summaryrefslogtreecommitdiff
path: root/src/lib/libssl
diff options
context:
space:
mode:
Diffstat (limited to 'src/lib/libssl')
-rw-r--r--src/lib/libssl/d1_both.c28
-rw-r--r--src/lib/libssl/d1_enc.c6
-rw-r--r--src/lib/libssl/d1_lib.c65
-rw-r--r--src/lib/libssl/test/cms-test.pl94
4 files changed, 117 insertions, 76 deletions
diff --git a/src/lib/libssl/d1_both.c b/src/lib/libssl/d1_both.c
index 4ce4064cc9..2180c6d4da 100644
--- a/src/lib/libssl/d1_both.c
+++ b/src/lib/libssl/d1_both.c
@@ -153,7 +153,7 @@
153#endif 153#endif
154 154
155static unsigned char bitmask_start_values[] = {0xff, 0xfe, 0xfc, 0xf8, 0xf0, 0xe0, 0xc0, 0x80}; 155static unsigned char bitmask_start_values[] = {0xff, 0xfe, 0xfc, 0xf8, 0xf0, 0xe0, 0xc0, 0x80};
156static unsigned char bitmask_end_values[] = {0x00, 0x01, 0x03, 0x07, 0x0f, 0x1f, 0x3f, 0x7f}; 156static unsigned char bitmask_end_values[] = {0xff, 0x01, 0x03, 0x07, 0x0f, 0x1f, 0x3f, 0x7f};
157 157
158/* XDTLS: figure out the right values */ 158/* XDTLS: figure out the right values */
159static unsigned int g_probable_mtu[] = {1500 - 28, 512 - 28, 256 - 28}; 159static unsigned int g_probable_mtu[] = {1500 - 28, 512 - 28, 256 - 28};
@@ -464,20 +464,9 @@ again:
464 464
465 memset(msg_hdr, 0x00, sizeof(struct hm_header_st)); 465 memset(msg_hdr, 0x00, sizeof(struct hm_header_st));
466 466
467 s->d1->handshake_read_seq++; 467 /* Don't change sequence numbers while listening */
468 /* we just read a handshake message from the other side: 468 if (!s->d1->listen)
469 * this means that we don't need to retransmit of the 469 s->d1->handshake_read_seq++;
470 * buffered messages.
471 * XDTLS: may be able clear out this
472 * buffer a little sooner (i.e if an out-of-order
473 * handshake message/record is received at the record
474 * layer.
475 * XDTLS: exception is that the server needs to
476 * know that change cipher spec and finished messages
477 * have been received by the client before clearing this
478 * buffer. this can simply be done by waiting for the
479 * first data segment, but is there a better way? */
480 dtls1_clear_record_buffer(s);
481 470
482 s->init_msg = s->init_buf->data + DTLS1_HM_HEADER_LENGTH; 471 s->init_msg = s->init_buf->data + DTLS1_HM_HEADER_LENGTH;
483 return s->init_num; 472 return s->init_num;
@@ -813,9 +802,11 @@ dtls1_get_message_fragment(SSL *s, int st1, int stn, long max, int *ok)
813 802
814 /* 803 /*
815 * if this is a future (or stale) message it gets buffered 804 * if this is a future (or stale) message it gets buffered
816 * (or dropped)--no further processing at this time 805 * (or dropped)--no further processing at this time
806 * While listening, we accept seq 1 (ClientHello with cookie)
807 * although we're still expecting seq 0 (ClientHello)
817 */ 808 */
818 if ( msg_hdr.seq != s->d1->handshake_read_seq) 809 if (msg_hdr.seq != s->d1->handshake_read_seq && !(s->d1->listen && msg_hdr.seq == 1))
819 return dtls1_process_out_of_seq_message(s, &msg_hdr, ok); 810 return dtls1_process_out_of_seq_message(s, &msg_hdr, ok);
820 811
821 len = msg_hdr.msg_len; 812 len = msg_hdr.msg_len;
@@ -1322,7 +1313,8 @@ unsigned char *
