summaryrefslogtreecommitdiff
path: root/src/lib/libssl
diff options
context:
space:
mode:
Diffstat (limited to 'src/lib/libssl')
-rw-r--r--src/lib/libssl/d1_both.c627
-rw-r--r--src/lib/libssl/d1_enc.c31
-rw-r--r--src/lib/libssl/d1_lib.c235
-rw-r--r--src/lib/libssl/d1_meth.c4
-rw-r--r--src/lib/libssl/t1_reneg.c292
-rw-r--r--src/lib/libssl/test/CAss.cnf2
-rw-r--r--src/lib/libssl/test/CAtsa.cnf163
-rw-r--r--src/lib/libssl/test/Uss.cnf2
-rwxr-xr-xsrc/lib/libssl/test/asn1test.c22
-rw-r--r--src/lib/libssl/test/cms-test.pl18
-rw-r--r--src/lib/libssl/test/pkits-test.pl940
-rwxr-xr-xsrc/lib/libssl/test/test_padlock64
-rw-r--r--src/lib/libssl/test/testtsa238
13 files changed, 2386 insertions, 252 deletions
diff --git a/src/lib/libssl/d1_both.c b/src/lib/libssl/d1_both.c
index 15a201a25c..4ce4064cc9 100644
--- a/src/lib/libssl/d1_both.c
+++ b/src/lib/libssl/d1_both.c
@@ -123,6 +123,37 @@
123#include <openssl/evp.h> 123#include <openssl/evp.h>
124#include <openssl/x509.h> 124#include <openssl/x509.h>
125 125
126#define RSMBLY_BITMASK_SIZE(msg_len) (((msg_len) + 7) / 8)
127
128#define RSMBLY_BITMASK_MARK(bitmask, start, end) { \
129 if ((end) - (start) <= 8) { \
130 long ii; \
131 for (ii = (start); ii < (end); ii++) bitmask[((ii) >> 3)] |= (1 << ((ii) & 7)); \
132 } else { \
133 long ii; \
134 bitmask[((start) >> 3)] |= bitmask_start_values[((start) & 7)]; \
135 for (ii = (((start) >> 3) + 1); ii < ((((end) - 1)) >> 3); ii++) bitmask[ii] = 0xff; \
136 bitmask[(((end) - 1) >> 3)] |= bitmask_end_values[((end) & 7)]; \
137 } }
138
139#define RSMBLY_BITMASK_IS_COMPLETE(bitmask, msg_len, is_complete) { \
140 long ii; \
141 OPENSSL_assert((msg_len) > 0); \
142 is_complete = 1; \
143 if (bitmask[(((msg_len) - 1) >> 3)] != bitmask_end_values[((msg_len) & 7)]) is_complete = 0; \
144 if (is_complete) for (ii = (((msg_len) - 1) >> 3) - 1; ii >= 0 ; ii--) \
145 if (bitmask[ii] != 0xff) { is_complete = 0; break; } }
146
147#if 0
148#define RSMBLY_BITMASK_PRINT(bitmask, msg_len) { \
149 long ii; \
150 printf("bitmask: "); for (ii = 0; ii < (msg_len); ii++) \
151 printf("%d ", (bitmask[ii >> 3] & (1 << (ii & 7))) >> (ii & 7)); \
152 printf("\n"); }
153#endif
154
155static unsigned char bitmask_start_values[] = {0xff, 0xfe, 0xfc, 0xf8, 0xf0, 0xe0, 0xc0, 0x80};
156static unsigned char bitmask_end_values[] = {0x00, 0x01, 0x03, 0x07, 0x0f, 0x1f, 0x3f, 0x7f};
126 157
127/* XDTLS: figure out the right values */ 158/* XDTLS: figure out the right values */
128static unsigned int g_probable_mtu[] = {1500 - 28, 512 - 28, 256 - 28}; 159static unsigned int g_probable_mtu[] = {1500 - 28, 512 - 28, 256 - 28};
@@ -136,15 +167,15 @@ static unsigned char *dtls1_write_message_header(SSL *s,
136static void dtls1_set_message_header_int(SSL *s, unsigned char mt, 167static void dtls1_set_message_header_int(SSL *s, unsigned char mt,
137 unsigned long len, unsigned short seq_num, unsigned long frag_off, 168 unsigned long len, unsigned short seq_num, unsigned long frag_off,
138 unsigned long frag_len); 169 unsigned long frag_len);
139static int dtls1_retransmit_buffered_messages(SSL *s);
140static long dtls1_get_message_fragment(SSL *s, int st1, int stn, 170static long dtls1_get_message_fragment(SSL *s, int st1, int stn,
141 long max, int *ok); 171 long max, int *ok);
142 172
143static hm_fragment * 173static hm_fragment *
144dtls1_hm_fragment_new(unsigned long frag_len) 174dtls1_hm_fragment_new(unsigned long frag_len, int reassembly)
145 { 175 {
146 hm_fragment *frag = NULL; 176 hm_fragment *frag = NULL;
147 unsigned char *buf = NULL; 177 unsigned char *buf = NULL;
178 unsigned char *bitmask = NULL;
148 179
149 frag = (hm_fragment *)OPENSSL_malloc(sizeof(hm_fragment)); 180 frag = (hm_fragment *)OPENSSL_malloc(sizeof(hm_fragment));
150 if ( frag == NULL) 181 if ( frag == NULL)
@@ -163,6 +194,21 @@ dtls1_hm_fragment_new(unsigned long frag_len)
163 /* zero length fragment gets zero frag->fragment */ 194 /* zero length fragment gets zero frag->fragment */
164 frag->fragment = buf; 195 frag->fragment = buf;
165 196
197 /* Initialize reassembly bitmask if necessary */
198 if (reassembly)
199 {
200 bitmask = (unsigned char *)OPENSSL_malloc(RSMBLY_BITMASK_SIZE(frag_len));
201 if (bitmask == NULL)
202 {
203 if (buf != NULL) OPENSSL_free(buf);
204 OPENSSL_free(frag);
205 return NULL;
206 }
207 memset(bitmask, 0, RSMBLY_BITMASK_SIZE(frag_len));
208 }
209
210 frag->reassembly = bitmask;
211
166 return frag; 212 return frag;
167 } 213 }
168 214
@@ -170,6 +216,7 @@ static void
170dtls1_hm_fragment_free(hm_fragment *frag) 216dtls1_hm_fragment_free(hm_fragment *frag)
171 { 217 {
172 if (frag->fragment) OPENSSL_free(frag->fragment); 218 if (frag->fragment) OPENSSL_free(frag->fragment);
219 if (frag->reassembly) OPENSSL_free(frag->reassembly);
173 OPENSSL_free(frag); 220 OPENSSL_free(frag);
174 } 221 }
175 222
@@ -178,7 +225,7 @@ int dtls1_do_write(SSL *s, int type)
178 { 225 {
179 int ret; 226 int ret;
180 int curr_mtu; 227 int curr_mtu;
181 unsigned int len, frag_off; 228 unsigned int len, frag_off, mac_size, blocksize;
182 229
183 /* AHA! Figure out the MTU, and stick to the right size */ 230 /* AHA! Figure out the MTU, and stick to the right size */
184 if ( ! (SSL_get_options(s) & SSL_OP_NO_QUERY_MTU)) 231 if ( ! (SSL_get_options(s) & SSL_OP_NO_QUERY_MTU))
@@ -226,11 +273,22 @@ int dtls1_do_write(SSL *s, int type)
226 OPENSSL_assert(s->init_num == 273 OPENSSL_assert(s->init_num ==
227 (int)s->d1->w_msg_hdr.msg_len + DTLS1_HM_HEADER_LENGTH); 274 (int)s->d1->w_msg_hdr.msg_len + DTLS1_HM_HEADER_LENGTH);
228 275
276 if (s->write_hash)
277 mac_size = EVP_MD_CTX_size(s->write_hash);
278 else
279 mac_size = 0;
280
281 if (s->enc_write_ctx &&
282 (EVP_CIPHER_mode( s->enc_write_ctx->cipher) & EVP_CIPH_CBC_MODE))
283 blocksize = 2 * EVP_CIPHER_block_size(s->enc_write_ctx->cipher);
284 else
285 blocksize = 0;
286
229 frag_off = 0; 287 frag_off = 0;
230 while( s->init_num) 288 while( s->init_num)
231 { 289 {
232 curr_mtu = s->d1->mtu - BIO_wpending(SSL_get_wbio(s)) - 290 curr_mtu = s->d1->mtu - BIO_wpending(SSL_get_wbio(s)) -
233 DTLS1_RT_HEADER_LENGTH; 291 DTLS1_RT_HEADER_LENGTH - mac_size - blocksize;
234 292
235 if ( curr_mtu <= DTLS1_HM_HEADER_LENGTH) 293 if ( curr_mtu <= DTLS1_HM_HEADER_LENGTH)
236 { 294 {
@@ -238,7 +296,8 @@ int dtls1_do_write(SSL *s, int type)
238 ret = BIO_flush(SSL_get_wbio(s)); 296 ret = BIO_flush(SSL_get_wbio(s));
239 if ( ret <= 0) 297 if ( ret <= 0)
240 return ret; 298 return ret;
241 curr_mtu = s->d1->mtu - DTLS1_RT_HEADER_LENGTH; 299 curr_mtu = s->d1->mtu - DTLS1_RT_HEADER_LENGTH -
300 mac_size - blocksize;
242 } 301 }
243 302
244 if ( s->init_num > curr_mtu) 303 if ( s->init_num > curr_mtu)
@@ -280,7 +339,7 @@ int dtls1_do_write(SSL *s, int type)
280 * retransmit 339 * retransmit
281 */ 340 */
282 if ( BIO_ctrl(SSL_get_wbio(s), 341 if ( BIO_ctrl(SSL_get_wbio(s),
283 BIO_CTRL_DGRAM_MTU_EXCEEDED, 0, NULL)) 342 BIO_CTRL_DGRAM_MTU_EXCEEDED, 0, NULL) > 0 )
284 s->d1->mtu = BIO_ctrl(SSL_get_wbio(s), 343 s->d1->mtu = BIO_ctrl(SSL_get_wbio(s),
285 BIO_CTRL_DGRAM_QUERY_MTU, 0, NULL); 344 BIO_CTRL_DGRAM_QUERY_MTU, 0, NULL);
286 else 345 else
@@ -301,7 +360,7 @@ int dtls1_do_write(SSL *s, int type)
301 const struct hm_header_st *msg_hdr = &s->d1->w_msg_hdr; 360 const struct hm_header_st *msg_hdr = &s->d1->w_msg_hdr;
302 int xlen; 361 int xlen;
303 362
304 if (frag_off == 0 && s->client_version != DTLS1_BAD_VER) 363 if (frag_off == 0 && s->version != DTLS1_BAD_VER)
305 { 364 {
306 /* reconstruct message header is if it 365 /* reconstruct message header is if it
307 * is being sent in single fragment */ 366 * is being sent in single fragment */
@@ -352,6 +411,8 @@ long dtls1_get_message(SSL *s, int st1, int stn, int mt, long max, int *ok)
352 { 411 {
353 int i, al; 412 int i, al;
354 struct hm_header_st *msg_hdr; 413 struct hm_header_st *msg_hdr;
414 unsigned char *p;
415 unsigned long msg_len;
355 416
356 /* s3->tmp is used to store messages that are unexpected, caused 417 /* s3->tmp is used to store messages that are unexpected, caused
357 * by the absence of an optional handshake message */ 418 * by the absence of an optional handshake message */
@@ -371,76 +432,55 @@ long dtls1_get_message(SSL *s, int st1, int stn, int mt, long max, int *ok)
371 } 432 }
372 433
373 msg_hdr = &s->d1->r_msg_hdr; 434 msg_hdr = &s->d1->r_msg_hdr;
374 do 435 memset(msg_hdr, 0x00, sizeof(struct hm_header_st));
375 {
376 if ( msg_hdr->frag_off == 0)
377 {
378 /* s->d1->r_message_header.msg_len = 0; */
379 memset(msg_hdr, 0x00, sizeof(struct hm_header_st));
380 }
381 436
382 i = dtls1_get_message_fragment(s, st1, stn, max, ok); 437again:
383 if ( i == DTLS1_HM_BAD_FRAGMENT || 438 i = dtls1_get_message_fragment(s, st1, stn, max, ok);
384 i == DTLS1_HM_FRAGMENT_RETRY) /* bad fragment received */ 439 if ( i == DTLS1_HM_BAD_FRAGMENT ||
385 continue; 440 i == DTLS1_HM_FRAGMENT_RETRY) /* bad fragment received */
386 else if ( i <= 0 && !*ok) 441 goto again;
387 return i; 442 else if ( i <= 0 && !*ok)
443 return i;
388 444
389 /* Note that s->init_sum is used as a counter summing 445 p = (unsigned char *)s->init_buf->data;
390 * up fragments' lengths: as soon as they sum up to 446 msg_len = msg_hdr->msg_len;
391 * handshake packet length, we assume we have got all 447
392 * the fragments. Overlapping fragments would cause 448 /* reconstruct message header */
393 * premature termination, so we don't expect overlaps. 449 *(p++) = msg_hdr->type;
394 * Well, handling overlaps would require something more 450 l2n3(msg_len,p);
395 * drastic. Indeed, as it is now there is no way to 451 s2n (msg_hdr->seq,p);
396 * tell if out-of-order fragment from the middle was 452 l2n3(0,p);
397 * the last. '>=' is the best/least we can do to control 453 l2n3(msg_len,p);
398 * the potential damage caused by malformed overlaps. */ 454 if (s->version != DTLS1_BAD_VER) {
399 if ((unsigned int)s->init_num >= msg_hdr->msg_len) 455 p -= DTLS1_HM_HEADER_LENGTH;
400 { 456 msg_len += DTLS1_HM_HEADER_LENGTH;
401 unsigned char *p = (unsigned char *)s->init_buf->data; 457 }
402 unsigned long msg_len = msg_hdr->msg_len; 458
403 459 ssl3_finish_mac(s, p, msg_len);
404 /* reconstruct message header as if it was 460 if (s->msg_callback)
405 * sent in single fragment */ 461 s->msg_callback(0, s->version, SSL3_RT_HANDSHAKE,
406 *(p++) = msg_hdr->type; 462 p, msg_len,
407 l2n3(msg_len,p); 463 s, s->msg_callback_arg);
408 s2n (msg_hdr->seq,p); 464
409 l2n3(0,p); 465 memset(msg_hdr, 0x00, sizeof(struct hm_header_st));
410 l2n3(msg_len,p); 466
411 if (s->client_version != DTLS1_BAD_VER) 467 s->d1->handshake_read_seq++;
412 p -= DTLS1_HM_HEADER_LENGTH, 468 /* we just read a handshake message from the other side:
413 msg_len += DTLS1_HM_HEADER_LENGTH; 469 * this means that we don't need to retransmit of the
414 470 * buffered messages.
415 ssl3_finish_mac(s, p, msg_len); 471 * XDTLS: may be able clear out this
416 if (s->msg_callback) 472 * buffer a little sooner (i.e if an out-of-order
417 s->msg_callback(0, s->version, SSL3_RT_HANDSHAKE, 473 * handshake message/record is received at the record
418 p, msg_len, 474 * layer.
419 s, s->msg_callback_arg); 475 * XDTLS: exception is that the server needs to
420 476 * know that change cipher spec and finished messages
421 memset(msg_hdr, 0x00, sizeof(struct hm_header_st)); 477 * have been received by the client before clearing this
422 478 * buffer. this can simply be done by waiting for the
423 s->d1->handshake_read_seq++; 479 * first data segment, but is there a better way? */
424 /* we just read a handshake message from the other side: 480 dtls1_clear_record_buffer(s);
425 * this means that we don't need to retransmit of the 481
426 * buffered messages. 482 s->init_msg = s->init_buf->data + DTLS1_HM_HEADER_LENGTH;
427 * XDTLS: may be able clear out this 483 return s->init_num;
428 * buffer a little sooner (i.e if an out-of-order
429 * handshake message/record is received at the record
430 * layer.
