 if m|global:|; + $in_global = 0 if m|local:|; + $in_global = 0 if m|\}|; + $in_global && m|;|; } @def_lines; + + note "Number of lines in \@nm_lines after massaging: ", scalar @nm_lines; + note "Number of lines in \@def_lines after massaging: ", scalar @def_lines; + + # Maintain lists of symbols that are missing in the shared library, + # or that are extra. + my @missing = (); + my @extra = (); + + while (scalar @nm_lines || scalar @def_lines) { + my $nm_first = $nm_lines[0]; + my $def_first = $def_lines[0]; + + if (!defined($nm_first)) { + push @missing, shift @def_lines; + } elsif (!defined($def_first)) { + push @extra, shift @nm_lines; + } elsif ($nm_first gt $def_first) { + push @missing, shift @def_lines; + } elsif ($nm_first lt $def_first) { + push @extra, shift @nm_lines; + } else { + shift @def_lines; + shift @nm_lines; + } + } + + if (scalar @missing) { + note "The following symbols are missing in lib$libname.so:"; + foreach (@missing) { + note " $_"; + } + } + if (scalar @extra) { + note "The following symbols are extra in lib$libname.so:"; + foreach (@extra) { + note " $_"; + } + } + ok(scalar @missing == 0, + "check that there are no missing symbols in lib$libname.so"); + } +} diff --git a/openssl-1.1.0h/test/recipes/02-test_ordinals.t b/openssl-1.1.0h/test/recipes/02-test_ordinals.t new file mode 100644 index 0000000..473d05b --- /dev/null +++ b/openssl-1.1.0h/test/recipes/02-test_ordinals.t @@ -0,0 +1,58 @@ +#! /usr/bin/env perl +# Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved. +# +# Licensed under the OpenSSL license (the "License"). You may not use +# this file except in compliance with the License. You can obtain a copy +# in the file LICENSE in the source distribution or at +# https://www.openssl.org/source/license.html + +use strict; +use OpenSSL::Test qw/:DEFAULT srctop_file/; + +setup("test_ordinals"); + +plan tests => 2; + +ok(testordinals(srctop_file("util", "libcrypto.num")), "Test libcrypto.num"); +ok(testordinals(srctop_file("util", "libssl.num")), "Test libssl.num"); + +sub testordinals +{ + my $filename = shift; + my $cnt = 0; + my $ret = 1; + my $qualifier = ""; + my $newqual; + my $lastfunc = ""; + + open(my $fh, '<', $filename); + while (my $line = <$fh>) { + my @tokens = split(/(?:\s+|\s*:\s*)/, $line); + #Check the line looks sane + if ($#tokens < 5 || $#tokens > 6) { + print STDERR "Invalid line:\n$line\n"; + $ret = 0; + last; + } + if ($tokens[3] eq "NOEXIST") { + #Ignore this line + next; + } + #Some ordinals can be repeated, e.g. if one is VMS and another is !VMS + $newqual = $tokens[4]; + $newqual =~ s/!//g; + if ($cnt > $tokens[1] + || ($cnt == $tokens[1] && ($qualifier ne $newqual + || $qualifier eq ""))) { + print STDERR "Invalid ordinal detected: ".$tokens[1]."\n"; + $ret = 0; + last; + } + $cnt = $tokens[1]; + $qualifier = $newqual; + $lastfunc = $tokens[0]; + } + close($fh); + + return $ret; +} diff --git a/openssl-1.1.0h/test/recipes/03-test_exdata.t b/openssl-1.1.0h/test/recipes/03-test_exdata.t new file mode 100644 index 0000000..da66f95 --- /dev/null +++ b/openssl-1.1.0h/test/recipes/03-test_exdata.t @@ -0,0 +1,12 @@ +#! /usr/bin/env perl +# Copyright 2017 The OpenSSL Project Authors. All Rights Reserved. +# +# Licensed under the OpenSSL license (the "License"). You may not use +# this file except in compliance with the License. You can obtain a copy +# in the file LICENSE in the source distribution or at +# https://www.openssl.org/source/license.html + + +use OpenSSL::Test::Simple; + +simple_test("test_exdata", "exdatatest"); diff --git a/openssl-1.1.0h/test/recipes/03-test_ui.t b/openssl-1.1.0h/test/recipes/03-test_ui.t new file mode 100644 index 0000000..b1065d1 --- /dev/null +++ b/openssl-1.1.0h/test/recipes/03-test_ui.t @@ -0,0 +1,30 @@ +#! /usr/bin/env perl +# Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved. +# +# Licensed under the OpenSSL license (the "License"). You may not use +# this file except in compliance with the License. You can obtain a copy +# in the file LICENSE in the source distribution or at +# https://www.openssl.org/source/license.html + +use strict; +use warnings; +use OpenSSL::Test; + +setup("test_ui"); + +plan tests => 1; + +note <<"EOF"; +The best way to test the UI interface is currently by using an openssl +command that uses password_callback. The only one that does this is +'genrsa'. +Since password_callback uses a UI method derived from UI_OpenSSL(), it +ensures that one gets tested well enough as well. +EOF + +my $outfile = "rsa_$$.pem"; +ok(run(app(["openssl", "genrsa", "-passout", "pass:password", "-aes128", + "-out", $outfile])), + "Checking that genrsa with a password works properly"); + +unlink $outfile; diff --git a/openssl-1.1.0h/test/recipes/04-test_pem.t b/openssl-1.1.0h/test/recipes/04-test_pem.t new file mode 100644 index 0000000..48f62ff --- /dev/null +++ b/openssl-1.1.0h/test/recipes/04-test_pem.t @@ -0,0 +1,106 @@ +#! /usr/bin/env perl +# Copyright 2017 The OpenSSL Project Authors. All Rights Reserved. +# +# Licensed under the OpenSSL license (the "License"). You may not use +# this file except in compliance with the License. You can obtain a copy +# in the file LICENSE in the source distribution or at +# https://www.openssl.org/source/license.html +# +# ====================================================================== + + +use strict; +use warnings; + +use File::Compare qw/compare_text/; +use File::Basename; +use OpenSSL::Test qw/:DEFAULT srctop_file data_file/; +use OpenSSL::Test::Utils; + +setup("test_pem_reading"); + +my $testsrc = srctop_file("test", "recipes", basename($0)); + +my $cmd = "openssl"; + +# map input PEM file to 1 if it should be accepted; 0 when should be rejected +my %cert_expected = ( + "cert-1023line.pem" => 1, + "cert-1024line.pem" => 1, + "cert-1025line.pem" => 1, + "cert-255line.pem" => 1, + "cert-256line.pem" => 1, + "cert-257line.pem" => 1, + "cert-blankline.pem" => 0, + "cert-comment.pem" => 0, + "cert-earlypad.pem" => 0, + "cert-extrapad.pem" => 0, + "cert-infixwhitespace.pem" => 1, + "cert-junk.pem" => 0, + "cert-leadingwhitespace.pem" => 1, + "cert-longline.pem" => 1, + "cert-misalignedpad.pem" => 0, + "cert-onecolumn.pem" => 1, + "cert-oneline.pem" => 1, + "cert-shortandlongline.pem" => 1, + "cert-shortline.pem" => 1, + "cert-threecolumn.pem" => 1, + "cert-trailingwhitespace.pem" => 1, + "cert.pem" => 1 +); +my %dsa_expected = ( + "dsa-1023line.pem" => 0, + "dsa-1024line.pem" => 0, + "dsa-1025line.pem" => 0, + "dsa-255line.pem" => 0, + "dsa-256line.pem" => 0, + "dsa-257line.pem" => 0, + "dsa-blankline.pem" => 0, + "dsa-comment.pem" => 0, + "dsa-corruptedheader.pem" => 0, + "dsa-corruptiv.pem" => 0, + "dsa-earlypad.pem" => 0, + "dsa-extrapad.pem" => 0, + "dsa-infixwhitespace.pem" => 0, + "dsa-junk.pem" => 0, + "dsa-leadingwhitespace.pem" => 0, + "dsa-longline.pem" => 0, + "dsa-misalignedpad.pem" => 0, + "dsa-onecolumn.pem" => 0, + "dsa-oneline.pem" => 0, + "dsa-onelineheader.pem" => 0, + "dsa-shortandlongline.pem" => 0, + "dsa-shortline.pem" => 0, + "dsa-threecolumn.pem" => 0, + "dsa-trailingwhitespace.pem" => 1, + "dsa.pem" => 1 +); + +plan tests => scalar keys(%cert_expected) + scalar keys(%dsa_expected) + 1; + +foreach my $input (keys %cert_expected) { + my @common = ($cmd, "x509", "-text", "-noout", "-inform", "PEM", "-in"); + my @data = run(app([@common, data_file($input)], stderr => undef), capture => 1); + my @match = grep /The Great State of Long-Winded Certificate Field Names Whereby to Increase the Output Size/, @data; + is((scalar @match > 0 ? 1 : 0), $cert_expected{$input}); +} +SKIP: { + skip "DSA support disabled, skipping...", (scalar keys %dsa_expected) unless !disabled("dsa"); + foreach my $input (keys %dsa_expected) { + my @common = ($cmd, "pkey", "-inform", "PEM", "-passin", "file:" . data_file("wellknown"), "-noout", "-text", "-in"); + my @data; + { + local $ENV{MSYS2_ARG_CONV_EXCL} = "file:"; + @data = run(app([@common, data_file($input)], stderr => undef), capture => 1); + } + my @match = grep /68:42:02:16:63:54:16:eb:06:5c:ab:06:72:3b:78:/, @data; + is((scalar @match > 0 ? 1 : 0), $dsa_expected{$input}); + } +} +SKIP: { + skip "RSA support disabled, skipping...", 1 unless !disabled("rsa"); + my @common = ($cmd, "pkey", "-inform", "PEM", "-noout", "-text", "-in"); + my @data = run(app([@common, data_file("beermug.pem")], stderr => undef), capture => 1); + my @match = grep /00:a0:3a:21:14:5d:cd:b6:d5:a0:3e:49:23:c1:3a:/, @data; + ok(scalar @match > 0 ? 1 : 0); +} diff --git a/openssl-1.1.0h/test/recipes/04-test_pem_data/NOTES b/openssl-1.1.0h/test/recipes/04-test_pem_data/NOTES new file mode 100644 index 0000000..baafd15 --- /dev/null +++ b/openssl-1.1.0h/test/recipes/04-test_pem_data/NOTES @@ -0,0 +1,3 @@ +The cert-*.pem and dsa-*.pem files are generated as manipulation of the +ASCII text of cert.pem and dsa.pem, respectively -- they should decode to the +same data. diff --git a/openssl-1.1.0h/test/recipes/04-test_pem_data/beermug.pem b/openssl-1.1.0h/test/recipes/04-test_pem_data/beermug.pem new file mode 100644 index 0000000..98b04b7 --- /dev/null +++ b/openssl-1.1.0h/test/recipes/04-test_pem_data/beermug.pem @@ -0,0 +1,30 @@ +-----BEGIN RSA PRIVATE KEY----- +MIICXQIBAAKBgQC+qeXl4ZUfQZFmcGAPwdt7Mza4NQ6mJHehc4V/hVYc6eepvL/5 +uyyflzuhVy5ufctdi92FlXcIct5nNPdqK0PPdWH5Uzw0t/OjI5y/SJh8ur20krqw +j/N1IOs63AcGLIVSkwx89iQbxj+2tV+YxFpGunUYyR/bJJWczuDMA/CujQIDAQAB +AoGBAKA6IRRdzbbVoD5JI8E6NZtEP7DwDZ57uPk6Hq86u1JTEzcmguJ4dJitPBRr +Mn7yQgwcNQ5EvCKifdqXvXBAaZuiiPFuCS/gfUw04jVHXWvG8ZvBQC3dutUYnFW7 +hdun8QU/Z6a1BethvESi1J1vgY2+XC4cBIvbutTc9HhMhbQ1AkEA8YTKGsVEYoKE +d7sSx4qjeN4bgzeVgIwRt01wJ1EJN62LhwO+pYSXvTt14aHxiascejJqUhtuWvzR +nuwydqiDpwJBAMoYgUoWdgW4O/C5ZXjiSia54jzrt7upxSq88njTRo/MCQfuJVbc +3GUD+15V0zNhx9D7lcI+1uxhfcD7jWbJEqsCQBrE/SG6e7nvfX9H3O0BEN10wNfq +cUeuPshybNvuv3bMZYqxf5AZAjiXPpmjuYHo1V8191Lid3jeTN2wkGdWhkECQQCI +Rj3oV3z+Hl1M1bc27GBT/MQxkEE0qiXpy780+kJ6dHsifdNv3z4+X5EA656e5zB2 +Gy/A697BRnwlxXpz9OJBAkAUe7Ap0yU8aO6g5g+gsH+18bF0MftWh81VLOo09rRp +SOHxNGGJLE5As5XkCGUZVIass1r8Q4N22Wip0QzeSWDi +- +- . * .. . * * +- * * @()Ooc()* o . +- (Q@*0CG*O() ___ +- |\_________/|/ _ \ +- | | | | | / | | +- | | | | | | | | +- | | | | | | | | +- | | | | | | | | +- | | | | | | | | +- | | | | | \_| | +- | | | | |\___/ +- |\_|__|__|_/| +- \_________/ +- +-----END RSA PRIVATE KEY----- diff --git a/openssl-1.1.0h/test/recipes/04-test_pem_data/cert-1023line.pem b/openssl-1.1.0h/test/recipes/04-test_pem_data/cert-1023line.pem new file mode 100644 index 0000000..7ad3103 --- /dev/null +++ b/openssl-1.1.0h/test/recipes/04-test_pem_data/cert-1023line.pem @@ -0,0 +1,13 @@ +-----BEGIN CERTIFICATE----- +MIIEzDCCA7QCCQCgxkRox+YljjANBgkqhkiG9w0BAQsFADCCASYxYzBhBgNVBAgM +WlRoZSBHcmVhdCBTdGF0ZSBvZiBMb25nLVdpbmRlZCBDZXJ0aWZpY2F0ZSBGaWVsZCBOYW1lcyBXaGVyZWJ5IHRvIEluY3JlYXNlIHRoZSBPdXRwdXQgU2l6ZTEfMB0GA1UEBwwWVG9vbWFueWNoYXJhY3RlcnN2aWxsZTFIMEYGA1UECgw/VGhlIEJlbmV2b2xlbnQgU29jaWV0eSBvZiBMb3F1YWNpb3VzIGFuZCBQbGVvbmFzdGljIFBlcmlwaHJhc2lzMT0wOwYDVQQLDDRFbmRvcnNlbWVudCBvZiBWb3VjaHNhZmUnZCBFdmlkZW50aWFyeSBDZXJ0aWZpY2F0aW9uMRUwEwYDVQQDDAxjZXJ0LmV4YW1wbGUwHhcNMTcwMjIzMjAyNTM2WhcNMTcwMzI1MjAyNTM2WjCCASYxYzBhBgNVBAgMWlRoZSBHcmVhdCBTdGF0ZSBvZiBMb25nLVdpbmRlZCBDZXJ0aWZpY2F0ZSBGaWVsZCBOYW1lcyBXaGVyZWJ5IHRvIEluY3JlYXNlIHRoZSBPdXRwdXQgU2l6ZTEfMB0GA1UEBwwWVG9vbWFueWNoYXJhY3RlcnN2aWxsZTFIMEYGA1UECgw/VGhlIEJlbmV2b2xlbnQgU29jaWV0eSBvZiBMb3F1YWNpb3VzIGFuZCBQbGVvbmFzdGljIFBlcmlwaHJhc2lzMT0wOwYDVQQLDDRFbmRvcnNlbWVudCBvZiBWb3VjaHNhZmUnZCBFdmlkZW50aWFyeSBDZXJ0aWZpY2F0aW9uMRUwEwYDVQQDDAxjZXJ0LmV4YW1wbGUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC7MOIrqH+ZIJiZdroKMrelKMSvvRKg2MEgj/sx9TaHHqrKys4AiL4Rq/ybQEigFC6G8mpZWbBrU+vN2SLr1ZsPftCHIY12LF560WLYTYNqDgF5BdCZCrjJ2hhN+XwML2tgYdWioV/Eey8SJSqUskf03MpcwnLbVfS +phwmowqNfiEFFqPBCf7E8IVarGWctbMpvlMbAM5owhMev/Ccmqqt81NFkb1WVejv +N5v/JKv243/Xedf4I7ZJv7zKeswoP9piFzWHXCd9SIVzWqF77u/crHufIhoEa7Nk +ZhSC2aosQF619iKnfk0nqWaLDJ182CCXkHERoQC7q9X2IGLDLoA0XAgMBAAEwDQY +JKoZIhvcNAQELBQADggEBAKbtLx+YlCGRCBmYn3dfYF+BIvK/b/e0DKNhDKhb4s9 +JywlJ4qnAB48tgPx0q+ZB+EdMYRqCwyvXJxEdZ7PsCdUeU6xI2ybkhSdUUfQbYem +3aYRG+yukGzazySQJs8lGqxBlRMFl/FGCg+oSQ/I32eGf8micDskj2zkAJtCkUPH +X30YrWMfOwW1r2xYr2mBNXbNWXJhW/sIg5u8aa9fcALeuQcMXkbsbVoPmC5aLdiV +ZrvUFoJ8DPg0aYYwj64RwU0B5HW/7jKhQ25FgKVAzLGrgYx1DivkM7UQGdWYnU8I +AA8S89gRjGk2hnkeagWas3dxqTTpgJDhprgWzyKa9hII= +-----END CERTIFICATE----- diff --git a/openssl-1.1.0h/test/recipes/04-test_pem_data/cert-1024line.pem b/openssl-1.1.0h/test/recipes/04-test_pem_data/cert-1024line.pem new file mode 100644 index 0000000..fd501c2 --- /dev/null +++ b/openssl-1.1.0h/test/recipes/04-test_pem_data/cert-1024line.pem @@ -0,0 +1,13 @@ +-----BEGIN CERTIFICATE----- +MIIEzDCCA7QCCQCgxkRox+YljjANBgkqhkiG9w0BAQsFADCCASYxYzBhBgNVBAgM +WlRoZSBHcmVhdCBTdGF0ZSBvZiBMb25nLVdpbmRlZCBDZXJ0aWZpY2F0ZSBGaWVsZCBOYW1lcyBXaGVyZWJ5IHRvIEluY3JlYXNlIHRoZSBPdXRwdXQgU2l6ZTEfMB0GA1UEBwwWVG9vbWFueWNoYXJhY3RlcnN2aWxsZTFIMEYGA1UECgw/VGhlIEJlbmV2b2xlbnQgU29jaWV0eSBvZiBMb3F1YWNpb3VzIGFuZCBQbGVvbmFzdGljIFBlcmlwaHJhc2lzMT0wOwYDVQQLDDRFbmRvcnNlbWVudCBvZiBWb3VjaHNhZmUnZCBFdmlkZW50aWFyeSBDZXJ0aWZpY2F0aW9uMRUwEwYDVQQDDAxjZXJ0LmV4YW1wbGUwHhcNMTcwMjIzMjAyNTM2WhcNMTcwMzI1MjAyNTM2WjCCASYxYzBhBgNVBAgMWlRoZSBHcmVhdCBTdGF0ZSBvZiBMb25nLVdpbmRlZCBDZXJ0aWZpY2F0ZSBGaWVsZCBOYW1lcyBXaGVyZWJ5IHRvIEluY3JlYXNlIHRoZSBPdXRwdXQgU2l6ZTEfMB0GA1UEBwwWVG9vbWFueWNoYXJhY3RlcnN2aWxsZTFIMEYGA1UECgw/VGhlIEJlbmV2b2xlbnQgU29jaWV0eSBvZiBMb3F1YWNpb3VzIGFuZCBQbGVvbmFzdGljIFBlcmlwaHJhc2lzMT0wOwYDVQQLDDRFbmRvcnNlbWVudCBvZiBWb3VjaHNhZmUnZCBFdmlkZW50aWFyeSBDZXJ0aWZpY2F0aW9uMRUwEwYDVQQDDAxjZXJ0LmV4YW1wbGUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC7MOIrqH+ZIJiZdroKMrelKMSvvRKg2MEgj/sx9TaHHqrKys4AiL4Rq/ybQEigFC6G8mpZWbBrU+vN2SLr1ZsPftCHIY12LF560WLYTYNqDgF5BdCZCrjJ2hhN+XwML2tgYdWioV/Eey8SJSqUskf03MpcwnLbVfSp +hwmowqNfiEFFqPBCf7E8IVarGWctbMpvlMbAM5owhMev/Ccmqqt81NFkb1WVejvN +5v/JKv243/Xedf4I7ZJv7zKeswoP9piFzWHXCd9SIVzWqF77u/crHufIhoEa7NkZ +hSC2aosQF619iKnfk0nqWaLDJ182CCXkHERoQC7q9X2IGLDLoA0XAgMBAAEwDQYJ +KoZIhvcNAQELBQADggEBAKbtLx+YlCGRCBmYn3dfYF+BIvK/b/e0DKNhDKhb4s9J +ywlJ4qnAB48tgPx0q+ZB+EdMYRqCwyvXJxEdZ7PsCdUeU6xI2ybkhSdUUfQbYem3 +aYRG+yukGzazySQJs8lGqxBlRMFl/FGCg+oSQ/I32eGf8micDskj2zkAJtCkUPHX +30YrWMfOwW1r2xYr2mBNXbNWXJhW/sIg5u8aa9fcALeuQcMXkbsbVoPmC5aLdiVZ +rvUFoJ8DPg0aYYwj64RwU0B5HW/7jKhQ25FgKVAzLGrgYx1DivkM7UQGdWYnU8IA +A8S89gRjGk2hnkeagWas3dxqTTpgJDhprgWzyKa9hII= +-----END CERTIFICATE----- diff --git a/openssl-1.1.0h/test/recipes/04-test_pem_data/cert-1025line.pem b/openssl-1.1.0h/test/recipes/04-test_pem_data/cert-1025line.pem new file mode 100644 index 0000000..2369229 --- /dev/null +++ b/openssl-1.1.0h/test/recipes/04-test_pem_data/cert-1025line.pem @@ -0,0 +1,13 @@ +-----BEGIN CERTIFICATE----- +MIIEzDCCA7QCCQCgxkRox+YljjANBgkqhkiG9w0BAQsFADCCASYxYzBhBgNVBAgM +WlRoZSBHcmVhdCBTdGF0ZSBvZiBMb25nLVdpbmRlZCBDZXJ0aWZpY2F0ZSBGaWVs +ZCBOYW1lcyBXaGVyZWJ5IHRvIEluY3JlYXNlIHRoZSBPdXRwdXQgU2l6ZTEfMB0GA1UEBwwWVG9vbWFueWNoYXJhY3RlcnN2aWxsZTFIMEYGA1UECgw/VGhlIEJlbmV2b2xlbnQgU29jaWV0eSBvZiBMb3F1YWNpb3VzIGFuZCBQbGVvbmFzdGljIFBlcmlwaHJhc2lzMT0wOwYDVQQLDDRFbmRvcnNlbWVudCBvZiBWb3VjaHNhZmUnZCBFdmlkZW50aWFyeSBDZXJ0aWZpY2F0aW9uMRUwEwYDVQQDDAxjZXJ0LmV4YW1wbGUwHhcNMTcwMjIzMjAyNTM2WhcNMTcwMzI1MjAyNTM2WjCCASYxYzBhBgNVBAgMWlRoZSBHcmVhdCBTdGF0ZSBvZiBMb25nLVdpbmRlZCBDZXJ0aWZpY2F0ZSBGaWVsZCBOYW1lcyBXaGVyZWJ5IHRvIEluY3JlYXNlIHRoZSBPdXRwdXQgU2l6ZTEfMB0GA1UEBwwWVG9vbWFueWNoYXJhY3RlcnN2aWxsZTFIMEYGA1UECgw/VGhlIEJlbmV2b2xlbnQgU29jaWV0eSBvZiBMb3F1YWNpb3VzIGFuZCBQbGVvbmFzdGljIFBlcmlwaHJhc2lzMT0wOwYDVQQLDDRFbmRvcnNlbWVudCBvZiBWb3VjaHNhZmUnZCBFdmlkZW50aWFyeSBDZXJ0aWZpY2F0aW9uMRUwEwYDVQQDDAxjZXJ0LmV4YW1wbGUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC7MOIrqH+ZIJiZdroKMrelKMSvvRKg2MEgj/sx9TaHHqrKys4AiL4Rq/ybQEigFC6G8mpZWbBrU+vN2SLr1ZsPftCHIY12LF560WLYTYNqDgF5BdCZCrjJ2hhN+XwML2tgYdWioV/Eey8SJSqUskf03MpcwnLbVfSphwmowqNfiEFFqPBCf7E8IVarGWctbMpvlMbAM5owhMev/Ccmqqt81NFkb1WVejvN5 +v/JKv243/Xedf4I7ZJv7zKeswoP9piFzWHXCd9SIVzWqF77u/crHufIhoEa7NkZh +SC2aosQF619iKnfk0nqWaLDJ182CCXkHERoQC7q9X2IGLDLoA0XAgMBAAEwDQYJK +oZIhvcNAQELBQADggEBAKbtLx+YlCGRCBmYn3dfYF+BIvK/b/e0DKNhDKhb4s9Jy +wlJ4qnAB48tgPx0q+ZB+EdMYRqCwyvXJxEdZ7PsCdUeU6xI2ybkhSdUUfQbYem3a +YRG+yukGzazySQJs8lGqxBlRMFl/FGCg+oSQ/I32eGf8micDskj2zkAJtCkUPHX3 +0YrWMfOwW1r2xYr2mBNXbNWXJhW/sIg5u8aa9fcALeuQcMXkbsbVoPmC5aLdiVZr +vUFoJ8DPg0aYYwj64RwU0B5HW/7jKhQ25FgKVAzLGrgYx1DivkM7UQGdWYnU8IAA +8S89gRjGk2hnkeagWas3dxqTTpgJDhprgWzyKa9hII= +-----END CERTIFICATE----- diff --git a/openssl-1.1.0h/test/recipes/04-test_pem_data/cert-255line.pem b/openssl-1.1.0h/test/recipes/04-test_pem_data/cert-255line.pem new file mode 100644 index 0000000..d7fd1f1 --- /dev/null +++ b/openssl-1.1.0h/test/recipes/04-test_pem_data/cert-255line.pem @@ -0,0 +1,25 @@ +-----BEGIN CERTIFICATE----- +MIIEzDCCA7QCCQCgxkRox+YljjANBgkqhkiG9w0BAQsFADCCASYxYzBhBgNVBAgM +WlRoZSBHcmVhdCBTdGF0ZSBvZiBMb25nLVdpbmRlZCBDZXJ0aWZpY2F0ZSBGaWVsZCBOYW1lcyBXaGVyZWJ5IHRvIEluY3JlYXNlIHRoZSBPdXRwdXQgU2l6ZTEfMB0GA1UEBwwWVG9vbWFueWNoYXJhY3RlcnN2aWxsZTFIMEYGA1UECgw/VGhlIEJlbmV2b2xlbnQgU29jaWV0eSBvZiBMb3F1YWNpb3VzIGFuZCBQbGVvbmFzdGljIFBlcml +waHJhc2lzMT0wOwYDVQQLDDRFbmRvcnNlbWVudCBvZiBWb3VjaHNhZmUnZCBFdml +kZW50aWFyeSBDZXJ0aWZpY2F0aW9uMRUwEwYDVQQDDAxjZXJ0LmV4YW1wbGUwHhc +NMTcwMjIzMjAyNTM2WhcNMTcwMzI1MjAyNTM2WjCCASYxYzBhBgNVBAgMWlRoZSB +HcmVhdCBTdGF0ZSBvZiBMb25nLVdpbmRlZCBDZXJ0aWZpY2F0ZSBGaWVsZCBOYW1 +lcyBXaGVyZWJ5IHRvIEluY3JlYXNlIHRoZSBPdXRwdXQgU2l6ZTEfMB0GA1UEBww +WVG9vbWFueWNoYXJhY3RlcnN2aWxsZTFIMEYGA1UECgw/VGhlIEJlbmV2b2xlbnQ +gU29jaWV0eSBvZiBMb3F1YWNpb3VzIGFuZCBQbGVvbmFzdGljIFBlcmlwaHJhc2l +zMT0wOwYDVQQLDDRFbmRvcnNlbWVudCBvZiBWb3VjaHNhZmUnZCBFdmlkZW50aWF +yeSBDZXJ0aWZpY2F0aW9uMRUwEwYDVQQDDAxjZXJ0LmV4YW1wbGUwggEiMA0GCSq +GSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC7MOIrqH+ZIJiZdroKMrelKMSvvRKg2ME +gj/sx9TaHHqrKys4AiL4Rq/ybQEigFC6G8mpZWbBrU+vN2SLr1ZsPftCHIY12LF5 +60WLYTYNqDgF5BdCZCrjJ2hhN+XwML2tgYdWioV/Eey8SJSqUskf03MpcwnLbVfS +phwmowqNfiEFFqPBCf7E8IVarGWctbMpvlMbAM5owhMev/Ccmqqt81NFkb1WVejv +N5v/JKv243/Xedf4I7ZJv7zKeswoP9piFzWHXCd9SIVzWqF77u/crHufIhoEa7Nk +ZhSC2aosQF619iKnfk0nqWaLDJ182CCXkHERoQC7q9X2IGLDLoA0XAgMBAAEwDQY +JKoZIhvcNAQELBQADggEBAKbtLx+YlCGRCBmYn3dfYF+BIvK/b/e0DKNhDKhb4s9 +JywlJ4qnAB48tgPx0q+ZB+EdMYRqCwyvXJxEdZ7PsCdUeU6xI2ybkhSdUUfQbYem +3aYRG+yukGzazySQJs8lGqxBlRMFl/FGCg+oSQ/I32eGf8micDskj2zkAJtCkUPH +X30YrWMfOwW1r2xYr2mBNXbNWXJhW/sIg5u8aa9fcALeuQcMXkbsbVoPmC5aLdiV +ZrvUFoJ8DPg0aYYwj64RwU0B5HW/7jKhQ25FgKVAzLGrgYx1DivkM7UQGdWYnU8I +AA8S89gRjGk2hnkeagWas3dxqTTpgJDhprgWzyKa9hII= +-----END CERTIFICATE----- diff --git a/openssl-1.1.0h/test/recipes/04-test_pem_data/cert-256line.pem b/openssl-1.1.0h/test/recipes/04-test_pem_data/cert-256line.pem new file mode 100644 index 0000000..225bdb6 --- /dev/null +++ b/openssl-1.1.0h/test/recipes/04-test_pem_data/cert-256line.pem @@ -0,0 +1,25 @@ +-----BEGIN CERTIFICATE----- +MIIEzDCCA7QCCQCgxkRox+YljjANBgkqhkiG9w0BAQsFADCCASYxYzBhBgNVBAgM +WlRoZSBHcmVhdCBTdGF0ZSBvZiBMb25nLVdpbmRlZCBDZXJ0aWZpY2F0ZSBGaWVsZCBOYW1lcyBXaGVyZWJ5IHRvIEluY3JlYXNlIHRoZSBPdXRwdXQgU2l6ZTEfMB0GA1UEBwwWVG9vbWFueWNoYXJhY3RlcnN2aWxsZTFIMEYGA1UECgw/VGhlIEJlbmV2b2xlbnQgU29jaWV0eSBvZiBMb3F1YWNpb3VzIGFuZCBQbGVvbmFzdGljIFBlcmlw +aHJhc2lzMT0wOwYDVQQLDDRFbmRvcnNlbWVudCBvZiBWb3VjaHNhZmUnZCBFdmlk +ZW50aWFyeSBDZXJ0aWZpY2F0aW9uMRUwEwYDVQQDDAxjZXJ0LmV4YW1wbGUwHhcN +MTcwMjIzMjAyNTM2WhcNMTcwMzI1MjAyNTM2WjCCASYxYzBhBgNVBAgMWlRoZSBH +cmVhdCBTdGF0ZSBvZiBMb25nLVdpbmRlZCBDZXJ0aWZpY2F0ZSBGaWVsZCBOYW1l +cyBXaGVyZWJ5IHRvIEluY3JlYXNlIHRoZSBPdXRwdXQgU2l6ZTEfMB0GA1UEBwwW +VG9vbWFueWNoYXJhY3RlcnN2aWxsZTFIMEYGA1UECgw/VGhlIEJlbmV2b2xlbnQg +U29jaWV0eSBvZiBMb3F1YWNpb3VzIGFuZCBQbGVvbmFzdGljIFBlcmlwaHJhc2lz +MT0wOwYDVQQLDDRFbmRvcnNlbWVudCBvZiBWb3VjaHNhZmUnZCBFdmlkZW50aWFy +eSBDZXJ0aWZpY2F0aW9uMRUwEwYDVQQDDAxjZXJ0LmV4YW1wbGUwggEiMA0GCSqG +SIb3DQEBAQUAA4IBDwAwggEKAoIBAQC7MOIrqH+ZIJiZdroKMrelKMSvvRKg2MEg +j/sx9TaHHqrKys4AiL4Rq/ybQEigFC6G8mpZWbBrU+vN2SLr1ZsPftCHIY12LF56 +0WLYTYNqDgF5BdCZCrjJ2hhN+XwML2tgYdWioV/Eey8SJSqUskf03MpcwnLbVfSp +hwmowqNfiEFFqPBCf7E8IVarGWctbMpvlMbAM5owhMev/Ccmqqt81NFkb1WVejvN +5v/JKv243/Xedf4I7ZJv7zKeswoP9piFzWHXCd9SIVzWqF77u/crHufIhoEa7NkZ +hSC2aosQF619iKnfk0nqWaLDJ182CCXkHERoQC7q9X2IGLDLoA0XAgMBAAEwDQYJ +KoZIhvcNAQELBQADggEBAKbtLx+YlCGRCBmYn3dfYF+BIvK/b/e0DKNhDKhb4s9J +ywlJ4qnAB48tgPx0q+ZB+EdMYRqCwyvXJxEdZ7PsCdUeU6xI2ybkhSdUUfQbYem3 +aYRG+yukGzazySQJs8lGqxBlRMFl/FGCg+oSQ/I32eGf8micDskj2zkAJtCkUPHX +30YrWMfOwW1r2xYr2mBNXbNWXJhW/sIg5u8aa9fcALeuQcMXkbsbVoPmC5aLdiVZ +rvUFoJ8DPg0aYYwj64RwU0B5HW/7jKhQ25FgKVAzLGrgYx1DivkM7UQGdWYnU8IA +A8S89gRjGk2hnkeagWas3dxqTTpgJDhprgWzyKa9hII= +-----END CERTIFICATE----- diff --git a/openssl-1.1.0h/test/recipes/04-test_pem_data/cert-257line.pem b/openssl-1.1.0h/test/recipes/04-test_pem_data/cert-257line.pem new file mode 100644 index 0000000..414b036 --- /dev/null +++ b/openssl-1.1.0h/test/recipes/04-test_pem_data/cert-257line.pem @@ -0,0 +1,25 @@ +-----BEGIN CERTIFICATE----- +MIIEzDCCA7QCCQCgxkRox+YljjANBgkqhkiG9w0BAQsFADCCASYxYzBhBgNVBAgM +WlRoZSBHcmVhdCBTdGF0ZSBvZiBMb25nLVdpbmRlZCBDZXJ0aWZpY2F0ZSBGaWVsZCBOYW1lcyBXaGVyZWJ5IHRvIEluY3JlYXNlIHRoZSBPdXRwdXQgU2l6ZTEfMB0GA1UEBwwWVG9vbWFueWNoYXJhY3RlcnN2aWxsZTFIMEYGA1UECgw/VGhlIEJlbmV2b2xlbnQgU29jaWV0eSBvZiBMb3F1YWNpb3VzIGFuZCBQbGVvbmFzdGljIFBlcmlwa +HJhc2lzMT0wOwYDVQQLDDRFbmRvcnNlbWVudCBvZiBWb3VjaHNhZmUnZCBFdmlkZ +W50aWFyeSBDZXJ0aWZpY2F0aW9uMRUwEwYDVQQDDAxjZXJ0LmV4YW1wbGUwHhcNM +TcwMjIzMjAyNTM2WhcNMTcwMzI1MjAyNTM2WjCCASYxYzBhBgNVBAgMWlRoZSBHc +mVhdCBTdGF0ZSBvZiBMb25nLVdpbmRlZCBDZXJ0aWZpY2F0ZSBGaWVsZCBOYW1lc +yBXaGVyZWJ5IHRvIEluY3JlYXNlIHRoZSBPdXRwdXQgU2l6ZTEfMB0GA1UEBwwWV +G9vbWFueWNoYXJhY3RlcnN2aWxsZTFIMEYGA1UECgw/VGhlIEJlbmV2b2xlbnQgU +29jaWV0eSBvZiBMb3F1YWNpb3VzIGFuZCBQbGVvbmFzdGljIFBlcmlwaHJhc2lzM +T0wOwYDVQQLDDRFbmRvcnNlbWVudCBvZiBWb3VjaHNhZmUnZCBFdmlkZW50aWFye +SBDZXJ0aWZpY2F0aW9uMRUwEwYDVQQDDAxjZXJ0LmV4YW1wbGUwggEiMA0GCSqGS +Ib3DQEBAQUAA4IBDwAwggEKAoIBAQC7MOIrqH+ZIJiZdroKMrelKMSvvRKg2MEgj +/sx9TaHHqrKys4AiL4Rq/ybQEigFC6G8mpZWbBrU+vN2SLr1ZsPftCHIY12LF560 +WLYTYNqDgF5BdCZCrjJ2hhN+XwML2tgYdWioV/Eey8SJSqUskf03MpcwnLbVfSph +wmowqNfiEFFqPBCf7E8IVarGWctbMpvlMbAM5owhMev/Ccmqqt81NFkb1WVejvN5 +v/JKv243/Xedf4I7ZJv7zKeswoP9piFzWHXCd9SIVzWqF77u/crHufIhoEa7NkZh +SC2aosQF619iKnfk0nqWaLDJ182CCXkHERoQC7q9X2IGLDLoA0XAgMBAAEwDQYJK +oZIhvcNAQELBQADggEBAKbtLx+YlCGRCBmYn3dfYF+BIvK/b/e0DKNhDKhb4s9Jy +wlJ4qnAB48tgPx0q+ZB+EdMYRqCwyvXJxEdZ7PsCdUeU6xI2ybkhSdUUfQbYem3a +YRG+yukGzazySQJs8lGqxBlRMFl/FGCg+oSQ/I32eGf8micDskj2zkAJtCkUPHX3 +0YrWMfOwW1r2xYr2mBNXbNWXJhW/sIg5u8aa9fcALeuQcMXkbsbVoPmC5aLdiVZr +vUFoJ8DPg0aYYwj64RwU0B5HW/7jKhQ25FgKVAzLGrgYx1DivkM7UQGdWYnU8IAA +8S89gRjGk2hnkeagWas3dxqTTpgJDhprgWzyKa9hII= +-----END CERTIFICATE----- diff --git a/openssl-1.1.0h/test/recipes/04-test_pem_data/cert-blankline.pem b/openssl-1.1.0h/test/recipes/04-test_pem_data/cert-blankline.pem new file mode 100644 index 0000000..3f25288 --- /dev/null +++ b/openssl-1.1.0h/test/recipes/04-test_pem_data/cert-blankline.pem @@ -0,0 +1,29 @@ +-----BEGIN CERTIFICATE----- +MIIEzDCCA7QCCQCgxkRox+YljjANBgkqhkiG9w0BAQsFADCCASYxYzBhBgNVBAgM +WlRoZSBHcmVhdCBTdGF0ZSBvZiBMb25nLVdpbmRlZCBDZXJ0aWZpY2F0ZSBGaWVs +ZCBOYW1lcyBXaGVyZWJ5IHRvIEluY3JlYXNlIHRoZSBPdXRwdXQgU2l6ZTEfMB0G +A1UEBwwWVG9vbWFueWNoYXJhY3RlcnN2aWxsZTFIMEYGA1UECgw/VGhlIEJlbmV2 +b2xlbnQgU29jaWV0eSBvZiBMb3F1YWNpb3VzIGFuZCBQbGVvbmFzdGljIFBlcmlw +aHJhc2lzMT0wOwYDVQQLDDRFbmRvcnNlbWVudCBvZiBWb3VjaHNhZmUnZCBFdmlk +ZW50aWFyeSBDZXJ0aWZpY2F0aW9uMRUwEwYDVQQDDAxjZXJ0LmV4YW1wbGUwHhcN +MTcwMjIzMjAyNTM2WhcNMTcwMzI1MjAyNTM2WjCCASYxYzBhBgNVBAgMWlRoZSBH +cmVhdCBTdGF0ZSBvZiBMb25nLVdpbmRlZCBDZXJ0aWZpY2F0ZSBGaWVsZCBOYW1l +cyBXaGVyZWJ5IHRvIEluY3JlYXNlIHRoZSBPdXRwdXQgU2l6ZTEfMB0GA1UEBwwW +VG9vbWFueWNoYXJhY3RlcnN2aWxsZTFIMEYGA1UECgw/VGhlIEJlbmV2b2xlbnQg + +U29jaWV0eSBvZiBMb3F1YWNpb3VzIGFuZCBQbGVvbmFzdGljIFBlcmlwaHJhc2lz +MT0wOwYDVQQLDDRFbmRvcnNlbWVudCBvZiBWb3VjaHNhZmUnZCBFdmlkZW50aWFy +eSBDZXJ0aWZpY2F0aW9uMRUwEwYDVQQDDAxjZXJ0LmV4YW1wbGUwggEiMA0GCSqG +SIb3DQEBAQUAA4IBDwAwggEKAoIBAQC7MOIrqH+ZIJiZdroKMrelKMSvvRKg2MEg +j/sx9TaHHqrKys4AiL4Rq/ybQEigFC6G8mpZWbBrU+vN2SLr1ZsPftCHIY12LF56 +0WLYTYNqDgF5BdCZCrjJ2hhN+XwML2tgYdWioV/Eey8SJSqUskf03MpcwnLbVfSp +hwmowqNfiEFFqPBCf7E8IVarGWctbMpvlMbAM5owhMev/Ccmqqt81NFkb1WVejvN +5v/JKv243/Xedf4I7ZJv7zKeswoP9piFzWHXCd9SIVzWqF77u/crHufIhoEa7NkZ +hSC2aosQF619iKnfk0nqWaLDJ182CCXkHERoQC7q9X2IGLDLoA0XAgMBAAEwDQYJ +KoZIhvcNAQELBQADggEBAKbtLx+YlCGRCBmYn3dfYF+BIvK/b/e0DKNhDKhb4s9J +ywlJ4qnAB48tgPx0q+ZB+EdMYRqCwyvXJxEdZ7PsCdUeU6xI2ybkhSdUUfQbYem3 +aYRG+yukGzazySQJs8lGqxBlRMFl/FGCg+oSQ/I32eGf8micDskj2zkAJtCkUPHX +30YrWMfOwW1r2xYr2mBNXbNWXJhW/sIg5u8aa9fcALeuQcMXkbsbVoPmC5aLdiVZ +rvUFoJ8DPg0aYYwj64RwU0B5HW/7jKhQ25FgKVAzLGrgYx1DivkM7UQGdWYnU8IA +A8S89gRjGk2hnkeagWas3dxqTTpgJDhprgWzyKa9hII= +-----END CERTIFICATE----- diff --git a/openssl-1.1.0h/test/recipes/04-test_pem_data/cert-comment.pem b/openssl-1.1.0h/test/recipes/04-test_pem_data/cert-comment.pem new file mode 100644 index 0000000..a1a493e --- /dev/null +++ b/openssl-1.1.0h/test/recipes/04-test_pem_data/cert-comment.pem @@ -0,0 +1,29 @@ +-----BEGIN CERTIFICATE----- +MIIEzDCCA7QCCQCgxkRox+YljjANBgkqhkiG9w0BAQsFADCCASYxYzBhBgNVBAgM +WlRoZSBHcmVhdCBTdGF0ZSBvZiBMb25nLVdpbmRlZCBDZXJ0aWZpY2F0ZSBGaWVs +ZCBOYW1lcyBXaGVyZWJ5IHRvIEluY3JlYXNlIHRoZSBPdXRwdXQgU2l6ZTEfMB0G +A1UEBwwWVG9vbWFueWNoYXJhY3RlcnN2aWxsZTFIMEYGA1UECgw/VGhlIEJlbmV2 +b2xlbnQgU29jaWV0eSBvZiBMb3F1YWNpb3VzIGFuZCBQbGVvbmFzdGljIFBlcmlw +aHJhc2lzMT0wOwYDVQQLDDRFbmRvcnNlbWVudCBvZiBWb3VjaHNhZmUnZCBFdmlk +ZW50aWFyeSBDZXJ0aWZpY2F0aW9uMRUwEwYDVQQDDAxjZXJ0LmV4YW1wbGUwHhcN +MTcwMjIzMjAyNTM2WhcNMTcwMzI1MjAyNTM2WjCCASYxYzBhBgNVBAgMWlRoZSBH +cmVhdCBTdGF0ZSBvZiBMb25nLVdpbmRlZCBDZXJ0aWZpY2F0ZSBGaWVsZCBOYW1l +cyBXaGVyZWJ5IHRvIEluY3JlYXNlIHRoZSBPdXRwdXQgU2l6ZTEfMB0GA1UEBwwW +VG9vbWFueWNoYXJhY3RlcnN2aWxsZTFIMEYGA1UECgw/VGhlIEJlbmV2b2xlbnQg +U29jaWV0eSBvZiBMb3F1YWNpb3VzIGFuZCBQbGVvbmFzdGljIFBlcmlwaHJhc2lz +MT0wOwYDVQQLDDRFbmRvcnNlbWVudCBvZiBWb3VjaHNhZmUnZCBFdmlkZW50aWFy +-MT0wOwYDVQQLDDRFbmRvcnNlbWVudCBvZiBWb3VjaHNhZmUnZCBFdmlkZW50aWFy +eSBDZXJ0aWZpY2F0aW9uMRUwEwYDVQQDDAxjZXJ0LmV4YW1wbGUwggEiMA0GCSqG +SIb3DQEBAQUAA4IBDwAwggEKAoIBAQC7MOIrqH+ZIJiZdroKMrelKMSvvRKg2MEg +j/sx9TaHHqrKys4AiL4Rq/ybQEigFC6G8mpZWbBrU+vN2SLr1ZsPftCHIY12LF56 +0WLYTYNqDgF5BdCZCrjJ2hhN+XwML2tgYdWioV/Eey8SJSqUskf03MpcwnLbVfSp +hwmowqNfiEFFqPBCf7E8IVarGWctbMpvlMbAM5owhMev/Ccmqqt81NFkb1WVejvN +5v/JKv243/Xedf4I7ZJv7zKeswoP9piFzWHXCd9SIVzWqF77u/crHufIhoEa7NkZ +hSC2aosQF619iKnfk0nqWaLDJ182CCXkHERoQC7q9X2IGLDLoA0XAgMBAAEwDQYJ +KoZIhvcNAQELBQADggEBAKbtLx+YlCGRCBmYn3dfYF+BIvK/b/e0DKNhDKhb4s9J +ywlJ4qnAB48tgPx0q+ZB+EdMYRqCwyvXJxEdZ7PsCdUeU6xI2ybkhSdUUfQbYem3 +aYRG+yukGzazySQJs8lGqxBlRMFl/FGCg+oSQ/I32eGf8micDskj2zkAJtCkUPHX +30YrWMfOwW1r2xYr2mBNXbNWXJhW/sIg5u8aa9fcALeuQcMXkbsbVoPmC5aLdiVZ +rvUFoJ8DPg0aYYwj64RwU0B5HW/7jKhQ25FgKVAzLGrgYx1DivkM7UQGdWYnU8IA +A8S89gRjGk2hnkeagWas3dxqTTpgJDhprgWzyKa9hII= +-----END CERTIFICATE----- diff --git a/openssl-1.1.0h/test/recipes/04-test_pem_data/cert-earlypad.pem b/openssl-1.1.0h/test/recipes/04-test_pem_data/cert-earlypad.pem new file mode 100644 index 0000000..adb445e --- /dev/null +++ b/openssl-1.1.0h/test/recipes/04-test_pem_data/cert-earlypad.pem @@ -0,0 +1,28 @@ +-----BEGIN CERTIFICATE----- +MIIEzDCCA7QCCQCgxkRox+YljjANBgkqhkiG9w0BAQsFADCCASYxYzBhBgNVBAgM +WlRoZSBHcmVhdCBTdGF0ZSBvZiBMb25nLVdpbmRlZCBDZXJ0aWZpY2F0ZSBGaWVs +====ZCBOYW1lcyBXaGVyZWJ5IHRvIEluY3JlYXNlIHRoZSBPdXRwdXQgU2l6ZTEfMB0G +A1UEBwwWVG9vbWFueWNoYXJhY3RlcnN2aWxsZTFIMEYGA1UECgw/VGhlIEJlbmV2 +b2xlbnQgU29jaWV0eSBvZiBMb3F1YWNpb3VzIGFuZCBQbGVvbmFzdGljIFBlcmlw +aHJhc2lzMT0wOwYDVQQLDDRFbmRvcnNlbWVudCBvZiBWb3VjaHNhZmUnZCBFdmlk +ZW50aWFyeSBDZXJ0aWZpY2F0aW9uMRUwEwYDVQQDDAxjZXJ0LmV4YW1wbGUwHhcN +MTcwMjIzMjAyNTM2WhcNMTcwMzI1MjAyNTM2WjCCASYxYzBhBgNVBAgMWlRoZSBH +cmVhdCBTdGF0ZSBvZiBMb25nLVdpbmRlZCBDZXJ0aWZpY2F0ZSBGaWVsZCBOYW1l +cyBXaGVyZWJ5IHRvIEluY3JlYXNlIHRoZSBPdXRwdXQgU2l6ZTEfMB0GA1UEBwwW +VG9vbWFueWNoYXJhY3RlcnN2aWxsZTFIMEYGA1UECgw/VGhlIEJlbmV2b2xlbnQg +U29jaWV0eSBvZiBMb3F1YWNpb3VzIGFuZCBQbGVvbmFzdGljIFBlcmlwaHJhc2lz +MT0wOwYDVQQLDDRFbmRvcnNlbWVudCBvZiBWb3VjaHNhZmUnZCBFdmlkZW50aWFy +eSBDZXJ0aWZpY2F0aW9uMRUwEwYDVQQDDAxjZXJ0LmV4YW1wbGUwggEiMA0GCSqG +SIb3DQEBAQUAA4IBDwAwggEKAoIBAQC7MOIrqH+ZIJiZdroKMrelKMSvvRKg2MEg +j/sx9TaHHqrKys4AiL4Rq/ybQEigFC6G8mpZWbBrU+vN2SLr1ZsPftCHIY12LF56 +0WLYTYNqDgF5BdCZCrjJ2hhN+XwML2tgYdWioV/Eey8SJSqUskf03MpcwnLbVfSp +hwmowqNfiEFFqPBCf7E8IVarGWctbMpvlMbAM5owhMev/Ccmqqt81NFkb1WVejvN +5v/JKv243/Xedf4I7ZJv7zKeswoP9piFzWHXCd9SIVzWqF77u/crHufIhoEa7NkZ +hSC2aosQF619iKnfk0nqWaLDJ182CCXkHERoQC7q9X2IGLDLoA0XAgMBAAEwDQYJ +KoZIhvcNAQELBQADggEBAKbtLx+YlCGRCBmYn3dfYF+BIvK/b/e0DKNhDKhb4s9J +ywlJ4qnAB48tgPx0q+ZB+EdMYRqCwyvXJxEdZ7PsCdUeU6xI2ybkhSdUUfQbYem3 +aYRG+yukGzazySQJs8lGqxBlRMFl/FGCg+oSQ/I32eGf8micDskj2zkAJtCkUPHX +30YrWMfOwW1r2xYr2mBNXbNWXJhW/sIg5u8aa9fcALeuQcMXkbsbVoPmC5aLdiVZ +rvUFoJ8DPg0aYYwj64RwU0B5HW/7jKhQ25FgKVAzLGrgYx1DivkM7UQGdWYnU8IA +A8S89gRjGk2hnkeagWas3dxqTTpgJDhprgWzyKa9hII= +-----END CERTIFICATE----- diff --git a/openssl-1.1.0h/test/recipes/04-test_pem_data/cert-extrapad.pem b/openssl-1.1.0h/test/recipes/04-test_pem_data/cert-extrapad.pem new file mode 100644 index 0000000..0b89aa2 --- /dev/null +++ b/openssl-1.1.0h/test/recipes/04-test_pem_data/cert-extrapad.pem @@ -0,0 +1,28 @@ +-----BEGIN CERTIFICATE----- +MIIEzDCCA7QCCQCgxkRox+YljjANBgkqhkiG9w0BAQsFADCCASYxYzBhBgNVBAgM +WlRoZSBHcmVhdCBTdGF0ZSBvZiBMb25nLVdpbmRlZCBDZXJ0aWZpY2F0ZSBGaWVs +ZCBOYW1lcyBXaGVyZWJ5IHRvIEluY3JlYXNlIHRoZSBPdXRwdXQgU2l6ZTEfMB0G +A1UEBwwWVG9vbWFueWNoYXJhY3RlcnN2aWxsZTFIMEYGA1UECgw/VGhlIEJlbmV2 +b2xlbnQgU29jaWV0eSBvZiBMb3F1YWNpb3VzIGFuZCBQbGVvbmFzdGljIFBlcmlw +aHJhc2lzMT0wOwYDVQQLDDRFbmRvcnNlbWVudCBvZiBWb3VjaHNhZmUnZCBFdmlk +ZW50aWFyeSBDZXJ0aWZpY2F0aW9uMRUwEwYDVQQDDAxjZXJ0LmV4YW1wbGUwHhcN +MTcwMjIzMjAyNTM2WhcNMTcwMzI1MjAyNTM2WjCCASYxYzBhBgNVBAgMWlRoZSBH +cmVhdCBTdGF0ZSBvZiBMb25nLVdpbmRlZCBDZXJ0aWZpY2F0ZSBGaWVsZCBOYW1l +cyBXaGVyZWJ5IHRvIEluY3JlYXNlIHRoZSBPdXRwdXQgU2l6ZTEfMB0GA1UEBwwW +VG9vbWFueWNoYXJhY3RlcnN2aWxsZTFIMEYGA1UECgw/VGhlIEJlbmV2b2xlbnQg +U29jaWV0eSBvZiBMb3F1YWNpb3VzIGFuZCBQbGVvbmFzdGljIFBlcmlwaHJhc2lz +MT0wOwYDVQQLDDRFbmRvcnNlbWVudCBvZiBWb3VjaHNhZmUnZCBFdmlkZW50aWFy +eSBDZXJ0aWZpY2F0aW9uMRUwEwYDVQQDDAxjZXJ0LmV4YW1wbGUwggEiMA0GCSqG +SIb3DQEBAQUAA4IBDwAwggEKAoIBAQC7MOIrqH+ZIJiZdroKMrelKMSvvRKg2MEg +j/sx9TaHHqrKys4AiL4Rq/ybQEigFC6G8mpZWbBrU+vN2SLr1ZsPftCHIY12LF56 +0WLYTYNqDgF5BdCZCrjJ2hhN+XwML2tgYdWioV/Eey8SJSqUskf03MpcwnLbVfSp +hwmowqNfiEFFqPBCf7E8IVarGWctbMpvlMbAM5owhMev/Ccmqqt81NFkb1WVejvN +5v/JKv243/Xedf4I7ZJv7zKeswoP9piFzWHXCd9SIVzWqF77u/crHufIhoEa7NkZ +hSC2aosQF619iKnfk0nqWaLDJ182CCXkHERoQC7q9X2IGLDLoA0XAgMBAAEwDQYJ +KoZIhvcNAQELBQADggEBAKbtLx+YlCGRCBmYn3dfYF+BIvK/b/e0DKNhDKhb4s9J +ywlJ4qnAB48tgPx0q+ZB+EdMYRqCwyvXJxEdZ7PsCdUeU6xI2ybkhSdUUfQbYem3 +aYRG+yukGzazySQJs8lGqxBlRMFl/FGCg+oSQ/I32eGf8micDskj2zkAJtCkUPHX +30YrWMfOwW1r2xYr2mBNXbNWXJhW/sIg5u8aa9fcALeuQcMXkbsbVoPmC5aLdiVZ +rvUFoJ8DPg0aYYwj64RwU0B5HW/7jKhQ25FgKVAzLGrgYx1DivkM7UQGdWYnU8IA +A8S89gRjGk2hnkeagWas3dxqTTpgJDhprgWzyKa9hII===== +-----END CERTIFICATE----- diff --git a/openssl-1.1.0h/test/recipes/04-test_pem_data/cert-infixwhitespace.pem b/openssl-1.1.0h/test/recipes/04-test_pem_data/cert-infixwhitespace.pem new file mode 100644 index 0000000..f7e912a --- /dev/null +++ b/openssl-1.1.0h/test/recipes/04-test_pem_data/cert-infixwhitespace.pem @@ -0,0 +1,28 @@ +-----BEGIN CERTIFICATE----- +MIIEzDCCA7QCCQCgxkRox+YljjANBgkqhkiG9w0BAQsFADCCASYxYzBhBgNVBAgM +WlRoZSBHcmVhdCBTdGF0ZSBvZiBMb25nLVdpbmRlZCBDZXJ0aWZpY2F0ZSBGaWVs +ZCBOYW1lcyBXaGVyZWJ5IHRvIEluY3JlYXNlIHRoZSBPdXRwdXQgU2l6ZTEfMB0G +A1UEBwwWVG9vbWFueWNoYXJhY3RlcnN2aWxsZTFIMEYGA1UECgw/VGhlIEJlbmV2 +b2xlbnQgU29jaWV0eSBvZiBMb3F1YWNpb3VzIGFuZCBQbGVvbmFzdGljIFBlcmlw +aHJhc2lzMT0wOwYDVQQLDDRFbmRvcnNlbWVudCBvZiBWb3VjaHNhZmUnZCBFdmlk +ZW50aWFyeSBDZXJ0aWZpY2F0aW9uMRUwEwYDVQQDDAxjZXJ0LmV4YW1wbGUwHhcN +MTcwMjIzMjAyNTM2WhcNMTcwMzI1MjAyNTM2WjCCASYxYzBhBgNVBAgMWlRoZSBH +cmVhdCBTdGF0ZSBvZiBMb25nLVdpbmRlZCBDZXJ0aWZpY2F0ZSBGaWVsZCBOYW1l +cyBXaGVyZWJ5IHRvIEluY3JlYXNlIHRoZSBPdXRwdXQgU2l6ZTEfMB0GA1UEBwwW +VG9vbWFueWNoYXJhY3RlcnN2aWxsZTFIMEYGA1UECgw/VGhlIEJlbmV2b2xlbnQg +U29jaWV0eSBvZiBMb3F1YWNpb3VzIGFuZCBQbGVvbmFzdGljIFBlcmlwaHJhc2lz +MT0wOwYDVQQLDDRFbmRvcnNlbWVudCBvZiBWb3VjaHNhZmUnZCBFdmlkZW50aWFy +eSBDZXJ0aWZpY2F0aW9uMRUwEwYDVQQDDAxjZXJ0LmV4YW1wbGUwggEiMA0GCSqG +SIb3DQEBAQUAA4IBDwAwggEKAoIBAQC7MOIrqH+ZIJiZdroKMrelKMSvvRKg2MEg +j/sx9TaHHqrKys4AiL4R q/ybQEigFC6G8mpZWbBrU+vN2SLr1ZsPftCHIY12LF56 +0WLYTYNqDgF5BdCZCrjJ2hhN+XwML2tgYdWioV/Eey8SJSqUskf03MpcwnLbVfSp +hwmowqNfiEFFqPBCf7E8IVarGWctbMpvlMbAM5owhMev/Ccmqqt81NFkb1WVejvN +5v/JKv243/Xedf4I7ZJv7zKeswoP9piFzWHXCd9SIVzWqF77u/crHufIhoEa7NkZ +hSC2aosQF619iKnfk0nqWaLDJ182C CXkHERoQC7q9X2IGLDLoA0XAgMBAAEwDQYJ +KoZIhvcNAQELBQADggEBAKbtLx+YlCGRCBmYn3dfYF+BIvK/b/e0DKNhDKhb4s9J +ywlJ4qnAB48tgPx0q+ZB+EdMYRqCwyvXJxEdZ7PsCdUeU6xI2ybkhSdUUfQbYem3 +aYRG+yukGzazySQJs8lGqxBlRMFl/FGCg+oSQ/I32eGf8micDskj2zkAJtCkUPHX +30YrWMfOwW1r2xYr2mBNXbNWXJhW/sIg5u8aa9fcALeuQcMXkbsbVoPmC5aLdiVZ +rvUFoJ8DPg0aYYwj64RwU0B5HW/7jKhQ25FgKVAzLGrgYx1DivkM7UQGdWYnU8IA +A8S89gRjGk2hnkeagWas3dxqTTpgJDhprgWzyKa9hII= +-----END CERTIFICATE----- diff --git a/openssl-1.1.0h/test/recipes/04-test_pem_data/cert-junk.pem b/openssl-1.1.0h/test/recipes/04-test_pem_data/cert-junk.pem new file mode 100644 index 0000000..5377e26 --- /dev/null +++ b/openssl-1.1.0h/test/recipes/04-test_pem_data/cert-junk.pem @@ -0,0 +1,29 @@ +-----BEGIN CERTIFICATE----- +MIIEzDCCA7QCCQCgxkRox+YljjANBgkqhkiG9w0BAQsFADCCASYxYzBhBgNVBAgM +WlRoZSBHcmVhdCBTdGF0ZSBvZiBMb25nLVdpbmRlZCBDZXJ0aWZpY2F0ZSBGaWVs +ZCBOYW1lcyBXaGVyZWJ5IHRvIEluY3JlYXNlIHRoZSBPdXRwdXQgU2l6ZTEfMB0G +A1UEBwwWVG9vbWFueWNoYXJhY3RlcnN2aWxsZTFIMEYGA1UECgw/VGhlIEJlbmV2 +b2xlbnQgU29jaWV0eSBvZiBMb3F1YWNpb3VzIGFuZCBQbGVvbmFzdGljIFBlcmlw +aHJhc2lzMT0wOwYDVQQLDDRFbmRvcnNlbWVudCBvZiBWb3VjaHNhZmUnZCBFdmlk +ZW50aWFyeSBDZXJ0aWZpY2F0aW9uMRUwEwYDVQQDDAxjZXJ0LmV4YW1wbGUwHhcN +MTcwMjIzMjAyNTM2WhcNMTcwMzI1MjAyNTM2WjCCASYxYzBhBgNVBAgMWlRoZSBH +cmVhdCBTdGF0ZSBvZiBMb25nLVdpbmRlZCBDZXJ0aWZpY2F0ZSBGaWVsZCBOYW1l +cyBXaGVyZWJ5IHRvIEluY3JlYXNlIHRoZSBPdXRwdXQgU2l6ZTEfMB0GA1UEBwwW +VG9vbWFueWNoYXJhY3RlcnN2aWxsZTFIMEYGA1UECgw/VGhlIEJlbmV2b2xlbnQg +U29jaWV0eSBvZiBMb3F1YWNpb3VzIGFuZCBQbGVvbmFzdGljIFBlcmlwaHJhc2lz +!"#$%&() +MT0wOwYDVQQLDDRFbmRvcnNlbWVudCBvZiBWb3VjaHNhZmUnZCBFdmlkZW50aWFy +eSBDZXJ0aWZpY2F0aW9uMRUwEwYDVQQDDAxjZXJ0LmV4YW1wbGUwggEiMA0GCSqG +SIb3DQEBAQUAA4IBDwAwggEKAoIBAQC7MOIrqH+ZIJiZdroKMrelKMSvvRKg2MEg +j/sx9TaHHqrKys4AiL4Rq/ybQEigFC6G8mpZWbBrU+vN2SLr1ZsPftCHIY12LF56 +0WLYTYNqDgF5BdCZCrjJ2hhN+XwML2tgYdWioV/Eey8SJSqUskf03MpcwnLbVfSp +hwmowqNfiEFFqPBCf7E8IVarGWctbMpvlMbAM5owhMev/Ccmqqt81NFkb1WVejvN +5v/JKv243/Xedf4I7ZJv7zKeswoP9piFzWHXCd9SIVzWqF77u/crHufIhoEa7NkZ +hSC2aosQF619iKnfk0nqWaLDJ182CCXkHERoQC7q9X2IGLDLoA0XAgMBAAEwDQYJ +KoZIhvcNAQELBQADggEBAKbtLx+YlCGRCBmYn3dfYF+BIvK/b/e0DKNhDKhb4s9J +ywlJ4qnAB48tgPx0q+ZB+EdMYRqCwyvXJxEdZ7PsCdUeU6xI2ybkhSdUUfQbYem3 +aYRG+yukGzazySQJs8lGqxBlRMFl/FGCg+oSQ/I32eGf8micDskj2zkAJtCkUPHX +30YrWMfOwW1r2xYr2mBNXbNWXJhW/sIg5u8aa9fcALeuQcMXkbsbVoPmC5aLdiVZ +rvUFoJ8DPg0aYYwj64RwU0B5HW/7jKhQ25FgKVAzLGrgYx1DivkM7UQGdWYnU8IA +A8S89gRjGk2hnkeagWas3dxqTTpgJDhprgWzyKa9hII= +-----END CERTIFICATE----- diff --git a/openssl-1.1.0h/test/recipes/04-test_pem_data/cert-leadingwhitespace.pem b/openssl-1.1.0h/test/recipes/04-test_pem_data/cert-leadingwhitespace.pem new file mode 100644 index 0000000..6de4d48 --- /dev/null +++ b/openssl-1.1.0h/test/recipes/04-test_pem_data/cert-leadingwhitespace.pem @@ -0,0 +1,28 @@ +-----BEGIN CERTIFICATE----- + MIIEzDCCA7QCCQCgxkRox+YljjANBgkqhkiG9w0BAQsFADCCASYxYzBhBgNVBAgM + WlRoZSBHcmVhdCBTdGF0ZSBvZiBMb25nLVdpbmRlZCBDZXJ0aWZpY2F0ZSBGaWVs + ZCBOYW1lcyBXaGVyZWJ5IHRvIEluY3JlYXNlIHRoZSBPdXRwdXQgU2l6ZTEfMB0G + A1UEBwwWVG9vbWFueWNoYXJhY3RlcnN2aWxsZTFIMEYGA1UECgw/VGhlIEJlbmV2 + b2xlbnQgU29jaWV0eSBvZiBMb3F1YWNpb3VzIGFuZCBQbGVvbmFzdGljIFBlcmlw + aHJhc2lzMT0wOwYDVQQLDDRFbmRvcnNlbWVudCBvZiBWb3VjaHNhZmUnZCBFdmlk + ZW50aWFyeSBDZXJ0aWZpY2F0aW9uMRUwEwYDVQQDDAxjZXJ0LmV4YW1wbGUwHhcN + MTcwMjIzMjAyNTM2WhcNMTcwMzI1MjAyNTM2WjCCASYxYzBhBgNVBAgMWlRoZSBH + cmVhdCBTdGF0ZSBvZiBMb25nLVdpbmRlZCBDZXJ0aWZpY2F0ZSBGaWVsZCBOYW1l + cyBXaGVyZWJ5IHRvIEluY3JlYXNlIHRoZSBPdXRwdXQgU2l6ZTEfMB0GA1UEBwwW + VG9vbWFueWNoYXJhY3RlcnN2aWxsZTFIMEYGA1UECgw/VGhlIEJlbmV2b2xlbnQg + U29jaWV0eSBvZiBMb3F1YWNpb3VzIGFuZCBQbGVvbmFzdGljIFBlcmlwaHJhc2lz + MT0wOwYDVQQLDDRFbmRvcnNlbWVudCBvZiBWb3VjaHNhZmUnZCBFdmlkZW50aWFy + eSBDZXJ0aWZpY2F0aW9uMRUwEwYDVQQDDAxjZXJ0LmV4YW1wbGUwggEiMA0GCSqG + SIb3DQEBAQUAA4IBDwAwggEKAoIBAQC7MOIrqH+ZIJiZdroKMrelKMSvvRKg2MEg + j/sx9TaHHqrKys4AiL4Rq/ybQEigFC6G8mpZWbBrU+vN2SLr1ZsPftCHIY12LF56 + 0WLYTYNqDgF5BdCZCrjJ2hhN+XwML2tgYdWioV/Eey8SJSqUskf03MpcwnLbVfSp + hwmowqNfiEFFqPBCf7E8IVarGWctbMpvlMbAM5owhMev/Ccmqqt81NFkb1WVejvN + 5v/JKv243/Xedf4I7ZJv7zKeswoP9piFzWHXCd9SIVzWqF77u/crHufIhoEa7NkZ + hSC2aosQF619iKnfk0nqWaLDJ182CCXkHERoQC7q9X2IGLDLoA0XAgMBAAEwDQYJ + KoZIhvcNAQELBQADggEBAKbtLx+YlCGRCBmYn3dfYF+BIvK/b/e0DKNhDKhb4s9J + ywlJ4qnAB48tgPx0q+ZB+EdMYRqCwyvXJxEdZ7PsCdUeU6xI2ybkhSdUUfQbYem3 + aYRG+yukGzazySQJs8lGqxBlRMFl/FGCg+oSQ/I32eGf8micDskj2zkAJtCkUPHX + 30YrWMfOwW1r2xYr2mBNXbNWXJhW/sIg5u8aa9fcALeuQcMXkbsbVoPmC5aLdiVZ + rvUFoJ8DPg0aYYwj64RwU0B5HW/7jKhQ25FgKVAzLGrgYx1DivkM7UQGdWYnU8IA + A8S89gRjGk2hnkeagWas3dxqTTpgJDhprgWzyKa9hII= +-----END CERTIFICATE----- diff --git a/openssl-1.1.0h/test/recipes/04-test_pem_data/cert-longline.pem b/openssl-1.1.0h/test/recipes/04-test_pem_data/cert-longline.pem new file mode 100644 index 0000000..7304481 --- /dev/null +++ b/openssl-1.1.0h/test/recipes/04-test_pem_data/cert-longline.pem @@ -0,0 +1,28 @@ +-----BEGIN CERTIFICATE----- +MIIEzDCCA7QCCQCgxkRox+YljjANBgkqhkiG9w0BAQsFADCCASYxYzBhBgNVBAgM +WlRoZSBHcmVhdCBTdGF0ZSBvZiBMb25nLVdpbmRlZCBDZXJ0aWZpY2F0ZSBGaWVs +ZCBOYW1lcyBXaGVyZWJ5IHRvIEluY3JlYXNlIHRoZSBPdXRwdXQgU2l6ZTEfMB0G +A1UEBwwWVG9vbWFueWNoYXJhY3RlcnN2aWxsZTFIMEYGA1UECgw/VGhlIEJlbmV2 +b2xlbnQgU29jaWV0eSBvZiBMb3F1YWNpb3VzIGFuZCBQbGVvbmFzdGljIFBlcmlw +aHJhc2lzMT0wOwYDVQQLDDRFbmRvcnNlbWVudCBvZiBWb3VjaHNhZmUnZCBFdmlk +ZW50aWFyeSBDZXJ0aWZpY2F0aW9uMRUwEwYDVQQDDAxjZXJ0LmV4YW1wbGUwHhcN +MTcwMjIzMjAyNTM2WhcNMTcwMzI1MjAyNTM2WjCCASYxYzBhBgNVBAgMWlRoZSBH +cmVhdCBTdGF0ZSBvZiBMb25nLVdpbmRlZCBDZXJ0aWZpY2F0ZSBGaWVsZCBOYW1l +cyBXaGVyZWJ5IHRvIEluY3JlYXNlIHRoZSBPdXRwdXQgU2l6ZTEfMB0GA1UEBwwW +VG9vbWFueWNoYXJhY3RlcnN2aWxsZTFIMEYGA1UECgw/VGhlIEJlbmV2b2xlbnQg +U29jaWV0eSBvZiBMb3F1YWNpb3VzIGFuZCBQbGVvbmFzdGljIFBlcmlwaHJhc2lz +MT0wOwYDVQQLDDRFbmRvcnNlbWVudCBvZiBWb3VjaHNhZmUnZCBFdmlkZW50aWFy +eSBDZXJ0aWZpY2F0aW9uMRUwEwYDVQQDDAxjZXJ0LmV4YW1wbGUwggEiMA0GCSqG +SIb3DQEBAQUAA4IBDwAwggEKAoIBAQC7MOIrqH+ZIJiZdroKMrelKMSvvRKg2MEg +j/sx9TaHHqrKys4AiL4Rq/ybQEigFC6G8mpZWbBrU+vN2SLr1ZsPftCHIY12LF56 +0WLYTYNqDgF5BdCZCrjJ2hhN+XwML2tgYdWioV/Eey8SJSqUskf03MpcwnLbVfSp +hwmowqNfiEFFqPBCf7E8IVarGWctbMpvlMbAM5owhMev/Ccmqqt81NFkb1WVejvN +5v/JKv243/Xedf4I7ZJv7zKeswoP9piFzWHXCd9SIVzWqF77u/crHufIhoEa7NkZ +hSC2aosQF619iKnfk0nqWaLDJ182CCXkHERoQC7q9X2IGLDLoA0XAgMBAAEwDQYJ +KoZIhvcNAQELBQADggEBAKbtLx+YlCGRCBmYn3dfYF+BIvK/b/e0DKNhDKhb4s9J +ywlJ4qnAB48tgPx0q+ZB+EdMYRqCwyvXJxEdZ7PsCdUeU6xI2ybkhSdUUfQbYem3 +aYRG+yukGzazySQJs8lGqxBlRMFl/FGCg+oSQ/I32eGf8micDskj2zkAJtCkUPHX +30YrWMfOwW1r2xYr2mBNXbNWXJhW/sIg5u8aa9fcALeuQcMXkbsbVoPmC5aLdiVZ +rvUFoJ8DPg0aYYwj64RwU0B5HW/7jKhQ25FgKVAzLGrgYx1DivkM7UQGdWYnU8IAA +8S89gRjGk2hnkeagWas3dxqTTpgJDhprgWzyKa9hII= +-----END CERTIFICATE----- diff --git a/openssl-1.1.0h/test/recipes/04-test_pem_data/cert-misalignedpad.pem b/openssl-1.1.0h/test/recipes/04-test_pem_data/cert-misalignedpad.pem new file mode 100644 index 0000000..caca6e5 --- /dev/null +++ b/openssl-1.1.0h/test/recipes/04-test_pem_data/cert-misalignedpad.pem @@ -0,0 +1,28 @@ +-----BEGIN CERTIFICATE----- +MIIEzDCCA7QCCQCgxkRox+YljjANBgkqhkiG9w0BAQsFADCCASYxYzBhBgNVBAgM +WlRoZSBHcmVhdCBTdGF0ZSBvZiBMb25nLVdpbmRlZCBDZXJ0aWZpY2F0ZSBGaWVs +ZCBOYW1lcyBXaGVyZWJ5IHRvIEluY3JlYXNlIHRoZSBPdXRwdXQgU2l6ZTEfMB0G +A1UEBwwWVG9vbWFueWNoYXJhY3RlcnN2aWxsZTFIMEYGA1UECgw/VGhlIEJlbmV2 +b2xlbnQgU29jaWV0eSBvZiBMb3F1YWNpb3VzIGFuZCBQbGVvbmFzdGljIFBlcmlw +aHJhc2lzMT0wOwYDVQQLDDRFbmRvcnNlbWVudCBvZiBWb3VjaHNhZmUnZCBFdmlk +ZW50aWFyeSBDZXJ0aWZpY2F0aW9uMRUwEwYDVQQDDAxjZXJ0LmV4YW1wbGUwHhcN +MTcwMjIzMjAyNTM2WhcNMTcwMzI1MjAyNTM2WjCCASYxYzBhBgNVBAgMWlRoZSBH +cmVhdCBTdGF0ZSBvZiBMb25nLVdpbmRlZCBDZXJ0aWZpY2F0ZSBGaWVsZCBOYW1l +cyBXaGVyZWJ5IHRvIEluY3JlYXNlIHRoZSBPdXRwdXQgU2l6ZTEfMB0GA1UEBwwW +VG9vbWFueWNoYXJhY3RlcnN2aWxsZTFIMEYGA1UECgw/VGhlIEJlbmV2b2xlbnQg +U29jaWV0eSBvZiBMb3F1YWNpb3VzIGFuZCBQbGVvbmFzdGljIFBlcmlwaHJhc2lz +MT0wOwYDVQQLDDRFbmRvcnNlbWVudCBvZiBWb3VjaHNhZmUnZCBFdmlkZW50aWFy +eSBDZXJ0aWZpY2F0aW9uMRUwEwYDVQQDDAxjZXJ0LmV4YW1wbGUwggEiMA0GCSqG +SIb3DQEBAQUAA4IBDwAwggEKAoIBAQC7MOIrqH+ZIJiZdroKMrelKMSvvRKg2MEg +j/sx9TaHHqrKys4AiL4Rq/ybQEigFC6G8mpZWbBrU+vN2SLr1ZsPftCHIY12LF56 +0WLYTYNqDgF5BdCZCrjJ2hhN+XwML2tgYdWioV/Eey8SJSqUskf03MpcwnLbVfSp +hwmowqNfiEFFqPBCf7E8IVarGWctbMpvlMbAM5owhMev/Ccmqqt81NFkb1WVejvN +5v/JKv243/Xedf4I7ZJv7zKeswoP9piFzWHXCd9SIVzWqF77u/crHufIhoEa7NkZ +hSC2aosQF619iKnfk0nqWaLDJ182CCXkHERoQC7q9X2IGLDLoA0XAgMBAAEwDQYJ +KoZIhvcNAQELBQADggEBAKbtLx+YlCGRCBmYn3dfYF+BIvK/b/e0DKNhDKhb4s9J +ywlJ4qnAB48tgPx0q+ZB+EdMYRqCwyvXJxEdZ7PsCdUeU6xI2ybkhSdUUfQbYem3 +aYRG+yukGzazySQJs8lGqxBlRMFl/FGCg+oSQ/I32eGf8micDskj2zkAJtCkUPHX +30YrWMfOwW1r2xYr2mBNXbNWXJhW/sIg5u8aa9fcALeuQcMXkbsbVoPmC5aLdiVZ +rvUFoJ8DPg0aYYwj64RwU0B5HW/7jKhQ25FgKVAzLGrgYx1DivkM7UQGdWYnU8IA +A8S89gRjGk2hnkeagWas3dxqTTpgJDhprgWzyKa9hII== +-----END CERTIFICATE----- diff --git a/openssl-1.1.0h/test/recipes/04-test_pem_data/cert-onecolumn.pem b/openssl-1.1.0h/test/recipes/04-test_pem_data/cert-onecolumn.pem new file mode 100644 index 0000000..77eebbf --- /dev/null +++ b/openssl-1.1.0h/test/recipes/04-test_pem_data/cert-onecolumn.pem @@ -0,0 +1,1646 @@ +-----BEGIN CERTIFICATE----- +M +I +I +E +z +D +C +C +A +7 +Q +C +C +Q +C +g +x +k +R +o +x ++ +Y +l +j +j +A +N +B +g +k +q +h +k +i +G +9 +w +0 +B +A +Q +s +F +A +D +C +C +A +S +Y +x +Y +z +B +h +B +g +N +V +B +A +g +M +W +l +R +o +Z +S +B +H +c +m +V +h +d +C +B +T +d +G +F +0 +Z +S +B +v +Z +i +B +M +b +2 +5 +n +L +V +d +p +b +m +R +l +Z +C +B +D +Z +X +J +0 +a +W +Z +p +Y +2 +F +0 +Z +S +B +G +a +W +V +s +Z +C +B +O +Y +W +1 +l +c +y +B +X +a +G +V +y +Z +W +J +5 +I +H +R +v +I +E +l +u +Y +3 +J +l +Y +X +N +l +I +H +R +o +Z +S +B +P +d +X +R +w +d +X +Q +g +U +2 +l +6 +Z +T +E +f +M +B +0 +G +A +1 +U +E +B +w +w +W +V +G +9 +v +b +W +F +u +e +W +N +o +Y +X +J +h +Y +3 +R +l +c +n +N +2 +a +W +x +s +Z +T +F +I +M +E +Y +G +A +1 +U +E +C +g +w +/ +V +G +h +l +I +E +J +l +b +m +V +2 +b +2 +x +l +b +n +Q +g +U +2 +9 +j +a +W +V +0 +e +S +B +v +Z +i +B +M +b +3 +F +1 +Y +W +N +p +b +3 +V +z +I +G +F +u +Z +C +B +Q +b +G +V +v +b +m +F +z +d +G +l +j +I +F +B +l +c +m +l +w +a +H +J +h +c +2 +l +z +M +T +0 +w +O +w +Y +D +V +Q +Q +L +D +D +R +F +b +m +R +v +c +n +N +l +b +W +V +u +d +C +B +v +Z +i +B +W +b +3 +V +j +a +H +N +h +Z +m +U +n +Z +C +B +F +d +m +l +k +Z +W +5 +0 +a +W +F +y +e +S +B +D +Z +X +J +0 +a +W +Z +p +Y +2 +F +0 +a +W +9 +u +M +R +U +w +E +w +Y +D +V +Q +Q +D +D +A +x +j +Z +X +J +0 +L +m +V +4 +Y +W +1 +w +b +G +U +w +H +h +c +N +M +T +c +w +M +j +I +z +M +j +A +y +N +T +M +2 +W +h +c +N +M +T +c +w +M +z +I +1 +M +j +A +y +N +T +M +2 +W +j +C +C +A +S +Y +x +Y +z +B +h +B +g +N +V +B +A +g +M +W +l +R +o +Z +S +B +H +c +m +V +h +d +C +B +T +d +G +F +0 +Z +S +B +v +Z +i +B +M +b +2 +5 +n +L +V +d +p +b +m +R +l +Z +C +B +D +Z +X +J +0 +a +W +Z +p +Y +2 +F +0 +Z +S +B +G +a +W +V +s +Z +C +B +O +Y +W +1 +l +c +y +B +X +a +G +V +y +Z +W +J +5 +I +H +R +v +I +E +l +u +Y +3 +J +l +Y +X +N +l +I +H +R +o +Z +S +B +P +d +X +R +w +d +X +Q +g +U +2 +l +6 +Z +T +E +f +M +B +0 +G +A +1 +U +E +B +w +w +W +V +G +9 +v +b +W +F +u +e +W +N +o +Y +X +J +h +Y +3 +R +l +c +n +N +2 +a +W +x +s +Z +T +F +I +M +E +Y +G +A +1 +U +E +C +g +w +/ +V +G +h +l +I +E +J +l +b +m +V +2 +b +2 +x +l +b +n +Q +g +U +2 +9 +j +a +W +V +0 +e +S +B +v +Z +i +B +M +b +3 +F +1 +Y +W +N +p +b +3 +V +z +I +G +F +u +Z +C +B +Q +b +G +V +v +b +m +F +z +d +G +l +j +I +F +B +l +c +m +l +w +a +H +J +h +c +2 +l +z +M +T +0 +w +O +w +Y +D +V +Q +Q +L +D +D +R +F +b +m +R +v +c +n +N +l +b +W +V +u +d +C +B +v +Z +i +B +W +b +3 +V +j +a +H +N +h +Z +m +U +n +Z +C +B +F +d +m +l +k +Z +W +5 +0 +a +W +F +y +e +S +B +D +Z +X +J +0 +a +W +Z +p +Y +2 +F +0 +a +W +9 +u +M +R +U +w +E +w +Y +D +V +Q +Q +D +D +A +x +j +Z +X +J +0 +L +m +V +4 +Y +W +1 +w +b +G +U +w +g +g +E +i +M +A +0 +G +C +S +q +G +S +I +b +3 +D +Q +E +B +A +Q +U +A +A +4 +I +B +D +w +A +w +g +g +E +K +A +o +I +B +A +Q +C +7 +M +O +I +r +q +H ++ +Z +I +J +i +Z +d +r +o +K +M +r +e +l +K +M +S +v +v +R +K +g +2 +M +E +g +j +/ +s +x +9 +T +a +H +H +q +r +K +y +s +4 +A +i +L +4 +R +q +/ +y +b +Q +E +i +g +F +C +6 +G +8 +m +p +Z +W +b +B +r +U ++ +v +N +2 +S +L +r +1 +Z +s +P +f +t +C +H +I +Y +1 +2 +L +F +5 +6 +0 +W +L +Y +T +Y +N +q +D +g +F +5 +B +d +C +Z +C +r +j +J +2 +h +h +N ++ +X +w +M +L +2 +t +g +Y +d +W +i +o +V +/ +E +e +y +8 +S +J +S +q +U +s +k +f +0 +3 +M +p +c +w +n +L +b +V +f +S +p +h +w +m +o +w +q +N +f +i +E +F +F +q +P +B +C +f +7 +E +8 +I +V +a +r +G +W +c +t +b +M +p +v +l +M +b +A +M +5 +o +w +h +M +e +v +/ +C +c +m +q +q +t +8 +1 +N +F +k +b +1 +W +V +e +j +v +N +5 +v +/ +J +K +v +2 +4 +3 +/ +X +e +d +f +4 +I +7 +Z +J +v +7 +z +K +e +s +w +o +P +9 +p +i +F +z +W +H +X +C +d +9 +S +I +V +z +W +q +F +7 +7 +u +/ +c +r +H +u +f +I +h +o +E +a +7 +N +k +Z +h +S +C +2 +a +o +s +Q +F +6 +1 +9 +i +K +n +f +k +0 +n +q +W +a +L +D +J +1 +8 +2 +C +C +X +k +H +E +R +o +Q +C +7 +q +9 +X +2 +I +G +L +D +L +o +A +0 +X +A +g +M +B +A +A +E +w +D +Q +Y +J +K +o +Z +I +h +v +c +N +A +Q +E +L +B +Q +A +D +g +g +E +B +A +K +b +t +L +x ++ +Y +l +C +G +R +C +B +m +Y +n +3 +d +f +Y +F ++ +B +I +v +K +/ +b +/ +e +0 +D +K +N +h +D +K +h +b +4 +s +9 +J +y +w +l +J +4 +q +n +A +B +4 +8 +t +g +P +x +0 +q ++ +Z +B ++ +E +d +M +Y +R +q +C +w +y +v +X +J +x +E +d +Z +7 +P +s +C +d +U +e +U +6 +x +I +2 +y +b +k +h +S +d +U +U +f +Q +b +Y +e +m +3 +a +Y +R +G ++ +y +u +k +G +z +a +z +y +S +Q +J +s +8 +l +G +q +x +B +l +R +M +F +l +/ +F +G +C +g ++ +o +S +Q +/ +I +3 +2 +e +G +f +8 +m +i +c +D +s +k +j +2 +z +k +A +J +t +C +k +U +P +H +X +3 +0 +Y +r +W +M +f +O +w +W +1 +r +2 +x +Y +r +2 +m +B +N +X +b +N +W +X +J +h +W +/ +s +I +g +5 +u +8 +a +a +9 +f +c +A +L +e +u +Q +c +M +X +k +b +s +b +V +o +P +m +C +5 +a +L +d +i +V +Z +r +v +U +F +o +J +8 +D +P +g +0 +a +Y +Y +w +j +6 +4 +R +w +U +0 +B +5 +H +W +/ +7 +j +K +h +Q +2 +5 +F +g +K +V +A +z +L +G +r +g +Y +x +1 +D +i +v +k +M +7 +U +Q +G +d +W +Y +n +U +8 +I +A +A +8 +S +8 +9 +g +R +j +G +k +2 +h +n +k +e +a +g +W +a +s +3 +d +x +q +T +T +p +g +J +D +h +p +r +g +W +z +y +K +a +9 +h +I +I += +-----END CERTIFICATE----- diff --git a/openssl-1.1.0h/test/recipes/04-test_pem_data/cert-oneline.pem b/openssl-1.1.0h/test/recipes/04-test_pem_data/cert-oneline.pem new file mode 100644 index 0000000..70121fb --- /dev/null +++ b/openssl-1.1.0h/test/recipes/04-test_pem_data/cert-oneline.pem @@ -0,0 +1,3 @@ +-----BEGIN CERTIFICATE----- +MIIEzDCCA7QCCQCgxkRox+YljjANBgkqhkiG9w0BAQsFADCCASYxYzBhBgNVBAgMWlRoZSBHcmVhdCBTdGF0ZSBvZiBMb25nLVdpbmRlZCBDZXJ0aWZpY2F0ZSBGaWVsZCBOYW1lcyBXaGVyZWJ5IHRvIEluY3JlYXNlIHRoZSBPdXRwdXQgU2l6ZTEfMB0GA1UEBwwWVG9vbWFueWNoYXJhY3RlcnN2aWxsZTFIMEYGA1UECgw/VGhlIEJlbmV2b2xlbnQgU29jaWV0eSBvZiBMb3F1YWNpb3VzIGFuZCBQbGVvbmFzdGljIFBlcmlwaHJhc2lzMT0wOwYDVQQLDDRFbmRvcnNlbWVudCBvZiBWb3VjaHNhZmUnZCBFdmlkZW50aWFyeSBDZXJ0aWZpY2F0aW9uMRUwEwYDVQQDDAxjZXJ0LmV4YW1wbGUwHhcNMTcwMjIzMjAyNTM2WhcNMTcwMzI1MjAyNTM2WjCCASYxYzBhBgNVBAgMWlRoZSBHcmVhdCBTdGF0ZSBvZiBMb25nLVdpbmRlZCBDZXJ0aWZpY2F0ZSBGaWVsZCBOYW1lcyBXaGVyZWJ5IHRvIEluY3JlYXNlIHRoZSBPdXRwdXQgU2l6ZTEfMB0GA1UEBwwWVG9vbWFueWNoYXJhY3RlcnN2aWxsZTFIMEYGA1UECgw/VGhlIEJlbmV2b2xlbnQgU29jaWV0eSBvZiBMb3F1YWNpb3VzIGFuZCBQbGVvbmFzdGljIFBlcmlwaHJhc2lzMT0wOwYDVQQLDDRFbmRvcnNlbWVudCBvZiBWb3VjaHNhZmUnZCBFdmlkZW50aWFyeSBDZXJ0aWZpY2F0aW9uMRUwEwYDVQQDDAxjZXJ0LmV4YW1wbGUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC7MOIrqH+ZIJiZdroKMrelKMSvvRKg2MEgj/sx9TaHHqrKys4AiL4Rq/ybQEigFC6G8mpZWbBrU+vN2SLr1ZsPftCHIY12LF560WLYTYNqDgF5BdCZCrjJ2hhN+XwML2tgYdWioV/Eey8SJSqUskf03MpcwnLbVfSphwmowqNfiEFFqPBCf7E8IVarGWctbMpvlMbAM5owhMev/Ccmqqt81NFkb1WVejvN5v/JKv243/Xedf4I7ZJv7zKeswoP9piFzWHXCd9SIVzWqF77u/crHufIhoEa7NkZhSC2aosQF619iKnfk0nqWaLDJ182CCXkHERoQC7q9X2IGLDLoA0XAgMBAAEwDQYJKoZIhvcNAQELBQADggEBAKbtLx+YlCGRCBmYn3dfYF+BIvK/b/e0DKNhDKhb4s9JywlJ4qnAB48tgPx0q+ZB+EdMYRqCwyvXJxEdZ7PsCdUeU6xI2ybkhSdUUfQbYem3aYRG+yukGzazySQJs8lGqxBlRMFl/FGCg+oSQ/I32eGf8micDskj2zkAJtCkUPHX30YrWMfOwW1r2xYr2mBNXbNWXJhW/sIg5u8aa9fcALeuQcMXkbsbVoPmC5aLdiVZrvUFoJ8DPg0aYYwj64RwU0B5HW/7jKhQ25FgKVAzLGrgYx1DivkM7UQGdWYnU8IAA8S89gRjGk2hnkeagWas3dxqTTpgJDhprgWzyKa9hII= +-----END CERTIFICATE----- diff --git a/openssl-1.1.0h/test/recipes/04-test_pem_data/cert-shortandlongline.pem b/openssl-1.1.0h/test/recipes/04-test_pem_data/cert-shortandlongline.pem new file mode 100644 index 0000000..1681e24 --- /dev/null +++ b/openssl-1.1.0h/test/recipes/04-test_pem_data/cert-shortandlongline.pem @@ -0,0 +1,28 @@ +-----BEGIN CERTIFICATE----- +MIIEzDCCA7QCCQCgxkRox+YljjANBgkqhkiG9w0BAQsFADCCASYxYzBhBgNVBAgM +WlRoZSBHcmVhdCBTdGF0ZSBvZiBMb25nLVdpbmRlZCBDZXJ0aWZpY2F0ZSBGaWVs +ZCBOYW1lcyBXaGVyZWJ5IHRvIEluY3JlYXNlIHRoZSBPdXRwdXQgU2l6ZTEfMB0G +A1UEBwwWVG9vbWFueWNoYXJhY3RlcnN2aWxsZTFIMEYGA1UECgw/VGhlIEJlbmV2 +b2xlbnQgU29jaWV0eSBvZiBMb3F1YWNpb3VzIGFuZCBQbGVvbmFzdGljIFBlcmlw +aHJhc2lzMT0wOwYDVQQLDDRFbmRvcnNlbWVudCBvZiBWb3VjaHNhZmUnZCBFdmlk +ZW50aWFyeSBDZXJ0aWZpY2F0aW9uMRUwEwYDVQQDDAxjZXJ0LmV4YW1wbGUwHhcN +MTcwMjIzMjAyNTM2WhcNMTcwMzI1MjAyNTM2WjCCASYxYzBhBgNVBAgMWlRoZSBH +cmVhdCBTdGF0ZSBvZiBMb25nLVdpbmRlZCBDZXJ0aWZpY2F0ZSBGaWVsZCBOYW1l +cyBXaGVyZWJ5IHRvIEluY3JlYXNlIHRoZSBPdXRwdXQgU2l6ZTEfMB0GA1UEBwwW +VG9vbWFueWNoYXJhY3RlcnN2aWxsZTFIMEYGA1UECgw/VGhlIEJlbmV2b2xlbnQg +U29jaWV0eSBvZiBMb3F1YWNpb3VzIGFuZCBQbGVvbmFzdGljIFBlcmlwaHJhc2lz +MT0wOwYDVQQLDDRFbmRvcnNlbWVudCBvZiBWb3VjaHNhZmUnZCBFdmlkZW50aWFy +eSBDZXJ0aWZpY2F0aW9uMRUwEwYDVQQDDAxjZXJ0LmV4YW1wbGUwggEiMA0GCSqG +SIb3DQEBAQUAA4IBDwAwggEKAoIBAQC7MOIrqH+ZIJiZdroKMrelKMSvvRKg2MEg +j/sx9TaHHqrKys4AiL4Rq/ybQEigFC6G8mpZWbBrU+vN2SLr1ZsPftCHIY12LF56 +0WLYTYNqDgF5BdCZCrjJ2hhN+XwML2tgYdWioV/Eey8SJSqUskf03MpcwnLbVfSp +hwmowqNfiEFFqPBCf7E8IVarGWctbMpvlMbAM5owhMev/Ccmqqt81NFkb1WVejvN +5v/JKv243/Xedf4I7ZJv7zKeswoP9piFzWHXCd9SIVzWqF77u/crHufIhoEa7NkZ +hSC2aosQF619iKnfk0nqWaLDJ182CCXkHERoQC7q9X2IGLDLoA0XAgMBAAEwDQYJ +KoZIhvcNAQELBQADggEBAKbtLx+YlCGRCBmYn3dfYF+BIvK/b/e0DKNhDKhb4s9J +ywlJ4qnAB48tgPx0q+ZB+EdMYRqCwyvXJxEdZ7PsCdUeU6xI2ybkhSdUUfQbYem3 +aYRG+yukGzazySQJs8lGqxBlRMFl/FGCg+oSQ/I32eGf8micDskj2zkAJtCkUPHX +30YrWMfOwW1r2xYr2mBNXbNWXJhW/sIg5u8aa9fcALeuQcMXkbsbVoPmC5aLdiV +ZrvUFoJ8DPg0aYYwj64RwU0B5HW/7jKhQ25FgKVAzLGrgYx1DivkM7UQGdWYnU8IA +A8S89gRjGk2hnkeagWas3dxqTTpgJDhprgWzyKa9hII= +-----END CERTIFICATE----- diff --git a/openssl-1.1.0h/test/recipes/04-test_pem_data/cert-shortline.pem b/openssl-1.1.0h/test/recipes/04-test_pem_data/cert-shortline.pem new file mode 100644 index 0000000..3c5d2e5 --- /dev/null +++ b/openssl-1.1.0h/test/recipes/04-test_pem_data/cert-shortline.pem @@ -0,0 +1,28 @@ +-----BEGIN CERTIFICATE----- +MIIEzDCCA7QCCQCgxkRox+YljjANBgkqhkiG9w0BAQsFADCCASYxYzBhBgNVBAgM +WlRoZSBHcmVhdCBTdGF0ZSBvZiBMb25nLVdpbmRlZCBDZXJ0aWZpY2F0ZSBGaWVs +ZCBOYW1lcyBXaGVyZWJ5IHRvIEluY3JlYXNlIHRoZSBPdXRwdXQgU2l6ZTEfMB0G +A1UEBwwWVG9vbWFueWNoYXJhY3RlcnN2aWxsZTFIMEYGA1UECgw/VGhlIEJlbmV2 +b2xlbnQgU29jaWV0eSBvZiBMb3F1YWNpb3VzIGFuZCBQbGVvbmFzdGljIFBlcmlw +aHJhc2lzMT0wOwYDVQQLDDRFbmRvcnNlbWVudCBvZiBWb3VjaHNhZmUnZCBFdmlk +ZW50aWFyeSBDZXJ0aWZpY2F0aW9uMRUwEwYDVQQDDAxjZXJ0LmV4YW1wbGUwHhcN +MTcwMjIzMjAyNTM2WhcNMTcwMzI1MjAyNTM2WjCCASYxYzBhBgNVBAgMWlRoZSBH +cmVhdCBTdGF0ZSBvZiBMb25nLVdpbmRlZCBDZXJ0aWZpY2F0ZSBGaWVsZCBOYW1l +cyBXaGVyZWJ5IHRvIEluY3JlYXNlIHRoZSBPdXRwdXQgU2l6ZTEfMB0GA1UEBwwW +VG9vbWFueWNoYXJhY3RlcnN2aWxsZTFIMEYGA1UECgw/VGhlIEJlbmV2b2xlbnQg +U29jaWV0eSBvZiBMb3F1YWNpb3VzIGFuZCBQbGVvbmFzdGljIFBlcmlwaHJhc2lz +MT0wOwYDVQQLDDRFbmRvcnNlbWVudCBvZiBWb3VjaHNhZmUnZCBFdmlkZW50aWFy +eSBDZXJ0aWZpY2F0aW9uMRUwEwYDVQQDDAxjZXJ0LmV4YW1wbGUwggEiMA0GCSqG +SIb3DQEBAQUAA4IBDwAwggEKAoIBAQC7MOIrqH+ZIJiZdroKMrelKMSvvRKg2MEg +j/sx9TaHHqrKys4AiL4Rq/ybQEigFC6G8mpZWbBrU+vN2SLr1ZsPftCHIY12LF56 +0WLYTYNqDgF5BdCZCrjJ2hhN+XwML2tgYdWioV/Eey8SJSqUskf03MpcwnLbVfSp +hwmowqNfiEFFqPBCf7E8IVarGWctbMpvlMbAM5owhMev/Ccmqqt81NFkb1WVejvN +5v/JKv243/Xedf4I7ZJv7zKeswoP9piFzWHXCd9SIVzWqF77u/crHufIhoEa7NkZ +hSC2aosQF619iKnfk0nqWaLDJ182CCXkHERoQC7q9X2IGLDLoA0XAgMBAAEwDQYJ +KoZIhvcNAQELBQADggEBAKbtLx+YlCGRCBmYn3dfYF+BIvK/b/e0DKNhDKhb4s9J +ywlJ4qnAB48tgPx0q+ZB+EdMYRqCwyvXJxEdZ7PsCdUeU6xI2ybkhSdUUfQbYem3 +aYRG+yukGzazySQJs8lGqxBlRMFl/FGCg+oSQ/I32eGf8micDskj2zkAJtCkUPHX +30YrWMfOwW1r2xYr2mBNXbNWXJhW/sIg5u8aa9fcALeuQcMXkbsbVoPmC5aLdiV +ZrvUFoJ8DPg0aYYwj64RwU0B5HW/7jKhQ25FgKVAzLGrgYx1DivkM7UQGdWYnU8I +AA8S89gRjGk2hnkeagWas3dxqTTpgJDhprgWzyKa9hII= +-----END CERTIFICATE----- diff --git a/openssl-1.1.0h/test/recipes/04-test_pem_data/cert-threecolumn.pem b/openssl-1.1.0h/test/recipes/04-test_pem_data/cert-threecolumn.pem new file mode 100644 index 0000000..eb5503c --- /dev/null +++ b/openssl-1.1.0h/test/recipes/04-test_pem_data/cert-threecolumn.pem @@ -0,0 +1,550 @@ +-----BEGIN CERTIFICATE----- +MII +EzD +CCA +7QC +CQC +gxk +Rox ++Yl +jjA +NBg +kqh +kiG +9w0 +BAQ +sFA +DCC +ASY +xYz +BhB +gNV +BAg +MWl +RoZ +SBH +cmV +hdC +BTd +GF0 +ZSB +vZi +BMb +25n +LVd +pbm +RlZ +CBD +ZXJ +0aW +ZpY +2F0 +ZSB +GaW +VsZ +CBO +YW1 +lcy +BXa +GVy +ZWJ +5IH +RvI +Elu +Y3J +lYX +NlI +HRo +ZSB +PdX +Rwd +XQg +U2l +6ZT +EfM +B0G +A1U +EBw +wWV +G9v +bWF +ueW +NoY +XJh +Y3R +lcn +N2a +Wxs +ZTF +IME +YGA +1UE +Cgw +/VG +hlI +EJl +bmV +2b2 +xlb +nQg +U29 +jaW +V0e +SBv +ZiB +Mb3 +F1Y +WNp +b3V +zIG +FuZ +CBQ +bGV +vbm +Fzd +Glj +IFB +lcm +lwa +HJh +c2l +zMT +0wO +wYD +VQQ +LDD +RFb +mRv +cnN +lbW +Vud +CBv +ZiB +Wb3 +Vja +HNh +ZmU +nZC +BFd +mlk +ZW5 +0aW +Fye +SBD +ZXJ +0aW +ZpY +2F0 +aW9 +uMR +UwE +wYD +VQQ +DDA +xjZ +XJ0 +LmV +4YW +1wb +GUw +Hhc +NMT +cwM +jIz +MjA +yNT +M2W +hcN +MTc +wMz +I1M +jAy +NTM +2Wj +CCA +SYx +YzB +hBg +NVB +AgM +WlR +oZS +BHc +mVh +dCB +TdG +F0Z +SBv +ZiB +Mb2 +5nL +Vdp +bmR +lZC +BDZ +XJ0 +aWZ +pY2 +F0Z +SBG +aWV +sZC +BOY +W1l +cyB +XaG +VyZ +WJ5 +IHR +vIE +luY +3Jl +YXN +lIH +RoZ +SBP +dXR +wdX +QgU +2l6 +ZTE +fMB +0GA +1UE +Bww +WVG +9vb +WFu +eWN +oYX +JhY +3Rl +cnN +2aW +xsZ +TFI +MEY +GA1 +UEC +gw/ +VGh +lIE +Jlb +mV2 +b2x +lbn +QgU +29j +aWV +0eS +BvZ +iBM +b3F +1YW +Npb +3Vz +IGF +uZC +BQb +GVv +bmF +zdG +ljI +FBl +cml +waH +Jhc +2lz +MT0 +wOw +YDV +QQL +DDR +Fbm +Rvc +nNl +bWV +udC +BvZ +iBW +b3V +jaH +NhZ +mUn +ZCB +Fdm +lkZ +W50 +aWF +yeS +BDZ +XJ0 +aWZ +pY2 +F0a +W9u +MRU +wEw +YDV +QQD +DAx +jZX +J0L +mV4 +YW1 +wbG +Uwg +gEi +MA0 +GCS +qGS +Ib3 +DQE +BAQ +UAA +4IB +DwA +wgg +EKA +oIB +AQC +7MO +Irq +H+Z +IJi +Zdr +oKM +rel +KMS +vvR +Kg2 +MEg +j/s +x9T +aHH +qrK +ys4 +AiL +4Rq +/yb +QEi +gFC +6G8 +mpZ +WbB +rU+ +vN2 +SLr +1Zs +Pft +CHI +Y12 +LF5 +60W +LYT +YNq +DgF +5Bd +CZC +rjJ +2hh +N+X +wML +2tg +YdW +ioV +/Ee +y8S +JSq +Usk +f03 +Mpc +wnL +bVf +Sph +wmo +wqN +fiE +FFq +PBC +f7E +8IV +arG +Wct +bMp +vlM +bAM +5ow +hMe +v/C +cmq +qt8 +1NF +kb1 +WVe +jvN +5v/ +JKv +243 +/Xe +df4 +I7Z +Jv7 +zKe +swo +P9p +iFz +WHX +Cd9 +SIV +zWq +F77 +u/c +rHu +fIh +oEa +7Nk +ZhS +C2a +osQ +F61 +9iK +nfk +0nq +WaL +DJ1 +82C +CXk +HER +oQC +7q9 +X2I +GLD +LoA +0XA +gMB +AAE +wDQ +YJK +oZI +hvc +NAQ +ELB +QAD +ggE +BAK +btL +x+Y +lCG +RCB +mYn +3df +YF+ +BIv +K/b +/e0 +DKN +hDK +hb4 +s9J +ywl +J4q +nAB +48t +gPx +0q+ +ZB+ +EdM +YRq +Cwy +vXJ +xEd +Z7P +sCd +UeU +6xI +2yb +khS +dUU +fQb +Yem +3aY +RG+ +yuk +Gza +zyS +QJs +8lG +qxB +lRM +Fl/ +FGC +g+o +SQ/ +I32 +eGf +8mi +cDs +kj2 +zkA +JtC +kUP +HX3 +0Yr +WMf +OwW +1r2 +xYr +2mB +NXb +NWX +JhW +/sI +g5u +8aa +9fc +ALe +uQc +MXk +bsb +VoP +mC5 +aLd +iVZ +rvU +FoJ +8DP +g0a +YYw +j64 +RwU +0B5 +HW/ +7jK +hQ2 +5Fg +KVA +zLG +rgY +x1D +ivk +M7U +QGd +WYn +U8I +AA8 +S89 +gRj +Gk2 +hnk +eag +Was +3dx +qTT +pgJ +Dhp +rgW +zyK +a9h +II= +-----END CERTIFICATE----- diff --git a/openssl-1.1.0h/test/recipes/04-test_pem_data/cert-trailingwhitespace.pem b/openssl-1.1.0h/test/recipes/04-test_pem_data/cert-trailingwhitespace.pem new file mode 100644 index 0000000..ab0dfe8 --- /dev/null +++ b/openssl-1.1.0h/test/recipes/04-test_pem_data/cert-trailingwhitespace.pem @@ -0,0 +1,28 @@ +-----BEGIN CERTIFICATE----- +MIIEzDCCA7QCCQCgxkRox+YljjANBgkqhkiG9w0BAQsFADCCASYxYzBhBgNVBAgM +WlRoZSBHcmVhdCBTdGF0ZSBvZiBMb25nLVdpbmRlZCBDZXJ0aWZpY2F0ZSBGaWVs +ZCBOYW1lcyBXaGVyZWJ5IHRvIEluY3JlYXNlIHRoZSBPdXRwdXQgU2l6ZTEfMB0G +A1UEBwwWVG9vbWFueWNoYXJhY3RlcnN2aWxsZTFIMEYGA1UECgw/VGhlIEJlbmV2 +b2xlbnQgU29jaWV0eSBvZiBMb3F1YWNpb3VzIGFuZCBQbGVvbmFzdGljIFBlcmlw +aHJhc2lzMT0wOwYDVQQLDDRFbmRvcnNlbWVudCBvZiBWb3VjaHNhZmUnZCBFdmlk +ZW50aWFyeSBDZXJ0aWZpY2F0aW9uMRUwEwYDVQQDDAxjZXJ0LmV4YW1wbGUwHhcN +MTcwMjIzMjAyNTM2WhcNMTcwMzI1MjAyNTM2WjCCASYxYzBhBgNVBAgMWlRoZSBH +cmVhdCBTdGF0ZSBvZiBMb25nLVdpbmRlZCBDZXJ0aWZpY2F0ZSBGaWVsZCBOYW1l +cyBXaGVyZWJ5IHRvIEluY3JlYXNlIHRoZSBPdXRwdXQgU2l6ZTEfMB0GA1UEBwwW +VG9vbWFueWNoYXJhY3RlcnN2aWxsZTFIMEYGA1UECgw/VGhlIEJlbmV2b2xlbnQg +U29jaWV0eSBvZiBMb3F1YWNpb3VzIGFuZCBQbGVvbmFzdGljIFBlcmlwaHJhc2lz +MT0wOwYDVQQLDDRFbmRvcnNlbWVudCBvZiBWb3VjaHNhZmUnZCBFdmlkZW50aWFy +eSBDZXJ0aWZpY2F0aW9uMRUwEwYDVQQDDAxjZXJ0LmV4YW1wbGUwggEiMA0GCSqG +SIb3DQEBAQUAA4IBDwAwggEKAoIBAQC7MOIrqH+ZIJiZdroKMrelKMSvvRKg2MEg +j/sx9TaHHqrKys4AiL4Rq/ybQEigFC6G8mpZWbBrU+vN2SLr1ZsPftCHIY12LF56 +0WLYTYNqDgF5BdCZCrjJ2hhN+XwML2tgYdWioV/Eey8SJSqUskf03MpcwnLbVfSp +hwmowqNfiEFFqPBCf7E8IVarGWctbMpvlMbAM5owhMev/Ccmqqt81NFkb1WVejvN +5v/JKv243/Xedf4I7ZJv7zKeswoP9piFzWHXCd9SIVzWqF77u/crHufIhoEa7NkZ +hSC2aosQF619iKnfk0nqWaLDJ182CCXkHERoQC7q9X2IGLDLoA0XAgMBAAEwDQYJ +KoZIhvcNAQELBQADggEBAKbtLx+YlCGRCBmYn3dfYF+BIvK/b/e0DKNhDKhb4s9J +ywlJ4qnAB48tgPx0q+ZB+EdMYRqCwyvXJxEdZ7PsCdUeU6xI2ybkhSdUUfQbYem3 +aYRG+yukGzazySQJs8lGqxBlRMFl/FGCg+oSQ/I32eGf8micDskj2zkAJtCkUPHX +30YrWMfOwW1r2xYr2mBNXbNWXJhW/sIg5u8aa9fcALeuQcMXkbsbVoPmC5aLdiVZ +rvUFoJ8DPg0aYYwj64RwU0B5HW/7jKhQ25FgKVAzLGrgYx1DivkM7UQGdWYnU8IA +A8S89gRjGk2hnkeagWas3dxqTTpgJDhprgWzyKa9hII= +-----END CERTIFICATE----- diff --git a/openssl-1.1.0h/test/recipes/04-test_pem_data/cert.pem b/openssl-1.1.0h/test/recipes/04-test_pem_data/cert.pem new file mode 100644 index 0000000..99ddf07 --- /dev/null +++ b/openssl-1.1.0h/test/recipes/04-test_pem_data/cert.pem @@ -0,0 +1,28 @@ +-----BEGIN CERTIFICATE----- +MIIEzDCCA7QCCQCgxkRox+YljjANBgkqhkiG9w0BAQsFADCCASYxYzBhBgNVBAgM +WlRoZSBHcmVhdCBTdGF0ZSBvZiBMb25nLVdpbmRlZCBDZXJ0aWZpY2F0ZSBGaWVs +ZCBOYW1lcyBXaGVyZWJ5IHRvIEluY3JlYXNlIHRoZSBPdXRwdXQgU2l6ZTEfMB0G +A1UEBwwWVG9vbWFueWNoYXJhY3RlcnN2aWxsZTFIMEYGA1UECgw/VGhlIEJlbmV2 +b2xlbnQgU29jaWV0eSBvZiBMb3F1YWNpb3VzIGFuZCBQbGVvbmFzdGljIFBlcmlw +aHJhc2lzMT0wOwYDVQQLDDRFbmRvcnNlbWVudCBvZiBWb3VjaHNhZmUnZCBFdmlk +ZW50aWFyeSBDZXJ0aWZpY2F0aW9uMRUwEwYDVQQDDAxjZXJ0LmV4YW1wbGUwHhcN +MTcwMjIzMjAyNTM2WhcNMTcwMzI1MjAyNTM2WjCCASYxYzBhBgNVBAgMWlRoZSBH +cmVhdCBTdGF0ZSBvZiBMb25nLVdpbmRlZCBDZXJ0aWZpY2F0ZSBGaWVsZCBOYW1l +cyBXaGVyZWJ5IHRvIEluY3JlYXNlIHRoZSBPdXRwdXQgU2l6ZTEfMB0GA1UEBwwW +VG9vbWFueWNoYXJhY3RlcnN2aWxsZTFIMEYGA1UECgw/VGhlIEJlbmV2b2xlbnQg +U29jaWV0eSBvZiBMb3F1YWNpb3VzIGFuZCBQbGVvbmFzdGljIFBlcmlwaHJhc2lz +MT0wOwYDVQQLDDRFbmRvcnNlbWVudCBvZiBWb3VjaHNhZmUnZCBFdmlkZW50aWFy +eSBDZXJ0aWZpY2F0aW9uMRUwEwYDVQQDDAxjZXJ0LmV4YW1wbGUwggEiMA0GCSqG +SIb3DQEBAQUAA4IBDwAwggEKAoIBAQC7MOIrqH+ZIJiZdroKMrelKMSvvRKg2MEg +j/sx9TaHHqrKys4AiL4Rq/ybQEigFC6G8mpZWbBrU+vN2SLr1ZsPftCHIY12LF56 +0WLYTYNqDgF5BdCZCrjJ2hhN+XwML2tgYdWioV/Eey8SJSqUskf03MpcwnLbVfSp +hwmowqNfiEFFqPBCf7E8IVarGWctbMpvlMbAM5owhMev/Ccmqqt81NFkb1WVejvN +5v/JKv243/Xedf4I7ZJv7zKeswoP9piFzWHXCd9SIVzWqF77u/crHufIhoEa7NkZ +hSC2aosQF619iKnfk0nqWaLDJ182CCXkHERoQC7q9X2IGLDLoA0XAgMBAAEwDQYJ +KoZIhvcNAQELBQADggEBAKbtLx+YlCGRCBmYn3dfYF+BIvK/b/e0DKNhDKhb4s9J +ywlJ4qnAB48tgPx0q+ZB+EdMYRqCwyvXJxEdZ7PsCdUeU6xI2ybkhSdUUfQbYem3 +aYRG+yukGzazySQJs8lGqxBlRMFl/FGCg+oSQ/I32eGf8micDskj2zkAJtCkUPHX +30YrWMfOwW1r2xYr2mBNXbNWXJhW/sIg5u8aa9fcALeuQcMXkbsbVoPmC5aLdiVZ +rvUFoJ8DPg0aYYwj64RwU0B5HW/7jKhQ25FgKVAzLGrgYx1DivkM7UQGdWYnU8IA +A8S89gRjGk2hnkeagWas3dxqTTpgJDhprgWzyKa9hII= +-----END CERTIFICATE----- diff --git a/openssl-1.1.0h/test/recipes/04-test_pem_data/csr.pem b/openssl-1.1.0h/test/recipes/04-test_pem_data/csr.pem new file mode 100644 index 0000000..02a966d --- /dev/null +++ b/openssl-1.1.0h/test/recipes/04-test_pem_data/csr.pem @@ -0,0 +1,21 @@ +-----BEGIN CERTIFICATE REQUEST----- +MIIDbTCCAlUCAQAwggEmMWMwYQYDVQQIDFpUaGUgR3JlYXQgU3RhdGUgb2YgTG9u +Zy1XaW5kZWQgQ2VydGlmaWNhdGUgRmllbGQgTmFtZXMgV2hlcmVieSB0byBJbmNy +ZWFzZSB0aGUgT3V0cHV0IFNpemUxHzAdBgNVBAcMFlRvb21hbnljaGFyYWN0ZXJz +dmlsbGUxSDBGBgNVBAoMP1RoZSBCZW5ldm9sZW50IFNvY2lldHkgb2YgTG9xdWFj +aW91cyBhbmQgUGxlb25hc3RpYyBQZXJpcGhyYXNpczE9MDsGA1UECww0RW5kb3Jz +ZW1lbnQgb2YgVm91Y2hzYWZlJ2QgRXZpZGVudGlhcnkgQ2VydGlmaWNhdGlvbjEV +MBMGA1UEAwwMY2VydC5leGFtcGxlMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB +CgKCAQEAuzDiK6h/mSCYmXa6CjK3pSjEr70SoNjBII/7MfU2hx6qysrOAIi+Eav8 +m0BIoBQuhvJqWVmwa1Przdki69WbD37QhyGNdixeetFi2E2Dag4BeQXQmQq4ydoY +Tfl8DC9rYGHVoqFfxHsvEiUqlLJH9NzKXMJy21X0qYcJqMKjX4hBRajwQn+xPCFW +qxlnLWzKb5TGwDOaMITHr/wnJqqrfNTRZG9VlXo7zeb/ySr9uN/13nX+CO2Sb+8y +nrMKD/aYhc1h1wnfUiFc1qhe+7v3Kx7nyIaBGuzZGYUgtmqLEBetfYip35NJ6lmi +wydfNggl5BxEaEAu6vV9iBiwy6ANFwIDAQABoAAwDQYJKoZIhvcNAQELBQADggEB +ADgIOZ6OL8SDAGcDTkHuE7d9xOIeiidMU2JU1Dxxk7iZh6JAHxjdgwwUew0nDdPR +74u84uGzecotX9MByAhmCflhwN+aTQcntxY1R44uAmeE0WJLrCYWQIKHh27YI/2y +9mMHX9srTtL+Ggrs7s1WLzcFitDpUWB4B+9a+KGJ0fbWPpjNcxDwwjSEiKwzHhpv +3PdTU2eC5/uvu1BoU4ms//JftvbWlTwHqf4J4P/FZeeOwoTay5d0K5qWDs9hEexP +m9wRUnCc8L7xPElYvIC9mpgMFvwJ3xMOpE1qAh7WSeAlTX6wE0WvxgCwhgEExISQ +vRMcwsXoc5VthqU/E8fc9ls= +-----END CERTIFICATE REQUEST----- diff --git a/openssl-1.1.0h/test/recipes/04-test_pem_data/dsa-1023line.pem b/openssl-1.1.0h/test/recipes/04-test_pem_data/dsa-1023line.pem new file mode 100644 index 0000000..0e5c01a --- /dev/null +++ b/openssl-1.1.0h/test/recipes/04-test_pem_data/dsa-1023line.pem @@ -0,0 +1,9 @@ +-----BEGIN DSA PRIVATE KEY----- +Proc-Type: 4,ENCRYPTED +DEK-Info: AES-256-CBC,A2A7FA3E5E454B59C8777564E7AF3CD6 + +EBDWX0Qfarl+QNsHgCUudLyb6DkC4zyaDU/vUqWyHX0m+8W2bbmT5TexlL3hsM5U +gz7KsGqyjeOuK9QT5LOM4VyK6BgmhqpQaJ1MgCWA/gbBPTgBp2jfp3oS0WC5D6GMwcsdqoeIpD/wce3k0H2Gfu6+rINBmbITtn4DTf3PkOcDIwdDceN2qkZanloFVriS3kABUIh1ehYIXQibLRFY5rXdQnhY2CZNrQFIMwl64hK5P5hQbcyJKGDHAYzXV7oupdXy5F9oyEd6eA5ix+n1jKFRB7PmApZmuiQjzfExVKmBPGxRzOGT0qR5vLylQheiSC77nkerawUyjA2QlIa/SmNzXEYkN3goDzHSFKBauB0o5qFc1b1x7dXPCFL0atG5UxoRr/Ep7tiab4DZmYEnOGkL2dVN8jA04F+HQGBeP6nDOSKhXRjbUODUpDpDvj+FJf77Rv0p48l9ip8i/bquwukXlMed3O4d6rnEwkggdySS5itiShwaVLPf+icI/Yd4vcPXDPUHTkj1XmoZ4f1mUF17OtCohsJT7O4oMBBMBwqCkC7enrLaALi9jiKym47g2bZH05xJPpWXS/kSEkwt/jI+a+o4CuDPly3XhIcYRtsaWBJWiam1OT7sGQ+zkjTGAa6NfwbR8ScQC8MzDfVnkJ3VnXjT345bz+F7HTAveQ8a7KGxNntPhE0KVjpl369Kq2TMLyexQARJapabBf/ST9zWP7wxzWfrEbX3OEZCuRDVkwWf18BH/Eh6Lqnqg5QM4GuX708NiFpiwQt9p/DAuQdhBrP67BxL64CbI7CgW4Lv3z3qnKfFV9zY5/mxCERn9mPOig2r8WvvXt7ch6nhzBPfCwq0BoPqLKUFgDpeXsNdJ9sW5IV3yi/3Bh98ZBYXzj8g/7XMo6v998fct+EiHPscuqeYUaoJZ6+Zj7W45nGA9DGsnEmZ0Wux2tTj70mDoH//21TiRAx6ypPP+Iq2YDzqh7VXc/gssOn/vU1Aj19gzL+MRn1Z55SMrA7nO90mOgOyEP+uGrXyahfZGPbmpgIx+MTbtfvRtZBsG3EcXyW9NnHJfk4O8xN3hYPWXaB +Io15qB3jYbx1oktbcQPo0hzaNv+PJ5wtT47JLNcbMeMSnwKM8MB4CXlM43RUtKws +6 +-----END DSA PRIVATE KEY----- diff --git a/openssl-1.1.0h/test/recipes/04-test_pem_data/dsa-1024line.pem b/openssl-1.1.0h/test/recipes/04-test_pem_data/dsa-1024line.pem new file mode 100644 index 0000000..185a029 --- /dev/null +++ b/openssl-1.1.0h/test/recipes/04-test_pem_data/dsa-1024line.pem @@ -0,0 +1,8 @@ +-----BEGIN DSA PRIVATE KEY----- +Proc-Type: 4,ENCRYPTED +DEK-Info: AES-256-CBC,A2A7FA3E5E454B59C8777564E7AF3CD6 + +EBDWX0Qfarl+QNsHgCUudLyb6DkC4zyaDU/vUqWyHX0m+8W2bbmT5TexlL3hsM5U +gz7KsGqyjeOuK9QT5LOM4VyK6BgmhqpQaJ1MgCWA/gbBPTgBp2jfp3oS0WC5D6GMwcsdqoeIpD/wce3k0H2Gfu6+rINBmbITtn4DTf3PkOcDIwdDceN2qkZanloFVriS3kABUIh1ehYIXQibLRFY5rXdQnhY2CZNrQFIMwl64hK5P5hQbcyJKGDHAYzXV7oupdXy5F9oyEd6eA5ix+n1jKFRB7PmApZmuiQjzfExVKmBPGxRzOGT0qR5vLylQheiSC77nkerawUyjA2QlIa/SmNzXEYkN3goDzHSFKBauB0o5qFc1b1x7dXPCFL0atG5UxoRr/Ep7tiab4DZmYEnOGkL2dVN8jA04F+HQGBeP6nDOSKhXRjbUODUpDpDvj+FJf77Rv0p48l9ip8i/bquwukXlMed3O4d6rnEwkggdySS5itiShwaVLPf+icI/Yd4vcPXDPUHTkj1XmoZ4f1mUF17OtCohsJT7O4oMBBMBwqCkC7enrLaALi9jiKym47g2bZH05xJPpWXS/kSEkwt/jI+a+o4CuDPly3XhIcYRtsaWBJWiam1OT7sGQ+zkjTGAa6NfwbR8ScQC8MzDfVnkJ3VnXjT345bz+F7HTAveQ8a7KGxNntPhE0KVjpl369Kq2TMLyexQARJapabBf/ST9zWP7wxzWfrEbX3OEZCuRDVkwWf18BH/Eh6Lqnqg5QM4GuX708NiFpiwQt9p/DAuQdhBrP67BxL64CbI7CgW4Lv3z3qnKfFV9zY5/mxCERn9mPOig2r8WvvXt7ch6nhzBPfCwq0BoPqLKUFgDpeXsNdJ9sW5IV3yi/3Bh98ZBYXzj8g/7XMo6v998fct+EiHPscuqeYUaoJZ6+Zj7W45nGA9DGsnEmZ0Wux2tTj70mDoH//21TiRAx6ypPP+Iq2YDzqh7VXc/gssOn/vU1Aj19gzL+MRn1Z55SMrA7nO90mOgOyEP+uGrXyahfZGPbmpgIx+MTbtfvRtZBsG3EcXyW9NnHJfk4O8xN3hYPWXaBI +o15qB3jYbx1oktbcQPo0hzaNv+PJ5wtT47JLNcbMeMSnwKM8MB4CXlM43RUtKws6 +-----END DSA PRIVATE KEY----- diff --git a/openssl-1.1.0h/test/recipes/04-test_pem_data/dsa-1025line.pem b/openssl-1.1.0h/test/recipes/04-test_pem_data/dsa-1025line.pem new file mode 100644 index 0000000..fa449c9 --- /dev/null +++ b/openssl-1.1.0h/test/recipes/04-test_pem_data/dsa-1025line.pem @@ -0,0 +1,8 @@ +-----BEGIN DSA PRIVATE KEY----- +Proc-Type: 4,ENCRYPTED +DEK-Info: AES-256-CBC,A2A7FA3E5E454B59C8777564E7AF3CD6 + +EBDWX0Qfarl+QNsHgCUudLyb6DkC4zyaDU/vUqWyHX0m+8W2bbmT5TexlL3hsM5U +gz7KsGqyjeOuK9QT5LOM4VyK6BgmhqpQaJ1MgCWA/gbBPTgBp2jfp3oS0WC5D6GMwcsdqoeIpD/wce3k0H2Gfu6+rINBmbITtn4DTf3PkOcDIwdDceN2qkZanloFVriS3kABUIh1ehYIXQibLRFY5rXdQnhY2CZNrQFIMwl64hK5P5hQbcyJKGDHAYzXV7oupdXy5F9oyEd6eA5ix+n1jKFRB7PmApZmuiQjzfExVKmBPGxRzOGT0qR5vLylQheiSC77nkerawUyjA2QlIa/SmNzXEYkN3goDzHSFKBauB0o5qFc1b1x7dXPCFL0atG5UxoRr/Ep7tiab4DZmYEnOGkL2dVN8jA04F+HQGBeP6nDOSKhXRjbUODUpDpDvj+FJf77Rv0p48l9ip8i/bquwukXlMed3O4d6rnEwkggdySS5itiShwaVLPf+icI/Yd4vcPXDPUHTkj1XmoZ4f1mUF17OtCohsJT7O4oMBBMBwqCkC7enrLaALi9jiKym47g2bZH05xJPpWXS/kSEkwt/jI+a+o4CuDPly3XhIcYRtsaWBJWiam1OT7sGQ+zkjTGAa6NfwbR8ScQC8MzDfVnkJ3VnXjT345bz+F7HTAveQ8a7KGxNntPhE0KVjpl369Kq2TMLyexQARJapabBf/ST9zWP7wxzWfrEbX3OEZCuRDVkwWf18BH/Eh6Lqnqg5QM4GuX708NiFpiwQt9p/DAuQdhBrP67BxL64CbI7CgW4Lv3z3qnKfFV9zY5/mxCERn9mPOig2r8WvvXt7ch6nhzBPfCwq0BoPqLKUFgDpeXsNdJ9sW5IV3yi/3Bh98ZBYXzj8g/7XMo6v998fct+EiHPscuqeYUaoJZ6+Zj7W45nGA9DGsnEmZ0Wux2tTj70mDoH//21TiRAx6ypPP+Iq2YDzqh7VXc/gssOn/vU1Aj19gzL+MRn1Z55SMrA7nO90mOgOyEP+uGrXyahfZGPbmpgIx+MTbtfvRtZBsG3EcXyW9NnHJfk4O8xN3hYPWXaBIo +15qB3jYbx1oktbcQPo0hzaNv+PJ5wtT47JLNcbMeMSnwKM8MB4CXlM43RUtKws6 +-----END DSA PRIVATE KEY----- diff --git a/openssl-1.1.0h/test/recipes/04-test_pem_data/dsa-255line.pem b/openssl-1.1.0h/test/recipes/04-test_pem_data/dsa-255line.pem new file mode 100644 index 0000000..36a5b12 --- /dev/null +++ b/openssl-1.1.0h/test/recipes/04-test_pem_data/dsa-255line.pem @@ -0,0 +1,21 @@ +-----BEGIN DSA PRIVATE KEY----- +Proc-Type: 4,ENCRYPTED +DEK-Info: AES-256-CBC,A2A7FA3E5E454B59C8777564E7AF3CD6 + +EBDWX0Qfarl+QNsHgCUudLyb6DkC4zyaDU/vUqWyHX0m+8W2bbmT5TexlL3hsM5U +gz7KsGqyjeOuK9QT5LOM4VyK6BgmhqpQaJ1MgCWA/gbBPTgBp2jfp3oS0WC5D6GM +wcsdqoeIpD/wce3k0H2Gfu6+rINBmbITtn4DTf3PkOcDIwdDceN2qkZanloFVriS +3kABUIh1ehYIXQibLRFY5rXdQnhY2CZNrQFIMwl64hK5P5hQbcyJKGDHAYzXV7ou +pdXy5F9oyEd6eA5ix+n1jKFRB7PmApZmuiQjzfExVKmBPGxRzOGT0qR5vLylQhei +SC77nkerawUyjA2QlIa/SmNzXEYkN3goDzHSFKBauB0o5qFc1b1x7dXPCFL0atG5 +UxoRr/Ep7tiab4DZmYEnOGkL2dVN8jA04F+HQGBeP6nDOSKhXRjbUODUpDpDvj+F +Jf77Rv0p48l9ip8i/bquwukXlMed3O4d6rnEwkggdySS5itiShwaVLPf+icI/Yd4 +vcPXDPUHTkj1XmoZ4f1mUF17OtCohsJT7O4oMBBMBwqCkC7enrLaALi9jiKym47g +2bZH05xJPpWXS/kSEkwt/jI+a+o4CuDPly3XhIcYRtsaWBJWiam1OT7sGQ+zkjTGAa6NfwbR8ScQC8MzDfVnkJ3VnXjT345bz+F7HTAveQ8a7KGxNntPhE0KVjpl369Kq2TMLyexQARJapabBf/ST9zWP7wxzWfrEbX3OEZCuRDVkwWf18BH/Eh6Lqnqg5QM4GuX708NiFpiwQt9p/DAuQdhBrP67BxL64CbI7CgW4Lv3z3qnKfFV9zY5/mxCER +n9mPOig2r8WvvXt7ch6nhzBPfCwq0BoPqLKUFgDpeXsNdJ9sW5IV3yi/3Bh98ZBY +Xzj8g/7XMo6v998fct+EiHPscuqeYUaoJZ6+Zj7W45nGA9DGsnEmZ0Wux2tTj70m +DoH//21TiRAx6ypPP+Iq2YDzqh7VXc/gssOn/vU1Aj19gzL+MRn1Z55SMrA7nO90 +mOgOyEP+uGrXyahfZGPbmpgIx+MTbtfvRtZBsG3EcXyW9NnHJfk4O8xN3hYPWXaB +Io15qB3jYbx1oktbcQPo0hzaNv+PJ5wtT47JLNcbMeMSnwKM8MB4CXlM43RUtKws +6 +-----END DSA PRIVATE KEY----- diff --git a/openssl-1.1.0h/test/recipes/04-test_pem_data/dsa-256line.pem b/openssl-1.1.0h/test/recipes/04-test_pem_data/dsa-256line.pem new file mode 100644 index 0000000..6ba6c39 --- /dev/null +++ b/openssl-1.1.0h/test/recipes/04-test_pem_data/dsa-256line.pem @@ -0,0 +1,20 @@ +-----BEGIN DSA PRIVATE KEY----- +Proc-Type: 4,ENCRYPTED +DEK-Info: AES-256-CBC,A2A7FA3E5E454B59C8777564E7AF3CD6 + +EBDWX0Qfarl+QNsHgCUudLyb6DkC4zyaDU/vUqWyHX0m+8W2bbmT5TexlL3hsM5U +gz7KsGqyjeOuK9QT5LOM4VyK6BgmhqpQaJ1MgCWA/gbBPTgBp2jfp3oS0WC5D6GM +wcsdqoeIpD/wce3k0H2Gfu6+rINBmbITtn4DTf3PkOcDIwdDceN2qkZanloFVriS +3kABUIh1ehYIXQibLRFY5rXdQnhY2CZNrQFIMwl64hK5P5hQbcyJKGDHAYzXV7ou +pdXy5F9oyEd6eA5ix+n1jKFRB7PmApZmuiQjzfExVKmBPGxRzOGT0qR5vLylQhei +SC77nkerawUyjA2QlIa/SmNzXEYkN3goDzHSFKBauB0o5qFc1b1x7dXPCFL0atG5UxoRr/Ep7tiab4DZmYEnOGkL2dVN8jA04F+HQGBeP6nDOSKhXRjbUODUpDpDvj+FJf77Rv0p48l9ip8i/bquwukXlMed3O4d6rnEwkggdySS5itiShwaVLPf+icI/Yd4vcPXDPUHTkj1XmoZ4f1mUF17OtCohsJT7O4oMBBMBwqCkC7enrLaALi9jiKym47g +2bZH05xJPpWXS/kSEkwt/jI+a+o4CuDPly3XhIcYRtsaWBJWiam1OT7sGQ+zkjTG +Aa6NfwbR8ScQC8MzDfVnkJ3VnXjT345bz+F7HTAveQ8a7KGxNntPhE0KVjpl369K +q2TMLyexQARJapabBf/ST9zWP7wxzWfrEbX3OEZCuRDVkwWf18BH/Eh6Lqnqg5QM +4GuX708NiFpiwQt9p/DAuQdhBrP67BxL64CbI7CgW4Lv3z3qnKfFV9zY5/mxCERn +9mPOig2r8WvvXt7ch6nhzBPfCwq0BoPqLKUFgDpeXsNdJ9sW5IV3yi/3Bh98ZBYX +zj8g/7XMo6v998fct+EiHPscuqeYUaoJZ6+Zj7W45nGA9DGsnEmZ0Wux2tTj70mD +oH//21TiRAx6ypPP+Iq2YDzqh7VXc/gssOn/vU1Aj19gzL+MRn1Z55SMrA7nO90m +OgOyEP+uGrXyahfZGPbmpgIx+MTbtfvRtZBsG3EcXyW9NnHJfk4O8xN3hYPWXaBI +o15qB3jYbx1oktbcQPo0hzaNv+PJ5wtT47JLNcbMeMSnwKM8MB4CXlM43RUtKws6 +-----END DSA PRIVATE KEY----- diff --git a/openssl-1.1.0h/test/recipes/04-test_pem_data/dsa-257line.pem b/openssl-1.1.0h/test/recipes/04-test_pem_data/dsa-257line.pem new file mode 100644 index 0000000..a73d700 --- /dev/null +++ b/openssl-1.1.0h/test/recipes/04-test_pem_data/dsa-257line.pem @@ -0,0 +1,20 @@ +-----BEGIN DSA PRIVATE KEY----- +Proc-Type: 4,ENCRYPTED +DEK-Info: AES-256-CBC,A2A7FA3E5E454B59C8777564E7AF3CD6 + +EBDWX0Qfarl+QNsHgCUudLyb6DkC4zyaDU/vUqWyHX0m+8W2bbmT5TexlL3hsM5U +gz7KsGqyjeOuK9QT5LOM4VyK6BgmhqpQaJ1MgCWA/gbBPTgBp2jfp3oS0WC5D6GM +wcsdqoeIpD/wce3k0H2Gfu6+rINBmbITtn4DTf3PkOcDIwdDceN2qkZanloFVriS +3kABUIh1ehYIXQibLRFY5rXdQnhY2CZNrQFIMwl64hK5P5hQbcyJKGDHAYzXV7ou +pdXy5F9oyEd6eA5ix+n1jKFRB7PmApZmuiQjzfExVKmBPGxRzOGT0qR5vLylQhei +SC77nkerawUyjA2QlIa/SmNzXEYkN3goDzHSFKBauB0o5qFc1b1x7dXPCFL0atG5 +UxoRr/Ep7tiab4DZmYEnOGkL2dVN8jA04F+HQGBeP6nDOSKhXRjbUODUpDpDvj+F +Jf77Rv0p48l9ip8i/bquwukXlMed3O4d6rnEwkggdySS5itiShwaVLPf+icI/Yd4 +vcPXDPUHTkj1XmoZ4f1mUF17OtCohsJT7O4oMBBMBwqCkC7enrLaALi9jiKym47g +2bZH05xJPpWXS/kSEkwt/jI+a+o4CuDPly3XhIcYRtsaWBJWiam1OT7sGQ+zkjTG +Aa6NfwbR8ScQC8MzDfVnkJ3VnXjT345bz+F7HTAveQ8a7KGxNntPhE0KVjpl369K +q2TMLyexQARJapabBf/ST9zWP7wxzWfrEbX3OEZCuRDVkwWf18BH/Eh6Lqnqg5QM +4GuX708NiFpiwQt9p/DAuQdhBrP67BxL64CbI7CgW4Lv3z3qnKfFV9zY5/mxCERn +9mPOig2r8WvvXt7ch6nhzBPfCwq0BoPqLKUFgDpeXsNdJ9sW5IV3yi/3Bh98ZBYXzj8g/7XMo6v998fct+EiHPscuqeYUaoJZ6+Zj7W45nGA9DGsnEmZ0Wux2tTj70mDoH//21TiRAx6ypPP+Iq2YDzqh7VXc/gssOn/vU1Aj19gzL+MRn1Z55SMrA7nO90mOgOyEP+uGrXyahfZGPbmpgIx+MTbtfvRtZBsG3EcXyW9NnHJfk4O8xN3hYPWXaBIo +15qB3jYbx1oktbcQPo0hzaNv+PJ5wtT47JLNcbMeMSnwKM8MB4CXlM43RUtKws6 +-----END DSA PRIVATE KEY----- diff --git a/openssl-1.1.0h/test/recipes/04-test_pem_data/dsa-blankline.pem b/openssl-1.1.0h/test/recipes/04-test_pem_data/dsa-blankline.pem new file mode 100644 index 0000000..6f46e27 --- /dev/null +++ b/openssl-1.1.0h/test/recipes/04-test_pem_data/dsa-blankline.pem @@ -0,0 +1,24 @@ +-----BEGIN DSA PRIVATE KEY----- +Proc-Type: 4,ENCRYPTED +DEK-Info: AES-256-CBC,A2A7FA3E5E454B59C8777564E7AF3CD6 + +EBDWX0Qfarl+QNsHgCUudLyb6DkC4zyaDU/vUqWyHX0m+8W2bbmT5TexlL3hsM5U +gz7KsGqyjeOuK9QT5LOM4VyK6BgmhqpQaJ1MgCWA/gbBPTgBp2jfp3oS0WC5D6GM +wcsdqoeIpD/wce3k0H2Gfu6+rINBmbITtn4DTf3PkOcDIwdDceN2qkZanloFVriS +3kABUIh1ehYIXQibLRFY5rXdQnhY2CZNrQFIMwl64hK5P5hQbcyJKGDHAYzXV7ou +pdXy5F9oyEd6eA5ix+n1jKFRB7PmApZmuiQjzfExVKmBPGxRzOGT0qR5vLylQhei +SC77nkerawUyjA2QlIa/SmNzXEYkN3goDzHSFKBauB0o5qFc1b1x7dXPCFL0atG5 +UxoRr/Ep7tiab4DZmYEnOGkL2dVN8jA04F+HQGBeP6nDOSKhXRjbUODUpDpDvj+F +Jf77Rv0p48l9ip8i/bquwukXlMed3O4d6rnEwkggdySS5itiShwaVLPf+icI/Yd4 +vcPXDPUHTkj1XmoZ4f1mUF17OtCohsJT7O4oMBBMBwqCkC7enrLaALi9jiKym47g +2bZH05xJPpWXS/kSEkwt/jI+a+o4CuDPly3XhIcYRtsaWBJWiam1OT7sGQ+zkjTG +Aa6NfwbR8ScQC8MzDfVnkJ3VnXjT345bz+F7HTAveQ8a7KGxNntPhE0KVjpl369K +q2TMLyexQARJapabBf/ST9zWP7wxzWfrEbX3OEZCuRDVkwWf18BH/Eh6Lqnqg5QM +4GuX708NiFpiwQt9p/DAuQdhBrP67BxL64CbI7CgW4Lv3z3qnKfFV9zY5/mxCERn +9mPOig2r8WvvXt7ch6nhzBPfCwq0BoPqLKUFgDpeXsNdJ9sW5IV3yi/3Bh98ZBYX +zj8g/7XMo6v998fct+EiHPscuqeYUaoJZ6+Zj7W45nGA9DGsnEmZ0Wux2tTj70mD + +oH//21TiRAx6ypPP+Iq2YDzqh7VXc/gssOn/vU1Aj19gzL+MRn1Z55SMrA7nO90m +OgOyEP+uGrXyahfZGPbmpgIx+MTbtfvRtZBsG3EcXyW9NnHJfk4O8xN3hYPWXaBI +o15qB3jYbx1oktbcQPo0hzaNv+PJ5wtT47JLNcbMeMSnwKM8MB4CXlM43RUtKws6 +-----END DSA PRIVATE KEY----- diff --git a/openssl-1.1.0h/test/recipes/04-test_pem_data/dsa-comment.pem b/openssl-1.1.0h/test/recipes/04-test_pem_data/dsa-comment.pem new file mode 100644 index 0000000..bb96ec4 --- /dev/null +++ b/openssl-1.1.0h/test/recipes/04-test_pem_data/dsa-comment.pem @@ -0,0 +1,24 @@ +-----BEGIN DSA PRIVATE KEY----- +Proc-Type: 4,ENCRYPTED +DEK-Info: AES-256-CBC,A2A7FA3E5E454B59C8777564E7AF3CD6 + +EBDWX0Qfarl+QNsHgCUudLyb6DkC4zyaDU/vUqWyHX0m+8W2bbmT5TexlL3hsM5U +gz7KsGqyjeOuK9QT5LOM4VyK6BgmhqpQaJ1MgCWA/gbBPTgBp2jfp3oS0WC5D6GM +wcsdqoeIpD/wce3k0H2Gfu6+rINBmbITtn4DTf3PkOcDIwdDceN2qkZanloFVriS +3kABUIh1ehYIXQibLRFY5rXdQnhY2CZNrQFIMwl64hK5P5hQbcyJKGDHAYzXV7ou +pdXy5F9oyEd6eA5ix+n1jKFRB7PmApZmuiQjzfExVKmBPGxRzOGT0qR5vLylQhei +SC77nkerawUyjA2QlIa/SmNzXEYkN3goDzHSFKBauB0o5qFc1b1x7dXPCFL0atG5 +UxoRr/Ep7tiab4DZmYEnOGkL2dVN8jA04F+HQGBeP6nDOSKhXRjbUODUpDpDvj+F +Jf77Rv0p48l9ip8i/bquwukXlMed3O4d6rnEwkggdySS5itiShwaVLPf+icI/Yd4 +vcPXDPUHTkj1XmoZ4f1mUF17OtCohsJT7O4oMBBMBwqCkC7enrLaALi9jiKym47g +-vcPXDPUHTkj1XmoZ4f1mUF17OtCohsJT7O4oMBBMBwqCkC7enrLaALi9jiKym47g +2bZH05xJPpWXS/kSEkwt/jI+a+o4CuDPly3XhIcYRtsaWBJWiam1OT7sGQ+zkjTG +Aa6NfwbR8ScQC8MzDfVnkJ3VnXjT345bz+F7HTAveQ8a7KGxNntPhE0KVjpl369K +q2TMLyexQARJapabBf/ST9zWP7wxzWfrEbX3OEZCuRDVkwWf18BH/Eh6Lqnqg5QM +4GuX708NiFpiwQt9p/DAuQdhBrP67BxL64CbI7CgW4Lv3z3qnKfFV9zY5/mxCERn +9mPOig2r8WvvXt7ch6nhzBPfCwq0BoPqLKUFgDpeXsNdJ9sW5IV3yi/3Bh98ZBYX +zj8g/7XMo6v998fct+EiHPscuqeYUaoJZ6+Zj7W45nGA9DGsnEmZ0Wux2tTj70mD +oH//21TiRAx6ypPP+Iq2YDzqh7VXc/gssOn/vU1Aj19gzL+MRn1Z55SMrA7nO90m +OgOyEP+uGrXyahfZGPbmpgIx+MTbtfvRtZBsG3EcXyW9NnHJfk4O8xN3hYPWXaBI +o15qB3jYbx1oktbcQPo0hzaNv+PJ5wtT47JLNcbMeMSnwKM8MB4CXlM43RUtKws6 +-----END DSA PRIVATE KEY----- diff --git a/openssl-1.1.0h/test/recipes/04-test_pem_data/dsa-corruptedheader.pem b/openssl-1.1.0h/test/recipes/04-test_pem_data/dsa-corruptedheader.pem new file mode 100644 index 0000000..7ed4261 --- /dev/null +++ b/openssl-1.1.0h/test/recipes/04-test_pem_data/dsa-corruptedheader.pem @@ -0,0 +1,23 @@ +-----BEGIN DSA PRIVATE KEY----- +Proc-Type: 4,ENCARPTED +DEK-Info: AES-256-CBC,A2A7FA3E5E454B59C8777564E7AF3CD6 + +EBDWX0Qfarl+QNsHgCUudLyb6DkC4zyaDU/vUqWyHX0m+8W2bbmT5TexlL3hsM5U +gz7KsGqyjeOuK9QT5LOM4VyK6BgmhqpQaJ1MgCWA/gbBPTgBp2jfp3oS0WC5D6GM +wcsdqoeIpD/wce3k0H2Gfu6+rINBmbITtn4DTf3PkOcDIwdDceN2qkZanloFVriS +3kABUIh1ehYIXQibLRFY5rXdQnhY2CZNrQFIMwl64hK5P5hQbcyJKGDHAYzXV7ou +pdXy5F9oyEd6eA5ix+n1jKFRB7PmApZmuiQjzfExVKmBPGxRzOGT0qR5vLylQhei +SC77nkerawUyjA2QlIa/SmNzXEYkN3goDzHSFKBauB0o5qFc1b1x7dXPCFL0atG5 +UxoRr/Ep7tiab4DZmYEnOGkL2dVN8jA04F+HQGBeP6nDOSKhXRjbUODUpDpDvj+F +Jf77Rv0p48l9ip8i/bquwukXlMed3O4d6rnEwkggdySS5itiShwaVLPf+icI/Yd4 +vcPXDPUHTkj1XmoZ4f1mUF17OtCohsJT7O4oMBBMBwqCkC7enrLaALi9jiKym47g +2bZH05xJPpWXS/kSEkwt/jI+a+o4CuDPly3XhIcYRtsaWBJWiam1OT7sGQ+zkjTG +Aa6NfwbR8ScQC8MzDfVnkJ3VnXjT345bz+F7HTAveQ8a7KGxNntPhE0KVjpl369K +q2TMLyexQARJapabBf/ST9zWP7wxzWfrEbX3OEZCuRDVkwWf18BH/Eh6Lqnqg5QM +4GuX708NiFpiwQt9p/DAuQdhBrP67BxL64CbI7CgW4Lv3z3qnKfFV9zY5/mxCERn +9mPOig2r8WvvXt7ch6nhzBPfCwq0BoPqLKUFgDpeXsNdJ9sW5IV3yi/3Bh98ZBYX +zj8g/7XMo6v998fct+EiHPscuqeYUaoJZ6+Zj7W45nGA9DGsnEmZ0Wux2tTj70mD +oH//21TiRAx6ypPP+Iq2YDzqh7VXc/gssOn/vU1Aj19gzL+MRn1Z55SMrA7nO90m +OgOyEP+uGrXyahfZGPbmpgIx+MTbtfvRtZBsG3EcXyW9NnHJfk4O8xN3hYPWXaBI +o15qB3jYbx1oktbcQPo0hzaNv+PJ5wtT47JLNcbMeMSnwKM8MB4CXlM43RUtKws6 +-----END DSA PRIVATE KEY----- diff --git a/openssl-1.1.0h/test/recipes/04-test_pem_data/dsa-corruptiv.pem b/openssl-1.1.0h/test/recipes/04-test_pem_data/dsa-corruptiv.pem new file mode 100644 index 0000000..233e201 --- /dev/null +++ b/openssl-1.1.0h/test/recipes/04-test_pem_data/dsa-corruptiv.pem @@ -0,0 +1,23 @@ +-----BEGIN DSA PRIVATE KEY----- +Proc-Type: 4,ENCRYPTED +DEK-Info: AES-256-CBC,A2A7FA3E5E464B59C8777564E7AF3CD6 + +EBDWX0Qfarl+QNsHgCUudLyb6DkC4zyaDU/vUqWyHX0m+8W2bbmT5TexlL3hsM5U +gz7KsGqyjeOuK9QT5LOM4VyK6BgmhqpQaJ1MgCWA/gbBPTgBp2jfp3oS0WC5D6GM +wcsdqoeIpD/wce3k0H2Gfu6+rINBmbITtn4DTf3PkOcDIwdDceN2qkZanloFVriS +3kABUIh1ehYIXQibLRFY5rXdQnhY2CZNrQFIMwl64hK5P5hQbcyJKGDHAYzXV7ou +pdXy5F9oyEd6eA5ix+n1jKFRB7PmApZmuiQjzfExVKmBPGxRzOGT0qR5vLylQhei +SC77nkerawUyjA2QlIa/SmNzXEYkN3goDzHSFKBauB0o5qFc1b1x7dXPCFL0atG5 +UxoRr/Ep7tiab4DZmYEnOGkL2dVN8jA04F+HQGBeP6nDOSKhXRjbUODUpDpDvj+F +Jf77Rv0p48l9ip8i/bquwukXlMed3O4d6rnEwkggdySS5itiShwaVLPf+icI/Yd4 +vcPXDPUHTkj1XmoZ4f1mUF17OtCohsJT7O4oMBBMBwqCkC7enrLaALi9jiKym47g +2bZH05xJPpWXS/kSEkwt/jI+a+o4CuDPly3XhIcYRtsaWBJWiam1OT7sGQ+zkjTG +Aa6NfwbR8ScQC8MzDfVnkJ3VnXjT345bz+F7HTAveQ8a7KGxNntPhE0KVjpl369K +q2TMLyexQARJapabBf/ST9zWP7wxzWfrEbX3OEZCuRDVkwWf18BH/Eh6Lqnqg5QM +4GuX708NiFpiwQt9p/DAuQdhBrP67BxL64CbI7CgW4Lv3z3qnKfFV9zY5/mxCERn +9mPOig2r8WvvXt7ch6nhzBPfCwq0BoPqLKUFgDpeXsNdJ9sW5IV3yi/3Bh98ZBYX +zj8g/7XMo6v998fct+EiHPscuqeYUaoJZ6+Zj7W45nGA9DGsnEmZ0Wux2tTj70mD +oH//21TiRAx6ypPP+Iq2YDzqh7VXc/gssOn/vU1Aj19gzL+MRn1Z55SMrA7nO90m +OgOyEP+uGrXyahfZGPbmpgIx+MTbtfvRtZBsG3EcXyW9NnHJfk4O8xN3hYPWXaBI +o15qB3jYbx1oktbcQPo0hzaNv+PJ5wtT47JLNcbMeMSnwKM8MB4CXlM43RUtKws6 +-----END DSA PRIVATE KEY----- diff --git a/openssl-1.1.0h/test/recipes/04-test_pem_data/dsa-earlypad.pem b/openssl-1.1.0h/test/recipes/04-test_pem_data/dsa-earlypad.pem new file mode 100644 index 0000000..9f14e3b --- /dev/null +++ b/openssl-1.1.0h/test/recipes/04-test_pem_data/dsa-earlypad.pem @@ -0,0 +1,23 @@ +-----BEGIN DSA PRIVATE KEY----- +Proc-Type: 4,ENCRYPTED +DEK-Info: AES-256-CBC,A2A7FA3E5E454B59C8777564E7AF3CD6 + +EBDWX0Qfarl+QNsHgCUudLyb6DkC4zyaDU/vUqWyHX0m+8W2bbmT5TexlL3hsM5U +====gz7KsGqyjeOuK9QT5LOM4VyK6BgmhqpQaJ1MgCWA/gbBPTgBp2jfp3oS0WC5D6GM +wcsdqoeIpD/wce3k0H2Gfu6+rINBmbITtn4DTf3PkOcDIwdDceN2qkZanloFVriS +3kABUIh1ehYIXQibLRFY5rXdQnhY2CZNrQFIMwl64hK5P5hQbcyJKGDHAYzXV7ou +pdXy5F9oyEd6eA5ix+n1jKFRB7PmApZmuiQjzfExVKmBPGxRzOGT0qR5vLylQhei +SC77nkerawUyjA2QlIa/SmNzXEYkN3goDzHSFKBauB0o5qFc1b1x7dXPCFL0atG5 +UxoRr/Ep7tiab4DZmYEnOGkL2dVN8jA04F+HQGBeP6nDOSKhXRjbUODUpDpDvj+F +Jf77Rv0p48l9ip8i/bquwukXlMed3O4d6rnEwkggdySS5itiShwaVLPf+icI/Yd4 +vcPXDPUHTkj1XmoZ4f1mUF17OtCohsJT7O4oMBBMBwqCkC7enrLaALi9jiKym47g +2bZH05xJPpWXS/kSEkwt/jI+a+o4CuDPly3XhIcYRtsaWBJWiam1OT7sGQ+zkjTG +Aa6NfwbR8ScQC8MzDfVnkJ3VnXjT345bz+F7HTAveQ8a7KGxNntPhE0KVjpl369K +q2TMLyexQARJapabBf/ST9zWP7wxzWfrEbX3OEZCuRDVkwWf18BH/Eh6Lqnqg5QM +4GuX708NiFpiwQt9p/DAuQdhBrP67BxL64CbI7CgW4Lv3z3qnKfFV9zY5/mxCERn +9mPOig2r8WvvXt7ch6nhzBPfCwq0BoPqLKUFgDpeXsNdJ9sW5IV3yi/3Bh98ZBYX +zj8g/7XMo6v998fct+EiHPscuqeYUaoJZ6+Zj7W45nGA9DGsnEmZ0Wux2tTj70mD +oH//21TiRAx6ypPP+Iq2YDzqh7VXc/gssOn/vU1Aj19gzL+MRn1Z55SMrA7nO90m +OgOyEP+uGrXyahfZGPbmpgIx+MTbtfvRtZBsG3EcXyW9NnHJfk4O8xN3hYPWXaBI +o15qB3jYbx1oktbcQPo0hzaNv+PJ5wtT47JLNcbMeMSnwKM8MB4CXlM43RUtKws6 +-----END DSA PRIVATE KEY----- diff --git a/openssl-1.1.0h/test/recipes/04-test_pem_data/dsa-extrapad.pem b/openssl-1.1.0h/test/recipes/04-test_pem_data/dsa-extrapad.pem new file mode 100644 index 0000000..1823973 --- /dev/null +++ b/openssl-1.1.0h/test/recipes/04-test_pem_data/dsa-extrapad.pem @@ -0,0 +1,24 @@ +-----BEGIN DSA PRIVATE KEY----- +Proc-Type: 4,ENCRYPTED +DEK-Info: AES-256-CBC,A2A7FA3E5E454B59C8777564E7AF3CD6 + +EBDWX0Qfarl+QNsHgCUudLyb6DkC4zyaDU/vUqWyHX0m+8W2bbmT5TexlL3hsM5U +gz7KsGqyjeOuK9QT5LOM4VyK6BgmhqpQaJ1MgCWA/gbBPTgBp2jfp3oS0WC5D6GM +wcsdqoeIpD/wce3k0H2Gfu6+rINBmbITtn4DTf3PkOcDIwdDceN2qkZanloFVriS +3kABUIh1ehYIXQibLRFY5rXdQnhY2CZNrQFIMwl64hK5P5hQbcyJKGDHAYzXV7ou +pdXy5F9oyEd6eA5ix+n1jKFRB7PmApZmuiQjzfExVKmBPGxRzOGT0qR5vLylQhei +SC77nkerawUyjA2QlIa/SmNzXEYkN3goDzHSFKBauB0o5qFc1b1x7dXPCFL0atG5 +UxoRr/Ep7tiab4DZmYEnOGkL2dVN8jA04F+HQGBeP6nDOSKhXRjbUODUpDpDvj+F +Jf77Rv0p48l9ip8i/bquwukXlMed3O4d6rnEwkggdySS5itiShwaVLPf+icI/Yd4 +vcPXDPUHTkj1XmoZ4f1mUF17OtCohsJT7O4oMBBMBwqCkC7enrLaALi9jiKym47g +2bZH05xJPpWXS/kSEkwt/jI+a+o4CuDPly3XhIcYRtsaWBJWiam1OT7sGQ+zkjTG +Aa6NfwbR8ScQC8MzDfVnkJ3VnXjT345bz+F7HTAveQ8a7KGxNntPhE0KVjpl369K +q2TMLyexQARJapabBf/ST9zWP7wxzWfrEbX3OEZCuRDVkwWf18BH/Eh6Lqnqg5QM +4GuX708NiFpiwQt9p/DAuQdhBrP67BxL64CbI7CgW4Lv3z3qnKfFV9zY5/mxCERn +9mPOig2r8WvvXt7ch6nhzBPfCwq0BoPqLKUFgDpeXsNdJ9sW5IV3yi/3Bh98ZBYX +zj8g/7XMo6v998fct+EiHPscuqeYUaoJZ6+Zj7W45nGA9DGsnEmZ0Wux2tTj70mD +oH//21TiRAx6ypPP+Iq2YDzqh7VXc/gssOn/vU1Aj19gzL+MRn1Z55SMrA7nO90m +OgOyEP+uGrXyahfZGPbmpgIx+MTbtfvRtZBsG3EcXyW9NnHJfk4O8xN3hYPWXaBI +o15qB3jYbx1oktbcQPo0hzaNv+PJ5wtT47JLNcbMeMSnwKM8MB4CXlM43RUtKws6 +==== +-----END DSA PRIVATE KEY----- diff --git a/openssl-1.1.0h/test/recipes/04-test_pem_data/dsa-infixwhitespace.pem b/openssl-1.1.0h/test/recipes/04-test_pem_data/dsa-infixwhitespace.pem new file mode 100644 index 0000000..5755265 --- /dev/null +++ b/openssl-1.1.0h/test/recipes/04-test_pem_data/dsa-infixwhitespace.pem @@ -0,0 +1,23 @@ +-----BEGIN DSA PRIVATE KEY----- +Proc-Type: 4,ENCRYPTED +DEK-Info: AES-256-CBC,A2A7FA3E5E454B59C8777564E7AF3CD6 + +EBDWX0Qfarl+QNsHgCUudLyb6DkC4zyaDU/vUqWyHX0m+8W2bbmT5TexlL3hsM5U +gz7KsGqyjeOuK9QT5LOM4VyK6BgmhqpQaJ1MgCWA/gbBPTgBp2jfp3oS0WC5D6GM +wcsdqoeIpD/wce3k0H2Gfu6+rINBmbITtn4DTf3PkOcDIwdDceN2qkZanloFVriS +3kABUIh1ehYIXQibLRFY5rXdQnhY2CZNrQFIMwl64hK5P5hQbcyJKGDHAYzXV7ou +pdXy5F9oyEd6eA5ix+n1jKFRB7PmApZmuiQjzfExVKmBPGxRzOGT0qR5vLylQhei +SC77nkerawUyjA2QlIa/SmNzXEYkN3goDzHSFKBauB0o5qFc1b1x7dXPCFL0atG5 +UxoRr/Ep7tiab4DZmYEnOGkL2dVN8jA04F+HQGBeP6nDOSKhXRjbUODUpDpDvj+F +Jf77Rv0p48l9ip8i/bqu wukXlMed3O4d6rnEwkggdySS5itiShwaVLPf+icI/Yd4 +vcPXDPUHTkj1XmoZ4f1mUF17OtCohsJT7O4oMBBMBwqCkC7enrLaALi9jiKym47g +2bZH05xJPpWXS/kSEkwt/jI+a+o4CuDPly3XhIcYRtsaWBJWiam1OT7sGQ+zkjTG +Aa6NfwbR8ScQC8MzDfVnkJ3VnXjT345bz+F7HTAveQ8a7KGxNntPhE0KVjpl369K +q2TMLyexQARJapabBf/ST9zWP7wxz WfrEbX3OEZCuRDVkwWf18BH/Eh6Lqnqg5QM +4GuX708NiFpiwQt9p/DAuQdhBrP67BxL64CbI7CgW4Lv3z3qnKfFV9zY5/mxCERn +9mPOig2r8WvvXt7ch6nhzBPfCwq0BoPqLKUFgDpeXsNdJ9sW5IV3yi/3Bh98ZBYX +zj8g/7XMo6v998fct+EiHPscuqeYUaoJZ6+Zj7W45nGA9DGsnEmZ0Wux2tTj70mD +oH//21TiRAx6ypPP+Iq2YDzqh7VXc/gssOn/vU1Aj19gzL+MRn1Z55SMrA7nO90m +OgOyEP+uGrXyahfZGPbmpgIx+MTbtfvRtZBsG3EcXyW9NnHJfk4O8xN3hYPWXaBI +o15qB3jYbx1oktbcQPo0hzaNv+PJ5wtT47JLNcbMeMSnwKM8MB4CXlM43RUtKws6 +-----END DSA PRIVATE KEY----- diff --git a/openssl-1.1.0h/test/recipes/04-test_pem_data/dsa-junk.pem b/openssl-1.1.0h/test/recipes/04-test_pem_data/dsa-junk.pem new file mode 100644 index 0000000..0836c45 --- /dev/null +++ b/openssl-1.1.0h/test/recipes/04-test_pem_data/dsa-junk.pem @@ -0,0 +1,24 @@ +-----BEGIN DSA PRIVATE KEY----- +Proc-Type: 4,ENCRYPTED +DEK-Info: AES-256-CBC,A2A7FA3E5E454B59C8777564E7AF3CD6 + +EBDWX0Qfarl+QNsHgCUudLyb6DkC4zyaDU/vUqWyHX0m+8W2bbmT5TexlL3hsM5U +gz7KsGqyjeOuK9QT5LOM4VyK6BgmhqpQaJ1MgCWA/gbBPTgBp2jfp3oS0WC5D6GM +wcsdqoeIpD/wce3k0H2Gfu6+rINBmbITtn4DTf3PkOcDIwdDceN2qkZanloFVriS +3kABUIh1ehYIXQibLRFY5rXdQnhY2CZNrQFIMwl64hK5P5hQbcyJKGDHAYzXV7ou +pdXy5F9oyEd6eA5ix+n1jKFRB7PmApZmuiQjzfExVKmBPGxRzOGT0qR5vLylQhei +SC77nkerawUyjA2QlIa/SmNzXEYkN3goDzHSFKBauB0o5qFc1b1x7dXPCFL0atG5 +UxoRr/Ep7tiab4DZmYEnOGkL2dVN8jA04F+HQGBeP6nDOSKhXRjbUODUpDpDvj+F +Jf77Rv0p48l9ip8i/bquwukXlMed3O4d6rnEwkggdySS5itiShwaVLPf+icI/Yd4 +!"#$%&() +vcPXDPUHTkj1XmoZ4f1mUF17OtCohsJT7O4oMBBMBwqCkC7enrLaALi9jiKym47g +2bZH05xJPpWXS/kSEkwt/jI+a+o4CuDPly3XhIcYRtsaWBJWiam1OT7sGQ+zkjTG +Aa6NfwbR8ScQC8MzDfVnkJ3VnXjT345bz+F7HTAveQ8a7KGxNntPhE0KVjpl369K +q2TMLyexQARJapabBf/ST9zWP7wxzWfrEbX3OEZCuRDVkwWf18BH/Eh6Lqnqg5QM +4GuX708NiFpiwQt9p/DAuQdhBrP67BxL64CbI7CgW4Lv3z3qnKfFV9zY5/mxCERn +9mPOig2r8WvvXt7ch6nhzBPfCwq0BoPqLKUFgDpeXsNdJ9sW5IV3yi/3Bh98ZBYX +zj8g/7XMo6v998fct+EiHPscuqeYUaoJZ6+Zj7W45nGA9DGsnEmZ0Wux2tTj70mD +oH//21TiRAx6ypPP+Iq2YDzqh7VXc/gssOn/vU1Aj19gzL+MRn1Z55SMrA7nO90m +OgOyEP+uGrXyahfZGPbmpgIx+MTbtfvRtZBsG3EcXyW9NnHJfk4O8xN3hYPWXaBI +o15qB3jYbx1oktbcQPo0hzaNv+PJ5wtT47JLNcbMeMSnwKM8MB4CXlM43RUtKws6 +-----END DSA PRIVATE KEY----- diff --git a/openssl-1.1.0h/test/recipes/04-test_pem_data/dsa-leadingwhitespace.pem b/openssl-1.1.0h/test/recipes/04-test_pem_data/dsa-leadingwhitespace.pem new file mode 100644 index 0000000..8bbf261 --- /dev/null +++ b/openssl-1.1.0h/test/recipes/04-test_pem_data/dsa-leadingwhitespace.pem @@ -0,0 +1,23 @@ +-----BEGIN DSA PRIVATE KEY----- +Proc-Type: 4,ENCRYPTED +DEK-Info: AES-256-CBC,A2A7FA3E5E454B59C8777564E7AF3CD6 + + EBDWX0Qfarl+QNsHgCUudLyb6DkC4zyaDU/vUqWyHX0m+8W2bbmT5TexlL3hsM5U + gz7KsGqyjeOuK9QT5LOM4VyK6BgmhqpQaJ1MgCWA/gbBPTgBp2jfp3oS0WC5D6GM + wcsdqoeIpD/wce3k0H2Gfu6+rINBmbITtn4DTf3PkOcDIwdDceN2qkZanloFVriS + 3kABUIh1ehYIXQibLRFY5rXdQnhY2CZNrQFIMwl64hK5P5hQbcyJKGDHAYzXV7ou + pdXy5F9oyEd6eA5ix+n1jKFRB7PmApZmuiQjzfExVKmBPGxRzOGT0qR5vLylQhei + SC77nkerawUyjA2QlIa/SmNzXEYkN3goDzHSFKBauB0o5qFc1b1x7dXPCFL0atG5 + UxoRr/Ep7tiab4DZmYEnOGkL2dVN8jA04F+HQGBeP6nDOSKhXRjbUODUpDpDvj+F + Jf77Rv0p48l9ip8i/bquwukXlMed3O4d6rnEwkggdySS5itiShwaVLPf+icI/Yd4 + vcPXDPUHTkj1XmoZ4f1mUF17OtCohsJT7O4oMBBMBwqCkC7enrLaALi9jiKym47g + 2bZH05xJPpWXS/kSEkwt/jI+a+o4CuDPly3XhIcYRtsaWBJWiam1OT7sGQ+zkjTG + Aa6NfwbR8ScQC8MzDfVnkJ3VnXjT345bz+F7HTAveQ8a7KGxNntPhE0KVjpl369K + q2TMLyexQARJapabBf/ST9zWP7wxzWfrEbX3OEZCuRDVkwWf18BH/Eh6Lqnqg5QM + 4GuX708NiFpiwQt9p/DAuQdhBrP67BxL64CbI7CgW4Lv3z3qnKfFV9zY5/mxCERn + 9mPOig2r8WvvXt7ch6nhzBPfCwq0BoPqLKUFgDpeXsNdJ9sW5IV3yi/3Bh98ZBYX + zj8g/7XMo6v998fct+EiHPscuqeYUaoJZ6+Zj7W45nGA9DGsnEmZ0Wux2tTj70mD + oH//21TiRAx6ypPP+Iq2YDzqh7VXc/gssOn/vU1Aj19gzL+MRn1Z55SMrA7nO90m + OgOyEP+uGrXyahfZGPbmpgIx+MTbtfvRtZBsG3EcXyW9NnHJfk4O8xN3hYPWXaBI + o15qB3jYbx1oktbcQPo0hzaNv+PJ5wtT47JLNcbMeMSnwKM8MB4CXlM43RUtKws6 +-----END DSA PRIVATE KEY----- diff --git a/openssl-1.1.0h/test/recipes/04-test_pem_data/dsa-longline.pem b/openssl-1.1.0h/test/recipes/04-test_pem_data/dsa-longline.pem new file mode 100644 index 0000000..75973ef --- /dev/null +++ b/openssl-1.1.0h/test/recipes/04-test_pem_data/dsa-longline.pem @@ -0,0 +1,23 @@ +-----BEGIN DSA PRIVATE KEY----- +Proc-Type: 4,ENCRYPTED +DEK-Info: AES-256-CBC,A2A7FA3E5E454B59C8777564E7AF3CD6 + +EBDWX0Qfarl+QNsHgCUudLyb6DkC4zyaDU/vUqWyHX0m+8W2bbmT5TexlL3hsM5U +gz7KsGqyjeOuK9QT5LOM4VyK6BgmhqpQaJ1MgCWA/gbBPTgBp2jfp3oS0WC5D6GM +wcsdqoeIpD/wce3k0H2Gfu6+rINBmbITtn4DTf3PkOcDIwdDceN2qkZanloFVriS +3kABUIh1ehYIXQibLRFY5rXdQnhY2CZNrQFIMwl64hK5P5hQbcyJKGDHAYzXV7ou +pdXy5F9oyEd6eA5ix+n1jKFRB7PmApZmuiQjzfExVKmBPGxRzOGT0qR5vLylQhei +SC77nkerawUyjA2QlIa/SmNzXEYkN3goDzHSFKBauB0o5qFc1b1x7dXPCFL0atG5 +UxoRr/Ep7tiab4DZmYEnOGkL2dVN8jA04F+HQGBeP6nDOSKhXRjbUODUpDpDvj+F +Jf77Rv0p48l9ip8i/bquwukXlMed3O4d6rnEwkggdySS5itiShwaVLPf+icI/Yd4 +vcPXDPUHTkj1XmoZ4f1mUF17OtCohsJT7O4oMBBMBwqCkC7enrLaALi9jiKym47g +2bZH05xJPpWXS/kSEkwt/jI+a+o4CuDPly3XhIcYRtsaWBJWiam1OT7sGQ+zkjTG +Aa6NfwbR8ScQC8MzDfVnkJ3VnXjT345bz+F7HTAveQ8a7KGxNntPhE0KVjpl369K +q2TMLyexQARJapabBf/ST9zWP7wxzWfrEbX3OEZCuRDVkwWf18BH/Eh6Lqnqg5QM +4GuX708NiFpiwQt9p/DAuQdhBrP67BxL64CbI7CgW4Lv3z3qnKfFV9zY5/mxCERn +9mPOig2r8WvvXt7ch6nhzBPfCwq0BoPqLKUFgDpeXsNdJ9sW5IV3yi/3Bh98ZBYX +zj8g/7XMo6v998fct+EiHPscuqeYUaoJZ6+Zj7W45nGA9DGsnEmZ0Wux2tTj70mD +oH//21TiRAx6ypPP+Iq2YDzqh7VXc/gssOn/vU1Aj19gzL+MRn1Z55SMrA7nO90m +OgOyEP+uGrXyahfZGPbmpgIx+MTbtfvRtZBsG3EcXyW9NnHJfk4O8xN3hYPWXaBIo +15qB3jYbx1oktbcQPo0hzaNv+PJ5wtT47JLNcbMeMSnwKM8MB4CXlM43RUtKws6 +-----END DSA PRIVATE KEY----- diff --git a/openssl-1.1.0h/test/recipes/04-test_pem_data/dsa-misalignedpad.pem b/openssl-1.1.0h/test/recipes/04-test_pem_data/dsa-misalignedpad.pem new file mode 100644 index 0000000..ad8c366 --- /dev/null +++ b/openssl-1.1.0h/test/recipes/04-test_pem_data/dsa-misalignedpad.pem @@ -0,0 +1,24 @@ +-----BEGIN DSA PRIVATE KEY----- +Proc-Type: 4,ENCRYPTED +DEK-Info: AES-256-CBC,A2A7FA3E5E454B59C8777564E7AF3CD6 + +EBDWX0Qfarl+QNsHgCUudLyb6DkC4zyaDU/vUqWyHX0m+8W2bbmT5TexlL3hsM5U +gz7KsGqyjeOuK9QT5LOM4VyK6BgmhqpQaJ1MgCWA/gbBPTgBp2jfp3oS0WC5D6GM +wcsdqoeIpD/wce3k0H2Gfu6+rINBmbITtn4DTf3PkOcDIwdDceN2qkZanloFVriS +3kABUIh1ehYIXQibLRFY5rXdQnhY2CZNrQFIMwl64hK5P5hQbcyJKGDHAYzXV7ou +pdXy5F9oyEd6eA5ix+n1jKFRB7PmApZmuiQjzfExVKmBPGxRzOGT0qR5vLylQhei +SC77nkerawUyjA2QlIa/SmNzXEYkN3goDzHSFKBauB0o5qFc1b1x7dXPCFL0atG5 +UxoRr/Ep7tiab4DZmYEnOGkL2dVN8jA04F+HQGBeP6nDOSKhXRjbUODUpDpDvj+F +Jf77Rv0p48l9ip8i/bquwukXlMed3O4d6rnEwkggdySS5itiShwaVLPf+icI/Yd4 +vcPXDPUHTkj1XmoZ4f1mUF17OtCohsJT7O4oMBBMBwqCkC7enrLaALi9jiKym47g +2bZH05xJPpWXS/kSEkwt/jI+a+o4CuDPly3XhIcYRtsaWBJWiam1OT7sGQ+zkjTG +Aa6NfwbR8ScQC8MzDfVnkJ3VnXjT345bz+F7HTAveQ8a7KGxNntPhE0KVjpl369K +q2TMLyexQARJapabBf/ST9zWP7wxzWfrEbX3OEZCuRDVkwWf18BH/Eh6Lqnqg5QM +4GuX708NiFpiwQt9p/DAuQdhBrP67BxL64CbI7CgW4Lv3z3qnKfFV9zY5/mxCERn +9mPOig2r8WvvXt7ch6nhzBPfCwq0BoPqLKUFgDpeXsNdJ9sW5IV3yi/3Bh98ZBYX +zj8g/7XMo6v998fct+EiHPscuqeYUaoJZ6+Zj7W45nGA9DGsnEmZ0Wux2tTj70mD +oH//21TiRAx6ypPP+Iq2YDzqh7VXc/gssOn/vU1Aj19gzL+MRn1Z55SMrA7nO90m +OgOyEP+uGrXyahfZGPbmpgIx+MTbtfvRtZBsG3EcXyW9NnHJfk4O8xN3hYPWXaBI +o15qB3jYbx1oktbcQPo0hzaNv+PJ5wtT47JLNcbMeMSnwKM8MB4CXlM43RUtKws6 += +-----END DSA PRIVATE KEY----- diff --git a/openssl-1.1.0h/test/recipes/04-test_pem_data/dsa-onecolumn.pem b/openssl-1.1.0h/test/recipes/04-test_pem_data/dsa-onecolumn.pem new file mode 100644 index 0000000..61b8ed5 --- /dev/null +++ b/openssl-1.1.0h/test/recipes/04-test_pem_data/dsa-onecolumn.pem @@ -0,0 +1,1157 @@ +-----BEGIN DSA PRIVATE KEY----- +Proc-Type: 4,ENCRYPTED +DEK-Info: AES-256-CBC,A2A7FA3E5E454B59C8777564E7AF3CD6 + +E +B +D +W +X +0 +Q +f +a +r +l ++ +Q +N +s +H +g +C +U +u +d +L +y +b +6 +D +k +C +4 +z +y +a +D +U +/ +v +U +q +W +y +H +X +0 +m ++ +8 +W +2 +b +b +m +T +5 +T +e +x +l +L +3 +h +s +M +5 +U +g +z +7 +K +s +G +q +y +j +e +O +u +K +9 +Q +T +5 +L +O +M +4 +V +y +K +6 +B +g +m +h +q +p +Q +a +J +1 +M +g +C +W +A +/ +g +b +B +P +T +g +B +p +2 +j +f +p +3 +o +S +0 +W +C +5 +D +6 +G +M +w +c +s +d +q +o +e +I +p +D +/ +w +c +e +3 +k +0 +H +2 +G +f +u +6 ++ +r +I +N +B +m +b +I +T +t +n +4 +D +T +f +3 +P +k +O +c +D +I +w +d +D +c +e +N +2 +q +k +Z +a +n +l +o +F +V +r +i +S +3 +k +A +B +U +I +h +1 +e +h +Y +I +X +Q +i +b +L +R +F +Y +5 +r +X +d +Q +n +h +Y +2 +C +Z +N +r +Q +F +I +M +w +l +6 +4 +h +K +5 +P +5 +h +Q +b +c +y +J +K +G +D +H +A +Y +z +X +V +7 +o +u +p +d +X +y +5 +F +9 +o +y +E +d +6 +e +A +5 +i +x ++ +n +1 +j +K +F +R +B +7 +P +m +A +p +Z +m +u +i +Q +j +z +f +E +x +V +K +m +B +P +G +x +R +z +O +G +T +0 +q +R +5 +v +L +y +l +Q +h +e +i +S +C +7 +7 +n +k +e +r +a +w +U +y +j +A +2 +Q +l +I +a +/ +S +m +N +z +X +E +Y +k +N +3 +g +o +D +z +H +S +F +K +B +a +u +B +0 +o +5 +q +F +c +1 +b +1 +x +7 +d +X +P +C +F +L +0 +a +t +G +5 +U +x +o +R +r +/ +E +p +7 +t +i +a +b +4 +D +Z +m +Y +E +n +O +G +k +L +2 +d +V +N +8 +j +A +0 +4 +F ++ +H +Q +G +B +e +P +6 +n +D +O +S +K +h +X +R +j +b +U +O +D +U +p +D +p +D +v +j ++ +F +J +f +7 +7 +R +v +0 +p +4 +8 +l +9 +i +p +8 +i +/ +b +q +u +w +u +k +X +l +M +e +d +3 +O +4 +d +6 +r +n +E +w +k +g +g +d +y +S +S +5 +i +t +i +S +h +w +a +V +L +P +f ++ +i +c +I +/ +Y +d +4 +v +c +P +X +D +P +U +H +T +k +j +1 +X +m +o +Z +4 +f +1 +m +U +F +1 +7 +O +t +C +o +h +s +J +T +7 +O +4 +o +M +B +B +M +B +w +q +C +k +C +7 +e +n +r +L +a +A +L +i +9 +j +i +K +y +m +4 +7 +g +2 +b +Z +H +0 +5 +x +J +P +p +W +X +S +/ +k +S +E +k +w +t +/ +j +I ++ +a ++ +o +4 +C +u +D +P +l +y +3 +X +h +I +c +Y +R +t +s +a +W +B +J +W +i +a +m +1 +O +T +7 +s +G +Q ++ +z +k +j +T +G +A +a +6 +N +f +w +b +R +8 +S +c +Q +C +8 +M +z +D +f +V +n +k +J +3 +V +n +X +j +T +3 +4 +5 +b +z ++ +F +7 +H +T +A +v +e +Q +8 +a +7 +K +G +x +N +n +t +P +h +E +0 +K +V +j +p +l +3 +6 +9 +K +q +2 +T +M +L +y +e +x +Q +A +R +J +a +p +a +b +B +f +/ +S +T +9 +z +W +P +7 +w +x +z +W +f +r +E +b +X +3 +O +E +Z +C +u +R +D +V +k +w +W +f +1 +8 +B +H +/ +E +h +6 +L +q +n +q +g +5 +Q +M +4 +G +u +X +7 +0 +8 +N +i +F +p +i +w +Q +t +9 +p +/ +D +A +u +Q +d +h +B +r +P +6 +7 +B +x +L +6 +4 +C +b +I +7 +C +g +W +4 +L +v +3 +z +3 +q +n +K +f +F +V +9 +z +Y +5 +/ +m +x +C +E +R +n +9 +m +P +O +i +g +2 +r +8 +W +v +v +X +t +7 +c +h +6 +n +h +z +B +P +f +C +w +q +0 +B +o +P +q +L +K +U +F +g +D +p +e +X +s +N +d +J +9 +s +W +5 +I +V +3 +y +i +/ +3 +B +h +9 +8 +Z +B +Y +X +z +j +8 +g +/ +7 +X +M +o +6 +v +9 +9 +8 +f +c +t ++ +E +i +H +P +s +c +u +q +e +Y +U +a +o +J +Z +6 ++ +Z +j +7 +W +4 +5 +n +G +A +9 +D +G +s +n +E +m +Z +0 +W +u +x +2 +t +T +j +7 +0 +m +D +o +H +/ +/ +2 +1 +T +i +R +A +x +6 +y +p +P +P ++ +I +q +2 +Y +D +z +q +h +7 +V +X +c +/ +g +s +s +O +n +/ +v +U +1 +A +j +1 +9 +g +z +L ++ +M +R +n +1 +Z +5 +5 +S +M +r +A +7 +n +O +9 +0 +m +O +g +O +y +E +P ++ +u +G +r +X +y +a +h +f +Z +G +P +b +m +p +g +I +x ++ +M +T +b +t +f +v +R +t +Z +B +s +G +3 +E +c +X +y +W +9 +N +n +H +J +f +k +4 +O +8 +x +N +3 +h +Y +P +W +X +a +B +I +o +1 +5 +q +B +3 +j +Y +b +x +1 +o +k +t +b +c +Q +P +o +0 +h +z +a +N +v ++ +P +J +5 +w +t +T +4 +7 +J +L +N +c +b +M +e +M +S +n +w +K +M +8 +M +B +4 +C +X +l +M +4 +3 +R +U +t +K +w +s +6 +-----END DSA PRIVATE KEY----- diff --git a/openssl-1.1.0h/test/recipes/04-test_pem_data/dsa-oneline.pem b/openssl-1.1.0h/test/recipes/04-test_pem_data/dsa-oneline.pem new file mode 100644 index 0000000..176f1e8 --- /dev/null +++ b/openssl-1.1.0h/test/recipes/04-test_pem_data/dsa-oneline.pem @@ -0,0 +1,6 @@ +-----BEGIN DSA PRIVATE KEY----- +Proc-Type: 4,ENCRYPTED +DEK-Info: AES-256-CBC,A2A7FA3E5E454B59C8777564E7AF3CD6 + +EBDWX0Qfarl+QNsHgCUudLyb6DkC4zyaDU/vUqWyHX0m+8W2bbmT5TexlL3hsM5Ugz7KsGqyjeOuK9QT5LOM4VyK6BgmhqpQaJ1MgCWA/gbBPTgBp2jfp3oS0WC5D6GMwcsdqoeIpD/wce3k0H2Gfu6+rINBmbITtn4DTf3PkOcDIwdDceN2qkZanloFVriS3kABUIh1ehYIXQibLRFY5rXdQnhY2CZNrQFIMwl64hK5P5hQbcyJKGDHAYzXV7oupdXy5F9oyEd6eA5ix+n1jKFRB7PmApZmuiQjzfExVKmBPGxRzOGT0qR5vLylQheiSC77nkerawUyjA2QlIa/SmNzXEYkN3goDzHSFKBauB0o5qFc1b1x7dXPCFL0atG5UxoRr/Ep7tiab4DZmYEnOGkL2dVN8jA04F+HQGBeP6nDOSKhXRjbUODUpDpDvj+FJf77Rv0p48l9ip8i/bquwukXlMed3O4d6rnEwkggdySS5itiShwaVLPf+icI/Yd4vcPXDPUHTkj1XmoZ4f1mUF17OtCohsJT7O4oMBBMBwqCkC7enrLaALi9jiKym47g2bZH05xJPpWXS/kSEkwt/jI+a+o4CuDPly3XhIcYRtsaWBJWiam1OT7sGQ+zkjTGAa6NfwbR8ScQC8MzDfVnkJ3VnXjT345bz+F7HTAveQ8a7KGxNntPhE0KVjpl369Kq2TMLyexQARJapabBf/ST9zWP7wxzWfrEbX3OEZCuRDVkwWf18BH/Eh6Lqnqg5QM4GuX708NiFpiwQt9p/DAuQdhBrP67BxL64CbI7CgW4Lv3z3qnKfFV9zY5/mxCERn9mPOig2r8WvvXt7ch6nhzBPfCwq0BoPqLKUFgDpeXsNdJ9sW5IV3yi/3Bh98ZBYXzj8g/7XMo6v998fct+EiHPscuqeYUaoJZ6+Zj7W45nGA9DGsnEmZ0Wux2tTj70mDoH//21TiRAx6ypPP+Iq2YDzqh7VXc/gssOn/vU1Aj19gzL+MRn1Z55SMrA7nO90mOgOyEP+uGrXyahfZGPbmpgIx+MTbtfvRtZBsG3EcXyW9NnHJfk4O8xN3hYPWXaBIo15qB3jYbx1oktbcQPo0hzaNv+PJ5wtT47JLNcbMeMSnwKM8MB4CXlM43RUtKws6 +-----END DSA PRIVATE KEY----- diff --git a/openssl-1.1.0h/test/recipes/04-test_pem_data/dsa-onelineheader.pem b/openssl-1.1.0h/test/recipes/04-test_pem_data/dsa-onelineheader.pem new file mode 100644 index 0000000..d07095b --- /dev/null +++ b/openssl-1.1.0h/test/recipes/04-test_pem_data/dsa-onelineheader.pem @@ -0,0 +1,22 @@ +-----BEGIN DSA PRIVATE KEY----- +Proc-Type: 4,ENCRYPTED DEK-Info: AES-256-CBC,A2A7FA3E5E454B59C8777564E7AF3CD6 + +EBDWX0Qfarl+QNsHgCUudLyb6DkC4zyaDU/vUqWyHX0m+8W2bbmT5TexlL3hsM5U +gz7KsGqyjeOuK9QT5LOM4VyK6BgmhqpQaJ1MgCWA/gbBPTgBp2jfp3oS0WC5D6GM +wcsdqoeIpD/wce3k0H2Gfu6+rINBmbITtn4DTf3PkOcDIwdDceN2qkZanloFVriS +3kABUIh1ehYIXQibLRFY5rXdQnhY2CZNrQFIMwl64hK5P5hQbcyJKGDHAYzXV7ou +pdXy5F9oyEd6eA5ix+n1jKFRB7PmApZmuiQjzfExVKmBPGxRzOGT0qR5vLylQhei +SC77nkerawUyjA2QlIa/SmNzXEYkN3goDzHSFKBauB0o5qFc1b1x7dXPCFL0atG5 +UxoRr/Ep7tiab4DZmYEnOGkL2dVN8jA04F+HQGBeP6nDOSKhXRjbUODUpDpDvj+F +Jf77Rv0p48l9ip8i/bquwukXlMed3O4d6rnEwkggdySS5itiShwaVLPf+icI/Yd4 +vcPXDPUHTkj1XmoZ4f1mUF17OtCohsJT7O4oMBBMBwqCkC7enrLaALi9jiKym47g +2bZH05xJPpWXS/kSEkwt/jI+a+o4CuDPly3XhIcYRtsaWBJWiam1OT7sGQ+zkjTG +Aa6NfwbR8ScQC8MzDfVnkJ3VnXjT345bz+F7HTAveQ8a7KGxNntPhE0KVjpl369K +q2TMLyexQARJapabBf/ST9zWP7wxzWfrEbX3OEZCuRDVkwWf18BH/Eh6Lqnqg5QM +4GuX708NiFpiwQt9p/DAuQdhBrP67BxL64CbI7CgW4Lv3z3qnKfFV9zY5/mxCERn +9mPOig2r8WvvXt7ch6nhzBPfCwq0BoPqLKUFgDpeXsNdJ9sW5IV3yi/3Bh98ZBYX +zj8g/7XMo6v998fct+EiHPscuqeYUaoJZ6+Zj7W45nGA9DGsnEmZ0Wux2tTj70mD +oH//21TiRAx6ypPP+Iq2YDzqh7VXc/gssOn/vU1Aj19gzL+MRn1Z55SMrA7nO90m +OgOyEP+uGrXyahfZGPbmpgIx+MTbtfvRtZBsG3EcXyW9NnHJfk4O8xN3hYPWXaBI +o15qB3jYbx1oktbcQPo0hzaNv+PJ5wtT47JLNcbMeMSnwKM8MB4CXlM43RUtKws6 +-----END DSA PRIVATE KEY----- diff --git a/openssl-1.1.0h/test/recipes/04-test_pem_data/dsa-shortandlongline.pem b/openssl-1.1.0h/test/recipes/04-test_pem_data/dsa-shortandlongline.pem new file mode 100644 index 0000000..b9a8333 --- /dev/null +++ b/openssl-1.1.0h/test/recipes/04-test_pem_data/dsa-shortandlongline.pem @@ -0,0 +1,23 @@ +-----BEGIN DSA PRIVATE KEY----- +Proc-Type: 4,ENCRYPTED +DEK-Info: AES-256-CBC,A2A7FA3E5E454B59C8777564E7AF3CD6 + +EBDWX0Qfarl+QNsHgCUudLyb6DkC4zyaDU/vUqWyHX0m+8W2bbmT5TexlL3hsM5U +gz7KsGqyjeOuK9QT5LOM4VyK6BgmhqpQaJ1MgCWA/gbBPTgBp2jfp3oS0WC5D6GM +wcsdqoeIpD/wce3k0H2Gfu6+rINBmbITtn4DTf3PkOcDIwdDceN2qkZanloFVriS +3kABUIh1ehYIXQibLRFY5rXdQnhY2CZNrQFIMwl64hK5P5hQbcyJKGDHAYzXV7ou +pdXy5F9oyEd6eA5ix+n1jKFRB7PmApZmuiQjzfExVKmBPGxRzOGT0qR5vLylQhei +SC77nkerawUyjA2QlIa/SmNzXEYkN3goDzHSFKBauB0o5qFc1b1x7dXPCFL0atG5 +UxoRr/Ep7tiab4DZmYEnOGkL2dVN8jA04F+HQGBeP6nDOSKhXRjbUODUpDpDvj+F +Jf77Rv0p48l9ip8i/bquwukXlMed3O4d6rnEwkggdySS5itiShwaVLPf+icI/Yd4 +vcPXDPUHTkj1XmoZ4f1mUF17OtCohsJT7O4oMBBMBwqCkC7enrLaALi9jiKym47g +2bZH05xJPpWXS/kSEkwt/jI+a+o4CuDPly3XhIcYRtsaWBJWiam1OT7sGQ+zkjTG +Aa6NfwbR8ScQC8MzDfVnkJ3VnXjT345bz+F7HTAveQ8a7KGxNntPhE0KVjpl369K +q2TMLyexQARJapabBf/ST9zWP7wxzWfrEbX3OEZCuRDVkwWf18BH/Eh6Lqnqg5QM +4GuX708NiFpiwQt9p/DAuQdhBrP67BxL64CbI7CgW4Lv3z3qnKfFV9zY5/mxCERn +9mPOig2r8WvvXt7ch6nhzBPfCwq0BoPqLKUFgDpeXsNdJ9sW5IV3yi/3Bh98ZBYX +zj8g/7XMo6v998fct+EiHPscuqeYUaoJZ6+Zj7W45nGA9DGsnEmZ0Wux2tTj70mD +oH//21TiRAx6ypPP+Iq2YDzqh7VXc/gssOn/vU1Aj19gzL+MRn1Z55SMrA7nO90mO +gOyEP+uGrXyahfZGPbmpgIx+MTbtfvRtZBsG3EcXyW9NnHJfk4O8xN3hYPWXaBI +o15qB3jYbx1oktbcQPo0hzaNv+PJ5wtT47JLNcbMeMSnwKM8MB4CXlM43RUtKws6 +-----END DSA PRIVATE KEY----- diff --git a/openssl-1.1.0h/test/recipes/04-test_pem_data/dsa-shortline.pem b/openssl-1.1.0h/test/recipes/04-test_pem_data/dsa-shortline.pem new file mode 100644 index 0000000..6da1ab7 --- /dev/null +++ b/openssl-1.1.0h/test/recipes/04-test_pem_data/dsa-shortline.pem @@ -0,0 +1,24 @@ +-----BEGIN DSA PRIVATE KEY----- +Proc-Type: 4,ENCRYPTED +DEK-Info: AES-256-CBC,A2A7FA3E5E454B59C8777564E7AF3CD6 + +EBDWX0Qfarl+QNsHgCUudLyb6DkC4zyaDU/vUqWyHX0m+8W2bbmT5TexlL3hsM5U +gz7KsGqyjeOuK9QT5LOM4VyK6BgmhqpQaJ1MgCWA/gbBPTgBp2jfp3oS0WC5D6GM +wcsdqoeIpD/wce3k0H2Gfu6+rINBmbITtn4DTf3PkOcDIwdDceN2qkZanloFVriS +3kABUIh1ehYIXQibLRFY5rXdQnhY2CZNrQFIMwl64hK5P5hQbcyJKGDHAYzXV7ou +pdXy5F9oyEd6eA5ix+n1jKFRB7PmApZmuiQjzfExVKmBPGxRzOGT0qR5vLylQhei +SC77nkerawUyjA2QlIa/SmNzXEYkN3goDzHSFKBauB0o5qFc1b1x7dXPCFL0atG5 +UxoRr/Ep7tiab4DZmYEnOGkL2dVN8jA04F+HQGBeP6nDOSKhXRjbUODUpDpDvj+F +Jf77Rv0p48l9ip8i/bquwukXlMed3O4d6rnEwkggdySS5itiShwaVLPf+icI/Yd4 +vcPXDPUHTkj1XmoZ4f1mUF17OtCohsJT7O4oMBBMBwqCkC7enrLaALi9jiKym47g +2bZH05xJPpWXS/kSEkwt/jI+a+o4CuDPly3XhIcYRtsaWBJWiam1OT7sGQ+zkjTG +Aa6NfwbR8ScQC8MzDfVnkJ3VnXjT345bz+F7HTAveQ8a7KGxNntPhE0KVjpl369K +q2TMLyexQARJapabBf/ST9zWP7wxzWfrEbX3OEZCuRDVkwWf18BH/Eh6Lqnqg5QM +4GuX708NiFpiwQt9p/DAuQdhBrP67BxL64CbI7CgW4Lv3z3qnKfFV9zY5/mxCERn +9mPOig2r8WvvXt7ch6nhzBPfCwq0BoPqLKUFgDpeXsNdJ9sW5IV3yi/3Bh98ZBYX +zj8g/7XMo6v998fct+EiHPscuqeYUaoJZ6+Zj7W45nGA9DGsnEmZ0Wux2tTj70mD +oH//21TiRAx6ypPP+Iq2YDzqh7VXc/gssOn/vU1Aj19gzL+MRn1Z55SMrA7nO90m +OgOyEP+uGrXyahfZGPbmpgIx+MTbtfvRtZBsG3EcXyW9NnHJfk4O8xN3hYPWXaB +Io15qB3jYbx1oktbcQPo0hzaNv+PJ5wtT47JLNcbMeMSnwKM8MB4CXlM43RUtKws +6 +-----END DSA PRIVATE KEY----- diff --git a/openssl-1.1.0h/test/recipes/04-test_pem_data/dsa-threecolumn.pem b/openssl-1.1.0h/test/recipes/04-test_pem_data/dsa-threecolumn.pem new file mode 100644 index 0000000..e6fcc53 --- /dev/null +++ b/openssl-1.1.0h/test/recipes/04-test_pem_data/dsa-threecolumn.pem @@ -0,0 +1,389 @@ +-----BEGIN DSA PRIVATE KEY----- +Proc-Type: 4,ENCRYPTED +DEK-Info: AES-256-CBC,A2A7FA3E5E454B59C8777564E7AF3CD6 + +EBD +WX0 +Qfa +rl+ +QNs +HgC +Uud +Lyb +6Dk +C4z +yaD +U/v +UqW +yHX +0m+ +8W2 +bbm +T5T +exl +L3h +sM5 +Ugz +7Ks +Gqy +jeO +uK9 +QT5 +LOM +4Vy +K6B +gmh +qpQ +aJ1 +MgC +WA/ +gbB +PTg +Bp2 +jfp +3oS +0WC +5D6 +GMw +csd +qoe +IpD +/wc +e3k +0H2 +Gfu +6+r +INB +mbI +Ttn +4DT +f3P +kOc +DIw +dDc +eN2 +qkZ +anl +oFV +riS +3kA +BUI +h1e +hYI +XQi +bLR +FY5 +rXd +Qnh +Y2C +ZNr +QFI +Mwl +64h +K5P +5hQ +bcy +JKG +DHA +YzX +V7o +upd +Xy5 +F9o +yEd +6eA +5ix ++n1 +jKF +RB7 +PmA +pZm +uiQ +jzf +ExV +KmB +PGx +RzO +GT0 +qR5 +vLy +lQh +eiS +C77 +nke +raw +Uyj +A2Q +lIa +/Sm +NzX +EYk +N3g +oDz +HSF +KBa +uB0 +o5q +Fc1 +b1x +7dX +PCF +L0a +tG5 +Uxo +Rr/ +Ep7 +tia +b4D +ZmY +EnO +GkL +2dV +N8j +A04 +F+H +QGB +eP6 +nDO +SKh +XRj +bUO +DUp +DpD +vj+ +FJf +77R +v0p +48l +9ip +8i/ +bqu +wuk +XlM +ed3 +O4d +6rn +Ewk +ggd +ySS +5it +iSh +waV +LPf ++ic +I/Y +d4v +cPX +DPU +HTk +j1X +moZ +4f1 +mUF +17O +tCo +hsJ +T7O +4oM +BBM +Bwq +CkC +7en +rLa +ALi +9ji +Kym +47g +2bZ +H05 +xJP +pWX +S/k +SEk +wt/ +jI+ +a+o +4Cu +DPl +y3X +hIc +YRt +saW +BJW +iam +1OT +7sG +Q+z +kjT +GAa +6Nf +wbR +8Sc +QC8 +MzD +fVn +kJ3 +VnX +jT3 +45b +z+F +7HT +Ave +Q8a +7KG +xNn +tPh +E0K +Vjp +l36 +9Kq +2TM +Lye +xQA +RJa +pab +Bf/ +ST9 +zWP +7wx +zWf +rEb +X3O +EZC +uRD +Vkw +Wf1 +8BH +/Eh +6Lq +nqg +5QM +4Gu +X70 +8Ni +Fpi +wQt +9p/ +DAu +Qdh +BrP +67B +xL6 +4Cb +I7C +gW4 +Lv3 +z3q +nKf +FV9 +zY5 +/mx +CER +n9m +POi +g2r +8Wv +vXt +7ch +6nh +zBP +fCw +q0B +oPq +LKU +FgD +peX +sNd +J9s +W5I +V3y +i/3 +Bh9 +8ZB +YXz +j8g +/7X +Mo6 +v99 +8fc +t+E +iHP +scu +qeY +Uao +JZ6 ++Zj +7W4 +5nG +A9D +Gsn +EmZ +0Wu +x2t +Tj7 +0mD +oH/ +/21 +TiR +Ax6 +ypP +P+I +q2Y +Dzq +h7V +Xc/ +gss +On/ +vU1 +Aj1 +9gz +L+M +Rn1 +Z55 +SMr +A7n +O90 +mOg +OyE +P+u +GrX +yah +fZG +Pbm +pgI +x+M +Tbt +fvR +tZB +sG3 +EcX +yW9 +NnH +Jfk +4O8 +xN3 +hYP +WXa +BIo +15q +B3j +Ybx +1ok +tbc +QPo +0hz +aNv ++PJ +5wt +T47 +JLN +cbM +eMS +nwK +M8M +B4C +XlM +43R +UtK +ws6 +-----END DSA PRIVATE KEY----- diff --git a/openssl-1.1.0h/test/recipes/04-test_pem_data/dsa-trailingwhitespace.pem b/openssl-1.1.0h/test/recipes/04-test_pem_data/dsa-trailingwhitespace.pem new file mode 100644 index 0000000..0b5de58 --- /dev/null +++ b/openssl-1.1.0h/test/recipes/04-test_pem_data/dsa-trailingwhitespace.pem @@ -0,0 +1,23 @@ +-----BEGIN DSA PRIVATE KEY----- +Proc-Type: 4,ENCRYPTED +DEK-Info: AES-256-CBC,A2A7FA3E5E454B59C8777564E7AF3CD6 + +EBDWX0Qfarl+QNsHgCUudLyb6DkC4zyaDU/vUqWyHX0m+8W2bbmT5TexlL3hsM5U +gz7KsGqyjeOuK9QT5LOM4VyK6BgmhqpQaJ1MgCWA/gbBPTgBp2jfp3oS0WC5D6GM +wcsdqoeIpD/wce3k0H2Gfu6+rINBmbITtn4DTf3PkOcDIwdDceN2qkZanloFVriS +3kABUIh1ehYIXQibLRFY5rXdQnhY2CZNrQFIMwl64hK5P5hQbcyJKGDHAYzXV7ou +pdXy5F9oyEd6eA5ix+n1jKFRB7PmApZmuiQjzfExVKmBPGxRzOGT0qR5vLylQhei +SC77nkerawUyjA2QlIa/SmNzXEYkN3goDzHSFKBauB0o5qFc1b1x7dXPCFL0atG5 +UxoRr/Ep7tiab4DZmYEnOGkL2dVN8jA04F+HQGBeP6nDOSKhXRjbUODUpDpDvj+F +Jf77Rv0p48l9ip8i/bquwukXlMed3O4d6rnEwkggdySS5itiShwaVLPf+icI/Yd4 +vcPXDPUHTkj1XmoZ4f1mUF17OtCohsJT7O4oMBBMBwqCkC7enrLaALi9jiKym47g +2bZH05xJPpWXS/kSEkwt/jI+a+o4CuDPly3XhIcYRtsaWBJWiam1OT7sGQ+zkjTG +Aa6NfwbR8ScQC8MzDfVnkJ3VnXjT345bz+F7HTAveQ8a7KGxNntPhE0KVjpl369K +q2TMLyexQARJapabBf/ST9zWP7wxzWfrEbX3OEZCuRDVkwWf18BH/Eh6Lqnqg5QM +4GuX708NiFpiwQt9p/DAuQdhBrP67BxL64CbI7CgW4Lv3z3qnKfFV9zY5/mxCERn +9mPOig2r8WvvXt7ch6nhzBPfCwq0BoPqLKUFgDpeXsNdJ9sW5IV3yi/3Bh98ZBYX +zj8g/7XMo6v998fct+EiHPscuqeYUaoJZ6+Zj7W45nGA9DGsnEmZ0Wux2tTj70mD +oH//21TiRAx6ypPP+Iq2YDzqh7VXc/gssOn/vU1Aj19gzL+MRn1Z55SMrA7nO90m +OgOyEP+uGrXyahfZGPbmpgIx+MTbtfvRtZBsG3EcXyW9NnHJfk4O8xN3hYPWXaBI +o15qB3jYbx1oktbcQPo0hzaNv+PJ5wtT47JLNcbMeMSnwKM8MB4CXlM43RUtKws6 +-----END DSA PRIVATE KEY----- diff --git a/openssl-1.1.0h/test/recipes/04-test_pem_data/dsa.pem b/openssl-1.1.0h/test/recipes/04-test_pem_data/dsa.pem new file mode 100644 index 0000000..78ebd1b --- /dev/null +++ b/openssl-1.1.0h/test/recipes/04-test_pem_data/dsa.pem @@ -0,0 +1,23 @@ +-----BEGIN DSA PRIVATE KEY----- +Proc-Type: 4,ENCRYPTED +DEK-Info: AES-256-CBC,A2A7FA3E5E454B59C8777564E7AF3CD6 + +EBDWX0Qfarl+QNsHgCUudLyb6DkC4zyaDU/vUqWyHX0m+8W2bbmT5TexlL3hsM5U +gz7KsGqyjeOuK9QT5LOM4VyK6BgmhqpQaJ1MgCWA/gbBPTgBp2jfp3oS0WC5D6GM +wcsdqoeIpD/wce3k0H2Gfu6+rINBmbITtn4DTf3PkOcDIwdDceN2qkZanloFVriS +3kABUIh1ehYIXQibLRFY5rXdQnhY2CZNrQFIMwl64hK5P5hQbcyJKGDHAYzXV7ou +pdXy5F9oyEd6eA5ix+n1jKFRB7PmApZmuiQjzfExVKmBPGxRzOGT0qR5vLylQhei +SC77nkerawUyjA2QlIa/SmNzXEYkN3goDzHSFKBauB0o5qFc1b1x7dXPCFL0atG5 +UxoRr/Ep7tiab4DZmYEnOGkL2dVN8jA04F+HQGBeP6nDOSKhXRjbUODUpDpDvj+F +Jf77Rv0p48l9ip8i/bquwukXlMed3O4d6rnEwkggdySS5itiShwaVLPf+icI/Yd4 +vcPXDPUHTkj1XmoZ4f1mUF17OtCohsJT7O4oMBBMBwqCkC7enrLaALi9jiKym47g +2bZH05xJPpWXS/kSEkwt/jI+a+o4CuDPly3XhIcYRtsaWBJWiam1OT7sGQ+zkjTG +Aa6NfwbR8ScQC8MzDfVnkJ3VnXjT345bz+F7HTAveQ8a7KGxNntPhE0KVjpl369K +q2TMLyexQARJapabBf/ST9zWP7wxzWfrEbX3OEZCuRDVkwWf18BH/Eh6Lqnqg5QM +4GuX708NiFpiwQt9p/DAuQdhBrP67BxL64CbI7CgW4Lv3z3qnKfFV9zY5/mxCERn +9mPOig2r8WvvXt7ch6nhzBPfCwq0BoPqLKUFgDpeXsNdJ9sW5IV3yi/3Bh98ZBYX +zj8g/7XMo6v998fct+EiHPscuqeYUaoJZ6+Zj7W45nGA9DGsnEmZ0Wux2tTj70mD +oH//21TiRAx6ypPP+Iq2YDzqh7VXc/gssOn/vU1Aj19gzL+MRn1Z55SMrA7nO90m +OgOyEP+uGrXyahfZGPbmpgIx+MTbtfvRtZBsG3EcXyW9NnHJfk4O8xN3hYPWXaBI +o15qB3jYbx1oktbcQPo0hzaNv+PJ5wtT47JLNcbMeMSnwKM8MB4CXlM43RUtKws6 +-----END DSA PRIVATE KEY----- diff --git a/openssl-1.1.0h/test/recipes/04-test_pem_data/dsaparam.pem b/openssl-1.1.0h/test/recipes/04-test_pem_data/dsaparam.pem new file mode 100644 index 0000000..60563cb --- /dev/null +++ b/openssl-1.1.0h/test/recipes/04-test_pem_data/dsaparam.pem @@ -0,0 +1,14 @@ +-----BEGIN DSA PARAMETERS----- +MIICLAKCAQEArjV9Th2W4p8AlmBabk0HjaV8vPmt15/V6e6mM1Hee3LSdapxd/Fj ++7bsWroNcqIaHGS45YkJbclvC3/Szp/vh1q2Zy/v7utZ9V7/qCiEnls3CRGAfAhc +1eFIS9Jo+z+fK2tsDUgbGoDC6xEbN3nWjItyPmelBQ5Bip41ULTSQCdr/eBka1s4 +QpS1Sdrvbng3zTCJw0VQe5yM5xyYcHFdeV/v6JSFUz7voyzOGqt91l4UzVFUiZ13 +5Pgi8DUQdQVxUU+MTFwNLCy+bDTuEoKHAxkGEqiq9A08ScxwWtgy7jJQhXDoGP10 +gFMyV+5Qya7rrrYiMhZrjFna7h0z30yiPQIhAK0tbhew8+vHuO6VePIX9TMBZ7ze +k//uQOh/8ZNtS4cTAoIBAGZv2mOljtJM1UUtdl1fzUq0GkI1hjpvqfonq94DITYK +BynJL21JqPfG9JLXc8HYdg5hpwtulrjIyzg1EiB5pQgoNVy8UhavUroPw7FjEicL +dKRHQ9YwuJwuQBTNmX/ojjewqT9U6WYiYUz4SQNXFDIdNz3ikviOoGpmY/Cwbgcr +Pb/QhGqqHzB3ZeX89exVznPbvqeNOp967U+vooBMMJ4oSWVA8ANFVpmikxucRt69 +qKtfkD+3P9RvjVow4dRjOmp8jyT82RQoCeSEThdDVrjUS6IpRdMT8MJ2mwGggG6T +Y16HJCAq/7ufqJlsp5oAuX3aZsnAcnIiDxrMI9m3Xxs= +-----END DSA PARAMETERS----- diff --git a/openssl-1.1.0h/test/recipes/04-test_pem_data/key.pem b/openssl-1.1.0h/test/recipes/04-test_pem_data/key.pem new file mode 100644 index 0000000..8de7e65 --- /dev/null +++ b/openssl-1.1.0h/test/recipes/04-test_pem_data/key.pem @@ -0,0 +1,28 @@ +-----BEGIN PRIVATE KEY----- +MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQC7MOIrqH+ZIJiZ +droKMrelKMSvvRKg2MEgj/sx9TaHHqrKys4AiL4Rq/ybQEigFC6G8mpZWbBrU+vN +2SLr1ZsPftCHIY12LF560WLYTYNqDgF5BdCZCrjJ2hhN+XwML2tgYdWioV/Eey8S +JSqUskf03MpcwnLbVfSphwmowqNfiEFFqPBCf7E8IVarGWctbMpvlMbAM5owhMev +/Ccmqqt81NFkb1WVejvN5v/JKv243/Xedf4I7ZJv7zKeswoP9piFzWHXCd9SIVzW +qF77u/crHufIhoEa7NkZhSC2aosQF619iKnfk0nqWaLDJ182CCXkHERoQC7q9X2I +GLDLoA0XAgMBAAECggEAcEBMIGoWuji1ybFMtrjbL4tXBxuWhCX3ChPNSpQFctmN +Cba7+c4GTIqaHG9cHcJ8dCgCZjpGdNYKXZKMQmgBaDVfzujr76WDsprFb3hsCbkE +YRJ/mIa5cTH7ySaGoLf+5/lDJxcmWqiT/YmUEz8lr0yHfUCNp8HPyalUvYKafbos +5BiXs8lr4XQ/vxL0CtVQx+5T8pmgU6CmP1jjgBqV4Y9RPewSmPNhxKAqm82JYMND +9evNHNpZmDpwTMygwwL0oJ0DV0nq0uqzuk1ORcp7YIph7IFGcdi4n7Y4Y2U6B8Ok +ITY684qpcXgy+qO1A8AwDEJ34wiIWb8Mi8S84KdTIQKBgQDhHmCdpWKzwLETlHQR +V9wT3ulySmxG0t8kSgNOFRVUZNXQ0ij2v8rOJ7R0QzJ+kCqvdxJ5QHNlUFKkOFMA +SnSy098iEz5skwRhHof7ZNa3U6oRRSauUcZcThWL+z14nhTIC1m99KpACV6fl3jj +MVEYYpG6n7jZ0wKUGMStxT1q9QKBgQDU3pOgNLnFasMIujvXI3ARSK6xIpkBTq89 +n6pmn9XeMWs/H6wQRO5wpUXbg+/3/d4tnezrDG9Lg5aPV8ca/zJ7IP8iNyLnhiUY +c9O6hKAW1fxddt9megzBDvsBgRzhytnv3OSpM+idgtsJ7Tvkevmt4K5j6gitpJpb +1A1erknoWwKBgCM5zKZ+bZ5xBYRp02uvUtmtJNxkduLyNkaIalH6jJbjHG4LpKtP +wZ1Wqy8SIMGbL4K7YCGnCyeMVRIrWhmOjQo6iwza9AarTqEf1OlqkwqmxdLj/jSC +yUZCVa7MxoasPdY7qHRH56gTj0HrwtfSLL1jFyibu6IiGaIw6f3DAmRNAoGAL2sx +iYOVSnPg5GXQBLnBMih1ucHSQadMhDa4F8pNMwThNhuREcK5NuCqMh8u6phj0NeY +Ojf35uN2O5I7KTll/mW4T9/mZ5rLUqoipS78FnoukId1dneDtdHnektPqsCsUbFs +QoDstYG713dAW0JFskUVs+4jZsL/G6ueGtRKZHcCgYEA27sBEJtHGLAgEUGSlwSA +acmaIlKpF3EMImgWhlzRN3JC7+z8HJAhoHTxQUdnWfJt2Xl4Z+WmXvv+E7U9ofH7 +kH8fbLcaxwvylPm4hAMlhtL3EqnRDSL4hfZHBrqqf3C0Kv+C8naNxzeCNG6iHxcp +3c7vY4BXTz0dGBGHml6qu5Y= +-----END PRIVATE KEY----- diff --git a/openssl-1.1.0h/test/recipes/04-test_pem_data/wellknown b/openssl-1.1.0h/test/recipes/04-test_pem_data/wellknown new file mode 100644 index 0000000..632e28f --- /dev/null +++ b/openssl-1.1.0h/test/recipes/04-test_pem_data/wellknown @@ -0,0 +1 @@ +wellknown diff --git a/openssl-1.1.0h/test/recipes/05-test_bf.t b/openssl-1.1.0h/test/recipes/05-test_bf.t new file mode 100644 index 0000000..64c9609 --- /dev/null +++ b/openssl-1.1.0h/test/recipes/05-test_bf.t @@ -0,0 +1,12 @@ +#! /usr/bin/env perl +# Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved. +# +# Licensed under the OpenSSL license (the "License"). You may not use +# this file except in compliance with the License. You can obtain a copy +# in the file LICENSE in the source distribution or at +# https://www.openssl.org/source/license.html + + +use OpenSSL::Test::Simple; + +simple_test("test_bf", "bftest", "bf"); diff --git a/openssl-1.1.0h/test/recipes/05-test_cast.t b/openssl-1.1.0h/test/recipes/05-test_cast.t new file mode 100644 index 0000000..46c61da --- /dev/null +++ b/openssl-1.1.0h/test/recipes/05-test_cast.t @@ -0,0 +1,12 @@ +#! /usr/bin/env perl +# Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved. +# +# Licensed under the OpenSSL license (the "License"). You may not use +# this file except in compliance with the License. You can obtain a copy +# in the file LICENSE in the source distribution or at +# https://www.openssl.org/source/license.html + + +use OpenSSL::Test::Simple; + +simple_test("test_cast", "casttest", "cast"); diff --git a/openssl-1.1.0h/test/recipes/05-test_des.t b/openssl-1.1.0h/test/recipes/05-test_des.t new file mode 100644 index 0000000..2e6a32b --- /dev/null +++ b/openssl-1.1.0h/test/recipes/05-test_des.t @@ -0,0 +1,12 @@ +#! /usr/bin/env perl +# Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved. +# +# Licensed under the OpenSSL license (the "License"). You may not use +# this file except in compliance with the License. You can obtain a copy +# in the file LICENSE in the source distribution or at +# https://www.openssl.org/source/license.html + + +use OpenSSL::Test::Simple; + +simple_test("test_des", "destest", "des"); diff --git a/openssl-1.1.0h/test/recipes/05-test_hmac.t b/openssl-1.1.0h/test/recipes/05-test_hmac.t new file mode 100644 index 0000000..2059bcc --- /dev/null +++ b/openssl-1.1.0h/test/recipes/05-test_hmac.t @@ -0,0 +1,12 @@ +#! /usr/bin/env perl +# Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved. +# +# Licensed under the OpenSSL license (the "License"). You may not use +# this file except in compliance with the License. You can obtain a copy +# in the file LICENSE in the source distribution or at +# https://www.openssl.org/source/license.html + + +use OpenSSL::Test::Simple; + +simple_test("test_hmac", "hmactest"); diff --git a/openssl-1.1.0h/test/recipes/05-test_idea.t b/openssl-1.1.0h/test/recipes/05-test_idea.t new file mode 100644 index 0000000..ca2b767 --- /dev/null +++ b/openssl-1.1.0h/test/recipes/05-test_idea.t @@ -0,0 +1,12 @@ +#! /usr/bin/env perl +# Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved. +# +# Licensed under the OpenSSL license (the "License"). You may not use +# this file except in compliance with the License. You can obtain a copy +# in the file LICENSE in the source distribution or at +# https://www.openssl.org/source/license.html + + +use OpenSSL::Test::Simple; + +simple_test("test_idea", "ideatest", "idea"); diff --git a/openssl-1.1.0h/test/recipes/05-test_md2.t b/openssl-1.1.0h/test/recipes/05-test_md2.t new file mode 100644 index 0000000..8781af0 --- /dev/null +++ b/openssl-1.1.0h/test/recipes/05-test_md2.t @@ -0,0 +1,12 @@ +#! /usr/bin/env perl +# Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved. +# +# Licensed under the OpenSSL license (the "License"). You may not use +# this file except in compliance with the License. You can obtain a copy +# in the file LICENSE in the source distribution or at +# https://www.openssl.org/source/license.html + + +use OpenSSL::Test::Simple; + +simple_test("test_md2", "md2test", "md2"); diff --git a/openssl-1.1.0h/test/recipes/05-test_md4.t b/openssl-1.1.0h/test/recipes/05-test_md4.t new file mode 100644 index 0000000..59a815b --- /dev/null +++ b/openssl-1.1.0h/test/recipes/05-test_md4.t @@ -0,0 +1,12 @@ +#! /usr/bin/env perl +# Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved. +# +# Licensed under the OpenSSL license (the "License"). You may not use +# this file except in compliance with the License. You can obtain a copy +# in the file LICENSE in the source distribution or at +# https://www.openssl.org/source/license.html + + +use OpenSSL::Test::Simple; + +simple_test("test_md4", "md4test", "md4"); diff --git a/openssl-1.1.0h/test/recipes/05-test_md5.t b/openssl-1.1.0h/test/recipes/05-test_md5.t new file mode 100644 index 0000000..3af4d55 --- /dev/null +++ b/openssl-1.1.0h/test/recipes/05-test_md5.t @@ -0,0 +1,12 @@ +#! /usr/bin/env perl +# Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved. +# +# Licensed under the OpenSSL license (the "License"). You may not use +# this file except in compliance with the License. You can obtain a copy +# in the file LICENSE in the source distribution or at +# https://www.openssl.org/source/license.html + + +use OpenSSL::Test::Simple; + +simple_test("test_md5", "md5test", "md5"); diff --git a/openssl-1.1.0h/test/recipes/05-test_mdc2.t b/openssl-1.1.0h/test/recipes/05-test_mdc2.t new file mode 100644 index 0000000..181c90f --- /dev/null +++ b/openssl-1.1.0h/test/recipes/05-test_mdc2.t @@ -0,0 +1,12 @@ +#! /usr/bin/env perl +# Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved. +# +# Licensed under the OpenSSL license (the "License"). You may not use +# this file except in compliance with the License. You can obtain a copy +# in the file LICENSE in the source distribution or at +# https://www.openssl.org/source/license.html + + +use OpenSSL::Test::Simple; + +simple_test("test_mdc2", "mdc2test", "mdc2"); diff --git a/openssl-1.1.0h/test/recipes/05-test_rand.t b/openssl-1.1.0h/test/recipes/05-test_rand.t new file mode 100644 index 0000000..3b175fa --- /dev/null +++ b/openssl-1.1.0h/test/recipes/05-test_rand.t @@ -0,0 +1,12 @@ +#! /usr/bin/env perl +# Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved. +# +# Licensed under the OpenSSL license (the "License"). You may not use +# this file except in compliance with the License. You can obtain a copy +# in the file LICENSE in the source distribution or at +# https://www.openssl.org/source/license.html + + +use OpenSSL::Test::Simple; + +simple_test("test_rand", "randtest", "rand"); diff --git a/openssl-1.1.0h/test/recipes/05-test_rc2.t b/openssl-1.1.0h/test/recipes/05-test_rc2.t new file mode 100644 index 0000000..77d9382 --- /dev/null +++ b/openssl-1.1.0h/test/recipes/05-test_rc2.t @@ -0,0 +1,11 @@ +#! /usr/bin/env perl +# Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved. +# +# Licensed under the OpenSSL license (the "License"). You may not use +# this file except in compliance with the License. You can obtain a copy +# in the file LICENSE in the source distribution or at +# https://www.openssl.org/source/license.html + +use OpenSSL::Test::Simple; + +simple_test("test_rc2", "rc2test", "rc2"); diff --git a/openssl-1.1.0h/test/recipes/05-test_rc4.t b/openssl-1.1.0h/test/recipes/05-test_rc4.t new file mode 100644 index 0000000..a26c9b8 --- /dev/null +++ b/openssl-1.1.0h/test/recipes/05-test_rc4.t @@ -0,0 +1,11 @@ +#! /usr/bin/env perl +# Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved. +# +# Licensed under the OpenSSL license (the "License"). You may not use +# this file except in compliance with the License. You can obtain a copy +# in the file LICENSE in the source distribution or at +# https://www.openssl.org/source/license.html + +use OpenSSL::Test::Simple; + +simple_test("test_rc4", "rc4test", "rc4"); diff --git a/openssl-1.1.0h/test/recipes/05-test_rc5.t b/openssl-1.1.0h/test/recipes/05-test_rc5.t new file mode 100644 index 0000000..fda0cd2 --- /dev/null +++ b/openssl-1.1.0h/test/recipes/05-test_rc5.t @@ -0,0 +1,12 @@ +#! /usr/bin/env perl +# Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved. +# +# Licensed under the OpenSSL license (the "License"). You may not use +# this file except in compliance with the License. You can obtain a copy +# in the file LICENSE in the source distribution or at +# https://www.openssl.org/source/license.html + + +use OpenSSL::Test::Simple; + +simple_test("test_rc5", "rc5test", "rc5"); diff --git a/openssl-1.1.0h/test/recipes/05-test_rmd.t b/openssl-1.1.0h/test/recipes/05-test_rmd.t new file mode 100644 index 0000000..b1112e1 --- /dev/null +++ b/openssl-1.1.0h/test/recipes/05-test_rmd.t @@ -0,0 +1,12 @@ +#! /usr/bin/env perl +# Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved. +# +# Licensed under the OpenSSL license (the "License"). You may not use +# this file except in compliance with the License. You can obtain a copy +# in the file LICENSE in the source distribution or at +# https://www.openssl.org/source/license.html + + +use OpenSSL::Test::Simple; + +simple_test("test_rmd", "rmdtest", "rmd"); diff --git a/openssl-1.1.0h/test/recipes/05-test_sha1.t b/openssl-1.1.0h/test/recipes/05-test_sha1.t new file mode 100644 index 0000000..21bb74e --- /dev/null +++ b/openssl-1.1.0h/test/recipes/05-test_sha1.t @@ -0,0 +1,12 @@ +#! /usr/bin/env perl +# Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved. +# +# Licensed under the OpenSSL license (the "License"). You may not use +# this file except in compliance with the License. You can obtain a copy +# in the file LICENSE in the source distribution or at +# https://www.openssl.org/source/license.html + + +use OpenSSL::Test::Simple; + +simple_test("test_sha1", "sha1test", "sha"); diff --git a/openssl-1.1.0h/test/recipes/05-test_sha256.t b/openssl-1.1.0h/test/recipes/05-test_sha256.t new file mode 100644 index 0000000..071a45c --- /dev/null +++ b/openssl-1.1.0h/test/recipes/05-test_sha256.t @@ -0,0 +1,12 @@ +#! /usr/bin/env perl +# Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved. +# +# Licensed under the OpenSSL license (the "License"). You may not use +# this file except in compliance with the License. You can obtain a copy +# in the file LICENSE in the source distribution or at +# https://www.openssl.org/source/license.html + + +use OpenSSL::Test::Simple; + +simple_test("test_sha256", "sha256t", "sha"); diff --git a/openssl-1.1.0h/test/recipes/05-test_sha512.t b/openssl-1.1.0h/test/recipes/05-test_sha512.t new file mode 100644 index 0000000..4ce585c --- /dev/null +++ b/openssl-1.1.0h/test/recipes/05-test_sha512.t @@ -0,0 +1,12 @@ +#! /usr/bin/env perl +# Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved. +# +# Licensed under the OpenSSL license (the "License"). You may not use +# this file except in compliance with the License. You can obtain a copy +# in the file LICENSE in the source distribution or at +# https://www.openssl.org/source/license.html + + +use OpenSSL::Test::Simple; + +simple_test("test_sha512", "sha512t", "sha"); diff --git a/openssl-1.1.0h/test/recipes/05-test_wp.t b/openssl-1.1.0h/test/recipes/05-test_wp.t new file mode 100644 index 0000000..a042898 --- /dev/null +++ b/openssl-1.1.0h/test/recipes/05-test_wp.t @@ -0,0 +1,12 @@ +#! /usr/bin/env perl +# Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved. +# +# Licensed under the OpenSSL license (the "License"). You may not use +# this file except in compliance with the License. You can obtain a copy +# in the file LICENSE in the source distribution or at +# https://www.openssl.org/source/license.html + + +use OpenSSL::Test::Simple; + +simple_test("test_wp", "wp_test", "whirlpool"); diff --git a/openssl-1.1.0h/test/recipes/10-test_bn.t b/openssl-1.1.0h/test/recipes/10-test_bn.t new file mode 100644 index 0000000..13f278e --- /dev/null +++ b/openssl-1.1.0h/test/recipes/10-test_bn.t @@ -0,0 +1,84 @@ +#! /usr/bin/env perl +# Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved. +# +# Licensed under the OpenSSL license (the "License"). You may not use +# this file except in compliance with the License. You can obtain a copy +# in the file LICENSE in the source distribution or at +# https://www.openssl.org/source/license.html + + +use strict; +use warnings; + +use Math::BigInt; + +use OpenSSL::Test qw/:DEFAULT srctop_file/; + +setup("test_bn"); + +plan tests => 3; + +require_ok(srctop_file("test","recipes","bc.pl")); + +my $testresults = "tmp.bntest"; +my $init = ok(run(test(["bntest"], stdout => $testresults)), 'initialize'); + + SKIP: { + skip "Initializing failed, skipping", 1 if !$init; + + subtest 'Checking the bn results' => sub { + my @lines = (); + if (open DATA, $testresults) { + @lines = ; + close DATA; + } + map { s/\R//; } @lines; # chomp(@lines); + + plan tests => scalar grep(/^print /, @lines); + + my $l = ""; + + while (scalar @lines) { + $l = shift @lines; + + last if $l =~ /^print /; + } + + while (1) { + $l =~ s/^print "//; + $l =~ s/\\n"//; + my $t = $l; + my @operations = (); + + $l = undef; + while (scalar @lines) { + $l = shift @lines; + + last if $l =~ /^print /; + push @operations, $l; + $l = undef; + } + + ok(check_operations(@operations), "verify $t"); + + last unless $l; + } + }; + } + +unlink $testresults; + +sub check_operations { + my $failcount = 0; + + foreach my $line (@_) { + my $result = calc(split /\s+/, $line); + + if ($result ne "0" && $result ne "0x0") { + $failcount++; + print STDERR "Failed! $line => $result\n"; + } + } + + return $failcount == 0; +} diff --git a/openssl-1.1.0h/test/recipes/10-test_exp.t b/openssl-1.1.0h/test/recipes/10-test_exp.t new file mode 100644 index 0000000..7e999c4 --- /dev/null +++ b/openssl-1.1.0h/test/recipes/10-test_exp.t @@ -0,0 +1,12 @@ +#! /usr/bin/env perl +# Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved. +# +# Licensed under the OpenSSL license (the "License"). You may not use +# this file except in compliance with the License. You can obtain a copy +# in the file LICENSE in the source distribution or at +# https://www.openssl.org/source/license.html + + +use OpenSSL::Test::Simple; + +simple_test("test_exp", "exptest"); diff --git a/openssl-1.1.0h/test/recipes/15-test_dh.t b/openssl-1.1.0h/test/recipes/15-test_dh.t new file mode 100644 index 0000000..60cb54c --- /dev/null +++ b/openssl-1.1.0h/test/recipes/15-test_dh.t @@ -0,0 +1,12 @@ +#! /usr/bin/env perl +# Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved. +# +# Licensed under the OpenSSL license (the "License"). You may not use +# this file except in compliance with the License. You can obtain a copy +# in the file LICENSE in the source distribution or at +# https://www.openssl.org/source/license.html + + +use OpenSSL::Test::Simple; + +simple_test("test_dh", "dhtest", "dh"); diff --git a/openssl-1.1.0h/test/recipes/15-test_dsa.t b/openssl-1.1.0h/test/recipes/15-test_dsa.t new file mode 100644 index 0000000..2fd236e --- /dev/null +++ b/openssl-1.1.0h/test/recipes/15-test_dsa.t @@ -0,0 +1,40 @@ +#! /usr/bin/env perl +# Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved. +# +# Licensed under the OpenSSL license (the "License"). You may not use +# this file except in compliance with the License. You can obtain a copy +# in the file LICENSE in the source distribution or at +# https://www.openssl.org/source/license.html + + +use strict; +use warnings; + +use File::Spec; +use OpenSSL::Test qw/:DEFAULT srctop_file/; +use OpenSSL::Test::Utils; + +setup("test_dsa"); + +plan tests => 6; + +require_ok(srctop_file('test','recipes','tconversion.pl')); + +ok(run(test(["dsatest"])), "running dsatest"); +ok(run(test(["dsatest", "-app2_1"])), "running dsatest -app2_1"); + + SKIP: { + skip "Skipping dsa conversion test", 3 + if disabled("dsa"); + + subtest 'dsa conversions -- private key' => sub { + tconversion("dsa", srctop_file("test","testdsa.pem")); + }; + subtest 'dsa conversions -- private key PKCS#8' => sub { + tconversion("dsa", srctop_file("test","testdsa.pem"), "pkey"); + }; + subtest 'dsa conversions -- public key' => sub { + tconversion("msb", srctop_file("test","testdsapub.pem"), "dsa", + "-pubin", "-pubout"); + }; +} diff --git a/openssl-1.1.0h/test/recipes/15-test_ec.t b/openssl-1.1.0h/test/recipes/15-test_ec.t new file mode 100644 index 0000000..a1c704a --- /dev/null +++ b/openssl-1.1.0h/test/recipes/15-test_ec.t @@ -0,0 +1,38 @@ +#! /usr/bin/env perl +# Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved. +# +# Licensed under the OpenSSL license (the "License"). You may not use +# this file except in compliance with the License. You can obtain a copy +# in the file LICENSE in the source distribution or at +# https://www.openssl.org/source/license.html + + +use strict; +use warnings; + +use File::Spec; +use OpenSSL::Test qw/:DEFAULT srctop_file/; +use OpenSSL::Test::Utils; + +setup("test_ec"); + +plan tests => 5; + +require_ok(srctop_file('test','recipes','tconversion.pl')); + +ok(run(test(["ectest"])), "running ectest"); + + SKIP: { + skip "Skipping ec conversion test", 3 + if disabled("ec"); + + subtest 'ec conversions -- private key' => sub { + tconversion("ec", srctop_file("test","testec-p256.pem")); + }; + subtest 'ec conversions -- private key PKCS#8' => sub { + tconversion("ec", srctop_file("test","testec-p256.pem"), "pkey"); + }; + subtest 'ec conversions -- public key' => sub { + tconversion("ec", srctop_file("test","testecpub-p256.pem"), "ec", "-pubin", "-pubout"); + }; +} diff --git a/openssl-1.1.0h/test/recipes/15-test_ecdsa.t b/openssl-1.1.0h/test/recipes/15-test_ecdsa.t new file mode 100644 index 0000000..82a8559 --- /dev/null +++ b/openssl-1.1.0h/test/recipes/15-test_ecdsa.t @@ -0,0 +1,12 @@ +#! /usr/bin/env perl +# Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved. +# +# Licensed under the OpenSSL license (the "License"). You may not use +# this file except in compliance with the License. You can obtain a copy +# in the file LICENSE in the source distribution or at +# https://www.openssl.org/source/license.html + + +use OpenSSL::Test::Simple; + +simple_test("test_ecdsa", "ecdsatest", "ec"); diff --git a/openssl-1.1.0h/test/recipes/15-test_genrsa.t b/openssl-1.1.0h/test/recipes/15-test_genrsa.t new file mode 100644 index 0000000..cc74e30 --- /dev/null +++ b/openssl-1.1.0h/test/recipes/15-test_genrsa.t @@ -0,0 +1,26 @@ +#! /usr/bin/env perl +# Copyright 2017 The OpenSSL Project Authors. All Rights Reserved. +# +# Licensed under the OpenSSL license (the "License"). You may not use +# this file except in compliance with the License. You can obtain a copy +# in the file LICENSE in the source distribution or at +# https://www.openssl.org/source/license.html + + +use strict; +use warnings; + +use File::Spec; +use OpenSSL::Test qw/:DEFAULT srctop_file/; +use OpenSSL::Test::Utils; + +setup("test_genrsa"); + +plan tests => 5; + +is(run(app([ 'openssl', 'genrsa', '-3', '-out', 'genrsatest.pem', '8'])), 0, "genrsa -3 8"); +ok(run(app([ 'openssl', 'genrsa', '-3', '-out', 'genrsatest.pem', '16'])), "genrsa -3 16"); +ok(run(app([ 'openssl', 'rsa', '-check', '-in', 'genrsatest.pem', '-noout'])), "rsa -check"); +ok(run(app([ 'openssl', 'genrsa', '-f4', '-out', 'genrsatest.pem', '16'])), "genrsa -f4 16"); +ok(run(app([ 'openssl', 'rsa', '-check', '-in', 'genrsatest.pem', '-noout'])), "rsa -check"); +unlink 'genrsatest.pem'; diff --git a/openssl-1.1.0h/test/recipes/15-test_rsa.t b/openssl-1.1.0h/test/recipes/15-test_rsa.t new file mode 100644 index 0000000..5988821 --- /dev/null +++ b/openssl-1.1.0h/test/recipes/15-test_rsa.t @@ -0,0 +1,47 @@ +#! /usr/bin/env perl +# Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved. +# +# Licensed under the OpenSSL license (the "License"). You may not use +# this file except in compliance with the License. You can obtain a copy +# in the file LICENSE in the source distribution or at +# https://www.openssl.org/source/license.html + + +use strict; +use warnings; + +use File::Spec; +use OpenSSL::Test qw/:DEFAULT srctop_file/; +use OpenSSL::Test::Utils; + +setup("test_rsa"); + +plan tests => 6; + +require_ok(srctop_file('test','recipes','tconversion.pl')); + +ok(run(test(["rsa_test"])), "running rsatest"); + +ok(run(app([ 'openssl', 'rsa', '-check', '-in', srctop_file('test', 'testrsa.pem'), '-noout'])), "rsa -check"); + + SKIP: { + skip "Skipping rsa conversion test", 3 + if disabled("rsa"); + + subtest 'rsa conversions -- private key' => sub { + tconversion("rsa", srctop_file("test","testrsa.pem")); + }; + subtest 'rsa conversions -- private key PKCS#8' => sub { + tconversion("rsa", srctop_file("test","testrsa.pem"), "pkey"); + }; +} + + SKIP: { + skip "Skipping msblob conversion test", 1 + if disabled("rsa") || disabled("dsa"); + + subtest 'rsa conversions -- public key' => sub { + tconversion("msb", srctop_file("test","testrsapub.pem"), "rsa", + "-pubin", "-pubout"); + }; +} diff --git a/openssl-1.1.0h/test/recipes/15-test_rsapss.t b/openssl-1.1.0h/test/recipes/15-test_rsapss.t new file mode 100644 index 0000000..34accaa --- /dev/null +++ b/openssl-1.1.0h/test/recipes/15-test_rsapss.t @@ -0,0 +1,49 @@ +#! /usr/bin/env perl +# Copyright 2017 The OpenSSL Project Authors. All Rights Reserved. +# +# Licensed under the OpenSSL license (the "License"). You may not use +# this file except in compliance with the License. You can obtain a copy +# in the file LICENSE in the source distribution or at +# https://www.openssl.org/source/license.html + + +use strict; +use warnings; + +use File::Spec; +use OpenSSL::Test qw/:DEFAULT with srctop_file/; +use OpenSSL::Test::Utils; + +setup("test_rsapss"); + +plan tests => 5; + +#using test/testrsa.pem which happens to be a 512 bit RSA +ok(run(app(['openssl', 'dgst', '-sign', srctop_file('test', 'testrsa.pem'), '-sha1', + '-sigopt', 'rsa_padding_mode:pss', '-sigopt', 'rsa_pss_saltlen:-2', + '-sigopt', 'rsa_mgf1_md:sha512', '-out', 'testrsapss.sig', + srctop_file('test', 'testrsa.pem')])), + "openssl dgst -sign"); + +with({ exit_checker => sub { return shift == 1; } }, + sub { ok(run(app(['openssl', 'dgst', '-sign', srctop_file('test', 'testrsa.pem'), '-sha512', + '-sigopt', 'rsa_padding_mode:pss', '-sigopt', 'rsa_pss_saltlen:-2', + '-sigopt', 'rsa_mgf1_md:sha512', srctop_file('test', 'testrsa.pem')])), + "openssl dgst -sign, expect to fail gracefully"); + ok(run(app(['openssl', 'dgst', '-sign', srctop_file('test', 'testrsa.pem'), '-sha512', + '-sigopt', 'rsa_padding_mode:pss', '-sigopt', 'rsa_pss_saltlen:2147483647', + '-sigopt', 'rsa_mgf1_md:sha1', srctop_file('test', 'testrsa.pem')])), + "openssl dgst -sign, expect to fail gracefully"); + ok(run(app(['openssl', 'dgst', '-prverify', srctop_file('test', 'testrsa.pem'), '-sha512', + '-sigopt', 'rsa_padding_mode:pss', '-sigopt', 'rsa_pss_saltlen:-2', + '-sigopt', 'rsa_mgf1_md:sha512', '-signature', 'testrsapss.sig', + srctop_file('test', 'testrsa.pem')])), + "openssl dgst -prverify, expect to fail gracefully"); + }); + +ok(run(app(['openssl', 'dgst', '-prverify', srctop_file('test', 'testrsa.pem'), '-sha1', + '-sigopt', 'rsa_padding_mode:pss', '-sigopt', 'rsa_pss_saltlen:-2', + '-sigopt', 'rsa_mgf1_md:sha512', '-signature', 'testrsapss.sig', + srctop_file('test', 'testrsa.pem')])), + "openssl dgst -prverify"); +unlink 'testrsapss.sig'; diff --git a/openssl-1.1.0h/test/recipes/20-test_enc.t b/openssl-1.1.0h/test/recipes/20-test_enc.t new file mode 100644 index 0000000..88a5890 --- /dev/null +++ b/openssl-1.1.0h/test/recipes/20-test_enc.t @@ -0,0 +1,69 @@ +#! /usr/bin/env perl +# Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved. +# +# Licensed under the OpenSSL license (the "License"). You may not use +# this file except in compliance with the License. You can obtain a copy +# in the file LICENSE in the source distribution or at +# https://www.openssl.org/source/license.html + + +use strict; +use warnings; + +use File::Spec::Functions qw/catfile/; +use File::Copy; +use File::Compare qw/compare_text/; +use File::Basename; +use OpenSSL::Test qw/:DEFAULT srctop_file/; + +setup("test_enc"); + +# We do it this way, because setup() may have moved us around, +# so the directory portion of $0 might not be correct any more. +# However, the name hasn't changed. +my $testsrc = srctop_file("test","recipes",basename($0)); + +my $test = catfile(".", "p"); + +my $cmd = "openssl"; + +my @ciphers = + map { s/^\s+//; s/\s+$//; split /\s+/ } + run(app([$cmd, "list", "-cipher-commands"]), capture => 1); + +plan tests => 1 + (scalar @ciphers)*2; + +my $init = ok(copy($testsrc,$test)); + +if (!$init) { + diag("Trying to copy $testsrc to $test : $!"); +} + + SKIP: { + skip "Not initialized, skipping...", 11 unless $init; + + foreach my $c (@ciphers) { + my %variant = ("$c" => [], + "$c base64" => [ "-a" ]); + + foreach my $t (sort keys %variant) { + my $cipherfile = "$test.$c.cipher"; + my $clearfile = "$test.$c.clear"; + my @e = ( "$c", "-bufsize", "113", @{$variant{$t}}, "-e", "-k", "test" ); + my @d = ( "$c", "-bufsize", "157", @{$variant{$t}}, "-d", "-k", "test" ); + if ($c eq "cat") { + $cipherfile = "$test.cipher"; + $clearfile = "$test.clear"; + @e = ( "enc", @{$variant{$t}}, "-e" ); + @d = ( "enc", @{$variant{$t}}, "-d" ); + } + + ok(run(app([$cmd, @e, "-in", $test, "-out", $cipherfile])) + && run(app([$cmd, @d, "-in", $cipherfile, "-out", $clearfile])) + && compare_text($test,$clearfile) == 0, $t); + unlink $cipherfile, $clearfile; + } + } +} + +unlink $test; diff --git a/openssl-1.1.0h/test/recipes/20-test_passwd.t b/openssl-1.1.0h/test/recipes/20-test_passwd.t new file mode 100644 index 0000000..cf9c2cc --- /dev/null +++ b/openssl-1.1.0h/test/recipes/20-test_passwd.t @@ -0,0 +1,39 @@ +#! /usr/bin/env perl +# Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved. +# +# Licensed under the OpenSSL license (the "License"). You may not use +# this file except in compliance with the License. You can obtain a copy +# in the file LICENSE in the source distribution or at +# https://www.openssl.org/source/license.html + + +use strict; +use warnings; + +use OpenSSL::Test; +use OpenSSL::Test::Utils; + +setup("test_passwd"); + +plan tests => disabled("des") ? 4 : 6; + +ok(compare1stline([qw{openssl passwd password}], '^.{13}\R$'), + 'crypt password with random salt') if !disabled("des"); +ok(compare1stline([qw{openssl passwd -1 password}], '^\$1\$.{8}\$.{22}\R$'), + 'BSD style MD5 password with random salt'); +ok(compare1stline([qw{openssl passwd -apr1 password}], '^\$apr1\$.{8}\$.{22}\R$'), + 'Apache style MD5 password with random salt'); +ok(compare1stline([qw{openssl passwd -salt xx password}], '^xxj31ZMTZzkVA\R$'), + 'crypt password with salt xx') if !disabled("des"); +ok(compare1stline([qw{openssl passwd -salt xxxxxxxx -1 password}], '^\$1\$xxxxxxxx\$UYCIxa628\.9qXjpQCjM4a\.