1322dtls1_set_message_header(SSL *s, unsigned char *p, unsigned char mt, 1313dtls1_set_message_header(SSL *s, unsigned char *p, unsigned char mt,
1323 unsigned long len, unsigned long frag_off, unsigned long frag_len) 1314 unsigned long len, unsigned long frag_off, unsigned long frag_len)
1324 { 1315 {
1325 if ( frag_off == 0) 1316 /* Don't change sequence numbers while listening */
1317 if (frag_off == 0 && !s->d1->listen)
1326 { 1318 {
1327 s->d1->handshake_write_seq = s->d1->next_handshake_write_seq; 1319 s->d1->handshake_write_seq = s->d1->next_handshake_write_seq;
1328 s->d1->next_handshake_write_seq++; 1320 s->d1->next_handshake_write_seq++;
diff --git a/src/lib/libssl/d1_enc.c b/src/lib/libssl/d1_enc.c
index 8fa57347a9..becbab91c2 100644
--- a/src/lib/libssl/d1_enc.c
+++ b/src/lib/libssl/d1_enc.c
@@ -231,11 +231,7 @@ int dtls1_enc(SSL *s, int send)
231 if (!send) 231 if (!send)
232 { 232 {
233 if (l == 0 || l%bs != 0) 233 if (l == 0 || l%bs != 0)
234 { 234 return -1;
235 SSLerr(SSL_F_DTLS1_ENC,SSL_R_BLOCK_CIPHER_PAD_IS_WRONG);
236 ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_DECRYPTION_FAILED);
237 return 0;
238 }
239 } 235 }
240 236
241 EVP_Cipher(ds,rec->data,rec->input,l); 237 EVP_Cipher(ds,rec->data,rec->input,l);
diff --git a/src/lib/libssl/d1_lib.c b/src/lib/libssl/d1_lib.c
index 96b220e87c..48e8b6ffbb 100644
--- a/src/lib/libssl/d1_lib.c
+++ b/src/lib/libssl/d1_lib.c
@@ -129,26 +129,33 @@ int dtls1_new(SSL *s)
129 return(1); 129 return(1);
130 } 130 }
131 131
132void dtls1_free(SSL *s) 132static void dtls1_clear_queues(SSL *s)
133 { 133 {
134 pitem *item = NULL; 134 pitem *item = NULL;
135 hm_fragment *frag = NULL; 135 hm_fragment *frag = NULL;
136 136 DTLS1_RECORD_DATA *rdata;
137 ssl3_free(s);
138 137
139 while( (item = pqueue_pop(s->d1->unprocessed_rcds.q)) != NULL) 138 while( (item = pqueue_pop(s->d1->unprocessed_rcds.q)) != NULL)
140 { 139 {
140 rdata = (DTLS1_RECORD_DATA *) item->data;
141 if (rdata->rbuf.buf)
142 {
143 OPENSSL_free(rdata->rbuf.buf);
144 }
141 OPENSSL_free(item->data); 145 OPENSSL_free(item->data);
142 pitem_free(item); 146 pitem_free(item);
143 } 147 }
144 pqueue_free(s->d1->unprocessed_rcds.q);
145 148
146 while( (item = pqueue_pop(s->d1->processed_rcds.q)) != NULL) 149 while( (item = pqueue_pop(s->d1->processed_rcds.q)) != NULL)
147 { 150 {
151 rdata = (DTLS1_RECORD_DATA *) item->data;
152 if (rdata->rbuf.buf)
153 {
154 OPENSSL_free(rdata->rbuf.buf);
155 }
148 OPENSSL_free(item->data); 156 OPENSSL_free(item->data);
149 pitem_free(item); 157 pitem_free(item);
150 } 158 }
151 pqueue_free(s->d1->processed_rcds.q);
152 159
153 while( (item = pqueue_pop(s->d1->buffered_messages)) != NULL) 160 while( (item = pqueue_pop(s->d1->buffered_messages)) != NULL)
154 { 161 {
@@ -157,7 +164,6 @@ void dtls1_free(SSL *s)
157 OPENSSL_free(frag); 164 OPENSSL_free(frag);
158 pitem_free(item); 165 pitem_free(item);
159 } 166 }
160 pqueue_free(s->d1->buffered_messages);
161 167
162 while ( (item = pqueue_pop(s->d1->sent_messages)) != NULL) 168 while ( (item = pqueue_pop(s->d1->sent_messages)) != NULL)
163 { 169 {
@@ -166,7 +172,6 @@ void dtls1_free(SSL *s)
166 OPENSSL_free(frag); 172 OPENSSL_free(frag);
167 pitem_free(item); 173 pitem_free(item);
168 } 174 }