431 * XDTLS: exception is that the server needs to
432 * know that change cipher spec and finished messages
433 * have been received by the client before clearing this
434 * buffer. this can simply be done by waiting for the
435 * first data segment, but is there a better way? */
436 dtls1_clear_record_buffer(s);
437
438 s->init_msg = s->init_buf->data + DTLS1_HM_HEADER_LENGTH;
439 return s->init_num;
440 }
441 else
442 msg_hdr->frag_off = i;
443 } while(1) ;
444 484
445f_err: 485f_err:
446 ssl3_send_alert(s,SSL3_AL_FATAL,al); 486 ssl3_send_alert(s,SSL3_AL_FATAL,al);
@@ -474,7 +514,7 @@ static int dtls1_preprocess_fragment(SSL *s,struct hm_header_st *msg_hdr,int max
474 { 514 {
475 /* msg_len is limited to 2^24, but is effectively checked 515 /* msg_len is limited to 2^24, but is effectively checked
476 * against max above */ 516 * against max above */
477 if (!BUF_MEM_grow_clean(s->init_buf,(int)msg_len+DTLS1_HM_HEADER_LENGTH)) 517 if (!BUF_MEM_grow_clean(s->init_buf,msg_len+DTLS1_HM_HEADER_LENGTH))
478 { 518 {
479 SSLerr(SSL_F_DTLS1_PREPROCESS_FRAGMENT,ERR_R_BUF_LIB); 519 SSLerr(SSL_F_DTLS1_PREPROCESS_FRAGMENT,ERR_R_BUF_LIB);
480 return SSL_AD_INTERNAL_ERROR; 520 return SSL_AD_INTERNAL_ERROR;
@@ -516,9 +556,14 @@ dtls1_retrieve_buffered_fragment(SSL *s, long max, int *ok)
516 return 0; 556 return 0;
517 557
518 frag = (hm_fragment *)item->data; 558 frag = (hm_fragment *)item->data;
559
560 /* Don't return if reassembly still in progress */
561 if (frag->reassembly != NULL)
562 return 0;
519 563
520 if ( s->d1->handshake_read_seq == frag->msg_header.seq) 564 if ( s->d1->handshake_read_seq == frag->msg_header.seq)
521 { 565 {
566 unsigned long frag_len = frag->msg_header.frag_len;
522 pqueue_pop(s->d1->buffered_messages); 567 pqueue_pop(s->d1->buffered_messages);
523 568
524 al=dtls1_preprocess_fragment(s,&frag->msg_header,max); 569 al=dtls1_preprocess_fragment(s,&frag->msg_header,max);
@@ -536,7 +581,7 @@ dtls1_retrieve_buffered_fragment(SSL *s, long max, int *ok)
536 if (al==0) 581 if (al==0)
537 { 582 {
538 *ok = 1; 583 *ok = 1;
539 return frag->msg_header.frag_len; 584 return frag_len;
540 } 585 }
541 586
542 ssl3_send_alert(s,SSL3_AL_FATAL,al); 587 ssl3_send_alert(s,SSL3_AL_FATAL,al);
@@ -550,18 +595,50 @@ dtls1_retrieve_buffered_fragment(SSL *s, long max, int *ok)
550 595
551 596
552static int 597static int
553dtls1_process_out_of_seq_message(SSL *s, struct hm_header_st* msg_hdr, int *ok) 598dtls1_reassemble_fragment(SSL *s, struct hm_header_st* msg_hdr, int *ok)
554{ 599 {
555 int i=-1;
556 hm_fragment *frag = NULL; 600 hm_fragment *frag = NULL;
557 pitem *item = NULL; 601 pitem *item = NULL;
558 PQ_64BIT seq64; 602 int i = -1, is_complete;
559 unsigned long frag_len = msg_hdr->frag_len; 603 unsigned char seq64be[8];
604 unsigned long frag_len = msg_hdr->frag_len, max_len;
560 605
561 if ((msg_hdr->frag_off+frag_len) > msg_hdr->msg_len) 606 if ((msg_hdr->frag_off+frag_len) > msg_hdr->msg_len)
562 goto err; 607 goto err;
563 608
564 if (msg_hdr->seq <= s->d1->handshake_read_seq) 609 /* Determine maximum allowed message size. Depends on (user set)
610 * maximum certificate length, but 16k is minimum.
611 */
612 if (DTLS1_HM_HEADER_LENGTH + SSL3_RT_MAX_ENCRYPTED_LENGTH < s->max_cert_list)
613 max_len = s->max_cert_list;
614 else
615 max_len = DTLS1_HM_HEADER_LENGTH + SSL3_RT_MAX_ENCRYPTED_LENGTH;
616
617 if ((msg_hdr->frag_off+frag_len) > max_len)
618 goto err;
619
620 /* Try to find item in queue */
621 memset(seq64be,0,sizeof(seq64be));
622 seq64be[6] = (unsigned char) (msg_hdr->seq>>8);
623 seq64be[7] = (unsigned char) msg_hdr->seq;
624 item = pqueue_find(s->d1->buffered_messages, seq64be);
625
626 if (item == NULL)
627 {
628 frag = dtls1_hm_fragment_new(msg_hdr->msg_len, 1);
629 if ( frag == NULL)
630 goto err;
631 memcpy(&(frag->msg_header), msg_hdr, sizeof(*msg_hdr));
632 frag->msg_header.frag_len = frag->msg_header.msg_len;
633 frag->msg_header.frag_off = 0;
634 }
635 else
636 frag = (hm_fragment*) item->data;
637
638 /* If message is already reassembled, this must be a
639 * retransmit and can be dropped.
640 */
641 if (frag->reassembly == NULL)
565 { 642 {
566 unsigned char devnull [256]; 643 unsigned char devnull [256];
567 644
@@ -573,32 +650,128 @@ dtls1_process_out_of_seq_message(SSL *s, struct hm_header_st* msg_hdr, int *ok)
573 if (i<=0) goto err; 650 if (i<=0) goto err;
574 frag_len -= i; 651 frag_len -= i;
575 } 652 }
653 return DTLS1_HM_FRAGMENT_RETRY;
576 } 654 }
577 655
578 frag = dtls1_hm_fragment_new(frag_len); 656 /* read the body of the fragment (header has already been read */
579 if ( frag == NULL) 657 i = s->method->ssl_read_bytes(s,SSL3_RT_HANDSHAKE,
658 frag->fragment + msg_hdr->frag_off,frag_len,0);
659 if (i<=0 || (unsigned long)i!=frag_len)
580 goto err; 660 goto err;
581 661
582 memcpy(&(frag->msg_header), msg_hdr, sizeof(*msg_hdr)); 662 RSMBLY_BITMASK_MARK(frag->reassembly, (long)msg_hdr->frag_off,
663 (long)(msg_hdr->frag_off + frag_len));
583 664
584 if (frag_len) 665 RSMBLY_BITMASK_IS_COMPLETE(frag->reassembly, (long)msg_hdr->msg_len,
666 is_complete);
667
668 if (is_complete)
669 {
670 OPENSSL_free(frag->reassembly);
671 frag->reassembly = NULL;
672 }
673
674 if (item == NULL)
585 { 675 {
586 /* read the body of the fragment (header has already been read */ 676 memset(seq64be,0,sizeof(seq64be));
587 i = s->method->ssl_read_bytes(s,SSL3_RT_HANDSHAKE, 677 seq64be[6] = (unsigned char)(msg_hdr->seq>>8);
588 frag->fragment,frag_len,0); 678 seq64be[7] = (unsigned char)(msg_hdr->seq);
589 if (i<=0 || (unsigned long)i!=frag_len) 679
680 item = pitem_new(seq64be, frag);
681 if (item == NULL)
682 {
590 goto err; 683 goto err;
684 i = -1;
685 }
686
687 pqueue_insert(s->d1->buffered_messages, item);
591 } 688 }
592 689
593 pq_64bit_init(&seq64); 690 return DTLS1_HM_FRAGMENT_RETRY;
594 pq_64bit_assign_word(&seq64, msg_hdr->seq); 691
692err:
693 if (frag != NULL) dtls1_hm_fragment_free(frag);
694 if (item != NULL) OPENSSL_free(item);
695 *ok = 0;
696 return i;
697 }
698
595 699
596 item = pitem_new(seq64, frag); 700static int
597 pq_64bit_free(&seq64); 701dtls1_process_out_of_seq_message(SSL *s, struct hm_header_st* msg_hdr, int *ok)
598 if ( item == NULL) 702{
703 int i=-1;
704 hm_fragment *frag = NULL;
705 pitem *item = NULL;
706 unsigned char seq64be[8];
707 unsigned long frag_len = msg_hdr->frag_len;
708
709 if ((msg_hdr->frag_off+frag_len) > msg_hdr->msg_len)
599 goto err; 710 goto err;
600 711
601 pqueue_insert(s->d1->buffered_messages, item); 712 /* Try to find item in queue, to prevent duplicate entries */
713 memset(seq64be,0,sizeof(seq64be));
714 seq64be[6] = (unsigned char) (msg_hdr->seq>>8);
715 seq64be[7] = (unsigned char) msg_hdr->seq;
716 item = pqueue_find(s->d1->buffered_messages, seq64be);
717
718 /* If we already have an entry and this one is a fragment,
719 * don't discard it and rather try to reassemble it.
720 */
721 if (item != NULL && frag_len < msg_hdr->msg_len)
722 item = NULL;
723
724 /* Discard the message if sequence number was already there, is
725 * too far in the future, already in the queue or if we received
726 * a FINISHED before the SERVER_HELLO, which then must be a stale
727 * retransmit.
728 */
729 if (msg_hdr->seq <= s->d1->handshake_read_seq ||
730 msg_hdr->seq > s->d1->handshake_read_seq + 10 || item != NULL ||
731 (s->d1->handshake_read_seq == 0 && msg_hdr->type == SSL3_MT_FINISHED))
732 {
733 unsigned char devnull [256];
734
735 while (frag_len)
736 {
737 i = s->method->ssl_read_bytes(s,SSL3_RT_HANDSHAKE,
738 devnull,
739 frag_len>sizeof(devnull)?sizeof(devnull):frag_len,0);
740 if (i<=0) goto err;
741 frag_len -= i;
742 }
743 }
744 else
745 {
746 if (frag_len && frag_len < msg_hdr->msg_len)
747 return dtls1_reassemble_fragment(s, msg_hdr, ok);
748
749 frag = dtls1_hm_fragment_new(frag_len, 0);
750 if ( frag == NULL)
751 goto err;
752
753 memcpy(&(frag->msg_header), msg_hdr, sizeof(*msg_hdr));
754
755 if (frag_len)
756 {
757 /* read the body of the fragment (header has already been read */
758 i = s->method->ssl_read_bytes(s,SSL3_RT_HANDSHAKE,
759 frag->fragment,frag_len,0);
760 if (i<=0 || (unsigned long)i!=frag_len)
761 goto err;
762 }
763
764 memset(seq64be,0,sizeof(seq64be));
765 seq64be[6] = (unsigned char)(msg_hdr->seq>>8);
766 seq64be[7] = (unsigned char)(msg_hdr->seq);
767
768 item = pitem_new(seq64be, frag);
769 if ( item == NULL)
770 goto err;
771
772 pqueue_insert(s->d1->buffered_messages, item);
773 }
774
602 return DTLS1_HM_FRAGMENT_RETRY; 775 return DTLS1_HM_FRAGMENT_RETRY;
603 776
604err: 777err:
@@ -613,14 +786,14 @@ static long
613dtls1_get_message_fragment(SSL *s, int st1, int stn, long max, int *ok) 786dtls1_get_message_fragment(SSL *s, int st1, int stn, long max, int *ok)
614 { 787 {
615 unsigned char wire[DTLS1_HM_HEADER_LENGTH]; 788 unsigned char wire[DTLS1_HM_HEADER_LENGTH];
616 unsigned long l, frag_off, frag_len; 789 unsigned long len, frag_off, frag_len;
617 int i,al; 790 int i,al;
618 struct hm_header_st msg_hdr; 791 struct hm_header_st msg_hdr;
619 792
620 /* see if we have the required fragment already */ 793 /* see if we have the required fragment already */
621 if ((frag_len = dtls1_retrieve_buffered_fragment(s,max,ok)) || *ok) 794 if ((frag_len = dtls1_retrieve_buffered_fragment(s,max,ok)) || *ok)
622 { 795 {
623 if (*ok) s->init_num += frag_len; 796 if (*ok) s->init_num = frag_len;
624 return frag_len; 797 return frag_len;
625 } 798 }
626 799
@@ -645,10 +818,13 @@ dtls1_get_message_fragment(SSL *s, int st1, int stn, long max, int *ok)
645 if ( msg_hdr.seq != s->d1->handshake_read_seq) 818 if ( msg_hdr.seq != s->d1->handshake_read_seq)
646 return dtls1_process_out_of_seq_message(s, &msg_hdr, ok); 819 return dtls1_process_out_of_seq_message(s, &msg_hdr, ok);
647 820
648 l = msg_hdr.msg_len; 821 len = msg_hdr.msg_len;
649 frag_off = msg_hdr.frag_off; 822 frag_off = msg_hdr.frag_off;
650 frag_len = msg_hdr.frag_len; 823 frag_len = msg_hdr.frag_len;
651 824
825 if (frag_len && frag_len < len)
826 return dtls1_reassemble_fragment(s, &msg_hdr, ok);
827
652 if (!s->server && s->d1->r_msg_hdr.frag_off == 0 && 828 if (!s->server && s->d1->r_msg_hdr.frag_off == 0 &&
653 wire[0] == SSL3_MT_HELLO_REQUEST) 829 wire[0] == SSL3_MT_HELLO_REQUEST)
654 { 830 {
@@ -708,7 +884,7 @@ dtls1_get_message_fragment(SSL *s, int st1, int stn, long max, int *ok)
708 * s->init_buf->data, but as a counter summing up fragments' 884 * s->init_buf->data, but as a counter summing up fragments'
709 * lengths: as soon as they sum up to handshake packet 885 * lengths: as soon as they sum up to handshake packet
710 * length, we assume we have got all the fragments. */ 886 * length, we assume we have got all the fragments. */
711 s->init_num += frag_len; 887 s->init_num = frag_len;
712 return frag_len; 888 return frag_len;
713 889
714f_err: 890f_err:
@@ -731,14 +907,30 @@ int dtls1_send_finished(SSL *s, int a, int b, const char *sender, int slen)
731 p= &(d[DTLS1_HM_HEADER_LENGTH]); 907 p= &(d[DTLS1_HM_HEADER_LENGTH]);
732 908
733 i=s->method->ssl3_enc->final_finish_mac(s, 909 i=s->method->ssl3_enc->final_finish_mac(s,
734 &(s->s3->finish_dgst1),
735 &(s->s3->finish_dgst2),
736 sender,slen,s->s3->tmp.finish_md); 910 sender,slen,s->s3->tmp.finish_md);
737 s->s3->tmp.finish_md_len = i; 911 s->s3->tmp.finish_md_len = i;
738 memcpy(p, s->s3->tmp.finish_md, i); 912 memcpy(p, s->s3->tmp.finish_md, i);
739 p+=i; 913 p+=i;
740 l=i; 914 l=i;
741 915
916 /* Copy the finished so we can use it for
917 * renegotiation checks
918 */
919 if(s->type == SSL_ST_CONNECT)
920 {
921 OPENSSL_assert(i <= EVP_MAX_MD_SIZE);
922 memcpy(s->s3->previous_client_finished,
923 s->s3->tmp.finish_md, i);
924 s->s3->previous_client_finished_len=i;
925 }
926 else
927 {
928 OPENSSL_assert(i <= EVP_MAX_MD_SIZE);
929 memcpy(s->s3->previous_server_finished,
930 s->s3->tmp.finish_md, i);
931 s->s3->previous_server_finished_len=i;
932 }
933
742#ifdef OPENSSL_SYS_WIN16 934#ifdef OPENSSL_SYS_WIN16
743 /* MSVC 1.5 does not clear the top bytes of the word unless 935 /* MSVC 1.5 does not clear the top bytes of the word unless
744 * I do this. 936 * I do this.
