static int test_fatalerr(void)
{
SSL_CTX *sctx = NULL, *cctx = NULL;
SSL *sssl = NULL, *cssl = NULL;
const char *msg = "Dummy";
BIO *wbio = NULL;
int ret = 0, len;
char buf[80];
unsigned char dummyrec[] = {
0x17, 0x03, 0x03, 0x00, 0x05, 'D', 'u', 'm', 'm', 'y'
};
if (!TEST_true(create_ssl_ctx_pair(TLS_method(), TLS_method(), &sctx, &cctx,
cert, privkey)))
goto err;
/*
* Deliberately set the cipher lists for client and server to be different
* to force a handshake failure.
*/
if (!TEST_true(SSL_CTX_set_cipher_list(sctx, "AES128-SHA"))
|| !TEST_true(SSL_CTX_set_cipher_list(cctx, "AES256-SHA"))
|| !TEST_true(create_ssl_objects(sctx, cctx, &sssl, &cssl, NULL,
NULL)))
goto err;
wbio = SSL_get_wbio(cssl);
if (!TEST_ptr(wbio)) {
printf("Unexpected NULL bio received\n");
goto err;
}
/* Connection should fail */
if (!TEST_false(create_ssl_connection(sssl, cssl, SSL_ERROR_NONE)))
goto err;
ERR_clear_error();
/* Inject a plaintext record from client to server */
if (!TEST_int_gt(BIO_write(wbio, dummyrec, sizeof(dummyrec)), 0))
goto err;
/* SSL_read()/SSL_write should fail because of a previous fatal error */
if (!TEST_int_le(len = SSL_read(sssl, buf, sizeof(buf - 1)), 0)) {
buf[len] = '\0';
TEST_error("Unexpected success reading data: %s\n", buf);
goto err;
}
if (!TEST_int_le(SSL_write(sssl, msg, strlen(msg)), 0))
goto err;
ret = 1;
err:
SSL_free(sssl);
SSL_free(cssl);
SSL_CTX_free(sctx);
SSL_CTX_free(cctx);
return ret;
}
static int test_param_size_t(int n)
{
size_t in, out;
unsigned char buf[MAX_LEN], le[MAX_LEN], cmp[sizeof(size_t)];
const size_t len = raw_values[n].len >= sizeof(size_t)
? sizeof(size_t) : raw_values[n].len;
OSSL_PARAM param = OSSL_PARAM_size_t("a", NULL);
memset(buf, 0, sizeof(buf));
memset(le, 0, sizeof(le));
copy_be_to_native(buf, raw_values[n].value, len);
swap_copy(le, raw_values[n].value, len);
memcpy(&in, buf, sizeof(in));
param.data = &out;
if (!TEST_true(OSSL_PARAM_set_size_t(¶m, in)))
return 0;
copy_to_le(cmp, &out, sizeof(out));
if (!TEST_mem_eq(cmp, len, le, len))
return 0;
in = 0;
param.data = buf;
if (!TEST_true(OSSL_PARAM_get_size_t(¶m, &in)))
return 0;
copy_to_le(cmp, &in, sizeof(in));
if (!TEST_mem_eq(cmp, sizeof(in), le, sizeof(in)))
return 0;
param.data = &out;
return test_param_type_extra(¶m, le, sizeof(size_t));
}
static int test_check_private_key(void)
{
int ret = 0;
BIGNUM *n = NULL, *d = NULL, *e = NULL;
RSA *key = NULL;
ret = TEST_ptr(key = RSA_new())
/* check NULL pointers fail */
&& TEST_false(rsa_sp800_56b_check_private(key))
/* load private key */
&& TEST_ptr(n = bn_load_new(cav_n, sizeof(cav_n)))
&& TEST_ptr(d = bn_load_new(cav_d, sizeof(cav_d)))
&& TEST_ptr(e = bn_load_new(cav_e, sizeof(cav_e)))
&& TEST_true(RSA_set0_key(key, n, e, d));
if (!ret) {
BN_free(n);
BN_free(e);
BN_free(d);
goto end;
}
/* check d is in range */
ret = TEST_true(rsa_sp800_56b_check_private(key))
/* check d is too low */
&& TEST_true(BN_set_word(d, 0))