169 pqueue_free(s->d1->sent_messages);
170 175
171 while ( (item = pqueue_pop(s->d1->buffered_app_data.q)) != NULL) 176 while ( (item = pqueue_pop(s->d1->buffered_app_data.q)) != NULL)
172 { 177 {
@@ -175,6 +180,18 @@ void dtls1_free(SSL *s)
175 OPENSSL_free(frag); 180 OPENSSL_free(frag);
176 pitem_free(item); 181 pitem_free(item);
177 } 182 }
183 }
184
185void dtls1_free(SSL *s)
186 {
187 ssl3_free(s);
188
189 dtls1_clear_queues(s);
190
191 pqueue_free(s->d1->unprocessed_rcds.q);
192 pqueue_free(s->d1->processed_rcds.q);
193 pqueue_free(s->d1->buffered_messages);
194 pqueue_free(s->d1->sent_messages);
178 pqueue_free(s->d1->buffered_app_data.q); 195 pqueue_free(s->d1->buffered_app_data.q);
179 196
180 OPENSSL_free(s->d1); 197 OPENSSL_free(s->d1);
@@ -182,6 +199,36 @@ void dtls1_free(SSL *s)
182 199
183void dtls1_clear(SSL *s) 200void dtls1_clear(SSL *s)
184 { 201 {
202 pqueue unprocessed_rcds;
203 pqueue processed_rcds;
204 pqueue buffered_messages;
205 pqueue sent_messages;
206 pqueue buffered_app_data;
207
208 if (s->d1)
209 {
210 unprocessed_rcds = s->d1->unprocessed_rcds.q;
211 processed_rcds = s->d1->processed_rcds.q;
212 buffered_messages = s->d1->buffered_messages;
213 sent_messages = s->d1->sent_messages;
214 buffered_app_data = s->d1->buffered_app_data.q;
215
216 dtls1_clear_queues(s);
217
218 memset(s->d1, 0, sizeof(*(s->d1)));
219
220 if (s->server)
221 {
222 s->d1->cookie_len = sizeof(s->d1->cookie);
223 }
224
225 s->d1->unprocessed_rcds.q = unprocessed_rcds;
226 s->d1->processed_rcds.q = processed_rcds;
227 s->d1->buffered_messages = buffered_messages;
228 s->d1->sent_messages = sent_messages;
229 s->d1->buffered_app_data.q = buffered_app_data;
230 }
231
185 ssl3_clear(s); 232 ssl3_clear(s);
186 if (s->options & SSL_OP_CISCO_ANYCONNECT) 233 if (s->options & SSL_OP_CISCO_ANYCONNECT)
187 s->version=DTLS1_BAD_VER; 234 s->version=DTLS1_BAD_VER;
@@ -330,6 +377,8 @@ void dtls1_stop_timer(SSL *s)
330 memset(&(s->d1->next_timeout), 0, sizeof(struct timeval)); 377 memset(&(s->d1->next_timeout), 0, sizeof(struct timeval));
331 s->d1->timeout_duration = 1; 378 s->d1->timeout_duration = 1;
332 BIO_ctrl(SSL_get_rbio(s), BIO_CTRL_DGRAM_SET_NEXT_TIMEOUT, 0, &(s->d1->next_timeout)); 379 BIO_ctrl(SSL_get_rbio(s), BIO_CTRL_DGRAM_SET_NEXT_TIMEOUT, 0, &(s->d1->next_timeout));
380 /* Clear retransmission buffer */
381 dtls1_clear_record_buffer(s);
333 } 382 }
334 383
335int dtls1_handle_timeout(SSL *s) 384int dtls1_handle_timeout(SSL *s)
@@ -349,7 +398,7 @@ int dtls1_handle_timeout(SSL *s)
349 { 398 {
350 /* fail the connection, enough alerts have been sent */ 399 /* fail the connection, enough alerts have been sent */
351 SSLerr(SSL_F_DTLS1_HANDLE_TIMEOUT,SSL_R_READ_TIMEOUT_EXPIRED); 400 SSLerr(SSL_F_DTLS1_HANDLE_TIMEOUT,SSL_R_READ_TIMEOUT_EXPIRED);
352 return 0; 401 return -1;
353 } 402 }
354 403
355 state->timeout.read_timeouts++; 404 state->timeout.read_timeouts++;
diff --git a/src/lib/libssl/test/cms-test.pl b/src/lib/libssl/test/cms-test.pl
index 9c50dff3e9..c938bcf00d 100644
--- a/src/lib/libssl/test/cms-test.pl
+++ b/src/lib/libssl/test/cms-test.pl
@@ -54,9 +54,13 @@
54# OpenSSL PKCS#7 and CMS implementations. 54# OpenSSL PKCS#7 and CMS implementations.