\R$'), + 'BSD style MD5 password with salt xxxxxxxx'); +ok(compare1stline([qw{openssl passwd -salt xxxxxxxx -apr1 password}], '^\$apr1\$xxxxxxxx\$dxHfLAsjHkDRmG83UXe8K0\R$'), + 'Apache style MD5 password with salt xxxxxxxx'); + + +sub compare1stline { + my ($cmdarray, $regexp) = @_; + my @lines = run(app($cmdarray), capture => 1); + + return $lines[0] =~ m|$regexp|; +} diff --git a/openssl-1.1.0h/test/recipes/25-test_crl.t b/openssl-1.1.0h/test/recipes/25-test_crl.t new file mode 100644 index 0000000..e8ce5f8 --- /dev/null +++ b/openssl-1.1.0h/test/recipes/25-test_crl.t @@ -0,0 +1,43 @@ +#! /usr/bin/env perl +# Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved. +# +# Licensed under the OpenSSL license (the "License"). You may not use +# this file except in compliance with the License. You can obtain a copy +# in the file LICENSE in the source distribution or at +# https://www.openssl.org/source/license.html + + +use strict; +use warnings; + +use File::Spec; +use OpenSSL::Test qw/:DEFAULT srctop_file/; + +setup("test_crl"); + +plan tests => 5; + +require_ok(srctop_file('test','recipes','tconversion.pl')); + +subtest 'crl conversions' => sub { + tconversion("crl", srctop_file("test","testcrl.pem")); +}; + +ok(run(test(['crltest']))); + +ok(compare1stline([qw{openssl crl -noout -fingerprint -in}, + srctop_file('test', 'testcrl.pem')], + 'SHA1 Fingerprint=BA:F4:1B:AD:7A:9B:2F:09:16:BC:60:A7:0E:CE:79:2E:36:00:E7:B2')); +ok(compare1stline([qw{openssl crl -noout -fingerprint -sha256 -in}, + srctop_file('test', 'testcrl.pem')], + 'SHA256 Fingerprint=B3:A9:FD:A7:2E:8C:3D:DF:D0:F1:C3:1A:96:60:B5:FD:B0:99:7C:7F:0E:E4:34:F5:DB:87:62:36:BC:F1:BC:1B')); + +sub compare1stline { + my ($cmdarray, $str) = @_; + my @lines = run(app($cmdarray), capture => 1); + + return 1 if $lines[0] =~ m|^\Q${str}\E\R$|; + note "Got ", $lines[0]; + note "Expected ", $str; + return 0; +} diff --git a/openssl-1.1.0h/test/recipes/25-test_d2i.t b/openssl-1.1.0h/test/recipes/25-test_d2i.t new file mode 100644 index 0000000..688c8ed --- /dev/null +++ b/openssl-1.1.0h/test/recipes/25-test_d2i.t @@ -0,0 +1,93 @@ +#! /usr/bin/env perl +# Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved. +# +# Licensed under the OpenSSL license (the "License"). You may not use +# this file except in compliance with the License. You can obtain a copy +# in the file LICENSE in the source distribution or at +# https://www.openssl.org/source/license.html + + +use strict; +use warnings; + +use File::Spec; +use OpenSSL::Test qw/:DEFAULT srctop_file/; +use OpenSSL::Test::Utils; + +setup("test_d2i"); + +plan tests => 14; + +ok(run(test(["d2i_test", "X509", "decode", + srctop_file('test','d2i-tests','bad_cert.der')])), + "Running d2i_test bad_cert.der"); + +ok(run(test(["d2i_test", "GENERAL_NAME", "decode", + srctop_file('test','d2i-tests','bad_generalname.der')])), + "Running d2i_test bad_generalname.der"); + +ok(run(test(["d2i_test", "ASN1_ANY", "BIO", + srctop_file('test','d2i-tests','bad_bio.der')])), + "Running d2i_test bad_bio.der"); +# This test checks CVE-2016-2108. The data consists of an tag 258 and +# two zero content octets. This is parsed as an ASN1_ANY type. If the +# type is incorrectly interpreted as an ASN.1 INTEGER the two zero content +# octets will be reject as invalid padding and this test will fail. +# If the type is correctly interpreted it will by treated as an ASN1_STRING +# type and the content octets copied verbatim. +ok(run(test(["d2i_test", "ASN1_ANY", "OK", + srctop_file('test','d2i-tests','high_tag.der')])), + "Running d2i_test high_tag.der"); + +# Above test data but interpreted as ASN.1 INTEGER: this will be rejected +# because the tag is invalid. +ok(run(test(["d2i_test", "ASN1_INTEGER", "decode", + srctop_file('test','d2i-tests','high_tag.der')])), + "Running d2i_test high_tag.der INTEGER"); + +# Parse valid 0, 1 and -1 ASN.1 INTEGER as INTEGER or ANY. + +ok(run(test(["d2i_test", "ASN1_INTEGER", "OK", + srctop_file('test','d2i-tests','int0.der')])), + "Running d2i_test int0.der INTEGER"); + +ok(run(test(["d2i_test", "ASN1_INTEGER", "OK", + srctop_file('test','d2i-tests','int1.der')])), + "Running d2i_test int1.der INTEGER"); + +ok(run(test(["d2i_test", "ASN1_INTEGER", "OK", + srctop_file('test','d2i-tests','intminus1.der')])), + "Running d2i_test intminus1.der INTEGER"); + +ok(run(test(["d2i_test", "ASN1_ANY", "OK", + srctop_file('test','d2i-tests','int0.der')])), + "Running d2i_test int0.der ANY"); + +ok(run(test(["d2i_test", "ASN1_ANY", "OK", + srctop_file('test','d2i-tests','int1.der')])), + "Running d2i_test int1.der ANY"); + +ok(run(test(["d2i_test", "ASN1_ANY", "OK", + srctop_file('test','d2i-tests','intminus1.der')])), + "Running d2i_test intminus1.der ANY"); + +# Integers with illegal additional padding. + +ok(run(test(["d2i_test", "ASN1_INTEGER", "decode", + srctop_file('test','d2i-tests','bad-int-pad0.der')])), + "Running d2i_test bad-int-pad0.der INTEGER"); + +ok(run(test(["d2i_test", "ASN1_INTEGER", "decode", + srctop_file('test','d2i-tests','bad-int-padminus1.der')])), + "Running d2i_test bad-int-padminus1.der INTEGER"); + +SKIP: { + skip "No CMS support in this configuration", 1 if disabled("cms"); + + # Invalid CMS structure with decode error in CHOICE value. + # Test for CVE-2016-7053 + + ok(run(test(["d2i_test", "CMS_ContentInfo", "decode", + srctop_file('test','d2i-tests','bad-cms.der')])), + "Running d2i_test bad-cms.der CMS ContentInfo"); +} diff --git a/openssl-1.1.0h/test/recipes/25-test_pkcs7.t b/openssl-1.1.0h/test/recipes/25-test_pkcs7.t new file mode 100644 index 0000000..724326b --- /dev/null +++ b/openssl-1.1.0h/test/recipes/25-test_pkcs7.t @@ -0,0 +1,27 @@ +#! /usr/bin/env perl +# Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved. +# +# Licensed under the OpenSSL license (the "License"). You may not use +# this file except in compliance with the License. You can obtain a copy +# in the file LICENSE in the source distribution or at +# https://www.openssl.org/source/license.html + + +use strict; +use warnings; + +use File::Spec; +use OpenSSL::Test qw/:DEFAULT srctop_file/; + +setup("test_pkcs7"); + +plan tests => 3; + +require_ok(srctop_file('test','recipes','tconversion.pl')); + +subtest 'pkcs7 conversions -- pkcs7' => sub { + tconversion("p7", srctop_file("test", "testp7.pem"), "pkcs7"); +}; +subtest 'pkcs7 conversions -- pkcs7d' => sub { + tconversion("p7d", srctop_file("test", "pkcs7-1.pem"), "pkcs7"); +}; diff --git a/openssl-1.1.0h/test/recipes/25-test_req.t b/openssl-1.1.0h/test/recipes/25-test_req.t new file mode 100644 index 0000000..bcc1025 --- /dev/null +++ b/openssl-1.1.0h/test/recipes/25-test_req.t @@ -0,0 +1,76 @@ +#! /usr/bin/env perl +# Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved. +# +# Licensed under the OpenSSL license (the "License"). You may not use +# this file except in compliance with the License. You can obtain a copy +# in the file LICENSE in the source distribution or at +# https://www.openssl.org/source/license.html + + +use strict; +use warnings; + +use OpenSSL::Test::Utils; +use OpenSSL::Test qw/:DEFAULT srctop_file/; + +setup("test_req"); + +plan tests => 4; + +require_ok(srctop_file('test','recipes','tconversion.pl')); + +open RND, ">>", ".rnd"; +print RND "string to make the random number generator think it has entropy"; +close RND; +subtest "generating certificate requests" => sub { + my @req_new; + if (disabled("rsa")) { + @req_new = ("-newkey", "dsa:".srctop_file("apps", "dsa512.pem")); + } else { + @req_new = ("-new"); + note("There should be a 2 sequences of .'s and some +'s."); + note("There should not be more that at most 80 per line"); + } + + plan tests => 2; + + ok(run(app(["openssl", "req", "-config", srctop_file("test", "test.cnf"), + @req_new, "-out", "testreq.pem"])), + "Generating request"); + + ok(run(app(["openssl", "req", "-config", srctop_file("test", "test.cnf"), + "-verify", "-in", "testreq.pem", "-noout"])), + "Verifying signature on request"); +}; + +my @openssl_args = ("req", "-config", srctop_file("apps", "openssl.cnf")); + +run_conversion('req conversions', + "testreq.pem"); +run_conversion('req conversions -- testreq2', + srctop_file("test", "testreq2.pem")); + +unlink "testkey.pem", "testreq.pem"; + +sub run_conversion { + my $title = shift; + my $reqfile = shift; + + subtest $title => sub { + run(app(["openssl", @openssl_args, + "-in", $reqfile, "-inform", "p", + "-noout", "-text"], + stderr => "req-check.err", stdout => undef)); + open DATA, "req-check.err"; + SKIP: { + plan skip_all => "skipping req conversion test for $reqfile" + if grep /Unknown Public Key/, map { s/\R//; } ; + + tconversion("req", $reqfile, @openssl_args); + } + close DATA; + unlink "req-check.err"; + + done_testing(); + }; +} diff --git a/openssl-1.1.0h/test/recipes/25-test_sid.t b/openssl-1.1.0h/test/recipes/25-test_sid.t new file mode 100644 index 0000000..b13cb5c --- /dev/null +++ b/openssl-1.1.0h/test/recipes/25-test_sid.t @@ -0,0 +1,24 @@ +#! /usr/bin/env perl +# Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved. +# +# Licensed under the OpenSSL license (the "License"). You may not use +# this file except in compliance with the License. You can obtain a copy +# in the file LICENSE in the source distribution or at +# https://www.openssl.org/source/license.html + + +use strict; +use warnings; + +use File::Spec; +use OpenSSL::Test qw/:DEFAULT srctop_file/; + +setup("test_sid"); + +plan tests => 2; + +require_ok(srctop_file('test','recipes','tconversion.pl')); + +subtest 'sid conversions' => sub { + tconversion("sid", srctop_file("test","testsid.pem"), "sess_id"); +}; diff --git a/openssl-1.1.0h/test/recipes/25-test_verify.t b/openssl-1.1.0h/test/recipes/25-test_verify.t new file mode 100644 index 0000000..11bd430 --- /dev/null +++ b/openssl-1.1.0h/test/recipes/25-test_verify.t @@ -0,0 +1,380 @@ +#! /usr/bin/env perl +# Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved. +# +# Licensed under the OpenSSL license (the "License"). You may not use +# this file except in compliance with the License. You can obtain a copy +# in the file LICENSE in the source distribution or at +# https://www.openssl.org/source/license.html + + +use strict; +use warnings; + +use File::Spec::Functions qw/canonpath/; +use OpenSSL::Test qw/:DEFAULT srctop_file/; + +setup("test_verify"); + +sub verify { + my ($cert, $purpose, $trusted, $untrusted, @opts) = @_; + my @args = qw(openssl verify -auth_level 1 -purpose); + my @path = qw(test certs); + push(@args, "$purpose", @opts); + for (@$trusted) { + push(@args, "-trusted", srctop_file(@path, "$_.pem")) + } + for (@$untrusted) { + push(@args, "-untrusted", srctop_file(@path, "$_.pem")) + } + push(@args, srctop_file(@path, "$cert.pem")); + run(app([@args])); +} + +plan tests => 127; + +# Canonical success +ok(verify("ee-cert", "sslserver", ["root-cert"], ["ca-cert"]), + "accept compat trust"); + +# Root CA variants +ok(!verify("ee-cert", "sslserver", [qw(root-nonca)], [qw(ca-cert)]), + "fail trusted non-ca root"); +ok(!verify("ee-cert", "sslserver", [qw(nroot+serverAuth)], [qw(ca-cert)]), + "fail server trust non-ca root"); +ok(!verify("ee-cert", "sslserver", [qw(nroot+anyEKU)], [qw(ca-cert)]), + "fail wildcard trust non-ca root"); +ok(!verify("ee-cert", "sslserver", [qw(root-cert2)], [qw(ca-cert)]), + "fail wrong root key"); +ok(!verify("ee-cert", "sslserver", [qw(root-name2)], [qw(ca-cert)]), + "fail wrong root DN"); + +# Explicit trust/purpose combinations +# +ok(verify("ee-cert", "sslserver", [qw(sroot-cert)], [qw(ca-cert)]), + "accept server purpose"); +ok(!verify("ee-cert", "sslserver", [qw(croot-cert)], [qw(ca-cert)]), + "fail client purpose"); +ok(verify("ee-cert", "sslserver", [qw(root+serverAuth)], [qw(ca-cert)]), + "accept server trust"); +ok(verify("ee-cert", "sslserver", [qw(sroot+serverAuth)], [qw(ca-cert)]), + "accept server trust with server purpose"); +ok(verify("ee-cert", "sslserver", [qw(croot+serverAuth)], [qw(ca-cert)]), + "accept server trust with client purpose"); +# Wildcard trust +ok(verify("ee-cert", "sslserver", [qw(root+anyEKU)], [qw(ca-cert)]), + "accept wildcard trust"); +ok(verify("ee-cert", "sslserver", [qw(sroot+anyEKU)], [qw(ca-cert)]), + "accept wildcard trust with server purpose"); +ok(verify("ee-cert", "sslserver", [qw(croot+anyEKU)], [qw(ca-cert)]), + "accept wildcard trust with client purpose"); +# Inapplicable mistrust +ok(verify("ee-cert", "sslserver", [qw(root-clientAuth)], [qw(ca-cert)]), + "accept client mistrust"); +ok(verify("ee-cert", "sslserver", [qw(sroot-clientAuth)], [qw(ca-cert)]), + "accept client mistrust with server purpose"); +ok(!verify("ee-cert", "sslserver", [qw(croot-clientAuth)], [qw(ca-cert)]), + "fail client mistrust with client purpose"); +# Inapplicable trust +ok(!verify("ee-cert", "sslserver", [qw(root+clientAuth)], [qw(ca-cert)]), + "fail client trust"); +ok(!verify("ee-cert", "sslserver", [qw(sroot+clientAuth)], [qw(ca-cert)]), + "fail client trust with server purpose"); +ok(!verify("ee-cert", "sslserver", [qw(croot+clientAuth)], [qw(ca-cert)]), + "fail client trust with client purpose"); +# Server mistrust +ok(!verify("ee-cert", "sslserver", [qw(root-serverAuth)], [qw(ca-cert)]), + "fail rejected EKU"); +ok(!verify("ee-cert", "sslserver", [qw(sroot-serverAuth)], [qw(ca-cert)]), + "fail server mistrust with server purpose"); +ok(!verify("ee-cert", "sslserver", [qw(croot-serverAuth)], [qw(ca-cert)]), + "fail server mistrust with client purpose"); +# Wildcard mistrust +ok(!verify("ee-cert", "sslserver", [qw(root-anyEKU)], [qw(ca-cert)]), + "fail wildcard mistrust"); +ok(!verify("ee-cert", "sslserver", [qw(sroot-anyEKU)], [qw(ca-cert)]), + "fail wildcard mistrust with server purpose"); +ok(!verify("ee-cert", "sslserver", [qw(croot-anyEKU)], [qw(ca-cert)]), + "fail wildcard mistrust with client purpose"); + +# Check that trusted-first is on by setting up paths to different roots +# depending on whether the intermediate is the trusted or untrusted one. +# +ok(verify("ee-cert", "sslserver", [qw(root-serverAuth root-cert2 ca-root2)], + [qw(ca-cert)]), + "accept trusted-first path"); +ok(verify("ee-cert", "sslserver", [qw(root-cert root2+serverAuth ca-root2)], + [qw(ca-cert)]), + "accept trusted-first path with server trust"); +ok(!verify("ee-cert", "sslserver", [qw(root-cert root2-serverAuth ca-root2)], + [qw(ca-cert)]), + "fail trusted-first path with server mistrust"); +ok(!verify("ee-cert", "sslserver", [qw(root-cert root2+clientAuth ca-root2)], + [qw(ca-cert)]), + "fail trusted-first path with client trust"); + +# CA variants +ok(!verify("ee-cert", "sslserver", [qw(root-cert)], [qw(ca-nonca)]), + "fail non-CA untrusted intermediate"); +ok(!verify("ee-cert", "sslserver", [qw(root-cert)], [qw(ca-nonbc)]), + "fail non-CA untrusted intermediate"); +ok(!verify("ee-cert", "sslserver", [qw(root-cert ca-nonca)], []), + "fail non-CA trust-store intermediate"); +ok(!verify("ee-cert", "sslserver", [qw(root-cert ca-nonbc)], []), + "fail non-CA trust-store intermediate"); +ok(!verify("ee-cert", "sslserver", [qw(root-cert nca+serverAuth)], []), + "fail non-CA server trust intermediate"); +ok(!verify("ee-cert", "sslserver", [qw(root-cert nca+anyEKU)], []), + "fail non-CA wildcard trust intermediate"); +ok(!verify("ee-cert", "sslserver", [qw(root-cert)], [qw(ca-cert2)]), + "fail wrong intermediate CA key"); +ok(!verify("ee-cert", "sslserver", [qw(root-cert)], [qw(ca-name2)]), + "fail wrong intermediate CA DN"); +ok(!verify("ee-cert", "sslserver", [qw(root-cert)], [qw(ca-root2)]), + "fail wrong intermediate CA issuer"); +ok(!verify("ee-cert", "sslserver", [], [qw(ca-cert)], "-partial_chain"), + "fail untrusted partial chain"); +ok(verify("ee-cert", "sslserver", [qw(ca-cert)], [], "-partial_chain"), + "accept trusted partial chain"); +ok(verify("ee-cert", "sslserver", [qw(sca-cert)], [], "-partial_chain"), + "accept partial chain with server purpose"); +ok(!verify("ee-cert", "sslserver", [qw(cca-cert)], [], "-partial_chain"), + "fail partial chain with client purpose"); +ok(verify("ee-cert", "sslserver", [qw(ca+serverAuth)], [], "-partial_chain"), + "accept server trust partial chain"); +ok(verify("ee-cert", "sslserver", [qw(cca+serverAuth)], [], "-partial_chain"), + "accept server trust client purpose partial chain"); +ok(verify("ee-cert", "sslserver", [qw(ca-clientAuth)], [], "-partial_chain"), + "accept client mistrust partial chain"); +ok(verify("ee-cert", "sslserver", [qw(ca+anyEKU)], [], "-partial_chain"), + "accept wildcard trust partial chain"); +ok(!verify("ee-cert", "sslserver", [], [qw(ca+serverAuth)], "-partial_chain"), + "fail untrusted partial issuer with ignored server trust"); +ok(!verify("ee-cert", "sslserver", [qw(ca-serverAuth)], [], "-partial_chain"), + "fail server mistrust partial chain"); +ok(!verify("ee-cert", "sslserver", [qw(ca+clientAuth)], [], "-partial_chain"), + "fail client trust partial chain"); +ok(!verify("ee-cert", "sslserver", [qw(ca-anyEKU)], [], "-partial_chain"), + "fail wildcard mistrust partial chain"); + +# We now test auxiliary trust even for intermediate trusted certs without +# -partial_chain. Note that "-trusted_first" is now always on and cannot +# be disabled. +ok(verify("ee-cert", "sslserver", [qw(root-cert ca+serverAuth)], [qw(ca-cert)]), + "accept server trust"); +ok(verify("ee-cert", "sslserver", [qw(root-cert ca+anyEKU)], [qw(ca-cert)]), + "accept wildcard trust"); +ok(verify("ee-cert", "sslserver", [qw(root-cert sca-cert)], [qw(ca-cert)]), + "accept server purpose"); +ok(verify("ee-cert", "sslserver", [qw(root-cert sca+serverAuth)], + [qw(ca-cert)]), + "accept server trust and purpose"); +ok(verify("ee-cert", "sslserver", [qw(root-cert sca+anyEKU)], [qw(ca-cert)]), + "accept wildcard trust and server purpose"); +ok(verify("ee-cert", "sslserver", [qw(root-cert sca-clientAuth)], + [qw(ca-cert)]), + "accept client mistrust and server purpose"); +ok(verify("ee-cert", "sslserver", [qw(root-cert cca+serverAuth)], + [qw(ca-cert)]), + "accept server trust and client purpose"); +ok(verify("ee-cert", "sslserver", [qw(root-cert cca+anyEKU)], [qw(ca-cert)]), + "accept wildcard trust and client purpose"); +ok(!verify("ee-cert", "sslserver", [qw(root-cert cca-cert)], [qw(ca-cert)]), + "fail client purpose"); +ok(!verify("ee-cert", "sslserver", [qw(root-cert ca-anyEKU)], [qw(ca-cert)]), + "fail wildcard mistrust"); +ok(!verify("ee-cert", "sslserver", [qw(root-cert ca-serverAuth)], + [qw(ca-cert)]), + "fail server mistrust"); +ok(!verify("ee-cert", "sslserver", [qw(root-cert ca+clientAuth)], + [qw(ca-cert)]), + "fail client trust"); +ok(!verify("ee-cert", "sslserver", [qw(root-cert sca+clientAuth)], + [qw(ca-cert)]), + "fail client trust and server purpose"); +ok(!verify("ee-cert", "sslserver", [qw(root-cert cca+clientAuth)], + [qw(ca-cert)]), + "fail client trust and client purpose"); +ok(!verify("ee-cert", "sslserver", [qw(root-cert cca-serverAuth)], + [qw(ca-cert)]), + "fail server mistrust and client purpose"); +ok(!verify("ee-cert", "sslserver", [qw(root-cert cca-clientAuth)], + [qw(ca-cert)]), + "fail client mistrust and client purpose"); +ok(!verify("ee-cert", "sslserver", [qw(root-cert sca-serverAuth)], + [qw(ca-cert)]), + "fail server mistrust and server purpose"); +ok(!verify("ee-cert", "sslserver", [qw(root-cert sca-anyEKU)], [qw(ca-cert)]), + "fail wildcard mistrust and server purpose"); +ok(!verify("ee-cert", "sslserver", [qw(root-cert cca-anyEKU)], [qw(ca-cert)]), + "fail wildcard mistrust and client purpose"); + +# EE variants +ok(verify("ee-client", "sslclient", [qw(root-cert)], [qw(ca-cert)]), + "accept client chain"); +ok(!verify("ee-client", "sslserver", [qw(root-cert)], [qw(ca-cert)]), + "fail server leaf purpose"); +ok(!verify("ee-cert", "sslclient", [qw(root-cert)], [qw(ca-cert)]), + "fail client leaf purpose"); +ok(!verify("ee-cert2", "sslserver", [qw(root-cert)], [qw(ca-cert)]), + "fail wrong intermediate CA key"); +ok(!verify("ee-name2", "sslserver", [qw(root-cert)], [qw(ca-cert)]), + "fail wrong intermediate CA DN"); +ok(!verify("ee-expired", "sslserver", [qw(root-cert)], [qw(ca-cert)]), + "fail expired leaf"); +ok(verify("ee-cert", "sslserver", [qw(ee-cert)], [], "-partial_chain"), + "accept last-resort direct leaf match"); +ok(verify("ee-client", "sslclient", [qw(ee-client)], [], "-partial_chain"), + "accept last-resort direct leaf match"); +ok(!verify("ee-cert", "sslserver", [qw(ee-client)], [], "-partial_chain"), + "fail last-resort direct leaf non-match"); +ok(verify("ee-cert", "sslserver", [qw(ee+serverAuth)], [], "-partial_chain"), + "accept direct match with server trust"); +ok(!verify("ee-cert", "sslserver", [qw(ee-serverAuth)], [], "-partial_chain"), + "fail direct match with server mistrust"); +ok(verify("ee-client", "sslclient", [qw(ee+clientAuth)], [], "-partial_chain"), + "accept direct match with client trust"); +ok(!verify("ee-client", "sslclient", [qw(ee-clientAuth)], [], "-partial_chain"), + "reject direct match with client mistrust"); + +# Proxy certificates +ok(!verify("pc1-cert", "sslclient", [qw(root-cert)], [qw(ee-client ca-cert)]), + "fail to accept proxy cert without -allow_proxy_certs"); +ok(verify("pc1-cert", "sslclient", [qw(root-cert)], [qw(ee-client ca-cert)], + "-allow_proxy_certs"), + "accept proxy cert 1"); +ok(verify("pc2-cert", "sslclient", [qw(root-cert)], + [qw(pc1-cert ee-client ca-cert)], "-allow_proxy_certs"), + "accept proxy cert 2"); +ok(!verify("bad-pc3-cert", "sslclient", [qw(root-cert)], + [qw(pc1-cert ee-client ca-cert)], "-allow_proxy_certs"), + "fail proxy cert with incorrect subject"); +ok(!verify("bad-pc4-cert", "sslclient", [qw(root-cert)], + [qw(pc1-cert ee-client ca-cert)], "-allow_proxy_certs"), + "fail proxy cert with incorrect pathlen"); +ok(verify("pc5-cert", "sslclient", [qw(root-cert)], + [qw(pc1-cert ee-client ca-cert)], "-allow_proxy_certs"), + "accept proxy cert missing proxy policy"); +ok(!verify("pc6-cert", "sslclient", [qw(root-cert)], + [qw(pc1-cert ee-client ca-cert)], "-allow_proxy_certs"), + "failed proxy cert where last CN was added as a multivalue RDN component"); + +# Security level tests +ok(verify("ee-cert", "sslserver", ["root-cert"], ["ca-cert"], + "-auth_level", "2"), + "accept RSA 2048 chain at auth level 2"); +ok(!verify("ee-cert", "sslserver", ["root-cert"], ["ca-cert"], + "-auth_level", "3"), + "reject RSA 2048 root at auth level 3"); +ok(verify("ee-cert", "sslserver", ["root-cert-768"], ["ca-cert-768i"], + "-auth_level", "0"), + "accept RSA 768 root at auth level 0"); +ok(!verify("ee-cert", "sslserver", ["root-cert-768"], ["ca-cert-768i"]), + "reject RSA 768 root at auth level 1"); +ok(verify("ee-cert-768i", "sslserver", ["root-cert"], ["ca-cert-768"], + "-auth_level", "0"), + "accept RSA 768 intermediate at auth level 0"); +ok(!verify("ee-cert-768i", "sslserver", ["root-cert"], ["ca-cert-768"]), + "reject RSA 768 intermediate at auth level 1"); +ok(verify("ee-cert-768", "sslserver", ["root-cert"], ["ca-cert"], + "-auth_level", "0"), + "accept RSA 768 leaf at auth level 0"); +ok(!verify("ee-cert-768", "sslserver", ["root-cert"], ["ca-cert"]), + "reject RSA 768 leaf at auth level 1"); +# +ok(verify("ee-cert", "sslserver", ["root-cert-md5"], ["ca-cert"], + "-auth_level", "2"), + "accept md5 self-signed TA at auth level 2"); +ok(verify("ee-cert", "sslserver", ["ca-cert-md5-any"], [], + "-auth_level", "2"), + "accept md5 intermediate TA at auth level 2"); +ok(verify("ee-cert", "sslserver", ["root-cert"], ["ca-cert-md5"], + "-auth_level", "0"), + "accept md5 intermediate at auth level 0"); +ok(!verify("ee-cert", "sslserver", ["root-cert"], ["ca-cert-md5"]), + "reject md5 intermediate at auth level 1"); +ok(verify("ee-cert-md5", "sslserver", ["root-cert"], ["ca-cert"], + "-auth_level", "0"), + "accept md5 leaf at auth level 0"); +ok(!verify("ee-cert-md5", "sslserver", ["root-cert"], ["ca-cert"]), + "reject md5 leaf at auth level 1"); + +# Depth tests, note the depth limit bounds the number of CA certificates +# between the trust-anchor and the leaf, so, for example, with a root->ca->leaf +# chain, depth = 1 is sufficient, but depth == 0 is not. +# +ok(verify("ee-cert", "sslserver", ["root-cert"], ["ca-cert"], + "-verify_depth", "2"), + "accept chain with verify_depth 2"); +ok(verify("ee-cert", "sslserver", ["root-cert"], ["ca-cert"], + "-verify_depth", "1"), + "accept chain with verify_depth 1"); +ok(!verify("ee-cert", "sslserver", ["root-cert"], ["ca-cert"], + "-verify_depth", "0"), + "accept chain with verify_depth 0"); +ok(verify("ee-cert", "sslserver", ["ca-cert-md5-any"], [], + "-verify_depth", "0"), + "accept md5 intermediate TA with verify_depth 0"); + +# Name Constraints tests. + +ok(verify("alt1-cert", "sslserver", ["root-cert"], ["ncca1-cert"], ), + "Name Constraints everything permitted"); + +ok(verify("alt2-cert", "sslserver", ["root-cert"], ["ncca2-cert"], ), + "Name Constraints nothing excluded"); + +ok(verify("alt3-cert", "sslserver", ["root-cert"], ["ncca1-cert", "ncca3-cert"], ), + "Name Constraints nested test all permitted"); + +ok(!verify("badalt1-cert", "sslserver", ["root-cert"], ["ncca1-cert"], ), + "Name Constraints hostname not permitted"); + +ok(!verify("badalt2-cert", "sslserver", ["root-cert"], ["ncca2-cert"], ), + "Name Constraints hostname excluded"); + +ok(!verify("badalt3-cert", "sslserver", ["root-cert"], ["ncca1-cert"], ), + "Name Constraints email address not permitted"); + +ok(!verify("badalt4-cert", "sslserver", ["root-cert"], ["ncca1-cert"], ), + "Name Constraints subject email address not permitted"); + +ok(!verify("badalt5-cert", "sslserver", ["root-cert"], ["ncca1-cert"], ), + "Name Constraints IP address not permitted"); + +ok(!verify("badalt6-cert", "sslserver", ["root-cert"], ["ncca1-cert"], ), + "Name Constraints CN hostname not permitted"); + +ok(!verify("badalt7-cert", "sslserver", ["root-cert"], ["ncca1-cert"], ), + "Name Constraints CN BMPSTRING hostname not permitted"); + +ok(!verify("badalt8-cert", "sslserver", ["root-cert"], + ["ncca1-cert", "ncca3-cert"], ), + "Name constaints nested DNS name not permitted 1"); + +ok(!verify("badalt9-cert", "sslserver", ["root-cert"], + ["ncca1-cert", "ncca3-cert"], ), + "Name constaints nested DNS name not permitted 2"); + +ok(!verify("badalt10-cert", "sslserver", ["root-cert"], + ["ncca1-cert", "ncca3-cert"], ), + "Name constaints nested DNS name excluded"); + +ok(!verify("many-names1", "sslserver", ["many-constraints"], + ["many-constraints"], ), + "Too many names and constraints to check (1)"); +ok(!verify("many-names2", "sslserver", ["many-constraints"], + ["many-constraints"], ), + "Too many names and constraints to check (2)"); +ok(!verify("many-names3", "sslserver", ["many-constraints"], + ["many-constraints"], ), + "Too many names and constraints to check (3)"); + +ok(verify("some-names1", "sslserver", ["many-constraints"], + ["many-constraints"], ), + "Not too many names and constraints to check (1)"); +ok(verify("some-names2", "sslserver", ["many-constraints"], + ["many-constraints"], ), + "Not too many names and constraints to check (2)"); +ok(verify("some-names2", "sslserver", ["many-constraints"], + ["many-constraints"], ), + "Not too many names and constraints to check (3)"); diff --git a/openssl-1.1.0h/test/recipes/25-test_x509.t b/openssl-1.1.0h/test/recipes/25-test_x509.t new file mode 100644 index 0000000..98a8d32 --- /dev/null +++ b/openssl-1.1.0h/test/recipes/25-test_x509.t @@ -0,0 +1,34 @@ +#! /usr/bin/env perl +# Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved. +# +# Licensed under the OpenSSL license (the "License"). You may not use +# this file except in compliance with the License. You can obtain a copy +# in the file LICENSE in the source distribution or at +# https://www.openssl.org/source/license.html + + +use strict; +use warnings; + +use File::Spec; +use OpenSSL::Test qw/:DEFAULT srctop_file/; + +setup("test_x509"); + +plan tests => 5; + +require_ok(srctop_file('test','recipes','tconversion.pl')); + +subtest 'x509 -- x.509 v1 certificate' => sub { + tconversion("x509", srctop_file("test","testx509.pem")); +}; +subtest 'x509 -- first x.509 v3 certificate' => sub { + tconversion("x509", srctop_file("test","v3-cert1.pem")); +}; +subtest 'x509 -- second x.509 v3 certificate' => sub { + tconversion("x509", srctop_file("test","v3-cert2.pem")); +}; + +subtest 'x509 -- pathlen' => sub { + ok(run(test(["v3ext", srctop_file("test/certs", "pathlen.pem")]))); +} diff --git a/openssl-1.1.0h/test/recipes/30-test_afalg.t b/openssl-1.1.0h/test/recipes/30-test_afalg.t new file mode 100644 index 0000000..c8cb67b --- /dev/null +++ b/openssl-1.1.0h/test/recipes/30-test_afalg.t @@ -0,0 +1,23 @@ +#! /usr/bin/env perl +# Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved. +# +# Licensed under the OpenSSL license (the "License"). You may not use +# this file except in compliance with the License. You can obtain a copy +# in the file LICENSE in the source distribution or at +# https://www.openssl.org/source/license.html + +use strict; +use OpenSSL::Test qw/:DEFAULT bldtop_dir/; +use OpenSSL::Test::Utils; + +my $test_name = "test_afalg"; +setup($test_name); + +plan skip_all => "$test_name not supported for this build" + if disabled("afalgeng"); + +plan tests => 1; + +$ENV{OPENSSL_ENGINES} = bldtop_dir("engines/afalg"); + +ok(run(test(["afalgtest"])), "running afalgtest"); diff --git a/openssl-1.1.0h/test/recipes/30-test_engine.t b/openssl-1.1.0h/test/recipes/30-test_engine.t new file mode 100644 index 0000000..03c96cd --- /dev/null +++ b/openssl-1.1.0h/test/recipes/30-test_engine.t @@ -0,0 +1,18 @@ +#! /usr/bin/env perl +# Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved. +# +# Licensed under the OpenSSL license (the "License"). You may not use +# this file except in compliance with the License. You can obtain a copy +# in the file LICENSE in the source distribution or at +# https://www.openssl.org/source/license.html + + +use strict; +use warnings; + +use OpenSSL::Test; + +setup("test_engine"); + +plan tests => 1; +ok(run(test(["enginetest"])), "running enginetest"); diff --git a/openssl-1.1.0h/test/recipes/30-test_evp.t b/openssl-1.1.0h/test/recipes/30-test_evp.t new file mode 100644 index 0000000..c277fcd --- /dev/null +++ b/openssl-1.1.0h/test/recipes/30-test_evp.t @@ -0,0 +1,19 @@ +#! /usr/bin/env perl +# Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved. +# +# Licensed under the OpenSSL license (the "License"). You may not use +# this file except in compliance with the License. You can obtain a copy +# in the file LICENSE in the source distribution or at +# https://www.openssl.org/source/license.html + + +use strict; +use warnings; + +use OpenSSL::Test qw/:DEFAULT srctop_file/; + +setup("test_evp"); + +plan tests => 1; +ok(run(test(["evp_test", srctop_file("test", "evptests.txt")])), + "running evp_test evptests.txt"); diff --git a/openssl-1.1.0h/test/recipes/30-test_evp_extra.t b/openssl-1.1.0h/test/recipes/30-test_evp_extra.t new file mode 100644 index 0000000..9a656b0 --- /dev/null +++ b/openssl-1.1.0h/test/recipes/30-test_evp_extra.t @@ -0,0 +1,18 @@ +#! /usr/bin/env perl +# Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved. +# +# Licensed under the OpenSSL license (the "License"). You may not use +# this file except in compliance with the License. You can obtain a copy +# in the file LICENSE in the source distribution or at +# https://www.openssl.org/source/license.html + + +use strict; +use warnings; + +use OpenSSL::Test; + +setup("test_evp_extra"); + +plan tests => 1; +ok(run(test(["evp_extra_test"])), "running evp_extra_test"); diff --git a/openssl-1.1.0h/test/recipes/30-test_pbelu.t b/openssl-1.1.0h/test/recipes/30-test_pbelu.t new file mode 100644 index 0000000..38b2d48 --- /dev/null +++ b/openssl-1.1.0h/test/recipes/30-test_pbelu.t @@ -0,0 +1,12 @@ +#! /usr/bin/env perl +# Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved. +# +# Licensed under the OpenSSL license (the "License"). You may not use +# this file except in compliance with the License. You can obtain a copy +# in the file LICENSE in the source distribution or at +# https://www.openssl.org/source/license.html + + +use OpenSSL::Test::Simple; + +simple_test("test_pbelu", "pbelutest"); diff --git a/openssl-1.1.0h/test/recipes/40-test_rehash.t b/openssl-1.1.0h/test/recipes/40-test_rehash.t new file mode 100644 index 0000000..191897e --- /dev/null +++ b/openssl-1.1.0h/test/recipes/40-test_rehash.t @@ -0,0 +1,98 @@ +#! /usr/bin/env perl +# Copyright 2015-2018 The OpenSSL Project Authors. All Rights Reserved. +# +# Licensed under the OpenSSL license (the "License"). You may not use +# this file except in compliance with the License. You can obtain a copy +# in the file LICENSE in the source distribution or at +# https://www.openssl.org/source/license.html + + +use strict; +use warnings; + +use File::Spec::Functions; +use File::Copy; +use File::Basename; +use OpenSSL::Glob; +use OpenSSL::Test qw/:DEFAULT srctop_file/; + +setup("test_rehash"); + +#If "openssl rehash -help" fails it's most likely because we're on a platform +#that doesn't support the rehash command (e.g. Windows) +plan skip_all => "test_rehash is not available on this platform" + unless run(app(["openssl", "rehash", "-help"])); + +plan tests => 4; + +indir "rehash.$$" => sub { + prepare(); + ok(run(app(["openssl", "rehash", curdir()])), + 'Testing normal rehash operations'); +}, create => 1, cleanup => 1; + +indir "rehash.$$" => sub { + prepare(sub { chmod 400, $_ foreach (@_); }); + ok(run(app(["openssl", "rehash", curdir()])), + 'Testing rehash operations on readonly files'); +}, create => 1, cleanup => 1; + +indir "rehash.$$" => sub { + ok(run(app(["openssl", "rehash", curdir()])), + 'Testing rehash operations on empty directory'); +}, create => 1, cleanup => 1; + +indir "rehash.$$" => sub { + prepare(); + chmod 0500, curdir(); + SKIP: { + if (open(FOO, ">unwritable.txt")) { + close FOO; + skip "It's pointless to run the next test as root", 1; + } + isnt(run(app(["openssl", "rehash", curdir()])), 1, + 'Testing rehash operations on readonly directory'); + } + chmod 0700, curdir(); # make it writable again, so cleanup works +}, create => 1, cleanup => 1; + +sub prepare { + my @pemsourcefiles = sort glob(srctop_file('test', "*.pem")); + my @destfiles = (); + + die "There are no source files\n" if scalar @pemsourcefiles == 0; + + my $cnt = 0; + foreach (@pemsourcefiles) { + my $basename = basename($_, ".pem"); + my $writing = 0; + + open PEM, $_ or die "Can't read $_: $!\n"; + while (my $line = ) { + if ($line =~ m{^-----BEGIN (?:CERTIFICATE|X509 CRL)-----}) { + die "New start in a PEM blob?\n" if $writing; + $cnt++; + my $destfile = + catfile(curdir(), + $basename . sprintf("-%02d", $cnt) . ".pem"); + push @destfiles, $destfile; + open OUT, '>', $destfile + or die "Can't write $destfile\n"; + $writing = 1; + } + print OUT $line if $writing; + if ($line =~ m|^-----END |) { + close OUT if $writing; + $writing = 0; + } + } + die "No end marker in $basename\n" if $writing; + } + die "No test PEM files produced\n" if $cnt == 0; + + foreach (@_) { + die "Internal error, argument is not CODE" + unless (ref($_) eq 'CODE'); + $_->(@destfiles); + } +} diff --git a/openssl-1.1.0h/test/recipes/60-test_x509_store.t b/openssl-1.1.0h/test/recipes/60-test_x509_store.t new file mode 100644 index 0000000..041aa09 --- /dev/null +++ b/openssl-1.1.0h/test/recipes/60-test_x509_store.t @@ -0,0 +1,53 @@ +#! /usr/bin/env perl +# Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved. +# +# Licensed under the OpenSSL license (the "License"). You may not use +# this file except in compliance with the License. You can obtain a copy +# in the file LICENSE in the source distribution or at +# https://www.openssl.org/source/license.html + + +use strict; +use warnings; + +use File::Copy; +use File::Spec::Functions qw/:DEFAULT canonpath/; +use OpenSSL::Test qw/:DEFAULT srctop_file/; + +setup("test_x509_store"); + +#If "openssl rehash -help" fails it's most likely because we're on a platform +#that doesn't support the rehash command (e.g. Windows) +plan skip_all => "test_rehash is not available on this platform" + unless run(app(["openssl", "rehash", "-help"])); + +# We use 'openssl verify' for these tests, as it contains everything +# we need to conduct these tests. The tests here are a subset of the +# ones found in 25-test_verify.t + +sub verify { + my ($cert, $purpose, $trustedpath, $untrusted, @opts) = @_; + my @args = qw(openssl verify -auth_level 1 -purpose); + my @path = qw(test certs); + push(@args, "$purpose", @opts); + push(@args, "-CApath", $trustedpath); + for (@$untrusted) { push(@args, "-untrusted", srctop_file(@path, "$_.pem")) } + push(@args, srctop_file(@path, "$cert.pem")); + run(app([@args])); +} + +plan tests => 3; + +indir "60-test_x509_store" => sub { + for (("root-cert")) { + copy(srctop_file("test", "certs", "$_.pem"), curdir()); + } + ok(run(app([qw(openssl rehash), curdir()])), "Rehashing"); + + # Canonical success + ok(verify("ee-cert", "sslserver", curdir(), ["ca-cert"], "-show_chain"), + "verify ee-cert"); + + # Failure because root cert not present in CApath + ok(!verify("ca-root2", "any", curdir(), [], "-show_chain")); +}, create => 1, cleanup => 1; diff --git a/openssl-1.1.0h/test/recipes/70-test_asyncio.t b/openssl-1.1.0h/test/recipes/70-test_asyncio.t new file mode 100644 index 0000000..3c15c3d --- /dev/null +++ b/openssl-1.1.0h/test/recipes/70-test_asyncio.t @@ -0,0 +1,21 @@ +#! /usr/bin/env perl +# Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved. +# +# Licensed under the OpenSSL license (the "License"). You may not use +# this file except in compliance with the License. You can obtain a copy +# in the file LICENSE in the source distribution or at +# https://www.openssl.org/source/license.html + + +use OpenSSL::Test::Utils; +use OpenSSL::Test qw/:DEFAULT srctop_file/; + +setup("test_asyncio"); + +plan skip_all => "No TLS/SSL protocols are supported by this OpenSSL build" + if alldisabled(grep { $_ ne "ssl3" } available_protocols("tls")); + +plan tests => 1; + +ok(run(test(["asynciotest", srctop_file("apps", "server.pem"), + srctop_file("apps", "server.pem")])), "running asynciotest"); diff --git a/openssl-1.1.0h/test/recipes/70-test_bad_dtls.t b/openssl-1.1.0h/test/recipes/70-test_bad_dtls.t new file mode 100644 index 0000000..a20db77 --- /dev/null +++ b/openssl-1.1.0h/test/recipes/70-test_bad_dtls.t @@ -0,0 +1,20 @@ +#! /usr/bin/env perl +# Copyright 2016 The OpenSSL Project Authors. All Rights Reserved. +# +# Licensed under the OpenSSL license (the "License"). You may not use +# this file except in compliance with the License. You can obtain a copy +# in the file LICENSE in the source distribution or at +# https://www.openssl.org/source/license.html + + +use OpenSSL::Test; +use OpenSSL::Test::Utils; + +setup("test_bad_dtls"); + +plan skip_all => "DTLSv1 is not supported by this OpenSSL build" + if disabled("dtls1"); + +plan tests => 1; + +ok(run(test(["bad_dtls_test"])), "running bad_dtls_test"); diff --git a/openssl-1.1.0h/test/recipes/70-test_clienthello.t b/openssl-1.1.0h/test/recipes/70-test_clienthello.t new file mode 100644 index 0000000..ef0868f --- /dev/null +++ b/openssl-1.1.0h/test/recipes/70-test_clienthello.t @@ -0,0 +1,20 @@ +#! /usr/bin/env perl +# Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved. +# +# Licensed under the OpenSSL license (the "License"). You may not use +# this file except in compliance with the License. You can obtain a copy +# in the file LICENSE in the source distribution or at +# https://www.openssl.org/source/license.html + + +use OpenSSL::Test; +use OpenSSL::Test::Utils; + +setup("test_clienthello"); + +plan skip_all => "No TLS/SSL protocols are supported by this OpenSSL build" + if alldisabled(grep { $_ ne "ssl3" } available_protocols("tls")); + +plan tests => 1; + +ok(run(test(["clienthellotest"])), "running clienthellotest"); diff --git a/openssl-1.1.0h/test/recipes/70-test_packet.t b/openssl-1.1.0h/test/recipes/70-test_packet.t new file mode 100644 index 0000000..9bc6515 --- /dev/null +++ b/openssl-1.1.0h/test/recipes/70-test_packet.t @@ -0,0 +1,12 @@ +#! /usr/bin/env perl +# Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved. +# +# Licensed under the OpenSSL license (the "License"). You may not use +# this file except in compliance with the License. You can obtain a copy +# in the file LICENSE in the source distribution or at +# https://www.openssl.org/source/license.html + + +use OpenSSL::Test::Simple; + +simple_test("test_packet", "packettest"); diff --git a/openssl-1.1.0h/test/recipes/70-test_sslcbcpadding.t b/openssl-1.1.0h/test/recipes/70-test_sslcbcpadding.t new file mode 100644 index 0000000..6d296db --- /dev/null +++ b/openssl-1.1.0h/test/recipes/70-test_sslcbcpadding.t @@ -0,0 +1,110 @@ +#! /usr/bin/env perl +# Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved. +# +# Licensed under the OpenSSL license (the "License"). You may not use +# this file except in compliance with the License. You can obtain a copy +# in the file LICENSE in the source distribution or at +# https://www.openssl.org/source/license.html + +use strict; +use OpenSSL::Test qw/:DEFAULT cmdstr srctop_file bldtop_dir/; +use OpenSSL::Test::Utils; +use TLSProxy::Proxy; + +my $test_name = "test_sslcbcpadding"; +setup($test_name); + +plan skip_all => "TLSProxy isn't usable on $^O" + if $^O =~ /^(VMS)$/; + +plan skip_all => "$test_name needs the dynamic engine feature enabled" + if disabled("engine") || disabled("dynamic-engine"); + +plan skip_all => "$test_name needs the sock feature enabled" + if disabled("sock"); + +plan skip_all => "$test_name needs TLSv1.2 enabled" + if disabled("tls1_2"); + +$ENV{OPENSSL_ia32cap} = '~0x200000200000000'; +my $proxy = TLSProxy::Proxy->new( + \&add_maximal_padding_filter, + cmdstr(app(["openssl"]), display => 1), + srctop_file("apps", "server.pem"), + (!$ENV{HARNESS_ACTIVE} || $ENV{HARNESS_VERBOSE}) +); + +# TODO: We could test all 256 values, but then the log file gets too large for +# CI. See https://github.com/openssl/openssl/issues/1440. +my @test_offsets = (0, 128, 254, 255); + +# Test that maximally-padded records are accepted. +my $bad_padding_offset = -1; +$proxy->start() or plan skip_all => "Unable to start up Proxy for tests"; +plan tests => 1 + scalar(@test_offsets); +ok(TLSProxy::Message->success(), "Maximally-padded record test"); + +# Test that invalid padding is rejected. +foreach my $offset (@test_offsets) { + $proxy->clear(); + $bad_padding_offset = $offset; + $proxy->start(); + ok(TLSProxy::Message->fail(), "Invalid padding byte $bad_padding_offset"); +} + +sub add_maximal_padding_filter +{ + my $proxy = shift; + + if ($proxy->flight == 0) { + # Disable Encrypt-then-MAC. + foreach my $message (@{$proxy->message_list}) { + if ($message->mt != TLSProxy::Message::MT_CLIENT_HELLO) { + next; + } + + $message->delete_extension(TLSProxy::Message::EXT_ENCRYPT_THEN_MAC); + $message->process_extensions(); + $message->repack(); + } + } + + if ($proxy->flight == 3) { + # Insert a maximally-padded record. Assume a block size of 16 (AES) and + # a MAC length of 20 (SHA-1). + my $block_size = 16; + my $mac_len = 20; + + # Size the plaintext so that 256 is a valid padding. + my $plaintext_len = $block_size - ($mac_len % $block_size); + my $plaintext = "A" x $plaintext_len; + + my $data = "B" x $block_size; # Explicit IV. + $data .= $plaintext; + $data .= TLSProxy::Proxy::fill_known_data($mac_len); # MAC. + + # Add padding. + for (my $i = 0; $i < 256; $i++) { + if ($i == $bad_padding_offset) { + $data .= "\xfe"; + } else { + $data .= "\xff"; + } + } + + my $record = TLSProxy::Record->new( + $proxy->flight, + TLSProxy::Record::RT_APPLICATION_DATA, + TLSProxy::Record::VERS_TLS_1_2, + length($data), + 0, + length($data), + $plaintext_len, + $data, + $plaintext, + ); + + # Send the record immediately after the server Finished. + push @{$proxy->record_list}, $record; + } +} diff --git a/openssl-1.1.0h/test/recipes/70-test_sslcertstatus.t b/openssl-1.1.0h/test/recipes/70-test_sslcertstatus.t new file mode 100644 index 0000000..104ee9c --- /dev/null +++ b/openssl-1.1.0h/test/recipes/70-test_sslcertstatus.t @@ -0,0 +1,66 @@ +#! /usr/bin/env perl +# Copyright 2015-2018 The OpenSSL Project Authors. All Rights Reserved. +# +# Licensed under the OpenSSL license (the "License"). You may not use +# this file except in compliance with the License. You can obtain a copy +# in the file LICENSE in the source distribution or at +# https://www.openssl.org/source/license.html + +use strict; +use OpenSSL::Test qw/:DEFAULT cmdstr srctop_file bldtop_dir/; +use OpenSSL::Test::Utils; +use TLSProxy::Proxy; + +my $test_name = "test_sslcertstatus"; +setup($test_name); + +plan skip_all => "TLSProxy isn't usable on $^O" + if $^O =~ /^(VMS)$/; + +plan skip_all => "$test_name needs the dynamic engine feature enabled" + if disabled("engine") || disabled("dynamic-engine"); + +plan skip_all => "$test_name needs the sock feature enabled" + if disabled("sock"); + +plan skip_all => "$test_name needs the ocsp feature enabled" + if disabled("ocsp"); + +plan skip_all => "$test_name needs TLS enabled" + if alldisabled(available_protocols("tls")); + +$ENV{OPENSSL_ia32cap} = '~0x200000200000000'; +my $proxy = TLSProxy::Proxy->new( + \&certstatus_filter, + cmdstr(app(["openssl"]), display => 1), + srctop_file("apps", "server.pem"), + (!$ENV{HARNESS_ACTIVE} || $ENV{HARNESS_VERBOSE}) +); + +#Test 1: Sending a status_request extension in both ClientHello and +#ServerHello but then omitting the CertificateStatus message is valid +$proxy->clientflags("-status"); +$proxy->start() or plan skip_all => "Unable to start up Proxy for tests"; +plan tests => 1; +ok(TLSProxy::Message->success, "Missing CertificateStatus message"); + +sub certstatus_filter +{ + my $proxy = shift; + + # We're only interested in the initial ServerHello + if ($proxy->flight != 1) { + return; + } + + foreach my $message (@{$proxy->message_list}) { + if ($message->mt == TLSProxy::Message::MT_SERVER_HELLO) { + #Add the status_request to the ServerHello even though we are not + #going to send a CertificateStatus message + $message->set_extension(TLSProxy::Message::EXT_STATUS_REQUEST, + ""); + + $message->repack(); + } + } +} diff --git a/openssl-1.1.0h/test/recipes/70-test_sslextension.t b/openssl-1.1.0h/test/recipes/70-test_sslextension.t new file mode 100644 index 0000000..8d6ccc6 --- /dev/null +++ b/openssl-1.1.0h/test/recipes/70-test_sslextension.t @@ -0,0 +1,112 @@ +#! /usr/bin/env perl +# Copyright 2015-2018 The OpenSSL Project Authors. All Rights Reserved. +# +# Licensed under the OpenSSL license (the "License"). You may not use +# this file except in compliance with the License. You can obtain a copy +# in the file LICENSE in the source distribution or at +# https://www.openssl.org/source/license.html + +use strict; +use OpenSSL::Test qw/:DEFAULT cmdstr srctop_file bldtop_dir/; +use OpenSSL::Test::Utils; +use TLSProxy::Proxy; + +my $test_name = "test_sslextension"; +setup($test_name); + +plan skip_all => "TLSProxy isn't usable on $^O" + if $^O =~ /^(VMS)$/; + +plan skip_all => "$test_name needs the dynamic engine feature enabled" + if disabled("engine") || disabled("dynamic-engine"); + +plan skip_all => "$test_name needs the sock feature enabled" + if disabled("sock"); + +plan skip_all => "$test_name needs TLS enabled" + if alldisabled(available_protocols("tls")); + +$ENV{OPENSSL_ia32cap} = '~0x200000200000000'; +my $proxy = TLSProxy::Proxy->new( + \&extension_filter, + cmdstr(app(["openssl"]), display => 1), + srctop_file("apps", "server.pem"), + (!$ENV{HARNESS_ACTIVE} || $ENV{HARNESS_VERBOSE}) +); + +# Test 1: Sending a zero length extension block should pass +$proxy->start() or plan skip_all => "Unable to start up Proxy for tests"; +plan tests => 3; +ok(TLSProxy::Message->success, "Zero extension length test"); + +sub extension_filter +{ + my $proxy = shift; + + # We're only interested in the initial ClientHello + if ($proxy->flight != 0) { + return; + } + + foreach my $message (@{$proxy->message_list}) { + if ($message->mt == TLSProxy::Message::MT_CLIENT_HELLO) { + # Remove all extensions and set the extension len to zero + $message->extension_data({}); + $message->extensions_len(0); + # Extensions have been removed so make sure we don't try to use them + $message->process_extensions(); + + $message->repack(); + } + } +} + +# Test 2-3: Sending a duplicate extension should fail. +sub inject_duplicate_extension +{ + my ($proxy, $message_type) = @_; + + foreach my $message (@{$proxy->message_list}) { + if ($message->mt == $message_type) { + my %extensions = %{$message->extension_data}; + # Add a duplicate (unknown) extension. + $message->set_extension(TLSProxy::Message::EXT_DUPLICATE_EXTENSION, ""); + $message->set_extension(TLSProxy::Message::EXT_DUPLICATE_EXTENSION, ""); + $message->repack(); + } + } +} + +sub inject_duplicate_extension_clienthello +{ + my $proxy = shift; + + # We're only interested in the initial ClientHello + if ($proxy->flight != 0) { + return; + } + + inject_duplicate_extension($proxy, TLSProxy::Message::MT_CLIENT_HELLO); +} + +sub inject_duplicate_extension_serverhello +{ + my $proxy = shift; + + # We're only interested in the initial ServerHello + if ($proxy->flight != 1) { + return; + } + + inject_duplicate_extension($proxy, TLSProxy::Message::MT_SERVER_HELLO); +} + +$proxy->clear(); +$proxy->filter(\&inject_duplicate_extension_clienthello); +$proxy->start(); +ok(TLSProxy::Message->fail(), "Duplicate ClientHello extension"); + +$proxy->clear(); +$proxy->filter(\&inject_duplicate_extension_serverhello); +$proxy->start(); +ok(TLSProxy::Message->fail(), "Duplicate ServerHello extension"); diff --git a/openssl-1.1.0h/test/recipes/70-test_sslmessages.t b/openssl-1.1.0h/test/recipes/70-test_sslmessages.t new file mode 100644 index 0000000..b4631ea --- /dev/null +++ b/openssl-1.1.0h/test/recipes/70-test_sslmessages.t @@ -0,0 +1,147 @@ +#! /usr/bin/env perl +# Copyright 2015-2018 The OpenSSL Project Authors. All Rights Reserved. +# +# Licensed under the OpenSSL license (the "License"). You may not use +# this file except in compliance with the License. You can obtain a copy +# in the file LICENSE in the source distribution or at +# https://www.openssl.org/source/license.html + +use strict; +use OpenSSL::Test qw/:DEFAULT cmdstr srctop_file bldtop_dir/; +use OpenSSL::Test::Utils; +use File::Temp qw(tempfile); +use TLSProxy::Proxy; +my $test_name = "test_tls13messages"; +setup($test_name); + +plan skip_all => "TLSProxy isn't usable on $^O" + if $^O =~ /^(VMS)$/; + +plan skip_all => "$test_name needs the dynamic engine feature enabled" + if disabled("engine") || disabled("dynamic-engine"); + +plan skip_all => "$test_name needs the sock feature enabled" + if disabled("sock"); + +plan skip_all => "$test_name needs TLS enabled" + if alldisabled(available_protocols("tls")); + +$ENV{OPENSSL_ia32cap} = '~0x200000200000000'; + +use constant { + DEFAULT_HANDSHAKE => 1, + OCSP_HANDSHAKE => 2, + RESUME_HANDSHAKE => 4, + CLIENT_AUTH_HANDSHAKE => 8, + RENEG_HANDSHAKE => 16, + + ALL_HANDSHAKES => 31 +}; + +my @handmessages = ( + [TLSProxy::Message::MT_CLIENT_HELLO, ALL_HANDSHAKES], + [TLSProxy::Message::MT_SERVER_HELLO, ALL_HANDSHAKES], + [TLSProxy::Message::MT_CERTIFICATE, ALL_HANDSHAKES & ~RESUME_HANDSHAKE], + [TLSProxy::Message::MT_CERTIFICATE_STATUS, OCSP_HANDSHAKE], + #ServerKeyExchange handshakes not currently supported by TLSProxy + [TLSProxy::Message::MT_CERTIFICATE_REQUEST, CLIENT_AUTH_HANDSHAKE], + [TLSProxy::Message::MT_SERVER_HELLO_DONE, ALL_HANDSHAKES & ~RESUME_HANDSHAKE], + [TLSProxy::Message::MT_CERTIFICATE, CLIENT_AUTH_HANDSHAKE], + [TLSProxy::Message::MT_CLIENT_KEY_EXCHANGE, ALL_HANDSHAKES & ~RESUME_HANDSHAKE], + [TLSProxy::Message::MT_CERTIFICATE_VERIFY, CLIENT_AUTH_HANDSHAKE], + [TLSProxy::Message::MT_FINISHED, ALL_HANDSHAKES], + [TLSProxy::Message::MT_NEW_SESSION_TICKET, ALL_HANDSHAKES & ~RESUME_HANDSHAKE], + [TLSProxy::Message::MT_FINISHED, ALL_HANDSHAKES], + [TLSProxy::Message::MT_CLIENT_HELLO, RENEG_HANDSHAKE], + [TLSProxy::Message::MT_SERVER_HELLO, RENEG_HANDSHAKE], + [TLSProxy::Message::MT_CERTIFICATE, RENEG_HANDSHAKE], + [TLSProxy::Message::MT_SERVER_HELLO_DONE, RENEG_HANDSHAKE], + [TLSProxy::Message::MT_CLIENT_KEY_EXCHANGE, RENEG_HANDSHAKE], + [TLSProxy::Message::MT_FINISHED, RENEG_HANDSHAKE], + [TLSProxy::Message::MT_NEW_SESSION_TICKET, RENEG_HANDSHAKE], + [TLSProxy::Message::MT_FINISHED, RENEG_HANDSHAKE], + [0, 0] +); + +my $proxy = TLSProxy::Proxy->new( + undef, + cmdstr(app(["openssl"]), display => 1), + srctop_file("apps", "server.pem"), + (!$ENV{HARNESS_ACTIVE} || $ENV{HARNESS_VERBOSE}) +); + +sub checkmessages($$); + +#Test 1: Check we get all the right messages for a default handshake +(undef, my $session) = tempfile(); +$proxy->serverconnects(2); +$proxy->clientflags("-sess_out ".$session); +$proxy->start() or plan skip_all => "Unable to start up Proxy for tests"; +plan tests => 5; +checkmessages(DEFAULT_HANDSHAKE, "Default handshake test"); + +#Test 2: Resumption handshake +$proxy->clearClient(); +$proxy->clientflags("-sess_in ".$session); +$proxy->clientstart(); +checkmessages(RESUME_HANDSHAKE, "Resumption handshake test"); +unlink $session; + +#Test 3: A client auth handshake +$proxy->clear(); +$proxy->clientflags("-cert ".srctop_file("apps", "server.pem")); +$proxy->serverflags("-Verify 5"); +$proxy->start(); +checkmessages(CLIENT_AUTH_HANDSHAKE, "Client auth handshake test"); + +#Test 4: A handshake with a renegotiation +$proxy->clear(); +$proxy->reneg(1); +$proxy->start(); +checkmessages(RENEG_HANDSHAKE, "Renegotiation handshake test"); + +#Test 5: A handshake with a renegotiation and client auth +$proxy->clear(); +$proxy->clientflags("-cert ".srctop_file("apps", "server.pem")); +$proxy->serverflags("-Verify 5"); +$proxy->reneg(1); +$proxy->start(); +checkmessages(RENEG_HANDSHAKE | CLIENT_AUTH_HANDSHAKE, + "Renogitation and client auth handshake test"); + +sub checkmessages($$) +{ + my ($handtype, $testname) = @_; + + subtest $testname => sub { + my $loop = 0; + my $numtests; + + #First count the number of tests + for ($numtests = 0; $handmessages[$loop][1] != 0; $loop++) { + $numtests++ if (($handmessages[$loop][1] & $handtype) != 0); + } + + plan tests => $numtests; + + my $nextmess = 0; + my $message = undef; + for ($loop = 0; $handmessages[$loop][1] != 0; $loop++) { + next if (($handmessages[$loop][1] & $handtype) == 0); + if (scalar @{$proxy->message_list} > $nextmess) { + $message = ${$proxy->message_list}[$nextmess]; + $nextmess++; + } else { + $message = undef; + } + if (!defined $message) { + fail("Message type check. Got nothing, expected " + .$handmessages[$loop][0]); + } else { + ok($message->mt == $handmessages[$loop][0], + "Message type check. Got ".$message->mt + .", expected ".$handmessages[$loop][0]); + } + } + } +} diff --git a/openssl-1.1.0h/test/recipes/70-test_sslrecords.t b/openssl-1.1.0h/test/recipes/70-test_sslrecords.t new file mode 100644 index 0000000..ef3f509 --- /dev/null +++ b/openssl-1.1.0h/test/recipes/70-test_sslrecords.t @@ -0,0 +1,381 @@ +#! /usr/bin/env perl +# Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved. +# +# Licensed under the OpenSSL license (the "License"). You may not use +# this file except in compliance with the License. You can obtain a copy +# in the file LICENSE in the source distribution or at +# https://www.openssl.org/source/license.html + +use strict; +use OpenSSL::Test qw/:DEFAULT cmdstr srctop_file bldtop_dir/; +use OpenSSL::Test::Utils; +use TLSProxy::Proxy; + +my $test_name = "test_sslrecords"; +setup($test_name); + +plan skip_all => "TLSProxy isn't usable on $^O" + if $^O =~ /^(VMS)$/; + +plan skip_all => "$test_name needs the dynamic engine feature enabled" + if disabled("engine") || disabled("dynamic-engine"); + +plan skip_all => "$test_name needs the sock feature enabled" + if disabled("sock"); + +plan skip_all => "$test_name needs TLSv1.2 enabled" + if disabled("tls1_2"); + +$ENV{OPENSSL_ia32cap} = '~0x200000200000000'; +my $proxy = TLSProxy::Proxy->new( + \&add_empty_recs_filter, + cmdstr(app(["openssl"]), display => 1), + srctop_file("apps", "server.pem"), + (!$ENV{HARNESS_ACTIVE} || $ENV{HARNESS_VERBOSE}) +); + +#Test 1: Injecting out of context empty records should fail +my $content_type = TLSProxy::Record::RT_APPLICATION_DATA; +my $inject_recs_num = 1; +$proxy->start() or plan skip_all => "Unable to start up Proxy for tests"; +my $num_tests = 10; +if (!disabled("tls1_1")) { + $num_tests++; +} +plan tests => $num_tests; +ok(TLSProxy::Message->fail(), "Out of context empty records test"); + +#Test 2: Injecting in context empty records should succeed +$proxy->clear(); +$content_type = TLSProxy::Record::RT_HANDSHAKE; +$proxy->start(); +ok(TLSProxy::Message->success(), "In context empty records test"); + +#Test 3: Injecting too many in context empty records should fail +$proxy->clear(); +#We allow 32 consecutive in context empty records +$inject_recs_num = 33; +$proxy->start(); +ok(TLSProxy::Message->fail(), "Too many in context empty records test"); + +#Test 4: Injecting a fragmented fatal alert should fail. We actually expect no +# alerts to be sent from either side because *we* injected the fatal +# alert, i.e. this will look like a disorderly close +$proxy->clear(); +$proxy->filter(\&add_frag_alert_filter); +$proxy->start(); +ok(!TLSProxy::Message->end(), "Fragmented alert records test"); + +#Run some SSLv2 ClientHello tests + +use constant { + TLSV1_2_IN_SSLV2 => 0, + SSLV2_IN_SSLV2 => 1, + FRAGMENTED_IN_TLSV1_2 => 2, + FRAGMENTED_IN_SSLV2 => 3, + ALERT_BEFORE_SSLV2 => 4 +}; +#Test 5: Inject an SSLv2 style record format for a TLSv1.2 ClientHello +my $sslv2testtype = TLSV1_2_IN_SSLV2; +$proxy->clear(); +$proxy->filter(\&add_sslv2_filter); +$proxy->start(); +ok(TLSProxy::Message->success(), "TLSv1.2 in SSLv2 ClientHello test"); + +#Test 6: Inject an SSLv2 style record format for an SSLv2 ClientHello. We don't +# support this so it should fail. We actually treat it as an unknown +# protocol so we don't even send an alert in this case. +$sslv2testtype = SSLV2_IN_SSLV2; +$proxy->clear(); +$proxy->start(); +ok(!TLSProxy::Message->end(), "SSLv2 in SSLv2 ClientHello test"); + +#Test 7: Sanity check ClientHello fragmentation. This isn't really an SSLv2 test +# at all, but it gives us confidence that Test 8 fails for the right +# reasons +$sslv2testtype = FRAGMENTED_IN_TLSV1_2; +$proxy->clear(); +$proxy->start(); +ok(TLSProxy::Message->success(), "Fragmented ClientHello in TLSv1.2 test"); + +#Test 8: Fragment a TLSv1.2 ClientHello across a TLS1.2 record; an SSLv2 +# record; and another TLS1.2 record. This isn't allowed so should fail +$sslv2testtype = FRAGMENTED_IN_SSLV2; +$proxy->clear(); +$proxy->start(); +ok(TLSProxy::Message->fail(), "Fragmented ClientHello in TLSv1.2/SSLv2 test"); + +#Test 9: Send a TLS warning alert before an SSLv2 ClientHello. This should +# fail because an SSLv2 ClientHello must be the first record. +$sslv2testtype = ALERT_BEFORE_SSLV2; +$proxy->clear(); +$proxy->start(); +ok(TLSProxy::Message->fail(), "Alert before SSLv2 ClientHello test"); + +#Unrecognised record type tests + +#Test 10: Sending an unrecognised record type in TLS1.2 should fail +$proxy->clear(); +$proxy->filter(\&add_unknown_record_type); +$proxy->start(); +ok(TLSProxy::Message->fail(), "Unrecognised record type in TLS1.2"); + +#Test 11: Sending an unrecognised record type in TLS1.1 should fail +if (!disabled("tls1_1")) { + $proxy->clear(); + $proxy->clientflags("-tls1_1"); + $proxy->start(); + ok(TLSProxy::Message->fail(), "Unrecognised record type in TLS1.1"); +} + +sub add_empty_recs_filter +{ + my $proxy = shift; + + # We're only interested in the initial ClientHello + if ($proxy->flight != 0) { + return; + } + + for (my $i = 0; $i < $inject_recs_num; $i++) { + my $record = TLSProxy::Record->new( + 0, + $content_type, + TLSProxy::Record::VERS_TLS_1_2, + 0, + 0, + 0, + 0, + "", + "" + ); + + push @{$proxy->record_list}, $record; + } +} + +sub add_frag_alert_filter +{ + my $proxy = shift; + my $byte; + + # We're only interested in the initial ClientHello + if ($proxy->flight != 0) { + return; + } + + # Add a zero length fragment first + #my $record = TLSProxy::Record->new( + # 0, + # TLSProxy::Record::RT_ALERT, + # TLSProxy::Record::VERS_TLS_1_2, + # 0, + # 0, + # 0, + # "", + # "" + #); + #push @{$proxy->record_list}, $record; + + # Now add the alert level (Fatal) as a separate record + $byte = pack('C', TLSProxy::Message::AL_LEVEL_FATAL); + my $record = TLSProxy::Record->new( + 0, + TLSProxy::Record::RT_ALERT, + TLSProxy::Record::VERS_TLS_1_2, + 1, + 0, + 1, + 1, + $byte, + $byte + ); + push @{$proxy->record_list}, $record; + + # And finally the description (Unexpected message) in a third record + $byte = pack('C', TLSProxy::Message::AL_DESC_UNEXPECTED_MESSAGE); + $record = TLSProxy::Record->new( + 0, + TLSProxy::Record::RT_ALERT, + TLSProxy::Record::VERS_TLS_1_2, + 1, + 0, + 1, + 1, + $byte, + $byte + ); + push @{$proxy->record_list}, $record; +} + +sub add_sslv2_filter +{ + my $proxy = shift; + my $clienthello; + my $record; + + # We're only interested in the initial ClientHello + if ($proxy->flight != 0) { + return; + } + + # Ditch the real ClientHello - we're going to replace it with our own + shift @{$proxy->record_list}; + + if ($sslv2testtype == ALERT_BEFORE_SSLV2) { + my $alert = pack('CC', TLSProxy::Message::AL_LEVEL_FATAL, + TLSProxy::Message::AL_DESC_NO_RENEGOTIATION); + my $alertlen = length $alert; + $record = TLSProxy::Record->new( + 0, + TLSProxy::Record::RT_ALERT, + TLSProxy::Record::VERS_TLS_1_2, + $alertlen, + 0, + $alertlen, + $alertlen, + $alert, + $alert + ); + + push @{$proxy->record_list}, $record; + } + + if ($sslv2testtype == ALERT_BEFORE_SSLV2 + || $sslv2testtype == TLSV1_2_IN_SSLV2 + || $sslv2testtype == SSLV2_IN_SSLV2) { + # This is an SSLv2 format ClientHello + $clienthello = + pack "C44", + 0x01, # ClientHello + 0x03, 0x03, #TLSv1.2 + 0x00, 0x03, # Ciphersuites len + 0x00, 0x00, # Session id len + 0x00, 0x20, # Challenge len + 0x00, 0x00, 0x2f, #AES128-SHA + 0x01, 0x18, 0x9F, 0x76, 0xEC, 0x57, 0xCE, 0xE5, 0xB3, 0xAB, 0x79, 0x90, + 0xAD, 0xAC, 0x6E, 0xD1, 0x58, 0x35, 0x03, 0x97, 0x16, 0x10, 0x82, 0x56, + 0xD8, 0x55, 0xFF, 0xE1, 0x8A, 0xA3, 0x2E, 0xF6; # Challenge + + if ($sslv2testtype == SSLV2_IN_SSLV2) { + # Set the version to "real" SSLv2 + vec($clienthello, 1, 8) = 0x00; + vec($clienthello, 2, 8) = 0x02; + } + + my $chlen = length $clienthello; + + $record = TLSProxy::Record->new( + 0, + TLSProxy::Record::RT_HANDSHAKE, + TLSProxy::Record::VERS_TLS_1_2, + $chlen, + 1, #SSLv2 + $chlen, + $chlen, + $clienthello, + $clienthello + ); + + push @{$proxy->record_list}, $record; + } else { + # For this test we're using a real TLS ClientHello + $clienthello = + pack "C49", + 0x01, # ClientHello + 0x00, 0x00, 0x2D, # Message length + 0x03, 0x03, # TLSv1.2 + 0x01, 0x18, 0x9F, 0x76, 0xEC, 0x57, 0xCE, 0xE5, 0xB3, 0xAB, 0x79, 0x90, + 0xAD, 0xAC, 0x6E, 0xD1, 0x58, 0x35, 0x03, 0x97, 0x16, 0x10, 0x82, 0x56, + 0xD8, 0x55, 0xFF, 0xE1, 0x8A, 0xA3, 0x2E, 0xF6, # Random + 0x00, # Session id len + 0x00, 0x04, # Ciphersuites len + 0x00, 0x2f, # AES128-SHA + 0x00, 0xff, # Empty reneg info SCSV + 0x01, # Compression methods len + 0x00, # Null compression + 0x00, 0x00; # Extensions len + + # Split this into 3: A TLS record; a SSLv2 record and a TLS record. + # We deliberately split the second record prior to the Challenge/Random + # and set the first byte of the random to 1. This makes the second SSLv2 + # record look like an SSLv2 ClientHello + my $frag1 = substr $clienthello, 0, 6; + my $frag2 = substr $clienthello, 6, 32; + my $frag3 = substr $clienthello, 38; + + my $fraglen = length $frag1; + $record = TLSProxy::Record->new( + 0, + TLSProxy::Record::RT_HANDSHAKE, + TLSProxy::Record::VERS_TLS_1_2, + $fraglen, + 0, + $fraglen, + $fraglen, + $frag1, + $frag1 + ); + push @{$proxy->record_list}, $record; + + $fraglen = length $frag2; + my $recvers; + if ($sslv2testtype == FRAGMENTED_IN_SSLV2) { + $recvers = 1; + } else { + $recvers = 0; + } + $record = TLSProxy::Record->new( + 0, + TLSProxy::Record::RT_HANDSHAKE, + TLSProxy::Record::VERS_TLS_1_2, + $fraglen, + $recvers, + $fraglen, + $fraglen, + $frag2, + $frag2 + ); + push @{$proxy->record_list}, $record; + + $fraglen = length $frag3; + $record = TLSProxy::Record->new( + 0, + TLSProxy::Record::RT_HANDSHAKE, + TLSProxy::Record::VERS_TLS_1_2, + $fraglen, + 0, + $fraglen, + $fraglen, + $frag3, + $frag3 + ); + push @{$proxy->record_list}, $record; + } + +} + +sub add_unknown_record_type +{ + my $proxy = shift; + + # We'll change a record after the initial version neg has taken place + if ($proxy->flight != 2) { + return; + } + + my $lastrec = ${$proxy->record_list}[-1]; + my $record = TLSProxy::Record->new( + 2, + TLSProxy::Record::RT_UNKNOWN, + $lastrec->version(), + 1, + 0, + 1, + 1, + "X", + "X" + ); + + unshift @{$proxy->record_list}, $record; +} diff --git a/openssl-1.1.0h/test/recipes/70-test_sslsessiontick.t b/openssl-1.1.0h/test/recipes/70-test_sslsessiontick.t new file mode 100644 index 0000000..4a8636e --- /dev/null +++ b/openssl-1.1.0h/test/recipes/70-test_sslsessiontick.t @@ -0,0 +1,268 @@ +#! /usr/bin/env perl +# Copyright 2015-2018 The OpenSSL Project Authors. All Rights Reserved. +# +# Licensed under the OpenSSL license (the "License"). You may not use +# this file except in compliance with the License. You can obtain a copy +# in the file LICENSE in the source distribution or at +# https://www.openssl.org/source/license.html + +use strict; +use OpenSSL::Test qw/:DEFAULT cmdstr srctop_file bldtop_dir/; +use OpenSSL::Test::Utils; +use TLSProxy::Proxy; +use File::Temp qw(tempfile); + +my $test_name = "test_sslsessiontick"; +setup($test_name); + +plan skip_all => "TLSProxy isn't usable on $^O" + if $^O =~ /^(VMS)$/; + +plan skip_all => "$test_name needs the dynamic engine feature enabled" + if disabled("engine") || disabled("dynamic-engine"); + +plan skip_all => "$test_name needs the sock feature enabled" + if disabled("sock"); + +plan skip_all => "$test_name needs TLS enabled" + if alldisabled(available_protocols("tls")); + +$ENV{OPENSSL_ia32cap} = '~0x200000200000000'; + +sub checkmessages($$$$$$); +sub clearclient(); +sub clearall(); + +my $chellotickext = 0; +my $shellotickext = 0; +my $fullhand = 0; +my $ticketseen = 0; + +my $proxy = TLSProxy::Proxy->new( + undef, + cmdstr(app(["openssl"]), display => 1), + srctop_file("apps", "server.pem"), + (!$ENV{HARNESS_ACTIVE} || $ENV{HARNESS_VERBOSE}) +); + +#Test 1: By default with no existing session we should get a session ticket +#Expected result: ClientHello extension seen; ServerHello extension seen +# NewSessionTicket message seen; Full handshake +$proxy->start() or plan skip_all => "Unable to start up Proxy for tests"; +plan tests => 10; +checkmessages(1, "Default session ticket test", 1, 1, 1, 1); + +#Test 2: If the server does not accept tickets we should get a normal handshake +#with no session tickets +#Expected result: ClientHello extension seen; ServerHello extension not seen +# NewSessionTicket message not seen; Full handshake +clearall(); +$proxy->serverflags("-no_ticket"); +$proxy->start(); +checkmessages(2, "No server support session ticket test", 1, 0, 0, 1); + +#Test 3: If the client does not accept tickets we should get a normal handshake +#with no session tickets +#Expected result: ClientHello extension not seen; ServerHello extension not seen +# NewSessionTicket message not seen; Full handshake +clearall(); +$proxy->clientflags("-no_ticket"); +$proxy->start(); +checkmessages(3, "No client support session ticket test", 0, 0, 0, 1); + +#Test 4: Test session resumption with session ticket +#Expected result: ClientHello extension seen; ServerHello extension not seen +# NewSessionTicket message not seen; Abbreviated handshake +clearall(); +(undef, my $session) = tempfile(); +$proxy->serverconnects(2); +$proxy->clientflags("-sess_out ".$session); +$proxy->start(); +$proxy->clearClient(); +$proxy->clientflags("-sess_in ".$session); +$proxy->clientstart(); +checkmessages(4, "Session resumption session ticket test", 1, 0, 0, 0); +unlink $session; + +#Test 5: Test session resumption with ticket capable client without a ticket +#Expected result: ClientHello extension seen; ServerHello extension seen +# NewSessionTicket message seen; Abbreviated handshake +clearall(); +(undef, $session) = tempfile(); +$proxy->serverconnects(2); +$proxy->clientflags("-sess_out ".$session." -no_ticket"); +$proxy->start(); +$proxy->clearClient(); +$proxy->clientflags("-sess_in ".$session); +$proxy->clientstart(); +checkmessages(5, "Session resumption with ticket capable client without a " + ."ticket", 1, 1, 1, 0); +unlink $session; + +#Test 6: Client accepts empty ticket. +#Expected result: ClientHello extension seen; ServerHello extension seen; +# NewSessionTicket message seen; Full handshake. +clearall(); +$proxy->filter(\&ticket_filter); +$proxy->start(); +checkmessages(6, "Empty ticket test", 1, 1, 1, 1); + +#Test 7-8: Client keeps existing ticket on empty ticket. +clearall(); +(undef, $session) = tempfile(); +$proxy->serverconnects(3); +$proxy->filter(undef); +$proxy->clientflags("-sess_out ".$session); +$proxy->start(); +$proxy->clearClient(); +$proxy->clientflags("-sess_in ".$session." -sess_out ".$session); +$proxy->filter(\&inject_empty_ticket_filter); +$proxy->clientstart(); +#Expected result: ClientHello extension seen; ServerHello extension seen; +# NewSessionTicket message seen; Abbreviated handshake. +checkmessages(7, "Empty ticket resumption test", 1, 1, 1, 0); +clearclient(); +$proxy->clientflags("-sess_in ".$session); +$proxy->filter(undef); +$proxy->clientstart(); +#Expected result: ClientHello extension seen; ServerHello extension not seen; +# NewSessionTicket message not seen; Abbreviated handshake. +checkmessages(8, "Empty ticket resumption test", 1, 0, 0, 0); +unlink $session; + +#Test 9: Bad server sends the ServerHello extension but does not send a +#NewSessionTicket +#Expected result: Connection failure +clearall(); +$proxy->serverflags("-no_ticket"); +$proxy->filter(\&inject_ticket_extension_filter); +$proxy->start(); +ok(TLSProxy::Message->fail, "Server sends ticket extension but no ticket test"); + +#Test10: Bad server does not send the ServerHello extension but does send a +#NewSessionTicket +#Expected result: Connection failure +clearall(); +$proxy->serverflags("-no_ticket"); +$proxy->filter(\&inject_empty_ticket_filter); +$proxy->start(); +ok(TLSProxy::Message->fail, "No server ticket extension but ticket sent test"); + +sub ticket_filter +{ + my $proxy = shift; + + foreach my $message (@{$proxy->message_list}) { + if ($message->mt == TLSProxy::Message::MT_NEW_SESSION_TICKET) { + $message->ticket(""); + $message->repack(); + } + } +} + +sub inject_empty_ticket_filter { + my $proxy = shift; + + foreach my $message (@{$proxy->message_list}) { + if ($message->mt == TLSProxy::Message::MT_NEW_SESSION_TICKET) { + # Only inject the message first time we're called. + return; + } + } + + my @new_message_list = (); + foreach my $message (@{$proxy->message_list}) { + push @new_message_list, $message; + if ($message->mt == TLSProxy::Message::MT_SERVER_HELLO) { + $message->set_extension(TLSProxy::Message::EXT_SESSION_TICKET, ""); + $message->repack(); + # Tack NewSessionTicket onto the ServerHello record. + # This only works if the ServerHello is exactly one record. + my $record = ${$message->records}[0]; + + my $offset = $message->startoffset + $message->encoded_length; + my $newsessionticket = TLSProxy::NewSessionTicket->new( + 1, "", [$record], $offset, []); + $newsessionticket->repack(); + push @new_message_list, $newsessionticket; + } + } + $proxy->message_list([@new_message_list]); +} + +sub inject_ticket_extension_filter +{ + my $proxy = shift; + + # We're only interested in the initial ServerHello + if ($proxy->flight != 1) { + return; + } + + foreach my $message (@{$proxy->message_list}) { + if ($message->mt == TLSProxy::Message::MT_SERVER_HELLO) { + #Add the session ticket extension to the ServerHello even though + #we are not going to send a NewSessionTicket message + $message->set_extension(TLSProxy::Message::EXT_SESSION_TICKET, ""); + + $message->repack(); + } + } +} + +sub checkmessages($$$$$$) +{ + my ($testno, $testname, $testch, $testsh, $testtickseen, $testhand) = @_; + + subtest $testname => sub { + + foreach my $message (@{$proxy->message_list}) { + if ($message->mt == TLSProxy::Message::MT_CLIENT_HELLO + || $message->mt == TLSProxy::Message::MT_SERVER_HELLO) { + #Get the extensions data + my %extensions = %{$message->extension_data}; + if (defined + $extensions{TLSProxy::Message::EXT_SESSION_TICKET}) { + if ($message->mt == TLSProxy::Message::MT_CLIENT_HELLO) { + $chellotickext = 1; + } else { + $shellotickext = 1; + } + } + } elsif ($message->mt == TLSProxy::Message::MT_CLIENT_KEY_EXCHANGE) { + #Must be doing a full handshake + $fullhand = 1; + } elsif ($message->mt == TLSProxy::Message::MT_NEW_SESSION_TICKET) { + $ticketseen = 1; + } + } + + plan tests => 5; + + ok(TLSProxy::Message->success, "Handshake"); + ok(($testch && $chellotickext) || (!$testch && !$chellotickext), + "ClientHello extension Session Ticket check"); + ok(($testsh && $shellotickext) || (!$testsh && !$shellotickext), + "ServerHello extension Session Ticket check"); + ok(($testtickseen && $ticketseen) || (!$testtickseen && !$ticketseen), + "Session Ticket message presence check"); + ok(($testhand && $fullhand) || (!$testhand && !$fullhand), + "Session Ticket full handshake check"); + } +} + + +sub clearclient() +{ + $chellotickext = 0; + $shellotickext = 0; + $fullhand = 0; + $ticketseen = 0; + $proxy->clearClient(); +} + +sub clearall() +{ + clearclient(); + $proxy->clear(); +} diff --git a/openssl-1.1.0h/test/recipes/70-test_sslskewith0p.t b/openssl-1.1.0h/test/recipes/70-test_sslskewith0p.t new file mode 100644 index 0000000..af87739 --- /dev/null +++ b/openssl-1.1.0h/test/recipes/70-test_sslskewith0p.t @@ -0,0 +1,65 @@ +#! /usr/bin/env perl +# Copyright 2015-2018 The OpenSSL Project Authors. All Rights Reserved. +# +# Licensed under the OpenSSL license (the "License"). You may not use +# this file except in compliance with the License. You can obtain a copy +# in the file LICENSE in the source distribution or at +# https://www.openssl.org/source/license.html + +use strict; +use OpenSSL::Test qw/:DEFAULT cmdstr srctop_file bldtop_dir/; +use OpenSSL::Test::Utils; +use TLSProxy::Proxy; + +my $test_name = "test_sslskewith0p"; +setup($test_name); + +plan skip_all => "TLSProxy isn't usable on $^O" + if $^O =~ /^(VMS)$/; + +plan skip_all => "$test_name needs the dynamic engine feature enabled" + if disabled("engine") || disabled("dynamic-engine"); + +plan skip_all => "dh is not supported by this OpenSSL build" + if disabled("dh"); + +plan skip_all => "$test_name needs the sock feature enabled" + if disabled("sock"); + +plan skip_all => "$test_name needs TLS enabled" + if alldisabled(available_protocols("tls")); + +$ENV{OPENSSL_ia32cap} = '~0x200000200000000'; +my $proxy = TLSProxy::Proxy->new( + \&ske_0_p_filter, + cmdstr(app(["openssl"]), display => 1), + srctop_file("apps", "server.pem"), + (!$ENV{HARNESS_ACTIVE} || $ENV{HARNESS_VERBOSE}) +); + +#We must use an anon DHE cipher for this test +$proxy->cipherc('ADH-AES128-SHA:@SECLEVEL=0'); +$proxy->ciphers('ADH-AES128-SHA:@SECLEVEL=0'); + +$proxy->start() or plan skip_all => "Unable to start up Proxy for tests"; +plan tests => 1; +ok(TLSProxy::Message->fail, "ServerKeyExchange with 0 p"); + +sub ske_0_p_filter +{ + my $proxy = shift; + + # We're only interested in the SKE - always in flight 1 + if ($proxy->flight != 1) { + return; + } + + foreach my $message (@{$proxy->message_list}) { + if ($message->mt == TLSProxy::Message::MT_SERVER_KEY_EXCHANGE) { + #Set p to a value of 0 + $message->p(pack('C', 0)); + + $message->repack(); + } + } +} diff --git a/openssl-1.1.0h/test/recipes/70-test_sslvertol.t b/openssl-1.1.0h/test/recipes/70-test_sslvertol.t new file mode 100644 index 0000000..59c2cdd --- /dev/null +++ b/openssl-1.1.0h/test/recipes/70-test_sslvertol.t @@ -0,0 +1,67 @@ +#! /usr/bin/env perl +# Copyright 2015-2018 The OpenSSL Project Authors. All Rights Reserved. +# +# Licensed under the OpenSSL license (the "License"). You may not use +# this file except in compliance with the License. You can obtain a copy +# in the file LICENSE in the source distribution or at +# https://www.openssl.org/source/license.html + +use strict; +use OpenSSL::Test qw/:DEFAULT cmdstr srctop_file bldtop_dir/; +use OpenSSL::Test::Utils; +use TLSProxy::Proxy; + +my $test_name = "test_sslextension"; +setup($test_name); + +plan skip_all => "TLSProxy isn't usable on $^O" + if $^O =~ /^(VMS)$/; + +plan skip_all => "$test_name needs the dynamic engine feature enabled" + if disabled("engine") || disabled("dynamic-engine"); + +plan skip_all => "$test_name needs the sock feature enabled" + if disabled("sock"); + +plan skip_all => "$test_name needs TLS enabled" + if alldisabled(available_protocols("tls")); + +$ENV{OPENSSL_ia32cap} = '~0x200000200000000'; +my $proxy = TLSProxy::Proxy->new( + \&vers_tolerance_filter, + cmdstr(app(["openssl"]), display => 1), + srctop_file("apps", "server.pem"), + (!$ENV{HARNESS_ACTIVE} || $ENV{HARNESS_VERBOSE}) +); + +#Test 1: Asking for TLS1.3 should pass +my $client_version = TLSProxy::Record::VERS_TLS_1_3; +$proxy->start() or plan skip_all => "Unable to start up Proxy for tests"; +plan tests => 2; +ok(TLSProxy::Message->success(), "Version tolerance test, TLS 1.3"); + +#Test 2: Testing something below SSLv3 should fail +$client_version = TLSProxy::Record::VERS_SSL_3_0 - 1; +$proxy->clear(); +$proxy->start(); +ok(TLSProxy::Message->fail(), "Version tolerance test, SSL < 3.0"); + +sub vers_tolerance_filter +{ + my $proxy = shift; + + # We're only interested in the initial ClientHello + if ($proxy->flight != 0) { + return; + } + + foreach my $message (@{$proxy->message_list}) { + if ($message->mt == TLSProxy::Message::MT_CLIENT_HELLO) { + #Set the client version + #Anything above the max supported version (TLS1.2) should succeed + #Anything below SSLv3 should fail + $message->client_version($client_version); + $message->repack(); + } + } +} diff --git a/openssl-1.1.0h/test/recipes/70-test_tlsextms.t b/openssl-1.1.0h/test/recipes/70-test_tlsextms.t new file mode 100644 index 0000000..d39acf4 --- /dev/null +++ b/openssl-1.1.0h/test/recipes/70-test_tlsextms.t @@ -0,0 +1,238 @@ +#! /usr/bin/env perl +# Copyright 2015-2018 The OpenSSL Project Authors. All Rights Reserved. +# +# Licensed under the OpenSSL license (the "License"). You may not use +# this file except in compliance with the License. You can obtain a copy +# in the file LICENSE in the source distribution or at +# https://www.openssl.org/source/license.html + +use strict; +use OpenSSL::Test qw/:DEFAULT cmdstr srctop_file bldtop_dir/; +use OpenSSL::Test::Utils; +use TLSProxy::Proxy; +use File::Temp qw(tempfile); + +my $test_name = "test_tlsextms"; +setup($test_name); + +plan skip_all => "TLSProxy isn't usable on $^O" + if $^O =~ /^(VMS)$/; + +plan skip_all => "$test_name needs the dynamic engine feature enabled" + if disabled("engine") || disabled("dynamic-engine"); + +plan skip_all => "$test_name needs the sock feature enabled" + if disabled("sock"); + +plan skip_all => "$test_name needs TLS enabled" + if alldisabled(available_protocols("tls")); + +$ENV{OPENSSL_ia32cap} = '~0x200000200000000'; + +sub checkmessages($$$$$); +sub setrmextms($$); +sub clearall(); + +my $crmextms = 0; +my $srmextms = 0; +my $cextms = 0; +my $sextms = 0; +my $fullhand = 0; + +my $proxy = TLSProxy::Proxy->new( + \&extms_filter, + cmdstr(app(["openssl"]), display => 1), + srctop_file("apps", "server.pem"), + (!$ENV{HARNESS_ACTIVE} || $ENV{HARNESS_VERBOSE}) +); + +#Test 1: By default server and client should send extended master secret +# extension. +#Expected result: ClientHello extension seen; ServerHello extension seen +# Full handshake + +setrmextms(0, 0); +$proxy->start() or plan skip_all => "Unable to start up Proxy for tests"; +plan tests => 9; +checkmessages(1, "Default extended master secret test", 1, 1, 1); + +#Test 2: If client omits extended master secret extension, server should too. +#Expected result: ClientHello extension not seen; ServerHello extension not seen +# Full handshake + +clearall(); +setrmextms(1, 0); +$proxy->start(); +checkmessages(2, "No client extension extended master secret test", 0, 0, 1); + +# Test 3: same as 1 but with session tickets disabled. +# Expected result: same as test 1. + +clearall(); +$proxy->clientflags("-no_ticket"); +setrmextms(0, 0); +$proxy->start(); +checkmessages(3, "No ticket extended master secret test", 1, 1, 1); + +# Test 4: same as 2 but with session tickets disabled. +# Expected result: same as test 2. + +clearall(); +$proxy->clientflags("-no_ticket"); +setrmextms(1, 0); +$proxy->start(); +checkmessages(2, "No ticket, no client extension extended master secret test", 0, 0, 1); + +#Test 5: Session resumption extended master secret test +# +#Expected result: ClientHello extension seen; ServerHello extension seen +# Abbreviated handshake + +clearall(); +setrmextms(0, 0); +(undef, my $session) = tempfile(); +$proxy->serverconnects(2); +$proxy->clientflags("-sess_out ".$session); +$proxy->start(); +$proxy->clearClient(); +$proxy->clientflags("-sess_in ".$session); +$proxy->clientstart(); +checkmessages(5, "Session resumption extended master secret test", 1, 1, 0); +unlink $session; + +#Test 6: Session resumption extended master secret test original session +# omits extension. Server must not resume session. +#Expected result: ClientHello extension seen; ServerHello extension seen +# Full handshake + +clearall(); +setrmextms(1, 0); +(undef, $session) = tempfile(); +$proxy->serverconnects(2); +$proxy->clientflags("-sess_out ".$session); +$proxy->start(); +$proxy->clearClient(); +$proxy->clientflags("-sess_in ".$session); +setrmextms(0, 0); +$proxy->clientstart(); +checkmessages(6, "Session resumption extended master secret test", 1, 1, 1); +unlink $session; + +#Test 7: Session resumption extended master secret test resumed session +# omits client extension. Server must abort connection. +#Expected result: aborted connection. + +clearall(); +setrmextms(0, 0); +(undef, $session) = tempfile(); +$proxy->serverconnects(2); +$proxy->clientflags("-sess_out ".$session); +$proxy->start(); +$proxy->clearClient(); +$proxy->clientflags("-sess_in ".$session); +setrmextms(1, 0); +$proxy->clientstart(); +ok(TLSProxy::Message->fail(), "Client inconsistent session resumption"); +unlink $session; + +#Test 8: Session resumption extended master secret test resumed session +# omits server extension. Client must abort connection. +#Expected result: aborted connection. + +clearall(); +setrmextms(0, 0); +(undef, $session) = tempfile(); +$proxy->serverconnects(2); +$proxy->clientflags("-sess_out ".$session); +$proxy->start(); +$proxy->clearClient(); +$proxy->clientflags("-sess_in ".$session); +setrmextms(0, 1); +$proxy->clientstart(); +ok(TLSProxy::Message->fail(), "Server inconsistent session resumption 1"); +unlink $session; + +#Test 9: Session resumption extended master secret test initial session +# omits server extension. Client must abort connection. +#Expected result: aborted connection. + +clearall(); +setrmextms(0, 1); +(undef, $session) = tempfile(); +$proxy->serverconnects(2); +$proxy->clientflags("-sess_out ".$session); +$proxy->start(); +$proxy->clearClient(); +$proxy->clientflags("-sess_in ".$session); +setrmextms(0, 0); +$proxy->clientstart(); +ok(TLSProxy::Message->fail(), "Server inconsistent session resumption 2"); +unlink $session; + +sub extms_filter +{ + my $proxy = shift; + + foreach my $message (@{$proxy->message_list}) { + if ($crmextms && $message->mt == TLSProxy::Message::MT_CLIENT_HELLO) { + $message->delete_extension(TLSProxy::Message::EXT_EXTENDED_MASTER_SECRET); + $message->repack(); + } + if ($srmextms && $message->mt == TLSProxy::Message::MT_SERVER_HELLO) { + $message->delete_extension(TLSProxy::Message::EXT_EXTENDED_MASTER_SECRET); + $message->repack(); + } + } +} + +sub checkmessages($$$$$) +{ + my ($testno, $testname, $testcextms, $testsextms, $testhand) = @_; + + subtest $testname => sub { + + foreach my $message (@{$proxy->message_list}) { + if ($message->mt == TLSProxy::Message::MT_CLIENT_HELLO + || $message->mt == TLSProxy::Message::MT_SERVER_HELLO) { + #Get the extensions data + my %extensions = %{$message->extension_data}; + if (defined + $extensions{TLSProxy::Message::EXT_EXTENDED_MASTER_SECRET}) { + if ($message->mt == TLSProxy::Message::MT_CLIENT_HELLO) { + $cextms = 1; + } else { + $sextms = 1; + } + } + } elsif ($message->mt == TLSProxy::Message::MT_CLIENT_KEY_EXCHANGE) { + #Must be doing a full handshake + $fullhand = 1; + } + } + + plan tests => 4; + + ok(TLSProxy::Message->success, "Handshake"); + + ok($testcextms == $cextms, + "ClientHello extension extended master secret check"); + ok($testsextms == $sextms, + "ServerHello extension extended master secret check"); + ok($testhand == $fullhand, + "Extended master secret full handshake check"); + + } +} + +sub setrmextms($$) +{ + ($crmextms, $srmextms) = @_; +} + +sub clearall() +{ + $cextms = 0; + $sextms = 0; + $fullhand = 0; + $proxy->clear(); +} diff --git a/openssl-1.1.0h/test/recipes/70-test_verify_extra.t b/openssl-1.1.0h/test/recipes/70-test_verify_extra.t new file mode 100644 index 0000000..79a33cd --- /dev/null +++ b/openssl-1.1.0h/test/recipes/70-test_verify_extra.t @@ -0,0 +1,19 @@ +#! /usr/bin/env perl +# Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved. +# +# Licensed under the OpenSSL license (the "License"). You may not use +# this file except in compliance with the License. You can obtain a copy +# in the file LICENSE in the source distribution or at +# https://www.openssl.org/source/license.html + + +use OpenSSL::Test qw/:DEFAULT srctop_file/; + +setup("test_verify_extra"); + +plan tests => 1; + +ok(run(test(["verify_extra_test", + srctop_file("test", "certs", "roots.pem"), + srctop_file("test", "certs", "untrusted.pem"), + srctop_file("test", "certs", "bad.pem")]))); diff --git a/openssl-1.1.0h/test/recipes/80-test_ca.t b/openssl-1.1.0h/test/recipes/80-test_ca.t new file mode 100644 index 0000000..28a090e --- /dev/null +++ b/openssl-1.1.0h/test/recipes/80-test_ca.t @@ -0,0 +1,59 @@ +#! /usr/bin/env perl +# Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved. +# +# Licensed under the OpenSSL license (the "License"). You may not use +# this file except in compliance with the License. You can obtain a copy +# in the file LICENSE in the source distribution or at +# https://www.openssl.org/source/license.html + + +use strict; +use warnings; + +use POSIX; +use File::Path 2.00 qw/rmtree/; +use OpenSSL::Test qw/:DEFAULT cmdstr srctop_file/; + +setup("test_ca"); + +$ENV{OPENSSL} = cmdstr(app(["openssl"]), display => 1); +my $std_openssl_cnf = + srctop_file("apps", $^O eq "VMS" ? "openssl-vms.cnf" : "openssl.cnf"); + +rmtree("demoCA", { safe => 0 }); + +plan tests => 4; + SKIP: { + $ENV{OPENSSL_CONFIG} = '-config "'.srctop_file("test", "CAss.cnf").'"'; + skip "failed creating CA structure", 3 + if !ok(run(perlapp(["CA.pl","-newca"], stdin => undef)), + 'creating CA structure'); + + $ENV{OPENSSL_CONFIG} = '-config "'.srctop_file("test", "Uss.cnf").'"'; + skip "failed creating new certificate request", 2 + if !ok(run(perlapp(["CA.pl","-newreq"])), + 'creating certificate request'); + + $ENV{OPENSSL_CONFIG} = '-config "'.$std_openssl_cnf.'"'; + skip "failed to sign certificate request", 1 + if !is(yes(cmdstr(perlapp(["CA.pl", "-sign"]))), 0, + 'signing certificate request'); + + ok(run(perlapp(["CA.pl", "-verify", "newcert.pem"])), + 'verifying new certificate'); +} + + +rmtree("demoCA", { safe => 0 }); +unlink "newcert.pem", "newreq.pem", "newkey.pem"; + + +sub yes { + my $cntr = 10; + open(PIPE, "|-", join(" ",@_)); + local $SIG{PIPE} = "IGNORE"; + 1 while $cntr-- > 0 && print PIPE "y\n"; + close PIPE; + return 0; +} + diff --git a/openssl-1.1.0h/test/recipes/80-test_cipherlist.t b/openssl-1.1.0h/test/recipes/80-test_cipherlist.t new file mode 100644 index 0000000..98d537e --- /dev/null +++ b/openssl-1.1.0h/test/recipes/80-test_cipherlist.t @@ -0,0 +1,26 @@ +#! /usr/bin/perl +# +# Copyright 2016-2016 The OpenSSL Project Authors. All Rights Reserved. +# +# Licensed under the OpenSSL license (the "License"). You may not use +# this file except in compliance with the License. You can obtain a copy +# in the file LICENSE in the source distribution or at +# https://www.openssl.org/source/license.html + + +use strict; +use warnings; + +use OpenSSL::Test::Simple; +use OpenSSL::Test; +use OpenSSL::Test::Utils qw(alldisabled available_protocols); + +setup("test_cipherlist"); + +my $no_anytls = alldisabled(available_protocols("tls")); + +# If we have no protocols, then we also have no supported ciphers. +plan skip_all => "No SSL/TLS protocol is supported by this OpenSSL build." + if $no_anytls; + +simple_test("test_cipherlist", "cipherlist_test", "cipherlist"); diff --git a/openssl-1.1.0h/test/recipes/80-test_cms.t b/openssl-1.1.0h/test/recipes/80-test_cms.t new file mode 100644 index 0000000..f038bea --- /dev/null +++ b/openssl-1.1.0h/test/recipes/80-test_cms.t @@ -0,0 +1,511 @@ +#! /usr/bin/env perl +# Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved. +# +# Licensed under the OpenSSL license (the "License"). You may not use +# this file except in compliance with the License. You can obtain a copy +# in the file LICENSE in the source distribution or at +# https://www.openssl.org/source/license.html + + +use strict; +use warnings; + +use POSIX; +use File::Spec::Functions qw/catfile/; +use File::Compare qw/compare_text/; +use OpenSSL::Test qw/:DEFAULT srctop_dir srctop_file/; +use OpenSSL::Test::Utils; + +setup("test_cms"); + +plan skip_all => "CMS is not supported by this OpenSSL build" + if disabled("cms"); + +my $smdir = srctop_dir("test", "smime-certs"); +my $smcont = srctop_file("test", "smcont.txt"); +my ($no_des, $no_dh, $no_dsa, $no_ec, $no_ec2m, $no_rc2, $no_zlib) + = disabled qw/des dh dsa ec ec2m rc2 zlib/; + +plan tests => 4; + +my @smime_pkcs7_tests = ( + + [ "signed content DER format, RSA key", + [ "-sign", "-in", $smcont, "-outform", "DER", "-nodetach", + "-certfile", catfile($smdir, "smroot.pem"), + "-signer", catfile($smdir, "smrsa1.pem"), "-out", "test.cms" ], + [ "-verify", "-in", "test.cms", "-inform", "DER", + "-CAfile", catfile($smdir, "smroot.pem"), "-out", "smtst.txt" ] + ], + + [ "signed detached content DER format, RSA key", + [ "-sign", "-in", $smcont, "-outform", "DER", + "-signer", catfile($smdir, "smrsa1.pem"), "-out", "test.cms" ], + [ "-verify", "-in", "test.cms", "-inform", "DER", + "-CAfile", catfile($smdir, "smroot.pem"), "-out", "smtst.txt", + "-content", $smcont ] + ], + + [ "signed content test streaming BER format, RSA", + [ "-sign", "-in", $smcont, "-outform", "DER", "-nodetach", + "-stream", + "-signer", catfile($smdir, "smrsa1.pem"), "-out", "test.cms" ], + [ "-verify", "-in", "test.cms", "-inform", "DER", + "-CAfile", catfile($smdir, "smroot.pem"), "-out", "smtst.txt" ] + ], + + [ "signed content DER format, DSA key", + [ "-sign", "-in", $smcont, "-outform", "DER", "-nodetach", + "-signer", catfile($smdir, "smdsa1.pem"), "-out", "test.cms" ], + [ "-verify", "-in", "test.cms", "-inform", "DER", + "-CAfile", catfile($smdir, "smroot.pem"), "-out", "smtst.txt" ] + ], + + [ "signed detached content DER format, DSA key", + [ "-sign", "-in", $smcont, "-outform", "DER", + "-signer", catfile($smdir, "smdsa1.pem"), "-out", "test.cms" ], + [ "-verify", "-in", "test.cms", "-inform", "DER", + "-CAfile", catfile($smdir, "smroot.pem"), "-out", "smtst.txt", + "-content", $smcont ] + ], + + [ "signed detached content DER format, add RSA signer (with DSA existing)", + [ "-resign", "-inform", "DER", "-in", "test.cms", "-outform", "DER", + "-signer", catfile($smdir, "smrsa1.pem"), "-out", "test2.cms" ], + [ "-verify", "-in", "test2.cms", "-inform", "DER", + "-CAfile", catfile($smdir, "smroot.pem"), "-out", "smtst.txt", + "-content", $smcont ] + ], + + [ "signed content test streaming BER format, DSA key", + [ "-sign", "-in", $smcont, "-outform", "DER", "-nodetach", + "-stream", + "-signer", catfile($smdir, "smdsa1.pem"), "-out", "test.cms" ], + [ "-verify", "-in", "test.cms", "-inform", "DER", + "-CAfile", catfile($smdir, "smroot.pem"), "-out", "smtst.txt" ] + ], + + [ "signed content test streaming BER format, 2 DSA and 2 RSA keys", + [ "-sign", "-in", $smcont, "-outform", "DER", "-nodetach", + "-signer", catfile($smdir, "smrsa1.pem"), + "-signer", catfile($smdir, "smrsa2.pem"), + "-signer", catfile($smdir, "smdsa1.pem"), + "-signer", catfile($smdir, "smdsa2.pem"), + "-stream", "-out", "test.cms" ], + [ "-verify", "-in", "test.cms", "-inform", "DER", + "-CAfile", catfile($smdir, "smroot.pem"), "-out", "smtst.txt" ] + ], + + [ "signed content test streaming BER format, 2 DSA and 2 RSA keys, no attributes", + [ "-sign", "-in", $smcont, "-outform", "DER", "-noattr", "-nodetach", + "-signer", catfile($smdir, "smrsa1.pem"), + "-signer", catfile($smdir, "smrsa2.pem"), + "-signer", catfile($smdir, "smdsa1.pem"), + "-signer", catfile($smdir, "smdsa2.pem"), + "-stream", "-out", "test.cms" ], + [ "-verify", "-in", "test.cms", "-inform", "DER", + "-CAfile", catfile($smdir, "smroot.pem"), "-out", "smtst.txt" ] + ], + + [ "signed content S/MIME format, RSA key SHA1", + [ "-sign", "-in", $smcont, "-md", "sha1", + "-certfile", catfile($smdir, "smroot.pem"), + "-signer", catfile($smdir, "smrsa1.pem"), "-out", "test.cms" ], + [ "-verify", "-in", "test.cms", + "-CAfile", catfile($smdir, "smroot.pem"), "-out", "smtst.txt" ] + ], + + [ "signed content test streaming S/MIME format, 2 DSA and 2 RSA keys", + [ "-sign", "-in", $smcont, "-nodetach", + "-signer", catfile($smdir, "smrsa1.pem"), + "-signer", catfile($smdir, "smrsa2.pem"), + "-signer", catfile($smdir, "smdsa1.pem"), + "-signer", catfile($smdir, "smdsa2.pem"), + "-stream", "-out", "test.cms" ], + [ "-verify", "-in", "test.cms", + "-CAfile", catfile($smdir, "smroot.pem"), "-out", "smtst.txt" ] + ], + + [ "signed content test streaming multipart S/MIME format, 2 DSA and 2 RSA keys", + [ "-sign", "-in", $smcont, + "-signer", catfile($smdir, "smrsa1.pem"), + "-signer", catfile($smdir, "smrsa2.pem"), + "-signer", catfile($smdir, "smdsa1.pem"), + "-signer", catfile($smdir, "smdsa2.pem"), + "-stream", "-out", "test.cms" ], + [ "-verify", "-in", "test.cms", + "-CAfile", catfile($smdir, "smroot.pem"), "-out", "smtst.txt" ] + ], + + [ "enveloped content test streaming S/MIME format, DES, 3 recipients", + [ "-encrypt", "-in", $smcont, + "-stream", "-out", "test.cms", + catfile($smdir, "smrsa1.pem"), + catfile($smdir, "smrsa2.pem"), + catfile($smdir, "smrsa3.pem") ], + [ "-decrypt", "-recip", catfile($smdir, "smrsa1.pem"), + "-in", "test.cms", "-out", "smtst.txt" ] + ], + + [ "enveloped content test streaming S/MIME format, DES, 3 recipients, 3rd used", + [ "-encrypt", "-in", $smcont, + "-stream", "-out", "test.cms", + catfile($smdir, "smrsa1.pem"), + catfile($smdir, "smrsa2.pem"), + catfile($smdir, "smrsa3.pem") ], + [ "-decrypt", "-recip", catfile($smdir, "smrsa3.pem"), + "-in", "test.cms", "-out", "smtst.txt" ] + ], + + [ "enveloped content test streaming S/MIME format, DES, 3 recipients, key only used", + [ "-encrypt", "-in", $smcont, + "-stream", "-out", "test.cms", + catfile($smdir, "smrsa1.pem"), + catfile($smdir, "smrsa2.pem"), + catfile($smdir, "smrsa3.pem") ], + [ "-decrypt", "-inkey", catfile($smdir, "smrsa3.pem"), + "-in", "test.cms", "-out", "smtst.txt" ] + ], + + [ "enveloped content test streaming S/MIME format, AES-256 cipher, 3 recipients", + [ "-encrypt", "-in", $smcont, + "-aes256", "-stream", "-out", "test.cms", + catfile($smdir, "smrsa1.pem"), + catfile($smdir, "smrsa2.pem"), + catfile($smdir, "smrsa3.pem") ], + [ "-decrypt", "-recip", catfile($smdir, "smrsa1.pem"), + "-in", "test.cms", "-out", "smtst.txt" ] + ], + +); + +my @smime_cms_tests = ( + + [ "signed content test streaming BER format, 2 DSA and 2 RSA keys, keyid", + [ "-sign", "-in", $smcont, "-outform", "DER", "-nodetach", "-keyid", + "-signer", catfile($smdir, "smrsa1.pem"), + "-signer", catfile($smdir, "smrsa2.pem"), + "-signer", catfile($smdir, "smdsa1.pem"), + "-signer", catfile($smdir, "smdsa2.pem"), + "-stream", "-out", "test.cms" ], + [ "-verify", "-in", "test.cms", "-inform", "DER", + "-CAfile", catfile($smdir, "smroot.pem"), "-out", "smtst.txt" ] + ], + + [ "signed content test streaming PEM format, 2 DSA and 2 RSA keys", + [ "-sign", "-in", $smcont, "-outform", "PEM", "-nodetach", + "-signer", catfile($smdir, "smrsa1.pem"), + "-signer", catfile($smdir, "smrsa2.pem"), + "-signer", catfile($smdir, "smdsa1.pem"), + "-signer", catfile($smdir, "smdsa2.pem"), + "-stream", "-out", "test.cms" ], + [ "-verify", "-in", "test.cms", "-inform", "PEM", + "-CAfile", catfile($smdir, "smroot.pem"), "-out", "smtst.txt" ] + ], + + [ "signed content MIME format, RSA key, signed receipt request", + [ "-sign", "-in", $smcont, "-signer", catfile($smdir, "smrsa1.pem"), "-nodetach", + "-receipt_request_to", "test\@openssl.org", "-receipt_request_all", + "-out", "test.cms" ], + [ "-verify", "-in", "test.cms", + "-CAfile", catfile($smdir, "smroot.pem"), "-out", "smtst.txt" ] + ], + + [ "signed receipt MIME format, RSA key", + [ "-sign_receipt", "-in", "test.cms", + "-signer", catfile($smdir, "smrsa2.pem"), + "-out", "test2.cms" ], + [ "-verify_receipt", "test2.cms", "-in", "test.cms", + "-CAfile", catfile($smdir, "smroot.pem") ] + ], + + [ "enveloped content test streaming S/MIME format, DES, 3 recipients, keyid", + [ "-encrypt", "-in", $smcont, + "-stream", "-out", "test.cms", "-keyid", + catfile($smdir, "smrsa1.pem"), + catfile($smdir, "smrsa2.pem"), + catfile($smdir, "smrsa3.pem") ], + [ "-decrypt", "-recip", catfile($smdir, "smrsa1.pem"), + "-in", "test.cms", "-out", "smtst.txt" ] + ], + + [ "enveloped content test streaming PEM format, KEK", + [ "-encrypt", "-in", $smcont, "-outform", "PEM", "-aes128", + "-stream", "-out", "test.cms", + "-secretkey", "000102030405060708090A0B0C0D0E0F", + "-secretkeyid", "C0FEE0" ], + [ "-decrypt", "-in", "test.cms", "-out", "smtst.txt", "-inform", "PEM", + "-secretkey", "000102030405060708090A0B0C0D0E0F", + "-secretkeyid", "C0FEE0" ] + ], + + [ "enveloped content test streaming PEM format, KEK, key only", + [ "-encrypt", "-in", $smcont, "-outform", "PEM", "-aes128", + "-stream", "-out", "test.cms", + "-secretkey", "000102030405060708090A0B0C0D0E0F", + "-secretkeyid", "C0FEE0" ], + [ "-decrypt", "-in", "test.cms", "-out", "smtst.txt", "-inform", "PEM", + "-secretkey", "000102030405060708090A0B0C0D0E0F" ] + ], + + [ "data content test streaming PEM format", + [ "-data_create", "-in", $smcont, "-outform", "PEM", "-nodetach", + "-stream", "-out", "test.cms" ], + [ "-data_out", "-in", "test.cms", "-inform", "PEM", "-out", "smtst.txt" ] + ], + + [ "encrypted content test streaming PEM format, 128 bit RC2 key", + [ "-EncryptedData_encrypt", "-in", $smcont, "-outform", "PEM", + "-rc2", "-secretkey", "000102030405060708090A0B0C0D0E0F", + "-stream", "-out", "test.cms" ], + [ "-EncryptedData_decrypt", "-in", "test.cms", "-inform", "PEM", + "-secretkey", "000102030405060708090A0B0C0D0E0F", "-out", "smtst.txt" ] + ], + + [ "encrypted content test streaming PEM format, 40 bit RC2 key", + [ "-EncryptedData_encrypt", "-in", $smcont, "-outform", "PEM", + "-rc2", "-secretkey", "0001020304", + "-stream", "-out", "test.cms" ], + [ "-EncryptedData_decrypt", "-in", "test.cms", "-inform", "PEM", + "-secretkey", "0001020304", "-out", "smtst.txt" ] + ], + + [ "encrypted content test streaming PEM format, triple DES key", + [ "-EncryptedData_encrypt", "-in", $smcont, "-outform", "PEM", + "-des3", "-secretkey", "000102030405060708090A0B0C0D0E0F1011121314151617", + "-stream", "-out", "test.cms" ], + [ "-EncryptedData_decrypt", "-in", "test.cms", "-inform", "PEM", + "-secretkey", "000102030405060708090A0B0C0D0E0F1011121314151617", + "-out", "smtst.txt" ] + ], + + [ "encrypted content test streaming PEM format, 128 bit AES key", + [ "-EncryptedData_encrypt", "-in", $smcont, "-outform", "PEM", + "-aes128", "-secretkey", "000102030405060708090A0B0C0D0E0F", + "-stream", "-out", "test.cms" ], + [ "-EncryptedData_decrypt", "-in", "test.cms", "-inform", "PEM", + "-secretkey", "000102030405060708090A0B0C0D0E0F", "-out", "smtst.txt" ] + ], + +); + +my @smime_cms_comp_tests = ( + + [ "compressed content test streaming PEM format", + [ "-compress", "-in", $smcont, "-outform", "PEM", "-nodetach", + "-stream", "-out", "test.cms" ], + [ "-uncompress", "-in", "test.cms", "-inform", "PEM", "-out", "smtst.txt" ] + ] + +); + +my @smime_cms_param_tests = ( + [ "signed content test streaming PEM format, RSA keys, PSS signature", + [ "-sign", "-in", $smcont, "-outform", "PEM", "-nodetach", + "-signer", catfile($smdir, "smrsa1.pem"), "-keyopt", "rsa_padding_mode:pss", + "-out", "test.cms" ], + [ "-verify", "-in", "test.cms", "-inform", "PEM", + "-CAfile", catfile($smdir, "smroot.pem"), "-out", "smtst.txt" ] + ], + + [ "signed content test streaming PEM format, RSA keys, PSS signature, no attributes", + [ "-sign", "-in", $smcont, "-outform", "PEM", "-nodetach", "-noattr", + "-signer", catfile($smdir, "smrsa1.pem"), "-keyopt", "rsa_padding_mode:pss", + "-out", "test.cms" ], + [ "-verify", "-in", "test.cms", "-inform", "PEM", + "-CAfile", catfile($smdir, "smroot.pem"), "-out", "smtst.txt" ] + ], + + [ "signed content test streaming PEM format, RSA keys, PSS signature, SHA384 MGF1", + [ "-sign", "-in", $smcont, "-outform", "PEM", "-nodetach", + "-signer", catfile($smdir, "smrsa1.pem"), "-keyopt", "rsa_padding_mode:pss", + "-keyopt", "rsa_mgf1_md:sha384", "-out", "test.cms" ], + [ "-verify", "-in", "test.cms", "-inform", "PEM", + "-CAfile", catfile($smdir, "smroot.pem"), "-out", "smtst.txt" ] + ], + + [ "enveloped content test streaming S/MIME format, DES, OAEP default parameters", + [ "-encrypt", "-in", $smcont, + "-stream", "-out", "test.cms", + "-recip", catfile($smdir, "smrsa1.pem"), "-keyopt", "rsa_padding_mode:oaep" ], + [ "-decrypt", "-recip", catfile($smdir, "smrsa1.pem"), + "-in", "test.cms", "-out", "smtst.txt" ] + ], + + [ "enveloped content test streaming S/MIME format, DES, OAEP SHA256", + [ "-encrypt", "-in", $smcont, + "-stream", "-out", "test.cms", + "-recip", catfile($smdir, "smrsa1.pem"), "-keyopt", "rsa_padding_mode:oaep", + "-keyopt", "rsa_oaep_md:sha256" ], + [ "-decrypt", "-recip", catfile($smdir, "smrsa1.pem"), + "-in", "test.cms", "-out", "smtst.txt" ] + ], + + [ "enveloped content test streaming S/MIME format, DES, ECDH", + [ "-encrypt", "-in", $smcont, + "-stream", "-out", "test.cms", + "-recip", catfile($smdir, "smec1.pem") ], + [ "-decrypt", "-recip", catfile($smdir, "smec1.pem"), + "-in", "test.cms", "-out", "smtst.txt" ] + ], + + [ "enveloped content test streaming S/MIME format, DES, ECDH, 2 recipients, key only used", + [ "-encrypt", "-in", $smcont, + "-stream", "-out", "test.cms", + catfile($smdir, "smec1.pem"), + catfile($smdir, "smec3.pem") ], + [ "-decrypt", "-inkey", catfile($smdir, "smec3.pem"), + "-in", "test.cms", "-out", "smtst.txt" ] + ], + + [ "enveloped content test streaming S/MIME format, ECDH, DES, key identifier", + [ "-encrypt", "-keyid", "-in", $smcont, + "-stream", "-out", "test.cms", + "-recip", catfile($smdir, "smec1.pem") ], + [ "-decrypt", "-recip", catfile($smdir, "smec1.pem"), + "-in", "test.cms", "-out", "smtst.txt" ] + ], + + [ "enveloped content test streaming S/MIME format, ECDH, AES128, SHA256 KDF", + [ "-encrypt", "-in", $smcont, + "-stream", "-out", "test.cms", + "-recip", catfile($smdir, "smec1.pem"), "-aes128", "-keyopt", "ecdh_kdf_md:sha256" ], + [ "-decrypt", "-recip", catfile($smdir, "smec1.pem"), + "-in", "test.cms", "-out", "smtst.txt" ] + ], + + [ "enveloped content test streaming S/MIME format, ECDH, K-283, cofactor DH", + [ "-encrypt", "-in", $smcont, + "-stream", "-out", "test.cms", + "-recip", catfile($smdir, "smec2.pem"), "-aes128", + "-keyopt", "ecdh_kdf_md:sha256", "-keyopt", "ecdh_cofactor_mode:1" ], + [ "-decrypt", "-recip", catfile($smdir, "smec2.pem"), + "-in", "test.cms", "-out", "smtst.txt" ] + ], + + [ "enveloped content test streaming S/MIME format, X9.42 DH", + [ "-encrypt", "-in", $smcont, + "-stream", "-out", "test.cms", + "-recip", catfile($smdir, "smdh.pem"), "-aes128" ], + [ "-decrypt", "-recip", catfile($smdir, "smdh.pem"), + "-in", "test.cms", "-out", "smtst.txt" ] + ] + ); + +subtest "CMS => PKCS#7 compatibility tests\n" => sub { + plan tests => scalar @smime_pkcs7_tests; + + foreach (@smime_pkcs7_tests) { + SKIP: { + my $skip_reason = check_availability($$_[0]); + skip $skip_reason, 1 if $skip_reason; + + ok(run(app(["openssl", "cms", @{$$_[1]}])) + && run(app(["openssl", "smime", @{$$_[2]}])) + && compare_text($smcont, "smtst.txt") == 0, + $$_[0]); + } + } +}; +subtest "CMS <= PKCS#7 compatibility tests\n" => sub { + plan tests => scalar @smime_pkcs7_tests; + + foreach (@smime_pkcs7_tests) { + SKIP: { + my $skip_reason = check_availability($$_[0]); + skip $skip_reason, 1 if $skip_reason; + + ok(run(app(["openssl", "smime", @{$$_[1]}])) + && run(app(["openssl", "cms", @{$$_[2]}])) + && compare_text($smcont, "smtst.txt") == 0, + $$_[0]); + } + } +}; + +subtest "CMS <=> CMS consistency tests\n" => sub { + plan tests => (scalar @smime_pkcs7_tests) + (scalar @smime_cms_tests); + + foreach (@smime_pkcs7_tests) { + SKIP: { + my $skip_reason = check_availability($$_[0]); + skip $skip_reason, 1 if $skip_reason; + + ok(run(app(["openssl", "cms", @{$$_[1]}])) + && run(app(["openssl", "cms", @{$$_[2]}])) + && compare_text($smcont, "smtst.txt") == 0, + $$_[0]); + } + } + foreach (@smime_cms_tests) { + SKIP: { + my $skip_reason = check_availability($$_[0]); + skip $skip_reason, 1 if $skip_reason; + + ok(run(app(["openssl", "cms", @{$$_[1]}])) + && run(app(["openssl", "cms", @{$$_[2]}])) + && compare_text($smcont, "smtst.txt") == 0, + $$_[0]); + } + } +}; + +subtest "CMS <=> CMS consistency tests, modified key parameters\n" => sub { + plan tests => + (scalar @smime_cms_param_tests) + (scalar @smime_cms_comp_tests); + + foreach (@smime_cms_param_tests) { + SKIP: { + my $skip_reason = check_availability($$_[0]); + skip $skip_reason, 1 if $skip_reason; + + ok(run(app(["openssl", "cms", @{$$_[1]}])) + && run(app(["openssl", "cms", @{$$_[2]}])) + && compare_text($smcont, "smtst.txt") == 0, + $$_[0]); + } + } + + SKIP: { + skip("Zlib not supported: compression tests skipped", + scalar @smime_cms_comp_tests) + if $no_zlib; + + foreach (@smime_cms_comp_tests) { + SKIP: { + my $skip_reason = check_availability($$_[0]); + skip $skip_reason, 1 if $skip_reason; + + ok(run(app(["openssl", "cms", @{$$_[1]}])) + && run(app(["openssl", "cms", @{$$_[2]}])) + && compare_text($smcont, "smtst.txt") == 0, + $$_[0]); + } + } + } +}; + +unlink "test.cms"; +unlink "test2.cms"; +unlink "smtst.txt"; + +sub check_availability { + my $tnam = shift; + + return "$tnam: skipped, EC disabled\n" + if ($no_ec && $tnam =~ /ECDH/); + return "$tnam: skipped, ECDH disabled\n" + if ($no_ec && $tnam =~ /ECDH/); + return "$tnam: skipped, EC2M disabled\n" + if ($no_ec2m && $tnam =~ /K-283/); + return "$tnam: skipped, DH disabled\n" + if ($no_dh && $tnam =~ /X9\.42/); + return "$tnam: skipped, RC2 disabled\n" + if ($no_rc2 && $tnam =~ /RC2/); + return "$tnam: skipped, DES disabled\n" + if ($no_des && $tnam =~ /DES/); + return "$tnam: skipped, DSA disabled\n" + if ($no_dsa && $tnam =~ / DSA/); + + return ""; +} diff --git a/openssl-1.1.0h/test/recipes/80-test_ct.t b/openssl-1.1.0h/test/recipes/80-test_ct.t new file mode 100644 index 0000000..9c717b2 --- /dev/null +++ b/openssl-1.1.0h/test/recipes/80-test_ct.t @@ -0,0 +1,17 @@ +#! /usr/bin/env perl +# Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved. +# +# Licensed under the OpenSSL license (the "License"). You may not use +# this file except in compliance with the License. You can obtain a copy +# in the file LICENSE in the source distribution or at +# https://www.openssl.org/source/license.html + + +use OpenSSL::Test qw/:DEFAULT srctop_file srctop_dir/; +use OpenSSL::Test::Simple; + +setup("test_ct"); +$ENV{CTLOG_FILE} = srctop_file("test", "ct", "log_list.conf"); +$ENV{CT_DIR} = srctop_dir("test", "ct"); +$ENV{CERTS_DIR} = srctop_dir("test", "certs"); +simple_test("test_ct", "ct_test", "ct", "ec"); diff --git a/openssl-1.1.0h/test/recipes/80-test_dane.t b/openssl-1.1.0h/test/recipes/80-test_dane.t new file mode 100644 index 0000000..527e663 --- /dev/null +++ b/openssl-1.1.0h/test/recipes/80-test_dane.t @@ -0,0 +1,24 @@ +#! /usr/bin/env perl +# Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved. +# +# Licensed under the OpenSSL license (the "License"). You may not use +# this file except in compliance with the License. You can obtain a copy +# in the file LICENSE in the source distribution or at +# https://www.openssl.org/source/license.html + + +use strict; +use warnings; +use OpenSSL::Test qw/:DEFAULT srctop_file/; +use OpenSSL::Test::Utils; + +setup("test_dane"); + +plan skip_all => "test_dane uses ec which is not supported by this OpenSSL build" + if disabled("ec"); + +plan tests => 1; # The number of tests being performed + +ok(run(test(["danetest", "example.com", + srctop_file("test", "danetest.pem"), + srctop_file("test", "danetest.in")])), "dane tests"); diff --git a/openssl-1.1.0h/test/recipes/80-test_dtls.t b/openssl-1.1.0h/test/recipes/80-test_dtls.t new file mode 100644 index 0000000..f4a2dc0 --- /dev/null +++ b/openssl-1.1.0h/test/recipes/80-test_dtls.t @@ -0,0 +1,20 @@ +#! /usr/bin/env perl +# Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved. +# +# Licensed under the OpenSSL license (the "License"). You may not use +# this file except in compliance with the License. You can obtain a copy +# in the file LICENSE in the source distribution or at +# https://www.openssl.org/source/license.html + +use OpenSSL::Test::Utils; +use OpenSSL::Test qw/:DEFAULT srctop_file/; + +setup("test_dtls"); + +plan skip_all => "No DTLS protocols are supported by this OpenSSL build" + if alldisabled(available_protocols("dtls")); + +plan tests => 1; + +ok(run(test(["dtlstest", srctop_file("apps", "server.pem"), + srctop_file("apps", "server.pem")])), "running dtlstest"); diff --git a/openssl-1.1.0h/test/recipes/80-test_dtlsv1listen.t b/openssl-1.1.0h/test/recipes/80-test_dtlsv1listen.t new file mode 100644 index 0000000..dd1bb35 --- /dev/null +++ b/openssl-1.1.0h/test/recipes/80-test_dtlsv1listen.t @@ -0,0 +1,12 @@ +#! /usr/bin/env perl +# Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved. +# +# Licensed under the OpenSSL license (the "License"). You may not use +# this file except in compliance with the License. You can obtain a copy +# in the file LICENSE in the source distribution or at +# https://www.openssl.org/source/license.html + + +use OpenSSL::Test::Simple; + +simple_test("test_dtlsv1listen", "dtlsv1listentest", "dh"); diff --git a/openssl-1.1.0h/test/recipes/80-test_ocsp.t b/openssl-1.1.0h/test/recipes/80-test_ocsp.t new file mode 100644 index 0000000..e9ed7b4 --- /dev/null +++ b/openssl-1.1.0h/test/recipes/80-test_ocsp.t @@ -0,0 +1,219 @@ +#! /usr/bin/env perl +# Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved. +# +# Licensed under the OpenSSL license (the "License"). You may not use +# this file except in compliance with the License. You can obtain a copy +# in the file LICENSE in the source distribution or at +# https://www.openssl.org/source/license.html + + +use strict; +use warnings; + +use POSIX; +use File::Spec::Functions qw/devnull catfile/; +use File::Copy; +use OpenSSL::Test qw/:DEFAULT with pipe srctop_dir data_file/; +use OpenSSL::Test::Utils; + +setup("test_ocsp"); + +plan skip_all => "OCSP is not supported by this OpenSSL build" + if disabled("ocsp"); + +my $ocspdir=srctop_dir("test", "ocsp-tests"); +# 17 December 2012 so we don't get certificate expiry errors. +my @check_time=("-attime", "1355875200"); + +sub test_ocsp { + my $title = shift; + my $inputfile = shift; + my $CAfile = shift; + my $untrusted = shift; + if ($untrusted eq "") { + $untrusted = $CAfile; + } + my $expected_exit = shift; + + run(app(["openssl", "base64", "-d", + "-in", catfile($ocspdir,$inputfile), + "-out", "ocsp-resp-fff.dat"])); + with({ exit_checker => sub { return shift == $expected_exit; } }, + sub { ok(run(app(["openssl", "ocsp", "-respin", "ocsp-resp-fff.dat", + "-partial_chain", @check_time, + "-CAfile", catfile($ocspdir, $CAfile), + "-verify_other", catfile($ocspdir, $untrusted), + "-no-CApath"])), + $title); }); + unlink "ocsp-resp-fff.dat"; +} + +plan tests => 11; + +subtest "=== VALID OCSP RESPONSES ===" => sub { + plan tests => 7; + + test_ocsp("NON-DELEGATED; Intermediate CA -> EE", + "ND1.ors", "ND1_Issuer_ICA.pem", "", 0); + test_ocsp("NON-DELEGATED; Root CA -> Intermediate CA", + "ND2.ors", "ND2_Issuer_Root.pem", "", 0); + test_ocsp("NON-DELEGATED; Root CA -> EE", + "ND3.ors", "ND3_Issuer_Root.pem", "", 0); + test_ocsp("NON-DELEGATED; 3-level CA hierarchy", + "ND1.ors", "ND1_Cross_Root.pem", "ND1_Issuer_ICA-Cross.pem", 0); + test_ocsp("DELEGATED; Intermediate CA -> EE", + "D1.ors", "D1_Issuer_ICA.pem", "", 0); + test_ocsp("DELEGATED; Root CA -> Intermediate CA", + "D2.ors", "D2_Issuer_Root.pem", "", 0); + test_ocsp("DELEGATED; Root CA -> EE", + "D3.ors", "D3_Issuer_Root.pem", "", 0); +}; + +subtest "=== INVALID SIGNATURE on the OCSP RESPONSE ===" => sub { + plan tests => 6; + + test_ocsp("NON-DELEGATED; Intermediate CA -> EE", + "ISOP_ND1.ors", "ND1_Issuer_ICA.pem", "", 1); + test_ocsp("NON-DELEGATED; Root CA -> Intermediate CA", + "ISOP_ND2.ors", "ND2_Issuer_Root.pem", "", 1); + test_ocsp("NON-DELEGATED; Root CA -> EE", + "ISOP_ND3.ors", "ND3_Issuer_Root.pem", "", 1); + test_ocsp("DELEGATED; Intermediate CA -> EE", + "ISOP_D1.ors", "D1_Issuer_ICA.pem", "", 1); + test_ocsp("DELEGATED; Root CA -> Intermediate CA", + "ISOP_D2.ors", "D2_Issuer_Root.pem", "", 1); + test_ocsp("DELEGATED; Root CA -> EE", + "ISOP_D3.ors", "D3_Issuer_Root.pem", "", 1); +}; + +subtest "=== WRONG RESPONDERID in the OCSP RESPONSE ===" => sub { + plan tests => 6; + + test_ocsp("NON-DELEGATED; Intermediate CA -> EE", + "WRID_ND1.ors", "ND1_Issuer_ICA.pem", "", 1); + test_ocsp("NON-DELEGATED; Root CA -> Intermediate CA", + "WRID_ND2.ors", "ND2_Issuer_Root.pem", "", 1); + test_ocsp("NON-DELEGATED; Root CA -> EE", + "WRID_ND3.ors", "ND3_Issuer_Root.pem", "", 1); + test_ocsp("DELEGATED; Intermediate CA -> EE", + "WRID_D1.ors", "D1_Issuer_ICA.pem", "", 1); + test_ocsp("DELEGATED; Root CA -> Intermediate CA", + "WRID_D2.ors", "D2_Issuer_Root.pem", "", 1); + test_ocsp("DELEGATED; Root CA -> EE", + "WRID_D3.ors", "D3_Issuer_Root.pem", "", 1); +}; + +subtest "=== WRONG ISSUERNAMEHASH in the OCSP RESPONSE ===" => sub { + plan tests => 6; + + test_ocsp("NON-DELEGATED; Intermediate CA -> EE", + "WINH_ND1.ors", "ND1_Issuer_ICA.pem", "", 1); + test_ocsp("NON-DELEGATED; Root CA -> Intermediate CA", + "WINH_ND2.ors", "ND2_Issuer_Root.pem", "", 1); + test_ocsp("NON-DELEGATED; Root CA -> EE", + "WINH_ND3.ors", "ND3_Issuer_Root.pem", "", 1); + test_ocsp("DELEGATED; Intermediate CA -> EE", + "WINH_D1.ors", "D1_Issuer_ICA.pem", "", 1); + test_ocsp("DELEGATED; Root CA -> Intermediate CA", + "WINH_D2.ors", "D2_Issuer_Root.pem", "", 1); + test_ocsp("DELEGATED; Root CA -> EE", + "WINH_D3.ors", "D3_Issuer_Root.pem", "", 1); +}; + +subtest "=== WRONG ISSUERKEYHASH in the OCSP RESPONSE ===" => sub { + plan tests => 6; + + test_ocsp("NON-DELEGATED; Intermediate CA -> EE", + "WIKH_ND1.ors", "ND1_Issuer_ICA.pem", "", 1); + test_ocsp("NON-DELEGATED; Root CA -> Intermediate CA", + "WIKH_ND2.ors", "ND2_Issuer_Root.pem", "", 1); + test_ocsp("NON-DELEGATED; Root CA -> EE", + "WIKH_ND3.ors", "ND3_Issuer_Root.pem", "", 1); + test_ocsp("DELEGATED; Intermediate CA -> EE", + "WIKH_D1.ors", "D1_Issuer_ICA.pem", "", 1); + test_ocsp("DELEGATED; Root CA -> Intermediate CA", + "WIKH_D2.ors", "D2_Issuer_Root.pem", "", 1); + test_ocsp("DELEGATED; Root CA -> EE", + "WIKH_D3.ors", "D3_Issuer_Root.pem", "", 1); +}; + +subtest "=== WRONG KEY in the DELEGATED OCSP SIGNING CERTIFICATE ===" => sub { + plan tests => 3; + + test_ocsp("DELEGATED; Intermediate CA -> EE", + "WKDOSC_D1.ors", "D1_Issuer_ICA.pem", "", 1); + test_ocsp("DELEGATED; Root CA -> Intermediate CA", + "WKDOSC_D2.ors", "D2_Issuer_Root.pem", "", 1); + test_ocsp("DELEGATED; Root CA -> EE", + "WKDOSC_D3.ors", "D3_Issuer_Root.pem", "", 1); +}; + +subtest "=== INVALID SIGNATURE on the DELEGATED OCSP SIGNING CERTIFICATE ===" => sub { + plan tests => 3; + + test_ocsp("DELEGATED; Intermediate CA -> EE", + "ISDOSC_D1.ors", "D1_Issuer_ICA.pem", "", 1); + test_ocsp("DELEGATED; Root CA -> Intermediate CA", + "ISDOSC_D2.ors", "D2_Issuer_Root.pem", "", 1); + test_ocsp("DELEGATED; Root CA -> EE", + "ISDOSC_D3.ors", "D3_Issuer_Root.pem", "", 1); +}; + +subtest "=== WRONG SUBJECT NAME in the ISSUER CERTIFICATE ===" => sub { + plan tests => 6; + + test_ocsp("NON-DELEGATED; Intermediate CA -> EE", + "ND1.ors", "WSNIC_ND1_Issuer_ICA.pem", "", 1); + test_ocsp("NON-DELEGATED; Root CA -> Intermediate CA", + "ND2.ors", "WSNIC_ND2_Issuer_Root.pem", "", 1); + test_ocsp("NON-DELEGATED; Root CA -> EE", + "ND3.ors", "WSNIC_ND3_Issuer_Root.pem", "", 1); + test_ocsp("DELEGATED; Intermediate CA -> EE", + "D1.ors", "WSNIC_D1_Issuer_ICA.pem", "", 1); + test_ocsp("DELEGATED; Root CA -> Intermediate CA", + "D2.ors", "WSNIC_D2_Issuer_Root.pem", "", 1); + test_ocsp("DELEGATED; Root CA -> EE", + "D3.ors", "WSNIC_D3_Issuer_Root.pem", "", 1); +}; + +subtest "=== WRONG KEY in the ISSUER CERTIFICATE ===" => sub { + plan tests => 6; + + test_ocsp("NON-DELEGATED; Intermediate CA -> EE", + "ND1.ors", "WKIC_ND1_Issuer_ICA.pem", "", 1); + test_ocsp("NON-DELEGATED; Root CA -> Intermediate CA", + "ND2.ors", "WKIC_ND2_Issuer_Root.pem", "", 1); + test_ocsp("NON-DELEGATED; Root CA -> EE", + "ND3.ors", "WKIC_ND3_Issuer_Root.pem", "", 1); + test_ocsp("DELEGATED; Intermediate CA -> EE", + "D1.ors", "WKIC_D1_Issuer_ICA.pem", "", 1); + test_ocsp("DELEGATED; Root CA -> Intermediate CA", + "D2.ors", "WKIC_D2_Issuer_Root.pem", "", 1); + test_ocsp("DELEGATED; Root CA -> EE", + "D3.ors", "WKIC_D3_Issuer_Root.pem", "", 1); +}; + +subtest "=== INVALID SIGNATURE on the ISSUER CERTIFICATE ===" => sub { + plan tests => 6; + + # Expect success, because we're explicitly trusting the issuer certificate. + test_ocsp("NON-DELEGATED; Intermediate CA -> EE", + "ND1.ors", "ISIC_ND1_Issuer_ICA.pem", "", 0); + test_ocsp("NON-DELEGATED; Root CA -> Intermediate CA", + "ND2.ors", "ISIC_ND2_Issuer_Root.pem", "", 0); + test_ocsp("NON-DELEGATED; Root CA -> EE", + "ND3.ors", "ISIC_ND3_Issuer_Root.pem", "", 0); + test_ocsp("DELEGATED; Intermediate CA -> EE", + "D1.ors", "ISIC_D1_Issuer_ICA.pem", "", 0); + test_ocsp("DELEGATED; Root CA -> Intermediate CA", + "D2.ors", "ISIC_D2_Issuer_Root.pem", "", 0); + test_ocsp("DELEGATED; Root CA -> EE", + "D3.ors", "ISIC_D3_Issuer_Root.pem", "", 0); +}; + +subtest "=== OCSP API TESTS===" => sub { + plan tests => 1; + + ok(run(test(["ocspapitest", data_file("cert.pem"), data_file("key.pem")])), + "running ocspapitest"); +} diff --git a/openssl-1.1.0h/test/recipes/80-test_ocsp_data/cert.pem b/openssl-1.1.0h/test/recipes/80-test_ocsp_data/cert.pem new file mode 100644 index 0000000..f70e792 --- /dev/null +++ b/openssl-1.1.0h/test/recipes/80-test_ocsp_data/cert.pem @@ -0,0 +1,19 @@ +-----BEGIN CERTIFICATE----- +MIIDLDCCAhSgAwIBAgICFs8wDQYJKoZIhvcNAQELBQAwSzEQMA4GA1UECgwHT3Bl +blNTTDETMBEGA1UECwwKVGVzdCBTdWl0ZTEiMCAGA1UEAwwZVGVzdCBPQ1NQIHJl +c3BvbnNlIHNpZ25lcjAeFw0xNzEwMjMxNDA4MDlaFw0yNjAxMDkxNDA4MDlaMEsx +EDAOBgNVBAoMB09wZW5TU0wxEzARBgNVBAsMClRlc3QgU3VpdGUxIjAgBgNVBAMM +GVRlc3QgT0NTUCByZXNwb25zZSBzaWduZXIwggEiMA0GCSqGSIb3DQEBAQUAA4IB +DwAwggEKAoIBAQC81prq23FY2YDuwiXetb/NCs/cSm/afVnPsdSseRKi/GHi9d7b +EEgWnQOJmz4zTuU+Bw2duHZ1X2WUR/Pjy4CvWNRq417aJ3IfyQHf8cxEplk9Ifd0 +5VEq6WzWVWAX6ki/CZIJUihzj3AAn/SYfvXw2wd319OQGvwYiQVt3Is5k4E4rAI2 +zXf5BdE9XkayM3jq6Ewc/VZ05EA/LaBLy5ujQljjfAFEy/qopYx3AJ4G8t2a5rvM +dbNOyJCx9NNeryZMv2wRzEaYp6jYao+xxqbm5lgnwfE3jJ4aA9/oC1sUM8FokOGW +9KAK3UEptoxux8JHH9R8X5bTVE7HADHhG5s7AgMBAAGjGjAYMAkGA1UdEwQCMAAw +CwYDVR0PBAQDAgXgMA0GCSqGSIb3DQEBCwUAA4IBAQCPkojVPBFNT9DGpLq9Y/Hl +XhcA+vSdt83EFzPD/nxIMp/QYSnZ9w2SWL21AH4C+HWd4JuKX5Zlsd6qYobYZLcT +TyVfw0OMwwPUI6Mxbz395EAnVLmtddN2RDsEYvThSMMoSfhtUwyANpA0Q6M8RcGt +LwnaC69iXhBh1xcTVVg97yEJ22yIrwQ1GhX4F1PRJIAQ/QmQhnoTGlhl2VAQ3LIk +lNFxkWbx0rqPIcor27QDNa2DPqioyvHMlkjC1h5EPhL9Ynu011r4Dn9A34+vFxeu +Q+emRwl/JjCNZX4l/AripU/Cy/+J2YGKilKzRcB1QMMVSl0VaeLSCwkNDQtdlwWO +-----END CERTIFICATE----- diff --git a/openssl-1.1.0h/test/recipes/80-test_ocsp_data/key.pem b/openssl-1.1.0h/test/recipes/80-test_ocsp_data/key.pem new file mode 100644 index 0000000..cd211dc --- /dev/null +++ b/openssl-1.1.0h/test/recipes/80-test_ocsp_data/key.pem @@ -0,0 +1,28 @@ +-----BEGIN PRIVATE KEY----- +MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQC81prq23FY2YDu +wiXetb/NCs/cSm/afVnPsdSseRKi/GHi9d7bEEgWnQOJmz4zTuU+Bw2duHZ1X2WU +R/Pjy4CvWNRq417aJ3IfyQHf8cxEplk9Ifd05VEq6WzWVWAX6ki/CZIJUihzj3AA +n/SYfvXw2wd319OQGvwYiQVt3Is5k4E4rAI2zXf5BdE9XkayM3jq6Ewc/VZ05EA/ +LaBLy5ujQljjfAFEy/qopYx3AJ4G8t2a5rvMdbNOyJCx9NNeryZMv2wRzEaYp6jY +ao+xxqbm5lgnwfE3jJ4aA9/oC1sUM8FokOGW9KAK3UEptoxux8JHH9R8X5bTVE7H +ADHhG5s7AgMBAAECggEBAJLp946eeVmhpiCa5XGWPwlbzwlY1BrNCRGADbC9ZRVu +ew1jMiWGTj9hmr31DHhIeis+u4YoW+jG9jVdoU5pJc3Fs0URbdsVc0FtVcsPyFbk +gGsCQQ4t1m8nOaiqtV8Fw+D0piwgQh5dysqBp374z4i6Lt47CHqFs/m2qIWnXp3E +YF3xX2Zz9rIgejERRxrUnp5998NqxSYHPF7Ts4VQ/+UezUqEpA2jBs6cJ2tWVNR9 +uf+3Fklpo7Uau+xG5xkiRYxx4mSIg6EREz5+XMPkSOcXi6tyinoKsafxTNQDil0q +pdurVlHNgZb2QdJjHugVmbalydHIQ5c0CU1RO5CP97kCgYEA7RqrRooniil0iAKR +6scFct0juVBW1Uw05Ejt97RtwQRf/m9SU5mSs0PfFx/l3PeNDSWnpmwunL1igYQb ++tVqDQQ9xR4owyl6/qDJSP2bS84jb+3MCR4UE/b2YR2rCDBllXeyQsDT7KMoW8lX +gliWmYd6HYddRDOKNM/tzccFG1cCgYEAy+M6yv0ublrpTj4o8DcOi6JJrQbPSAWx +R7zKDXSvSq5lLjfXmqX4s/jgZWgQ+kYoYZrIOqIygcZ2U6tBMCP2LAhbf86I6r27 +loMyQg7lhC5GCztpGes4/JmUvnvjTUIFspB6ReaXlBFAstzzJirgI1wmoO6+GiG/ +OUDmvCjFdL0CgYALQGa8VDYIImt7QNP31jX1+3SEiMF2IcWox6UzSgajUDfV9SZs +/S6u/xuJF2RrFfxFkXHhPeUAXyRbjQ9e2d3MfFUKE6JPkJpblvm2UwKZmFCqMRir +nhfJ0sBiX2wMWW+YpjN5Y3krE5sIsAdNEjMjWgB7gj70y5VVaECasUUWxQKBgQDB +aauqSIc1VLSh7sGzLudzet5db2pPLmdAYE1kel6Xf9yn/X1gTTYitGNaj2Abq1Y/ +US/Ev30eMwCo2nqaimLK3pq+IVUtKhO78nVIyQzdWXBE03Uei0+iAKdkE+5Kqejx +vbDggqEka0Fu678VY/MAWDikzhY0f/MBAxpfQGYgGQKBgC0tR1ymvCLkk6J5e4/G +OD1D9m2JJjcK4eWUS4rAiEH61sI5CKQRU2pQ3f3cIGekDZZt3XzHLYwc9W2UnN2J +glMmKXp0qqt2HoE/XKLrIc1dEDXsZxFnMZ6nmWKsl4AHxM/gyXqfDo/AUXyEGcVu +8TbVs3nlISUy7vwjpaW1KOs1 +-----END PRIVATE KEY----- diff --git a/openssl-1.1.0h/test/recipes/80-test_pkcs12.t b/openssl-1.1.0h/test/recipes/80-test_pkcs12.t new file mode 100644 index 0000000..430df67 --- /dev/null +++ b/openssl-1.1.0h/test/recipes/80-test_pkcs12.t @@ -0,0 +1,68 @@ +#! /usr/bin/env perl +# Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved. +# +# Licensed under the OpenSSL license (the "License"). You may not use +# this file except in compliance with the License. You can obtain a copy +# in the file LICENSE in the source distribution or at +# https://www.openssl.org/source/license.html + +use strict; +use warnings; + +use OpenSSL::Test qw/:DEFAULT srctop_file/; +use OpenSSL::Test::Utils; + +use Encode; + +setup("test_pkcs12"); + +plan skip_all => "The PKCS12 command line utility is not supported by this OpenSSL build" + if disabled("des"); + +my $pass = "σύνθημα γνώρισμα"; + +my $savedcp; +if (eval { require Win32::API; 1; }) { + # Trouble is that Win32 perl uses CreateProcessA, which + # makes it problematic to pass non-ASCII arguments, from perl[!] + # that is. This is because CreateProcessA is just a wrapper for + # CreateProcessW and will call MultiByteToWideChar and use + # system default locale. Since we attempt Greek pass-phrase + # conversion can be done only with Greek locale. + + Win32::API->Import("kernel32","UINT GetSystemDefaultLCID()"); + if (GetSystemDefaultLCID() != 0x408) { + plan skip_all => "Non-Greek system locale"; + } else { + # Ensure correct code page so that VERBOSE output is right. + Win32::API->Import("kernel32","UINT GetConsoleOutputCP()"); + Win32::API->Import("kernel32","BOOL SetConsoleOutputCP(UINT cp)"); + $savedcp = GetConsoleOutputCP(); + SetConsoleOutputCP(1253); + $pass = Encode::encode("cp1253",Encode::decode("utf-8",$pass)); + } +} elsif ($^O eq "MSWin32") { + plan skip_all => "Win32::API unavailable"; +} else { + # Running MinGW tests transparently under Wine apparently requires + # UTF-8 locale... + + foreach(`locale -a`) { + s/\R$//; + if ($_ =~ m/^C\.UTF\-?8/i) { + $ENV{LC_ALL} = $_; + last; + } + } +} +$ENV{OPENSSL_WIN32_UTF8}=1; + +plan tests => 1; + +# just see that we can read shibboleth.pfx protected with $pass +ok(run(app(["openssl", "pkcs12", "-noout", + "-password", "pass:$pass", + "-in", srctop_file("test", "shibboleth.pfx")])), + "test_pkcs12"); + +SetConsoleOutputCP($savedcp) if (defined($savedcp)); diff --git a/openssl-1.1.0h/test/recipes/80-test_ssl_new.t b/openssl-1.1.0h/test/recipes/80-test_ssl_new.t new file mode 100644 index 0000000..287defe --- /dev/null +++ b/openssl-1.1.0h/test/recipes/80-test_ssl_new.t @@ -0,0 +1,133 @@ +#! /usr/bin/env perl +# Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved. +# +# Licensed under the OpenSSL license (the "License"). You may not use +# this file except in compliance with the License. You can obtain a copy +# in the file LICENSE in the source distribution or at +# https://www.openssl.org/source/license.html + + +use strict; +use warnings; + +use File::Basename; +use File::Compare qw/compare_text/; +use OpenSSL::Glob; +use OpenSSL::Test qw/:DEFAULT srctop_dir srctop_file/; +use OpenSSL::Test::Utils qw/disabled alldisabled available_protocols/; + +setup("test_ssl_new"); + +$ENV{TEST_CERTS_DIR} = srctop_dir("test", "certs"); +$ENV{CTLOG_FILE} = srctop_file("test", "ct", "log_list.conf"); + +my @conf_srcs = glob(srctop_file("test", "ssl-tests", "*.conf.in")); +map { s/;.*// } @conf_srcs if $^O eq "VMS"; +my @conf_files = map { basename($_, ".in") } @conf_srcs; +map { s/\^// } @conf_files if $^O eq "VMS"; + +# We hard-code the number of tests to double-check that the globbing above +# finds all files as expected. +plan tests => 19; # = scalar @conf_srcs + +# Some test results depend on the configuration of enabled protocols. We only +# verify generated sources in the default configuration. +my $is_default_tls = (disabled("ssl3") && !disabled("tls1") && + !disabled("tls1_1") && !disabled("tls1_2")); + +my $is_default_dtls = (!disabled("dtls1") && !disabled("dtls1_2")); + +my $no_tls = alldisabled(available_protocols("tls")); +my $no_dtls = alldisabled(available_protocols("dtls")); +my $no_npn = disabled("nextprotoneg"); +my $no_ct = disabled("ct"); +my $no_ec = disabled("ec"); +my $no_ec2m = disabled("ec2m"); +my $no_ocsp = disabled("ocsp"); + +# Add your test here if the test conf.in generates test cases and/or +# expectations dynamically based on the OpenSSL compile-time config. +my %conf_dependent_tests = ( + "02-protocol-version.conf" => !$is_default_tls, + "04-client_auth.conf" => !$is_default_tls, + "07-dtls-protocol-version.conf" => !$is_default_dtls, + "10-resumption.conf" => !$is_default_tls, + "11-dtls_resumption.conf" => !$is_default_dtls, + "17-renegotiate.conf" => disabled("tls1_2"), + "18-dtls-renegotiate.conf" => disabled("dtls1_2"), +); + +# Add your test here if it should be skipped for some compile-time +# configurations. Default is $no_tls but some tests have different skip +# conditions. +my %skip = ( + "07-dtls-protocol-version.conf" => $no_dtls, + "08-npn.conf" => $no_tls || $no_npn, + "10-resumption.conf" => disabled("tls1_1") || disabled("tls1_2"), + "11-dtls_resumption.conf" => disabled("dtls1") || disabled("dtls1_2"), + "12-ct.conf" => $no_tls || $no_ct || $no_ec, + # We could run some of these tests without TLS 1.2 if we had a per-test + # disable instruction but that's a bizarre configuration not worth + # special-casing for. + # We should review this once we have TLS 1.3. + "13-fragmentation.conf" => disabled("tls1_2"), + "14-curves.conf" => disabled("tls1_2") || $no_ec || $no_ec2m, + "15-certstatus.conf" => $no_tls || $no_ocsp, + "16-dtls-certstatus.conf" => $no_dtls || $no_ocsp, + "18-dtls-renegotiate.conf" => $no_dtls, + "19-mac-then-encrypt.conf" => disabled("tls1_2"), +); + +foreach my $conf (@conf_files) { + subtest "Test configuration $conf" => sub { + test_conf($conf, + $conf_dependent_tests{$conf} || $^O eq "VMS" ? 0 : 1, + defined($skip{$conf}) ? $skip{$conf} : $no_tls); + } +} + +sub test_conf { + plan tests => 3; + + my ($conf, $check_source, $skip) = @_; + + my $conf_file = srctop_file("test", "ssl-tests", $conf); + my $tmp_file = "${conf}.$$.tmp"; + my $run_test = 1; + + SKIP: { + # "Test" 1. Generate the source. + my $input_file = $conf_file . ".in"; + + skip 'failure', 2 unless + ok(run(perltest(["generate_ssl_tests.pl", $input_file], + interpreter_args => [ "-I", srctop_dir("util", "perl")], + stdout => $tmp_file)), + "Getting output from generate_ssl_tests.pl."); + + SKIP: { + # Test 2. Compare against existing output in test/ssl_tests.conf. + skip "Skipping generated source test for $conf", 1 + if !$check_source; + + $run_test = is(cmp_text($tmp_file, $conf_file), 0, + "Comparing generated sources."); + } + + # Test 3. Run the test. + skip "No tests available; skipping tests", 1 if $skip; + skip "Stale sources; skipping tests", 1 if !$run_test; + + ok(run(test(["ssl_test", $tmp_file])), "running ssl_test $conf"); + } + + unlink glob $tmp_file; +} + +sub cmp_text { + return compare_text(@_, sub { + $_[0] =~ s/\R//g; + $_[1] =~ s/\R//g; + return $_[0] ne $_[1]; + }); +} diff --git a/openssl-1.1.0h/test/recipes/80-test_ssl_old.t b/openssl-1.1.0h/test/recipes/80-test_ssl_old.t new file mode 100644 index 0000000..6468bd6 --- /dev/null +++ b/openssl-1.1.0h/test/recipes/80-test_ssl_old.t @@ -0,0 +1,629 @@ +#! /usr/bin/env perl +# Copyright 2015-2018 The OpenSSL Project Authors. All Rights Reserved. +# +# Licensed under the OpenSSL license (the "License"). You may not use +# this file except in compliance with the License. You can obtain a copy +# in the file LICENSE in the source distribution or at +# https://www.openssl.org/source/license.html + + +use strict; +use warnings; + +use POSIX; +use File::Basename; +use File::Copy; +use OpenSSL::Test qw/:DEFAULT with bldtop_file srctop_file cmdstr/; +use OpenSSL::Test::Utils; + +setup("test_ssl"); + +$ENV{CTLOG_FILE} = srctop_file("test", "ct", "log_list.conf"); + +my ($no_rsa, $no_dsa, $no_dh, $no_ec, $no_srp, $no_psk, + $no_ssl3, $no_tls1, $no_tls1_1, $no_tls1_2, + $no_dtls, $no_dtls1, $no_dtls1_2, $no_ct) = + anydisabled qw/rsa dsa dh ec srp psk + ssl3 tls1 tls1_1 tls1_2 + dtls dtls1 dtls1_2 ct/; +my $no_anytls = alldisabled(available_protocols("tls")); +my $no_anydtls = alldisabled(available_protocols("dtls")); + +plan skip_all => "No SSL/TLS/DTLS protocol is support by this OpenSSL build" + if $no_anytls && $no_anydtls; + +my $digest = "-sha1"; +my @reqcmd = ("openssl", "req"); +my @x509cmd = ("openssl", "x509", $digest); +my @verifycmd = ("openssl", "verify"); +my @gendsacmd = ("openssl", "gendsa"); +my $dummycnf = srctop_file("apps", "openssl.cnf"); + +my $CAkey = "keyCA.ss"; +my $CAcert="certCA.ss"; +my $CAserial="certCA.srl"; +my $CAreq="reqCA.ss"; +my $CAconf=srctop_file("test","CAss.cnf"); +my $CAreq2="req2CA.ss"; # temp + +my $Uconf=srctop_file("test","Uss.cnf"); +my $Ukey="keyU.ss"; +my $Ureq="reqU.ss"; +my $Ucert="certU.ss"; + +my $Dkey="keyD.ss"; +my $Dreq="reqD.ss"; +my $Dcert="certD.ss"; + +my $Ekey="keyE.ss"; +my $Ereq="reqE.ss"; +my $Ecert="certE.ss"; + +my $P1conf=srctop_file("test","P1ss.cnf"); +my $P1key="keyP1.ss"; +my $P1req="reqP1.ss"; +my $P1cert="certP1.ss"; +my $P1intermediate="tmp_intP1.ss"; + +my $P2conf=srctop_file("test","P2ss.cnf"); +my $P2key="keyP2.ss"; +my $P2req="reqP2.ss"; +my $P2cert="certP2.ss"; +my $P2intermediate="tmp_intP2.ss"; + +my $server_sess="server.ss"; +my $client_sess="client.ss"; + +# ssltest_old.c is deprecated in favour of the new framework in ssl_test.c +# If you're adding tests here, you probably want to convert them to the +# new format in ssl_test.c and add recipes to 80-test_ssl_new.t instead. +plan tests => + 1 # For testss + +6 # For the first testssl + ; + +subtest 'test_ss' => sub { + if (testss()) { + open OUT, ">", "intP1.ss"; + copy($CAcert, \*OUT); copy($Ucert, \*OUT); + close OUT; + + open OUT, ">", "intP2.ss"; + copy($CAcert, \*OUT); copy($Ucert, \*OUT); copy($P1cert, \*OUT); + close OUT; + } +}; + +note('test_ssl -- key U'); +testssl("keyU.ss", $Ucert, $CAcert); + +# ----------- +# subtest functions +sub testss { + open RND, ">>", ".rnd"; + print RND "string to make the random number generator think it has entropy"; + close RND; + + my @req_dsa = ("-newkey", + "dsa:".srctop_file("apps", "dsa1024.pem")); + my $dsaparams = srctop_file("apps", "dsa1024.pem"); + my @req_new; + if ($no_rsa) { + @req_new = @req_dsa; + } else { + @req_new = ("-new"); + } + + plan tests => 17; + + SKIP: { + skip 'failure', 16 unless + ok(run(app([@reqcmd, "-config", $CAconf, + "-out", $CAreq, "-keyout", $CAkey, + @req_new])), + 'make cert request'); + + skip 'failure', 15 unless + ok(run(app([@x509cmd, "-CAcreateserial", "-in", $CAreq, "-days", "30", + "-req", "-out", $CAcert, "-signkey", $CAkey, + "-extfile", $CAconf, "-extensions", "v3_ca"], + stdout => "err.ss")), + 'convert request into self-signed cert'); + + skip 'failure', 14 unless + ok(run(app([@x509cmd, "-in", $CAcert, + "-x509toreq", "-signkey", $CAkey, "-out", $CAreq2], + stdout => "err.ss")), + 'convert cert into a cert request'); + + skip 'failure', 13 unless + ok(run(app([@reqcmd, "-config", $dummycnf, + "-verify", "-in", $CAreq, "-noout"])), + 'verify request 1'); + + + skip 'failure', 12 unless + ok(run(app([@reqcmd, "-config", $dummycnf, + "-verify", "-in", $CAreq2, "-noout"])), + 'verify request 2'); + + skip 'failure', 11 unless + ok(run(app([@verifycmd, "-CAfile", $CAcert, $CAcert])), + 'verify signature'); + + skip 'failure', 10 unless + ok(run(app([@reqcmd, "-config", $Uconf, + "-out", $Ureq, "-keyout", $Ukey, @req_new], + stdout => "err.ss")), + 'make a user cert request'); + + skip 'failure', 9 unless + ok(run(app([@x509cmd, "-CAcreateserial", "-in", $Ureq, "-days", "30", + "-req", "-out", $Ucert, + "-CA", $CAcert, "-CAkey", $CAkey, "-CAserial", $CAserial, + "-extfile", $Uconf, "-extensions", "v3_ee"], + stdout => "err.ss")) + && run(app([@verifycmd, "-CAfile", $CAcert, $Ucert])), + 'sign user cert request'); + + skip 'failure', 8 unless + ok(run(app([@x509cmd, + "-subject", "-issuer", "-startdate", "-enddate", + "-noout", "-in", $Ucert])), + 'Certificate details'); + + skip 'failure', 7 unless + subtest 'DSA certificate creation' => sub { + plan skip_all => "skipping DSA certificate creation" + if $no_dsa; + + plan tests => 5; + + SKIP: { + $ENV{CN2} = "DSA Certificate"; + skip 'failure', 4 unless + ok(run(app([@gendsacmd, "-out", $Dkey, + $dsaparams], + stdout => "err.ss")), + "make a DSA key"); + skip 'failure', 3 unless + ok(run(app([@reqcmd, "-new", "-config", $Uconf, + "-out", $Dreq, "-key", $Dkey], + stdout => "err.ss")), + "make a DSA user cert request"); + skip 'failure', 2 unless + ok(run(app([@x509cmd, "-CAcreateserial", + "-in", $Dreq, + "-days", "30", + "-req", + "-out", $Dcert, + "-CA", $CAcert, "-CAkey", $CAkey, + "-CAserial", $CAserial, + "-extfile", $Uconf, + "-extensions", "v3_ee_dsa"], + stdout => "err.ss")), + "sign DSA user cert request"); + skip 'failure', 1 unless + ok(run(app([@verifycmd, "-CAfile", $CAcert, $Dcert])), + "verify DSA user cert"); + skip 'failure', 0 unless + ok(run(app([@x509cmd, + "-subject", "-issuer", + "-startdate", "-enddate", "-noout", + "-in", $Dcert])), + "DSA Certificate details"); + } + }; + + skip 'failure', 6 unless + subtest 'ECDSA/ECDH certificate creation' => sub { + plan skip_all => "skipping ECDSA/ECDH certificate creation" + if $no_ec; + + plan tests => 5; + + SKIP: { + $ENV{CN2} = "ECDSA Certificate"; + skip 'failure', 4 unless + ok(run(app(["openssl", "ecparam", "-name", "P-256", + "-out", "ecp.ss"])), + "make EC parameters"); + skip 'failure', 3 unless + ok(run(app([@reqcmd, "-config", $Uconf, + "-out", $Ereq, "-keyout", $Ekey, + "-newkey", "ec:ecp.ss"], + stdout => "err.ss")), + "make a ECDSA/ECDH user cert request"); + skip 'failure', 2 unless + ok(run(app([@x509cmd, "-CAcreateserial", + "-in", $Ereq, + "-days", "30", + "-req", + "-out", $Ecert, + "-CA", $CAcert, "-CAkey", $CAkey, + "-CAserial", $CAserial, + "-extfile", $Uconf, + "-extensions", "v3_ee_ec"], + stdout => "err.ss")), + "sign ECDSA/ECDH user cert request"); + skip 'failure', 1 unless + ok(run(app([@verifycmd, "-CAfile", $CAcert, $Ecert])), + "verify ECDSA/ECDH user cert"); + skip 'failure', 0 unless + ok(run(app([@x509cmd, + "-subject", "-issuer", + "-startdate", "-enddate", "-noout", + "-in", $Ecert])), + "ECDSA Certificate details"); + } + }; + + skip 'failure', 5 unless + ok(run(app([@reqcmd, "-config", $P1conf, + "-out", $P1req, "-keyout", $P1key, @req_new], + stdout => "err.ss")), + 'make a proxy cert request'); + + + skip 'failure', 4 unless + ok(run(app([@x509cmd, "-CAcreateserial", "-in", $P1req, "-days", "30", + "-req", "-out", $P1cert, + "-CA", $Ucert, "-CAkey", $Ukey, + "-extfile", $P1conf, "-extensions", "v3_proxy"], + stdout => "err.ss")), + 'sign proxy with user cert'); + + copy($Ucert, $P1intermediate); + run(app([@verifycmd, "-CAfile", $CAcert, + "-untrusted", $P1intermediate, $P1cert])); + ok(run(app([@x509cmd, + "-subject", "-issuer", "-startdate", "-enddate", + "-noout", "-in", $P1cert])), + 'Certificate details'); + + skip 'failure', 2 unless + ok(run(app([@reqcmd, "-config", $P2conf, + "-out", $P2req, "-keyout", $P2key, + @req_new], + stdout => "err.ss")), + 'make another proxy cert request'); + + + skip 'failure', 1 unless + ok(run(app([@x509cmd, "-CAcreateserial", "-in", $P2req, "-days", "30", + "-req", "-out", $P2cert, + "-CA", $P1cert, "-CAkey", $P1key, + "-extfile", $P2conf, "-extensions", "v3_proxy"], + stdout => "err.ss")), + 'sign second proxy cert request with the first proxy cert'); + + + open OUT, ">", $P2intermediate; + copy($Ucert, \*OUT); copy($P1cert, \*OUT); + close OUT; + run(app([@verifycmd, "-CAfile", $CAcert, + "-untrusted", $P2intermediate, $P2cert])); + ok(run(app([@x509cmd, + "-subject", "-issuer", "-startdate", "-enddate", + "-noout", "-in", $P2cert])), + 'Certificate details'); + } +} + +sub testssl { + my ($key, $cert, $CAtmp) = @_; + my @CA = $CAtmp ? ("-CAfile", $CAtmp) : ("-CApath", bldtop_dir("certs")); + + my @ssltest = ("ssltest_old", + "-s_key", $key, "-s_cert", $cert, + "-c_key", $key, "-c_cert", $cert); + + my $serverinfo = srctop_file("test","serverinfo.pem"); + + my $dsa_cert = 0; + if (grep /DSA Public Key/, run(app(["openssl", "x509", "-in", $cert, + "-text", "-noout"]), capture => 1)) { + $dsa_cert = 1; + } + + + # plan tests => 11; + + subtest 'standard SSL tests' => sub { + ###################################################################### + plan tests => 21; + + SKIP: { + skip "SSLv3 is not supported by this OpenSSL build", 4 + if disabled("ssl3"); + + ok(run(test([@ssltest, "-bio_pair", "-ssl3"])), + 'test sslv3 via BIO pair'); + ok(run(test([@ssltest, "-bio_pair", "-ssl3", "-server_auth", @CA])), + 'test sslv3 with server authentication via BIO pair'); + ok(run(test([@ssltest, "-bio_pair", "-ssl3", "-client_auth", @CA])), + 'test sslv3 with client authentication via BIO pair'); + ok(run(test([@ssltest, "-bio_pair", "-ssl3", "-server_auth", "-client_auth", @CA])), + 'test sslv3 with both server and client authentication via BIO pair'); + } + + SKIP: { + skip "Neither SSLv3 nor any TLS version are supported by this OpenSSL build", 1 + if $no_anytls; + + ok(run(test([@ssltest, "-bio_pair"])), + 'test sslv2/sslv3 via BIO pair'); + } + + SKIP: { + skip "DTLSv1 is not supported by this OpenSSL build", 4 + if disabled("dtls1"); + + ok(run(test([@ssltest, "-dtls1"])), + 'test dtlsv1'); + ok(run(test([@ssltest, "-dtls1", "-server_auth", @CA])), + 'test dtlsv1 with server authentication'); + ok(run(test([@ssltest, "-dtls1", "-client_auth", @CA])), + 'test dtlsv1 with client authentication'); + ok(run(test([@ssltest, "-dtls1", "-server_auth", "-client_auth", @CA])), + 'test dtlsv1 with both server and client authentication'); + } + + SKIP: { + skip "DTLSv1.2 is not supported by this OpenSSL build", 4 + if disabled("dtls1_2"); + + ok(run(test([@ssltest, "-dtls12"])), + 'test dtlsv1.2'); + ok(run(test([@ssltest, "-dtls12", "-server_auth", @CA])), + 'test dtlsv1.2 with server authentication'); + ok(run(test([@ssltest, "-dtls12", "-client_auth", @CA])), + 'test dtlsv1.2 with client authentication'); + ok(run(test([@ssltest, "-dtls12", "-server_auth", "-client_auth", @CA])), + 'test dtlsv1.2 with both server and client authentication'); + } + + SKIP: { + skip "Neither SSLv3 nor any TLS version are supported by this OpenSSL build", 8 + if $no_anytls; + + SKIP: { + skip "skipping test of sslv2/sslv3 w/o (EC)DHE test", 1 if $dsa_cert; + + ok(run(test([@ssltest, "-bio_pair", "-no_dhe", "-no_ecdhe"])), + 'test sslv2/sslv3 w/o (EC)DHE via BIO pair'); + } + + ok(run(test([@ssltest, "-bio_pair", "-dhe1024dsa", "-v"])), + 'test sslv2/sslv3 with 1024bit DHE via BIO pair'); + ok(run(test([@ssltest, "-bio_pair", "-server_auth", @CA])), + 'test sslv2/sslv3 with server authentication'); + ok(run(test([@ssltest, "-bio_pair", "-client_auth", @CA])), + 'test sslv2/sslv3 with client authentication via BIO pair'); + ok(run(test([@ssltest, "-bio_pair", "-server_auth", "-client_auth", @CA])), + 'test sslv2/sslv3 with both client and server authentication via BIO pair'); + ok(run(test([@ssltest, "-bio_pair", "-server_auth", "-client_auth", "-app_verify", @CA])), + 'test sslv2/sslv3 with both client and server authentication via BIO pair and app verify'); + + SKIP: { + skip "No IPv4 available on this machine", 1 + unless !disabled("sock") && have_IPv4(); + ok(run(test([@ssltest, "-ipv4"])), + 'test TLS via IPv4'); + } + + SKIP: { + skip "No IPv6 available on this machine", 1 + unless !disabled("sock") && have_IPv6(); + ok(run(test([@ssltest, "-ipv6"])), + 'test TLS via IPv6'); + } + } + }; + + subtest "Testing ciphersuites" => sub { + + my @exkeys = (); + my $ciphers = "-PSK:-SRP"; + + if ($no_dh) { + note "skipping DHE tests\n"; + $ciphers .