&& TEST_false(rsa_sp800_56b_check_private(key))
/* check d is too high */
&& TEST_ptr(BN_copy(d, n))
&& TEST_false(rsa_sp800_56b_check_private(key));
end:
RSA_free(key);
return ret;
}
static int run_cert(X509 *crt, const char *nameincert,
const struct set_name_fn *fn)
{
const char *const *pname = names;
int failed = 0;
for (; *pname != NULL; ++pname) {
int samename = strcasecmp(nameincert, *pname) == 0;
size_t namelen = strlen(*pname);
char *name = OPENSSL_malloc(namelen);
int match, ret;
memcpy(name, *pname, namelen);
match = -1;
if (!TEST_int_ge(ret = X509_check_host(crt, name, namelen, 0, NULL),
0)) {
failed = 1;
} else if (fn->host) {
if (ret == 1 && !samename)
match = 1;
if (ret == 0 && samename)
match = 0;
} else if (ret == 1)
match = 1;
if (!TEST_true(check_message(fn, "host", nameincert, match, *pname)))
failed = 1;
match = -1;
if (!TEST_int_ge(ret = X509_check_host(crt, name, namelen,
X509_CHECK_FLAG_NO_WILDCARDS,
NULL), 0)) {
failed = 1;
} else if (fn->host) {
if (ret == 1 && !samename)
match = 1;
if (ret == 0 && samename)
match = 0;
} else if (ret == 1)
match = 1;
if (!TEST_true(check_message(fn, "host-no-wildcards",
nameincert, match, *pname)))
failed = 1;
match = -1;
ret = X509_check_email(crt, name, namelen, 0);
if (fn->email) {
if (ret && !samename)
match = 1;
if (!ret && samename && strchr(nameincert, '@') != NULL)
match = 0;
} else if (ret)
match = 1;
if (!TEST_true(check_message(fn, "email", nameincert, match, *pname)))
failed = 1;
OPENSSL_free(name);
}
return failed == 0;
}
static int test_param_bignum(int n)
{
unsigned char buf[MAX_LEN], bnbuf[MAX_LEN], le[MAX_LEN];
const size_t len = raw_values[n].len;
size_t bnsize;
BIGNUM *b = NULL, *c = NULL;
OSSL_PARAM param = OSSL_PARAM_DEFN("bn", OSSL_PARAM_UNSIGNED_INTEGER,
NULL, 0, NULL);
int ret = 0;
param.data = bnbuf;
param.data_size = len;
param.return_size = &bnsize;
copy_be_to_native(buf, raw_values[n].value, len);
swap_copy(le, raw_values[n].value, len);
if (!TEST_ptr(b = BN_bin2bn(raw_values[n].value, (int)len, NULL)))
goto err;
if (!TEST_true(OSSL_PARAM_set_BN(¶m, b))
|| !TEST_mem_eq(bnbuf, bnsize, buf, bnsize))
goto err;
param.data_size = *param.return_size;
if (!TEST_true(OSSL_PARAM_get_BN(¶m, &c))
|| !TEST_BN_eq(b, c))
goto err;
ret = 1;
err:
BN_free(b);
BN_free(c);
return ret;
}
static int test_PACKET_strndup()
{
char buf1[10], buf2[10];
char *data = NULL;
PACKET pkt;
int result = 0;
memset(buf1, 'x', 10);
memset(buf2, 'y', 10);
buf2[5] = '\0';
if (!TEST_true(PACKET_buf_init(&pkt, (unsigned char*)buf1, 10))
|| !TEST_true(PACKET_strndup(&pkt, &data))
|| !TEST_size_t_eq(strlen(data), 10)
|| !TEST_strn_eq(data, buf1, 10)
|| !TEST_true(PACKET_buf_init(&pkt, (unsigned char*)buf2, 10))
|| !TEST_true(PACKET_strndup(&pkt, &data))
|| !TEST_size_t_eq(strlen(data), 5)
|| !TEST_str_eq(data, buf2))
goto end;
result = 1;
end:
OPENSSL_free(data);
return result;
}
static int fbytes(unsigned char *buf, int num)