55 55
56my $ossl_path; 56my $ossl_path;
57my $redir = " 2>cms.err 1>cms.out"; 57my $redir = " 2> cms.err > cms.out";
58# Make VMS work
59if ( $^O eq "VMS" && -f "OSSLX:openssl.exe" ) {
60 $ossl_path = "pipe mcr OSSLX:openssl";
61}
58# Make MSYS work 62# Make MSYS work
59if ( $^O eq "MSWin32" && -f "../apps/openssl.exe" ) { 63elsif ( $^O eq "MSWin32" && -f "../apps/openssl.exe" ) {
60 $ossl_path = "cmd /c ..\\apps\\openssl"; 64 $ossl_path = "cmd /c ..\\apps\\openssl";
61} 65}
62elsif ( -f "../apps/openssl$ENV{EXE_EXT}" ) { 66elsif ( -f "../apps/openssl$ENV{EXE_EXT}" ) {
@@ -84,79 +88,79 @@ my @smime_pkcs7_tests = (
84 88
85 [ 89 [
86 "signed content DER format, RSA key", 90 "signed content DER format, RSA key",
87 "-sign -in smcont.txt -outform DER -nodetach" 91 "-sign -in smcont.txt -outform \"DER\" -nodetach"
88 . " -certfile $smdir/smroot.pem" 92 . " -certfile $smdir/smroot.pem"
89 . " -signer $smdir/smrsa1.pem -out test.cms", 93 . " -signer $smdir/smrsa1.pem -out test.cms",
90 "-verify -in test.cms -inform DER " 94 "-verify -in test.cms -inform \"DER\" "
91 . " -CAfile $smdir/smroot.pem -out smtst.txt" 95 . " \"-CAfile\" $smdir/smroot.pem -out smtst.txt"
92 ], 96 ],
93 97
94 [ 98 [
95 "signed detached content DER format, RSA key", 99 "signed detached content DER format, RSA key",
96 "-sign -in smcont.txt -outform DER" 100 "-sign -in smcont.txt -outform \"DER\""
97 . " -signer $smdir/smrsa1.pem -out test.cms", 101 . " -signer $smdir/smrsa1.pem -out test.cms",
98 "-verify -in test.cms -inform DER " 102 "-verify -in test.cms -inform \"DER\" "
99 . " -CAfile $smdir/smroot.pem -out smtst.txt -content smcont.txt" 103 . " \"-CAfile\" $smdir/smroot.pem -out smtst.txt -content smcont.txt"
100 ], 104 ],
101 105
102 [ 106 [
103 "signed content test streaming BER format, RSA", 107 "signed content test streaming BER format, RSA",
104 "-sign -in smcont.txt -outform DER -nodetach" 108 "-sign -in smcont.txt -outform \"DER\" -nodetach"
105 . " -stream -signer $smdir/smrsa1.pem -out test.cms", 109 . " -stream -signer $smdir/smrsa1.pem -out test.cms",
106 "-verify -in test.cms -inform DER " 110 "-verify -in test.cms -inform \"DER\" "
107 . " -CAfile $smdir/smroot.pem -out smtst.txt" 111 . " \"-CAfile\" $smdir/smroot.pem -out smtst.txt"
108 ], 112 ],
109 113
110 [ 114 [
111 "signed content DER format, DSA key", 115 "signed content DER format, DSA key",
112 "-sign -in smcont.txt -outform DER -nodetach" 116 "-sign -in smcont.txt -outform \"DER\" -nodetach"
113 . " -signer $smdir/smdsa1.pem -out test.cms", 117 . " -signer $smdir/smdsa1.pem -out test.cms",
114 "-verify -in test.cms -inform DER " 118 "-verify -in test.cms -inform \"DER\" "
115 . " -CAfile $smdir/smroot.pem -out smtst.txt" 119 . " \"-CAfile\" $smdir/smroot.pem -out smtst.txt"
116 ], 120 ],
117 121
118 [ 122 [
119 "signed detached content DER format, DSA key", 123 "signed detached content DER format, DSA key",
120 "-sign -in smcont.txt -outform DER" 124 "-sign -in smcont.txt -outform \"DER\""
121 . " -signer $smdir/smdsa1.pem -out test.cms", 125 . " -signer $smdir/smdsa1.pem -out test.cms",