= ":-kDHE"; + } + if ($no_dsa) { + note "skipping DSA tests\n"; + $ciphers .= ":-aDSA"; + } else { + push @exkeys, "-s_cert", "certD.ss", "-s_key", "keyD.ss"; + } + + if ($no_ec) { + note "skipping EC tests\n"; + $ciphers .= ":!aECDSA:!kECDH"; + } else { + push @exkeys, "-s_cert", "certE.ss", "-s_key", "keyE.ss"; + } + + my @protocols = (); + # We only use the flags that ssltest_old understands + push @protocols, "-tls1_2" unless $no_tls1_2; + push @protocols, "-tls1" unless $no_tls1; + push @protocols, "-ssl3" unless $no_ssl3; + my $protocolciphersuitecount = 0; + my %ciphersuites = (); + foreach my $protocol (@protocols) { + $ciphersuites{$protocol} = + [ map { s|\R||; split(/:/, $_) } + run(app(["openssl", "ciphers", "-s", $protocol, + "ALL:$ciphers"]), capture => 1) ]; + $protocolciphersuitecount += scalar @{$ciphersuites{$protocol}}; + } + + plan skip_all => "None of the ciphersuites to test are available in this OpenSSL build" + if $protocolciphersuitecount + scalar(keys %ciphersuites) == 0; + + # The count of protocols is because in addition to the ciphersuits + # we got above, we're running a weak DH test for each protocol + plan tests => $protocolciphersuitecount + scalar(keys %ciphersuites); + + foreach my $protocol (sort keys %ciphersuites) { + note "Testing ciphersuites for $protocol"; + # ssltest_old doesn't know -tls1_2, but that's fine, since that's + # the default choice if TLSv1.2 enabled + my $flag = $protocol eq "-tls1_2" ? "" : $protocol; + foreach my $cipher (@{$ciphersuites{$protocol}}) { + if ($protocol eq "-ssl3" && $cipher =~ /ECDH/ ) { + note "*****SKIPPING $protocol $cipher"; + ok(1); + } else { + ok(run(test([@ssltest, @exkeys, "-cipher", $cipher, + $flag || ()])), + "Testing $cipher"); + } + } + is(run(test([@ssltest, + "-s_cipher", "EDH", + "-c_cipher", 'EDH:@SECLEVEL=1', + "-dhe512", + $protocol eq "SSLv3" ? ("-ssl3") : ()])), 0, + "testing connection with weak DH, expecting failure"); + } + }; + + subtest 'RSA/(EC)DHE/PSK tests' => sub { + ###################################################################### + + plan tests => 5; + + SKIP: { + skip "TLSv1.0 is not supported by this OpenSSL build", 5 + if $no_tls1; + + SKIP: { + skip "skipping anonymous DH tests", 1 + if ($no_dh); + + ok(run(test([@ssltest, "-v", "-bio_pair", "-tls1", "-cipher", "ADH", "-dhe1024dsa", "-num", "10", "-f", "-time"])), + 'test tlsv1 with 1024bit anonymous DH, multiple handshakes'); + } + + SKIP: { + skip "skipping RSA tests", 2 + if $no_rsa; + + ok(run(test(["ssltest_old", "-v", "-bio_pair", "-tls1", "-s_cert", srctop_file("apps","server2.pem"), "-no_dhe", "-no_ecdhe", "-num", "10", "-f", "-time"])), + 'test tlsv1 with 1024bit RSA, no (EC)DHE, multiple handshakes'); + + skip "skipping RSA+DHE tests", 1 + if $no_dh; + + ok(run(test(["ssltest_old", "-v", "-bio_pair", "-tls1", "-s_cert", srctop_file("apps","server2.pem"), "-dhe1024dsa", "-num", "10", "-f", "-time"])), + 'test tlsv1 with 1024bit RSA, 1024bit DHE, multiple handshakes'); + } + + SKIP: { + skip "skipping PSK tests", 2 + if ($no_psk); + + ok(run(test([@ssltest, "-tls1", "-cipher", "PSK", "-psk", "abc123"])), + 'test tls1 with PSK'); + + ok(run(test([@ssltest, "-bio_pair", "-tls1", "-cipher", "PSK", "-psk", "abc123"])), + 'test tls1 with PSK via BIO pair'); + } + } + + }; + + subtest 'Custom Extension tests' => sub { + ###################################################################### + + plan tests => 1; + + SKIP: { + skip "TLSv1.0 is not supported by this OpenSSL build", 1 + if $no_tls1; + + ok(run(test([@ssltest, "-bio_pair", "-tls1", "-custom_ext"])), + 'test tls1 with custom extensions'); + } + }; + + subtest 'Serverinfo tests' => sub { + ###################################################################### + + plan tests => 5; + + SKIP: { + skip "TLSv1.0 is not supported by this OpenSSL build", 5 + if $no_tls1; + + note('echo test tls1 with serverinfo'); + ok(run(test([@ssltest, "-bio_pair", "-tls1", "-serverinfo_file", $serverinfo]))); + ok(run(test([@ssltest, "-bio_pair", "-tls1", "-serverinfo_file", $serverinfo, "-serverinfo_sct"]))); + ok(run(test([@ssltest, "-bio_pair", "-tls1", "-serverinfo_file", $serverinfo, "-serverinfo_tack"]))); + ok(run(test([@ssltest, "-bio_pair", "-tls1", "-serverinfo_file", $serverinfo, "-serverinfo_sct", "-serverinfo_tack"]))); + ok(run(test([@ssltest, "-bio_pair", "-tls1", "-custom_ext", "-serverinfo_file", $serverinfo, "-serverinfo_sct", "-serverinfo_tack"]))); + } + }; + + subtest 'SRP tests' => sub { + + plan tests => 4; + + SKIP: { + skip "skipping SRP tests", 4 + if $no_srp || alldisabled(grep !/^ssl3/, available_protocols("tls")); + + ok(run(test([@ssltest, "-tls1", "-cipher", "SRP", "-srpuser", "test", "-srppass", "abc123"])), + 'test tls1 with SRP'); + + ok(run(test([@ssltest, "-bio_pair", "-tls1", "-cipher", "SRP", "-srpuser", "test", "-srppass", "abc123"])), + 'test tls1 with SRP via BIO pair'); + + ok(run(test([@ssltest, "-tls1", "-cipher", "aSRP", "-srpuser", "test", "-srppass", "abc123"])), + 'test tls1 with SRP auth'); + + ok(run(test([@ssltest, "-bio_pair", "-tls1", "-cipher", "aSRP", "-srpuser", "test", "-srppass", "abc123"])), + 'test tls1 with SRP auth via BIO pair'); + } + }; +} + +unlink $CAkey; +unlink $CAcert; +unlink $CAserial; +unlink $CAreq; +unlink $CAreq2; + +unlink $Ukey; +unlink $Ureq; +unlink $Ucert; +unlink basename($Ucert, '.ss').'.srl'; + +unlink $Dkey; +unlink $Dreq; +unlink $Dcert; + +unlink $Ekey; +unlink $Ereq; +unlink $Ecert; + +unlink $P1key; +unlink $P1req; +unlink $P1cert; +unlink basename($P1cert, '.ss').'.srl'; +unlink $P1intermediate; +unlink "intP1.ss"; + +unlink $P2key; +unlink $P2req; +unlink $P2cert; +unlink $P2intermediate; +unlink "intP2.ss"; + +unlink "ecp.ss"; +unlink "err.ss"; + +unlink $server_sess; +unlink $client_sess; diff --git a/openssl-1.1.0h/test/recipes/80-test_ssl_test_ctx.t b/openssl-1.1.0h/test/recipes/80-test_ssl_test_ctx.t new file mode 100644 index 0000000..c593491 --- /dev/null +++ b/openssl-1.1.0h/test/recipes/80-test_ssl_test_ctx.t @@ -0,0 +1,19 @@ +#! /usr/bin/env perl +# Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved. +# +# Licensed under the OpenSSL license (the "License"). You may not use +# this file except in compliance with the License. You can obtain a copy +# in the file LICENSE in the source distribution or at +# https://www.openssl.org/source/license.html + + +use strict; +use warnings; + +use OpenSSL::Test qw/:DEFAULT srctop_file/; + +setup("test_ssl_test_ctx"); + +plan tests => 1; +ok(run(test(["ssl_test_ctx_test", srctop_file("test", "ssl_test_ctx_test.conf")])), + "running ssl_test_ctx_test ssl_test_ctx_test.conf"); diff --git a/openssl-1.1.0h/test/recipes/80-test_sslcorrupt.t b/openssl-1.1.0h/test/recipes/80-test_sslcorrupt.t new file mode 100644 index 0000000..53f8a82 --- /dev/null +++ b/openssl-1.1.0h/test/recipes/80-test_sslcorrupt.t @@ -0,0 +1,20 @@ +#! /usr/bin/env perl +# Copyright 2016 The OpenSSL Project Authors. All Rights Reserved. +# +# Licensed under the OpenSSL license (the "License"). You may not use +# this file except in compliance with the License. You can obtain a copy +# in the file LICENSE in the source distribution or at +# https://www.openssl.org/source/license.html + +use OpenSSL::Test::Utils; +use OpenSSL::Test qw/:DEFAULT srctop_file/; + +setup("test_sslcorrupt"); + +plan skip_all => "No TLS protocols are supported by this OpenSSL build" + if alldisabled(available_protocols("tls")); + +plan tests => 1; + +ok(run(test(["sslcorrupttest", srctop_file("apps", "server.pem"), + srctop_file("apps", "server.pem")])), "running sslcorrupttest"); diff --git a/openssl-1.1.0h/test/recipes/80-test_tsa.t b/openssl-1.1.0h/test/recipes/80-test_tsa.t new file mode 100644 index 0000000..3ba14d4 --- /dev/null +++ b/openssl-1.1.0h/test/recipes/80-test_tsa.t @@ -0,0 +1,207 @@ +#! /usr/bin/env perl +# Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved. +# +# Licensed under the OpenSSL license (the "License"). You may not use +# this file except in compliance with the License. You can obtain a copy +# in the file LICENSE in the source distribution or at +# https://www.openssl.org/source/license.html + + +use strict; +use warnings; + +use POSIX; +use File::Spec::Functions qw/splitdir curdir catfile/; +use File::Compare; +use OpenSSL::Test qw/:DEFAULT cmdstr srctop_file/; +use OpenSSL::Test::Utils; + +setup("test_tsa"); + +plan skip_all => "TS is not supported by this OpenSSL build" + if disabled("ts"); + +# All these are modified inside indir further down. They need to exist +# here, however, to be available in all subroutines. +my $openssl_conf; +my $testtsa; +my $CAtsa; +my @RUN; + +sub create_tsa_cert { + my $INDEX = shift; + my $EXT = shift; + my $r = 1; + $ENV{TSDNSECT} = "ts_cert_dn"; + + ok(run(app(["openssl", "req", "-config", $openssl_conf, "-new", + "-out", "tsa_req${INDEX}.pem", + "-keyout", "tsa_key${INDEX}.pem"]))); + note "using extension $EXT"; + ok(run(app(["openssl", "x509", "-req", + "-in", "tsa_req${INDEX}.pem", + "-out", "tsa_cert${INDEX}.pem", + "-CA", "tsaca.pem", "-CAkey", "tsacakey.pem", + "-CAcreateserial", + "-extfile", $openssl_conf, "-extensions", $EXT]))); +} + +sub create_time_stamp_response { + my $queryfile = shift; + my $outputfile = shift; + my $datafile = shift; + + ok(run(app([@RUN, "-reply", "-section", "$datafile", + "-queryfile", "$queryfile", "-out", "$outputfile"]))); +} + +sub verify_time_stamp_response { + my $queryfile = shift; + my $inputfile = shift; + my $datafile = shift; + + ok(run(app([@RUN, "-verify", "-queryfile", "$queryfile", + "-in", "$inputfile", "-CAfile", "tsaca.pem", + "-untrusted", "tsa_cert1.pem"]))); + ok(run(app([@RUN, "-verify", "-data", "$datafile", + "-in", "$inputfile", "-CAfile", "tsaca.pem", + "-untrusted", "tsa_cert1.pem"]))); +} + +sub verify_time_stamp_response_fail { + my $queryfile = shift; + my $inputfile = shift; + + ok(!run(app([@RUN, "-verify", "-queryfile", "$queryfile", + "-in", "$inputfile", "-CAfile", "tsaca.pem", + "-untrusted", "tsa_cert1.pem"]))); +} + +# main functions + +plan tests => 20; + +note "setting up TSA test directory"; +indir "tsa" => sub +{ + $openssl_conf = srctop_file("test", "CAtsa.cnf"); + $testtsa = srctop_file("test", "recipes", "80-test_tsa.t"); + $CAtsa = srctop_file("test", "CAtsa.cnf"); + @RUN = ("openssl", "ts", "-config", $openssl_conf); + + # ../apps/CA.pl needs these + $ENV{OPENSSL_CONFIG} = "-config $openssl_conf"; + $ENV{OPENSSL} = cmdstr(app(["openssl"]), display => 1); + + SKIP: { + $ENV{TSDNSECT} = "ts_ca_dn"; + skip "failed", 19 + unless ok(run(app(["openssl", "req", "-config", $openssl_conf, + "-new", "-x509", "-nodes", + "-out", "tsaca.pem", "-keyout", "tsacakey.pem"])), + 'creating a new CA for the TSA tests'); + + skip "failed", 18 + unless subtest 'creating tsa_cert1.pem TSA server cert' => sub { + create_tsa_cert("1", "tsa_cert") + }; + + skip "failed", 17 + unless subtest 'creating tsa_cert2.pem non-TSA server cert' => sub { + create_tsa_cert("2", "non_tsa_cert") + }; + + skip "failed", 16 + unless ok(run(app([@RUN, "-query", "-data", $testtsa, + "-tspolicy", "tsa_policy1", "-cert", + "-out", "req1.tsq"])), + 'creating req1.req time stamp request for file testtsa'); + + ok(run(app([@RUN, "-query", "-in", "req1.tsq", "-text"])), + 'printing req1.req'); + + subtest 'generating valid response for req1.req' => sub { + create_time_stamp_response("req1.tsq", "resp1.tsr", "tsa_config1") + }; + + ok(run(app([@RUN, "-reply", "-in", "resp1.tsr", "-text"])), + 'printing response'); + + subtest 'verifying valid response' => sub { + verify_time_stamp_response("req1.tsq", "resp1.tsr", $testtsa) + }; + + skip "failed", 11 + unless subtest 'verifying valid token' => sub { + ok(run(app([@RUN, "-reply", "-in", "resp1.tsr", + "-out", "resp1.tsr.token", "-token_out"]))); + ok(run(app([@RUN, "-verify", "-queryfile", "req1.tsq", + "-in", "resp1.tsr.token", "-token_in", + "-CAfile", "tsaca.pem", + "-untrusted", "tsa_cert1.pem"]))); + ok(run(app([@RUN, "-verify", "-data", $testtsa, + "-in", "resp1.tsr.token", "-token_in", + "-CAfile", "tsaca.pem", + "-untrusted", "tsa_cert1.pem"]))); + }; + + skip "failed", 10 + unless ok(run(app([@RUN, "-query", "-data", $testtsa, + "-tspolicy", "tsa_policy2", "-no_nonce", + "-out", "req2.tsq"])), + 'creating req2.req time stamp request for file testtsa'); + + ok(run(app([@RUN, "-query", "-in", "req2.tsq", "-text"])), + 'printing req2.req'); + + skip "failed", 8 + unless subtest 'generating valid response for req2.req' => sub { + create_time_stamp_response("req2.tsq", "resp2.tsr", "tsa_config1") + }; + + skip "failed", 7 + unless subtest 'checking -token_in and -token_out options with -reply' => sub { + my $RESPONSE2="resp2.tsr.copy.tsr"; + my $TOKEN_DER="resp2.tsr.token.der"; + + ok(run(app([@RUN, "-reply", "-in", "resp2.tsr", + "-out", "$TOKEN_DER", "-token_out"]))); + ok(run(app([@RUN, "-reply", "-in", "$TOKEN_DER", + "-token_in", "-out", "$RESPONSE2"]))); + is(compare($RESPONSE2, "resp2.tsr"), 0); + ok(run(app([@RUN, "-reply", "-in", "resp2.tsr", + "-text", "-token_out"]))); + ok(run(app([@RUN, "-reply", "-in", "$TOKEN_DER", + "-token_in", "-text", "-token_out"]))); + ok(run(app([@RUN, "-reply", "-queryfile", "req2.tsq", + "-text", "-token_out"]))); + }; + + ok(run(app([@RUN, "-reply", "-in", "resp2.tsr", "-text"])), + 'printing response'); + + subtest 'verifying valid response' => sub { + verify_time_stamp_response("req2.tsq", "resp2.tsr", $testtsa) + }; + + subtest 'verifying response against wrong request, it should fail' => sub { + verify_time_stamp_response_fail("req1.tsq", "resp2.tsr") + }; + + subtest 'verifying response against wrong request, it should fail' => sub { + verify_time_stamp_response_fail("req2.tsq", "resp1.tsr") + }; + + skip "failure", 2 + unless ok(run(app([@RUN, "-query", "-data", $CAtsa, + "-no_nonce", "-out", "req3.tsq"])), + "creating req3.req time stamp request for file CAtsa.cnf"); + + ok(run(app([@RUN, "-query", "-in", "req3.tsq", "-text"])), + 'printing req3.req'); + + subtest 'verifying response against wrong request, it should fail' => sub { + verify_time_stamp_response_fail("req3.tsq", "resp1.tsr") + }; + } +}, create => 1, cleanup => 1 diff --git a/openssl-1.1.0h/test/recipes/80-test_x509aux.t b/openssl-1.1.0h/test/recipes/80-test_x509aux.t new file mode 100644 index 0000000..65ba5fc --- /dev/null +++ b/openssl-1.1.0h/test/recipes/80-test_x509aux.t @@ -0,0 +1,27 @@ +#! /usr/bin/env perl +# Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved. +# +# Licensed under the OpenSSL license (the "License"). You may not use +# this file except in compliance with the License. You can obtain a copy +# in the file LICENSE in the source distribution or at +# https://www.openssl.org/source/license.html + + +use strict; +use warnings; +use OpenSSL::Test qw/:DEFAULT srctop_file/; +use OpenSSL::Test::Utils; + +setup("test_x509aux"); + +plan skip_all => "test_dane uses ec which is not supported by this OpenSSL build" + if disabled("ec"); + +plan tests => 1; # The number of tests being performed + +ok(run(test(["x509aux", + srctop_file("test", "certs", "roots.pem"), + srctop_file("test", "certs", "root+anyEKU.pem"), + srctop_file("test", "certs", "root-anyEKU.pem"), + srctop_file("test", "certs", "root-cert.pem")] + )), "x509aux tests"); diff --git a/openssl-1.1.0h/test/recipes/90-test_async.t b/openssl-1.1.0h/test/recipes/90-test_async.t new file mode 100644 index 0000000..e0f1870 --- /dev/null +++ b/openssl-1.1.0h/test/recipes/90-test_async.t @@ -0,0 +1,12 @@ +#! /usr/bin/env perl +# Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved. +# +# Licensed under the OpenSSL license (the "License"). You may not use +# this file except in compliance with the License. You can obtain a copy +# in the file LICENSE in the source distribution or at +# https://www.openssl.org/source/license.html + + +use OpenSSL::Test::Simple; + +simple_test("test_async", "asynctest", "async"); diff --git a/openssl-1.1.0h/test/recipes/90-test_bio_enc.t b/openssl-1.1.0h/test/recipes/90-test_bio_enc.t new file mode 100644 index 0000000..aa7e42a --- /dev/null +++ b/openssl-1.1.0h/test/recipes/90-test_bio_enc.t @@ -0,0 +1,12 @@ +#! /usr/bin/env perl +# Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved. +# +# Licensed under the OpenSSL license (the "License"). You may not use +# this file except in compliance with the License. You can obtain a copy +# in the file LICENSE in the source distribution or at +# https://www.openssl.org/source/license.html + + +use OpenSSL::Test::Simple; + +simple_test("test_bio_enc", "bio_enc_test", "bio_enc"); diff --git a/openssl-1.1.0h/test/recipes/90-test_bioprint.t b/openssl-1.1.0h/test/recipes/90-test_bioprint.t new file mode 100644 index 0000000..b86e828 --- /dev/null +++ b/openssl-1.1.0h/test/recipes/90-test_bioprint.t @@ -0,0 +1,12 @@ +#! /usr/bin/env perl +# Copyright 2016 The OpenSSL Project Authors. All Rights Reserved. +# +# Licensed under the OpenSSL license (the "License"). You may not use +# this file except in compliance with the License. You can obtain a copy +# in the file LICENSE in the source distribution or at +# https://www.openssl.org/source/license.html + + +use OpenSSL::Test::Simple; + +simple_test("test_bioprint", "bioprinttest"); diff --git a/openssl-1.1.0h/test/recipes/90-test_constant_time.t b/openssl-1.1.0h/test/recipes/90-test_constant_time.t new file mode 100644 index 0000000..6fa73bf --- /dev/null +++ b/openssl-1.1.0h/test/recipes/90-test_constant_time.t @@ -0,0 +1,12 @@ +#! /usr/bin/env perl +# Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved. +# +# Licensed under the OpenSSL license (the "License"). You may not use +# this file except in compliance with the License. You can obtain a copy +# in the file LICENSE in the source distribution or at +# https://www.openssl.org/source/license.html + + +use OpenSSL::Test::Simple; + +simple_test("test_constant_time", "constant_time_test"); diff --git a/openssl-1.1.0h/test/recipes/90-test_fatalerr.t b/openssl-1.1.0h/test/recipes/90-test_fatalerr.t new file mode 100644 index 0000000..361bc1f --- /dev/null +++ b/openssl-1.1.0h/test/recipes/90-test_fatalerr.t @@ -0,0 +1,21 @@ +#! /usr/bin/env perl +# Copyright 2016 The OpenSSL Project Authors. All Rights Reserved. +# +# Licensed under the OpenSSL license (the "License"). You may not use +# this file except in compliance with the License. You can obtain a copy +# in the file LICENSE in the source distribution or at +# https://www.openssl.org/source/license.html + + +use OpenSSL::Test::Utils; +use OpenSSL::Test qw/:DEFAULT srctop_file/; + +setup("test_fatalerr"); + +plan skip_all => "No TLS/SSL protocols are supported by this OpenSSL build" + if alldisabled(grep { $_ ne "ssl3" } available_protocols("tls")); + +plan tests => 1; + +ok(run(test(["fatalerrtest", srctop_file("apps", "server.pem"), + srctop_file("apps", "server.pem")])), "running fatalerrtest"); diff --git a/openssl-1.1.0h/test/recipes/90-test_fuzz.t b/openssl-1.1.0h/test/recipes/90-test_fuzz.t new file mode 100644 index 0000000..d152925 --- /dev/null +++ b/openssl-1.1.0h/test/recipes/90-test_fuzz.t @@ -0,0 +1,40 @@ +#!/usr/bin/env perl +# Copyright 2016 The OpenSSL Project Authors. All Rights Reserved. +# +# Licensed under the OpenSSL license (the "License"). You may not use +# this file except in compliance with the License. You can obtain a copy +# in the file LICENSE in the source distribution or at +# https://www.openssl.org/source/license.html + +use strict; +use warnings; + +use if $^O ne "VMS", 'File::Glob' => qw/glob/; +use OpenSSL::Test qw/:DEFAULT srctop_file/; +use OpenSSL::Test::Utils; + +setup("test_fuzz"); + +my @fuzzers = ('asn1', 'asn1parse', 'bignum', 'bndiv', 'conf', 'crl', 'server', 'x509'); +if (!disabled("cms")) { + push @fuzzers, 'cms'; +} +if (!disabled("ct")) { + push @fuzzers, 'ct'; +} +plan tests => scalar @fuzzers; + +foreach my $f (@fuzzers) { + subtest "Fuzzing $f" => sub { + my @files = glob(srctop_file('fuzz', 'corpora', $f, '*')); + push @files, glob(srctop_file('fuzz', 'corpora', "$f-*", '*')); + + plan skip_all => "No corpora for $f-test" unless @files; + + plan tests => scalar @files; + + foreach (@files) { + ok(run(fuzz(["$f-test", $_]))); + } + } +} diff --git a/openssl-1.1.0h/test/recipes/90-test_gmdiff.t b/openssl-1.1.0h/test/recipes/90-test_gmdiff.t new file mode 100644 index 0000000..f2cce41 --- /dev/null +++ b/openssl-1.1.0h/test/recipes/90-test_gmdiff.t @@ -0,0 +1,12 @@ +#! /usr/bin/env perl +# Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved. +# +# Licensed under the OpenSSL license (the "License"). You may not use +# this file except in compliance with the License. You can obtain a copy +# in the file LICENSE in the source distribution or at +# https://www.openssl.org/source/license.html + + +use OpenSSL::Test::Simple; + +simple_test("test_gmdiff", "gmdifftest"); diff --git a/openssl-1.1.0h/test/recipes/90-test_heartbeat.t b/openssl-1.1.0h/test/recipes/90-test_heartbeat.t new file mode 100644 index 0000000..90d6a67 --- /dev/null +++ b/openssl-1.1.0h/test/recipes/90-test_heartbeat.t @@ -0,0 +1,12 @@ +#! /usr/bin/env perl +# Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved. +# +# Licensed under the OpenSSL license (the "License"). You may not use +# this file except in compliance with the License. You can obtain a copy +# in the file LICENSE in the source distribution or at +# https://www.openssl.org/source/license.html + + +use OpenSSL::Test::Simple; + +simple_test("test_heartbeat", "heartbeat_test", "heartbeats"); diff --git a/openssl-1.1.0h/test/recipes/90-test_ige.t b/openssl-1.1.0h/test/recipes/90-test_ige.t new file mode 100644 index 0000000..2ab4bd2 --- /dev/null +++ b/openssl-1.1.0h/test/recipes/90-test_ige.t @@ -0,0 +1,12 @@ +#! /usr/bin/env perl +# Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved. +# +# Licensed under the OpenSSL license (the "License"). You may not use +# this file except in compliance with the License. You can obtain a copy +# in the file LICENSE in the source distribution or at +# https://www.openssl.org/source/license.html + + +use OpenSSL::Test::Simple; + +simple_test("test_ige", "igetest"); diff --git a/openssl-1.1.0h/test/recipes/90-test_memleak.t b/openssl-1.1.0h/test/recipes/90-test_memleak.t new file mode 100644 index 0000000..52357c7 --- /dev/null +++ b/openssl-1.1.0h/test/recipes/90-test_memleak.t @@ -0,0 +1,15 @@ +#! /usr/bin/env perl +# Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved. +# +# Licensed under the OpenSSL license (the "License"). You may not use +# this file except in compliance with the License. You can obtain a copy +# in the file LICENSE in the source distribution or at +# https://www.openssl.org/source/license.html + + +use OpenSSL::Test; + +setup("test_memleak"); +plan tests => 2; +ok(run(test(["memleaktest"])), "running leak test"); +ok(run(test(["memleaktest", "freeit"])), "running no leak test"); diff --git a/openssl-1.1.0h/test/recipes/90-test_p5_crpt2.t b/openssl-1.1.0h/test/recipes/90-test_p5_crpt2.t new file mode 100644 index 0000000..710dc8b --- /dev/null +++ b/openssl-1.1.0h/test/recipes/90-test_p5_crpt2.t @@ -0,0 +1,12 @@ +#! /usr/bin/env perl +# Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved. +# +# Licensed under the OpenSSL license (the "License"). You may not use +# this file except in compliance with the License. You can obtain a copy +# in the file LICENSE in the source distribution or at +# https://www.openssl.org/source/license.html + + +use OpenSSL::Test::Simple; + +simple_test("test_p5_crpt2", "p5_crpt2_test"); diff --git a/openssl-1.1.0h/test/recipes/90-test_secmem.t b/openssl-1.1.0h/test/recipes/90-test_secmem.t new file mode 100644 index 0000000..d197c48 --- /dev/null +++ b/openssl-1.1.0h/test/recipes/90-test_secmem.t @@ -0,0 +1,12 @@ +#! /usr/bin/env perl +# Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved. +# +# Licensed under the OpenSSL license (the "License"). You may not use +# this file except in compliance with the License. You can obtain a copy +# in the file LICENSE in the source distribution or at +# https://www.openssl.org/source/license.html + + +use OpenSSL::Test::Simple; + +simple_test("test_secmem", "secmemtest"); diff --git a/openssl-1.1.0h/test/recipes/90-test_shlibload.t b/openssl-1.1.0h/test/recipes/90-test_shlibload.t new file mode 100644 index 0000000..aa8d98d --- /dev/null +++ b/openssl-1.1.0h/test/recipes/90-test_shlibload.t @@ -0,0 +1,38 @@ +#! /usr/bin/env perl +# Copyright 2016 The OpenSSL Project Authors. All Rights Reserved. +# +# Licensed under the OpenSSL license (the "License"). You may not use +# this file except in compliance with the License. You can obtain a copy +# in the file LICENSE in the source distribution or at +# https://www.openssl.org/source/license.html + + +use OpenSSL::Test qw/:DEFAULT bldtop_dir/; +use OpenSSL::Test::Utils; + +#Load configdata.pm + +BEGIN { + setup("test_shlibload"); +} +use lib bldtop_dir('.'); +use configdata; + +plan skip_all => "Test only supported in a shared build" if disabled("shared"); + +plan tests => 3; + +my $libcrypto_idx = $unified_info{rename}->{libcrypto} // "libcrypto"; +my $libssl_idx = $unified_info{rename}->{libssl} // "libssl"; +my $libcrypto = + $unified_info{sharednames}->{$libcrypto_idx}.$target{shared_extension_simple}; +my $libssl = + $unified_info{sharednames}->{$libssl_idx}.$target{shared_extension_simple}; + +ok(run(test(["shlibloadtest", "-crypto_first", $libcrypto, $libssl])), + "running shlibloadtest -crypto_first"); +ok(run(test(["shlibloadtest", "-ssl_first", $libcrypto, $libssl])), + "running shlibloadtest -ssl_first"); +ok(run(test(["shlibloadtest", "-just_crypto", $libcrypto, $libssl])), + "running shlibloadtest -just_crypto"); + diff --git a/openssl-1.1.0h/test/recipes/90-test_srp.t b/openssl-1.1.0h/test/recipes/90-test_srp.t new file mode 100644 index 0000000..7026c35 --- /dev/null +++ b/openssl-1.1.0h/test/recipes/90-test_srp.t @@ -0,0 +1,12 @@ +#! /usr/bin/env perl +# Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved. +# +# Licensed under the OpenSSL license (the "License"). You may not use +# this file except in compliance with the License. You can obtain a copy +# in the file LICENSE in the source distribution or at +# https://www.openssl.org/source/license.html + + +use OpenSSL::Test::Simple; + +simple_test("test_srp", "srptest", "srp"); diff --git a/openssl-1.1.0h/test/recipes/90-test_sslapi.t b/openssl-1.1.0h/test/recipes/90-test_sslapi.t new file mode 100644 index 0000000..efaae3b --- /dev/null +++ b/openssl-1.1.0h/test/recipes/90-test_sslapi.t @@ -0,0 +1,21 @@ +#! /usr/bin/env perl +# Copyright 2016 The OpenSSL Project Authors. All Rights Reserved. +# +# Licensed under the OpenSSL license (the "License"). You may not use +# this file except in compliance with the License. You can obtain a copy +# in the file LICENSE in the source distribution or at +# https://www.openssl.org/source/license.html + + +use OpenSSL::Test::Utils; +use OpenSSL::Test qw/:DEFAULT srctop_file/; + +setup("test_sslapi"); + +plan skip_all => "No TLS/SSL protocols are supported by this OpenSSL build" + if alldisabled(grep { $_ ne "ssl3" } available_protocols("tls")); + +plan tests => 1; + +ok(run(test(["sslapitest", srctop_file("apps", "server.pem"), + srctop_file("apps", "server.pem")])), "running sslapitest"); diff --git a/openssl-1.1.0h/test/recipes/90-test_threads.t b/openssl-1.1.0h/test/recipes/90-test_threads.t new file mode 100644 index 0000000..56d5338 --- /dev/null +++ b/openssl-1.1.0h/test/recipes/90-test_threads.t @@ -0,0 +1,12 @@ +#! /usr/bin/env perl +# Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved. +# +# Licensed under the OpenSSL license (the "License"). You may not use +# this file except in compliance with the License. You can obtain a copy +# in the file LICENSE in the source distribution or at +# https://www.openssl.org/source/license.html + + +use OpenSSL::Test::Simple; + +simple_test("test_threads", "threadstest"); diff --git a/openssl-1.1.0h/test/recipes/90-test_v3name.t b/openssl-1.1.0h/test/recipes/90-test_v3name.t new file mode 100644 index 0000000..2e144e5 --- /dev/null +++ b/openssl-1.1.0h/test/recipes/90-test_v3name.t @@ -0,0 +1,12 @@ +#! /usr/bin/env perl +# Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved. +# +# Licensed under the OpenSSL license (the "License"). You may not use +# this file except in compliance with the License. You can obtain a copy +# in the file LICENSE in the source distribution or at +# https://www.openssl.org/source/license.html + + +use OpenSSL::Test::Simple; + +simple_test("test_v3name", "v3nametest"); diff --git a/openssl-1.1.0h/test/recipes/bc.pl b/openssl-1.1.0h/test/recipes/bc.pl new file mode 100644 index 0000000..dbb5842 --- /dev/null +++ b/openssl-1.1.0h/test/recipes/bc.pl @@ -0,0 +1,113 @@ +#! /usr/bin/env perl +# Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved. +# +# Licensed under the OpenSSL license (the "License"). You may not use +# this file except in compliance with the License. You can obtain a copy +# in the file LICENSE in the source distribution or at +# https://www.openssl.org/source/license.html + + +use strict; +use warnings; + +use Math::BigInt; + +sub calc { + @_ = __adder(@_); + if (scalar @_ != 1) { return "NaN"; } + return shift; +} + +sub __canonhex { + my ($sign, $hex) = (shift =~ /^([+\-]?)(.*)$/); + $hex = "0x".$hex if $hex !~ /^0x/; + return $sign.$hex; +} + +sub __adder { + @_ = __multiplier(@_); + while (scalar @_ > 1 && $_[1] =~ /^[\+\-]$/) { + my $operand1 = Math::BigInt->from_hex(__canonhex(shift)); + my $operator = shift; + @_ = __multiplier(@_); + my $operand2 = Math::BigInt->from_hex(__canonhex(shift)); + if ($operator eq "+") { + $operand1->badd($operand2); + } elsif ($operator eq "-") { + $operand1->bsub($operand2); + } else { + die "SOMETHING WENT AWFULLY WRONG"; + } + unshift @_, $operand1->as_hex(); + } + return @_; +} + +sub __multiplier { + @_ = __power(@_); + while (scalar @_ > 1 && $_[1] =~ /^[\*\/%]$/) { + my $operand1 = Math::BigInt->from_hex(__canonhex(shift)); + my $operator = shift; + @_ = __power(@_); + my $operand2 = Math::BigInt->from_hex(__canonhex(shift)); + if ($operator eq "*") { + $operand1->bmul($operand2); + } elsif ($operator eq "/") { + # Math::BigInt->bdiv() is documented to do floored division, + # i.e. 1 / -4 = -1, while bc and OpenSSL BN_div do truncated + # division, i.e. 1 / -4 = 0. We need to make the operation + # work like OpenSSL's BN_div to be able to verify. + my $neg = ($operand1->is_neg() + ? !$operand2->is_neg() : $operand2->is_neg()); + $operand1->babs(); + $operand2->babs(); + $operand1->bdiv($operand2); + if ($neg) { $operand1->bneg(); } + } elsif ($operator eq "%") { + # Here's a bit of a quirk... + # With OpenSSL's BN, as well as bc, the result of -10 % 3 is -1 + # while Math::BigInt, the result is 2. + # The latter is mathematically more correct, but... + my $o1isneg = $operand1->is_neg(); + $operand1->babs(); + # Math::BigInt does something different with a negative modulus, + # while OpenSSL's BN and bc treat it like a positive number... + $operand2->babs(); + $operand1->bmod($operand2); + if ($o1isneg) { $operand1->bneg(); } + } else { + die "SOMETHING WENT AWFULLY WRONG"; + } + unshift @_, $operand1->as_hex(); + } + return @_; +} + +sub __power { + @_ = __paren(@_); + while (scalar @_ > 1 && $_[1] eq "^") { + my $operand1 = Math::BigInt->from_hex(__canonhex(shift)); + shift; + @_ = __paren(@_); + my $operand2 = Math::BigInt->from_hex(__canonhex(shift)); + $operand1->bpow($operand2); + unshift @_, $operand1->as_hex(); + } + return @_; +} + +# returns array ( $result, @remaining ) +sub __paren { + if (scalar @_ > 0 && $_[0] eq "(") { + shift; + my @result = __adder(@_); + if (scalar @_ == 0 || $_[0] ne ")") { + return ("NaN"); + } + shift; + return @result; + } + return @_; +} + +1; diff --git a/openssl-1.1.0h/test/recipes/tconversion.pl b/openssl-1.1.0h/test/recipes/tconversion.pl new file mode 100644 index 0000000..1cf68dc --- /dev/null +++ b/openssl-1.1.0h/test/recipes/tconversion.pl @@ -0,0 +1,105 @@ +#! /usr/bin/env perl +# Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved. +# +# Licensed under the OpenSSL license (the "License"). You may not use +# this file except in compliance with the License. You can obtain a copy +# in the file LICENSE in the source distribution or at +# https://www.openssl.org/source/license.html + + +use strict; +use warnings; + +use File::Compare qw/compare_text/; +use File::Copy; +use OpenSSL::Test qw/:DEFAULT/; + +my %conversionforms = ( + # Default conversion forms. Other series may be added with + # specific test types as key. + "*" => [ "d", "p" ], + "msb" => [ "d", "p", "msblob" ], + ); +sub tconversion { + my $testtype = shift; + my $t = shift; + my @conversionforms = + defined($conversionforms{$testtype}) ? + @{$conversionforms{$testtype}} : + @{$conversionforms{"*"}}; + my @openssl_args = @_; + if (!@openssl_args) { @openssl_args = ($testtype); } + + my $n = scalar @conversionforms; + my $totaltests = + 1 # for initializing + + $n # initial conversions from p to all forms (A) + + $n*$n # conversion from result of A to all forms (B) + + 1 # comparing original test file to p form of A + + $n*($n-1); # comparing first conversion to each form in A with B + $totaltests-- if ($testtype eq "p7d"); # no comparison of original test file + plan tests => $totaltests; + + my @cmd = ("openssl", @openssl_args); + + my $init; + if (scalar @openssl_args > 0 && $openssl_args[0] eq "pkey") { + $init = ok(run(app([@cmd, "-in", $t, "-out", "$testtype-fff.p"])), + 'initializing'); + } else { + $init = ok(copy($t, "$testtype-fff.p"), 'initializing'); + } + if (!$init) { + diag("Trying to copy $t to $testtype-fff.p : $!"); + } + + SKIP: { + skip "Not initialized, skipping...", 22 unless $init; + + foreach my $to (@conversionforms) { + ok(run(app([@cmd, + "-in", "$testtype-fff.p", + "-inform", "p", + "-out", "$testtype-f.$to", + "-outform", $to])), + "p -> $to"); + } + + foreach my $to (@conversionforms) { + foreach my $from (@conversionforms) { + ok(run(app([@cmd, + "-in", "$testtype-f.$from", + "-inform", $from, + "-out", "$testtype-ff.$from$to", + "-outform", $to])), + "$from -> $to"); + } + } + + if ($testtype ne "p7d") { + is(cmp_text("$testtype-fff.p", "$testtype-f.p"), 0, + 'comparing orig to p'); + } + + foreach my $to (@conversionforms) { + next if $to eq "d"; + foreach my $from (@conversionforms) { + is(cmp_text("$testtype-f.$to", "$testtype-ff.$from$to"), 0, + "comparing $to to $from$to"); + } + } + } + unlink glob "$testtype-f.*"; + unlink glob "$testtype-ff.*"; + unlink glob "$testtype-fff.*"; +} + +sub cmp_text { + return compare_text(@_, sub { + $_[0] =~ s/\R//g; + $_[1] =~ s/\R//g; + return $_[0] ne $_[1]; + }); +} + +1; diff --git a/openssl-1.1.0h/test/rmdtest.c b/openssl-1.1.0h/test/rmdtest.c new file mode 100644 index 0000000..b6deaaa --- /dev/null +++ b/openssl-1.1.0h/test/rmdtest.c @@ -0,0 +1,92 @@ +/* + * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#include +#include +#include + +#include "../e_os.h" + +#ifdef OPENSSL_NO_RMD160 +int main(int argc, char *argv[]) +{ + printf("No ripemd support\n"); + return (0); +} +#else +# include +# include + +# ifdef CHARSET_EBCDIC +# include +# endif + +static char test[][100] = { + { "" }, + { "a" }, + { "abc" }, + { "message digest" }, + { "abcdefghijklmnopqrstuvwxyz" }, + { "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq" }, + { "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789" }, + { "12345678901234567890123456789012345678901234567890123456789012345678901234567890" } +}; + +static char *ret[] = { + "9c1185a5c5e9fc54612808977ee8f548b2258d31", + "0bdc9d2d256b3ee9daae347be6f4dc835a467ffe", + "8eb208f7e05d987a9b044a8e98c6b087f15a0bfc", + "5d0689ef49d2fae572b881b123a85ffa21595f36", + "f71c27109c692c1b56bbdceb5b9d2865b3708dbc", + "12a053384a9c0c88e405a06c27dcf49ada62eb2b", + "b0e20b6e3116640286ed3a87a5713079b21f5189", + "9b752e45573d4b39f4dbd3323cab82bf63326bfb", +}; + +static char *pt(unsigned char *md); +int main(int argc, char *argv[]) +{ + unsigned int i; + int err = 0; + char **R; + char *p; + unsigned char md[RIPEMD160_DIGEST_LENGTH]; + + R = ret; + for (i = 0; i < OSSL_NELEM(test); i++) { +# ifdef CHARSET_EBCDIC + ebcdic2ascii(test[i], test[i], strlen(test[i])); +# endif + if (!EVP_Digest(test[i], strlen(test[i]), md, NULL, EVP_ripemd160(), + NULL)) { + printf("EVP Digest error.\n"); + EXIT(1); + } + p = pt(md); + if (strcmp(p, (char *)*R) != 0) { + printf("error calculating RIPEMD160 on '%s'\n", test[i]); + printf("got %s instead of %s\n", p, *R); + err++; + } else + printf("test %d ok\n", i + 1); + R++; + } + EXIT(err); +} + +static char *pt(unsigned char *md) +{ + int i; + static char buf[80]; + + for (i = 0; i < RIPEMD160_DIGEST_LENGTH; i++) + sprintf(&(buf[i * 2]), "%02x", md[i]); + return (buf); +} +#endif diff --git a/openssl-1.1.0h/test/rsa_test.c b/openssl-1.1.0h/test/rsa_test.c new file mode 100644 index 0000000..01e8374 --- /dev/null +++ b/openssl-1.1.0h/test/rsa_test.c @@ -0,0 +1,344 @@ +/* + * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +/* test vectors from p1ovect1.txt */ + +#include +#include + +#include "e_os.h" + +#include +#include +#include +#include +#ifdef OPENSSL_NO_RSA +int main(int argc, char *argv[]) +{ + printf("No RSA support\n"); + return (0); +} +#else +# include + +# define SetKey \ + RSA_set0_key(key, \ + BN_bin2bn(n, sizeof(n)-1, NULL), \ + BN_bin2bn(e, sizeof(e)-1, NULL), \ + BN_bin2bn(d, sizeof(d)-1, NULL)); \ + RSA_set0_factors(key, \ + BN_bin2bn(p, sizeof(p)-1, NULL), \ + BN_bin2bn(q, sizeof(q)-1, NULL)); \ + RSA_set0_crt_params(key, \ + BN_bin2bn(dmp1, sizeof(dmp1)-1, NULL), \ + BN_bin2bn(dmq1, sizeof(dmq1)-1, NULL), \ + BN_bin2bn(iqmp, sizeof(iqmp)-1, NULL)); \ + memcpy(c, ctext_ex, sizeof(ctext_ex) - 1); \ + return (sizeof(ctext_ex) - 1); + +static int key1(RSA *key, unsigned char *c) +{ + static unsigned char n[] = + "\x00\xAA\x36\xAB\xCE\x88\xAC\xFD\xFF\x55\x52\x3C\x7F\xC4\x52\x3F" + "\x90\xEF\xA0\x0D\xF3\x77\x4A\x25\x9F\x2E\x62\xB4\xC5\xD9\x9C\xB5" + "\xAD\xB3\x00\xA0\x28\x5E\x53\x01\x93\x0E\x0C\x70\xFB\x68\x76\x93" + "\x9C\xE6\x16\xCE\x62\x4A\x11\xE0\x08\x6D\x34\x1E\xBC\xAC\xA0\xA1" + "\xF5"; + + static unsigned char e[] = "\x11"; + + static unsigned char d[] = + "\x0A\x03\x37\x48\x62\x64\x87\x69\x5F\x5F\x30\xBC\x38\xB9\x8B\x44" + "\xC2\xCD\x2D\xFF\x43\x40\x98\xCD\x20\xD8\xA1\x38\xD0\x90\xBF\x64" + "\x79\x7C\x3F\xA7\xA2\xCD\xCB\x3C\xD1\xE0\xBD\xBA\x26\x54\xB4\xF9" + "\xDF\x8E\x8A\xE5\x9D\x73\x3D\x9F\x33\xB3\x01\x62\x4A\xFD\x1D\x51"; + + static unsigned char p[] = + "\x00\xD8\x40\xB4\x16\x66\xB4\x2E\x92\xEA\x0D\xA3\xB4\x32\x04\xB5" + "\xCF\xCE\x33\x52\x52\x4D\x04\x16\xA5\xA4\x41\xE7\x00\xAF\x46\x12" + "\x0D"; + + static unsigned char q[] = + "\x00\xC9\x7F\xB1\xF0\x27\xF4\x53\xF6\x34\x12\x33\xEA\xAA\xD1\xD9" + "\x35\x3F\x6C\x42\xD0\x88\x66\xB1\xD0\x5A\x0F\x20\x35\x02\x8B\x9D" + "\x89"; + + static unsigned char dmp1[] = + "\x59\x0B\x95\x72\xA2\xC2\xA9\xC4\x06\x05\x9D\xC2\xAB\x2F\x1D\xAF" + "\xEB\x7E\x8B\x4F\x10\xA7\x54\x9E\x8E\xED\xF5\xB4\xFC\xE0\x9E\x05"; + + static unsigned char dmq1[] = + "\x00\x8E\x3C\x05\x21\xFE\x15\xE0\xEA\x06\xA3\x6F\xF0\xF1\x0C\x99" + "\x52\xC3\x5B\x7A\x75\x14\xFD\x32\x38\xB8\x0A\xAD\x52\x98\x62\x8D" + "\x51"; + + static unsigned char iqmp[] = + "\x36\x3F\xF7\x18\x9D\xA8\xE9\x0B\x1D\x34\x1F\x71\xD0\x9B\x76\xA8" + "\xA9\x43\xE1\x1D\x10\xB2\x4D\x24\x9F\x2D\xEA\xFE\xF8\x0C\x18\x26"; + + static unsigned char ctext_ex[] = + "\x1b\x8f\x05\xf9\xca\x1a\x79\x52\x6e\x53\xf3\xcc\x51\x4f\xdb\x89" + "\x2b\xfb\x91\x93\x23\x1e\x78\xb9\x92\xe6\x8d\x50\xa4\x80\xcb\x52" + "\x33\x89\x5c\x74\x95\x8d\x5d\x02\xab\x8c\x0f\xd0\x40\xeb\x58\x44" + "\xb0\x05\xc3\x9e\xd8\x27\x4a\x9d\xbf\xa8\x06\x71\x40\x94\x39\xd2"; + + SetKey; +} + +static int key2(RSA *key, unsigned char *c) +{ + static unsigned char n[] = + "\x00\xA3\x07\x9A\x90\xDF\x0D\xFD\x72\xAC\x09\x0C\xCC\x2A\x78\xB8" + "\x74\x13\x13\x3E\x40\x75\x9C\x98\xFA\xF8\x20\x4F\x35\x8A\x0B\x26" + "\x3C\x67\x70\xE7\x83\xA9\x3B\x69\x71\xB7\x37\x79\xD2\x71\x7B\xE8" + "\x34\x77\xCF"; + + static unsigned char e[] = "\x3"; + + static unsigned char d[] = + "\x6C\xAF\xBC\x60\x94\xB3\xFE\x4C\x72\xB0\xB3\x32\xC6\xFB\x25\xA2" + "\xB7\x62\x29\x80\x4E\x68\x65\xFC\xA4\x5A\x74\xDF\x0F\x8F\xB8\x41" + "\x3B\x52\xC0\xD0\xE5\x3D\x9B\x59\x0F\xF1\x9B\xE7\x9F\x49\xDD\x21" + "\xE5\xEB"; + + static unsigned char p[] = + "\x00\xCF\x20\x35\x02\x8B\x9D\x86\x98\x40\xB4\x16\x66\xB4\x2E\x92" + "\xEA\x0D\xA3\xB4\x32\x04\xB5\xCF\xCE\x91"; + + static unsigned char q[] = + "\x00\xC9\x7F\xB1\xF0\x27\xF4\x53\xF6\x34\x12\x33\xEA\xAA\xD1\xD9" + "\x35\x3F\x6C\x42\xD0\x88\x66\xB1\xD0\x5F"; + + static unsigned char dmp1[] = + "\x00\x8A\x15\x78\xAC\x5D\x13\xAF\x10\x2B\x22\xB9\x99\xCD\x74\x61" + "\xF1\x5E\x6D\x22\xCC\x03\x23\xDF\xDF\x0B"; + + static unsigned char dmq1[] = + "\x00\x86\x55\x21\x4A\xC5\x4D\x8D\x4E\xCD\x61\x77\xF1\xC7\x36\x90" + "\xCE\x2A\x48\x2C\x8B\x05\x99\xCB\xE0\x3F"; + + static unsigned char iqmp[] = + "\x00\x83\xEF\xEF\xB8\xA9\xA4\x0D\x1D\xB6\xED\x98\xAD\x84\xED\x13" + "\x35\xDC\xC1\x08\xF3\x22\xD0\x57\xCF\x8D"; + + static unsigned char ctext_ex[] = + "\x14\xbd\xdd\x28\xc9\x83\x35\x19\x23\x80\xe8\xe5\x49\xb1\x58\x2a" + "\x8b\x40\xb4\x48\x6d\x03\xa6\xa5\x31\x1f\x1f\xd5\xf0\xa1\x80\xe4" + "\x17\x53\x03\x29\xa9\x34\x90\x74\xb1\x52\x13\x54\x29\x08\x24\x52" + "\x62\x51"; + + SetKey; +} + +static int key3(RSA *key, unsigned char *c) +{ + static unsigned char n[] = + "\x00\xBB\xF8\x2F\x09\x06\x82\xCE\x9C\x23\x38\xAC\x2B\x9D\xA8\x71" + "\xF7\x36\x8D\x07\xEE\xD4\x10\x43\xA4\x40\xD6\xB6\xF0\x74\x54\xF5" + "\x1F\xB8\xDF\xBA\xAF\x03\x5C\x02\xAB\x61\xEA\x48\xCE\xEB\x6F\xCD" + "\x48\x76\xED\x52\x0D\x60\xE1\xEC\x46\x19\x71\x9D\x8A\x5B\x8B\x80" + "\x7F\xAF\xB8\xE0\xA3\xDF\xC7\x37\x72\x3E\xE6\xB4\xB7\xD9\x3A\x25" + "\x84\xEE\x6A\x64\x9D\x06\x09\x53\x74\x88\x34\xB2\x45\x45\x98\x39" + "\x4E\xE0\xAA\xB1\x2D\x7B\x61\xA5\x1F\x52\x7A\x9A\x41\xF6\xC1\x68" + "\x7F\xE2\x53\x72\x98\xCA\x2A\x8F\x59\x46\xF8\xE5\xFD\x09\x1D\xBD" + "\xCB"; + + static unsigned char e[] = "\x11"; + + static unsigned char d[] = + "\x00\xA5\xDA\xFC\x53\x41\xFA\xF2\x89\xC4\xB9\x88\xDB\x30\xC1\xCD" + "\xF8\x3F\x31\x25\x1E\x06\x68\xB4\x27\x84\x81\x38\x01\x57\x96\x41" + "\xB2\x94\x10\xB3\xC7\x99\x8D\x6B\xC4\x65\x74\x5E\x5C\x39\x26\x69" + "\xD6\x87\x0D\xA2\xC0\x82\xA9\x39\xE3\x7F\xDC\xB8\x2E\xC9\x3E\xDA" + "\xC9\x7F\xF3\xAD\x59\x50\xAC\xCF\xBC\x11\x1C\x76\xF1\xA9\x52\x94" + "\x44\xE5\x6A\xAF\x68\xC5\x6C\x09\x2C\xD3\x8D\xC3\xBE\xF5\xD2\x0A" + "\x93\x99\x26\xED\x4F\x74\xA1\x3E\xDD\xFB\xE1\xA1\xCE\xCC\x48\x94" + "\xAF\x94\x28\xC2\xB7\xB8\x88\x3F\xE4\x46\x3A\x4B\xC8\x5B\x1C\xB3" + "\xC1"; + + static unsigned char p[] = + "\x00\xEE\xCF\xAE\x81\xB1\xB9\xB3\xC9\x08\x81\x0B\x10\xA1\xB5\x60" + "\x01\x99\xEB\x9F\x44\xAE\xF4\xFD\xA4\x93\xB8\x1A\x9E\x3D\x84\xF6" + "\x32\x12\x4E\xF0\x23\x6E\x5D\x1E\x3B\x7E\x28\xFA\xE7\xAA\x04\x0A" + "\x2D\x5B\x25\x21\x76\x45\x9D\x1F\x39\x75\x41\xBA\x2A\x58\xFB\x65" + "\x99"; + + static unsigned char q[] = + "\x00\xC9\x7F\xB1\xF0\x27\xF4\x53\xF6\x34\x12\x33\xEA\xAA\xD1\xD9" + "\x35\x3F\x6C\x42\xD0\x88\x66\xB1\xD0\x5A\x0F\x20\x35\x02\x8B\x9D" + "\x86\x98\x40\xB4\x16\x66\xB4\x2E\x92\xEA\x0D\xA3\xB4\x32\x04\xB5" + "\xCF\xCE\x33\x52\x52\x4D\x04\x16\xA5\xA4\x41\xE7\x00\xAF\x46\x15" + "\x03"; + + static unsigned char dmp1[] = + "\x54\x49\x4C\xA6\x3E\xBA\x03\x37\xE4\xE2\x40\x23\xFC\xD6\x9A\x5A" + "\xEB\x07\xDD\xDC\x01\x83\xA4\xD0\xAC\x9B\x54\xB0\x51\xF2\xB1\x3E" + "\xD9\x49\x09\x75\xEA\xB7\x74\x14\xFF\x59\xC1\xF7\x69\x2E\x9A\x2E" + "\x20\x2B\x38\xFC\x91\x0A\x47\x41\x74\xAD\xC9\x3C\x1F\x67\xC9\x81"; + + static unsigned char dmq1[] = + "\x47\x1E\x02\x90\xFF\x0A\xF0\x75\x03\x51\xB7\xF8\x78\x86\x4C\xA9" + "\x61\xAD\xBD\x3A\x8A\x7E\x99\x1C\x5C\x05\x56\xA9\x4C\x31\x46\xA7" + "\xF9\x80\x3F\x8F\x6F\x8A\xE3\x42\xE9\x31\xFD\x8A\xE4\x7A\x22\x0D" + "\x1B\x99\xA4\x95\x84\x98\x07\xFE\x39\xF9\x24\x5A\x98\x36\xDA\x3D"; + + static unsigned char iqmp[] = + "\x00\xB0\x6C\x4F\xDA\xBB\x63\x01\x19\x8D\x26\x5B\xDB\xAE\x94\x23" + "\xB3\x80\xF2\x71\xF7\x34\x53\x88\x50\x93\x07\x7F\xCD\x39\xE2\x11" + "\x9F\xC9\x86\x32\x15\x4F\x58\x83\xB1\x67\xA9\x67\xBF\x40\x2B\x4E" + "\x9E\x2E\x0F\x96\x56\xE6\x98\xEA\x36\x66\xED\xFB\x25\x79\x80\x39" + "\xF7"; + + static unsigned char ctext_ex[] = + "\xb8\x24\x6b\x56\xa6\xed\x58\x81\xae\xb5\x85\xd9\xa2\x5b\x2a\xd7" + "\x90\xc4\x17\xe0\x80\x68\x1b\xf1\xac\x2b\xc3\xde\xb6\x9d\x8b\xce" + "\xf0\xc4\x36\x6f\xec\x40\x0a\xf0\x52\xa7\x2e\x9b\x0e\xff\xb5\xb3" + "\xf2\xf1\x92\xdb\xea\xca\x03\xc1\x27\x40\x05\x71\x13\xbf\x1f\x06" + "\x69\xac\x22\xe9\xf3\xa7\x85\x2e\x3c\x15\xd9\x13\xca\xb0\xb8\x86" + "\x3a\x95\xc9\x92\x94\xce\x86\x74\x21\x49\x54\x61\x03\x46\xf4\xd4" + "\x74\xb2\x6f\x7c\x48\xb4\x2e\xe6\x8e\x1f\x57\x2a\x1f\xc4\x02\x6a" + "\xc4\x56\xb4\xf5\x9f\x7b\x62\x1e\xa1\xb9\xd8\x8f\x64\x20\x2f\xb1"; + + SetKey; +} + +static int pad_unknown(void) +{ + unsigned long l; + while ((l = ERR_get_error()) != 0) + if (ERR_GET_REASON(l) == RSA_R_UNKNOWN_PADDING_TYPE) + return (1); + return (0); +} + +static const char rnd_seed[] = + "string to make the random number generator think it has entropy"; + +int main(int argc, char *argv[]) +{ + int err = 0; + int v; + RSA *key; + unsigned char ptext[256]; + unsigned char ctext[256]; + static unsigned char ptext_ex[] = "\x54\x85\x9b\x34\x2c\x49\xea\x2a"; + unsigned char ctext_ex[256]; + int plen; + int clen = 0; + int num; + int n; + + CRYPTO_set_mem_debug(1); + CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON); + + RAND_seed(rnd_seed, sizeof(rnd_seed)); /* or OAEP may fail */ + + plen = sizeof(ptext_ex) - 1; + + for (v = 0; v < 3; v++) { + key = RSA_new(); + switch (v) { + case 0: + clen = key1(key, ctext_ex); + break; + case 1: + clen = key2(key, ctext_ex); + break; + case 2: + clen = key3(key, ctext_ex); + break; + } + + num = RSA_public_encrypt(plen, ptext_ex, ctext, key, + RSA_PKCS1_PADDING); + if (num != clen) { + printf("PKCS#1 v1.5 encryption failed!\n"); + err = 1; + goto oaep; + } + + num = RSA_private_decrypt(num, ctext, ptext, key, RSA_PKCS1_PADDING); + if (num != plen || memcmp(ptext, ptext_ex, num) != 0) { + printf("PKCS#1 v1.5 decryption failed!\n"); + err = 1; + } else + printf("PKCS #1 v1.5 encryption/decryption ok\n"); + + oaep: + ERR_clear_error(); + num = RSA_public_encrypt(plen, ptext_ex, ctext, key, + RSA_PKCS1_OAEP_PADDING); + if (num == -1 && pad_unknown()) { + printf("No OAEP support\n"); + goto next; + } + if (num != clen) { + printf("OAEP encryption failed!\n"); + err = 1; + goto next; + } + + num = RSA_private_decrypt(num, ctext, ptext, key, + RSA_PKCS1_OAEP_PADDING); + if (num != plen || memcmp(ptext, ptext_ex, num) != 0) { + printf("OAEP decryption (encrypted data) failed!\n"); + err = 1; + } else if (memcmp(ctext, ctext_ex, num) == 0) + printf("OAEP test vector %d passed!\n", v); + + /* + * Different ciphertexts (rsa_oaep.c without -DPKCS_TESTVECT). Try + * decrypting ctext_ex + */ + + num = RSA_private_decrypt(clen, ctext_ex, ptext, key, + RSA_PKCS1_OAEP_PADDING); + + if (num != plen || memcmp(ptext, ptext_ex, num) != 0) { + printf("OAEP decryption (test vector data) failed!\n"); + err = 1; + } else + printf("OAEP encryption/decryption ok\n"); + + /* Try decrypting corrupted ciphertexts. */ + for (n = 0; n < clen; ++n) { + ctext[n] ^= 1; + num = RSA_private_decrypt(clen, ctext, ptext, key, + RSA_PKCS1_OAEP_PADDING); + if (num > 0) { + printf("Corrupt data decrypted!\n"); + err = 1; + break; + } + ctext[n] ^= 1; + } + + /* Test truncated ciphertexts, as well as negative length. */ + for (n = -1; n < clen; ++n) { + num = RSA_private_decrypt(n, ctext, ptext, key, + RSA_PKCS1_OAEP_PADDING); + if (num > 0) { + printf("Truncated data decrypted!\n"); + err = 1; + break; + } + } + + next: + RSA_free(key); + } + +#ifndef OPENSSL_NO_CRYPTO_MDEBUG + if (CRYPTO_mem_leaks_fp(stderr) <= 0) + err = 1; +#endif + + return err; +} +#endif diff --git a/openssl-1.1.0h/test/run_tests.pl b/openssl-1.1.0h/test/run_tests.pl new file mode 100644 index 0000000..77dffb3 --- /dev/null +++ b/openssl-1.1.0h/test/run_tests.pl @@ -0,0 +1,113 @@ +#! /usr/bin/env perl +# Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved. +# +# Licensed under the OpenSSL license (the "License"). You may not use +# this file except in compliance with the License. You can obtain a copy +# in the file LICENSE in the source distribution or at +# https://www.openssl.org/source/license.html + +use strict; +use warnings; + +# Recognise VERBOSE and V which is common on other projects. +BEGIN { + $ENV{HARNESS_VERBOSE} = "yes" if $ENV{VERBOSE} || $ENV{V}; +} + +use File::Spec::Functions qw/catdir catfile curdir abs2rel rel2abs/; +use File::Basename; +use FindBin; +use lib "$FindBin::Bin/../util/perl"; +use OpenSSL::Glob; +use Module::Load::Conditional qw(can_load); + +my $TAP_Harness = can_load(modules => { 'TAP::Harness' => undef }) + ? 'TAP::Harness' : 'OpenSSL::TAP::Harness'; + +my $srctop = $ENV{SRCTOP} || $ENV{TOP}; +my $bldtop = $ENV{BLDTOP} || $ENV{TOP}; +my $recipesdir = catdir($srctop, "test", "recipes"); +my $libdir = rel2abs(catdir($srctop, "util", "perl")); + +my %tapargs = + ( verbosity => $ENV{VERBOSE} || $ENV{V} || $ENV{HARNESS_VERBOSE} ? 1 : 0, + lib => [ $libdir ], + switches => '-w', + merge => 1 + ); + +my @tests = ( "alltests" ); +if (@ARGV) { + @tests = @ARGV; +} +my $list_mode = scalar(grep /^list$/, @tests) != 0; +if (grep /^(alltests|list)$/, @tests) { + @tests = grep { + basename($_) =~ /^[0-9][0-9]-[^\.]*\.t$/ + } glob(catfile($recipesdir,"*.t")); +} else { + my @t = (); + foreach (@tests) { + push @t, grep { + basename($_) =~ /^[0-9][0-9]-[^\.]*\.t$/ + } glob(catfile($recipesdir,"*-$_.t")); + } + @tests = @t; +} + +if ($list_mode) { + @tests = map { $_ = basename($_); $_ =~ s/^[0-9][0-9]-//; $_ =~ s/\.t$//; + $_ } @tests; + print join("\n", @tests), "\n"; +} else { + @tests = map { abs2rel($_, rel2abs(curdir())); } @tests; + + my $harness = $TAP_Harness->new(\%tapargs); + my $ret = $harness->runtests(sort @tests); + + # $ret->has_errors may be any number, not just 0 or 1. On VMS, numbers + # from 2 and on are used as is as VMS statuses, which has severity encoded + # in the lower 3 bits. 0 and 1, on the other hand, generate SUCCESS and + # FAILURE, so for currect reporting on all platforms, we make sure the only + # exit codes are 0 and 1. Double-bang is the trick to do so. + exit !!$ret->has_errors if (ref($ret) eq "TAP::Parser::Aggregator"); + + # If this isn't a TAP::Parser::Aggregator, it's the pre-TAP test harness, + # which simply dies at the end if any test failed, so we don't need to + # bother with any exit code in that case. +} + + +# Fake TAP::Harness in case it's not loaded +use Test::Harness; +package OpenSSL::TAP::Harness; + +sub new { + my $class = shift; + my %args = %{ shift() }; + + return bless { %args }, $class; +} + +sub runtests { + my $self = shift; + + my @switches = (); + if ($self->{switches}) { + push @switches, $self->{switches}; + } + if ($self->{lib}) { + foreach (@{$self->{lib}}) { + my $l = $_; + + # It seems that $switches is getting interpreted with 'eval' or + # something like that, and that we need to take care of backslashes + # or they will disappear along the way. + $l =~ s|\\|\\\\|g if $^O eq "MSWin32"; + push @switches, "-I$l"; + } + } + + $Test::Harness::switches = join(' ', @switches); + Test::Harness::runtests(@_); +} diff --git a/openssl-1.1.0h/test/sanitytest.c b/openssl-1.1.0h/test/sanitytest.c new file mode 100644 index 0000000..f1228f1 --- /dev/null +++ b/openssl-1.1.0h/test/sanitytest.c @@ -0,0 +1,67 @@ +/* + * Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#include +#include +#include + + +#define TEST(e) \ + do { \ + if (!(e)) { \ + fprintf(stderr, "Failed " #e "\n"); \ + failures++; \ + } \ + } while (0) + + +enum smallchoices { sa, sb, sc }; +enum medchoices { ma, mb, mc, md, me, mf, mg, mh, mi, mj, mk, ml }; +enum largechoices { + a01, b01, c01, d01, e01, f01, g01, h01, i01, j01, + a02, b02, c02, d02, e02, f02, g02, h02, i02, j02, + a03, b03, c03, d03, e03, f03, g03, h03, i03, j03, + a04, b04, c04, d04, e04, f04, g04, h04, i04, j04, + a05, b05, c05, d05, e05, f05, g05, h05, i05, j05, + a06, b06, c06, d06, e06, f06, g06, h06, i06, j06, + a07, b07, c07, d07, e07, f07, g07, h07, i07, j07, + a08, b08, c08, d08, e08, f08, g08, h08, i08, j08, + a09, b09, c09, d09, e09, f09, g09, h09, i09, j09, + a10, b10, c10, d10, e10, f10, g10, h10, i10, j10, + xxx }; + +int main() +{ + char *p; + char bytes[sizeof(p)]; + int failures = 0; + + /* Is NULL equivalent to all-bytes-zero? */ + p = NULL; + memset(bytes, 0, sizeof(bytes)); + TEST(memcmp(&p, bytes, sizeof(bytes)) == 0); + + /* Enum size */ + TEST(sizeof(enum smallchoices) == sizeof(int)); + TEST(sizeof(enum medchoices) == sizeof(int)); + TEST(sizeof(enum largechoices) == sizeof(int)); + /* Basic two's complement checks. */ + TEST(~(-1) == 0); + TEST(~(-1L) == 0L); + + /* Check that values with sign bit 1 and value bits 0 are valid */ + TEST(-(INT_MIN + 1) == INT_MAX); + TEST(-(LONG_MIN + 1) == LONG_MAX); + + /* Check that unsigned-to-signed conversions preserve bit patterns */ + TEST((int)((unsigned int)INT_MAX + 1) == INT_MIN); + TEST((long)((unsigned long)LONG_MAX + 1) == LONG_MIN); + + return failures; +} diff --git a/openssl-1.1.0h/test/secmemtest.c b/openssl-1.1.0h/test/secmemtest.c new file mode 100644 index 0000000..9405f34 --- /dev/null +++ b/openssl-1.1.0h/test/secmemtest.c @@ -0,0 +1,176 @@ +/* + * Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#include +#include + +#define perror_line() perror_line1(__LINE__) +#define perror_line1(l) perror_line2(l) +#define perror_line2(l) perror("failed " #l) + +int main(int argc, char **argv) +{ +#if defined(OPENSSL_SYS_LINUX) || defined(OPENSSL_SYS_UNIX) + char *p = NULL, *q = NULL, *r = NULL, *s = NULL; + + s = OPENSSL_secure_malloc(20); + /* s = non-secure 20 */ + if (s == NULL) { + perror_line(); + return 1; + } + if (CRYPTO_secure_allocated(s)) { + perror_line(); + return 1; + } + r = OPENSSL_secure_malloc(20); + /* r = non-secure 20, s = non-secure 20 */ + if (r == NULL) { + perror_line(); + return 1; + } + if (!CRYPTO_secure_malloc_init(4096, 32)) { + perror_line(); + return 1; + } + if (CRYPTO_secure_allocated(r)) { + perror_line(); + return 1; + } + p = OPENSSL_secure_malloc(20); + /* r = non-secure 20, p = secure 20, s = non-secure 20 */ + if (!CRYPTO_secure_allocated(p)) { + perror_line(); + return 1; + } + /* 20 secure -> 32-byte minimum allocaton unit */ + if (CRYPTO_secure_used() != 32) { + perror_line(); + return 1; + } + q = OPENSSL_malloc(20); + /* r = non-secure 20, p = secure 20, q = non-secure 20, s = non-secure 20 */ + if (CRYPTO_secure_allocated(q)) { + perror_line(); + return 1; + } + OPENSSL_secure_clear_free(s, 20); + s = OPENSSL_secure_malloc(20); + /* r = non-secure 20, p = secure 20, q = non-secure 20, s = secure 20 */ + if (!CRYPTO_secure_allocated(s)) { + perror_line(); + return 1; + } + /* 2 * 20 secure -> 64 bytes allocated */ + if (CRYPTO_secure_used() != 64) { + perror_line(); + return 1; + } + OPENSSL_secure_clear_free(p, 20); + /* 20 secure -> 32 bytes allocated */ + if (CRYPTO_secure_used() != 32) { + perror_line(); + return 1; + } + OPENSSL_free(q); + /* should not complete, as secure memory is still allocated */ + if (CRYPTO_secure_malloc_done()) { + perror_line(); + return 1; + } + if (!CRYPTO_secure_malloc_initialized()) { + perror_line(); + return 1; + } + OPENSSL_secure_free(s); + /* secure memory should now be 0, so done should complete */ + if (CRYPTO_secure_used() != 0) { + perror_line(); + return 1; + } + if (!CRYPTO_secure_malloc_done()) { + perror_line(); + return 1; + } + if (CRYPTO_secure_malloc_initialized()) { + perror_line(); + return 1; + } + + fprintf(stderr, "Possible infinite loop: allocate more than available\n"); + if (!CRYPTO_secure_malloc_init(32768, 16)) { + perror_line(); + return 1; + } + if (OPENSSL_secure_malloc((size_t)-1) != NULL) { + perror_line(); + return 1; + } + if (!CRYPTO_secure_malloc_done()) { + perror_line(); + return 1; + } + + /* + * If init fails, then initialized should be false, if not, this + * could cause an infinite loop secure_malloc, but we don't test it + */ + if (!CRYPTO_secure_malloc_init(16, 16) && + CRYPTO_secure_malloc_initialized()) { + CRYPTO_secure_malloc_done(); + perror_line(); + return 1; + } + + /*- + * There was also a possible infinite loop when the number of + * elements was 1<<31, as |int i| was set to that, which is a + * negative number. However, it requires minimum input values: + * + * CRYPTO_secure_malloc_init((size_t)1<<34, (size_t)1<<4); + * + * Which really only works on 64-bit systems, since it took 16 GB + * secure memory arena to trigger the problem. It naturally takes + * corresponding amount of available virtual and physical memory + * for test to be feasible/representative. Since we can't assume + * that every system is equipped with that much memory, the test + * remains disabled. If the reader of this comment really wants + * to make sure that infinite loop is fixed, they can enable the + * code below. + */ +# if 0 + /*- + * On Linux and BSD this test has a chance to complete in minimal + * time and with minimum side effects, because mlock is likely to + * fail because of RLIMIT_MEMLOCK, which is customarily [much] + * smaller than 16GB. In other words Linux and BSD users can be + * limited by virtual space alone... + */ + if (sizeof(size_t) > 4) { + fprintf(stderr, "Possible infinite loop: 1<<31 limit\n"); + if (CRYPTO_secure_malloc_init((size_t)1<<34, (size_t)1<<4) == 0) { + perror_line(); + } else if (!CRYPTO_secure_malloc_done()) { + perror_line(); + return 1; + } + } +# endif + + /* this can complete - it was not really secure */ + OPENSSL_secure_free(r); +#else + /* Should fail. */ + if (CRYPTO_secure_malloc_init(4096, 32)) { + perror_line(); + return 1; + } +#endif + return 0; +} diff --git a/openssl-1.1.0h/test/serverinfo.pem b/openssl-1.1.0h/test/serverinfo.pem new file mode 100644 index 0000000..cd3020e --- /dev/null +++ b/openssl-1.1.0h/test/serverinfo.pem @@ -0,0 +1,16 @@ +-----BEGIN SERVERINFO FOR CT----- +ABIAZMevsj4TC5rgwjZNciLGwh15YXoIK9t5aypGJIG4QzyMowmwwDdqxudkUcGa +DvuqlYL7psO5j4/BIHTe677CAZBBH3Ho2NOM5q1zub4AbfUMlKeufuQgeQ2Tj1oe +LJLRzrwDnPs= +-----END SERVERINFO FOR CT----- + +-----BEGIN SERVERINFO FOR TACK----- +8wABTwFMh1Dz+3W6zULWJKjav5TNaFEXL1h98YtCXeyZnORYg4mbKpxH5CMbjpgx +To3amSqUPF4Ntjc/i9+poutxebYkbgAAAkMcxb8+RaM9YEywaJEGViKJJmpYG/gJ +HgfGaefI9kKbXSDmP9ntg8dLvDzuyYw14ktM2850Q9WvBiltpekilZxVuT2bFtfs +cmS++SAK9YOM8RrKhL1TLmrktoBEJZ6z5GTukYdQ8/t1us1C1iSo2r+UzWhRFy9Y +ffGLQl3smZzkWIOJmyqcR+QjG46YMU6N2pkqlDxeDbY3P4vfqaLrcXm2JG4AAAGN +xXQJPbdniI9rEydVXb1Cu1yT/t7FBEx6hLxuoypXjCI1wCGpXsd8zEnloR0Ank5h +VO/874E/BZlItzSPpcmDKl5Def6BrAJTErQlE9npo52S05YWORxJw1+VYBdqQ09A +x3wA +-----END SERVERINFO FOR TACK----- diff --git a/openssl-1.1.0h/test/sha1test.c b/openssl-1.1.0h/test/sha1test.c new file mode 100644 index 0000000..80ab122 --- /dev/null +++ b/openssl-1.1.0h/test/sha1test.c @@ -0,0 +1,111 @@ +/* + * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#include +#include +#include + +#include "../e_os.h" +#include +#include + +#ifdef CHARSET_EBCDIC +# include +#endif + +static char test[][80] = { + { "abc" }, + { "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq" } +}; + +static char *ret[] = { + "a9993e364706816aba3e25717850c26c9cd0d89d", + "84983e441c3bd26ebaae4aa1f95129e5e54670f1", +}; + +static char *bigret = "34aa973cd4c4daa4f61eeb2bdbad27316534016f"; + +static char *pt(unsigned char *md); +int main(int argc, char *argv[]) +{ + unsigned int i; + int err = 0; + char **R; + static unsigned char buf[1000]; + char *p, *r; + EVP_MD_CTX *c; + unsigned char md[SHA_DIGEST_LENGTH]; + + c = EVP_MD_CTX_new(); + R = ret; + for (i = 0; i < OSSL_NELEM(test); i++) { +# ifdef CHARSET_EBCDIC + ebcdic2ascii(test[i], test[i], strlen(test[i])); +# endif + if (!EVP_Digest(test[i], strlen(test[i]), md, NULL, EVP_sha1(), + NULL)) { + printf("EVP_Digest() error\n"); + err++; + goto err; + } + p = pt(md); + if (strcmp(p, (char *)*R) != 0) { + printf("error calculating SHA1 on '%s'\n", test[i]); + printf("got %s instead of %s\n", p, *R); + err++; + } else + printf("test %d ok\n", i + 1); + R++; + } + + memset(buf, 'a', 1000); +#ifdef CHARSET_EBCDIC + ebcdic2ascii(buf, buf, 1000); +#endif /* CHARSET_EBCDIC */ + if (!EVP_DigestInit_ex(c, EVP_sha1(), NULL)) { + printf("EVP_DigestInit_ex() error\n"); + err++; + goto err; + } + for (i = 0; i < 1000; i++) { + if (!EVP_DigestUpdate(c, buf, 1000)) { + printf("EVP_DigestUpdate() error\n"); + err++; + goto err; + } + } + if (!EVP_DigestFinal_ex(c, md, NULL)) { + printf("EVP_DigestFinal() error\n"); + err++; + goto err; + } + p = pt(md); + + r = bigret; + if (strcmp(p, r) != 0) { + printf("error calculating SHA1 on 'a' * 1000\n"); + printf("got %s instead of %s\n", p, r); + err++; + } else + printf("test 3 ok\n"); + err: + EVP_MD_CTX_free(c); + EXIT(err); + return (0); +} + +static char *pt(unsigned char *md) +{ + int i; + static char buf[80]; + + for (i = 0; i < SHA_DIGEST_LENGTH; i++) + sprintf(&(buf[i * 2]), "%02x", md[i]); + return (buf); +} diff --git a/openssl-1.1.0h/test/sha256t.c b/openssl-1.1.0h/test/sha256t.c new file mode 100644 index 0000000..90262d9 --- /dev/null +++ b/openssl-1.1.0h/test/sha256t.c @@ -0,0 +1,177 @@ +/* + * Copyright 2004-2016 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#include +#include +#include + +#include +#include + +static const unsigned char app_b1[SHA256_DIGEST_LENGTH] = { + 0xba, 0x78, 0x16, 0xbf, 0x8f, 0x01, 0xcf, 0xea, + 0x41, 0x41, 0x40, 0xde, 0x5d, 0xae, 0x22, 0x23, + 0xb0, 0x03, 0x61, 0xa3, 0x96, 0x17, 0x7a, 0x9c, + 0xb4, 0x10, 0xff, 0x61, 0xf2, 0x00, 0x15, 0xad +}; + +static const unsigned char app_b2[SHA256_DIGEST_LENGTH] = { + 0x24, 0x8d, 0x6a, 0x61, 0xd2, 0x06, 0x38, 0xb8, + 0xe5, 0xc0, 0x26, 0x93, 0x0c, 0x3e, 0x60, 0x39, + 0xa3, 0x3c, 0xe4, 0x59, 0x64, 0xff, 0x21, 0x67, + 0xf6, 0xec, 0xed, 0xd4, 0x19, 0xdb, 0x06, 0xc1 +}; + +static const unsigned char app_b3[SHA256_DIGEST_LENGTH] = { + 0xcd, 0xc7, 0x6e, 0x5c, 0x99, 0x14, 0xfb, 0x92, + 0x81, 0xa1, 0xc7, 0xe2, 0x84, 0xd7, 0x3e, 0x67, + 0xf1, 0x80, 0x9a, 0x48, 0xa4, 0x97, 0x20, 0x0e, + 0x04, 0x6d, 0x39, 0xcc, 0xc7, 0x11, 0x2c, 0xd0 +}; + +static const unsigned char addenum_1[SHA224_DIGEST_LENGTH] = { + 0x23, 0x09, 0x7d, 0x22, 0x34, 0x05, 0xd8, 0x22, + 0x86, 0x42, 0xa4, 0x77, 0xbd, 0xa2, 0x55, 0xb3, + 0x2a, 0xad, 0xbc, 0xe4, 0xbd, 0xa0, 0xb3, 0xf7, + 0xe3, 0x6c, 0x9d, 0xa7 +}; + +static const unsigned char addenum_2[SHA224_DIGEST_LENGTH] = { + 0x75, 0x38, 0x8b, 0x16, 0x51, 0x27, 0x76, 0xcc, + 0x5d, 0xba, 0x5d, 0xa1, 0xfd, 0x89, 0x01, 0x50, + 0xb0, 0xc6, 0x45, 0x5c, 0xb4, 0xf5, 0x8b, 0x19, + 0x52, 0x52, 0x25, 0x25 +}; + +static const unsigned char addenum_3[SHA224_DIGEST_LENGTH] = { + 0x20, 0x79, 0x46, 0x55, 0x98, 0x0c, 0x91, 0xd8, + 0xbb, 0xb4, 0xc1, 0xea, 0x97, 0x61, 0x8a, 0x4b, + 0xf0, 0x3f, 0x42, 0x58, 0x19, 0x48, 0xb2, 0xee, + 0x4e, 0xe7, 0xad, 0x67 +}; + +int main(int argc, char **argv) +{ + unsigned char md[SHA256_DIGEST_LENGTH]; + int i; + EVP_MD_CTX *evp; + + fprintf(stdout, "Testing SHA-256 "); + + if (!EVP_Digest("abc", 3, md, NULL, EVP_sha256(), NULL)) + goto err; + if (memcmp(md, app_b1, sizeof(app_b1))) { + fflush(stdout); + fprintf(stderr, "\nTEST 1 of 3 failed.\n"); + return 1; + } else + fprintf(stdout, "."); + fflush(stdout); + + if (!EVP_Digest("abcdbcde" "cdefdefg" "efghfghi" "ghijhijk" + "ijkljklm" "klmnlmno" "mnopnopq", 56, md, + NULL, EVP_sha256(), NULL)) + goto err; + if (memcmp(md, app_b2, sizeof(app_b2))) { + fflush(stdout); + fprintf(stderr, "\nTEST 2 of 3 failed.\n"); + return 1; + } else + fprintf(stdout, "."); + fflush(stdout); + + evp = EVP_MD_CTX_new(); + if (evp == NULL) { + fflush(stdout); + fprintf(stderr, "\nTEST 3 of 3 failed. (malloc failure)\n"); + return 1; + } + if (!EVP_DigestInit_ex(evp, EVP_sha256(), NULL)) + goto err; + for (i = 0; i < 1000000; i += 288) { + if (!EVP_DigestUpdate(evp, "aaaaaaaa" "aaaaaaaa" "aaaaaaaa" "aaaaaaaa" + "aaaaaaaa" "aaaaaaaa" "aaaaaaaa" "aaaaaaaa" + "aaaaaaaa" "aaaaaaaa" "aaaaaaaa" "aaaaaaaa" + "aaaaaaaa" "aaaaaaaa" "aaaaaaaa" "aaaaaaaa" + "aaaaaaaa" "aaaaaaaa" "aaaaaaaa" "aaaaaaaa" + "aaaaaaaa" "aaaaaaaa" "aaaaaaaa" "aaaaaaaa" + "aaaaaaaa" "aaaaaaaa" "aaaaaaaa" "aaaaaaaa" + "aaaaaaaa" "aaaaaaaa" "aaaaaaaa" "aaaaaaaa" + "aaaaaaaa" "aaaaaaaa" "aaaaaaaa" "aaaaaaaa", + (1000000 - i) < 288 ? 1000000 - i : 288)) + goto err; + } + if (!EVP_DigestFinal_ex(evp, md, NULL)) + goto err; + + if (memcmp(md, app_b3, sizeof(app_b3))) { + fflush(stdout); + fprintf(stderr, "\nTEST 3 of 3 failed.\n"); + return 1; + } else + fprintf(stdout, "."); + fflush(stdout); + + fprintf(stdout, " passed.\n"); + fflush(stdout); + + fprintf(stdout, "Testing SHA-224 "); + + if (!EVP_Digest("abc", 3, md, NULL, EVP_sha224(), NULL)) + goto err; + if (memcmp(md, addenum_1, sizeof(addenum_1))) { + fflush(stdout); + fprintf(stderr, "\nTEST 1 of 3 failed.\n"); + return 1; + } else + fprintf(stdout, "."); + fflush(stdout); + + if (!EVP_Digest("abcdbcde" "cdefdefg" "efghfghi" "ghijhijk" + "ijkljklm" "klmnlmno" "mnopnopq", 56, md, + NULL, EVP_sha224(), NULL)) + goto err; + if (memcmp(md, addenum_2, sizeof(addenum_2))) { + fflush(stdout); + fprintf(stderr, "\nTEST 2 of 3 failed.\n"); + return 1; + } else + fprintf(stdout, "."); + fflush(stdout); + + EVP_MD_CTX_reset(evp); + if (!EVP_DigestInit_ex(evp, EVP_sha224(), NULL)) + goto err; + for (i = 0; i < 1000000; i += 64) { + if (!EVP_DigestUpdate(evp, "aaaaaaaa" "aaaaaaaa" "aaaaaaaa" "aaaaaaaa" + "aaaaaaaa" "aaaaaaaa" "aaaaaaaa" "aaaaaaaa", + (1000000 - i) < 64 ? 1000000 - i : 64)) + goto err; + } + if (!EVP_DigestFinal_ex(evp, md, NULL)) + goto err; + EVP_MD_CTX_free(evp); + + if (memcmp(md, addenum_3, sizeof(addenum_3))) { + fflush(stdout); + fprintf(stderr, "\nTEST 3 of 3 failed.\n"); + return 1; + } else + fprintf(stdout, "."); + fflush(stdout); + + fprintf(stdout, " passed.\n"); + fflush(stdout); + + return 0; + + err: + fprintf(stderr, "Fatal EVP error!\n"); + return 1; +} diff --git a/openssl-1.1.0h/test/sha512t.c b/openssl-1.1.0h/test/sha512t.c new file mode 100644 index 0000000..18cdf39 --- /dev/null +++ b/openssl-1.1.0h/test/sha512t.c @@ -0,0 +1,199 @@ +/* + * Copyright 2004-2016 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#include +#include +#include + +#include +#include +#include + +static const unsigned char app_c1[SHA512_DIGEST_LENGTH] = { + 0xdd, 0xaf, 0x35, 0xa1, 0x93, 0x61, 0x7a, 0xba, + 0xcc, 0x41, 0x73, 0x49, 0xae, 0x20, 0x41, 0x31, + 0x12, 0xe6, 0xfa, 0x4e, 0x89, 0xa9, 0x7e, 0xa2, + 0x0a, 0x9e, 0xee, 0xe6, 0x4b, 0x55, 0xd3, 0x9a, + 0x21, 0x92, 0x99, 0x2a, 0x27, 0x4f, 0xc1, 0xa8, + 0x36, 0xba, 0x3c, 0x23, 0xa3, 0xfe, 0xeb, 0xbd, + 0x45, 0x4d, 0x44, 0x23, 0x64, 0x3c, 0xe8, 0x0e, + 0x2a, 0x9a, 0xc9, 0x4f, 0xa5, 0x4c, 0xa4, 0x9f +}; + +static const unsigned char app_c2[SHA512_DIGEST_LENGTH] = { + 0x8e, 0x95, 0x9b, 0x75, 0xda, 0xe3, 0x13, 0xda, + 0x8c, 0xf4, 0xf7, 0x28, 0x14, 0xfc, 0x14, 0x3f, + 0x8f, 0x77, 0x79, 0xc6, 0xeb, 0x9f, 0x7f, 0xa1, + 0x72, 0x99, 0xae, 0xad, 0xb6, 0x88, 0x90, 0x18, + 0x50, 0x1d, 0x28, 0x9e, 0x49, 0x00, 0xf7, 0xe4, + 0x33, 0x1b, 0x99, 0xde, 0xc4, 0xb5, 0x43, 0x3a, + 0xc7, 0xd3, 0x29, 0xee, 0xb6, 0xdd, 0x26, 0x54, + 0x5e, 0x96, 0xe5, 0x5b, 0x87, 0x4b, 0xe9, 0x09 +}; + +static const unsigned char app_c3[SHA512_DIGEST_LENGTH] = { + 0xe7, 0x18, 0x48, 0x3d, 0x0c, 0xe7, 0x69, 0x64, + 0x4e, 0x2e, 0x42, 0xc7, 0xbc, 0x15, 0xb4, 0x63, + 0x8e, 0x1f, 0x98, 0xb1, 0x3b, 0x20, 0x44, 0x28, + 0x56, 0x32, 0xa8, 0x03, 0xaf, 0xa9, 0x73, 0xeb, + 0xde, 0x0f, 0xf2, 0x44, 0x87, 0x7e, 0xa6, 0x0a, + 0x4c, 0xb0, 0x43, 0x2c, 0xe5, 0x77, 0xc3, 0x1b, + 0xeb, 0x00, 0x9c, 0x5c, 0x2c, 0x49, 0xaa, 0x2e, + 0x4e, 0xad, 0xb2, 0x17, 0xad, 0x8c, 0xc0, 0x9b +}; + +static const unsigned char app_d1[SHA384_DIGEST_LENGTH] = { + 0xcb, 0x00, 0x75, 0x3f, 0x45, 0xa3, 0x5e, 0x8b, + 0xb5, 0xa0, 0x3d, 0x69, 0x9a, 0xc6, 0x50, 0x07, + 0x27, 0x2c, 0x32, 0xab, 0x0e, 0xde, 0xd1, 0x63, + 0x1a, 0x8b, 0x60, 0x5a, 0x43, 0xff, 0x5b, 0xed, + 0x80, 0x86, 0x07, 0x2b, 0xa1, 0xe7, 0xcc, 0x23, + 0x58, 0xba, 0xec, 0xa1, 0x34, 0xc8, 0x25, 0xa7 +}; + +static const unsigned char app_d2[SHA384_DIGEST_LENGTH] = { + 0x09, 0x33, 0x0c, 0x33, 0xf7, 0x11, 0x47, 0xe8, + 0x3d, 0x19, 0x2f, 0xc7, 0x82, 0xcd, 0x1b, 0x47, + 0x53, 0x11, 0x1b, 0x17, 0x3b, 0x3b, 0x05, 0xd2, + 0x2f, 0xa0, 0x80, 0x86, 0xe3, 0xb0, 0xf7, 0x12, + 0xfc, 0xc7, 0xc7, 0x1a, 0x55, 0x7e, 0x2d, 0xb9, + 0x66, 0xc3, 0xe9, 0xfa, 0x91, 0x74, 0x60, 0x39 +}; + +static const unsigned char app_d3[SHA384_DIGEST_LENGTH] = { + 0x9d, 0x0e, 0x18, 0x09, 0x71, 0x64, 0x74, 0xcb, + 0x08, 0x6e, 0x83, 0x4e, 0x31, 0x0a, 0x4a, 0x1c, + 0xed, 0x14, 0x9e, 0x9c, 0x00, 0xf2, 0x48, 0x52, + 0x79, 0x72, 0xce, 0xc5, 0x70, 0x4c, 0x2a, 0x5b, + 0x07, 0xb8, 0xb3, 0xdc, 0x38, 0xec, 0xc4, 0xeb, + 0xae, 0x97, 0xdd, 0xd8, 0x7f, 0x3d, 0x89, 0x85 +}; + +int main(int argc, char **argv) +{ + unsigned char md[SHA512_DIGEST_LENGTH]; + int i; + EVP_MD_CTX *evp; + + fprintf(stdout, "Testing SHA-512 "); + + if (!EVP_Digest("abc", 3, md, NULL, EVP_sha512(), NULL)) + goto err; + if (memcmp(md, app_c1, sizeof(app_c1))) { + fflush(stdout); + fprintf(stderr, "\nTEST 1 of 3 failed.\n"); + return 1; + } else + fprintf(stdout, "."); + fflush(stdout); + + if (!EVP_Digest("abcdefgh" "bcdefghi" "cdefghij" "defghijk" + "efghijkl" "fghijklm" "ghijklmn" "hijklmno" + "ijklmnop" "jklmnopq" "klmnopqr" "lmnopqrs" + "mnopqrst" "nopqrstu", 112, md, NULL, EVP_sha512(), NULL)) + goto err; + if (memcmp(md, app_c2, sizeof(app_c2))) { + fflush(stdout); + fprintf(stderr, "\nTEST 2 of 3 failed.\n"); + return 1; + } else + fprintf(stdout, "."); + fflush(stdout); + + evp = EVP_MD_CTX_new(); + if (evp == NULL) { + fflush(stdout); + fprintf(stderr, "\nTEST 3 of 3 failed. (malloc failure)\n"); + return 1; + } + if (!EVP_DigestInit_ex(evp, EVP_sha512(), NULL)) + goto err; + for (i = 0; i < 1000000; i += 288) { + if (!EVP_DigestUpdate(evp, "aaaaaaaa" "aaaaaaaa" "aaaaaaaa" "aaaaaaaa" + "aaaaaaaa" "aaaaaaaa" "aaaaaaaa" "aaaaaaaa" + "aaaaaaaa" "aaaaaaaa" "aaaaaaaa" "aaaaaaaa" + "aaaaaaaa" "aaaaaaaa" "aaaaaaaa" "aaaaaaaa" + "aaaaaaaa" "aaaaaaaa" "aaaaaaaa" "aaaaaaaa" + "aaaaaaaa" "aaaaaaaa" "aaaaaaaa" "aaaaaaaa" + "aaaaaaaa" "aaaaaaaa" "aaaaaaaa" "aaaaaaaa" + "aaaaaaaa" "aaaaaaaa" "aaaaaaaa" "aaaaaaaa" + "aaaaaaaa" "aaaaaaaa" "aaaaaaaa" "aaaaaaaa", + (1000000 - i) < 288 ? 1000000 - i : 288)) + goto err; + } + if (!EVP_DigestFinal_ex(evp, md, NULL)) + goto err; + EVP_MD_CTX_reset(evp); + + if (memcmp(md, app_c3, sizeof(app_c3))) { + fflush(stdout); + fprintf(stderr, "\nTEST 3 of 3 failed.\n"); + return 1; + } else + fprintf(stdout, "."); + fflush(stdout); + + fprintf(stdout, " passed.\n"); + fflush(stdout); + + fprintf(stdout, "Testing SHA-384 "); + + if (!EVP_Digest("abc", 3, md, NULL, EVP_sha384(), NULL)) + goto err; + if (memcmp(md, app_d1, sizeof(app_d1))) { + fflush(stdout); + fprintf(stderr, "\nTEST 1 of 3 failed.\n"); + return 1; + } else + fprintf(stdout, "."); + fflush(stdout); + + if (!EVP_Digest("abcdefgh" "bcdefghi" "cdefghij" "defghijk" + "efghijkl" "fghijklm" "ghijklmn" "hijklmno" + "ijklmnop" "jklmnopq" "klmnopqr" "lmnopqrs" + "mnopqrst" "nopqrstu", 112, md, NULL, EVP_sha384(), NULL)) + goto err; + if (memcmp(md, app_d2, sizeof(app_d2))) { + fflush(stdout); + fprintf(stderr, "\nTEST 2 of 3 failed.\n"); + return 1; + } else + fprintf(stdout, "."); + fflush(stdout); + + if (!EVP_DigestInit_ex(evp, EVP_sha384(), NULL)) + goto err; + for (i = 0; i < 1000000; i += 64) { + if (!EVP_DigestUpdate(evp, "aaaaaaaa" "aaaaaaaa" "aaaaaaaa" "aaaaaaaa" + "aaaaaaaa" "aaaaaaaa" "aaaaaaaa" "aaaaaaaa", + (1000000 - i) < 64 ? 1000000 - i : 64)) + goto err; + } + if (!EVP_DigestFinal_ex(evp, md, NULL)) + goto err; + EVP_MD_CTX_free(evp); + + if (memcmp(md, app_d3, sizeof(app_d3))) { + fflush(stdout); + fprintf(stderr, "\nTEST 3 of 3 failed.\n"); + return 1; + } else + fprintf(stdout, "."); + fflush(stdout); + + fprintf(stdout, " passed.\n"); + fflush(stdout); + + return 0; + + err: + fflush(stdout); + fprintf(stderr, "\nFatal EVP error!\n"); + return 1; +} diff --git a/openssl-1.1.0h/test/shibboleth.pfx b/openssl-1.1.0h/test/shibboleth.pfx new file mode 100644 index 0000000..9c5cc54 Binary files /dev/null and b/openssl-1.1.0h/test/shibboleth.pfx differ diff --git a/openssl-1.1.0h/test/shlibloadtest.c b/openssl-1.1.0h/test/shlibloadtest.c new file mode 100644 index 0000000..25df363 --- /dev/null +++ b/openssl-1.1.0h/test/shlibloadtest.c @@ -0,0 +1,245 @@ +/* + * Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#include +#include +#include +#include + +/* The test is only currently implemented for DSO_DLFCN and DSO_WIN32 */ +#if defined(DSO_DLFCN) || defined(DSO_WIN32) + +#define SSL_CTX_NEW "SSL_CTX_new" +#define SSL_CTX_FREE "SSL_CTX_free" +#define TLS_METHOD "TLS_method" + +#define ERR_GET_ERROR "ERR_get_error" +#define OPENSSL_VERSION_NUM_FUNC "OpenSSL_version_num" + +typedef struct ssl_ctx_st SSL_CTX; +typedef struct ssl_method_st SSL_METHOD; +typedef const SSL_METHOD * (*TLS_method_t)(void); +typedef SSL_CTX * (*SSL_CTX_new_t)(const SSL_METHOD *meth); +typedef void (*SSL_CTX_free_t)(SSL_CTX *); + +typedef unsigned long (*ERR_get_error_t)(void); +typedef unsigned long (*OpenSSL_version_num_t)(void); + +static TLS_method_t TLS_method; +static SSL_CTX_new_t SSL_CTX_new; +static SSL_CTX_free_t SSL_CTX_free; + +static ERR_get_error_t ERR_get_error; +static OpenSSL_version_num_t OpenSSL_version_num; + +#ifdef DSO_DLFCN + +# include + +typedef void * SHLIB; +typedef void * SHLIB_SYM; +# define SHLIB_INIT NULL + +static int shlib_load(const char *filename, SHLIB *lib) +{ + *lib = dlopen(filename, RTLD_GLOBAL | RTLD_LAZY); + + if (*lib == NULL) + return 0; + + return 1; +} + +static int shlib_sym(SHLIB lib, const char *symname, SHLIB_SYM *sym) +{ + *sym = dlsym(lib, symname); + + return *sym != NULL; +} + +static int shlib_close(SHLIB lib) +{ + if (dlclose(lib) != 0) + return 0; + + return 1; +} + +#elif defined(DSO_WIN32) + +# include + +typedef HINSTANCE SHLIB; +typedef void * SHLIB_SYM; +# define SHLIB_INIT 0 + +static int shlib_load(const char *filename, SHLIB *lib) +{ + *lib = LoadLibraryA(filename); + if (*lib == NULL) + return 0; + + return 1; +} + +static int shlib_sym(SHLIB lib, const char *symname, SHLIB_SYM *sym) +{ + *sym = (SHLIB_SYM)GetProcAddress(lib, symname); + + return *sym != NULL; +} + +static int shlib_close(SHLIB lib) +{ + if (FreeLibrary(lib) == 0) + return 0; + + return 1; +} + +#endif + +# define CRYPTO_FIRST_OPT "-crypto_first" +# define SSL_FIRST_OPT "-ssl_first" +# define JUST_CRYPTO_OPT "-just_crypto" + +enum test_types_en { + CRYPTO_FIRST, + SSL_FIRST, + JUST_CRYPTO +}; + +int main(int argc, char **argv) +{ + SHLIB ssllib = SHLIB_INIT, cryptolib = SHLIB_INIT; + SSL_CTX *ctx; + union { + void (*func) (void); + SHLIB_SYM sym; + } tls_method_sym, ssl_ctx_new_sym, ssl_ctx_free_sym, err_get_error_sym, + openssl_version_num_sym; + enum test_types_en test_type; + int i; + + if (argc != 4) { + printf("Unexpected number of arguments\n"); + return 1; + } + + if (strcmp(argv[1], CRYPTO_FIRST_OPT) == 0) { + test_type = CRYPTO_FIRST; + } else if (strcmp(argv[1], SSL_FIRST_OPT) == 0) { + test_type = SSL_FIRST; + } else if (strcmp(argv[1], JUST_CRYPTO_OPT) == 0) { + test_type = JUST_CRYPTO; + } else { + printf("Unrecognised argument\n"); + return 1; + } + + for (i = 0; i < 2; i++) { + if ((i == 0 && (test_type == CRYPTO_FIRST + || test_type == JUST_CRYPTO)) + || (i == 1 && test_type == SSL_FIRST)) { + if (!shlib_load(argv[2], &cryptolib)) { + printf("Unable to load libcrypto\n"); + return 1; + } + } + if ((i == 0 && test_type == SSL_FIRST) + || (i == 1 && test_type == CRYPTO_FIRST)) { + if (!shlib_load(argv[3], &ssllib)) { + printf("Unable to load libssl\n"); + return 1; + } + } + } + + if (test_type != JUST_CRYPTO) { + if (!shlib_sym(ssllib, TLS_METHOD, &tls_method_sym.sym) + || !shlib_sym(ssllib, SSL_CTX_NEW, &ssl_ctx_new_sym.sym) + || !shlib_sym(ssllib, SSL_CTX_FREE, &ssl_ctx_free_sym.sym)) { + printf("Unable to load ssl symbols\n"); + return 1; + } + + TLS_method = (TLS_method_t)tls_method_sym.func; + SSL_CTX_new = (SSL_CTX_new_t)ssl_ctx_new_sym.func; + SSL_CTX_free = (SSL_CTX_free_t)ssl_ctx_free_sym.func; + + ctx = SSL_CTX_new(TLS_method()); + if (ctx == NULL) { + printf("Unable to create SSL_CTX\n"); + return 1; + } + SSL_CTX_free(ctx); + } + + if (!shlib_sym(cryptolib, ERR_GET_ERROR, &err_get_error_sym.sym) + || !shlib_sym(cryptolib, OPENSSL_VERSION_NUM_FUNC, + &openssl_version_num_sym.sym)) { + printf("Unable to load crypto symbols\n"); + return 1; + } + + ERR_get_error = (ERR_get_error_t)err_get_error_sym.func; + OpenSSL_version_num = (OpenSSL_version_num_t)openssl_version_num_sym.func; + + if (ERR_get_error() != 0) { + printf("Unexpected error in error queue\n"); + return 1; + } + + /* + * The bits that COMPATIBILITY_MASK lets through MUST be the same in + * the library and in the application. + * The bits that are masked away MUST be a larger or equal number in + * the library compared to the application. + */ +# define COMPATIBILITY_MASK 0xfff00000L + if ((OpenSSL_version_num() & COMPATIBILITY_MASK) + != (OPENSSL_VERSION_NUMBER & COMPATIBILITY_MASK)) { + printf("Unexpected library version loaded\n"); + return 1; + } + + if ((OpenSSL_version_num() & ~COMPATIBILITY_MASK) + < (OPENSSL_VERSION_NUMBER & ~COMPATIBILITY_MASK)) { + printf("Unexpected library version loaded\n"); + return 1; + } + + for (i = 0; i < 2; i++) { + if ((i == 0 && test_type == CRYPTO_FIRST) + || (i == 1 && test_type == SSL_FIRST)) { + if (!shlib_close(ssllib)) { + printf("Unable to close libssl\n"); + return 1; + } + } + if ((i == 0 && (test_type == SSL_FIRST + || test_type == JUST_CRYPTO)) + || (i == 1 && test_type == CRYPTO_FIRST)) { + if (!shlib_close(cryptolib)) { + printf("Unable to close libcrypto\n"); + return 1; + } + } + } + + printf("Success\n"); + return 0; +} +#else +int main(void) +{ + printf("Test not implemented on this platform\n"); + return 0; +} +#endif diff --git a/openssl-1.1.0h/test/smcont.txt b/openssl-1.1.0h/test/smcont.txt new file mode 100644 index 0000000..9b09746 --- /dev/null +++ b/openssl-1.1.0h/test/smcont.txt @@ -0,0 +1 @@ +Somewhat longer test content for OpenSSL CMS utility to handle, and a bit longer... \ No newline at end of file diff --git a/openssl-1.1.0h/test/smime-certs/ca.cnf b/openssl-1.1.0h/test/smime-certs/ca.cnf new file mode 100644 index 0000000..835b2c6 --- /dev/null +++ b/openssl-1.1.0h/test/smime-certs/ca.cnf @@ -0,0 +1,66 @@ +# +# OpenSSL example configuration file for automated certificate creation. +# + +# This definition stops the following lines choking if HOME or CN +# is undefined. +HOME = . +RANDFILE = $ENV::HOME/.rnd +CN = "Not Defined" +default_ca = ca + +#################################################################### +[ req ] +default_bits = 2048 +default_keyfile = privkey.pem +# Don't prompt for fields: use those in section directly +prompt = no +distinguished_name = req_distinguished_name +x509_extensions = v3_ca # The extensions to add to the self signed cert +string_mask = utf8only + +# req_extensions = v3_req # The extensions to add to a certificate request + +[ req_distinguished_name ] +countryName = UK + +organizationName = OpenSSL Group +# Take CN from environment so it can come from a script. +commonName = $ENV::CN + +[ usr_cert ] + +# These extensions are added when 'ca' signs a request for an end entity +# certificate + +basicConstraints=critical, CA:FALSE +keyUsage=critical, nonRepudiation, digitalSignature, keyEncipherment + +# PKIX recommendations harmless if included in all certificates. +subjectKeyIdentifier=hash +authorityKeyIdentifier=keyid + +[ dh_cert ] + +# These extensions are added when 'ca' signs a request for an end entity +# DH certificate + +basicConstraints=critical, CA:FALSE +keyUsage=critical, keyAgreement + +# PKIX recommendations harmless if included in all certificates. +subjectKeyIdentifier=hash +authorityKeyIdentifier=keyid + +[ v3_ca ] + + +# Extensions for a typical CA + +# PKIX recommendation. + +subjectKeyIdentifier=hash +authorityKeyIdentifier=keyid:always +basicConstraints = critical,CA:true +keyUsage = critical, cRLSign, keyCertSign + diff --git a/openssl-1.1.0h/test/smime-certs/mksmime-certs.sh b/openssl-1.1.0h/test/smime-certs/mksmime-certs.sh new file mode 100644 index 0000000..c98e164 --- /dev/null +++ b/openssl-1.1.0h/test/smime-certs/mksmime-certs.sh @@ -0,0 +1,85 @@ +#!/bin/sh +# Copyright 2013-2016 The OpenSSL Project Authors. All Rights Reserved. +# +# Licensed under the OpenSSL license (the "License"). You may not use +# this file except in compliance with the License. You can obtain a copy +# in the file LICENSE in the source distribution or at +# https://www.openssl.org/source/license.html + + +# Utility to recreate S/MIME certificates + +OPENSSL=../../apps/openssl +OPENSSL_CONF=./ca.cnf +export OPENSSL_CONF + +# Root CA: create certificate directly +CN="Test S/MIME RSA Root" $OPENSSL req -config ca.cnf -x509 -nodes \ + -keyout smroot.pem -out smroot.pem -newkey rsa:2048 -days 3650 + +# EE RSA certificates: create request first +CN="Test S/MIME EE RSA #1" $OPENSSL req -config ca.cnf -nodes \ + -keyout smrsa1.pem -out req.pem -newkey rsa:2048 +# Sign request: end entity extensions +$OPENSSL x509 -req -in req.pem -CA smroot.pem -days 3600 \ + -extfile ca.cnf -extensions usr_cert -CAcreateserial >>smrsa1.pem + +CN="Test S/MIME EE RSA #2" $OPENSSL req -config ca.cnf -nodes \ + -keyout smrsa2.pem -out req.pem -newkey rsa:2048 +$OPENSSL x509 -req -in req.pem -CA smroot.pem -days 3600 \ + -extfile ca.cnf -extensions usr_cert -CAcreateserial >>smrsa2.pem + +CN="Test S/MIME EE RSA #3" $OPENSSL req -config ca.cnf -nodes \ + -keyout smrsa3.pem -out req.pem -newkey rsa:2048 +$OPENSSL x509 -req -in req.pem -CA smroot.pem -days 3600 \ + -extfile ca.cnf -extensions usr_cert -CAcreateserial >>smrsa3.pem + +# Create DSA parameters + +$OPENSSL dsaparam -out dsap.pem 2048 + +CN="Test S/MIME EE DSA #1" $OPENSSL req -config ca.cnf -nodes \ + -keyout smdsa1.pem -out req.pem -newkey dsa:dsap.pem +$OPENSSL x509 -req -in req.pem -CA smroot.pem -days 3600 \ + -extfile ca.cnf -extensions usr_cert -CAcreateserial >>smdsa1.pem +CN="Test S/MIME EE DSA #2" $OPENSSL req -config ca.cnf -nodes \ + -keyout smdsa2.pem -out req.pem -newkey dsa:dsap.pem +$OPENSSL x509 -req -in req.pem -CA smroot.pem -days 3600 \ + -extfile ca.cnf -extensions usr_cert -CAcreateserial >>smdsa2.pem +CN="Test S/MIME EE DSA #3" $OPENSSL req -config ca.cnf -nodes \ + -keyout smdsa3.pem -out req.pem -newkey dsa:dsap.pem +$OPENSSL x509 -req -in req.pem -CA smroot.pem -days 3600 \ + -extfile ca.cnf -extensions usr_cert -CAcreateserial >>smdsa3.pem + +# Create EC parameters + +$OPENSSL ecparam -out ecp.pem -name P-256 +$OPENSSL ecparam -out ecp2.pem -name K-283 + +CN="Test S/MIME EE EC #1" $OPENSSL req -config ca.cnf -nodes \ + -keyout smec1.pem -out req.pem -newkey ec:ecp.pem +$OPENSSL x509 -req -in req.pem -CA smroot.pem -days 3600 \ + -extfile ca.cnf -extensions usr_cert -CAcreateserial >>smec1.pem +CN="Test S/MIME EE EC #2" $OPENSSL req -config ca.cnf -nodes \ + -keyout smec2.pem -out req.pem -newkey ec:ecp2.pem +$OPENSSL x509 -req -in req.pem -CA smroot.pem -days 3600 \ + -extfile ca.cnf -extensions usr_cert -CAcreateserial >>smec2.pem +CN="Test S/MIME EE EC #3" $OPENSSL req -config ca.cnf -nodes \ + -keyout smec3.pem -out req.pem -newkey ec:ecp.pem +$OPENSSL x509 -req -in req.pem -CA smroot.pem -days 3600 \ + -extfile ca.cnf -extensions usr_cert -CAcreateserial >>smec3.pem +# Create X9.42 DH parameters. +$OPENSSL genpkey -genparam -algorithm DH -pkeyopt dh_paramgen_type:2 \ + -out dhp.pem +# Generate X9.42 DH key. +$OPENSSL genpkey -paramfile dhp.pem -out smdh.pem +$OPENSSL pkey -pubout -in smdh.pem -out dhpub.pem +# Generate dummy request. +CN="Test S/MIME EE DH #1" $OPENSSL req -config ca.cnf -nodes \ + -keyout smtmp.pem -out req.pem -newkey rsa:2048 +# Sign request but force public key to DH +$OPENSSL x509 -req -in req.pem -CA smroot.pem -days 3600 \ + -force_pubkey dhpub.pem \ + -extfile ca.cnf -extensions usr_cert -CAcreateserial >>smdh.pem +# Remove temp files. +rm -f req.pem ecp.pem ecp2.pem dsap.pem dhp.pem dhpub.pem smtmp.pem smroot.srl diff --git a/openssl-1.1.0h/test/smime-certs/smdh.pem b/openssl-1.1.0h/test/smime-certs/smdh.pem new file mode 100644 index 0000000..f831b07 --- /dev/null +++ b/openssl-1.1.0h/test/smime-certs/smdh.pem @@ -0,0 +1,33 @@ +-----BEGIN PRIVATE KEY----- +MIIBSgIBADCCASsGByqGSM4+AgEwggEeAoGBANQMSgwEcnEZ31kZxa9Ef8qOK/AJ +9dMlsXMWVYnf/QevGdN/0Aei/j9a8QHG+CvvTm0DOEKhN9QUtABKsYZag865CA7B +mSdHjQuFqILtzA25sDJ+3+jk9vbss+56ETRll/wasJVLGbmmHNkBMvc1fC1d/sGF +cEn4zJnQvvFaeMgDAoGAaQD9ZvL8FYsJuNxN6qp5VfnfRqYvyi2PWSqtRKPGGC+V +thYg49PRjwPOcXzvOsdEOQ7iH9jTiSvnUdwSSEwYTZkSBuQXAgOMJAWOpoXyaRvh +atziBDoBnWS+/kX5RBhxvS0+em9yfRqAQleuGG+R1mEDihyJc8dWQQPT+O1l4oUC +FQCJlKsQZ0VBrWPGcUCNa54ZW6TH9QQWAhRR2NMZrQSfWthXDO8Lj5WZ34zQrA== +-----END PRIVATE KEY----- +-----BEGIN CERTIFICATE----- +MIID/zCCAuegAwIBAgIJANv1TSKgememMA0GCSqGSIb3DQEBBQUAMEQxCzAJBgNV +BAYTAlVLMRYwFAYDVQQKDA1PcGVuU1NMIEdyb3VwMR0wGwYDVQQDDBRUZXN0IFMv +TUlNRSBSU0EgUm9vdDAeFw0xMzA4MDIxNDQ5MjlaFw0yMzA2MTExNDQ5MjlaMEQx +CzAJBgNVBAYTAlVLMRYwFAYDVQQKDA1PcGVuU1NMIEdyb3VwMR0wGwYDVQQDDBRU +ZXN0IFMvTUlNRSBFRSBESCAjMTCCAbYwggErBgcqhkjOPgIBMIIBHgKBgQDUDEoM +BHJxGd9ZGcWvRH/KjivwCfXTJbFzFlWJ3/0HrxnTf9AHov4/WvEBxvgr705tAzhC +oTfUFLQASrGGWoPOuQgOwZknR40LhaiC7cwNubAyft/o5Pb27LPuehE0ZZf8GrCV +Sxm5phzZATL3NXwtXf7BhXBJ+MyZ0L7xWnjIAwKBgGkA/Wby/BWLCbjcTeqqeVX5 +30amL8otj1kqrUSjxhgvlbYWIOPT0Y8DznF87zrHRDkO4h/Y04kr51HcEkhMGE2Z +EgbkFwIDjCQFjqaF8mkb4Wrc4gQ6AZ1kvv5F+UQYcb0tPnpvcn0agEJXrhhvkdZh +A4ociXPHVkED0/jtZeKFAhUAiZSrEGdFQa1jxnFAjWueGVukx/UDgYQAAoGAL1ve +cgI2awBeJH8ULBhSQpdL224VUDxFPiXzt8Vu5VLnxPv0pfA5En+8VByTuV7u6RSw +3/78NuTyr/sTyN8YlB1AuXHdTJynA1ICte1xgD4j2ijlq+dv8goOAFt9xkvXx7LD +umJ/cCignXETcNGfMi8+0s0bpMZyoHRdce8DQ26jYDBeMAwGA1UdEwEB/wQCMAAw +DgYDVR0PAQH/BAQDAgXgMB0GA1UdDgQWBBQLWk1ffSXH8p3Bqrdjgi/6jzLnwDAf +BgNVHSMEGDAWgBTffl6IBSQzCN0igQKXzJq3sTMnMDANBgkqhkiG9w0BAQUFAAOC +AQEAWvJj79MW1/Wq3RIANgAhonsI1jufYqxTH+1M0RU0ZXHulgem77Le2Ls1bizi +0SbvfpTiiFGkbKonKtO2wvfqwwuptSg3omMI5IjAGxYbyv2KBzIpp1O1LTDk9RbD +48JMMF01gByi2+NLUQ1MYF+5RqyoRqcyp5x2+Om1GeIM4Q/GRuI4p4dybWy8iC+d +LeXQfR7HXfh+tAum+WzjfLJwbnWbHmPhTbKB01U4lBp6+r8BGHAtNdPjEHqap4/z +vVZVXti9ThZ20EhM+VFU3y2wyapeQjhQvw/A2YRES0Ik7BSj3hHfWH/CTbLVQnhu +Uj6tw18ExOYxqoEGixNLPA5qsQ== +-----END CERTIFICATE----- diff --git a/openssl-1.1.0h/test/smime-certs/smdsa1.pem b/openssl-1.1.0h/test/smime-certs/smdsa1.pem new file mode 100644 index 0000000..b424f67 --- /dev/null +++ b/openssl-1.1.0h/test/smime-certs/smdsa1.pem @@ -0,0 +1,47 @@ +-----BEGIN PRIVATE KEY----- +MIICZQIBADCCAjkGByqGSM44BAEwggIsAoIBAQCQfLlNdehPnTrGIMhw4rk0uua6 +k1nCG3zcyfXli17BdB2k0HBPaTA3a3ZHfOt1Awy0Uu0wZ3gdPr9z0I64hnJXIGou +zIanZ7nYRImHtX5JMFbXeyxo1Owd2Zs3oEk9nQUoUsMxvmYC/ghPL5Zx1pPxcHCO +wzWxoG4yZMjimXOc1/W7zvK/4/g/Cz9fItD3zdcydfgM/hK0/CeYQ21xfhqf4mjK +v9plnCcWgToGI+7H8VK80MFbkO2QKRz3vP1/TjK6PRm9sEeB5b10+SvGv2j2w+CC +0fXL4s6n7PtBlm/bww8xL1/Az8kwejUcII1Dc8uNwwISwGbwaGBvl7IHpm21AiEA +rodZi+nCKZdTL8IgCjX3n0DuhPRkVQPjz/B6VweLW9MCggEAfimkUNwnsGFp7mKM +zJKhHoQkMB1qJzyIHjDzQ/J1xjfoF6i27afw1/WKboND5eseZhlhA2TO5ZJB6nGx +DOE9lVQxYVml++cQj6foHh1TVJAgGl4mWuveW/Rz+NEhpK4zVeEsfMrbkBypPByy +xzF1Z49t568xdIo+e8jLI8FjEdXOIUg4ehB3NY6SL8r4oJ49j/sJWfHcDoWH/LK9 +ZaBF8NpflJe3F40S8RDvM8j2HC+y2Q4QyKk1DXGiH+7yQLGWzr3M73kC3UBnnH0h +Hxb7ISDCT7dCw/lH1nCbVFBOM0ASI26SSsFSXQrvD2kryRcTZ0KkyyhhoPODWpU+ +TQMsxQQjAiEAkolGvb/76X3vm5Ov09ezqyBYt9cdj/FLH7DyMkxO7X0= +-----END PRIVATE KEY----- +-----BEGIN CERTIFICATE----- +MIIFkDCCBHigAwIBAgIJANk5lu6mSyBDMA0GCSqGSIb3DQEBBQUAMEQxCzAJBgNV +BAYTAlVLMRYwFAYDVQQKDA1PcGVuU1NMIEdyb3VwMR0wGwYDVQQDDBRUZXN0IFMv +TUlNRSBSU0EgUm9vdDAeFw0xMzA3MTcxNzI4MzFaFw0yMzA1MjYxNzI4MzFaMEUx +CzAJBgNVBAYTAlVLMRYwFAYDVQQKDA1PcGVuU1NMIEdyb3VwMR4wHAYDVQQDDBVU +ZXN0IFMvTUlNRSBFRSBEU0EgIzEwggNGMIICOQYHKoZIzjgEATCCAiwCggEBAJB8 +uU116E+dOsYgyHDiuTS65rqTWcIbfNzJ9eWLXsF0HaTQcE9pMDdrdkd863UDDLRS +7TBneB0+v3PQjriGclcgai7MhqdnudhEiYe1fkkwVtd7LGjU7B3ZmzegST2dBShS +wzG+ZgL+CE8vlnHWk/FwcI7DNbGgbjJkyOKZc5zX9bvO8r/j+D8LP18i0PfN1zJ1 ++Az+ErT8J5hDbXF+Gp/iaMq/2mWcJxaBOgYj7sfxUrzQwVuQ7ZApHPe8/X9OMro9 +Gb2wR4HlvXT5K8a/aPbD4ILR9cvizqfs+0GWb9vDDzEvX8DPyTB6NRwgjUNzy43D +AhLAZvBoYG+XsgembbUCIQCuh1mL6cIpl1MvwiAKNfefQO6E9GRVA+PP8HpXB4tb +0wKCAQB+KaRQ3CewYWnuYozMkqEehCQwHWonPIgeMPND8nXGN+gXqLbtp/DX9Ypu +g0Pl6x5mGWEDZM7lkkHqcbEM4T2VVDFhWaX75xCPp+geHVNUkCAaXiZa695b9HP4 +0SGkrjNV4Sx8ytuQHKk8HLLHMXVnj23nrzF0ij57yMsjwWMR1c4hSDh6EHc1jpIv +yvignj2P+wlZ8dwOhYf8sr1loEXw2l+Ul7cXjRLxEO8zyPYcL7LZDhDIqTUNcaIf +7vJAsZbOvczveQLdQGecfSEfFvshIMJPt0LD+UfWcJtUUE4zQBIjbpJKwVJdCu8P +aSvJFxNnQqTLKGGg84NalT5NAyzFA4IBBQACggEAGXSQADbuRIZBjiQ6NikwZl+x +EDEffIE0RWbvwf1tfWxw4ZvanO/djyz5FePO0AIJDBCLUjr9D32nkmIG1Hu3dWgV +86knQsM6uFiMSzY9nkJGZOlH3w4NHLE78pk75xR1sg1MEZr4x/t+a/ea9Y4AXklE +DCcaHtpMGeAx3ZAqSKec+zQOOA73JWP1/gYHGdYyTQpQtwRTsh0Gi5mOOdpoJ0vp +O83xYbFCZ+ZZKX1RWOjJe2OQBRtw739q1nRga1VMLAT/LFSQsSE3IOp8hiWbjnit +1SE6q3II2a/aHZH/x4OzszfmtQfmerty3eQSq3bgajfxCsccnRjSbLeNiazRSKNg +MF4wDAYDVR0TAQH/BAIwADAOBgNVHQ8BAf8EBAMCBeAwHQYDVR0OBBYEFNHQYTOO +xaZ/N68OpxqjHKuatw6sMB8GA1UdIwQYMBaAFMmRUwpjexZbi71E8HaIqSTm5bZs +MA0GCSqGSIb3DQEBBQUAA4IBAQAAiLociMMXcLkO/uKjAjCIQMrsghrOrxn4ZGBx +d/mCTeqPxhcrX2UorwxVCKI2+Dmz5dTC2xKprtvkiIadJamJmxYYzeF1pgRriFN3 +MkmMMkTbe/ekSvSeMtHQ2nHDCAJIaA/k9akWfA0+26Ec25/JKMrl3LttllsJMK1z +Xj7TcQpAIWORKWSNxY/ezM34+9ABHDZB2waubFqS+irlZsn38aZRuUI0K67fuuIt +17vMUBqQpe2hfNAjpZ8dIpEdAGjQ6izV2uwP1lXbiaK9U4dvUqmwyCIPniX7Hpaf +0VnX0mEViXMT6vWZTjLBUv0oKmO7xBkWHIaaX6oyF32pK5AO +-----END CERTIFICATE----- diff --git a/openssl-1.1.0h/test/smime-certs/smdsa2.pem b/openssl-1.1.0h/test/smime-certs/smdsa2.pem new file mode 100644 index 0000000..648447f --- /dev/null +++ b/openssl-1.1.0h/test/smime-certs/smdsa2.pem @@ -0,0 +1,47 @@ +-----BEGIN PRIVATE KEY----- +MIICZAIBADCCAjkGByqGSM44BAEwggIsAoIBAQCQfLlNdehPnTrGIMhw4rk0uua6 +k1nCG3zcyfXli17BdB2k0HBPaTA3a3ZHfOt1Awy0Uu0wZ3gdPr9z0I64hnJXIGou +zIanZ7nYRImHtX5JMFbXeyxo1Owd2Zs3oEk9nQUoUsMxvmYC/ghPL5Zx1pPxcHCO +wzWxoG4yZMjimXOc1/W7zvK/4/g/Cz9fItD3zdcydfgM/hK0/CeYQ21xfhqf4mjK +v9plnCcWgToGI+7H8VK80MFbkO2QKRz3vP1/TjK6PRm9sEeB5b10+SvGv2j2w+CC +0fXL4s6n7PtBlm/bww8xL1/Az8kwejUcII1Dc8uNwwISwGbwaGBvl7IHpm21AiEA +rodZi+nCKZdTL8IgCjX3n0DuhPRkVQPjz/B6VweLW9MCggEAfimkUNwnsGFp7mKM +zJKhHoQkMB1qJzyIHjDzQ/J1xjfoF6i27afw1/WKboND5eseZhlhA2TO5ZJB6nGx +DOE9lVQxYVml++cQj6foHh1TVJAgGl4mWuveW/Rz+NEhpK4zVeEsfMrbkBypPByy +xzF1Z49t568xdIo+e8jLI8FjEdXOIUg4ehB3NY6SL8r4oJ49j/sJWfHcDoWH/LK9 +ZaBF8NpflJe3F40S8RDvM8j2HC+y2Q4QyKk1DXGiH+7yQLGWzr3M73kC3UBnnH0h +Hxb7ISDCT7dCw/lH1nCbVFBOM0ASI26SSsFSXQrvD2kryRcTZ0KkyyhhoPODWpU+ +TQMsxQQiAiAdCUJ5n2Q9hIynN8BMpnRcdfH696BKejGx+2Mr2kfnnA== +-----END PRIVATE KEY----- +-----BEGIN CERTIFICATE----- +MIIFkDCCBHigAwIBAgIJANk5lu6mSyBEMA0GCSqGSIb3DQEBBQUAMEQxCzAJBgNV +BAYTAlVLMRYwFAYDVQQKDA1PcGVuU1NMIEdyb3VwMR0wGwYDVQQDDBRUZXN0IFMv +TUlNRSBSU0EgUm9vdDAeFw0xMzA3MTcxNzI4MzFaFw0yMzA1MjYxNzI4MzFaMEUx +CzAJBgNVBAYTAlVLMRYwFAYDVQQKDA1PcGVuU1NMIEdyb3VwMR4wHAYDVQQDDBVU +ZXN0IFMvTUlNRSBFRSBEU0EgIzIwggNGMIICOQYHKoZIzjgEATCCAiwCggEBAJB8 +uU116E+dOsYgyHDiuTS65rqTWcIbfNzJ9eWLXsF0HaTQcE9pMDdrdkd863UDDLRS +7TBneB0+v3PQjriGclcgai7MhqdnudhEiYe1fkkwVtd7LGjU7B3ZmzegST2dBShS +wzG+ZgL+CE8vlnHWk/FwcI7DNbGgbjJkyOKZc5zX9bvO8r/j+D8LP18i0PfN1zJ1 ++Az+ErT8J5hDbXF+Gp/iaMq/2mWcJxaBOgYj7sfxUrzQwVuQ7ZApHPe8/X9OMro9 +Gb2wR4HlvXT5K8a/aPbD4ILR9cvizqfs+0GWb9vDDzEvX8DPyTB6NRwgjUNzy43D +AhLAZvBoYG+XsgembbUCIQCuh1mL6cIpl1MvwiAKNfefQO6E9GRVA+PP8HpXB4tb +0wKCAQB+KaRQ3CewYWnuYozMkqEehCQwHWonPIgeMPND8nXGN+gXqLbtp/DX9Ypu +g0Pl6x5mGWEDZM7lkkHqcbEM4T2VVDFhWaX75xCPp+geHVNUkCAaXiZa695b9HP4 +0SGkrjNV4Sx8ytuQHKk8HLLHMXVnj23nrzF0ij57yMsjwWMR1c4hSDh6EHc1jpIv +yvignj2P+wlZ8dwOhYf8sr1loEXw2l+Ul7cXjRLxEO8zyPYcL7LZDhDIqTUNcaIf +7vJAsZbOvczveQLdQGecfSEfFvshIMJPt0LD+UfWcJtUUE4zQBIjbpJKwVJdCu8P +aSvJFxNnQqTLKGGg84NalT5NAyzFA4IBBQACggEAItQlFu0t7Mw1HHROuuwKLS+E +h2WNNZP96MLQTygOVlqgaJY+1mJLzvl/51LLH6YezX0t89Z2Dm/3SOJEdNrdbIEt +tbu5rzymXxFhc8uaIYZFhST38oQwJOjM8wFitAQESe6/9HZjkexMqSqx/r5aEKTa +LBinqA1BJRI72So1/1dv8P99FavPADdj8V7fAccReKEQKnfnwA7mrnD+OlIqFKFn +3wCGk8Sw7tSJ9g6jgCI+zFwrKn2w+w+iot/Ogxl9yMAtKmAd689IAZr5GPPvV2y0 +KOogCiUYgSTSawZhr+rjyFavfI5dBWzMq4tKx/zAi6MJ+6hGJjJ8jHoT9JAPmaNg +MF4wDAYDVR0TAQH/BAIwADAOBgNVHQ8BAf8EBAMCBeAwHQYDVR0OBBYEFGaxw04k +qpufeGZC+TTBq8oMnXyrMB8GA1UdIwQYMBaAFMmRUwpjexZbi71E8HaIqSTm5bZs +MA0GCSqGSIb3DQEBBQUAA4IBAQCk2Xob1ICsdHYx/YsBzY6E1eEwcI4RZbZ3hEXp +VA72/Mbz60gjv1OwE5Ay4j+xG7IpTio6y2A9ZNepGpzidYcsL/Lx9Sv1LlN0Ukzb +uk6Czd2sZJp+PFMTTrgCd5rXKnZs/0D84Vci611vGMA1hnUnbAnBBmgLXe9pDNRV +6mhmCLLjJ4GOr5Wxt/hhknr7V2e1VMx3Q47GZhc0o/gExfhxXA8+gicM0nEYNakD +2A1F0qDhQGakjuofANHhjdUDqKJ1sxurAy80fqb0ddzJt2el89iXKN+aXx/zEX96 +GI5ON7z/bkVwIi549lUOpWb2Mved61NBzCLKVP7HSuEIsC/I +-----END CERTIFICATE----- diff --git a/openssl-1.1.0h/test/smime-certs/smdsa3.pem b/openssl-1.1.0h/test/smime-certs/smdsa3.pem new file mode 100644 index 0000000..77acc5e --- /dev/null +++ b/openssl-1.1.0h/test/smime-certs/smdsa3.pem @@ -0,0 +1,47 @@ +-----BEGIN PRIVATE KEY----- +MIICZQIBADCCAjkGByqGSM44BAEwggIsAoIBAQCQfLlNdehPnTrGIMhw4rk0uua6 +k1nCG3zcyfXli17BdB2k0HBPaTA3a3ZHfOt1Awy0Uu0wZ3gdPr9z0I64hnJXIGou +zIanZ7nYRImHtX5JMFbXeyxo1Owd2Zs3oEk9nQUoUsMxvmYC/ghPL5Zx1pPxcHCO +wzWxoG4yZMjimXOc1/W7zvK/4/g/Cz9fItD3zdcydfgM/hK0/CeYQ21xfhqf4mjK +v9plnCcWgToGI+7H8VK80MFbkO2QKRz3vP1/TjK6PRm9sEeB5b10+SvGv2j2w+CC +0fXL4s6n7PtBlm/bww8xL1/Az8kwejUcII1Dc8uNwwISwGbwaGBvl7IHpm21AiEA +rodZi+nCKZdTL8IgCjX3n0DuhPRkVQPjz/B6VweLW9MCggEAfimkUNwnsGFp7mKM +zJKhHoQkMB1qJzyIHjDzQ/J1xjfoF6i27afw1/WKboND5eseZhlhA2TO5ZJB6nGx +DOE9lVQxYVml++cQj6foHh1TVJAgGl4mWuveW/Rz+NEhpK4zVeEsfMrbkBypPByy +xzF1Z49t568xdIo+e8jLI8FjEdXOIUg4ehB3NY6SL8r4oJ49j/sJWfHcDoWH/LK9 +ZaBF8NpflJe3F40S8RDvM8j2HC+y2Q4QyKk1DXGiH+7yQLGWzr3M73kC3UBnnH0h +Hxb7ISDCT7dCw/lH1nCbVFBOM0ASI26SSsFSXQrvD2kryRcTZ0KkyyhhoPODWpU+ +TQMsxQQjAiEArJr6p2zTbhRppQurHGTdmdYHqrDdZH4MCsD9tQCw1xY= +-----END PRIVATE KEY----- +-----BEGIN CERTIFICATE----- +MIIFkDCCBHigAwIBAgIJANk5lu6mSyBFMA0GCSqGSIb3DQEBBQUAMEQxCzAJBgNV +BAYTAlVLMRYwFAYDVQQKDA1PcGVuU1NMIEdyb3VwMR0wGwYDVQQDDBRUZXN0IFMv +TUlNRSBSU0EgUm9vdDAeFw0xMzA3MTcxNzI4MzFaFw0yMzA1MjYxNzI4MzFaMEUx +CzAJBgNVBAYTAlVLMRYwFAYDVQQKDA1PcGVuU1NMIEdyb3VwMR4wHAYDVQQDDBVU +ZXN0IFMvTUlNRSBFRSBEU0EgIzMwggNGMIICOQYHKoZIzjgEATCCAiwCggEBAJB8 +uU116E+dOsYgyHDiuTS65rqTWcIbfNzJ9eWLXsF0HaTQcE9pMDdrdkd863UDDLRS +7TBneB0+v3PQjriGclcgai7MhqdnudhEiYe1fkkwVtd7LGjU7B3ZmzegST2dBShS +wzG+ZgL+CE8vlnHWk/FwcI7DNbGgbjJkyOKZc5zX9bvO8r/j+D8LP18i0PfN1zJ1 ++Az+ErT8J5hDbXF+Gp/iaMq/2mWcJxaBOgYj7sfxUrzQwVuQ7ZApHPe8/X9OMro9 +Gb2wR4HlvXT5K8a/aPbD4ILR9cvizqfs+0GWb9vDDzEvX8DPyTB6NRwgjUNzy43D +AhLAZvBoYG+XsgembbUCIQCuh1mL6cIpl1MvwiAKNfefQO6E9GRVA+PP8HpXB4tb +0wKCAQB+KaRQ3CewYWnuYozMkqEehCQwHWonPIgeMPND8nXGN+gXqLbtp/DX9Ypu +g0Pl6x5mGWEDZM7lkkHqcbEM4T2VVDFhWaX75xCPp+geHVNUkCAaXiZa695b9HP4 +0SGkrjNV4Sx8ytuQHKk8HLLHMXVnj23nrzF0ij57yMsjwWMR1c4hSDh6EHc1jpIv +yvignj2P+wlZ8dwOhYf8sr1loEXw2l+Ul7cXjRLxEO8zyPYcL7LZDhDIqTUNcaIf +7vJAsZbOvczveQLdQGecfSEfFvshIMJPt0LD+UfWcJtUUE4zQBIjbpJKwVJdCu8P +aSvJFxNnQqTLKGGg84NalT5NAyzFA4IBBQACggEAcXvtfiJfIZ0wgGpN72ZeGrJ9 +msUXOxow7w3fDbP8r8nfVkBNbfha8rx0eY6fURFVZzIOd8EHGKypcH1gS6eZNucf +zgsH1g5r5cRahMZmgGXBEBsWrh2IaDG7VSKt+9ghz27EKgjAQCzyHQL5FCJgR2p7 +cv0V4SRqgiAGYlJ191k2WtLOsVd8kX//jj1l8TUgE7TqpuSEpaSyQ4nzJROpZWZp +N1RwFmCURReykABU/Nzin/+rZnvZrp8WoXSXEqxeB4mShRSaH57xFnJCpRwKJ4qS +2uhATzJaKH7vu63k3DjftbSBVh+32YXwtHc+BGjs8S2aDtCW3FtDA7Z6J8BIxaNg +MF4wDAYDVR0TAQH/BAIwADAOBgNVHQ8BAf8EBAMCBeAwHQYDVR0OBBYEFMJxatDE +FCEFGl4uoiQQ1050Ju9RMB8GA1UdIwQYMBaAFMmRUwpjexZbi71E8HaIqSTm5bZs +MA0GCSqGSIb3DQEBBQUAA4IBAQBGZD1JnMep39KMOhD0iBTmyjhtcnRemckvRask +pS/CqPwo+M+lPNdxpLU2w9b0QhPnj0yAS/BS1yBjsLGY4DP156k4Q3QOhwsrTmrK +YOxg0w7DOpkv5g11YLJpHsjSOwg5uIMoefL8mjQK6XOFOmQXHJrUtGulu+fs6FlM +khGJcW4xYVPK0x/mHvTT8tQaTTkgTdVHObHF5Dyx/F9NMpB3RFguQPk2kT4lJc4i +Up8T9mLzaxz6xc4wwh8h70Zw81lkGYhX+LRk3sfd/REq9x4QXQNP9t9qU1CgrBzv +4orzt9cda4r+rleSg2XjWnXzMydE6DuwPVPZlqnLbSYUy660 +-----END CERTIFICATE----- diff --git a/openssl-1.1.0h/test/smime-certs/smdsap.pem b/openssl-1.1.0h/test/smime-certs/smdsap.pem new file mode 100644 index 0000000..249706c --- /dev/null +++ b/openssl-1.1.0h/test/smime-certs/smdsap.pem @@ -0,0 +1,9 @@ +-----BEGIN DSA PARAMETERS----- +MIIBHwKBgQDFJfsIPOIawMO5biw+AoYUhNVxReBOLQosU3Qv4B8krac0BNr3OjSG +Lh1wZxHqhlAE0QmasTaKojuk20nNWeFnczSz6vDl0IVJEhS8VYor5kt9gLqtGcoA +gsf4gRDIutJyQDaNn3IVY89uXUVIoexvQeLQDBCgQPC5O8rJdqBwtwIVAK2Jjt+d +qk07eQUE59koYUEKyNorAoGBAI4IEpusf8G14kCHmRtnHXM2tG5EWJDmW6Qtwjqv +Wp1GKUx5WFy1tVWR9nl5rL0Di+kNdENo+SkKj7h3uDulGOI6T0mQYbV2h1IK+FMO +GnOqvZ8eNTE2n4PGTo5puZ63LBm+QYrQsrNiUY4vakLFQ2rEK/SLwdsDFK4ZSJCB +Qw5z +-----END DSA PARAMETERS----- diff --git a/openssl-1.1.0h/test/smime-certs/smec1.pem b/openssl-1.1.0h/test/smime-certs/smec1.pem new file mode 100644 index 0000000..75a8626 --- /dev/null +++ b/openssl-1.1.0h/test/smime-certs/smec1.pem @@ -0,0 +1,22 @@ +-----BEGIN PRIVATE KEY----- +MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQgXzBRX9Z5Ib4LAVAS +DMlYvkj0SmLmYvWULe2LfyXRmpWhRANCAAS+SIj2FY2DouPRuNDp9WVpsqef58tV +3gIwV0EOV/xyYTzZhufZi/aBcXugWR1x758x4nHus2uEuEFi3Mr3K3+x +-----END PRIVATE KEY----- +-----BEGIN CERTIFICATE----- +MIICoDCCAYigAwIBAgIJANk5lu6mSyBGMA0GCSqGSIb3DQEBBQUAMEQxCzAJBgNV +BAYTAlVLMRYwFAYDVQQKDA1PcGVuU1NMIEdyb3VwMR0wGwYDVQQDDBRUZXN0IFMv +TUlNRSBSU0EgUm9vdDAeFw0xMzA3MTcxNzI4MzFaFw0yMzA1MjYxNzI4MzFaMEQx +CzAJBgNVBAYTAlVLMRYwFAYDVQQKDA1PcGVuU1NMIEdyb3VwMR0wGwYDVQQDDBRU +ZXN0IFMvTUlNRSBFRSBFQyAjMTBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABL5I +iPYVjYOi49G40On1ZWmyp5/ny1XeAjBXQQ5X/HJhPNmG59mL9oFxe6BZHXHvnzHi +ce6za4S4QWLcyvcrf7GjYDBeMAwGA1UdEwEB/wQCMAAwDgYDVR0PAQH/BAQDAgXg +MB0GA1UdDgQWBBR/ybxC2DI+Jydhx1FMgPbMTmLzRzAfBgNVHSMEGDAWgBTJkVMK +Y3sWW4u9RPB2iKkk5uW2bDANBgkqhkiG9w0BAQUFAAOCAQEAdk9si83JjtgHHHGy +WcgWDfM0jzlWBsgFNQ9DwAuB7gJd/LG+5Ocajg5XdA5FXAdKkfwI6be3PdcVs3Bt +7f/fdKfBxfr9/SvFHnK7PVAX2x1wwS4HglX1lfoyq1boSvsiJOnAX3jsqXJ9TJiV +FlgRVnhnrw6zz3Xs/9ZDMTENUrqDHPNsDkKEi+9SqIsqDXpMCrGHP4ic+S8Rov1y +S+0XioMxVyXDp6XcL4PQ/NgHbw5/+UcS0me0atZ6pW68C0vi6xeU5vxojyuZxMI1 +DXXwMhOXWaKff7KNhXDUN0g58iWlnyaCz4XQwFsbbFs88TQ1+e/aj3bbwTxUeyN7 +qtcHJA== +-----END CERTIFICATE----- diff --git a/openssl-1.1.0h/test/smime-certs/smec2.pem b/openssl-1.1.0h/test/smime-certs/smec2.pem new file mode 100644 index 0000000..457297a --- /dev/null +++ b/openssl-1.1.0h/test/smime-certs/smec2.pem @@ -0,0 +1,23 @@ +-----BEGIN PRIVATE KEY----- +MIGPAgEAMBAGByqGSM49AgEGBSuBBAAQBHgwdgIBAQQjhHaq507MOBznelrLG/pl +brnnJi/iEJUUp+Pm3PEiteXqckmhTANKAAQF2zs6vobmoT+M+P2+9LZ7asvFBNi7 +uCzLYF/8j1Scn/spczoC9vNzVhNw+Lg7dnjNL4EDIyYZLl7E0v69luzbvy+q44/8 +6bQ= +-----END PRIVATE KEY----- +-----BEGIN CERTIFICATE----- +MIICpTCCAY2gAwIBAgIJANk5lu6mSyBHMA0GCSqGSIb3DQEBBQUAMEQxCzAJBgNV +BAYTAlVLMRYwFAYDVQQKDA1PcGVuU1NMIEdyb3VwMR0wGwYDVQQDDBRUZXN0IFMv +TUlNRSBSU0EgUm9vdDAeFw0xMzA3MTcxNzI4MzFaFw0yMzA1MjYxNzI4MzFaMEQx +CzAJBgNVBAYTAlVLMRYwFAYDVQQKDA1PcGVuU1NMIEdyb3VwMR0wGwYDVQQDDBRU +ZXN0IFMvTUlNRSBFRSBFQyAjMjBeMBAGByqGSM49AgEGBSuBBAAQA0oABAXbOzq+ +huahP4z4/b70tntqy8UE2Lu4LMtgX/yPVJyf+ylzOgL283NWE3D4uDt2eM0vgQMj +JhkuXsTS/r2W7Nu/L6rjj/zptKNgMF4wDAYDVR0TAQH/BAIwADAOBgNVHQ8BAf8E +BAMCBeAwHQYDVR0OBBYEFGf+QSQlkN20PsNN7x+jmQIJBDcXMB8GA1UdIwQYMBaA +FMmRUwpjexZbi71E8HaIqSTm5bZsMA0GCSqGSIb3DQEBBQUAA4IBAQBaBBryl2Ez +ftBrGENXMKQP3bBEw4n9ely6HvYQi9IC7HyK0ktz7B2FcJ4z96q38JN3cLxV0DhK +xT/72pFmQwZVJngvRaol0k1B+bdmM03llxCw/uNNZejixDjHUI9gEfbigehd7QY0 +uYDu4k4O35/z/XPQ6O5Kzw+J2vdzU8GXlMBbWeZWAmEfLGbk3Ux0ouITnSz0ty5P +rkHTo0uprlFcZAsrsNY5v5iuomYT7ZXAR3sqGZL1zPOKBnyfXeNFUfnKsZW7Fnlq +IlYBQIjqR1HGxxgCSy66f1oplhxSch4PUpk5tqrs6LeOqc2+xROy1T5YrB3yjVs0 +4ZdCllHZkhop +-----END CERTIFICATE----- diff --git a/openssl-1.1.0h/test/smime-certs/smec3.pem b/openssl-1.1.0h/test/smime-certs/smec3.pem new file mode 100644 index 0000000..90eac86 --- /dev/null +++ b/openssl-1.1.0h/test/smime-certs/smec3.pem @@ -0,0 +1,22 @@ +-----BEGIN PRIVATE KEY----- +MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQga03Rl+2K38wgwVyJ +zSy+knGorGWZBGG5p//ke0WUSbqhRANCAARH8uHBHkuOfuyXgJj7V3lNqUEPiQNo +xG8ntGjVmKRHfywdUoQJ1PgfbkCEsBk334rRFmja1r+MYyqn/A9ARiGB +-----END PRIVATE KEY----- +-----BEGIN CERTIFICATE----- +MIICoDCCAYigAwIBAgIJAPaEOllWs/pjMA0GCSqGSIb3DQEBCwUAMEQxCzAJBgNV +BAYTAlVLMRYwFAYDVQQKDA1PcGVuU1NMIEdyb3VwMR0wGwYDVQQDDBRUZXN0IFMv +TUlNRSBSU0EgUm9vdDAeFw0xNzA4MTAxNTQyMDhaFw0yNzA2MTkxNTQyMDhaMEQx +CzAJBgNVBAYTAlVLMRYwFAYDVQQKDA1PcGVuU1NMIEdyb3VwMR0wGwYDVQQDDBRU +ZXN0IFMvTUlNRSBFRSBFQyAjMzBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABEfy +4cEeS45+7JeAmPtXeU2pQQ+JA2jEbye0aNWYpEd/LB1ShAnU+B9uQISwGTffitEW +aNrWv4xjKqf8D0BGIYGjYDBeMAwGA1UdEwEB/wQCMAAwDgYDVR0PAQH/BAQDAgXg +MB0GA1UdDgQWBBQLR+H9CmAY/KDyXWdVUM9FP766WzAfBgNVHSMEGDAWgBT3YQTy +KJTdSIrnOcPj3pm5oVNtazANBgkqhkiG9w0BAQsFAAOCAQEAmMRuf8Iz5fr9f0GA +HaNiOM5S7AIfZ6W7zzdeF63EF1j9HqP1DJsUW4y5b9azWmpp62kKuNaM4CGPUVvm +diLKJVlrDcc+6lW9oROpnBsskhjqFMTjTANPQSAKZeKiG2W3U8Q103VQpuYvE4Nj +OU9JT+5e4RZS7wxYk/IsvnyF/DkoF1FTMHo9/3Wiw4V4KRhpJIPnqojWNcfipmhM +UDpbw0Oyj5fE7x6wvaoOUr8GNJE5NudtV/5QDh9REkjyKUdVYsuUrWwKqn3NT8EI +OLl8wx3RqA8htRg/W+SoESx87rvW1saPGvfypBp4cl18B1IzTlC+FMbHFJvZqQn8 +Ci1l4Q== +-----END CERTIFICATE----- diff --git a/openssl-1.1.0h/test/smime-certs/smroot.pem b/openssl-1.1.0h/test/smime-certs/smroot.pem new file mode 100644 index 0000000..d1a253f --- /dev/null +++ b/openssl-1.1.0h/test/smime-certs/smroot.pem @@ -0,0 +1,49 @@ +-----BEGIN PRIVATE KEY----- +MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQCyyQXED5HyVWwq +nXyzmY317yMUJrIfsKvREG2C691dJNHgNg+oq5sjt/fzkyS84AvdOiicAsao4cYL +DulthaLpbC7msEBhvwAil0FNb5g3ERupe1KuTdUV1UuD/i6S2VoaNXUBBn1rD9Wc +BBc0lnx/4Wt92eQTI6925pt7ZHPQw2Olp7TQDElyi5qPxCem4uT0g3zbZsWqmmsI +MXbu+K3dEprzqA1ucKXbxUmZNkMwVs2XCmlLxrRUj8C3/zENtH17HWCznhR/IVcV +kgIuklkeiDsEhbWvUQumVXR7oPh/CPZAbjGqq5mVueHSHrp7brBVZKHZvoUka28Q +LWitq1W5AgMBAAECggEASkRnOMKfBeOmQy2Yl6K57eeg0sYgSDnDpd0FINWJ5x9c +b58FcjOXBodtYKlHIY6QXx3BsM0WaSEge4d+QBi7S+u8r+eXVwNYswXSArDQsk9R +Bl5MQkvisGciL3pvLmFLpIeASyS/BLJXMbAhU58PqK+jT2wr6idwxBuXivJ3ichu +ISdT1s2aMmnD86ulCD2DruZ4g0mmk5ffV+Cdj+WWkyvEaJW2GRYov2qdaqwSOxV4 +Yve9qStvEIWAf2cISQjbnw2Ww6Z5ebrqlOz9etkmwIly6DTbrIneBnoqJlFFWGlF +ghuzc5RE2w1GbcKSOt0qXH44MTf/j0r86dlu7UIxgQKBgQDq0pEaiZuXHi9OQAOp +PsDEIznCU1bcTDJewANHag5DPEnMKLltTNyLaBRulMypI+CrDbou0nDr29VOzfXx +mNvi/c7RttOBOx7kXKvu0JUFKe2oIWRsg0KsyMX7UFMVaHFgrW+8DhQc7HK7URiw +nitOnA7YwIHRF9BMmcWcLFEYBQKBgQDC6LPbXV8COKO0YCfGXPnE7EZGD/p0Q92Z +8CoSefphEScSdO1IpxFXG7fOZ4x2GQb9q7D3IvaeKAqNjUjkuyxdB30lIWDBwSWw +fFgsa2SZwD5P60G/ar50YJr6LiF333aUMDVmC9swFfZERAEmGUz2NTrPWQdIx/lu +PyDtUR75JQKBgHaoCCJ8vl5SJl1IA5GV4Bo8IoeLTSzsY9d09zMy6BoZcMD1Ix2T +5S2cXhayoegl9PT6bsYSGHVWFCdJ86ktMI826TcXRzDaCvYhzc9THroJQcnfdbtP +aHWezkv7fsAmkoPjn75K7ubeo+r7Q5qbkg6a1PW58N8TRXIvkackzaVxAoGBALAq +qh3U+AHG9dgbrPeyo6KkuCOtX39ks8/mbfCDRZYkbb9V5f5r2tVz3R93IlK/7jyr +yWimtmde46Lrl33922w+T5OW5qBZllo9GWkUrDn3s5qClcuQjJIdmxYTSfbSCJiK +NkmE39lHkG5FVRB9f71tgTlWS6ox7TYDYxx83NTtAoGAUJPAkGt4yGAN4Pdebv53 +bSEpAAULBHntiqDEOu3lVColHuZIucml/gbTpQDruE4ww4wE7dOhY8Q4wEBVYbRI +vHkSiWpJUvZCuKG8Foh5pm9hU0qb+rbQV7NhLJ02qn1AMGO3F/WKrHPPY8/b9YhQ +KfvPCYimQwBjVrEnSntLPR0= +-----END PRIVATE KEY----- +-----BEGIN CERTIFICATE----- +MIIDbjCCAlagAwIBAgIJAMc+8VKBJ/S9MA0GCSqGSIb3DQEBBQUAMEQxCzAJBgNV +BAYTAlVLMRYwFAYDVQQKDA1PcGVuU1NMIEdyb3VwMR0wGwYDVQQDDBRUZXN0IFMv +TUlNRSBSU0EgUm9vdDAeFw0xMzA3MTcxNzI4MjlaFw0yMzA3MTUxNzI4MjlaMEQx +CzAJBgNVBAYTAlVLMRYwFAYDVQQKDA1PcGVuU1NMIEdyb3VwMR0wGwYDVQQDDBRU +ZXN0IFMvTUlNRSBSU0EgUm9vdDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC +ggEBALLJBcQPkfJVbCqdfLOZjfXvIxQmsh+wq9EQbYLr3V0k0eA2D6irmyO39/OT +JLzgC906KJwCxqjhxgsO6W2FoulsLuawQGG/ACKXQU1vmDcRG6l7Uq5N1RXVS4P+ +LpLZWho1dQEGfWsP1ZwEFzSWfH/ha33Z5BMjr3bmm3tkc9DDY6WntNAMSXKLmo/E +J6bi5PSDfNtmxaqaawgxdu74rd0SmvOoDW5wpdvFSZk2QzBWzZcKaUvGtFSPwLf/ +MQ20fXsdYLOeFH8hVxWSAi6SWR6IOwSFta9RC6ZVdHug+H8I9kBuMaqrmZW54dIe +untusFVkodm+hSRrbxAtaK2rVbkCAwEAAaNjMGEwHQYDVR0OBBYEFMmRUwpjexZb +i71E8HaIqSTm5bZsMB8GA1UdIwQYMBaAFMmRUwpjexZbi71E8HaIqSTm5bZsMA8G +A1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgEGMA0GCSqGSIb3DQEBBQUAA4IB +AQAwpIVWQey2u/XoQSMSu0jd0EZvU+lhLaFrDy/AHQeG3yX1+SAOM6f6w+efPvyb +Op1NPI9UkMPb4PCg9YC7jgYokBkvAcI7J4FcuDKMVhyCD3cljp0ouuKruvEf4FBl +zyQ9pLqA97TuG8g1hLTl8G90NzTRcmKpmhs18BmCxiqHcTfoIpb3QvPkDX8R7LVt +9BUGgPY+8ELCgw868TuHh/Cnc67gBtRjBp0sCYVzGZmKsO5f1XdHrAZKYN5mEp0C +7/OqcDoFqORTquLeycg1At/9GqhDEgxNrqA+YEsPbLGAfsNuXUsXs2ubpGsOZxKt +Emsny2ah6fU2z7PztrUy/A80 +-----END CERTIFICATE----- diff --git a/openssl-1.1.0h/test/smime-certs/smrsa1.pem b/openssl-1.1.0h/test/smime-certs/smrsa1.pem new file mode 100644 index 0000000..d0d0b9e --- /dev/null +++ b/openssl-1.1.0h/test/smime-certs/smrsa1.pem @@ -0,0 +1,49 @@ +-----BEGIN PRIVATE KEY----- +MIIEvAIBADANBgkqhkiG9w0BAQEFAASCBKYwggSiAgEAAoIBAQDXr9uzB/20QXKC +xhkfNnJvl2xl1hzdOcrQmAqo+AAAcA/D49ImuJDVQRaK2bcj54XB26i1kXuOrxID +3/etUb8yudfx8OAVwh8G0xVA4zhr8uXW85W2tBr4v0Lt+W6lSd6Hmfrk4GmE9LTU +/vzl9HUPW6SZShN1G0nY6oeUXvLi0vasEUKv3a51T6JFYg4c7qt5RCk/w8kwrQ0D +orQwCdkOPEIiC4b+nPStF12SVm5bx8rbYzioxuY/PdSebvt0APeqgRxSpCxqYnHs +CoNeHzSrGXcP0COzFeUOz2tdrhmH09JLbGZs4nbojPxMkjpJSv3/ekDG2CHYxXSH +XxpJstxZAgMBAAECggEASY4xsJaTEPwY3zxLqPdag2/yibBBW7ivz/9p80HQTlXp +KnbxXj8nNXLjCytAZ8A3P2t316PrrTdLP4ML5lGwkM4MNPhek00GY79syhozTa0i +cPHVJt+5Kwee/aVI9JmCiGAczh0yHyOM3+6ttIZvvXMVaSl4BUHvJ0ikQBc5YdzL +s6VM2gCOR6K6n+39QHDI/T7WwO9FFSNnpWFOCHwAWtyBMlleVj+xeZX8OZ/aT+35 +27yjsGNBftWKku29VDineiQC+o+fZGJs6w4JZHoBSP8TfxP8fRCFVNA281G78Xak +cEnKXwZ54bpoSa3ThKl+56J6NHkkfRGb8Rgt/ipJYQKBgQD5DKb82mLw85iReqsT +8bkp408nPOBGz7KYnQsZqAVNGfehM02+dcN5z+w0jOj6GMPLPg5whlEo/O+rt9ze +j6c2+8/+B4Bt5oqCKoOCIndH68jl65+oUxFkcHYxa3zYKGC9Uvb+x2BtBmYgvDRG +ew6I2Q3Zyd2ThZhJygUZpsjsbQKBgQDdtNiGTkgWOm+WuqBI1LT5cQfoPfgI7/da +ZA+37NBUQRe0cM7ddEcNqx7E3uUa1JJOoOYv65VyGI33Ul+evI8h5WE5bupcCEFk +LolzbMc4YQUlsySY9eUXM8jQtfVtaWhuQaABt97l+9oADkrhA+YNdEu2yiz3T6W+ +msI5AnvkHQKBgDEjuPMdF/aY6dqSjJzjzfgg3KZOUaZHJuML4XvPdjRPUlfhKo7Q +55/qUZ3Qy8tFBaTderXjGrJurc+A+LiFOaYUq2ZhDosguOWUA9yydjyfnkUXZ6or +sbvSoM+BeOGhnezdKNT+e90nLRF6cQoTD7war6vwM6L+8hxlGvqDuRNFAoGAD4K8 +d0D4yB1Uez4ZQp8m/iCLRhM3zCBFtNw1QU/fD1Xye5w8zL96zRkAsRNLAgKHLdsR +355iuTXAkOIBcJCOjveGQsdgvAmT0Zdz5FBi663V91o+IDlryqDD1t40CnCKbtRG +hng/ruVczg4x7OYh7SUKuwIP/UlkNh6LogNreX0CgYBQF9troLex6X94VTi1V5hu +iCwzDT6AJj63cS3VRO2ait3ZiLdpKdSNNW2WrlZs8FZr/mVutGEcWho8BugGMWST +1iZkYwly9Xfjnpd0I00ZIlr2/B3+ZsK8w5cOW5Lpb7frol6+BkDnBjbNZI5kQndn +zQpuMJliRlrq/5JkIbH6SA== +-----END PRIVATE KEY----- +-----BEGIN CERTIFICATE----- +MIIDbDCCAlSgAwIBAgIJANk5lu6mSyBAMA0GCSqGSIb3DQEBBQUAMEQxCzAJBgNV +BAYTAlVLMRYwFAYDVQQKDA1PcGVuU1NMIEdyb3VwMR0wGwYDVQQDDBRUZXN0IFMv +TUlNRSBSU0EgUm9vdDAeFw0xMzA3MTcxNzI4MzBaFw0yMzA1MjYxNzI4MzBaMEUx +CzAJBgNVBAYTAlVLMRYwFAYDVQQKDA1PcGVuU1NMIEdyb3VwMR4wHAYDVQQDDBVU +ZXN0IFMvTUlNRSBFRSBSU0EgIzEwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK +AoIBAQDXr9uzB/20QXKCxhkfNnJvl2xl1hzdOcrQmAqo+AAAcA/D49ImuJDVQRaK +2bcj54XB26i1kXuOrxID3/etUb8yudfx8OAVwh8G0xVA4zhr8uXW85W2tBr4v0Lt ++W6lSd6Hmfrk4GmE9LTU/vzl9HUPW6SZShN1G0nY6oeUXvLi0vasEUKv3a51T6JF +Yg4c7qt5RCk/w8kwrQ0DorQwCdkOPEIiC4b+nPStF12SVm5bx8rbYzioxuY/PdSe +bvt0APeqgRxSpCxqYnHsCoNeHzSrGXcP0COzFeUOz2tdrhmH09JLbGZs4nbojPxM +kjpJSv3/ekDG2CHYxXSHXxpJstxZAgMBAAGjYDBeMAwGA1UdEwEB/wQCMAAwDgYD +VR0PAQH/BAQDAgXgMB0GA1UdDgQWBBTmjc+lrTQuYx/VBOBGjMvufajvhDAfBgNV +HSMEGDAWgBTJkVMKY3sWW4u9RPB2iKkk5uW2bDANBgkqhkiG9w0BAQUFAAOCAQEA +dr2IRXcFtlF16kKWs1VTaFIHHNQrfSVHBkhKblPX3f/0s/i3eXgwKUu7Hnb6T3/o +E8L+e4ioQNhahTLt9ruJNHWA/QDwOfkqM3tshCs2xOD1Cpy7Bd3Dn0YBrHKyNXRK +WelGp+HetSXJGW4IZJP7iES7Um0DGktLabhZbe25EnthRDBjNnaAmcofHECWESZp +lEHczGZfS9tRbzOCofxvgLbF64H7wYSyjAe6R8aain0VRbIusiD4tCHX/lOMh9xT +GNBW8zTL+tV9H1unjPMORLnT0YQ3oAyEND0jCu0ACA1qGl+rzxhF6bQcTUNEbRMu +9Hjq6s316fk4Ne0EUF3PbA== +-----END CERTIFICATE----- diff --git a/openssl-1.1.0h/test/smime-certs/smrsa2.pem b/openssl-1.1.0h/test/smime-certs/smrsa2.pem new file mode 100644 index 0000000..2f17cb2 --- /dev/null +++ b/openssl-1.1.0h/test/smime-certs/smrsa2.pem @@ -0,0 +1,49 @@ +-----BEGIN PRIVATE KEY----- +MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQDcYC4tS2Uvn1Z2 +iDgtfkJA5tAqgbN6X4yK02RtVH5xekV9+6+eTt/9S+iFAzAnwqR/UB1R67ETrsWq +V8u9xLg5fHIwIkmu9/6P31UU9cghO7J1lcrhHvooHaFpcXepPWQacpuBq2VvcKRD +lDfVmdM5z6eS3dSZPTOMMP/xk4nhZB8mcw27qiccPieS0PZ9EZB63T1gmwaK1Rd5 +U94Pl0+zpDqhViuXmBfiIDWjjz0BzHnHSz5Rg4S3oXF1NcojhptIWyI0r7dgn5J3 +NxC4kgKdjzysxo6iWd0nLgz7h0jUdj79EOis4fg9G4f0EFWyQf7iDxGaA93Y9ePB +Jv5iFZVZAgMBAAECggEBAILIPX856EHb0KclbhlpfY4grFcdg9LS04grrcTISQW1 +J3p9nBpZ+snKe6I8Yx6lf5PiipPsSLlCliHiWpIzJZVQCkAQiSPiHttpEYgP2IYI +dH8dtznkdVbLRthZs0bnnPmpHCpW+iqpcYJ9eqkz0cvUNUGOjjWmwWmoRqwp/8CW +3S1qbkQiCh0Mk2fQeGar76R06kXQ9MKDEj14zyS3rJX+cokjEoMSlH8Sbmdh2mJz +XlNZcvqmeGJZwQWgbVVHOMUuZaKJiFa+lqvOdppbqSx0AsCRq6vjmjEYQEoOefYK +3IJM9IvqW5UNx0Cy4kQdjhZFFwMO/ALD3QyF21iP4gECgYEA+isQiaWdaY4UYxwK +Dg+pnSCKD7UGZUaCUIv9ds3CbntMOONFe0FxPsgcc4jRYQYj1rpQiFB8F11+qXGa +P/IHcnjr2+mTrNY4I9Bt1Lg+pHSS8QCgzeueFybYMLaSsXUo7tGwpvw6UUb6/YWI +LNCzZbrCLg1KZjGODhhxtvN45ZkCgYEA4YNSe+GMZlxgsvxbLs86WOm6DzJUPvxN +bWmni0+Oe0cbevgGEUjDVc895uMFnpvlgO49/C0AYJ+VVbStjIMgAeMnWj6OZoSX +q49rI8KmKUxKgORZiiaMqGWQ7Rxv68+4S8WANsjFxoUrE6dNV3uYDIUsiSLbZeI8 +38KVTcLohcECgYEAiOdyWHGq0G4xl/9rPUCzCMsa4velNV09yYiiwBZgVgfhsawm +hQpOSBZJA60XMGqkyEkT81VgY4UF4QLLcD0qeCnWoXWVHFvrQyY4RNZDacpl87/t +QGO2E2NtolL3umesa+2TJ/8Whw46Iu2llSjtVDm9NGiPk5eA7xPPf1iEi9kCgYAb +0EmVE91wJoaarLtGS7LDkpgrFacEWbPnAbfzW62UENIX2Y1OBm5pH/Vfi7J+vHWS +8E9e0eIRCL2vY2hgQy/oa67H151SkZnvQ/IP6Ar8Xvd1bDSK8HQ6tMQqKm63Y9g0 +KDjHCP4znOsSMnk8h/bZ3HcAtvbeWwftBR/LBnYNQQKBgA1leIXLLHRoX0VtS/7e +y7Xmn7gepj+gDbSuCs5wGtgw0RB/1z/S3QoS2TCbZzKPBo20+ivoRP7gcuFhduFR +hT8V87esr/QzLVpjLedQDW8Xb7GiO3BsU/gVC9VcngenbL7JObl3NgvdreIYo6+n +yrLyf+8hjm6H6zkjqiOkHAl+ +-----END PRIVATE KEY----- +-----BEGIN CERTIFICATE----- +MIIDbDCCAlSgAwIBAgIJANk5lu6mSyBBMA0GCSqGSIb3DQEBBQUAMEQxCzAJBgNV +BAYTAlVLMRYwFAYDVQQKDA1PcGVuU1NMIEdyb3VwMR0wGwYDVQQDDBRUZXN0IFMv +TUlNRSBSU0EgUm9vdDAeFw0xMzA3MTcxNzI4MzBaFw0yMzA1MjYxNzI4MzBaMEUx +CzAJBgNVBAYTAlVLMRYwFAYDVQQKDA1PcGVuU1NMIEdyb3VwMR4wHAYDVQQDDBVU +ZXN0IFMvTUlNRSBFRSBSU0EgIzIwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK +AoIBAQDcYC4tS2Uvn1Z2iDgtfkJA5tAqgbN6X4yK02RtVH5xekV9+6+eTt/9S+iF +AzAnwqR/UB1R67ETrsWqV8u9xLg5fHIwIkmu9/6P31UU9cghO7J1lcrhHvooHaFp +cXepPWQacpuBq2VvcKRDlDfVmdM5z6eS3dSZPTOMMP/xk4nhZB8mcw27qiccPieS +0PZ9EZB63T1gmwaK1Rd5U94Pl0+zpDqhViuXmBfiIDWjjz0BzHnHSz5Rg4S3oXF1 +NcojhptIWyI0r7dgn5J3NxC4kgKdjzysxo6iWd0nLgz7h0jUdj79EOis4fg9G4f0 +EFWyQf7iDxGaA93Y9ePBJv5iFZVZAgMBAAGjYDBeMAwGA1UdEwEB/wQCMAAwDgYD +VR0PAQH/BAQDAgXgMB0GA1UdDgQWBBT0arpyYMHXDPVL7MvzE+lx71L7sjAfBgNV +HSMEGDAWgBTJkVMKY3sWW4u9RPB2iKkk5uW2bDANBgkqhkiG9w0BAQUFAAOCAQEA +I8nM42am3aImkZyrw8iGkaGhKyi/dfajSWx6B9izBUh+3FleBnUxxOA+mn7M8C47 +Ne18iaaWK8vEux9KYTIY8BzXQZL1AuZ896cXEc6bGKsME37JSsocfuB5BIGWlYLv +/ON5/SJ0iVFj4fAp8z7Vn5qxRJj9BhZDxaO1Raa6cz6pm0imJy9v8y01TI6HsK8c +XJQLs7/U4Qb91K+IDNX/lgW3hzWjifNpIpT5JyY3DUgbkD595LFV5DDMZd0UOqcv +6cyN42zkX8a0TWr3i5wu7pw4k1oD19RbUyljyleEp0DBauIct4GARdBGgi5y1H2i +NzYzLAPBkHCMY0Is3KKIBw== +-----END CERTIFICATE----- diff --git a/openssl-1.1.0h/test/smime-certs/smrsa3.pem b/openssl-1.1.0h/test/smime-certs/smrsa3.pem new file mode 100644 index 0000000..14c27f6 --- /dev/null +++ b/openssl-1.1.0h/test/smime-certs/smrsa3.pem @@ -0,0 +1,49 @@ +-----BEGIN PRIVATE KEY----- +MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQCyK+BTAOJKJjji +OhY60NeZjzGGZxEBfCm62n0mwkzusW/V/e63uwj6uOVCFoVBz5doMf3M6QIS2jL3 +Aw6Qs5+vcuLA0gHrqIwjYQz1UZ5ETLKLKbQw6YOIVfsFSTxytUVpfcByrubWiLKX +63theG1/IVokDK/9/k52Kyt+wcCjuRb7AJQFj2OLDRuWm/gavozkK103gQ+dUq4H +XamZMtTq1EhQOfc0IUeCOEL6xz4jzlHHfzLdkvb7Enhav2sXDfOmZp/DYf9IqS7l +vFkkINPVbYFBTexaPZlFwmpGRjkmoyH/w+Jlcpzs+w6p1diWRpaSn62bbkRN49j6 +L2dVb+DfAgMBAAECggEAciwDl6zdVT6g/PbT/+SMA+7qgYHSN+1koEQaJpgjzGEP +lUUfj8TewCtzXaIoyj9IepBuXryBg6snNXpT/w3bqgYon/7zFBvxkUpDj4A5tvKf +BuY2fZFlpBvUu1Ju1eKrFCptBBBoA9mc+BUB/ze4ktrAdJFcxZoMlVScjqGB3GdR +OHw2x9BdWGCJBhiu9VHhAAb/LVWi6xgDumYSWZwN2yovg+7J91t5bsENeBRHycK+ +i5dNFh1umIK9N0SH6bpHPnLHrCRchrQ6ZRRxL4ZBKA9jFRDeI7OOsJuCvhGyJ1se +snsLjr/Ahg00aiHCcC1SPQ6pmXAVBCG7hf4AX82V4QKBgQDaFDE+Fcpv84mFo4s9 +wn4CZ8ymoNIaf5zPl/gpH7MGots4NT5+Ns+6zzJQ6TEpDjTPx+vDaabP7QGXwVZn +8NAHYvCQK37b+u9HrOt256YYRDOmnJFSbsJdmqzMEzpTNmQ8GuI37cZCS9CmSMv+ +ab/plcwuv0cJRSC83NN2AFyu1QKBgQDRJzKIBQlpprF9rA0D5ZjLVW4OH18A0Mmm +oanw7qVutBaM4taFN4M851WnNIROyYIlkk2fNgW57Y4M8LER4zLrjU5HY4lB0BMX +LQWDbyz4Y7L4lVnnEKfQxWFt9avNZwiCxCxEKy/n/icmVCzc91j9uwKcupdzrN6E +yzPd1s5y4wKBgQCkJvzmAdsOp9/Fg1RFWcgmIWHvrzBXl+U+ceLveZf1j9K5nYJ7 +2OBGer4iH1XM1I+2M4No5XcWHg3L4FEdDixY0wXHT6Y/CcThS+015Kqmq3fBmyrc +RNjzQoF9X5/QkSmkAIx1kvpgXtcgw70htRIrToGSUpKzDKDW6NYXhbA+PQKBgDJK +KH5IJ8E9kYPUMLT1Kc4KVpISvPcnPLVSPdhuqVx69MkfadFSTb4BKbkwiXegQCjk +isFzbeEM25EE9q6EYKP+sAm+RyyJ6W0zKBY4TynSXyAiWSGUAaXTL+AOqCaVVZiL +rtEdSUGQ/LzclIT0/HLV2oTw4KWxtTdc3LXEhpNdAoGBAM3LckiHENqtoeK2gVNw +IPeEuruEqoN4n+XltbEEv6Ymhxrs6T6HSKsEsLhqsUiIvIzH43KMm45SNYTn5eZh +yzYMXLmervN7c1jJe2Y2MYv6hE+Ypj1xGW4w7s8WNKmVzLv97beisD9AZrS7sXfF +RvOAi5wVkYylDxV4238MAZIq +-----END PRIVATE KEY----- +-----BEGIN CERTIFICATE----- +MIIDbDCCAlSgAwIBAgIJANk5lu6mSyBCMA0GCSqGSIb3DQEBBQUAMEQxCzAJBgNV +BAYTAlVLMRYwFAYDVQQKDA1PcGVuU1NMIEdyb3VwMR0wGwYDVQQDDBRUZXN0IFMv +TUlNRSBSU0EgUm9vdDAeFw0xMzA3MTcxNzI4MzBaFw0yMzA1MjYxNzI4MzBaMEUx +CzAJBgNVBAYTAlVLMRYwFAYDVQQKDA1PcGVuU1NMIEdyb3VwMR4wHAYDVQQDDBVU +ZXN0IFMvTUlNRSBFRSBSU0EgIzMwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK +AoIBAQCyK+BTAOJKJjjiOhY60NeZjzGGZxEBfCm62n0mwkzusW/V/e63uwj6uOVC +FoVBz5doMf3M6QIS2jL3Aw6Qs5+vcuLA0gHrqIwjYQz1UZ5ETLKLKbQw6YOIVfsF +STxytUVpfcByrubWiLKX63theG1/IVokDK/9/k52Kyt+wcCjuRb7AJQFj2OLDRuW +m/gavozkK103gQ+dUq4HXamZMtTq1EhQOfc0IUeCOEL6xz4jzlHHfzLdkvb7Enha +v2sXDfOmZp/DYf9IqS7lvFkkINPVbYFBTexaPZlFwmpGRjkmoyH/w+Jlcpzs+w6p +1diWRpaSn62bbkRN49j6L2dVb+DfAgMBAAGjYDBeMAwGA1UdEwEB/wQCMAAwDgYD +VR0PAQH/BAQDAgXgMB0GA1UdDgQWBBQ6CkW5sa6HrBsWvuPOvMjyL5AnsDAfBgNV +HSMEGDAWgBTJkVMKY3sWW4u9RPB2iKkk5uW2bDANBgkqhkiG9w0BAQUFAAOCAQEA +JhcrD7AKafVzlncA3cZ6epAruj1xwcfiE+EbuAaeWEGjoSltmevcjgoIxvijRVcp +sCbNmHJZ/siQlqzWjjf3yoERvLDqngJZZpQeocMIbLRQf4wgLAuiBcvT52wTE+sa +VexeETDy5J1OW3wE4A3rkdBp6hLaymlijFNnd5z/bP6w3AcIMWm45yPm0skM8RVr +O3UstEFYD/iy+p+Y/YZDoxYQSW5Vl+NkpGmc5bzet8gQz4JeXtH3z5zUGoDM4XK7 +tXP3yUi2eecCbyjh/wgaQiVdylr1Kv3mxXcTl+cFO22asDkh0R/y72nTCu5fSILY +CscFo2Z2pYROGtZDmYqhRw== +-----END CERTIFICATE----- diff --git a/openssl-1.1.0h/test/srptest.c b/openssl-1.1.0h/test/srptest.c new file mode 100644 index 0000000..73b3881 --- /dev/null +++ b/openssl-1.1.0h/test/srptest.c @@ -0,0 +1,312 @@ +/* + * Copyright 2011-2016 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#include +#ifdef OPENSSL_NO_SRP + +# include + +int main(int argc, char *argv[]) +{ + printf("No SRP support\n"); + return (0); +} + +#else + +# include +# include +# include + +static void showbn(const char *name, const BIGNUM *bn) +{ + fputs(name, stdout); + fputs(" = ", stdout); + BN_print_fp(stdout, bn); + putc('\n', stdout); +} + +# define RANDOM_SIZE 32 /* use 256 bits on each side */ + +static int run_srp(const char *username, const char *client_pass, + const char *server_pass) +{ + int ret = -1; + BIGNUM *s = NULL; + BIGNUM *v = NULL; + BIGNUM *a = NULL; + BIGNUM *b = NULL; + BIGNUM *u = NULL; + BIGNUM *x = NULL; + BIGNUM *Apub = NULL; + BIGNUM *Bpub = NULL; + BIGNUM *Kclient = NULL; + BIGNUM *Kserver = NULL; + unsigned char rand_tmp[RANDOM_SIZE]; + /* use builtin 1024-bit params */ + const SRP_gN *GN = SRP_get_default_gN("1024"); + + if (GN == NULL) { + fprintf(stderr, "Failed to get SRP parameters\n"); + return -1; + } + /* Set up server's password entry */ + if (!SRP_create_verifier_BN(username, server_pass, &s, &v, GN->N, GN->g)) { + fprintf(stderr, "Failed to create SRP verifier\n"); + return -1; + } + + showbn("N", GN->N); + showbn("g", GN->g); + showbn("Salt", s); + showbn("Verifier", v); + + /* Server random */ + RAND_bytes(rand_tmp, sizeof(rand_tmp)); + b = BN_bin2bn(rand_tmp, sizeof(rand_tmp), NULL); + /* TODO - check b != 0 */ + showbn("b", b); + + /* Server's first message */ + Bpub = SRP_Calc_B(b, GN->N, GN->g, v); + showbn("B", Bpub); + + if (!SRP_Verify_B_mod_N(Bpub, GN->N)) { + fprintf(stderr, "Invalid B\n"); + return -1; + } + + /* Client random */ + RAND_bytes(rand_tmp, sizeof(rand_tmp)); + a = BN_bin2bn(rand_tmp, sizeof(rand_tmp), NULL); + /* TODO - check a != 0 */ + showbn("a", a); + + /* Client's response */ + Apub = SRP_Calc_A(a, GN->N, GN->g); + showbn("A", Apub); + + if (!SRP_Verify_A_mod_N(Apub, GN->N)) { + fprintf(stderr, "Invalid A\n"); + return -1; + } + + /* Both sides calculate u */ + u = SRP_Calc_u(Apub, Bpub, GN->N); + + /* Client's key */ + x = SRP_Calc_x(s, username, client_pass); + Kclient = SRP_Calc_client_key(GN->N, Bpub, GN->g, x, a, u); + showbn("Client's key", Kclient); + + /* Server's key */ + Kserver = SRP_Calc_server_key(Apub, v, u, b, GN->N); + showbn("Server's key", Kserver); + + if (BN_cmp(Kclient, Kserver) == 0) { + ret = 0; + } else { + fprintf(stderr, "Keys mismatch\n"); + ret = 1; + } + + BN_clear_free(Kclient); + BN_clear_free(Kserver); + BN_clear_free(x); + BN_free(u); + BN_free(Apub); + BN_clear_free(a); + BN_free(Bpub); + BN_clear_free(b); + BN_free(s); + BN_clear_free(v); + + return ret; +} + +static int check_bn(const char *name, const BIGNUM *bn, const char *hexbn) +{ + BIGNUM *tmp = NULL; + int rv; + if (BN_hex2bn(&tmp, hexbn) == 0) + return 0; + rv = BN_cmp(bn, tmp); + if (rv == 0) { + printf("%s = ", name); + BN_print_fp(stdout, bn); + printf("\n"); + BN_free(tmp); + return 1; + } + printf("Unexpected %s value\n", name); + printf("Expecting: "); + BN_print_fp(stdout, tmp); + printf("\nReceived: "); + BN_print_fp(stdout, bn); + printf("\n"); + BN_free(tmp); + return 0; +} + +/* SRP test vectors from RFC5054 */ +static int run_srp_kat(void) +{ + int ret = 0; + BIGNUM *s = NULL; + BIGNUM *v = NULL; + BIGNUM *a = NULL; + BIGNUM *b = NULL; + BIGNUM *u = NULL; + BIGNUM *x = NULL; + BIGNUM *Apub = NULL; + BIGNUM *Bpub = NULL; + BIGNUM *Kclient = NULL; + BIGNUM *Kserver = NULL; + /* use builtin 1024-bit params */ + const SRP_gN *GN = SRP_get_default_gN("1024"); + + if (GN == NULL) { + fprintf(stderr, "Failed to get SRP parameters\n"); + goto err; + } + BN_hex2bn(&s, "BEB25379D1A8581EB5A727673A2441EE"); + /* Set up server's password entry */ + if (!SRP_create_verifier_BN("alice", "password123", &s, &v, GN->N, + GN->g)) { + fprintf(stderr, "Failed to create SRP verifier\n"); + goto err; + } + + if (!check_bn("v", v, + "7E273DE8696FFC4F4E337D05B4B375BEB0DDE1569E8FA00A9886D812" + "9BADA1F1822223CA1A605B530E379BA4729FDC59F105B4787E5186F5" + "C671085A1447B52A48CF1970B4FB6F8400BBF4CEBFBB168152E08AB5" + "EA53D15C1AFF87B2B9DA6E04E058AD51CC72BFC9033B564E26480D78" + "E955A5E29E7AB245DB2BE315E2099AFB")) + goto err; + + /* Server random */ + BN_hex2bn(&b, "E487CB59D31AC550471E81F00F6928E01DDA08E974A004F49E61F5D1" + "05284D20"); + + /* Server's first message */ + Bpub = SRP_Calc_B(b, GN->N, GN->g, v); + + if (!SRP_Verify_B_mod_N(Bpub, GN->N)) { + fprintf(stderr, "Invalid B\n"); + goto err; + } + + if (!check_bn("B", Bpub, + "BD0C61512C692C0CB6D041FA01BB152D4916A1E77AF46AE105393011" + "BAF38964DC46A0670DD125B95A981652236F99D9B681CBF87837EC99" + "6C6DA04453728610D0C6DDB58B318885D7D82C7F8DEB75CE7BD4FBAA" + "37089E6F9C6059F388838E7A00030B331EB76840910440B1B27AAEAE" + "EB4012B7D7665238A8E3FB004B117B58")) + goto err; + + /* Client random */ + BN_hex2bn(&a, "60975527035CF2AD1989806F0407210BC81EDC04E2762A56AFD529DD" + "DA2D4393"); + + /* Client's response */ + Apub = SRP_Calc_A(a, GN->N, GN->g); + + if (!SRP_Verify_A_mod_N(Apub, GN->N)) { + fprintf(stderr, "Invalid A\n"); + return -1; + } + + if (!check_bn("A", Apub, + "61D5E490F6F1B79547B0704C436F523DD0E560F0C64115BB72557EC4" + "4352E8903211C04692272D8B2D1A5358A2CF1B6E0BFCF99F921530EC" + "8E39356179EAE45E42BA92AEACED825171E1E8B9AF6D9C03E1327F44" + "BE087EF06530E69F66615261EEF54073CA11CF5858F0EDFDFE15EFEA" + "B349EF5D76988A3672FAC47B0769447B")) + goto err; + + /* Both sides calculate u */ + u = SRP_Calc_u(Apub, Bpub, GN->N); + + if (!check_bn("u", u, "CE38B9593487DA98554ED47D70A7AE5F462EF019")) + goto err; + + /* Client's key */ + x = SRP_Calc_x(s, "alice", "password123"); + Kclient = SRP_Calc_client_key(GN->N, Bpub, GN->g, x, a, u); + if (!check_bn("Client's key", Kclient, + "B0DC82BABCF30674AE450C0287745E7990A3381F63B387AAF271A10D" + "233861E359B48220F7C4693C9AE12B0A6F67809F0876E2D013800D6C" + "41BB59B6D5979B5C00A172B4A2A5903A0BDCAF8A709585EB2AFAFA8F" + "3499B200210DCC1F10EB33943CD67FC88A2F39A4BE5BEC4EC0A3212D" + "C346D7E474B29EDE8A469FFECA686E5A")) + goto err; + /* Server's key */ + Kserver = SRP_Calc_server_key(Apub, v, u, b, GN->N); + if (!check_bn("Server's key", Kserver, + "B0DC82BABCF30674AE450C0287745E7990A3381F63B387AAF271A10D" + "233861E359B48220F7C4693C9AE12B0A6F67809F0876E2D013800D6C" + "41BB59B6D5979B5C00A172B4A2A5903A0BDCAF8A709585EB2AFAFA8F" + "3499B200210DCC1F10EB33943CD67FC88A2F39A4BE5BEC4EC0A3212D" + "C346D7E474B29EDE8A469FFECA686E5A")) + goto err; + + ret = 1; + + err: + BN_clear_free(Kclient); + BN_clear_free(Kserver); + BN_clear_free(x); + BN_free(u); + BN_free(Apub); + BN_clear_free(a); + BN_free(Bpub); + BN_clear_free(b); + BN_free(s); + BN_clear_free(v); + + return ret; +} + +int main(int argc, char **argv) +{ + BIO *bio_err; + bio_err = BIO_new_fp(stderr, BIO_NOCLOSE | BIO_FP_TEXT); + + CRYPTO_set_mem_debug(1); + CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON); + + + /* "Negative" test, expect a mismatch */ + if (run_srp("alice", "password1", "password2") == 0) { + fprintf(stderr, "Mismatched SRP run failed\n"); + return 1; + } + + /* "Positive" test, should pass */ + if (run_srp("alice", "password", "password") != 0) { + fprintf(stderr, "Plain SRP run failed\n"); + return 1; + } + + /* KAT from RFC5054: should pass */ + if (run_srp_kat() != 1) { + fprintf(stderr, "SRP KAT failed\n"); + return 1; + } + +#ifndef OPENSSL_NO_CRYPTO_MDEBUG + if (CRYPTO_mem_leaks(bio_err) <= 0) + return 1; +#endif + BIO_free(bio_err); + + return 0; +} +#endif diff --git a/openssl-1.1.0h/test/ssl-tests/01-simple.conf b/openssl-1.1.0h/test/ssl-tests/01-simple.conf new file mode 100644 index 0000000..5f4dd84 --- /dev/null +++ b/openssl-1.1.0h/test/ssl-tests/01-simple.conf @@ -0,0 +1,78 @@ +# Generated with generate_ssl_tests.pl + +num_tests = 3 + +test-0 = 0-default +test-1 = 1-Server signature algorithms bug +test-2 = 2-verify-cert +# =========================================================== + +[0-default] +ssl_conf = 0-default-ssl + +[0-default-ssl] +server = 0-default-server +client = 0-default-client + +[0-default-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[0-default-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-0] +ExpectedResult = Success + + +# =========================================================== + +[1-Server signature algorithms bug] +ssl_conf = 1-Server signature algorithms bug-ssl + +[1-Server signature algorithms bug-ssl] +server = 1-Server signature algorithms bug-server +client = 1-Server signature algorithms bug-client + +[1-Server signature algorithms bug-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +ClientSignatureAlgorithms = ECDSA+SHA256 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[1-Server signature algorithms bug-client] +CipherString = DEFAULT +SignatureAlgorithms = RSA+SHA256 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-1] +ExpectedResult = Success + + +# =========================================================== + +[2-verify-cert] +ssl_conf = 2-verify-cert-ssl + +[2-verify-cert-ssl] +server = 2-verify-cert-server +client = 2-verify-cert-client + +[2-verify-cert-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[2-verify-cert-client] +CipherString = DEFAULT +VerifyMode = Peer + +[test-2] +ExpectedClientAlert = UnknownCA +ExpectedResult = ClientFail + + diff --git a/openssl-1.1.0h/test/ssl-tests/01-simple.conf.in b/openssl-1.1.0h/test/ssl-tests/01-simple.conf.in new file mode 100644 index 0000000..086d66d --- /dev/null +++ b/openssl-1.1.0h/test/ssl-tests/01-simple.conf.in @@ -0,0 +1,42 @@ +# -*- mode: perl; -*- +# Copyright 2016-2016 The OpenSSL Project Authors. All Rights Reserved. +# +# Licensed under the OpenSSL license (the "License"). You may not use +# this file except in compliance with the License. You can obtain a copy +# in the file LICENSE in the source distribution or at +# https://www.openssl.org/source/license.html + + +## SSL test configurations + +package ssltests; + +our @tests = ( + { + name => "default", + server => { }, + client => { }, + test => { "ExpectedResult" => "Success" }, + }, + + { + name => "Server signature algorithms bug", + # Should have no effect as we aren't doing client auth + server => { "ClientSignatureAlgorithms" => "ECDSA+SHA256" }, + client => { "SignatureAlgorithms" => "RSA+SHA256" }, + test => { "ExpectedResult" => "Success" }, + }, + + { + name => "verify-cert", + server => { }, + client => { + # Don't set up the client root file. + "VerifyCAFile" => undef, + }, + test => { + "ExpectedResult" => "ClientFail", + "ExpectedClientAlert" => "UnknownCA", + }, + }, +); diff --git a/openssl-1.1.0h/test/ssl-tests/02-protocol-version.conf b/openssl-1.1.0h/test/ssl-tests/02-protocol-version.conf new file mode 100644 index 0000000..cb89dbc --- /dev/null +++ b/openssl-1.1.0h/test/ssl-tests/02-protocol-version.conf @@ -0,0 +1,9975 @@ +# Generated with generate_ssl_tests.pl + +num_tests = 361 + +test-0 = 0-version-negotiation +test-1 = 1-version-negotiation +test-2 = 2-version-negotiation +test-3 = 3-version-negotiation +test-4 = 4-version-negotiation +test-5 = 5-version-negotiation +test-6 = 6-version-negotiation +test-7 = 7-version-negotiation +test-8 = 8-version-negotiation +test-9 = 9-version-negotiation +test-10 = 10-version-negotiation +test-11 = 11-version-negotiation +test-12 = 12-version-negotiation +test-13 = 13-version-negotiation +test-14 = 14-version-negotiation +test-15 = 15-version-negotiation +test-16 = 16-version-negotiation +test-17 = 17-version-negotiation +test-18 = 18-version-negotiation +test-19 = 19-version-negotiation +test-20 = 20-version-negotiation +test-21 = 21-version-negotiation +test-22 = 22-version-negotiation +test-23 = 23-version-negotiation +test-24 = 24-version-negotiation +test-25 = 25-version-negotiation +test-26 = 26-version-negotiation +test-27 = 27-version-negotiation +test-28 = 28-version-negotiation +test-29 = 29-version-negotiation +test-30 = 30-version-negotiation +test-31 = 31-version-negotiation +test-32 = 32-version-negotiation +test-33 = 33-version-negotiation +test-34 = 34-version-negotiation +test-35 = 35-version-negotiation +test-36 = 36-version-negotiation +test-37 = 37-version-negotiation +test-38 = 38-version-negotiation +test-39 = 39-version-negotiation +test-40 = 40-version-negotiation +test-41 = 41-version-negotiation +test-42 = 42-version-negotiation +test-43 = 43-version-negotiation +test-44 = 44-version-negotiation +test-45 = 45-version-negotiation +test-46 = 46-version-negotiation +test-47 = 47-version-negotiation +test-48 = 48-version-negotiation +test-49 = 49-version-negotiation +test-50 = 50-version-negotiation +test-51 = 51-version-negotiation +test-52 = 52-version-negotiation +test-53 = 53-version-negotiation +test-54 = 54-version-negotiation +test-55 = 55-version-negotiation +test-56 = 56-version-negotiation +test-57 = 57-version-negotiation +test-58 = 58-version-negotiation +test-59 = 59-version-negotiation +test-60 = 60-version-negotiation +test-61 = 61-version-negotiation +test-62 = 62-version-negotiation +test-63 = 63-version-negotiation +test-64 = 64-version-negotiation +test-65 = 65-version-negotiation +test-66 = 66-version-negotiation +test-67 = 67-version-negotiation +test-68 = 68-version-negotiation +test-69 = 69-version-negotiation +test-70 = 70-version-negotiation +test-71 = 71-version-negotiation +test-72 = 72-version-negotiation +test-73 = 73-version-negotiation +test-74 = 74-version-negotiation +test-75 = 75-version-negotiation +test-76 = 76-version-negotiation +test-77 = 77-version-negotiation +test-78 = 78-version-negotiation +test-79 = 79-version-negotiation +test-80 = 80-version-negotiation +test-81 = 81-version-negotiation +test-82 = 82-version-negotiation +test-83 = 83-version-negotiation +test-84 = 84-version-negotiation +test-85 = 85-version-negotiation +test-86 = 86-version-negotiation +test-87 = 87-version-negotiation +test-88 = 88-version-negotiation +test-89 = 89-version-negotiation +test-90 = 90-version-negotiation +test-91 = 91-version-negotiation +test-92 = 92-version-negotiation +test-93 = 93-version-negotiation +test-94 = 94-version-negotiation +test-95 = 95-version-negotiation +test-96 = 96-version-negotiation +test-97 = 97-version-negotiation +test-98 = 98-version-negotiation +test-99 = 99-version-negotiation +test-100 = 100-version-negotiation +test-101 = 101-version-negotiation +test-102 = 102-version-negotiation +test-103 = 103-version-negotiation +test-104 = 104-version-negotiation +test-105 = 105-version-negotiation +test-106 = 106-version-negotiation +test-107 = 107-version-negotiation +test-108 = 108-version-negotiation +test-109 = 109-version-negotiation +test-110 = 110-version-negotiation +test-111 = 111-version-negotiation +test-112 = 112-version-negotiation +test-113 = 113-version-negotiation +test-114 = 114-version-negotiation +test-115 = 115-version-negotiation +test-116 = 116-version-negotiation +test-117 = 117-version-negotiation +test-118 = 118-version-negotiation +test-119 = 119-version-negotiation +test-120 = 120-version-negotiation +test-121 = 121-version-negotiation +test-122 = 122-version-negotiation +test-123 = 123-version-negotiation +test-124 = 124-version-negotiation +test-125 = 125-version-negotiation +test-126 = 126-version-negotiation +test-127 = 127-version-negotiation +test-128 = 128-version-negotiation +test-129 = 129-version-negotiation +test-130 = 130-version-negotiation +test-131 = 131-version-negotiation +test-132 = 132-version-negotiation +test-133 = 133-version-negotiation +test-134 = 134-version-negotiation +test-135 = 135-version-negotiation +test-136 = 136-version-negotiation +test-137 = 137-version-negotiation +test-138 = 138-version-negotiation +test-139 = 139-version-negotiation +test-140 = 140-version-negotiation +test-141 = 141-version-negotiation +test-142 = 142-version-negotiation +test-143 = 143-version-negotiation +test-144 = 144-version-negotiation +test-145 = 145-version-negotiation +test-146 = 146-version-negotiation +test-147 = 147-version-negotiation +test-148 = 148-version-negotiation +test-149 = 149-version-negotiation +test-150 = 150-version-negotiation +test-151 = 151-version-negotiation +test-152 = 152-version-negotiation +test-153 = 153-version-negotiation +test-154 = 154-version-negotiation +test-155 = 155-version-negotiation +test-156 = 156-version-negotiation +test-157 = 157-version-negotiation +test-158 = 158-version-negotiation +test-159 = 159-version-negotiation +test-160 = 160-version-negotiation +test-161 = 161-version-negotiation +test-162 = 162-version-negotiation +test-163 = 163-version-negotiation +test-164 = 164-version-negotiation +test-165 = 165-version-negotiation +test-166 = 166-version-negotiation +test-167 = 167-version-negotiation +test-168 = 168-version-negotiation +test-169 = 169-version-negotiation +test-170 = 170-version-negotiation +test-171 = 171-version-negotiation +test-172 = 172-version-negotiation +test-173 = 173-version-negotiation +test-174 = 174-version-negotiation +test-175 = 175-version-negotiation +test-176 = 176-version-negotiation +test-177 = 177-version-negotiation +test-178 = 178-version-negotiation +test-179 = 179-version-negotiation +test-180 = 180-version-negotiation +test-181 = 181-version-negotiation +test-182 = 182-version-negotiation +test-183 = 183-version-negotiation +test-184 = 184-version-negotiation +test-185 = 185-version-negotiation +test-186 = 186-version-negotiation +test-187 = 187-version-negotiation +test-188 = 188-version-negotiation +test-189 = 189-version-negotiation +test-190 = 190-version-negotiation +test-191 = 191-version-negotiation +test-192 = 192-version-negotiation +test-193 = 193-version-negotiation +test-194 = 194-version-negotiation +test-195 = 195-version-negotiation +test-196 = 196-version-negotiation +test-197 = 197-version-negotiation +test-198 = 198-version-negotiation +test-199 = 199-version-negotiation +test-200 = 200-version-negotiation +test-201 = 201-version-negotiation +test-202 = 202-version-negotiation +test-203 = 203-version-negotiation +test-204 = 204-version-negotiation +test-205 = 205-version-negotiation +test-206 = 206-version-negotiation +test-207 = 207-version-negotiation +test-208 = 208-version-negotiation +test-209 = 209-version-negotiation +test-210 = 210-version-negotiation +test-211 = 211-version-negotiation +test-212 = 212-version-negotiation +test-213 = 213-version-negotiation +test-214 = 214-version-negotiation +test-215 = 215-version-negotiation +test-216 = 216-version-negotiation +test-217 = 217-version-negotiation +test-218 = 218-version-negotiation +test-219 = 219-version-negotiation +test-220 = 220-version-negotiation +test-221 = 221-version-negotiation +test-222 = 222-version-negotiation +test-223 = 223-version-negotiation +test-224 = 224-version-negotiation +test-225 = 225-version-negotiation +test-226 = 226-version-negotiation +test-227 = 227-version-negotiation +test-228 = 228-version-negotiation +test-229 = 229-version-negotiation +test-230 = 230-version-negotiation +test-231 = 231-version-negotiation +test-232 = 232-version-negotiation +test-233 = 233-version-negotiation +test-234 = 234-version-negotiation +test-235 = 235-version-negotiation +test-236 = 236-version-negotiation +test-237 = 237-version-negotiation +test-238 = 238-version-negotiation +test-239 = 239-version-negotiation +test-240 = 240-version-negotiation +test-241 = 241-version-negotiation +test-242 = 242-version-negotiation +test-243 = 243-version-negotiation +test-244 = 