{
int ret = 0;
BIGNUM *tmp = NULL;
if (use_fake == 0)
return old_rand->bytes(buf, num);
use_fake = 0;
if (fbytes_counter >= 8)
return 0;
if (!TEST_ptr(tmp = BN_new()))
return 0;
if (!TEST_true(BN_dec2bn(&tmp, numbers[fbytes_counter]))) {
BN_free(tmp);
return 0;
}
fbytes_counter++;
if (TEST_int_eq(BN_num_bytes(tmp), num)
&& TEST_true(BN_bn2bin(tmp, buf)))
ret = 1;
BN_free(tmp);
return ret;
}
static int fbytes(unsigned char *buf, int num)
{
int ret = 0;
static int fbytes_counter = 0;
BIGNUM *tmp = NULL;
if (use_fake == 0)
return old_rand->bytes(buf, num);
use_fake = 0;
if (!TEST_ptr(tmp = BN_new())
|| !TEST_int_lt(fbytes_counter, OSSL_NELEM(numbers))
|| !TEST_true(BN_hex2bn(&tmp, numbers[fbytes_counter]))
/* tmp might need leading zeros so pad it out */
|| !TEST_int_le(BN_num_bytes(tmp), num)
|| !TEST_true(BN_bn2binpad(tmp, buf, num)))
goto err;
fbytes_counter = (fbytes_counter + 1) % OSSL_NELEM(numbers);
ret = 1;
err:
BN_free(tmp);
return ret;
}
static int server_setup_sni(void)
{
SSL_CTX *cctx = NULL, *sctx = NULL;
SSL *clientssl = NULL, *serverssl = NULL;
int testresult = 0;
if (!TEST_true(create_ssl_ctx_pair(TLS_server_method(),
TLS_client_method(),
TLS1_VERSION, 0,
&sctx, &cctx, cert, privkey))
|| !TEST_true(create_ssl_objects(sctx, cctx, &serverssl, &clientssl,
NULL, NULL)))
goto end;
/* set SNI at server side */
SSL_set_tlsext_host_name(serverssl, host);
if (!TEST_true(create_ssl_connection(serverssl, clientssl, SSL_ERROR_NONE)))
goto end;
if (!TEST_ptr_null(SSL_get_servername(serverssl,
TLSEXT_NAMETYPE_host_name))) {
/* SNI should have been cleared during handshake */
goto end;
}
testresult = 1;
end:
SSL_free(serverssl);
SSL_free(clientssl);
SSL_CTX_free(sctx);
SSL_CTX_free(cctx);
return testresult;
}
static int test_fips1864_keygen_kat(void)
{
int ret = 0;
RSA *key = NULL;
BN_CTX *ctx = NULL;
BIGNUM *e, *Xp, *Xp1, *Xp2, *Xq, *Xq1, *Xq2;
BIGNUM *p1, *p2, *q1, *q2;
BIGNUM *p1_exp, *p2_exp, *q1_exp, *q2_exp;
BIGNUM *p_exp, *q_exp, *n_exp, *d_exp;
const BIGNUM *p, *q, *n, *d, *e2;
if (!(TEST_ptr(key = RSA_new()) && TEST_ptr(ctx = BN_CTX_new())))
goto err;
BN_CTX_start(ctx);
e = bn_load(ctx, cav_e, sizeof(cav_e));
Xp = bn_load(ctx, cav_Xp, sizeof(cav_Xp));
Xp1 = bn_load(ctx, cav_Xp1, sizeof(cav_Xp1));
Xp2 = bn_load(ctx, cav_Xp2, sizeof(cav_Xp2));
Xq = bn_load(ctx, cav_Xq, sizeof(cav_Xq));
Xq1 = bn_load(ctx, cav_Xq1, sizeof(cav_Xq1));
Xq2 = bn_load(ctx, cav_Xq2, sizeof(cav_Xq2));
p1_exp = bn_load(ctx, cav_p1, sizeof(cav_p1));
p2_exp = bn_load(ctx, cav_p2, sizeof(cav_p2));
q1_exp = bn_load(ctx, cav_q1, sizeof(cav_q1));
q2_exp = bn_load(ctx, cav_q2, sizeof(cav_q2));
p_exp = bn_load(ctx, cav_p, sizeof(cav_p));
q_exp = bn_load(ctx, cav_q, sizeof(cav_q));
n_exp = bn_load(ctx, cav_n, sizeof(cav_n));
d_exp = bn_load(ctx, cav_d, sizeof(cav_d));
p1 = BN_CTX_get(ctx);
p2 = BN_CTX_get(ctx);
q1 = BN_CTX_get(ctx);
q2 = BN_CTX_get(ctx);
ret = TEST_ptr(q2)