122 "-verify -in test.cms -inform DER " 126 "-verify -in test.cms -inform \"DER\" "
123 . " -CAfile $smdir/smroot.pem -out smtst.txt -content smcont.txt" 127 . " \"-CAfile\" $smdir/smroot.pem -out smtst.txt -content smcont.txt"
124 ], 128 ],
125 129
126 [ 130 [
127 "signed detached content DER format, add RSA signer", 131 "signed detached content DER format, add RSA signer",
128 "-resign -inform DER -in test.cms -outform DER" 132 "-resign -inform \"DER\" -in test.cms -outform \"DER\""
129 . " -signer $smdir/smrsa1.pem -out test2.cms", 133 . " -signer $smdir/smrsa1.pem -out test2.cms",
130 "-verify -in test2.cms -inform DER " 134 "-verify -in test2.cms -inform \"DER\" "
131 . " -CAfile $smdir/smroot.pem -out smtst.txt -content smcont.txt" 135 . " \"-CAfile\" $smdir/smroot.pem -out smtst.txt -content smcont.txt"
132 ], 136 ],
133 137
134 [ 138 [
135 "signed content test streaming BER format, DSA key", 139 "signed content test streaming BER format, DSA key",
136 "-sign -in smcont.txt -outform DER -nodetach" 140 "-sign -in smcont.txt -outform \"DER\" -nodetach"
137 . " -stream -signer $smdir/smdsa1.pem -out test.cms", 141 . " -stream -signer $smdir/smdsa1.pem -out test.cms",
138 "-verify -in test.cms -inform DER " 142 "-verify -in test.cms -inform \"DER\" "
139 . " -CAfile $smdir/smroot.pem -out smtst.txt" 143 . " \"-CAfile\" $smdir/smroot.pem -out smtst.txt"
140 ], 144 ],
141 145
142 [ 146 [
143 "signed content test streaming BER format, 2 DSA and 2 RSA keys", 147 "signed content test streaming BER format, 2 DSA and 2 RSA keys",
144 "-sign -in smcont.txt -outform DER -nodetach" 148 "-sign -in smcont.txt -outform \"DER\" -nodetach"
145 . " -signer $smdir/smrsa1.pem -signer $smdir/smrsa2.pem" 149 . " -signer $smdir/smrsa1.pem -signer $smdir/smrsa2.pem"
146 . " -signer $smdir/smdsa1.pem -signer $smdir/smdsa2.pem" 150 . " -signer $smdir/smdsa1.pem -signer $smdir/smdsa2.pem"
147 . " -stream -out test.cms", 151 . " -stream -out test.cms",
148 "-verify -in test.cms -inform DER " 152 "-verify -in test.cms -inform \"DER\" "
149 . " -CAfile $smdir/smroot.pem -out smtst.txt" 153 . " \"-CAfile\" $smdir/smroot.pem -out smtst.txt"
150 ], 154 ],
151 155
152 [ 156 [
153"signed content test streaming BER format, 2 DSA and 2 RSA keys, no attributes", 157"signed content test streaming BER format, 2 DSA and 2 RSA keys, no attributes",
154 "-sign -in smcont.txt -outform DER -noattr -nodetach" 158 "-sign -in smcont.txt -outform \"DER\" -noattr -nodetach"
155 . " -signer $smdir/smrsa1.pem -signer $smdir/smrsa2.pem" 159 . " -signer $smdir/smrsa1.pem -signer $smdir/smrsa2.pem"
156 . " -signer $smdir/smdsa1.pem -signer $smdir/smdsa2.pem" 160 . " -signer $smdir/smdsa1.pem -signer $smdir/smdsa2.pem"
157 . " -stream -out test.cms", 161 . " -stream -out test.cms",
158 "-verify -in test.cms -inform DER " 162 "-verify -in test.cms -inform \"DER\" "
159 . " -CAfile $smdir/smroot.pem -out smtst.txt" 163 . " \"-CAfile\" $smdir/smroot.pem -out smtst.txt"
160 ], 164 ],
161 165
162 [ 166 [
@@ -165,7 +169,7 @@ my @smime_pkcs7_tests = (