244-version-negotiation +test-245 = 245-version-negotiation +test-246 = 246-version-negotiation +test-247 = 247-version-negotiation +test-248 = 248-version-negotiation +test-249 = 249-version-negotiation +test-250 = 250-version-negotiation +test-251 = 251-version-negotiation +test-252 = 252-version-negotiation +test-253 = 253-version-negotiation +test-254 = 254-version-negotiation +test-255 = 255-version-negotiation +test-256 = 256-version-negotiation +test-257 = 257-version-negotiation +test-258 = 258-version-negotiation +test-259 = 259-version-negotiation +test-260 = 260-version-negotiation +test-261 = 261-version-negotiation +test-262 = 262-version-negotiation +test-263 = 263-version-negotiation +test-264 = 264-version-negotiation +test-265 = 265-version-negotiation +test-266 = 266-version-negotiation +test-267 = 267-version-negotiation +test-268 = 268-version-negotiation +test-269 = 269-version-negotiation +test-270 = 270-version-negotiation +test-271 = 271-version-negotiation +test-272 = 272-version-negotiation +test-273 = 273-version-negotiation +test-274 = 274-version-negotiation +test-275 = 275-version-negotiation +test-276 = 276-version-negotiation +test-277 = 277-version-negotiation +test-278 = 278-version-negotiation +test-279 = 279-version-negotiation +test-280 = 280-version-negotiation +test-281 = 281-version-negotiation +test-282 = 282-version-negotiation +test-283 = 283-version-negotiation +test-284 = 284-version-negotiation +test-285 = 285-version-negotiation +test-286 = 286-version-negotiation +test-287 = 287-version-negotiation +test-288 = 288-version-negotiation +test-289 = 289-version-negotiation +test-290 = 290-version-negotiation +test-291 = 291-version-negotiation +test-292 = 292-version-negotiation +test-293 = 293-version-negotiation +test-294 = 294-version-negotiation +test-295 = 295-version-negotiation +test-296 = 296-version-negotiation +test-297 = 297-version-negotiation +test-298 = 298-version-negotiation +test-299 = 299-version-negotiation +test-300 = 300-version-negotiation +test-301 = 301-version-negotiation +test-302 = 302-version-negotiation +test-303 = 303-version-negotiation +test-304 = 304-version-negotiation +test-305 = 305-version-negotiation +test-306 = 306-version-negotiation +test-307 = 307-version-negotiation +test-308 = 308-version-negotiation +test-309 = 309-version-negotiation +test-310 = 310-version-negotiation +test-311 = 311-version-negotiation +test-312 = 312-version-negotiation +test-313 = 313-version-negotiation +test-314 = 314-version-negotiation +test-315 = 315-version-negotiation +test-316 = 316-version-negotiation +test-317 = 317-version-negotiation +test-318 = 318-version-negotiation +test-319 = 319-version-negotiation +test-320 = 320-version-negotiation +test-321 = 321-version-negotiation +test-322 = 322-version-negotiation +test-323 = 323-version-negotiation +test-324 = 324-version-negotiation +test-325 = 325-version-negotiation +test-326 = 326-version-negotiation +test-327 = 327-version-negotiation +test-328 = 328-version-negotiation +test-329 = 329-version-negotiation +test-330 = 330-version-negotiation +test-331 = 331-version-negotiation +test-332 = 332-version-negotiation +test-333 = 333-version-negotiation +test-334 = 334-version-negotiation +test-335 = 335-version-negotiation +test-336 = 336-version-negotiation +test-337 = 337-version-negotiation +test-338 = 338-version-negotiation +test-339 = 339-version-negotiation +test-340 = 340-version-negotiation +test-341 = 341-version-negotiation +test-342 = 342-version-negotiation +test-343 = 343-version-negotiation +test-344 = 344-version-negotiation +test-345 = 345-version-negotiation +test-346 = 346-version-negotiation +test-347 = 347-version-negotiation +test-348 = 348-version-negotiation +test-349 = 349-version-negotiation +test-350 = 350-version-negotiation +test-351 = 351-version-negotiation +test-352 = 352-version-negotiation +test-353 = 353-version-negotiation +test-354 = 354-version-negotiation +test-355 = 355-version-negotiation +test-356 = 356-version-negotiation +test-357 = 357-version-negotiation +test-358 = 358-version-negotiation +test-359 = 359-version-negotiation +test-360 = 360-version-negotiation +# =========================================================== + +[0-version-negotiation] +ssl_conf = 0-version-negotiation-ssl + +[0-version-negotiation-ssl] +server = 0-version-negotiation-server +client = 0-version-negotiation-client + +[0-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[0-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = SSLv3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-0] +ExpectedResult = InternalError + + +# =========================================================== + +[1-version-negotiation] +ssl_conf = 1-version-negotiation-ssl + +[1-version-negotiation-ssl] +server = 1-version-negotiation-server +client = 1-version-negotiation-client + +[1-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[1-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = SSLv3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-1] +ExpectedResult = InternalError + + +# =========================================================== + +[2-version-negotiation] +ssl_conf = 2-version-negotiation-ssl + +[2-version-negotiation-ssl] +server = 2-version-negotiation-server +client = 2-version-negotiation-client + +[2-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[2-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = SSLv3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-2] +ExpectedResult = InternalError + + +# =========================================================== + +[3-version-negotiation] +ssl_conf = 3-version-negotiation-ssl + +[3-version-negotiation-ssl] +server = 3-version-negotiation-server +client = 3-version-negotiation-client + +[3-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[3-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = SSLv3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-3] +ExpectedResult = InternalError + + +# =========================================================== + +[4-version-negotiation] +ssl_conf = 4-version-negotiation-ssl + +[4-version-negotiation-ssl] +server = 4-version-negotiation-server +client = 4-version-negotiation-client + +[4-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[4-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = SSLv3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-4] +ExpectedResult = InternalError + + +# =========================================================== + +[5-version-negotiation] +ssl_conf = 5-version-negotiation-ssl + +[5-version-negotiation-ssl] +server = 5-version-negotiation-server +client = 5-version-negotiation-client + +[5-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = SSLv3 +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[5-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = SSLv3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-5] +ExpectedResult = InternalError + + +# =========================================================== + +[6-version-negotiation] +ssl_conf = 6-version-negotiation-ssl + +[6-version-negotiation-ssl] +server = 6-version-negotiation-server +client = 6-version-negotiation-client + +[6-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1 +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[6-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = SSLv3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-6] +ExpectedResult = InternalError + + +# =========================================================== + +[7-version-negotiation] +ssl_conf = 7-version-negotiation-ssl + +[7-version-negotiation-ssl] +server = 7-version-negotiation-server +client = 7-version-negotiation-client + +[7-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[7-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = SSLv3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-7] +ExpectedResult = InternalError + + +# =========================================================== + +[8-version-negotiation] +ssl_conf = 8-version-negotiation-ssl + +[8-version-negotiation-ssl] +server = 8-version-negotiation-server +client = 8-version-negotiation-client + +[8-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[8-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = SSLv3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-8] +ExpectedResult = InternalError + + +# =========================================================== + +[9-version-negotiation] +ssl_conf = 9-version-negotiation-ssl + +[9-version-negotiation-ssl] +server = 9-version-negotiation-server +client = 9-version-negotiation-client + +[9-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[9-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = SSLv3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-9] +ExpectedResult = InternalError + + +# =========================================================== + +[10-version-negotiation] +ssl_conf = 10-version-negotiation-ssl + +[10-version-negotiation-ssl] +server = 10-version-negotiation-server +client = 10-version-negotiation-client + +[10-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1 +MinProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[10-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = SSLv3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-10] +ExpectedResult = InternalError + + +# =========================================================== + +[11-version-negotiation] +ssl_conf = 11-version-negotiation-ssl + +[11-version-negotiation-ssl] +server = 11-version-negotiation-server +client = 11-version-negotiation-client + +[11-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[11-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = SSLv3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-11] +ExpectedResult = InternalError + + +# =========================================================== + +[12-version-negotiation] +ssl_conf = 12-version-negotiation-ssl + +[12-version-negotiation-ssl] +server = 12-version-negotiation-server +client = 12-version-negotiation-client + +[12-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[12-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = SSLv3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-12] +ExpectedResult = InternalError + + +# =========================================================== + +[13-version-negotiation] +ssl_conf = 13-version-negotiation-ssl + +[13-version-negotiation-ssl] +server = 13-version-negotiation-server +client = 13-version-negotiation-client + +[13-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MinProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[13-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = SSLv3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-13] +ExpectedResult = InternalError + + +# =========================================================== + +[14-version-negotiation] +ssl_conf = 14-version-negotiation-ssl + +[14-version-negotiation-ssl] +server = 14-version-negotiation-server +client = 14-version-negotiation-client + +[14-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1.1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[14-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = SSLv3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-14] +ExpectedResult = InternalError + + +# =========================================================== + +[15-version-negotiation] +ssl_conf = 15-version-negotiation-ssl + +[15-version-negotiation-ssl] +server = 15-version-negotiation-server +client = 15-version-negotiation-client + +[15-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[15-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = SSLv3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-15] +ExpectedResult = InternalError + + +# =========================================================== + +[16-version-negotiation] +ssl_conf = 16-version-negotiation-ssl + +[16-version-negotiation-ssl] +server = 16-version-negotiation-server +client = 16-version-negotiation-client + +[16-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MinProtocol = TLSv1.1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[16-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = SSLv3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-16] +ExpectedResult = InternalError + + +# =========================================================== + +[17-version-negotiation] +ssl_conf = 17-version-negotiation-ssl + +[17-version-negotiation-ssl] +server = 17-version-negotiation-server +client = 17-version-negotiation-client + +[17-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[17-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = SSLv3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-17] +ExpectedResult = InternalError + + +# =========================================================== + +[18-version-negotiation] +ssl_conf = 18-version-negotiation-ssl + +[18-version-negotiation-ssl] +server = 18-version-negotiation-server +client = 18-version-negotiation-client + +[18-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MinProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[18-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = SSLv3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-18] +ExpectedResult = InternalError + + +# =========================================================== + +[19-version-negotiation] +ssl_conf = 19-version-negotiation-ssl + +[19-version-negotiation-ssl] +server = 19-version-negotiation-server +client = 19-version-negotiation-client + +[19-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[19-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-19] +ExpectedResult = ServerFail + + +# =========================================================== + +[20-version-negotiation] +ssl_conf = 20-version-negotiation-ssl + +[20-version-negotiation-ssl] +server = 20-version-negotiation-server +client = 20-version-negotiation-client + +[20-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[20-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-20] +ExpectedProtocol = TLSv1 +ExpectedResult = Success + + +# =========================================================== + +[21-version-negotiation] +ssl_conf = 21-version-negotiation-ssl + +[21-version-negotiation-ssl] +server = 21-version-negotiation-server +client = 21-version-negotiation-client + +[21-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[21-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-21] +ExpectedProtocol = TLSv1 +ExpectedResult = Success + + +# =========================================================== + +[22-version-negotiation] +ssl_conf = 22-version-negotiation-ssl + +[22-version-negotiation-ssl] +server = 22-version-negotiation-server +client = 22-version-negotiation-client + +[22-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[22-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-22] +ExpectedProtocol = TLSv1 +ExpectedResult = Success + + +# =========================================================== + +[23-version-negotiation] +ssl_conf = 23-version-negotiation-ssl + +[23-version-negotiation-ssl] +server = 23-version-negotiation-server +client = 23-version-negotiation-client + +[23-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[23-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-23] +ExpectedProtocol = TLSv1 +ExpectedResult = Success + + +# =========================================================== + +[24-version-negotiation] +ssl_conf = 24-version-negotiation-ssl + +[24-version-negotiation-ssl] +server = 24-version-negotiation-server +client = 24-version-negotiation-client + +[24-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = SSLv3 +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[24-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-24] +ExpectedResult = ServerFail + + +# =========================================================== + +[25-version-negotiation] +ssl_conf = 25-version-negotiation-ssl + +[25-version-negotiation-ssl] +server = 25-version-negotiation-server +client = 25-version-negotiation-client + +[25-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1 +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[25-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-25] +ExpectedProtocol = TLSv1 +ExpectedResult = Success + + +# =========================================================== + +[26-version-negotiation] +ssl_conf = 26-version-negotiation-ssl + +[26-version-negotiation-ssl] +server = 26-version-negotiation-server +client = 26-version-negotiation-client + +[26-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[26-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-26] +ExpectedProtocol = TLSv1 +ExpectedResult = Success + + +# =========================================================== + +[27-version-negotiation] +ssl_conf = 27-version-negotiation-ssl + +[27-version-negotiation-ssl] +server = 27-version-negotiation-server +client = 27-version-negotiation-client + +[27-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[27-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-27] +ExpectedProtocol = TLSv1 +ExpectedResult = Success + + +# =========================================================== + +[28-version-negotiation] +ssl_conf = 28-version-negotiation-ssl + +[28-version-negotiation-ssl] +server = 28-version-negotiation-server +client = 28-version-negotiation-client + +[28-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[28-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-28] +ExpectedProtocol = TLSv1 +ExpectedResult = Success + + +# =========================================================== + +[29-version-negotiation] +ssl_conf = 29-version-negotiation-ssl + +[29-version-negotiation-ssl] +server = 29-version-negotiation-server +client = 29-version-negotiation-client + +[29-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1 +MinProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[29-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-29] +ExpectedProtocol = TLSv1 +ExpectedResult = Success + + +# =========================================================== + +[30-version-negotiation] +ssl_conf = 30-version-negotiation-ssl + +[30-version-negotiation-ssl] +server = 30-version-negotiation-server +client = 30-version-negotiation-client + +[30-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[30-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-30] +ExpectedProtocol = TLSv1 +ExpectedResult = Success + + +# =========================================================== + +[31-version-negotiation] +ssl_conf = 31-version-negotiation-ssl + +[31-version-negotiation-ssl] +server = 31-version-negotiation-server +client = 31-version-negotiation-client + +[31-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[31-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-31] +ExpectedProtocol = TLSv1 +ExpectedResult = Success + + +# =========================================================== + +[32-version-negotiation] +ssl_conf = 32-version-negotiation-ssl + +[32-version-negotiation-ssl] +server = 32-version-negotiation-server +client = 32-version-negotiation-client + +[32-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MinProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[32-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-32] +ExpectedProtocol = TLSv1 +ExpectedResult = Success + + +# =========================================================== + +[33-version-negotiation] +ssl_conf = 33-version-negotiation-ssl + +[33-version-negotiation-ssl] +server = 33-version-negotiation-server +client = 33-version-negotiation-client + +[33-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1.1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[33-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-33] +ExpectedResult = ServerFail + + +# =========================================================== + +[34-version-negotiation] +ssl_conf = 34-version-negotiation-ssl + +[34-version-negotiation-ssl] +server = 34-version-negotiation-server +client = 34-version-negotiation-client + +[34-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[34-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-34] +ExpectedResult = ServerFail + + +# =========================================================== + +[35-version-negotiation] +ssl_conf = 35-version-negotiation-ssl + +[35-version-negotiation-ssl] +server = 35-version-negotiation-server +client = 35-version-negotiation-client + +[35-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MinProtocol = TLSv1.1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[35-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-35] +ExpectedResult = ServerFail + + +# =========================================================== + +[36-version-negotiation] +ssl_conf = 36-version-negotiation-ssl + +[36-version-negotiation-ssl] +server = 36-version-negotiation-server +client = 36-version-negotiation-client + +[36-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[36-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-36] +ExpectedResult = ServerFail + + +# =========================================================== + +[37-version-negotiation] +ssl_conf = 37-version-negotiation-ssl + +[37-version-negotiation-ssl] +server = 37-version-negotiation-server +client = 37-version-negotiation-client + +[37-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MinProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[37-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-37] +ExpectedResult = ServerFail + + +# =========================================================== + +[38-version-negotiation] +ssl_conf = 38-version-negotiation-ssl + +[38-version-negotiation-ssl] +server = 38-version-negotiation-server +client = 38-version-negotiation-client + +[38-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[38-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-38] +ExpectedResult = ServerFail + + +# =========================================================== + +[39-version-negotiation] +ssl_conf = 39-version-negotiation-ssl + +[39-version-negotiation-ssl] +server = 39-version-negotiation-server +client = 39-version-negotiation-client + +[39-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[39-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-39] +ExpectedProtocol = TLSv1 +ExpectedResult = Success + + +# =========================================================== + +[40-version-negotiation] +ssl_conf = 40-version-negotiation-ssl + +[40-version-negotiation-ssl] +server = 40-version-negotiation-server +client = 40-version-negotiation-client + +[40-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[40-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-40] +ExpectedProtocol = TLSv1.1 +ExpectedResult = Success + + +# =========================================================== + +[41-version-negotiation] +ssl_conf = 41-version-negotiation-ssl + +[41-version-negotiation-ssl] +server = 41-version-negotiation-server +client = 41-version-negotiation-client + +[41-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[41-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-41] +ExpectedProtocol = TLSv1.1 +ExpectedResult = Success + + +# =========================================================== + +[42-version-negotiation] +ssl_conf = 42-version-negotiation-ssl + +[42-version-negotiation-ssl] +server = 42-version-negotiation-server +client = 42-version-negotiation-client + +[42-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[42-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-42] +ExpectedProtocol = TLSv1.1 +ExpectedResult = Success + + +# =========================================================== + +[43-version-negotiation] +ssl_conf = 43-version-negotiation-ssl + +[43-version-negotiation-ssl] +server = 43-version-negotiation-server +client = 43-version-negotiation-client + +[43-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = SSLv3 +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[43-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-43] +ExpectedResult = ServerFail + + +# =========================================================== + +[44-version-negotiation] +ssl_conf = 44-version-negotiation-ssl + +[44-version-negotiation-ssl] +server = 44-version-negotiation-server +client = 44-version-negotiation-client + +[44-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1 +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[44-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-44] +ExpectedProtocol = TLSv1 +ExpectedResult = Success + + +# =========================================================== + +[45-version-negotiation] +ssl_conf = 45-version-negotiation-ssl + +[45-version-negotiation-ssl] +server = 45-version-negotiation-server +client = 45-version-negotiation-client + +[45-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[45-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-45] +ExpectedProtocol = TLSv1.1 +ExpectedResult = Success + + +# =========================================================== + +[46-version-negotiation] +ssl_conf = 46-version-negotiation-ssl + +[46-version-negotiation-ssl] +server = 46-version-negotiation-server +client = 46-version-negotiation-client + +[46-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[46-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-46] +ExpectedProtocol = TLSv1.1 +ExpectedResult = Success + + +# =========================================================== + +[47-version-negotiation] +ssl_conf = 47-version-negotiation-ssl + +[47-version-negotiation-ssl] +server = 47-version-negotiation-server +client = 47-version-negotiation-client + +[47-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[47-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-47] +ExpectedProtocol = TLSv1.1 +ExpectedResult = Success + + +# =========================================================== + +[48-version-negotiation] +ssl_conf = 48-version-negotiation-ssl + +[48-version-negotiation-ssl] +server = 48-version-negotiation-server +client = 48-version-negotiation-client + +[48-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1 +MinProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[48-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-48] +ExpectedProtocol = TLSv1 +ExpectedResult = Success + + +# =========================================================== + +[49-version-negotiation] +ssl_conf = 49-version-negotiation-ssl + +[49-version-negotiation-ssl] +server = 49-version-negotiation-server +client = 49-version-negotiation-client + +[49-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[49-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-49] +ExpectedProtocol = TLSv1.1 +ExpectedResult = Success + + +# =========================================================== + +[50-version-negotiation] +ssl_conf = 50-version-negotiation-ssl + +[50-version-negotiation-ssl] +server = 50-version-negotiation-server +client = 50-version-negotiation-client + +[50-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[50-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-50] +ExpectedProtocol = TLSv1.1 +ExpectedResult = Success + + +# =========================================================== + +[51-version-negotiation] +ssl_conf = 51-version-negotiation-ssl + +[51-version-negotiation-ssl] +server = 51-version-negotiation-server +client = 51-version-negotiation-client + +[51-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MinProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[51-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-51] +ExpectedProtocol = TLSv1.1 +ExpectedResult = Success + + +# =========================================================== + +[52-version-negotiation] +ssl_conf = 52-version-negotiation-ssl + +[52-version-negotiation-ssl] +server = 52-version-negotiation-server +client = 52-version-negotiation-client + +[52-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1.1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[52-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-52] +ExpectedProtocol = TLSv1.1 +ExpectedResult = Success + + +# =========================================================== + +[53-version-negotiation] +ssl_conf = 53-version-negotiation-ssl + +[53-version-negotiation-ssl] +server = 53-version-negotiation-server +client = 53-version-negotiation-client + +[53-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[53-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-53] +ExpectedProtocol = TLSv1.1 +ExpectedResult = Success + + +# =========================================================== + +[54-version-negotiation] +ssl_conf = 54-version-negotiation-ssl + +[54-version-negotiation-ssl] +server = 54-version-negotiation-server +client = 54-version-negotiation-client + +[54-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MinProtocol = TLSv1.1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[54-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-54] +ExpectedProtocol = TLSv1.1 +ExpectedResult = Success + + +# =========================================================== + +[55-version-negotiation] +ssl_conf = 55-version-negotiation-ssl + +[55-version-negotiation-ssl] +server = 55-version-negotiation-server +client = 55-version-negotiation-client + +[55-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[55-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-55] +ExpectedResult = ServerFail + + +# =========================================================== + +[56-version-negotiation] +ssl_conf = 56-version-negotiation-ssl + +[56-version-negotiation-ssl] +server = 56-version-negotiation-server +client = 56-version-negotiation-client + +[56-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MinProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[56-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-56] +ExpectedResult = ServerFail + + +# =========================================================== + +[57-version-negotiation] +ssl_conf = 57-version-negotiation-ssl + +[57-version-negotiation-ssl] +server = 57-version-negotiation-server +client = 57-version-negotiation-client + +[57-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[57-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-57] +ExpectedResult = ServerFail + + +# =========================================================== + +[58-version-negotiation] +ssl_conf = 58-version-negotiation-ssl + +[58-version-negotiation-ssl] +server = 58-version-negotiation-server +client = 58-version-negotiation-client + +[58-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[58-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-58] +ExpectedProtocol = TLSv1 +ExpectedResult = Success + + +# =========================================================== + +[59-version-negotiation] +ssl_conf = 59-version-negotiation-ssl + +[59-version-negotiation-ssl] +server = 59-version-negotiation-server +client = 59-version-negotiation-client + +[59-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[59-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-59] +ExpectedProtocol = TLSv1.1 +ExpectedResult = Success + + +# =========================================================== + +[60-version-negotiation] +ssl_conf = 60-version-negotiation-ssl + +[60-version-negotiation-ssl] +server = 60-version-negotiation-server +client = 60-version-negotiation-client + +[60-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[60-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-60] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[61-version-negotiation] +ssl_conf = 61-version-negotiation-ssl + +[61-version-negotiation-ssl] +server = 61-version-negotiation-server +client = 61-version-negotiation-client + +[61-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[61-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-61] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[62-version-negotiation] +ssl_conf = 62-version-negotiation-ssl + +[62-version-negotiation-ssl] +server = 62-version-negotiation-server +client = 62-version-negotiation-client + +[62-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = SSLv3 +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[62-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-62] +ExpectedResult = ServerFail + + +# =========================================================== + +[63-version-negotiation] +ssl_conf = 63-version-negotiation-ssl + +[63-version-negotiation-ssl] +server = 63-version-negotiation-server +client = 63-version-negotiation-client + +[63-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1 +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[63-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-63] +ExpectedProtocol = TLSv1 +ExpectedResult = Success + + +# =========================================================== + +[64-version-negotiation] +ssl_conf = 64-version-negotiation-ssl + +[64-version-negotiation-ssl] +server = 64-version-negotiation-server +client = 64-version-negotiation-client + +[64-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[64-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-64] +ExpectedProtocol = TLSv1.1 +ExpectedResult = Success + + +# =========================================================== + +[65-version-negotiation] +ssl_conf = 65-version-negotiation-ssl + +[65-version-negotiation-ssl] +server = 65-version-negotiation-server +client = 65-version-negotiation-client + +[65-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[65-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-65] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[66-version-negotiation] +ssl_conf = 66-version-negotiation-ssl + +[66-version-negotiation-ssl] +server = 66-version-negotiation-server +client = 66-version-negotiation-client + +[66-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[66-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-66] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[67-version-negotiation] +ssl_conf = 67-version-negotiation-ssl + +[67-version-negotiation-ssl] +server = 67-version-negotiation-server +client = 67-version-negotiation-client + +[67-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1 +MinProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[67-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-67] +ExpectedProtocol = TLSv1 +ExpectedResult = Success + + +# =========================================================== + +[68-version-negotiation] +ssl_conf = 68-version-negotiation-ssl + +[68-version-negotiation-ssl] +server = 68-version-negotiation-server +client = 68-version-negotiation-client + +[68-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[68-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-68] +ExpectedProtocol = TLSv1.1 +ExpectedResult = Success + + +# =========================================================== + +[69-version-negotiation] +ssl_conf = 69-version-negotiation-ssl + +[69-version-negotiation-ssl] +server = 69-version-negotiation-server +client = 69-version-negotiation-client + +[69-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[69-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-69] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[70-version-negotiation] +ssl_conf = 70-version-negotiation-ssl + +[70-version-negotiation-ssl] +server = 70-version-negotiation-server +client = 70-version-negotiation-client + +[70-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MinProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[70-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-70] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[71-version-negotiation] +ssl_conf = 71-version-negotiation-ssl + +[71-version-negotiation-ssl] +server = 71-version-negotiation-server +client = 71-version-negotiation-client + +[71-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1.1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[71-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-71] +ExpectedProtocol = TLSv1.1 +ExpectedResult = Success + + +# =========================================================== + +[72-version-negotiation] +ssl_conf = 72-version-negotiation-ssl + +[72-version-negotiation-ssl] +server = 72-version-negotiation-server +client = 72-version-negotiation-client + +[72-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[72-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-72] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[73-version-negotiation] +ssl_conf = 73-version-negotiation-ssl + +[73-version-negotiation-ssl] +server = 73-version-negotiation-server +client = 73-version-negotiation-client + +[73-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MinProtocol = TLSv1.1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[73-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-73] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[74-version-negotiation] +ssl_conf = 74-version-negotiation-ssl + +[74-version-negotiation-ssl] +server = 74-version-negotiation-server +client = 74-version-negotiation-client + +[74-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[74-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-74] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[75-version-negotiation] +ssl_conf = 75-version-negotiation-ssl + +[75-version-negotiation-ssl] +server = 75-version-negotiation-server +client = 75-version-negotiation-client + +[75-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MinProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[75-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-75] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[76-version-negotiation] +ssl_conf = 76-version-negotiation-ssl + +[76-version-negotiation-ssl] +server = 76-version-negotiation-server +client = 76-version-negotiation-client + +[76-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[76-version-negotiation-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-76] +ExpectedResult = ServerFail + + +# =========================================================== + +[77-version-negotiation] +ssl_conf = 77-version-negotiation-ssl + +[77-version-negotiation-ssl] +server = 77-version-negotiation-server +client = 77-version-negotiation-client + +[77-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[77-version-negotiation-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-77] +ExpectedProtocol = TLSv1 +ExpectedResult = Success + + +# =========================================================== + +[78-version-negotiation] +ssl_conf = 78-version-negotiation-ssl + +[78-version-negotiation-ssl] +server = 78-version-negotiation-server +client = 78-version-negotiation-client + +[78-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[78-version-negotiation-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-78] +ExpectedProtocol = TLSv1.1 +ExpectedResult = Success + + +# =========================================================== + +[79-version-negotiation] +ssl_conf = 79-version-negotiation-ssl + +[79-version-negotiation-ssl] +server = 79-version-negotiation-server +client = 79-version-negotiation-client + +[79-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[79-version-negotiation-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-79] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[80-version-negotiation] +ssl_conf = 80-version-negotiation-ssl + +[80-version-negotiation-ssl] +server = 80-version-negotiation-server +client = 80-version-negotiation-client + +[80-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[80-version-negotiation-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-80] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[81-version-negotiation] +ssl_conf = 81-version-negotiation-ssl + +[81-version-negotiation-ssl] +server = 81-version-negotiation-server +client = 81-version-negotiation-client + +[81-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = SSLv3 +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[81-version-negotiation-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-81] +ExpectedResult = ServerFail + + +# =========================================================== + +[82-version-negotiation] +ssl_conf = 82-version-negotiation-ssl + +[82-version-negotiation-ssl] +server = 82-version-negotiation-server +client = 82-version-negotiation-client + +[82-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1 +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[82-version-negotiation-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-82] +ExpectedProtocol = TLSv1 +ExpectedResult = Success + + +# =========================================================== + +[83-version-negotiation] +ssl_conf = 83-version-negotiation-ssl + +[83-version-negotiation-ssl] +server = 83-version-negotiation-server +client = 83-version-negotiation-client + +[83-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[83-version-negotiation-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-83] +ExpectedProtocol = TLSv1.1 +ExpectedResult = Success + + +# =========================================================== + +[84-version-negotiation] +ssl_conf = 84-version-negotiation-ssl + +[84-version-negotiation-ssl] +server = 84-version-negotiation-server +client = 84-version-negotiation-client + +[84-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[84-version-negotiation-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-84] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[85-version-negotiation] +ssl_conf = 85-version-negotiation-ssl + +[85-version-negotiation-ssl] +server = 85-version-negotiation-server +client = 85-version-negotiation-client + +[85-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[85-version-negotiation-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-85] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[86-version-negotiation] +ssl_conf = 86-version-negotiation-ssl + +[86-version-negotiation-ssl] +server = 86-version-negotiation-server +client = 86-version-negotiation-client + +[86-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1 +MinProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[86-version-negotiation-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-86] +ExpectedProtocol = TLSv1 +ExpectedResult = Success + + +# =========================================================== + +[87-version-negotiation] +ssl_conf = 87-version-negotiation-ssl + +[87-version-negotiation-ssl] +server = 87-version-negotiation-server +client = 87-version-negotiation-client + +[87-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[87-version-negotiation-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-87] +ExpectedProtocol = TLSv1.1 +ExpectedResult = Success + + +# =========================================================== + +[88-version-negotiation] +ssl_conf = 88-version-negotiation-ssl + +[88-version-negotiation-ssl] +server = 88-version-negotiation-server +client = 88-version-negotiation-client + +[88-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[88-version-negotiation-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-88] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[89-version-negotiation] +ssl_conf = 89-version-negotiation-ssl + +[89-version-negotiation-ssl] +server = 89-version-negotiation-server +client = 89-version-negotiation-client + +[89-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MinProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[89-version-negotiation-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-89] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[90-version-negotiation] +ssl_conf = 90-version-negotiation-ssl + +[90-version-negotiation-ssl] +server = 90-version-negotiation-server +client = 90-version-negotiation-client + +[90-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1.1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[90-version-negotiation-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-90] +ExpectedProtocol = TLSv1.1 +ExpectedResult = Success + + +# =========================================================== + +[91-version-negotiation] +ssl_conf = 91-version-negotiation-ssl + +[91-version-negotiation-ssl] +server = 91-version-negotiation-server +client = 91-version-negotiation-client + +[91-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[91-version-negotiation-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-91] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[92-version-negotiation] +ssl_conf = 92-version-negotiation-ssl + +[92-version-negotiation-ssl] +server = 92-version-negotiation-server +client = 92-version-negotiation-client + +[92-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MinProtocol = TLSv1.1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[92-version-negotiation-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-92] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[93-version-negotiation] +ssl_conf = 93-version-negotiation-ssl + +[93-version-negotiation-ssl] +server = 93-version-negotiation-server +client = 93-version-negotiation-client + +[93-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[93-version-negotiation-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-93] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[94-version-negotiation] +ssl_conf = 94-version-negotiation-ssl + +[94-version-negotiation-ssl] +server = 94-version-negotiation-server +client = 94-version-negotiation-client + +[94-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MinProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[94-version-negotiation-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-94] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[95-version-negotiation] +ssl_conf = 95-version-negotiation-ssl + +[95-version-negotiation-ssl] +server = 95-version-negotiation-server +client = 95-version-negotiation-client + +[95-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[95-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = SSLv3 +MinProtocol = SSLv3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-95] +ExpectedResult = InternalError + + +# =========================================================== + +[96-version-negotiation] +ssl_conf = 96-version-negotiation-ssl + +[96-version-negotiation-ssl] +server = 96-version-negotiation-server +client = 96-version-negotiation-client + +[96-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[96-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = SSLv3 +MinProtocol = SSLv3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-96] +ExpectedResult = InternalError + + +# =========================================================== + +[97-version-negotiation] +ssl_conf = 97-version-negotiation-ssl + +[97-version-negotiation-ssl] +server = 97-version-negotiation-server +client = 97-version-negotiation-client + +[97-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[97-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = SSLv3 +MinProtocol = SSLv3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-97] +ExpectedResult = InternalError + + +# =========================================================== + +[98-version-negotiation] +ssl_conf = 98-version-negotiation-ssl + +[98-version-negotiation-ssl] +server = 98-version-negotiation-server +client = 98-version-negotiation-client + +[98-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[98-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = SSLv3 +MinProtocol = SSLv3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-98] +ExpectedResult = InternalError + + +# =========================================================== + +[99-version-negotiation] +ssl_conf = 99-version-negotiation-ssl + +[99-version-negotiation-ssl] +server = 99-version-negotiation-server +client = 99-version-negotiation-client + +[99-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[99-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = SSLv3 +MinProtocol = SSLv3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-99] +ExpectedResult = InternalError + + +# =========================================================== + +[100-version-negotiation] +ssl_conf = 100-version-negotiation-ssl + +[100-version-negotiation-ssl] +server = 100-version-negotiation-server +client = 100-version-negotiation-client + +[100-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = SSLv3 +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[100-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = SSLv3 +MinProtocol = SSLv3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-100] +ExpectedResult = InternalError + + +# =========================================================== + +[101-version-negotiation] +ssl_conf = 101-version-negotiation-ssl + +[101-version-negotiation-ssl] +server = 101-version-negotiation-server +client = 101-version-negotiation-client + +[101-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1 +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[101-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = SSLv3 +MinProtocol = SSLv3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-101] +ExpectedResult = InternalError + + +# =========================================================== + +[102-version-negotiation] +ssl_conf = 102-version-negotiation-ssl + +[102-version-negotiation-ssl] +server = 102-version-negotiation-server +client = 102-version-negotiation-client + +[102-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[102-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = SSLv3 +MinProtocol = SSLv3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-102] +ExpectedResult = InternalError + + +# =========================================================== + +[103-version-negotiation] +ssl_conf = 103-version-negotiation-ssl + +[103-version-negotiation-ssl] +server = 103-version-negotiation-server +client = 103-version-negotiation-client + +[103-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[103-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = SSLv3 +MinProtocol = SSLv3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-103] +ExpectedResult = InternalError + + +# =========================================================== + +[104-version-negotiation] +ssl_conf = 104-version-negotiation-ssl + +[104-version-negotiation-ssl] +server = 104-version-negotiation-server +client = 104-version-negotiation-client + +[104-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[104-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = SSLv3 +MinProtocol = SSLv3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-104] +ExpectedResult = InternalError + + +# =========================================================== + +[105-version-negotiation] +ssl_conf = 105-version-negotiation-ssl + +[105-version-negotiation-ssl] +server = 105-version-negotiation-server +client = 105-version-negotiation-client + +[105-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1 +MinProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[105-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = SSLv3 +MinProtocol = SSLv3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-105] +ExpectedResult = InternalError + + +# =========================================================== + +[106-version-negotiation] +ssl_conf = 106-version-negotiation-ssl + +[106-version-negotiation-ssl] +server = 106-version-negotiation-server +client = 106-version-negotiation-client + +[106-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[106-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = SSLv3 +MinProtocol = SSLv3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-106] +ExpectedResult = InternalError + + +# =========================================================== + +[107-version-negotiation] +ssl_conf = 107-version-negotiation-ssl + +[107-version-negotiation-ssl] +server = 107-version-negotiation-server +client = 107-version-negotiation-client + +[107-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[107-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = SSLv3 +MinProtocol = SSLv3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-107] +ExpectedResult = InternalError + + +# =========================================================== + +[108-version-negotiation] +ssl_conf = 108-version-negotiation-ssl + +[108-version-negotiation-ssl] +server = 108-version-negotiation-server +client = 108-version-negotiation-client + +[108-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MinProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[108-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = SSLv3 +MinProtocol = SSLv3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-108] +ExpectedResult = InternalError + + +# =========================================================== + +[109-version-negotiation] +ssl_conf = 109-version-negotiation-ssl + +[109-version-negotiation-ssl] +server = 109-version-negotiation-server +client = 109-version-negotiation-client + +[109-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1.1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[109-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = SSLv3 +MinProtocol = SSLv3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-109] +ExpectedResult = InternalError + + +# =========================================================== + +[110-version-negotiation] +ssl_conf = 110-version-negotiation-ssl + +[110-version-negotiation-ssl] +server = 110-version-negotiation-server +client = 110-version-negotiation-client + +[110-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[110-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = SSLv3 +MinProtocol = SSLv3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-110] +ExpectedResult = InternalError + + +# =========================================================== + +[111-version-negotiation] +ssl_conf = 111-version-negotiation-ssl + +[111-version-negotiation-ssl] +server = 111-version-negotiation-server +client = 111-version-negotiation-client + +[111-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MinProtocol = TLSv1.1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[111-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = SSLv3 +MinProtocol = SSLv3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-111] +ExpectedResult = InternalError + + +# =========================================================== + +[112-version-negotiation] +ssl_conf = 112-version-negotiation-ssl + +[112-version-negotiation-ssl] +server = 112-version-negotiation-server +client = 112-version-negotiation-client + +[112-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[112-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = SSLv3 +MinProtocol = SSLv3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-112] +ExpectedResult = InternalError + + +# =========================================================== + +[113-version-negotiation] +ssl_conf = 113-version-negotiation-ssl + +[113-version-negotiation-ssl] +server = 113-version-negotiation-server +client = 113-version-negotiation-client + +[113-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MinProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[113-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = SSLv3 +MinProtocol = SSLv3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-113] +ExpectedResult = InternalError + + +# =========================================================== + +[114-version-negotiation] +ssl_conf = 114-version-negotiation-ssl + +[114-version-negotiation-ssl] +server = 114-version-negotiation-server +client = 114-version-negotiation-client + +[114-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[114-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1 +MinProtocol = SSLv3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-114] +ExpectedResult = ServerFail + + +# =========================================================== + +[115-version-negotiation] +ssl_conf = 115-version-negotiation-ssl + +[115-version-negotiation-ssl] +server = 115-version-negotiation-server +client = 115-version-negotiation-client + +[115-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[115-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1 +MinProtocol = SSLv3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-115] +ExpectedProtocol = TLSv1 +ExpectedResult = Success + + +# =========================================================== + +[116-version-negotiation] +ssl_conf = 116-version-negotiation-ssl + +[116-version-negotiation-ssl] +server = 116-version-negotiation-server +client = 116-version-negotiation-client + +[116-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[116-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1 +MinProtocol = SSLv3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-116] +ExpectedProtocol = TLSv1 +ExpectedResult = Success + + +# =========================================================== + +[117-version-negotiation] +ssl_conf = 117-version-negotiation-ssl + +[117-version-negotiation-ssl] +server = 117-version-negotiation-server +client = 117-version-negotiation-client + +[117-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[117-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1 +MinProtocol = SSLv3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-117] +ExpectedProtocol = TLSv1 +ExpectedResult = Success + + +# =========================================================== + +[118-version-negotiation] +ssl_conf = 118-version-negotiation-ssl + +[118-version-negotiation-ssl] +server = 118-version-negotiation-server +client = 118-version-negotiation-client + +[118-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[118-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1 +MinProtocol = SSLv3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-118] +ExpectedProtocol = TLSv1 +ExpectedResult = Success + + +# =========================================================== + +[119-version-negotiation] +ssl_conf = 119-version-negotiation-ssl + +[119-version-negotiation-ssl] +server = 119-version-negotiation-server +client = 119-version-negotiation-client + +[119-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = SSLv3 +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[119-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1 +MinProtocol = SSLv3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-119] +ExpectedResult = ServerFail + + +# =========================================================== + +[120-version-negotiation] +ssl_conf = 120-version-negotiation-ssl + +[120-version-negotiation-ssl] +server = 120-version-negotiation-server +client = 120-version-negotiation-client + +[120-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1 +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[120-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1 +MinProtocol = SSLv3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-120] +ExpectedProtocol = TLSv1 +ExpectedResult = Success + + +# =========================================================== + +[121-version-negotiation] +ssl_conf = 121-version-negotiation-ssl + +[121-version-negotiation-ssl] +server = 121-version-negotiation-server +client = 121-version-negotiation-client + +[121-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[121-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1 +MinProtocol = SSLv3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-121] +ExpectedProtocol = TLSv1 +ExpectedResult = Success + + +# =========================================================== + +[122-version-negotiation] +ssl_conf = 122-version-negotiation-ssl + +[122-version-negotiation-ssl] +server = 122-version-negotiation-server +client = 122-version-negotiation-client + +[122-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[122-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1 +MinProtocol = SSLv3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-122] +ExpectedProtocol = TLSv1 +ExpectedResult = Success + + +# =========================================================== + +[123-version-negotiation] +ssl_conf = 123-version-negotiation-ssl + +[123-version-negotiation-ssl] +server = 123-version-negotiation-server +client = 123-version-negotiation-client + +[123-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[123-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1 +MinProtocol = SSLv3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-123] +ExpectedProtocol = TLSv1 +ExpectedResult = Success + + +# =========================================================== + +[124-version-negotiation] +ssl_conf = 124-version-negotiation-ssl + +[124-version-negotiation-ssl] +server = 124-version-negotiation-server +client = 124-version-negotiation-client + +[124-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1 +MinProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[124-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1 +MinProtocol = SSLv3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-124] +ExpectedProtocol = TLSv1 +ExpectedResult = Success + + +# =========================================================== + +[125-version-negotiation] +ssl_conf = 125-version-negotiation-ssl + +[125-version-negotiation-ssl] +server = 125-version-negotiation-server +client = 125-version-negotiation-client + +[125-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[125-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1 +MinProtocol = SSLv3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-125] +ExpectedProtocol = TLSv1 +ExpectedResult = Success + + +# =========================================================== + +[126-version-negotiation] +ssl_conf = 126-version-negotiation-ssl + +[126-version-negotiation-ssl] +server = 126-version-negotiation-server +client = 126-version-negotiation-client + +[126-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[126-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1 +MinProtocol = SSLv3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-126] +ExpectedProtocol = TLSv1 +ExpectedResult = Success + + +# =========================================================== + +[127-version-negotiation] +ssl_conf = 127-version-negotiation-ssl + +[127-version-negotiation-ssl] +server = 127-version-negotiation-server +client = 127-version-negotiation-client + +[127-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MinProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[127-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1 +MinProtocol = SSLv3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-127] +ExpectedProtocol = TLSv1 +ExpectedResult = Success + + +# =========================================================== + +[128-version-negotiation] +ssl_conf = 128-version-negotiation-ssl + +[128-version-negotiation-ssl] +server = 128-version-negotiation-server +client = 128-version-negotiation-client + +[128-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1.1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[128-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1 +MinProtocol = SSLv3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-128] +ExpectedResult = ServerFail + + +# =========================================================== + +[129-version-negotiation] +ssl_conf = 129-version-negotiation-ssl + +[129-version-negotiation-ssl] +server = 129-version-negotiation-server +client = 129-version-negotiation-client + +[129-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[129-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1 +MinProtocol = SSLv3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-129] +ExpectedResult = ServerFail + + +# =========================================================== + +[130-version-negotiation] +ssl_conf = 130-version-negotiation-ssl + +[130-version-negotiation-ssl] +server = 130-version-negotiation-server +client = 130-version-negotiation-client + +[130-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MinProtocol = TLSv1.1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[130-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1 +MinProtocol = SSLv3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-130] +ExpectedResult = ServerFail + + +# =========================================================== + +[131-version-negotiation] +ssl_conf = 131-version-negotiation-ssl + +[131-version-negotiation-ssl] +server = 131-version-negotiation-server +client = 131-version-negotiation-client + +[131-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[131-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1 +MinProtocol = SSLv3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-131] +ExpectedResult = ServerFail + + +# =========================================================== + +[132-version-negotiation] +ssl_conf = 132-version-negotiation-ssl + +[132-version-negotiation-ssl] +server = 132-version-negotiation-server +client = 132-version-negotiation-client + +[132-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MinProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[132-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1 +MinProtocol = SSLv3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-132] +ExpectedResult = ServerFail + + +# =========================================================== + +[133-version-negotiation] +ssl_conf = 133-version-negotiation-ssl + +[133-version-negotiation-ssl] +server = 133-version-negotiation-server +client = 133-version-negotiation-client + +[133-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[133-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = SSLv3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-133] +ExpectedResult = ServerFail + + +# =========================================================== + +[134-version-negotiation] +ssl_conf = 134-version-negotiation-ssl + +[134-version-negotiation-ssl] +server = 134-version-negotiation-server +client = 134-version-negotiation-client + +[134-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[134-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = SSLv3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-134] +ExpectedProtocol = TLSv1 +ExpectedResult = Success + + +# =========================================================== + +[135-version-negotiation] +ssl_conf = 135-version-negotiation-ssl + +[135-version-negotiation-ssl] +server = 135-version-negotiation-server +client = 135-version-negotiation-client + +[135-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[135-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = SSLv3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-135] +ExpectedProtocol = TLSv1.1 +ExpectedResult = Success + + +# =========================================================== + +[136-version-negotiation] +ssl_conf = 136-version-negotiation-ssl + +[136-version-negotiation-ssl] +server = 136-version-negotiation-server +client = 136-version-negotiation-client + +[136-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[136-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = SSLv3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-136] +ExpectedProtocol = TLSv1.1 +ExpectedResult = Success + + +# =========================================================== + +[137-version-negotiation] +ssl_conf = 137-version-negotiation-ssl + +[137-version-negotiation-ssl] +server = 137-version-negotiation-server +client = 137-version-negotiation-client + +[137-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[137-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = SSLv3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-137] +ExpectedProtocol = TLSv1.1 +ExpectedResult = Success + + +# =========================================================== + +[138-version-negotiation] +ssl_conf = 138-version-negotiation-ssl + +[138-version-negotiation-ssl] +server = 138-version-negotiation-server +client = 138-version-negotiation-client + +[138-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = SSLv3 +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[138-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = SSLv3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-138] +ExpectedResult = ServerFail + + +# =========================================================== + +[139-version-negotiation] +ssl_conf = 139-version-negotiation-ssl + +[139-version-negotiation-ssl] +server = 139-version-negotiation-server +client = 139-version-negotiation-client + +[139-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1 +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[139-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = SSLv3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-139] +ExpectedProtocol = TLSv1 +ExpectedResult = Success + + +# =========================================================== + +[140-version-negotiation] +ssl_conf = 140-version-negotiation-ssl + +[140-version-negotiation-ssl] +server = 140-version-negotiation-server +client = 140-version-negotiation-client + +[140-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[140-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = SSLv3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-140] +ExpectedProtocol = TLSv1.1 +ExpectedResult = Success + + +# =========================================================== + +[141-version-negotiation] +ssl_conf = 141-version-negotiation-ssl + +[141-version-negotiation-ssl] +server = 141-version-negotiation-server +client = 141-version-negotiation-client + +[141-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[141-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = SSLv3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-141] +ExpectedProtocol = TLSv1.1 +ExpectedResult = Success + + +# =========================================================== + +[142-version-negotiation] +ssl_conf = 142-version-negotiation-ssl + +[142-version-negotiation-ssl] +server = 142-version-negotiation-server +client = 142-version-negotiation-client + +[142-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[142-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = SSLv3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-142] +ExpectedProtocol = TLSv1.1 +ExpectedResult = Success + + +# =========================================================== + +[143-version-negotiation] +ssl_conf = 143-version-negotiation-ssl + +[143-version-negotiation-ssl] +server = 143-version-negotiation-server +client = 143-version-negotiation-client + +[143-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1 +MinProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[143-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = SSLv3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-143] +ExpectedProtocol = TLSv1 +ExpectedResult = Success + + +# =========================================================== + +[144-version-negotiation] +ssl_conf = 144-version-negotiation-ssl + +[144-version-negotiation-ssl] +server = 144-version-negotiation-server +client = 144-version-negotiation-client + +[144-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[144-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = SSLv3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-144] +ExpectedProtocol = TLSv1.1 +ExpectedResult = Success + + +# =========================================================== + +[145-version-negotiation] +ssl_conf = 145-version-negotiation-ssl + +[145-version-negotiation-ssl] +server = 145-version-negotiation-server +client = 145-version-negotiation-client + +[145-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[145-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = SSLv3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-145] +ExpectedProtocol = TLSv1.1 +ExpectedResult = Success + + +# =========================================================== + +[146-version-negotiation] +ssl_conf = 146-version-negotiation-ssl + +[146-version-negotiation-ssl] +server = 146-version-negotiation-server +client = 146-version-negotiation-client + +[146-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MinProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[146-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = SSLv3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-146] +ExpectedProtocol = TLSv1.1 +ExpectedResult = Success + + +# =========================================================== + +[147-version-negotiation] +ssl_conf = 147-version-negotiation-ssl + +[147-version-negotiation-ssl] +server = 147-version-negotiation-server +client = 147-version-negotiation-client + +[147-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1.1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[147-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = SSLv3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-147] +ExpectedProtocol = TLSv1.1 +ExpectedResult = Success + + +# =========================================================== + +[148-version-negotiation] +ssl_conf = 148-version-negotiation-ssl + +[148-version-negotiation-ssl] +server = 148-version-negotiation-server +client = 148-version-negotiation-client + +[148-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[148-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = SSLv3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-148] +ExpectedProtocol = TLSv1.1 +ExpectedResult = Success + + +# =========================================================== + +[149-version-negotiation] +ssl_conf = 149-version-negotiation-ssl + +[149-version-negotiation-ssl] +server = 149-version-negotiation-server +client = 149-version-negotiation-client + +[149-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MinProtocol = TLSv1.1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[149-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = SSLv3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-149] +ExpectedProtocol = TLSv1.1 +ExpectedResult = Success + + +# =========================================================== + +[150-version-negotiation] +ssl_conf = 150-version-negotiation-ssl + +[150-version-negotiation-ssl] +server = 150-version-negotiation-server +client = 150-version-negotiation-client + +[150-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[150-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = SSLv3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-150] +ExpectedResult = ServerFail + + +# =========================================================== + +[151-version-negotiation] +ssl_conf = 151-version-negotiation-ssl + +[151-version-negotiation-ssl] +server = 151-version-negotiation-server +client = 151-version-negotiation-client + +[151-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MinProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[151-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = SSLv3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-151] +ExpectedResult = ServerFail + + +# =========================================================== + +[152-version-negotiation] +ssl_conf = 152-version-negotiation-ssl + +[152-version-negotiation-ssl] +server = 152-version-negotiation-server +client = 152-version-negotiation-client + +[152-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[152-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = SSLv3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-152] +ExpectedResult = ServerFail + + +# =========================================================== + +[153-version-negotiation] +ssl_conf = 153-version-negotiation-ssl + +[153-version-negotiation-ssl] +server = 153-version-negotiation-server +client = 153-version-negotiation-client + +[153-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[153-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = SSLv3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-153] +ExpectedProtocol = TLSv1 +ExpectedResult = Success + + +# =========================================================== + +[154-version-negotiation] +ssl_conf = 154-version-negotiation-ssl + +[154-version-negotiation-ssl] +server = 154-version-negotiation-server +client = 154-version-negotiation-client + +[154-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[154-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = SSLv3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-154] +ExpectedProtocol = TLSv1.1 +ExpectedResult = Success + + +# =========================================================== + +[155-version-negotiation] +ssl_conf = 155-version-negotiation-ssl + +[155-version-negotiation-ssl] +server = 155-version-negotiation-server +client = 155-version-negotiation-client + +[155-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[155-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = SSLv3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-155] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[156-version-negotiation] +ssl_conf = 156-version-negotiation-ssl + +[156-version-negotiation-ssl] +server = 156-version-negotiation-server +client = 156-version-negotiation-client + +[156-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[156-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = SSLv3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-156] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[157-version-negotiation] +ssl_conf = 157-version-negotiation-ssl + +[157-version-negotiation-ssl] +server = 157-version-negotiation-server +client = 157-version-negotiation-client + +[157-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = SSLv3 +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[157-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = SSLv3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-157] +ExpectedResult = ServerFail + + +# =========================================================== + +[158-version-negotiation] +ssl_conf = 158-version-negotiation-ssl + +[158-version-negotiation-ssl] +server = 158-version-negotiation-server +client = 158-version-negotiation-client + +[158-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1 +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[158-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = SSLv3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-158] +ExpectedProtocol = TLSv1 +ExpectedResult = Success + + +# =========================================================== + +[159-version-negotiation] +ssl_conf = 159-version-negotiation-ssl + +[159-version-negotiation-ssl] +server = 159-version-negotiation-server +client = 159-version-negotiation-client + +[159-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[159-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = SSLv3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-159] +ExpectedProtocol = TLSv1.1 +ExpectedResult = Success + + +# =========================================================== + +[160-version-negotiation] +ssl_conf = 160-version-negotiation-ssl + +[160-version-negotiation-ssl] +server = 160-version-negotiation-server +client = 160-version-negotiation-client + +[160-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[160-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = SSLv3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-160] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[161-version-negotiation] +ssl_conf = 161-version-negotiation-ssl + +[161-version-negotiation-ssl] +server = 161-version-negotiation-server +client = 161-version-negotiation-client + +[161-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[161-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = SSLv3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-161] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[162-version-negotiation] +ssl_conf = 162-version-negotiation-ssl + +[162-version-negotiation-ssl] +server = 162-version-negotiation-server +client = 162-version-negotiation-client + +[162-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1 +MinProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[162-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = SSLv3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-162] +ExpectedProtocol = TLSv1 +ExpectedResult = Success + + +# =========================================================== + +[163-version-negotiation] +ssl_conf = 163-version-negotiation-ssl + +[163-version-negotiation-ssl] +server = 163-version-negotiation-server +client = 163-version-negotiation-client + +[163-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[163-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = SSLv3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-163] +ExpectedProtocol = TLSv1.1 +ExpectedResult = Success + + +# =========================================================== + +[164-version-negotiation] +ssl_conf = 164-version-negotiation-ssl + +[164-version-negotiation-ssl] +server = 164-version-negotiation-server +client = 164-version-negotiation-client + +[164-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[164-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = SSLv3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-164] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[165-version-negotiation] +ssl_conf = 165-version-negotiation-ssl + +[165-version-negotiation-ssl] +server = 165-version-negotiation-server +client = 165-version-negotiation-client + +[165-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MinProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[165-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = SSLv3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-165] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[166-version-negotiation] +ssl_conf = 166-version-negotiation-ssl + +[166-version-negotiation-ssl] +server = 166-version-negotiation-server +client = 166-version-negotiation-client + +[166-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1.1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[166-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = SSLv3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-166] +ExpectedProtocol = TLSv1.1 +ExpectedResult = Success + + +# =========================================================== + +[167-version-negotiation] +ssl_conf = 167-version-negotiation-ssl + +[167-version-negotiation-ssl] +server = 167-version-negotiation-server +client = 167-version-negotiation-client + +[167-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[167-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = SSLv3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-167] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[168-version-negotiation] +ssl_conf = 168-version-negotiation-ssl + +[168-version-negotiation-ssl] +server = 168-version-negotiation-server +client = 168-version-negotiation-client + +[168-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MinProtocol = TLSv1.1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[168-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = SSLv3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-168] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[169-version-negotiation] +ssl_conf = 169-version-negotiation-ssl + +[169-version-negotiation-ssl] +server = 169-version-negotiation-server +client = 169-version-negotiation-client + +[169-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[169-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = SSLv3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-169] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[170-version-negotiation] +ssl_conf = 170-version-negotiation-ssl + +[170-version-negotiation-ssl] +server = 170-version-negotiation-server +client = 170-version-negotiation-client + +[170-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MinProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[170-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = SSLv3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-170] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[171-version-negotiation] +ssl_conf = 171-version-negotiation-ssl + +[171-version-negotiation-ssl] +server = 171-version-negotiation-server +client = 171-version-negotiation-client + +[171-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[171-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = SSLv3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-171] +ExpectedResult = ServerFail + + +# =========================================================== + +[172-version-negotiation] +ssl_conf = 172-version-negotiation-ssl + +[172-version-negotiation-ssl] +server = 172-version-negotiation-server +client = 172-version-negotiation-client + +[172-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[172-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = SSLv3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-172] +ExpectedProtocol = TLSv1 +ExpectedResult = Success + + +# =========================================================== + +[173-version-negotiation] +ssl_conf = 173-version-negotiation-ssl + +[173-version-negotiation-ssl] +server = 173-version-negotiation-server +client = 173-version-negotiation-client + +[173-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[173-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = SSLv3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-173] +ExpectedProtocol = TLSv1.1 +ExpectedResult = Success + + +# =========================================================== + +[174-version-negotiation] +ssl_conf = 174-version-negotiation-ssl + +[174-version-negotiation-ssl] +server = 174-version-negotiation-server +client = 174-version-negotiation-client + +[174-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[174-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = SSLv3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-174] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[175-version-negotiation] +ssl_conf = 175-version-negotiation-ssl + +[175-version-negotiation-ssl] +server = 175-version-negotiation-server +client = 175-version-negotiation-client + +[175-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[175-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = SSLv3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-175] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[176-version-negotiation] +ssl_conf = 176-version-negotiation-ssl + +[176-version-negotiation-ssl] +server = 176-version-negotiation-server +client = 176-version-negotiation-client + +[176-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = SSLv3 +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[176-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = SSLv3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-176] +ExpectedResult = ServerFail + + +# =========================================================== + +[177-version-negotiation] +ssl_conf = 177-version-negotiation-ssl + +[177-version-negotiation-ssl] +server = 177-version-negotiation-server +client = 177-version-negotiation-client + +[177-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1 +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[177-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = SSLv3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-177] +ExpectedProtocol = TLSv1 +ExpectedResult = Success + + +# =========================================================== + +[178-version-negotiation] +ssl_conf = 178-version-negotiation-ssl + +[178-version-negotiation-ssl] +server = 178-version-negotiation-server +client = 178-version-negotiation-client + +[178-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[178-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = SSLv3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-178] +ExpectedProtocol = TLSv1.1 +ExpectedResult = Success + + +# =========================================================== + +[179-version-negotiation] +ssl_conf = 179-version-negotiation-ssl + +[179-version-negotiation-ssl] +server = 179-version-negotiation-server +client = 179-version-negotiation-client + +[179-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[179-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = SSLv3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-179] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[180-version-negotiation] +ssl_conf = 180-version-negotiation-ssl + +[180-version-negotiation-ssl] +server = 180-version-negotiation-server +client = 180-version-negotiation-client + +[180-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[180-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = SSLv3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-180] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[181-version-negotiation] +ssl_conf = 181-version-negotiation-ssl + +[181-version-negotiation-ssl] +server = 181-version-negotiation-server +client = 181-version-negotiation-client + +[181-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1 +MinProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[181-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = SSLv3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-181] +ExpectedProtocol = TLSv1 +ExpectedResult = Success + + +# =========================================================== + +[182-version-negotiation] +ssl_conf = 182-version-negotiation-ssl + +[182-version-negotiation-ssl] +server = 182-version-negotiation-server +client = 182-version-negotiation-client + +[182-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[182-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = SSLv3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-182] +ExpectedProtocol = TLSv1.1 +ExpectedResult = Success + + +# =========================================================== + +[183-version-negotiation] +ssl_conf = 183-version-negotiation-ssl + +[183-version-negotiation-ssl] +server = 183-version-negotiation-server +client = 183-version-negotiation-client + +[183-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[183-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = SSLv3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-183] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[184-version-negotiation] +ssl_conf = 184-version-negotiation-ssl + +[184-version-negotiation-ssl] +server = 184-version-negotiation-server +client = 184-version-negotiation-client + +[184-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MinProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[184-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = SSLv3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-184] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[185-version-negotiation] +ssl_conf = 185-version-negotiation-ssl + +[185-version-negotiation-ssl] +server = 185-version-negotiation-server +client = 185-version-negotiation-client + +[185-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1.1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[185-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = SSLv3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-185] +ExpectedProtocol = TLSv1.1 +ExpectedResult = Success + + +# =========================================================== + +[186-version-negotiation] +ssl_conf = 186-version-negotiation-ssl + +[186-version-negotiation-ssl] +server = 186-version-negotiation-server +client = 186-version-negotiation-client + +[186-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[186-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = SSLv3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-186] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[187-version-negotiation] +ssl_conf = 187-version-negotiation-ssl + +[187-version-negotiation-ssl] +server = 187-version-negotiation-server +client = 187-version-negotiation-client + +[187-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MinProtocol = TLSv1.1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[187-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = SSLv3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-187] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[188-version-negotiation] +ssl_conf = 188-version-negotiation-ssl + +[188-version-negotiation-ssl] +server = 188-version-negotiation-server +client = 188-version-negotiation-client + +[188-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[188-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = SSLv3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-188] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[189-version-negotiation] +ssl_conf = 189-version-negotiation-ssl + +[189-version-negotiation-ssl] +server = 189-version-negotiation-server +client = 189-version-negotiation-client + +[189-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MinProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[189-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = SSLv3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-189] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[190-version-negotiation] +ssl_conf = 190-version-negotiation-ssl + +[190-version-negotiation-ssl] +server = 190-version-negotiation-server +client = 190-version-negotiation-client + +[190-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[190-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1 +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-190] +ExpectedResult = ServerFail + + +# =========================================================== + +[191-version-negotiation] +ssl_conf = 191-version-negotiation-ssl + +[191-version-negotiation-ssl] +server = 191-version-negotiation-server +client = 191-version-negotiation-client + +[191-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[191-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1 +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-191] +ExpectedProtocol = TLSv1 +ExpectedResult = Success + + +# =========================================================== + +[192-version-negotiation] +ssl_conf = 192-version-negotiation-ssl + +[192-version-negotiation-ssl] +server = 192-version-negotiation-server +client = 192-version-negotiation-client + +[192-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[192-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1 +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-192] +ExpectedProtocol = TLSv1 +ExpectedResult = Success + + +# =========================================================== + +[193-version-negotiation] +ssl_conf = 193-version-negotiation-ssl + +[193-version-negotiation-ssl] +server = 193-version-negotiation-server +client = 193-version-negotiation-client + +[193-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[193-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1 +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-193] +ExpectedProtocol = TLSv1 +ExpectedResult = Success + + +# =========================================================== + +[194-version-negotiation] +ssl_conf = 194-version-negotiation-ssl + +[194-version-negotiation-ssl] +server = 194-version-negotiation-server +client = 194-version-negotiation-client + +[194-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[194-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1 +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-194] +ExpectedProtocol = TLSv1 +ExpectedResult = Success + + +# =========================================================== + +[195-version-negotiation] +ssl_conf = 195-version-negotiation-ssl + +[195-version-negotiation-ssl] +server = 195-version-negotiation-server +client = 195-version-negotiation-client + +[195-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = SSLv3 +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[195-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1 +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-195] +ExpectedResult = ServerFail + + +# =========================================================== + +[196-version-negotiation] +ssl_conf = 196-version-negotiation-ssl + +[196-version-negotiation-ssl] +server = 196-version-negotiation-server +client = 196-version-negotiation-client + +[196-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1 +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[196-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1 +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-196] +ExpectedProtocol = TLSv1 +ExpectedResult = Success + + +# =========================================================== + +[197-version-negotiation] +ssl_conf = 197-version-negotiation-ssl + +[197-version-negotiation-ssl] +server = 197-version-negotiation-server +client = 197-version-negotiation-client + +[197-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[197-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1 +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-197] +ExpectedProtocol = TLSv1 +ExpectedResult = Success + + +# =========================================================== + +[198-version-negotiation] +ssl_conf = 198-version-negotiation-ssl + +[198-version-negotiation-ssl] +server = 198-version-negotiation-server +client = 198-version-negotiation-client + +[198-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[198-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1 +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-198] +ExpectedProtocol = TLSv1 +ExpectedResult = Success + + +# =========================================================== + +[199-version-negotiation] +ssl_conf = 199-version-negotiation-ssl + +[199-version-negotiation-ssl] +server = 199-version-negotiation-server +client = 199-version-negotiation-client + +[199-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[199-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1 +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-199] +ExpectedProtocol = TLSv1 +ExpectedResult = Success + + +# =========================================================== + +[200-version-negotiation] +ssl_conf = 200-version-negotiation-ssl + +[200-version-negotiation-ssl] +server = 200-version-negotiation-server +client = 200-version-negotiation-client + +[200-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1 +MinProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[200-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1 +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-200] +ExpectedProtocol = TLSv1 +ExpectedResult = Success + + +# =========================================================== + +[201-version-negotiation] +ssl_conf = 201-version-negotiation-ssl + +[201-version-negotiation-ssl] +server = 201-version-negotiation-server +client = 201-version-negotiation-client + +[201-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[201-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1 +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-201] +ExpectedProtocol = TLSv1 +ExpectedResult = Success + + +# =========================================================== + +[202-version-negotiation] +ssl_conf = 202-version-negotiation-ssl + +[202-version-negotiation-ssl] +server = 202-version-negotiation-server +client = 202-version-negotiation-client + +[202-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[202-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1 +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-202] +ExpectedProtocol = TLSv1 +ExpectedResult = Success + + +# =========================================================== + +[203-version-negotiation] +ssl_conf = 203-version-negotiation-ssl + +[203-version-negotiation-ssl] +server = 203-version-negotiation-server +client = 203-version-negotiation-client + +[203-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MinProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[203-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1 +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-203] +ExpectedProtocol = TLSv1 +ExpectedResult = Success + + +# =========================================================== + +[204-version-negotiation] +ssl_conf = 204-version-negotiation-ssl + +[204-version-negotiation-ssl] +server = 204-version-negotiation-server +client = 204-version-negotiation-client + +[204-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1.1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[204-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1 +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-204] +ExpectedResult = ServerFail + + +# =========================================================== + +[205-version-negotiation] +ssl_conf = 205-version-negotiation-ssl + +[205-version-negotiation-ssl] +server = 205-version-negotiation-server +client = 205-version-negotiation-client + +[205-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[205-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1 +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-205] +ExpectedResult = ServerFail + + +# =========================================================== + +[206-version-negotiation] +ssl_conf = 206-version-negotiation-ssl + +[206-version-negotiation-ssl] +server = 206-version-negotiation-server +client = 206-version-negotiation-client + +[206-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MinProtocol = TLSv1.1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[206-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1 +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-206] +ExpectedResult = ServerFail + + +# =========================================================== + +[207-version-negotiation] +ssl_conf = 207-version-negotiation-ssl + +[207-version-negotiation-ssl] +server = 207-version-negotiation-server +client = 207-version-negotiation-client + +[207-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[207-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1 +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-207] +ExpectedResult = ServerFail + + +# =========================================================== + +[208-version-negotiation] +ssl_conf = 208-version-negotiation-ssl + +[208-version-negotiation-ssl] +server = 208-version-negotiation-server +client = 208-version-negotiation-client + +[208-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MinProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[208-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1 +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-208] +ExpectedResult = ServerFail + + +# =========================================================== + +[209-version-negotiation] +ssl_conf = 209-version-negotiation-ssl + +[209-version-negotiation-ssl] +server = 209-version-negotiation-server +client = 209-version-negotiation-client + +[209-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[209-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-209] +ExpectedResult = ServerFail + + +# =========================================================== + +[210-version-negotiation] +ssl_conf = 210-version-negotiation-ssl + +[210-version-negotiation-ssl] +server = 210-version-negotiation-server +client = 210-version-negotiation-client + +[210-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[210-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-210] +ExpectedProtocol = TLSv1 +ExpectedResult = Success + + +# =========================================================== + +[211-version-negotiation] +ssl_conf = 211-version-negotiation-ssl + +[211-version-negotiation-ssl] +server = 211-version-negotiation-server +client = 211-version-negotiation-client + +[211-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[211-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-211] +ExpectedProtocol = TLSv1.1 +ExpectedResult = Success + + +# =========================================================== + +[212-version-negotiation] +ssl_conf = 212-version-negotiation-ssl + +[212-version-negotiation-ssl] +server = 212-version-negotiation-server +client = 212-version-negotiation-client + +[212-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[212-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-212] +ExpectedProtocol = TLSv1.1 +ExpectedResult = Success + + +# =========================================================== + +[213-version-negotiation] +ssl_conf = 213-version-negotiation-ssl + +[213-version-negotiation-ssl] +server = 213-version-negotiation-server +client = 213-version-negotiation-client + +[213-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[213-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-213] +ExpectedProtocol = TLSv1.1 +ExpectedResult = Success + + +# =========================================================== + +[214-version-negotiation] +ssl_conf = 214-version-negotiation-ssl + +[214-version-negotiation-ssl] +server = 214-version-negotiation-server +client = 214-version-negotiation-client + +[214-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = SSLv3 +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[214-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-214] +ExpectedResult = ServerFail + + +# =========================================================== + +[215-version-negotiation] +ssl_conf = 215-version-negotiation-ssl + +[215-version-negotiation-ssl] +server = 215-version-negotiation-server +client = 215-version-negotiation-client + +[215-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1 +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[215-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-215] +ExpectedProtocol = TLSv1 +ExpectedResult = Success + + +# =========================================================== + +[216-version-negotiation] +ssl_conf = 216-version-negotiation-ssl + +[216-version-negotiation-ssl] +server = 216-version-negotiation-server +client = 216-version-negotiation-client + +[216-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[216-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-216] +ExpectedProtocol = TLSv1.1 +ExpectedResult = Success + + +# =========================================================== + +[217-version-negotiation] +ssl_conf = 217-version-negotiation-ssl + +[217-version-negotiation-ssl] +server = 217-version-negotiation-server +client = 217-version-negotiation-client + +[217-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[217-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-217] +ExpectedProtocol = TLSv1.1 +ExpectedResult = Success + + +# =========================================================== + +[218-version-negotiation] +ssl_conf = 218-version-negotiation-ssl + +[218-version-negotiation-ssl] +server = 218-version-negotiation-server +client = 218-version-negotiation-client + +[218-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[218-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-218] +ExpectedProtocol = TLSv1.1 +ExpectedResult = Success + + +# =========================================================== + +[219-version-negotiation] +ssl_conf = 219-version-negotiation-ssl + +[219-version-negotiation-ssl] +server = 219-version-negotiation-server +client = 219-version-negotiation-client + +[219-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1 +MinProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[219-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-219] +ExpectedProtocol = TLSv1 +ExpectedResult = Success + + +# =========================================================== + +[220-version-negotiation] +ssl_conf = 220-version-negotiation-ssl + +[220-version-negotiation-ssl] +server = 220-version-negotiation-server +client = 220-version-negotiation-client + +[220-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[220-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-220] +ExpectedProtocol = TLSv1.1 +ExpectedResult = Success + + +# =========================================================== + +[221-version-negotiation] +ssl_conf = 221-version-negotiation-ssl + +[221-version-negotiation-ssl] +server = 221-version-negotiation-server +client = 221-version-negotiation-client + +[221-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[221-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-221] +ExpectedProtocol = TLSv1.1 +ExpectedResult = Success + + +# =========================================================== + +[222-version-negotiation] +ssl_conf = 222-version-negotiation-ssl + +[222-version-negotiation-ssl] +server = 222-version-negotiation-server +client = 222-version-negotiation-client + +[222-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MinProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[222-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-222] +ExpectedProtocol = TLSv1.1 +ExpectedResult = Success + + +# =========================================================== + +[223-version-negotiation] +ssl_conf = 223-version-negotiation-ssl + +[223-version-negotiation-ssl] +server = 223-version-negotiation-server +client = 223-version-negotiation-client + +[223-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1.1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[223-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-223] +ExpectedProtocol = TLSv1.1 +ExpectedResult = Success + + +# =========================================================== + +[224-version-negotiation] +ssl_conf = 224-version-negotiation-ssl + +[224-version-negotiation-ssl] +server = 224-version-negotiation-server +client = 224-version-negotiation-client + +[224-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[224-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-224] +ExpectedProtocol = TLSv1.1 +ExpectedResult = Success + + +# =========================================================== + +[225-version-negotiation] +ssl_conf = 225-version-negotiation-ssl + +[225-version-negotiation-ssl] +server = 225-version-negotiation-server +client = 225-version-negotiation-client + +[225-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MinProtocol = TLSv1.1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[225-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-225] +ExpectedProtocol = TLSv1.1 +ExpectedResult = Success + + +# =========================================================== + +[226-version-negotiation] +ssl_conf = 226-version-negotiation-ssl + +[226-version-negotiation-ssl] +server = 226-version-negotiation-server +client = 226-version-negotiation-client + +[226-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[226-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-226] +ExpectedResult = ServerFail + + +# =========================================================== + +[227-version-negotiation] +ssl_conf = 227-version-negotiation-ssl + +[227-version-negotiation-ssl] +server = 227-version-negotiation-server +client = 227-version-negotiation-client + +[227-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MinProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[227-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-227] +ExpectedResult = ServerFail + + +# =========================================================== + +[228-version-negotiation] +ssl_conf = 228-version-negotiation-ssl + +[228-version-negotiation-ssl] +server = 228-version-negotiation-server +client = 228-version-negotiation-client + +[228-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[228-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-228] +ExpectedResult = ServerFail + + +# =========================================================== + +[229-version-negotiation] +ssl_conf = 229-version-negotiation-ssl + +[229-version-negotiation-ssl] +server = 229-version-negotiation-server +client = 229-version-negotiation-client + +[229-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[229-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-229] +ExpectedProtocol = TLSv1 +ExpectedResult = Success + + +# =========================================================== + +[230-version-negotiation] +ssl_conf = 230-version-negotiation-ssl + +[230-version-negotiation-ssl] +server = 230-version-negotiation-server +client = 230-version-negotiation-client + +[230-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[230-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-230] +ExpectedProtocol = TLSv1.1 +ExpectedResult = Success + + +# =========================================================== + +[231-version-negotiation] +ssl_conf = 231-version-negotiation-ssl + +[231-version-negotiation-ssl] +server = 231-version-negotiation-server +client = 231-version-negotiation-client + +[231-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[231-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-231] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[232-version-negotiation] +ssl_conf = 232-version-negotiation-ssl + +[232-version-negotiation-ssl] +server = 232-version-negotiation-server +client = 232-version-negotiation-client + +[232-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[232-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-232] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[233-version-negotiation] +ssl_conf = 233-version-negotiation-ssl + +[233-version-negotiation-ssl] +server = 233-version-negotiation-server +client = 233-version-negotiation-client + +[233-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = SSLv3 +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[233-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-233] +ExpectedResult = ServerFail + + +# =========================================================== + +[234-version-negotiation] +ssl_conf = 234-version-negotiation-ssl + +[234-version-negotiation-ssl] +server = 234-version-negotiation-server +client = 234-version-negotiation-client + +[234-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1 +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[234-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-234] +ExpectedProtocol = TLSv1 +ExpectedResult = Success + + +# =========================================================== + +[235-version-negotiation] +ssl_conf = 235-version-negotiation-ssl + +[235-version-negotiation-ssl] +server = 235-version-negotiation-server +client = 235-version-negotiation-client + +[235-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[235-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-235] +ExpectedProtocol = TLSv1.1 +ExpectedResult = Success + + +# =========================================================== + +[236-version-negotiation] +ssl_conf = 236-version-negotiation-ssl + +[236-version-negotiation-ssl] +server = 236-version-negotiation-server +client = 236-version-negotiation-client + +[236-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[236-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-236] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[237-version-negotiation] +ssl_conf = 237-version-negotiation-ssl + +[237-version-negotiation-ssl] +server = 237-version-negotiation-server +client = 237-version-negotiation-client + +[237-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[237-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-237] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[238-version-negotiation] +ssl_conf = 238-version-negotiation-ssl + +[238-version-negotiation-ssl] +server = 238-version-negotiation-server +client = 238-version-negotiation-client + +[238-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1 +MinProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[238-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-238] +ExpectedProtocol = TLSv1 +ExpectedResult = Success + + +# =========================================================== + +[239-version-negotiation] +ssl_conf = 239-version-negotiation-ssl + +[239-version-negotiation-ssl] +server = 239-version-negotiation-server +client = 239-version-negotiation-client + +[239-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[239-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-239] +ExpectedProtocol = TLSv1.1 +ExpectedResult = Success + + +# =========================================================== + +[240-version-negotiation] +ssl_conf = 240-version-negotiation-ssl + +[240-version-negotiation-ssl] +server = 240-version-negotiation-server +client = 240-version-negotiation-client + +[240-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[240-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-240] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[241-version-negotiation] +ssl_conf = 241-version-negotiation-ssl + +[241-version-negotiation-ssl] +server = 241-version-negotiation-server +client = 241-version-negotiation-client + +[241-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MinProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[241-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-241] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[242-version-negotiation] +ssl_conf = 242-version-negotiation-ssl + +[242-version-negotiation-ssl] +server = 242-version-negotiation-server +client = 242-version-negotiation-client + +[242-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1.1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[242-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-242] +ExpectedProtocol = TLSv1.1 +ExpectedResult = Success + + +# =========================================================== + +[243-version-negotiation] +ssl_conf = 243-version-negotiation-ssl + +[243-version-negotiation-ssl] +server = 243-version-negotiation-server +client = 243-version-negotiation-client + +[243-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[243-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-243] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[244-version-negotiation] +ssl_conf = 244-version-negotiation-ssl + +[244-version-negotiation-ssl] +server = 244-version-negotiation-server +client = 244-version-negotiation-client + +[244-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MinProtocol = TLSv1.1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[244-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-244] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[245-version-negotiation] +ssl_conf = 245-version-negotiation-ssl + +[245-version-negotiation-ssl] +server = 245-version-negotiation-server +client = 245-version-negotiation-client + +[245-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[245-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-245] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[246-version-negotiation] +ssl_conf = 246-version-negotiation-ssl + +[246-version-negotiation-ssl] +server = 246-version-negotiation-server +client = 246-version-negotiation-client + +[246-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MinProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[246-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-246] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[247-version-negotiation] +ssl_conf = 247-version-negotiation-ssl + +[247-version-negotiation-ssl] +server = 247-version-negotiation-server +client = 247-version-negotiation-client + +[247-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[247-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-247] +ExpectedResult = ServerFail + + +# =========================================================== + +[248-version-negotiation] +ssl_conf = 248-version-negotiation-ssl + +[248-version-negotiation-ssl] +server = 248-version-negotiation-server +client = 248-version-negotiation-client + +[248-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[248-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-248] +ExpectedProtocol = TLSv1 +ExpectedResult = Success + + +# =========================================================== + +[249-version-negotiation] +ssl_conf = 249-version-negotiation-ssl + +[249-version-negotiation-ssl] +server = 249-version-negotiation-server +client = 249-version-negotiation-client + +[249-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[249-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-249] +ExpectedProtocol = TLSv1.1 +ExpectedResult = Success + + +# =========================================================== + +[250-version-negotiation] +ssl_conf = 250-version-negotiation-ssl + +[250-version-negotiation-ssl] +server = 250-version-negotiation-server +client = 250-version-negotiation-client + +[250-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[250-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-250] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[251-version-negotiation] +ssl_conf = 251-version-negotiation-ssl + +[251-version-negotiation-ssl] +server = 251-version-negotiation-server +client = 251-version-negotiation-client + +[251-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[251-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-251] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[252-version-negotiation] +ssl_conf = 252-version-negotiation-ssl + +[252-version-negotiation-ssl] +server = 252-version-negotiation-server +client = 252-version-negotiation-client + +[252-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = SSLv3 +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[252-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-252] +ExpectedResult = ServerFail + + +# =========================================================== + +[253-version-negotiation] +ssl_conf = 253-version-negotiation-ssl + +[253-version-negotiation-ssl] +server = 253-version-negotiation-server +client = 253-version-negotiation-client + +[253-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1 +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[253-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-253] +ExpectedProtocol = TLSv1 +ExpectedResult = Success + + +# =========================================================== + +[254-version-negotiation] +ssl_conf = 254-version-negotiation-ssl + +[254-version-negotiation-ssl] +server = 254-version-negotiation-server +client = 254-version-negotiation-client + +[254-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[254-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-254] +ExpectedProtocol = TLSv1.1 +ExpectedResult = Success + + +# =========================================================== + +[255-version-negotiation] +ssl_conf = 255-version-negotiation-ssl + +[255-version-negotiation-ssl] +server = 255-version-negotiation-server +client = 255-version-negotiation-client + +[255-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[255-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-255] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[256-version-negotiation] +ssl_conf = 256-version-negotiation-ssl + +[256-version-negotiation-ssl] +server = 256-version-negotiation-server +client = 256-version-negotiation-client + +[256-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[256-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-256] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[257-version-negotiation] +ssl_conf = 257-version-negotiation-ssl + +[257-version-negotiation-ssl] +server = 257-version-negotiation-server +client = 257-version-negotiation-client + +[257-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1 +MinProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[257-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-257] +ExpectedProtocol = TLSv1 +ExpectedResult = Success + + +# =========================================================== + +[258-version-negotiation] +ssl_conf = 258-version-negotiation-ssl + +[258-version-negotiation-ssl] +server = 258-version-negotiation-server +client = 258-version-negotiation-client + +[258-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[258-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-258] +ExpectedProtocol = TLSv1.1 +ExpectedResult = Success + + +# =========================================================== + +[259-version-negotiation] +ssl_conf = 259-version-negotiation-ssl + +[259-version-negotiation-ssl] +server = 259-version-negotiation-server +client = 259-version-negotiation-client + +[259-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[259-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-259] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[260-version-negotiation] +ssl_conf = 260-version-negotiation-ssl + +[260-version-negotiation-ssl] +server = 260-version-negotiation-server +client = 260-version-negotiation-client + +[260-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MinProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[260-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-260] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[261-version-negotiation] +ssl_conf = 261-version-negotiation-ssl + +[261-version-negotiation-ssl] +server = 261-version-negotiation-server +client = 261-version-negotiation-client + +[261-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1.1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[261-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-261] +ExpectedProtocol = TLSv1.1 +ExpectedResult = Success + + +# =========================================================== + +[262-version-negotiation] +ssl_conf = 262-version-negotiation-ssl + +[262-version-negotiation-ssl] +server = 262-version-negotiation-server +client = 262-version-negotiation-client + +[262-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[262-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-262] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[263-version-negotiation] +ssl_conf = 263-version-negotiation-ssl + +[263-version-negotiation-ssl] +server = 263-version-negotiation-server +client = 263-version-negotiation-client + +[263-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MinProtocol = TLSv1.1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[263-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-263] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[264-version-negotiation] +ssl_conf = 264-version-negotiation-ssl + +[264-version-negotiation-ssl] +server = 264-version-negotiation-server +client = 264-version-negotiation-client + +[264-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[264-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-264] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[265-version-negotiation] +ssl_conf = 265-version-negotiation-ssl + +[265-version-negotiation-ssl] +server = 265-version-negotiation-server +client = 265-version-negotiation-client + +[265-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MinProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[265-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-265] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[266-version-negotiation] +ssl_conf = 266-version-negotiation-ssl + +[266-version-negotiation-ssl] +server = 266-version-negotiation-server +client = 266-version-negotiation-client + +[266-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[266-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-266] +ExpectedResult = ServerFail + + +# =========================================================== + +[267-version-negotiation] +ssl_conf = 267-version-negotiation-ssl + +[267-version-negotiation-ssl] +server = 267-version-negotiation-server +client = 267-version-negotiation-client + +[267-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[267-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-267] +ExpectedResult = ClientFail + + +# =========================================================== + +[268-version-negotiation] +ssl_conf = 268-version-negotiation-ssl + +[268-version-negotiation-ssl] +server = 268-version-negotiation-server +client = 268-version-negotiation-client + +[268-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[268-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-268] +ExpectedProtocol = TLSv1.1 +ExpectedResult = Success + + +# =========================================================== + +[269-version-negotiation] +ssl_conf = 269-version-negotiation-ssl + +[269-version-negotiation-ssl] +server = 269-version-negotiation-server +client = 269-version-negotiation-client + +[269-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[269-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-269] +ExpectedProtocol = TLSv1.1 +ExpectedResult = Success + + +# =========================================================== + +[270-version-negotiation] +ssl_conf = 270-version-negotiation-ssl + +[270-version-negotiation-ssl] +server = 270-version-negotiation-server +client = 270-version-negotiation-client + +[270-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[270-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-270] +ExpectedProtocol = TLSv1.1 +ExpectedResult = Success + + +# =========================================================== + +[271-version-negotiation] +ssl_conf = 271-version-negotiation-ssl + +[271-version-negotiation-ssl] +server = 271-version-negotiation-server +client = 271-version-negotiation-client + +[271-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = SSLv3 +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[271-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-271] +ExpectedResult = ServerFail + + +# =========================================================== + +[272-version-negotiation] +ssl_conf = 272-version-negotiation-ssl + +[272-version-negotiation-ssl] +server = 272-version-negotiation-server +client = 272-version-negotiation-client + +[272-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1 +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[272-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-272] +ExpectedResult = ClientFail + + +# =========================================================== + +[273-version-negotiation] +ssl_conf = 273-version-negotiation-ssl + +[273-version-negotiation-ssl] +server = 273-version-negotiation-server +client = 273-version-negotiation-client + +[273-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[273-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-273] +ExpectedProtocol = TLSv1.1 +ExpectedResult = Success + + +# =========================================================== + +[274-version-negotiation] +ssl_conf = 274-version-negotiation-ssl + +[274-version-negotiation-ssl] +server = 274-version-negotiation-server +client = 274-version-negotiation-client + +[274-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[274-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-274] +ExpectedProtocol = TLSv1.1 +ExpectedResult = Success + + +# =========================================================== + +[275-version-negotiation] +ssl_conf = 275-version-negotiation-ssl + +[275-version-negotiation-ssl] +server = 275-version-negotiation-server +client = 275-version-negotiation-client + +[275-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[275-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-275] +ExpectedProtocol = TLSv1.1 +ExpectedResult = Success + + +# =========================================================== + +[276-version-negotiation] +ssl_conf = 276-version-negotiation-ssl + +[276-version-negotiation-ssl] +server = 276-version-negotiation-server +client = 276-version-negotiation-client + +[276-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1 +MinProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[276-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-276] +ExpectedResult = ClientFail + + +# =========================================================== + +[277-version-negotiation] +ssl_conf = 277-version-negotiation-ssl + +[277-version-negotiation-ssl] +server = 277-version-negotiation-server +client = 277-version-negotiation-client + +[277-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[277-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-277] +ExpectedProtocol = TLSv1.1 +ExpectedResult = Success + + +# =========================================================== + +[278-version-negotiation] +ssl_conf = 278-version-negotiation-ssl + +[278-version-negotiation-ssl] +server = 278-version-negotiation-server +client = 278-version-negotiation-client + +[278-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[278-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-278] +ExpectedProtocol = TLSv1.1 +ExpectedResult = Success + + +# =========================================================== + +[279-version-negotiation] +ssl_conf = 279-version-negotiation-ssl + +[279-version-negotiation-ssl] +server = 279-version-negotiation-server +client = 279-version-negotiation-client + +[279-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MinProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[279-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-279] +ExpectedProtocol = TLSv1.1 +ExpectedResult = Success + + +# =========================================================== + +[280-version-negotiation] +ssl_conf = 280-version-negotiation-ssl + +[280-version-negotiation-ssl] +server = 280-version-negotiation-server +client = 280-version-negotiation-client + +[280-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1.1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[280-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-280] +ExpectedProtocol = TLSv1.1 +ExpectedResult = Success + + +# =========================================================== + +[281-version-negotiation] +ssl_conf = 281-version-negotiation-ssl + +[281-version-negotiation-ssl] +server = 281-version-negotiation-server +client = 281-version-negotiation-client + +[281-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[281-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-281] +ExpectedProtocol = TLSv1.1 +ExpectedResult = Success + + +# =========================================================== + +[282-version-negotiation] +ssl_conf = 282-version-negotiation-ssl + +[282-version-negotiation-ssl] +server = 282-version-negotiation-server +client = 282-version-negotiation-client + +[282-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MinProtocol = TLSv1.1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[282-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-282] +ExpectedProtocol = TLSv1.1 +ExpectedResult = Success + + +# =========================================================== + +[283-version-negotiation] +ssl_conf = 283-version-negotiation-ssl + +[283-version-negotiation-ssl] +server = 283-version-negotiation-server +client = 283-version-negotiation-client + +[283-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[283-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-283] +ExpectedResult = ServerFail + + +# =========================================================== + +[284-version-negotiation] +ssl_conf = 284-version-negotiation-ssl + +[284-version-negotiation-ssl] +server = 284-version-negotiation-server +client = 284-version-negotiation-client + +[284-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MinProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[284-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-284] +ExpectedResult = ServerFail + + +# =========================================================== + +[285-version-negotiation] +ssl_conf = 285-version-negotiation-ssl + +[285-version-negotiation-ssl] +server = 285-version-negotiation-server +client = 285-version-negotiation-client + +[285-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[285-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-285] +ExpectedResult = ServerFail + + +# =========================================================== + +[286-version-negotiation] +ssl_conf = 286-version-negotiation-ssl + +[286-version-negotiation-ssl] +server = 286-version-negotiation-server +client = 286-version-negotiation-client + +[286-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[286-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-286] +ExpectedResult = ClientFail + + +# =========================================================== + +[287-version-negotiation] +ssl_conf = 287-version-negotiation-ssl + +[287-version-negotiation-ssl] +server = 287-version-negotiation-server +client = 287-version-negotiation-client + +[287-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[287-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-287] +ExpectedProtocol = TLSv1.1 +ExpectedResult = Success + + +# =========================================================== + +[288-version-negotiation] +ssl_conf = 288-version-negotiation-ssl + +[288-version-negotiation-ssl] +server = 288-version-negotiation-server +client = 288-version-negotiation-client + +[288-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[288-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-288] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[289-version-negotiation] +ssl_conf = 289-version-negotiation-ssl + +[289-version-negotiation-ssl] +server = 289-version-negotiation-server +client = 289-version-negotiation-client + +[289-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[289-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-289] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[290-version-negotiation] +ssl_conf = 290-version-negotiation-ssl + +[290-version-negotiation-ssl] +server = 290-version-negotiation-server +client = 290-version-negotiation-client + +[290-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = SSLv3 +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[290-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-290] +ExpectedResult = ServerFail + + +# =========================================================== + +[291-version-negotiation] +ssl_conf = 291-version-negotiation-ssl + +[291-version-negotiation-ssl] +server = 291-version-negotiation-server +client = 291-version-negotiation-client + +[291-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1 +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[291-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-291] +ExpectedResult = ClientFail + + +# =========================================================== + +[292-version-negotiation] +ssl_conf = 292-version-negotiation-ssl + +[292-version-negotiation-ssl] +server = 292-version-negotiation-server +client = 292-version-negotiation-client + +[292-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[292-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-292] +ExpectedProtocol = TLSv1.1 +ExpectedResult = Success + + +# =========================================================== + +[293-version-negotiation] +ssl_conf = 293-version-negotiation-ssl + +[293-version-negotiation-ssl] +server = 293-version-negotiation-server +client = 293-version-negotiation-client + +[293-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[293-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-293] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[294-version-negotiation] +ssl_conf = 294-version-negotiation-ssl + +[294-version-negotiation-ssl] +server = 294-version-negotiation-server +client = 294-version-negotiation-client + +[294-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[294-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-294] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[295-version-negotiation] +ssl_conf = 295-version-negotiation-ssl + +[295-version-negotiation-ssl] +server = 295-version-negotiation-server +client = 295-version-negotiation-client + +[295-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1 +MinProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[295-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-295] +ExpectedResult = ClientFail + + +# =========================================================== + +[296-version-negotiation] +ssl_conf = 296-version-negotiation-ssl + +[296-version-negotiation-ssl] +server = 296-version-negotiation-server +client = 296-version-negotiation-client + +[296-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[296-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-296] +ExpectedProtocol = TLSv1.1 +ExpectedResult = Success + + +# =========================================================== + +[297-version-negotiation] +ssl_conf = 297-version-negotiation-ssl + +[297-version-negotiation-ssl] +server = 297-version-negotiation-server +client = 297-version-negotiation-client + +[297-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[297-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-297] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[298-version-negotiation] +ssl_conf = 298-version-negotiation-ssl + +[298-version-negotiation-ssl] +server = 298-version-negotiation-server +client = 298-version-negotiation-client + +[298-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MinProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[298-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-298] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[299-version-negotiation] +ssl_conf = 299-version-negotiation-ssl + +[299-version-negotiation-ssl] +server = 299-version-negotiation-server +client = 299-version-negotiation-client + +[299-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1.1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[299-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-299] +ExpectedProtocol = TLSv1.1 +ExpectedResult = Success + + +# =========================================================== + +[300-version-negotiation] +ssl_conf = 300-version-negotiation-ssl + +[300-version-negotiation-ssl] +server = 300-version-negotiation-server +client = 300-version-negotiation-client + +[300-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[300-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-300] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[301-version-negotiation] +ssl_conf = 301-version-negotiation-ssl + +[301-version-negotiation-ssl] +server = 301-version-negotiation-server +client = 301-version-negotiation-client + +[301-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MinProtocol = TLSv1.1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[301-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-301] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[302-version-negotiation] +ssl_conf = 302-version-negotiation-ssl + +[302-version-negotiation-ssl] +server = 302-version-negotiation-server +client = 302-version-negotiation-client + +[302-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[302-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-302] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[303-version-negotiation] +ssl_conf = 303-version-negotiation-ssl + +[303-version-negotiation-ssl] +server = 303-version-negotiation-server +client = 303-version-negotiation-client + +[303-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MinProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[303-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-303] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[304-version-negotiation] +ssl_conf = 304-version-negotiation-ssl + +[304-version-negotiation-ssl] +server = 304-version-negotiation-server +client = 304-version-negotiation-client + +[304-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[304-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-304] +ExpectedResult = ServerFail + + +# =========================================================== + +[305-version-negotiation] +ssl_conf = 305-version-negotiation-ssl + +[305-version-negotiation-ssl] +server = 305-version-negotiation-server +client = 305-version-negotiation-client + +[305-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[305-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-305] +ExpectedResult = ClientFail + + +# =========================================================== + +[306-version-negotiation] +ssl_conf = 306-version-negotiation-ssl + +[306-version-negotiation-ssl] +server = 306-version-negotiation-server +client = 306-version-negotiation-client + +[306-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[306-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-306] +ExpectedProtocol = TLSv1.1 +ExpectedResult = Success + + +# =========================================================== + +[307-version-negotiation] +ssl_conf = 307-version-negotiation-ssl + +[307-version-negotiation-ssl] +server = 307-version-negotiation-server +client = 307-version-negotiation-client + +[307-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[307-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-307] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[308-version-negotiation] +ssl_conf = 308-version-negotiation-ssl + +[308-version-negotiation-ssl] +server = 308-version-negotiation-server +client = 308-version-negotiation-client + +[308-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[308-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-308] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[309-version-negotiation] +ssl_conf = 309-version-negotiation-ssl + +[309-version-negotiation-ssl] +server = 309-version-negotiation-server +client = 309-version-negotiation-client + +[309-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = SSLv3 +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[309-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-309] +ExpectedResult = ServerFail + + +# =========================================================== + +[310-version-negotiation] +ssl_conf = 310-version-negotiation-ssl + +[310-version-negotiation-ssl] +server = 310-version-negotiation-server +client = 310-version-negotiation-client + +[310-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1 +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[310-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-310] +ExpectedResult = ClientFail + + +# =========================================================== + +[311-version-negotiation] +ssl_conf = 311-version-negotiation-ssl + +[311-version-negotiation-ssl] +server = 311-version-negotiation-server +client = 311-version-negotiation-client + +[311-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[311-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-311] +ExpectedProtocol = TLSv1.1 +ExpectedResult = Success + + +# =========================================================== + +[312-version-negotiation] +ssl_conf = 312-version-negotiation-ssl + +[312-version-negotiation-ssl] +server = 312-version-negotiation-server +client = 312-version-negotiation-client + +[312-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[312-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-312] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[313-version-negotiation] +ssl_conf = 313-version-negotiation-ssl + +[313-version-negotiation-ssl] +server = 313-version-negotiation-server +client = 313-version-negotiation-client + +[313-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[313-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-313] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[314-version-negotiation] +ssl_conf = 314-version-negotiation-ssl + +[314-version-negotiation-ssl] +server = 314-version-negotiation-server +client = 314-version-negotiation-client + +[314-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1 +MinProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[314-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-314] +ExpectedResult = ClientFail + + +# =========================================================== + +[315-version-negotiation] +ssl_conf = 315-version-negotiation-ssl + +[315-version-negotiation-ssl] +server = 315-version-negotiation-server +client = 315-version-negotiation-client + +[315-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[315-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-315] +ExpectedProtocol = TLSv1.1 +ExpectedResult = Success + + +# =========================================================== + +[316-version-negotiation] +ssl_conf = 316-version-negotiation-ssl + +[316-version-negotiation-ssl] +server = 316-version-negotiation-server +client = 316-version-negotiation-client + +[316-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[316-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-316] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[317-version-negotiation] +ssl_conf = 317-version-negotiation-ssl + +[317-version-negotiation-ssl] +server = 317-version-negotiation-server +client = 317-version-negotiation-client + +[317-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MinProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[317-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-317] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[318-version-negotiation] +ssl_conf = 318-version-negotiation-ssl + +[318-version-negotiation-ssl] +server = 318-version-negotiation-server +client = 318-version-negotiation-client + +[318-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1.1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[318-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-318] +ExpectedProtocol = TLSv1.1 +ExpectedResult = Success + + +# =========================================================== + +[319-version-negotiation] +ssl_conf = 319-version-negotiation-ssl + +[319-version-negotiation-ssl] +server = 319-version-negotiation-server +client = 319-version-negotiation-client + +[319-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[319-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-319] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[320-version-negotiation] +ssl_conf = 320-version-negotiation-ssl + +[320-version-negotiation-ssl] +server = 320-version-negotiation-server +client = 320-version-negotiation-client + +[320-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MinProtocol = TLSv1.1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[320-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-320] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[321-version-negotiation] +ssl_conf = 321-version-negotiation-ssl + +[321-version-negotiation-ssl] +server = 321-version-negotiation-server +client = 321-version-negotiation-client + +[321-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[321-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-321] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[322-version-negotiation] +ssl_conf = 322-version-negotiation-ssl + +[322-version-negotiation-ssl] +server = 322-version-negotiation-server +client = 322-version-negotiation-client + +[322-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MinProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[322-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-322] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[323-version-negotiation] +ssl_conf = 323-version-negotiation-ssl + +[323-version-negotiation-ssl] +server = 323-version-negotiation-server +client = 323-version-negotiation-client + +[323-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[323-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-323] +ExpectedResult = ServerFail + + +# =========================================================== + +[324-version-negotiation] +ssl_conf = 324-version-negotiation-ssl + +[324-version-negotiation-ssl] +server = 324-version-negotiation-server +client = 324-version-negotiation-client + +[324-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[324-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-324] +ExpectedResult = ClientFail + + +# =========================================================== + +[325-version-negotiation] +ssl_conf = 325-version-negotiation-ssl + +[325-version-negotiation-ssl] +server = 325-version-negotiation-server +client = 325-version-negotiation-client + +[325-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[325-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-325] +ExpectedResult = ClientFail + + +# =========================================================== + +[326-version-negotiation] +ssl_conf = 326-version-negotiation-ssl + +[326-version-negotiation-ssl] +server = 326-version-negotiation-server +client = 326-version-negotiation-client + +[326-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[326-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-326] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[327-version-negotiation] +ssl_conf = 327-version-negotiation-ssl + +[327-version-negotiation-ssl] +server = 327-version-negotiation-server +client = 327-version-negotiation-client + +[327-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[327-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-327] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[328-version-negotiation] +ssl_conf = 328-version-negotiation-ssl + +[328-version-negotiation-ssl] +server = 328-version-negotiation-server +client = 328-version-negotiation-client + +[328-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = SSLv3 +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[328-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-328] +ExpectedResult = ServerFail + + +# =========================================================== + +[329-version-negotiation] +ssl_conf = 329-version-negotiation-ssl + +[329-version-negotiation-ssl] +server = 329-version-negotiation-server +client = 329-version-negotiation-client + +[329-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1 +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[329-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-329] +ExpectedResult = ClientFail + + +# =========================================================== + +[330-version-negotiation] +ssl_conf = 330-version-negotiation-ssl + +[330-version-negotiation-ssl] +server = 330-version-negotiation-server +client = 330-version-negotiation-client + +[330-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[330-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-330] +ExpectedResult = ClientFail + + +# =========================================================== + +[331-version-negotiation] +ssl_conf = 331-version-negotiation-ssl + +[331-version-negotiation-ssl] +server = 331-version-negotiation-server +client = 331-version-negotiation-client + +[331-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[331-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-331] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[332-version-negotiation] +ssl_conf = 332-version-negotiation-ssl + +[332-version-negotiation-ssl] +server = 332-version-negotiation-server +client = 332-version-negotiation-client + +[332-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[332-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-332] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[333-version-negotiation] +ssl_conf = 333-version-negotiation-ssl + +[333-version-negotiation-ssl] +server = 333-version-negotiation-server +client = 333-version-negotiation-client + +[333-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1 +MinProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[333-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-333] +ExpectedResult = ClientFail + + +# =========================================================== + +[334-version-negotiation] +ssl_conf = 334-version-negotiation-ssl + +[334-version-negotiation-ssl] +server = 334-version-negotiation-server +client = 334-version-negotiation-client + +[334-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[334-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-334] +ExpectedResult = ClientFail + + +# =========================================================== + +[335-version-negotiation] +ssl_conf = 335-version-negotiation-ssl + +[335-version-negotiation-ssl] +server = 335-version-negotiation-server +client = 335-version-negotiation-client + +[335-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[335-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-335] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[336-version-negotiation] +ssl_conf = 336-version-negotiation-ssl + +[336-version-negotiation-ssl] +server = 336-version-negotiation-server +client = 336-version-negotiation-client + +[336-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MinProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[336-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-336] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[337-version-negotiation] +ssl_conf = 337-version-negotiation-ssl + +[337-version-negotiation-ssl] +server = 337-version-negotiation-server +client = 337-version-negotiation-client + +[337-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1.1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[337-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-337] +ExpectedResult = ClientFail + + +# =========================================================== + +[338-version-negotiation] +ssl_conf = 338-version-negotiation-ssl + +[338-version-negotiation-ssl] +server = 338-version-negotiation-server +client = 338-version-negotiation-client + +[338-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[338-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-338] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[339-version-negotiation] +ssl_conf = 339-version-negotiation-ssl + +[339-version-negotiation-ssl] +server = 339-version-negotiation-server +client = 339-version-negotiation-client + +[339-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MinProtocol = TLSv1.1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[339-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-339] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[340-version-negotiation] +ssl_conf = 340-version-negotiation-ssl + +[340-version-negotiation-ssl] +server = 340-version-negotiation-server +client = 340-version-negotiation-client + +[340-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[340-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-340] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[341-version-negotiation] +ssl_conf = 341-version-negotiation-ssl + +[341-version-negotiation-ssl] +server = 341-version-negotiation-server +client = 341-version-negotiation-client + +[341-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MinProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[341-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-341] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[342-version-negotiation] +ssl_conf = 342-version-negotiation-ssl + +[342-version-negotiation-ssl] +server = 342-version-negotiation-server +client = 342-version-negotiation-client + +[342-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[342-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-342] +ExpectedResult = ServerFail + + +# =========================================================== + +[343-version-negotiation] +ssl_conf = 343-version-negotiation-ssl + +[343-version-negotiation-ssl] +server = 343-version-negotiation-server +client = 343-version-negotiation-client + +[343-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[343-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-343] +ExpectedResult = ClientFail + + +# =========================================================== + +[344-version-negotiation] +ssl_conf = 344-version-negotiation-ssl + +[344-version-negotiation-ssl] +server = 344-version-negotiation-server +client = 344-version-negotiation-client + +[344-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[344-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-344] +ExpectedResult = ClientFail + + +# =========================================================== + +[345-version-negotiation] +ssl_conf = 345-version-negotiation-ssl + +[345-version-negotiation-ssl] +server = 345-version-negotiation-server +client = 345-version-negotiation-client + +[345-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[345-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-345] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[346-version-negotiation] +ssl_conf = 346-version-negotiation-ssl + +[346-version-negotiation-ssl] +server = 346-version-negotiation-server +client = 346-version-negotiation-client + +[346-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[346-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-346] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[347-version-negotiation] +ssl_conf = 347-version-negotiation-ssl + +[347-version-negotiation-ssl] +server = 347-version-negotiation-server +client = 347-version-negotiation-client + +[347-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = SSLv3 +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[347-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-347] +ExpectedResult = ServerFail + + +# =========================================================== + +[348-version-negotiation] +ssl_conf = 348-version-negotiation-ssl + +[348-version-negotiation-ssl] +server = 348-version-negotiation-server +client = 348-version-negotiation-client + +[348-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1 +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[348-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-348] +ExpectedResult = ClientFail + + +# =========================================================== + +[349-version-negotiation] +ssl_conf = 349-version-negotiation-ssl + +[349-version-negotiation-ssl] +server = 349-version-negotiation-server +client = 349-version-negotiation-client + +[349-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[349-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-349] +ExpectedResult = ClientFail + + +# =========================================================== + +[350-version-negotiation] +ssl_conf = 350-version-negotiation-ssl + +[350-version-negotiation-ssl] +server = 350-version-negotiation-server +client = 350-version-negotiation-client + +[350-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[350-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-350] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[351-version-negotiation] +ssl_conf = 351-version-negotiation-ssl + +[351-version-negotiation-ssl] +server = 351-version-negotiation-server +client = 351-version-negotiation-client + +[351-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[351-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-351] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[352-version-negotiation] +ssl_conf = 352-version-negotiation-ssl + +[352-version-negotiation-ssl] +server = 352-version-negotiation-server +client = 352-version-negotiation-client + +[352-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1 +MinProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[352-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-352] +ExpectedResult = ClientFail + + +# =========================================================== + +[353-version-negotiation] +ssl_conf = 353-version-negotiation-ssl + +[353-version-negotiation-ssl] +server = 353-version-negotiation-server +client = 353-version-negotiation-client + +[353-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[353-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-353] +ExpectedResult = ClientFail + + +# =========================================================== + +[354-version-negotiation] +ssl_conf = 354-version-negotiation-ssl + +[354-version-negotiation-ssl] +server = 354-version-negotiation-server +client = 354-version-negotiation-client + +[354-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[354-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-354] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[355-version-negotiation] +ssl_conf = 355-version-negotiation-ssl + +[355-version-negotiation-ssl] +server = 355-version-negotiation-server +client = 355-version-negotiation-client + +[355-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MinProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[355-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-355] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[356-version-negotiation] +ssl_conf = 356-version-negotiation-ssl + +[356-version-negotiation-ssl] +server = 356-version-negotiation-server +client = 356-version-negotiation-client + +[356-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1.1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[356-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-356] +ExpectedResult = ClientFail + + +# =========================================================== + +[357-version-negotiation] +ssl_conf = 357-version-negotiation-ssl + +[357-version-negotiation-ssl] +server = 357-version-negotiation-server +client = 357-version-negotiation-client + +[357-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[357-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-357] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[358-version-negotiation] +ssl_conf = 358-version-negotiation-ssl + +[358-version-negotiation-ssl] +server = 358-version-negotiation-server +client = 358-version-negotiation-client + +[358-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MinProtocol = TLSv1.1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[358-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-358] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[359-version-negotiation] +ssl_conf = 359-version-negotiation-ssl + +[359-version-negotiation-ssl] +server = 359-version-negotiation-server +client = 359-version-negotiation-client + +[359-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[359-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-359] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[360-version-negotiation] +ssl_conf = 360-version-negotiation-ssl + +[360-version-negotiation-ssl] +server = 360-version-negotiation-server +client = 360-version-negotiation-client + +[360-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MinProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[360-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-360] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + diff --git a/openssl-1.1.0h/test/ssl-tests/02-protocol-version.conf.in b/openssl-1.1.0h/test/ssl-tests/02-protocol-version.conf.in new file mode 100644 index 0000000..26d64b5 --- /dev/null +++ b/openssl-1.1.0h/test/ssl-tests/02-protocol-version.conf.in @@ -0,0 +1,19 @@ +# -*- mode: perl; -*- +# Copyright 2016-2016 The OpenSSL Project Authors. All Rights Reserved. +# +# Licensed under the OpenSSL license (the "License"). You may not use +# this file except in compliance with the License. You can obtain a copy +# in the file LICENSE in the source distribution or at +# https://www.openssl.org/source/license.html + + +## Test TLS version negotiation + +package ssltests; + +use strict; +use warnings; + +use protocol_version; + +our @tests = generate_version_tests("TLS"); diff --git a/openssl-1.1.0h/test/ssl-tests/03-custom_verify.conf b/openssl-1.1.0h/test/ssl-tests/03-custom_verify.conf new file mode 100644 index 0000000..8dca715 --- /dev/null +++ b/openssl-1.1.0h/test/ssl-tests/03-custom_verify.conf @@ -0,0 +1,238 @@ +# Generated with generate_ssl_tests.pl + +num_tests = 9 + +test-0 = 0-verify-success +test-1 = 1-verify-custom-reject +test-2 = 2-verify-custom-allow +test-3 = 3-noverify-success +test-4 = 4-noverify-ignore-custom-reject +test-5 = 5-noverify-accept-custom-allow +test-6 = 6-verify-fail-no-root +test-7 = 7-verify-custom-success-no-root +test-8 = 8-verify-custom-fail-no-root +# =========================================================== + +[0-verify-success] +ssl_conf = 0-verify-success-ssl + +[0-verify-success-ssl] +server = 0-verify-success-server +client = 0-verify-success-client + +[0-verify-success-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[0-verify-success-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-0] +ExpectedResult = Success + + +# =========================================================== + +[1-verify-custom-reject] +ssl_conf = 1-verify-custom-reject-ssl + +[1-verify-custom-reject-ssl] +server = 1-verify-custom-reject-server +client = 1-verify-custom-reject-client + +[1-verify-custom-reject-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[1-verify-custom-reject-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-1] +ExpectedClientAlert = HandshakeFailure +ExpectedResult = ClientFail +client = 1-verify-custom-reject-client-extra + +[1-verify-custom-reject-client-extra] +VerifyCallback = RejectAll + + +# =========================================================== + +[2-verify-custom-allow] +ssl_conf = 2-verify-custom-allow-ssl + +[2-verify-custom-allow-ssl] +server = 2-verify-custom-allow-server +client = 2-verify-custom-allow-client + +[2-verify-custom-allow-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[2-verify-custom-allow-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-2] +ExpectedResult = Success +client = 2-verify-custom-allow-client-extra + +[2-verify-custom-allow-client-extra] +VerifyCallback = AcceptAll + + +# =========================================================== + +[3-noverify-success] +ssl_conf = 3-noverify-success-ssl + +[3-noverify-success-ssl] +server = 3-noverify-success-server +client = 3-noverify-success-client + +[3-noverify-success-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[3-noverify-success-client] +CipherString = DEFAULT + +[test-3] +ExpectedResult = Success + + +# =========================================================== + +[4-noverify-ignore-custom-reject] +ssl_conf = 4-noverify-ignore-custom-reject-ssl + +[4-noverify-ignore-custom-reject-ssl] +server = 4-noverify-ignore-custom-reject-server +client = 4-noverify-ignore-custom-reject-client + +[4-noverify-ignore-custom-reject-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[4-noverify-ignore-custom-reject-client] +CipherString = DEFAULT + +[test-4] +ExpectedResult = Success +client = 4-noverify-ignore-custom-reject-client-extra + +[4-noverify-ignore-custom-reject-client-extra] +VerifyCallback = RejectAll + + +# =========================================================== + +[5-noverify-accept-custom-allow] +ssl_conf = 5-noverify-accept-custom-allow-ssl + +[5-noverify-accept-custom-allow-ssl] +server = 5-noverify-accept-custom-allow-server +client = 5-noverify-accept-custom-allow-client + +[5-noverify-accept-custom-allow-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[5-noverify-accept-custom-allow-client] +CipherString = DEFAULT + +[test-5] +ExpectedResult = Success +client = 5-noverify-accept-custom-allow-client-extra + +[5-noverify-accept-custom-allow-client-extra] +VerifyCallback = AcceptAll + + +# =========================================================== + +[6-verify-fail-no-root] +ssl_conf = 6-verify-fail-no-root-ssl + +[6-verify-fail-no-root-ssl] +server = 6-verify-fail-no-root-server +client = 6-verify-fail-no-root-client + +[6-verify-fail-no-root-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[6-verify-fail-no-root-client] +CipherString = DEFAULT +VerifyMode = Peer + +[test-6] +ExpectedClientAlert = UnknownCA +ExpectedResult = ClientFail + + +# =========================================================== + +[7-verify-custom-success-no-root] +ssl_conf = 7-verify-custom-success-no-root-ssl + +[7-verify-custom-success-no-root-ssl] +server = 7-verify-custom-success-no-root-server +client = 7-verify-custom-success-no-root-client + +[7-verify-custom-success-no-root-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[7-verify-custom-success-no-root-client] +CipherString = DEFAULT +VerifyMode = Peer + +[test-7] +ExpectedResult = Success +client = 7-verify-custom-success-no-root-client-extra + +[7-verify-custom-success-no-root-client-extra] +VerifyCallback = AcceptAll + + +# =========================================================== + +[8-verify-custom-fail-no-root] +ssl_conf = 8-verify-custom-fail-no-root-ssl + +[8-verify-custom-fail-no-root-ssl] +server = 8-verify-custom-fail-no-root-server +client = 8-verify-custom-fail-no-root-client + +[8-verify-custom-fail-no-root-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[8-verify-custom-fail-no-root-client] +CipherString = DEFAULT +VerifyMode = Peer + +[test-8] +ExpectedClientAlert = HandshakeFailure +ExpectedResult = ClientFail +client = 8-verify-custom-fail-no-root-client-extra + +[8-verify-custom-fail-no-root-client-extra] +VerifyCallback = RejectAll + + diff --git a/openssl-1.1.0h/test/ssl-tests/03-custom_verify.conf.in b/openssl-1.1.0h/test/ssl-tests/03-custom_verify.conf.in new file mode 100644 index 0000000..287ca9b --- /dev/null +++ b/openssl-1.1.0h/test/ssl-tests/03-custom_verify.conf.in @@ -0,0 +1,145 @@ +# -*- mode: perl; -*- +# Copyright 2016-2016 The OpenSSL Project Authors. All Rights Reserved. +# +# Licensed under the OpenSSL license (the "License"). You may not use +# this file except in compliance with the License. You can obtain a copy +# in the file LICENSE in the source distribution or at +# https://www.openssl.org/source/license.html + + +## SSL test configurations + +package ssltests; + +our @tests = ( + + # Sanity-check that verification indeed succeeds without the + # restrictive callback. + { + name => "verify-success", + server => { }, + client => { }, + test => { "ExpectedResult" => "Success" }, + }, + + # Same test as above but with a custom callback that always fails. + { + name => "verify-custom-reject", + server => { }, + client => { + extra => { + "VerifyCallback" => "RejectAll", + }, + }, + test => { + "ExpectedResult" => "ClientFail", + "ExpectedClientAlert" => "HandshakeFailure", + }, + }, + + # Same test as above but with a custom callback that always succeeds. + { + name => "verify-custom-allow", + server => { }, + client => { + extra => { + "VerifyCallback" => "AcceptAll", + }, + }, + test => { + "ExpectedResult" => "Success", + }, + }, + + # Sanity-check that verification indeed succeeds if peer verification + # is not requested. + { + name => "noverify-success", + server => { }, + client => { + "VerifyMode" => undef, + "VerifyCAFile" => undef, + }, + test => { "ExpectedResult" => "Success" }, + }, + + # Same test as above but with a custom callback that always fails. + # The callback return has no impact on handshake success in this mode. + { + name => "noverify-ignore-custom-reject", + server => { }, + client => { + "VerifyMode" => undef, + "VerifyCAFile" => undef, + extra => { + "VerifyCallback" => "RejectAll", + }, + }, + test => { + "ExpectedResult" => "Success", + }, + }, + + # Same test as above but with a custom callback that always succeeds. + # The callback return has no impact on handshake success in this mode. + { + name => "noverify-accept-custom-allow", + server => { }, + client => { + "VerifyMode" => undef, + "VerifyCAFile" => undef, + extra => { + "VerifyCallback" => "AcceptAll", + }, + }, + test => { + "ExpectedResult" => "Success", + }, + }, + + # Sanity-check that verification indeed fails without the + # permissive callback. + { + name => "verify-fail-no-root", + server => { }, + client => { + # Don't set up the client root file. + "VerifyCAFile" => undef, + }, + test => { + "ExpectedResult" => "ClientFail", + "ExpectedClientAlert" => "UnknownCA", + }, + }, + + # Same test as above but with a custom callback that always succeeds. + { + name => "verify-custom-success-no-root", + server => { }, + client => { + "VerifyCAFile" => undef, + extra => { + "VerifyCallback" => "AcceptAll", + }, + }, + test => { + "ExpectedResult" => "Success" + }, + }, + + # Same test as above but with a custom callback that always fails. + { + name => "verify-custom-fail-no-root", + server => { }, + client => { + "VerifyCAFile" => undef, + extra => { + "VerifyCallback" => "RejectAll", + }, + }, + test => { + "ExpectedResult" => "ClientFail", + "ExpectedClientAlert" => "HandshakeFailure", + }, + }, +); diff --git a/openssl-1.1.0h/test/ssl-tests/04-client_auth.conf b/openssl-1.1.0h/test/ssl-tests/04-client_auth.conf new file mode 100644 index 0000000..0e91bed --- /dev/null +++ b/openssl-1.1.0h/test/ssl-tests/04-client_auth.conf @@ -0,0 +1,592 @@ +# Generated with generate_ssl_tests.pl + +num_tests = 20 + +test-0 = 0-server-auth-flex +test-1 = 1-client-auth-flex-request +test-2 = 2-client-auth-flex-require-fail +test-3 = 3-client-auth-flex-require +test-4 = 4-client-auth-flex-noroot +test-5 = 5-server-auth-TLSv1 +test-6 = 6-client-auth-TLSv1-request +test-7 = 7-client-auth-TLSv1-require-fail +test-8 = 8-client-auth-TLSv1-require +test-9 = 9-client-auth-TLSv1-noroot +test-10 = 10-server-auth-TLSv1.1 +test-11 = 11-client-auth-TLSv1.1-request +test-12 = 12-client-auth-TLSv1.1-require-fail +test-13 = 13-client-auth-TLSv1.1-require +test-14 = 14-client-auth-TLSv1.1-noroot +test-15 = 15-server-auth-TLSv1.2 +test-16 = 16-client-auth-TLSv1.2-request +test-17 = 17-client-auth-TLSv1.2-require-fail +test-18 = 18-client-auth-TLSv1.2-require +test-19 = 19-client-auth-TLSv1.2-noroot +# =========================================================== + +[0-server-auth-flex] +ssl_conf = 0-server-auth-flex-ssl + +[0-server-auth-flex-ssl] +server = 0-server-auth-flex-server +client = 0-server-auth-flex-client + +[0-server-auth-flex-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[0-server-auth-flex-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-0] +ExpectedResult = Success + + +# =========================================================== + +[1-client-auth-flex-request] +ssl_conf = 1-client-auth-flex-request-ssl + +[1-client-auth-flex-request-ssl] +server = 1-client-auth-flex-request-server +client = 1-client-auth-flex-request-client + +[1-client-auth-flex-request-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem +VerifyMode = Request + +[1-client-auth-flex-request-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-1] +ExpectedResult = Success + + +# =========================================================== + +[2-client-auth-flex-require-fail] +ssl_conf = 2-client-auth-flex-require-fail-ssl + +[2-client-auth-flex-require-fail-ssl] +server = 2-client-auth-flex-require-fail-server +client = 2-client-auth-flex-require-fail-client + +[2-client-auth-flex-require-fail-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem +VerifyMode = Require + +[2-client-auth-flex-require-fail-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-2] +ExpectedResult = ServerFail +ExpectedServerAlert = HandshakeFailure + + +# =========================================================== + +[3-client-auth-flex-require] +ssl_conf = 3-client-auth-flex-require-ssl + +[3-client-auth-flex-require-ssl] +server = 3-client-auth-flex-require-server +client = 3-client-auth-flex-require-client + +[3-client-auth-flex-require-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem +VerifyMode = Request + +[3-client-auth-flex-require-client] +Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-3] +ExpectedResult = Success + + +# =========================================================== + +[4-client-auth-flex-noroot] +ssl_conf = 4-client-auth-flex-noroot-ssl + +[4-client-auth-flex-noroot-ssl] +server = 4-client-auth-flex-noroot-server +client = 4-client-auth-flex-noroot-client + +[4-client-auth-flex-noroot-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem +VerifyMode = Require + +[4-client-auth-flex-noroot-client] +Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-4] +ExpectedResult = ServerFail +ExpectedServerAlert = UnknownCA + + +# =========================================================== + +[5-server-auth-TLSv1] +ssl_conf = 5-server-auth-TLSv1-ssl + +[5-server-auth-TLSv1-ssl] +server = 5-server-auth-TLSv1-server +client = 5-server-auth-TLSv1-client + +[5-server-auth-TLSv1-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1 +MinProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[5-server-auth-TLSv1-client] +CipherString = DEFAULT +MaxProtocol = TLSv1 +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-5] +ExpectedResult = Success + + +# =========================================================== + +[6-client-auth-TLSv1-request] +ssl_conf = 6-client-auth-TLSv1-request-ssl + +[6-client-auth-TLSv1-request-ssl] +server = 6-client-auth-TLSv1-request-server +client = 6-client-auth-TLSv1-request-client + +[6-client-auth-TLSv1-request-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1 +MinProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem +VerifyMode = Request + +[6-client-auth-TLSv1-request-client] +CipherString = DEFAULT +MaxProtocol = TLSv1 +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-6] +ExpectedResult = Success + + +# =========================================================== + +[7-client-auth-TLSv1-require-fail] +ssl_conf = 7-client-auth-TLSv1-require-fail-ssl + +[7-client-auth-TLSv1-require-fail-ssl] +server = 7-client-auth-TLSv1-require-fail-server +client = 7-client-auth-TLSv1-require-fail-client + +[7-client-auth-TLSv1-require-fail-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1 +MinProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem +VerifyMode = Require + +[7-client-auth-TLSv1-require-fail-client] +CipherString = DEFAULT +MaxProtocol = TLSv1 +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-7] +ExpectedResult = ServerFail +ExpectedServerAlert = HandshakeFailure + + +# =========================================================== + +[8-client-auth-TLSv1-require] +ssl_conf = 8-client-auth-TLSv1-require-ssl + +[8-client-auth-TLSv1-require-ssl] +server = 8-client-auth-TLSv1-require-server +client = 8-client-auth-TLSv1-require-client + +[8-client-auth-TLSv1-require-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1 +MinProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem +VerifyMode = Request + +[8-client-auth-TLSv1-require-client] +Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem +CipherString = DEFAULT +MaxProtocol = TLSv1 +MinProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-8] +ExpectedResult = Success + + +# =========================================================== + +[9-client-auth-TLSv1-noroot] +ssl_conf = 9-client-auth-TLSv1-noroot-ssl + +[9-client-auth-TLSv1-noroot-ssl] +server = 9-client-auth-TLSv1-noroot-server +client = 9-client-auth-TLSv1-noroot-client + +[9-client-auth-TLSv1-noroot-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1 +MinProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem +VerifyMode = Require + +[9-client-auth-TLSv1-noroot-client] +Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem +CipherString = DEFAULT +MaxProtocol = TLSv1 +MinProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-9] +ExpectedResult = ServerFail +ExpectedServerAlert = UnknownCA + + +# =========================================================== + +[10-server-auth-TLSv1.1] +ssl_conf = 10-server-auth-TLSv1.1-ssl + +[10-server-auth-TLSv1.1-ssl] +server = 10-server-auth-TLSv1.1-server +client = 10-server-auth-TLSv1.1-client + +[10-server-auth-TLSv1.1-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1.1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[10-server-auth-TLSv1.1-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-10] +ExpectedResult = Success + + +# =========================================================== + +[11-client-auth-TLSv1.1-request] +ssl_conf = 11-client-auth-TLSv1.1-request-ssl + +[11-client-auth-TLSv1.1-request-ssl] +server = 11-client-auth-TLSv1.1-request-server +client = 11-client-auth-TLSv1.1-request-client + +[11-client-auth-TLSv1.1-request-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1.1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem +VerifyMode = Request + +[11-client-auth-TLSv1.1-request-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-11] +ExpectedResult = Success + + +# =========================================================== + +[12-client-auth-TLSv1.1-require-fail] +ssl_conf = 12-client-auth-TLSv1.1-require-fail-ssl + +[12-client-auth-TLSv1.1-require-fail-ssl] +server = 12-client-auth-TLSv1.1-require-fail-server +client = 12-client-auth-TLSv1.1-require-fail-client + +[12-client-auth-TLSv1.1-require-fail-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1.1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem +VerifyMode = Require + +[12-client-auth-TLSv1.1-require-fail-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-12] +ExpectedResult = ServerFail +ExpectedServerAlert = HandshakeFailure + + +# =========================================================== + +[13-client-auth-TLSv1.1-require] +ssl_conf = 13-client-auth-TLSv1.1-require-ssl + +[13-client-auth-TLSv1.1-require-ssl] +server = 13-client-auth-TLSv1.1-require-server +client = 13-client-auth-TLSv1.1-require-client + +[13-client-auth-TLSv1.1-require-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1.1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem +VerifyMode = Request + +[13-client-auth-TLSv1.1-require-client] +Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1.1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-13] +ExpectedResult = Success + + +# =========================================================== + +[14-client-auth-TLSv1.1-noroot] +ssl_conf = 14-client-auth-TLSv1.1-noroot-ssl + +[14-client-auth-TLSv1.1-noroot-ssl] +server = 14-client-auth-TLSv1.1-noroot-server +client = 14-client-auth-TLSv1.1-noroot-client + +[14-client-auth-TLSv1.1-noroot-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1.1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem +VerifyMode = Require + +[14-client-auth-TLSv1.1-noroot-client] +Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1.1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-14] +ExpectedResult = ServerFail +ExpectedServerAlert = UnknownCA + + +# =========================================================== + +[15-server-auth-TLSv1.2] +ssl_conf = 15-server-auth-TLSv1.2-ssl + +[15-server-auth-TLSv1.2-ssl] +server = 15-server-auth-TLSv1.2-server +client = 15-server-auth-TLSv1.2-client + +[15-server-auth-TLSv1.2-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[15-server-auth-TLSv1.2-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-15] +ExpectedResult = Success + + +# =========================================================== + +[16-client-auth-TLSv1.2-request] +ssl_conf = 16-client-auth-TLSv1.2-request-ssl + +[16-client-auth-TLSv1.2-request-ssl] +server = 16-client-auth-TLSv1.2-request-server +client = 16-client-auth-TLSv1.2-request-client + +[16-client-auth-TLSv1.2-request-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem +VerifyMode = Request + +[16-client-auth-TLSv1.2-request-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-16] +ExpectedResult = Success + + +# =========================================================== + +[17-client-auth-TLSv1.2-require-fail] +ssl_conf = 17-client-auth-TLSv1.2-require-fail-ssl + +[17-client-auth-TLSv1.2-require-fail-ssl] +server = 17-client-auth-TLSv1.2-require-fail-server +client = 17-client-auth-TLSv1.2-require-fail-client + +[17-client-auth-TLSv1.2-require-fail-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem +VerifyMode = Require + +[17-client-auth-TLSv1.2-require-fail-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-17] +ExpectedResult = ServerFail +ExpectedServerAlert = HandshakeFailure + + +# =========================================================== + +[18-client-auth-TLSv1.2-require] +ssl_conf = 18-client-auth-TLSv1.2-require-ssl + +[18-client-auth-TLSv1.2-require-ssl] +server = 18-client-auth-TLSv1.2-require-server +client = 18-client-auth-TLSv1.2-require-client + +[18-client-auth-TLSv1.2-require-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem +VerifyMode = Request + +[18-client-auth-TLSv1.2-require-client] +Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-18] +ExpectedResult = Success + + +# =========================================================== + +[19-client-auth-TLSv1.2-noroot] +ssl_conf = 19-client-auth-TLSv1.2-noroot-ssl + +[19-client-auth-TLSv1.2-noroot-ssl] +server = 19-client-auth-TLSv1.2-noroot-server +client = 19-client-auth-TLSv1.2-noroot-client + +[19-client-auth-TLSv1.2-noroot-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem +VerifyMode = Require + +[19-client-auth-TLSv1.2-noroot-client] +Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-19] +ExpectedResult = ServerFail +ExpectedServerAlert = UnknownCA + + diff --git a/openssl-1.1.0h/test/ssl-tests/04-client_auth.conf.in b/openssl-1.1.0h/test/ssl-tests/04-client_auth.conf.in new file mode 100644 index 0000000..8738aaa --- /dev/null +++ b/openssl-1.1.0h/test/ssl-tests/04-client_auth.conf.in @@ -0,0 +1,123 @@ +# -*- mode: perl; -*- + +## SSL test configurations + +package ssltests; + +use strict; +use warnings; + +use OpenSSL::Test; +use OpenSSL::Test::Utils qw(anydisabled); +setup("no_test_here"); + +# We test version-flexible negotiation (undef) and each protocol version. +my @protocols = (undef, "SSLv3", "TLSv1", "TLSv1.1", "TLSv1.2"); + +my @is_disabled = (0); +push @is_disabled, anydisabled("ssl3", "tls1", "tls1_1", "tls1_2"); + +our @tests = (); + +sub generate_tests() { + + foreach (0..$#protocols) { + my $protocol = $protocols[$_]; + my $protocol_name = $protocol || "flex"; + my $caalert; + if (!$is_disabled[$_]) { + if ($protocol_name eq "SSLv3") { + $caalert = "BadCertificate"; + } else { + $caalert = "UnknownCA"; + } + # Sanity-check simple handshake. + push @tests, { + name => "server-auth-${protocol_name}", + server => { + "MinProtocol" => $protocol, + "MaxProtocol" => $protocol + }, + client => { + "MinProtocol" => $protocol, + "MaxProtocol" => $protocol + }, + test => { "ExpectedResult" => "Success" }, + }; + + # Handshake with client cert requested but not required or received. + push @tests, { + name => "client-auth-${protocol_name}-request", + server => { + "MinProtocol" => $protocol, + "MaxProtocol" => $protocol, + "VerifyMode" => "Request" + }, + client => { + "MinProtocol" => $protocol, + "MaxProtocol" => $protocol + }, + test => { "ExpectedResult" => "Success" }, + }; + + # Handshake with client cert required but not present. + push @tests, { + name => "client-auth-${protocol_name}-require-fail", + server => { + "MinProtocol" => $protocol, + "MaxProtocol" => $protocol, + "VerifyCAFile" => test_pem("root-cert.pem"), + "VerifyMode" => "Require", + }, + client => { + "MinProtocol" => $protocol, + "MaxProtocol" => $protocol + }, + test => { + "ExpectedResult" => "ServerFail", + "ExpectedServerAlert" => "HandshakeFailure", + }, + }; + + # Successful handshake with client authentication. + push @tests, { + name => "client-auth-${protocol_name}-require", + server => { + "MinProtocol" => $protocol, + "MaxProtocol" => $protocol, + "VerifyCAFile" => test_pem("root-cert.pem"), + "VerifyMode" => "Request", + }, + client => { + "MinProtocol" => $protocol, + "MaxProtocol" => $protocol, + "Certificate" => test_pem("ee-client-chain.pem"), + "PrivateKey" => test_pem("ee-key.pem"), + }, + test => { "ExpectedResult" => "Success" }, + }; + + # Handshake with client authentication but without the root certificate. + push @tests, { + name => "client-auth-${protocol_name}-noroot", + server => { + "MinProtocol" => $protocol, + "MaxProtocol" => $protocol, + "VerifyMode" => "Require", + }, + client => { + "MinProtocol" => $protocol, + "MaxProtocol" => $protocol, + "Certificate" => test_pem("ee-client-chain.pem"), + "PrivateKey" => test_pem("ee-key.pem"), + }, + test => { + "ExpectedResult" => "ServerFail", + "ExpectedServerAlert" => $caalert, + }, + }; + } + } +} + +generate_tests(); diff --git a/openssl-1.1.0h/test/ssl-tests/05-sni.conf b/openssl-1.1.0h/test/ssl-tests/05-sni.conf new file mode 100644 index 0000000..e1fb3d9 --- /dev/null +++ b/openssl-1.1.0h/test/ssl-tests/05-sni.conf @@ -0,0 +1,203 @@ +# Generated with generate_ssl_tests.pl + +num_tests = 6 + +test-0 = 0-SNI-switch-context +test-1 = 1-SNI-keep-context +test-2 = 2-SNI-no-server-support +test-3 = 3-SNI-no-client-support +test-4 = 4-SNI-bad-sni-ignore-mismatch +test-5 = 5-SNI-bad-sni-reject-mismatch +# =========================================================== + +[0-SNI-switch-context] +ssl_conf = 0-SNI-switch-context-ssl + +[0-SNI-switch-context-ssl] +server = 0-SNI-switch-context-server +client = 0-SNI-switch-context-client +server2 = 0-SNI-switch-context-server + +[0-SNI-switch-context-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[0-SNI-switch-context-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-0] +ExpectedResult = Success +ExpectedServerName = server2 +server = 0-SNI-switch-context-server-extra +server2 = 0-SNI-switch-context-server-extra +client = 0-SNI-switch-context-client-extra + +[0-SNI-switch-context-server-extra] +ServerNameCallback = IgnoreMismatch + +[0-SNI-switch-context-client-extra] +ServerName = server2 + + +# =========================================================== + +[1-SNI-keep-context] +ssl_conf = 1-SNI-keep-context-ssl + +[1-SNI-keep-context-ssl] +server = 1-SNI-keep-context-server +client = 1-SNI-keep-context-client +server2 = 1-SNI-keep-context-server + +[1-SNI-keep-context-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[1-SNI-keep-context-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-1] +ExpectedResult = Success +ExpectedServerName = server1 +server = 1-SNI-keep-context-server-extra +server2 = 1-SNI-keep-context-server-extra +client = 1-SNI-keep-context-client-extra + +[1-SNI-keep-context-server-extra] +ServerNameCallback = IgnoreMismatch + +[1-SNI-keep-context-client-extra] +ServerName = server1 + + +# =========================================================== + +[2-SNI-no-server-support] +ssl_conf = 2-SNI-no-server-support-ssl + +[2-SNI-no-server-support-ssl] +server = 2-SNI-no-server-support-server +client = 2-SNI-no-server-support-client + +[2-SNI-no-server-support-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[2-SNI-no-server-support-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-2] +ExpectedResult = Success +client = 2-SNI-no-server-support-client-extra + +[2-SNI-no-server-support-client-extra] +ServerName = server1 + + +# =========================================================== + +[3-SNI-no-client-support] +ssl_conf = 3-SNI-no-client-support-ssl + +[3-SNI-no-client-support-ssl] +server = 3-SNI-no-client-support-server +client = 3-SNI-no-client-support-client +server2 = 3-SNI-no-client-support-server + +[3-SNI-no-client-support-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[3-SNI-no-client-support-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-3] +ExpectedResult = Success +ExpectedServerName = server1 +server = 3-SNI-no-client-support-server-extra +server2 = 3-SNI-no-client-support-server-extra + +[3-SNI-no-client-support-server-extra] +ServerNameCallback = IgnoreMismatch + + +# =========================================================== + +[4-SNI-bad-sni-ignore-mismatch] +ssl_conf = 4-SNI-bad-sni-ignore-mismatch-ssl + +[4-SNI-bad-sni-ignore-mismatch-ssl] +server = 4-SNI-bad-sni-ignore-mismatch-server +client = 4-SNI-bad-sni-ignore-mismatch-client +server2 = 4-SNI-bad-sni-ignore-mismatch-server + +[4-SNI-bad-sni-ignore-mismatch-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[4-SNI-bad-sni-ignore-mismatch-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-4] +ExpectedResult = Success +ExpectedServerName = server1 +server = 4-SNI-bad-sni-ignore-mismatch-server-extra +server2 = 4-SNI-bad-sni-ignore-mismatch-server-extra +client = 4-SNI-bad-sni-ignore-mismatch-client-extra + +[4-SNI-bad-sni-ignore-mismatch-server-extra] +ServerNameCallback = IgnoreMismatch + +[4-SNI-bad-sni-ignore-mismatch-client-extra] +ServerName = invalid + + +# =========================================================== + +[5-SNI-bad-sni-reject-mismatch] +ssl_conf = 5-SNI-bad-sni-reject-mismatch-ssl + +[5-SNI-bad-sni-reject-mismatch-ssl] +server = 5-SNI-bad-sni-reject-mismatch-server +client = 5-SNI-bad-sni-reject-mismatch-client +server2 = 5-SNI-bad-sni-reject-mismatch-server + +[5-SNI-bad-sni-reject-mismatch-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[5-SNI-bad-sni-reject-mismatch-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-5] +ExpectedResult = ServerFail +ExpectedServerAlert = UnrecognizedName +server = 5-SNI-bad-sni-reject-mismatch-server-extra +server2 = 5-SNI-bad-sni-reject-mismatch-server-extra +client = 5-SNI-bad-sni-reject-mismatch-client-extra + +[5-SNI-bad-sni-reject-mismatch-server-extra] +ServerNameCallback = RejectMismatch + +[5-SNI-bad-sni-reject-mismatch-client-extra] +ServerName = invalid + + diff --git a/openssl-1.1.0h/test/ssl-tests/05-sni.conf.in b/openssl-1.1.0h/test/ssl-tests/05-sni.conf.in new file mode 100644 index 0000000..76003e7 --- /dev/null +++ b/openssl-1.1.0h/test/ssl-tests/05-sni.conf.in @@ -0,0 +1,112 @@ +# -*- mode: perl; -*- +# Copyright 2016-2016 The OpenSSL Project Authors. All Rights Reserved. +# +# Licensed under the OpenSSL license (the "License"). You may not use +# this file except in compliance with the License. You can obtain a copy +# in the file LICENSE in the source distribution or at +# https://www.openssl.org/source/license.html + + +## SSL test configurations + +use strict; +use warnings; + +package ssltests; + +our @tests = ( + { + name => "SNI-switch-context", + server => { + extra => { + "ServerNameCallback" => "IgnoreMismatch", + }, + }, + client => { + extra => { + "ServerName" => "server2", + }, + }, + test => { + "ExpectedServerName" => "server2", + "ExpectedResult" => "Success" + }, + }, + { + name => "SNI-keep-context", + server => { + extra => { + "ServerNameCallback" => "IgnoreMismatch", + }, + }, + client => { + extra => { + "ServerName" => "server1", + }, + }, + test => { + "ExpectedServerName" => "server1", + "ExpectedResult" => "Success" + }, + }, + { + name => "SNI-no-server-support", + server => { }, + client => { + extra => { + "ServerName" => "server1", + }, + }, + test => { "ExpectedResult" => "Success" }, + }, + { + name => "SNI-no-client-support", + server => { + extra => { + "ServerNameCallback" => "IgnoreMismatch", + }, + }, + client => { }, + test => { + # We expect that the callback is still called + # to let the application decide whether they tolerate + # missing SNI (as our test callback does). + "ExpectedServerName" => "server1", + "ExpectedResult" => "Success" + }, + }, + { + name => "SNI-bad-sni-ignore-mismatch", + server => { + extra => { + "ServerNameCallback" => "IgnoreMismatch", + }, + }, + client => { + extra => { + "ServerName" => "invalid", + }, + }, + test => { + "ExpectedServerName" => "server1", + "ExpectedResult" => "Success" + }, + }, + { + name => "SNI-bad-sni-reject-mismatch", + server => { + extra => { + "ServerNameCallback" => "RejectMismatch", + }, + }, + client => { + extra => { + "ServerName" => "invalid", + }, + }, + test => { + "ExpectedResult" => "ServerFail", + "ExpectedServerAlert" => "UnrecognizedName" + }, + }, +); diff --git a/openssl-1.1.0h/test/ssl-tests/06-sni-ticket.conf b/openssl-1.1.0h/test/ssl-tests/06-sni-ticket.conf new file mode 100644 index 0000000..9620e01 --- /dev/null +++ b/openssl-1.1.0h/test/ssl-tests/06-sni-ticket.conf @@ -0,0 +1,734 @@ +# Generated with generate_ssl_tests.pl + +num_tests = 17 + +test-0 = 0-sni-session-ticket +test-1 = 1-sni-session-ticket +test-2 = 2-sni-session-ticket +test-3 = 3-sni-session-ticket +test-4 = 4-sni-session-ticket +test-5 = 5-sni-session-ticket +test-6 = 6-sni-session-ticket +test-7 = 7-sni-session-ticket +test-8 = 8-sni-session-ticket +test-9 = 9-sni-session-ticket +test-10 = 10-sni-session-ticket +test-11 = 11-sni-session-ticket +test-12 = 12-sni-session-ticket +test-13 = 13-sni-session-ticket +test-14 = 14-sni-session-ticket +test-15 = 15-sni-session-ticket +test-16 = 16-sni-session-ticket +# =========================================================== + +[0-sni-session-ticket] +ssl_conf = 0-sni-session-ticket-ssl + +[0-sni-session-ticket-ssl] +server = 0-sni-session-ticket-server +client = 0-sni-session-ticket-client +server2 = 0-sni-session-ticket-server2 + +[0-sni-session-ticket-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +Options = SessionTicket +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[0-sni-session-ticket-server2] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +Options = SessionTicket +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[0-sni-session-ticket-client] +CipherString = DEFAULT +Options = SessionTicket +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-0] +ExpectedResult = Success +SessionTicketExpected = No +server = 0-sni-session-ticket-server-extra +client = 0-sni-session-ticket-client-extra + +[0-sni-session-ticket-server-extra] +BrokenSessionTicket = Yes + +[0-sni-session-ticket-client-extra] +ServerName = server1 + + +# =========================================================== + +[1-sni-session-ticket] +ssl_conf = 1-sni-session-ticket-ssl + +[1-sni-session-ticket-ssl] +server = 1-sni-session-ticket-server +client = 1-sni-session-ticket-client +server2 = 1-sni-session-ticket-server2 + +[1-sni-session-ticket-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +Options = SessionTicket +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[1-sni-session-ticket-server2] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +Options = SessionTicket +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[1-sni-session-ticket-client] +CipherString = DEFAULT +Options = SessionTicket +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-1] +ExpectedResult = Success +ExpectedServerName = server1 +SessionTicketExpected = Yes +server = 1-sni-session-ticket-server-extra +client = 1-sni-session-ticket-client-extra + +[1-sni-session-ticket-server-extra] +ServerNameCallback = IgnoreMismatch + +[1-sni-session-ticket-client-extra] +ServerName = server1 + + +# =========================================================== + +[2-sni-session-ticket] +ssl_conf = 2-sni-session-ticket-ssl + +[2-sni-session-ticket-ssl] +server = 2-sni-session-ticket-server +client = 2-sni-session-ticket-client +server2 = 2-sni-session-ticket-server2 + +[2-sni-session-ticket-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +Options = SessionTicket +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[2-sni-session-ticket-server2] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +Options = SessionTicket +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[2-sni-session-ticket-client] +CipherString = DEFAULT +Options = SessionTicket +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-2] +ExpectedResult = Success +ExpectedServerName = server2 +SessionTicketExpected = Yes +server = 2-sni-session-ticket-server-extra +client = 2-sni-session-ticket-client-extra + +[2-sni-session-ticket-server-extra] +ServerNameCallback = IgnoreMismatch + +[2-sni-session-ticket-client-extra] +ServerName = server2 + + +# =========================================================== + +[3-sni-session-ticket] +ssl_conf = 3-sni-session-ticket-ssl + +[3-sni-session-ticket-ssl] +server = 3-sni-session-ticket-server +client = 3-sni-session-ticket-client +server2 = 3-sni-session-ticket-server2 + +[3-sni-session-ticket-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +Options = SessionTicket +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[3-sni-session-ticket-server2] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +Options = -SessionTicket +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[3-sni-session-ticket-client] +CipherString = DEFAULT +Options = SessionTicket +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-3] +ExpectedResult = Success +ExpectedServerName = server1 +SessionTicketExpected = Yes +server = 3-sni-session-ticket-server-extra +client = 3-sni-session-ticket-client-extra + +[3-sni-session-ticket-server-extra] +ServerNameCallback = IgnoreMismatch + +[3-sni-session-ticket-client-extra] +ServerName = server1 + + +# =========================================================== + +[4-sni-session-ticket] +ssl_conf = 4-sni-session-ticket-ssl + +[4-sni-session-ticket-ssl] +server = 4-sni-session-ticket-server +client = 4-sni-session-ticket-client +server2 = 4-sni-session-ticket-server2 + +[4-sni-session-ticket-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +Options = SessionTicket +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[4-sni-session-ticket-server2] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +Options = -SessionTicket +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[4-sni-session-ticket-client] +CipherString = DEFAULT +Options = SessionTicket +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-4] +ExpectedResult = Success +ExpectedServerName = server2 +SessionTicketExpected = No +server = 4-sni-session-ticket-server-extra +client = 4-sni-session-ticket-client-extra + +[4-sni-session-ticket-server-extra] +ServerNameCallback = IgnoreMismatch + +[4-sni-session-ticket-client-extra] +ServerName = server2 + + +# =========================================================== + +[5-sni-session-ticket] +ssl_conf = 5-sni-session-ticket-ssl + +[5-sni-session-ticket-ssl] +server = 5-sni-session-ticket-server +client = 5-sni-session-ticket-client +server2 = 5-sni-session-ticket-server2 + +[5-sni-session-ticket-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +Options = -SessionTicket +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[5-sni-session-ticket-server2] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +Options = SessionTicket +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[5-sni-session-ticket-client] +CipherString = DEFAULT +Options = SessionTicket +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-5] +ExpectedResult = Success +ExpectedServerName = server1 +SessionTicketExpected = No +server = 5-sni-session-ticket-server-extra +client = 5-sni-session-ticket-client-extra + +[5-sni-session-ticket-server-extra] +ServerNameCallback = IgnoreMismatch + +[5-sni-session-ticket-client-extra] +ServerName = server1 + + +# =========================================================== + +[6-sni-session-ticket] +ssl_conf = 6-sni-session-ticket-ssl + +[6-sni-session-ticket-ssl] +server = 6-sni-session-ticket-server +client = 6-sni-session-ticket-client +server2 = 6-sni-session-ticket-server2 + +[6-sni-session-ticket-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +Options = -SessionTicket +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[6-sni-session-ticket-server2] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +Options = SessionTicket +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[6-sni-session-ticket-client] +CipherString = DEFAULT +Options = SessionTicket +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-6] +ExpectedResult = Success +ExpectedServerName = server2 +SessionTicketExpected = No +server = 6-sni-session-ticket-server-extra +client = 6-sni-session-ticket-client-extra + +[6-sni-session-ticket-server-extra] +ServerNameCallback = IgnoreMismatch + +[6-sni-session-ticket-client-extra] +ServerName = server2 + + +# =========================================================== + +[7-sni-session-ticket] +ssl_conf = 7-sni-session-ticket-ssl + +[7-sni-session-ticket-ssl] +server = 7-sni-session-ticket-server +client = 7-sni-session-ticket-client +server2 = 7-sni-session-ticket-server2 + +[7-sni-session-ticket-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +Options = -SessionTicket +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[7-sni-session-ticket-server2] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +Options = -SessionTicket +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[7-sni-session-ticket-client] +CipherString = DEFAULT +Options = SessionTicket +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-7] +ExpectedResult = Success +ExpectedServerName = server1 +SessionTicketExpected = No +server = 7-sni-session-ticket-server-extra +client = 7-sni-session-ticket-client-extra + +[7-sni-session-ticket-server-extra] +ServerNameCallback = IgnoreMismatch + +[7-sni-session-ticket-client-extra] +ServerName = server1 + + +# =========================================================== + +[8-sni-session-ticket] +ssl_conf = 8-sni-session-ticket-ssl + +[8-sni-session-ticket-ssl] +server = 8-sni-session-ticket-server +client = 8-sni-session-ticket-client +server2 = 8-sni-session-ticket-server2 + +[8-sni-session-ticket-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +Options = -SessionTicket +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[8-sni-session-ticket-server2] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +Options = -SessionTicket +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[8-sni-session-ticket-client] +CipherString = DEFAULT +Options = SessionTicket +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-8] +ExpectedResult = Success +ExpectedServerName = server2 +SessionTicketExpected = No +server = 8-sni-session-ticket-server-extra +client = 8-sni-session-ticket-client-extra + +[8-sni-session-ticket-server-extra] +ServerNameCallback = IgnoreMismatch + +[8-sni-session-ticket-client-extra] +ServerName = server2 + + +# =========================================================== + +[9-sni-session-ticket] +ssl_conf = 9-sni-session-ticket-ssl + +[9-sni-session-ticket-ssl] +server = 9-sni-session-ticket-server +client = 9-sni-session-ticket-client +server2 = 9-sni-session-ticket-server2 + +[9-sni-session-ticket-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +Options = SessionTicket +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[9-sni-session-ticket-server2] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +Options = SessionTicket +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[9-sni-session-ticket-client] +CipherString = DEFAULT +Options = -SessionTicket +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-9] +ExpectedResult = Success +ExpectedServerName = server1 +SessionTicketExpected = No +server = 9-sni-session-ticket-server-extra +client = 9-sni-session-ticket-client-extra + +[9-sni-session-ticket-server-extra] +ServerNameCallback = IgnoreMismatch + +[9-sni-session-ticket-client-extra] +ServerName = server1 + + +# =========================================================== + +[10-sni-session-ticket] +ssl_conf = 10-sni-session-ticket-ssl + +[10-sni-session-ticket-ssl] +server = 10-sni-session-ticket-server +client = 10-sni-session-ticket-client +server2 = 10-sni-session-ticket-server2 + +[10-sni-session-ticket-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +Options = SessionTicket +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[10-sni-session-ticket-server2] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +Options = SessionTicket +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[10-sni-session-ticket-client] +CipherString = DEFAULT +Options = -SessionTicket +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-10] +ExpectedResult = Success +ExpectedServerName = server2 +SessionTicketExpected = No +server = 10-sni-session-ticket-server-extra +client = 10-sni-session-ticket-client-extra + +[10-sni-session-ticket-server-extra] +ServerNameCallback = IgnoreMismatch + +[10-sni-session-ticket-client-extra] +ServerName = server2 + + +# =========================================================== + +[11-sni-session-ticket] +ssl_conf = 11-sni-session-ticket-ssl + +[11-sni-session-ticket-ssl] +server = 11-sni-session-ticket-server +client = 11-sni-session-ticket-client +server2 = 11-sni-session-ticket-server2 + +[11-sni-session-ticket-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +Options = SessionTicket +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[11-sni-session-ticket-server2] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +Options = -SessionTicket +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[11-sni-session-ticket-client] +CipherString = DEFAULT +Options = -SessionTicket +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-11] +ExpectedResult = Success +ExpectedServerName = server1 +SessionTicketExpected = No +server = 11-sni-session-ticket-server-extra +client = 11-sni-session-ticket-client-extra + +[11-sni-session-ticket-server-extra] +ServerNameCallback = IgnoreMismatch + +[11-sni-session-ticket-client-extra] +ServerName = server1 + + +# =========================================================== + +[12-sni-session-ticket] +ssl_conf = 12-sni-session-ticket-ssl + +[12-sni-session-ticket-ssl] +server = 12-sni-session-ticket-server +client = 12-sni-session-ticket-client +server2 = 12-sni-session-ticket-server2 + +[12-sni-session-ticket-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +Options = SessionTicket +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[12-sni-session-ticket-server2] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +Options = -SessionTicket +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[12-sni-session-ticket-client] +CipherString = DEFAULT +Options = -SessionTicket +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-12] +ExpectedResult = Success +ExpectedServerName = server2 +SessionTicketExpected = No +server = 12-sni-session-ticket-server-extra +client = 12-sni-session-ticket-client-extra + +[12-sni-session-ticket-server-extra] +ServerNameCallback = IgnoreMismatch + +[12-sni-session-ticket-client-extra] +ServerName = server2 + + +# =========================================================== + +[13-sni-session-ticket] +ssl_conf = 13-sni-session-ticket-ssl + +[13-sni-session-ticket-ssl] +server = 13-sni-session-ticket-server +client = 13-sni-session-ticket-client +server2 = 13-sni-session-ticket-server2 + +[13-sni-session-ticket-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +Options = -SessionTicket +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[13-sni-session-ticket-server2] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +Options = SessionTicket +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[13-sni-session-ticket-client] +CipherString = DEFAULT +Options = -SessionTicket +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-13] +ExpectedResult = Success +ExpectedServerName = server1 +SessionTicketExpected = No +server = 13-sni-session-ticket-server-extra +client = 13-sni-session-ticket-client-extra + +[13-sni-session-ticket-server-extra] +ServerNameCallback = IgnoreMismatch + +[13-sni-session-ticket-client-extra] +ServerName = server1 + + +# =========================================================== + +[14-sni-session-ticket] +ssl_conf = 14-sni-session-ticket-ssl + +[14-sni-session-ticket-ssl] +server = 14-sni-session-ticket-server +client = 14-sni-session-ticket-client +server2 = 14-sni-session-ticket-server2 + +[14-sni-session-ticket-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +Options = -SessionTicket +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[14-sni-session-ticket-server2] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +Options = SessionTicket +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[14-sni-session-ticket-client] +CipherString = DEFAULT +Options = -SessionTicket +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-14] +ExpectedResult = Success +ExpectedServerName = server2 +SessionTicketExpected = No +server = 14-sni-session-ticket-server-extra +client = 14-sni-session-ticket-client-extra + +[14-sni-session-ticket-server-extra] +ServerNameCallback = IgnoreMismatch + +[14-sni-session-ticket-client-extra] +ServerName = server2 + + +# =========================================================== + +[15-sni-session-ticket] +ssl_conf = 15-sni-session-ticket-ssl + +[15-sni-session-ticket-ssl] +server = 15-sni-session-ticket-server +client = 15-sni-session-ticket-client +server2 = 15-sni-session-ticket-server2 + +[15-sni-session-ticket-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +Options = -SessionTicket +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[15-sni-session-ticket-server2] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +Options = -SessionTicket +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[15-sni-session-ticket-client] +CipherString = DEFAULT +Options = -SessionTicket +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-15] +ExpectedResult = Success +ExpectedServerName = server1 +SessionTicketExpected = No +server = 15-sni-session-ticket-server-extra +client = 15-sni-session-ticket-client-extra + +[15-sni-session-ticket-server-extra] +ServerNameCallback = IgnoreMismatch + +[15-sni-session-ticket-client-extra] +ServerName = server1 + + +# =========================================================== + +[16-sni-session-ticket] +ssl_conf = 16-sni-session-ticket-ssl + +[16-sni-session-ticket-ssl] +server = 16-sni-session-ticket-server +client = 16-sni-session-ticket-client +server2 = 16-sni-session-ticket-server2 + +[16-sni-session-ticket-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +Options = -SessionTicket +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[16-sni-session-ticket-server2] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +Options = -SessionTicket +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[16-sni-session-ticket-client] +CipherString = DEFAULT +Options = -SessionTicket +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-16] +ExpectedResult = Success +ExpectedServerName = server2 +SessionTicketExpected = No +server = 16-sni-session-ticket-server-extra +client = 16-sni-session-ticket-client-extra + +[16-sni-session-ticket-server-extra] +ServerNameCallback = IgnoreMismatch + +[16-sni-session-ticket-client-extra] +ServerName = server2 + + diff --git a/openssl-1.1.0h/test/ssl-tests/06-sni-ticket.conf.in b/openssl-1.1.0h/test/ssl-tests/06-sni-ticket.conf.in new file mode 100644 index 0000000..ea92b62 --- /dev/null +++ b/openssl-1.1.0h/test/ssl-tests/06-sni-ticket.conf.in @@ -0,0 +1,95 @@ +# -*- mode: perl; -*- +# Copyright 2016-2016 The OpenSSL Project Authors. All Rights Reserved. +# +# Licensed under the OpenSSL license (the "License"). You may not use +# this file except in compliance with the License. You can obtain a copy +# in the file LICENSE in the source distribution or at +# https://www.openssl.org/source/license.html + + +## Test Session ticket + +use strict; +use warnings; + +package ssltests; + + +our @tests = (); + +sub generate_tests() { + foreach my $c ("SessionTicket", "-SessionTicket") { + foreach my $s1 ("SessionTicket", "-SessionTicket") { + foreach my $s2 ("SessionTicket", "-SessionTicket") { + foreach my $n ("server1", "server2") { + my $result = expected_result($c, $s1, $s2, $n); + push @tests, { + "name" => "sni-session-ticket", + "client" => { + "Options" => $c, + "extra" => { + "ServerName" => $n, + }, + }, + "server" => { + "Options" => $s1, + "extra" => { + # We don't test mismatch here. + "ServerNameCallback" => "IgnoreMismatch", + }, + }, + "server2" => { + "Options" => $s2, + }, + "test" => { + "ExpectedServerName" => $n, + "ExpectedResult" => "Success", + "SessionTicketExpected" => $result, + } + }; + } + } + } + } +} + +# If the client has session tickets disabled, then No support +# If the server initial_ctx has session tickets disabled, then No support +# If SNI is in use, then if the "switched-to" context has session tickets disabled, +# then No support +sub expected_result { + my ($c, $s1, $s2, $n) = @_; + + return "No" if $c eq "-SessionTicket"; + return "No" if $s1 eq "-SessionTicket"; + return "No" if ($s2 eq "-SessionTicket" && $n eq "server2"); + + return "Yes"; + +} + +# Add a "Broken" case. +push @tests, { + "name" => "sni-session-ticket", + "client" => { + "Options" => "SessionTicket", + "extra" => { + "ServerName" => "server1", + } + }, + "server" => { + "Options" => "SessionTicket", + "extra" => { + "BrokenSessionTicket" => "Yes", + }, + }, + "server2" => { + "Options" => "SessionTicket", + }, + "test" => { + "ExpectedResult" => "Success", + "SessionTicketExpected" => "No", + } +}; + +generate_tests(); diff --git a/openssl-1.1.0h/test/ssl-tests/07-dtls-protocol-version.conf b/openssl-1.1.0h/test/ssl-tests/07-dtls-protocol-version.conf new file mode 100644 index 0000000..3304a3b --- /dev/null +++ b/openssl-1.1.0h/test/ssl-tests/07-dtls-protocol-version.conf @@ -0,0 +1,1820 @@ +# Generated with generate_ssl_tests.pl + +num_tests = 64 + +test-0 = 0-version-negotiation +test-1 = 1-version-negotiation +test-2 = 2-version-negotiation +test-3 = 3-version-negotiation +test-4 = 4-version-negotiation +test-5 = 5-version-negotiation +test-6 = 6-version-negotiation +test-7 = 7-version-negotiation +test-8 = 8-version-negotiation +test-9 = 9-version-negotiation +test-10 = 10-version-negotiation +test-11 = 11-version-negotiation +test-12 = 12-version-negotiation +test-13 = 13-version-negotiation +test-14 = 14-version-negotiation +test-15 = 15-version-negotiation +test-16 = 16-version-negotiation +test-17 = 17-version-negotiation +test-18 = 18-version-negotiation +test-19 = 19-version-negotiation +test-20 = 20-version-negotiation +test-21 = 21-version-negotiation +test-22 = 22-version-negotiation +test-23 = 23-version-negotiation +test-24 = 24-version-negotiation +test-25 = 25-version-negotiation +test-26 = 26-version-negotiation +test-27 = 27-version-negotiation +test-28 = 28-version-negotiation +test-29 = 29-version-negotiation +test-30 = 30-version-negotiation +test-31 = 31-version-negotiation +test-32 = 32-version-negotiation +test-33 = 33-version-negotiation +test-34 = 34-version-negotiation +test-35 = 35-version-negotiation +test-36 = 36-version-negotiation +test-37 = 37-version-negotiation +test-38 = 38-version-negotiation +test-39 = 39-version-negotiation +test-40 = 40-version-negotiation +test-41 = 41-version-negotiation +test-42 = 42-version-negotiation +test-43 = 43-version-negotiation +test-44 = 44-version-negotiation +test-45 = 45-version-negotiation +test-46 = 46-version-negotiation +test-47 = 47-version-negotiation +test-48 = 48-version-negotiation +test-49 = 49-version-negotiation +test-50 = 50-version-negotiation +test-51 = 51-version-negotiation +test-52 = 52-version-negotiation +test-53 = 53-version-negotiation +test-54 = 54-version-negotiation +test-55 = 55-version-negotiation +test-56 = 56-version-negotiation +test-57 = 57-version-negotiation +test-58 = 58-version-negotiation +test-59 = 59-version-negotiation +test-60 = 60-version-negotiation +test-61 = 61-version-negotiation +test-62 = 62-version-negotiation +test-63 = 63-version-negotiation +# =========================================================== + +[0-version-negotiation] +ssl_conf = 0-version-negotiation-ssl + +[0-version-negotiation-ssl] +server = 0-version-negotiation-server +client = 0-version-negotiation-client + +[0-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = DTLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[0-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = DTLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-0] +ExpectedProtocol = DTLSv1 +ExpectedResult = Success +Method = DTLS + + +# =========================================================== + +[1-version-negotiation] +ssl_conf = 1-version-negotiation-ssl + +[1-version-negotiation-ssl] +server = 1-version-negotiation-server +client = 1-version-negotiation-client + +[1-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = DTLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[1-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = DTLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-1] +ExpectedProtocol = DTLSv1 +ExpectedResult = Success +Method = DTLS + + +# =========================================================== + +[2-version-negotiation] +ssl_conf = 2-version-negotiation-ssl + +[2-version-negotiation-ssl] +server = 2-version-negotiation-server +client = 2-version-negotiation-client + +[2-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[2-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = DTLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-2] +ExpectedProtocol = DTLSv1 +ExpectedResult = Success +Method = DTLS + + +# =========================================================== + +[3-version-negotiation] +ssl_conf = 3-version-negotiation-ssl + +[3-version-negotiation-ssl] +server = 3-version-negotiation-server +client = 3-version-negotiation-client + +[3-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = DTLSv1 +MinProtocol = DTLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[3-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = DTLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-3] +ExpectedProtocol = DTLSv1 +ExpectedResult = Success +Method = DTLS + + +# =========================================================== + +[4-version-negotiation] +ssl_conf = 4-version-negotiation-ssl + +[4-version-negotiation-ssl] +server = 4-version-negotiation-server +client = 4-version-negotiation-client + +[4-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = DTLSv1.2 +MinProtocol = DTLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[4-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = DTLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-4] +ExpectedProtocol = DTLSv1 +ExpectedResult = Success +Method = DTLS + + +# =========================================================== + +[5-version-negotiation] +ssl_conf = 5-version-negotiation-ssl + +[5-version-negotiation-ssl] +server = 5-version-negotiation-server +client = 5-version-negotiation-client + +[5-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MinProtocol = DTLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[5-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = DTLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-5] +ExpectedProtocol = DTLSv1 +ExpectedResult = Success +Method = DTLS + + +# =========================================================== + +[6-version-negotiation] +ssl_conf = 6-version-negotiation-ssl + +[6-version-negotiation-ssl] +server = 6-version-negotiation-server +client = 6-version-negotiation-client + +[6-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = DTLSv1.2 +MinProtocol = DTLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[6-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = DTLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-6] +ExpectedResult = ServerFail +Method = DTLS + + +# =========================================================== + +[7-version-negotiation] +ssl_conf = 7-version-negotiation-ssl + +[7-version-negotiation-ssl] +server = 7-version-negotiation-server +client = 7-version-negotiation-client + +[7-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MinProtocol = DTLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[7-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = DTLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-7] +ExpectedResult = ServerFail +Method = DTLS + + +# =========================================================== + +[8-version-negotiation] +ssl_conf = 8-version-negotiation-ssl + +[8-version-negotiation-ssl] +server = 8-version-negotiation-server +client = 8-version-negotiation-client + +[8-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = DTLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[8-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = DTLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-8] +ExpectedProtocol = DTLSv1 +ExpectedResult = Success +Method = DTLS + + +# =========================================================== + +[9-version-negotiation] +ssl_conf = 9-version-negotiation-ssl + +[9-version-negotiation-ssl] +server = 9-version-negotiation-server +client = 9-version-negotiation-client + +[9-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = DTLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[9-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = DTLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-9] +ExpectedProtocol = DTLSv1.2 +ExpectedResult = Success +Method = DTLS + + +# =========================================================== + +[10-version-negotiation] +ssl_conf = 10-version-negotiation-ssl + +[10-version-negotiation-ssl] +server = 10-version-negotiation-server +client = 10-version-negotiation-client + +[10-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[10-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = DTLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-10] +ExpectedProtocol = DTLSv1.2 +ExpectedResult = Success +Method = DTLS + + +# =========================================================== + +[11-version-negotiation] +ssl_conf = 11-version-negotiation-ssl + +[11-version-negotiation-ssl] +server = 11-version-negotiation-server +client = 11-version-negotiation-client + +[11-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = DTLSv1 +MinProtocol = DTLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[11-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = DTLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-11] +ExpectedProtocol = DTLSv1 +ExpectedResult = Success +Method = DTLS + + +# =========================================================== + +[12-version-negotiation] +ssl_conf = 12-version-negotiation-ssl + +[12-version-negotiation-ssl] +server = 12-version-negotiation-server +client = 12-version-negotiation-client + +[12-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = DTLSv1.2 +MinProtocol = DTLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[12-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = DTLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-12] +ExpectedProtocol = DTLSv1.2 +ExpectedResult = Success +Method = DTLS + + +# =========================================================== + +[13-version-negotiation] +ssl_conf = 13-version-negotiation-ssl + +[13-version-negotiation-ssl] +server = 13-version-negotiation-server +client = 13-version-negotiation-client + +[13-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MinProtocol = DTLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[13-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = DTLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-13] +ExpectedProtocol = DTLSv1.2 +ExpectedResult = Success +Method = DTLS + + +# =========================================================== + +[14-version-negotiation] +ssl_conf = 14-version-negotiation-ssl + +[14-version-negotiation-ssl] +server = 14-version-negotiation-server +client = 14-version-negotiation-client + +[14-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = DTLSv1.2 +MinProtocol = DTLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[14-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = DTLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-14] +ExpectedProtocol = DTLSv1.2 +ExpectedResult = Success +Method = DTLS + + +# =========================================================== + +[15-version-negotiation] +ssl_conf = 15-version-negotiation-ssl + +[15-version-negotiation-ssl] +server = 15-version-negotiation-server +client = 15-version-negotiation-client + +[15-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MinProtocol = DTLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[15-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = DTLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-15] +ExpectedProtocol = DTLSv1.2 +ExpectedResult = Success +Method = DTLS + + +# =========================================================== + +[16-version-negotiation] +ssl_conf = 16-version-negotiation-ssl + +[16-version-negotiation-ssl] +server = 16-version-negotiation-server +client = 16-version-negotiation-client + +[16-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = DTLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[16-version-negotiation-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-16] +ExpectedProtocol = DTLSv1 +ExpectedResult = Success +Method = DTLS + + +# =========================================================== + +[17-version-negotiation] +ssl_conf = 17-version-negotiation-ssl + +[17-version-negotiation-ssl] +server = 17-version-negotiation-server +client = 17-version-negotiation-client + +[17-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = DTLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[17-version-negotiation-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-17] +ExpectedProtocol = DTLSv1.2 +ExpectedResult = Success +Method = DTLS + + +# =========================================================== + +[18-version-negotiation] +ssl_conf = 18-version-negotiation-ssl + +[18-version-negotiation-ssl] +server = 18-version-negotiation-server +client = 18-version-negotiation-client + +[18-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[18-version-negotiation-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-18] +ExpectedProtocol = DTLSv1.2 +ExpectedResult = Success +Method = DTLS + + +# =========================================================== + +[19-version-negotiation] +ssl_conf = 19-version-negotiation-ssl + +[19-version-negotiation-ssl] +server = 19-version-negotiation-server +client = 19-version-negotiation-client + +[19-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = DTLSv1 +MinProtocol = DTLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[19-version-negotiation-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-19] +ExpectedProtocol = DTLSv1 +ExpectedResult = Success +Method = DTLS + + +# =========================================================== + +[20-version-negotiation] +ssl_conf = 20-version-negotiation-ssl + +[20-version-negotiation-ssl] +server = 20-version-negotiation-server +client = 20-version-negotiation-client + +[20-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = DTLSv1.2 +MinProtocol = DTLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[20-version-negotiation-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-20] +ExpectedProtocol = DTLSv1.2 +ExpectedResult = Success +Method = DTLS + + +# =========================================================== + +[21-version-negotiation] +ssl_conf = 21-version-negotiation-ssl + +[21-version-negotiation-ssl] +server = 21-version-negotiation-server +client = 21-version-negotiation-client + +[21-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MinProtocol = DTLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[21-version-negotiation-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-21] +ExpectedProtocol = DTLSv1.2 +ExpectedResult = Success +Method = DTLS + + +# =========================================================== + +[22-version-negotiation] +ssl_conf = 22-version-negotiation-ssl + +[22-version-negotiation-ssl] +server = 22-version-negotiation-server +client = 22-version-negotiation-client + +[22-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = DTLSv1.2 +MinProtocol = DTLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[22-version-negotiation-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-22] +ExpectedProtocol = DTLSv1.2 +ExpectedResult = Success +Method = DTLS + + +# =========================================================== + +[23-version-negotiation] +ssl_conf = 23-version-negotiation-ssl + +[23-version-negotiation-ssl] +server = 23-version-negotiation-server +client = 23-version-negotiation-client + +[23-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MinProtocol = DTLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[23-version-negotiation-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-23] +ExpectedProtocol = DTLSv1.2 +ExpectedResult = Success +Method = DTLS + + +# =========================================================== + +[24-version-negotiation] +ssl_conf = 24-version-negotiation-ssl + +[24-version-negotiation-ssl] +server = 24-version-negotiation-server +client = 24-version-negotiation-client + +[24-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = DTLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[24-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = DTLSv1 +MinProtocol = DTLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-24] +ExpectedProtocol = DTLSv1 +ExpectedResult = Success +Method = DTLS + + +# =========================================================== + +[25-version-negotiation] +ssl_conf = 25-version-negotiation-ssl + +[25-version-negotiation-ssl] +server = 25-version-negotiation-server +client = 25-version-negotiation-client + +[25-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = DTLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[25-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = DTLSv1 +MinProtocol = DTLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-25] +ExpectedProtocol = DTLSv1 +ExpectedResult = Success +Method = DTLS + + +# =========================================================== + +[26-version-negotiation] +ssl_conf = 26-version-negotiation-ssl + +[26-version-negotiation-ssl] +server = 26-version-negotiation-server +client = 26-version-negotiation-client + +[26-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[26-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = DTLSv1 +MinProtocol = DTLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-26] +ExpectedProtocol = DTLSv1 +ExpectedResult = Success +Method = DTLS + + +# =========================================================== + +[27-version-negotiation] +ssl_conf = 27-version-negotiation-ssl + +[27-version-negotiation-ssl] +server = 27-version-negotiation-server +client = 27-version-negotiation-client + +[27-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = DTLSv1 +MinProtocol = DTLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[27-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = DTLSv1 +MinProtocol = DTLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-27] +ExpectedProtocol = DTLSv1 +ExpectedResult = Success +Method = DTLS + + +# =========================================================== + +[28-version-negotiation] +ssl_conf = 28-version-negotiation-ssl + +[28-version-negotiation-ssl] +server = 28-version-negotiation-server +client = 28-version-negotiation-client + +[28-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = DTLSv1.2 +MinProtocol = DTLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[28-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = DTLSv1 +MinProtocol = DTLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-28] +ExpectedProtocol = DTLSv1 +ExpectedResult = Success +Method = DTLS + + +# =========================================================== + +[29-version-negotiation] +ssl_conf = 29-version-negotiation-ssl + +[29-version-negotiation-ssl] +server = 29-version-negotiation-server +client = 29-version-negotiation-client + +[29-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MinProtocol = DTLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[29-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = DTLSv1 +MinProtocol = DTLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-29] +ExpectedProtocol = DTLSv1 +ExpectedResult = Success +Method = DTLS + + +# =========================================================== + +[30-version-negotiation] +ssl_conf = 30-version-negotiation-ssl + +[30-version-negotiation-ssl] +server = 30-version-negotiation-server +client = 30-version-negotiation-client + +[30-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = DTLSv1.2 +MinProtocol = DTLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[30-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = DTLSv1 +MinProtocol = DTLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-30] +ExpectedResult = ServerFail +Method = DTLS + + +# =========================================================== + +[31-version-negotiation] +ssl_conf = 31-version-negotiation-ssl + +[31-version-negotiation-ssl] +server = 31-version-negotiation-server +client = 31-version-negotiation-client + +[31-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MinProtocol = DTLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[31-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = DTLSv1 +MinProtocol = DTLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-31] +ExpectedResult = ServerFail +Method = DTLS + + +# =========================================================== + +[32-version-negotiation] +ssl_conf = 32-version-negotiation-ssl + +[32-version-negotiation-ssl] +server = 32-version-negotiation-server +client = 32-version-negotiation-client + +[32-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = DTLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[32-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = DTLSv1.2 +MinProtocol = DTLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-32] +ExpectedProtocol = DTLSv1 +ExpectedResult = Success +Method = DTLS + + +# =========================================================== + +[33-version-negotiation] +ssl_conf = 33-version-negotiation-ssl + +[33-version-negotiation-ssl] +server = 33-version-negotiation-server +client = 33-version-negotiation-client + +[33-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = DTLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[33-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = DTLSv1.2 +MinProtocol = DTLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-33] +ExpectedProtocol = DTLSv1.2 +ExpectedResult = Success +Method = DTLS + + +# =========================================================== + +[34-version-negotiation] +ssl_conf = 34-version-negotiation-ssl + +[34-version-negotiation-ssl] +server = 34-version-negotiation-server +client = 34-version-negotiation-client + +[34-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[34-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = DTLSv1.2 +MinProtocol = DTLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-34] +ExpectedProtocol = DTLSv1.2 +ExpectedResult = Success +Method = DTLS + + +# =========================================================== + +[35-version-negotiation] +ssl_conf = 35-version-negotiation-ssl + +[35-version-negotiation-ssl] +server = 35-version-negotiation-server +client = 35-version-negotiation-client + +[35-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = DTLSv1 +MinProtocol = DTLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[35-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = DTLSv1.2 +MinProtocol = DTLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-35] +ExpectedProtocol = DTLSv1 +ExpectedResult = Success +Method = DTLS + + +# =========================================================== + +[36-version-negotiation] +ssl_conf = 36-version-negotiation-ssl + +[36-version-negotiation-ssl] +server = 36-version-negotiation-server +client = 36-version-negotiation-client + +[36-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = DTLSv1.2 +MinProtocol = DTLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[36-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = DTLSv1.2 +MinProtocol = DTLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-36] +ExpectedProtocol = DTLSv1.2 +ExpectedResult = Success +Method = DTLS + + +# =========================================================== + +[37-version-negotiation] +ssl_conf = 37-version-negotiation-ssl + +[37-version-negotiation-ssl] +server = 37-version-negotiation-server +client = 37-version-negotiation-client + +[37-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MinProtocol = DTLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[37-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = DTLSv1.2 +MinProtocol = DTLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-37] +ExpectedProtocol = DTLSv1.2 +ExpectedResult = Success +Method = DTLS + + +# =========================================================== + +[38-version-negotiation] +ssl_conf = 38-version-negotiation-ssl + +[38-version-negotiation-ssl] +server = 38-version-negotiation-server +client = 38-version-negotiation-client + +[38-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = DTLSv1.2 +MinProtocol = DTLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[38-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = DTLSv1.2 +MinProtocol = DTLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-38] +ExpectedProtocol = DTLSv1.2 +ExpectedResult = Success +Method = DTLS + + +# =========================================================== + +[39-version-negotiation] +ssl_conf = 39-version-negotiation-ssl + +[39-version-negotiation-ssl] +server = 39-version-negotiation-server +client = 39-version-negotiation-client + +[39-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MinProtocol = DTLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[39-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = DTLSv1.2 +MinProtocol = DTLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-39] +ExpectedProtocol = DTLSv1.2 +ExpectedResult = Success +Method = DTLS + + +# =========================================================== + +[40-version-negotiation] +ssl_conf = 40-version-negotiation-ssl + +[40-version-negotiation-ssl] +server = 40-version-negotiation-server +client = 40-version-negotiation-client + +[40-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = DTLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[40-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = DTLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-40] +ExpectedProtocol = DTLSv1 +ExpectedResult = Success +Method = DTLS + + +# =========================================================== + +[41-version-negotiation] +ssl_conf = 41-version-negotiation-ssl + +[41-version-negotiation-ssl] +server = 41-version-negotiation-server +client = 41-version-negotiation-client + +[41-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = DTLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[41-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = DTLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-41] +ExpectedProtocol = DTLSv1.2 +ExpectedResult = Success +Method = DTLS + + +# =========================================================== + +[42-version-negotiation] +ssl_conf = 42-version-negotiation-ssl + +[42-version-negotiation-ssl] +server = 42-version-negotiation-server +client = 42-version-negotiation-client + +[42-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[42-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = DTLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-42] +ExpectedProtocol = DTLSv1.2 +ExpectedResult = Success +Method = DTLS + + +# =========================================================== + +[43-version-negotiation] +ssl_conf = 43-version-negotiation-ssl + +[43-version-negotiation-ssl] +server = 43-version-negotiation-server +client = 43-version-negotiation-client + +[43-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = DTLSv1 +MinProtocol = DTLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[43-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = DTLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-43] +ExpectedProtocol = DTLSv1 +ExpectedResult = Success +Method = DTLS + + +# =========================================================== + +[44-version-negotiation] +ssl_conf = 44-version-negotiation-ssl + +[44-version-negotiation-ssl] +server = 44-version-negotiation-server +client = 44-version-negotiation-client + +[44-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = DTLSv1.2 +MinProtocol = DTLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[44-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = DTLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-44] +ExpectedProtocol = DTLSv1.2 +ExpectedResult = Success +Method = DTLS + + +# =========================================================== + +[45-version-negotiation] +ssl_conf = 45-version-negotiation-ssl + +[45-version-negotiation-ssl] +server = 45-version-negotiation-server +client = 45-version-negotiation-client + +[45-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MinProtocol = DTLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[45-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = DTLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-45] +ExpectedProtocol = DTLSv1.2 +ExpectedResult = Success +Method = DTLS + + +# =========================================================== + +[46-version-negotiation] +ssl_conf = 46-version-negotiation-ssl + +[46-version-negotiation-ssl] +server = 46-version-negotiation-server +client = 46-version-negotiation-client + +[46-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = DTLSv1.2 +MinProtocol = DTLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[46-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = DTLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-46] +ExpectedProtocol = DTLSv1.2 +ExpectedResult = Success +Method = DTLS + + +# =========================================================== + +[47-version-negotiation] +ssl_conf = 47-version-negotiation-ssl + +[47-version-negotiation-ssl] +server = 47-version-negotiation-server +client = 47-version-negotiation-client + +[47-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MinProtocol = DTLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[47-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = DTLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-47] +ExpectedProtocol = DTLSv1.2 +ExpectedResult = Success +Method = DTLS + + +# =========================================================== + +[48-version-negotiation] +ssl_conf = 48-version-negotiation-ssl + +[48-version-negotiation-ssl] +server = 48-version-negotiation-server +client = 48-version-negotiation-client + +[48-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = DTLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[48-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = DTLSv1.2 +MinProtocol = DTLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-48] +ExpectedResult = ClientFail +Method = DTLS + + +# =========================================================== + +[49-version-negotiation] +ssl_conf = 49-version-negotiation-ssl + +[49-version-negotiation-ssl] +server = 49-version-negotiation-server +client = 49-version-negotiation-client + +[49-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = DTLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[49-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = DTLSv1.2 +MinProtocol = DTLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-49] +ExpectedProtocol = DTLSv1.2 +ExpectedResult = Success +Method = DTLS + + +# =========================================================== + +[50-version-negotiation] +ssl_conf = 50-version-negotiation-ssl + +[50-version-negotiation-ssl] +server = 50-version-negotiation-server +client = 50-version-negotiation-client + +[50-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[50-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = DTLSv1.2 +MinProtocol = DTLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-50] +ExpectedProtocol = DTLSv1.2 +ExpectedResult = Success +Method = DTLS + + +# =========================================================== + +[51-version-negotiation] +ssl_conf = 51-version-negotiation-ssl + +[51-version-negotiation-ssl] +server = 51-version-negotiation-server +client = 51-version-negotiation-client + +[51-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = DTLSv1 +MinProtocol = DTLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[51-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = DTLSv1.2 +MinProtocol = DTLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-51] +ExpectedResult = ClientFail +Method = DTLS + + +# =========================================================== + +[52-version-negotiation] +ssl_conf = 52-version-negotiation-ssl + +[52-version-negotiation-ssl] +server = 52-version-negotiation-server +client = 52-version-negotiation-client + +[52-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = DTLSv1.2 +MinProtocol = DTLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[52-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = DTLSv1.2 +MinProtocol = DTLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-52] +ExpectedProtocol = DTLSv1.2 +ExpectedResult = Success +Method = DTLS + + +# =========================================================== + +[53-version-negotiation] +ssl_conf = 53-version-negotiation-ssl + +[53-version-negotiation-ssl] +server = 53-version-negotiation-server +client = 53-version-negotiation-client + +[53-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MinProtocol = DTLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[53-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = DTLSv1.2 +MinProtocol = DTLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-53] +ExpectedProtocol = DTLSv1.2 +ExpectedResult = Success +Method = DTLS + + +# =========================================================== + +[54-version-negotiation] +ssl_conf = 54-version-negotiation-ssl + +[54-version-negotiation-ssl] +server = 54-version-negotiation-server +client = 54-version-negotiation-client + +[54-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = DTLSv1.2 +MinProtocol = DTLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[54-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = DTLSv1.2 +MinProtocol = DTLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-54] +ExpectedProtocol = DTLSv1.2 +ExpectedResult = Success +Method = DTLS + + +# =========================================================== + +[55-version-negotiation] +ssl_conf = 55-version-negotiation-ssl + +[55-version-negotiation-ssl] +server = 55-version-negotiation-server +client = 55-version-negotiation-client + +[55-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MinProtocol = DTLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[55-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = DTLSv1.2 +MinProtocol = DTLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-55] +ExpectedProtocol = DTLSv1.2 +ExpectedResult = Success +Method = DTLS + + +# =========================================================== + +[56-version-negotiation] +ssl_conf = 56-version-negotiation-ssl + +[56-version-negotiation-ssl] +server = 56-version-negotiation-server +client = 56-version-negotiation-client + +[56-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = DTLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[56-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = DTLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-56] +ExpectedResult = ClientFail +Method = DTLS + + +# =========================================================== + +[57-version-negotiation] +ssl_conf = 57-version-negotiation-ssl + +[57-version-negotiation-ssl] +server = 57-version-negotiation-server +client = 57-version-negotiation-client + +[57-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = DTLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[57-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = DTLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-57] +ExpectedProtocol = DTLSv1.2 +ExpectedResult = Success +Method = DTLS + + +# =========================================================== + +[58-version-negotiation] +ssl_conf = 58-version-negotiation-ssl + +[58-version-negotiation-ssl] +server = 58-version-negotiation-server +client = 58-version-negotiation-client + +[58-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[58-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = DTLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-58] +ExpectedProtocol = DTLSv1.2 +ExpectedResult = Success +Method = DTLS + + +# =========================================================== + +[59-version-negotiation] +ssl_conf = 59-version-negotiation-ssl + +[59-version-negotiation-ssl] +server = 59-version-negotiation-server +client = 59-version-negotiation-client + +[59-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = DTLSv1 +MinProtocol = DTLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[59-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = DTLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-59] +ExpectedResult = ClientFail +Method = DTLS + + +# =========================================================== + +[60-version-negotiation] +ssl_conf = 60-version-negotiation-ssl + +[60-version-negotiation-ssl] +server = 60-version-negotiation-server +client = 60-version-negotiation-client + +[60-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = DTLSv1.2 +MinProtocol = DTLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[60-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = DTLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-60] +ExpectedProtocol = DTLSv1.2 +ExpectedResult = Success +Method = DTLS + + +# =========================================================== + +[61-version-negotiation] +ssl_conf = 61-version-negotiation-ssl + +[61-version-negotiation-ssl] +server = 61-version-negotiation-server +client = 61-version-negotiation-client + +[61-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MinProtocol = DTLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[61-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = DTLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-61] +ExpectedProtocol = DTLSv1.2 +ExpectedResult = Success +Method = DTLS + + +# =========================================================== + +[62-version-negotiation] +ssl_conf = 62-version-negotiation-ssl + +[62-version-negotiation-ssl] +server = 62-version-negotiation-server +client = 62-version-negotiation-client + +[62-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = DTLSv1.2 +MinProtocol = DTLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[62-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = DTLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-62] +ExpectedProtocol = DTLSv1.2 +ExpectedResult = Success +Method = DTLS + + +# =========================================================== + +[63-version-negotiation] +ssl_conf = 63-version-negotiation-ssl + +[63-version-negotiation-ssl] +server = 63-version-negotiation-server +client = 63-version-negotiation-client + +[63-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MinProtocol = DTLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[63-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = DTLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-63] +ExpectedProtocol = DTLSv1.2 +ExpectedResult = Success +Method = DTLS + + diff --git a/openssl-1.1.0h/test/ssl-tests/07-dtls-protocol-version.conf.in b/openssl-1.1.0h/test/ssl-tests/07-dtls-protocol-version.conf.in new file mode 100644 index 0000000..fb3c44a --- /dev/null +++ b/openssl-1.1.0h/test/ssl-tests/07-dtls-protocol-version.conf.in @@ -0,0 +1,19 @@ +# -*- mode: perl; -*- +# Copyright 2016-2016 The OpenSSL Project Authors. All Rights Reserved. +# +# Licensed under the OpenSSL license (the "License"). You may not use +# this file except in compliance with the License. You can obtain a copy +# in the file LICENSE in the source distribution or at +# https://www.openssl.org/source/license.html + + +## Test DTLS version negotiation + +package ssltests; + +use strict; +use warnings; + +use protocol_version; + +our @tests = generate_version_tests("DTLS"); diff --git a/openssl-1.1.0h/test/ssl-tests/08-npn.conf b/openssl-1.1.0h/test/ssl-tests/08-npn.conf new file mode 100644 index 0000000..9115ef4 --- /dev/null +++ b/openssl-1.1.0h/test/ssl-tests/08-npn.conf @@ -0,0 +1,794 @@ +# Generated with generate_ssl_tests.pl + +num_tests = 20 + +test-0 = 0-npn-simple +test-1 = 1-npn-client-finds-match +test-2 = 2-npn-client-honours-server-pref +test-3 = 3-npn-client-first-pref-on-mismatch +test-4 = 4-npn-no-server-support +test-5 = 5-npn-no-client-support +test-6 = 6-npn-with-sni-no-context-switch +test-7 = 7-npn-with-sni-context-switch +test-8 = 8-npn-selected-sni-server-supports-npn +test-9 = 9-npn-selected-sni-server-does-not-support-npn +test-10 = 10-alpn-preferred-over-npn +test-11 = 11-sni-npn-preferred-over-alpn +test-12 = 12-npn-simple-resumption +test-13 = 13-npn-server-switch-resumption +test-14 = 14-npn-client-switch-resumption +test-15 = 15-npn-client-first-pref-on-mismatch-resumption +test-16 = 16-npn-no-server-support-resumption +test-17 = 17-npn-no-client-support-resumption +test-18 = 18-alpn-preferred-over-npn-resumption +test-19 = 19-npn-used-if-alpn-not-supported-resumption +# =========================================================== + +[0-npn-simple] +ssl_conf = 0-npn-simple-ssl + +[0-npn-simple-ssl] +server = 0-npn-simple-server +client = 0-npn-simple-client + +[0-npn-simple-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[0-npn-simple-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-0] +ExpectedNPNProtocol = foo +server = 0-npn-simple-server-extra +client = 0-npn-simple-client-extra + +[0-npn-simple-server-extra] +NPNProtocols = foo + +[0-npn-simple-client-extra] +NPNProtocols = foo + + +# =========================================================== + +[1-npn-client-finds-match] +ssl_conf = 1-npn-client-finds-match-ssl + +[1-npn-client-finds-match-ssl] +server = 1-npn-client-finds-match-server +client = 1-npn-client-finds-match-client + +[1-npn-client-finds-match-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[1-npn-client-finds-match-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-1] +ExpectedNPNProtocol = bar +server = 1-npn-client-finds-match-server-extra +client = 1-npn-client-finds-match-client-extra + +[1-npn-client-finds-match-server-extra] +NPNProtocols = baz,bar + +[1-npn-client-finds-match-client-extra] +NPNProtocols = foo,bar + + +# =========================================================== + +[2-npn-client-honours-server-pref] +ssl_conf = 2-npn-client-honours-server-pref-ssl + +[2-npn-client-honours-server-pref-ssl] +server = 2-npn-client-honours-server-pref-server +client = 2-npn-client-honours-server-pref-client + +[2-npn-client-honours-server-pref-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[2-npn-client-honours-server-pref-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-2] +ExpectedNPNProtocol = bar +server = 2-npn-client-honours-server-pref-server-extra +client = 2-npn-client-honours-server-pref-client-extra + +[2-npn-client-honours-server-pref-server-extra] +NPNProtocols = bar,foo + +[2-npn-client-honours-server-pref-client-extra] +NPNProtocols = foo,bar + + +# =========================================================== + +[3-npn-client-first-pref-on-mismatch] +ssl_conf = 3-npn-client-first-pref-on-mismatch-ssl + +[3-npn-client-first-pref-on-mismatch-ssl] +server = 3-npn-client-first-pref-on-mismatch-server +client = 3-npn-client-first-pref-on-mismatch-client + +[3-npn-client-first-pref-on-mismatch-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[3-npn-client-first-pref-on-mismatch-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-3] +ExpectedNPNProtocol = foo +server = 3-npn-client-first-pref-on-mismatch-server-extra +client = 3-npn-client-first-pref-on-mismatch-client-extra + +[3-npn-client-first-pref-on-mismatch-server-extra] +NPNProtocols = baz + +[3-npn-client-first-pref-on-mismatch-client-extra] +NPNProtocols = foo,bar + + +# =========================================================== + +[4-npn-no-server-support] +ssl_conf = 4-npn-no-server-support-ssl + +[4-npn-no-server-support-ssl] +server = 4-npn-no-server-support-server +client = 4-npn-no-server-support-client + +[4-npn-no-server-support-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[4-npn-no-server-support-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-4] +client = 4-npn-no-server-support-client-extra + +[4-npn-no-server-support-client-extra] +NPNProtocols = foo + + +# =========================================================== + +[5-npn-no-client-support] +ssl_conf = 5-npn-no-client-support-ssl + +[5-npn-no-client-support-ssl] +server = 5-npn-no-client-support-server +client = 5-npn-no-client-support-client + +[5-npn-no-client-support-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[5-npn-no-client-support-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-5] +server = 5-npn-no-client-support-server-extra + +[5-npn-no-client-support-server-extra] +NPNProtocols = foo + + +# =========================================================== + +[6-npn-with-sni-no-context-switch] +ssl_conf = 6-npn-with-sni-no-context-switch-ssl + +[6-npn-with-sni-no-context-switch-ssl] +server = 6-npn-with-sni-no-context-switch-server +client = 6-npn-with-sni-no-context-switch-client +server2 = 6-npn-with-sni-no-context-switch-server2 + +[6-npn-with-sni-no-context-switch-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[6-npn-with-sni-no-context-switch-server2] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[6-npn-with-sni-no-context-switch-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-6] +ExpectedNPNProtocol = foo +ExpectedServerName = server1 +server = 6-npn-with-sni-no-context-switch-server-extra +server2 = 6-npn-with-sni-no-context-switch-server2-extra +client = 6-npn-with-sni-no-context-switch-client-extra + +[6-npn-with-sni-no-context-switch-server-extra] +NPNProtocols = foo +ServerNameCallback = IgnoreMismatch + +[6-npn-with-sni-no-context-switch-server2-extra] +NPNProtocols = bar + +[6-npn-with-sni-no-context-switch-client-extra] +NPNProtocols = foo,bar +ServerName = server1 + + +# =========================================================== + +[7-npn-with-sni-context-switch] +ssl_conf = 7-npn-with-sni-context-switch-ssl + +[7-npn-with-sni-context-switch-ssl] +server = 7-npn-with-sni-context-switch-server +client = 7-npn-with-sni-context-switch-client +server2 = 7-npn-with-sni-context-switch-server2 + +[7-npn-with-sni-context-switch-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[7-npn-with-sni-context-switch-server2] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[7-npn-with-sni-context-switch-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-7] +ExpectedNPNProtocol = bar +ExpectedServerName = server2 +server = 7-npn-with-sni-context-switch-server-extra +server2 = 7-npn-with-sni-context-switch-server2-extra +client = 7-npn-with-sni-context-switch-client-extra + +[7-npn-with-sni-context-switch-server-extra] +NPNProtocols = foo +ServerNameCallback = IgnoreMismatch + +[7-npn-with-sni-context-switch-server2-extra] +NPNProtocols = bar + +[7-npn-with-sni-context-switch-client-extra] +NPNProtocols = foo,bar +ServerName = server2 + + +# =========================================================== + +[8-npn-selected-sni-server-supports-npn] +ssl_conf = 8-npn-selected-sni-server-supports-npn-ssl + +[8-npn-selected-sni-server-supports-npn-ssl] +server = 8-npn-selected-sni-server-supports-npn-server +client = 8-npn-selected-sni-server-supports-npn-client +server2 = 8-npn-selected-sni-server-supports-npn-server2 + +[8-npn-selected-sni-server-supports-npn-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[8-npn-selected-sni-server-supports-npn-server2] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[8-npn-selected-sni-server-supports-npn-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-8] +ExpectedNPNProtocol = bar +ExpectedServerName = server2 +server = 8-npn-selected-sni-server-supports-npn-server-extra +server2 = 8-npn-selected-sni-server-supports-npn-server2-extra +client = 8-npn-selected-sni-server-supports-npn-client-extra + +[8-npn-selected-sni-server-supports-npn-server-extra] +ServerNameCallback = IgnoreMismatch + +[8-npn-selected-sni-server-supports-npn-server2-extra] +NPNProtocols = bar + +[8-npn-selected-sni-server-supports-npn-client-extra] +NPNProtocols = foo,bar +ServerName = server2 + + +# =========================================================== + +[9-npn-selected-sni-server-does-not-support-npn] +ssl_conf = 9-npn-selected-sni-server-does-not-support-npn-ssl + +[9-npn-selected-sni-server-does-not-support-npn-ssl] +server = 9-npn-selected-sni-server-does-not-support-npn-server +client = 9-npn-selected-sni-server-does-not-support-npn-client +server2 = 9-npn-selected-sni-server-does-not-support-npn-server2 + +[9-npn-selected-sni-server-does-not-support-npn-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[9-npn-selected-sni-server-does-not-support-npn-server2] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[9-npn-selected-sni-server-does-not-support-npn-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-9] +ExpectedServerName = server2 +server = 9-npn-selected-sni-server-does-not-support-npn-server-extra +client = 9-npn-selected-sni-server-does-not-support-npn-client-extra + +[9-npn-selected-sni-server-does-not-support-npn-server-extra] +NPNProtocols = bar +ServerNameCallback = IgnoreMismatch + +[9-npn-selected-sni-server-does-not-support-npn-client-extra] +NPNProtocols = foo,bar +ServerName = server2 + + +# =========================================================== + +[10-alpn-preferred-over-npn] +ssl_conf = 10-alpn-preferred-over-npn-ssl + +[10-alpn-preferred-over-npn-ssl] +server = 10-alpn-preferred-over-npn-server +client = 10-alpn-preferred-over-npn-client + +[10-alpn-preferred-over-npn-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[10-alpn-preferred-over-npn-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-10] +ExpectedALPNProtocol = foo +server = 10-alpn-preferred-over-npn-server-extra +client = 10-alpn-preferred-over-npn-client-extra + +[10-alpn-preferred-over-npn-server-extra] +ALPNProtocols = foo +NPNProtocols = bar + +[10-alpn-preferred-over-npn-client-extra] +ALPNProtocols = foo +NPNProtocols = bar + + +# =========================================================== + +[11-sni-npn-preferred-over-alpn] +ssl_conf = 11-sni-npn-preferred-over-alpn-ssl + +[11-sni-npn-preferred-over-alpn-ssl] +server = 11-sni-npn-preferred-over-alpn-server +client = 11-sni-npn-preferred-over-alpn-client +server2 = 11-sni-npn-preferred-over-alpn-server2 + +[11-sni-npn-preferred-over-alpn-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[11-sni-npn-preferred-over-alpn-server2] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[11-sni-npn-preferred-over-alpn-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-11] +ExpectedNPNProtocol = bar +ExpectedServerName = server2 +server = 11-sni-npn-preferred-over-alpn-server-extra +server2 = 11-sni-npn-preferred-over-alpn-server2-extra +client = 11-sni-npn-preferred-over-alpn-client-extra + +[11-sni-npn-preferred-over-alpn-server-extra] +ALPNProtocols = foo +ServerNameCallback = IgnoreMismatch + +[11-sni-npn-preferred-over-alpn-server2-extra] +NPNProtocols = bar + +[11-sni-npn-preferred-over-alpn-client-extra] +ALPNProtocols = foo +NPNProtocols = bar +ServerName = server2 + + +# =========================================================== + +[12-npn-simple-resumption] +ssl_conf = 12-npn-simple-resumption-ssl + +[12-npn-simple-resumption-ssl] +server = 12-npn-simple-resumption-server +client = 12-npn-simple-resumption-client +resume-server = 12-npn-simple-resumption-server +resume-client = 12-npn-simple-resumption-client + +[12-npn-simple-resumption-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[12-npn-simple-resumption-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-12] +ExpectedNPNProtocol = foo +HandshakeMode = Resume +ResumptionExpected = Yes +server = 12-npn-simple-resumption-server-extra +resume-server = 12-npn-simple-resumption-server-extra +client = 12-npn-simple-resumption-client-extra +resume-client = 12-npn-simple-resumption-client-extra + +[12-npn-simple-resumption-server-extra] +NPNProtocols = foo + +[12-npn-simple-resumption-client-extra] +NPNProtocols = foo + + +# =========================================================== + +[13-npn-server-switch-resumption] +ssl_conf = 13-npn-server-switch-resumption-ssl + +[13-npn-server-switch-resumption-ssl] +server = 13-npn-server-switch-resumption-server +client = 13-npn-server-switch-resumption-client +resume-server = 13-npn-server-switch-resumption-resume-server +resume-client = 13-npn-server-switch-resumption-client + +[13-npn-server-switch-resumption-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[13-npn-server-switch-resumption-resume-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[13-npn-server-switch-resumption-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-13] +ExpectedNPNProtocol = baz +HandshakeMode = Resume +ResumptionExpected = Yes +server = 13-npn-server-switch-resumption-server-extra +resume-server = 13-npn-server-switch-resumption-resume-server-extra +client = 13-npn-server-switch-resumption-client-extra +resume-client = 13-npn-server-switch-resumption-client-extra + +[13-npn-server-switch-resumption-server-extra] +NPNProtocols = bar,foo + +[13-npn-server-switch-resumption-resume-server-extra] +NPNProtocols = baz,foo + +[13-npn-server-switch-resumption-client-extra] +NPNProtocols = foo,bar,baz + + +# =========================================================== + +[14-npn-client-switch-resumption] +ssl_conf = 14-npn-client-switch-resumption-ssl + +[14-npn-client-switch-resumption-ssl] +server = 14-npn-client-switch-resumption-server +client = 14-npn-client-switch-resumption-client +resume-server = 14-npn-client-switch-resumption-server +resume-client = 14-npn-client-switch-resumption-resume-client + +[14-npn-client-switch-resumption-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[14-npn-client-switch-resumption-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[14-npn-client-switch-resumption-resume-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-14] +ExpectedNPNProtocol = bar +HandshakeMode = Resume +ResumptionExpected = Yes +server = 14-npn-client-switch-resumption-server-extra +resume-server = 14-npn-client-switch-resumption-server-extra +client = 14-npn-client-switch-resumption-client-extra +resume-client = 14-npn-client-switch-resumption-resume-client-extra + +[14-npn-client-switch-resumption-server-extra] +NPNProtocols = foo,bar,baz + +[14-npn-client-switch-resumption-client-extra] +NPNProtocols = foo,baz + +[14-npn-client-switch-resumption-resume-client-extra] +NPNProtocols = bar,baz + + +# =========================================================== + +[15-npn-client-first-pref-on-mismatch-resumption] +ssl_conf = 15-npn-client-first-pref-on-mismatch-resumption-ssl + +[15-npn-client-first-pref-on-mismatch-resumption-ssl] +server = 15-npn-client-first-pref-on-mismatch-resumption-server +client = 15-npn-client-first-pref-on-mismatch-resumption-client +resume-server = 15-npn-client-first-pref-on-mismatch-resumption-resume-server +resume-client = 15-npn-client-first-pref-on-mismatch-resumption-client + +[15-npn-client-first-pref-on-mismatch-resumption-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[15-npn-client-first-pref-on-mismatch-resumption-resume-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[15-npn-client-first-pref-on-mismatch-resumption-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-15] +ExpectedNPNProtocol = foo +HandshakeMode = Resume +ResumptionExpected = Yes +server = 15-npn-client-first-pref-on-mismatch-resumption-server-extra +resume-server = 