@@ -779,12 +971,11 @@ int dtls1_send_change_cipher_spec(SSL *s, int a, int b)
779 s->d1->handshake_write_seq = s->d1->next_handshake_write_seq; 971 s->d1->handshake_write_seq = s->d1->next_handshake_write_seq;
780 s->init_num=DTLS1_CCS_HEADER_LENGTH; 972 s->init_num=DTLS1_CCS_HEADER_LENGTH;
781 973
782 if (s->client_version == DTLS1_BAD_VER) 974 if (s->version == DTLS1_BAD_VER) {
783 {
784 s->d1->next_handshake_write_seq++; 975 s->d1->next_handshake_write_seq++;
785 s2n(s->d1->handshake_write_seq,p); 976 s2n(s->d1->handshake_write_seq,p);
786 s->init_num+=2; 977 s->init_num+=2;
787 } 978 }
788 979
789 s->init_off=0; 980 s->init_off=0;
790 981
@@ -801,14 +992,30 @@ int dtls1_send_change_cipher_spec(SSL *s, int a, int b)
801 return(dtls1_do_write(s,SSL3_RT_CHANGE_CIPHER_SPEC)); 992 return(dtls1_do_write(s,SSL3_RT_CHANGE_CIPHER_SPEC));
802 } 993 }
803 994
995static int dtls1_add_cert_to_buf(BUF_MEM *buf, unsigned long *l, X509 *x)
996 {
997 int n;
998 unsigned char *p;
999
1000 n=i2d_X509(x,NULL);
1001 if (!BUF_MEM_grow_clean(buf,(int)(n+(*l)+3)))
1002 {
1003 SSLerr(SSL_F_DTLS1_ADD_CERT_TO_BUF,ERR_R_BUF_LIB);
1004 return 0;
1005 }
1006 p=(unsigned char *)&(buf->data[*l]);
1007 l2n3(n,p);
1008 i2d_X509(x,&p);
1009 *l+=n+3;
1010
1011 return 1;
1012 }
804unsigned long dtls1_output_cert_chain(SSL *s, X509 *x) 1013unsigned long dtls1_output_cert_chain(SSL *s, X509 *x)
805 { 1014 {
806 unsigned char *p; 1015 unsigned char *p;
807 int n,i; 1016 int i;
808 unsigned long l= 3 + DTLS1_HM_HEADER_LENGTH; 1017 unsigned long l= 3 + DTLS1_HM_HEADER_LENGTH;
809 BUF_MEM *buf; 1018 BUF_MEM *buf;
810 X509_STORE_CTX xs_ctx;
811 X509_OBJECT obj;
812 1019
813 /* TLSv1 sends a chain with nothing in it, instead of an alert */ 1020 /* TLSv1 sends a chain with nothing in it, instead of an alert */
814 buf=s->init_buf; 1021 buf=s->init_buf;
@@ -819,54 +1026,35 @@ unsigned long dtls1_output_cert_chain(SSL *s, X509 *x)
819 } 1026 }
820 if (x != NULL) 1027 if (x != NULL)
821 { 1028 {
822 if(!X509_STORE_CTX_init(&xs_ctx,s->ctx->cert_store,NULL,NULL)) 1029 X509_STORE_CTX xs_ctx;
823 { 1030
824 SSLerr(SSL_F_DTLS1_OUTPUT_CERT_CHAIN,ERR_R_X509_LIB); 1031 if (!X509_STORE_CTX_init(&xs_ctx,s->ctx->cert_store,x,NULL))
825 return(0); 1032 {
826 } 1033 SSLerr(SSL_F_DTLS1_OUTPUT_CERT_CHAIN,ERR_R_X509_LIB);
827 1034 return(0);
828 for (;;) 1035 }
829 { 1036
830 n=i2d_X509(x,NULL); 1037 X509_verify_cert(&xs_ctx);
831 if (!BUF_MEM_grow_clean(buf,(int)(n+l+3))) 1038 /* Don't leave errors in the queue */
832 { 1039 ERR_clear_error();
833 SSLerr(SSL_F_DTLS1_OUTPUT_CERT_CHAIN,ERR_R_BUF_LIB); 1040 for (i=0; i < sk_X509_num(xs_ctx.chain); i++)
834 return(0); 1041 {
835 } 1042 x = sk_X509_value(xs_ctx.chain, i);
836 p=(unsigned char *)&(buf->data[l]); 1043
837 l2n3(n,p); 1044 if (!dtls1_add_cert_to_buf(buf, &l, x))
838 i2d_X509(x,&p); 1045 {
839 l+=n+3; 1046 X509_STORE_CTX_cleanup(&xs_ctx);
840 if (X509_NAME_cmp(X509_get_subject_name(x), 1047 return 0;
841 X509_get_issuer_name(x)) == 0) break; 1048 }
842 1049 }
843 i=X509_STORE_get_by_subject(&xs_ctx,X509_LU_X509, 1050 X509_STORE_CTX_cleanup(&xs_ctx);
844 X509_get_issuer_name(x),&obj); 1051 }
845 if (i <= 0) break; 1052 /* Thawte special :-) */
846 x=obj.data.x509;
847 /* Count is one too high since the X509_STORE_get uped the
848 * ref count */
849 X509_free(x);
850 }
851
852 X509_STORE_CTX_cleanup(&xs_ctx);
853 }
854
855 /* Thawte special :-) */
856 if (s->ctx->extra_certs != NULL)
857 for (i=0; i<sk_X509_num(s->ctx->extra_certs); i++) 1053 for (i=0; i<sk_X509_num(s->ctx->extra_certs); i++)
858 { 1054 {
859 x=sk_X509_value(s->ctx->extra_certs,i); 1055 x=sk_X509_value(s->ctx->extra_certs,i);
860 n=i2d_X509(x,NULL); 1056 if (!dtls1_add_cert_to_buf(buf, &l, x))
861 if (!BUF_MEM_grow_clean(buf,(int)(n+l+3))) 1057 return 0;
862 {
863 SSLerr(SSL_F_DTLS1_OUTPUT_CERT_CHAIN,ERR_R_BUF_LIB);
864 return(0);
865 }
866 p=(unsigned char *)&(buf->data[l]);
867 l2n3(n,p);
868 i2d_X509(x,&p);
869 l+=n+3;
870 } 1058 }
871 1059
872 l-= (3 + DTLS1_HM_HEADER_LENGTH); 1060 l-= (3 + DTLS1_HM_HEADER_LENGTH);
@@ -883,18 +1071,13 @@ unsigned long dtls1_output_cert_chain(SSL *s, X509 *x)
883 1071
884int dtls1_read_failed(SSL *s, int code) 1072int dtls1_read_failed(SSL *s, int code)
885 { 1073 {
886 DTLS1_STATE *state;
887 BIO *bio;
888 int send_alert = 0;
889
890 if ( code > 0) 1074 if ( code > 0)
891 { 1075 {
892 fprintf( stderr, "invalid state reached %s:%d", __FILE__, __LINE__); 1076 fprintf( stderr, "invalid state reached %s:%d", __FILE__, __LINE__);
893 return 1; 1077 return 1;
894 } 1078 }
895 1079
896 bio = SSL_get_rbio(s); 1080 if (!dtls1_is_timer_expired(s))
897 if ( ! BIO_dgram_recv_timedout(bio))
898 { 1081 {
899 /* not a timeout, none of our business, 1082 /* not a timeout, none of our business,
900 let higher layers handle this. in fact it's probably an error */ 1083 let higher layers handle this. in fact it's probably an error */
@@ -907,23 +1090,6 @@ int dtls1_read_failed(SSL *s, int code)
907 return code; 1090 return code;
908 } 1091 }
909 1092
910 state = s->d1;
911 state->timeout.num_alerts++;
912 if ( state->timeout.num_alerts > DTLS1_TMO_ALERT_COUNT)
913 {
914 /* fail the connection, enough alerts have been sent */
915 SSLerr(SSL_F_DTLS1_READ_FAILED,SSL_R_READ_TIMEOUT_EXPIRED);
916 return 0;
917 }
918
919 state->timeout.read_timeouts++;
920 if ( state->timeout.read_timeouts > DTLS1_TMO_READ_COUNT)
921 {
922 send_alert = 1;
923 state->timeout.read_timeouts = 1;
924 }
925
926
927#if 0 /* for now, each alert contains only one record number */ 1093#if 0 /* for now, each alert contains only one record number */
928 item = pqueue_peek(state->rcvd_records); 1094 item = pqueue_peek(state->rcvd_records);
929 if ( item ) 1095 if ( item )
@@ -934,16 +1100,29 @@ int dtls1_read_failed(SSL *s, int code)
934#endif 1100#endif
935 1101
936#if 0 /* no more alert sending, just retransmit the last set of messages */ 1102#if 0 /* no more alert sending, just retransmit the last set of messages */
937 if ( send_alert) 1103 if ( state->timeout.read_timeouts >= DTLS1_TMO_READ_COUNT)
938 ssl3_send_alert(s,SSL3_AL_WARNING, 1104 ssl3_send_alert(s,SSL3_AL_WARNING,
939 DTLS1_AD_MISSING_HANDSHAKE_MESSAGE); 1105 DTLS1_AD_MISSING_HANDSHAKE_MESSAGE);
940#endif 1106#endif
941 1107
942 return dtls1_retransmit_buffered_messages(s) ; 1108 return dtls1_handle_timeout(s);
943 } 1109 }
944 1110
1111int
1112dtls1_get_queue_priority(unsigned short seq, int is_ccs)
1113 {
1114 /* The index of the retransmission queue actually is the message sequence number,
1115 * since the queue only contains messages of a single handshake. However, the
1116 * ChangeCipherSpec has no message sequence number and so using only the sequence
1117 * will result in the CCS and Finished having the same index. To prevent this,
1118 * the sequence number is multiplied by 2. In case of a CCS 1 is subtracted.
1119 * This does not only differ CSS and Finished, it also maintains the order of the
1120 * index (important for priority queues) and fits in the unsigned short variable.
1121 */
1122 return seq * 2 - is_ccs;
1123 }
945 1124
946static int 1125int
947dtls1_retransmit_buffered_messages(SSL *s) 1126dtls1_retransmit_buffered_messages(SSL *s)
948 { 1127 {
949 pqueue sent = s->d1->sent_messages; 1128 pqueue sent = s->d1->sent_messages;
@@ -957,8 +1136,9 @@ dtls1_retransmit_buffered_messages(SSL *s)
957 for ( item = pqueue_next(&iter); item != NULL; item = pqueue_next(&iter)) 1136 for ( item = pqueue_next(&iter); item != NULL; item = pqueue_next(&iter))
958 { 1137 {
959 frag = (hm_fragment *)item->data; 1138 frag = (hm_fragment *)item->data;
960 if ( dtls1_retransmit_message(s, frag->msg_header.seq, 0, &found) <= 0 && 1139 if ( dtls1_retransmit_message(s,
961 found) 1140 (unsigned short)dtls1_get_queue_priority(frag->msg_header.seq, frag->msg_header.is_ccs),
1141 0, &found) <= 0 && found)
962 { 1142 {
963 fprintf(stderr, "dtls1_retransmit_message() failed\n"); 1143 fprintf(stderr, "dtls1_retransmit_message() failed\n");
964 return -1; 1144 return -1;
@@ -973,22 +1153,20 @@ dtls1_buffer_message(SSL *s, int is_ccs)
973 { 1153 {
974 pitem *item; 1154 pitem *item;
975 hm_fragment *frag; 1155 hm_fragment *frag;
976 PQ_64BIT seq64; 1156 unsigned char seq64be[8];
977 unsigned int epoch = s->d1->w_epoch;
978 1157
979 /* this function is called immediately after a message has 1158 /* this function is called immediately after a message has
980 * been serialized */ 1159 * been serialized */
981 OPENSSL_assert(s->init_off == 0); 1160 OPENSSL_assert(s->init_off == 0);
982 1161
983 frag = dtls1_hm_fragment_new(s->init_num); 1162 frag = dtls1_hm_fragment_new(s->init_num, 0);
984 1163
985 memcpy(frag->fragment, s->init_buf->data, s->init_num); 1164 memcpy(frag->fragment, s->init_buf->data, s->init_num);
986 1165
987 if ( is_ccs) 1166 if ( is_ccs)
988 { 1167 {
989 OPENSSL_assert(s->d1->w_msg_hdr.msg_len + 1168 OPENSSL_assert(s->d1->w_msg_hdr.msg_len +
990 DTLS1_CCS_HEADER_LENGTH <= (unsigned int)s->init_num); 1169 ((s->version==DTLS1_VERSION)?DTLS1_CCS_HEADER_LENGTH:3) == (unsigned int)s->init_num);
991 epoch++;
992 } 1170 }
993 else 1171 else
994 { 1172 {
@@ -1003,11 +1181,20 @@ dtls1_buffer_message(SSL *s, int is_ccs)
1003 frag->msg_header.frag_len = s->d1->w_msg_hdr.msg_len; 1181 frag->msg_header.frag_len = s->d1->w_msg_hdr.msg_len;
1004 frag->msg_header.is_ccs = is_ccs; 1182 frag->msg_header.is_ccs = is_ccs;
1005 1183
1006 pq_64bit_init(&seq64); 1184 /* save current state*/
1007 pq_64bit_assign_word(&seq64, epoch<<16 | frag->msg_header.seq); 1185 frag->msg_header.saved_retransmit_state.enc_write_ctx = s->enc_write_ctx;
1008 1186 frag->msg_header.saved_retransmit_state.write_hash = s->write_hash;
1009 item = pitem_new(seq64, frag); 1187 frag->msg_header.saved_retransmit_state.compress = s->compress;
1010 pq_64bit_free(&seq64); 1188 frag->msg_header.saved_retransmit_state.session = s->session;
1189 frag->msg_header.saved_retransmit_state.epoch = s->d1->w_epoch;
1190
1191 memset(seq64be,0,sizeof(seq64be));
1192 seq64be[6] = (unsigned char)(dtls1_get_queue_priority(frag->msg_header.seq,
1193 frag->msg_header.is_ccs)>>8);
1194 seq64be[7] = (unsigned char)(dtls1_get_queue_priority(frag->msg_header.seq,
1195 frag->msg_header.is_ccs));
1196
1197 item = pitem_new(seq64be, frag);
1011 if ( item == NULL) 1198 if ( item == NULL)
1012 { 1199 {
1013 dtls1_hm_fragment_free(frag); 1200 dtls1_hm_fragment_free(frag);
@@ -1033,7 +1220,9 @@ dtls1_retransmit_message(SSL *s, unsigned short seq, unsigned long frag_off,
1033 pitem *item; 1220 pitem *item;
1034 hm_fragment *frag ; 1221 hm_fragment *frag ;
1035 unsigned long header_length; 1222 unsigned long header_length;
1036 PQ_64BIT seq64; 1223 unsigned char seq64be[8];
1224 struct dtls1_retransmit_state saved_state;
1225 unsigned char save_write_sequence[8];
1037 1226
1038 /* 1227 /*
1039 OPENSSL_assert(s->init_num == 0); 1228 OPENSSL_assert(s->init_num == 0);
@@ -1041,11 +1230,11 @@ dtls1_retransmit_message(SSL *s, unsigned short seq, unsigned long frag_off,
1041 */ 1230 */
1042 1231
1043 /* XDTLS: the requested message ought to be found, otherwise error */ 1232 /* XDTLS: the requested message ought to be found, otherwise error */
1044 pq_64bit_init(&seq64); 1233 memset(seq64be,0,sizeof(seq64be));
1045 pq_64bit_assign_word(&seq64, seq); 1234 seq64be[6] = (unsigned char)(seq>>8);
1235 seq64be[7] = (unsigned char)seq;
1046 1236
1047 item = pqueue_find(s->d1->sent_messages, seq64); 1237 item = pqueue_find(s->d1->sent_messages, seq64be);
1048 pq_64bit_free(&seq64);
1049 if ( item == NULL) 1238 if ( item == NULL)
1050 { 1239 {
1051 fprintf(stderr, "retransmit: message %d non-existant\n", seq); 1240 fprintf(stderr, "retransmit: message %d non-existant\n", seq);
@@ -1069,9 +1258,45 @@ dtls1_retransmit_message(SSL *s, unsigned short seq, unsigned long frag_off,
1069 frag->msg_header.msg_len, frag->msg_header.seq, 0, 1258 frag->msg_header.msg_len, frag->msg_header.seq, 0,
1070 frag->msg_header.frag_len); 1259 frag->msg_header.frag_len);
1071 1260
1261 /* save current state */
1262 saved_state.enc_write_ctx = s->enc_write_ctx;
1263 saved_state.write_hash = s->write_hash;
1264 saved_state.compress = s->compress;
1265 saved_state.session = s->session;
1266 saved_state.epoch = s->d1->w_epoch;
1267 saved_state.epoch = s->d1->w_epoch;
1268
1072 s->d1->retransmitting = 1; 1269 s->d1->retransmitting = 1;
1270
1271 /* restore state in which the message was originally sent */
1272 s->enc_write_ctx = frag->msg_header.saved_retransmit_state.enc_write_ctx;
1273 s->write_hash = frag->msg_header.saved_retransmit_state.write_hash;
1274 s->compress = frag->msg_header.saved_retransmit_state.compress;
1275 s->session = frag->msg_header.saved_retransmit_state.session;
1276 s->d1->w_epoch = frag->msg_header.saved_retransmit_state.epoch;
1277
1278 if (frag->msg_header.saved_retransmit_state.epoch == saved_state.epoch - 1)
1279 {
1280 memcpy(save_write_sequence, s->s3->write_sequence, sizeof(s->s3->write_sequence));
1281 memcpy(s->s3->write_sequence, s->d1->last_write_sequence, sizeof(s->s3->write_sequence));
1282 }
1283
1073 ret = dtls1_do_write(s, frag->msg_header.is_ccs ? 1284 ret = dtls1_do_write(s, frag->msg_header.is_ccs ?