165 . " -signer $smdir/smrsa1.pem -signer $smdir/smrsa2.pem" 169 . " -signer $smdir/smrsa1.pem -signer $smdir/smrsa2.pem"
166 . " -signer $smdir/smdsa1.pem -signer $smdir/smdsa2.pem" 170 . " -signer $smdir/smdsa1.pem -signer $smdir/smdsa2.pem"
167 . " -stream -out test.cms", 171 . " -stream -out test.cms",
168 "-verify -in test.cms " . " -CAfile $smdir/smroot.pem -out smtst.txt" 172 "-verify -in test.cms " . " \"-CAfile\" $smdir/smroot.pem -out smtst.txt"
169 ], 173 ],
170 174
171 [ 175 [
@@ -174,7 +178,7 @@ my @smime_pkcs7_tests = (
174 . " -signer $smdir/smrsa1.pem -signer $smdir/smrsa2.pem" 178 . " -signer $smdir/smrsa1.pem -signer $smdir/smrsa2.pem"
175 . " -signer $smdir/smdsa1.pem -signer $smdir/smdsa2.pem" 179 . " -signer $smdir/smdsa1.pem -signer $smdir/smdsa2.pem"
176 . " -stream -out test.cms", 180 . " -stream -out test.cms",
177 "-verify -in test.cms " . " -CAfile $smdir/smroot.pem -out smtst.txt" 181 "-verify -in test.cms " . " \"-CAfile\" $smdir/smroot.pem -out smtst.txt"
178 ], 182 ],
179 183
180 [ 184 [
@@ -215,12 +219,12 @@ my @smime_cms_tests = (
215 219
216 [ 220 [
217 "signed content test streaming BER format, 2 DSA and 2 RSA keys, keyid", 221 "signed content test streaming BER format, 2 DSA and 2 RSA keys, keyid",
218 "-sign -in smcont.txt -outform DER -nodetach -keyid" 222 "-sign -in smcont.txt -outform \"DER\" -nodetach -keyid"
219 . " -signer $smdir/smrsa1.pem -signer $smdir/smrsa2.pem" 223 . " -signer $smdir/smrsa1.pem -signer $smdir/smrsa2.pem"
220 . " -signer $smdir/smdsa1.pem -signer $smdir/smdsa2.pem" 224 . " -signer $smdir/smdsa1.pem -signer $smdir/smdsa2.pem"
221 . " -stream -out test.cms", 225 . " -stream -out test.cms",
222 "-verify -in test.cms -inform DER " 226 "-verify -in test.cms -inform \"DER\" "
223 . " -CAfile $smdir/smroot.pem -out smtst.txt" 227 . " \"-CAfile\" $smdir/smroot.pem -out smtst.txt"
224 ], 228 ],
225 229
226 [ 230 [
@@ -230,7 +234,7 @@ my @smime_cms_tests = (
230 . " -signer $smdir/smdsa1.pem -signer $smdir/smdsa2.pem" 234 . " -signer $smdir/smdsa1.pem -signer $smdir/smdsa2.pem"
231 . " -stream -out test.cms", 235 . " -stream -out test.cms",
232 "-verify -in test.cms -inform PEM " 236 "-verify -in test.cms -inform PEM "
233 . " -CAfile $smdir/smroot.pem -out smtst.txt" 237 . " \"-CAfile\" $smdir/smroot.pem -out smtst.txt"
234 ], 238 ],
235 239
236 [ 240 [
@@ -239,7 +243,7 @@ my @smime_cms_tests = (
239 . " -receipt_request_to test\@openssl.org -receipt_request_all" 243 . " -receipt_request_to test\@openssl.org -receipt_request_all"
240 . " -out test.cms", 244 . " -out test.cms",
241 "-verify -in test.cms " 245 "-verify -in test.cms "
242 . " -CAfile $smdir/smroot.pem -out smtst.txt" 246 . " \"-CAfile\" $smdir/smroot.pem -out smtst.txt"
243 ], 247 ],
244 248
245 [ 249 [
@@ -248,7 +252,7 @@ my @smime_cms_tests = (
248 . " -signer $smdir/smrsa2.pem" 252 . " -signer $smdir/smrsa2.pem"
249 . " -out test2.cms", 253 . " -out test2.cms",
250 "-verify_receipt test2.cms -in test.cms" 254 "-verify_receipt test2.cms -in test.cms"
251 . " -CAfile $smdir/smroot.pem" 255 . " \"-CAfile\" $smdir/smroot.pem"