15-npn-client-first-pref-on-mismatch-resumption-resume-server-extra +client = 15-npn-client-first-pref-on-mismatch-resumption-client-extra +resume-client = 15-npn-client-first-pref-on-mismatch-resumption-client-extra + +[15-npn-client-first-pref-on-mismatch-resumption-server-extra] +NPNProtocols = bar + +[15-npn-client-first-pref-on-mismatch-resumption-resume-server-extra] +NPNProtocols = baz + +[15-npn-client-first-pref-on-mismatch-resumption-client-extra] +NPNProtocols = foo,bar + + +# =========================================================== + +[16-npn-no-server-support-resumption] +ssl_conf = 16-npn-no-server-support-resumption-ssl + +[16-npn-no-server-support-resumption-ssl] +server = 16-npn-no-server-support-resumption-server +client = 16-npn-no-server-support-resumption-client +resume-server = 16-npn-no-server-support-resumption-resume-server +resume-client = 16-npn-no-server-support-resumption-client + +[16-npn-no-server-support-resumption-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[16-npn-no-server-support-resumption-resume-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[16-npn-no-server-support-resumption-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-16] +HandshakeMode = Resume +ResumptionExpected = Yes +server = 16-npn-no-server-support-resumption-server-extra +client = 16-npn-no-server-support-resumption-client-extra +resume-client = 16-npn-no-server-support-resumption-client-extra + +[16-npn-no-server-support-resumption-server-extra] +NPNProtocols = foo + +[16-npn-no-server-support-resumption-client-extra] +NPNProtocols = foo + + +# =========================================================== + +[17-npn-no-client-support-resumption] +ssl_conf = 17-npn-no-client-support-resumption-ssl + +[17-npn-no-client-support-resumption-ssl] +server = 17-npn-no-client-support-resumption-server +client = 17-npn-no-client-support-resumption-client +resume-server = 17-npn-no-client-support-resumption-server +resume-client = 17-npn-no-client-support-resumption-resume-client + +[17-npn-no-client-support-resumption-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[17-npn-no-client-support-resumption-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[17-npn-no-client-support-resumption-resume-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-17] +HandshakeMode = Resume +ResumptionExpected = Yes +server = 17-npn-no-client-support-resumption-server-extra +resume-server = 17-npn-no-client-support-resumption-server-extra +client = 17-npn-no-client-support-resumption-client-extra + +[17-npn-no-client-support-resumption-server-extra] +NPNProtocols = foo + +[17-npn-no-client-support-resumption-client-extra] +NPNProtocols = foo + + +# =========================================================== + +[18-alpn-preferred-over-npn-resumption] +ssl_conf = 18-alpn-preferred-over-npn-resumption-ssl + +[18-alpn-preferred-over-npn-resumption-ssl] +server = 18-alpn-preferred-over-npn-resumption-server +client = 18-alpn-preferred-over-npn-resumption-client +resume-server = 18-alpn-preferred-over-npn-resumption-resume-server +resume-client = 18-alpn-preferred-over-npn-resumption-client + +[18-alpn-preferred-over-npn-resumption-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[18-alpn-preferred-over-npn-resumption-resume-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[18-alpn-preferred-over-npn-resumption-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-18] +ExpectedALPNProtocol = foo +HandshakeMode = Resume +ResumptionExpected = Yes +server = 18-alpn-preferred-over-npn-resumption-server-extra +resume-server = 18-alpn-preferred-over-npn-resumption-resume-server-extra +client = 18-alpn-preferred-over-npn-resumption-client-extra +resume-client = 18-alpn-preferred-over-npn-resumption-client-extra + +[18-alpn-preferred-over-npn-resumption-server-extra] +NPNProtocols = bar + +[18-alpn-preferred-over-npn-resumption-resume-server-extra] +ALPNProtocols = foo +NPNProtocols = baz + +[18-alpn-preferred-over-npn-resumption-client-extra] +ALPNProtocols = foo +NPNProtocols = bar,baz + + +# =========================================================== + +[19-npn-used-if-alpn-not-supported-resumption] +ssl_conf = 19-npn-used-if-alpn-not-supported-resumption-ssl + +[19-npn-used-if-alpn-not-supported-resumption-ssl] +server = 19-npn-used-if-alpn-not-supported-resumption-server +client = 19-npn-used-if-alpn-not-supported-resumption-client +resume-server = 19-npn-used-if-alpn-not-supported-resumption-resume-server +resume-client = 19-npn-used-if-alpn-not-supported-resumption-client + +[19-npn-used-if-alpn-not-supported-resumption-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[19-npn-used-if-alpn-not-supported-resumption-resume-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[19-npn-used-if-alpn-not-supported-resumption-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-19] +ExpectedNPNProtocol = baz +HandshakeMode = Resume +ResumptionExpected = Yes +server = 19-npn-used-if-alpn-not-supported-resumption-server-extra +resume-server = 19-npn-used-if-alpn-not-supported-resumption-resume-server-extra +client = 19-npn-used-if-alpn-not-supported-resumption-client-extra +resume-client = 19-npn-used-if-alpn-not-supported-resumption-client-extra + +[19-npn-used-if-alpn-not-supported-resumption-server-extra] +ALPNProtocols = foo +NPNProtocols = bar + +[19-npn-used-if-alpn-not-supported-resumption-resume-server-extra] +NPNProtocols = baz + +[19-npn-used-if-alpn-not-supported-resumption-client-extra] +ALPNProtocols = foo +NPNProtocols = bar,baz + + diff --git a/openssl-1.1.0h/test/ssl-tests/08-npn.conf.in b/openssl-1.1.0h/test/ssl-tests/08-npn.conf.in new file mode 100644 index 0000000..bcb632f --- /dev/null +++ b/openssl-1.1.0h/test/ssl-tests/08-npn.conf.in @@ -0,0 +1,420 @@ +# -*- mode: perl; -*- +# Copyright 2016-2016 The OpenSSL Project Authors. All Rights Reserved. +# +# Licensed under the OpenSSL license (the "License"). You may not use +# this file except in compliance with the License. You can obtain a copy +# in the file LICENSE in the source distribution or at +# https://www.openssl.org/source/license.html + + +## Test NPN negotiation + +use strict; +use warnings; + +package ssltests; + + +our @tests = ( + { + name => "npn-simple", + server => { + extra => { + "NPNProtocols" => "foo", + }, + }, + client => { + extra => { + "NPNProtocols" => "foo", + }, + }, + test => { + "ExpectedNPNProtocol" => "foo", + }, + }, + { + name => "npn-client-finds-match", + server => { + extra => { + "NPNProtocols" => "baz,bar", + }, + }, + client => { + extra => { + "NPNProtocols" => "foo,bar", + }, + }, + test => { + "ExpectedNPNProtocol" => "bar", + }, + }, + { + name => "npn-client-honours-server-pref", + server => { + extra => { + "NPNProtocols" => "bar,foo", + }, + }, + client => { + extra => { + "NPNProtocols" => "foo,bar", + }, + }, + test => { + "ExpectedNPNProtocol" => "bar", + }, + }, + { + name => "npn-client-first-pref-on-mismatch", + server => { + extra => { + "NPNProtocols" => "baz", + }, + }, + client => { + extra => { + "NPNProtocols" => "foo,bar", + }, + }, + test => { + "ExpectedNPNProtocol" => "foo", + }, + }, + { + name => "npn-no-server-support", + server => { }, + client => { + extra => { + "NPNProtocols" => "foo", + }, + }, + test => { + "ExpectedNPNProtocol" => undef, + }, + }, + { + name => "npn-no-client-support", + server => { + extra => { + "NPNProtocols" => "foo", + }, + }, + client => { }, + test => { + "ExpectedNPNProtocol" => undef, + }, + }, + { + name => "npn-with-sni-no-context-switch", + server => { + extra => { + "NPNProtocols" => "foo", + "ServerNameCallback" => "IgnoreMismatch", + }, + }, + server2 => { + extra => { + "NPNProtocols" => "bar", + }, + }, + client => { + extra => { + "NPNProtocols" => "foo,bar", + "ServerName" => "server1", + }, + }, + test => { + "ExpectedServerName" => "server1", + "ExpectedNPNProtocol" => "foo", + }, + }, + { + name => "npn-with-sni-context-switch", + server => { + extra => { + "NPNProtocols" => "foo", + "ServerNameCallback" => "IgnoreMismatch", + }, + }, + server2 => { + extra => { + "NPNProtocols" => "bar", + }, + }, + client => { + extra => { + "NPNProtocols" => "foo,bar", + "ServerName" => "server2", + }, + }, + test => { + "ExpectedServerName" => "server2", + "ExpectedNPNProtocol" => "bar", + }, + }, + { + name => "npn-selected-sni-server-supports-npn", + server => { + extra => { + "ServerNameCallback" => "IgnoreMismatch", + }, + }, + server2 => { + extra => { + "NPNProtocols" => "bar", + }, + }, + client => { + extra => { + "NPNProtocols" => "foo,bar", + "ServerName" => "server2", + }, + }, + test => { + "ExpectedServerName" => "server2", + "ExpectedNPNProtocol" => "bar", + }, + }, + { + name => "npn-selected-sni-server-does-not-support-npn", + server => { + extra => { + "NPNProtocols" => "bar", + "ServerNameCallback" => "IgnoreMismatch", + }, + }, + server2 => { }, + client => { + extra => { + "NPNProtocols" => "foo,bar", + "ServerName" => "server2", + }, + }, + test => { + "ExpectedServerName" => "server2", + "ExpectedNPNProtocol" => undef, + }, + }, + { + name => "alpn-preferred-over-npn", + server => { + extra => { + "ALPNProtocols" => "foo", + "NPNProtocols" => "bar", + }, + }, + client => { + extra => { + "ALPNProtocols" => "foo", + "NPNProtocols" => "bar", + }, + }, + test => { + "ExpectedALPNProtocol" => "foo", + "ExpectedNPNProtocol" => undef, + }, + }, + { + name => "sni-npn-preferred-over-alpn", + server => { + extra => { + "ServerNameCallback" => "IgnoreMismatch", + "ALPNProtocols" => "foo", + }, + }, + server2 => { + extra => { + "NPNProtocols" => "bar", + }, + }, + client => { + extra => { + "ServerName" => "server2", + "ALPNProtocols" => "foo", + "NPNProtocols" => "bar", + }, + }, + test => { + "ExpectedALPNProtocol" => undef, + "ExpectedNPNProtocol" => "bar", + "ExpectedServerName" => "server2", + }, + }, + { + name => "npn-simple-resumption", + server => { + extra => { + "NPNProtocols" => "foo", + }, + }, + client => { + extra => { + "NPNProtocols" => "foo", + }, + }, + test => { + "HandshakeMode" => "Resume", + "ResumptionExpected" => "Yes", + "ExpectedNPNProtocol" => "foo", + }, + }, + { + name => "npn-server-switch-resumption", + server => { + extra => { + "NPNProtocols" => "bar,foo", + }, + }, + resume_server => { + extra => { + "NPNProtocols" => "baz,foo", + }, + }, + client => { + extra => { + "NPNProtocols" => "foo,bar,baz", + }, + }, + test => { + "HandshakeMode" => "Resume", + "ResumptionExpected" => "Yes", + "ExpectedNPNProtocol" => "baz", + }, + }, + { + name => "npn-client-switch-resumption", + server => { + extra => { + "NPNProtocols" => "foo,bar,baz", + }, + }, + client => { + extra => { + "NPNProtocols" => "foo,baz", + }, + }, + resume_client => { + extra => { + "NPNProtocols" => "bar,baz", + }, + }, + test => { + "HandshakeMode" => "Resume", + "ResumptionExpected" => "Yes", + "ExpectedNPNProtocol" => "bar", + }, + }, + { + name => "npn-client-first-pref-on-mismatch-resumption", + server => { + extra => { + "NPNProtocols" => "bar", + }, + }, + resume_server => { + extra => { + "NPNProtocols" => "baz", + }, + }, + client => { + extra => { + "NPNProtocols" => "foo,bar", + }, + }, + test => { + "HandshakeMode" => "Resume", + "ResumptionExpected" => "Yes", + "ExpectedNPNProtocol" => "foo", + }, + }, + { + name => "npn-no-server-support-resumption", + server => { + extra => { + "NPNProtocols" => "foo", + }, + }, + resume_server => { }, + client => { + extra => { + "NPNProtocols" => "foo", + }, + }, + test => { + "HandshakeMode" => "Resume", + "ResumptionExpected" => "Yes", + "ExpectedNPNProtocol" => undef, + }, + }, + { + name => "npn-no-client-support-resumption", + server => { + extra => { + "NPNProtocols" => "foo", + }, + }, + client => { + extra => { + "NPNProtocols" => "foo", + }, + }, + resume_client => { }, + test => { + "HandshakeMode" => "Resume", + "ResumptionExpected" => "Yes", + "ExpectedNPNProtocol" => undef, + }, + }, + { + name => "alpn-preferred-over-npn-resumption", + server => { + extra => { + "NPNProtocols" => "bar", + }, + }, + resume_server => { + extra => { + "ALPNProtocols" => "foo", + "NPNProtocols" => "baz", + }, + }, + client => { + extra => { + "ALPNProtocols" => "foo", + "NPNProtocols" => "bar,baz", + }, + }, + test => { + "HandshakeMode" => "Resume", + "ResumptionExpected" => "Yes", + "ExpectedALPNProtocol" => "foo", + "ExpectedNPNProtocol" => undef, + }, + }, + { + name => "npn-used-if-alpn-not-supported-resumption", + server => { + extra => { + "ALPNProtocols" => "foo", + "NPNProtocols" => "bar", + }, + }, + resume_server => { + extra => { + "NPNProtocols" => "baz", + }, + }, + client => { + extra => { + "ALPNProtocols" => "foo", + "NPNProtocols" => "bar,baz", + }, + }, + test => { + "HandshakeMode" => "Resume", + "ResumptionExpected" => "Yes", + "ExpectedALPNProtocol" => undef, + "ExpectedNPNProtocol" => "baz", + }, + }, +); diff --git a/openssl-1.1.0h/test/ssl-tests/09-alpn.conf b/openssl-1.1.0h/test/ssl-tests/09-alpn.conf new file mode 100644 index 0000000..e7e6cb9 --- /dev/null +++ b/openssl-1.1.0h/test/ssl-tests/09-alpn.conf @@ -0,0 +1,619 @@ +# Generated with generate_ssl_tests.pl + +num_tests = 16 + +test-0 = 0-alpn-simple +test-1 = 1-alpn-server-finds-match +test-2 = 2-alpn-server-honours-server-pref +test-3 = 3-alpn-alert-on-mismatch +test-4 = 4-alpn-no-server-support +test-5 = 5-alpn-no-client-support +test-6 = 6-alpn-with-sni-no-context-switch +test-7 = 7-alpn-with-sni-context-switch +test-8 = 8-alpn-selected-sni-server-supports-alpn +test-9 = 9-alpn-selected-sni-server-does-not-support-alpn +test-10 = 10-alpn-simple-resumption +test-11 = 11-alpn-server-switch-resumption +test-12 = 12-alpn-client-switch-resumption +test-13 = 13-alpn-alert-on-mismatch-resumption +test-14 = 14-alpn-no-server-support-resumption +test-15 = 15-alpn-no-client-support-resumption +# =========================================================== + +[0-alpn-simple] +ssl_conf = 0-alpn-simple-ssl + +[0-alpn-simple-ssl] +server = 0-alpn-simple-server +client = 0-alpn-simple-client + +[0-alpn-simple-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[0-alpn-simple-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-0] +ExpectedALPNProtocol = foo +server = 0-alpn-simple-server-extra +client = 0-alpn-simple-client-extra + +[0-alpn-simple-server-extra] +ALPNProtocols = foo + +[0-alpn-simple-client-extra] +ALPNProtocols = foo + + +# =========================================================== + +[1-alpn-server-finds-match] +ssl_conf = 1-alpn-server-finds-match-ssl + +[1-alpn-server-finds-match-ssl] +server = 1-alpn-server-finds-match-server +client = 1-alpn-server-finds-match-client + +[1-alpn-server-finds-match-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[1-alpn-server-finds-match-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-1] +ExpectedALPNProtocol = bar +server = 1-alpn-server-finds-match-server-extra +client = 1-alpn-server-finds-match-client-extra + +[1-alpn-server-finds-match-server-extra] +ALPNProtocols = baz,bar + +[1-alpn-server-finds-match-client-extra] +ALPNProtocols = foo,bar + + +# =========================================================== + +[2-alpn-server-honours-server-pref] +ssl_conf = 2-alpn-server-honours-server-pref-ssl + +[2-alpn-server-honours-server-pref-ssl] +server = 2-alpn-server-honours-server-pref-server +client = 2-alpn-server-honours-server-pref-client + +[2-alpn-server-honours-server-pref-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[2-alpn-server-honours-server-pref-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-2] +ExpectedALPNProtocol = bar +server = 2-alpn-server-honours-server-pref-server-extra +client = 2-alpn-server-honours-server-pref-client-extra + +[2-alpn-server-honours-server-pref-server-extra] +ALPNProtocols = bar,foo + +[2-alpn-server-honours-server-pref-client-extra] +ALPNProtocols = foo,bar + + +# =========================================================== + +[3-alpn-alert-on-mismatch] +ssl_conf = 3-alpn-alert-on-mismatch-ssl + +[3-alpn-alert-on-mismatch-ssl] +server = 3-alpn-alert-on-mismatch-server +client = 3-alpn-alert-on-mismatch-client + +[3-alpn-alert-on-mismatch-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[3-alpn-alert-on-mismatch-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-3] +ExpectedResult = ServerFail +ExpectedServerAlert = NoApplicationProtocol +server = 3-alpn-alert-on-mismatch-server-extra +client = 3-alpn-alert-on-mismatch-client-extra + +[3-alpn-alert-on-mismatch-server-extra] +ALPNProtocols = baz + +[3-alpn-alert-on-mismatch-client-extra] +ALPNProtocols = foo,bar + + +# =========================================================== + +[4-alpn-no-server-support] +ssl_conf = 4-alpn-no-server-support-ssl + +[4-alpn-no-server-support-ssl] +server = 4-alpn-no-server-support-server +client = 4-alpn-no-server-support-client + +[4-alpn-no-server-support-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[4-alpn-no-server-support-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-4] +client = 4-alpn-no-server-support-client-extra + +[4-alpn-no-server-support-client-extra] +ALPNProtocols = foo + + +# =========================================================== + +[5-alpn-no-client-support] +ssl_conf = 5-alpn-no-client-support-ssl + +[5-alpn-no-client-support-ssl] +server = 5-alpn-no-client-support-server +client = 5-alpn-no-client-support-client + +[5-alpn-no-client-support-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[5-alpn-no-client-support-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-5] +server = 5-alpn-no-client-support-server-extra + +[5-alpn-no-client-support-server-extra] +ALPNProtocols = foo + + +# =========================================================== + +[6-alpn-with-sni-no-context-switch] +ssl_conf = 6-alpn-with-sni-no-context-switch-ssl + +[6-alpn-with-sni-no-context-switch-ssl] +server = 6-alpn-with-sni-no-context-switch-server +client = 6-alpn-with-sni-no-context-switch-client +server2 = 6-alpn-with-sni-no-context-switch-server2 + +[6-alpn-with-sni-no-context-switch-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[6-alpn-with-sni-no-context-switch-server2] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[6-alpn-with-sni-no-context-switch-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-6] +ExpectedALPNProtocol = foo +ExpectedServerName = server1 +server = 6-alpn-with-sni-no-context-switch-server-extra +server2 = 6-alpn-with-sni-no-context-switch-server2-extra +client = 6-alpn-with-sni-no-context-switch-client-extra + +[6-alpn-with-sni-no-context-switch-server-extra] +ALPNProtocols = foo +ServerNameCallback = IgnoreMismatch + +[6-alpn-with-sni-no-context-switch-server2-extra] +ALPNProtocols = bar + +[6-alpn-with-sni-no-context-switch-client-extra] +ALPNProtocols = foo,bar +ServerName = server1 + + +# =========================================================== + +[7-alpn-with-sni-context-switch] +ssl_conf = 7-alpn-with-sni-context-switch-ssl + +[7-alpn-with-sni-context-switch-ssl] +server = 7-alpn-with-sni-context-switch-server +client = 7-alpn-with-sni-context-switch-client +server2 = 7-alpn-with-sni-context-switch-server2 + +[7-alpn-with-sni-context-switch-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[7-alpn-with-sni-context-switch-server2] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[7-alpn-with-sni-context-switch-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-7] +ExpectedALPNProtocol = bar +ExpectedServerName = server2 +server = 7-alpn-with-sni-context-switch-server-extra +server2 = 7-alpn-with-sni-context-switch-server2-extra +client = 7-alpn-with-sni-context-switch-client-extra + +[7-alpn-with-sni-context-switch-server-extra] +ALPNProtocols = foo +ServerNameCallback = IgnoreMismatch + +[7-alpn-with-sni-context-switch-server2-extra] +ALPNProtocols = bar + +[7-alpn-with-sni-context-switch-client-extra] +ALPNProtocols = foo,bar +ServerName = server2 + + +# =========================================================== + +[8-alpn-selected-sni-server-supports-alpn] +ssl_conf = 8-alpn-selected-sni-server-supports-alpn-ssl + +[8-alpn-selected-sni-server-supports-alpn-ssl] +server = 8-alpn-selected-sni-server-supports-alpn-server +client = 8-alpn-selected-sni-server-supports-alpn-client +server2 = 8-alpn-selected-sni-server-supports-alpn-server2 + +[8-alpn-selected-sni-server-supports-alpn-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[8-alpn-selected-sni-server-supports-alpn-server2] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[8-alpn-selected-sni-server-supports-alpn-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-8] +ExpectedALPNProtocol = bar +ExpectedServerName = server2 +server = 8-alpn-selected-sni-server-supports-alpn-server-extra +server2 = 8-alpn-selected-sni-server-supports-alpn-server2-extra +client = 8-alpn-selected-sni-server-supports-alpn-client-extra + +[8-alpn-selected-sni-server-supports-alpn-server-extra] +ServerNameCallback = IgnoreMismatch + +[8-alpn-selected-sni-server-supports-alpn-server2-extra] +ALPNProtocols = bar + +[8-alpn-selected-sni-server-supports-alpn-client-extra] +ALPNProtocols = foo,bar +ServerName = server2 + + +# =========================================================== + +[9-alpn-selected-sni-server-does-not-support-alpn] +ssl_conf = 9-alpn-selected-sni-server-does-not-support-alpn-ssl + +[9-alpn-selected-sni-server-does-not-support-alpn-ssl] +server = 9-alpn-selected-sni-server-does-not-support-alpn-server +client = 9-alpn-selected-sni-server-does-not-support-alpn-client +server2 = 9-alpn-selected-sni-server-does-not-support-alpn-server2 + +[9-alpn-selected-sni-server-does-not-support-alpn-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[9-alpn-selected-sni-server-does-not-support-alpn-server2] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[9-alpn-selected-sni-server-does-not-support-alpn-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-9] +ExpectedServerName = server2 +server = 9-alpn-selected-sni-server-does-not-support-alpn-server-extra +client = 9-alpn-selected-sni-server-does-not-support-alpn-client-extra + +[9-alpn-selected-sni-server-does-not-support-alpn-server-extra] +ALPNProtocols = bar +ServerNameCallback = IgnoreMismatch + +[9-alpn-selected-sni-server-does-not-support-alpn-client-extra] +ALPNProtocols = foo,bar +ServerName = server2 + + +# =========================================================== + +[10-alpn-simple-resumption] +ssl_conf = 10-alpn-simple-resumption-ssl + +[10-alpn-simple-resumption-ssl] +server = 10-alpn-simple-resumption-server +client = 10-alpn-simple-resumption-client +resume-server = 10-alpn-simple-resumption-server +resume-client = 10-alpn-simple-resumption-client + +[10-alpn-simple-resumption-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[10-alpn-simple-resumption-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-10] +ExpectedALPNProtocol = foo +HandshakeMode = Resume +ResumptionExpected = Yes +server = 10-alpn-simple-resumption-server-extra +resume-server = 10-alpn-simple-resumption-server-extra +client = 10-alpn-simple-resumption-client-extra +resume-client = 10-alpn-simple-resumption-client-extra + +[10-alpn-simple-resumption-server-extra] +ALPNProtocols = foo + +[10-alpn-simple-resumption-client-extra] +ALPNProtocols = foo + + +# =========================================================== + +[11-alpn-server-switch-resumption] +ssl_conf = 11-alpn-server-switch-resumption-ssl + +[11-alpn-server-switch-resumption-ssl] +server = 11-alpn-server-switch-resumption-server +client = 11-alpn-server-switch-resumption-client +resume-server = 11-alpn-server-switch-resumption-resume-server +resume-client = 11-alpn-server-switch-resumption-client + +[11-alpn-server-switch-resumption-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[11-alpn-server-switch-resumption-resume-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[11-alpn-server-switch-resumption-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-11] +ExpectedALPNProtocol = baz +HandshakeMode = Resume +ResumptionExpected = Yes +server = 11-alpn-server-switch-resumption-server-extra +resume-server = 11-alpn-server-switch-resumption-resume-server-extra +client = 11-alpn-server-switch-resumption-client-extra +resume-client = 11-alpn-server-switch-resumption-client-extra + +[11-alpn-server-switch-resumption-server-extra] +ALPNProtocols = bar,foo + +[11-alpn-server-switch-resumption-resume-server-extra] +ALPNProtocols = baz,foo + +[11-alpn-server-switch-resumption-client-extra] +ALPNProtocols = foo,bar,baz + + +# =========================================================== + +[12-alpn-client-switch-resumption] +ssl_conf = 12-alpn-client-switch-resumption-ssl + +[12-alpn-client-switch-resumption-ssl] +server = 12-alpn-client-switch-resumption-server +client = 12-alpn-client-switch-resumption-client +resume-server = 12-alpn-client-switch-resumption-server +resume-client = 12-alpn-client-switch-resumption-resume-client + +[12-alpn-client-switch-resumption-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[12-alpn-client-switch-resumption-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[12-alpn-client-switch-resumption-resume-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-12] +ExpectedALPNProtocol = bar +HandshakeMode = Resume +ResumptionExpected = Yes +server = 12-alpn-client-switch-resumption-server-extra +resume-server = 12-alpn-client-switch-resumption-server-extra +client = 12-alpn-client-switch-resumption-client-extra +resume-client = 12-alpn-client-switch-resumption-resume-client-extra + +[12-alpn-client-switch-resumption-server-extra] +ALPNProtocols = foo,bar,baz + +[12-alpn-client-switch-resumption-client-extra] +ALPNProtocols = foo,baz + +[12-alpn-client-switch-resumption-resume-client-extra] +ALPNProtocols = bar,baz + + +# =========================================================== + +[13-alpn-alert-on-mismatch-resumption] +ssl_conf = 13-alpn-alert-on-mismatch-resumption-ssl + +[13-alpn-alert-on-mismatch-resumption-ssl] +server = 13-alpn-alert-on-mismatch-resumption-server +client = 13-alpn-alert-on-mismatch-resumption-client +resume-server = 13-alpn-alert-on-mismatch-resumption-resume-server +resume-client = 13-alpn-alert-on-mismatch-resumption-client + +[13-alpn-alert-on-mismatch-resumption-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[13-alpn-alert-on-mismatch-resumption-resume-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[13-alpn-alert-on-mismatch-resumption-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-13] +ExpectedResult = ServerFail +ExpectedServerAlert = NoApplicationProtocol +HandshakeMode = Resume +server = 13-alpn-alert-on-mismatch-resumption-server-extra +resume-server = 13-alpn-alert-on-mismatch-resumption-resume-server-extra +client = 13-alpn-alert-on-mismatch-resumption-client-extra +resume-client = 13-alpn-alert-on-mismatch-resumption-client-extra + +[13-alpn-alert-on-mismatch-resumption-server-extra] +ALPNProtocols = bar + +[13-alpn-alert-on-mismatch-resumption-resume-server-extra] +ALPNProtocols = baz + +[13-alpn-alert-on-mismatch-resumption-client-extra] +ALPNProtocols = foo,bar + + +# =========================================================== + +[14-alpn-no-server-support-resumption] +ssl_conf = 14-alpn-no-server-support-resumption-ssl + +[14-alpn-no-server-support-resumption-ssl] +server = 14-alpn-no-server-support-resumption-server +client = 14-alpn-no-server-support-resumption-client +resume-server = 14-alpn-no-server-support-resumption-resume-server +resume-client = 14-alpn-no-server-support-resumption-client + +[14-alpn-no-server-support-resumption-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[14-alpn-no-server-support-resumption-resume-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[14-alpn-no-server-support-resumption-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-14] +HandshakeMode = Resume +ResumptionExpected = Yes +server = 14-alpn-no-server-support-resumption-server-extra +client = 14-alpn-no-server-support-resumption-client-extra +resume-client = 14-alpn-no-server-support-resumption-client-extra + +[14-alpn-no-server-support-resumption-server-extra] +ALPNProtocols = foo + +[14-alpn-no-server-support-resumption-client-extra] +ALPNProtocols = foo + + +# =========================================================== + +[15-alpn-no-client-support-resumption] +ssl_conf = 15-alpn-no-client-support-resumption-ssl + +[15-alpn-no-client-support-resumption-ssl] +server = 15-alpn-no-client-support-resumption-server +client = 15-alpn-no-client-support-resumption-client +resume-server = 15-alpn-no-client-support-resumption-server +resume-client = 15-alpn-no-client-support-resumption-resume-client + +[15-alpn-no-client-support-resumption-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[15-alpn-no-client-support-resumption-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[15-alpn-no-client-support-resumption-resume-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-15] +HandshakeMode = Resume +ResumptionExpected = Yes +server = 15-alpn-no-client-support-resumption-server-extra +resume-server = 15-alpn-no-client-support-resumption-server-extra +client = 15-alpn-no-client-support-resumption-client-extra + +[15-alpn-no-client-support-resumption-server-extra] +ALPNProtocols = foo + +[15-alpn-no-client-support-resumption-client-extra] +ALPNProtocols = foo + + diff --git a/openssl-1.1.0h/test/ssl-tests/09-alpn.conf.in b/openssl-1.1.0h/test/ssl-tests/09-alpn.conf.in new file mode 100644 index 0000000..37035f1 --- /dev/null +++ b/openssl-1.1.0h/test/ssl-tests/09-alpn.conf.in @@ -0,0 +1,324 @@ +# -*- mode: perl; -*- +# Copyright 2016-2016 The OpenSSL Project Authors. All Rights Reserved. +# +# Licensed under the OpenSSL license (the "License"). You may not use +# this file except in compliance with the License. You can obtain a copy +# in the file LICENSE in the source distribution or at +# https://www.openssl.org/source/license.html + + +## Test ALPN negotiation + +use strict; +use warnings; + +package ssltests; + + +our @tests = ( + { + name => "alpn-simple", + server => { + extra => { + "ALPNProtocols" => "foo", + }, + }, + client => { + extra => { + "ALPNProtocols" => "foo", + }, + }, + test => { + "ExpectedALPNProtocol" => "foo", + }, + }, + { + name => "alpn-server-finds-match", + server => { + extra => { + "ALPNProtocols" => "baz,bar", + }, + }, + client => { + extra => { + "ALPNProtocols" => "foo,bar", + }, + }, + test => { + "ExpectedALPNProtocol" => "bar", + }, + }, + { + name => "alpn-server-honours-server-pref", + server => { + extra => { + "ALPNProtocols" => "bar,foo", + }, + }, + client => { + extra => { + "ALPNProtocols" => "foo,bar", + }, + }, + test => { + "ExpectedALPNProtocol" => "bar", + }, + }, + { + name => "alpn-alert-on-mismatch", + server => { + extra => { + "ALPNProtocols" => "baz", + }, + }, + client => { + extra => { + "ALPNProtocols" => "foo,bar", + }, + }, + test => { + "ExpectedResult" => "ServerFail", + "ExpectedServerAlert" => "NoApplicationProtocol", + }, + }, + { + name => "alpn-no-server-support", + server => { }, + client => { + extra => { + "ALPNProtocols" => "foo", + }, + }, + test => { + "ExpectedALPNProtocol" => undef, + }, + }, + { + name => "alpn-no-client-support", + server => { + extra => { + "ALPNProtocols" => "foo", + }, + }, + client => { }, + test => { + "ExpectedALPNProtocol" => undef, + }, + }, + { + name => "alpn-with-sni-no-context-switch", + server => { + extra => { + "ALPNProtocols" => "foo", + "ServerNameCallback" => "IgnoreMismatch", + }, + }, + server2 => { + extra => { + "ALPNProtocols" => "bar", + }, + }, + client => { + extra => { + "ALPNProtocols" => "foo,bar", + "ServerName" => "server1", + }, + }, + test => { + "ExpectedServerName" => "server1", + "ExpectedALPNProtocol" => "foo", + }, + }, + { + name => "alpn-with-sni-context-switch", + server => { + extra => { + "ALPNProtocols" => "foo", + "ServerNameCallback" => "IgnoreMismatch", + }, + }, + server2 => { + extra => { + "ALPNProtocols" => "bar", + }, + }, + client => { + extra => { + "ALPNProtocols" => "foo,bar", + "ServerName" => "server2", + }, + }, + test => { + "ExpectedServerName" => "server2", + "ExpectedALPNProtocol" => "bar", + }, + }, + { + name => "alpn-selected-sni-server-supports-alpn", + server => { + extra => { + "ServerNameCallback" => "IgnoreMismatch", + }, + }, + server2 => { + extra => { + "ALPNProtocols" => "bar", + }, + }, + client => { + extra => { + "ALPNProtocols" => "foo,bar", + "ServerName" => "server2", + }, + }, + test => { + "ExpectedServerName" => "server2", + "ExpectedALPNProtocol" => "bar", + }, + }, + { + name => "alpn-selected-sni-server-does-not-support-alpn", + server => { + extra => { + "ALPNProtocols" => "bar", + "ServerNameCallback" => "IgnoreMismatch", + }, + }, + server2 => { }, + client => { + extra => { + "ALPNProtocols" => "foo,bar", + "ServerName" => "server2", + }, + }, + test => { + "ExpectedServerName" => "server2", + "ExpectedALPNProtocol" => undef, + }, + }, + { + name => "alpn-simple-resumption", + server => { + extra => { + "ALPNProtocols" => "foo", + }, + }, + client => { + extra => { + "ALPNProtocols" => "foo", + }, + }, + test => { + "HandshakeMode" => "Resume", + "ResumptionExpected" => "Yes", + "ExpectedALPNProtocol" => "foo", + }, + }, + { + name => "alpn-server-switch-resumption", + server => { + extra => { + "ALPNProtocols" => "bar,foo", + }, + }, + resume_server => { + extra => { + "ALPNProtocols" => "baz,foo", + }, + }, + client => { + extra => { + "ALPNProtocols" => "foo,bar,baz", + }, + }, + test => { + "HandshakeMode" => "Resume", + "ResumptionExpected" => "Yes", + "ExpectedALPNProtocol" => "baz", + }, + }, + { + name => "alpn-client-switch-resumption", + server => { + extra => { + "ALPNProtocols" => "foo,bar,baz", + }, + }, + client => { + extra => { + "ALPNProtocols" => "foo,baz", + }, + }, + resume_client => { + extra => { + "ALPNProtocols" => "bar,baz", + }, + }, + test => { + "HandshakeMode" => "Resume", + "ResumptionExpected" => "Yes", + "ExpectedALPNProtocol" => "bar", + }, + }, + { + name => "alpn-alert-on-mismatch-resumption", + server => { + extra => { + "ALPNProtocols" => "bar", + }, + }, + resume_server => { + extra => { + "ALPNProtocols" => "baz", + }, + }, + client => { + extra => { + "ALPNProtocols" => "foo,bar", + }, + }, + test => { + "HandshakeMode" => "Resume", + "ExpectedResult" => "ServerFail", + "ExpectedServerAlert" => "NoApplicationProtocol", + }, + }, + { + name => "alpn-no-server-support-resumption", + server => { + extra => { + "ALPNProtocols" => "foo", + }, + }, + resume_server => { }, + client => { + extra => { + "ALPNProtocols" => "foo", + }, + }, + test => { + "HandshakeMode" => "Resume", + "ResumptionExpected" => "Yes", + "ExpectedALPNProtocol" => undef, + }, + }, + { + name => "alpn-no-client-support-resumption", + server => { + extra => { + "ALPNProtocols" => "foo", + }, + }, + client => { + extra => { + "ALPNProtocols" => "foo", + }, + }, + resume_client => { }, + test => { + "HandshakeMode" => "Resume", + "ResumptionExpected" => "Yes", + "ExpectedALPNProtocol" => undef, + }, + }, +); diff --git a/openssl-1.1.0h/test/ssl-tests/10-resumption.conf b/openssl-1.1.0h/test/ssl-tests/10-resumption.conf new file mode 100644 index 0000000..b2deee4 --- /dev/null +++ b/openssl-1.1.0h/test/ssl-tests/10-resumption.conf @@ -0,0 +1,1336 @@ +# Generated with generate_ssl_tests.pl + +num_tests = 36 + +test-0 = 0-resumption +test-1 = 1-resumption +test-2 = 2-resumption +test-3 = 3-resumption +test-4 = 4-resumption +test-5 = 5-resumption +test-6 = 6-resumption +test-7 = 7-resumption +test-8 = 8-resumption +test-9 = 9-resumption +test-10 = 10-resumption +test-11 = 11-resumption +test-12 = 12-resumption +test-13 = 13-resumption +test-14 = 14-resumption +test-15 = 15-resumption +test-16 = 16-resumption +test-17 = 17-resumption +test-18 = 18-resumption +test-19 = 19-resumption +test-20 = 20-resumption +test-21 = 21-resumption +test-22 = 22-resumption +test-23 = 23-resumption +test-24 = 24-resumption +test-25 = 25-resumption +test-26 = 26-resumption +test-27 = 27-resumption +test-28 = 28-resumption +test-29 = 29-resumption +test-30 = 30-resumption +test-31 = 31-resumption +test-32 = 32-resumption +test-33 = 33-resumption +test-34 = 34-resumption +test-35 = 35-resumption +# =========================================================== + +[0-resumption] +ssl_conf = 0-resumption-ssl + +[0-resumption-ssl] +server = 0-resumption-server +client = 0-resumption-client +resume-server = 0-resumption-resume-server +resume-client = 0-resumption-client + +[0-resumption-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1 +MinProtocol = TLSv1 +Options = SessionTicket +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[0-resumption-resume-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[0-resumption-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-0] +ExpectedProtocol = TLSv1 +HandshakeMode = Resume +ResumptionExpected = Yes + + +# =========================================================== + +[1-resumption] +ssl_conf = 1-resumption-ssl + +[1-resumption-ssl] +server = 1-resumption-server +client = 1-resumption-client +resume-server = 1-resumption-resume-server +resume-client = 1-resumption-client + +[1-resumption-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1 +MinProtocol = TLSv1 +Options = -SessionTicket +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[1-resumption-resume-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[1-resumption-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-1] +ExpectedProtocol = TLSv1 +HandshakeMode = Resume +ResumptionExpected = Yes + + +# =========================================================== + +[2-resumption] +ssl_conf = 2-resumption-ssl + +[2-resumption-ssl] +server = 2-resumption-server +client = 2-resumption-client +resume-server = 2-resumption-resume-server +resume-client = 2-resumption-client + +[2-resumption-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1 +MinProtocol = TLSv1 +Options = SessionTicket +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[2-resumption-resume-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[2-resumption-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-2] +ExpectedProtocol = TLSv1.1 +HandshakeMode = Resume +ResumptionExpected = No + + +# =========================================================== + +[3-resumption] +ssl_conf = 3-resumption-ssl + +[3-resumption-ssl] +server = 3-resumption-server +client = 3-resumption-client +resume-server = 3-resumption-resume-server +resume-client = 3-resumption-client + +[3-resumption-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1 +MinProtocol = TLSv1 +Options = -SessionTicket +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[3-resumption-resume-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[3-resumption-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-3] +ExpectedProtocol = TLSv1.1 +HandshakeMode = Resume +ResumptionExpected = No + + +# =========================================================== + +[4-resumption] +ssl_conf = 4-resumption-ssl + +[4-resumption-ssl] +server = 4-resumption-server +client = 4-resumption-client +resume-server = 4-resumption-resume-server +resume-client = 4-resumption-client + +[4-resumption-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1 +MinProtocol = TLSv1 +Options = SessionTicket +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[4-resumption-resume-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[4-resumption-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-4] +ExpectedProtocol = TLSv1.2 +HandshakeMode = Resume +ResumptionExpected = No + + +# =========================================================== + +[5-resumption] +ssl_conf = 5-resumption-ssl + +[5-resumption-ssl] +server = 5-resumption-server +client = 5-resumption-client +resume-server = 5-resumption-resume-server +resume-client = 5-resumption-client + +[5-resumption-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1 +MinProtocol = TLSv1 +Options = -SessionTicket +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[5-resumption-resume-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[5-resumption-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-5] +ExpectedProtocol = TLSv1.2 +HandshakeMode = Resume +ResumptionExpected = No + + +# =========================================================== + +[6-resumption] +ssl_conf = 6-resumption-ssl + +[6-resumption-ssl] +server = 6-resumption-server +client = 6-resumption-client +resume-server = 6-resumption-resume-server +resume-client = 6-resumption-client + +[6-resumption-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1.1 +Options = SessionTicket +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[6-resumption-resume-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[6-resumption-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-6] +ExpectedProtocol = TLSv1 +HandshakeMode = Resume +ResumptionExpected = No + + +# =========================================================== + +[7-resumption] +ssl_conf = 7-resumption-ssl + +[7-resumption-ssl] +server = 7-resumption-server +client = 7-resumption-client +resume-server = 7-resumption-resume-server +resume-client = 7-resumption-client + +[7-resumption-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1.1 +Options = -SessionTicket +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[7-resumption-resume-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[7-resumption-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-7] +ExpectedProtocol = TLSv1 +HandshakeMode = Resume +ResumptionExpected = No + + +# =========================================================== + +[8-resumption] +ssl_conf = 8-resumption-ssl + +[8-resumption-ssl] +server = 8-resumption-server +client = 8-resumption-client +resume-server = 8-resumption-resume-server +resume-client = 8-resumption-client + +[8-resumption-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1.1 +Options = SessionTicket +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[8-resumption-resume-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[8-resumption-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-8] +ExpectedProtocol = TLSv1.1 +HandshakeMode = Resume +ResumptionExpected = Yes + + +# =========================================================== + +[9-resumption] +ssl_conf = 9-resumption-ssl + +[9-resumption-ssl] +server = 9-resumption-server +client = 9-resumption-client +resume-server = 9-resumption-resume-server +resume-client = 9-resumption-client + +[9-resumption-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1.1 +Options = -SessionTicket +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[9-resumption-resume-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[9-resumption-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-9] +ExpectedProtocol = TLSv1.1 +HandshakeMode = Resume +ResumptionExpected = Yes + + +# =========================================================== + +[10-resumption] +ssl_conf = 10-resumption-ssl + +[10-resumption-ssl] +server = 10-resumption-server +client = 10-resumption-client +resume-server = 10-resumption-resume-server +resume-client = 10-resumption-client + +[10-resumption-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1.1 +Options = SessionTicket +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[10-resumption-resume-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[10-resumption-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-10] +ExpectedProtocol = TLSv1.2 +HandshakeMode = Resume +ResumptionExpected = No + + +# =========================================================== + +[11-resumption] +ssl_conf = 11-resumption-ssl + +[11-resumption-ssl] +server = 11-resumption-server +client = 11-resumption-client +resume-server = 11-resumption-resume-server +resume-client = 11-resumption-client + +[11-resumption-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1.1 +Options = -SessionTicket +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[11-resumption-resume-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[11-resumption-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-11] +ExpectedProtocol = TLSv1.2 +HandshakeMode = Resume +ResumptionExpected = No + + +# =========================================================== + +[12-resumption] +ssl_conf = 12-resumption-ssl + +[12-resumption-ssl] +server = 12-resumption-server +client = 12-resumption-client +resume-server = 12-resumption-resume-server +resume-client = 12-resumption-client + +[12-resumption-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.2 +Options = SessionTicket +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[12-resumption-resume-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[12-resumption-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-12] +ExpectedProtocol = TLSv1 +HandshakeMode = Resume +ResumptionExpected = No + + +# =========================================================== + +[13-resumption] +ssl_conf = 13-resumption-ssl + +[13-resumption-ssl] +server = 13-resumption-server +client = 13-resumption-client +resume-server = 13-resumption-resume-server +resume-client = 13-resumption-client + +[13-resumption-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.2 +Options = -SessionTicket +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[13-resumption-resume-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[13-resumption-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-13] +ExpectedProtocol = TLSv1 +HandshakeMode = Resume +ResumptionExpected = No + + +# =========================================================== + +[14-resumption] +ssl_conf = 14-resumption-ssl + +[14-resumption-ssl] +server = 14-resumption-server +client = 14-resumption-client +resume-server = 14-resumption-resume-server +resume-client = 14-resumption-client + +[14-resumption-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.2 +Options = SessionTicket +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[14-resumption-resume-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[14-resumption-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-14] +ExpectedProtocol = TLSv1.1 +HandshakeMode = Resume +ResumptionExpected = No + + +# =========================================================== + +[15-resumption] +ssl_conf = 15-resumption-ssl + +[15-resumption-ssl] +server = 15-resumption-server +client = 15-resumption-client +resume-server = 15-resumption-resume-server +resume-client = 15-resumption-client + +[15-resumption-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.2 +Options = -SessionTicket +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[15-resumption-resume-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[15-resumption-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-15] +ExpectedProtocol = TLSv1.1 +HandshakeMode = Resume +ResumptionExpected = No + + +# =========================================================== + +[16-resumption] +ssl_conf = 16-resumption-ssl + +[16-resumption-ssl] +server = 16-resumption-server +client = 16-resumption-client +resume-server = 16-resumption-resume-server +resume-client = 16-resumption-client + +[16-resumption-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.2 +Options = SessionTicket +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[16-resumption-resume-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[16-resumption-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-16] +ExpectedProtocol = TLSv1.2 +HandshakeMode = Resume +ResumptionExpected = Yes + + +# =========================================================== + +[17-resumption] +ssl_conf = 17-resumption-ssl + +[17-resumption-ssl] +server = 17-resumption-server +client = 17-resumption-client +resume-server = 17-resumption-resume-server +resume-client = 17-resumption-client + +[17-resumption-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.2 +Options = -SessionTicket +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[17-resumption-resume-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[17-resumption-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-17] +ExpectedProtocol = TLSv1.2 +HandshakeMode = Resume +ResumptionExpected = Yes + + +# =========================================================== + +[18-resumption] +ssl_conf = 18-resumption-ssl + +[18-resumption-ssl] +server = 18-resumption-server +client = 18-resumption-client +resume-server = 18-resumption-server +resume-client = 18-resumption-resume-client + +[18-resumption-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +Options = SessionTicket +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[18-resumption-client] +CipherString = DEFAULT +MaxProtocol = TLSv1 +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[18-resumption-resume-client] +CipherString = DEFAULT +MaxProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-18] +ExpectedProtocol = TLSv1 +HandshakeMode = Resume +ResumptionExpected = Yes + + +# =========================================================== + +[19-resumption] +ssl_conf = 19-resumption-ssl + +[19-resumption-ssl] +server = 19-resumption-server +client = 19-resumption-client +resume-server = 19-resumption-server +resume-client = 19-resumption-resume-client + +[19-resumption-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +Options = -SessionTicket +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[19-resumption-client] +CipherString = DEFAULT +MaxProtocol = TLSv1 +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[19-resumption-resume-client] +CipherString = DEFAULT +MaxProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-19] +ExpectedProtocol = TLSv1 +HandshakeMode = Resume +ResumptionExpected = Yes + + +# =========================================================== + +[20-resumption] +ssl_conf = 20-resumption-ssl + +[20-resumption-ssl] +server = 20-resumption-server +client = 20-resumption-client +resume-server = 20-resumption-server +resume-client = 20-resumption-resume-client + +[20-resumption-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +Options = SessionTicket +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[20-resumption-client] +CipherString = DEFAULT +MaxProtocol = TLSv1 +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[20-resumption-resume-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-20] +ExpectedProtocol = TLSv1.1 +HandshakeMode = Resume +ResumptionExpected = No + + +# =========================================================== + +[21-resumption] +ssl_conf = 21-resumption-ssl + +[21-resumption-ssl] +server = 21-resumption-server +client = 21-resumption-client +resume-server = 21-resumption-server +resume-client = 21-resumption-resume-client + +[21-resumption-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +Options = -SessionTicket +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[21-resumption-client] +CipherString = DEFAULT +MaxProtocol = TLSv1 +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[21-resumption-resume-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-21] +ExpectedProtocol = TLSv1.1 +HandshakeMode = Resume +ResumptionExpected = No + + +# =========================================================== + +[22-resumption] +ssl_conf = 22-resumption-ssl + +[22-resumption-ssl] +server = 22-resumption-server +client = 22-resumption-client +resume-server = 22-resumption-server +resume-client = 22-resumption-resume-client + +[22-resumption-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +Options = SessionTicket +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[22-resumption-client] +CipherString = DEFAULT +MaxProtocol = TLSv1 +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[22-resumption-resume-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-22] +ExpectedProtocol = TLSv1.2 +HandshakeMode = Resume +ResumptionExpected = No + + +# =========================================================== + +[23-resumption] +ssl_conf = 23-resumption-ssl + +[23-resumption-ssl] +server = 23-resumption-server +client = 23-resumption-client +resume-server = 23-resumption-server +resume-client = 23-resumption-resume-client + +[23-resumption-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +Options = -SessionTicket +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[23-resumption-client] +CipherString = DEFAULT +MaxProtocol = TLSv1 +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[23-resumption-resume-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-23] +ExpectedProtocol = TLSv1.2 +HandshakeMode = Resume +ResumptionExpected = No + + +# =========================================================== + +[24-resumption] +ssl_conf = 24-resumption-ssl + +[24-resumption-ssl] +server = 24-resumption-server +client = 24-resumption-client +resume-server = 24-resumption-server +resume-client = 24-resumption-resume-client + +[24-resumption-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +Options = SessionTicket +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[24-resumption-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[24-resumption-resume-client] +CipherString = DEFAULT +MaxProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-24] +ExpectedProtocol = TLSv1 +HandshakeMode = Resume +ResumptionExpected = No + + +# =========================================================== + +[25-resumption] +ssl_conf = 25-resumption-ssl + +[25-resumption-ssl] +server = 25-resumption-server +client = 25-resumption-client +resume-server = 25-resumption-server +resume-client = 25-resumption-resume-client + +[25-resumption-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +Options = -SessionTicket +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[25-resumption-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[25-resumption-resume-client] +CipherString = DEFAULT +MaxProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-25] +ExpectedProtocol = TLSv1 +HandshakeMode = Resume +ResumptionExpected = No + + +# =========================================================== + +[26-resumption] +ssl_conf = 26-resumption-ssl + +[26-resumption-ssl] +server = 26-resumption-server +client = 26-resumption-client +resume-server = 26-resumption-server +resume-client = 26-resumption-resume-client + +[26-resumption-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +Options = SessionTicket +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[26-resumption-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[26-resumption-resume-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-26] +ExpectedProtocol = TLSv1.1 +HandshakeMode = Resume +ResumptionExpected = Yes + + +# =========================================================== + +[27-resumption] +ssl_conf = 27-resumption-ssl + +[27-resumption-ssl] +server = 27-resumption-server +client = 27-resumption-client +resume-server = 27-resumption-server +resume-client = 27-resumption-resume-client + +[27-resumption-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +Options = -SessionTicket +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[27-resumption-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[27-resumption-resume-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-27] +ExpectedProtocol = TLSv1.1 +HandshakeMode = Resume +ResumptionExpected = Yes + + +# =========================================================== + +[28-resumption] +ssl_conf = 28-resumption-ssl + +[28-resumption-ssl] +server = 28-resumption-server +client = 28-resumption-client +resume-server = 28-resumption-server +resume-client = 28-resumption-resume-client + +[28-resumption-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +Options = SessionTicket +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[28-resumption-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[28-resumption-resume-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-28] +ExpectedProtocol = TLSv1.2 +HandshakeMode = Resume +ResumptionExpected = No + + +# =========================================================== + +[29-resumption] +ssl_conf = 29-resumption-ssl + +[29-resumption-ssl] +server = 29-resumption-server +client = 29-resumption-client +resume-server = 29-resumption-server +resume-client = 29-resumption-resume-client + +[29-resumption-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +Options = -SessionTicket +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[29-resumption-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[29-resumption-resume-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-29] +ExpectedProtocol = TLSv1.2 +HandshakeMode = Resume +ResumptionExpected = No + + +# =========================================================== + +[30-resumption] +ssl_conf = 30-resumption-ssl + +[30-resumption-ssl] +server = 30-resumption-server +client = 30-resumption-client +resume-server = 30-resumption-server +resume-client = 30-resumption-resume-client + +[30-resumption-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +Options = SessionTicket +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[30-resumption-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[30-resumption-resume-client] +CipherString = DEFAULT +MaxProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-30] +ExpectedProtocol = TLSv1 +HandshakeMode = Resume +ResumptionExpected = No + + +# =========================================================== + +[31-resumption] +ssl_conf = 31-resumption-ssl + +[31-resumption-ssl] +server = 31-resumption-server +client = 31-resumption-client +resume-server = 31-resumption-server +resume-client = 31-resumption-resume-client + +[31-resumption-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +Options = -SessionTicket +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[31-resumption-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[31-resumption-resume-client] +CipherString = DEFAULT +MaxProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-31] +ExpectedProtocol = TLSv1 +HandshakeMode = Resume +ResumptionExpected = No + + +# =========================================================== + +[32-resumption] +ssl_conf = 32-resumption-ssl + +[32-resumption-ssl] +server = 32-resumption-server +client = 32-resumption-client +resume-server = 32-resumption-server +resume-client = 32-resumption-resume-client + +[32-resumption-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +Options = SessionTicket +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[32-resumption-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[32-resumption-resume-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-32] +ExpectedProtocol = TLSv1.1 +HandshakeMode = Resume +ResumptionExpected = No + + +# =========================================================== + +[33-resumption] +ssl_conf = 33-resumption-ssl + +[33-resumption-ssl] +server = 33-resumption-server +client = 33-resumption-client +resume-server = 33-resumption-server +resume-client = 33-resumption-resume-client + +[33-resumption-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +Options = -SessionTicket +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[33-resumption-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[33-resumption-resume-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-33] +ExpectedProtocol = TLSv1.1 +HandshakeMode = Resume +ResumptionExpected = No + + +# =========================================================== + +[34-resumption] +ssl_conf = 34-resumption-ssl + +[34-resumption-ssl] +server = 34-resumption-server +client = 34-resumption-client +resume-server = 34-resumption-server +resume-client = 34-resumption-resume-client + +[34-resumption-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +Options = SessionTicket +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[34-resumption-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[34-resumption-resume-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-34] +ExpectedProtocol = TLSv1.2 +HandshakeMode = Resume +ResumptionExpected = Yes + + +# =========================================================== + +[35-resumption] +ssl_conf = 35-resumption-ssl + +[35-resumption-ssl] +server = 35-resumption-server +client = 35-resumption-client +resume-server = 35-resumption-server +resume-client = 35-resumption-resume-client + +[35-resumption-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +Options = -SessionTicket +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[35-resumption-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[35-resumption-resume-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-35] +ExpectedProtocol = TLSv1.2 +HandshakeMode = Resume +ResumptionExpected = Yes + + diff --git a/openssl-1.1.0h/test/ssl-tests/10-resumption.conf.in b/openssl-1.1.0h/test/ssl-tests/10-resumption.conf.in new file mode 100644 index 0000000..989135f --- /dev/null +++ b/openssl-1.1.0h/test/ssl-tests/10-resumption.conf.in @@ -0,0 +1,19 @@ +# -*- mode: perl; -*- +# Copyright 2016-2016 The OpenSSL Project Authors. All Rights Reserved. +# +# Licensed under the OpenSSL license (the "License"). You may not use +# this file except in compliance with the License. You can obtain a copy +# in the file LICENSE in the source distribution or at +# https://www.openssl.org/source/license.html + + +## Test version negotiation upon resumption. + +use strict; +use warnings; + +package ssltests; + +use protocol_version; + +our @tests = generate_resumption_tests("TLS"); diff --git a/openssl-1.1.0h/test/ssl-tests/11-dtls_resumption.conf b/openssl-1.1.0h/test/ssl-tests/11-dtls_resumption.conf new file mode 100644 index 0000000..ceed959 --- /dev/null +++ b/openssl-1.1.0h/test/ssl-tests/11-dtls_resumption.conf @@ -0,0 +1,612 @@ +# Generated with generate_ssl_tests.pl + +num_tests = 16 + +test-0 = 0-resumption +test-1 = 1-resumption +test-2 = 2-resumption +test-3 = 3-resumption +test-4 = 4-resumption +test-5 = 5-resumption +test-6 = 6-resumption +test-7 = 7-resumption +test-8 = 8-resumption +test-9 = 9-resumption +test-10 = 10-resumption +test-11 = 11-resumption +test-12 = 12-resumption +test-13 = 13-resumption +test-14 = 14-resumption +test-15 = 15-resumption +# =========================================================== + +[0-resumption] +ssl_conf = 0-resumption-ssl + +[0-resumption-ssl] +server = 0-resumption-server +client = 0-resumption-client +resume-server = 0-resumption-resume-server +resume-client = 0-resumption-client + +[0-resumption-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = DTLSv1 +MinProtocol = DTLSv1 +Options = SessionTicket +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[0-resumption-resume-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = DTLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[0-resumption-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-0] +ExpectedProtocol = DTLSv1 +HandshakeMode = Resume +Method = DTLS +ResumptionExpected = Yes + + +# =========================================================== + +[1-resumption] +ssl_conf = 1-resumption-ssl + +[1-resumption-ssl] +server = 1-resumption-server +client = 1-resumption-client +resume-server = 1-resumption-resume-server +resume-client = 1-resumption-client + +[1-resumption-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = DTLSv1 +MinProtocol = DTLSv1 +Options = -SessionTicket +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[1-resumption-resume-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = DTLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[1-resumption-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-1] +ExpectedProtocol = DTLSv1 +HandshakeMode = Resume +Method = DTLS +ResumptionExpected = Yes + + +# =========================================================== + +[2-resumption] +ssl_conf = 2-resumption-ssl + +[2-resumption-ssl] +server = 2-resumption-server +client = 2-resumption-client +resume-server = 2-resumption-resume-server +resume-client = 2-resumption-client + +[2-resumption-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = DTLSv1 +MinProtocol = DTLSv1 +Options = SessionTicket +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[2-resumption-resume-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = DTLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[2-resumption-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-2] +ExpectedProtocol = DTLSv1.2 +HandshakeMode = Resume +Method = DTLS +ResumptionExpected = No + + +# =========================================================== + +[3-resumption] +ssl_conf = 3-resumption-ssl + +[3-resumption-ssl] +server = 3-resumption-server +client = 3-resumption-client +resume-server = 3-resumption-resume-server +resume-client = 3-resumption-client + +[3-resumption-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = DTLSv1 +MinProtocol = DTLSv1 +Options = -SessionTicket +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[3-resumption-resume-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = DTLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[3-resumption-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-3] +ExpectedProtocol = DTLSv1.2 +HandshakeMode = Resume +Method = DTLS +ResumptionExpected = No + + +# =========================================================== + +[4-resumption] +ssl_conf = 4-resumption-ssl + +[4-resumption-ssl] +server = 4-resumption-server +client = 4-resumption-client +resume-server = 4-resumption-resume-server +resume-client = 4-resumption-client + +[4-resumption-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = DTLSv1.2 +MinProtocol = DTLSv1.2 +Options = SessionTicket +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[4-resumption-resume-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = DTLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[4-resumption-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-4] +ExpectedProtocol = DTLSv1 +HandshakeMode = Resume +Method = DTLS +ResumptionExpected = No + + +# =========================================================== + +[5-resumption] +ssl_conf = 5-resumption-ssl + +[5-resumption-ssl] +server = 5-resumption-server +client = 5-resumption-client +resume-server = 5-resumption-resume-server +resume-client = 5-resumption-client + +[5-resumption-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = DTLSv1.2 +MinProtocol = DTLSv1.2 +Options = -SessionTicket +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[5-resumption-resume-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = DTLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[5-resumption-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-5] +ExpectedProtocol = DTLSv1 +HandshakeMode = Resume +Method = DTLS +ResumptionExpected = No + + +# =========================================================== + +[6-resumption] +ssl_conf = 6-resumption-ssl + +[6-resumption-ssl] +server = 6-resumption-server +client = 6-resumption-client +resume-server = 6-resumption-resume-server +resume-client = 6-resumption-client + +[6-resumption-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = DTLSv1.2 +MinProtocol = DTLSv1.2 +Options = SessionTicket +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[6-resumption-resume-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = DTLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[6-resumption-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-6] +ExpectedProtocol = DTLSv1.2 +HandshakeMode = Resume +Method = DTLS +ResumptionExpected = Yes + + +# =========================================================== + +[7-resumption] +ssl_conf = 7-resumption-ssl + +[7-resumption-ssl] +server = 7-resumption-server +client = 7-resumption-client +resume-server = 7-resumption-resume-server +resume-client = 7-resumption-client + +[7-resumption-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = DTLSv1.2 +MinProtocol = DTLSv1.2 +Options = -SessionTicket +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[7-resumption-resume-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = DTLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[7-resumption-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-7] +ExpectedProtocol = DTLSv1.2 +HandshakeMode = Resume +Method = DTLS +ResumptionExpected = Yes + + +# =========================================================== + +[8-resumption] +ssl_conf = 8-resumption-ssl + +[8-resumption-ssl] +server = 8-resumption-server +client = 8-resumption-client +resume-server = 8-resumption-server +resume-client = 8-resumption-resume-client + +[8-resumption-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +Options = SessionTicket +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[8-resumption-client] +CipherString = DEFAULT +MaxProtocol = DTLSv1 +MinProtocol = DTLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[8-resumption-resume-client] +CipherString = DEFAULT +MaxProtocol = DTLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-8] +ExpectedProtocol = DTLSv1 +HandshakeMode = Resume +Method = DTLS +ResumptionExpected = Yes + + +# =========================================================== + +[9-resumption] +ssl_conf = 9-resumption-ssl + +[9-resumption-ssl] +server = 9-resumption-server +client = 9-resumption-client +resume-server = 9-resumption-server +resume-client = 9-resumption-resume-client + +[9-resumption-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +Options = -SessionTicket +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[9-resumption-client] +CipherString = DEFAULT +MaxProtocol = DTLSv1 +MinProtocol = DTLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[9-resumption-resume-client] +CipherString = DEFAULT +MaxProtocol = DTLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-9] +ExpectedProtocol = DTLSv1 +HandshakeMode = Resume +Method = DTLS +ResumptionExpected = Yes + + +# =========================================================== + +[10-resumption] +ssl_conf = 10-resumption-ssl + +[10-resumption-ssl] +server = 10-resumption-server +client = 10-resumption-client +resume-server = 10-resumption-server +resume-client = 10-resumption-resume-client + +[10-resumption-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +Options = SessionTicket +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[10-resumption-client] +CipherString = DEFAULT +MaxProtocol = DTLSv1 +MinProtocol = DTLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[10-resumption-resume-client] +CipherString = DEFAULT +MaxProtocol = DTLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-10] +ExpectedProtocol = DTLSv1.2 +HandshakeMode = Resume +Method = DTLS +ResumptionExpected = No + + +# =========================================================== + +[11-resumption] +ssl_conf = 11-resumption-ssl + +[11-resumption-ssl] +server = 11-resumption-server +client = 11-resumption-client +resume-server = 11-resumption-server +resume-client = 11-resumption-resume-client + +[11-resumption-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +Options = -SessionTicket +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[11-resumption-client] +CipherString = DEFAULT +MaxProtocol = DTLSv1 +MinProtocol = DTLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[11-resumption-resume-client] +CipherString = DEFAULT +MaxProtocol = DTLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-11] +ExpectedProtocol = DTLSv1.2 +HandshakeMode = Resume +Method = DTLS +ResumptionExpected = No + + +# =========================================================== + +[12-resumption] +ssl_conf = 12-resumption-ssl + +[12-resumption-ssl] +server = 12-resumption-server +client = 12-resumption-client +resume-server = 12-resumption-server +resume-client = 12-resumption-resume-client + +[12-resumption-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +Options = SessionTicket +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[12-resumption-client] +CipherString = DEFAULT +MaxProtocol = DTLSv1.2 +MinProtocol = DTLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[12-resumption-resume-client] +CipherString = DEFAULT +MaxProtocol = DTLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-12] +ExpectedProtocol = DTLSv1 +HandshakeMode = Resume +Method = DTLS +ResumptionExpected = No + + +# =========================================================== + +[13-resumption] +ssl_conf = 13-resumption-ssl + +[13-resumption-ssl] +server = 13-resumption-server +client = 13-resumption-client +resume-server = 13-resumption-server +resume-client = 13-resumption-resume-client + +[13-resumption-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +Options = -SessionTicket +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[13-resumption-client] +CipherString = DEFAULT +MaxProtocol = DTLSv1.2 +MinProtocol = DTLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[13-resumption-resume-client] +CipherString = DEFAULT +MaxProtocol = DTLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-13] +ExpectedProtocol = DTLSv1 +HandshakeMode = Resume +Method = DTLS +ResumptionExpected = No + + +# =========================================================== + +[14-resumption] +ssl_conf = 14-resumption-ssl + +[14-resumption-ssl] +server = 14-resumption-server +client = 14-resumption-client +resume-server = 14-resumption-server +resume-client = 14-resumption-resume-client + +[14-resumption-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +Options = SessionTicket +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[14-resumption-client] +CipherString = DEFAULT +MaxProtocol = DTLSv1.2 +MinProtocol = DTLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[14-resumption-resume-client] +CipherString = DEFAULT +MaxProtocol = DTLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-14] +ExpectedProtocol = DTLSv1.2 +HandshakeMode = Resume +Method = DTLS +ResumptionExpected = Yes + + +# =========================================================== + +[15-resumption] +ssl_conf = 15-resumption-ssl + +[15-resumption-ssl] +server = 15-resumption-server +client = 15-resumption-client +resume-server = 15-resumption-server +resume-client = 15-resumption-resume-client + +[15-resumption-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +Options = -SessionTicket +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[15-resumption-client] +CipherString = DEFAULT +MaxProtocol = DTLSv1.2 +MinProtocol = DTLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[15-resumption-resume-client] +CipherString = DEFAULT +MaxProtocol = DTLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-15] +ExpectedProtocol = DTLSv1.2 +HandshakeMode = Resume +Method = DTLS +ResumptionExpected = Yes + + diff --git a/openssl-1.1.0h/test/ssl-tests/11-dtls_resumption.conf.in b/openssl-1.1.0h/test/ssl-tests/11-dtls_resumption.conf.in new file mode 100644 index 0000000..16dec1d --- /dev/null +++ b/openssl-1.1.0h/test/ssl-tests/11-dtls_resumption.conf.in @@ -0,0 +1,19 @@ +# -*- mode: perl; -*- +# Copyright 2016-2016 The OpenSSL Project Authors. All Rights Reserved. +# +# Licensed under the OpenSSL license (the "License"). You may not use +# this file except in compliance with the License. You can obtain a copy +# in the file LICENSE in the source distribution or at +# https://www.openssl.org/source/license.html + + +## Test version negotiation upon resumption. + +use strict; +use warnings; + +package ssltests; + +use protocol_version; + +our @tests = generate_resumption_tests("DTLS"); diff --git a/openssl-1.1.0h/test/ssl-tests/12-ct.conf b/openssl-1.1.0h/test/ssl-tests/12-ct.conf new file mode 100644 index 0000000..2e6e9de --- /dev/null +++ b/openssl-1.1.0h/test/ssl-tests/12-ct.conf @@ -0,0 +1,191 @@ +# Generated with generate_ssl_tests.pl + +num_tests = 6 + +test-0 = 0-ct-permissive-without-scts +test-1 = 1-ct-permissive-with-scts +test-2 = 2-ct-strict-without-scts +test-3 = 3-ct-strict-with-scts +test-4 = 4-ct-permissive-resumption +test-5 = 5-ct-strict-resumption +# =========================================================== + +[0-ct-permissive-without-scts] +ssl_conf = 0-ct-permissive-without-scts-ssl + +[0-ct-permissive-without-scts-ssl] +server = 0-ct-permissive-without-scts-server +client = 0-ct-permissive-without-scts-client + +[0-ct-permissive-without-scts-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[0-ct-permissive-without-scts-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-0] +ExpectedResult = Success +client = 0-ct-permissive-without-scts-client-extra + +[0-ct-permissive-without-scts-client-extra] +CTValidation = Permissive + + +# =========================================================== + +[1-ct-permissive-with-scts] +ssl_conf = 1-ct-permissive-with-scts-ssl + +[1-ct-permissive-with-scts-ssl] +server = 1-ct-permissive-with-scts-server +client = 1-ct-permissive-with-scts-client + +[1-ct-permissive-with-scts-server] +Certificate = ${ENV::TEST_CERTS_DIR}/embeddedSCTs1.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/embeddedSCTs1-key.pem + +[1-ct-permissive-with-scts-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/embeddedSCTs1_issuer.pem +VerifyMode = Peer + +[test-1] +ExpectedResult = Success +client = 1-ct-permissive-with-scts-client-extra + +[1-ct-permissive-with-scts-client-extra] +CTValidation = Permissive + + +# =========================================================== + +[2-ct-strict-without-scts] +ssl_conf = 2-ct-strict-without-scts-ssl + +[2-ct-strict-without-scts-ssl] +server = 2-ct-strict-without-scts-server +client = 2-ct-strict-without-scts-client + +[2-ct-strict-without-scts-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[2-ct-strict-without-scts-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-2] +ExpectedClientAlert = HandshakeFailure +ExpectedResult = ClientFail +client = 2-ct-strict-without-scts-client-extra + +[2-ct-strict-without-scts-client-extra] +CTValidation = Strict + + +# =========================================================== + +[3-ct-strict-with-scts] +ssl_conf = 3-ct-strict-with-scts-ssl + +[3-ct-strict-with-scts-ssl] +server = 3-ct-strict-with-scts-server +client = 3-ct-strict-with-scts-client + +[3-ct-strict-with-scts-server] +Certificate = ${ENV::TEST_CERTS_DIR}/embeddedSCTs1.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/embeddedSCTs1-key.pem + +[3-ct-strict-with-scts-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/embeddedSCTs1_issuer.pem +VerifyMode = Peer + +[test-3] +ExpectedResult = Success +client = 3-ct-strict-with-scts-client-extra + +[3-ct-strict-with-scts-client-extra] +CTValidation = Strict + + +# =========================================================== + +[4-ct-permissive-resumption] +ssl_conf = 4-ct-permissive-resumption-ssl + +[4-ct-permissive-resumption-ssl] +server = 4-ct-permissive-resumption-server +client = 4-ct-permissive-resumption-client +resume-server = 4-ct-permissive-resumption-server +resume-client = 4-ct-permissive-resumption-client + +[4-ct-permissive-resumption-server] +Certificate = ${ENV::TEST_CERTS_DIR}/embeddedSCTs1.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/embeddedSCTs1-key.pem + +[4-ct-permissive-resumption-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/embeddedSCTs1_issuer.pem +VerifyMode = Peer + +[test-4] +ExpectedResult = Success +HandshakeMode = Resume +ResumptionExpected = Yes +client = 4-ct-permissive-resumption-client-extra +resume-client = 4-ct-permissive-resumption-client-extra + +[4-ct-permissive-resumption-client-extra] +CTValidation = Permissive + + +# =========================================================== + +[5-ct-strict-resumption] +ssl_conf = 5-ct-strict-resumption-ssl + +[5-ct-strict-resumption-ssl] +server = 5-ct-strict-resumption-server +client = 5-ct-strict-resumption-client +resume-server = 5-ct-strict-resumption-server +resume-client = 5-ct-strict-resumption-resume-client + +[5-ct-strict-resumption-server] +Certificate = ${ENV::TEST_CERTS_DIR}/embeddedSCTs1.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/embeddedSCTs1-key.pem + +[5-ct-strict-resumption-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/embeddedSCTs1_issuer.pem +VerifyMode = Peer + +[5-ct-strict-resumption-resume-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-5] +ExpectedResult = Success +HandshakeMode = Resume +ResumptionExpected = Yes +client = 5-ct-strict-resumption-client-extra +resume-client = 5-ct-strict-resumption-resume-client-extra + +[5-ct-strict-resumption-client-extra] +CTValidation = Strict + +[5-ct-strict-resumption-resume-client-extra] +CTValidation = Strict + + diff --git a/openssl-1.1.0h/test/ssl-tests/12-ct.conf.in b/openssl-1.1.0h/test/ssl-tests/12-ct.conf.in new file mode 100644 index 0000000..d412dfd --- /dev/null +++ b/openssl-1.1.0h/test/ssl-tests/12-ct.conf.in @@ -0,0 +1,119 @@ +# -*- mode: perl; -*- +# Copyright 2016-2016 The OpenSSL Project Authors. All Rights Reserved. +# +# Licensed under the OpenSSL license (the "License"). You may not use +# this file except in compliance with the License. You can obtain a copy +# in the file LICENSE in the source distribution or at +# https://www.openssl.org/source/license.html + + +## Test CT support + +use strict; +use warnings; + +package ssltests; + + +our @tests = ( + { + name => "ct-permissive-without-scts", + server => { }, + client => { + extra => { + "CTValidation" => "Permissive", + }, + }, + test => { + "ExpectedResult" => "Success", + }, + }, + { + name => "ct-permissive-with-scts", + server => { + "Certificate" => test_pem("embeddedSCTs1.pem"), + "PrivateKey" => test_pem("embeddedSCTs1-key.pem"), + }, + client => { + "VerifyCAFile" => test_pem("embeddedSCTs1_issuer.pem"), + extra => { + "CTValidation" => "Permissive", + }, + }, + test => { + "ExpectedResult" => "Success", + }, + }, + { + name => "ct-strict-without-scts", + server => { }, + client => { + extra => { + "CTValidation" => "Strict", + }, + }, + test => { + "ExpectedResult" => "ClientFail", + "ExpectedClientAlert" => "HandshakeFailure", + }, + }, + { + name => "ct-strict-with-scts", + server => { + "Certificate" => test_pem("embeddedSCTs1.pem"), + "PrivateKey" => test_pem("embeddedSCTs1-key.pem"), + }, + client => { + "VerifyCAFile" => test_pem("embeddedSCTs1_issuer.pem"), + extra => { + "CTValidation" => "Strict", + }, + }, + test => { + "ExpectedResult" => "Success", + }, + }, + { + name => "ct-permissive-resumption", + server => { + "Certificate" => test_pem("embeddedSCTs1.pem"), + "PrivateKey" => test_pem("embeddedSCTs1-key.pem"), + }, + client => { + "VerifyCAFile" => test_pem("embeddedSCTs1_issuer.pem"), + extra => { + "CTValidation" => "Permissive", + }, + }, + test => { + "HandshakeMode" => "Resume", + "ResumptionExpected" => "Yes", + "ExpectedResult" => "Success", + }, + }, + { + name => "ct-strict-resumption", + server => { + "Certificate" => test_pem("embeddedSCTs1.pem"), + "PrivateKey" => test_pem("embeddedSCTs1-key.pem"), + }, + client => { + "VerifyCAFile" => test_pem("embeddedSCTs1_issuer.pem"), + extra => { + "CTValidation" => "Strict", + }, + }, + # SCTs are not present during resumption, so the resumption + # should succeed. + resume_client => { + extra => { + "CTValidation" => "Strict", + }, + }, + test => { + "HandshakeMode" => "Resume", + "ResumptionExpected" => "Yes", + "ExpectedResult" => "Success", + }, + }, +); diff --git a/openssl-1.1.0h/test/ssl-tests/13-fragmentation.conf b/openssl-1.1.0h/test/ssl-tests/13-fragmentation.conf new file mode 100644 index 0000000..4c1e9e2 --- /dev/null +++ b/openssl-1.1.0h/test/ssl-tests/13-fragmentation.conf @@ -0,0 +1,397 @@ +# Generated with generate_ssl_tests.pl + +num_tests = 16 + +test-0 = 0-one-fragment-minus-app-data +test-1 = 1-one-fragment-app-data +test-2 = 2-one-fragment-plus-app-data +test-3 = 3-small-app-data +test-4 = 4-small-app-data-large-fragment-size +test-5 = 5-medium-app-data +test-6 = 6-medium-plus-app-data +test-7 = 7-large-app-data +test-8 = 8-large-app-data-large-fragment-size +test-9 = 9-large-app-data-odd-fragment-size +test-10 = 10-large-app-data-aes-sha1-multibuffer +test-11 = 11-large-app-data-aes-sha2-multibuffer +test-12 = 12-large-app-data-aes-sha1-multibuffer-odd-fragment +test-13 = 13-large-app-data-aes-sha2-multibuffer-odd-fragment +test-14 = 14-small-app-data-aes-sha1-multibuffer +test-15 = 15-small-app-data-aes-sha2-multibuffer +# =========================================================== + +[0-one-fragment-minus-app-data] +ssl_conf = 0-one-fragment-minus-app-data-ssl + +[0-one-fragment-minus-app-data-ssl] +server = 0-one-fragment-minus-app-data-server +client = 0-one-fragment-minus-app-data-client + +[0-one-fragment-minus-app-data-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[0-one-fragment-minus-app-data-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-0] +ApplicationData = 511 + + +# =========================================================== + +[1-one-fragment-app-data] +ssl_conf = 1-one-fragment-app-data-ssl + +[1-one-fragment-app-data-ssl] +server = 1-one-fragment-app-data-server +client = 1-one-fragment-app-data-client + +[1-one-fragment-app-data-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[1-one-fragment-app-data-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-1] +ApplicationData = 512 + + +# =========================================================== + +[2-one-fragment-plus-app-data] +ssl_conf = 2-one-fragment-plus-app-data-ssl + +[2-one-fragment-plus-app-data-ssl] +server = 2-one-fragment-plus-app-data-server +client = 2-one-fragment-plus-app-data-client + +[2-one-fragment-plus-app-data-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[2-one-fragment-plus-app-data-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-2] +ApplicationData = 513 + + +# =========================================================== + +[3-small-app-data] +ssl_conf = 3-small-app-data-ssl + +[3-small-app-data-ssl] +server = 3-small-app-data-server +client = 3-small-app-data-client + +[3-small-app-data-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[3-small-app-data-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-3] +ApplicationData = 4097 + + +# =========================================================== + +[4-small-app-data-large-fragment-size] +ssl_conf = 4-small-app-data-large-fragment-size-ssl + +[4-small-app-data-large-fragment-size-ssl] +server = 4-small-app-data-large-fragment-size-server +client = 4-small-app-data-large-fragment-size-client + +[4-small-app-data-large-fragment-size-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[4-small-app-data-large-fragment-size-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-4] +ApplicationData = 4097 +MaxFragmentSize = 16384 + + +# =========================================================== + +[5-medium-app-data] +ssl_conf = 5-medium-app-data-ssl + +[5-medium-app-data-ssl] +server = 5-medium-app-data-server +client = 5-medium-app-data-client + +[5-medium-app-data-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[5-medium-app-data-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-5] +ApplicationData = 32775 + + +# =========================================================== + +[6-medium-plus-app-data] +ssl_conf = 6-medium-plus-app-data-ssl + +[6-medium-plus-app-data-ssl] +server = 6-medium-plus-app-data-server +client = 6-medium-plus-app-data-client + +[6-medium-plus-app-data-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[6-medium-plus-app-data-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-6] +ApplicationData = 131069 + + +# =========================================================== + +[7-large-app-data] +ssl_conf = 7-large-app-data-ssl + +[7-large-app-data-ssl] +server = 7-large-app-data-server +client = 7-large-app-data-client + +[7-large-app-data-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[7-large-app-data-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-7] +ApplicationData = 1048576 + + +# =========================================================== + +[8-large-app-data-large-fragment-size] +ssl_conf = 8-large-app-data-large-fragment-size-ssl + +[8-large-app-data-large-fragment-size-ssl] +server = 8-large-app-data-large-fragment-size-server +client = 8-large-app-data-large-fragment-size-client + +[8-large-app-data-large-fragment-size-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[8-large-app-data-large-fragment-size-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-8] +ApplicationData = 1048576 +MaxFragmentSize = 16384 + + +# =========================================================== + +[9-large-app-data-odd-fragment-size] +ssl_conf = 9-large-app-data-odd-fragment-size-ssl + +[9-large-app-data-odd-fragment-size-ssl] +server = 9-large-app-data-odd-fragment-size-server +client = 9-large-app-data-odd-fragment-size-client + +[9-large-app-data-odd-fragment-size-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[9-large-app-data-odd-fragment-size-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-9] +ApplicationData = 1048576 +MaxFragmentSize = 5115 + + +# =========================================================== + +[10-large-app-data-aes-sha1-multibuffer] +ssl_conf = 10-large-app-data-aes-sha1-multibuffer-ssl + +[10-large-app-data-aes-sha1-multibuffer-ssl] +server = 10-large-app-data-aes-sha1-multibuffer-server +client = 10-large-app-data-aes-sha1-multibuffer-client + +[10-large-app-data-aes-sha1-multibuffer-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[10-large-app-data-aes-sha1-multibuffer-client] +CipherString = AES128-SHA +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-10] +ApplicationData = 1048576 +MaxFragmentSize = 4096 + + +# =========================================================== + +[11-large-app-data-aes-sha2-multibuffer] +ssl_conf = 11-large-app-data-aes-sha2-multibuffer-ssl + +[11-large-app-data-aes-sha2-multibuffer-ssl] +server = 11-large-app-data-aes-sha2-multibuffer-server +client = 11-large-app-data-aes-sha2-multibuffer-client + +[11-large-app-data-aes-sha2-multibuffer-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[11-large-app-data-aes-sha2-multibuffer-client] +CipherString = AES128-SHA256 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-11] +ApplicationData = 1048576 +MaxFragmentSize = 4096 + + +# =========================================================== + +[12-large-app-data-aes-sha1-multibuffer-odd-fragment] +ssl_conf = 12-large-app-data-aes-sha1-multibuffer-odd-fragment-ssl + +[12-large-app-data-aes-sha1-multibuffer-odd-fragment-ssl] +server = 12-large-app-data-aes-sha1-multibuffer-odd-fragment-server +client = 12-large-app-data-aes-sha1-multibuffer-odd-fragment-client + +[12-large-app-data-aes-sha1-multibuffer-odd-fragment-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[12-large-app-data-aes-sha1-multibuffer-odd-fragment-client] +CipherString = AES128-SHA +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-12] +ApplicationData = 1048579 +MaxFragmentSize = 5115 + + +# =========================================================== + +[13-large-app-data-aes-sha2-multibuffer-odd-fragment] +ssl_conf = 13-large-app-data-aes-sha2-multibuffer-odd-fragment-ssl + +[13-large-app-data-aes-sha2-multibuffer-odd-fragment-ssl] +server = 13-large-app-data-aes-sha2-multibuffer-odd-fragment-server +client = 13-large-app-data-aes-sha2-multibuffer-odd-fragment-client + +[13-large-app-data-aes-sha2-multibuffer-odd-fragment-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[13-large-app-data-aes-sha2-multibuffer-odd-fragment-client] +CipherString = AES128-SHA256 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-13] +ApplicationData = 1048573 +MaxFragmentSize = 5125 + + +# =========================================================== + +[14-small-app-data-aes-sha1-multibuffer] +ssl_conf = 14-small-app-data-aes-sha1-multibuffer-ssl + +[14-small-app-data-aes-sha1-multibuffer-ssl] +server = 14-small-app-data-aes-sha1-multibuffer-server +client = 14-small-app-data-aes-sha1-multibuffer-client + +[14-small-app-data-aes-sha1-multibuffer-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[14-small-app-data-aes-sha1-multibuffer-client] +CipherString = AES128-SHA +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-14] +ApplicationData = 4096 +MaxFragmentSize = 4096 + + +# =========================================================== + +[15-small-app-data-aes-sha2-multibuffer] +ssl_conf = 15-small-app-data-aes-sha2-multibuffer-ssl + +[15-small-app-data-aes-sha2-multibuffer-ssl] +server = 15-small-app-data-aes-sha2-multibuffer-server +client = 15-small-app-data-aes-sha2-multibuffer-client + +[15-small-app-data-aes-sha2-multibuffer-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[15-small-app-data-aes-sha2-multibuffer-client] +CipherString = AES128-SHA256 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-15] +ApplicationData = 4096 +MaxFragmentSize = 4096 + + diff --git a/openssl-1.1.0h/test/ssl-tests/13-fragmentation.conf.in b/openssl-1.1.0h/test/ssl-tests/13-fragmentation.conf.in new file mode 100644 index 0000000..6c2501b --- /dev/null +++ b/openssl-1.1.0h/test/ssl-tests/13-fragmentation.conf.in @@ -0,0 +1,181 @@ +# -*- mode: perl; -*- +# Copyright 2016-2016 The OpenSSL Project Authors. All Rights Reserved. +# +# Licensed under the OpenSSL license (the "License"). You may not use +# this file except in compliance with the License. You can obtain a copy +# in the file LICENSE in the source distribution or at +# https://www.openssl.org/source/license.html + + +## Test packet fragmentation + +use strict; +use warnings; + +package ssltests; + + +our @tests = ( + # Default fragment size is 512. + { + name => "one-fragment-minus-app-data", + server => { }, + client => { }, + test => { + ApplicationData => 511, + } + }, + { + name => "one-fragment-app-data", + server => { }, + client => { }, + test => { + ApplicationData => 512, + } + }, + { + name => "one-fragment-plus-app-data", + server => { }, + client => { }, + test => { + ApplicationData => 513, + } + }, + { + name => "small-app-data", + server => { }, + client => { }, + test => { + ApplicationData => 4 * 1024 + 1, + } + }, + { + name => "small-app-data-large-fragment-size", + server => { }, + client => { }, + test => { + ApplicationData => 4 * 1024 + 1, + MaxFragmentSize => 16384, + } + }, + { + name => "medium-app-data", + server => { }, + client => { }, + test => { + ApplicationData => 32 * 1024 + 7, + } + }, + # Exceeds the 64kB write buffer size. + { + name => "medium-plus-app-data", + server => { }, + client => { }, + test => { + ApplicationData => 128 * 1024 - 3, + } + }, + { + name => "large-app-data", + server => { }, + client => { }, + test => { + ApplicationData => 1024 * 1024, + } + }, + { + name => "large-app-data-large-fragment-size", + server => { }, + client => { }, + test => { + ApplicationData => 1024 * 1024, + MaxFragmentSize => 16384, + } + }, + { + name => "large-app-data-odd-fragment-size", + server => { }, + client => { }, + test => { + ApplicationData => 1024 * 1024, + MaxFragmentSize => 5 * 1024 - 5, + } + }, + # When the buffer / fragment size ratio is sufficiently large, + # multi-buffer code kicks in on some platforms for AES-SHA. The + # exact minimum ratio depends on the platform, and is usually + # around 4. Since the the test buffer is 64kB, a 4kB fragment is + # easily sufficient. + # + # (We run this test on all platforms though it's only true multibuffer + # on some of them.) + { + name => "large-app-data-aes-sha1-multibuffer", + server => { }, + client => { + CipherString => "AES128-SHA", + }, + test => { + ApplicationData => 1024 * 1024, + MaxFragmentSize => 4 * 1024, + } + }, + { + name => "large-app-data-aes-sha2-multibuffer", + server => { }, + client => { + CipherString => "AES128-SHA256", + }, + test => { + ApplicationData => 1024 * 1024, + MaxFragmentSize => 4 * 1024, + } + }, + { + name => "large-app-data-aes-sha1-multibuffer-odd-fragment", + server => { }, + client => { + CipherString => "AES128-SHA", + }, + test => { + ApplicationData => 1024 * 1024 + 3, + MaxFragmentSize => 5 * 1024 - 5, + } + }, + { + name => "large-app-data-aes-sha2-multibuffer-odd-fragment", + server => { }, + client => { + CipherString => "AES128-SHA256", + }, + test => { + ApplicationData => 1024 * 1024 - 3, + MaxFragmentSize => 5 * 1024 + 5, + } + }, + # Test that multibuffer-capable code also handles small data correctly. + # Here fragment size == app data size < buffer size, + # so no multibuffering should happen. + { + name => "small-app-data-aes-sha1-multibuffer", + server => { }, + client => { + CipherString => "AES128-SHA", + }, + test => { + ApplicationData => 4 * 1024, + MaxFragmentSize => 4 * 1024, + } + }, + { + name => "small-app-data-aes-sha2-multibuffer", + server => { }, + client => { + CipherString => "AES128-SHA256", + }, + test => { + ApplicationData => 4 * 1024, + MaxFragmentSize => 4 * 1024, + } + }, +); diff --git a/openssl-1.1.0h/test/ssl-tests/14-curves.conf b/openssl-1.1.0h/test/ssl-tests/14-curves.conf new file mode 100644 index 0000000..7f7ac4b --- /dev/null +++ b/openssl-1.1.0h/test/ssl-tests/14-curves.conf @@ -0,0 +1,787 @@ +# Generated with generate_ssl_tests.pl + +num_tests = 29 + +test-0 = 0-curve-sect163k1 +test-1 = 1-curve-sect163r1 +test-2 = 2-curve-sect163r2 +test-3 = 3-curve-sect193r1 +test-4 = 4-curve-sect193r2 +test-5 = 5-curve-sect233k1 +test-6 = 6-curve-sect233r1 +test-7 = 7-curve-sect239k1 +test-8 = 8-curve-sect283k1 +test-9 = 9-curve-sect283r1 +test-10 = 10-curve-sect409k1 +test-11 = 11-curve-sect409r1 +test-12 = 12-curve-sect571k1 +test-13 = 13-curve-sect571r1 +test-14 = 14-curve-secp160k1 +test-15 = 15-curve-secp160r1 +test-16 = 16-curve-secp160r2 +test-17 = 17-curve-secp192k1 +test-18 = 18-curve-prime192v1 +test-19 = 19-curve-secp224k1 +test-20 = 20-curve-secp224r1 +test-21 = 21-curve-secp256k1 +test-22 = 22-curve-prime256v1 +test-23 = 23-curve-secp384r1 +test-24 = 24-curve-secp521r1 +test-25 = 25-curve-brainpoolP256r1 +test-26 = 26-curve-brainpoolP384r1 +test-27 = 27-curve-brainpoolP512r1 +test-28 = 28-curve-X25519 +# =========================================================== + +[0-curve-sect163k1] +ssl_conf = 0-curve-sect163k1-ssl + +[0-curve-sect163k1-ssl] +server = 0-curve-sect163k1-server +client = 0-curve-sect163k1-client + +[0-curve-sect163k1-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +Curves = sect163k1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[0-curve-sect163k1-client] +CipherString = ECDHE +Curves = sect163k1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-0] +ExpectedResult = Success +ExpectedTmpKeyType = sect163k1 + + +# =========================================================== + +[1-curve-sect163r1] +ssl_conf = 1-curve-sect163r1-ssl + +[1-curve-sect163r1-ssl] +server = 1-curve-sect163r1-server +client = 1-curve-sect163r1-client + +[1-curve-sect163r1-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +Curves = sect163r1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[1-curve-sect163r1-client] +CipherString = ECDHE +Curves = sect163r1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-1] +ExpectedResult = Success +ExpectedTmpKeyType = sect163r1 + + +# =========================================================== + +[2-curve-sect163r2] +ssl_conf = 2-curve-sect163r2-ssl + +[2-curve-sect163r2-ssl] +server = 2-curve-sect163r2-server +client = 2-curve-sect163r2-client + +[2-curve-sect163r2-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +Curves = sect163r2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[2-curve-sect163r2-client] +CipherString = ECDHE +Curves = sect163r2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-2] +ExpectedResult = Success +ExpectedTmpKeyType = sect163r2 + + +# =========================================================== + +[3-curve-sect193r1] +ssl_conf = 3-curve-sect193r1-ssl + +[3-curve-sect193r1-ssl] +server = 3-curve-sect193r1-server +client = 3-curve-sect193r1-client + +[3-curve-sect193r1-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +Curves = sect193r1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[3-curve-sect193r1-client] +CipherString = ECDHE +Curves = sect193r1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-3] +ExpectedResult = Success +ExpectedTmpKeyType = sect193r1 + + +# =========================================================== + +[4-curve-sect193r2] +ssl_conf = 4-curve-sect193r2-ssl + +[4-curve-sect193r2-ssl] +server = 4-curve-sect193r2-server +client = 4-curve-sect193r2-client + +[4-curve-sect193r2-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +Curves = sect193r2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[4-curve-sect193r2-client] +CipherString = ECDHE +Curves = sect193r2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-4] +ExpectedResult = Success +ExpectedTmpKeyType = sect193r2 + + +# =========================================================== + +[5-curve-sect233k1] +ssl_conf = 5-curve-sect233k1-ssl + +[5-curve-sect233k1-ssl] +server = 5-curve-sect233k1-server +client = 5-curve-sect233k1-client + +[5-curve-sect233k1-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +Curves = sect233k1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[5-curve-sect233k1-client] +CipherString = ECDHE +Curves = sect233k1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-5] +ExpectedResult = Success +ExpectedTmpKeyType = sect233k1 + + +# =========================================================== + +[6-curve-sect233r1] +ssl_conf = 6-curve-sect233r1-ssl + +[6-curve-sect233r1-ssl] +server = 6-curve-sect233r1-server +client = 6-curve-sect233r1-client + +[6-curve-sect233r1-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +Curves = sect233r1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[6-curve-sect233r1-client] +CipherString = ECDHE +Curves = sect233r1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-6] +ExpectedResult = Success +ExpectedTmpKeyType = sect233r1 + + +# =========================================================== + +[7-curve-sect239k1] +ssl_conf = 7-curve-sect239k1-ssl + +[7-curve-sect239k1-ssl] +server = 7-curve-sect239k1-server +client = 7-curve-sect239k1-client + +[7-curve-sect239k1-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +Curves = sect239k1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[7-curve-sect239k1-client] +CipherString = ECDHE +Curves = sect239k1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-7] +ExpectedResult = Success +ExpectedTmpKeyType = sect239k1 + + +# =========================================================== + +[8-curve-sect283k1] +ssl_conf = 8-curve-sect283k1-ssl + +[8-curve-sect283k1-ssl] +server = 8-curve-sect283k1-server +client = 8-curve-sect283k1-client + +[8-curve-sect283k1-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +Curves = sect283k1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[8-curve-sect283k1-client] +CipherString = ECDHE +Curves = sect283k1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-8] +ExpectedResult = Success +ExpectedTmpKeyType = sect283k1 + + +# =========================================================== + +[9-curve-sect283r1] +ssl_conf = 9-curve-sect283r1-ssl + +[9-curve-sect283r1-ssl] +server = 9-curve-sect283r1-server +client = 9-curve-sect283r1-client + +[9-curve-sect283r1-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +Curves = sect283r1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[9-curve-sect283r1-client] +CipherString = ECDHE +Curves = sect283r1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-9] +ExpectedResult = Success +ExpectedTmpKeyType = sect283r1 + + +# =========================================================== + +[10-curve-sect409k1] +ssl_conf = 10-curve-sect409k1-ssl + +[10-curve-sect409k1-ssl] +server = 10-curve-sect409k1-server +client = 10-curve-sect409k1-client + +[10-curve-sect409k1-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +Curves = sect409k1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[10-curve-sect409k1-client] +CipherString = ECDHE +Curves = sect409k1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-10] +ExpectedResult = Success +ExpectedTmpKeyType = sect409k1 + + +# =========================================================== + +[11-curve-sect409r1] +ssl_conf = 11-curve-sect409r1-ssl + +[11-curve-sect409r1-ssl] +server = 11-curve-sect409r1-server +client = 11-curve-sect409r1-client + +[11-curve-sect409r1-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +Curves = sect409r1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[11-curve-sect409r1-client] +CipherString = ECDHE +Curves = sect409r1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-11] +ExpectedResult = Success +ExpectedTmpKeyType = sect409r1 + + +# =========================================================== + +[12-curve-sect571k1] +ssl_conf = 12-curve-sect571k1-ssl + +[12-curve-sect571k1-ssl] +server = 12-curve-sect571k1-server +client = 12-curve-sect571k1-client + +[12-curve-sect571k1-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +Curves = sect571k1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[12-curve-sect571k1-client] +CipherString = ECDHE +Curves = sect571k1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-12] +ExpectedResult = Success +ExpectedTmpKeyType = sect571k1 + + +# =========================================================== + +[13-curve-sect571r1] +ssl_conf = 13-curve-sect571r1-ssl + +[13-curve-sect571r1-ssl] +server = 13-curve-sect571r1-server +client = 13-curve-sect571r1-client + +[13-curve-sect571r1-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +Curves = sect571r1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[13-curve-sect571r1-client] +CipherString = ECDHE +Curves = sect571r1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-13] +ExpectedResult = Success +ExpectedTmpKeyType = sect571r1 + + +# =========================================================== + +[14-curve-secp160k1] +ssl_conf = 14-curve-secp160k1-ssl + +[14-curve-secp160k1-ssl] +server = 14-curve-secp160k1-server +client = 14-curve-secp160k1-client + +[14-curve-secp160k1-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +Curves = secp160k1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[14-curve-secp160k1-client] +CipherString = ECDHE +Curves = secp160k1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-14] +ExpectedResult = Success +ExpectedTmpKeyType = secp160k1 + + +# =========================================================== + +[15-curve-secp160r1] +ssl_conf = 15-curve-secp160r1-ssl + +[15-curve-secp160r1-ssl] +server = 15-curve-secp160r1-server +client = 15-curve-secp160r1-client + +[15-curve-secp160r1-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +Curves = secp160r1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[15-curve-secp160r1-client] +CipherString = ECDHE +Curves = secp160r1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-15] +ExpectedResult = Success +ExpectedTmpKeyType = secp160r1 + + +# =========================================================== + +[16-curve-secp160r2] +ssl_conf = 16-curve-secp160r2-ssl + +[16-curve-secp160r2-ssl] +server = 16-curve-secp160r2-server +client = 16-curve-secp160r2-client + +[16-curve-secp160r2-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +Curves = secp160r2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[16-curve-secp160r2-client] +CipherString = ECDHE +Curves = secp160r2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-16] +ExpectedResult = Success +ExpectedTmpKeyType = secp160r2 + + +# =========================================================== + +[17-curve-secp192k1] +ssl_conf = 17-curve-secp192k1-ssl + +[17-curve-secp192k1-ssl] +server = 17-curve-secp192k1-server +client = 17-curve-secp192k1-client + +[17-curve-secp192k1-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +Curves = secp192k1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[17-curve-secp192k1-client] +CipherString = ECDHE +Curves = secp192k1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-17] +ExpectedResult = Success +ExpectedTmpKeyType = secp192k1 + + +# =========================================================== + +[18-curve-prime192v1] +ssl_conf = 18-curve-prime192v1-ssl + +[18-curve-prime192v1-ssl] +server = 18-curve-prime192v1-server +client = 18-curve-prime192v1-client + +[18-curve-prime192v1-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +Curves = prime192v1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[18-curve-prime192v1-client] +CipherString = ECDHE +Curves = prime192v1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-18] +ExpectedResult = Success +ExpectedTmpKeyType = prime192v1 + + +# =========================================================== + +[19-curve-secp224k1] +ssl_conf = 19-curve-secp224k1-ssl + +[19-curve-secp224k1-ssl] +server = 19-curve-secp224k1-server +client = 19-curve-secp224k1-client + +[19-curve-secp224k1-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +Curves = secp224k1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[19-curve-secp224k1-client] +CipherString = ECDHE +Curves = secp224k1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-19] +ExpectedResult = Success +ExpectedTmpKeyType = secp224k1 + + +# =========================================================== + +[20-curve-secp224r1] +ssl_conf = 20-curve-secp224r1-ssl + +[20-curve-secp224r1-ssl] +server = 20-curve-secp224r1-server +client = 20-curve-secp224r1-client + +[20-curve-secp224r1-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +Curves = secp224r1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[20-curve-secp224r1-client] +CipherString = ECDHE +Curves = secp224r1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-20] +ExpectedResult = Success +ExpectedTmpKeyType = secp224r1 + + +# =========================================================== + +[21-curve-secp256k1] +ssl_conf = 21-curve-secp256k1-ssl + +[21-curve-secp256k1-ssl] +server = 21-curve-secp256k1-server +client = 21-curve-secp256k1-client + +[21-curve-secp256k1-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +Curves = secp256k1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[21-curve-secp256k1-client] +CipherString = ECDHE +Curves = secp256k1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-21] +ExpectedResult = Success +ExpectedTmpKeyType = secp256k1 + + +# =========================================================== + +[22-curve-prime256v1] +ssl_conf = 22-curve-prime256v1-ssl + +[22-curve-prime256v1-ssl] +server = 22-curve-prime256v1-server +client = 22-curve-prime256v1-client + +[22-curve-prime256v1-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +Curves = prime256v1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[22-curve-prime256v1-client] +CipherString = ECDHE +Curves = prime256v1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-22] +ExpectedResult = Success +ExpectedTmpKeyType = prime256v1 + + +# =========================================================== + +[23-curve-secp384r1] +ssl_conf = 23-curve-secp384r1-ssl + +[23-curve-secp384r1-ssl] +server = 23-curve-secp384r1-server +client = 23-curve-secp384r1-client + +[23-curve-secp384r1-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +Curves = secp384r1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[23-curve-secp384r1-client] +CipherString = ECDHE +Curves = secp384r1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-23] +ExpectedResult = Success +ExpectedTmpKeyType = secp384r1 + + +# =========================================================== + +[24-curve-secp521r1] +ssl_conf = 24-curve-secp521r1-ssl + +[24-curve-secp521r1-ssl] +server = 24-curve-secp521r1-server +client = 24-curve-secp521r1-client + +[24-curve-secp521r1-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +Curves = secp521r1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[24-curve-secp521r1-client] +CipherString = ECDHE +Curves = secp521r1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-24] +ExpectedResult = Success +ExpectedTmpKeyType = secp521r1 + + +# =========================================================== + +[25-curve-brainpoolP256r1] +ssl_conf = 25-curve-brainpoolP256r1-ssl + +[25-curve-brainpoolP256r1-ssl] +server = 25-curve-brainpoolP256r1-server +client = 25-curve-brainpoolP256r1-client + +[25-curve-brainpoolP256r1-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +Curves = brainpoolP256r1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[25-curve-brainpoolP256r1-client] +CipherString = ECDHE +Curves = brainpoolP256r1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-25] +ExpectedResult = Success +ExpectedTmpKeyType = brainpoolP256r1 + + +# =========================================================== + +[26-curve-brainpoolP384r1] +ssl_conf = 26-curve-brainpoolP384r1-ssl + +[26-curve-brainpoolP384r1-ssl] +server = 26-curve-brainpoolP384r1-server +client = 26-curve-brainpoolP384r1-client + +[26-curve-brainpoolP384r1-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +Curves = brainpoolP384r1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[26-curve-brainpoolP384r1-client] +CipherString = ECDHE +Curves = brainpoolP384r1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-26] +ExpectedResult = Success +ExpectedTmpKeyType = brainpoolP384r1 + + +# =========================================================== + +[27-curve-brainpoolP512r1] +ssl_conf = 27-curve-brainpoolP512r1-ssl + +[27-curve-brainpoolP512r1-ssl] +server = 27-curve-brainpoolP512r1-server +client = 27-curve-brainpoolP512r1-client + +[27-curve-brainpoolP512r1-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +Curves = brainpoolP512r1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[27-curve-brainpoolP512r1-client] +CipherString = ECDHE +Curves = brainpoolP512r1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-27] +ExpectedResult = Success +ExpectedTmpKeyType = brainpoolP512r1 + + +# =========================================================== + +[28-curve-X25519] +ssl_conf = 28-curve-X25519-ssl + +[28-curve-X25519-ssl] +server = 28-curve-X25519-server +client = 28-curve-X25519-client + +[28-curve-X25519-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +Curves = X25519 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[28-curve-X25519-client] +CipherString = ECDHE +Curves = X25519 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-28] +ExpectedResult = Success +ExpectedTmpKeyType = X25519 + + diff --git a/openssl-1.1.0h/test/ssl-tests/14-curves.conf.in b/openssl-1.1.0h/test/ssl-tests/14-curves.conf.in new file mode 100644 index 0000000..0b7c09c --- /dev/null +++ b/openssl-1.1.0h/test/ssl-tests/14-curves.conf.in @@ -0,0 +1,44 @@ +# -*- mode: perl; -*- + +## SSL test configurations + +package ssltests; + +use strict; +use warnings; + +use OpenSSL::Test; +use OpenSSL::Test::Utils qw(anydisabled); + +my @curves = ("sect163k1", "sect163r1", "sect163r2", "sect193r1", + "sect193r2", "sect233k1", "sect233r1", "sect239k1", + "sect283k1", "sect283r1", "sect409k1", "sect409r1", + "sect571k1", "sect571r1", "secp160k1", "secp160r1", + "secp160r2", "secp192k1", "prime192v1", "secp224k1", + "secp224r1", "secp256k1", "prime256v1", "secp384r1", + "secp521r1", "brainpoolP256r1", "brainpoolP384r1", + "brainpoolP512r1", "X25519"); + +our @tests = (); + +sub generate_tests() { + foreach (0..$#curves) { + my $curve = $curves[$_]; + push @tests, { + name => "curve-${curve}", + server => { + "Curves" => $curve + }, + client => { + "CipherString" => "ECDHE", + "Curves" => $curve + }, + test => { + "ExpectedTmpKeyType" => $curve, + "ExpectedResult" => "Success" + }, + }; + } +} + +generate_tests(); diff --git a/openssl-1.1.0h/test/ssl-tests/15-certstatus.conf b/openssl-1.1.0h/test/ssl-tests/15-certstatus.conf new file mode 100644 index 0000000..bf6c41c --- /dev/null +++ b/openssl-1.1.0h/test/ssl-tests/15-certstatus.conf @@ -0,0 +1,62 @@ +# Generated with generate_ssl_tests.pl + +num_tests = 2 + +test-0 = 0-certstatus-good +test-1 = 1-certstatus-bad +# =========================================================== + +[0-certstatus-good] +ssl_conf = 0-certstatus-good-ssl + +[0-certstatus-good-ssl] +server = 0-certstatus-good-server +client = 0-certstatus-good-client + +[0-certstatus-good-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[0-certstatus-good-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-0] +ExpectedResult = Success +Method = TLS +server = 0-certstatus-good-server-extra + +[0-certstatus-good-server-extra] +CertStatus = GoodResponse + + +# =========================================================== + +[1-certstatus-bad] +ssl_conf = 1-certstatus-bad-ssl + +[1-certstatus-bad-ssl] +server = 1-certstatus-bad-server +client = 1-certstatus-bad-client + +[1-certstatus-bad-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[1-certstatus-bad-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-1] +ExpectedResult = ClientFail +Method = TLS +server = 1-certstatus-bad-server-extra + +[1-certstatus-bad-server-extra] +CertStatus = BadResponse + + diff --git a/openssl-1.1.0h/test/ssl-tests/15-certstatus.conf.in b/openssl-1.1.0h/test/ssl-tests/15-certstatus.conf.in new file mode 100644 index 0000000..074602d --- /dev/null +++ b/openssl-1.1.0h/test/ssl-tests/15-certstatus.conf.in @@ -0,0 +1,45 @@ +# -*- mode: perl; -*- +# Copyright 2016-2016 The OpenSSL Project Authors. All Rights Reserved. +# +# Licensed under the OpenSSL license (the "License"). You may not use +# this file except in compliance with the License. You can obtain a copy +# in the file LICENSE in the source distribution or at +# https://www.openssl.org/source/license.html + + +## Test CertStatus messages + +use strict; +use warnings; + +package ssltests; + + +our @tests = ( + { + name => "certstatus-good", + server => { + extra => { + "CertStatus" => "GoodResponse", + }, + }, + client => {}, + test => { + "Method" => "TLS", + "ExpectedResult" => "Success" + } + }, + { + name => "certstatus-bad", + server => { + extra => { + "CertStatus" => "BadResponse", + }, + }, + client => {}, + test => { + "Method" => "TLS", + "ExpectedResult" => "ClientFail" + } + }, +); diff --git a/openssl-1.1.0h/test/ssl-tests/16-certstatus.conf b/openssl-1.1.0h/test/ssl-tests/16-certstatus.conf new file mode 100644 index 0000000..e69de29 diff --git a/openssl-1.1.0h/test/ssl-tests/16-dtls-certstatus.conf b/openssl-1.1.0h/test/ssl-tests/16-dtls-certstatus.conf new file mode 100644 index 0000000..a561803 --- /dev/null +++ b/openssl-1.1.0h/test/ssl-tests/16-dtls-certstatus.conf @@ -0,0 +1,62 @@ +# Generated with generate_ssl_tests.pl + +num_tests = 2 + +test-0 = 0-certstatus-good +test-1 = 1-certstatus-bad +# =========================================================== + +[0-certstatus-good] +ssl_conf = 0-certstatus-good-ssl + +[0-certstatus-good-ssl] +server = 0-certstatus-good-server +client = 0-certstatus-good-client + +[0-certstatus-good-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[0-certstatus-good-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-0] +ExpectedResult = Success +Method = DTLS +server = 0-certstatus-good-server-extra + +[0-certstatus-good-server-extra] +CertStatus = GoodResponse + + +# =========================================================== + +[1-certstatus-bad] +ssl_conf = 1-certstatus-bad-ssl + +[1-certstatus-bad-ssl] +server = 1-certstatus-bad-server +client = 1-certstatus-bad-client + +[1-certstatus-bad-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[1-certstatus-bad-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-1] +ExpectedResult = ClientFail +Method = DTLS +server = 1-certstatus-bad-server-extra + +[1-certstatus-bad-server-extra] +CertStatus = BadResponse + + diff --git a/openssl-1.1.0h/test/ssl-tests/16-dtls-certstatus.conf.in b/openssl-1.1.0h/test/ssl-tests/16-dtls-certstatus.conf.in new file mode 100644 index 0000000..7280029 --- /dev/null +++ b/openssl-1.1.0h/test/ssl-tests/16-dtls-certstatus.conf.in @@ -0,0 +1,45 @@ +# -*- mode: perl; -*- +# Copyright 2016-2016 The OpenSSL Project Authors. All Rights Reserved. +# +# Licensed under the OpenSSL license (the "License"). You may not use +# this file except in compliance with the License. You can obtain a copy +# in the file LICENSE in the source distribution or at +# https://www.openssl.org/source/license.html + + +## Test DTLS CertStatus messages + +use strict; +use warnings; + +package ssltests; + + +our @tests = ( + { + name => "certstatus-good", + server => { + extra => { + "CertStatus" => "GoodResponse", + }, + }, + client => {}, + test => { + "Method" => "DTLS", + "ExpectedResult" => "Success" + } + }, + { + name => "certstatus-bad", + server => { + extra => { + "CertStatus" => "BadResponse", + }, + }, + client => {}, + test => { + "Method" => "DTLS", + "ExpectedResult" => "ClientFail" + } + }, +); diff --git a/openssl-1.1.0h/test/ssl-tests/17-renegotiate.conf b/openssl-1.1.0h/test/ssl-tests/17-renegotiate.conf new file mode 100644 index 0000000..48f569f --- /dev/null +++ b/openssl-1.1.0h/test/ssl-tests/17-renegotiate.conf @@ -0,0 +1,428 @@ +# Generated with generate_ssl_tests.pl + +num_tests = 14 + +test-0 = 0-renegotiate-client-no-resume +test-1 = 1-renegotiate-client-resume +test-2 = 2-renegotiate-server-no-resume +test-3 = 3-renegotiate-server-resume +test-4 = 4-renegotiate-client-auth-require +test-5 = 5-renegotiate-client-auth-once +test-6 = 6-renegotiate-aead-to-non-aead +test-7 = 7-renegotiate-non-aead-to-aead +test-8 = 8-renegotiate-non-aead-to-non-aead +test-9 = 9-renegotiate-aead-to-aead +test-10 = 10-no-renegotiation-server-by-client +test-11 = 11-no-renegotiation-server-by-server +test-12 = 12-no-renegotiation-client-by-server +test-13 = 13-no-renegotiation-client-by-client +# =========================================================== + +[0-renegotiate-client-no-resume] +ssl_conf = 0-renegotiate-client-no-resume-ssl + +[0-renegotiate-client-no-resume-ssl] +server = 0-renegotiate-client-no-resume-server +client = 0-renegotiate-client-no-resume-client + +[0-renegotiate-client-no-resume-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +Options = NoResumptionOnRenegotiation +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[0-renegotiate-client-no-resume-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-0] +ExpectedResult = Success +HandshakeMode = RenegotiateClient +Method = TLS +ResumptionExpected = No + + +# =========================================================== + +[1-renegotiate-client-resume] +ssl_conf = 1-renegotiate-client-resume-ssl + +[1-renegotiate-client-resume-ssl] +server = 1-renegotiate-client-resume-server +client = 1-renegotiate-client-resume-client + +[1-renegotiate-client-resume-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[1-renegotiate-client-resume-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-1] +ExpectedResult = Success +HandshakeMode = RenegotiateClient +Method = TLS +ResumptionExpected = Yes + + +# =========================================================== + +[2-renegotiate-server-no-resume] +ssl_conf = 2-renegotiate-server-no-resume-ssl + +[2-renegotiate-server-no-resume-ssl] +server = 2-renegotiate-server-no-resume-server +client = 2-renegotiate-server-no-resume-client + +[2-renegotiate-server-no-resume-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +Options = NoResumptionOnRenegotiation +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[2-renegotiate-server-no-resume-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-2] +ExpectedResult = Success +HandshakeMode = RenegotiateServer +Method = TLS +ResumptionExpected = No + + +# =========================================================== + +[3-renegotiate-server-resume] +ssl_conf = 3-renegotiate-server-resume-ssl + +[3-renegotiate-server-resume-ssl] +server = 3-renegotiate-server-resume-server +client = 3-renegotiate-server-resume-client + +[3-renegotiate-server-resume-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[3-renegotiate-server-resume-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-3] +ExpectedResult = Success +HandshakeMode = RenegotiateServer +Method = TLS +ResumptionExpected = Yes + + +# =========================================================== + +[4-renegotiate-client-auth-require] +ssl_conf = 4-renegotiate-client-auth-require-ssl + +[4-renegotiate-client-auth-require-ssl] +server = 4-renegotiate-client-auth-require-server +client = 4-renegotiate-client-auth-require-client + +[4-renegotiate-client-auth-require-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +Options = NoResumptionOnRenegotiation +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem +VerifyMode = Require + +[4-renegotiate-client-auth-require-client] +Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-4] +ExpectedResult = Success +HandshakeMode = RenegotiateServer +Method = TLS +ResumptionExpected = No + + +# =========================================================== + +[5-renegotiate-client-auth-once] +ssl_conf = 5-renegotiate-client-auth-once-ssl + +[5-renegotiate-client-auth-once-ssl] +server = 5-renegotiate-client-auth-once-server +client = 5-renegotiate-client-auth-once-client + +[5-renegotiate-client-auth-once-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +Options = NoResumptionOnRenegotiation +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem +VerifyMode = Once + +[5-renegotiate-client-auth-once-client] +Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-5] +ExpectedResult = Success +HandshakeMode = RenegotiateServer +Method = TLS +ResumptionExpected = No + + +# =========================================================== + +[6-renegotiate-aead-to-non-aead] +ssl_conf = 6-renegotiate-aead-to-non-aead-ssl + +[6-renegotiate-aead-to-non-aead-ssl] +server = 6-renegotiate-aead-to-non-aead-server +client = 6-renegotiate-aead-to-non-aead-client + +[6-renegotiate-aead-to-non-aead-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +Options = NoResumptionOnRenegotiation +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[6-renegotiate-aead-to-non-aead-client] +CipherString = AES128-GCM-SHA256 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-6] +ExpectedResult = Success +HandshakeMode = RenegotiateClient +Method = TLS +ResumptionExpected = No +client = 6-renegotiate-aead-to-non-aead-client-extra + +[6-renegotiate-aead-to-non-aead-client-extra] +RenegotiateCiphers = AES128-SHA + + +# =========================================================== + +[7-renegotiate-non-aead-to-aead] +ssl_conf = 7-renegotiate-non-aead-to-aead-ssl + +[7-renegotiate-non-aead-to-aead-ssl] +server = 7-renegotiate-non-aead-to-aead-server +client = 7-renegotiate-non-aead-to-aead-client + +[7-renegotiate-non-aead-to-aead-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +Options = NoResumptionOnRenegotiation +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[7-renegotiate-non-aead-to-aead-client] +CipherString = AES128-SHA +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-7] +ExpectedResult = Success +HandshakeMode = RenegotiateClient +Method = TLS +ResumptionExpected = No +client = 7-renegotiate-non-aead-to-aead-client-extra + +[7-renegotiate-non-aead-to-aead-client-extra] +RenegotiateCiphers = AES128-GCM-SHA256 + + +# =========================================================== + +[8-renegotiate-non-aead-to-non-aead] +ssl_conf = 8-renegotiate-non-aead-to-non-aead-ssl + +[8-renegotiate-non-aead-to-non-aead-ssl] +server = 8-renegotiate-non-aead-to-non-aead-server +client = 8-renegotiate-non-aead-to-non-aead-client + +[8-renegotiate-non-aead-to-non-aead-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +Options = NoResumptionOnRenegotiation +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[8-renegotiate-non-aead-to-non-aead-client] +CipherString = AES128-SHA +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-8] +ExpectedResult = Success +HandshakeMode = RenegotiateClient +Method = TLS +ResumptionExpected = No +client = 8-renegotiate-non-aead-to-non-aead-client-extra + +[8-renegotiate-non-aead-to-non-aead-client-extra] +RenegotiateCiphers = AES256-SHA + + +# =========================================================== + +[9-renegotiate-aead-to-aead] +ssl_conf = 9-renegotiate-aead-to-aead-ssl + +[9-renegotiate-aead-to-aead-ssl] +server = 9-renegotiate-aead-to-aead-server +client = 9-renegotiate-aead-to-aead-client + +[9-renegotiate-aead-to-aead-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +Options = NoResumptionOnRenegotiation +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[9-renegotiate-aead-to-aead-client] +CipherString = AES128-GCM-SHA256 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-9] +ExpectedResult = Success +HandshakeMode = RenegotiateClient +Method = TLS +ResumptionExpected = No +client = 9-renegotiate-aead-to-aead-client-extra + +[9-renegotiate-aead-to-aead-client-extra] +RenegotiateCiphers = AES256-GCM-SHA384 + + +# =========================================================== + +[10-no-renegotiation-server-by-client] +ssl_conf = 10-no-renegotiation-server-by-client-ssl + +[10-no-renegotiation-server-by-client-ssl] +server = 10-no-renegotiation-server-by-client-server +client = 10-no-renegotiation-server-by-client-client + +[10-no-renegotiation-server-by-client-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +Options = NoRenegotiation +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[10-no-renegotiation-server-by-client-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-10] +ExpectedResult = ClientFail +HandshakeMode = RenegotiateClient +Method = TLS +ResumptionExpected = No + + +# =========================================================== + +[11-no-renegotiation-server-by-server] +ssl_conf = 11-no-renegotiation-server-by-server-ssl + +[11-no-renegotiation-server-by-server-ssl] +server = 11-no-renegotiation-server-by-server-server +client = 11-no-renegotiation-server-by-server-client + +[11-no-renegotiation-server-by-server-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +Options = NoRenegotiation +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[11-no-renegotiation-server-by-server-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-11] +ExpectedResult = ServerFail +HandshakeMode = RenegotiateServer +Method = TLS +ResumptionExpected = No + + +# =========================================================== + +[12-no-renegotiation-client-by-server] +ssl_conf = 12-no-renegotiation-client-by-server-ssl + +[12-no-renegotiation-client-by-server-ssl] +server = 12-no-renegotiation-client-by-server-server +client = 12-no-renegotiation-client-by-server-client + +[12-no-renegotiation-client-by-server-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[12-no-renegotiation-client-by-server-client] +CipherString = DEFAULT +Options = NoRenegotiation +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-12] +ExpectedResult = ServerFail +HandshakeMode = RenegotiateServer +Method = TLS +ResumptionExpected = No + + +# =========================================================== + +[13-no-renegotiation-client-by-client] +ssl_conf = 13-no-renegotiation-client-by-client-ssl + +[13-no-renegotiation-client-by-client-ssl] +server = 13-no-renegotiation-client-by-client-server +client = 13-no-renegotiation-client-by-client-client + +[13-no-renegotiation-client-by-client-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[13-no-renegotiation-client-by-client-client] +CipherString = DEFAULT +Options = NoRenegotiation +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-13] +ExpectedResult = ClientFail +HandshakeMode = RenegotiateClient +Method = TLS +ResumptionExpected = No + + diff --git a/openssl-1.1.0h/test/ssl-tests/17-renegotiate.conf.in b/openssl-1.1.0h/test/ssl-tests/17-renegotiate.conf.in new file mode 100644 index 0000000..bd656d0 --- /dev/null +++ b/openssl-1.1.0h/test/ssl-tests/17-renegotiate.conf.in @@ -0,0 +1,243 @@ +# -*- mode: perl; -*- +# Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved. +# +# Licensed under the OpenSSL license (the "License"). You may not use +# this file except in compliance with the License. You can obtain a copy +# in the file LICENSE in the source distribution or at +# https://www.openssl.org/source/license.html + + +## Test Renegotiation + +use strict; +use warnings; + +package ssltests; +use OpenSSL::Test::Utils; + +our @tests = ( + { + name => "renegotiate-client-no-resume", + server => { + "Options" => "NoResumptionOnRenegotiation" + }, + client => {}, + test => { + "Method" => "TLS", + "HandshakeMode" => "RenegotiateClient", + "ResumptionExpected" => "No", + "ExpectedResult" => "Success" + } + }, + { + name => "renegotiate-client-resume", + server => {}, + client => {}, + test => { + "Method" => "TLS", + "HandshakeMode" => "RenegotiateClient", + "ResumptionExpected" => "Yes", + "ExpectedResult" => "Success" + } + }, + { + name => "renegotiate-server-no-resume", + server => { + "Options" => "NoResumptionOnRenegotiation" + }, + client => {}, + test => { + "Method" => "TLS", + "HandshakeMode" => "RenegotiateServer", + "ResumptionExpected" => "No", + "ExpectedResult" => "Success" + } + }, + { + name => "renegotiate-server-resume", + server => {}, + client => {}, + test => { + "Method" => "TLS", + "HandshakeMode" => "RenegotiateServer", + "ResumptionExpected" => "Yes", + "ExpectedResult" => "Success" + } + }, + { + name => "renegotiate-client-auth-require", + server => { + "Options" => "NoResumptionOnRenegotiation", + "MaxProtocol" => "TLSv1.2", + "VerifyCAFile" => test_pem("root-cert.pem"), + "VerifyMode" => "Require", + }, + client => { + "Certificate" => test_pem("ee-client-chain.pem"), + "PrivateKey" => test_pem("ee-key.pem"), + }, + test => { + "Method" => "TLS", + "HandshakeMode" => "RenegotiateServer", + "ResumptionExpected" => "No", + "ExpectedResult" => "Success" + } + }, + { + name => "renegotiate-client-auth-once", + server => { + "Options" => "NoResumptionOnRenegotiation", + "MaxProtocol" => "TLSv1.2", + "VerifyCAFile" => test_pem("root-cert.pem"), + "VerifyMode" => "Once", + }, + client => { + "Certificate" => test_pem("ee-client-chain.pem"), + "PrivateKey" => test_pem("ee-key.pem"), + }, + test => { + "Method" => "TLS", + "HandshakeMode" => "RenegotiateServer", + "ResumptionExpected" => "No", + "ExpectedResult" => "Success" + } + } +); +our @tests_tls1_2 = ( + { + name => "renegotiate-aead-to-non-aead", + server => { + "Options" => "NoResumptionOnRenegotiation", + "MaxProtocol" => "TLSv1.2" + }, + client => { + "CipherString" => "AES128-GCM-SHA256", + extra => { + "RenegotiateCiphers" => "AES128-SHA" + } + }, + test => { + "Method" => "TLS", + "HandshakeMode" => "RenegotiateClient", + "ResumptionExpected" => "No", + "ExpectedResult" => "Success" + } + }, + { + name => "renegotiate-non-aead-to-aead", + server => { + "Options" => "NoResumptionOnRenegotiation", + "MaxProtocol" => "TLSv1.2" + }, + client => { + "CipherString" => "AES128-SHA", + extra => { + "RenegotiateCiphers" => "AES128-GCM-SHA256" + } + }, + test => { + "Method" => "TLS", + "HandshakeMode" => "RenegotiateClient", + "ResumptionExpected" => "No", + "ExpectedResult" => "Success" + } + }, + { + name => "renegotiate-non-aead-to-non-aead", + server => { + "Options" => "NoResumptionOnRenegotiation", + "MaxProtocol" => "TLSv1.2" + }, + client => { + "CipherString" => "AES128-SHA", + extra => { + "RenegotiateCiphers" => "AES256-SHA" + } + }, + test => { + "Method" => "TLS", + "HandshakeMode" => "RenegotiateClient", + "ResumptionExpected" => "No", + "ExpectedResult" => "Success" + } + }, + { + name => "renegotiate-aead-to-aead", + server => { + "Options" => "NoResumptionOnRenegotiation", + "MaxProtocol" => "TLSv1.2" + }, + client => { + "CipherString" => "AES128-GCM-SHA256", + extra => { + "RenegotiateCiphers" => "AES256-GCM-SHA384" + } + }, + test => { + "Method" => "TLS", + "HandshakeMode" => "RenegotiateClient", + "ResumptionExpected" => "No", + "ExpectedResult" => "Success" + } + }, + { + name => "no-renegotiation-server-by-client", + server => { + "Options" => "NoRenegotiation", + "MaxProtocol" => "TLSv1.2" + }, + client => { }, + test => { + "Method" => "TLS", + "HandshakeMode" => "RenegotiateClient", + "ResumptionExpected" => "No", + "ExpectedResult" => "ClientFail" + } + }, + { + name => "no-renegotiation-server-by-server", + server => { + "Options" => "NoRenegotiation", + "MaxProtocol" => "TLSv1.2" + }, + client => { }, + test => { + "Method" => "TLS", + "HandshakeMode" => "RenegotiateServer", + "ResumptionExpected" => "No", + "ExpectedResult" => "ServerFail" + } + }, + { + name => "no-renegotiation-client-by-server", + server => { + "MaxProtocol" => "TLSv1.2" + }, + client => { + "Options" => "NoRenegotiation", + }, + test => { + "Method" => "TLS", + "HandshakeMode" => "RenegotiateServer", + "ResumptionExpected" => "No", + "ExpectedResult" => "ServerFail" + } + }, + { + name => "no-renegotiation-client-by-client", + server => { + "MaxProtocol" => "TLSv1.2" + }, + client => { + "Options" => "NoRenegotiation", + }, + test => { + "Method" => "TLS", + "HandshakeMode" => "RenegotiateClient", + "ResumptionExpected" => "No", + "ExpectedResult" => "ClientFail" + } + } +); + +push @tests, @tests_tls1_2 unless disabled("tls1_2"); diff --git a/openssl-1.1.0h/test/ssl-tests/18-dtls-renegotiate.conf b/openssl-1.1.0h/test/ssl-tests/18-dtls-renegotiate.conf new file mode 100644 index 0000000..3d8ebd7 --- /dev/null +++ b/openssl-1.1.0h/test/ssl-tests/18-dtls-renegotiate.conf @@ -0,0 +1,276 @@ +# Generated with generate_ssl_tests.pl + +num_tests = 9 + +test-0 = 0-renegotiate-client-no-resume +test-1 = 1-renegotiate-client-resume +test-2 = 2-renegotiate-server-resume +test-3 = 3-renegotiate-client-auth-require +test-4 = 4-renegotiate-client-auth-once +test-5 = 5-renegotiate-aead-to-non-aead +test-6 = 6-renegotiate-non-aead-to-aead +test-7 = 7-renegotiate-non-aead-to-non-aead +test-8 = 8-renegotiate-aead-to-aead +# =========================================================== + +[0-renegotiate-client-no-resume] +ssl_conf = 0-renegotiate-client-no-resume-ssl + +[0-renegotiate-client-no-resume-ssl] +server = 0-renegotiate-client-no-resume-server +client = 0-renegotiate-client-no-resume-client + +[0-renegotiate-client-no-resume-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +Options = NoResumptionOnRenegotiation +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[0-renegotiate-client-no-resume-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-0] +ExpectedResult = Success +HandshakeMode = RenegotiateClient +Method = DTLS +ResumptionExpected = No + + +# =========================================================== + +[1-renegotiate-client-resume] +ssl_conf = 1-renegotiate-client-resume-ssl + +[1-renegotiate-client-resume-ssl] +server = 1-renegotiate-client-resume-server +client = 1-renegotiate-client-resume-client + +[1-renegotiate-client-resume-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[1-renegotiate-client-resume-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-1] +ExpectedResult = Success +HandshakeMode = RenegotiateClient +Method = DTLS +ResumptionExpected = Yes + + +# =========================================================== + +[2-renegotiate-server-resume] +ssl_conf = 2-renegotiate-server-resume-ssl + +[2-renegotiate-server-resume-ssl] +server = 2-renegotiate-server-resume-server +client = 2-renegotiate-server-resume-client + +[2-renegotiate-server-resume-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[2-renegotiate-server-resume-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-2] +ExpectedResult = Success +HandshakeMode = RenegotiateServer +Method = DTLS +ResumptionExpected = No + + +# =========================================================== + +[3-renegotiate-client-auth-require] +ssl_conf = 3-renegotiate-client-auth-require-ssl + +[3-renegotiate-client-auth-require-ssl] +server = 3-renegotiate-client-auth-require-server +client = 3-renegotiate-client-auth-require-client + +[3-renegotiate-client-auth-require-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem +VerifyMode = Require + +[3-renegotiate-client-auth-require-client] +Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-3] +ExpectedResult = Success +HandshakeMode = RenegotiateServer +Method = DTLS +ResumptionExpected = No + + +# =========================================================== + +[4-renegotiate-client-auth-once] +ssl_conf = 4-renegotiate-client-auth-once-ssl + +[4-renegotiate-client-auth-once-ssl] +server = 4-renegotiate-client-auth-once-server +client = 4-renegotiate-client-auth-once-client + +[4-renegotiate-client-auth-once-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem +VerifyMode = Once + +[4-renegotiate-client-auth-once-client] +Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-4] +ExpectedResult = Success +HandshakeMode = RenegotiateServer +Method = DTLS +ResumptionExpected = No + + +# =========================================================== + +[5-renegotiate-aead-to-non-aead] +ssl_conf = 5-renegotiate-aead-to-non-aead-ssl + +[5-renegotiate-aead-to-non-aead-ssl] +server = 5-renegotiate-aead-to-non-aead-server +client = 5-renegotiate-aead-to-non-aead-client + +[5-renegotiate-aead-to-non-aead-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +Options = NoResumptionOnRenegotiation +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[5-renegotiate-aead-to-non-aead-client] +CipherString = AES128-GCM-SHA256 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-5] +ExpectedResult = Success +HandshakeMode = RenegotiateClient +Method = DTLS +ResumptionExpected = No +client = 5-renegotiate-aead-to-non-aead-client-extra + +[5-renegotiate-aead-to-non-aead-client-extra] +RenegotiateCiphers = AES128-SHA + + +# =========================================================== + +[6-renegotiate-non-aead-to-aead] +ssl_conf = 6-renegotiate-non-aead-to-aead-ssl + +[6-renegotiate-non-aead-to-aead-ssl] +server = 6-renegotiate-non-aead-to-aead-server +client = 6-renegotiate-non-aead-to-aead-client + +[6-renegotiate-non-aead-to-aead-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +Options = NoResumptionOnRenegotiation +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[6-renegotiate-non-aead-to-aead-client] +CipherString = AES128-SHA +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-6] +ExpectedResult = Success +HandshakeMode = RenegotiateClient +Method = DTLS +ResumptionExpected = No +client = 6-renegotiate-non-aead-to-aead-client-extra + +[6-renegotiate-non-aead-to-aead-client-extra] +RenegotiateCiphers = AES128-GCM-SHA256 + + +# =========================================================== + +[7-renegotiate-non-aead-to-non-aead] +ssl_conf = 7-renegotiate-non-aead-to-non-aead-ssl + +[7-renegotiate-non-aead-to-non-aead-ssl] +server = 7-renegotiate-non-aead-to-non-aead-server +client = 7-renegotiate-non-aead-to-non-aead-client + +[7-renegotiate-non-aead-to-non-aead-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +Options = NoResumptionOnRenegotiation +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[7-renegotiate-non-aead-to-non-aead-client] +CipherString = AES128-SHA +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-7] +ExpectedResult = Success +HandshakeMode = RenegotiateClient +Method = DTLS +ResumptionExpected = No +client = 7-renegotiate-non-aead-to-non-aead-client-extra + +[7-renegotiate-non-aead-to-non-aead-client-extra] +RenegotiateCiphers = AES256-SHA + + +# =========================================================== + +[8-renegotiate-aead-to-aead] +ssl_conf = 8-renegotiate-aead-to-aead-ssl + +[8-renegotiate-aead-to-aead-ssl] +server = 8-renegotiate-aead-to-aead-server +client = 8-renegotiate-aead-to-aead-client + +[8-renegotiate-aead-to-aead-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +Options = NoResumptionOnRenegotiation +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[8-renegotiate-aead-to-aead-client] +CipherString = AES128-GCM-SHA256 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-8] +ExpectedResult = Success +HandshakeMode = RenegotiateClient +Method = DTLS +ResumptionExpected = No +client = 8-renegotiate-aead-to-aead-client-extra + +[8-renegotiate-aead-to-aead-client-extra] +RenegotiateCiphers = AES256-GCM-SHA384 + + diff --git a/openssl-1.1.0h/test/ssl-tests/18-dtls-renegotiate.conf.in b/openssl-1.1.0h/test/ssl-tests/18-dtls-renegotiate.conf.in new file mode 100644 index 0000000..7a65a85 --- /dev/null +++ b/openssl-1.1.0h/test/ssl-tests/18-dtls-renegotiate.conf.in @@ -0,0 +1,174 @@ +# -*- mode: perl; -*- +# Copyright 2016-2016 The OpenSSL Project Authors. All Rights Reserved. +# +# Licensed under the OpenSSL license (the "License"). You may not use +# this file except in compliance with the License. You can obtain a copy +# in the file LICENSE in the source distribution or at +# https://www.openssl.org/source/license.html + + +## Test Renegotiation + +use strict; +use warnings; + +package ssltests; +use OpenSSL::Test::Utils; + +our @tests = ( + { + name => "renegotiate-client-no-resume", + server => { + "Options" => "NoResumptionOnRenegotiation" + }, + client => {}, + test => { + "Method" => "DTLS", + "HandshakeMode" => "RenegotiateClient", + "ResumptionExpected" => "No", + "ExpectedResult" => "Success" + } + }, + { + name => "renegotiate-client-resume", + server => {}, + client => {}, + test => { + "Method" => "DTLS", + "HandshakeMode" => "RenegotiateClient", + "ResumptionExpected" => "Yes", + "ExpectedResult" => "Success" + } + }, +# Note: Unlike the TLS tests, we will never do resumption with server +# initiated reneg. This is because an OpenSSL DTLS client will always do a full +# handshake (i.e. it doesn't supply a session id) when it receives a +# HelloRequest. This is different to the OpenSSL TLS implementation where an +# OpenSSL client will always try an abbreviated handshake (i.e. it will supply +# the session id). This goes all the way to commit 48ae85b6f when abbreviated +# handshake support was first added. Neither behaviour is wrong, but the +# discrepancy is strange. TODO: Should we harmonise the TLS and DTLS behaviour, +# and if so, what to? + { + name => "renegotiate-server-resume", + server => {}, + client => {}, + test => { + "Method" => "DTLS", + "HandshakeMode" => "RenegotiateServer", + "ResumptionExpected" => "No", + "ExpectedResult" => "Success" + } + }, + { + name => "renegotiate-client-auth-require", + server => { + "VerifyCAFile" => test_pem("root-cert.pem"), + "VerifyMode" => "Require", + }, + client => { + "Certificate" => test_pem("ee-client-chain.pem"), + "PrivateKey" => test_pem("ee-key.pem"), + }, + test => { + "Method" => "DTLS", + "HandshakeMode" => "RenegotiateServer", + "ResumptionExpected" => "No", + "ExpectedResult" => "Success" + } + }, + { + name => "renegotiate-client-auth-once", + server => { + "VerifyCAFile" => test_pem("root-cert.pem"), + "VerifyMode" => "Once", + }, + client => { + "Certificate" => test_pem("ee-client-chain.pem"), + "PrivateKey" => test_pem("ee-key.pem"), + }, + test => { + "Method" => "DTLS", + "HandshakeMode" => "RenegotiateServer", + "ResumptionExpected" => "No", + "ExpectedResult" => "Success" + } + } +); +our @tests_dtls1_2 = ( + { + name => "renegotiate-aead-to-non-aead", + server => { + "Options" => "NoResumptionOnRenegotiation" + }, + client => { + "CipherString" => "AES128-GCM-SHA256", + extra => { + "RenegotiateCiphers" => "AES128-SHA" + } + }, + test => { + "Method" => "DTLS", + "HandshakeMode" => "RenegotiateClient", + "ResumptionExpected" => "No", + "ExpectedResult" => "Success" + } + }, + { + name => "renegotiate-non-aead-to-aead", + server => { + "Options" => "NoResumptionOnRenegotiation" + }, + client => { + "CipherString" => "AES128-SHA", + extra => { + "RenegotiateCiphers" => "AES128-GCM-SHA256" + } + }, + test => { + "Method" => "DTLS", + "HandshakeMode" => "RenegotiateClient", + "ResumptionExpected" => "No", + "ExpectedResult" => "Success" + } + }, + { + name => "renegotiate-non-aead-to-non-aead", + server => { + "Options" => "NoResumptionOnRenegotiation" + }, + client => { + "CipherString" => "AES128-SHA", + extra => { + "RenegotiateCiphers" => "AES256-SHA" + } + }, + test => { + "Method" => "DTLS", + "HandshakeMode" => "RenegotiateClient", + "ResumptionExpected" => "No", + "ExpectedResult" => "Success" + } + }, + { + name => "renegotiate-aead-to-aead", + server => { + "Options" => "NoResumptionOnRenegotiation" + }, + client => { + "CipherString" => "AES128-GCM-SHA256", + extra => { + "RenegotiateCiphers" => "AES256-GCM-SHA384" + } + }, + test => { + "Method" => "DTLS", + "HandshakeMode" => "RenegotiateClient", + "ResumptionExpected" => "No", + "ExpectedResult" => "Success" + } + }, +); + + +push @tests, @tests_dtls1_2 unless disabled("dtls1_2"); diff --git a/openssl-1.1.0h/test/ssl-tests/19-mac-then-encrypt.conf b/openssl-1.1.0h/test/ssl-tests/19-mac-then-encrypt.conf new file mode 100644 index 0000000..40480ed --- /dev/null +++ b/openssl-1.1.0h/test/ssl-tests/19-mac-then-encrypt.conf @@ -0,0 +1,156 @@ +# Generated with generate_ssl_tests.pl + +num_tests = 6 + +test-0 = 0-disable-encrypt-then-mac-server-sha +test-1 = 1-disable-encrypt-then-mac-client-sha +test-2 = 2-disable-encrypt-then-mac-both-sha +test-3 = 3-disable-encrypt-then-mac-server-sha2 +test-4 = 4-disable-encrypt-then-mac-client-sha2 +test-5 = 5-disable-encrypt-then-mac-both-sha2 +# =========================================================== + +[0-disable-encrypt-then-mac-server-sha] +ssl_conf = 0-disable-encrypt-then-mac-server-sha-ssl + +[0-disable-encrypt-then-mac-server-sha-ssl] +server = 0-disable-encrypt-then-mac-server-sha-server +client = 0-disable-encrypt-then-mac-server-sha-client + +[0-disable-encrypt-then-mac-server-sha-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +Options = -EncryptThenMac +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[0-disable-encrypt-then-mac-server-sha-client] +CipherString = AES128-SHA +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-0] +ExpectedResult = Success + + +# =========================================================== + +[1-disable-encrypt-then-mac-client-sha] +ssl_conf = 1-disable-encrypt-then-mac-client-sha-ssl + +[1-disable-encrypt-then-mac-client-sha-ssl] +server = 1-disable-encrypt-then-mac-client-sha-server +client = 1-disable-encrypt-then-mac-client-sha-client + +[1-disable-encrypt-then-mac-client-sha-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[1-disable-encrypt-then-mac-client-sha-client] +CipherString = AES128-SHA +Options = -EncryptThenMac +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-1] +ExpectedResult = Success + + +# =========================================================== + +[2-disable-encrypt-then-mac-both-sha] +ssl_conf = 2-disable-encrypt-then-mac-both-sha-ssl + +[2-disable-encrypt-then-mac-both-sha-ssl] +server = 2-disable-encrypt-then-mac-both-sha-server +client = 2-disable-encrypt-then-mac-both-sha-client + +[2-disable-encrypt-then-mac-both-sha-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +Options = -EncryptThenMac +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[2-disable-encrypt-then-mac-both-sha-client] +CipherString = AES128-SHA +Options = -EncryptThenMac +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-2] +ExpectedResult = Success + + +# =========================================================== + +[3-disable-encrypt-then-mac-server-sha2] +ssl_conf = 3-disable-encrypt-then-mac-server-sha2-ssl + +[3-disable-encrypt-then-mac-server-sha2-ssl] +server = 3-disable-encrypt-then-mac-server-sha2-server +client = 3-disable-encrypt-then-mac-server-sha2-client + +[3-disable-encrypt-then-mac-server-sha2-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +Options = -EncryptThenMac +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[3-disable-encrypt-then-mac-server-sha2-client] +CipherString = AES128-SHA256 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-3] +ExpectedResult = Success + + +# =========================================================== + +[4-disable-encrypt-then-mac-client-sha2] +ssl_conf = 4-disable-encrypt-then-mac-client-sha2-ssl + +[4-disable-encrypt-then-mac-client-sha2-ssl] +server = 4-disable-encrypt-then-mac-client-sha2-server +client = 4-disable-encrypt-then-mac-client-sha2-client + +[4-disable-encrypt-then-mac-client-sha2-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[4-disable-encrypt-then-mac-client-sha2-client] +CipherString = AES128-SHA256 +Options = -EncryptThenMac +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-4] +ExpectedResult = Success + + +# =========================================================== + +[5-disable-encrypt-then-mac-both-sha2] +ssl_conf = 5-disable-encrypt-then-mac-both-sha2-ssl + +[5-disable-encrypt-then-mac-both-sha2-ssl] +server = 5-disable-encrypt-then-mac-both-sha2-server +client = 5-disable-encrypt-then-mac-both-sha2-client + +[5-disable-encrypt-then-mac-both-sha2-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +Options = -EncryptThenMac +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[5-disable-encrypt-then-mac-both-sha2-client] +CipherString = AES128-SHA256 +Options = -EncryptThenMac +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-5] +ExpectedResult = Success + + diff --git a/openssl-1.1.0h/test/ssl-tests/19-mac-then-encrypt.conf.in b/openssl-1.1.0h/test/ssl-tests/19-mac-then-encrypt.conf.in new file mode 100644 index 0000000..01afe25 --- /dev/null +++ b/openssl-1.1.0h/test/ssl-tests/19-mac-then-encrypt.conf.in @@ -0,0 +1,89 @@ +# -*- mode: perl; -*- +# Copyright 2016-2016 The OpenSSL Project Authors. All Rights Reserved. +# +# Licensed under the OpenSSL license (the "License"). You may not use +# this file except in compliance with the License. You can obtain a copy +# in the file LICENSE in the source distribution or at +# https://www.openssl.org/source/license.html + + +## SSL test configurations + +package ssltests; + +our @tests = ( + { + name => "disable-encrypt-then-mac-server-sha", + server => { + "Options" => "-EncryptThenMac", + }, + client => { + "CipherString" => "AES128-SHA", + }, + test => { + "ExpectedResult" => "Success", + }, + }, + { + name => "disable-encrypt-then-mac-client-sha", + server => { + }, + client => { + "CipherString" => "AES128-SHA", + "Options" => "-EncryptThenMac", + }, + test => { + "ExpectedResult" => "Success", + }, + }, + { + name => "disable-encrypt-then-mac-both-sha", + server => { + "Options" => "-EncryptThenMac", + }, + client => { + "CipherString" => "AES128-SHA", + "Options" => "-EncryptThenMac", + }, + test => { + "ExpectedResult" => "Success", + }, + }, + { + name => "disable-encrypt-then-mac-server-sha2", + server => { + "Options" => "-EncryptThenMac", + }, + client => { + "CipherString" => "AES128-SHA256", + }, + test => { + "ExpectedResult" => "Success", + }, + }, + { + name => "disable-encrypt-then-mac-client-sha2", + server => { + }, + client => { + "CipherString" => "AES128-SHA256", + "Options" => "-EncryptThenMac", + }, + test => { + "ExpectedResult" => "Success", + }, + }, + { + name => "disable-encrypt-then-mac-both-sha2", + server => { + "Options" => "-EncryptThenMac", + }, + client => { + "CipherString" => "AES128-SHA256", + "Options" => "-EncryptThenMac", + }, + test => { + "ExpectedResult" => "Success", + }, + }, +); diff --git a/openssl-1.1.0h/test/ssl-tests/protocol_version.pm b/openssl-1.1.0h/test/ssl-tests/protocol_version.pm new file mode 100644 index 0000000..c711362 --- /dev/null +++ b/openssl-1.1.0h/test/ssl-tests/protocol_version.pm @@ -0,0 +1,247 @@ +# -*- mode: perl; -*- +# Copyright 2016-2016 The OpenSSL Project Authors. All Rights Reserved. +# +# Licensed under the OpenSSL license (the "License"). You may not use +# this file except in compliance with the License. You can obtain a copy +# in the file LICENSE in the source distribution or at +# https://www.openssl.org/source/license.html + + +## Test version negotiation + +package ssltests; + +use strict; +use warnings; + +use List::Util qw/max min/; + +use OpenSSL::Test; +use OpenSSL::Test::Utils qw/anydisabled alldisabled/; +setup("no_test_here"); + +my @tls_protocols = ("SSLv3", "TLSv1", "TLSv1.1", "TLSv1.2"); +# undef stands for "no limit". +my @min_tls_protocols = (undef, "SSLv3", "TLSv1", "TLSv1.1", "TLSv1.2"); +my @max_tls_protocols = ("SSLv3", "TLSv1", "TLSv1.1", "TLSv1.2", undef); + +my @is_tls_disabled = anydisabled("ssl3", "tls1", "tls1_1", "tls1_2"); + +my $min_tls_enabled; my $max_tls_enabled; + +# Protocol configuration works in cascades, i.e., +# $no_tls1_1 disables TLSv1.1 and below. +# +# $min_enabled and $max_enabled will be correct if there is at least one +# protocol enabled. +foreach my $i (0..