&& TEST_true(rsa_fips186_4_gen_prob_primes(key, p1, p2, NULL, Xp, Xp1,
Xp2, q1, q2, NULL, Xq, Xq1,
Xq2, 2048, e, ctx, NULL))
&& TEST_true(rsa_sp800_56b_derive_params_from_pq(key, 2048, e, ctx))
&& TEST_BN_eq(p1_exp, p1)
&& TEST_BN_eq(p2_exp, p2)
&& TEST_BN_eq(q1_exp, q1)
&& TEST_BN_eq(q2_exp, q2);
if (!ret)
goto err;
RSA_get0_key(key, &n, &e2, &d);
RSA_get0_factors(key, &p, &q);
ret = TEST_BN_eq(e, e2)
&& TEST_BN_eq(p_exp, p)
&& TEST_BN_eq(q_exp, q)
&& TEST_BN_eq(n_exp, n)
&& TEST_BN_eq(d_exp, d);
err:
RSA_free(key);
BN_CTX_end(ctx);
BN_CTX_free(ctx);
return ret;
}
/*
* Initialise and instantiate DRBG based on selftest data
*/
static int instantiate(RAND_DRBG *drbg, DRBG_SELFTEST_DATA *td,
TEST_CTX *t)
{
if (!TEST_true(init(drbg, td, t))
|| !TEST_true(RAND_DRBG_instantiate(drbg, td->pers, td->perslen)))
return 0;
return 1;
}
static int extraconf_eq(SSL_TEST_EXTRA_CONF *extra,
SSL_TEST_EXTRA_CONF *extra2)
{
if (!TEST_true(clientconf_eq(&extra->client, &extra2->client))
|| !TEST_true(serverconf_eq(&extra->server, &extra2->server))
|| !TEST_true(serverconf_eq(&extra->server2, &extra2->server2)))
return 0;
return 1;
}
static int test_string_tbl(void)
{
const ASN1_STRING_TABLE *tmp = NULL;
int nid = 12345678, nid2 = 87654321, rv = 0, ret = 0;
tmp = ASN1_STRING_TABLE_get(nid);
if (!TEST_ptr_null(tmp)) {
TEST_info("asn1 string table: ASN1_STRING_TABLE_get non-exist nid");
goto out;
}
ret = ASN1_STRING_TABLE_add(nid, -1, -1, MBSTRING_ASC, 0);
if (!TEST_true(ret)) {
TEST_info("asn1 string table: add NID(%d) failed", nid);
goto out;
}
ret = ASN1_STRING_TABLE_add(nid2, -1, -1, MBSTRING_ASC, 0);
if (!TEST_true(ret)) {
TEST_info("asn1 string table: add NID(%d) failed", nid2);
goto out;
}
tmp = ASN1_STRING_TABLE_get(nid);
if (!TEST_ptr(tmp)) {
TEST_info("asn1 string table: get NID(%d) failed", nid);
goto out;
}
tmp = ASN1_STRING_TABLE_get(nid2);
if (!TEST_ptr(tmp)) {
TEST_info("asn1 string table: get NID(%d) failed", nid2);
goto out;
}
ASN1_STRING_TABLE_cleanup();
/* check if all newly added NIDs are cleaned up */
tmp = ASN1_STRING_TABLE_get(nid);
if (!TEST_ptr_null(tmp)) {
TEST_info("asn1 string table: get NID(%d) failed", nid);
goto out;
}
tmp = ASN1_STRING_TABLE_get(nid2);
if (!TEST_ptr_null(tmp)) {
TEST_info("asn1 string table: get NID(%d) failed", nid2);
goto out;
}
rv = 1;
out:
return rv;
}
static int test_default_cipherlist_explicit(void)
{
SETUP_CIPHERLIST_TEST_FIXTURE();
if (fixture == NULL)
return 0;
if (!TEST_true(SSL_CTX_set_cipher_list(fixture->server, "DEFAULT"))
|| !TEST_true(SSL_CTX_set_cipher_list(fixture->client, "DEFAULT")))
tear_down(fixture);
EXECUTE_CIPHERLIST_TEST();
return result;
}
int create_ssl_ctx_pair(const SSL_METHOD *sm, const SSL_METHOD *cm,
int min_proto_version, int max_proto_version,
SSL_CTX **sctx, SSL_CTX **cctx, char *certfile,
char *privkeyfile)
{
SSL_CTX *serverctx = NULL;
SSL_CTX *clientctx = NULL;
if (!TEST_ptr(serverctx = SSL_CTX_new(sm))