1074 SSL3_RT_CHANGE_CIPHER_SPEC : SSL3_RT_HANDSHAKE); 1285 SSL3_RT_CHANGE_CIPHER_SPEC : SSL3_RT_HANDSHAKE);
1286
1287 /* restore current state */
1288 s->enc_write_ctx = saved_state.enc_write_ctx;
1289 s->write_hash = saved_state.write_hash;
1290 s->compress = saved_state.compress;
1291 s->session = saved_state.session;
1292 s->d1->w_epoch = saved_state.epoch;
1293
1294 if (frag->msg_header.saved_retransmit_state.epoch == saved_state.epoch - 1)
1295 {
1296 memcpy(s->d1->last_write_sequence, s->s3->write_sequence, sizeof(s->s3->write_sequence));
1297 memcpy(s->s3->write_sequence, save_write_sequence, sizeof(s->s3->write_sequence));
1298 }
1299
1075 s->d1->retransmitting = 0; 1300 s->d1->retransmitting = 0;
1076 1301
1077 (void)BIO_flush(SSL_get_wbio(s)); 1302 (void)BIO_flush(SSL_get_wbio(s));
@@ -1160,7 +1385,7 @@ dtls1_min_mtu(void)
1160static unsigned int 1385static unsigned int
1161dtls1_guess_mtu(unsigned int curr_mtu) 1386dtls1_guess_mtu(unsigned int curr_mtu)
1162 { 1387 {
1163 size_t i; 1388 unsigned int i;
1164 1389
1165 if ( curr_mtu == 0 ) 1390 if ( curr_mtu == 0 )
1166 return g_probable_mtu[0] ; 1391 return g_probable_mtu[0] ;
diff --git a/src/lib/libssl/d1_enc.c b/src/lib/libssl/d1_enc.c
index cf3332e4e4..8fa57347a9 100644
--- a/src/lib/libssl/d1_enc.c
+++ b/src/lib/libssl/d1_enc.c
@@ -136,8 +136,12 @@ int dtls1_enc(SSL *s, int send)
136 136
137 if (send) 137 if (send)
138 { 138 {
139 if (s->write_hash != NULL) 139 if (EVP_MD_CTX_md(s->write_hash))
140 n=EVP_MD_size(s->write_hash); 140 {
141 n=EVP_MD_CTX_size(s->write_hash);
142 if (n < 0)
143 return -1;
144 }
141 ds=s->enc_write_ctx; 145 ds=s->enc_write_ctx;
142 rec= &(s->s3->wrec); 146 rec= &(s->s3->wrec);
143 if (s->enc_write_ctx == NULL) 147 if (s->enc_write_ctx == NULL)
@@ -151,15 +155,19 @@ int dtls1_enc(SSL *s, int send)
151 __FILE__, __LINE__); 155 __FILE__, __LINE__);
152 else if ( EVP_CIPHER_block_size(ds->cipher) > 1) 156 else if ( EVP_CIPHER_block_size(ds->cipher) > 1)
153 { 157 {
154 if (!RAND_bytes(rec->input, EVP_CIPHER_block_size(ds->cipher))) 158 if (RAND_bytes(rec->input, EVP_CIPHER_block_size(ds->cipher)) <= 0)
155 return -1; 159 return -1;
156 } 160 }
157 } 161 }
158 } 162 }
159 else 163 else
160 { 164 {
161 if (s->read_hash != NULL) 165 if (EVP_MD_CTX_md(s->read_hash))
162 n=EVP_MD_size(s->read_hash); 166 {
167 n=EVP_MD_CTX_size(s->read_hash);
168 if (n < 0)
169 return -1;
170 }
163 ds=s->enc_read_ctx; 171 ds=s->enc_read_ctx;
164 rec= &(s->s3->rrec); 172 rec= &(s->s3->rrec);
165 if (s->enc_read_ctx == NULL) 173 if (s->enc_read_ctx == NULL)
@@ -206,11 +214,10 @@ int dtls1_enc(SSL *s, int send)
206 { 214 {
207 unsigned long ui; 215 unsigned long ui;
208 printf("EVP_Cipher(ds=%p,rec->data=%p,rec->input=%p,l=%ld) ==>\n", 216 printf("EVP_Cipher(ds=%p,rec->data=%p,rec->input=%p,l=%ld) ==>\n",
209 (void *)ds,rec->data,rec->input,l); 217 ds,rec->data,rec->input,l);
210 printf("\tEVP_CIPHER_CTX: %d buf_len, %d key_len [%ld %ld], %d iv_len\n", 218 printf("\tEVP_CIPHER_CTX: %d buf_len, %d key_len [%d %d], %d iv_len\n",
211 ds->buf_len, ds->cipher->key_len, 219 ds->buf_len, ds->cipher->key_len,
212 (unsigned long)DES_KEY_SZ, 220 DES_KEY_SZ, DES_SCHEDULE_SZ,
213 (unsigned long)DES_SCHEDULE_SZ,
214 ds->cipher->iv_len); 221 ds->cipher->iv_len);
215 printf("\t\tIV: "); 222 printf("\t\tIV: ");
216 for (i=0; i<ds->cipher->iv_len; i++) printf("%02X", ds->iv[i]); 223 for (i=0; i<ds->cipher->iv_len; i++) printf("%02X", ds->iv[i]);
@@ -235,10 +242,10 @@ int dtls1_enc(SSL *s, int send)
235 242
236#ifdef KSSL_DEBUG 243#ifdef KSSL_DEBUG
237 { 244 {
238 unsigned long ki; 245 unsigned long i;
239 printf("\trec->data="); 246 printf("\trec->data=");
240 for (ki=0; ki<l; ki++) 247 for (i=0; i<l; i++)
241 printf(" %02x", rec->data[ki]); printf("\n"); 248 printf(" %02x", rec->data[i]); printf("\n");
242 } 249 }
243#endif /* KSSL_DEBUG */ 250#endif /* KSSL_DEBUG */
244 251
diff --git a/src/lib/libssl/d1_lib.c b/src/lib/libssl/d1_lib.c
index 3568e97a87..96b220e87c 100644
--- a/src/lib/libssl/d1_lib.c
+++ b/src/lib/libssl/d1_lib.c
@@ -58,10 +58,17 @@
58 */ 58 */
59 59
60#include <stdio.h> 60#include <stdio.h>
61#define USE_SOCKETS
61#include <openssl/objects.h> 62#include <openssl/objects.h>
62#include "ssl_locl.h" 63#include "ssl_locl.h"
63 64
65#if defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_VMS)
66#include <sys/timeb.h>
67#endif
68
69static void get_current_time(struct timeval *t);
64const char dtls1_version_str[]="DTLSv1" OPENSSL_VERSION_PTEXT; 70const char dtls1_version_str[]="DTLSv1" OPENSSL_VERSION_PTEXT;
71int dtls1_listen(SSL *s, struct sockaddr *client);
65 72
66SSL3_ENC_METHOD DTLSv1_enc_data={ 73SSL3_ENC_METHOD DTLSv1_enc_data={
67 dtls1_enc, 74 dtls1_enc,
@@ -84,11 +91,6 @@ long dtls1_default_timeout(void)
84 return(60*60*2); 91 return(60*60*2);
85 } 92 }
86 93
87IMPLEMENT_dtls1_meth_func(dtlsv1_base_method,
88 ssl_undefined_function,
89 ssl_undefined_function,
90 ssl_bad_method)
91
92int dtls1_new(SSL *s) 94int dtls1_new(SSL *s)
93 { 95 {
94 DTLS1_STATE *d1; 96 DTLS1_STATE *d1;
@@ -98,22 +100,12 @@ int dtls1_new(SSL *s)
98 memset(d1,0, sizeof *d1); 100 memset(d1,0, sizeof *d1);
99 101
100 /* d1->handshake_epoch=0; */ 102 /* d1->handshake_epoch=0; */
101#if defined(OPENSSL_SYS_VMS) || defined(VMS_TEST)
102 d1->bitmap.length=64;
103#else
104 d1->bitmap.length=sizeof(d1->bitmap.map) * 8;
105#endif
106 pq_64bit_init(&(d1->bitmap.map));
107 pq_64bit_init(&(d1->bitmap.max_seq_num));
108
109 d1->next_bitmap.length = d1->bitmap.length;
110 pq_64bit_init(&(d1->next_bitmap.map));
111 pq_64bit_init(&(d1->next_bitmap.max_seq_num));
112 103
113 d1->unprocessed_rcds.q=pqueue_new(); 104 d1->unprocessed_rcds.q=pqueue_new();
114 d1->processed_rcds.q=pqueue_new(); 105 d1->processed_rcds.q=pqueue_new();
115 d1->buffered_messages = pqueue_new(); 106 d1->buffered_messages = pqueue_new();
116 d1->sent_messages=pqueue_new(); 107 d1->sent_messages=pqueue_new();
108 d1->buffered_app_data.q=pqueue_new();
117 109
118 if ( s->server) 110 if ( s->server)
119 { 111 {
@@ -121,12 +113,13 @@ int dtls1_new(SSL *s)
121 } 113 }
122 114
123 if( ! d1->unprocessed_rcds.q || ! d1->processed_rcds.q 115 if( ! d1->unprocessed_rcds.q || ! d1->processed_rcds.q
124 || ! d1->buffered_messages || ! d1->sent_messages) 116 || ! d1->buffered_messages || ! d1->sent_messages || ! d1->buffered_app_data.q)
125 { 117 {
126 if ( d1->unprocessed_rcds.q) pqueue_free(d1->unprocessed_rcds.q); 118 if ( d1->unprocessed_rcds.q) pqueue_free(d1->unprocessed_rcds.q);
127 if ( d1->processed_rcds.q) pqueue_free(d1->processed_rcds.q); 119 if ( d1->processed_rcds.q) pqueue_free(d1->processed_rcds.q);
128 if ( d1->buffered_messages) pqueue_free(d1->buffered_messages); 120 if ( d1->buffered_messages) pqueue_free(d1->buffered_messages);
129 if ( d1->sent_messages) pqueue_free(d1->sent_messages); 121 if ( d1->sent_messages) pqueue_free(d1->sent_messages);
122 if ( d1->buffered_app_data.q) pqueue_free(d1->buffered_app_data.q);
130 OPENSSL_free(d1); 123 OPENSSL_free(d1);
131 return (0); 124 return (0);
132 } 125 }
@@ -175,11 +168,14 @@ void dtls1_free(SSL *s)
175 } 168 }
176 pqueue_free(s->d1->sent_messages); 169 pqueue_free(s->d1->sent_messages);
177 170
178 pq_64bit_free(&(s->d1->bitmap.map)); 171 while ( (item = pqueue_pop(s->d1->buffered_app_data.q)) != NULL)
179 pq_64bit_free(&(s->d1->bitmap.max_seq_num)); 172 {
180 173 frag = (hm_fragment *)item->data;
181 pq_64bit_free(&(s->d1->next_bitmap.map)); 174 OPENSSL_free(frag->fragment);
182 pq_64bit_free(&(s->d1->next_bitmap.max_seq_num)); 175 OPENSSL_free(frag);
176 pitem_free(item);
177 }
178 pqueue_free(s->d1->buffered_app_data.q);
183 179
184 OPENSSL_free(s->d1); 180 OPENSSL_free(s->d1);
185 } 181 }
@@ -187,7 +183,36 @@ void dtls1_free(SSL *s)
187void dtls1_clear(SSL *s) 183void dtls1_clear(SSL *s)
188 { 184 {
189 ssl3_clear(s); 185 ssl3_clear(s);
190 s->version=DTLS1_VERSION; 186 if (s->options & SSL_OP_CISCO_ANYCONNECT)
187 s->version=DTLS1_BAD_VER;
188 else
189 s->version=DTLS1_VERSION;
190 }
191
192long dtls1_ctrl(SSL *s, int cmd, long larg, void *parg)
193 {
194 int ret=0;
195
196 switch (cmd)
197 {
198 case DTLS_CTRL_GET_TIMEOUT:
199 if (dtls1_get_timeout(s, (struct timeval*) parg) != NULL)
200 {
201 ret = 1;
202 }
203 break;
204 case DTLS_CTRL_HANDLE_TIMEOUT:
205 ret = dtls1_handle_timeout(s);
206 break;
207 case DTLS_CTRL_LISTEN:
208 ret = dtls1_listen(s, parg);
209 break;
210
211 default:
212 ret = ssl3_ctrl(s, cmd, larg, parg);
213 break;
214 }
215 return(ret);
191 } 216 }
192 217
193/* 218/*
@@ -197,15 +222,173 @@ void dtls1_clear(SSL *s)
197 * to explicitly list their SSL_* codes. Currently RC4 is the only one 222 * to explicitly list their SSL_* codes. Currently RC4 is the only one
198 * available, but if new ones emerge, they will have to be added... 223 * available, but if new ones emerge, they will have to be added...
199 */ 224 */
200SSL_CIPHER *dtls1_get_cipher(unsigned int u) 225const SSL_CIPHER *dtls1_get_cipher(unsigned int u)
201 { 226 {
202 SSL_CIPHER *ciph = ssl3_get_cipher(u); 227 const SSL_CIPHER *ciph = ssl3_get_cipher(u);
203 228
204 if (ciph != NULL) 229 if (ciph != NULL)
205 { 230 {
206 if ((ciph->algorithms&SSL_ENC_MASK) == SSL_RC4) 231 if (ciph->algorithm_enc == SSL_RC4)
207 return NULL; 232 return NULL;
208 } 233 }
209 234
210 return ciph; 235 return ciph;
211 } 236 }
237
238void dtls1_start_timer(SSL *s)
239 {
240 /* If timer is not set, initialize duration with 1 second */
241 if (s->d1->next_timeout.tv_sec == 0 && s->d1->next_timeout.tv_usec == 0)
242 {
243 s->d1->timeout_duration = 1;
244 }
245
246 /* Set timeout to current time */
247 get_current_time(&(s->d1->next_timeout));
248
249 /* Add duration to current time */
250 s->d1->next_timeout.tv_sec += s->d1->timeout_duration;
251 BIO_ctrl(SSL_get_rbio(s), BIO_CTRL_DGRAM_SET_NEXT_TIMEOUT, 0, &(s->d1->next_timeout));
252 }
253
254struct timeval* dtls1_get_timeout(SSL *s, struct timeval* timeleft)
255 {
256 struct timeval timenow;
257
258 /* If no timeout is set, just return NULL */
259 if (s->d1->next_timeout.tv_sec == 0 && s->d1->next_timeout.tv_usec == 0)
260 {
261 return NULL;
262 }
263
264 /* Get current time */
265 get_current_time(&timenow);
266
267 /* If timer already expired, set remaining time to 0 */
268 if (s->d1->next_timeout.tv_sec < timenow.tv_sec ||
269 (s->d1->next_timeout.tv_sec == timenow.tv_sec &&
270 s->d1->next_timeout.tv_usec <= timenow.tv_usec))
271 {
272 memset(timeleft, 0, sizeof(struct timeval));
273 return timeleft;
274 }
275
276 /* Calculate time left until timer expires */
277 memcpy(timeleft, &(s->d1->next_timeout), sizeof(struct timeval));
278 timeleft->tv_sec -= timenow.tv_sec;
279 timeleft->tv_usec -= timenow.tv_usec;
280 if (timeleft->tv_usec < 0)
281 {
282 timeleft->tv_sec--;
283 timeleft->tv_usec += 1000000;
284 }
285
286 /* If remaining time is less than 15 ms, set it to 0
287 * to prevent issues because of small devergences with
288 * socket timeouts.
289 */
290 if (timeleft->tv_sec == 0 && timeleft->tv_usec < 15000)
291 {
292 memset(timeleft, 0, sizeof(struct timeval));
293 }
294
295
296 return timeleft;
297 }
298
299int dtls1_is_timer_expired(SSL *s)
300 {
301 struct timeval timeleft;
302
303 /* Get time left until timeout, return false if no timer running */
304 if (dtls1_get_timeout(s, &timeleft) == NULL)
305 {
306 return 0;
307 }
308
309 /* Return false if timer is not expired yet */
310 if (timeleft.tv_sec > 0 || timeleft.tv_usec > 0)
311 {
312 return 0;
313 }
314
315 /* Timer expired, so return true */
316 return 1;
317 }
318
319void dtls1_double_timeout(SSL *s)
320 {
321 s->d1->timeout_duration *= 2;
322 if (s->d1->timeout_duration > 60)
323 s->d1->timeout_duration = 60;
324 dtls1_start_timer(s);
325 }
326
327void dtls1_stop_timer(SSL *s)
328 {
329 /* Reset everything */
330 memset(&(s->d1->next_timeout), 0, sizeof(struct timeval));
331 s->d1->timeout_duration = 1;
332 BIO_ctrl(SSL_get_rbio(s), BIO_CTRL_DGRAM_SET_NEXT_TIMEOUT, 0, &(s->d1->next_timeout));
333 }
334
335int dtls1_handle_timeout(SSL *s)
336 {
337 DTLS1_STATE *state;
338
339 /* if no timer is expired, don't do anything */
340 if (!dtls1_is_timer_expired(s))
341 {
342 return 0;
343 }
344
345 dtls1_double_timeout(s);
346 state = s->d1;
347 state->timeout.num_alerts++;
348 if ( state->timeout.num_alerts > DTLS1_TMO_ALERT_COUNT)
349 {
350 /* fail the connection, enough alerts have been sent */
351 SSLerr(SSL_F_DTLS1_HANDLE_TIMEOUT,SSL_R_READ_TIMEOUT_EXPIRED);
352 return 0;
353 }
354
355 state->timeout.read_timeouts++;
356 if ( state->timeout.read_timeouts > DTLS1_TMO_READ_COUNT)
357 {
358 state->timeout.read_timeouts = 1;
359 }
360
361 dtls1_start_timer(s);
362 return dtls1_retransmit_buffered_messages(s);
363 }
364
365static void get_current_time(struct timeval *t)
366{
367#ifdef OPENSSL_SYS_WIN32
368 struct _timeb tb;
369 _ftime(&tb);
370 t->tv_sec = (long)tb.time;
371 t->tv_usec = (long)tb.millitm * 1000;
372#elif defined(OPENSSL_SYS_VMS)
373 struct timeb tb;
374 ftime(&tb);
375 t->tv_sec = (long)tb.time;
376 t->tv_usec = (long)tb.millitm * 1000;
377#else
378 gettimeofday(t, NULL);
379#endif
380}
381
382int dtls1_listen(SSL *s, struct sockaddr *client)
383 {
384 int ret;
385
386 SSL_set_options(s, SSL_OP_COOKIE_EXCHANGE);
387 s->d1->listen = 1;
388
389 ret = SSL_accept(s);
390 if (ret <= 0) return ret;
391
392 (void) BIO_dgram_get_peer(SSL_get_rbio(s), client);
393 return 1;
394 }
diff --git a/src/lib/libssl/d1_meth.c b/src/lib/libssl/d1_meth.c
index 8a6cf31947..5c4004bfe3 100644
--- a/src/lib/libssl/d1_meth.c
+++ b/src/lib/libssl/d1_meth.c
@@ -61,8 +61,8 @@
61#include <openssl/objects.h> 61#include <openssl/objects.h>
62#include "ssl_locl.h" 62#include "ssl_locl.h"
63 63
64static SSL_METHOD *dtls1_get_method(int ver); 64static const SSL_METHOD *dtls1_get_method(int ver);
65static SSL_METHOD *dtls1_get_method(int ver) 65static const SSL_METHOD *dtls1_get_method(int ver)
66 { 66 {
67 if (ver == DTLS1_VERSION) 67 if (ver == DTLS1_VERSION)
68 return(DTLSv1_method()); 68 return(DTLSv1_method());
diff --git a/src/lib/libssl/t1_reneg.c b/src/lib/libssl/t1_reneg.c
new file mode 100644
index 0000000000..9c2cc3c712
--- /dev/null
+++ b/src/lib/libssl/t1_reneg.c
@@ -0,0 +1,292 @@
1/* ssl/t1_reneg.c */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved.
4 *
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
8 *
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
22 *
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
25 * are met:
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE.
52 *
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
57 */
58/* ====================================================================
59 * Copyright (c) 1998-2009 The OpenSSL Project. All rights reserved.
60 *
61 * Redistribution and use in source and binary forms, with or without
62 * modification, are permitted provided that the following conditions
63 * are met:
64 *
65 * 1. Redistributions of source code must retain the above copyright
66 * notice, this list of conditions and the following disclaimer.