$#tls_protocols) { + if (!$is_tls_disabled[$i]) { + $min_tls_enabled = $i; + last; + } +} + +foreach my $i (0..$#tls_protocols) { + if (!$is_tls_disabled[$i]) { + $max_tls_enabled = $i; + } +} + +my @dtls_protocols = ("DTLSv1", "DTLSv1.2"); +# undef stands for "no limit". +my @min_dtls_protocols = (undef, "DTLSv1", "DTLSv1.2"); +my @max_dtls_protocols = ("DTLSv1", "DTLSv1.2", undef); + +my @is_dtls_disabled = anydisabled("dtls1", "dtls1_2"); + +my $min_dtls_enabled; my $max_dtls_enabled; + +# $min_enabled and $max_enabled will be correct if there is at least one +# protocol enabled. +foreach my $i (0..$#dtls_protocols) { + if (!$is_dtls_disabled[$i]) { + $min_dtls_enabled = $i; + last; + } +} + +foreach my $i (0..$#dtls_protocols) { + if (!$is_dtls_disabled[$i]) { + $max_dtls_enabled = $i; + } +} + +sub no_tests { + my ($dtls) = @_; + return $dtls ? alldisabled("dtls1", "dtls1_2") : + alldisabled("ssl3", "tls1", "tls1_1", "tls1_2"); +} + +sub generate_version_tests { + my ($method) = @_; + + my $dtls = $method eq "DTLS"; + # Don't write the redundant "Method = TLS" into the configuration. + undef $method if !$dtls; + + my @protocols = $dtls ? @dtls_protocols : @tls_protocols; + my @min_protocols = $dtls ? @min_dtls_protocols : @min_tls_protocols; + my @max_protocols = $dtls ? @max_dtls_protocols : @max_tls_protocols; + my $min_enabled = $dtls ? $min_dtls_enabled : $min_tls_enabled; + my $max_enabled = $dtls ? $max_dtls_enabled : $max_tls_enabled; + + if (no_tests($dtls)) { + return; + } + + my @tests = (); + + foreach my $c_min (0..$#min_protocols) { + my $c_max_min = $c_min == 0 ? 0 : $c_min - 1; + foreach my $c_max ($c_max_min..$#max_protocols) { + foreach my $s_min (0..$#min_protocols) { + my $s_max_min = $s_min == 0 ? 0 : $s_min - 1; + foreach my $s_max ($s_max_min..$#max_protocols) { + my ($result, $protocol) = + expected_result($c_min, $c_max, $s_min, $s_max, + $min_enabled, $max_enabled, \@protocols); + push @tests, { + "name" => "version-negotiation", + "client" => { + "MinProtocol" => $min_protocols[$c_min], + "MaxProtocol" => $max_protocols[$c_max], + }, + "server" => { + "MinProtocol" => $min_protocols[$s_min], + "MaxProtocol" => $max_protocols[$s_max], + }, + "test" => { + "ExpectedResult" => $result, + "ExpectedProtocol" => $protocol, + "Method" => $method, + } + }; + } + } + } + } + return @tests; +} + +sub generate_resumption_tests { + my ($method) = @_; + + my $dtls = $method eq "DTLS"; + # Don't write the redundant "Method = TLS" into the configuration. + undef $method if !$dtls; + + my @protocols = $dtls ? @dtls_protocols : @tls_protocols; + my $min_enabled = $dtls ? $min_dtls_enabled : $min_tls_enabled; + + if (no_tests($dtls)) { + return; + } + + my @server_tests = (); + my @client_tests = (); + + # Obtain the first session against a fixed-version server/client. + foreach my $original_protocol($min_enabled..$#protocols) { + # Upgrade or downgrade the server/client max version support and test + # that it upgrades, downgrades or resumes the session as well. + foreach my $resume_protocol($min_enabled..$#protocols) { + my $resumption_expected; + # We should only resume on exact version match. + if ($original_protocol eq $resume_protocol) { + $resumption_expected = "Yes"; + } else { + $resumption_expected = "No"; + } + + foreach my $ticket ("SessionTicket", "-SessionTicket") { + # Client is flexible, server upgrades/downgrades. + push @server_tests, { + "name" => "resumption", + "client" => { }, + "server" => { + "MinProtocol" => $protocols[$original_protocol], + "MaxProtocol" => $protocols[$original_protocol], + "Options" => $ticket, + }, + "resume_server" => { + "MaxProtocol" => $protocols[$resume_protocol], + }, + "test" => { + "ExpectedProtocol" => $protocols[$resume_protocol], + "Method" => $method, + "HandshakeMode" => "Resume", + "ResumptionExpected" => $resumption_expected, + } + }; + # Server is flexible, client upgrades/downgrades. + push @client_tests, { + "name" => "resumption", + "client" => { + "MinProtocol" => $protocols[$original_protocol], + "MaxProtocol" => $protocols[$original_protocol], + }, + "server" => { + "Options" => $ticket, + }, + "resume_client" => { + "MaxProtocol" => $protocols[$resume_protocol], + }, + "test" => { + "ExpectedProtocol" => $protocols[$resume_protocol], + "Method" => $method, + "HandshakeMode" => "Resume", + "ResumptionExpected" => $resumption_expected, + } + }; + } + } + } + + return (@server_tests, @client_tests); +} + +sub expected_result { + my ($c_min, $c_max, $s_min, $s_max, $min_enabled, $max_enabled, + $protocols) = @_; + + # Adjust for "undef" (no limit). + $c_min = $c_min == 0 ? 0 : $c_min - 1; + $c_max = $c_max == scalar @$protocols ? $c_max - 1 : $c_max; + $s_min = $s_min == 0 ? 0 : $s_min - 1; + $s_max = $s_max == scalar @$protocols ? $s_max - 1 : $s_max; + + # We now have at least one protocol enabled, so $min_enabled and + # $max_enabled are well-defined. + $c_min = max $c_min, $min_enabled; + $s_min = max $s_min, $min_enabled; + $c_max = min $c_max, $max_enabled; + $s_max = min $s_max, $max_enabled; + + if ($c_min > $c_max) { + # Client should fail to even send a hello. + # This results in an internal error since the server will be + # waiting for input that never arrives. + return ("InternalError", undef); + } elsif ($s_min > $s_max) { + # Server has no protocols, should always fail. + return ("ServerFail", undef); + } elsif ($s_min > $c_max) { + # Server doesn't support the client range. + return ("ServerFail", undef); + } elsif ($c_min > $s_max) { + # Server will try with a version that is lower than the lowest + # supported client version. + return ("ClientFail", undef); + } else { + # Server and client ranges overlap. + my $max_common = $s_max < $c_max ? $s_max : $c_max; + return ("Success", $protocols->[$max_common]); + } +} + +1; diff --git a/openssl-1.1.0h/test/ssl-tests/ssltests_base.pm b/openssl-1.1.0h/test/ssl-tests/ssltests_base.pm new file mode 100644 index 0000000..dc81642 --- /dev/null +++ b/openssl-1.1.0h/test/ssl-tests/ssltests_base.pm @@ -0,0 +1,30 @@ +# -*- mode: perl; -*- +# Copyright 2016 The OpenSSL Project Authors. All Rights Reserved. +# +# Licensed under the OpenSSL license (the "License"). You may not use +# this file except in compliance with the License. You can obtain a copy +# in the file LICENSE in the source distribution or at +# https://www.openssl.org/source/license.html + +## SSL test configurations + +package ssltests; + +sub test_pem +{ + my ($file) = @_; + my $dir_sep = $^O ne "VMS" ? "/" : ""; + return "\${ENV::TEST_CERTS_DIR}" . $dir_sep . $file, +} + +our %base_server = ( + "Certificate" => test_pem("servercert.pem"), + "PrivateKey" => test_pem("serverkey.pem"), + "CipherString" => "DEFAULT", +); + +our %base_client = ( + "VerifyCAFile" => test_pem("rootcert.pem"), + "VerifyMode" => "Peer", + "CipherString" => "DEFAULT", +); diff --git a/openssl-1.1.0h/test/ssl_test.c b/openssl-1.1.0h/test/ssl_test.c new file mode 100644 index 0000000..2cbbddd --- /dev/null +++ b/openssl-1.1.0h/test/ssl_test.c @@ -0,0 +1,371 @@ +/* + * Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#include +#include + +#include +#include +#include + +#include "handshake_helper.h" +#include "ssl_test_ctx.h" +#include "testutil.h" + +static CONF *conf = NULL; + +/* Currently the section names are of the form test-, e.g. test-15. */ +#define MAX_TESTCASE_NAME_LENGTH 100 + +typedef struct ssl_test_ctx_test_fixture { + const char *test_case_name; + char test_app[MAX_TESTCASE_NAME_LENGTH]; +} SSL_TEST_FIXTURE; + +static SSL_TEST_FIXTURE set_up(const char *const test_case_name) +{ + SSL_TEST_FIXTURE fixture; + fixture.test_case_name = test_case_name; + return fixture; +} + +static const char *print_alert(int alert) +{ + return alert ? SSL_alert_desc_string_long(alert) : "no alert"; +} + +static int check_result(HANDSHAKE_RESULT *result, SSL_TEST_CTX *test_ctx) +{ + if (result->result != test_ctx->expected_result) { + fprintf(stderr, "ExpectedResult mismatch: expected %s, got %s.\n", + ssl_test_result_name(test_ctx->expected_result), + ssl_test_result_name(result->result)); + return 0; + } + return 1; +} + +static int check_alerts(HANDSHAKE_RESULT *result, SSL_TEST_CTX *test_ctx) +{ + if (result->client_alert_sent != result->client_alert_received) { + fprintf(stderr, "Client sent alert %s but server received %s\n.", + print_alert(result->client_alert_sent), + print_alert(result->client_alert_received)); + /* + * We can't bail here because the peer doesn't always get far enough + * to process a received alert. Specifically, in protocol version + * negotiation tests, we have the following scenario. + * Client supports TLS v1.2 only; Server supports TLS v1.1. + * Client proposes TLS v1.2; server responds with 1.1; + * Client now sends a protocol alert, using TLS v1.2 in the header. + * The server, however, rejects the alert because of version mismatch + * in the record layer; therefore, the server appears to never + * receive the alert. + */ + /* return 0; */ + } + + if (result->server_alert_sent != result->server_alert_received) { + fprintf(stderr, "Server sent alert %s but client received %s\n.", + print_alert(result->server_alert_sent), + print_alert(result->server_alert_received)); + /* return 0; */ + } + + /* Tolerate an alert if one wasn't explicitly specified in the test. */ + if (test_ctx->expected_client_alert + /* + * The info callback alert value is computed as + * (s->s3->send_alert[0] << 8) | s->s3->send_alert[1] + * where the low byte is the alert code and the high byte is other stuff. + */ + && (result->client_alert_sent & 0xff) != test_ctx->expected_client_alert) { + fprintf(stderr, "ClientAlert mismatch: expected %s, got %s.\n", + print_alert(test_ctx->expected_client_alert), + print_alert(result->client_alert_sent)); + return 0; + } + + if (test_ctx->expected_server_alert + && (result->server_alert_sent & 0xff) != test_ctx->expected_server_alert) { + fprintf(stderr, "ServerAlert mismatch: expected %s, got %s.\n", + print_alert(test_ctx->expected_server_alert), + print_alert(result->server_alert_sent)); + return 0; + } + + if (result->client_num_fatal_alerts_sent > 1) { + fprintf(stderr, "Client sent %d fatal alerts.\n", + result->client_num_fatal_alerts_sent); + return 0; + } + if (result->server_num_fatal_alerts_sent > 1) { + fprintf(stderr, "Server sent %d alerts.\n", + result->server_num_fatal_alerts_sent); + return 0; + } + return 1; +} + +static int check_protocol(HANDSHAKE_RESULT *result, SSL_TEST_CTX *test_ctx) +{ + if (result->client_protocol != result->server_protocol) { + fprintf(stderr, "Client has protocol %s but server has %s\n.", + ssl_protocol_name(result->client_protocol), + ssl_protocol_name(result->server_protocol)); + return 0; + } + + if (test_ctx->expected_protocol) { + if (result->client_protocol != test_ctx->expected_protocol) { + fprintf(stderr, "Protocol mismatch: expected %s, got %s.\n", + ssl_protocol_name(test_ctx->expected_protocol), + ssl_protocol_name(result->client_protocol)); + return 0; + } + } + return 1; +} + +static int check_servername(HANDSHAKE_RESULT *result, SSL_TEST_CTX *test_ctx) +{ + if (result->servername != test_ctx->expected_servername) { + fprintf(stderr, "Client ServerName mismatch, expected %s, got %s\n.", + ssl_servername_name(test_ctx->expected_servername), + ssl_servername_name(result->servername)); + return 0; + } + return 1; +} + +static int check_session_ticket(HANDSHAKE_RESULT *result, SSL_TEST_CTX *test_ctx) +{ + if (test_ctx->session_ticket_expected == SSL_TEST_SESSION_TICKET_IGNORE) + return 1; + if (result->session_ticket != test_ctx->session_ticket_expected) { + fprintf(stderr, "Client SessionTicketExpected mismatch, expected %s, got %s\n.", + ssl_session_ticket_name(test_ctx->session_ticket_expected), + ssl_session_ticket_name(result->session_ticket)); + return 0; + } + return 1; +} + +#ifndef OPENSSL_NO_NEXTPROTONEG +static int check_npn(HANDSHAKE_RESULT *result, SSL_TEST_CTX *test_ctx) +{ + int ret = 1; + ret &= strings_equal("NPN Negotiated (client vs server)", + result->client_npn_negotiated, + result->server_npn_negotiated); + ret &= strings_equal("ExpectedNPNProtocol", + test_ctx->expected_npn_protocol, + result->client_npn_negotiated); + return ret; +} +#endif + +static int check_alpn(HANDSHAKE_RESULT *result, SSL_TEST_CTX *test_ctx) +{ + int ret = 1; + ret &= strings_equal("ALPN Negotiated (client vs server)", + result->client_alpn_negotiated, + result->server_alpn_negotiated); + ret &= strings_equal("ExpectedALPNProtocol", + test_ctx->expected_alpn_protocol, + result->client_alpn_negotiated); + return ret; +} + +static int check_resumption(HANDSHAKE_RESULT *result, SSL_TEST_CTX *test_ctx) +{ + if (result->client_resumed != result->server_resumed) { + fprintf(stderr, "Resumption mismatch (client vs server): %d vs %d\n", + result->client_resumed, result->server_resumed); + return 0; + } + if (result->client_resumed != test_ctx->resumption_expected) { + fprintf(stderr, "ResumptionExpected mismatch: %d vs %d\n", + test_ctx->resumption_expected, result->client_resumed); + return 0; + } + return 1; +} + +static int check_tmp_key(HANDSHAKE_RESULT *result, SSL_TEST_CTX *test_ctx) +{ + if (test_ctx->expected_tmp_key_type == 0 + || test_ctx->expected_tmp_key_type == result->tmp_key_type) + return 1; + fprintf(stderr, "Tmp key type mismatch, %s vs %s\n", + OBJ_nid2ln(test_ctx->expected_tmp_key_type), + OBJ_nid2ln(result->tmp_key_type)); + return 0; +} + +/* + * This could be further simplified by constructing an expected + * HANDSHAKE_RESULT, and implementing comparison methods for + * its fields. + */ +static int check_test(HANDSHAKE_RESULT *result, SSL_TEST_CTX *test_ctx) +{ + int ret = 1; + ret &= check_result(result, test_ctx); + ret &= check_alerts(result, test_ctx); + if (result->result == SSL_TEST_SUCCESS) { + ret &= check_protocol(result, test_ctx); + ret &= check_servername(result, test_ctx); + ret &= check_session_ticket(result, test_ctx); + ret &= (result->session_ticket_do_not_call == 0); +#ifndef OPENSSL_NO_NEXTPROTONEG + ret &= check_npn(result, test_ctx); +#endif + ret &= check_alpn(result, test_ctx); + ret &= check_resumption(result, test_ctx); + ret &= check_tmp_key(result, test_ctx); + } + return ret; +} + +static int execute_test(SSL_TEST_FIXTURE fixture) +{ + int ret = 0; + SSL_CTX *server_ctx = NULL, *server2_ctx = NULL, *client_ctx = NULL, + *resume_server_ctx = NULL, *resume_client_ctx = NULL; + SSL_TEST_CTX *test_ctx = NULL; + HANDSHAKE_RESULT *result = NULL; + + test_ctx = SSL_TEST_CTX_create(conf, fixture.test_app); + if (test_ctx == NULL) + goto err; + +#ifndef OPENSSL_NO_DTLS + if (test_ctx->method == SSL_TEST_METHOD_DTLS) { + server_ctx = SSL_CTX_new(DTLS_server_method()); + TEST_check(SSL_CTX_set_max_proto_version(server_ctx, DTLS_MAX_VERSION)); + if (test_ctx->extra.server.servername_callback != + SSL_TEST_SERVERNAME_CB_NONE) { + server2_ctx = SSL_CTX_new(DTLS_server_method()); + TEST_check(server2_ctx != NULL); + } + client_ctx = SSL_CTX_new(DTLS_client_method()); + TEST_check(SSL_CTX_set_max_proto_version(client_ctx, DTLS_MAX_VERSION)); + if (test_ctx->handshake_mode == SSL_TEST_HANDSHAKE_RESUME) { + resume_server_ctx = SSL_CTX_new(DTLS_server_method()); + TEST_check(SSL_CTX_set_max_proto_version(resume_server_ctx, + DTLS_MAX_VERSION)); + resume_client_ctx = SSL_CTX_new(DTLS_client_method()); + TEST_check(SSL_CTX_set_max_proto_version(resume_client_ctx, + DTLS_MAX_VERSION)); + TEST_check(resume_server_ctx != NULL); + TEST_check(resume_client_ctx != NULL); + } + } +#endif + if (test_ctx->method == SSL_TEST_METHOD_TLS) { + server_ctx = SSL_CTX_new(TLS_server_method()); + TEST_check(SSL_CTX_set_max_proto_version(server_ctx, TLS_MAX_VERSION)); + /* SNI on resumption isn't supported/tested yet. */ + if (test_ctx->extra.server.servername_callback != + SSL_TEST_SERVERNAME_CB_NONE) { + server2_ctx = SSL_CTX_new(TLS_server_method()); + TEST_check(server2_ctx != NULL); + } + client_ctx = SSL_CTX_new(TLS_client_method()); + TEST_check(SSL_CTX_set_max_proto_version(client_ctx, TLS_MAX_VERSION)); + + if (test_ctx->handshake_mode == SSL_TEST_HANDSHAKE_RESUME) { + resume_server_ctx = SSL_CTX_new(TLS_server_method()); + TEST_check(SSL_CTX_set_max_proto_version(resume_server_ctx, + TLS_MAX_VERSION)); + resume_client_ctx = SSL_CTX_new(TLS_client_method()); + TEST_check(SSL_CTX_set_max_proto_version(resume_client_ctx, + TLS_MAX_VERSION)); + TEST_check(resume_server_ctx != NULL); + TEST_check(resume_client_ctx != NULL); + } + } + + TEST_check(server_ctx != NULL); + TEST_check(client_ctx != NULL); + + TEST_check(CONF_modules_load(conf, fixture.test_app, 0) > 0); + + if (!SSL_CTX_config(server_ctx, "server") + || !SSL_CTX_config(client_ctx, "client")) { + goto err; + } + + if (server2_ctx != NULL && !SSL_CTX_config(server2_ctx, "server2")) + goto err; + if (resume_server_ctx != NULL + && !SSL_CTX_config(resume_server_ctx, "resume-server")) + goto err; + if (resume_client_ctx != NULL + && !SSL_CTX_config(resume_client_ctx, "resume-client")) + goto err; + + result = do_handshake(server_ctx, server2_ctx, client_ctx, + resume_server_ctx, resume_client_ctx, test_ctx); + + ret = check_test(result, test_ctx); + +err: + CONF_modules_unload(0); + SSL_CTX_free(server_ctx); + SSL_CTX_free(server2_ctx); + SSL_CTX_free(client_ctx); + SSL_CTX_free(resume_server_ctx); + SSL_CTX_free(resume_client_ctx); + SSL_TEST_CTX_free(test_ctx); + if (ret != 1) + ERR_print_errors_fp(stderr); + HANDSHAKE_RESULT_free(result); + return ret; +} + +static void tear_down(SSL_TEST_FIXTURE fixture) +{ +} + +#define SETUP_SSL_TEST_FIXTURE() \ + SETUP_TEST_FIXTURE(SSL_TEST_FIXTURE, set_up) +#define EXECUTE_SSL_TEST() \ + EXECUTE_TEST(execute_test, tear_down) + +static int test_handshake(int idx) +{ + SETUP_SSL_TEST_FIXTURE(); + BIO_snprintf(fixture.test_app, sizeof(fixture.test_app), + "test-%d", idx); + EXECUTE_SSL_TEST(); +} + +int main(int argc, char **argv) +{ + int result = 0; + long num_tests; + + if (argc != 2) + return 1; + + conf = NCONF_new(NULL); + TEST_check(conf != NULL); + + /* argv[1] should point to the test conf file */ + TEST_check(NCONF_load(conf, argv[1], NULL) > 0); + + TEST_check(NCONF_get_number_e(conf, NULL, "num_tests", &num_tests)); + + ADD_ALL_TESTS(test_handshake, (int)(num_tests)); + result = run_tests(argv[0]); + + return result; +} diff --git a/openssl-1.1.0h/test/ssl_test.tmpl b/openssl-1.1.0h/test/ssl_test.tmpl new file mode 100644 index 0000000..9506837 --- /dev/null +++ b/openssl-1.1.0h/test/ssl_test.tmpl @@ -0,0 +1,126 @@ +[{-$testname-}] +ssl_conf = {-$testname-}-ssl + +[{-$testname-}-ssl] +server = {-$testname-}-server +client = {-$testname-}-client{- + # The following sections are optional. + $OUT = ""; + if (%server2) { + $OUT .= "\nserver2 = $testname-server2"; + } elsif ($reuse_server2) { + $OUT .= "\nserver2 = $testname-server"; + } + if (%resume_server) { + $OUT .= "\nresume-server = $testname-resume-server"; + } elsif ($reuse_resume_server) { + $OUT .= "\nresume-server = $testname-server"; + } + if (%resume_client) { + $OUT .= "\nresume-client = $testname-resume-client"; + } elsif ($reuse_resume_client) { + $OUT .= "\nresume-client = $testname-client"; + } +-} + +[{-$testname-}-server] +{- + foreach my $key (sort keys %server) { + # Emitted in the test section. + next if ($key eq "extra"); + $OUT .= qq{$key} . " = " . qq{$server{$key}\n} if defined $server{$key}; + } + if (%server2) { + $OUT .= "\n[$testname-server2]\n"; + foreach my $key (sort keys %server2) { + next if ($key eq "extra"); + $OUT .= qq{$key} . " = " . qq{$server2{$key}\n} if defined $server2{$key}; + } + } + if (%resume_server) { + $OUT .= "\n[$testname-resume-server]\n"; + foreach my $key (sort keys %resume_server) { + next if ($key eq "extra"); + $OUT .= qq{$key} . " = " . qq{$resume_server{$key}\n} if defined $resume_server{$key}; + } + } +-} +[{-$testname-}-client] +{- + foreach my $key (sort keys %client) { + next if ($key eq "extra"); + $OUT .= qq{$key} . " = " . qq{$client{$key}\n} if defined $client{$key}; + } + if (%resume_client) { + $OUT .= "\n[$testname-resume-client]\n"; + foreach my $key (sort keys %resume_client) { + next if ($key eq "extra"); + $OUT .= qq{$key} . " = " . qq{$resume_client{$key}\n} if defined $resume_client{$key}; + } + } +-} +[test-{-$idx-}] +{- + foreach my $key (sort keys %test) { + $OUT .= qq{$key} ." = " . qq{$test{$key}\n} if defined $test{$key}; + } + + # The extra server/client configuration sections. + if ($server{"extra"}) { + $OUT .= "server = $testname-server-extra\n"; + } + if (%server2 && $server2{"extra"}) { + $OUT .= "server2 = $testname-server2-extra\n"; + } elsif ($reuse_server2 && $server{"extra"}) { + $OUT .= "server2 = $testname-server-extra\n"; + } + if (%resume_server && $resume_server{"extra"}) { + $OUT .= "resume-server = $testname-resume-server-extra\n"; + } elsif ($reuse_resume_server && $server{"extra"}) { + $OUT .= "resume-server = $testname-server-extra\n"; + } + if ($client{"extra"}) { + $OUT .= "client = $testname-client-extra\n"; + } + if (%resume_client && $resume_client{"extra"}) { + $OUT .= "resume-client = $testname-resume-client-extra\n"; + } elsif ($reuse_resume_client && $client{"extra"}) { + $OUT .= "resume-client = $testname-client-extra\n"; + } + + if ($server{"extra"}) { + $OUT .= "\n[$testname-server-extra]\n"; + foreach my $key (sort keys %{$server{"extra"}}) { + $OUT .= qq{$key} . " = " . qq{$server{"extra"}{$key}\n} + if defined $server{"extra"}{$key}; + } + } + if (%server2 && $server2{"extra"}) { + $OUT .= "\n[$testname-server2-extra]\n"; + foreach my $key (sort keys %{$server2{"extra"}}) { + $OUT .= qq{$key} . " = " . qq{$server2{"extra"}{$key}\n} + if defined $server2{"extra"}{$key}; + } + } + if (%resume_server && $resume_server{"extra"}) { + $OUT .= "\n[$testname-resume-server-extra]\n"; + foreach my $key (sort keys %{$resume_server{"extra"}}) { + $OUT .= qq{$key} . " = " . qq{$resume_server{"extra"}{$key}\n} + if defined $resume_server{"extra"}{$key}; + } + } + if ($client{"extra"}) { + $OUT .= "\n[$testname-client-extra]\n"; + foreach my $key (sort keys %{$client{"extra"}}) { + $OUT .= qq{$key} . " = " . qq{$client{"extra"}{$key}\n} + if defined $client{"extra"}{$key}; + } + } + if (%resume_client && $resume_client{"extra"}) { + $OUT .= "\n[$testname-resume-client-extra]\n"; + foreach my $key (sort keys %{$resume_client{"extra"}}) { + $OUT .= qq{$key} . " = " . qq{$resume_client{"extra"}{$key}\n} + if defined $resume_client{"extra"}{$key}; + } + } +-} diff --git a/openssl-1.1.0h/test/ssl_test_ctx.c b/openssl-1.1.0h/test/ssl_test_ctx.c new file mode 100644 index 0000000..28ee5c7 --- /dev/null +++ b/openssl-1.1.0h/test/ssl_test_ctx.c @@ -0,0 +1,662 @@ +/* + * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#include + +#include +#include + +#include "e_os.h" +#include "ssl_test_ctx.h" +#include "testutil.h" + +static const int default_app_data_size = 256; +/* Default set to be as small as possible to exercise fragmentation. */ +static const int default_max_fragment_size = 512; + +static int parse_boolean(const char *value, int *result) +{ + if (strcasecmp(value, "Yes") == 0) { + *result = 1; + return 1; + } + else if (strcasecmp(value, "No") == 0) { + *result = 0; + return 1; + } + return 0; +} + +#define IMPLEMENT_SSL_TEST_BOOL_OPTION(struct_type, name, field) \ + static int parse_##name##_##field(struct_type *ctx, const char *value) \ + { \ + return parse_boolean(value, &ctx->field); \ + } + +#define IMPLEMENT_SSL_TEST_STRING_OPTION(struct_type, name, field) \ + static int parse_##name##_##field(struct_type *ctx, const char *value) \ + { \ + OPENSSL_free(ctx->field); \ + ctx->field = OPENSSL_strdup(value); \ + TEST_check(ctx->field != NULL); \ + return 1; \ + } + +#define IMPLEMENT_SSL_TEST_INT_OPTION(struct_type, name, field) \ + static int parse_##name##_##field(struct_type *ctx, const char *value) \ + { \ + ctx->field = atoi(value); \ + return 1; \ + } + +/* True enums and other test configuration values that map to an int. */ +typedef struct { + const char *name; + int value; +} test_enum; + + +__owur static int parse_enum(const test_enum *enums, size_t num_enums, + int *value, const char *name) +{ + size_t i; + for (i = 0; i < num_enums; i++) { + if (strcmp(enums[i].name, name) == 0) { + *value = enums[i].value; + return 1; + } + } + return 0; +} + +static const char *enum_name(const test_enum *enums, size_t num_enums, + int value) +{ + size_t i; + for (i = 0; i < num_enums; i++) { + if (enums[i].value == value) { + return enums[i].name; + } + } + return "InvalidValue"; +} + + +/* ExpectedResult */ + +static const test_enum ssl_test_results[] = { + {"Success", SSL_TEST_SUCCESS}, + {"ServerFail", SSL_TEST_SERVER_FAIL}, + {"ClientFail", SSL_TEST_CLIENT_FAIL}, + {"InternalError", SSL_TEST_INTERNAL_ERROR}, +}; + +__owur static int parse_expected_result(SSL_TEST_CTX *test_ctx, const char *value) +{ + int ret_value; + if (!parse_enum(ssl_test_results, OSSL_NELEM(ssl_test_results), + &ret_value, value)) { + return 0; + } + test_ctx->expected_result = ret_value; + return 1; +} + +const char *ssl_test_result_name(ssl_test_result_t result) +{ + return enum_name(ssl_test_results, OSSL_NELEM(ssl_test_results), result); +} + +/* ExpectedClientAlert / ExpectedServerAlert */ + +static const test_enum ssl_alerts[] = { + {"UnknownCA", SSL_AD_UNKNOWN_CA}, + {"HandshakeFailure", SSL_AD_HANDSHAKE_FAILURE}, + {"UnrecognizedName", SSL_AD_UNRECOGNIZED_NAME}, + {"BadCertificate", SSL_AD_BAD_CERTIFICATE}, + {"NoApplicationProtocol", SSL_AD_NO_APPLICATION_PROTOCOL}, +}; + +__owur static int parse_alert(int *alert, const char *value) +{ + return parse_enum(ssl_alerts, OSSL_NELEM(ssl_alerts), alert, value); +} + +__owur static int parse_client_alert(SSL_TEST_CTX *test_ctx, const char *value) +{ + return parse_alert(&test_ctx->expected_client_alert, value); +} + +__owur static int parse_server_alert(SSL_TEST_CTX *test_ctx, const char *value) +{ + return parse_alert(&test_ctx->expected_server_alert, value); +} + +const char *ssl_alert_name(int alert) +{ + return enum_name(ssl_alerts, OSSL_NELEM(ssl_alerts), alert); +} + +/* ExpectedProtocol */ + +static const test_enum ssl_protocols[] = { + {"TLSv1.2", TLS1_2_VERSION}, + {"TLSv1.1", TLS1_1_VERSION}, + {"TLSv1", TLS1_VERSION}, + {"SSLv3", SSL3_VERSION}, + {"DTLSv1", DTLS1_VERSION}, + {"DTLSv1.2", DTLS1_2_VERSION}, +}; + +__owur static int parse_protocol(SSL_TEST_CTX *test_ctx, const char *value) +{ + return parse_enum(ssl_protocols, OSSL_NELEM(ssl_protocols), + &test_ctx->expected_protocol, value); +} + +const char *ssl_protocol_name(int protocol) +{ + return enum_name(ssl_protocols, OSSL_NELEM(ssl_protocols), protocol); +} + +/* VerifyCallback */ + +static const test_enum ssl_verify_callbacks[] = { + {"None", SSL_TEST_VERIFY_NONE}, + {"AcceptAll", SSL_TEST_VERIFY_ACCEPT_ALL}, + {"RejectAll", SSL_TEST_VERIFY_REJECT_ALL}, +}; + +__owur static int parse_client_verify_callback(SSL_TEST_CLIENT_CONF *client_conf, + const char *value) +{ + int ret_value; + if (!parse_enum(ssl_verify_callbacks, OSSL_NELEM(ssl_verify_callbacks), + &ret_value, value)) { + return 0; + } + client_conf->verify_callback = ret_value; + return 1; +} + +const char *ssl_verify_callback_name(ssl_verify_callback_t callback) +{ + return enum_name(ssl_verify_callbacks, OSSL_NELEM(ssl_verify_callbacks), + callback); +} + +/* ServerName */ + +static const test_enum ssl_servername[] = { + {"None", SSL_TEST_SERVERNAME_NONE}, + {"server1", SSL_TEST_SERVERNAME_SERVER1}, + {"server2", SSL_TEST_SERVERNAME_SERVER2}, + {"invalid", SSL_TEST_SERVERNAME_INVALID}, +}; + +__owur static int parse_servername(SSL_TEST_CLIENT_CONF *client_conf, + const char *value) +{ + int ret_value; + if (!parse_enum(ssl_servername, OSSL_NELEM(ssl_servername), + &ret_value, value)) { + return 0; + } + client_conf->servername = ret_value; + return 1; +} + +__owur static int parse_expected_servername(SSL_TEST_CTX *test_ctx, + const char *value) +{ + int ret_value; + if (!parse_enum(ssl_servername, OSSL_NELEM(ssl_servername), + &ret_value, value)) { + return 0; + } + test_ctx->expected_servername = ret_value; + return 1; +} + +const char *ssl_servername_name(ssl_servername_t server) +{ + return enum_name(ssl_servername, OSSL_NELEM(ssl_servername), + server); +} + +/* ServerNameCallback */ + +static const test_enum ssl_servername_callbacks[] = { + {"None", SSL_TEST_SERVERNAME_CB_NONE}, + {"IgnoreMismatch", SSL_TEST_SERVERNAME_IGNORE_MISMATCH}, + {"RejectMismatch", SSL_TEST_SERVERNAME_REJECT_MISMATCH}, +}; + +__owur static int parse_servername_callback(SSL_TEST_SERVER_CONF *server_conf, + const char *value) +{ + int ret_value; + if (!parse_enum(ssl_servername_callbacks, + OSSL_NELEM(ssl_servername_callbacks), &ret_value, value)) { + return 0; + } + server_conf->servername_callback = ret_value; + return 1; +} + +const char *ssl_servername_callback_name(ssl_servername_callback_t callback) +{ + return enum_name(ssl_servername_callbacks, + OSSL_NELEM(ssl_servername_callbacks), callback); +} + +/* SessionTicketExpected */ + +static const test_enum ssl_session_ticket[] = { + {"Ignore", SSL_TEST_SESSION_TICKET_IGNORE}, + {"Yes", SSL_TEST_SESSION_TICKET_YES}, + {"No", SSL_TEST_SESSION_TICKET_NO}, +}; + +__owur static int parse_session_ticket(SSL_TEST_CTX *test_ctx, const char *value) +{ + int ret_value; + if (!parse_enum(ssl_session_ticket, OSSL_NELEM(ssl_session_ticket), + &ret_value, value)) { + return 0; + } + test_ctx->session_ticket_expected = ret_value; + return 1; +} + +const char *ssl_session_ticket_name(ssl_session_ticket_t server) +{ + return enum_name(ssl_session_ticket, + OSSL_NELEM(ssl_session_ticket), + server); +} + +/* Method */ + +static const test_enum ssl_test_methods[] = { + {"TLS", SSL_TEST_METHOD_TLS}, + {"DTLS", SSL_TEST_METHOD_DTLS}, +}; + +__owur static int parse_test_method(SSL_TEST_CTX *test_ctx, const char *value) +{ + int ret_value; + if (!parse_enum(ssl_test_methods, OSSL_NELEM(ssl_test_methods), + &ret_value, value)) { + return 0; + } + test_ctx->method = ret_value; + return 1; +} + +const char *ssl_test_method_name(ssl_test_method_t method) +{ + return enum_name(ssl_test_methods, OSSL_NELEM(ssl_test_methods), method); +} + +/* NPN and ALPN options */ + +IMPLEMENT_SSL_TEST_STRING_OPTION(SSL_TEST_CLIENT_CONF, client, npn_protocols) +IMPLEMENT_SSL_TEST_STRING_OPTION(SSL_TEST_SERVER_CONF, server, npn_protocols) +IMPLEMENT_SSL_TEST_STRING_OPTION(SSL_TEST_CTX, test, expected_npn_protocol) +IMPLEMENT_SSL_TEST_STRING_OPTION(SSL_TEST_CLIENT_CONF, client, alpn_protocols) +IMPLEMENT_SSL_TEST_STRING_OPTION(SSL_TEST_SERVER_CONF, server, alpn_protocols) +IMPLEMENT_SSL_TEST_STRING_OPTION(SSL_TEST_CTX, test, expected_alpn_protocol) + +/* Handshake mode */ + +static const test_enum ssl_handshake_modes[] = { + {"Simple", SSL_TEST_HANDSHAKE_SIMPLE}, + {"Resume", SSL_TEST_HANDSHAKE_RESUME}, + {"RenegotiateServer", SSL_TEST_HANDSHAKE_RENEG_SERVER}, + {"RenegotiateClient", SSL_TEST_HANDSHAKE_RENEG_CLIENT}, +}; + +__owur static int parse_handshake_mode(SSL_TEST_CTX *test_ctx, const char *value) +{ + int ret_value; + if (!parse_enum(ssl_handshake_modes, OSSL_NELEM(ssl_handshake_modes), + &ret_value, value)) { + return 0; + } + test_ctx->handshake_mode = ret_value; + return 1; +} + +const char *ssl_handshake_mode_name(ssl_handshake_mode_t mode) +{ + return enum_name(ssl_handshake_modes, OSSL_NELEM(ssl_handshake_modes), + mode); +} + +/* Renegotiation Ciphersuites */ + +IMPLEMENT_SSL_TEST_STRING_OPTION(SSL_TEST_CLIENT_CONF, client, reneg_ciphers) + +/* CT Validation */ + +static const test_enum ssl_ct_validation_modes[] = { + {"None", SSL_TEST_CT_VALIDATION_NONE}, + {"Permissive", SSL_TEST_CT_VALIDATION_PERMISSIVE}, + {"Strict", SSL_TEST_CT_VALIDATION_STRICT}, +}; + +__owur static int parse_ct_validation(SSL_TEST_CLIENT_CONF *client_conf, + const char *value) +{ + int ret_value; + if (!parse_enum(ssl_ct_validation_modes, OSSL_NELEM(ssl_ct_validation_modes), + &ret_value, value)) { + return 0; + } + client_conf->ct_validation = ret_value; + return 1; +} + +const char *ssl_ct_validation_name(ssl_ct_validation_t mode) +{ + return enum_name(ssl_ct_validation_modes, OSSL_NELEM(ssl_ct_validation_modes), + mode); +} + +IMPLEMENT_SSL_TEST_BOOL_OPTION(SSL_TEST_CTX, test, resumption_expected) +IMPLEMENT_SSL_TEST_BOOL_OPTION(SSL_TEST_SERVER_CONF, server, broken_session_ticket) + +/* CertStatus */ + +static const test_enum ssl_certstatus[] = { + {"None", SSL_TEST_CERT_STATUS_NONE}, + {"GoodResponse", SSL_TEST_CERT_STATUS_GOOD_RESPONSE}, + {"BadResponse", SSL_TEST_CERT_STATUS_BAD_RESPONSE} +}; + +__owur static int parse_certstatus(SSL_TEST_SERVER_CONF *server_conf, + const char *value) +{ + int ret_value; + if (!parse_enum(ssl_certstatus, OSSL_NELEM(ssl_certstatus), &ret_value, + value)) { + return 0; + } + server_conf->cert_status = ret_value; + return 1; +} + +const char *ssl_certstatus_name(ssl_cert_status_t cert_status) +{ + return enum_name(ssl_certstatus, + OSSL_NELEM(ssl_certstatus), cert_status); +} + +/* ApplicationData */ + +IMPLEMENT_SSL_TEST_INT_OPTION(SSL_TEST_CTX, test, app_data_size) + + +/* MaxFragmentSize */ + +IMPLEMENT_SSL_TEST_INT_OPTION(SSL_TEST_CTX, test, max_fragment_size) + + +/* ExpectedTmpKeyType */ + +__owur static int parse_expected_tmp_key_type(SSL_TEST_CTX *test_ctx, + const char *value) +{ + int nid; + + if (value == NULL) + return 0; + nid = OBJ_sn2nid(value); + if (nid == NID_undef) + nid = OBJ_ln2nid(value); +#ifndef OPENSSL_NO_EC + if (nid == NID_undef) + nid = EC_curve_nist2nid(value); +#endif + if (nid == NID_undef) + return 0; + test_ctx->expected_tmp_key_type = nid; + return 1; +} + +/* Known test options and their corresponding parse methods. */ + +/* Top-level options. */ +typedef struct { + const char *name; + int (*parse)(SSL_TEST_CTX *test_ctx, const char *value); +} ssl_test_ctx_option; + +static const ssl_test_ctx_option ssl_test_ctx_options[] = { + { "ExpectedResult", &parse_expected_result }, + { "ExpectedClientAlert", &parse_client_alert }, + { "ExpectedServerAlert", &parse_server_alert }, + { "ExpectedProtocol", &parse_protocol }, + { "ExpectedServerName", &parse_expected_servername }, + { "SessionTicketExpected", &parse_session_ticket }, + { "Method", &parse_test_method }, + { "ExpectedNPNProtocol", &parse_test_expected_npn_protocol }, + { "ExpectedALPNProtocol", &parse_test_expected_alpn_protocol }, + { "HandshakeMode", &parse_handshake_mode }, + { "ResumptionExpected", &parse_test_resumption_expected }, + { "ApplicationData", &parse_test_app_data_size }, + { "MaxFragmentSize", &parse_test_max_fragment_size }, + { "ExpectedTmpKeyType", &parse_expected_tmp_key_type }, +}; + +/* Nested client options. */ +typedef struct { + const char *name; + int (*parse)(SSL_TEST_CLIENT_CONF *conf, const char *value); +} ssl_test_client_option; + +static const ssl_test_client_option ssl_test_client_options[] = { + { "VerifyCallback", &parse_client_verify_callback }, + { "ServerName", &parse_servername }, + { "NPNProtocols", &parse_client_npn_protocols }, + { "ALPNProtocols", &parse_client_alpn_protocols }, + { "CTValidation", &parse_ct_validation }, + { "RenegotiateCiphers", &parse_client_reneg_ciphers}, +}; + +/* Nested server options. */ +typedef struct { + const char *name; + int (*parse)(SSL_TEST_SERVER_CONF *conf, const char *value); +} ssl_test_server_option; + +static const ssl_test_server_option ssl_test_server_options[] = { + { "ServerNameCallback", &parse_servername_callback }, + { "NPNProtocols", &parse_server_npn_protocols }, + { "ALPNProtocols", &parse_server_alpn_protocols }, + { "BrokenSessionTicket", &parse_server_broken_session_ticket }, + { "CertStatus", &parse_certstatus }, +}; + +/* + * Since these methods are used to create tests, we use TEST_check liberally + * for malloc failures and other internal errors. + */ +SSL_TEST_CTX *SSL_TEST_CTX_new() +{ + SSL_TEST_CTX *ret; + ret = OPENSSL_zalloc(sizeof(*ret)); + TEST_check(ret != NULL); + ret->app_data_size = default_app_data_size; + ret->max_fragment_size = default_max_fragment_size; + return ret; +} + +static void ssl_test_extra_conf_free_data(SSL_TEST_EXTRA_CONF *conf) +{ + OPENSSL_free(conf->client.npn_protocols); + OPENSSL_free(conf->server.npn_protocols); + OPENSSL_free(conf->server2.npn_protocols); + OPENSSL_free(conf->client.alpn_protocols); + OPENSSL_free(conf->server.alpn_protocols); + OPENSSL_free(conf->server2.alpn_protocols); + OPENSSL_free(conf->client.reneg_ciphers); +} + +static void ssl_test_ctx_free_extra_data(SSL_TEST_CTX *ctx) +{ + ssl_test_extra_conf_free_data(&ctx->extra); + ssl_test_extra_conf_free_data(&ctx->resume_extra); +} + +void SSL_TEST_CTX_free(SSL_TEST_CTX *ctx) +{ + ssl_test_ctx_free_extra_data(ctx); + OPENSSL_free(ctx->expected_npn_protocol); + OPENSSL_free(ctx->expected_alpn_protocol); + OPENSSL_free(ctx); +} + +static int parse_client_options(SSL_TEST_CLIENT_CONF *client, const CONF *conf, + const char *client_section) +{ + STACK_OF(CONF_VALUE) *sk_conf; + int i; + size_t j; + + sk_conf = NCONF_get_section(conf, client_section); + TEST_check(sk_conf != NULL); + + for (i = 0; i < sk_CONF_VALUE_num(sk_conf); i++) { + int found = 0; + const CONF_VALUE *option = sk_CONF_VALUE_value(sk_conf, i); + for (j = 0; j < OSSL_NELEM(ssl_test_client_options); j++) { + if (strcmp(option->name, ssl_test_client_options[j].name) == 0) { + if (!ssl_test_client_options[j].parse(client, option->value)) { + fprintf(stderr, "Bad value %s for option %s\n", + option->value, option->name); + return 0; + } + found = 1; + break; + } + } + if (!found) { + fprintf(stderr, "Unknown test option: %s\n", option->name); + return 0; + } + } + + return 1; +} + +static int parse_server_options(SSL_TEST_SERVER_CONF *server, const CONF *conf, + const char *server_section) +{ + STACK_OF(CONF_VALUE) *sk_conf; + int i; + size_t j; + + sk_conf = NCONF_get_section(conf, server_section); + TEST_check(sk_conf != NULL); + + for (i = 0; i < sk_CONF_VALUE_num(sk_conf); i++) { + int found = 0; + const CONF_VALUE *option = sk_CONF_VALUE_value(sk_conf, i); + for (j = 0; j < OSSL_NELEM(ssl_test_server_options); j++) { + if (strcmp(option->name, ssl_test_server_options[j].name) == 0) { + if (!ssl_test_server_options[j].parse(server, option->value)) { + fprintf(stderr, "Bad value %s for option %s\n", + option->value, option->name); + return 0; + } + found = 1; + break; + } + } + if (!found) { + fprintf(stderr, "Unknown test option: %s\n", option->name); + return 0; + } + } + + return 1; +} + +SSL_TEST_CTX *SSL_TEST_CTX_create(const CONF *conf, const char *test_section) +{ + STACK_OF(CONF_VALUE) *sk_conf; + SSL_TEST_CTX *ctx; + int i; + size_t j; + + sk_conf = NCONF_get_section(conf, test_section); + TEST_check(sk_conf != NULL); + + ctx = SSL_TEST_CTX_new(); + TEST_check(ctx != NULL); + + for (i = 0; i < sk_CONF_VALUE_num(sk_conf); i++) { + int found = 0; + const CONF_VALUE *option = sk_CONF_VALUE_value(sk_conf, i); + + /* Subsections */ + if (strcmp(option->name, "client") == 0) { + if (!parse_client_options(&ctx->extra.client, conf, + option->value)) + goto err; + } else if (strcmp(option->name, "server") == 0) { + if (!parse_server_options(&ctx->extra.server, conf, + option->value)) + goto err; + } else if (strcmp(option->name, "server2") == 0) { + if (!parse_server_options(&ctx->extra.server2, conf, + option->value)) + goto err; + } else if (strcmp(option->name, "resume-client") == 0) { + if (!parse_client_options(&ctx->resume_extra.client, conf, + option->value)) + goto err; + } else if (strcmp(option->name, "resume-server") == 0) { + if (!parse_server_options(&ctx->resume_extra.server, conf, + option->value)) + goto err; + } else if (strcmp(option->name, "resume-server2") == 0) { + if (!parse_server_options(&ctx->resume_extra.server2, conf, + option->value)) + goto err; + + } else { + for (j = 0; j < OSSL_NELEM(ssl_test_ctx_options); j++) { + if (strcmp(option->name, ssl_test_ctx_options[j].name) == 0) { + if (!ssl_test_ctx_options[j].parse(ctx, option->value)) { + fprintf(stderr, "Bad value %s for option %s\n", + option->value, option->name); + goto err; + } + found = 1; + break; + } + } + if (!found) { + fprintf(stderr, "Unknown test option: %s\n", option->name); + goto err; + } + } + } + + goto done; + + err: + SSL_TEST_CTX_free(ctx); + ctx = NULL; + done: + return ctx; +} diff --git a/openssl-1.1.0h/test/ssl_test_ctx.h b/openssl-1.1.0h/test/ssl_test_ctx.h new file mode 100644 index 0000000..28a4566 --- /dev/null +++ b/openssl-1.1.0h/test/ssl_test_ctx.h @@ -0,0 +1,191 @@ +/* + * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef HEADER_SSL_TEST_CTX_H +#define HEADER_SSL_TEST_CTX_H + +#include +#include + +typedef enum { + SSL_TEST_SUCCESS = 0, /* Default */ + SSL_TEST_SERVER_FAIL, + SSL_TEST_CLIENT_FAIL, + SSL_TEST_INTERNAL_ERROR, + /* Couldn't test resumption/renegotiation: original handshake failed. */ + SSL_TEST_FIRST_HANDSHAKE_FAILED +} ssl_test_result_t; + +typedef enum { + SSL_TEST_VERIFY_NONE = 0, /* Default */ + SSL_TEST_VERIFY_ACCEPT_ALL, + SSL_TEST_VERIFY_REJECT_ALL +} ssl_verify_callback_t; + +typedef enum { + SSL_TEST_SERVERNAME_NONE = 0, /* Default */ + SSL_TEST_SERVERNAME_SERVER1, + SSL_TEST_SERVERNAME_SERVER2, + SSL_TEST_SERVERNAME_INVALID +} ssl_servername_t; + +typedef enum { + SSL_TEST_SERVERNAME_CB_NONE = 0, /* Default */ + SSL_TEST_SERVERNAME_IGNORE_MISMATCH, + SSL_TEST_SERVERNAME_REJECT_MISMATCH +} ssl_servername_callback_t; + +typedef enum { + SSL_TEST_SESSION_TICKET_IGNORE = 0, /* Default */ + SSL_TEST_SESSION_TICKET_YES, + SSL_TEST_SESSION_TICKET_NO, + SSL_TEST_SESSION_TICKET_BROKEN /* Special test */ +} ssl_session_ticket_t; + +typedef enum { + SSL_TEST_METHOD_TLS = 0, /* Default */ + SSL_TEST_METHOD_DTLS +} ssl_test_method_t; + +typedef enum { + SSL_TEST_HANDSHAKE_SIMPLE = 0, /* Default */ + SSL_TEST_HANDSHAKE_RESUME, + SSL_TEST_HANDSHAKE_RENEG_SERVER, + SSL_TEST_HANDSHAKE_RENEG_CLIENT +} ssl_handshake_mode_t; + +typedef enum { + SSL_TEST_CT_VALIDATION_NONE = 0, /* Default */ + SSL_TEST_CT_VALIDATION_PERMISSIVE, + SSL_TEST_CT_VALIDATION_STRICT +} ssl_ct_validation_t; + +typedef enum { + SSL_TEST_CERT_STATUS_NONE = 0, /* Default */ + SSL_TEST_CERT_STATUS_GOOD_RESPONSE, + SSL_TEST_CERT_STATUS_BAD_RESPONSE +} ssl_cert_status_t; +/* + * Server/client settings that aren't supported by the SSL CONF library, + * such as callbacks. + */ +typedef struct { + /* One of a number of predefined custom callbacks. */ + ssl_verify_callback_t verify_callback; + /* One of a number of predefined server names use by the client */ + ssl_servername_t servername; + /* Supported NPN and ALPN protocols. A comma-separated list. */ + char *npn_protocols; + char *alpn_protocols; + ssl_ct_validation_t ct_validation; + /* Ciphersuites to set on a renegotiation */ + char *reneg_ciphers; +} SSL_TEST_CLIENT_CONF; + +typedef struct { + /* SNI callback (server-side). */ + ssl_servername_callback_t servername_callback; + /* Supported NPN and ALPN protocols. A comma-separated list. */ + char *npn_protocols; + char *alpn_protocols; + /* Whether to set a broken session ticket callback. */ + int broken_session_ticket; + /* Should we send a CertStatus message? */ + ssl_cert_status_t cert_status; +} SSL_TEST_SERVER_CONF; + +typedef struct { + SSL_TEST_CLIENT_CONF client; + SSL_TEST_SERVER_CONF server; + SSL_TEST_SERVER_CONF server2; +} SSL_TEST_EXTRA_CONF; + +typedef struct { + /* + * Global test configuration. Does not change between handshakes. + */ + /* Whether the server/client CTX should use DTLS or TLS. */ + ssl_test_method_t method; + /* Whether to test a resumed/renegotiated handshake. */ + ssl_handshake_mode_t handshake_mode; + /* + * How much application data to exchange (default is 256 bytes). + * Both peers will send |app_data_size| bytes interleaved. + */ + int app_data_size; + /* Maximum send fragment size. */ + int max_fragment_size; + + /* + * Extra server/client configurations. Per-handshake. + */ + /* First handshake. */ + SSL_TEST_EXTRA_CONF extra; + /* Resumed handshake. */ + SSL_TEST_EXTRA_CONF resume_extra; + + /* + * Test expectations. These apply to the LAST handshake. + */ + /* Defaults to SUCCESS. */ + ssl_test_result_t expected_result; + /* Alerts. 0 if no expectation. */ + /* See ssl.h for alert codes. */ + /* Alert sent by the client / received by the server. */ + int expected_client_alert; + /* Alert sent by the server / received by the client. */ + int expected_server_alert; + /* Negotiated protocol version. 0 if no expectation. */ + /* See ssl.h for protocol versions. */ + int expected_protocol; + /* + * The expected SNI context to use. + * We test server-side that the server switched to the expected context. + * Set by the callback upon success, so if the callback wasn't called or + * terminated with an alert, the servername will match with + * SSL_TEST_SERVERNAME_NONE. + * Note: in the event that the servername was accepted, the client should + * also receive an empty SNI extension back but we have no way of probing + * client-side via the API that this was the case. + */ + ssl_servername_t expected_servername; + ssl_session_ticket_t session_ticket_expected; + /* The expected NPN/ALPN protocol to negotiate. */ + char *expected_npn_protocol; + char *expected_alpn_protocol; + /* Whether the second handshake is resumed or a full handshake (boolean). */ + int resumption_expected; + /* Expected temporary key type */ + int expected_tmp_key_type; +} SSL_TEST_CTX; + +const char *ssl_test_result_name(ssl_test_result_t result); +const char *ssl_alert_name(int alert); +const char *ssl_protocol_name(int protocol); +const char *ssl_verify_callback_name(ssl_verify_callback_t verify_callback); +const char *ssl_servername_name(ssl_servername_t server); +const char *ssl_servername_callback_name(ssl_servername_callback_t + servername_callback); +const char *ssl_session_ticket_name(ssl_session_ticket_t server); +const char *ssl_test_method_name(ssl_test_method_t method); +const char *ssl_handshake_mode_name(ssl_handshake_mode_t mode); +const char *ssl_ct_validation_name(ssl_ct_validation_t mode); +const char *ssl_certstatus_name(ssl_cert_status_t cert_status); + +/* + * Load the test case context from |conf|. + * See test/README.ssltest.md for details on the conf file format. + */ +SSL_TEST_CTX *SSL_TEST_CTX_create(const CONF *conf, const char *test_section); + +SSL_TEST_CTX *SSL_TEST_CTX_new(void); + +void SSL_TEST_CTX_free(SSL_TEST_CTX *ctx); + +#endif /* HEADER_SSL_TEST_CTX_H */ diff --git a/openssl-1.1.0h/test/ssl_test_ctx_test.c b/openssl-1.1.0h/test/ssl_test_ctx_test.c new file mode 100644 index 0000000..0f321c6 --- /dev/null +++ b/openssl-1.1.0h/test/ssl_test_ctx_test.c @@ -0,0 +1,338 @@ +/* + * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +/* + * Ideally, CONF should offer standard parsing methods and cover them + * in tests. But since we have no CONF tests, we use a custom test for now. + */ + +#include +#include + +#include "e_os.h" +#include "ssl_test_ctx.h" +#include "testutil.h" +#include +#include +#include +#include + +static CONF *conf = NULL; + +typedef struct ssl_test_ctx_test_fixture { + const char *test_case_name; + const char *test_section; + /* Expected parsed configuration. */ + SSL_TEST_CTX *expected_ctx; +} SSL_TEST_CTX_TEST_FIXTURE; + + +static int SSL_TEST_CLIENT_CONF_equal(SSL_TEST_CLIENT_CONF *client, + SSL_TEST_CLIENT_CONF *client2) +{ + if (client->verify_callback != client2->verify_callback) { + fprintf(stderr, "ClientVerifyCallback mismatch: %s vs %s.\n", + ssl_verify_callback_name(client->verify_callback), + ssl_verify_callback_name(client2->verify_callback)); + return 0; + } + if (client->servername != client2->servername) { + fprintf(stderr, "ServerName mismatch: %s vs %s.\n", + ssl_servername_name(client->servername), + ssl_servername_name(client2->servername)); + return 0; + } + if (!strings_equal("Client NPNProtocols", client->npn_protocols, + client2->npn_protocols)) + return 0; + if (!strings_equal("Client ALPNProtocols", client->alpn_protocols, + client2->alpn_protocols)) + return 0; + if (client->ct_validation != client2->ct_validation) { + fprintf(stderr, "CTValidation mismatch: %s vs %s.\n", + ssl_ct_validation_name(client->ct_validation), + ssl_ct_validation_name(client2->ct_validation)); + return 0; + } + return 1; +} + +static int SSL_TEST_SERVER_CONF_equal(SSL_TEST_SERVER_CONF *server, + SSL_TEST_SERVER_CONF *server2) +{ + if (server->servername_callback != server2->servername_callback) { + fprintf(stderr, "ServerNameCallback mismatch: %s vs %s.\n", + ssl_servername_callback_name(server->servername_callback), + ssl_servername_callback_name(server2->servername_callback)); + return 0; + } + if (!strings_equal("Server NPNProtocols", server->npn_protocols, + server2->npn_protocols)) + return 0; + if (!strings_equal("Server ALPNProtocols", server->alpn_protocols, + server2->alpn_protocols)) + return 0; + if (server->broken_session_ticket != server2->broken_session_ticket) { + fprintf(stderr, "Broken session ticket mismatch: %d vs %d.\n", + server->broken_session_ticket, server2->broken_session_ticket); + return 0; + } + if (server->cert_status != server2->cert_status) { + fprintf(stderr, "CertStatus mismatch: %s vs %s.\n", + ssl_certstatus_name(server->cert_status), + ssl_certstatus_name(server2->cert_status)); + return 0; + } + return 1; +} + +static int SSL_TEST_EXTRA_CONF_equal(SSL_TEST_EXTRA_CONF *extra, + SSL_TEST_EXTRA_CONF *extra2) +{ + return SSL_TEST_CLIENT_CONF_equal(&extra->client, &extra2->client) + && SSL_TEST_SERVER_CONF_equal(&extra->server, &extra2->server) + && SSL_TEST_SERVER_CONF_equal(&extra->server2, &extra2->server2); +} + +/* Returns 1 if the contexts are equal, 0 otherwise. */ +static int SSL_TEST_CTX_equal(SSL_TEST_CTX *ctx, SSL_TEST_CTX *ctx2) +{ + if (ctx->method != ctx2->method) { + fprintf(stderr, "Method mismatch: %s vs %s.\n", + ssl_test_method_name(ctx->method), + ssl_test_method_name(ctx2->method)); + return 0; + } + if (ctx->handshake_mode != ctx2->handshake_mode) { + fprintf(stderr, "HandshakeMode mismatch: %s vs %s.\n", + ssl_handshake_mode_name(ctx->handshake_mode), + ssl_handshake_mode_name(ctx2->handshake_mode)); + return 0; + } + if (ctx->app_data_size != ctx2->app_data_size) { + fprintf(stderr, "ApplicationData mismatch: %d vs %d.\n", + ctx->app_data_size, ctx2->app_data_size); + return 0; + } + + if (ctx->max_fragment_size != ctx2->max_fragment_size) { + fprintf(stderr, "MaxFragmentSize mismatch: %d vs %d.\n", + ctx->max_fragment_size, ctx2->max_fragment_size); + return 0; + } + + if (!SSL_TEST_EXTRA_CONF_equal(&ctx->extra, &ctx2->extra)) { + fprintf(stderr, "Extra conf mismatch.\n"); + return 0; + } + if (!SSL_TEST_EXTRA_CONF_equal(&ctx->resume_extra, &ctx2->resume_extra)) { + fprintf(stderr, "Resume extra conf mismatch.\n"); + return 0; + } + + if (ctx->expected_result != ctx2->expected_result) { + fprintf(stderr, "ExpectedResult mismatch: %s vs %s.\n", + ssl_test_result_name(ctx->expected_result), + ssl_test_result_name(ctx2->expected_result)); + return 0; + } + if (ctx->expected_client_alert != ctx2->expected_client_alert) { + fprintf(stderr, "ClientAlert mismatch: %s vs %s.\n", + ssl_alert_name(ctx->expected_client_alert), + ssl_alert_name(ctx2->expected_client_alert)); + return 0; + } + if (ctx->expected_server_alert != ctx2->expected_server_alert) { + fprintf(stderr, "ServerAlert mismatch: %s vs %s.\n", + ssl_alert_name(ctx->expected_server_alert), + ssl_alert_name(ctx2->expected_server_alert)); + return 0; + } + if (ctx->expected_protocol != ctx2->expected_protocol) { + fprintf(stderr, "ClientAlert mismatch: %s vs %s.\n", + ssl_protocol_name(ctx->expected_protocol), + ssl_protocol_name(ctx2->expected_protocol)); + return 0; + } + if (ctx->expected_servername != ctx2->expected_servername) { + fprintf(stderr, "ExpectedServerName mismatch: %s vs %s.\n", + ssl_servername_name(ctx->expected_servername), + ssl_servername_name(ctx2->expected_servername)); + return 0; + } + if (ctx->session_ticket_expected != ctx2->session_ticket_expected) { + fprintf(stderr, "SessionTicketExpected mismatch: %s vs %s.\n", + ssl_session_ticket_name(ctx->session_ticket_expected), + ssl_session_ticket_name(ctx2->session_ticket_expected)); + return 0; + } + if (!strings_equal("ExpectedNPNProtocol", ctx->expected_npn_protocol, + ctx2->expected_npn_protocol)) + return 0; + if (!strings_equal("ExpectedALPNProtocol", ctx->expected_alpn_protocol, + ctx2->expected_alpn_protocol)) + return 0; + if (ctx->resumption_expected != ctx2->resumption_expected) { + fprintf(stderr, "ResumptionExpected mismatch: %d vs %d.\n", + ctx->resumption_expected, ctx2->resumption_expected); + return 0; + } + return 1; +} + +static SSL_TEST_CTX_TEST_FIXTURE set_up(const char *const test_case_name) +{ + SSL_TEST_CTX_TEST_FIXTURE fixture; + fixture.test_case_name = test_case_name; + fixture.expected_ctx = SSL_TEST_CTX_new(); + TEST_check(fixture.expected_ctx != NULL); + return fixture; +} + +static int execute_test(SSL_TEST_CTX_TEST_FIXTURE fixture) +{ + int success = 0; + + SSL_TEST_CTX *ctx = SSL_TEST_CTX_create(conf, fixture.test_section); + + if (ctx == NULL) { + fprintf(stderr, "Failed to parse good configuration %s.\n", + fixture.test_section); + goto err; + } + + if (!SSL_TEST_CTX_equal(ctx, fixture.expected_ctx)) + goto err; + + success = 1; + err: + SSL_TEST_CTX_free(ctx); + return success; +} + +static int execute_failure_test(SSL_TEST_CTX_TEST_FIXTURE fixture) +{ + SSL_TEST_CTX *ctx = SSL_TEST_CTX_create(conf, fixture.test_section); + + if (ctx != NULL) { + fprintf(stderr, "Parsing bad configuration %s succeeded.\n", + fixture.test_section); + SSL_TEST_CTX_free(ctx); + return 0; + } + + return 1; +} + +static void tear_down(SSL_TEST_CTX_TEST_FIXTURE fixture) +{ + SSL_TEST_CTX_free(fixture.expected_ctx); + ERR_print_errors_fp(stderr); +} + +#define SETUP_SSL_TEST_CTX_TEST_FIXTURE() \ + SETUP_TEST_FIXTURE(SSL_TEST_CTX_TEST_FIXTURE, set_up) +#define EXECUTE_SSL_TEST_CTX_TEST() \ + EXECUTE_TEST(execute_test, tear_down) +#define EXECUTE_SSL_TEST_CTX_FAILURE_TEST() \ + EXECUTE_TEST(execute_failure_test, tear_down) + +static int test_empty_configuration() +{ + SETUP_SSL_TEST_CTX_TEST_FIXTURE(); + fixture.test_section = "ssltest_default"; + fixture.expected_ctx->expected_result = SSL_TEST_SUCCESS; + EXECUTE_SSL_TEST_CTX_TEST(); +} + +static int test_good_configuration() +{ + SETUP_SSL_TEST_CTX_TEST_FIXTURE(); + fixture.test_section = "ssltest_good"; + fixture.expected_ctx->method = SSL_TEST_METHOD_DTLS; + fixture.expected_ctx->handshake_mode = SSL_TEST_HANDSHAKE_RESUME; + fixture.expected_ctx->app_data_size = 1024; + fixture.expected_ctx->max_fragment_size = 2048; + + fixture.expected_ctx->expected_result = SSL_TEST_SERVER_FAIL; + fixture.expected_ctx->expected_client_alert = SSL_AD_UNKNOWN_CA; + fixture.expected_ctx->expected_server_alert = 0; /* No alert. */ + fixture.expected_ctx->expected_protocol = TLS1_1_VERSION; + fixture.expected_ctx->expected_servername = SSL_TEST_SERVERNAME_SERVER2; + fixture.expected_ctx->session_ticket_expected = SSL_TEST_SESSION_TICKET_YES; + fixture.expected_ctx->resumption_expected = 1; + + fixture.expected_ctx->extra.client.verify_callback = + SSL_TEST_VERIFY_REJECT_ALL; + fixture.expected_ctx->extra.client.servername = SSL_TEST_SERVERNAME_SERVER2; + fixture.expected_ctx->extra.client.npn_protocols = + OPENSSL_strdup("foo,bar"); + TEST_check(fixture.expected_ctx->extra.client.npn_protocols != NULL); + + fixture.expected_ctx->extra.server.servername_callback = + SSL_TEST_SERVERNAME_IGNORE_MISMATCH; + fixture.expected_ctx->extra.server.broken_session_ticket = 1; + + fixture.expected_ctx->resume_extra.server2.alpn_protocols = + OPENSSL_strdup("baz"); + TEST_check( + fixture.expected_ctx->resume_extra.server2.alpn_protocols != NULL); + + fixture.expected_ctx->resume_extra.client.ct_validation = + SSL_TEST_CT_VALIDATION_STRICT; + + EXECUTE_SSL_TEST_CTX_TEST(); +} + +static const char *bad_configurations[] = { + "ssltest_unknown_option", + "ssltest_wrong_section", + "ssltest_unknown_expected_result", + "ssltest_unknown_alert", + "ssltest_unknown_protocol", + "ssltest_unknown_verify_callback", + "ssltest_unknown_servername", + "ssltest_unknown_servername_callback", + "ssltest_unknown_session_ticket_expected", + "ssltest_unknown_method", + "ssltest_unknown_handshake_mode", + "ssltest_unknown_resumption_expected", + "ssltest_unknown_ct_validation", +}; + +static int test_bad_configuration(int idx) +{ + SETUP_SSL_TEST_CTX_TEST_FIXTURE(); + fixture.test_section = bad_configurations[idx]; + EXECUTE_SSL_TEST_CTX_FAILURE_TEST(); +} + +int main(int argc, char **argv) +{ + int result = 0; + + if (argc != 2) + return 1; + + conf = NCONF_new(NULL); + TEST_check(conf != NULL); + + /* argv[1] should point to test/ssl_test_ctx_test.conf */ + TEST_check(NCONF_load(conf, argv[1], NULL) > 0); + + ADD_TEST(test_empty_configuration); + ADD_TEST(test_good_configuration); + ADD_ALL_TESTS(test_bad_configuration, OSSL_NELEM(bad_configurations)); + + result = run_tests(argv[0]); + + NCONF_free(conf); + + return result; +} diff --git a/openssl-1.1.0h/test/ssl_test_ctx_test.conf b/openssl-1.1.0h/test/ssl_test_ctx_test.conf new file mode 100644 index 0000000..a062d75 --- /dev/null +++ b/openssl-1.1.0h/test/ssl_test_ctx_test.conf @@ -0,0 +1,88 @@ +[ssltest_default] + +[ssltest_good] +client = ssltest_good_client_extra +server = ssltest_good_server_extra +resume-server2 = ssltest_good_resume_server2_extra +resume-client = ssltest_good_resume_client_extra + +Method = DTLS +HandshakeMode = Resume +ApplicationData = 1024 +MaxFragmentSize = 2048 + +ExpectedResult = ServerFail +ExpectedClientAlert = UnknownCA +ExpectedProtocol = TLSv1.1 +ExpectedServerName = server2 +SessionTicketExpected = Yes +ResumptionExpected = Yes + +[ssltest_good_client_extra] +VerifyCallback = RejectAll +ServerName = server2 +NPNProtocols = foo,bar + +[ssltest_good_resume_client_extra] +CTValidation = Strict + +[ssltest_good_server_extra] +ServerNameCallback = IgnoreMismatch +BrokenSessionTicket = Yes + +[ssltest_good_resume_server2_extra] +ALPNProtocols = baz + +[ssltest_unknown_option] +UnknownOption = Foo + +[ssltest_wrong_section] +server = ssltest_wrong_section_server + +[ssltest_wrong_section_server] +VerifyCallback = RejectAll + +[ssltest_unknown_expected_result] +ExpectedResult = Foo + +[ssltest_unknown_alert] +ExpectedServerAlert = Foo + +[ssltest_unknown_protocol] +Protocol = Foo + +[ssltest_unknown_verify_callback] +client = ssltest_unknown_verify_callback_client + +[ssltest_unknown_verify_callback_client] +VerifyCallback = Foo + +[ssltest_unknown_servername] +client = ssltest_unknown_servername_client + +[ssltest_unknown_servername_client] +ServerName = Foo + +[ssltest_unknown_servername_callback] +server = ssltest_unknown_servername_server + +[ssltest_unknown_servername_server] +ServerNameCallback = Foo + +[ssltest_unknown_session_ticket_expected] +SessionTicketExpected = Foo + +[ssltest_unknown_method] +Method = TLS2 + +[ssltest_unknown_handshake_mode] +HandshakeMode = Foo + +[ssltest_unknown_resumption_expected] +ResumptionExpected = Foo + +[ssltest_unknown_ct_validation] +client = ssltest_unknown_ct_validation_client + +[ssltest_unknown_ct_validation_client] +CTCallback = Foo diff --git a/openssl-1.1.0h/test/sslapitest.c b/openssl-1.1.0h/test/sslapitest.c new file mode 100644 index 0000000..77e8f2e --- /dev/null +++ b/openssl-1.1.0h/test/sslapitest.c @@ -0,0 +1,1262 @@ +/* + * Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#include + +#include +#include +#include +#include +#include + +#include "ssltestlib.h" +#include "testutil.h" +#include "e_os.h" + +static char *cert = NULL; +static char *privkey = NULL; + +#ifndef OPENSSL_NO_OCSP +static const unsigned char orespder[] = "Dummy OCSP Response"; +static int ocsp_server_called = 0; +static int ocsp_client_called = 0; + +static int cdummyarg = 1; +static X509 *ocspcert = NULL; +#endif + +#define NUM_EXTRA_CERTS 40 + +static int execute_test_large_message(const SSL_METHOD *smeth, + const SSL_METHOD *cmeth, + int min_version, int max_version, + int read_ahead) +{ + SSL_CTX *cctx = NULL, *sctx = NULL; + SSL *clientssl = NULL, *serverssl = NULL; + int testresult = 0; + int i; + BIO *certbio = BIO_new_file(cert, "r"); + X509 *chaincert = NULL; + int certlen; + + if (certbio == NULL) { + printf("Can't load the certificate file\n"); + goto end; + } + chaincert = PEM_read_bio_X509(certbio, NULL, NULL, NULL); + BIO_free(certbio); + certbio = NULL; + if (chaincert == NULL) { + printf("Unable to load certificate for chain\n"); + goto end; + } + + if (!create_ssl_ctx_pair(smeth, cmeth, min_version, max_version, &sctx, + &cctx, cert, privkey)) { + printf("Unable to create SSL_CTX pair\n"); + goto end; + } + + if(read_ahead) { + /* + * Test that read_ahead works correctly when dealing with large + * records + */ + SSL_CTX_set_read_ahead(cctx, 1); + } + + /* + * We assume the supplied certificate is big enough so that if we add + * NUM_EXTRA_CERTS it will make the overall message large enough. The + * default buffer size is requested to be 16k, but due to the way BUF_MEM + * works, it ends up allocating a little over 21k (16 * 4/3). So, in this test + * we need to have a message larger than that. + */ + certlen = i2d_X509(chaincert, NULL); + OPENSSL_assert((certlen * NUM_EXTRA_CERTS) + > ((SSL3_RT_MAX_PLAIN_LENGTH * 4) / 3)); + for (i = 0; i < NUM_EXTRA_CERTS; i++) { + if (!X509_up_ref(chaincert)) { + printf("Unable to up ref cert\n"); + goto end; + } + if (!SSL_CTX_add_extra_chain_cert(sctx, chaincert)) { + printf("Unable to add extra chain cert %d\n", i); + X509_free(chaincert); + goto end; + } + } + + if (!create_ssl_objects(sctx, cctx, &serverssl, &clientssl, NULL, NULL)) { + printf("Unable to create SSL objects\n"); + goto end; + } + + if (!create_ssl_connection(serverssl, clientssl)) { + printf("Unable to create SSL connection\n"); + goto end; + } + + /* + * Calling SSL_clear() first is not required but this tests that SSL_clear() + * doesn't leak (when using enable-crypto-mdebug). + */ + if (!SSL_clear(serverssl)) { + printf("Unexpected failure from SSL_clear()\n"); + goto end; + } + + testresult = 1; + end: + X509_free(chaincert); + SSL_free(serverssl); + SSL_free(clientssl); + SSL_CTX_free(sctx); + SSL_CTX_free(cctx); + + return testresult; +} + +static int test_large_message_tls(void) +{ + return execute_test_large_message(TLS_server_method(), TLS_client_method(), + TLS1_VERSION, TLS_MAX_VERSION, + 0); +} + +static int test_large_message_tls_read_ahead(void) +{ + return execute_test_large_message(TLS_server_method(), TLS_client_method(), + TLS1_VERSION, TLS_MAX_VERSION, + 1); +} + +#ifndef OPENSSL_NO_DTLS +static int test_large_message_dtls(void) +{ + /* + * read_ahead is not relevant to DTLS because DTLS always acts as if + * read_ahead is set. + */ + return execute_test_large_message(DTLS_server_method(), + DTLS_client_method(), + DTLS1_VERSION, DTLS_MAX_VERSION, + 0); +} +#endif + +#ifndef OPENSSL_NO_OCSP +static int ocsp_server_cb(SSL *s, void *arg) +{ + int *argi = (int *)arg; + unsigned char *orespdercopy = NULL; + STACK_OF(OCSP_RESPID) *ids = NULL; + OCSP_RESPID *id = NULL; + + if (*argi == 2) { + /* In this test we are expecting exactly 1 OCSP_RESPID */ + SSL_get_tlsext_status_ids(s, &ids); + if (ids == NULL || sk_OCSP_RESPID_num(ids) != 1) + return SSL_TLSEXT_ERR_ALERT_FATAL; + + id = sk_OCSP_RESPID_value(ids, 0); + if (id == NULL || !OCSP_RESPID_match(id, ocspcert)) + return SSL_TLSEXT_ERR_ALERT_FATAL; + } else if (*argi != 1) { + return SSL_TLSEXT_ERR_ALERT_FATAL; + } + + + orespdercopy = OPENSSL_memdup(orespder, sizeof(orespder)); + if (orespdercopy == NULL) + return SSL_TLSEXT_ERR_ALERT_FATAL; + + SSL_set_tlsext_status_ocsp_resp(s, orespdercopy, sizeof(orespder)); + + ocsp_server_called = 1; + + return SSL_TLSEXT_ERR_OK; +} + +static int ocsp_client_cb(SSL *s, void *arg) +{ + int *argi = (int *)arg; + const unsigned char *respderin; + size_t len; + + if (*argi != 1 && *argi != 2) + return 0; + + len = SSL_get_tlsext_status_ocsp_resp(s, &respderin); + + if (memcmp(orespder, respderin, len) != 0) + return 0; + + ocsp_client_called = 1; + + return 1; +} + +static int test_tlsext_status_type(void) +{ + SSL_CTX *cctx = NULL, *sctx = NULL; + SSL *clientssl = NULL, *serverssl = NULL; + int testresult = 0; + STACK_OF(OCSP_RESPID) *ids = NULL; + OCSP_RESPID *id = NULL; + BIO *certbio = NULL; + + if (!create_ssl_ctx_pair(TLS_server_method(), TLS_client_method(), + TLS1_VERSION, TLS_MAX_VERSION, &sctx, &cctx, + cert, privkey)) { + printf("Unable to create SSL_CTX pair\n"); + return 0; + } + + if (SSL_CTX_get_tlsext_status_type(cctx) != -1) { + printf("Unexpected initial value for " + "SSL_CTX_get_tlsext_status_type()\n"); + goto end; + } + + /* First just do various checks getting and setting tlsext_status_type */ + + clientssl = SSL_new(cctx); + if (SSL_get_tlsext_status_type(clientssl) != -1) { + printf("Unexpected initial value for SSL_get_tlsext_status_type()\n"); + goto end; + } + + if (!SSL_set_tlsext_status_type(clientssl, TLSEXT_STATUSTYPE_ocsp)) { + printf("Unexpected fail for SSL_set_tlsext_status_type()\n"); + goto end; + } + + if (SSL_get_tlsext_status_type(clientssl) != TLSEXT_STATUSTYPE_ocsp) { + printf("Unexpected result for SSL_get_tlsext_status_type()\n"); + goto end; + } + + SSL_free(clientssl); + clientssl = NULL; + + if (!SSL_CTX_set_tlsext_status_type(cctx, TLSEXT_STATUSTYPE_ocsp)) { + printf("Unexpected fail for SSL_CTX_set_tlsext_status_type()\n"); + goto end; + } + + if (SSL_CTX_get_tlsext_status_type(cctx) != TLSEXT_STATUSTYPE_ocsp) { + printf("Unexpected result for SSL_CTX_get_tlsext_status_type()\n"); + goto end; + } + + clientssl = SSL_new(cctx); + + if (SSL_get_tlsext_status_type(clientssl) != TLSEXT_STATUSTYPE_ocsp) { + printf("Unexpected result for SSL_get_tlsext_status_type() (test 2)\n"); + goto end; + } + + SSL_free(clientssl); + clientssl = NULL; + + /* + * Now actually do a handshake and check OCSP information is exchanged and + * the callbacks get called + */ + + SSL_CTX_set_tlsext_status_cb(cctx, ocsp_client_cb); + SSL_CTX_set_tlsext_status_arg(cctx, &cdummyarg); + SSL_CTX_set_tlsext_status_cb(sctx, ocsp_server_cb); + SSL_CTX_set_tlsext_status_arg(sctx, &cdummyarg); + + if (!create_ssl_objects(sctx, cctx, &serverssl, &clientssl, NULL, NULL)) { + printf("Unable to create SSL objects\n"); + goto end; + } + + if (!create_ssl_connection(serverssl, clientssl)) { + printf("Unable to create SSL connection\n"); + goto end; + } + + if (!ocsp_client_called || !ocsp_server_called) { + printf("OCSP callbacks not called\n"); + goto end; + } + + SSL_free(serverssl); + SSL_free(clientssl); + serverssl = NULL; + clientssl = NULL; + + /* Try again but this time force the server side callback to fail */ + ocsp_client_called = 0; + ocsp_server_called = 0; + cdummyarg = 0; + + if (!create_ssl_objects(sctx, cctx, &serverssl, &clientssl, NULL, NULL)) { + printf("Unable to create SSL objects\n"); + goto end; + } + + /* This should fail because the callback will fail */ + if (create_ssl_connection(serverssl, clientssl)) { + printf("Unexpected success creating the connection\n"); + goto end; + } + + if (ocsp_client_called || ocsp_server_called) { + printf("OCSP callbacks successfully called unexpectedly\n"); + goto end; + } + + SSL_free(serverssl); + SSL_free(clientssl); + serverssl = NULL; + clientssl = NULL; + + /* + * This time we'll get the client to send an OCSP_RESPID that it will + * accept. + */ + ocsp_client_called = 0; + ocsp_server_called = 0; + cdummyarg = 2; + + if (!create_ssl_objects(sctx, cctx, &serverssl, &clientssl, NULL, NULL)) { + printf("Unable to create SSL objects\n"); + goto end; + } + + /* + * We'll just use any old cert for this test - it doesn't have to be an OCSP + * specific one. We'll use the server cert. + */ + certbio = BIO_new_file(cert, "r"); + if (certbio == NULL) { + printf("Can't load the certificate file\n"); + goto end; + } + id = OCSP_RESPID_new(); + ids = sk_OCSP_RESPID_new_null(); + ocspcert = PEM_read_bio_X509(certbio, NULL, NULL, NULL); + if (id == NULL || ids == NULL || ocspcert == NULL + || !OCSP_RESPID_set_by_key(id, ocspcert) + || !sk_OCSP_RESPID_push(ids, id)) { + printf("Unable to set OCSP_RESPIDs\n"); + goto end; + } + id = NULL; + SSL_set_tlsext_status_ids(clientssl, ids); + /* Control has been transferred */ + ids = NULL; + + BIO_free(certbio); + certbio = NULL; + + if (!create_ssl_connection(serverssl, clientssl)) { + printf("Unable to create SSL connection\n"); + goto end; + } + + if (!ocsp_client_called || !ocsp_server_called) { + printf("OCSP callbacks not called\n"); + goto end; + } + + testresult = 1; + + end: + SSL_free(serverssl); + SSL_free(clientssl); + SSL_CTX_free(sctx); + SSL_CTX_free(cctx); + sk_OCSP_RESPID_pop_free(ids, OCSP_RESPID_free); + OCSP_RESPID_free(id); + BIO_free(certbio); + X509_free(ocspcert); + ocspcert = NULL; + + return testresult; +} +#endif /* ndef OPENSSL_NO_OCSP */ + +typedef struct ssl_session_test_fixture { + const char *test_case_name; + int use_ext_cache; + int use_int_cache; +} SSL_SESSION_TEST_FIXTURE; + +static int new_called = 0, remove_called = 0; + +static SSL_SESSION_TEST_FIXTURE +ssl_session_set_up(const char *const test_case_name) +{ + SSL_SESSION_TEST_FIXTURE fixture; + + fixture.test_case_name = test_case_name; + fixture.use_ext_cache = 1; + fixture.use_int_cache = 1; + + new_called = remove_called = 0; + + return fixture; +} + +static void ssl_session_tear_down(SSL_SESSION_TEST_FIXTURE fixture) +{ +} + +static int new_session_cb(SSL *ssl, SSL_SESSION *sess) +{ + new_called++; + + return 1; +} + +static void remove_session_cb(SSL_CTX *ctx, SSL_SESSION *sess) +{ + remove_called++; +} + +static int execute_test_session(SSL_SESSION_TEST_FIXTURE fix) +{ + SSL_CTX *sctx = NULL, *cctx = NULL; + SSL *serverssl1 = NULL, *clientssl1 = NULL; + SSL *serverssl2 = NULL, *clientssl2 = NULL; +#ifndef OPENSSL_NO_TLS1_1 + SSL *serverssl3 = NULL, *clientssl3 = NULL; +#endif + SSL_SESSION *sess1 = NULL, *sess2 = NULL; + int testresult = 0; + + if (!create_ssl_ctx_pair(TLS_server_method(), TLS_client_method(), + TLS1_VERSION, TLS_MAX_VERSION, &sctx, &cctx, + cert, privkey)) { + printf("Unable to create SSL_CTX pair\n"); + return 0; + } + +#ifndef OPENSSL_NO_TLS1_2 + /* Only allow TLS1.2 so we can force a connection failure later */ + SSL_CTX_set_min_proto_version(cctx, TLS1_2_VERSION); +#endif + + /* Set up session cache */ + if (fix.use_ext_cache) { + SSL_CTX_sess_set_new_cb(cctx, new_session_cb); + SSL_CTX_sess_set_remove_cb(cctx, remove_session_cb); + } + if (fix.use_int_cache) { + /* Also covers instance where both are set */ + SSL_CTX_set_session_cache_mode(cctx, SSL_SESS_CACHE_CLIENT); + } else { + SSL_CTX_set_session_cache_mode(cctx, + SSL_SESS_CACHE_CLIENT + | SSL_SESS_CACHE_NO_INTERNAL_STORE); + } + + if (!create_ssl_objects(sctx, cctx, &serverssl1, &clientssl1, NULL, + NULL)) { + printf("Unable to create SSL objects\n"); + goto end; + } + + if (!create_ssl_connection(serverssl1, clientssl1)) { + printf("Unable to create SSL connection\n"); + goto end; + } + sess1 = SSL_get1_session(clientssl1); + if (sess1 == NULL) { + printf("Unexpected NULL session\n"); + goto end; + } + + if (fix.use_int_cache && SSL_CTX_add_session(cctx, sess1)) { + /* Should have failed because it should already be in the cache */ + printf("Unexpected success adding session to cache\n"); + goto end; + } + + if (fix.use_ext_cache && (new_called != 1 || remove_called != 0)) { + printf("Session not added to cache\n"); + goto end; + } + + if (!create_ssl_objects(sctx, cctx, &serverssl2, &clientssl2, NULL, NULL)) { + printf("Unable to create second SSL objects\n"); + goto end; + } + + if (!create_ssl_connection(serverssl2, clientssl2)) { + printf("Unable to create second SSL connection\n"); + goto end; + } + + sess2 = SSL_get1_session(clientssl2); + if (sess2 == NULL) { + printf("Unexpected NULL session from clientssl2\n"); + goto end; + } + + if (fix.use_ext_cache && (new_called != 2 || remove_called != 0)) { + printf("Remove session callback unexpectedly called\n"); + goto end; + } + + /* + * This should clear sess2 from the cache because it is a "bad" session. See + * SSL_set_session() documentation. + */ + if (!SSL_set_session(clientssl2, sess1)) { + printf("Unexpected failure setting session\n"); + goto end; + } + + if (fix.use_ext_cache && (new_called != 2 || remove_called != 1)) { + printf("Failed to call callback to remove session\n"); + goto end; + } + + + if (SSL_get_session(clientssl2) != sess1) { + printf("Unexpected session found\n"); + goto end; + } + + if (fix.use_int_cache) { + if (!SSL_CTX_add_session(cctx, sess2)) { + /* + * Should have succeeded because it should not already be in the cache + */ + printf("Unexpected failure adding session to cache\n"); + goto end; + } + + if (!SSL_CTX_remove_session(cctx, sess2)) { + printf("Unexpected failure removing session from cache\n"); + goto end; + } + + /* This is for the purposes of internal cache testing...ignore the + * counter for external cache + */ + if (fix.use_ext_cache) + remove_called--; + } + + /* This shouldn't be in the cache so should fail */ + if (SSL_CTX_remove_session(cctx, sess2)) { + printf("Unexpected success removing session from cache\n"); + goto end; + } + + if (fix.use_ext_cache && (new_called != 2 || remove_called != 2)) { + printf("Failed to call callback to remove session #2\n"); + goto end; + } + +#if !defined(OPENSSL_NO_TLS1_1) && !defined(OPENSSL_NO_TLS1_2) + /* Force a connection failure */ + SSL_CTX_set_max_proto_version(sctx, TLS1_1_VERSION); + + if (!create_ssl_objects(sctx, cctx, &serverssl3, &clientssl3, NULL, NULL)) { + printf("Unable to create third SSL objects\n"); + goto end; + } + + if (!SSL_set_session(clientssl3, sess1)) { + printf("Unable to set session for third connection\n"); + goto end; + } + + /* This should fail because of the mismatched protocol versions */ + if (create_ssl_connection(serverssl3, clientssl3)) { + printf("Unable to create third SSL connection\n"); + goto end; + } + + + /* We should have automatically removed the session from the cache */ + if (fix.use_ext_cache && (new_called != 2 || remove_called != 3)) { + printf("Failed to call callback to remove session #2\n"); + goto end; + } + + if (fix.use_int_cache && !SSL_CTX_add_session(cctx, sess2)) { + /* + * Should have succeeded because it should not already be in the cache + */ + printf("Unexpected failure adding session to cache #2\n"); + goto end; + } +#endif + + testresult = 1; + + end: + SSL_free(serverssl1); + SSL_free(clientssl1); + SSL_free(serverssl2); + SSL_free(clientssl2); +#ifndef OPENSSL_NO_TLS1_1 + SSL_free(serverssl3); + SSL_free(clientssl3); +#endif + SSL_SESSION_free(sess1); + SSL_SESSION_free(sess2); + /* + * Check if we need to remove any sessions up-refed for the external cache + */ + if (new_called >= 1) + SSL_SESSION_free(sess1); + if (new_called >= 2) + SSL_SESSION_free(sess2); + SSL_CTX_free(sctx); + SSL_CTX_free(cctx); + + return testresult; +} + +static int test_session_with_only_int_cache(void) +{ + SETUP_TEST_FIXTURE(SSL_SESSION_TEST_FIXTURE, ssl_session_set_up); + + fixture.use_ext_cache = 0; + + EXECUTE_TEST(execute_test_session, ssl_session_tear_down); +} + +static int test_session_with_only_ext_cache(void) +{ + SETUP_TEST_FIXTURE(SSL_SESSION_TEST_FIXTURE, ssl_session_set_up); + + fixture.use_int_cache = 0; + + EXECUTE_TEST(execute_test_session, ssl_session_tear_down); +} + +static int test_session_with_both_cache(void) +{ + SETUP_TEST_FIXTURE(SSL_SESSION_TEST_FIXTURE, ssl_session_set_up); + + EXECUTE_TEST(execute_test_session, ssl_session_tear_down); +} + +#define USE_NULL 0 +#define USE_BIO_1 1 +#define USE_BIO_2 2 + +#define TOTAL_SSL_SET_BIO_TESTS (3 * 3 * 3 * 3) + +static void setupbio(BIO **res, BIO *bio1, BIO *bio2, int type) +{ + switch (type) { + case USE_NULL: + *res = NULL; + break; + case USE_BIO_1: + *res = bio1; + break; + case USE_BIO_2: + *res = bio2; + break; + } +} + +static int test_ssl_set_bio(int idx) +{ + SSL_CTX *ctx = SSL_CTX_new(TLS_method()); + BIO *bio1 = NULL; + BIO *bio2 = NULL; + BIO *irbio = NULL, *iwbio = NULL, *nrbio = NULL, *nwbio = NULL; + SSL *ssl = NULL; + int initrbio, initwbio, newrbio, newwbio; + int testresult = 0; + + if (ctx == NULL) { + printf("Failed to allocate SSL_CTX\n"); + goto end; + } + + ssl = SSL_new(ctx); + if (ssl == NULL) { + printf("Failed to allocate SSL object\n"); + goto end; + } + + initrbio = idx % 3; + idx /= 3; + initwbio = idx % 3; + idx /= 3; + newrbio = idx % 3; + idx /= 3; + newwbio = idx; + OPENSSL_assert(newwbio <= 2); + + if (initrbio == USE_BIO_1 || initwbio == USE_BIO_1 || newrbio == USE_BIO_1 + || newwbio == USE_BIO_1) { + bio1 = BIO_new(BIO_s_mem()); + if (bio1 == NULL) { + printf("Failed to allocate bio1\n"); + goto end; + } + } + + if (initrbio == USE_BIO_2 || initwbio == USE_BIO_2 || newrbio == USE_BIO_2 + || newwbio == USE_BIO_2) { + bio2 = BIO_new(BIO_s_mem()); + if (bio2 == NULL) { + printf("Failed to allocate bio2\n"); + goto end; + } + } + + setupbio(&irbio, bio1, bio2, initrbio); + setupbio(&iwbio, bio1, bio2, initwbio); + + /* + * We want to maintain our own refs to these BIO, so do an up ref for each + * BIO that will have ownership transferred in the SSL_set_bio() call + */ + if (irbio != NULL) + BIO_up_ref(irbio); + if (iwbio != NULL && iwbio != irbio) + BIO_up_ref(iwbio); + + SSL_set_bio(ssl, irbio, iwbio); + + setupbio(&nrbio, bio1, bio2, newrbio); + setupbio(&nwbio, bio1, bio2, newwbio); + + /* + * We will (maybe) transfer ownership again so do more up refs. + * SSL_set_bio() has some really complicated ownership rules where BIOs have + * already been set! + */ + if (nrbio != NULL && nrbio != irbio && (nwbio != iwbio || nrbio != nwbio)) + BIO_up_ref(nrbio); + if (nwbio != NULL && nwbio != nrbio && (nwbio != iwbio || (nwbio == iwbio && irbio == iwbio))) + BIO_up_ref(nwbio); + + SSL_set_bio(ssl, nrbio, nwbio); + + testresult = 1; + + end: + SSL_free(ssl); + BIO_free(bio1); + BIO_free(bio2); + /* + * This test is checking that the ref counting for SSL_set_bio is correct. + * If we get here and we did too many frees then we will fail in the above + * functions. If we haven't done enough then this will only be detected in + * a crypto-mdebug build + */ + SSL_CTX_free(ctx); + + return testresult; +} + +typedef struct ssl_bio_test_fixture { + const char *test_case_name; + int pop_ssl; + enum { NO_BIO_CHANGE, CHANGE_RBIO, CHANGE_WBIO } change_bio; +} SSL_BIO_TEST_FIXTURE; + +static SSL_BIO_TEST_FIXTURE ssl_bio_set_up(const char *const test_case_name) +{ + SSL_BIO_TEST_FIXTURE fixture; + + fixture.test_case_name = test_case_name; + fixture.pop_ssl = 0; + fixture.change_bio = NO_BIO_CHANGE; + + return fixture; +} + +static void ssl_bio_tear_down(SSL_BIO_TEST_FIXTURE fixture) +{ +} + +static int execute_test_ssl_bio(SSL_BIO_TEST_FIXTURE fix) +{ + BIO *sslbio = NULL, *membio1 = NULL, *membio2 = NULL; + SSL_CTX *ctx = SSL_CTX_new(TLS_method()); + SSL *ssl = NULL; + int testresult = 0; + + if (ctx == NULL) { + printf("Failed to allocate SSL_CTX\n"); + return 0; + } + + ssl = SSL_new(ctx); + if (ssl == NULL) { + printf("Failed to allocate SSL object\n"); + goto end; + } + + sslbio = BIO_new(BIO_f_ssl()); + membio1 = BIO_new(BIO_s_mem()); + + if (sslbio == NULL || membio1 == NULL) { + printf("Malloc failure creating BIOs\n"); + goto end; + } + + BIO_set_ssl(sslbio, ssl, BIO_CLOSE); + + /* + * If anything goes wrong here then we could leak memory, so this will + * be caught in a crypto-mdebug build + */ + BIO_push(sslbio, membio1); + + /* Verify changing the rbio/wbio directly does not cause leaks */ + if (fix.change_bio != NO_BIO_CHANGE) { + membio2 = BIO_new(BIO_s_mem()); + if (membio2 == NULL) { + printf("Malloc failure creating membio2\n"); + goto end; + } + if (fix.change_bio == CHANGE_RBIO) + SSL_set0_rbio(ssl, membio2); + else + SSL_set0_wbio(ssl, membio2); + } + ssl = NULL; + + if (fix.pop_ssl) + BIO_pop(sslbio); + else + BIO_pop(membio1); + + testresult = 1; + end: + BIO_free(membio1); + BIO_free(sslbio); + SSL_free(ssl); + SSL_CTX_free(ctx); + + return testresult; +} + +static int test_ssl_bio_pop_next_bio(void) +{ + SETUP_TEST_FIXTURE(SSL_BIO_TEST_FIXTURE, ssl_bio_set_up); + + EXECUTE_TEST(execute_test_ssl_bio, ssl_bio_tear_down); +} + +static int test_ssl_bio_pop_ssl_bio(void) +{ + SETUP_TEST_FIXTURE(SSL_BIO_TEST_FIXTURE, ssl_bio_set_up); + + fixture.pop_ssl = 1; + + EXECUTE_TEST(execute_test_ssl_bio, ssl_bio_tear_down); +} + +static int test_ssl_bio_change_rbio(void) +{ + SETUP_TEST_FIXTURE(SSL_BIO_TEST_FIXTURE, ssl_bio_set_up); + + fixture.change_bio = CHANGE_RBIO; + + EXECUTE_TEST(execute_test_ssl_bio, ssl_bio_tear_down); +} + +static int test_ssl_bio_change_wbio(void) +{ + SETUP_TEST_FIXTURE(SSL_BIO_TEST_FIXTURE, ssl_bio_set_up); + + fixture.change_bio = CHANGE_WBIO; + + EXECUTE_TEST(execute_test_ssl_bio, ssl_bio_tear_down); +} + +typedef struct { + /* The list of sig algs */ + const int *list; + /* The length of the list */ + size_t listlen; + /* A sigalgs list in string format */ + const char *liststr; + /* Whether setting the list should succeed */ + int valid; + /* Whether creating a connection with the list should succeed */ + int connsuccess; +} sigalgs_list; + +static const int validlist1[] = {NID_sha256, EVP_PKEY_RSA}; +static const int validlist2[] = {NID_sha256, EVP_PKEY_RSA, NID_sha512, EVP_PKEY_EC}; +static const int validlist3[] = {NID_sha512, EVP_PKEY_EC}; +static const int invalidlist1[] = {NID_undef, EVP_PKEY_RSA}; +static const int invalidlist2[] = {NID_sha256, NID_undef}; +static const int invalidlist3[] = {NID_sha256, EVP_PKEY_RSA, NID_sha256}; +static const int invalidlist4[] = {NID_sha256}; +static const sigalgs_list testsigalgs[] = { + {validlist1, OSSL_NELEM(validlist1), NULL, 1, 1}, + {validlist2, OSSL_NELEM(validlist2), NULL, 1, 1}, + {validlist3, OSSL_NELEM(validlist3), NULL, 1, 0}, + {NULL, 0, "RSA+SHA256", 1, 1}, + {NULL, 0, "RSA+SHA256:ECDSA+SHA512", 1, 1}, + {NULL, 0, "ECDSA+SHA512", 1, 0}, + {invalidlist1, OSSL_NELEM(invalidlist1), NULL, 0, 0}, + {invalidlist2, OSSL_NELEM(invalidlist2), NULL, 0, 0}, + {invalidlist3, OSSL_NELEM(invalidlist3), NULL, 0, 0}, + {invalidlist4, OSSL_NELEM(invalidlist4), NULL, 0, 0}, + {NULL, 0, "RSA", 0, 0}, + {NULL, 0, "SHA256", 0, 0}, + {NULL, 0, "RSA+SHA256:SHA256", 0, 0}, + {NULL, 0, "Invalid", 0, 0}}; + +static int test_set_sigalgs(int idx) +{ + SSL_CTX *cctx = NULL, *sctx = NULL; + SSL *clientssl = NULL, *serverssl = NULL; + int testresult = 0; + const sigalgs_list *curr; + int testctx; + + /* Should never happen */ + if ((size_t)idx >= OSSL_NELEM(testsigalgs) * 2) + return 0; + + testctx = ((size_t)idx < OSSL_NELEM(testsigalgs)); + curr = testctx ? &testsigalgs[idx] + : &testsigalgs[idx - OSSL_NELEM(testsigalgs)]; + + if (!create_ssl_ctx_pair(TLS_server_method(), TLS_client_method(), + TLS1_VERSION, TLS_MAX_VERSION, &sctx, &cctx, + cert, privkey)) { + printf("Unable to create SSL_CTX pair\n"); + return 0; + } + + if (testctx) { + int ret; + if (curr->list != NULL) + ret = SSL_CTX_set1_sigalgs(cctx, curr->list, curr->listlen); + else + ret = SSL_CTX_set1_sigalgs_list(cctx, curr->liststr); + + if (!ret) { + if (curr->valid) + printf("Unexpected failure setting sigalgs in SSL_CTX (%d)\n", + idx); + else + testresult = 1; + goto end; + } + if (!curr->valid) { + printf("Unexpected success setting sigalgs in SSL_CTX (%d)\n", idx); + goto end; + } + } + + if (!create_ssl_objects(sctx, cctx, &serverssl, &clientssl, NULL, NULL)) { + printf("Unable to create SSL objects\n"); + goto end; + } + + if (!testctx) { + int ret; + + if (curr->list != NULL) + ret = SSL_set1_sigalgs(clientssl, curr->list, curr->listlen); + else + ret = SSL_set1_sigalgs_list(clientssl, curr->liststr); + if (!ret) { + if (curr->valid) + printf("Unexpected failure setting sigalgs in SSL (%d)\n", idx); + else + testresult = 1; + goto end; + } + if (!curr->valid) { + printf("Unexpected success setting sigalgs in SSL (%d)\n", idx); + goto end; + } + } + + if (curr->connsuccess != create_ssl_connection(serverssl, clientssl)) { + printf("Unexpected return value creating SSL connection (%d)\n", idx); + goto end; + } + + testresult = 1; + + end: + SSL_free(serverssl); + SSL_free(clientssl); + SSL_CTX_free(sctx); + SSL_CTX_free(cctx); + + return testresult; +} + +static int clntaddcb = 0; +static int clntparsecb = 0; +static int srvaddcb = 0; +static int srvparsecb = 0; +static int snicb = 0; + +#define TEST_EXT_TYPE1 0xff00 + +static int add_cb(SSL *s, unsigned int ext_type, const unsigned char **out, + size_t *outlen, int *al, void *add_arg) +{ + int *server = (int *)add_arg; + unsigned char *data; + + if (SSL_is_server(s)) + srvaddcb++; + else + clntaddcb++; + + if (*server != SSL_is_server(s) + || (data = OPENSSL_malloc(sizeof(*data))) == NULL) + return -1; + + *data = 1; + *out = data; + *outlen = sizeof(char); + return 1; +} + +static void free_cb(SSL *s, unsigned int ext_type, const unsigned char *out, + void *add_arg) +{ + OPENSSL_free((unsigned char *)out); +} + +static int parse_cb(SSL *s, unsigned int ext_type, const unsigned char *in, + size_t inlen, int *al, void *parse_arg) +{ + int *server = (int *)parse_arg; + + if (SSL_is_server(s)) + srvparsecb++; + else + clntparsecb++; + + if (*server != SSL_is_server(s) + || inlen != sizeof(char) + || *in != 1) + return -1; + + return 1; +} + +static int sni_cb(SSL *s, int *al, void *arg) +{ + SSL_CTX *ctx = (SSL_CTX *)arg; + + if (SSL_set_SSL_CTX(s, ctx) == NULL) { + *al = SSL_AD_INTERNAL_ERROR; + return SSL_TLSEXT_ERR_ALERT_FATAL; + } + snicb++; + return SSL_TLSEXT_ERR_OK; +} + +/* + * Custom call back tests. + * Test 0: callbacks in TLSv1.2 + * Test 1: callbacks in TLSv1.2 with SNI + */ +static int test_custom_exts(int tst) +{ + SSL_CTX *cctx = NULL, *sctx = NULL, *sctx2 = NULL; + SSL *clientssl = NULL, *serverssl = NULL; + int testresult = 0; + static int server = 1; + static int client = 0; + SSL_SESSION *sess = NULL; + + /* Reset callback counters */ + clntaddcb = clntparsecb = srvaddcb = srvparsecb = 0; + snicb = 0; + + if (!create_ssl_ctx_pair(TLS_server_method(), TLS_client_method(), + TLS1_VERSION, TLS_MAX_VERSION, &sctx, &cctx, + cert, privkey)) { + printf("Unable to create SSL_CTX pair\n"); + goto end; + } + + if (tst == 1 + && !create_ssl_ctx_pair(TLS_server_method(), NULL, + TLS1_VERSION, TLS_MAX_VERSION, &sctx2, NULL, + cert, privkey)) { + printf("Unable to create SSL_CTX pair (2)\n"); + goto end; + } + + /* Create a client side custom extension */ + if (!SSL_CTX_add_client_custom_ext(cctx, TEST_EXT_TYPE1, add_cb, free_cb, + &client, parse_cb, &client)) { + printf("Unable to add client custom extension\n"); + goto end; + } + + /* Should not be able to add duplicates */ + if (SSL_CTX_add_client_custom_ext(cctx, TEST_EXT_TYPE1, add_cb, free_cb, + &client, parse_cb, &client)) { + printf("Unexpected success adding duplicate extension\n"); + goto end; + } + + /* Create a server side custom extension */ + if (!SSL_CTX_add_server_custom_ext(sctx, TEST_EXT_TYPE1, add_cb, free_cb, + &server, parse_cb, &server)) { + printf("Unable to add server custom extension\n"); + goto end; + } + if (sctx2 != NULL + && !SSL_CTX_add_server_custom_ext(sctx2, TEST_EXT_TYPE1, + add_cb, free_cb, + &server, parse_cb, + &server)) { + printf("Unable to add server custom extension for SNI\n"); + goto end; + } + + /* Should not be able to add duplicates */ + if (SSL_CTX_add_server_custom_ext(sctx, TEST_EXT_TYPE1, add_cb, free_cb, + &server, parse_cb, &server)) { + printf("Unexpected success adding duplicate extension (2)\n"); + goto end; + } + + if (tst == 1) { + /* Set up SNI */ + if (!SSL_CTX_set_tlsext_servername_callback(sctx, sni_cb) + || !SSL_CTX_set_tlsext_servername_arg(sctx, sctx2)) { + printf("Cannot set SNI callbacks\n"); + goto end; + } + } + + if (!create_ssl_objects(sctx, cctx, &serverssl, &clientssl, NULL, NULL) + || !create_ssl_connection(serverssl, clientssl)) { + printf("Cannot create SSL connection\n"); + goto end; + } + + if (clntaddcb != 1 + || clntparsecb != 1 + || srvaddcb != 1 + || srvparsecb != 1 + || (tst != 1 && snicb != 0) + || (tst == 1 && snicb != 1)) { + printf("Incorrect callback counts\n"); + goto end; + } + + sess = SSL_get1_session(clientssl); + SSL_shutdown(clientssl); + SSL_shutdown(serverssl); + SSL_free(serverssl); + SSL_free(clientssl); + serverssl = clientssl = NULL; + + if (tst == 1) { + /* We don't bother with the resumption aspects for this test */ + testresult = 1; + goto end; + } + + if (!create_ssl_objects(sctx, cctx, &serverssl, &clientssl, NULL, NULL) + || !SSL_set_session(clientssl, sess) + || !create_ssl_connection(serverssl, clientssl)) { + printf("Cannot create resumption connection\n"); + goto end; + } + + /* + * For a resumed session we expect to add the ClientHello extension but we + * should ignore it on the server side. + */ + if (clntaddcb != 2 + || clntparsecb != 1 + || srvaddcb != 1 + || srvparsecb != 1) { + printf("Incorrect resumption callback counts\n"); + goto end; + } + + testresult = 1; + +end: + SSL_SESSION_free(sess); + SSL_free(serverssl); + SSL_free(clientssl); + SSL_CTX_free(sctx2); + SSL_CTX_free(sctx); + SSL_CTX_free(cctx); + return testresult; +} + +int main(int argc, char *argv[]) +{ + BIO *err = NULL; + int testresult = 1; + + if (argc != 3) { + printf("Invalid argument count\n"); + return 1; + } + + cert = argv[1]; + privkey = argv[2]; + + err = BIO_new_fp(stderr, BIO_NOCLOSE | BIO_FP_TEXT); + + CRYPTO_set_mem_debug(1); + CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON); + + ADD_TEST(test_large_message_tls); + ADD_TEST(test_large_message_tls_read_ahead); +#ifndef OPENSSL_NO_DTLS + ADD_TEST(test_large_message_dtls); +#endif +#ifndef OPENSSL_NO_OCSP + ADD_TEST(test_tlsext_status_type); +#endif + ADD_TEST(test_session_with_only_int_cache); + ADD_TEST(test_session_with_only_ext_cache); + ADD_TEST(test_session_with_both_cache); + ADD_ALL_TESTS(test_ssl_set_bio, TOTAL_SSL_SET_BIO_TESTS); + ADD_TEST(test_ssl_bio_pop_next_bio); + ADD_TEST(test_ssl_bio_pop_ssl_bio); + ADD_TEST(test_ssl_bio_change_rbio); + ADD_TEST(test_ssl_bio_change_wbio); + ADD_ALL_TESTS(test_set_sigalgs, OSSL_NELEM(testsigalgs) * 2); + ADD_ALL_TESTS(test_custom_exts, 2); + + testresult = run_tests(argv[0]); + + bio_s_mempacket_test_free(); + +#ifndef OPENSSL_NO_CRYPTO_MDEBUG + if (CRYPTO_mem_leaks(err) <= 0) + testresult = 1; +#endif + BIO_free(err); + + if (!testresult) + printf("PASS\n"); + + return testresult; +} diff --git a/openssl-1.1.0h/test/sslcorrupttest.c b/openssl-1.1.0h/test/sslcorrupttest.c new file mode 100644 index 0000000..d584be3 --- /dev/null +++ b/openssl-1.1.0h/test/sslcorrupttest.c @@ -0,0 +1,283 @@ +/* + * Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#include "ssltestlib.h" +#include "testutil.h" + +static void copy_flags(BIO *bio) +{ + int flags; + BIO *next = BIO_next(bio); + + flags = BIO_test_flags(next, BIO_FLAGS_SHOULD_RETRY | BIO_FLAGS_RWS); + BIO_clear_flags(bio, BIO_FLAGS_SHOULD_RETRY | BIO_FLAGS_RWS); + BIO_set_flags(bio, flags); +} + +static int tls_corrupt_read(BIO *bio, char *out, int outl) +{ + int ret; + BIO *next = BIO_next(bio); + + ret = BIO_read(next, out, outl); + copy_flags(bio); + + return ret; +} + +static int tls_corrupt_write(BIO *bio, const char *in, int inl) +{ + int ret; + BIO *next = BIO_next(bio); + char *copy; + + if (in[0] == SSL3_RT_APPLICATION_DATA) { + copy = BUF_memdup(in, inl); + TEST_check(copy != NULL); + /* corrupt last bit of application data */ + copy[inl-1] ^= 1; + ret = BIO_write(next, copy, inl); + OPENSSL_free(copy); + } else { + ret = BIO_write(next, in, inl); + } + copy_flags(bio); + + return ret; +} + +static long tls_corrupt_ctrl(BIO *bio, int cmd, long num, void *ptr) +{ + long ret; + BIO *next = BIO_next(bio); + + if (next == NULL) + return 0; + + switch (cmd) { + case BIO_CTRL_DUP: + ret = 0L; + break; + default: + ret = BIO_ctrl(next, cmd, num, ptr); + break; + } + return ret; +} + +static int tls_corrupt_gets(BIO *bio, char *buf, int size) +{ + /* We don't support this - not needed anyway */ + return -1; +} + +static int tls_corrupt_puts(BIO *bio, const char *str) +{ + /* We don't support this - not needed anyway */ + return -1; +} + +static int tls_corrupt_new(BIO *bio) +{ + BIO_set_init(bio, 1); + + return 1; +} + +static int tls_corrupt_free(BIO *bio) +{ + BIO_set_init(bio, 0); + + return 1; +} + +#define BIO_TYPE_CUSTOM_FILTER (0x80 | BIO_TYPE_FILTER) + +static BIO_METHOD *method_tls_corrupt = NULL; + +/* Note: Not thread safe! */ +static const BIO_METHOD *bio_f_tls_corrupt_filter(void) +{ + if (method_tls_corrupt == NULL) { + method_tls_corrupt = BIO_meth_new(BIO_TYPE_CUSTOM_FILTER, + "TLS corrupt filter"); + if ( method_tls_corrupt == NULL + || !BIO_meth_set_write(method_tls_corrupt, tls_corrupt_write) + || !BIO_meth_set_read(method_tls_corrupt, tls_corrupt_read) + || !BIO_meth_set_puts(method_tls_corrupt, tls_corrupt_puts) + || !BIO_meth_set_gets(method_tls_corrupt, tls_corrupt_gets) + || !BIO_meth_set_ctrl(method_tls_corrupt, tls_corrupt_ctrl) + || !BIO_meth_set_create(method_tls_corrupt, tls_corrupt_new) + || !BIO_meth_set_destroy(method_tls_corrupt, tls_corrupt_free)) + return NULL; + } + return method_tls_corrupt; +} + +static void bio_f_tls_corrupt_filter_free(void) +{ + BIO_meth_free(method_tls_corrupt); +} + +/* + * The test is supposed to be executed with RSA key, customarily + * with apps/server.pem used even in other tests. For this reason + * |cipher_list| is initialized with RSA ciphers' names. This + * naturally means that if test is to be re-purposed for other + * type of key, then NID_auth_* filter below would need adjustment. + */ +static const char **cipher_list = NULL; + +static int setup_cipher_list() +{ + SSL_CTX *ctx = NULL; + SSL *ssl = NULL; + static STACK_OF(SSL_CIPHER) *sk_ciphers = NULL; + int i, numciphers; + + ctx = SSL_CTX_new(TLS_server_method()); + TEST_check(ctx != NULL); + ssl = SSL_new(ctx); + TEST_check(ssl != NULL); + sk_ciphers = SSL_get1_supported_ciphers(ssl); + TEST_check(sk_ciphers != NULL); + + /* + * The |cipher_list| will be filled only with names of RSA ciphers, + * so that some of the allocated space will be wasted, but the loss + * is deemed acceptable... + */ + cipher_list = OPENSSL_malloc(sk_SSL_CIPHER_num(sk_ciphers) * + sizeof(cipher_list[0])); + TEST_check(cipher_list != NULL); + + for (numciphers = 0, i = 0; i < sk_SSL_CIPHER_num(sk_ciphers); i++) { + const SSL_CIPHER *cipher = sk_SSL_CIPHER_value(sk_ciphers, i); + + if (SSL_CIPHER_get_auth_nid(cipher) == NID_auth_rsa) + cipher_list[numciphers++] = SSL_CIPHER_get_name(cipher); + } + TEST_check(numciphers != 0); + + sk_SSL_CIPHER_free(sk_ciphers); + SSL_free(ssl); + SSL_CTX_free(ctx); + + return numciphers; +} + +static char *cert = NULL; +static char *privkey = NULL; + +static int test_ssl_corrupt(int testidx) +{ + SSL_CTX *sctx = NULL, *cctx = NULL; + SSL *server = NULL, *client = NULL; + BIO *c_to_s_fbio; + int testresult = 0; + static unsigned char junk[16000] = { 0 }; + + printf("Starting Test %d, %s\n", testidx, cipher_list[testidx]); + + if (!create_ssl_ctx_pair(TLS_server_method(), TLS_client_method(), + TLS1_VERSION, TLS_MAX_VERSION, &sctx, &cctx, + cert, privkey)) { + printf("Unable to create SSL_CTX pair\n"); + return 0; + } + + if (!SSL_CTX_set_cipher_list(cctx, cipher_list[testidx])) { + printf("Failed setting cipher list\n"); + goto end; + } + + c_to_s_fbio = BIO_new(bio_f_tls_corrupt_filter()); + if (c_to_s_fbio == NULL) { + printf("Failed to create filter BIO\n"); + goto end; + } + + /* BIO is freed by create_ssl_connection on error */ + if (!create_ssl_objects(sctx, cctx, &server, &client, NULL, + c_to_s_fbio)) { + printf("Unable to create SSL objects\n"); + ERR_print_errors_fp(stdout); + goto end; + } + + if (!create_ssl_connection(server, client)) { + printf("Unable to create SSL connection\n"); + ERR_print_errors_fp(stdout); + goto end; + } + + if (SSL_write(client, junk, sizeof(junk)) < 0) { + printf("Unable to SSL_write\n"); + ERR_print_errors_fp(stdout); + goto end; + } + + if (SSL_read(server, junk, sizeof(junk)) >= 0) { + printf("Read should have failed with \"bad record mac\"\n"); + goto end; + } + + if (ERR_GET_REASON(ERR_peek_error()) != + SSL_R_DECRYPTION_FAILED_OR_BAD_RECORD_MAC) { + ERR_print_errors_fp(stdout); + goto end; + } + + testresult = 1; + end: + SSL_free(server); + SSL_free(client); + SSL_CTX_free(sctx); + SSL_CTX_free(cctx); + + return testresult; +} + +int main(int argc, char *argv[]) +{ + BIO *err = NULL; + int testresult = 1; + + if (argc != 3) { + printf("Invalid argument count\n"); + return 1; + } + + cert = argv[1]; + privkey = argv[2]; + + err = BIO_new_fp(stderr, BIO_NOCLOSE | BIO_FP_TEXT); + + CRYPTO_set_mem_debug(1); + CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON); + + ADD_ALL_TESTS(test_ssl_corrupt, setup_cipher_list()); + + testresult = run_tests(argv[0]); + + bio_f_tls_corrupt_filter_free(); + + OPENSSL_free(cipher_list); + +#ifndef OPENSSL_NO_CRYPTO_MDEBUG + if (CRYPTO_mem_leaks(err) <= 0) + testresult = 1; +#endif + BIO_free(err); + + if (!testresult) + printf("PASS\n"); + + return testresult; +} diff --git a/openssl-1.1.0h/test/ssltest_old.c b/openssl-1.1.0h/test/ssltest_old.c new file mode 100644 index 0000000..e77c692 --- /dev/null +++ b/openssl-1.1.0h/test/ssltest_old.c @@ -0,0 +1,3210 @@ +/* + * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +/* ==================================================================== + * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED. + * ECC cipher suite support in OpenSSL originally developed by + * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project. + */ +/* ==================================================================== + * Copyright 2005 Nokia. All rights reserved. + * + * The portions of the attached software ("Contribution") is developed by + * Nokia Corporation and is licensed pursuant to the OpenSSL open source + * license. + * + * The Contribution, originally written by Mika Kousa and Pasi Eronen of + * Nokia Corporation, consists of the "PSK" (Pre-Shared Key) ciphersuites + * support (see RFC 4279) to OpenSSL. + * + * No patent licenses or other rights except those expressly stated in + * the OpenSSL open source license shall be deemed granted or received + * expressly, by implication, estoppel, or otherwise. + * + * No assurances are provided by Nokia that the Contribution does not + * infringe the patent or other intellectual property rights of any third + * party or that the license provides you with all the necessary rights + * to make use of the Contribution. + * + * THE SOFTWARE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. IN + * ADDITION TO THE DISCLAIMERS INCLUDED IN THE LICENSE, NOKIA + * SPECIFICALLY DISCLAIMS ANY LIABILITY FOR CLAIMS BROUGHT BY YOU OR ANY + * OTHER ENTITY BASED ON INFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS OR + * OTHERWISE. + */ + +/* Or gethostname won't be declared properly on Linux and GNU platforms. */ +#ifndef _BSD_SOURCE +# define _BSD_SOURCE 1 +#endif +#ifndef _DEFAULT_SOURCE +# define _DEFAULT_SOURCE 1 +#endif + +#include +#include +#include +#include +#include +#include +#include + +#define USE_SOCKETS +#include "e_os.h" + +#ifdef OPENSSL_SYS_VMS +/* + * Or isascii won't be declared properly on VMS (at least with DECompHP C). + */ +# define _XOPEN_SOURCE 500 +#endif + +#include + +#include +#include +#include +#include +#include +#include +#include +#include +#ifndef OPENSSL_NO_RSA +# include +#endif +#ifndef OPENSSL_NO_DSA +# include +#endif +#ifndef OPENSSL_NO_DH +# include +#endif +#ifndef OPENSSL_NO_SRP +# include +#endif +#include +#ifndef OPENSSL_NO_CT +# include +#endif + +/* + * Or gethostname won't be declared properly + * on Compaq platforms (at least with DEC C). + * Do not try to put it earlier, or IPv6 includes + * get screwed... + */ +#define _XOPEN_SOURCE_EXTENDED 1 + +#ifdef OPENSSL_SYS_WINDOWS +# include +#else +# include OPENSSL_UNISTD +#endif + +static SSL_CTX *s_ctx = NULL; +static SSL_CTX *s_ctx2 = NULL; + +/* + * There is really no standard for this, so let's assign something + * only for this test + */ +#define COMP_ZLIB 1 + +static int verify_callback(int ok, X509_STORE_CTX *ctx); +static int app_verify_callback(X509_STORE_CTX *ctx, void *arg); +#define APP_CALLBACK_STRING "Test Callback Argument" +struct app_verify_arg { + char *string; + int app_verify; +}; + +#ifndef OPENSSL_NO_DH +static DH *get_dh512(void); +static DH *get_dh1024(void); +static DH *get_dh1024dsa(void); +#endif + +static char *psk_key = NULL; /* by default PSK is not used */ +#ifndef OPENSSL_NO_PSK +static unsigned int psk_client_callback(SSL *ssl, const char *hint, + char *identity, + unsigned int max_identity_len, + unsigned char *psk, + unsigned int max_psk_len); +static unsigned int psk_server_callback(SSL *ssl, const char *identity, + unsigned char *psk, + unsigned int max_psk_len); +#endif + +#ifndef OPENSSL_NO_SRP +/* SRP client */ +/* This is a context that we pass to all callbacks */ +typedef struct srp_client_arg_st { + char *srppassin; + char *srplogin; +} SRP_CLIENT_ARG; + +# define PWD_STRLEN 1024 + +static char *ssl_give_srp_client_pwd_cb(SSL *s, void *arg) +{ + SRP_CLIENT_ARG *srp_client_arg = (SRP_CLIENT_ARG *)arg; + return OPENSSL_strdup((char *)srp_client_arg->srppassin); +} + +/* SRP server */ +/* This is a context that we pass to SRP server callbacks */ +typedef struct srp_server_arg_st { + char *expected_user; + char *pass; +} SRP_SERVER_ARG; + +static int ssl_srp_server_param_cb(SSL *s, int *ad, void *arg) +{ + SRP_SERVER_ARG *p = (SRP_SERVER_ARG *)arg; + + if (strcmp(p->expected_user, SSL_get_srp_username(s)) != 0) { + fprintf(stderr, "User %s doesn't exist\n", SSL_get_srp_username(s)); + return SSL3_AL_FATAL; + } + if (SSL_set_srp_server_param_pw(s, p->expected_user, p->pass, "1024") < 0) { + *ad = SSL_AD_INTERNAL_ERROR; + return SSL3_AL_FATAL; + } + return SSL_ERROR_NONE; +} +#endif + +static BIO *bio_err = NULL; +static BIO *bio_stdout = NULL; + +#ifndef OPENSSL_NO_NEXTPROTONEG +/* Note that this code assumes that this is only a one element list: */ +static const char NEXT_PROTO_STRING[] = "\x09testproto"; +static int npn_client = 0; +static int npn_server = 0; +static int npn_server_reject = 0; + +static int cb_client_npn(SSL *s, unsigned char **out, unsigned char *outlen, + const unsigned char *in, unsigned int inlen, + void *arg) +{ + /* + * This callback only returns the protocol string, rather than a length + * prefixed set. We assume that NEXT_PROTO_STRING is a one element list + * and remove the first byte to chop off the length prefix. + */ + *out = (unsigned char *)NEXT_PROTO_STRING + 1; + *outlen = sizeof(NEXT_PROTO_STRING) - 2; + return SSL_TLSEXT_ERR_OK; +} + +static int cb_server_npn(SSL *s, const unsigned char **data, + unsigned int *len, void *arg) +{ + *data = (const unsigned char *)NEXT_PROTO_STRING; + *len = sizeof(NEXT_PROTO_STRING) - 1; + return SSL_TLSEXT_ERR_OK; +} + +static int cb_server_rejects_npn(SSL *s, const unsigned char **data, + unsigned int *len, void *arg) +{ + return SSL_TLSEXT_ERR_NOACK; +} + +static int verify_npn(SSL *client, SSL *server) +{ + const unsigned char *client_s; + unsigned client_len; + const unsigned char *server_s; + unsigned server_len; + + SSL_get0_next_proto_negotiated(client, &client_s, &client_len); + SSL_get0_next_proto_negotiated(server, &server_s, &server_len); + + if (client_len) { + BIO_printf(bio_stdout, "Client NPN: "); + BIO_write(bio_stdout, client_s, client_len); + BIO_printf(bio_stdout, "\n"); + } + + if (server_len) { + BIO_printf(bio_stdout, "Server NPN: "); + BIO_write(bio_stdout, server_s, server_len); + BIO_printf(bio_stdout, "\n"); + } + + /* + * If an NPN string was returned, it must be the protocol that we + * expected to negotiate. + */ + if (client_len && (client_len != sizeof(NEXT_PROTO_STRING) - 2 || + memcmp(client_s, NEXT_PROTO_STRING + 1, client_len))) + return -1; + if (server_len && (server_len != sizeof(NEXT_PROTO_STRING) - 2 || + memcmp(server_s, NEXT_PROTO_STRING + 1, server_len))) + return -1; + + if (!npn_client && client_len) + return -1; + if (!npn_server && server_len) + return -1; + if (npn_server_reject && server_len) + return -1; + if (npn_client && npn_server && (!client_len || !server_len)) + return -1; + + return 0; +} +#endif + +static const char *alpn_client; +static char *alpn_server; +static char *alpn_server2; +static const char *alpn_expected; +static unsigned char *alpn_selected; +static const char *server_min_proto; +static const char *server_max_proto; +static const char *client_min_proto; +static const char *client_max_proto; +static const char *should_negotiate; +static const char *sn_client; +static const char *sn_server1; +static const char *sn_server2; +static int sn_expect = 0; +static const char *server_sess_out; +static const char *server_sess_in; +static const char *client_sess_out; +static const char *client_sess_in; +static SSL_SESSION *server_sess; +static SSL_SESSION *client_sess; + +static int servername_cb(SSL *s, int *ad, void *arg) +{ + const char *servername = SSL_get_servername(s, TLSEXT_NAMETYPE_host_name); + if (sn_server2 == NULL) { + BIO_printf(bio_stdout, "Servername 2 is NULL\n"); + return SSL_TLSEXT_ERR_NOACK; + } + + if (servername) { + if (s_ctx2 != NULL && sn_server2 != NULL && + !strcasecmp(servername, sn_server2)) { + BIO_printf(bio_stdout, "Switching server context.\n"); + SSL_set_SSL_CTX(s, s_ctx2); + } + } + return SSL_TLSEXT_ERR_OK; +} +static int verify_servername(SSL *client, SSL *server) +{ + /* just need to see if sn_context is what we expect */ + SSL_CTX* ctx = SSL_get_SSL_CTX(server); + if (sn_expect == 0) + return 0; + if (sn_expect == 1 && ctx == s_ctx) + return 0; + if (sn_expect == 2 && ctx == s_ctx2) + return 0; + BIO_printf(bio_stdout, "Servername: expected context %d\n", sn_expect); + if (ctx == s_ctx2) + BIO_printf(bio_stdout, "Servername: context is 2\n"); + else if (ctx == s_ctx) + BIO_printf(bio_stdout, "Servername: context is 1\n"); + else + BIO_printf(bio_stdout, "Servername: context is unknown\n"); + return -1; +} + + +/*- + * next_protos_parse parses a comma separated list of strings into a string + * in a format suitable for passing to SSL_CTX_set_next_protos_advertised. + * outlen: (output) set to the length of the resulting buffer on success. + * in: a NUL terminated string like "abc,def,ghi" + * + * returns: a malloced buffer or NULL on failure. + */ +static unsigned char *next_protos_parse(size_t *outlen, + const char *in) +{ + size_t len; + unsigned char *out; + size_t i, start = 0; + + len = strlen(in); + if (len >= 65535) + return NULL; + + out = OPENSSL_malloc(strlen(in) + 1); + if (!out) + return NULL; + + for (i = 0; i <= len; ++i) { + if (i == len || in[i] == ',') { + if (i - start > 255) { + OPENSSL_free(out); + return NULL; + } + out[start] = i - start; + start = i + 1; + } else + out[i + 1] = in[i]; + } + + *outlen = len + 1; + return out; +} + +static int cb_server_alpn(SSL *s, const unsigned char **out, + unsigned char *outlen, const unsigned char *in, + unsigned int inlen, void *arg) +{ + unsigned char *protos; + size_t protos_len; + char* alpn_str = arg; + + protos = next_protos_parse(&protos_len, alpn_str); + if (protos == NULL) { + fprintf(stderr, "failed to parser ALPN server protocol string: %s\n", + alpn_str); + abort(); + } + + if (SSL_select_next_proto + ((unsigned char **)out, outlen, protos, protos_len, in, + inlen) != OPENSSL_NPN_NEGOTIATED) { + OPENSSL_free(protos); + return SSL_TLSEXT_ERR_NOACK; + } + + /* + * Make a copy of the selected protocol which will be freed in + * verify_alpn. + */ + alpn_selected = OPENSSL_malloc(*outlen); + memcpy(alpn_selected, *out, *outlen); + *out = alpn_selected; + + OPENSSL_free(protos); + return SSL_TLSEXT_ERR_OK; +} + +static int verify_alpn(SSL *client, SSL *server) +{ + const unsigned char *client_proto, *server_proto; + unsigned int client_proto_len = 0, server_proto_len = 0; + SSL_get0_alpn_selected(client, &client_proto, &client_proto_len); + SSL_get0_alpn_selected(server, &server_proto, &server_proto_len); + + OPENSSL_free(alpn_selected); + alpn_selected = NULL; + + if (client_proto_len != server_proto_len) { + BIO_printf(bio_stdout, "ALPN selected protocols differ!\n"); + goto err; + } + + if (client_proto != NULL && + memcmp(client_proto, server_proto, client_proto_len) != 0) { + BIO_printf(bio_stdout, "ALPN selected protocols differ!\n"); + goto err; + } + + if (client_proto_len > 0 && alpn_expected == NULL) { + BIO_printf(bio_stdout, "ALPN unexpectedly negotiated\n"); + goto err; + } + + if (alpn_expected != NULL && + (client_proto_len != strlen(alpn_expected) || + memcmp(client_proto, alpn_expected, client_proto_len) != 0)) { + BIO_printf(bio_stdout, + "ALPN selected protocols not equal to expected protocol: %s\n", + alpn_expected); + goto err; + } + + return 0; + + err: + BIO_printf(bio_stdout, "ALPN results: client: '"); + BIO_write(bio_stdout, client_proto, client_proto_len); + BIO_printf(bio_stdout, "', server: '"); + BIO_write(bio_stdout, server_proto, server_proto_len); + BIO_printf(bio_stdout, "'\n"); + BIO_printf(bio_stdout, "ALPN configured: client: '%s', server: '", + alpn_client); + if (SSL_get_SSL_CTX(server) == s_ctx2) { + BIO_printf(bio_stdout, "%s'\n", + alpn_server2); + } else { + BIO_printf(bio_stdout, "%s'\n", + alpn_server); + } + return -1; +} + +/* + * WARNING : below extension types are *NOT* IETF assigned, and could + * conflict if these types are reassigned and handled specially by OpenSSL + * in the future + */ +#define TACK_EXT_TYPE 62208 +#define CUSTOM_EXT_TYPE_0 1000 +#define CUSTOM_EXT_TYPE_1 1001 +#define CUSTOM_EXT_TYPE_2 1002 +#define CUSTOM_EXT_TYPE_3 1003 + +static const char custom_ext_cli_string[] = "abc"; +static const char custom_ext_srv_string[] = "defg"; + +/* These set from cmdline */ +static char *serverinfo_file = NULL; +static int serverinfo_sct = 0; +static int serverinfo_tack = 0; + +/* These set based on extension callbacks */ +static int serverinfo_sct_seen = 0; +static int serverinfo_tack_seen = 0; +static int serverinfo_other_seen = 0; + +/* This set from cmdline */ +static int custom_ext = 0; + +/* This set based on extension callbacks */ +static int custom_ext_error = 0; + +static int serverinfo_cli_parse_cb(SSL *s, unsigned int ext_type, + const unsigned char *in, size_t inlen, + int *al, void *arg) +{ + if (ext_type == TLSEXT_TYPE_signed_certificate_timestamp) + serverinfo_sct_seen++; + else if (ext_type == TACK_EXT_TYPE) + serverinfo_tack_seen++; + else + serverinfo_other_seen++; + return 1; +} + +static int verify_serverinfo() +{ + if (serverinfo_sct != serverinfo_sct_seen) + return -1; + if (serverinfo_tack != serverinfo_tack_seen) + return -1; + if (serverinfo_other_seen) + return -1; + return 0; +} + +/*- + * Four test cases for custom extensions: + * 0 - no ClientHello extension or ServerHello response + * 1 - ClientHello with "abc", no response + * 2 - ClientHello with "abc", empty response + * 3 - ClientHello with "abc", "defg" response + */ + +static int custom_ext_0_cli_add_cb(SSL *s, unsigned int ext_type, + const unsigned char **out, + size_t *outlen, int *al, void *arg) +{ + if (ext_type != CUSTOM_EXT_TYPE_0) + custom_ext_error = 1; + return 0; /* Don't send an extension */ +} + +static int custom_ext_0_cli_parse_cb(SSL *s, unsigned int ext_type, + const unsigned char *in, + size_t inlen, int *al, void *arg) +{ + return 1; +} + +static int custom_ext_1_cli_add_cb(SSL *s, unsigned int ext_type, + const unsigned char **out, + size_t *outlen, int *al, void *arg) +{ + if (ext_type != CUSTOM_EXT_TYPE_1) + custom_ext_error = 1; + *out = (const unsigned char *)custom_ext_cli_string; + *outlen = strlen(custom_ext_cli_string); + return 1; /* Send "abc" */ +} + +static int custom_ext_1_cli_parse_cb(SSL *s, unsigned int ext_type, + const unsigned char *in, + size_t inlen, int *al, void *arg) +{ + return 1; +} + +static int custom_ext_2_cli_add_cb(SSL *s, unsigned int ext_type, + const unsigned char **out, + size_t *outlen, int *al, void *arg) +{ + if (ext_type != CUSTOM_EXT_TYPE_2) + custom_ext_error = 1; + *out = (const unsigned char *)custom_ext_cli_string; + *outlen = strlen(custom_ext_cli_string); + return 1; /* Send "abc" */ +} + +static int custom_ext_2_cli_parse_cb(SSL *s, unsigned int ext_type, + const unsigned char *in, + size_t inlen, int *al, void *arg) +{ + if (ext_type != CUSTOM_EXT_TYPE_2) + custom_ext_error = 1; + if (inlen != 0) + custom_ext_error = 1; /* Should be empty response */ + return 1; +} + +static int custom_ext_3_cli_add_cb(SSL *s, unsigned int ext_type, + const unsigned char **out, + size_t *outlen, int *al, void *arg) +{ + if (ext_type != CUSTOM_EXT_TYPE_3) + custom_ext_error = 1; + *out = (const unsigned char *)custom_ext_cli_string; + *outlen = strlen(custom_ext_cli_string); + return 1; /* Send "abc" */ +} + +static int custom_ext_3_cli_parse_cb(SSL *s, unsigned int ext_type, + const unsigned char *in, + size_t inlen, int *al, void *arg) +{ + if (ext_type != CUSTOM_EXT_TYPE_3) + custom_ext_error = 1; + if (inlen != strlen(custom_ext_srv_string)) + custom_ext_error = 1; + if (memcmp(custom_ext_srv_string, in, inlen) != 0) + custom_ext_error = 1; /* Check for "defg" */ + return 1; +} + +/* + * custom_ext_0_cli_add_cb returns 0 - the server won't receive a callback + * for this extension + */ +static int custom_ext_0_srv_parse_cb(SSL *s, unsigned int ext_type, + const unsigned char *in, + size_t inlen, int *al, void *arg) +{ + custom_ext_error = 1; + return 1; +} + +/* 'add' callbacks are only called if the 'parse' callback is called */ +static int custom_ext_0_srv_add_cb(SSL *s, unsigned int ext_type, + const unsigned char **out, + size_t *outlen, int *al, void *arg) +{ + /* Error: should not have been called */ + custom_ext_error = 1; + return 0; /* Don't send an extension */ +} + +static int custom_ext_1_srv_parse_cb(SSL *s, unsigned int ext_type, + const unsigned char *in, + size_t inlen, int *al, void *arg) +{ + if (ext_type != CUSTOM_EXT_TYPE_1) + custom_ext_error = 1; + /* Check for "abc" */ + if (inlen != strlen(custom_ext_cli_string)) + custom_ext_error = 1; + if (memcmp(in, custom_ext_cli_string, inlen) != 0) + custom_ext_error = 1; + return 1; +} + +static int custom_ext_1_srv_add_cb(SSL *s, unsigned int ext_type, + const unsigned char **out, + size_t *outlen, int *al, void *arg) +{ + return 0; /* Don't send an extension */ +} + +static int custom_ext_2_srv_parse_cb(SSL *s, unsigned int ext_type, + const unsigned char *in, + size_t inlen, int *al, void *arg) +{ + if (ext_type != CUSTOM_EXT_TYPE_2) + custom_ext_error = 1; + /* Check for "abc" */ + if (inlen != strlen(custom_ext_cli_string)) + custom_ext_error = 1; + if (memcmp(in, custom_ext_cli_string, inlen) != 0) + custom_ext_error = 1; + return 1; +} + +static int custom_ext_2_srv_add_cb(SSL *s, unsigned int ext_type, + const unsigned char **out, + size_t *outlen, int *al, void *arg) +{ + *out = NULL; + *outlen = 0; + return 1; /* Send empty extension */ +} + +static int custom_ext_3_srv_parse_cb(SSL *s, unsigned int ext_type, + const unsigned char *in, + size_t inlen, int *al, void *arg) +{ + if (ext_type != CUSTOM_EXT_TYPE_3) + custom_ext_error = 1; + /* Check for "abc" */ + if (inlen != strlen(custom_ext_cli_string)) + custom_ext_error = 1; + if (memcmp(in, custom_ext_cli_string, inlen) != 0) + custom_ext_error = 1; + return 1; +} + +static int custom_ext_3_srv_add_cb(SSL *s, unsigned int ext_type, + const unsigned char **out, + size_t *outlen, int *al, void *arg) +{ + *out = (const unsigned char *)custom_ext_srv_string; + *outlen = strlen(custom_ext_srv_string); + return 1; /* Send "defg" */ +} + +static char *cipher = NULL; +static int verbose = 0; +static int debug = 0; +static const char rnd_seed[] = + "string to make the random number generator think it has entropy"; + +int doit_localhost(SSL *s_ssl, SSL *c_ssl, int family, + long bytes, clock_t *s_time, clock_t *c_time); +int doit_biopair(SSL *s_ssl, SSL *c_ssl, long bytes, clock_t *s_time, + clock_t *c_time); +int doit(SSL *s_ssl, SSL *c_ssl, long bytes); + +static void sv_usage(void) +{ + fprintf(stderr, "usage: ssltest [args ...]\n"); + fprintf(stderr, "\n"); +#ifdef OPENSSL_FIPS + fprintf(stderr, "-F - run test in FIPS mode\n"); +#endif + fprintf(stderr, " -server_auth - check server certificate\n"); + fprintf(stderr, " -client_auth - do client authentication\n"); + fprintf(stderr, " -v - more output\n"); + fprintf(stderr, " -d - debug output\n"); + fprintf(stderr, " -reuse - use session-id reuse\n"); + fprintf(stderr, " -num - number of connections to perform\n"); + fprintf(stderr, + " -bytes - number of bytes to swap between client/server\n"); +#ifndef OPENSSL_NO_DH + fprintf(stderr, + " -dhe512 - use 512 bit key for DHE (to test failure)\n"); + fprintf(stderr, + " -dhe1024 - use 1024 bit key (safe prime) for DHE (default, no-op)\n"); + fprintf(stderr, + " -dhe1024dsa - use 1024 bit key (with 160-bit subprime) for DHE\n"); + fprintf(stderr, " -no_dhe - disable DHE\n"); +#endif +#ifndef OPENSSL_NO_EC + fprintf(stderr, " -no_ecdhe - disable ECDHE\nTODO(openssl-team): no_ecdhe was broken by auto ecdh. Make this work again.