252 ], 256 ],
253 257
254 [ 258 [
@@ -289,38 +293,38 @@ my @smime_cms_tests = (
289 293
290 [ 294 [
291 "encrypted content test streaming PEM format, 128 bit RC2 key", 295 "encrypted content test streaming PEM format, 128 bit RC2 key",
292 "-EncryptedData_encrypt -in smcont.txt -outform PEM" 296 "\"-EncryptedData_encrypt\" -in smcont.txt -outform PEM"
293 . " -rc2 -secretkey 000102030405060708090A0B0C0D0E0F" 297 . " -rc2 -secretkey 000102030405060708090A0B0C0D0E0F"
294 . " -stream -out test.cms", 298 . " -stream -out test.cms",
295 "-EncryptedData_decrypt -in test.cms -inform PEM " 299 "\"-EncryptedData_decrypt\" -in test.cms -inform PEM "
296 . " -secretkey 000102030405060708090A0B0C0D0E0F -out smtst.txt" 300 . " -secretkey 000102030405060708090A0B0C0D0E0F -out smtst.txt"
297 ], 301 ],
298 302
299 [ 303 [
300 "encrypted content test streaming PEM format, 40 bit RC2 key", 304 "encrypted content test streaming PEM format, 40 bit RC2 key",
301 "-EncryptedData_encrypt -in smcont.txt -outform PEM" 305 "\"-EncryptedData_encrypt\" -in smcont.txt -outform PEM"
302 . " -rc2 -secretkey 0001020304" 306 . " -rc2 -secretkey 0001020304"
303 . " -stream -out test.cms", 307 . " -stream -out test.cms",
304 "-EncryptedData_decrypt -in test.cms -inform PEM " 308 "\"-EncryptedData_decrypt\" -in test.cms -inform PEM "
305 . " -secretkey 0001020304 -out smtst.txt" 309 . " -secretkey 0001020304 -out smtst.txt"
306 ], 310 ],
307 311
308 [ 312 [
309 "encrypted content test streaming PEM format, triple DES key", 313 "encrypted content test streaming PEM format, triple DES key",
310 "-EncryptedData_encrypt -in smcont.txt -outform PEM" 314 "\"-EncryptedData_encrypt\" -in smcont.txt -outform PEM"
311 . " -des3 -secretkey 000102030405060708090A0B0C0D0E0F1011121314151617" 315 . " -des3 -secretkey 000102030405060708090A0B0C0D0E0F1011121314151617"
312 . " -stream -out test.cms", 316 . " -stream -out test.cms",
313 "-EncryptedData_decrypt -in test.cms -inform PEM " 317 "\"-EncryptedData_decrypt\" -in test.cms -inform PEM "
314 . " -secretkey 000102030405060708090A0B0C0D0E0F1011121314151617" 318 . " -secretkey 000102030405060708090A0B0C0D0E0F1011121314151617"
315 . " -out smtst.txt" 319 . " -out smtst.txt"
316 ], 320 ],
317 321
318 [ 322 [
319 "encrypted content test streaming PEM format, 128 bit AES key", 323 "encrypted content test streaming PEM format, 128 bit AES key",
320 "-EncryptedData_encrypt -in smcont.txt -outform PEM" 324 "\"-EncryptedData_encrypt\" -in smcont.txt -outform PEM"
321 . " -aes128 -secretkey 000102030405060708090A0B0C0D0E0F" 325 . " -aes128 -secretkey 000102030405060708090A0B0C0D0E0F"
322 . " -stream -out test.cms", 326 . " -stream -out test.cms",
323 "-EncryptedData_decrypt -in test.cms -inform PEM " 327 "\"-EncryptedData_decrypt\" -in test.cms -inform PEM "
324 . " -secretkey 000102030405060708090A0B0C0D0E0F -out smtst.txt" 328 . " -secretkey 000102030405060708090A0B0C0D0E0F -out smtst.txt"
325 ], 329 ],
326 330
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-04-27 01:41:51 +0000