67 *
68 * 2. Redistributions in binary form must reproduce the above copyright
69 * notice, this list of conditions and the following disclaimer in
70 * the documentation and/or other materials provided with the
71 * distribution.
72 *
73 * 3. All advertising materials mentioning features or use of this
74 * software must display the following acknowledgment:
75 * "This product includes software developed by the OpenSSL Project
76 * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
77 *
78 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
79 * endorse or promote products derived from this software without
80 * prior written permission. For written permission, please contact
81 * openssl-core@openssl.org.
82 *
83 * 5. Products derived from this software may not be called "OpenSSL"
84 * nor may "OpenSSL" appear in their names without prior written
85 * permission of the OpenSSL Project.
86 *
87 * 6. Redistributions of any form whatsoever must retain the following
88 * acknowledgment:
89 * "This product includes software developed by the OpenSSL Project
90 * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
91 *
92 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
93 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
94 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
95 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
96 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
97 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
98 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
99 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
100 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
101 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
102 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
103 * OF THE POSSIBILITY OF SUCH DAMAGE.
104 * ====================================================================
105 *
106 * This product includes cryptographic software written by Eric Young
107 * (eay@cryptsoft.com). This product includes software written by Tim
108 * Hudson (tjh@cryptsoft.com).
109 *
110 */
111#include <stdio.h>
112#include <openssl/objects.h>
113#include "ssl_locl.h"
114
115/* Add the client's renegotiation binding */
116int ssl_add_clienthello_renegotiate_ext(SSL *s, unsigned char *p, int *len,
117 int maxlen)
118 {
119 if(p)
120 {
121 if((s->s3->previous_client_finished_len+1) > maxlen)
122 {
123 SSLerr(SSL_F_SSL_ADD_CLIENTHELLO_RENEGOTIATE_EXT,SSL_R_RENEGOTIATE_EXT_TOO_LONG);
124 return 0;
125 }
126
127 /* Length byte */
128 *p = s->s3->previous_client_finished_len;
129 p++;
130
131 memcpy(p, s->s3->previous_client_finished,
132 s->s3->previous_client_finished_len);
133#ifdef OPENSSL_RI_DEBUG
134 fprintf(stderr, "%s RI extension sent by client\n",
135 s->s3->previous_client_finished_len ? "Non-empty" : "Empty");
136#endif
137 }
138
139 *len=s->s3->previous_client_finished_len + 1;
140
141
142 return 1;
143 }
144
145/* Parse the client's renegotiation binding and abort if it's not
146 right */
147int ssl_parse_clienthello_renegotiate_ext(SSL *s, unsigned char *d, int len,
148 int *al)
149 {
150 int ilen;
151
152 /* Parse the length byte */
153 if(len < 1)
154 {
155 SSLerr(SSL_F_SSL_PARSE_CLIENTHELLO_RENEGOTIATE_EXT,SSL_R_RENEGOTIATION_ENCODING_ERR);
156 *al=SSL_AD_ILLEGAL_PARAMETER;
157 return 0;
158 }
159 ilen = *d;
160 d++;
161
162 /* Consistency check */
163 if((ilen+1) != len)
164 {
165 SSLerr(SSL_F_SSL_PARSE_CLIENTHELLO_RENEGOTIATE_EXT,SSL_R_RENEGOTIATION_ENCODING_ERR);
166 *al=SSL_AD_ILLEGAL_PARAMETER;
167 return 0;
168 }
169
170 /* Check that the extension matches */
171 if(ilen != s->s3->previous_client_finished_len)
172 {
173 SSLerr(SSL_F_SSL_PARSE_CLIENTHELLO_RENEGOTIATE_EXT,SSL_R_RENEGOTIATION_MISMATCH);
174 *al=SSL_AD_HANDSHAKE_FAILURE;
175 return 0;
176 }
177
178 if(memcmp(d, s->s3->previous_client_finished,
179 s->s3->previous_client_finished_len))
180 {
181 SSLerr(SSL_F_SSL_PARSE_CLIENTHELLO_RENEGOTIATE_EXT,SSL_R_RENEGOTIATION_MISMATCH);
182 *al=SSL_AD_HANDSHAKE_FAILURE;
183 return 0;
184 }
185#ifdef OPENSSL_RI_DEBUG
186 fprintf(stderr, "%s RI extension received by server\n",
187 ilen ? "Non-empty" : "Empty");
188#endif
189
190 s->s3->send_connection_binding=1;
191
192 return 1;
193 }
194
195/* Add the server's renegotiation binding */
196int ssl_add_serverhello_renegotiate_ext(SSL *s, unsigned char *p, int *len,
197 int maxlen)
198 {
199 if(p)
200 {
201 if((s->s3->previous_client_finished_len +
202 s->s3->previous_server_finished_len + 1) > maxlen)
203 {
204 SSLerr(SSL_F_SSL_ADD_SERVERHELLO_RENEGOTIATE_EXT,SSL_R_RENEGOTIATE_EXT_TOO_LONG);
205 return 0;
206 }
207
208 /* Length byte */
209 *p = s->s3->previous_client_finished_len + s->s3->previous_server_finished_len;
210 p++;
211
212 memcpy(p, s->s3->previous_client_finished,
213 s->s3->previous_client_finished_len);
214 p += s->s3->previous_client_finished_len;
215
216 memcpy(p, s->s3->previous_server_finished,
217 s->s3->previous_server_finished_len);
218#ifdef OPENSSL_RI_DEBUG
219 fprintf(stderr, "%s RI extension sent by server\n",
220 s->s3->previous_client_finished_len ? "Non-empty" : "Empty");
221#endif
222 }
223
224 *len=s->s3->previous_client_finished_len
225 + s->s3->previous_server_finished_len + 1;
226
227 return 1;
228 }
229
230/* Parse the server's renegotiation binding and abort if it's not
231 right */
232int ssl_parse_serverhello_renegotiate_ext(SSL *s, unsigned char *d, int len,
233 int *al)
234 {
235 int expected_len=s->s3->previous_client_finished_len
236 + s->s3->previous_server_finished_len;
237 int ilen;
238
239 /* Check for logic errors */
240 OPENSSL_assert(!expected_len || s->s3->previous_client_finished_len);
241 OPENSSL_assert(!expected_len || s->s3->previous_server_finished_len);
242
243 /* Parse the length byte */
244 if(len < 1)
245 {
246 SSLerr(SSL_F_SSL_PARSE_SERVERHELLO_RENEGOTIATE_EXT,SSL_R_RENEGOTIATION_ENCODING_ERR);
247 *al=SSL_AD_ILLEGAL_PARAMETER;
248 return 0;
249 }
250 ilen = *d;
251 d++;
252
253 /* Consistency check */
254 if(ilen+1 != len)
255 {
256 SSLerr(SSL_F_SSL_PARSE_SERVERHELLO_RENEGOTIATE_EXT,SSL_R_RENEGOTIATION_ENCODING_ERR);
257 *al=SSL_AD_ILLEGAL_PARAMETER;
258 return 0;
259 }
260
261 /* Check that the extension matches */
262 if(ilen != expected_len)
263 {
264 SSLerr(SSL_F_SSL_PARSE_SERVERHELLO_RENEGOTIATE_EXT,SSL_R_RENEGOTIATION_MISMATCH);
265 *al=SSL_AD_HANDSHAKE_FAILURE;
266 return 0;
267 }
268
269 if(memcmp(d, s->s3->previous_client_finished,
270 s->s3->previous_client_finished_len))
271 {
272 SSLerr(SSL_F_SSL_PARSE_SERVERHELLO_RENEGOTIATE_EXT,SSL_R_RENEGOTIATION_MISMATCH);
273 *al=SSL_AD_HANDSHAKE_FAILURE;
274 return 0;
275 }
276 d += s->s3->previous_client_finished_len;
277
278 if(memcmp(d, s->s3->previous_server_finished,
279 s->s3->previous_server_finished_len))
280 {
281 SSLerr(SSL_F_SSL_PARSE_SERVERHELLO_RENEGOTIATE_EXT,SSL_R_RENEGOTIATION_MISMATCH);
282 *al=SSL_AD_ILLEGAL_PARAMETER;
283 return 0;
284 }
285#ifdef OPENSSL_RI_DEBUG
286 fprintf(stderr, "%s RI extension received by client\n",
287 ilen ? "Non-empty" : "Empty");
288#endif
289 s->s3->send_connection_binding=1;
290
291 return 1;
292 }
diff --git a/src/lib/libssl/test/CAss.cnf b/src/lib/libssl/test/CAss.cnf
index 546e660626..20f8f05e3d 100644
--- a/src/lib/libssl/test/CAss.cnf
+++ b/src/lib/libssl/test/CAss.cnf
@@ -7,7 +7,7 @@ RANDFILE = ./.rnd
7 7
8#################################################################### 8####################################################################
9[ req ] 9[ req ]
10default_bits = 1024 10default_bits = 512
11default_keyfile = keySS.pem 11default_keyfile = keySS.pem
12distinguished_name = req_distinguished_name 12distinguished_name = req_distinguished_name
13encrypt_rsa_key = no 13encrypt_rsa_key = no
diff --git a/src/lib/libssl/test/CAtsa.cnf b/src/lib/libssl/test/CAtsa.cnf
new file mode 100644
index 0000000000..f5a275bfc2
--- /dev/null
+++ b/src/lib/libssl/test/CAtsa.cnf
@@ -0,0 +1,163 @@
1
2#
3# This config is used by the Time Stamp Authority tests.
4#
5
6RANDFILE = ./.rnd
7
8# Extra OBJECT IDENTIFIER info:
9oid_section = new_oids
10
11TSDNSECT = ts_cert_dn
12INDEX = 1
13
14[ new_oids ]
15
16# Policies used by the TSA tests.
17tsa_policy1 = 1.2.3.4.1
18tsa_policy2 = 1.2.3.4.5.6
19tsa_policy3 = 1.2.3.4.5.7
20
21#----------------------------------------------------------------------
22[ ca ]
23default_ca = CA_default # The default ca section
24
25[ CA_default ]
26
27dir = ./demoCA
28certs = $dir/certs # Where the issued certs are kept
29database = $dir/index.txt # database index file.
30new_certs_dir = $dir/newcerts # default place for new certs.
31
32certificate = $dir/cacert.pem # The CA certificate
33serial = $dir/serial # The current serial number
34private_key = $dir/private/cakey.pem# The private key
35RANDFILE = $dir/private/.rand # private random number file
36
37default_days = 365 # how long to certify for
38default_md = sha1 # which md to use.
39preserve = no # keep passed DN ordering
40
41policy = policy_match
42
43# For the CA policy
44[ policy_match ]
45countryName = supplied
46stateOrProvinceName = supplied
47organizationName = supplied
48organizationalUnitName = optional
49commonName = supplied
50emailAddress = optional
51
52#----------------------------------------------------------------------
53[ req ]
54default_bits = 1024
55default_md = sha1
56distinguished_name = $ENV::TSDNSECT
57encrypt_rsa_key = no
58prompt = no
59# attributes = req_attributes
60x509_extensions = v3_ca # The extentions to add to the self signed cert
61
62string_mask = nombstr
63
64[ ts_ca_dn ]
65countryName = HU
66stateOrProvinceName = Budapest
67localityName = Budapest
68organizationName = Gov-CA Ltd.
69commonName = ca1
70
71[ ts_cert_dn ]
72countryName = HU
73stateOrProvinceName = Budapest
74localityName = Buda
75organizationName = Hun-TSA Ltd.
76commonName = tsa$ENV::INDEX
77
78[ tsa_cert ]
79
80# TSA server cert is not a CA cert.
81basicConstraints=CA:FALSE
82
83# The following key usage flags are needed for TSA server certificates.
84keyUsage = nonRepudiation, digitalSignature
85extendedKeyUsage = critical,timeStamping
86
87# PKIX recommendations harmless if included in all certificates.
88subjectKeyIdentifier=hash
89authorityKeyIdentifier=keyid,issuer:always
90
91[ non_tsa_cert ]
92
93# This is not a CA cert and not a TSA cert, either (timeStamping usage missing)
94basicConstraints=CA:FALSE
95
96# The following key usage flags are needed for TSA server certificates.
97keyUsage = nonRepudiation, digitalSignature
98# timeStamping is not supported by this certificate
99# extendedKeyUsage = critical,timeStamping
100
101# PKIX recommendations harmless if included in all certificates.
102subjectKeyIdentifier=hash
103authorityKeyIdentifier=keyid,issuer:always
104
105[ v3_req ]
106
107# Extensions to add to a certificate request
108basicConstraints = CA:FALSE
109keyUsage = nonRepudiation, digitalSignature
110
111[ v3_ca ]
112
113# Extensions for a typical CA
114
115subjectKeyIdentifier=hash
116authorityKeyIdentifier=keyid:always,issuer:always
117basicConstraints = critical,CA:true
118keyUsage = cRLSign, keyCertSign
119
120#----------------------------------------------------------------------
121[ tsa ]
122
123default_tsa = tsa_config1 # the default TSA section
124
125[ tsa_config1 ]
126
127# These are used by the TSA reply generation only.
128dir = . # TSA root directory
129serial = $dir/tsa_serial # The current serial number (mandatory)
130signer_cert = $dir/tsa_cert1.pem # The TSA signing certificate
131 # (optional)
132certs = $dir/tsaca.pem # Certificate chain to include in reply
133 # (optional)
134signer_key = $dir/tsa_key1.pem # The TSA private key (optional)
135
136default_policy = tsa_policy1 # Policy if request did not specify it
137 # (optional)
138other_policies = tsa_policy2, tsa_policy3 # acceptable policies (optional)
139digests = md5, sha1 # Acceptable message digests (mandatory)
140accuracy = secs:1, millisecs:500, microsecs:100 # (optional)
141ordering = yes # Is ordering defined for timestamps?
142 # (optional, default: no)
143tsa_name = yes # Must the TSA name be included in the reply?
144 # (optional, default: no)
145ess_cert_id_chain = yes # Must the ESS cert id chain be included?
146 # (optional, default: no)
147
148[ tsa_config2 ]
149
150# This configuration uses a certificate which doesn't have timeStamping usage.
151# These are used by the TSA reply generation only.
152dir = . # TSA root directory
153serial = $dir/tsa_serial # The current serial number (mandatory)
154signer_cert = $dir/tsa_cert2.pem # The TSA signing certificate
155 # (optional)
156certs = $dir/demoCA/cacert.pem# Certificate chain to include in reply
157 # (optional)
158signer_key = $dir/tsa_key2.pem # The TSA private key (optional)
159
160default_policy = tsa_policy1 # Policy if request did not specify it
161 # (optional)
162other_policies = tsa_policy2, tsa_policy3 # acceptable policies (optional)
163digests = md5, sha1 # Acceptable message digests (mandatory)
diff --git a/src/lib/libssl/test/Uss.cnf b/src/lib/libssl/test/Uss.cnf
index 98b2e054b7..0c0ebb5f67 100644
--- a/src/lib/libssl/test/Uss.cnf
+++ b/src/lib/libssl/test/Uss.cnf
@@ -7,7 +7,7 @@ RANDFILE = ./.rnd
7 7
8#################################################################### 8####################################################################
9[ req ] 9[ req ]
10default_bits = 1024 10default_bits = 512
11default_keyfile = keySS.pem 11default_keyfile = keySS.pem
12distinguished_name = req_distinguished_name 12distinguished_name = req_distinguished_name
13encrypt_rsa_key = no 13encrypt_rsa_key = no
diff --git a/src/lib/libssl/test/asn1test.c b/src/lib/libssl/test/asn1test.c
new file mode 100755
index 0000000000..9f53d80344
--- /dev/null
+++ b/src/lib/libssl/test/asn1test.c
@@ -0,0 +1,22 @@
1#include <openssl/x509.h>
2#include <openssl/asn1_mac.h>
3
4typedef struct X
5 {
6 STACK_OF(X509_EXTENSION) *ext;
7 } X;
8
9/* This isn't meant to run particularly, it's just to test type checking */
10int main(int argc, char **argv)
11 {
12 X *x = NULL;
13 unsigned char **pp = NULL;
14
15 M_ASN1_I2D_vars(x);
16 M_ASN1_I2D_len_SEQUENCE_opt_type(X509_EXTENSION, x->ext,
17 i2d_X509_EXTENSION);
18 M_ASN1_I2D_seq_total();
19 M_ASN1_I2D_put_SEQUENCE_opt_type(X509_EXTENSION, x->ext,
20 i2d_X509_EXTENSION);
21 M_ASN1_I2D_finish();
22 }
diff --git a/src/lib/libssl/test/cms-test.pl b/src/lib/libssl/test/cms-test.pl
index a84e089ddc..9c50dff3e9 100644
--- a/src/lib/libssl/test/cms-test.pl
+++ b/src/lib/libssl/test/cms-test.pl
@@ -54,8 +54,12 @@
54# OpenSSL PKCS#7 and CMS implementations. 54# OpenSSL PKCS#7 and CMS implementations.