\n"); +#endif +#ifndef OPENSSL_NO_PSK + fprintf(stderr, " -psk arg - PSK in hex (without 0x)\n"); +#endif +#ifndef OPENSSL_NO_SRP + fprintf(stderr, " -srpuser user - SRP username to use\n"); + fprintf(stderr, " -srppass arg - password for 'user'\n"); +#endif +#ifndef OPENSSL_NO_SSL3 + fprintf(stderr, " -ssl3 - use SSLv3\n"); +#endif +#ifndef OPENSSL_NO_TLS1 + fprintf(stderr, " -tls1 - use TLSv1\n"); +#endif +#ifndef OPENSSL_NO_DTLS + fprintf(stderr, " -dtls - use DTLS\n"); +#ifndef OPENSSL_NO_DTLS1 + fprintf(stderr, " -dtls1 - use DTLSv1\n"); +#endif +#ifndef OPENSSL_NO_DTLS1_2 + fprintf(stderr, " -dtls12 - use DTLSv1.2\n"); +#endif +#endif + fprintf(stderr, " -CApath arg - PEM format directory of CA's\n"); + fprintf(stderr, " -CAfile arg - PEM format file of CA's\n"); + fprintf(stderr, " -cert arg - Server certificate file\n"); + fprintf(stderr, + " -key arg - Server key file (default: same as -cert)\n"); + fprintf(stderr, " -c_cert arg - Client certificate file\n"); + fprintf(stderr, + " -c_key arg - Client key file (default: same as -c_cert)\n"); + fprintf(stderr, " -cipher arg - The cipher list\n"); + fprintf(stderr, " -bio_pair - Use BIO pairs\n"); + fprintf(stderr, " -ipv4 - Use IPv4 connection on localhost\n"); + fprintf(stderr, " -ipv6 - Use IPv6 connection on localhost\n"); + fprintf(stderr, " -f - Test even cases that can't work\n"); + fprintf(stderr, + " -time - measure processor time used by client and server\n"); + fprintf(stderr, " -zlib - use zlib compression\n"); +#ifndef OPENSSL_NO_NEXTPROTONEG + fprintf(stderr, " -npn_client - have client side offer NPN\n"); + fprintf(stderr, " -npn_server - have server side offer NPN\n"); + fprintf(stderr, " -npn_server_reject - have server reject NPN\n"); +#endif + fprintf(stderr, " -serverinfo_file file - have server use this file\n"); + fprintf(stderr, " -serverinfo_sct - have client offer and expect SCT\n"); + fprintf(stderr, + " -serverinfo_tack - have client offer and expect TACK\n"); + fprintf(stderr, + " -custom_ext - try various custom extension callbacks\n"); + fprintf(stderr, " -alpn_client - have client side offer ALPN\n"); + fprintf(stderr, " -alpn_server - have server side offer ALPN\n"); + fprintf(stderr, " -alpn_server1 - alias for -alpn_server\n"); + fprintf(stderr, " -alpn_server2 - have server side context 2 offer ALPN\n"); + fprintf(stderr, + " -alpn_expected - the ALPN protocol that should be negotiated\n"); + fprintf(stderr, " -server_min_proto - Minimum version the server should support\n"); + fprintf(stderr, " -server_max_proto - Maximum version the server should support\n"); + fprintf(stderr, " -client_min_proto - Minimum version the client should support\n"); + fprintf(stderr, " -client_max_proto - Maximum version the client should support\n"); + fprintf(stderr, " -should_negotiate - The version that should be negotiated, fail-client or fail-server\n"); +#ifndef OPENSSL_NO_CT + fprintf(stderr, " -noct - no certificate transparency\n"); + fprintf(stderr, " -requestct - request certificate transparency\n"); + fprintf(stderr, " -requirect - require certificate transparency\n"); +#endif + fprintf(stderr, " -sn_client - have client request this servername\n"); + fprintf(stderr, " -sn_server1 - have server context 1 respond to this servername\n"); + fprintf(stderr, " -sn_server2 - have server context 2 respond to this servername\n"); + fprintf(stderr, " -sn_expect1 - expected server 1\n"); + fprintf(stderr, " -sn_expect2 - expected server 2\n"); + fprintf(stderr, " -server_sess_out - Save the server session to a file\n"); + fprintf(stderr, " -server_sess_in - Read the server session from a file\n"); + fprintf(stderr, " -client_sess_out - Save the client session to a file\n"); + fprintf(stderr, " -client_sess_in - Read the client session from a file\n"); + fprintf(stderr, " -should_reuse - The expected state of reusing the session\n"); + fprintf(stderr, " -no_ticket - do not issue TLS session ticket\n"); +} + +static void print_key_details(BIO *out, EVP_PKEY *key) +{ + int keyid = EVP_PKEY_id(key); +#ifndef OPENSSL_NO_EC + if (keyid == EVP_PKEY_EC) { + EC_KEY *ec = EVP_PKEY_get1_EC_KEY(key); + int nid; + const char *cname; + nid = EC_GROUP_get_curve_name(EC_KEY_get0_group(ec)); + EC_KEY_free(ec); + cname = EC_curve_nid2nist(nid); + if (!cname) + cname = OBJ_nid2sn(nid); + BIO_printf(out, "%d bits EC (%s)", EVP_PKEY_bits(key), cname); + } else +#endif + { + const char *algname; + switch (keyid) { + case EVP_PKEY_RSA: + algname = "RSA"; + break; + case EVP_PKEY_DSA: + algname = "DSA"; + break; + case EVP_PKEY_DH: + algname = "DH"; + break; + default: + algname = OBJ_nid2sn(keyid); + break; + } + BIO_printf(out, "%d bits %s", EVP_PKEY_bits(key), algname); + } +} + +static void print_details(SSL *c_ssl, const char *prefix) +{ + const SSL_CIPHER *ciph; + int mdnid; + X509 *cert; + EVP_PKEY *pkey; + + ciph = SSL_get_current_cipher(c_ssl); + BIO_printf(bio_stdout, "%s%s, cipher %s %s", + prefix, + SSL_get_version(c_ssl), + SSL_CIPHER_get_version(ciph), SSL_CIPHER_get_name(ciph)); + cert = SSL_get_peer_certificate(c_ssl); + if (cert != NULL) { + EVP_PKEY* pubkey = X509_get0_pubkey(cert); + + if (pubkey != NULL) { + BIO_puts(bio_stdout, ", "); + print_key_details(bio_stdout, pubkey); + } + X509_free(cert); + } + if (SSL_get_server_tmp_key(c_ssl, &pkey)) { + BIO_puts(bio_stdout, ", temp key: "); + print_key_details(bio_stdout, pkey); + EVP_PKEY_free(pkey); + } + if (SSL_get_peer_signature_nid(c_ssl, &mdnid)) + BIO_printf(bio_stdout, ", digest=%s", OBJ_nid2sn(mdnid)); + BIO_printf(bio_stdout, "\n"); +} + +/* + * protocol_from_string - converts a protocol version string to a number + * + * Returns -1 on failure or the version on success + */ +static int protocol_from_string(const char *value) +{ + struct protocol_versions { + const char *name; + int version; + }; + static const struct protocol_versions versions[] = { + {"ssl3", SSL3_VERSION}, + {"tls1", TLS1_VERSION}, + {"tls1.1", TLS1_1_VERSION}, + {"tls1.2", TLS1_2_VERSION}, + {"dtls1", DTLS1_VERSION}, + {"dtls1.2", DTLS1_2_VERSION}}; + size_t i; + size_t n = OSSL_NELEM(versions); + + for (i = 0; i < n; i++) + if (strcmp(versions[i].name, value) == 0) + return versions[i].version; + return -1; +} + +static SSL_SESSION *read_session(const char *filename) +{ + SSL_SESSION *sess; + BIO *f = BIO_new_file(filename, "r"); + + if (f == NULL) { + BIO_printf(bio_err, "Can't open session file %s\n", filename); + ERR_print_errors(bio_err); + return NULL; + } + sess = PEM_read_bio_SSL_SESSION(f, NULL, 0, NULL); + if (sess == NULL) { + BIO_printf(bio_err, "Can't parse session file %s\n", filename); + ERR_print_errors(bio_err); + } + BIO_free(f); + return sess; +} + +static int write_session(const char *filename, SSL_SESSION *sess) +{ + BIO *f = BIO_new_file(filename, "w"); + + if (sess == NULL) { + BIO_printf(bio_err, "No session information\n"); + return 0; + } + if (f == NULL) { + BIO_printf(bio_err, "Can't open session file %s\n", filename); + ERR_print_errors(bio_err); + return 0; + } + PEM_write_bio_SSL_SESSION(f, sess); + BIO_free(f); + return 1; +} + +/* + * set_protocol_version - Sets protocol version minimum or maximum + * + * Returns 0 on failure and 1 on success + */ +static int set_protocol_version(const char *version, SSL *ssl, int setting) +{ + if (version != NULL) { + int ver = protocol_from_string(version); + if (ver < 0) { + BIO_printf(bio_err, "Error parsing: %s\n", version); + return 0; + } + return SSL_ctrl(ssl, setting, ver, NULL); + } + return 1; +} + +int main(int argc, char *argv[]) +{ + const char *CApath = NULL, *CAfile = NULL; + int badop = 0; + enum { BIO_MEM, BIO_PAIR, BIO_IPV4, BIO_IPV6 } bio_type = BIO_MEM; + int force = 0; + int dtls1 = 0, dtls12 = 0, dtls = 0, tls1 = 0, ssl3 = 0, ret = 1; + int client_auth = 0; + int server_auth = 0, i; + struct app_verify_arg app_verify_arg = + { APP_CALLBACK_STRING, 0 }; + char *p; + SSL_CTX *c_ctx = NULL; + const SSL_METHOD *meth = NULL; + SSL *c_ssl, *s_ssl; + int number = 1, reuse = 0; + int should_reuse = -1; + int no_ticket = 0; + long bytes = 256L; +#ifndef OPENSSL_NO_DH + DH *dh; + int dhe512 = 0, dhe1024dsa = 0; +#endif +#ifndef OPENSSL_NO_SRP + /* client */ + SRP_CLIENT_ARG srp_client_arg = { NULL, NULL }; + /* server */ + SRP_SERVER_ARG srp_server_arg = { NULL, NULL }; +#endif + int no_dhe = 0; + int no_psk = 0; + int print_time = 0; + clock_t s_time = 0, c_time = 0; +#ifndef OPENSSL_NO_COMP + int n, comp = 0; + COMP_METHOD *cm = NULL; + STACK_OF(SSL_COMP) *ssl_comp_methods = NULL; +#endif +#ifdef OPENSSL_FIPS + int fips_mode = 0; +#endif + int no_protocol; + int min_version = 0, max_version = 0; +#ifndef OPENSSL_NO_CT + /* + * Disable CT validation by default, because it will interfere with + * anything using custom extension handlers to deal with SCT extensions. + */ + int ct_validation = 0; +#endif + SSL_CONF_CTX *s_cctx = NULL, *c_cctx = NULL, *s_cctx2 = NULL; + STACK_OF(OPENSSL_STRING) *conf_args = NULL; + char *arg = NULL, *argn = NULL; + + verbose = 0; + debug = 0; + cipher = 0; + + bio_err = BIO_new_fp(stderr, BIO_NOCLOSE | BIO_FP_TEXT); + + p = getenv("OPENSSL_DEBUG_MEMORY"); + if (p != NULL && strcmp(p, "on") == 0) + CRYPTO_set_mem_debug(1); + CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON); + + RAND_seed(rnd_seed, sizeof(rnd_seed)); + + bio_stdout = BIO_new_fp(stdout, BIO_NOCLOSE | BIO_FP_TEXT); + + s_cctx = SSL_CONF_CTX_new(); + s_cctx2 = SSL_CONF_CTX_new(); + c_cctx = SSL_CONF_CTX_new(); + + if (!s_cctx || !c_cctx || !s_cctx2) { + ERR_print_errors(bio_err); + goto end; + } + + SSL_CONF_CTX_set_flags(s_cctx, + SSL_CONF_FLAG_CMDLINE | SSL_CONF_FLAG_SERVER | + SSL_CONF_FLAG_CERTIFICATE | + SSL_CONF_FLAG_REQUIRE_PRIVATE); + SSL_CONF_CTX_set_flags(s_cctx2, + SSL_CONF_FLAG_CMDLINE | SSL_CONF_FLAG_SERVER | + SSL_CONF_FLAG_CERTIFICATE | + SSL_CONF_FLAG_REQUIRE_PRIVATE); + if (!SSL_CONF_CTX_set1_prefix(s_cctx, "-s_")) { + ERR_print_errors(bio_err); + goto end; + } + if (!SSL_CONF_CTX_set1_prefix(s_cctx2, "-s_")) { + ERR_print_errors(bio_err); + goto end; + } + + SSL_CONF_CTX_set_flags(c_cctx, + SSL_CONF_FLAG_CMDLINE | SSL_CONF_FLAG_CLIENT | + SSL_CONF_FLAG_CERTIFICATE | + SSL_CONF_FLAG_REQUIRE_PRIVATE); + if (!SSL_CONF_CTX_set1_prefix(c_cctx, "-c_")) { + ERR_print_errors(bio_err); + goto end; + } + + argc--; + argv++; + + while (argc >= 1) { + if (strcmp(*argv, "-F") == 0) { +#ifdef OPENSSL_FIPS + fips_mode = 1; +#else + fprintf(stderr, + "not compiled with FIPS support, so exiting without running.\n"); + EXIT(0); +#endif + } else if (strcmp(*argv, "-server_auth") == 0) + server_auth = 1; + else if (strcmp(*argv, "-client_auth") == 0) + client_auth = 1; + else if (strcmp(*argv, "-v") == 0) + verbose = 1; + else if (strcmp(*argv, "-d") == 0) + debug = 1; + else if (strcmp(*argv, "-reuse") == 0) + reuse = 1; + else if (strcmp(*argv, "-dhe512") == 0) { +#ifndef OPENSSL_NO_DH + dhe512 = 1; +#else + fprintf(stderr, + "ignoring -dhe512, since I'm compiled without DH\n"); +#endif + } else if (strcmp(*argv, "-dhe1024dsa") == 0) { +#ifndef OPENSSL_NO_DH + dhe1024dsa = 1; +#else + fprintf(stderr, + "ignoring -dhe1024dsa, since I'm compiled without DH\n"); +#endif + } else if (strcmp(*argv, "-no_dhe") == 0) + no_dhe = 1; + else if (strcmp(*argv, "-no_ecdhe") == 0) + /* obsolete */; + else if (strcmp(*argv, "-psk") == 0) { + if (--argc < 1) + goto bad; + psk_key = *(++argv); +#ifndef OPENSSL_NO_PSK + if (strspn(psk_key, "abcdefABCDEF1234567890") != strlen(psk_key)) { + BIO_printf(bio_err, "Not a hex number '%s'\n", *argv); + goto bad; + } +#else + no_psk = 1; +#endif + } +#ifndef OPENSSL_NO_SRP + else if (strcmp(*argv, "-srpuser") == 0) { + if (--argc < 1) + goto bad; + srp_server_arg.expected_user = srp_client_arg.srplogin = + *(++argv); + min_version = TLS1_VERSION; + } else if (strcmp(*argv, "-srppass") == 0) { + if (--argc < 1) + goto bad; + srp_server_arg.pass = srp_client_arg.srppassin = *(++argv); + min_version = TLS1_VERSION; + } +#endif + else if (strcmp(*argv, "-tls1") == 0) { + tls1 = 1; + } else if (strcmp(*argv, "-ssl3") == 0) { + ssl3 = 1; + } else if (strcmp(*argv, "-dtls1") == 0) { + dtls1 = 1; + } else if (strcmp(*argv, "-dtls12") == 0) { + dtls12 = 1; + } else if (strcmp(*argv, "-dtls") == 0) { + dtls = 1; + } else if (strncmp(*argv, "-num", 4) == 0) { + if (--argc < 1) + goto bad; + number = atoi(*(++argv)); + if (number == 0) + number = 1; + } else if (strcmp(*argv, "-bytes") == 0) { + if (--argc < 1) + goto bad; + bytes = atol(*(++argv)); + if (bytes == 0L) + bytes = 1L; + i = strlen(argv[0]); + if (argv[0][i - 1] == 'k') + bytes *= 1024L; + if (argv[0][i - 1] == 'm') + bytes *= 1024L * 1024L; + } else if (strcmp(*argv, "-cipher") == 0) { + if (--argc < 1) + goto bad; + cipher = *(++argv); + } else if (strcmp(*argv, "-CApath") == 0) { + if (--argc < 1) + goto bad; + CApath = *(++argv); + } else if (strcmp(*argv, "-CAfile") == 0) { + if (--argc < 1) + goto bad; + CAfile = *(++argv); + } else if (strcmp(*argv, "-bio_pair") == 0) { + bio_type = BIO_PAIR; + } +#ifndef OPENSSL_NO_SOCK + else if (strcmp(*argv, "-ipv4") == 0) { + bio_type = BIO_IPV4; + } else if (strcmp(*argv, "-ipv6") == 0) { + bio_type = BIO_IPV6; + } +#endif + else if (strcmp(*argv, "-f") == 0) { + force = 1; + } else if (strcmp(*argv, "-time") == 0) { + print_time = 1; + } +#ifndef OPENSSL_NO_CT + else if (strcmp(*argv, "-noct") == 0) { + ct_validation = 0; + } + else if (strcmp(*argv, "-ct") == 0) { + ct_validation = 1; + } +#endif +#ifndef OPENSSL_NO_COMP + else if (strcmp(*argv, "-zlib") == 0) { + comp = COMP_ZLIB; + } +#endif + else if (strcmp(*argv, "-app_verify") == 0) { + app_verify_arg.app_verify = 1; + } +#ifndef OPENSSL_NO_NEXTPROTONEG + else if (strcmp(*argv, "-npn_client") == 0) { + npn_client = 1; + } else if (strcmp(*argv, "-npn_server") == 0) { + npn_server = 1; + } else if (strcmp(*argv, "-npn_server_reject") == 0) { + npn_server_reject = 1; + } +#endif + else if (strcmp(*argv, "-serverinfo_sct") == 0) { + serverinfo_sct = 1; + } else if (strcmp(*argv, "-serverinfo_tack") == 0) { + serverinfo_tack = 1; + } else if (strcmp(*argv, "-serverinfo_file") == 0) { + if (--argc < 1) + goto bad; + serverinfo_file = *(++argv); + } else if (strcmp(*argv, "-custom_ext") == 0) { + custom_ext = 1; + } else if (strcmp(*argv, "-alpn_client") == 0) { + if (--argc < 1) + goto bad; + alpn_client = *(++argv); + } else if (strcmp(*argv, "-alpn_server") == 0 || + strcmp(*argv, "-alpn_server1") == 0) { + if (--argc < 1) + goto bad; + alpn_server = *(++argv); + } else if (strcmp(*argv, "-alpn_server2") == 0) { + if (--argc < 1) + goto bad; + alpn_server2 = *(++argv); + } else if (strcmp(*argv, "-alpn_expected") == 0) { + if (--argc < 1) + goto bad; + alpn_expected = *(++argv); + } else if (strcmp(*argv, "-server_min_proto") == 0) { + if (--argc < 1) + goto bad; + server_min_proto = *(++argv); + } else if (strcmp(*argv, "-server_max_proto") == 0) { + if (--argc < 1) + goto bad; + server_max_proto = *(++argv); + } else if (strcmp(*argv, "-client_min_proto") == 0) { + if (--argc < 1) + goto bad; + client_min_proto = *(++argv); + } else if (strcmp(*argv, "-client_max_proto") == 0) { + if (--argc < 1) + goto bad; + client_max_proto = *(++argv); + } else if (strcmp(*argv, "-should_negotiate") == 0) { + if (--argc < 1) + goto bad; + should_negotiate = *(++argv); + } else if (strcmp(*argv, "-sn_client") == 0) { + if (--argc < 1) + goto bad; + sn_client = *(++argv); + } else if (strcmp(*argv, "-sn_server1") == 0) { + if (--argc < 1) + goto bad; + sn_server1 = *(++argv); + } else if (strcmp(*argv, "-sn_server2") == 0) { + if (--argc < 1) + goto bad; + sn_server2 = *(++argv); + } else if (strcmp(*argv, "-sn_expect1") == 0) { + sn_expect = 1; + } else if (strcmp(*argv, "-sn_expect2") == 0) { + sn_expect = 2; + } else if (strcmp(*argv, "-server_sess_out") == 0) { + if (--argc < 1) + goto bad; + server_sess_out = *(++argv); + } else if (strcmp(*argv, "-server_sess_in") == 0) { + if (--argc < 1) + goto bad; + server_sess_in = *(++argv); + } else if (strcmp(*argv, "-client_sess_out") == 0) { + if (--argc < 1) + goto bad; + client_sess_out = *(++argv); + } else if (strcmp(*argv, "-client_sess_in") == 0) { + if (--argc < 1) + goto bad; + client_sess_in = *(++argv); + } else if (strcmp(*argv, "-should_reuse") == 0) { + if (--argc < 1) + goto bad; + should_reuse = !!atoi(*(++argv)); + } else if (strcmp(*argv, "-no_ticket") == 0) { + no_ticket = 1; + } else { + int rv; + arg = argv[0]; + argn = argv[1]; + /* Try to process command using SSL_CONF */ + rv = SSL_CONF_cmd_argv(c_cctx, &argc, &argv); + /* If not processed try server */ + if (rv == 0) + rv = SSL_CONF_cmd_argv(s_cctx, &argc, &argv); + /* Recognised: store it for later use */ + if (rv > 0) { + if (rv == 1) + argn = NULL; + if (!conf_args) { + conf_args = sk_OPENSSL_STRING_new_null(); + if (!conf_args) + goto end; + } + if (!sk_OPENSSL_STRING_push(conf_args, arg)) + goto end; + if (!sk_OPENSSL_STRING_push(conf_args, argn)) + goto end; + continue; + } + if (rv == -3) + BIO_printf(bio_err, "Missing argument for %s\n", arg); + else if (rv < 0) + BIO_printf(bio_err, "Error with command %s\n", arg); + else if (rv == 0) + BIO_printf(bio_err, "unknown option %s\n", arg); + badop = 1; + break; + } + argc--; + argv++; + } + if (badop) { + bad: + sv_usage(); + goto end; + } + + if (ssl3 + tls1 + dtls + dtls1 + dtls12 > 1) { + fprintf(stderr, "At most one of -ssl3, -tls1, -dtls, -dtls1 or -dtls12 should " + "be requested.\n"); + EXIT(1); + } + +#ifdef OPENSSL_NO_SSL3 + if (ssl3) + no_protocol = 1; + else +#endif +#ifdef OPENSSL_NO_TLS1 + if (tls1) + no_protocol = 1; + else +#endif +#if defined(OPENSSL_NO_DTLS) || defined(OPENSSL_NO_DTLS1) + if (dtls1) + no_protocol = 1; + else +#endif +#if defined(OPENSSL_NO_DTLS) || defined(OPENSSL_NO_DTLS1_2) + if (dtls12) + no_protocol = 1; + else +#endif + no_protocol = 0; + + /* + * Testing was requested for a compiled-out protocol (e.g. SSLv3). + * Ideally, we would error out, but the generic test wrapper can't know + * when to expect failure. So we do nothing and return success. + */ + if (no_protocol) { + fprintf(stderr, "Testing was requested for a disabled protocol. " + "Skipping tests.\n"); + ret = 0; + goto end; + } + + if (!ssl3 && !tls1 && !dtls && !dtls1 && !dtls12 && number > 1 && !reuse && !force) { + fprintf(stderr, "This case cannot work. Use -f to perform " + "the test anyway (and\n-d to see what happens), " + "or add one of -ssl3, -tls1, -dtls, -dtls1, -dtls12, -reuse\n" + "to avoid protocol mismatch.\n"); + EXIT(1); + } +#ifdef OPENSSL_FIPS + if (fips_mode) { + if (!FIPS_mode_set(1)) { + ERR_print_errors(bio_err); + EXIT(1); + } else + fprintf(stderr, "*** IN FIPS MODE ***\n"); + } +#endif + + if (print_time) { + if (bio_type != BIO_PAIR) { + fprintf(stderr, "Using BIO pair (-bio_pair)\n"); + bio_type = BIO_PAIR; + } + if (number < 50 && !force) + fprintf(stderr, + "Warning: For accurate timings, use more connections (e.g. -num 1000)\n"); + } + +/* if (cipher == NULL) cipher=getenv("SSL_CIPHER"); */ + +#ifndef OPENSSL_NO_COMP + if (comp == COMP_ZLIB) + cm = COMP_zlib(); + if (cm != NULL) { + if (COMP_get_type(cm) != NID_undef) { + if (SSL_COMP_add_compression_method(comp, cm) != 0) { + fprintf(stderr, "Failed to add compression method\n"); + ERR_print_errors_fp(stderr); + } + } else { + fprintf(stderr, + "Warning: %s compression not supported\n", + comp == COMP_ZLIB ? "zlib" : "unknown"); + ERR_print_errors_fp(stderr); + } + } + ssl_comp_methods = SSL_COMP_get_compression_methods(); + n = sk_SSL_COMP_num(ssl_comp_methods); + if (n) { + int j; + printf("Available compression methods:"); + for (j = 0; j < n; j++) { + SSL_COMP *c = sk_SSL_COMP_value(ssl_comp_methods, j); + printf(" %s:%d", SSL_COMP_get0_name(c), SSL_COMP_get_id(c)); + } + printf("\n"); + } +#endif + +#ifndef OPENSSL_NO_TLS + meth = TLS_method(); + if (ssl3) { + min_version = SSL3_VERSION; + max_version = SSL3_VERSION; + } else if (tls1) { + min_version = TLS1_VERSION; + max_version = TLS1_VERSION; + } else { + min_version = SSL3_VERSION; + max_version = TLS_MAX_VERSION; + } +#endif +#ifndef OPENSSL_NO_DTLS + if (dtls || dtls1 || dtls12) { + meth = DTLS_method(); + if (dtls1) { + min_version = DTLS1_VERSION; + max_version = DTLS1_VERSION; + } else if (dtls12) { + min_version = DTLS1_2_VERSION; + max_version = DTLS1_2_VERSION; + } else { + min_version = DTLS_MIN_VERSION; + max_version = DTLS_MAX_VERSION; + } + } +#endif + + c_ctx = SSL_CTX_new(meth); + s_ctx = SSL_CTX_new(meth); + s_ctx2 = SSL_CTX_new(meth); /* no SSL_CTX_dup! */ + if ((c_ctx == NULL) || (s_ctx == NULL) || (s_ctx2 == NULL)) { + ERR_print_errors(bio_err); + goto end; + } + /* + * Since we will use low security ciphersuites and keys for testing set + * security level to zero by default. Tests can override this by adding + * "@SECLEVEL=n" to the cipher string. + */ + SSL_CTX_set_security_level(c_ctx, 0); + SSL_CTX_set_security_level(s_ctx, 0); + SSL_CTX_set_security_level(s_ctx2, 0); + + if (no_ticket) { + SSL_CTX_set_options(c_ctx, SSL_OP_NO_TICKET); + SSL_CTX_set_options(s_ctx, SSL_OP_NO_TICKET); + } + + if (SSL_CTX_set_min_proto_version(c_ctx, min_version) == 0) { + printf("Unable to set client min protocol version (0x%X)\n", + min_version); + goto end; + } + if (SSL_CTX_set_max_proto_version(c_ctx, max_version) == 0) { + printf("Unable to set client max protocol version (0x%X)\n", + max_version); + goto end; + } + if (SSL_CTX_set_min_proto_version(s_ctx, min_version) == 0) { + printf("Unable to set server min protocol version (0x%X)\n", + min_version); + goto end; + } + if (SSL_CTX_set_max_proto_version(s_ctx, max_version) == 0) { + printf("Unable to set server max protocol version (0x%X)\n", + max_version); + goto end; + } + + if (cipher != NULL) { + if (!SSL_CTX_set_cipher_list(c_ctx, cipher) + || !SSL_CTX_set_cipher_list(s_ctx, cipher) + || !SSL_CTX_set_cipher_list(s_ctx2, cipher)) { + ERR_print_errors(bio_err); + goto end; + } + } + +#ifndef OPENSSL_NO_CT + if (ct_validation && + !SSL_CTX_enable_ct(c_ctx, SSL_CT_VALIDATION_STRICT)) { + ERR_print_errors(bio_err); + goto end; + } +#endif + + /* Process SSL_CONF arguments */ + SSL_CONF_CTX_set_ssl_ctx(c_cctx, c_ctx); + SSL_CONF_CTX_set_ssl_ctx(s_cctx, s_ctx); + SSL_CONF_CTX_set_ssl_ctx(s_cctx2, s_ctx2); + + for (i = 0; i < sk_OPENSSL_STRING_num(conf_args); i += 2) { + int rv; + arg = sk_OPENSSL_STRING_value(conf_args, i); + argn = sk_OPENSSL_STRING_value(conf_args, i + 1); + rv = SSL_CONF_cmd(c_cctx, arg, argn); + /* If not recognised use server context */ + if (rv == -2) { + rv = SSL_CONF_cmd(s_cctx2, arg, argn); + if (rv > 0) + rv = SSL_CONF_cmd(s_cctx, arg, argn); + } + if (rv <= 0) { + BIO_printf(bio_err, "Error processing %s %s\n", + arg, argn ? argn : ""); + ERR_print_errors(bio_err); + goto end; + } + } + + if (!SSL_CONF_CTX_finish(s_cctx) || !SSL_CONF_CTX_finish(c_cctx) || !SSL_CONF_CTX_finish(s_cctx2)) { + BIO_puts(bio_err, "Error finishing context\n"); + ERR_print_errors(bio_err); + goto end; + } +#ifndef OPENSSL_NO_DH + if (!no_dhe) { + if (dhe1024dsa) { + dh = get_dh1024dsa(); + } else if (dhe512) + dh = get_dh512(); + else + dh = get_dh1024(); + SSL_CTX_set_tmp_dh(s_ctx, dh); + SSL_CTX_set_tmp_dh(s_ctx2, dh); + DH_free(dh); + } +#else + (void)no_dhe; +#endif + + if ((!SSL_CTX_load_verify_locations(s_ctx, CAfile, CApath)) || + (!SSL_CTX_set_default_verify_paths(s_ctx)) || + (!SSL_CTX_load_verify_locations(s_ctx2, CAfile, CApath)) || + (!SSL_CTX_set_default_verify_paths(s_ctx2)) || + (!SSL_CTX_load_verify_locations(c_ctx, CAfile, CApath)) || + (!SSL_CTX_set_default_verify_paths(c_ctx))) { + /* fprintf(stderr,"SSL_load_verify_locations\n"); */ + ERR_print_errors(bio_err); + /* goto end; */ + } + +#ifndef OPENSSL_NO_CT + if (!SSL_CTX_set_default_ctlog_list_file(s_ctx) || + !SSL_CTX_set_default_ctlog_list_file(s_ctx2) || + !SSL_CTX_set_default_ctlog_list_file(c_ctx)) { + ERR_print_errors(bio_err); + } +#endif + + if (client_auth) { + printf("client authentication\n"); + SSL_CTX_set_verify(s_ctx, + SSL_VERIFY_PEER | SSL_VERIFY_FAIL_IF_NO_PEER_CERT, + verify_callback); + SSL_CTX_set_verify(s_ctx2, + SSL_VERIFY_PEER | SSL_VERIFY_FAIL_IF_NO_PEER_CERT, + verify_callback); + SSL_CTX_set_cert_verify_callback(s_ctx, app_verify_callback, + &app_verify_arg); + SSL_CTX_set_cert_verify_callback(s_ctx2, app_verify_callback, + &app_verify_arg); + } + if (server_auth) { + printf("server authentication\n"); + SSL_CTX_set_verify(c_ctx, SSL_VERIFY_PEER, verify_callback); + SSL_CTX_set_cert_verify_callback(c_ctx, app_verify_callback, + &app_verify_arg); + } + + { + int session_id_context = 0; + if (!SSL_CTX_set_session_id_context(s_ctx, (void *)&session_id_context, + sizeof(session_id_context)) || + !SSL_CTX_set_session_id_context(s_ctx2, (void *)&session_id_context, + sizeof(session_id_context))) { + ERR_print_errors(bio_err); + goto end; + } + } + + /* Use PSK only if PSK key is given */ + if (psk_key != NULL) { + /* + * no_psk is used to avoid putting psk command to openssl tool + */ + if (no_psk) { + /* + * if PSK is not compiled in and psk key is given, do nothing and + * exit successfully + */ + ret = 0; + goto end; + } +#ifndef OPENSSL_NO_PSK + SSL_CTX_set_psk_client_callback(c_ctx, psk_client_callback); + SSL_CTX_set_psk_server_callback(s_ctx, psk_server_callback); + SSL_CTX_set_psk_server_callback(s_ctx2, psk_server_callback); + if (debug) + BIO_printf(bio_err, "setting PSK identity hint to s_ctx\n"); + if (!SSL_CTX_use_psk_identity_hint(s_ctx, "ctx server identity_hint") || + !SSL_CTX_use_psk_identity_hint(s_ctx2, "ctx server identity_hint")) { + BIO_printf(bio_err, "error setting PSK identity hint to s_ctx\n"); + ERR_print_errors(bio_err); + goto end; + } +#endif + } +#ifndef OPENSSL_NO_SRP + if (srp_client_arg.srplogin) { + if (!SSL_CTX_set_srp_username(c_ctx, srp_client_arg.srplogin)) { + BIO_printf(bio_err, "Unable to set SRP username\n"); + goto end; + } + SSL_CTX_set_srp_cb_arg(c_ctx, &srp_client_arg); + SSL_CTX_set_srp_client_pwd_callback(c_ctx, + ssl_give_srp_client_pwd_cb); + /* + * SSL_CTX_set_srp_strength(c_ctx, srp_client_arg.strength); + */ + } + + if (srp_server_arg.expected_user != NULL) { + SSL_CTX_set_verify(s_ctx, SSL_VERIFY_NONE, verify_callback); + SSL_CTX_set_verify(s_ctx2, SSL_VERIFY_NONE, verify_callback); + SSL_CTX_set_srp_cb_arg(s_ctx, &srp_server_arg); + SSL_CTX_set_srp_cb_arg(s_ctx2, &srp_server_arg); + SSL_CTX_set_srp_username_callback(s_ctx, ssl_srp_server_param_cb); + SSL_CTX_set_srp_username_callback(s_ctx2, ssl_srp_server_param_cb); + } +#endif + +#ifndef OPENSSL_NO_NEXTPROTONEG + if (npn_client) { + SSL_CTX_set_next_proto_select_cb(c_ctx, cb_client_npn, NULL); + } + if (npn_server) { + if (npn_server_reject) { + BIO_printf(bio_err, + "Can't have both -npn_server and -npn_server_reject\n"); + goto end; + } + SSL_CTX_set_next_protos_advertised_cb(s_ctx, cb_server_npn, NULL); + SSL_CTX_set_next_protos_advertised_cb(s_ctx2, cb_server_npn, NULL); + } + if (npn_server_reject) { + SSL_CTX_set_next_protos_advertised_cb(s_ctx, cb_server_rejects_npn, + NULL); + SSL_CTX_set_next_protos_advertised_cb(s_ctx2, cb_server_rejects_npn, + NULL); + } +#endif + + if (serverinfo_sct) { + if (!SSL_CTX_add_client_custom_ext(c_ctx, + TLSEXT_TYPE_signed_certificate_timestamp, + NULL, NULL, NULL, + serverinfo_cli_parse_cb, NULL)) { + BIO_printf(bio_err, "Error adding SCT extension\n"); + goto end; + } + } + if (serverinfo_tack) { + if (!SSL_CTX_add_client_custom_ext(c_ctx, TACK_EXT_TYPE, + NULL, NULL, NULL, + serverinfo_cli_parse_cb, NULL)) { + BIO_printf(bio_err, "Error adding TACK extension\n"); + goto end; + } + } + if (serverinfo_file) + if (!SSL_CTX_use_serverinfo_file(s_ctx, serverinfo_file) || + !SSL_CTX_use_serverinfo_file(s_ctx2, serverinfo_file)) { + BIO_printf(bio_err, "missing serverinfo file\n"); + goto end; + } + + if (custom_ext) { + if (!SSL_CTX_add_client_custom_ext(c_ctx, CUSTOM_EXT_TYPE_0, + custom_ext_0_cli_add_cb, + NULL, NULL, + custom_ext_0_cli_parse_cb, NULL) + || !SSL_CTX_add_client_custom_ext(c_ctx, CUSTOM_EXT_TYPE_1, + custom_ext_1_cli_add_cb, + NULL, NULL, + custom_ext_1_cli_parse_cb, NULL) + || !SSL_CTX_add_client_custom_ext(c_ctx, CUSTOM_EXT_TYPE_2, + custom_ext_2_cli_add_cb, + NULL, NULL, + custom_ext_2_cli_parse_cb, NULL) + || !SSL_CTX_add_client_custom_ext(c_ctx, CUSTOM_EXT_TYPE_3, + custom_ext_3_cli_add_cb, + NULL, NULL, + custom_ext_3_cli_parse_cb, NULL) + || !SSL_CTX_add_server_custom_ext(s_ctx, CUSTOM_EXT_TYPE_0, + custom_ext_0_srv_add_cb, + NULL, NULL, + custom_ext_0_srv_parse_cb, NULL) + || !SSL_CTX_add_server_custom_ext(s_ctx2, CUSTOM_EXT_TYPE_0, + custom_ext_0_srv_add_cb, + NULL, NULL, + custom_ext_0_srv_parse_cb, NULL) + || !SSL_CTX_add_server_custom_ext(s_ctx, CUSTOM_EXT_TYPE_1, + custom_ext_1_srv_add_cb, + NULL, NULL, + custom_ext_1_srv_parse_cb, NULL) + || !SSL_CTX_add_server_custom_ext(s_ctx2, CUSTOM_EXT_TYPE_1, + custom_ext_1_srv_add_cb, + NULL, NULL, + custom_ext_1_srv_parse_cb, NULL) + || !SSL_CTX_add_server_custom_ext(s_ctx, CUSTOM_EXT_TYPE_2, + custom_ext_2_srv_add_cb, + NULL, NULL, + custom_ext_2_srv_parse_cb, NULL) + || !SSL_CTX_add_server_custom_ext(s_ctx2, CUSTOM_EXT_TYPE_2, + custom_ext_2_srv_add_cb, + NULL, NULL, + custom_ext_2_srv_parse_cb, NULL) + || !SSL_CTX_add_server_custom_ext(s_ctx, CUSTOM_EXT_TYPE_3, + custom_ext_3_srv_add_cb, + NULL, NULL, + custom_ext_3_srv_parse_cb, NULL) + || !SSL_CTX_add_server_custom_ext(s_ctx2, CUSTOM_EXT_TYPE_3, + custom_ext_3_srv_add_cb, + NULL, NULL, + custom_ext_3_srv_parse_cb, NULL)) { + BIO_printf(bio_err, "Error setting custom extensions\n"); + goto end; + } + } + + if (alpn_server) + SSL_CTX_set_alpn_select_cb(s_ctx, cb_server_alpn, alpn_server); + if (alpn_server2) + SSL_CTX_set_alpn_select_cb(s_ctx2, cb_server_alpn, alpn_server2); + + if (alpn_client) { + size_t alpn_len; + unsigned char *alpn = next_protos_parse(&alpn_len, alpn_client); + + if (alpn == NULL) { + BIO_printf(bio_err, "Error parsing -alpn_client argument\n"); + goto end; + } + /* Returns 0 on success!! */ + if (SSL_CTX_set_alpn_protos(c_ctx, alpn, alpn_len)) { + BIO_printf(bio_err, "Error setting ALPN\n"); + OPENSSL_free(alpn); + goto end; + } + OPENSSL_free(alpn); + } + + if (server_sess_in != NULL) { + server_sess = read_session(server_sess_in); + if (server_sess == NULL) + goto end; + } + if (client_sess_in != NULL) { + client_sess = read_session(client_sess_in); + if (client_sess == NULL) + goto end; + } + + if (server_sess_out != NULL || server_sess_in != NULL) { + char *keys; + long size; + + /* Use a fixed key so that we can decrypt the ticket. */ + size = SSL_CTX_set_tlsext_ticket_keys(s_ctx, NULL, 0); + keys = OPENSSL_zalloc(size); + SSL_CTX_set_tlsext_ticket_keys(s_ctx, keys, size); + OPENSSL_free(keys); + } + + if (sn_server1 != NULL || sn_server2 != NULL) + SSL_CTX_set_tlsext_servername_callback(s_ctx, servername_cb); + + c_ssl = SSL_new(c_ctx); + s_ssl = SSL_new(s_ctx); + + if (sn_client) + SSL_set_tlsext_host_name(c_ssl, sn_client); + + if (!set_protocol_version(server_min_proto, s_ssl, SSL_CTRL_SET_MIN_PROTO_VERSION)) + goto end; + if (!set_protocol_version(server_max_proto, s_ssl, SSL_CTRL_SET_MAX_PROTO_VERSION)) + goto end; + if (!set_protocol_version(client_min_proto, c_ssl, SSL_CTRL_SET_MIN_PROTO_VERSION)) + goto end; + if (!set_protocol_version(client_max_proto, c_ssl, SSL_CTRL_SET_MAX_PROTO_VERSION)) + goto end; + + if (server_sess) { + if (SSL_CTX_add_session(s_ctx, server_sess) == 0) { + BIO_printf(bio_err, "Can't add server session\n"); + ERR_print_errors(bio_err); + goto end; + } + } + + BIO_printf(bio_stdout, "Doing handshakes=%d bytes=%ld\n", number, bytes); + for (i = 0; i < number; i++) { + if (!reuse) { + if (!SSL_set_session(c_ssl, NULL)) { + BIO_printf(bio_err, "Failed to set session\n"); + goto end; + } + } + if (client_sess_in != NULL) { + if (SSL_set_session(c_ssl, client_sess) == 0) { + BIO_printf(bio_err, "Can't set client session\n"); + ERR_print_errors(bio_err); + goto end; + } + } + switch (bio_type) { + case BIO_MEM: + ret = doit(s_ssl, c_ssl, bytes); + break; + case BIO_PAIR: + ret = doit_biopair(s_ssl, c_ssl, bytes, &s_time, &c_time); + break; +#ifndef OPENSSL_NO_SOCK + case BIO_IPV4: + ret = doit_localhost(s_ssl, c_ssl, BIO_FAMILY_IPV4, + bytes, &s_time, &c_time); + break; + case BIO_IPV6: + ret = doit_localhost(s_ssl, c_ssl, BIO_FAMILY_IPV6, + bytes, &s_time, &c_time); + break; +#else + case BIO_IPV4: + case BIO_IPV6: + ret = 1; + goto err; +#endif + } + if (ret) break; + } + + if (should_negotiate && ret == 0 && + strcmp(should_negotiate, "fail-server") != 0 && + strcmp(should_negotiate, "fail-client") != 0) { + int version = protocol_from_string(should_negotiate); + if (version < 0) { + BIO_printf(bio_err, "Error parsing: %s\n", should_negotiate); + ret = 1; + goto err; + } + if (SSL_version(c_ssl) != version) { + BIO_printf(bio_err, "Unexpected version negotiated. " + "Expected: %s, got %s\n", should_negotiate, SSL_get_version(c_ssl)); + ret = 1; + goto err; + } + } + + if (should_reuse != -1) { + if (SSL_session_reused(s_ssl) != should_reuse || + SSL_session_reused(c_ssl) != should_reuse) { + BIO_printf(bio_err, "Unexpected session reuse state. " + "Expected: %d, server: %d, client: %d\n", should_reuse, + SSL_session_reused(s_ssl), SSL_session_reused(c_ssl)); + ret = 1; + goto err; + } + } + + if (server_sess_out != NULL) { + if (write_session(server_sess_out, SSL_get_session(s_ssl)) == 0) { + ret = 1; + goto err; + } + } + if (client_sess_out != NULL) { + if (write_session(client_sess_out, SSL_get_session(c_ssl)) == 0) { + ret = 1; + goto err; + } + } + + if (!verbose) { + print_details(c_ssl, ""); + } + if (print_time) { +#ifdef CLOCKS_PER_SEC + /* + * "To determine the time in seconds, the value returned by the clock + * function should be divided by the value of the macro + * CLOCKS_PER_SEC." -- ISO/IEC 9899 + */ + BIO_printf(bio_stdout, "Approximate total server time: %6.2f s\n" + "Approximate total client time: %6.2f s\n", + (double)s_time / CLOCKS_PER_SEC, + (double)c_time / CLOCKS_PER_SEC); +#else + BIO_printf(bio_stdout, + "Approximate total server time: %6.2f units\n" + "Approximate total client time: %6.2f units\n", + (double)s_time, (double)c_time); +#endif + } + + err: + SSL_free(s_ssl); + SSL_free(c_ssl); + + end: + SSL_CTX_free(s_ctx); + SSL_CTX_free(s_ctx2); + SSL_CTX_free(c_ctx); + SSL_CONF_CTX_free(s_cctx); + SSL_CONF_CTX_free(s_cctx2); + SSL_CONF_CTX_free(c_cctx); + sk_OPENSSL_STRING_free(conf_args); + + BIO_free(bio_stdout); + + SSL_SESSION_free(server_sess); + SSL_SESSION_free(client_sess); + +#ifndef OPENSSL_NO_CRYPTO_MDEBUG + if (CRYPTO_mem_leaks(bio_err) <= 0) + ret = 1; +#endif + BIO_free(bio_err); + EXIT(ret); +} + +#ifndef OPENSSL_NO_SOCK +int doit_localhost(SSL *s_ssl, SSL *c_ssl, int family, long count, + clock_t *s_time, clock_t *c_time) +{ + long cw_num = count, cr_num = count, sw_num = count, sr_num = count; + BIO *s_ssl_bio = NULL, *c_ssl_bio = NULL; + BIO *acpt = NULL, *server = NULL, *client = NULL; + char addr_str[40]; + int ret = 1; + int err_in_client = 0; + int err_in_server = 0; + + acpt = BIO_new_accept("0"); + if (acpt == NULL) + goto err; + BIO_set_accept_ip_family(acpt, family); + BIO_set_bind_mode(acpt, BIO_SOCK_NONBLOCK | BIO_SOCK_REUSEADDR); + if (BIO_do_accept(acpt) <= 0) + goto err; + + BIO_snprintf(addr_str, sizeof(addr_str), ":%s", BIO_get_accept_port(acpt)); + + client = BIO_new_connect(addr_str); + BIO_set_conn_ip_family(client, family); + if (!client) + goto err; + + if (BIO_set_nbio(client, 1) <= 0) + goto err; + if (BIO_set_nbio(acpt, 1) <= 0) + goto err; + + { + int st_connect = 0, st_accept = 0; + + while(!st_connect || !st_accept) { + if (!st_connect) { + if (BIO_do_connect(client) <= 0) { + if (!BIO_should_retry(client)) + goto err; + } else { + st_connect = 1; + } + } + if (!st_accept) { + if (BIO_do_accept(acpt) <= 0) { + if (!BIO_should_retry(acpt)) + goto err; + } else { + st_accept = 1; + } + } + } + } + /* We're not interested in accepting further connects */ + server = BIO_pop(acpt); + BIO_free_all(acpt); + acpt = NULL; + + s_ssl_bio = BIO_new(BIO_f_ssl()); + if (!s_ssl_bio) + goto err; + + c_ssl_bio = BIO_new(BIO_f_ssl()); + if (!c_ssl_bio) + goto err; + + SSL_set_connect_state(c_ssl); + SSL_set_bio(c_ssl, client, client); + (void)BIO_set_ssl(c_ssl_bio, c_ssl, BIO_NOCLOSE); + + SSL_set_accept_state(s_ssl); + SSL_set_bio(s_ssl, server, server); + (void)BIO_set_ssl(s_ssl_bio, s_ssl, BIO_NOCLOSE); + + do { + /*- + * c_ssl_bio: SSL filter BIO + * + * client: I/O for SSL library + * + * + * server: I/O for SSL library + * + * s_ssl_bio: SSL filter BIO + */ + + /* + * We have non-blocking behaviour throughout this test program, but + * can be sure that there is *some* progress in each iteration; so we + * don't have to worry about ..._SHOULD_READ or ..._SHOULD_WRITE -- + * we just try everything in each iteration + */ + + { + /* CLIENT */ + + char cbuf[1024 * 8]; + int i, r; + clock_t c_clock = clock(); + + memset(cbuf, 0, sizeof(cbuf)); + + if (debug) + if (SSL_in_init(c_ssl)) + printf("client waiting in SSL_connect - %s\n", + SSL_state_string_long(c_ssl)); + + if (cw_num > 0) { + /* Write to server. */ + + if (cw_num > (long)sizeof(cbuf)) + i = sizeof(cbuf); + else + i = (int)cw_num; + r = BIO_write(c_ssl_bio, cbuf, i); + if (r < 0) { + if (!BIO_should_retry(c_ssl_bio)) { + fprintf(stderr, "ERROR in CLIENT\n"); + err_in_client = 1; + goto err; + } + /* + * BIO_should_retry(...) can just be ignored here. The + * library expects us to call BIO_write with the same + * arguments again, and that's what we will do in the + * next iteration. + */ + } else if (r == 0) { + fprintf(stderr, "SSL CLIENT STARTUP FAILED\n"); + goto err; + } else { + if (debug) + printf("client wrote %d\n", r); + cw_num -= r; + } + } + + if (cr_num > 0) { + /* Read from server. */ + + r = BIO_read(c_ssl_bio, cbuf, sizeof(cbuf)); + if (r < 0) { + if (!BIO_should_retry(c_ssl_bio)) { + fprintf(stderr, "ERROR in CLIENT\n"); + err_in_client = 1; + goto err; + } + /* + * Again, "BIO_should_retry" can be ignored. + */ + } else if (r == 0) { + fprintf(stderr, "SSL CLIENT STARTUP FAILED\n"); + goto err; + } else { + if (debug) + printf("client read %d\n", r); + cr_num -= r; + } + } + + /* + * c_time and s_time increments will typically be very small + * (depending on machine speed and clock tick intervals), but + * sampling over a large number of connections should result in + * fairly accurate figures. We cannot guarantee a lot, however + * -- if each connection lasts for exactly one clock tick, it + * will be counted only for the client or only for the server or + * even not at all. + */ + *c_time += (clock() - c_clock); + } + + { + /* SERVER */ + + char sbuf[1024 * 8]; + int i, r; + clock_t s_clock = clock(); + + memset(sbuf, 0, sizeof(sbuf)); + + if (debug) + if (SSL_in_init(s_ssl)) + printf("server waiting in SSL_accept - %s\n", + SSL_state_string_long(s_ssl)); + + if (sw_num > 0) { + /* Write to client. */ + + if (sw_num > (long)sizeof(sbuf)) + i = sizeof(sbuf); + else + i = (int)sw_num; + r = BIO_write(s_ssl_bio, sbuf, i); + if (r < 0) { + if (!BIO_should_retry(s_ssl_bio)) { + fprintf(stderr, "ERROR in SERVER\n"); + err_in_server = 1; + goto err; + } + /* Ignore "BIO_should_retry". */ + } else if (r == 0) { + fprintf(stderr, "SSL SERVER STARTUP FAILED\n"); + goto err; + } else { + if (debug) + printf("server wrote %d\n", r); + sw_num -= r; + } + } + + if (sr_num > 0) { + /* Read from client. */ + + r = BIO_read(s_ssl_bio, sbuf, sizeof(sbuf)); + if (r < 0) { + if (!BIO_should_retry(s_ssl_bio)) { + fprintf(stderr, "ERROR in SERVER\n"); + err_in_server = 1; + goto err; + } + /* blah, blah */ + } else if (r == 0) { + fprintf(stderr, "SSL SERVER STARTUP FAILED\n"); + goto err; + } else { + if (debug) + printf("server read %d\n", r); + sr_num -= r; + } + } + + *s_time += (clock() - s_clock); + } + } + while (cw_num > 0 || cr_num > 0 || sw_num > 0 || sr_num > 0); + + if (verbose) + print_details(c_ssl, "DONE via TCP connect: "); +# ifndef OPENSSL_NO_NEXTPROTONEG + if (verify_npn(c_ssl, s_ssl) < 0) { + ret = 1; + goto end; + } +# endif + if (verify_serverinfo() < 0) { + fprintf(stderr, "Server info verify error\n"); + ret = 1; + goto err; + } + if (verify_alpn(c_ssl, s_ssl) < 0) { + ret = 1; + goto err; + } + if (verify_servername(c_ssl, s_ssl) < 0) { + ret = 1; + goto err; + } + + if (custom_ext_error) { + fprintf(stderr, "Custom extension error\n"); + ret = 1; + goto err; + } + +# ifndef OPENSSL_NO_NEXTPROTONEG + end: +# endif + ret = 0; + + err: + ERR_print_errors(bio_err); + + BIO_free_all(acpt); + BIO_free(server); + BIO_free(client); + BIO_free(s_ssl_bio); + BIO_free(c_ssl_bio); + + if (should_negotiate != NULL && strcmp(should_negotiate, "fail-client") == 0) + ret = (err_in_client != 0) ? 0 : 1; + else if (should_negotiate != NULL && strcmp(should_negotiate, "fail-server") == 0) + ret = (err_in_server != 0) ? 0 : 1; + + return ret; +} +#endif + +int doit_biopair(SSL *s_ssl, SSL *c_ssl, long count, + clock_t *s_time, clock_t *c_time) +{ + long cw_num = count, cr_num = count, sw_num = count, sr_num = count; + BIO *s_ssl_bio = NULL, *c_ssl_bio = NULL; + BIO *server = NULL, *server_io = NULL, *client = NULL, *client_io = NULL; + int ret = 1; + int err_in_client = 0; + int err_in_server = 0; + + size_t bufsiz = 256; /* small buffer for testing */ + + if (!BIO_new_bio_pair(&server, bufsiz, &server_io, bufsiz)) + goto err; + if (!BIO_new_bio_pair(&client, bufsiz, &client_io, bufsiz)) + goto err; + + s_ssl_bio = BIO_new(BIO_f_ssl()); + if (!s_ssl_bio) + goto err; + + c_ssl_bio = BIO_new(BIO_f_ssl()); + if (!c_ssl_bio) + goto err; + + SSL_set_connect_state(c_ssl); + SSL_set_bio(c_ssl, client, client); + (void)BIO_set_ssl(c_ssl_bio, c_ssl, BIO_NOCLOSE); + + SSL_set_accept_state(s_ssl); + SSL_set_bio(s_ssl, server, server); + (void)BIO_set_ssl(s_ssl_bio, s_ssl, BIO_NOCLOSE); + + do { + /*- + * c_ssl_bio: SSL filter BIO + * + * client: pseudo-I/O for SSL library + * + * client_io: client's SSL communication; usually to be + * relayed over some I/O facility, but in this + * test program, we're the server, too: + * + * server_io: server's SSL communication + * + * server: pseudo-I/O for SSL library + * + * s_ssl_bio: SSL filter BIO + * + * The client and the server each employ a "BIO pair": + * client + client_io, server + server_io. + * BIO pairs are symmetric. A BIO pair behaves similar + * to a non-blocking socketpair (but both endpoints must + * be handled by the same thread). + * [Here we could connect client and server to the ends + * of a single BIO pair, but then this code would be less + * suitable as an example for BIO pairs in general.] + * + * Useful functions for querying the state of BIO pair endpoints: + * + * BIO_ctrl_pending(bio) number of bytes we can read now + * BIO_ctrl_get_read_request(bio) number of bytes needed to fulfil + * other side's read attempt + * BIO_ctrl_get_write_guarantee(bio) number of bytes we can write now + * + * ..._read_request is never more than ..._write_guarantee; + * it depends on the application which one you should use. + */ + + /* + * We have non-blocking behaviour throughout this test program, but + * can be sure that there is *some* progress in each iteration; so we + * don't have to worry about ..._SHOULD_READ or ..._SHOULD_WRITE -- + * we just try everything in each iteration + */ + + { + /* CLIENT */ + + char cbuf[1024 * 8]; + int i, r; + clock_t c_clock = clock(); + + memset(cbuf, 0, sizeof(cbuf)); + + if (debug) + if (SSL_in_init(c_ssl)) + printf("client waiting in SSL_connect - %s\n", + SSL_state_string_long(c_ssl)); + + if (cw_num > 0) { + /* Write to server. */ + + if (cw_num > (long)sizeof(cbuf)) + i = sizeof(cbuf); + else + i = (int)cw_num; + r = BIO_write(c_ssl_bio, cbuf, i); + if (r < 0) { + if (!BIO_should_retry(c_ssl_bio)) { + fprintf(stderr, "ERROR in CLIENT\n"); + err_in_client = 1; + goto err; + } + /* + * BIO_should_retry(...) can just be ignored here. The + * library expects us to call BIO_write with the same + * arguments again, and that's what we will do in the + * next iteration. + */ + } else if (r == 0) { + fprintf(stderr, "SSL CLIENT STARTUP FAILED\n"); + goto err; + } else { + if (debug) + printf("client wrote %d\n", r); + cw_num -= r; + } + } + + if (cr_num > 0) { + /* Read from server. */ + + r = BIO_read(c_ssl_bio, cbuf, sizeof(cbuf)); + if (r < 0) { + if (!BIO_should_retry(c_ssl_bio)) { + fprintf(stderr, "ERROR in CLIENT\n"); + err_in_client = 1; + goto err; + } + /* + * Again, "BIO_should_retry" can be ignored. + */ + } else if (r == 0) { + fprintf(stderr, "SSL CLIENT STARTUP FAILED\n"); + goto err; + } else { + if (debug) + printf("client read %d\n", r); + cr_num -= r; + } + } + + /* + * c_time and s_time increments will typically be very small + * (depending on machine speed and clock tick intervals), but + * sampling over a large number of connections should result in + * fairly accurate figures. We cannot guarantee a lot, however + * -- if each connection lasts for exactly one clock tick, it + * will be counted only for the client or only for the server or + * even not at all. + */ + *c_time += (clock() - c_clock); + } + + { + /* SERVER */ + + char sbuf[1024 * 8]; + int i, r; + clock_t s_clock = clock(); + + memset(sbuf, 0, sizeof(sbuf)); + + if (debug) + if (SSL_in_init(s_ssl)) + printf("server waiting in SSL_accept - %s\n", + SSL_state_string_long(s_ssl)); + + if (sw_num > 0) { + /* Write to client. */ + + if (sw_num > (long)sizeof(sbuf)) + i = sizeof(sbuf); + else + i = (int)sw_num; + r = BIO_write(s_ssl_bio, sbuf, i); + if (r < 0) { + if (!BIO_should_retry(s_ssl_bio)) { + fprintf(stderr, "ERROR in SERVER\n"); + err_in_server = 1; + goto err; + } + /* Ignore "BIO_should_retry". */ + } else if (r == 0) { + fprintf(stderr, "SSL SERVER STARTUP FAILED\n"); + goto err; + } else { + if (debug) + printf("server wrote %d\n", r); + sw_num -= r; + } + } + + if (sr_num > 0) { + /* Read from client. */ + + r = BIO_read(s_ssl_bio, sbuf, sizeof(sbuf)); + if (r < 0) { + if (!BIO_should_retry(s_ssl_bio)) { + fprintf(stderr, "ERROR in SERVER\n"); + err_in_server = 1; + goto err; + } + /* blah, blah */ + } else if (r == 0) { + fprintf(stderr, "SSL SERVER STARTUP FAILED\n"); + goto err; + } else { + if (debug) + printf("server read %d\n", r); + sr_num -= r; + } + } + + *s_time += (clock() - s_clock); + } + + { + /* "I/O" BETWEEN CLIENT AND SERVER. */ + + size_t r1, r2; + BIO *io1 = server_io, *io2 = client_io; + /* + * we use the non-copying interface for io1 and the standard + * BIO_write/BIO_read interface for io2 + */ + + static int prev_progress = 1; + int progress = 0; + + /* io1 to io2 */ + do { + size_t num; + int r; + + r1 = BIO_ctrl_pending(io1); + r2 = BIO_ctrl_get_write_guarantee(io2); + + num = r1; + if (r2 < num) + num = r2; + if (num) { + char *dataptr; + + if (INT_MAX < num) /* yeah, right */ + num = INT_MAX; + + r = BIO_nread(io1, &dataptr, (int)num); + assert(r > 0); + assert(r <= (int)num); + /* + * possibly r < num (non-contiguous data) + */ + num = r; + r = BIO_write(io2, dataptr, (int)num); + if (r != (int)num) { /* can't happen */ + fprintf(stderr, "ERROR: BIO_write could not write " + "BIO_ctrl_get_write_guarantee() bytes"); + goto err; + } + progress = 1; + + if (debug) + printf((io1 == client_io) ? + "C->S relaying: %d bytes\n" : + "S->C relaying: %d bytes\n", (int)num); + } + } + while (r1 && r2); + + /* io2 to io1 */ + { + size_t num; + int r; + + r1 = BIO_ctrl_pending(io2); + r2 = BIO_ctrl_get_read_request(io1); + /* + * here we could use ..._get_write_guarantee instead of + * ..._get_read_request, but by using the latter we test + * restartability of the SSL implementation more thoroughly + */ + num = r1; + if (r2 < num) + num = r2; + if (num) { + char *dataptr; + + if (INT_MAX < num) + num = INT_MAX; + + if (num > 1) + --num; /* test restartability even more thoroughly */ + + r = BIO_nwrite0(io1, &dataptr); + assert(r > 0); + if (r < (int)num) + num = r; + r = BIO_read(io2, dataptr, (int)num); + if (r != (int)num) { /* can't happen */ + fprintf(stderr, "ERROR: BIO_read could not read " + "BIO_ctrl_pending() bytes"); + goto err; + } + progress = 1; + r = BIO_nwrite(io1, &dataptr, (int)num); + if (r != (int)num) { /* can't happen */ + fprintf(stderr, "ERROR: BIO_nwrite() did not accept " + "BIO_nwrite0() bytes"); + goto err; + } + + if (debug) + printf((io2 == client_io) ? + "C->S relaying: %d bytes\n" : + "S->C relaying: %d bytes\n", (int)num); + } + } /* no loop, BIO_ctrl_get_read_request now + * returns 0 anyway */ + + if (!progress && !prev_progress) + if (cw_num > 0 || cr_num > 0 || sw_num > 0 || sr_num > 0) { + fprintf(stderr, "ERROR: got stuck\n"); + fprintf(stderr, " ERROR.\n"); + goto err; + } + prev_progress = progress; + } + } + while (cw_num > 0 || cr_num > 0 || sw_num > 0 || sr_num > 0); + + if (verbose) + print_details(c_ssl, "DONE via BIO pair: "); +#ifndef OPENSSL_NO_NEXTPROTONEG + if (verify_npn(c_ssl, s_ssl) < 0) { + ret = 1; + goto end; + } +#endif + if (verify_serverinfo() < 0) { + fprintf(stderr, "Server info verify error\n"); + ret = 1; + goto err; + } + if (verify_alpn(c_ssl, s_ssl) < 0) { + ret = 1; + goto err; + } + if (verify_servername(c_ssl, s_ssl) < 0) { + ret = 1; + goto err; + } + + if (custom_ext_error) { + fprintf(stderr, "Custom extension error\n"); + ret = 1; + goto err; + } + +#ifndef OPENSSL_NO_NEXTPROTONEG + end: +#endif + ret = 0; + + err: + ERR_print_errors(bio_err); + + BIO_free(server); + BIO_free(server_io); + BIO_free(client); + BIO_free(client_io); + BIO_free(s_ssl_bio); + BIO_free(c_ssl_bio); + + if (should_negotiate != NULL && strcmp(should_negotiate, "fail-client") == 0) + ret = (err_in_client != 0) ? 0 : 1; + else if (should_negotiate != NULL && strcmp(should_negotiate, "fail-server") == 0) + ret = (err_in_server != 0) ? 0 : 1; + + return ret; +} + +#define W_READ 1 +#define W_WRITE 2 +#define C_DONE 1 +#define S_DONE 2 + +int doit(SSL *s_ssl, SSL *c_ssl, long count) +{ + char *cbuf = NULL, *sbuf = NULL; + long bufsiz; + long cw_num = count, cr_num = count; + long sw_num = count, sr_num = count; + int ret = 1; + BIO *c_to_s = NULL; + BIO *s_to_c = NULL; + BIO *c_bio = NULL; + BIO *s_bio = NULL; + int c_r, c_w, s_r, s_w; + int i, j; + int done = 0; + int c_write, s_write; + int do_server = 0, do_client = 0; + int max_frag = 5 * 1024; + int err_in_client = 0; + int err_in_server = 0; + + bufsiz = count > 40 * 1024 ? 40 * 1024 : count; + + if ((cbuf = OPENSSL_zalloc(bufsiz)) == NULL) + goto err; + if ((sbuf = OPENSSL_zalloc(bufsiz)) == NULL) + goto err; + + c_to_s = BIO_new(BIO_s_mem()); + s_to_c = BIO_new(BIO_s_mem()); + if ((s_to_c == NULL) || (c_to_s == NULL)) { + ERR_print_errors(bio_err); + goto err; + } + + c_bio = BIO_new(BIO_f_ssl()); + s_bio = BIO_new(BIO_f_ssl()); + if ((c_bio == NULL) || (s_bio == NULL)) { + ERR_print_errors(bio_err); + goto err; + } + + SSL_set_connect_state(c_ssl); + SSL_set_bio(c_ssl, s_to_c, c_to_s); + SSL_set_max_send_fragment(c_ssl, max_frag); + BIO_set_ssl(c_bio, c_ssl, BIO_NOCLOSE); + + /* + * We've just given our ref to these BIOs to c_ssl. We need another one to + * give to s_ssl + */ + if (!BIO_up_ref(c_to_s)) { + /* c_to_s and s_to_c will get freed when we free c_ssl */ + c_to_s = NULL; + s_to_c = NULL; + goto err; + } + if (!BIO_up_ref(s_to_c)) { + /* s_to_c will get freed when we free c_ssl */ + s_to_c = NULL; + goto err; + } + + SSL_set_accept_state(s_ssl); + SSL_set_bio(s_ssl, c_to_s, s_to_c); + + /* We've used up all our refs to these now */ + c_to_s = NULL; + s_to_c = NULL; + + SSL_set_max_send_fragment(s_ssl, max_frag); + BIO_set_ssl(s_bio, s_ssl, BIO_NOCLOSE); + + c_r = 0; + s_r = 1; + c_w = 1; + s_w = 0; + c_write = 1, s_write = 0; + + /* We can always do writes */ + for (;;) { + do_server = 0; + do_client = 0; + + i = (int)BIO_pending(s_bio); + if ((i && s_r) || s_w) + do_server = 1; + + i = (int)BIO_pending(c_bio); + if ((i && c_r) || c_w) + do_client = 1; + + if (do_server && debug) { + if (SSL_in_init(s_ssl)) + printf("server waiting in SSL_accept - %s\n", + SSL_state_string_long(s_ssl)); +/*- + else if (s_write) + printf("server:SSL_write()\n"); + else + printf("server:SSL_read()\n"); */ + } + + if (do_client && debug) { + if (SSL_in_init(c_ssl)) + printf("client waiting in SSL_connect - %s\n", + SSL_state_string_long(c_ssl)); +/*- + else if (c_write) + printf("client:SSL_write()\n"); + else + printf("client:SSL_read()\n"); */ + } + + if (!do_client && !do_server) { + fprintf(stdout, "ERROR IN STARTUP\n"); + ERR_print_errors(bio_err); + goto err; + } + if (do_client && !(done & C_DONE)) { + if (c_write) { + j = (cw_num > bufsiz) ? (int)bufsiz : (int)cw_num; + i = BIO_write(c_bio, cbuf, j); + if (i < 0) { + c_r = 0; + c_w = 0; + if (BIO_should_retry(c_bio)) { + if (BIO_should_read(c_bio)) + c_r = 1; + if (BIO_should_write(c_bio)) + c_w = 1; + } else { + fprintf(stderr, "ERROR in CLIENT\n"); + err_in_client = 1; + ERR_print_errors(bio_err); + goto err; + } + } else if (i == 0) { + fprintf(stderr, "SSL CLIENT STARTUP FAILED\n"); + goto err; + } else { + if (debug) + printf("client wrote %d\n", i); + /* ok */ + s_r = 1; + c_write = 0; + cw_num -= i; + if (max_frag > 1029) + SSL_set_max_send_fragment(c_ssl, max_frag -= 5); + } + } else { + i = BIO_read(c_bio, cbuf, bufsiz); + if (i < 0) { + c_r = 0; + c_w = 0; + if (BIO_should_retry(c_bio)) { + if (BIO_should_read(c_bio)) + c_r = 1; + if (BIO_should_write(c_bio)) + c_w = 1; + } else { + fprintf(stderr, "ERROR in CLIENT\n"); + err_in_client = 1; + ERR_print_errors(bio_err); + goto err; + } + } else if (i == 0) { + fprintf(stderr, "SSL CLIENT STARTUP FAILED\n"); + goto err; + } else { + if (debug) + printf("client read %d\n", i); + cr_num -= i; + if (sw_num > 0) { + s_write = 1; + s_w = 1; + } + if (cr_num <= 0) { + s_write = 1; + s_w = 1; + done = S_DONE | C_DONE; + } + } + } + } + + if (do_server && !(done & S_DONE)) { + if (!s_write) { + i = BIO_read(s_bio, sbuf, bufsiz); + if (i < 0) { + s_r = 0; + s_w = 0; + if (BIO_should_retry(s_bio)) { + if (BIO_should_read(s_bio)) + s_r = 1; + if (BIO_should_write(s_bio)) + s_w = 1; + } else { + fprintf(stderr, "ERROR in SERVER\n"); + err_in_server = 1; + ERR_print_errors(bio_err); + goto err; + } + } else if (i == 0) { + ERR_print_errors(bio_err); + fprintf(stderr, + "SSL SERVER STARTUP FAILED in SSL_read\n"); + goto err; + } else { + if (debug) + printf("server read %d\n", i); + sr_num -= i; + if (cw_num > 0) { + c_write = 1; + c_w = 1; + } + if (sr_num <= 0) { + s_write = 1; + s_w = 1; + c_write = 0; + } + } + } else { + j = (sw_num > bufsiz) ? (int)bufsiz : (int)sw_num; + i = BIO_write(s_bio, sbuf, j); + if (i < 0) { + s_r = 0; + s_w = 0; + if (BIO_should_retry(s_bio)) { + if (BIO_should_read(s_bio)) + s_r = 1; + if (BIO_should_write(s_bio)) + s_w = 1; + } else { + fprintf(stderr, "ERROR in SERVER\n"); + err_in_server = 1; + ERR_print_errors(bio_err); + goto err; + } + } else if (i == 0) { + ERR_print_errors(bio_err); + fprintf(stderr, + "SSL SERVER STARTUP FAILED in SSL_write\n"); + goto err; + } else { + if (debug) + printf("server wrote %d\n", i); + sw_num -= i; + s_write = 0; + c_r = 1; + if (sw_num <= 0) + done |= S_DONE; + if (max_frag > 1029) + SSL_set_max_send_fragment(s_ssl, max_frag -= 5); + } + } + } + + if ((done & S_DONE) && (done & C_DONE)) + break; + } + + if (verbose) + print_details(c_ssl, "DONE: "); +#ifndef OPENSSL_NO_NEXTPROTONEG + if (verify_npn(c_ssl, s_ssl) < 0) { + ret = 1; + goto err; + } +#endif + if (verify_serverinfo() < 0) { + fprintf(stderr, "Server info verify error\n"); + ret = 1; + goto err; + } + if (custom_ext_error) { + fprintf(stderr, "Custom extension error\n"); + ret = 1; + goto err; + } + ret = 0; + err: + BIO_free(c_to_s); + BIO_free(s_to_c); + BIO_free_all(c_bio); + BIO_free_all(s_bio); + OPENSSL_free(cbuf); + OPENSSL_free(sbuf); + + if (should_negotiate != NULL && strcmp(should_negotiate, "fail-client") == 0) + ret = (err_in_client != 0) ? 0 : 1; + else if (should_negotiate != NULL && strcmp(should_negotiate, "fail-server") == 0) + ret = (err_in_server != 0) ? 0 : 1; + + return (ret); +} + +static int verify_callback(int ok, X509_STORE_CTX *ctx) +{ + char *s, buf[256]; + + s = X509_NAME_oneline(X509_get_subject_name(X509_STORE_CTX_get_current_cert(ctx)), + buf, sizeof(buf)); + if (s != NULL) { + if (ok) + printf("depth=%d %s\n", X509_STORE_CTX_get_error_depth(ctx), buf); + else { + fprintf(stderr, "depth=%d error=%d %s\n", + X509_STORE_CTX_get_error_depth(ctx), + X509_STORE_CTX_get_error(ctx), buf); + } + } + + if (ok == 0) { + int i = X509_STORE_CTX_get_error(ctx); + + switch (i) { + default: + fprintf(stderr, "Error string: %s\n", + X509_verify_cert_error_string(i)); + break; + case X509_V_ERR_CERT_NOT_YET_VALID: + case X509_V_ERR_CERT_HAS_EXPIRED: + case X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT: + ok = 1; + break; + } + } + + return (ok); +} + +static int app_verify_callback(X509_STORE_CTX *ctx, void *arg) +{ + int ok = 1; + struct app_verify_arg *cb_arg = arg; + + if (cb_arg->app_verify) { + char *s = NULL, buf[256]; + X509 *c = X509_STORE_CTX_get0_cert(ctx); + + printf("In app_verify_callback, allowing cert. "); + printf("Arg is: %s\n", cb_arg->string); + printf("Finished printing do we have a context? 0x%p a cert? 0x%p\n", + (void *)ctx, (void *)c); + if (c) + s = X509_NAME_oneline(X509_get_subject_name(c), buf, 256); + if (s != NULL) { + printf("cert depth=%d %s\n", + X509_STORE_CTX_get_error_depth(ctx), buf); + } + return (1); + } + + ok = X509_verify_cert(ctx); + + return (ok); +} + +#ifndef OPENSSL_NO_DH +/*- + * These DH parameters have been generated as follows: + * $ openssl dhparam -C -noout 512 + * $ openssl dhparam -C -noout 1024 + * $ openssl dhparam -C -noout -dsaparam 1024 + * (The third function has been renamed to avoid name conflicts.) + */ +static DH *get_dh512() +{ + static unsigned char dh512_p[] = { + 0xCB, 0xC8, 0xE1, 0x86, 0xD0, 0x1F, 0x94, 0x17, 0xA6, 0x99, 0xF0, + 0xC6, + 0x1F, 0x0D, 0xAC, 0xB6, 0x25, 0x3E, 0x06, 0x39, 0xCA, 0x72, 0x04, + 0xB0, + 0x6E, 0xDA, 0xC0, 0x61, 0xE6, 0x7A, 0x77, 0x25, 0xE8, 0x3B, 0xB9, + 0x5F, + 0x9A, 0xB6, 0xB5, 0xFE, 0x99, 0x0B, 0xA1, 0x93, 0x4E, 0x35, 0x33, + 0xB8, + 0xE1, 0xF1, 0x13, 0x4F, 0x59, 0x1A, 0xD2, 0x57, 0xC0, 0x26, 0x21, + 0x33, + 0x02, 0xC5, 0xAE, 0x23, + }; + static unsigned char dh512_g[] = { + 0x02, + }; + DH *dh; + BIGNUM *p, *g; + + if ((dh = DH_new()) == NULL) + return (NULL); + p = BN_bin2bn(dh512_p, sizeof(dh512_p), NULL); + g = BN_bin2bn(dh512_g, sizeof(dh512_g), NULL); + if ((p == NULL) || (g == NULL) || !DH_set0_pqg(dh, p, NULL, g)) { + DH_free(dh); + BN_free(p); + BN_free(g); + return (NULL); + } + return (dh); +} + +static DH *get_dh1024() +{ + static unsigned char dh1024_p[] = { + 0xF8, 0x81, 0x89, 0x7D, 0x14, 0x24, 0xC5, 0xD1, 0xE6, 0xF7, 0xBF, + 0x3A, + 0xE4, 0x90, 0xF4, 0xFC, 0x73, 0xFB, 0x34, 0xB5, 0xFA, 0x4C, 0x56, + 0xA2, + 0xEA, 0xA7, 0xE9, 0xC0, 0xC0, 0xCE, 0x89, 0xE1, 0xFA, 0x63, 0x3F, + 0xB0, + 0x6B, 0x32, 0x66, 0xF1, 0xD1, 0x7B, 0xB0, 0x00, 0x8F, 0xCA, 0x87, + 0xC2, + 0xAE, 0x98, 0x89, 0x26, 0x17, 0xC2, 0x05, 0xD2, 0xEC, 0x08, 0xD0, + 0x8C, + 0xFF, 0x17, 0x52, 0x8C, 0xC5, 0x07, 0x93, 0x03, 0xB1, 0xF6, 0x2F, + 0xB8, + 0x1C, 0x52, 0x47, 0x27, 0x1B, 0xDB, 0xD1, 0x8D, 0x9D, 0x69, 0x1D, + 0x52, + 0x4B, 0x32, 0x81, 0xAA, 0x7F, 0x00, 0xC8, 0xDC, 0xE6, 0xD9, 0xCC, + 0xC1, + 0x11, 0x2D, 0x37, 0x34, 0x6C, 0xEA, 0x02, 0x97, 0x4B, 0x0E, 0xBB, + 0xB1, + 0x71, 0x33, 0x09, 0x15, 0xFD, 0xDD, 0x23, 0x87, 0x07, 0x5E, 0x89, + 0xAB, + 0x6B, 0x7C, 0x5F, 0xEC, 0xA6, 0x24, 0xDC, 0x53, + }; + static unsigned char dh1024_g[] = { + 0x02, + }; + DH *dh; + BIGNUM *p, *g; + + if ((dh = DH_new()) == NULL) + return (NULL); + p = BN_bin2bn(dh1024_p, sizeof(dh1024_p), NULL); + g = BN_bin2bn(dh1024_g, sizeof(dh1024_g), NULL); + if ((p == NULL) || (g == NULL) || !DH_set0_pqg(dh, p, NULL, g)) { + DH_free(dh); + BN_free(p); + BN_free(g); + return (NULL); + } + return (dh); +} + +static DH *get_dh1024dsa() +{ + static unsigned char dh1024_p[] = { + 0xC8, 0x00, 0xF7, 0x08, 0x07, 0x89, 0x4D, 0x90, 0x53, 0xF3, 0xD5, + 0x00, + 0x21, 0x1B, 0xF7, 0x31, 0xA6, 0xA2, 0xDA, 0x23, 0x9A, 0xC7, 0x87, + 0x19, + 0x3B, 0x47, 0xB6, 0x8C, 0x04, 0x6F, 0xFF, 0xC6, 0x9B, 0xB8, 0x65, + 0xD2, + 0xC2, 0x5F, 0x31, 0x83, 0x4A, 0xA7, 0x5F, 0x2F, 0x88, 0x38, 0xB6, + 0x55, + 0xCF, 0xD9, 0x87, 0x6D, 0x6F, 0x9F, 0xDA, 0xAC, 0xA6, 0x48, 0xAF, + 0xFC, + 0x33, 0x84, 0x37, 0x5B, 0x82, 0x4A, 0x31, 0x5D, 0xE7, 0xBD, 0x52, + 0x97, + 0xA1, 0x77, 0xBF, 0x10, 0x9E, 0x37, 0xEA, 0x64, 0xFA, 0xCA, 0x28, + 0x8D, + 0x9D, 0x3B, 0xD2, 0x6E, 0x09, 0x5C, 0x68, 0xC7, 0x45, 0x90, 0xFD, + 0xBB, + 0x70, 0xC9, 0x3A, 0xBB, 0xDF, 0xD4, 0x21, 0x0F, 0xC4, 0x6A, 0x3C, + 0xF6, + 0x61, 0xCF, 0x3F, 0xD6, 0x13, 0xF1, 0x5F, 0xBC, 0xCF, 0xBC, 0x26, + 0x9E, + 0xBC, 0x0B, 0xBD, 0xAB, 0x5D, 0xC9, 0x54, 0x39, + }; + static unsigned char dh1024_g[] = { + 0x3B, 0x40, 0x86, 0xE7, 0xF3, 0x6C, 0xDE, 0x67, 0x1C, 0xCC, 0x80, + 0x05, + 0x5A, 0xDF, 0xFE, 0xBD, 0x20, 0x27, 0x74, 0x6C, 0x24, 0xC9, 0x03, + 0xF3, + 0xE1, 0x8D, 0xC3, 0x7D, 0x98, 0x27, 0x40, 0x08, 0xB8, 0x8C, 0x6A, + 0xE9, + 0xBB, 0x1A, 0x3A, 0xD6, 0x86, 0x83, 0x5E, 0x72, 0x41, 0xCE, 0x85, + 0x3C, + 0xD2, 0xB3, 0xFC, 0x13, 0xCE, 0x37, 0x81, 0x9E, 0x4C, 0x1C, 0x7B, + 0x65, + 0xD3, 0xE6, 0xA6, 0x00, 0xF5, 0x5A, 0x95, 0x43, 0x5E, 0x81, 0xCF, + 0x60, + 0xA2, 0x23, 0xFC, 0x36, 0xA7, 0x5D, 0x7A, 0x4C, 0x06, 0x91, 0x6E, + 0xF6, + 0x57, 0xEE, 0x36, 0xCB, 0x06, 0xEA, 0xF5, 0x3D, 0x95, 0x49, 0xCB, + 0xA7, + 0xDD, 0x81, 0xDF, 0x80, 0x09, 0x4A, 0x97, 0x4D, 0xA8, 0x22, 0x72, + 0xA1, + 0x7F, 0xC4, 0x70, 0x56, 0x70, 0xE8, 0x20, 0x10, 0x18, 0x8F, 0x2E, + 0x60, + 0x07, 0xE7, 0x68, 0x1A, 0x82, 0x5D, 0x32, 0xA2, + }; + DH *dh; + BIGNUM *p, *g; + + if ((dh = DH_new()) == NULL) + return (NULL); + p = BN_bin2bn(dh1024_p, sizeof(dh1024_p), NULL); + g = BN_bin2bn(dh1024_g, sizeof(dh1024_g), NULL); + if ((p == NULL) || (g == NULL) || !DH_set0_pqg(dh, p, NULL, g)) { + DH_free(dh); + BN_free(p); + BN_free(g); + return (NULL); + } + DH_set_length(dh, 160); + return (dh); +} +#endif + +#ifndef OPENSSL_NO_PSK +/* convert the PSK key (psk_key) in ascii to binary (psk) */ +static int psk_key2bn(const char *pskkey, unsigned char *psk, + unsigned int max_psk_len) +{ + int ret; + BIGNUM *bn = NULL; + + ret = BN_hex2bn(&bn, pskkey); + if (!ret) { + BIO_printf(bio_err, "Could not convert PSK key '%s' to BIGNUM\n", + pskkey); + BN_free(bn); + return 0; + } + if (BN_num_bytes(bn) > (int)max_psk_len) { + BIO_printf(bio_err, + "psk buffer of callback is too small (%d) for key (%d)\n", + max_psk_len, BN_num_bytes(bn)); + BN_free(bn); + return 0; + } + ret = BN_bn2bin(bn, psk); + BN_free(bn); + return ret; +} + +static unsigned int psk_client_callback(SSL *ssl, const char *hint, + char *identity, + unsigned int max_identity_len, + unsigned char *psk, + unsigned int max_psk_len) +{ + int ret; + unsigned int psk_len = 0; + + ret = BIO_snprintf(identity, max_identity_len, "Client_identity"); + if (ret < 0) + goto out_err; + if (debug) + fprintf(stderr, "client: created identity '%s' len=%d\n", identity, + ret); + ret = psk_key2bn(psk_key, psk, max_psk_len); + if (ret < 0) + goto out_err; + psk_len = ret; + out_err: + return psk_len; +} + +static unsigned int psk_server_callback(SSL *ssl, const char *identity, + unsigned char *psk, + unsigned int max_psk_len) +{ + unsigned int psk_len = 0; + + if (strcmp(identity, "Client_identity") != 0) { + BIO_printf(bio_err, "server: PSK error: client identity not found\n"); + return 0; + } + psk_len = psk_key2bn(psk_key, psk, max_psk_len); + return psk_len; +} +#endif diff --git a/openssl-1.1.0h/test/ssltestlib.c b/openssl-1.1.0h/test/ssltestlib.c new file mode 100644 index 0000000..b824f15 --- /dev/null +++ b/openssl-1.1.0h/test/ssltestlib.c @@ -0,0 +1,710 @@ +/* + * Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#include + +#include "e_os.h" +#include "ssltestlib.h" + +static int tls_dump_new(BIO *bi); +static int tls_dump_free(BIO *a); +static int tls_dump_read(BIO *b, char *out, int outl); +static int tls_dump_write(BIO *b, const char *in, int inl); +static long tls_dump_ctrl(BIO *b, int cmd, long num, void *ptr); +static int tls_dump_gets(BIO *bp, char *buf, int size); +static int tls_dump_puts(BIO *bp, const char *str); + +/* Choose a sufficiently large type likely to be unused for this custom BIO */ +# define BIO_TYPE_TLS_DUMP_FILTER (0x80 | BIO_TYPE_FILTER) + +# define BIO_TYPE_MEMPACKET_TEST 0x81 + +static BIO_METHOD *method_tls_dump = NULL; +static BIO_METHOD *method_mempacket_test = NULL; + +/* Note: Not thread safe! */ +const BIO_METHOD *bio_f_tls_dump_filter(void) +{ + if (method_tls_dump == NULL) { + method_tls_dump = BIO_meth_new(BIO_TYPE_TLS_DUMP_FILTER, + "TLS dump filter"); + if ( method_tls_dump == NULL + || !BIO_meth_set_write(method_tls_dump, tls_dump_write) + || !BIO_meth_set_read(method_tls_dump, tls_dump_read) + || !BIO_meth_set_puts(method_tls_dump, tls_dump_puts) + || !BIO_meth_set_gets(method_tls_dump, tls_dump_gets) + || !BIO_meth_set_ctrl(method_tls_dump, tls_dump_ctrl) + || !BIO_meth_set_create(method_tls_dump, tls_dump_new) + || !BIO_meth_set_destroy(method_tls_dump, tls_dump_free)) + return NULL; + } + return method_tls_dump; +} + +void bio_f_tls_dump_filter_free(void) +{ + BIO_meth_free(method_tls_dump); +} + +static int tls_dump_new(BIO *bio) +{ + BIO_set_init(bio, 1); + return 1; +} + +static int tls_dump_free(BIO *bio) +{ + BIO_set_init(bio, 0); + + return 1; +} + +static void copy_flags(BIO *bio) +{ + int flags; + BIO *next = BIO_next(bio); + + flags = BIO_test_flags(next, BIO_FLAGS_SHOULD_RETRY | BIO_FLAGS_RWS); + BIO_clear_flags(bio, BIO_FLAGS_SHOULD_RETRY | BIO_FLAGS_RWS); + BIO_set_flags(bio, flags); +} + +#define RECORD_CONTENT_TYPE 0 +#define RECORD_VERSION_HI 1 +#define RECORD_VERSION_LO 2 +#define RECORD_EPOCH_HI 3 +#define RECORD_EPOCH_LO 4 +#define RECORD_SEQUENCE_START 5 +#define RECORD_SEQUENCE_END 10 +#define RECORD_LEN_HI 11 +#define RECORD_LEN_LO 12 + +#define MSG_TYPE 0 +#define MSG_LEN_HI 1 +#define MSG_LEN_MID 2 +#define MSG_LEN_LO 3 +#define MSG_SEQ_HI 4 +#define MSG_SEQ_LO 5 +#define MSG_FRAG_OFF_HI 6 +#define MSG_FRAG_OFF_MID 7 +#define MSG_FRAG_OFF_LO 8 +#define MSG_FRAG_LEN_HI 9 +#define MSG_FRAG_LEN_MID 10 +#define MSG_FRAG_LEN_LO 11 + + +static void dump_data(const char *data, int len) +{ + int rem, i, content, reclen, msglen, fragoff, fraglen, epoch; + unsigned char *rec; + + printf("---- START OF PACKET ----\n"); + + rem = len; + rec = (unsigned char *)data; + + while (rem > 0) { + if (rem != len) + printf("*\n"); + printf("*---- START OF RECORD ----\n"); + if (rem < DTLS1_RT_HEADER_LENGTH) { + printf("*---- RECORD TRUNCATED ----\n"); + break; + } + content = rec[RECORD_CONTENT_TYPE]; + printf("** Record Content-type: %d\n", content); + printf("** Record Version: %02x%02x\n", + rec[RECORD_VERSION_HI], rec[RECORD_VERSION_LO]); + epoch = (rec[RECORD_EPOCH_HI] << 8) | rec[RECORD_EPOCH_LO]; + printf("** Record Epoch: %d\n", epoch); + printf("** Record Sequence: "); + for (i = RECORD_SEQUENCE_START; i <= RECORD_SEQUENCE_END; i++) + printf("%02x", rec[i]); + reclen = (rec[RECORD_LEN_HI] << 8) | rec[RECORD_LEN_LO]; + printf("\n** Record Length: %d\n", reclen); + + /* Now look at message */ + rec += DTLS1_RT_HEADER_LENGTH; + rem -= DTLS1_RT_HEADER_LENGTH; + if (content == SSL3_RT_HANDSHAKE) { + printf("**---- START OF HANDSHAKE MESSAGE FRAGMENT ----\n"); + if (epoch > 0) { + printf("**---- HANDSHAKE MESSAGE FRAGMENT ENCRYPTED ----\n"); + } else if (rem < DTLS1_HM_HEADER_LENGTH + || reclen < DTLS1_HM_HEADER_LENGTH) { + printf("**---- HANDSHAKE MESSAGE FRAGMENT TRUNCATED ----\n"); + } else { + printf("*** Message Type: %d\n", rec[MSG_TYPE]); + msglen = (rec[MSG_LEN_HI] << 16) | (rec[MSG_LEN_MID] << 8) + | rec[MSG_LEN_LO]; + printf("*** Message Length: %d\n", msglen); + printf("*** Message sequence: %d\n", + (rec[MSG_SEQ_HI] << 8) | rec[MSG_SEQ_LO]); + fragoff = (rec[MSG_FRAG_OFF_HI] << 16) + | (rec[MSG_FRAG_OFF_MID] << 8) + | rec[MSG_FRAG_OFF_LO]; + printf("*** Message Fragment offset: %d\n", fragoff); + fraglen = (rec[MSG_FRAG_LEN_HI] << 16) + | (rec[MSG_FRAG_LEN_MID] << 8) + | rec[MSG_FRAG_LEN_LO]; + printf("*** Message Fragment len: %d\n", fraglen); + if (fragoff + fraglen > msglen) + printf("***---- HANDSHAKE MESSAGE FRAGMENT INVALID ----\n"); + else if(reclen < fraglen) + printf("**---- HANDSHAKE MESSAGE FRAGMENT TRUNCATED ----\n"); + else + printf("**---- END OF HANDSHAKE MESSAGE FRAGMENT ----\n"); + } + } + if (rem < reclen) { + printf("*---- RECORD TRUNCATED ----\n"); + rem = 0; + } else { + rec += reclen; + rem -= reclen; + printf("*---- END OF RECORD ----\n"); + } + } + printf("---- END OF PACKET ----\n\n"); + fflush(stdout); +} + +static int tls_dump_read(BIO *bio, char *out, int outl) +{ + int ret; + BIO *next = BIO_next(bio); + + ret = BIO_read(next, out, outl); + copy_flags(bio); + + if (ret > 0) { + dump_data(out, ret); + } + + return ret; +} + +static int tls_dump_write(BIO *bio, const char *in, int inl) +{ + int ret; + BIO *next = BIO_next(bio); + + ret = BIO_write(next, in, inl); + copy_flags(bio); + + return ret; +} + +static long tls_dump_ctrl(BIO *bio, int cmd, long num, void *ptr) +{ + long ret; + BIO *next = BIO_next(bio); + + if (next == NULL) + return 0; + + switch (cmd) { + case BIO_CTRL_DUP: + ret = 0L; + break; + default: + ret = BIO_ctrl(next, cmd, num, ptr); + break; + } + return ret; +} + +static int tls_dump_gets(BIO *bio, char *buf, int size) +{ + /* We don't support this - not needed anyway */ + return -1; +} + +static int tls_dump_puts(BIO *bio, const char *str) +{ + return tls_dump_write(bio, str, strlen(str)); +} + + +struct mempacket_st { + unsigned char *data; + int len; + unsigned int num; + unsigned int type; +}; + +static void mempacket_free(MEMPACKET *pkt) +{ + if (pkt->data != NULL) + OPENSSL_free(pkt->data); + OPENSSL_free(pkt); +} + +typedef struct mempacket_test_ctx_st { + STACK_OF(MEMPACKET) *pkts; + unsigned int epoch; + unsigned int currrec; + unsigned int currpkt; + unsigned int lastpkt; + unsigned int noinject; +} MEMPACKET_TEST_CTX; + +static int mempacket_test_new(BIO *bi); +static int mempacket_test_free(BIO *a); +static int mempacket_test_read(BIO *b, char *out, int outl); +static int mempacket_test_write(BIO *b, const char *in, int inl); +static long mempacket_test_ctrl(BIO *b, int cmd, long num, void *ptr); +static int mempacket_test_gets(BIO *bp, char *buf, int size); +static int mempacket_test_puts(BIO *bp, const char *str); + +const BIO_METHOD *bio_s_mempacket_test(void) +{ + if (method_mempacket_test == NULL) { + method_mempacket_test = BIO_meth_new(BIO_TYPE_MEMPACKET_TEST, + "Mem Packet Test"); + if ( method_mempacket_test == NULL + || !BIO_meth_set_write(method_mempacket_test, mempacket_test_write) + || !BIO_meth_set_read(method_mempacket_test, mempacket_test_read) + || !BIO_meth_set_puts(method_mempacket_test, mempacket_test_puts) + || !BIO_meth_set_gets(method_mempacket_test, mempacket_test_gets) + || !BIO_meth_set_ctrl(method_mempacket_test, mempacket_test_ctrl) + || !BIO_meth_set_create(method_mempacket_test, mempacket_test_new) + || !BIO_meth_set_destroy(method_mempacket_test, mempacket_test_free)) + return NULL; + } + return method_mempacket_test; +} + +void bio_s_mempacket_test_free(void) +{ + BIO_meth_free(method_mempacket_test); +} + +static int mempacket_test_new(BIO *bio) +{ + MEMPACKET_TEST_CTX *ctx = OPENSSL_zalloc(sizeof(*ctx)); + if (ctx == NULL) + return 0; + ctx->pkts = sk_MEMPACKET_new_null(); + if (ctx->pkts == NULL) { + OPENSSL_free(ctx); + return 0; + } + BIO_set_init(bio, 1); + BIO_set_data(bio, ctx); + return 1; +} + +static int mempacket_test_free(BIO *bio) +{ + MEMPACKET_TEST_CTX *ctx = BIO_get_data(bio); + + sk_MEMPACKET_pop_free(ctx->pkts, mempacket_free); + OPENSSL_free(ctx); + BIO_set_data(bio, NULL); + BIO_set_init(bio, 0); + + return 1; +} + +/* Record Header values */ +#define EPOCH_HI 4 +#define EPOCH_LO 5 +#define RECORD_SEQUENCE 10 +#define RECORD_LEN_HI 11 +#define RECORD_LEN_LO 12 + +#define STANDARD_PACKET 0 + +static int mempacket_test_read(BIO *bio, char *out, int outl) +{ + MEMPACKET_TEST_CTX *ctx = BIO_get_data(bio); + MEMPACKET *thispkt; + unsigned char *rec; + int rem; + unsigned int seq, offset, len, epoch; + + BIO_clear_retry_flags(bio); + + thispkt = sk_MEMPACKET_value(ctx->pkts, 0); + if (thispkt == NULL || thispkt->num != ctx->currpkt) { + /* Probably run out of data */ + BIO_set_retry_read(bio); + return -1; + } + (void)sk_MEMPACKET_shift(ctx->pkts); + ctx->currpkt++; + + if (outl > thispkt->len) + outl = thispkt->len; + + if (thispkt->type != INJECT_PACKET_IGNORE_REC_SEQ) { + /* + * Overwrite the record sequence number. We strictly number them in + * the order received. Since we are actually a reliable transport + * we know that there won't be any re-ordering. We overwrite to deal + * with any packets that have been injected + */ + rem = thispkt->len; + rec = thispkt->data; + while (rem > 0) { + if (rem < DTLS1_RT_HEADER_LENGTH) { + return -1; + } + epoch = (rec[EPOCH_HI] << 8) | rec[EPOCH_LO]; + if (epoch != ctx->epoch) { + ctx->epoch = epoch; + ctx->currrec = 0; + } + seq = ctx->currrec; + offset = 0; + do { + rec[RECORD_SEQUENCE - offset] = seq & 0xFF; + seq >>= 8; + offset++; + } while (seq > 0); + ctx->currrec++; + + len = ((rec[RECORD_LEN_HI] << 8) | rec[RECORD_LEN_LO]) + + DTLS1_RT_HEADER_LENGTH; + + rec += len; + rem -= len; + } + } + + memcpy(out, thispkt->data, outl); + + mempacket_free(thispkt); + + return outl; +} + +int mempacket_test_inject(BIO *bio, const char *in, int inl, int pktnum, + int type) +{ + MEMPACKET_TEST_CTX *ctx = BIO_get_data(bio); + MEMPACKET *thispkt, *looppkt, *nextpkt; + int i; + + if (ctx == NULL) + return -1; + + /* We only allow injection before we've started writing any data */ + if (pktnum >= 0) { + if (ctx->noinject) + return -1; + } else { + ctx->noinject = 1; + } + + thispkt = OPENSSL_malloc(sizeof(MEMPACKET)); + if (thispkt == NULL) + return -1; + + thispkt->data = OPENSSL_malloc(inl); + if (thispkt->data == NULL) { + mempacket_free(thispkt); + return -1; + } + + memcpy(thispkt->data, in, inl); + thispkt->len = inl; + thispkt->num = (pktnum >= 0) ? (unsigned int)pktnum : ctx->lastpkt; + thispkt->type = type; + + for(i = 0; (looppkt = sk_MEMPACKET_value(ctx->pkts, i)) != NULL; i++) { + /* Check if we found the right place to insert this packet */ + if (looppkt->num > thispkt->num) { + if (sk_MEMPACKET_insert(ctx->pkts, thispkt, i) == 0) { + mempacket_free(thispkt); + return -1; + } + /* If we're doing up front injection then we're done */ + if (pktnum >= 0) + return inl; + /* + * We need to do some accounting on lastpkt. We increment it first, + * but it might now equal the value of injected packets, so we need + * to skip over those + */ + ctx->lastpkt++; + do { + i++; + nextpkt = sk_MEMPACKET_value(ctx->pkts, i); + if (nextpkt != NULL && nextpkt->num == ctx->lastpkt) + ctx->lastpkt++; + else + return inl; + } while(1); + } else if(looppkt->num == thispkt->num) { + if (!ctx->noinject) { + /* We injected two packets with the same packet number! */ + return -1; + } + ctx->lastpkt++; + thispkt->num++; + } + } + /* + * We didn't find any packets with a packet number equal to or greater than + * this one, so we just add it onto the end + */ + if (!sk_MEMPACKET_push(ctx->pkts, thispkt)) { + mempacket_free(thispkt); + return -1; + } + + if (pktnum < 0) + ctx->lastpkt++; + + return inl; +} + +static int mempacket_test_write(BIO *bio, const char *in, int inl) +{ + return mempacket_test_inject(bio, in, inl, -1, STANDARD_PACKET); +} + +static long mempacket_test_ctrl(BIO *bio, int cmd, long num, void *ptr) +{ + long ret = 1; + MEMPACKET_TEST_CTX *ctx = BIO_get_data(bio); + MEMPACKET *thispkt; + + switch (cmd) { + case BIO_CTRL_EOF: + ret = (long)(sk_MEMPACKET_num(ctx->pkts) == 0); + break; + case BIO_CTRL_GET_CLOSE: + ret = BIO_get_shutdown(bio); + break; + case BIO_CTRL_SET_CLOSE: + BIO_set_shutdown(bio, (int)num); + break; + case BIO_CTRL_WPENDING: + ret = 0L; + break; + case BIO_CTRL_PENDING: + thispkt = sk_MEMPACKET_value(ctx->pkts, 0); + if (thispkt == NULL) + ret = 0; + else + ret = thispkt->len; + break; + case BIO_CTRL_FLUSH: + ret = 1; + break; + case BIO_CTRL_RESET: + case BIO_CTRL_DUP: + case BIO_CTRL_PUSH: + case BIO_CTRL_POP: + default: + ret = 0; + break; + } + return ret; +} + +static int mempacket_test_gets(BIO *bio, char *buf, int size) +{ + /* We don't support this - not needed anyway */ + return -1; +} + +static int mempacket_test_puts(BIO *bio, const char *str) +{ + return mempacket_test_write(bio, str, strlen(str)); +} + +int create_ssl_ctx_pair(const SSL_METHOD *sm, const SSL_METHOD *cm, + int min_proto_version, int max_proto_version, + SSL_CTX **sctx, SSL_CTX **cctx, char *certfile, + char *privkeyfile) +{ + SSL_CTX *serverctx = NULL; + SSL_CTX *clientctx = NULL; + + serverctx = SSL_CTX_new(sm); + if (cctx != NULL) + clientctx = SSL_CTX_new(cm); + if (serverctx == NULL || (cctx != NULL && clientctx == NULL)) { + printf("Failed to create SSL_CTX\n"); + goto err; + } + + if (min_proto_version > 0 + && !SSL_CTX_set_min_proto_version(serverctx, min_proto_version)) { + printf("Unable to set server min protocol versions\n"); + goto err; + } + if (max_proto_version > 0 + && !SSL_CTX_set_max_proto_version(serverctx, max_proto_version)) { + printf("Unable to set server max protocol versions\n"); + goto err; + } + + if (clientctx != NULL) { + if (min_proto_version > 0 + && !SSL_CTX_set_max_proto_version(clientctx, max_proto_version)) { + printf("Unable to set client max protocol versions\n"); + goto err; + } + if (max_proto_version > 0 + && !SSL_CTX_set_min_proto_version(clientctx, min_proto_version)) { + printf("Unable to set client min protocol versions\n"); + goto err; + } + } + + if (SSL_CTX_use_certificate_file(serverctx, certfile, + SSL_FILETYPE_PEM) <= 0) { + printf("Failed to load server certificate\n"); + goto err; + } + if (SSL_CTX_use_PrivateKey_file(serverctx, privkeyfile, + SSL_FILETYPE_PEM) <= 0) { + printf("Failed to load server private key\n"); + } + if (SSL_CTX_check_private_key(serverctx) <= 0) { + printf("Failed to check private key\n"); + goto err; + } + +#ifndef OPENSSL_NO_DH + SSL_CTX_set_dh_auto(serverctx, 1); +#endif + + *sctx = serverctx; + if (cctx != NULL) + *cctx = clientctx; + + return 1; + err: + SSL_CTX_free(serverctx); + SSL_CTX_free(clientctx); + return 0; +} + +#define MAXLOOPS 100000 + +/* + * NOTE: Transfers control of the BIOs - this function will free them on error + */ +int create_ssl_objects(SSL_CTX *serverctx, SSL_CTX *clientctx, SSL **sssl, + SSL **cssl, BIO *s_to_c_fbio, BIO *c_to_s_fbio) +{ + SSL *serverssl, *clientssl; + BIO *s_to_c_bio = NULL, *c_to_s_bio = NULL; + + if (*sssl == NULL) + serverssl = SSL_new(serverctx); + else + serverssl = *sssl; + if (*cssl == NULL) + clientssl = SSL_new(clientctx); + else + clientssl = *cssl; + + if (serverssl == NULL || clientssl == NULL) { + printf("Failed to create SSL object\n"); + goto error; + } + + if (SSL_is_dtls(clientssl)) { + s_to_c_bio = BIO_new(bio_s_mempacket_test()); + c_to_s_bio = BIO_new(bio_s_mempacket_test()); + } else { + s_to_c_bio = BIO_new(BIO_s_mem()); + c_to_s_bio = BIO_new(BIO_s_mem()); + } + if (s_to_c_bio == NULL || c_to_s_bio == NULL) { + printf("Failed to create mem BIOs\n"); + goto error; + } + + if (s_to_c_fbio != NULL) + s_to_c_bio = BIO_push(s_to_c_fbio, s_to_c_bio); + if (c_to_s_fbio != NULL) + c_to_s_bio = BIO_push(c_to_s_fbio, c_to_s_bio); + if (s_to_c_bio == NULL || c_to_s_bio == NULL) { + printf("Failed to create chained BIOs\n"); + goto error; + } + + /* Set Non-blocking IO behaviour */ + BIO_set_mem_eof_return(s_to_c_bio, -1); + BIO_set_mem_eof_return(c_to_s_bio, -1); + + /* Up ref these as we are passing them to two SSL objects */ + BIO_up_ref(s_to_c_bio); + BIO_up_ref(c_to_s_bio); + + SSL_set_bio(serverssl, c_to_s_bio, s_to_c_bio); + SSL_set_bio(clientssl, s_to_c_bio, c_to_s_bio); + + /* BIOs will now be freed when SSL objects are freed */ + s_to_c_bio = c_to_s_bio = NULL; + s_to_c_fbio = c_to_s_fbio = NULL; + + *sssl = serverssl; + *cssl = clientssl; + + return 1; + + error: + SSL_free(serverssl); + SSL_free(clientssl); + BIO_free(s_to_c_bio); + BIO_free(c_to_s_bio); + BIO_free(s_to_c_fbio); + BIO_free(c_to_s_fbio); + + return 0; +} + +int create_ssl_connection(SSL *serverssl, SSL *clientssl) +{ + int retc = -1, rets = -1, err, abortctr = 0; + int clienterr = 0, servererr = 0; + + do { + err = SSL_ERROR_WANT_WRITE; + while (!clienterr && retc <= 0 && err == SSL_ERROR_WANT_WRITE) { + retc = SSL_connect(clientssl); + if (retc <= 0) + err = SSL_get_error(clientssl, retc); + } + + if (!clienterr && retc <= 0 && err != SSL_ERROR_WANT_READ) { + printf("SSL_connect() failed %d, %d\n", retc, err); + clienterr = 1; + } + + err = SSL_ERROR_WANT_WRITE; + while (!servererr && rets <= 0 && err == SSL_ERROR_WANT_WRITE) { + rets = SSL_accept(serverssl); + if (rets <= 0) + err = SSL_get_error(serverssl, rets); + } + + if (!servererr && rets <= 0 && err != SSL_ERROR_WANT_READ) { + printf("SSL_accept() failed %d, %d\n", retc, err); + servererr = 1; + } + if (clienterr && servererr) + return 0; + if (++abortctr == MAXLOOPS) { + printf("No progress made\n"); + return 0; + } + } while (retc <=0 || rets <= 0); + + return 1; +} diff --git a/openssl-1.1.0h/test/ssltestlib.h b/openssl-1.1.0h/test/ssltestlib.h new file mode 100644 index 0000000..5e8ea6e --- /dev/null +++ b/openssl-1.1.0h/test/ssltestlib.h @@ -0,0 +1,41 @@ +/* + * Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef HEADER_SSLTESTLIB_H +# define HEADER_SSLTESTLIB_H + +# include + +int create_ssl_ctx_pair(const SSL_METHOD *sm, const SSL_METHOD *cm, + int min_proto_version, int max_proto_version, + SSL_CTX **sctx, SSL_CTX **cctx, char *certfile, + char *privkeyfile); +int create_ssl_objects(SSL_CTX *serverctx, SSL_CTX *clientctx, SSL **sssl, + SSL **cssl, BIO *s_to_c_fbio, BIO *c_to_s_fbio); +int create_ssl_connection(SSL *serverssl, SSL *clientssl); + +/* Note: Not thread safe! */ +const BIO_METHOD *bio_f_tls_dump_filter(void); +void bio_f_tls_dump_filter_free(void); + +const BIO_METHOD *bio_s_mempacket_test(void); +void bio_s_mempacket_test_free(void); + +/* Packet types - value 0 is reserved */ +#define INJECT_PACKET 1 +#define INJECT_PACKET_IGNORE_REC_SEQ 2 + +int mempacket_test_inject(BIO *bio, const char *in, int inl, int pktnum, + int type); + +typedef struct mempacket_st MEMPACKET; + +DEFINE_STACK_OF(MEMPACKET) + +#endif /* HEADER_SSLTESTLIB_H */ diff --git a/openssl-1.1.0h/test/test.cnf b/openssl-1.1.0h/test/test.cnf new file mode 100644 index 0000000..718b0bf --- /dev/null +++ b/openssl-1.1.0h/test/test.cnf @@ -0,0 +1,88 @@ +# +# SSLeay example configuration file. +# This is mostly being used for generation of certificate requests. +# + +RANDFILE = ./.rnd + +#################################################################### +[ ca ] +default_ca = CA_default # The default ca section + +#################################################################### +[ CA_default ] + +dir = ./demoCA # Where everything is kept +certs = $dir/certs # Where the issued certs are kept +crl_dir = $dir/crl # Where the issued crl are kept +database = $dir/index.txt # database index file. +new_certs_dir = $dir/new_certs # default place for new certs. + +certificate = $dir/CAcert.pem # The CA certificate +serial = $dir/serial # The current serial number +crl = $dir/crl.pem # The current CRL +private_key = $dir/private/CAkey.pem# The private key +RANDFILE = $dir/private/.rand # private random number file + +default_days = 365 # how long to certify for +default_crl_days= 30 # how long before next CRL +default_md = md5 # which md to use. + +# A few difference way of specifying how similar the request should look +# For type CA, the listed attributes must be the same, and the optional +# and supplied fields are just that :-) +policy = policy_match + +# For the CA policy +[ policy_match ] +countryName = match +stateOrProvinceName = match +organizationName = match +organizationalUnitName = optional +commonName = supplied +emailAddress = optional + +# For the 'anything' policy +# At this point in time, you must list all acceptable 'object' +# types. +[ policy_anything ] +countryName = optional +stateOrProvinceName = optional +localityName = optional +organizationName = optional +organizationalUnitName = optional +commonName = supplied +emailAddress = optional + +#################################################################### +[ req ] +default_bits = 2048 +default_keyfile = testkey.pem +distinguished_name = req_distinguished_name +encrypt_rsa_key = no + +[ req_distinguished_name ] +countryName = Country Name (2 letter code) +countryName_default = AU +countryName_value = AU + +stateOrProvinceName = State or Province Name (full name) +stateOrProvinceName_default = Queensland +stateOrProvinceName_value = + +localityName = Locality Name (eg, city) +localityName_value = Brisbane + +organizationName = Organization Name (eg, company) +organizationName_default = +organizationName_value = CryptSoft Pty Ltd + +organizationalUnitName = Organizational Unit Name (eg, section) +organizationalUnitName_default = +organizationalUnitName_value = . + +commonName = Common Name (eg, YOUR name) +commonName_value = Eric Young + +emailAddress = Email Address +emailAddress_value = eay@mincom.oz.au diff --git a/openssl-1.1.0h/test/testcrl.pem b/openssl-1.1.0h/test/testcrl.pem new file mode 100644 index 0000000..0989788 --- /dev/null +++ b/openssl-1.1.0h/test/testcrl.pem @@ -0,0 +1,16 @@ +-----BEGIN X509 CRL----- +MIICjTCCAfowDQYJKoZIhvcNAQECBQAwXzELMAkGA1UEBhMCVVMxIDAeBgNVBAoT +F1JTQSBEYXRhIFNlY3VyaXR5LCBJbmMuMS4wLAYDVQQLEyVTZWN1cmUgU2VydmVy +IENlcnRpZmljYXRpb24gQXV0aG9yaXR5Fw05NTA1MDIwMjEyMjZaFw05NTA2MDEw +MDAxNDlaMIIBaDAWAgUCQQAABBcNOTUwMjAxMTcyNDI2WjAWAgUCQQAACRcNOTUw +MjEwMDIxNjM5WjAWAgUCQQAADxcNOTUwMjI0MDAxMjQ5WjAWAgUCQQAADBcNOTUw +MjI1MDA0NjQ0WjAWAgUCQQAAGxcNOTUwMzEzMTg0MDQ5WjAWAgUCQQAAFhcNOTUw +MzE1MTkxNjU0WjAWAgUCQQAAGhcNOTUwMzE1MTk0MDQxWjAWAgUCQQAAHxcNOTUw +MzI0MTk0NDMzWjAWAgUCcgAABRcNOTUwMzI5MjAwNzExWjAWAgUCcgAAERcNOTUw +MzMwMDIzNDI2WjAWAgUCQQAAIBcNOTUwNDA3MDExMzIxWjAWAgUCcgAAHhcNOTUw +NDA4MDAwMjU5WjAWAgUCcgAAQRcNOTUwNDI4MTcxNzI0WjAWAgUCcgAAOBcNOTUw +NDI4MTcyNzIxWjAWAgUCcgAATBcNOTUwNTAyMDIxMjI2WjANBgkqhkiG9w0BAQIF +AAN+AHqOEJXSDejYy0UwxxrH/9+N2z5xu/if0J6qQmK92W0hW158wpJg+ovV3+wQ +wvIEPRL2rocL0tKfAsVq1IawSJzSNgxG0lrcla3MrJBnZ4GaZDu4FutZh72MR3Gt +JaAL3iTJHJD55kK2D/VoyY1djlsPuNh6AEgdVwFAyp0v +-----END X509 CRL----- diff --git a/openssl-1.1.0h/test/testdsa.pem b/openssl-1.1.0h/test/testdsa.pem new file mode 100644 index 0000000..b2ca5ba --- /dev/null +++ b/openssl-1.1.0h/test/testdsa.pem @@ -0,0 +1,12 @@ +-----BEGIN DSA PRIVATE KEY----- +MIIBvQIBAAKBgQD9Ko2Ezy2mKeOV4oJsjy8Ves9Av6bPvr5y6iFTVpGQewjzsAHS +l3eAxwyrvE0cx8cQ4ODieVRnWibZIEoF2NRUBw3l/6o8wo1BZTnF7wtZpNr6QcCQ +QNC3CaQZ0lw2rOewGxqZpeXmYurfceRnsZBSpQiw8kW+JTgCbRJtVAYF1wIVAN+X +sK/vqcIQlD6ZV055LoV4qv0jAoGBAL52x3C4paZkU61ZTiIgUKPXBpanQ4a7nsjd +iSjzgnto+rveVuFkZQKaD7Wts8SLpojBat7supr+qF1pWVpRwxOXofdO72XdKm5u +3co7sLnqf/WVCmzX9/unlAsGfDG1R6RqA71MnQJ5q56LwAzqK23ZfGt5v1Wpho36 +FY/JnLZ2AoGBAMyZoH2YF7/wO7CbGD6bGet3q+zxksOp+6gz2+ae23Gajpd3u4Jz +bOxqjk4vrQaTrMPRRWXWJxC5WwLMalzwke75wi8gGT6+EUxFoLXlSmRQN+h4f+Ab +OHFQiiW9v3xrgUKPiYWPEz/bhYw5DC73vPfkHXxmV495KiSIx4fvfH1BAhUAv3HU +l7iXVdDF5BKF2B+Vd8w9+MI= +-----END DSA PRIVATE KEY----- diff --git a/openssl-1.1.0h/test/testdsapub.pem b/openssl-1.1.0h/test/testdsapub.pem new file mode 100644 index 0000000..70e7d5c --- /dev/null +++ b/openssl-1.1.0h/test/testdsapub.pem @@ -0,0 +1,12 @@ +-----BEGIN PUBLIC KEY----- +MIIBuDCCASwGByqGSM44BAEwggEfAoGBAP0qjYTPLaYp45XigmyPLxV6z0C/ps++ +vnLqIVNWkZB7CPOwAdKXd4DHDKu8TRzHxxDg4OJ5VGdaJtkgSgXY1FQHDeX/qjzC +jUFlOcXvC1mk2vpBwJBA0LcJpBnSXDas57AbGpml5eZi6t9x5GexkFKlCLDyRb4l +OAJtEm1UBgXXAhUA35ewr++pwhCUPplXTnkuhXiq/SMCgYEAvnbHcLilpmRTrVlO +IiBQo9cGlqdDhrueyN2JKPOCe2j6u95W4WRlApoPta2zxIumiMFq3uy6mv6oXWlZ +WlHDE5eh907vZd0qbm7dyjuwuep/9ZUKbNf3+6eUCwZ8MbVHpGoDvUydAnmrnovA +DOorbdl8a3m/VamGjfoVj8mctnYDgYUAAoGBAMyZoH2YF7/wO7CbGD6bGet3q+zx +ksOp+6gz2+ae23Gajpd3u4JzbOxqjk4vrQaTrMPRRWXWJxC5WwLMalzwke75wi8g +GT6+EUxFoLXlSmRQN+h4f+AbOHFQiiW9v3xrgUKPiYWPEz/bhYw5DC73vPfkHXxm +V495KiSIx4fvfH1B +-----END PUBLIC KEY----- diff --git a/openssl-1.1.0h/test/testec-p256.pem b/openssl-1.1.0h/test/testec-p256.pem new file mode 100644 index 0000000..fb79a4c --- /dev/null +++ b/openssl-1.1.0h/test/testec-p256.pem @@ -0,0 +1,5 @@ +-----BEGIN EC PRIVATE KEY----- +MHcCAQEEIDYEX2yQlhJXDIwBEwcfyAn2eICEKJxqsAPGChey1a2toAoGCCqGSM49 +AwEHoUQDQgAEJXwAdITiPFcSUsaRI2nlzTNRn++q6F38XrH8m8sf28DQ+2Oob5SU +zvgjVS0e70pIqH6bSXDgPc8mKtSs9Zi26Q== +-----END EC PRIVATE KEY----- diff --git a/openssl-1.1.0h/test/testecpub-p256.pem b/openssl-1.1.0h/test/testecpub-p256.pem new file mode 100644 index 0000000..60695b8 --- /dev/null +++ b/openssl-1.1.0h/test/testecpub-p256.pem @@ -0,0 +1,4 @@ +-----BEGIN PUBLIC KEY----- +MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEJXwAdITiPFcSUsaRI2nlzTNRn++q +6F38XrH8m8sf28DQ+2Oob5SUzvgjVS0e70pIqH6bSXDgPc8mKtSs9Zi26Q== +-----END PUBLIC KEY----- diff --git a/openssl-1.1.0h/test/testp7.pem b/openssl-1.1.0h/test/testp7.pem new file mode 100644 index 0000000..e5b7866 --- /dev/null +++ b/openssl-1.1.0h/test/testp7.pem @@ -0,0 +1,46 @@ +-----BEGIN PKCS7----- +MIIIGAYJKoZIhvcNAQcCoIIICTCCCAUCAQExADALBgkqhkiG9w0BBwGgggY8MIIE +cjCCBBygAwIBAgIQeS+OJfWJUZAx6cX0eAiMjzANBgkqhkiG9w0BAQQFADBiMREw +DwYDVQQHEwhJbnRlcm5ldDEXMBUGA1UEChMOVmVyaVNpZ24sIEluYy4xNDAyBgNV +BAsTK1ZlcmlTaWduIENsYXNzIDEgQ0EgLSBJbmRpdmlkdWFsIFN1YnNjcmliZXIw +HhcNOTYwNzE5MDAwMDAwWhcNOTcwMzMwMjM1OTU5WjCB1TERMA8GA1UEBxMISW50 +ZXJuZXQxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMTQwMgYDVQQLEytWZXJpU2ln +biBDbGFzcyAxIENBIC0gSW5kaXZpZHVhbCBTdWJzY3JpYmVyMSgwJgYDVQQLEx9E +aWdpdGFsIElEIENsYXNzIDEgLSBTTUlNRSBUZXN0MUcwRQYDVQQLEz53d3cudmVy +aXNpZ24uY29tL3JlcG9zaXRvcnkvQ1BTLTEuMCBJbmMuIGJ5IFJlZi4sTElBQi5M +VEQoYyk5NjBbMA0GCSqGSIb3DQEBAQUAA0oAMEcCQA7LvHEIAiQ5+4gDYvJGnGAq +UM5GXyG11diEXmIEZTHUZhorooX5sr8IIjSXiPY59YYUFSvAaharFM1xaBN8zNEC +AwEAAaOCAjkwggI1MAkGA1UdEwQCMAAwggImBgNVHQMEggIdMIICGTCCAhUwggIR +BgtghkgBhvhFAQcBATCCAgAWggGrVGhpcyBjZXJ0aWZpY2F0ZSBpbmNvcnBvcmF0 +ZXMgYnkgcmVmZXJlbmNlLCBhbmQgaXRzIHVzZSBpcyBzdHJpY3RseSBzdWJqZWN0 +IHRvLCB0aGUgVmVyaVNpZ24gQ2VydGlmaWNhdGlvbiBQcmFjdGljZSBTdGF0ZW1l +bnQgKENQUyksIGF2YWlsYWJsZSBhdDogaHR0cHM6Ly93d3cudmVyaXNpZ24uY29t +L0NQUy0xLjA7IGJ5IEUtbWFpbCBhdCBDUFMtcmVxdWVzdHNAdmVyaXNpZ24uY29t +OyBvciBieSBtYWlsIGF0IFZlcmlTaWduLCBJbmMuLCAyNTkzIENvYXN0IEF2ZS4s +IE1vdW50YWluIFZpZXcsIENBIDk0MDQzIFVTQSBUZWwuICsxICg0MTUpIDk2MS04 +ODMwIENvcHlyaWdodCAoYykgMTk5NiBWZXJpU2lnbiwgSW5jLiAgQWxsIFJpZ2h0 +cyBSZXNlcnZlZC4gQ0VSVEFJTiBXQVJSQU5USUVTIERJU0NMQUlNRUQgYW5kIExJ +QUJJTElUWSBMSU1JVEVELqAOBgxghkgBhvhFAQcBAQGhDgYMYIZIAYb4RQEHAQEC +MC8wLRYraHR0cHM6Ly93d3cudmVyaXNpZ24uY29tL3JlcG9zaXRvcnkvQ1BTLTEu +AzANBgkqhkiG9w0BAQQFAANBAMCYDuSb/eIlYSxY31nZZTaCZkCSfHjlacMofExr +cF+A2yHoEuT+eCQkqM0pMNHXddUeoQ9RjV+VuMBNmm63DUYwggHCMIIBbKADAgEC +AhB8CYTq1bkRFJBYOd67cp9JMA0GCSqGSIb3DQEBAgUAMD4xCzAJBgNVBAYTAlVT +MRcwFQYDVQQKEw5WZXJpU2lnbiwgSW5jLjEWMBQGA1UECxMNVEVTVCBSb290IFBD +QTAeFw05NjA3MTcwMDAwMDBaFw05NzA3MTcyMzU5NTlaMGIxETAPBgNVBAcTCElu +dGVybmV0MRcwFQYDVQQKEw5WZXJpU2lnbiwgSW5jLjE0MDIGA1UECxMrVmVyaVNp +Z24gQ2xhc3MgMSBDQSAtIEluZGl2aWR1YWwgU3Vic2NyaWJlcjBcMA0GCSqGSIb3 +DQEBAQUAA0sAMEgCQQDsVzrNgnDhbAJZrWeLd9g1vMZJA2W67D33TTbga6yMt+ES +TWEywhS6RNP+fzLGg7utinjH4tL60cXa0G27GDsLAgMBAAGjIjAgMAsGA1UdDwQE +AwIBBjARBglghkgBhvhCAQEEBAMCAgQwDQYJKoZIhvcNAQECBQADQQAUp6bRwkaD +2d1MBs/mjUcgTI2fXVmW8tTm/Ud6OzUwpC3vYgybiOOA4f6mOC5dbyUHrLOsrihU +47ZQ0Jo1DUfboYIBrTCBwTBtMA0GCSqGSIb3DQEBAgUAMD4xCzAJBgNVBAYTAlVT +MRcwFQYDVQQKEw5WZXJpU2lnbiwgSW5jLjEWMBQGA1UECxMNVEVTVCBSb290IFBD +QRcNOTYwNzE3MTc0NDA5WhcNOTgwNzE3MDAwMDAwWjANBgkqhkiG9w0BAQIFAANB +AHitA0/xAukCjHzeh1AMT/l2oC68N+yFb+aJPHBBMxc6gG2MaKjBNwb5hcXUllMl +ExONA3ju10f7owIq3s3wx10wgeYwgZEwDQYJKoZIhvcNAQECBQAwYjERMA8GA1UE +BxMISW50ZXJuZXQxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMTQwMgYDVQQLEytW +ZXJpU2lnbiBDbGFzcyAxIENBIC0gSW5kaXZpZHVhbCBTdWJzY3JpYmVyFw05NjA3 +MTcxNzU5MjlaFw05NzA3MTgwMDAwMDBaMA0GCSqGSIb3DQEBAgUAA0EAubVWYTsW +sQmste9f+UgMw8BkjDlM25fwQLrCfmmnLxjewey10kSROypUaJLb+r4oRALc0fG9 +XfZsaiiIgotQHjEA +-----END PKCS7----- diff --git a/openssl-1.1.0h/test/testreq2.pem b/openssl-1.1.0h/test/testreq2.pem new file mode 100644 index 0000000..c3cdcff --- /dev/null +++ b/openssl-1.1.0h/test/testreq2.pem @@ -0,0 +1,7 @@ +-----BEGIN CERTIFICATE REQUEST----- +MIHaMIGFAgEAMA4xDDAKBgNVBAMTA2NuNDBcMA0GCSqGSIb3DQEBAQUAA0sAMEgC +QQCQsnkyUGDY2R3mYoeTprFJKgWuJ3f1jUjlIuW5+wfAUoeMt35c4vcFZ2mIBpEG +DtzkNQN1kr2O9ldm9zYnYhyhAgMBAAGgEjAQBgorBgEEAYI3AgEOMQIwADANBgkq +hkiG9w0BAQQFAANBAAb2szZgVIxg3vK6kYLjGSBISyuzcXJ6IvuPW6M+yzi1Qgoi +gQhazHTJp91T8ItZEzUJGZSZl2e5iXlnffWB+/U= +-----END CERTIFICATE REQUEST----- diff --git a/openssl-1.1.0h/test/testrsa.pem b/openssl-1.1.0h/test/testrsa.pem new file mode 100644 index 0000000..aad2106 --- /dev/null +++ b/openssl-1.1.0h/test/testrsa.pem @@ -0,0 +1,9 @@ +-----BEGIN RSA PRIVATE KEY----- +MIIBPAIBAAJBAKrbeqkuRk8VcRmWFmtP+LviMB3+6dizWW3DwaffznyHGAFwUJ/I +Tv0XtbsCyl3QoyKGhrOAy3RvPK5M38iuXT0CAwEAAQJAZ3cnzaHXM/bxGaR5CR1R +rD1qFBAVfoQFiOH9uPJgMaoAuoQEisPHVcZDKcOv4wEg6/TInAIXBnEigtqvRzuy +oQIhAPcgZzUq3yVooAaoov8UbXPxqHlwo6GBMqnv20xzkf6ZAiEAsP4BnIaQTM8S +mvcpHZwQJdmdHHkGKAs37Dfxi67HbkUCIQCeZGliHXFa071Fp06ZeWlR2ADonTZz +rJBhdTe0v5pCeQIhAIZfkiGgGBX4cIuuckzEm43g9WMUjxP/0GlK39vIyihxAiEA +mymehFRT0MvqW5xAKAx7Pgkt8HVKwVhc2LwGKHE0DZM= +-----END RSA PRIVATE KEY----- diff --git a/openssl-1.1.0h/test/testrsapub.pem b/openssl-1.1.0h/test/testrsapub.pem new file mode 100644 index 0000000..bee2b95 --- /dev/null +++ b/openssl-1.1.0h/test/testrsapub.pem @@ -0,0 +1,4 @@ +-----BEGIN PUBLIC KEY----- +MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAKrbeqkuRk8VcRmWFmtP+LviMB3+6diz +WW3DwaffznyHGAFwUJ/ITv0XtbsCyl3QoyKGhrOAy3RvPK5M38iuXT0CAwEAAQ== +-----END PUBLIC KEY----- diff --git a/openssl-1.1.0h/test/testsid.pem b/openssl-1.1.0h/test/testsid.pem new file mode 100644 index 0000000..a90fb6e --- /dev/null +++ b/openssl-1.1.0h/test/testsid.pem @@ -0,0 +1,38 @@ +-----BEGIN SSL SESSION PARAMETERS----- +MIIGpAIBAQICAwMEAsAwBCABkpk0q01VEnPtcNWLtYg1xZJLreP0C1r4wPOakiLu +8AQwi0opOLa+Omt26PqbLUcmI1H7F/n7qRy6TaL9Lxf2/ZBUDgRG3aSuSejO+gki +F2U9oQYCBFR6XVaiBAICASyjggVjMIIFXzCCBEegAwIBAgIQNdDRF5hINFi7kAeK +0fP5FjANBgkqhkiG9w0BAQUFADBBMQswCQYDVQQGEwJGUjESMBAGA1UEChMJR0FO +REkgU0FTMR4wHAYDVQQDExVHYW5kaSBTdGFuZGFyZCBTU0wgQ0EwHhcNMTMxMjMx +MDAwMDAwWhcNMTQxMjMxMjM1OTU5WjBYMSEwHwYDVQQLExhEb21haW4gQ29udHJv +bCBWYWxpZGF0ZWQxGzAZBgNVBAsTEkdhbmRpIFN0YW5kYXJkIFNTTDEWMBQGA1UE +AxMNZGIuZGViaWFuLm9yZzCCAaIwDQYJKoZIhvcNAQEBBQADggGPADCCAYoCggGB +AN/7DlZZKR5SELzF7rdn6LWxuebpVyFu1eXltzxi+Mig9cR0ZZD3hp0JcUresABO +zE66AuhGtcFus/J/88CGM2r39u3n5ac5O/4Ypp57997YJRV725dL4oX75Vpc4p8j +EI/LyIFteZN22ziv9zW7qCKKahnq1tuqDkV+84BEARpVdIaaWmn/KqsEgxeNKomy +OLvn96IVCTAF78rudPmJHfSCl++NFmg0yu7DPyuXf8YJfA6j8/kFueanK2B1y/ww +8MSbL3iAdgLwVtRJkwRYyKn8p5+ybwzX9L36GWgYs9OXUn8x494T5GjbGQVxUNt7 +qJnRtiUwYVoiOARrv1EI0Cq4ANXVaLDckc5y0a2PY3c4NWVlKGYbdxdQC1n6nH93 +mWDIr6vu7JX3CqDDr8FBlNVVtiBiv0q/eiVb9dzBzOntt3hA6GOJFAuwDDf7g7nq +Gq8qqcr7EIyVB8ytQ5XMgtLCpmJkLzIdRYfdsQMa7cAbl0THAwwXigcotFA0aYIP +BQIDAQABo4IBujCCAbYwHwYDVR0jBBgwFoAUtqj/oqgv0KbNS7Fo8+dQEDGneSEw +HQYDVR0OBBYEFDJGWXznCu/+qyFLCmUI4cmXy1DCMA4GA1UdDwEB/wQEAwIFoDAM +BgNVHRMBAf8EAjAAMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjBgBgNV +HSAEWTBXMEsGCysGAQQBsjEBAgIaMDwwOgYIKwYBBQUHAgEWLmh0dHA6Ly93d3cu +Z2FuZGkubmV0L2NvbnRyYWN0cy9mci9zc2wvY3BzL3BkZi8wCAYGZ4EMAQIBMDwG +A1UdHwQ1MDMwMaAvoC2GK2h0dHA6Ly9jcmwuZ2FuZGkubmV0L0dhbmRpU3RhbmRh +cmRTU0xDQS5jcmwwagYIKwYBBQUHAQEEXjBcMDcGCCsGAQUFBzAChitodHRwOi8v +Y3J0LmdhbmRpLm5ldC9HYW5kaVN0YW5kYXJkU1NMQ0EuY3J0MCEGCCsGAQUFBzAB +hhVodHRwOi8vb2NzcC5nYW5kaS5uZXQwKwYDVR0RBCQwIoINZGIuZGViaWFuLm9y +Z4IRd3d3LmRiLmRlYmlhbi5vcmcwDQYJKoZIhvcNAQEFBQADggEBAK+ix7EQNPgU +qDx46gAPifcm6b2FvXq+gtlB9h6UaDDO7fxDzmoU5V4WtdBM5uvIfOmpeNuCxPaj +18cUlj9PPjL3eK43UCVu6w5hN3p2/2BPvFjQRhtBcIcEWsMal1DCtS/vCBkQt1lS +gd4/xiMfK4cQYtwRu47gB0HuM2lecYHA42EC5hqupY/2tHo54AdyU46TxgUQcm0e +icLtYuTjIYQWdUgM92heDw8caey5GKL2/TmYM2iWy/csFLm4tJAwPMtvy1KWdJQE +iqYIuI9Lb4/xOyjSwVNLIJmbEzE6Sds9sjxqEcU4CconTVJazvHZtnBRV8GiRYKa +d/xgQ6J+/Z2kAgQAqQQCAgEsqoHDBIHAPGxCacLRMYb3hbL3lRqQIfH3xoufIwKn +zOAIyjxH7GPZpI87/e93AF1uw6eyy+aWJM6G/71E8Ln1iQtZjrGkGQCjEcIrUhEk +Bgg93A28zly2zu2aBwi2yT4bUcyHxE3P3Q4R8xkQxrdWSMfCjCy9HKUViOENKET6 +avKXF7lDT1iG/x8RtTHtFGYX4YcFVhdEqcqnZ7tw5sqkHG2D0gLzO2SETF9KPHCq +zAHQtw5r4Dgl+a+BGLczh6as4yIH+xH+ +-----END SSL SESSION PARAMETERS----- diff --git a/openssl-1.1.0h/test/testutil.c b/openssl-1.1.0h/test/testutil.c new file mode 100644 index 0000000..a16ef0f --- /dev/null +++ b/openssl-1.1.0h/test/testutil.c @@ -0,0 +1,109 @@ +/* + * Copyright 2014-2016 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#include "testutil.h" + +#include +#include +#include +#include +#include "e_os.h" + +/* + * Declares the structures needed to register each test case function. + */ +typedef struct test_info { + const char *test_case_name; + int (*test_fn) (); + int (*param_test_fn)(int idx); + int num; +} TEST_INFO; + +static TEST_INFO all_tests[1024]; +static int num_tests = 0; +/* + * A parameterised tests runs a loop of test cases. + * |num_test_cases| counts the total number of test cases + * across all tests. + */ +static int num_test_cases = 0; + +void add_test(const char *test_case_name, int (*test_fn) ()) +{ + assert(num_tests != OSSL_NELEM(all_tests)); + all_tests[num_tests].test_case_name = test_case_name; + all_tests[num_tests].test_fn = test_fn; + all_tests[num_tests].num = -1; + ++num_test_cases; + ++num_tests; +} + +void add_all_tests(const char *test_case_name, int(*test_fn)(int idx), + int num) +{ + assert(num_tests != OSSL_NELEM(all_tests)); + all_tests[num_tests].test_case_name = test_case_name; + all_tests[num_tests].param_test_fn = test_fn; + all_tests[num_tests].num = num; + ++num_tests; + num_test_cases += num; +} + +int run_tests(const char *test_prog_name) +{ + int num_failed = 0; + + int i, j; + + printf("%s: %d test case%s\n", test_prog_name, num_test_cases, + num_test_cases == 1 ? "" : "s"); + + for (i = 0; i != num_tests; ++i) { + if (all_tests[i].num == -1) { + if (!all_tests[i].test_fn()) { + printf("** %s failed **\n--------\n", + all_tests[i].test_case_name); + ++num_failed; + } + } else { + for (j = 0; j < all_tests[i].num; j++) { + if (!all_tests[i].param_test_fn(j)) { + printf("** %s failed test %d\n--------\n", + all_tests[i].test_case_name, j); + ++num_failed; + } + } + } + } + + if (num_failed != 0) { + printf("%s: %d test%s failed (out of %d)\n", test_prog_name, + num_failed, num_failed != 1 ? "s" : "", num_test_cases); + return EXIT_FAILURE; + } + printf(" All tests passed.\n"); + return EXIT_SUCCESS; +} + +static const char *print_string_maybe_null(const char *s) +{ + return s == NULL ? "(NULL)" : s; +} + +int strings_equal(const char *desc, const char *s1, const char *s2) +{ + if (s1 == NULL && s2 == NULL) + return 1; + if (s1 == NULL || s2 == NULL || strcmp(s1, s2) != 0) { + fprintf(stderr, "%s mismatch: %s vs %s\n", desc, print_string_maybe_null(s1), + print_string_maybe_null(s2)); + return 0; + } + return 1; +} diff --git a/openssl-1.1.0h/test/testutil.h b/openssl-1.1.0h/test/testutil.h new file mode 100644 index 0000000..aaaee27 --- /dev/null +++ b/openssl-1.1.0h/test/testutil.h @@ -0,0 +1,111 @@ +/* + * Copyright 2014-2016 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef HEADER_TESTUTIL_H +# define HEADER_TESTUTIL_H + +#include + +/*- + * SETUP_TEST_FIXTURE and EXECUTE_TEST macros for test case functions. + * + * SETUP_TEST_FIXTURE will call set_up() to create a new TEST_FIXTURE_TYPE + * object called "fixture". It will also allocate the "result" variable used + * by EXECUTE_TEST. set_up() should take a const char* specifying the test + * case name and return a TEST_FIXTURE_TYPE by value. + * + * EXECUTE_TEST will pass fixture to execute_func() by value, call + * tear_down(), and return the result of execute_func(). execute_func() should + * take a TEST_FIXTURE_TYPE by value and return 1 on success and 0 on + * failure. + * + * Unit tests can define their own SETUP_TEST_FIXTURE and EXECUTE_TEST + * variations like so: + * + * #define SETUP_FOOBAR_TEST_FIXTURE()\ + * SETUP_TEST_FIXTURE(FOOBAR_TEST_FIXTURE, set_up_foobar) + * + * #define EXECUTE_FOOBAR_TEST()\ + * EXECUTE_TEST(execute_foobar, tear_down_foobar) + * + * Then test case functions can take the form: + * + * static int test_foobar_feature() + * { + * SETUP_FOOBAR_TEST_FIXTURE(); + * [...set individual members of fixture...] + * EXECUTE_FOOBAR_TEST(); + * } + */ +# define SETUP_TEST_FIXTURE(TEST_FIXTURE_TYPE, set_up)\ + TEST_FIXTURE_TYPE fixture = set_up(TEST_CASE_NAME); \ + int result = 0 + +# define EXECUTE_TEST(execute_func, tear_down)\ + result = execute_func(fixture);\ + tear_down(fixture);\ + return result + +/* + * TEST_CASE_NAME is defined as the name of the test case function where + * possible; otherwise we get by with the file name and line number. + */ +# if !defined(__STDC_VERSION__) || __STDC_VERSION__ < 199901L +# if defined(_MSC_VER) +# define TEST_CASE_NAME __FUNCTION__ +# else +# define testutil_stringify_helper(s) #s +# define testutil_stringify(s) testutil_stringify_helper(s) +# define TEST_CASE_NAME __FILE__ ":" testutil_stringify(__LINE__) +# endif /* _MSC_VER */ +# else +# define TEST_CASE_NAME __func__ +# endif /* __STDC_VERSION__ */ + +/* + * In main(), call ADD_TEST to register each test case function, then call + * run_tests() to execute all tests and report the results. The result + * returned from run_tests() should be used as the return value for main(). + */ +# define ADD_TEST(test_function) add_test(#test_function, test_function) + +/* + * Simple parameterized tests. Adds a test_function(idx) test for each + * 0 <= idx < num. + */ +# define ADD_ALL_TESTS(test_function, num) \ + add_all_tests(#test_function, test_function, num) + +void add_test(const char *test_case_name, int (*test_fn) ()); +void add_all_tests(const char *test_case_name, int (*test_fn)(int idx), int num); +int run_tests(const char *test_prog_name); + +/* + * Test assumption verification helpers. + */ + +/* + * Returns 1 if |s1| and |s2| are both NULL or equal. + * Otherwise, returns 0 and pretty-prints diagnostics using |desc|. + */ +int strings_equal(const char *desc, const char *s1, const char *s2); +#endif /* HEADER_TESTUTIL_H */ + +/* + * For "impossible" conditions such as malloc failures or bugs in test code, + * where continuing the test would be meaningless. Note that OPENSSL_assert + * is fatal, and is never compiled out. + */ +#define TEST_check(condition) \ + do { \ + if (!(condition)) { \ + ERR_print_errors_fp(stderr); \ + OPENSSL_assert(!#condition); \ + } \ + } while (0); diff --git a/openssl-1.1.0h/test/testx509.pem b/openssl-1.1.0h/test/testx509.pem new file mode 100644 index 0000000..8a85d14 --- /dev/null +++ b/openssl-1.1.0h/test/testx509.pem @@ -0,0 +1,10 @@ +-----BEGIN CERTIFICATE----- +MIIBWzCCAQYCARgwDQYJKoZIhvcNAQEEBQAwODELMAkGA1UEBhMCQVUxDDAKBgNV +BAgTA1FMRDEbMBkGA1UEAxMSU1NMZWF5L3JzYSB0ZXN0IENBMB4XDTk1MDYxOTIz +MzMxMloXDTk1MDcxNzIzMzMxMlowOjELMAkGA1UEBhMCQVUxDDAKBgNVBAgTA1FM +RDEdMBsGA1UEAxMUU1NMZWF5L3JzYSB0ZXN0IGNlcnQwXDANBgkqhkiG9w0BAQEF +AANLADBIAkEAqtt6qS5GTxVxGZYWa0/4u+IwHf7p2LNZbcPBp9/OfIcYAXBQn8hO +/Re1uwLKXdCjIoaGs4DLdG88rkzfyK5dPQIDAQABMAwGCCqGSIb3DQIFBQADQQAE +Wc7EcF8po2/ZO6kNCwK/ICH6DobgLekA5lSLr5EvuioZniZp5lFzAw4+YzPQ7XKJ +zl9HYIMxATFyqSiD9jsx +-----END CERTIFICATE----- diff --git a/openssl-1.1.0h/test/threadstest.c b/openssl-1.1.0h/test/threadstest.c new file mode 100644 index 0000000..b2e96fa --- /dev/null +++ b/openssl-1.1.0h/test/threadstest.c @@ -0,0 +1,246 @@ +/* + * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#if defined(_WIN32) +# include +#endif + +#include + +#include + +#if !defined(OPENSSL_THREADS) || defined(CRYPTO_TDEBUG) + +typedef unsigned int thread_t; + +static int run_thread(thread_t *t, void (*f)(void)) +{ + f(); + return 1; +} + +static int wait_for_thread(thread_t thread) +{ + return 1; +} + +#elif defined(OPENSSL_SYS_WINDOWS) + +typedef HANDLE thread_t; + +static DWORD WINAPI thread_run(LPVOID arg) +{ + void (*f)(void); + + *(void **) (&f) = arg; + + f(); + return 0; +} + +static int run_thread(thread_t *t, void (*f)(void)) +{ + *t = CreateThread(NULL, 0, thread_run, *(void **) &f, 0, NULL); + return *t != NULL; +} + +static int wait_for_thread(thread_t thread) +{ + return WaitForSingleObject(thread, INFINITE) == 0; +} + +#else + +typedef pthread_t thread_t; + +static void *thread_run(void *arg) +{ + void (*f)(void); + + *(void **) (&f) = arg; + + f(); + return NULL; +} + +static int run_thread(thread_t *t, void (*f)(void)) +{ + return pthread_create(t, NULL, thread_run, *(void **) &f) == 0; +} + +static int wait_for_thread(thread_t thread) +{ + return pthread_join(thread, NULL) == 0; +} + +#endif + +static int test_lock(void) +{ + CRYPTO_RWLOCK *lock = CRYPTO_THREAD_lock_new(); + + if (!CRYPTO_THREAD_read_lock(lock)) { + fprintf(stderr, "CRYPTO_THREAD_read_lock() failed\n"); + return 0; + } + + if (!CRYPTO_THREAD_unlock(lock)) { + fprintf(stderr, "CRYPTO_THREAD_unlock() failed\n"); + return 0; + } + + CRYPTO_THREAD_lock_free(lock); + + return 1; +} + +static CRYPTO_ONCE once_run = CRYPTO_ONCE_STATIC_INIT; +static unsigned once_run_count = 0; + +static void once_do_run(void) +{ + once_run_count++; +} + +static void once_run_thread_cb(void) +{ + CRYPTO_THREAD_run_once(&once_run, once_do_run); +} + +static int test_once(void) +{ + thread_t thread; + if (!run_thread(&thread, once_run_thread_cb) || + !wait_for_thread(thread)) + { + fprintf(stderr, "run_thread() failed\n"); + return 0; + } + + if (!CRYPTO_THREAD_run_once(&once_run, once_do_run)) { + fprintf(stderr, "CRYPTO_THREAD_run_once() failed\n"); + return 0; + } + + if (once_run_count != 1) { + fprintf(stderr, "once run %u times\n", once_run_count); + return 0; + } + + return 1; +} + +static CRYPTO_THREAD_LOCAL thread_local_key; +static unsigned destructor_run_count = 0; +static int thread_local_thread_cb_ok = 0; + +static void thread_local_destructor(void *arg) +{ + unsigned *count; + + if (arg == NULL) + return; + + count = arg; + + (*count)++; +} + +static void thread_local_thread_cb(void) +{ + void *ptr; + + ptr = CRYPTO_THREAD_get_local(&thread_local_key); + if (ptr != NULL) { + fprintf(stderr, "ptr not NULL\n"); + return; + } + + if (!CRYPTO_THREAD_set_local(&thread_local_key, &destructor_run_count)) { + fprintf(stderr, "CRYPTO_THREAD_set_local() failed\n"); + return; + } + + ptr = CRYPTO_THREAD_get_local(&thread_local_key); + if (ptr != &destructor_run_count) { + fprintf(stderr, "invalid ptr\n"); + return; + } + + thread_local_thread_cb_ok = 1; +} + +static int test_thread_local(void) +{ + thread_t thread; + void *ptr = NULL; + + if (!CRYPTO_THREAD_init_local(&thread_local_key, thread_local_destructor)) { + fprintf(stderr, "CRYPTO_THREAD_init_local() failed\n"); + return 0; + } + + ptr = CRYPTO_THREAD_get_local(&thread_local_key); + if (ptr != NULL) { + fprintf(stderr, "ptr not NULL\n"); + return 0; + } + + if (!run_thread(&thread, thread_local_thread_cb) || + !wait_for_thread(thread)) + { + fprintf(stderr, "run_thread() failed\n"); + return 0; + } + + if (thread_local_thread_cb_ok != 1) { + fprintf(stderr, "thread-local thread callback failed\n"); + return 0; + } + +#if defined(OPENSSL_THREADS) && !defined(CRYPTO_TDEBUG) + + ptr = CRYPTO_THREAD_get_local(&thread_local_key); + if (ptr != NULL) { + fprintf(stderr, "ptr not NULL\n"); + return 0; + } + +# if !defined(OPENSSL_SYS_WINDOWS) + if (destructor_run_count != 1) { + fprintf(stderr, "thread-local destructor run %u times\n", + destructor_run_count); + return 0; + } +# endif + +#endif + + if (!CRYPTO_THREAD_cleanup_local(&thread_local_key)) { + fprintf(stderr, "CRYPTO_THREAD_cleanup_local() failed\n"); + return 0; + } + + return 1; +} + +int main(int argc, char **argv) +{ + if (!test_lock()) + return 1; + + if (!test_once()) + return 1; + + if (!test_thread_local()) + return 1; + + printf("PASS\n"); + return 0; +} diff --git a/openssl-1.1.0h/test/v3-cert1.pem b/openssl-1.1.0h/test/v3-cert1.pem new file mode 100644 index 0000000..0da253d --- /dev/null +++ b/openssl-1.1.0h/test/v3-cert1.pem @@ -0,0 +1,16 @@ +-----BEGIN CERTIFICATE----- +MIICjTCCAfigAwIBAgIEMaYgRzALBgkqhkiG9w0BAQQwRTELMAkGA1UEBhMCVVMx +NjA0BgNVBAoTLU5hdGlvbmFsIEFlcm9uYXV0aWNzIGFuZCBTcGFjZSBBZG1pbmlz +dHJhdGlvbjAmFxE5NjA1MjgxMzQ5MDUrMDgwMBcROTgwNTI4MTM0OTA1KzA4MDAw +ZzELMAkGA1UEBhMCVVMxNjA0BgNVBAoTLU5hdGlvbmFsIEFlcm9uYXV0aWNzIGFu +ZCBTcGFjZSBBZG1pbmlzdHJhdGlvbjEgMAkGA1UEBRMCMTYwEwYDVQQDEwxTdGV2 +ZSBTY2hvY2gwWDALBgkqhkiG9w0BAQEDSQAwRgJBALrAwyYdgxmzNP/ts0Uyf6Bp +miJYktU/w4NG67ULaN4B5CnEz7k57s9o3YY3LecETgQ5iQHmkwlYDTL2fTgVfw0C +AQOjgaswgagwZAYDVR0ZAQH/BFowWDBWMFQxCzAJBgNVBAYTAlVTMTYwNAYDVQQK +Ey1OYXRpb25hbCBBZXJvbmF1dGljcyBhbmQgU3BhY2UgQWRtaW5pc3RyYXRpb24x +DTALBgNVBAMTBENSTDEwFwYDVR0BAQH/BA0wC4AJODMyOTcwODEwMBgGA1UdAgQR +MA8ECTgzMjk3MDgyM4ACBSAwDQYDVR0KBAYwBAMCBkAwCwYJKoZIhvcNAQEEA4GB +AH2y1VCEw/A4zaXzSYZJTTUi3uawbbFiS2yxHvgf28+8Js0OHXk1H1w2d6qOHH21 +X82tZXd/0JtG0g1T9usFFBDvYK8O0ebgz/P5ELJnBL2+atObEuJy1ZZ0pBDWINR3 +WkDNLCGiTkCKp0F5EWIrVDwh54NNevkCQRZita+z4IBO +-----END CERTIFICATE----- diff --git a/openssl-1.1.0h/test/v3-cert2.pem b/openssl-1.1.0h/test/v3-cert2.pem new file mode 100644 index 0000000..de0723f --- /dev/null +++ b/openssl-1.1.0h/test/v3-cert2.pem @@ -0,0 +1,16 @@ +-----BEGIN CERTIFICATE----- +MIICiTCCAfKgAwIBAgIEMeZfHzANBgkqhkiG9w0BAQQFADB9MQswCQYDVQQGEwJD +YTEPMA0GA1UEBxMGTmVwZWFuMR4wHAYDVQQLExVObyBMaWFiaWxpdHkgQWNjZXB0 +ZWQxHzAdBgNVBAoTFkZvciBEZW1vIFB1cnBvc2VzIE9ubHkxHDAaBgNVBAMTE0Vu +dHJ1c3QgRGVtbyBXZWIgQ0EwHhcNOTYwNzEyMTQyMDE1WhcNOTYxMDEyMTQyMDE1 +WjB0MSQwIgYJKoZIhvcNAQkBExVjb29rZUBpc3NsLmF0bC5ocC5jb20xCzAJBgNV +BAYTAlVTMScwJQYDVQQLEx5IZXdsZXR0IFBhY2thcmQgQ29tcGFueSAoSVNTTCkx +FjAUBgNVBAMTDVBhdWwgQS4gQ29va2UwXDANBgkqhkiG9w0BAQEFAANLADBIAkEA +6ceSq9a9AU6g+zBwaL/yVmW1/9EE8s5you1mgjHnj0wAILuoB3L6rm6jmFRy7QZT +G43IhVZdDua4e+5/n1ZslwIDAQABo2MwYTARBglghkgBhvhCAQEEBAMCB4AwTAYJ +YIZIAYb4QgENBD8WPVRoaXMgY2VydGlmaWNhdGUgaXMgb25seSBpbnRlbmRlZCBm +b3IgZGVtb25zdHJhdGlvbiBwdXJwb3Nlcy4wDQYJKoZIhvcNAQEEBQADgYEAi8qc +F3zfFqy1sV8NhjwLVwOKuSfhR/Z8mbIEUeSTlnH3QbYt3HWZQ+vXI8mvtZoBc2Fz +lexKeIkAZXCesqGbs6z6nCt16P6tmdfbZF3I3AWzLquPcOXjPf4HgstkyvVBn0Ap +jAFN418KF/Cx4qyHB4cjdvLrRjjQLnb2+ibo7QU= +-----END CERTIFICATE----- diff --git a/openssl-1.1.0h/test/v3ext.c b/openssl-1.1.0h/test/v3ext.c new file mode 100644 index 0000000..1c1f788 --- /dev/null +++ b/openssl-1.1.0h/test/v3ext.c @@ -0,0 +1,42 @@ +/* + * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#include +#include +#include +#include +#include + +int main(int ac, char **av) +{ + X509 *x = NULL; + BIO *b = NULL; + long pathlen; + int ret = 1; + + if (ac != 2) { + fprintf(stderr, "Usage error\n"); + goto end; + } + b = BIO_new_file(av[1], "r"); + if (b == NULL) + goto end; + x = PEM_read_bio_X509(b, NULL, NULL, NULL); + if (x == NULL) + goto end; + pathlen = X509_get_pathlen(x); + if (pathlen == 6) + ret = 0; + +end: + ERR_print_errors_fp(stderr); + BIO_free(b); + X509_free(x); + return ret; +} diff --git a/openssl-1.1.0h/test/v3nametest.c b/openssl-1.1.0h/test/v3nametest.c new file mode 100644 index 0000000..648c1df --- /dev/null +++ b/openssl-1.1.0h/test/v3nametest.c @@ -0,0 +1,355 @@ +/* + * Copyright 2012-2016 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#include +#include +#include "../e_os.h" +#include + +static const char *const names[] = { + "a", "b", ".", "*", "@", + ".a", "a.", ".b", "b.", ".*", "*.", "*@", "@*", "a@", "@a", "b@", "..", + "-example.com", "example-.com", + "@@", "**", "*.com", "*com", "*.*.com", "*com", "com*", "*example.com", + "*@example.com", "test@*.example.com", "example.com", "www.example.com", + "test.www.example.com", "*.example.com", "*.www.example.com", + "test.*.example.com", "www.*.com", + ".www.example.com", "*www.example.com", + "example.net", "xn--rger-koa.example.com", + "*.xn--rger-koa.example.com", "www.xn--rger-koa.example.com", + "*.good--example.com", "www.good--example.com", + "*.xn--bar.com", "xn--foo.xn--bar.com", + "a.example.com", "b.example.com", + "postmaster@example.com", "Postmaster@example.com", + "postmaster@EXAMPLE.COM", + NULL +}; + +static const char *const exceptions[] = { + "set CN: host: [*.example.com] matches [a.example.com]", + "set CN: host: [*.example.com] matches [b.example.com]", + "set CN: host: [*.example.com] matches [www.example.com]", + "set CN: host: [*.example.com] matches [xn--rger-koa.example.com]", + "set CN: host: [*.www.example.com] matches [test.www.example.com]", + "set CN: host: [*.www.example.com] matches [.www.example.com]", + "set CN: host: [*www.example.com] matches [www.example.com]", + "set CN: host: [test.www.example.com] matches [.www.example.com]", + "set CN: host: [*.xn--rger-koa.example.com] matches [www.xn--rger-koa.example.com]", + "set CN: host: [*.xn--bar.com] matches [xn--foo.xn--bar.com]", + "set CN: host: [*.good--example.com] matches [www.good--example.com]", + "set CN: host-no-wildcards: [*.www.example.com] matches [.www.example.com]", + "set CN: host-no-wildcards: [test.www.example.com] matches [.www.example.com]", + "set emailAddress: email: [postmaster@example.com] does not match [Postmaster@example.com]", + "set emailAddress: email: [postmaster@EXAMPLE.COM] does not match [Postmaster@example.com]", + "set emailAddress: email: [Postmaster@example.com] does not match [postmaster@example.com]", + "set emailAddress: email: [Postmaster@example.com] does not match [postmaster@EXAMPLE.COM]", + "set dnsName: host: [*.example.com] matches [www.example.com]", + "set dnsName: host: [*.example.com] matches [a.example.com]", + "set dnsName: host: [*.example.com] matches [b.example.com]", + "set dnsName: host: [*.example.com] matches [xn--rger-koa.example.com]", + "set dnsName: host: [*.www.example.com] matches [test.www.example.com]", + "set dnsName: host-no-wildcards: [*.www.example.com] matches [.www.example.com]", + "set dnsName: host-no-wildcards: [test.www.example.com] matches [.www.example.com]", + "set dnsName: host: [*.www.example.com] matches [.www.example.com]", + "set dnsName: host: [*www.example.com] matches [www.example.com]", + "set dnsName: host: [test.www.example.com] matches [.www.example.com]", + "set dnsName: host: [*.xn--rger-koa.example.com] matches [www.xn--rger-koa.example.com]", + "set dnsName: host: [*.xn--bar.com] matches [xn--foo.xn--bar.com]", + "set dnsName: host: [*.good--example.com] matches [www.good--example.com]", + "set rfc822Name: email: [postmaster@example.com] does not match [Postmaster@example.com]", + "set rfc822Name: email: [Postmaster@example.com] does not match [postmaster@example.com]", + "set rfc822Name: email: [Postmaster@example.com] does not match [postmaster@EXAMPLE.COM]", + "set rfc822Name: email: [postmaster@EXAMPLE.COM] does not match [Postmaster@example.com]", + NULL +}; + +static int is_exception(const char *msg) +{ + const char *const *p; + for (p = exceptions; *p; ++p) + if (strcmp(msg, *p) == 0) + return 1; + return 0; +} + +static int set_cn(X509 *crt, ...) +{ + int ret = 0; + X509_NAME *n = NULL; + va_list ap; + va_start(ap, crt); + n = X509_NAME_new(); + if (n == NULL) + goto out; + while (1) { + int nid; + const char *name; + nid = va_arg(ap, int); + if (nid == 0) + break; + name = va_arg(ap, const char *); + if (!X509_NAME_add_entry_by_NID(n, nid, MBSTRING_ASC, + (unsigned char *)name, -1, -1, 1)) + goto out; + } + if (!X509_set_subject_name(crt, n)) + goto out; + ret = 1; + out: + X509_NAME_free(n); + va_end(ap); + return ret; +} + +/*- +int X509_add_ext(X509 *x, X509_EXTENSION *ex, int loc); +X509_EXTENSION *X509_EXTENSION_create_by_NID(X509_EXTENSION **ex, + int nid, int crit, ASN1_OCTET_STRING *data); +int X509_add_ext(X509 *x, X509_EXTENSION *ex, int loc); +*/ + +static int set_altname(X509 *crt, ...) +{ + int ret = 0; + GENERAL_NAMES *gens = NULL; + GENERAL_NAME *gen = NULL; + ASN1_IA5STRING *ia5 = NULL; + va_list ap; + va_start(ap, crt); + gens = sk_GENERAL_NAME_new_null(); + if (gens == NULL) + goto out; + while (1) { + int type; + const char *name; + type = va_arg(ap, int); + if (type == 0) + break; + name = va_arg(ap, const char *); + + gen = GENERAL_NAME_new(); + if (gen == NULL) + goto out; + ia5 = ASN1_IA5STRING_new(); + if (ia5 == NULL) + goto out; + if (!ASN1_STRING_set(ia5, name, -1)) + goto out; + switch (type) { + case GEN_EMAIL: + case GEN_DNS: + GENERAL_NAME_set0_value(gen, type, ia5); + ia5 = NULL; + break; + default: + abort(); + } + sk_GENERAL_NAME_push(gens, gen); + gen = NULL; + } + if (!X509_add1_ext_i2d(crt, NID_subject_alt_name, gens, 0, 0)) + goto out; + ret = 1; + out: + ASN1_IA5STRING_free(ia5); + GENERAL_NAME_free(gen); + GENERAL_NAMES_free(gens); + va_end(ap); + return ret; +} + +static int set_cn1(X509 *crt, const char *name) +{ + return set_cn(crt, NID_commonName, name, 0); +} + +static int set_cn_and_email(X509 *crt, const char *name) +{ + return set_cn(crt, NID_commonName, name, + NID_pkcs9_emailAddress, "dummy@example.com", 0); +} + +static int set_cn2(X509 *crt, const char *name) +{ + return set_cn(crt, NID_commonName, "dummy value", + NID_commonName, name, 0); +} + +static int set_cn3(X509 *crt, const char *name) +{ + return set_cn(crt, NID_commonName, name, + NID_commonName, "dummy value", 0); +} + +static int set_email1(X509 *crt, const char *name) +{ + return set_cn(crt, NID_pkcs9_emailAddress, name, 0); +} + +static int set_email2(X509 *crt, const char *name) +{ + return set_cn(crt, NID_pkcs9_emailAddress, "dummy@example.com", + NID_pkcs9_emailAddress, name, 0); +} + +static int set_email3(X509 *crt, const char *name) +{ + return set_cn(crt, NID_pkcs9_emailAddress, name, + NID_pkcs9_emailAddress, "dummy@example.com", 0); +} + +static int set_email_and_cn(X509 *crt, const char *name) +{ + return set_cn(crt, NID_pkcs9_emailAddress, name, + NID_commonName, "www.example.org", 0); +} + +static int set_altname_dns(X509 *crt, const char *name) +{ + return set_altname(crt, GEN_DNS, name, 0); +} + +static int set_altname_email(X509 *crt, const char *name) +{ + return set_altname(crt, GEN_EMAIL, name, 0); +} + +struct set_name_fn { + int (*fn) (X509 *, const char *); + const char *name; + int host; + int email; +}; + +static const struct set_name_fn name_fns[] = { + {set_cn1, "set CN", 1, 0}, + {set_cn2, "set CN", 1, 0}, + {set_cn3, "set CN", 1, 0}, + {set_cn_and_email, "set CN", 1, 0}, + {set_email1, "set emailAddress", 0, 1}, + {set_email2, "set emailAddress", 0, 1}, + {set_email3, "set emailAddress", 0, 1}, + {set_email_and_cn, "set emailAddress", 0, 1}, + {set_altname_dns, "set dnsName", 1, 0}, + {set_altname_email, "set rfc822Name", 0, 1}, + {NULL, NULL, 0} +}; + +static X509 *make_cert() +{ + X509 *ret = NULL; + X509 *crt = NULL; + X509_NAME *issuer = NULL; + crt = X509_new(); + if (crt == NULL) + goto out; + if (!X509_set_version(crt, 3)) + goto out; + ret = crt; + crt = NULL; + out: + X509_NAME_free(issuer); + return ret; +} + +static int errors; + +static void check_message(const struct set_name_fn *fn, const char *op, + const char *nameincert, int match, const char *name) +{ + char msg[1024]; + if (match < 0) + return; + BIO_snprintf(msg, sizeof(msg), "%s: %s: [%s] %s [%s]", + fn->name, op, nameincert, + match ? "matches" : "does not match", name); + if (is_exception(msg)) + return; + puts(msg); + ++errors; +} + +static void run_cert(X509 *crt, const char *nameincert, + const struct set_name_fn *fn) +{ + const char *const *pname = names; + while (*pname) { + int samename = strcasecmp(nameincert, *pname) == 0; + size_t namelen = strlen(*pname); + char *name = malloc(namelen); + int match, ret; + memcpy(name, *pname, namelen); + + ret = X509_check_host(crt, name, namelen, 0, NULL); + match = -1; + if (ret < 0) { + fprintf(stderr, "internal error in X509_check_host"); + ++errors; + } else if (fn->host) { + if (ret == 1 && !samename) + match = 1; + if (ret == 0 && samename) + match = 0; + } else if (ret == 1) + match = 1; + check_message(fn, "host", nameincert, match, *pname); + + ret = X509_check_host(crt, name, namelen, + X509_CHECK_FLAG_NO_WILDCARDS, NULL); + match = -1; + if (ret < 0) { + fprintf(stderr, "internal error in X509_check_host"); + ++errors; + } else if (fn->host) { + if (ret == 1 && !samename) + match = 1; + if (ret == 0 && samename) + match = 0; + } else if (ret == 1) + match = 1; + check_message(fn, "host-no-wildcards", nameincert, match, *pname); + + ret = X509_check_email(crt, name, namelen, 0); + match = -1; + if (fn->email) { + if (ret && !samename) + match = 1; + if (!ret && samename && strchr(nameincert, '@') != NULL) + match = 0; + } else if (ret) + match = 1; + check_message(fn, "email", nameincert, match, *pname); + ++pname; + free(name); + } +} + +int main(void) +{ + const struct set_name_fn *pfn = name_fns; + while (pfn->name) { + const char *const *pname = names; + while (*pname) { + X509 *crt = make_cert(); + if (crt == NULL) { + fprintf(stderr, "make_cert failed\n"); + return 1; + } + if (!pfn->fn(crt, *pname)) { + fprintf(stderr, "X509 name setting failed\n"); + return 1; + } + run_cert(crt, *pname, pfn); + X509_free(crt); + ++pname; + } + ++pfn; + } + return errors > 0 ? 1 : 0; +} diff --git a/openssl-1.1.0h/test/verify_extra_test.c b/openssl-1.1.0h/test/verify_extra_test.c new file mode 100644 index 0000000..cc05bc2 --- /dev/null +++ b/openssl-1.1.0h/test/verify_extra_test.c @@ -0,0 +1,162 @@ +/* + * Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#include +#include +#include +#include +#include +#include + +static STACK_OF(X509) *load_certs_from_file(const char *filename) +{ + STACK_OF(X509) *certs; + BIO *bio; + X509 *x; + + bio = BIO_new_file(filename, "r"); + + if (bio == NULL) { + return NULL; + } + + certs = sk_X509_new_null(); + if (certs == NULL) { + BIO_free(bio); + return NULL; + } + + ERR_set_mark(); + do { + x = PEM_read_bio_X509(bio, NULL, 0, NULL); + if (x != NULL && !sk_X509_push(certs, x)) { + sk_X509_pop_free(certs, X509_free); + BIO_free(bio); + return NULL; + } else if (x == NULL) { + /* + * We probably just ran out of certs, so ignore any errors + * generated + */ + ERR_pop_to_mark(); + } + } while (x != NULL); + + BIO_free(bio); + + return certs; +} + +/* + * Test for CVE-2015-1793 (Alternate Chains Certificate Forgery) + * + * Chain is as follows: + * + * rootCA (self-signed) + * | + * interCA + * | + * subinterCA subinterCA (self-signed) + * | | + * leaf ------------------ + * | + * bad + * + * rootCA, interCA, subinterCA, subinterCA (ss) all have CA=TRUE + * leaf and bad have CA=FALSE + * + * subinterCA and subinterCA (ss) have the same subject name and keys + * + * interCA (but not rootCA) and subinterCA (ss) are in the trusted store + * (roots.pem) + * leaf and subinterCA are in the untrusted list (untrusted.pem) + * bad is the certificate being verified (bad.pem) + * + * Versions vulnerable to CVE-2015-1793 will fail to detect that leaf has + * CA=FALSE, and will therefore incorrectly verify bad + * + */ +static int test_alt_chains_cert_forgery(const char *roots_f, + const char *untrusted_f, + const char *bad_f) +{ + int ret = 0; + int i; + X509 *x = NULL; + STACK_OF(X509) *untrusted = NULL; + BIO *bio = NULL; + X509_STORE_CTX *sctx = NULL; + X509_STORE *store = NULL; + X509_LOOKUP *lookup = NULL; + + store = X509_STORE_new(); + if (store == NULL) + goto err; + + lookup = X509_STORE_add_lookup(store, X509_LOOKUP_file()); + if (lookup == NULL) + goto err; + if(!X509_LOOKUP_load_file(lookup, roots_f, X509_FILETYPE_PEM)) + goto err; + + untrusted = load_certs_from_file(untrusted_f); + + if ((bio = BIO_new_file(bad_f, "r")) == NULL) + goto err; + + if((x = PEM_read_bio_X509(bio, NULL, 0, NULL)) == NULL) + goto err; + + sctx = X509_STORE_CTX_new(); + if (sctx == NULL) + goto err; + + if (!X509_STORE_CTX_init(sctx, store, x, untrusted)) + goto err; + + i = X509_verify_cert(sctx); + + if (i == 0 && X509_STORE_CTX_get_error(sctx) == X509_V_ERR_INVALID_CA) { + /* This is the result we were expecting: Test passed */ + ret = 1; + } + err: + X509_STORE_CTX_free(sctx); + X509_free(x); + BIO_free(bio); + sk_X509_pop_free(untrusted, X509_free); + X509_STORE_free(store); + if (ret != 1) + ERR_print_errors_fp(stderr); + return ret; +} + +int main(int argc, char **argv) +{ + CRYPTO_set_mem_debug(1); + CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON); + + if (argc != 4) { + fprintf(stderr, "usage: verify_extra_test roots.pem untrusted.pem bad.pem\n"); + return 1; + } + + if (!test_alt_chains_cert_forgery(argv[1], argv[2], argv[3])) { + fprintf(stderr, "Test alt chains cert forgery failed\n"); + return 1; + } + +#ifndef OPENSSL_NO_CRYPTO_MDEBUG + if (CRYPTO_mem_leaks_fp(stderr) <= 0) + return 1; +#endif + + printf("PASS\n"); + return 0; +} diff --git a/openssl-1.1.0h/test/wp_test.c b/openssl-1.1.0h/test/wp_test.c new file mode 100644 index 0000000..7b5cc04 --- /dev/null +++ b/openssl-1.1.0h/test/wp_test.c @@ -0,0 +1,233 @@ +/* + * Copyright 2005-2016 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#include +#include +#include + +#include +#include + +#if defined(OPENSSL_NO_WHIRLPOOL) +int main(int argc, char *argv[]) +{ + printf("No Whirlpool support\n"); + return (0); +} +#else + +/* ISO/IEC 10118-3 test vector set */ +static const unsigned char iso_test_1[WHIRLPOOL_DIGEST_LENGTH] = { + 0x19, 0xFA, 0x61, 0xD7, 0x55, 0x22, 0xA4, 0x66, + 0x9B, 0x44, 0xE3, 0x9C, 0x1D, 0x2E, 0x17, 0x26, + 0xC5, 0x30, 0x23, 0x21, 0x30, 0xD4, 0x07, 0xF8, + 0x9A, 0xFE, 0xE0, 0x96, 0x49, 0x97, 0xF7, 0xA7, + 0x3E, 0x83, 0xBE, 0x69, 0x8B, 0x28, 0x8F, 0xEB, + 0xCF, 0x88, 0xE3, 0xE0, 0x3C, 0x4F, 0x07, 0x57, + 0xEA, 0x89, 0x64, 0xE5, 0x9B, 0x63, 0xD9, 0x37, + 0x08, 0xB1, 0x38, 0xCC, 0x42, 0xA6, 0x6E, 0xB3 +}; + +static const unsigned char iso_test_2[WHIRLPOOL_DIGEST_LENGTH] = { + 0x8A, 0xCA, 0x26, 0x02, 0x79, 0x2A, 0xEC, 0x6F, + 0x11, 0xA6, 0x72, 0x06, 0x53, 0x1F, 0xB7, 0xD7, + 0xF0, 0xDF, 0xF5, 0x94, 0x13, 0x14, 0x5E, 0x69, + 0x73, 0xC4, 0x50, 0x01, 0xD0, 0x08, 0x7B, 0x42, + 0xD1, 0x1B, 0xC6, 0x45, 0x41, 0x3A, 0xEF, 0xF6, + 0x3A, 0x42, 0x39, 0x1A, 0x39, 0x14, 0x5A, 0x59, + 0x1A, 0x92, 0x20, 0x0D, 0x56, 0x01, 0x95, 0xE5, + 0x3B, 0x47, 0x85, 0x84, 0xFD, 0xAE, 0x23, 0x1A +}; + +static const unsigned char iso_test_3[WHIRLPOOL_DIGEST_LENGTH] = { + 0x4E, 0x24, 0x48, 0xA4, 0xC6, 0xF4, 0x86, 0xBB, + 0x16, 0xB6, 0x56, 0x2C, 0x73, 0xB4, 0x02, 0x0B, + 0xF3, 0x04, 0x3E, 0x3A, 0x73, 0x1B, 0xCE, 0x72, + 0x1A, 0xE1, 0xB3, 0x03, 0xD9, 0x7E, 0x6D, 0x4C, + 0x71, 0x81, 0xEE, 0xBD, 0xB6, 0xC5, 0x7E, 0x27, + 0x7D, 0x0E, 0x34, 0x95, 0x71, 0x14, 0xCB, 0xD6, + 0xC7, 0x97, 0xFC, 0x9D, 0x95, 0xD8, 0xB5, 0x82, + 0xD2, 0x25, 0x29, 0x20, 0x76, 0xD4, 0xEE, 0xF5 +}; + +static const unsigned char iso_test_4[WHIRLPOOL_DIGEST_LENGTH] = { + 0x37, 0x8C, 0x84, 0xA4, 0x12, 0x6E, 0x2D, 0xC6, + 0xE5, 0x6D, 0xCC, 0x74, 0x58, 0x37, 0x7A, 0xAC, + 0x83, 0x8D, 0x00, 0x03, 0x22, 0x30, 0xF5, 0x3C, + 0xE1, 0xF5, 0x70, 0x0C, 0x0F, 0xFB, 0x4D, 0x3B, + 0x84, 0x21, 0x55, 0x76, 0x59, 0xEF, 0x55, 0xC1, + 0x06, 0xB4, 0xB5, 0x2A, 0xC5, 0xA4, 0xAA, 0xA6, + 0x92, 0xED, 0x92, 0x00, 0x52, 0x83, 0x8F, 0x33, + 0x62, 0xE8, 0x6D, 0xBD, 0x37, 0xA8, 0x90, 0x3E +}; + +static const unsigned char iso_test_5[WHIRLPOOL_DIGEST_LENGTH] = { + 0xF1, 0xD7, 0x54, 0x66, 0x26, 0x36, 0xFF, 0xE9, + 0x2C, 0x82, 0xEB, 0xB9, 0x21, 0x2A, 0x48, 0x4A, + 0x8D, 0x38, 0x63, 0x1E, 0xAD, 0x42, 0x38, 0xF5, + 0x44, 0x2E, 0xE1, 0x3B, 0x80, 0x54, 0xE4, 0x1B, + 0x08, 0xBF, 0x2A, 0x92, 0x51, 0xC3, 0x0B, 0x6A, + 0x0B, 0x8A, 0xAE, 0x86, 0x17, 0x7A, 0xB4, 0xA6, + 0xF6, 0x8F, 0x67, 0x3E, 0x72, 0x07, 0x86, 0x5D, + 0x5D, 0x98, 0x19, 0xA3, 0xDB, 0xA4, 0xEB, 0x3B +}; + +static const unsigned char iso_test_6[WHIRLPOOL_DIGEST_LENGTH] = { + 0xDC, 0x37, 0xE0, 0x08, 0xCF, 0x9E, 0xE6, 0x9B, + 0xF1, 0x1F, 0x00, 0xED, 0x9A, 0xBA, 0x26, 0x90, + 0x1D, 0xD7, 0xC2, 0x8C, 0xDE, 0xC0, 0x66, 0xCC, + 0x6A, 0xF4, 0x2E, 0x40, 0xF8, 0x2F, 0x3A, 0x1E, + 0x08, 0xEB, 0xA2, 0x66, 0x29, 0x12, 0x9D, 0x8F, + 0xB7, 0xCB, 0x57, 0x21, 0x1B, 0x92, 0x81, 0xA6, + 0x55, 0x17, 0xCC, 0x87, 0x9D, 0x7B, 0x96, 0x21, + 0x42, 0xC6, 0x5F, 0x5A, 0x7A, 0xF0, 0x14, 0x67 +}; + +static const unsigned char iso_test_7[WHIRLPOOL_DIGEST_LENGTH] = { + 0x46, 0x6E, 0xF1, 0x8B, 0xAB, 0xB0, 0x15, 0x4D, + 0x25, 0xB9, 0xD3, 0x8A, 0x64, 0x14, 0xF5, 0xC0, + 0x87, 0x84, 0x37, 0x2B, 0xCC, 0xB2, 0x04, 0xD6, + 0x54, 0x9C, 0x4A, 0xFA, 0xDB, 0x60, 0x14, 0x29, + 0x4D, 0x5B, 0xD8, 0xDF, 0x2A, 0x6C, 0x44, 0xE5, + 0x38, 0xCD, 0x04, 0x7B, 0x26, 0x81, 0xA5, 0x1A, + 0x2C, 0x60, 0x48, 0x1E, 0x88, 0xC5, 0xA2, 0x0B, + 0x2C, 0x2A, 0x80, 0xCF, 0x3A, 0x9A, 0x08, 0x3B +}; + +static const unsigned char iso_test_8[WHIRLPOOL_DIGEST_LENGTH] = { + 0x2A, 0x98, 0x7E, 0xA4, 0x0F, 0x91, 0x70, 0x61, + 0xF5, 0xD6, 0xF0, 0xA0, 0xE4, 0x64, 0x4F, 0x48, + 0x8A, 0x7A, 0x5A, 0x52, 0xDE, 0xEE, 0x65, 0x62, + 0x07, 0xC5, 0x62, 0xF9, 0x88, 0xE9, 0x5C, 0x69, + 0x16, 0xBD, 0xC8, 0x03, 0x1B, 0xC5, 0xBE, 0x1B, + 0x7B, 0x94, 0x76, 0x39, 0xFE, 0x05, 0x0B, 0x56, + 0x93, 0x9B, 0xAA, 0xA0, 0xAD, 0xFF, 0x9A, 0xE6, + 0x74, 0x5B, 0x7B, 0x18, 0x1C, 0x3B, 0xE3, 0xFD +}; + +static const unsigned char iso_test_9[WHIRLPOOL_DIGEST_LENGTH] = { + 0x0C, 0x99, 0x00, 0x5B, 0xEB, 0x57, 0xEF, 0xF5, + 0x0A, 0x7C, 0xF0, 0x05, 0x56, 0x0D, 0xDF, 0x5D, + 0x29, 0x05, 0x7F, 0xD8, 0x6B, 0x20, 0xBF, 0xD6, + 0x2D, 0xEC, 0xA0, 0xF1, 0xCC, 0xEA, 0x4A, 0xF5, + 0x1F, 0xC1, 0x54, 0x90, 0xED, 0xDC, 0x47, 0xAF, + 0x32, 0xBB, 0x2B, 0x66, 0xC3, 0x4F, 0xF9, 0xAD, + 0x8C, 0x60, 0x08, 0xAD, 0x67, 0x7F, 0x77, 0x12, + 0x69, 0x53, 0xB2, 0x26, 0xE4, 0xED, 0x8B, 0x01 +}; + +int main(int argc, char *argv[]) +{ + unsigned char md[WHIRLPOOL_DIGEST_LENGTH]; + int i; + WHIRLPOOL_CTX ctx; + + fprintf(stdout, "Testing Whirlpool "); + + WHIRLPOOL("", 0, md); + if (memcmp(md, iso_test_1, sizeof(iso_test_1))) { + fflush(stdout); + fprintf(stderr, "\nTEST 1 of 9 failed.\n"); + return 1; + } else + fprintf(stdout, "."); + fflush(stdout); + + WHIRLPOOL("a", 1, md); + if (memcmp(md, iso_test_2, sizeof(iso_test_2))) { + fflush(stdout); + fprintf(stderr, "\nTEST 2 of 9 failed.\n"); + return 1; + } else + fprintf(stdout, "."); + fflush(stdout); + + WHIRLPOOL("abc", 3, md); + if (memcmp(md, iso_test_3, sizeof(iso_test_3))) { + fflush(stdout); + fprintf(stderr, "\nTEST 3 of 9 failed.\n"); + return 1; + } else + fprintf(stdout, "."); + fflush(stdout); + + WHIRLPOOL("message digest", 14, md); + if (memcmp(md, iso_test_4, sizeof(iso_test_4))) { + fflush(stdout); + fprintf(stderr, "\nTEST 4 of 9 failed.\n"); + return 1; + } else + fprintf(stdout, "."); + fflush(stdout); + + WHIRLPOOL("abcdefghijklmnopqrstuvwxyz", 26, md); + if (memcmp(md, iso_test_5, sizeof(iso_test_5))) { + fflush(stdout); + fprintf(stderr, "\nTEST 5 of 9 failed.\n"); + return 1; + } else + fprintf(stdout, "."); + fflush(stdout); + + WHIRLPOOL("ABCDEFGHIJKLMNOPQRSTUVWXYZ" + "abcdefghijklmnopqrstuvwxyz" "0123456789", 62, md); + if (memcmp(md, iso_test_6, sizeof(iso_test_6))) { + fflush(stdout); + fprintf(stderr, "\nTEST 6 of 9 failed.\n"); + return 1; + } else + fprintf(stdout, "."); + fflush(stdout); + + WHIRLPOOL("1234567890" "1234567890" "1234567890" "1234567890" + "1234567890" "1234567890" "1234567890" "1234567890", 80, md); + if (memcmp(md, iso_test_7, sizeof(iso_test_7))) { + fflush(stdout); + fprintf(stderr, "\nTEST 7 of 9 failed.\n"); + return 1; + } else + fprintf(stdout, "."); + fflush(stdout); + + WHIRLPOOL("abcdbcdecdefdefgefghfghighijhijk", 32, md); + if (memcmp(md, iso_test_8, sizeof(iso_test_8))) { + fflush(stdout); + fprintf(stderr, "\nTEST 8 of 9 failed.\n"); + return 1; + } else + fprintf(stdout, "."); + fflush(stdout); + + WHIRLPOOL_Init(&ctx); + for (i = 0; i < 1000000; i += 288) + WHIRLPOOL_Update(&ctx, "aaaaaaaa" "aaaaaaaa" "aaaaaaaa" "aaaaaaaa" + "aaaaaaaa" "aaaaaaaa" "aaaaaaaa" "aaaaaaaa" + "aaaaaaaa" "aaaaaaaa" "aaaaaaaa" "aaaaaaaa" + "aaaaaaaa" "aaaaaaaa" "aaaaaaaa" "aaaaaaaa" + "aaaaaaaa" "aaaaaaaa" "aaaaaaaa" "aaaaaaaa" + "aaaaaaaa" "aaaaaaaa" "aaaaaaaa" "aaaaaaaa" + "aaaaaaaa" "aaaaaaaa" "aaaaaaaa" "aaaaaaaa" + "aaaaaaaa" "aaaaaaaa" "aaaaaaaa" "aaaaaaaa" + "aaaaaaaa" "aaaaaaaa" "aaaaaaaa" "aaaaaaaa", + (1000000 - i) < 288 ? 1000000 - i : 288); + WHIRLPOOL_Final(md, &ctx); + if (memcmp(md, iso_test_9, sizeof(iso_test_9))) { + fflush(stdout); + fprintf(stderr, "\nTEST 9 of 9 failed.\n"); + return 1; + } else + fprintf(stdout, "."); + fflush(stdout); + + fprintf(stdout, " passed.\n"); + fflush(stdout); + + return 0; +} +#endif diff --git a/openssl-1.1.0h/test/x509aux.c b/openssl-1.1.0h/test/x509aux.c new file mode 100644 index 0000000..2c20d6d --- /dev/null +++ b/openssl-1.1.0h/test/x509aux.c @@ -0,0 +1,231 @@ +/* + * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL licenses, (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * https://www.openssl.org/source/license.html + * or in the file LICENSE in the source distribution. + */ + +#include +#include +#include + +#include +#include +#include +#include + +#include "../e_os.h" + +static const char *progname; + +static void test_usage(void) +{ + fprintf(stderr, "usage: %s certfile\n", progname); +} + +static void print_errors(void) +{ + unsigned long err; + char buffer[1024]; + const char *file; + const char *data; + int line; + int flags; + + while ((err = ERR_get_error_line_data(&file, &line, &data, &flags)) != 0) { + ERR_error_string_n(err, buffer, sizeof(buffer)); + if (flags & ERR_TXT_STRING) + fprintf(stderr, "Error: %s:%s:%d:%s\n", buffer, file, line, data); + else + fprintf(stderr, "Error: %s:%s:%d\n", buffer, file, line); + } +} + +static int test_certs(BIO *fp) +{ + int count; + char *name = 0; + char *header = 0; + unsigned char *data = 0; + long len; + typedef X509 *(*d2i_X509_t)(X509 **, const unsigned char **, long); + typedef int (*i2d_X509_t)(X509 *, unsigned char **); + int err = 0; + + for (count = 0; + !err && PEM_read_bio(fp, &name, &header, &data, &len); + ++count) { + int trusted = strcmp(name, PEM_STRING_X509_TRUSTED) == 0; + d2i_X509_t d2i = trusted ? d2i_X509_AUX : d2i_X509; + i2d_X509_t i2d = trusted ? i2d_X509_AUX : i2d_X509; + X509 *cert = NULL; + const unsigned char *p = data; + unsigned char *buf = NULL; + unsigned char *bufp; + long enclen; + + if (!trusted + && strcmp(name, PEM_STRING_X509) != 0 + && strcmp(name, PEM_STRING_X509_OLD) != 0) { + fprintf(stderr, "unexpected PEM object: %s\n", name); + err = 1; + goto next; + } + cert = d2i(NULL, &p, len); + + if (cert == NULL || (p - data) != len) { + fprintf(stderr, "error parsing input %s\n", name); + err = 1; + goto next; + } + + /* Test traditional 2-pass encoding into caller allocated buffer */ + enclen = i2d(cert, NULL); + if (len != enclen) { + fprintf(stderr, "encoded length %ld of %s != input length %ld\n", + enclen, name, len); + err = 1; + goto next; + } + if ((buf = bufp = OPENSSL_malloc(len)) == NULL) { + perror("malloc"); + err = 1; + goto next; + } + enclen = i2d(cert, &bufp); + if (len != enclen) { + fprintf(stderr, "encoded length %ld of %s != input length %ld\n", + enclen, name, len); + err = 1; + goto next; + } + enclen = (long) (bufp - buf); + if (enclen != len) { + fprintf(stderr, "unexpected buffer position after encoding %s\n", + name); + err = 1; + goto next; + } + if (memcmp(buf, data, len) != 0) { + fprintf(stderr, "encoded content of %s does not match input\n", + name); + err = 1; + goto next; + } + OPENSSL_free(buf); + buf = NULL; + + /* Test 1-pass encoding into library allocated buffer */ + enclen = i2d(cert, &buf); + if (len != enclen) { + fprintf(stderr, "encoded length %ld of %s != input length %ld\n", + enclen, name, len); + err = 1; + goto next; + } + if (memcmp(buf, data, len) != 0) { + fprintf(stderr, "encoded content of %s does not match input\n", + name); + err = 1; + goto next; + } + + if (trusted) { + /* Encode just the cert and compare with initial encoding */ + OPENSSL_free(buf); + buf = NULL; + + /* Test 1-pass encoding into library allocated buffer */ + enclen = i2d(cert, &buf); + if (enclen > len) { + fprintf(stderr, "encoded length %ld of %s > input length %ld\n", + enclen, name, len); + err = 1; + goto next; + } + if (memcmp(buf, data, enclen) != 0) { + fprintf(stderr, "encoded cert content does not match input\n"); + err = 1; + goto next; + } + } + + /* + * If any of these were null, PEM_read() would have failed. + */ + next: + X509_free(cert); + OPENSSL_free(buf); + OPENSSL_free(name); + OPENSSL_free(header); + OPENSSL_free(data); + } + + if (ERR_GET_REASON(ERR_peek_last_error()) == PEM_R_NO_START_LINE) { + /* Reached end of PEM file */ + if (count > 0) { + ERR_clear_error(); + return 1; + } + } + + /* Some other PEM read error */ + print_errors(); + return 0; +} + +int main(int argc, char *argv[]) +{ + BIO *bio_err; + const char *p; + int ret = 1; + + progname = argv[0]; + if (argc < 2) { + test_usage(); + EXIT(ret); + } + + bio_err = BIO_new_fp(stderr, BIO_NOCLOSE | BIO_FP_TEXT); + + p = getenv("OPENSSL_DEBUG_MEMORY"); + if (p != NULL && strcmp(p, "on") == 0) + CRYPTO_set_mem_debug(1); + CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON); + + argc--; + argv++; + + while (argc >= 1) { + BIO *f = BIO_new_file(*argv, "r"); + int ok; + + if (f == NULL) { + fprintf(stderr, "%s: Error opening cert file: '%s': %s\n", + progname, *argv, strerror(errno)); + EXIT(ret); + } + ret = !(ok = test_certs(f)); + BIO_free(f); + + if (!ok) { + printf("%s ERROR\n", *argv); + ret = 1; + break; + } + printf("%s OK\n", *argv); + + argc--; + argv++; + } + +#ifndef OPENSSL_NO_CRYPTO_MDEBUG + if (CRYPTO_mem_leaks(bio_err) <= 0) + ret = 1; +#endif + BIO_free(bio_err); + EXIT(ret); +} -- cgit v1.2.3