55 55
56my $ossl_path; 56my $ossl_path;
57 57my $redir = " 2>cms.err 1>cms.out";
58if ( -f "../apps/openssl" ) { 58# Make MSYS work
59if ( $^O eq "MSWin32" && -f "../apps/openssl.exe" ) {
60 $ossl_path = "cmd /c ..\\apps\\openssl";
61}
62elsif ( -f "../apps/openssl$ENV{EXE_EXT}" ) {
59 $ossl_path = "../util/shlib_wrap.sh ../apps/openssl"; 63 $ossl_path = "../util/shlib_wrap.sh ../apps/openssl";
60} 64}
61elsif ( -f "..\\out32dll\\openssl.exe" ) { 65elsif ( -f "..\\out32dll\\openssl.exe" ) {
@@ -232,7 +236,7 @@ my @smime_cms_tests = (
232 [ 236 [
233 "signed content MIME format, RSA key, signed receipt request", 237 "signed content MIME format, RSA key, signed receipt request",
234 "-sign -in smcont.txt -signer $smdir/smrsa1.pem -nodetach" 238 "-sign -in smcont.txt -signer $smdir/smrsa1.pem -nodetach"
235 . " -receipt_request_to test@openssl.org -receipt_request_all" 239 . " -receipt_request_to test\@openssl.org -receipt_request_all"
236 . " -out test.cms", 240 . " -out test.cms",
237 "-verify -in test.cms " 241 "-verify -in test.cms "
238 . " -CAfile $smdir/smroot.pem -out smtst.txt" 242 . " -CAfile $smdir/smroot.pem -out smtst.txt"
@@ -333,10 +337,6 @@ my @smime_cms_comp_tests = (
333 337
334); 338);
335 339
336print "PKCS#7 <=> PKCS#7 consistency tests\n";
337
338run_smime_tests( \$badcmd, \@smime_pkcs7_tests, $pk7cmd, $pk7cmd );
339
340print "CMS => PKCS#7 compatibility tests\n"; 340print "CMS => PKCS#7 compatibility tests\n";
341 341
342run_smime_tests( \$badcmd, \@smime_pkcs7_tests, $cmscmd, $pk7cmd ); 342run_smime_tests( \$badcmd, \@smime_pkcs7_tests, $cmscmd, $pk7cmd );
@@ -386,14 +386,14 @@ sub run_smime_tests {
386 $rscmd =~ s/-stream//; 386 $rscmd =~ s/-stream//;
387 $rvcmd =~ s/-stream//; 387 $rvcmd =~ s/-stream//;
388 } 388 }
389 system("$scmd$rscmd 2>cms.err 1>cms.out"); 389 system("$scmd$rscmd$redir");
390 if ($?) { 390 if ($?) {
391 print "$tnam: generation error\n"; 391 print "$tnam: generation error\n";
392 $$rv++; 392 $$rv++;
393 exit 1 if $halt_err; 393 exit 1 if $halt_err;
394 next; 394 next;
395 } 395 }
396 system("$vcmd$rvcmd 2>cms.err 1>cms.out"); 396 system("$vcmd$rvcmd$redir");
397 if ($?) { 397 if ($?) {
398 print "$tnam: verify error\n"; 398 print "$tnam: verify error\n";
399 $$rv++; 399 $$rv++;
diff --git a/src/lib/libssl/test/pkits-test.pl b/src/lib/libssl/test/pkits-test.pl
new file mode 100644
index 0000000000..69dffa16f9
--- /dev/null
+++ b/src/lib/libssl/test/pkits-test.pl
@@ -0,0 +1,940 @@
1# test/pkits-test.pl
2# Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
3# project.
4#
5# ====================================================================
6# Copyright (c) 2008 The OpenSSL Project. All rights reserved.
7#
8# Redistribution and use in source and binary forms, with or without
9# modification, are permitted provided that the following conditions
10# are met:
11#
12# 1. Redistributions of source code must retain the above copyright
13# notice, this list of conditions and the following disclaimer.
14#
15# 2. Redistributions in binary form must reproduce the above copyright
16# notice, this list of conditions and the following disclaimer in
17# the documentation and/or other materials provided with the
18# distribution.
19#
20# 3. All advertising materials mentioning features or use of this
21# software must display the following acknowledgment:
22# "This product includes software developed by the OpenSSL Project
23# for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
24#
25# 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
26# endorse or promote products derived from this software without
27# prior written permission. For written permission, please contact
28# licensing@OpenSSL.org.
29#
30# 5. Products derived from this software may not be called "OpenSSL"
31# nor may "OpenSSL" appear in their names without prior written
32# permission of the OpenSSL Project.
33#
34# 6. Redistributions of any form whatsoever must retain the following
35# acknowledgment:
36# "This product includes software developed by the OpenSSL Project
37# for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
38#
39# THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
40# EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
41# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
42# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
43# ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
44# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
45# NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
46# LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
47# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
48# STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
49# ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
50# OF THE POSSIBILITY OF SUCH DAMAGE.
51# ====================================================================
52
53# Perl utility to run PKITS tests for RFC3280 compliance.
54
55my $ossl_path;
56
57if ( -f "../apps/openssl" ) {
58 $ossl_path = "../util/shlib_wrap.sh ../apps/openssl";
59}
60elsif ( -f "..\\out32dll\\openssl.exe" ) {
61 $ossl_path = "..\\out32dll\\openssl.exe";
62}
63elsif ( -f "..\\out32\\openssl.exe" ) {
64 $ossl_path = "..\\out32\\openssl.exe";
65}
66else {
67 die "Can't find OpenSSL executable";
68}
69
70my $pkitsdir = "pkits/smime";
71my $pkitsta = "pkits/certs/TrustAnchorRootCertificate.crt";
72
73die "Can't find PKITS test data" if !-d $pkitsdir;
74
75my $nist1 = "2.16.840.1.101.3.2.1.48.1";
76my $nist2 = "2.16.840.1.101.3.2.1.48.2";
77my $nist3 = "2.16.840.1.101.3.2.1.48.3";
78my $nist4 = "2.16.840.1.101.3.2.1.48.4";
79my $nist5 = "2.16.840.1.101.3.2.1.48.5";
80my $nist6 = "2.16.840.1.101.3.2.1.48.6";
81
82my $apolicy = "X509v3 Any Policy";
83
84# This table contains the chapter headings of the accompanying PKITS
85# document. They provide useful informational output and their names
86# can be converted into the filename to test.
87
88my @testlists = (
89 [ "4.1", "Signature Verification" ],
90 [ "4.1.1", "Valid Signatures Test1", 0 ],
91 [ "4.1.2", "Invalid CA Signature Test2", 7 ],
92 [ "4.1.3", "Invalid EE Signature Test3", 7 ],
93 [ "4.1.4", "Valid DSA Signatures Test4", 0 ],
94 [ "4.1.5", "Valid DSA Parameter Inheritance Test5", 0 ],
95 [ "4.1.6", "Invalid DSA Signature Test6", 7 ],
96 [ "4.2", "Validity Periods" ],
97 [ "4.2.1", "Invalid CA notBefore Date Test1", 9 ],
98 [ "4.2.2", "Invalid EE notBefore Date Test2", 9 ],
99 [ "4.2.3", "Valid pre2000 UTC notBefore Date Test3", 0 ],
100 [ "4.2.4", "Valid GeneralizedTime notBefore Date Test4", 0 ],
101 [ "4.2.5", "Invalid CA notAfter Date Test5", 10 ],
102 [ "4.2.6", "Invalid EE notAfter Date Test6", 10 ],
103 [ "4.2.7", "Invalid pre2000 UTC EE notAfter Date Test7", 10 ],
104 [ "4.2.8", "Valid GeneralizedTime notAfter Date Test8", 0 ],
105 [ "4.3", "Verifying Name Chaining" ],
106 [ "4.3.1", "Invalid Name Chaining EE Test1", 20 ],
107 [ "4.3.2", "Invalid Name Chaining Order Test2", 20 ],
108 [ "4.3.3", "Valid Name Chaining Whitespace Test3", 0 ],
109 [ "4.3.4", "Valid Name Chaining Whitespace Test4", 0 ],
110 [ "4.3.5", "Valid Name Chaining Capitalization Test5", 0 ],
111 [ "4.3.6", "Valid Name Chaining UIDs Test6", 0 ],
112 [ "4.3.7", "Valid RFC3280 Mandatory Attribute Types Test7", 0 ],
113 [ "4.3.8", "Valid RFC3280 Optional Attribute Types Test8", 0 ],
114 [ "4.3.9", "Valid UTF8String Encoded Names Test9", 0 ],
115 [ "4.3.10", "Valid Rollover from PrintableString to UTF8String Test10", 0 ],
116 [ "4.3.11", "Valid UTF8String Case Insensitive Match Test11", 0 ],
117 [ "4.4", "Basic Certificate Revocation Tests" ],
118 [ "4.4.1", "Missing CRL Test1", 3 ],
119 [ "4.4.2", "Invalid Revoked CA Test2", 23 ],
120 [ "4.4.3", "Invalid Revoked EE Test3", 23 ],
121 [ "4.4.4", "Invalid Bad CRL Signature Test4", 8 ],
122 [ "4.4.5", "Invalid Bad CRL Issuer Name Test5", 3 ],
123 [ "4.4.6", "Invalid Wrong CRL Test6", 3 ],
124 [ "4.4.7", "Valid Two CRLs Test7", 0 ],
125
126 # The test document suggests these should return certificate revoked...
127 # Subsquent discussion has concluded they should not due to unhandle
128 # critical CRL extensions.
129 [ "4.4.8", "Invalid Unknown CRL Entry Extension Test8", 36 ],
130 [ "4.4.9", "Invalid Unknown CRL Extension Test9", 36 ],
131
132 [ "4.4.10", "Invalid Unknown CRL Extension Test10", 36 ],
133 [ "4.4.11", "Invalid Old CRL nextUpdate Test11", 12 ],
134 [ "4.4.12", "Invalid pre2000 CRL nextUpdate Test12", 12 ],
135 [ "4.4.13", "Valid GeneralizedTime CRL nextUpdate Test13", 0 ],
136 [ "4.4.14", "Valid Negative Serial Number Test14", 0 ],
137 [ "4.4.15", "Invalid Negative Serial Number Test15", 23 ],
138 [ "4.4.16", "Valid Long Serial Number Test16", 0 ],
139 [ "4.4.17", "Valid Long Serial Number Test17", 0 ],
140 [ "4.4.18", "Invalid Long Serial Number Test18", 23 ],
141 [ "4.4.19", "Valid Separate Certificate and CRL Keys Test19", 0 ],
142 [ "4.4.20", "Invalid Separate Certificate and CRL Keys Test20", 23 ],
143
144 # CRL path is revoked so get a CRL path validation error
145 [ "4.4.21", "Invalid Separate Certificate and CRL Keys Test21", 54 ],
146 [ "4.5", "Verifying Paths with Self-Issued Certificates" ],
147 [ "4.5.1", "Valid Basic Self-Issued Old With New Test1", 0 ],
148 [ "4.5.2", "Invalid Basic Self-Issued Old With New Test2", 23 ],
149 [ "4.5.3", "Valid Basic Self-Issued New With Old Test3", 0 ],
150 [ "4.5.4", "Valid Basic Self-Issued New With Old Test4", 0 ],
151 [ "4.5.5", "Invalid Basic Self-Issued New With Old Test5", 23 ],
152 [ "4.5.6", "Valid Basic Self-Issued CRL Signing Key Test6", 0 ],
153 [ "4.5.7", "Invalid Basic Self-Issued CRL Signing Key Test7", 23 ],
154 [ "4.5.8", "Invalid Basic Self-Issued CRL Signing Key Test8", 20 ],
155 [ "4.6", "Verifying Basic Constraints" ],
156 [ "4.6.1", "Invalid Missing basicConstraints Test1", 24 ],
157 [ "4.6.2", "Invalid cA False Test2", 24 ],
158 [ "4.6.3", "Invalid cA False Test3", 24 ],
159 [ "4.6.4", "Valid basicConstraints Not Critical Test4", 0 ],
160 [ "4.6.5", "Invalid pathLenConstraint Test5", 25 ],
161 [ "4.6.6", "Invalid pathLenConstraint Test6", 25 ],
162 [ "4.6.7", "Valid pathLenConstraint Test7", 0 ],
163 [ "4.6.8", "Valid pathLenConstraint Test8", 0 ],
164 [ "4.6.9", "Invalid pathLenConstraint Test9", 25 ],
165 [ "4.6.10", "Invalid pathLenConstraint Test10", 25 ],
166 [ "4.6.11", "Invalid pathLenConstraint Test11", 25 ],
167 [ "4.6.12", "Invalid pathLenConstraint Test12", 25 ],
168 [ "4.6.13", "Valid pathLenConstraint Test13", 0 ],
169 [ "4.6.14", "Valid pathLenConstraint Test14", 0 ],
170 [ "4.6.15", "Valid Self-Issued pathLenConstraint Test15", 0 ],
171 [ "4.6.16", "Invalid Self-Issued pathLenConstraint Test16", 25 ],
172 [ "4.6.17", "Valid Self-Issued pathLenConstraint Test17", 0 ],
173 [ "4.7", "Key Usage" ],
174 [ "4.7.1", "Invalid keyUsage Critical keyCertSign False Test1", 20 ],
175 [ "4.7.2", "Invalid keyUsage Not Critical keyCertSign False Test2", 20 ],
176 [ "4.7.3", "Valid keyUsage Not Critical Test3", 0 ],
177 [ "4.7.4", "Invalid keyUsage Critical cRLSign False Test4", 35 ],
178 [ "4.7.5", "Invalid keyUsage Not Critical cRLSign False Test5", 35 ],
179
180 # Certificate policy tests need special handling. They can have several
181 # sub tests and we need to check the outputs are correct.
182
183 [ "4.8", "Certificate Policies" ],
184 [
185 "4.8.1.1",
186 "All Certificates Same Policy Test1",
187 "-policy anyPolicy -explicit_policy",
188 "True", $nist1, $nist1, 0
189 ],
190 [
191 "4.8.1.2",
192 "All Certificates Same Policy Test1",
193 "-policy $nist1 -explicit_policy",
194 "True", $nist1, $nist1, 0
195 ],
196 [
197 "4.8.1.3",
198 "All Certificates Same Policy Test1",
199 "-policy $nist2 -explicit_policy",
200 "True", $nist1, "<empty>", 43
201 ],
202 [
203 "4.8.1.4",
204 "All Certificates Same Policy Test1",
205 "-policy $nist1 -policy $nist2 -explicit_policy",
206 "True", $nist1, $nist1, 0
207 ],
208 [
209 "4.8.2.1",
210 "All Certificates No Policies Test2",
211 "-policy anyPolicy",
212 "False", "<empty>", "<empty>", 0
213 ],
214 [
215 "4.8.2.2",
216 "All Certificates No Policies Test2",
217 "-policy anyPolicy -explicit_policy",
218 "True", "<empty>", "<empty>", 43
219 ],
220 [
221 "4.8.3.1",
222 "Different Policies Test3",
223 "-policy anyPolicy",
224 "False", "<empty>", "<empty>", 0
225 ],
226 [
227 "4.8.3.2",
228 "Different Policies Test3",
229 "-policy anyPolicy -explicit_policy",
230 "True", "<empty>", "<empty>", 43
231 ],
232 [
233 "4.8.3.3",
234 "Different Policies Test3",
235 "-policy $nist1 -policy $nist2 -explicit_policy",
236 "True", "<empty>", "<empty>", 43
237 ],
238
239 [
240 "4.8.4",
241 "Different Policies Test4",
242 "-policy anyPolicy",
243 "True", "<empty>", "<empty>", 43
244 ],
245 [
246 "4.8.5",
247 "Different Policies Test5",
248 "-policy anyPolicy",
249 "True", "<empty>", "<empty>", 43
250 ],
251 [
252 "4.8.6.1",
253 "Overlapping Policies Test6",
254 "-policy anyPolicy",
255 "True", $nist1, $nist1, 0
256 ],
257 [
258 "4.8.6.2",
259 "Overlapping Policies Test6",
260 "-policy $nist1",
261 "True", $nist1, $nist1, 0
262 ],
263 [
264 "4.8.6.3",
265 "Overlapping Policies Test6",
266 "-policy $nist2",
267 "True", $nist1, "<empty>", 43
268 ],
269 [
270 "4.8.7",
271 "Different Policies Test7",
272 "-policy anyPolicy",
273 "True", "<empty>", "<empty>", 43
274 ],
275 [
276 "4.8.8",
277 "Different Policies Test8",
278 "-policy anyPolicy",
279 "True", "<empty>", "<empty>", 43
280 ],
281 [
282 "4.8.9",
283 "Different Policies Test9",
284 "-policy anyPolicy",
285 "True", "<empty>", "<empty>", 43
286 ],
287 [
288 "4.8.10.1",
289 "All Certificates Same Policies Test10",
290 "-policy $nist1",
291 "True", "$nist1:$nist2", "$nist1", 0
292 ],
293 [
294 "4.8.10.2",
295 "All Certificates Same Policies Test10",
296 "-policy $nist2",
297 "True", "$nist1:$nist2", "$nist2", 0
298 ],
299 [
300 "4.8.10.3",
301 "All Certificates Same Policies Test10",
302 "-policy anyPolicy",
303 "True", "$nist1:$nist2", "$nist1:$nist2", 0
304 ],
305 [
306 "4.8.11.1",
307 "All Certificates AnyPolicy Test11",
308 "-policy anyPolicy",
309 "True", "$apolicy", "$apolicy", 0
310 ],
311 [
312 "4.8.11.2",
313 "All Certificates AnyPolicy Test11",
314 "-policy $nist1",
315 "True", "$apolicy", "$nist1", 0
316 ],
317 [
318 "4.8.12",
319 "Different Policies Test12",
320 "-policy anyPolicy",
321 "True", "<empty>", "<empty>", 43
322 ],
323 [
324 "4.8.13.1",
325 "All Certificates Same Policies Test13",
326 "-policy $nist1",
327 "True", "$nist1:$nist2:$nist3", "$nist1", 0
328 ],
329 [
330 "4.8.13.2",
331 "All Certificates Same Policies Test13",
332 "-policy $nist2",
333 "True", "$nist1:$nist2:$nist3", "$nist2", 0
334 ],
335 [
336 "4.8.13.3",
337 "All Certificates Same Policies Test13",
338 "-policy $nist3",
339 "True", "$nist1:$nist2:$nist3", "$nist3", 0
340 ],
341 [
342 "4.8.14.1", "AnyPolicy Test14",
343 "-policy $nist1", "True",
344 "$nist1", "$nist1",
345 0
346 ],
347 [
348 "4.8.14.2", "AnyPolicy Test14",
349 "-policy $nist2", "True",
350 "$nist1", "<empty>",
351 43
352 ],
353 [
354 "4.8.15",
355 "User Notice Qualifier Test15",
356 "-policy anyPolicy",
357 "False", "$nist1", "$nist1", 0
358 ],
359 [
360 "4.8.16",
361 "User Notice Qualifier Test16",
362 "-policy anyPolicy",
363 "False", "$nist1", "$nist1", 0
364 ],
365 [
366 "4.8.17",
367 "User Notice Qualifier Test17",
368 "-policy anyPolicy",
369 "False", "$nist1", "$nist1", 0
370 ],
371 [
372 "4.8.18.1",
373 "User Notice Qualifier Test18",
374 "-policy $nist1",
375 "True", "$nist1:$nist2", "$nist1", 0
376 ],
377 [
378 "4.8.18.2",
379 "User Notice Qualifier Test18",
380 "-policy $nist2",
381 "True", "$nist1:$nist2", "$nist2", 0
382 ],
383 [
384 "4.8.19",
385 "User Notice Qualifier Test19",
386 "-policy anyPolicy",
387 "False", "$nist1", "$nist1", 0
388 ],
389 [
390 "4.8.20",
391 "CPS Pointer Qualifier Test20",
392 "-policy anyPolicy -explicit_policy",
393 "True", "$nist1", "$nist1", 0
394 ],
395 [ "4.9", "Require Explicit Policy" ],
396 [
397 "4.9.1",
398 "Valid RequireExplicitPolicy Test1",
399 "-policy anyPolicy",
400 "False", "<empty>", "<empty>", 0
401 ],
402 [
403 "4.9.2",
404 "Valid RequireExplicitPolicy Test2",
405 "-policy anyPolicy",
406 "False", "<empty>", "<empty>", 0
407 ],
408 [
409 "4.9.3",
410 "Invalid RequireExplicitPolicy Test3",
411 "-policy anyPolicy",
412 "True", "<empty>", "<empty>", 43
413 ],
414 [
415 "4.9.4",
416 "Valid RequireExplicitPolicy Test4",
417 "-policy anyPolicy",
418 "True", "$nist1", "$nist1", 0
419 ],
420 [
421 "4.9.5",
422 "Invalid RequireExplicitPolicy Test5",
423 "-policy anyPolicy",
424 "True", "<empty>", "<empty>", 43
425 ],
426 [
427 "4.9.6",
428 "Valid Self-Issued requireExplicitPolicy Test6",
429 "-policy anyPolicy",
430 "False", "<empty>", "<empty>", 0
431 ],
432 [
433 "4.9.7",
434 "Invalid Self-Issued requireExplicitPolicy Test7",
435 "-policy anyPolicy",
436 "True", "<empty>", "<empty>", 43
437 ],
438 [
439 "4.9.8",
440 "Invalid Self-Issued requireExplicitPolicy Test8",
441 "-policy anyPolicy",
442 "True", "<empty>", "<empty>", 43
443 ],
444 [ "4.10", "Policy Mappings" ],
445 [
446 "4.10.1.1",
447 "Valid Policy Mapping Test1",
448 "-policy $nist1",
449 "True", "$nist1", "$nist1", 0
450 ],
451 [
452 "4.10.1.2",
453 "Valid Policy Mapping Test1",
454 "-policy $nist2",
455 "True", "$nist1", "<empty>", 43
456 ],
457 [
458 "4.10.1.3",
459 "Valid Policy Mapping Test1",
460 "-policy anyPolicy -inhibit_map",
461 "True", "<empty>", "<empty>", 43
462 ],
463 [
464 "4.10.2.1",
465 "Invalid Policy Mapping Test2",
466 "-policy anyPolicy",
467 "True", "<empty>", "<empty>", 43
468 ],
469 [
470 "4.10.2.2",
471 "Invalid Policy Mapping Test2",
472 "-policy anyPolicy -inhibit_map",
473 "True", "<empty>", "<empty>", 43
474 ],
475 [
476 "4.10.3.1",
477 "Valid Policy Mapping Test3",
478 "-policy $nist1",
479 "True", "$nist2", "<empty>", 43
480 ],
481 [
482 "4.10.3.2",
483 "Valid Policy Mapping Test3",
484 "-policy $nist2",
485 "True", "$nist2", "$nist2", 0
486 ],
487 [
488 "4.10.4",
489 "Invalid Policy Mapping Test4",
490 "-policy anyPolicy",
491 "True", "<empty>", "<empty>", 43
492 ],
493 [
494 "4.10.5.1",
495 "Valid Policy Mapping Test5",
496 "-policy $nist1",
497 "True", "$nist1", "$nist1", 0
498 ],
499 [
500 "4.10.5.2",
501 "Valid Policy Mapping Test5",
502 "-policy $nist6",
503 "True", "$nist1", "<empty>", 43
504 ],
505 [
506 "4.10.6.1",
507 "Valid Policy Mapping Test6",
508 "-policy $nist1",
509 "True", "$nist1", "$nist1", 0
510 ],
511 [
512 "4.10.6.2",
513 "Valid Policy Mapping Test6",
514 "-policy $nist6",
515 "True", "$nist1", "<empty>", 43
516 ],
517 [ "4.10.7", "Invalid Mapping From anyPolicy Test7", 42 ],
518 [ "4.10.8", "Invalid Mapping To anyPolicy Test8", 42 ],
519 [
520 "4.10.9",
521 "Valid Policy Mapping Test9",
522 "-policy anyPolicy",
523 "True", "$nist1", "$nist1", 0
524 ],
525 [
526 "4.10.10",
527 "Invalid Policy Mapping Test10",
528 "-policy anyPolicy",
529 "True", "<empty>", "<empty>", 43
530 ],
531 [
532 "4.10.11",
533 "Valid Policy Mapping Test11",
534 "-policy anyPolicy",
535 "True", "$nist1", "$nist1", 0
536 ],
537
538 # TODO: check notice display
539 [
540 "4.10.12.1",
541 "Valid Policy Mapping Test12",
542 "-policy $nist1",
543 "True", "$nist1:$nist2", "$nist1", 0
544 ],
545
546 # TODO: check notice display
547 [
548 "4.10.12.2",
549 "Valid Policy Mapping Test12",
550 "-policy $nist2",
551 "True", "$nist1:$nist2", "$nist2", 0
552 ],
553 [
554 "4.10.13",
555 "Valid Policy Mapping Test13",
556 "-policy anyPolicy",
557 "True", "$nist1", "$nist1", 0
558 ],
559
560 # TODO: check notice display
561 [
562 "4.10.14",
563 "Valid Policy Mapping Test14",
564 "-policy anyPolicy",
565 "True", "$nist1", "$nist1", 0
566 ],
567 [ "4.11", "Inhibit Policy Mapping" ],
568 [
569 "4.11.1",
570 "Invalid inhibitPolicyMapping Test1",
571 "-policy anyPolicy",
572 "True", "<empty>", "<empty>", 43
573 ],
574 [
575 "4.11.2",
576 "Valid inhibitPolicyMapping Test2",
577 "-policy anyPolicy",
578 "True", "$nist1", "$nist1", 0
579 ],
580 [
581 "4.11.3",
582 "Invalid inhibitPolicyMapping Test3",
583 "-policy anyPolicy",
584 "True", "<empty>", "<empty>", 43
585 ],
586 [
587 "4.11.4",
588 "Valid inhibitPolicyMapping Test4",
589 "-policy anyPolicy",
590 "True", "$nist2", "$nist2", 0
591 ],
592 [
593 "4.11.5",
594 "Invalid inhibitPolicyMapping Test5",
595 "-policy anyPolicy",
596 "True", "<empty>", "<empty>", 43
597 ],
598 [
599 "4.11.6",
600 "Invalid inhibitPolicyMapping Test6",
601 "-policy anyPolicy",
602 "True", "<empty>", "<empty>", 43
603 ],
604 [
605 "4.11.7",
606 "Valid Self-Issued inhibitPolicyMapping Test7",
607 "-policy anyPolicy",
608 "True", "$nist1", "$nist1", 0
609 ],
610 [
611 "4.11.8",
612 "Invalid Self-Issued inhibitPolicyMapping Test8",
613 "-policy anyPolicy",
614 "True", "<empty>", "<empty>", 43
615 ],
616 [
617 "4.11.9",
618 "Invalid Self-Issued inhibitPolicyMapping Test9",
619 "-policy anyPolicy",
620 "True", "<empty>", "<empty>", 43
621 ],
622 [
623 "4.11.10",
624 "Invalid Self-Issued inhibitPolicyMapping Test10",
625 "-policy anyPolicy",
626 "True", "<empty>", "<empty>", 43
627 ],
628 [
629 "4.11.11",
630 "Invalid Self-Issued inhibitPolicyMapping Test11",
631 "-policy anyPolicy",
632 "True", "<empty>", "<empty>", 43
633 ],
634 [ "4.12", "Inhibit Any Policy" ],
635 [
636 "4.12.1",
637 "Invalid inhibitAnyPolicy Test1",
638 "-policy anyPolicy",
639 "True", "<empty>", "<empty>", 43
640 ],
641 [
642 "4.12.2",
643 "Valid inhibitAnyPolicy Test2",
644 "-policy anyPolicy",
645 "True", "$nist1", "$nist1", 0
646 ],
647 [
648 "4.12.3.1",
649 "inhibitAnyPolicy Test3",
650 "-policy anyPolicy",
651 "True", "$nist1", "$nist1", 0
652 ],
653 [
654 "4.12.3.2",
655 "inhibitAnyPolicy Test3",
656 "-policy anyPolicy -inhibit_any",
657 "True", "<empty>", "<empty>", 43
658 ],
659 [
660 "4.12.4",
661 "Invalid inhibitAnyPolicy Test4",
662 "-policy anyPolicy",
663 "True", "<empty>", "<empty>", 43
664 ],
665 [
666 "4.12.5",
667 "Invalid inhibitAnyPolicy Test5",
668 "-policy anyPolicy",
669 "True", "<empty>", "<empty>", 43
670 ],
671 [
672 "4.12.6",
673 "Invalid inhibitAnyPolicy Test6",
674 "-policy anyPolicy",
675 "True", "<empty>", "<empty>", 43
676 ],
677 [ "4.12.7", "Valid Self-Issued inhibitAnyPolicy Test7", 0 ],
678 [ "4.12.8", "Invalid Self-Issued inhibitAnyPolicy Test8", 43 ],
679 [ "4.12.9", "Valid Self-Issued inhibitAnyPolicy Test9", 0 ],
680 [ "4.12.10", "Invalid Self-Issued inhibitAnyPolicy Test10", 43 ],
681 [ "4.13", "Name Constraints" ],
682 [ "4.13.1", "Valid DN nameConstraints Test1", 0 ],
683 [ "4.13.2", "Invalid DN nameConstraints Test2", 47 ],
684 [ "4.13.3", "Invalid DN nameConstraints Test3", 47 ],
685 [ "4.13.4", "Valid DN nameConstraints Test4", 0 ],
686 [ "4.13.5", "Valid DN nameConstraints Test5", 0 ],
687 [ "4.13.6", "Valid DN nameConstraints Test6", 0 ],
688 [ "4.13.7", "Invalid DN nameConstraints Test7", 48 ],
689 [ "4.13.8", "Invalid DN nameConstraints Test8", 48 ],
690 [ "4.13.9", "Invalid DN nameConstraints Test9", 48 ],
691 [ "4.13.10", "Invalid DN nameConstraints Test10", 48 ],
692 [ "4.13.11", "Valid DN nameConstraints Test11", 0 ],
693 [ "4.13.12", "Invalid DN nameConstraints Test12", 47 ],
694 [ "4.13.13", "Invalid DN nameConstraints Test13", 47 ],
695 [ "4.13.14", "Valid DN nameConstraints Test14", 0 ],
696 [ "4.13.15", "Invalid DN nameConstraints Test15", 48 ],
697 [ "4.13.16", "Invalid DN nameConstraints Test16", 48 ],
698 [ "4.13.17", "Invalid DN nameConstraints Test17", 48 ],
699 [ "4.13.18", "Valid DN nameConstraints Test18", 0 ],
700 [ "4.13.19", "Valid Self-Issued DN nameConstraints Test19", 0 ],
701 [ "4.13.20", "Invalid Self-Issued DN nameConstraints Test20", 47 ],
702 [ "4.13.21", "Valid RFC822 nameConstraints Test21", 0 ],
703 [ "4.13.22", "Invalid RFC822 nameConstraints Test22", 47 ],
704 [ "4.13.23", "Valid RFC822 nameConstraints Test23", 0 ],
705 [ "4.13.24", "Invalid RFC822 nameConstraints Test24", 47 ],
706 [ "4.13.25", "Valid RFC822 nameConstraints Test25", 0 ],
707 [ "4.13.26", "Invalid RFC822 nameConstraints Test26", 48 ],
708 [ "4.13.27", "Valid DN and RFC822 nameConstraints Test27", 0 ],
709 [ "4.13.28", "Invalid DN and RFC822 nameConstraints Test28", 47 ],
710 [ "4.13.29", "Invalid DN and RFC822 nameConstraints Test29", 47 ],
711 [ "4.13.30", "Valid DNS nameConstraints Test30", 0 ],
712 [ "4.13.31", "Invalid DNS nameConstraints Test31", 47 ],
713 [ "4.13.32", "Valid DNS nameConstraints Test32", 0 ],
714 [ "4.13.33", "Invalid DNS nameConstraints Test33", 48 ],
715 [ "4.13.34", "Valid URI nameConstraints Test34", 0 ],
716 [ "4.13.35", "Invalid URI nameConstraints Test35", 47 ],
717 [ "4.13.36", "Valid URI nameConstraints Test36", 0 ],
718 [ "4.13.37", "Invalid URI nameConstraints Test37", 48 ],
719 [ "4.13.38", "Invalid DNS nameConstraints Test38", 47 ],
720 [ "4.14", "Distribution Points" ],
721 [ "4.14.1", "Valid distributionPoint Test1", 0 ],
722 [ "4.14.2", "Invalid distributionPoint Test2", 23 ],
723 [ "4.14.3", "Invalid distributionPoint Test3", 44 ],
724 [ "4.14.4", "Valid distributionPoint Test4", 0 ],
725 [ "4.14.5", "Valid distributionPoint Test5", 0 ],
726 [ "4.14.6", "Invalid distributionPoint Test6", 23 ],
727 [ "4.14.7", "Valid distributionPoint Test7", 0 ],
728 [ "4.14.8", "Invalid distributionPoint Test8", 44 ],
729 [ "4.14.9", "Invalid distributionPoint Test9", 44 ],
730 [ "4.14.10", "Valid No issuingDistributionPoint Test10", 0 ],
731 [ "4.14.11", "Invalid onlyContainsUserCerts CRL Test11", 44 ],
732 [ "4.14.12", "Invalid onlyContainsCACerts CRL Test12", 44 ],
733 [ "4.14.13", "Valid onlyContainsCACerts CRL Test13", 0 ],
734 [ "4.14.14", "Invalid onlyContainsAttributeCerts Test14", 44 ],
735 [ "4.14.15", "Invalid onlySomeReasons Test15", 23 ],
736 [ "4.14.16", "Invalid onlySomeReasons Test16", 23 ],
737 [ "4.14.17", "Invalid onlySomeReasons Test17", 3 ],
738 [ "4.14.18", "Valid onlySomeReasons Test18", 0 ],
739 [ "4.14.19", "Valid onlySomeReasons Test19", 0 ],
740 [ "4.14.20", "Invalid onlySomeReasons Test20", 23 ],
741 [ "4.14.21", "Invalid onlySomeReasons Test21", 23 ],
742 [ "4.14.22", "Valid IDP with indirectCRL Test22", 0 ],
743 [ "4.14.23", "Invalid IDP with indirectCRL Test23", 23 ],
744 [ "4.14.24", "Valid IDP with indirectCRL Test24", 0 ],
745 [ "4.14.25", "Valid IDP with indirectCRL Test25", 0 ],
746 [ "4.14.26", "Invalid IDP with indirectCRL Test26", 44 ],
747 [ "4.14.27", "Invalid cRLIssuer Test27", 3 ],
748 [ "4.14.28", "Valid cRLIssuer Test28", 0 ],
749 [ "4.14.29", "Valid cRLIssuer Test29", 0 ],
750
751 # Although this test is valid it has a circular dependency. As a result
752 # an attempt is made to reursively checks a CRL path and rejected due to
753 # a CRL path validation error. PKITS notes suggest this test does not
754 # need to be run due to this issue.
755 [ "4.14.30", "Valid cRLIssuer Test30", 54 ],
756 [ "4.14.31", "Invalid cRLIssuer Test31", 23 ],
757 [ "4.14.32", "Invalid cRLIssuer Test32", 23 ],
758 [ "4.14.33", "Valid cRLIssuer Test33", 0 ],
759 [ "4.14.34", "Invalid cRLIssuer Test34", 23 ],
760 [ "4.14.35", "Invalid cRLIssuer Test35", 44 ],
761 [ "4.15", "Delta-CRLs" ],
762 [ "4.15.1", "Invalid deltaCRLIndicator No Base Test1", 3 ],
763 [ "4.15.2", "Valid delta-CRL Test2", 0 ],
764 [ "4.15.3", "Invalid delta-CRL Test3", 23 ],
765 [ "4.15.4", "Invalid delta-CRL Test4", 23 ],
766 [ "4.15.5", "Valid delta-CRL Test5", 0 ],
767 [ "4.15.6", "Invalid delta-CRL Test6", 23 ],
768 [ "4.15.7", "Valid delta-CRL Test7", 0 ],
769 [ "4.15.8", "Valid delta-CRL Test8", 0 ],
770 [ "4.15.9", "Invalid delta-CRL Test9", 23 ],
771 [ "4.15.10", "Invalid delta-CRL Test10", 12 ],
772 [ "4.16", "Private Certificate Extensions" ],
773 [ "4.16.1", "Valid Unknown Not Critical Certificate Extension Test1", 0 ],
774 [ "4.16.2", "Invalid Unknown Critical Certificate Extension Test2", 34 ],
775);
776
777
778my $verbose = 1;
779
780my $numtest = 0;
781my $numfail = 0;
782
783my $ossl = "ossl/apps/openssl";
784
785my $ossl_cmd = "$ossl_path cms -verify -verify_retcode ";
786$ossl_cmd .= "-CAfile pkitsta.pem -crl_check_all -x509_strict ";
787$ossl_cmd .= "-policy_check -extended_crl -use_deltas -out /dev/null 2>&1 ";
788
789system "$ossl_path x509 -inform DER -in $pkitsta -out pkitsta.pem";
790
791die "Can't create trust anchor file" if $?;
792
793print "Running PKITS tests:\n" if $verbose;
794
795foreach (@testlists) {
796 my $argnum = @$_;
797 if ( $argnum == 2 ) {
798 my ( $tnum, $title ) = @$_;
799 print "$tnum $title\n" if $verbose;
800 }
801 elsif ( $argnum == 3 ) {
802 my ( $tnum, $title, $exp_ret ) = @$_;
803 my $filename = $title;
804 $exp_ret += 32 if $exp_ret;
805 $filename =~ tr/ -//d;
806 $filename = "Signed${filename}.eml";
807 if ( !-f "$pkitsdir/$filename" ) {
808 print "\"$filename\" not found\n";
809 }
810 else {
811 my $ret;
812 my $test_fail = 0;
813 my $errmsg = "";
814 my $cmd = $ossl_cmd;
815 $cmd .= "-in $pkitsdir/$filename -policy anyPolicy";
816 my $cmdout = `$cmd`;
817 $ret = $? >> 8;
818 if ( $? & 0xff ) {
819 $errmsg .= "Abnormal OpenSSL termination\n";
820 $test_fail = 1;
821 }
822 if ( $exp_ret != $ret ) {
823 $errmsg .= "Return code:$ret, ";
824 $errmsg .= "expected $exp_ret\n";
825 $test_fail = 1;
826 }
827 if ($test_fail) {
828 print "$tnum $title : Failed!\n";
829 print "Filename: $pkitsdir/$filename\n";
830 print $errmsg;
831 print "Command output:\n$cmdout\n";
832 $numfail++;
833 }
834 $numtest++;
835 }
836 }
837 elsif ( $argnum == 7 ) {
838 my ( $tnum, $title, $exargs, $exp_epol, $exp_aset, $exp_uset, $exp_ret )
839 = @$_;
840 my $filename = $title;
841 $exp_ret += 32 if $exp_ret;
842 $filename =~ tr/ -//d;
843 $filename = "Signed${filename}.eml";
844 if ( !-f "$pkitsdir/$filename" ) {
845 print "\"$filename\" not found\n";
846 }
847 else {
848 my $ret;
849 my $cmdout = "";
850 my $errmsg = "";
851 my $epol = "";
852 my $aset = "";
853 my $uset = "";
854 my $pol = -1;
855 my $test_fail = 0;
856 my $cmd = $ossl_cmd;
857 $cmd .= "-in $pkitsdir/$filename $exargs -policy_print";
858 @oparr = `$cmd`;
859 $ret = $? >> 8;
860
861 if ( $? & 0xff ) {
862 $errmsg .= "Abnormal OpenSSL termination\n";
863 $test_fail = 1;
864 }
865 foreach (@oparr) {
866 my $test_failed = 0;
867 $cmdout .= $_;
868 if (/^Require explicit Policy: (.*)$/) {
869 $epol = $1;
870 }
871 if (/^Authority Policies/) {
872 if (/empty/) {
873 $aset = "<empty>";
874 }
875 else {
876 $pol = 1;
877 }
878 }
879 $test_fail = 1 if (/leak/i);
880 if (/^User Policies/) {
881 if (/empty/) {
882 $uset = "<empty>";
883 }
884 else {
885 $pol = 2;
886 }
887 }
888 if (/\s+Policy: (.*)$/) {
889 if ( $pol == 1 ) {
890 $aset .= ":" if $aset ne "";
891 $aset .= $1;
892 }
893 elsif ( $pol == 2 ) {
894 $uset .= ":" if $uset ne "";
895 $uset .= $1;
896 }
897 }
898 }
899
900 if ( $epol ne $exp_epol ) {
901 $errmsg .= "Explicit policy:$epol, ";
902 $errmsg .= "expected $exp_epol\n";
903 $test_fail = 1;
904 }
905 if ( $aset ne $exp_aset ) {
906 $errmsg .= "Authority policy set :$aset, ";
907 $errmsg .= "expected $exp_aset\n";
908 $test_fail = 1;
909 }
910 if ( $uset ne $exp_uset ) {
911 $errmsg .= "User policy set :$uset, ";
912 $errmsg .= "expected $exp_uset\n";
913 $test_fail = 1;
914 }
915
916 if ( $exp_ret != $ret ) {
917 print "Return code:$ret, expected $exp_ret\n";
918 $test_fail = 1;
919 }
920
921 if ($test_fail) {
922 print "$tnum $title : Failed!\n";
923 print "Filename: $pkitsdir/$filename\n";
924 print "Command output:\n$cmdout\n";
925 $numfail++;
926 }
927 $numtest++;
928 }
929 }
930}
931
932if ($numfail) {
933 print "$numfail tests failed out of $numtest\n";
934}
935else {
936 print "All Tests Successful.\n";
937}
938
939unlink "pkitsta.pem";
940
diff --git a/src/lib/libssl/test/test_padlock b/src/lib/libssl/test/test_padlock
new file mode 100755
index 0000000000..5c0f21043c
--- /dev/null
+++ b/src/lib/libssl/test/test_padlock
@@ -0,0 +1,64 @@
1#!/bin/sh
2
3PROG=$1
4
5if [ -x $PROG ]; then
6 if expr "x`$PROG version`" : "xOpenSSL" > /dev/null; then
7 :
8 else
9 echo "$PROG is not OpenSSL executable"
10 exit 1
11 fi
12else
13 echo "$PROG is not executable"
14 exit 1;
15fi
16
17if $PROG engine padlock | grep -v no-ACE; then
18
19 HASH=`cat $PROG | $PROG dgst -hex`
20
21 ACE_ALGS=" aes-128-ecb aes-192-ecb aes-256-ecb \
22 aes-128-cbc aes-192-cbc aes-256-cbc \
23 aes-128-cfb aes-192-cfb aes-256-cfb \
24 aes-128-ofb aes-192-ofb aes-256-ofb"
25
26 nerr=0
27
28 for alg in $ACE_ALGS; do
29 echo $alg
30 TEST=`( cat $PROG | \
31 $PROG enc -e -k "$HASH" -$alg -bufsize 999 -engine padlock | \
32 $PROG enc -d -k "$HASH" -$alg | \
33 $PROG dgst -hex ) 2>/dev/null`
34 if [ "$TEST" != "$HASH" ]; then
35 echo "-$alg encrypt test failed"
36 nerr=`expr $nerr + 1`
37 fi
38 TEST=`( cat $PROG | \
39 $PROG enc -e -k "$HASH" -$alg | \
40 $PROG enc -d -k "$HASH" -$alg -bufsize 999 -engine padlock | \
41 $PROG dgst -hex ) 2>/dev/null`
42 if [ "$TEST" != "$HASH" ]; then
43 echo "-$alg decrypt test failed"
44 nerr=`expr $nerr + 1`
45 fi
46 TEST=`( cat $PROG | \
47 $PROG enc -e -k "$HASH" -$alg -engine padlock | \
48 $PROG enc -d -k "$HASH" -$alg -engine padlock | \
49 $PROG dgst -hex ) 2>/dev/null`
50 if [ "$TEST" != "$HASH" ]; then
51 echo "-$alg en/decrypt test failed"
52 nerr=`expr $nerr + 1`
53 fi
54 done
55
56 if [ $nerr -gt 0 ]; then
57 echo "PadLock ACE test failed."
58 exit 1;
59 fi
60else
61 echo "PadLock ACE is not available"
62fi
63
64exit 0
diff --git a/src/lib/libssl/test/testtsa b/src/lib/libssl/test/testtsa
new file mode 100644
index 0000000000..bb653b5f73
--- /dev/null
+++ b/src/lib/libssl/test/testtsa
@@ -0,0 +1,238 @@
1#!/bin/sh
2
3#
4# A few very basic tests for the 'ts' time stamping authority command.
5#
6
7SH="/bin/sh"
8if test "$OSTYPE" = msdosdjgpp; then
9 PATH="../apps\;$PATH"
10else
11 PATH="../apps:$PATH"
12fi
13export SH PATH
14
15OPENSSL_CONF="../CAtsa.cnf"
16export OPENSSL_CONF
17# Because that's what ../apps/CA.sh really looks at
18SSLEAY_CONFIG="-config $OPENSSL_CONF"
19export SSLEAY_CONFIG
20
21OPENSSL="`pwd`/../util/opensslwrap.sh"
22export OPENSSL
23
24error () {
25
26 echo "TSA test failed!" >&2
27 exit 1
28}
29
30setup_dir () {
31
32 rm -rf tsa 2>/dev/null
33 mkdir tsa
34 cd ./tsa
35}
36
37clean_up_dir () {
38
39 cd ..
40 rm -rf tsa
41}
42
43create_ca () {
44
45 echo "Creating a new CA for the TSA tests..."
46 TSDNSECT=ts_ca_dn
47 export TSDNSECT
48 ../../util/shlib_wrap.sh ../../apps/openssl req -new -x509 -nodes \
49 -out tsaca.pem -keyout tsacakey.pem
50 test $? != 0 && error
51}
52
53create_tsa_cert () {
54
55 INDEX=$1
56 export INDEX
57 EXT=$2
58 TSDNSECT=ts_cert_dn
59 export TSDNSECT
60
61 ../../util/shlib_wrap.sh ../../apps/openssl req -new \
62 -out tsa_req${INDEX}.pem -keyout tsa_key${INDEX}.pem
63 test $? != 0 && error
64echo Using extension $EXT
65 ../../util/shlib_wrap.sh ../../apps/openssl x509 -req \
66 -in tsa_req${INDEX}.pem -out tsa_cert${INDEX}.pem \
67 -CA tsaca.pem -CAkey tsacakey.pem -CAcreateserial \
68 -extfile $OPENSSL_CONF -extensions $EXT
69 test $? != 0 && error
70}
71
72print_request () {
73
74 ../../util/shlib_wrap.sh ../../apps/openssl ts -query -in $1 -text
75}
76
77create_time_stamp_request1 () {
78
79 ../../util/shlib_wrap.sh ../../apps/openssl ts -query -data ../testtsa -policy tsa_policy1 -cert -out req1.tsq
80 test $? != 0 && error
81}
82
83create_time_stamp_request2 () {
84
85 ../../util/shlib_wrap.sh ../../apps/openssl ts -query -data ../testtsa -policy tsa_policy2 -no_nonce \
86 -out req2.tsq
87 test $? != 0 && error
88}
89
90create_time_stamp_request3 () {
91
92 ../../util/shlib_wrap.sh ../../apps/openssl ts -query -data ../CAtsa.cnf -no_nonce -out req3.tsq
93 test $? != 0 && error
94}
95
96print_response () {
97
98 ../../util/shlib_wrap.sh ../../apps/openssl ts -reply -in $1 -text
99 test $? != 0 && error
100}
101
102create_time_stamp_response () {
103
104 ../../util/shlib_wrap.sh ../../apps/openssl ts -reply -section $3 -queryfile $1 -out $2
105 test $? != 0 && error
106}
107
108time_stamp_response_token_test () {
109
110 RESPONSE2=$2.copy.tsr
111 TOKEN_DER=$2.token.der
112 ../../util/shlib_wrap.sh ../../apps/openssl ts -reply -in $2 -out $TOKEN_DER -token_out
113 test $? != 0 && error
114 ../../util/shlib_wrap.sh ../../apps/openssl ts -reply -in $TOKEN_DER -token_in -out $RESPONSE2
115 test $? != 0 && error
116 cmp $RESPONSE2 $2
117 test $? != 0 && error
118 ../../util/shlib_wrap.sh ../../apps/openssl ts -reply -in $2 -text -token_out
119 test $? != 0 && error
120 ../../util/shlib_wrap.sh ../../apps/openssl ts -reply -in $TOKEN_DER -token_in -text -token_out
121 test $? != 0 && error
122 ../../util/shlib_wrap.sh ../../apps/openssl ts -reply -queryfile $1 -text -token_out
123 test $? != 0 && error
124}
125
126verify_time_stamp_response () {
127
128 ../../util/shlib_wrap.sh ../../apps/openssl ts -verify -queryfile $1 -in $2 -CAfile tsaca.pem \
129 -untrusted tsa_cert1.pem
130 test $? != 0 && error
131 ../../util/shlib_wrap.sh ../../apps/openssl ts -verify -data $3 -in $2 -CAfile tsaca.pem \
132 -untrusted tsa_cert1.pem
133 test $? != 0 && error
134}
135
136verify_time_stamp_token () {
137
138 # create the token from the response first
139 ../../util/shlib_wrap.sh ../../apps/openssl ts -reply -in $2 -out $2.token -token_out
140 test $? != 0 && error
141 ../../util/shlib_wrap.sh ../../apps/openssl ts -verify -queryfile $1 -in $2.token -token_in \
142 -CAfile tsaca.pem -untrusted tsa_cert1.pem
143 test $? != 0 && error
144 ../../util/shlib_wrap.sh ../../apps/openssl ts -verify -data $3 -in $2.token -token_in \
145 -CAfile tsaca.pem -untrusted tsa_cert1.pem
146 test $? != 0 && error
147}
148
149verify_time_stamp_response_fail () {
150
151 ../../util/shlib_wrap.sh ../../apps/openssl ts -verify -queryfile $1 -in $2 -CAfile tsaca.pem \
152 -untrusted tsa_cert1.pem
153 # Checks if the verification failed, as it should have.
154 test $? = 0 && error
155 echo Ok
156}
157
158# main functions
159
160echo "Setting up TSA test directory..."
161setup_dir
162
163echo "Creating CA for TSA tests..."
164create_ca
165
166echo "Creating tsa_cert1.pem TSA server cert..."
167create_tsa_cert 1 tsa_cert
168
169echo "Creating tsa_cert2.pem non-TSA server cert..."
170create_tsa_cert 2 non_tsa_cert
171
172echo "Creating req1.req time stamp request for file testtsa..."
173create_time_stamp_request1
174
175echo "Printing req1.req..."
176print_request req1.tsq
177
178echo "Generating valid response for req1.req..."
179create_time_stamp_response req1.tsq resp1.tsr tsa_config1
180
181echo "Printing response..."
182print_response resp1.tsr
183
184echo "Verifying valid response..."
185verify_time_stamp_response req1.tsq resp1.tsr ../testtsa
186
187echo "Verifying valid token..."
188verify_time_stamp_token req1.tsq resp1.tsr ../testtsa
189
190# The tests below are commented out, because invalid signer certificates
191# can no longer be specified in the config file.
192
193# echo "Generating _invalid_ response for req1.req..."
194# create_time_stamp_response req1.tsq resp1_bad.tsr tsa_config2
195
196# echo "Printing response..."
197# print_response resp1_bad.tsr
198
199# echo "Verifying invalid response, it should fail..."
200# verify_time_stamp_response_fail req1.tsq resp1_bad.tsr
201
202echo "Creating req2.req time stamp request for file testtsa..."
203create_time_stamp_request2
204
205echo "Printing req2.req..."
206print_request req2.tsq
207
208echo "Generating valid response for req2.req..."
209create_time_stamp_response req2.tsq resp2.tsr tsa_config1
210
211echo "Checking '-token_in' and '-token_out' options with '-reply'..."
212time_stamp_response_token_test req2.tsq resp2.tsr
213
214echo "Printing response..."
215print_response resp2.tsr
216
217echo "Verifying valid response..."
218verify_time_stamp_response req2.tsq resp2.tsr ../testtsa
219
220echo "Verifying response against wrong request, it should fail..."
221verify_time_stamp_response_fail req1.tsq resp2.tsr
222
223echo "Verifying response against wrong request, it should fail..."
224verify_time_stamp_response_fail req2.tsq resp1.tsr
225
226echo "Creating req3.req time stamp request for file CAtsa.cnf..."
227create_time_stamp_request3
228
229echo "Printing req3.req..."
230print_request req3.tsq
231
232echo "Verifying response against wrong request, it should fail..."
233verify_time_stamp_response_fail req3.tsq resp1.tsr
234
235echo "Cleaning up..."
236clean_up_dir
237
238exit 0
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-04-26 21:29:32 +0000