|| (cctx != NULL && !TEST_ptr(clientctx = SSL_CTX_new(cm))))
goto err;
if ((min_proto_version > 0
&& !TEST_true(SSL_CTX_set_min_proto_version(serverctx,
min_proto_version)))
|| (max_proto_version > 0
&& !TEST_true(SSL_CTX_set_max_proto_version(serverctx,
max_proto_version))))
goto err;
if (clientctx != NULL
&& ((min_proto_version > 0
&& !TEST_true(SSL_CTX_set_min_proto_version(clientctx,
min_proto_version)))
|| (max_proto_version > 0
&& !TEST_true(SSL_CTX_set_max_proto_version(clientctx,
max_proto_version)))))
goto err;
if (certfile != NULL && privkeyfile != NULL) {
if (!TEST_int_eq(SSL_CTX_use_certificate_file(serverctx, certfile,
SSL_FILETYPE_PEM), 1)
|| !TEST_int_eq(SSL_CTX_use_PrivateKey_file(serverctx,
privkeyfile,
SSL_FILETYPE_PEM), 1)
|| !TEST_int_eq(SSL_CTX_check_private_key(serverctx), 1))
goto err;
}
#ifndef OPENSSL_NO_DH
SSL_CTX_set_dh_auto(serverctx, 1);
#endif
*sctx = serverctx;
if (cctx != NULL)
*cctx = clientctx;
return 1;
err:
SSL_CTX_free(serverctx);
SSL_CTX_free(clientctx);
return 0;
}
static int test_param_type_extra(const OSSL_PARAM *param, unsigned char *cmp,
size_t width)
{
int32_t i32;
int64_t i64;
size_t s, sz;
unsigned char buf[MAX_LEN];
const int bit32 = param->data_size == sizeof(int32_t);
const int sizet = bit32 && sizeof(size_t) > sizeof(int32_t);
const int signd = param->data_type == OSSL_PARAM_INTEGER;
if (signd) {
if ((bit32 && !TEST_true(OSSL_PARAM_get_int32(param, &i32)))
|| !TEST_true(OSSL_PARAM_get_int64(param, &i64)))
return 0;
} else {
if ((bit32
&& !TEST_true(OSSL_PARAM_get_uint32(param, (uint32_t *)&i32)))
|| !TEST_true(OSSL_PARAM_get_uint64(param, (uint64_t *)&i64))
|| (sizet && !TEST_true(OSSL_PARAM_get_size_t(param, &s))))
return 0;
}
/* Check signed types */
if (bit32) {
copy_to_le(buf, &i32, sizeof(i32));
sz = sizeof(i32) < width ? sizeof(i32) : width;
if (!TEST_mem_eq(buf, sz, cmp, sz))
return 0;
}
copy_to_le(buf, &i64, sizeof(i64));
sz = sizeof(i64) < width ? sizeof(i64) : width;
if (!TEST_mem_eq(buf, sz, cmp, sz))
return 0;
if (sizet && !signd) {
copy_to_le(buf, &s, sizeof(s));
sz = sizeof(s) < width ? sizeof(s) : width;
if (!TEST_mem_eq(buf, sz, cmp, sz))
return 0;
}
/* Check a widening write if possible */
if (sizeof(size_t) > width) {
if (signd) {
if (!TEST_true(OSSL_PARAM_set_int32(param, 12345))
|| !TEST_true(OSSL_PARAM_get_int64(param, &i64))
|| !TEST_size_t_eq((size_t)i64, 12345))
return 0;
} else {
if (!TEST_true(OSSL_PARAM_set_uint32(param, 12345))
|| !TEST_true(OSSL_PARAM_get_uint64(param, (uint64_t *)&i64))
|| !TEST_size_t_eq((size_t)i64, 12345))
return 0;
}
}
return 1;
}
static int test_dtls_unprocessed(int testidx)
{
SSL_CTX *sctx = NULL, *cctx = NULL;
SSL *serverssl1 = NULL, *clientssl1 = NULL;
BIO *c_to_s_fbio, *c_to_s_mempacket;
int testresult = 0;
if (!TEST_true(create_ssl_ctx_pair(DTLS_server_method(),
DTLS_client_method(), &sctx,
&cctx, cert, privkey)))
return 0;
if (!TEST_true(SSL_CTX_set_cipher_list(cctx, "AES128-SHA")))
goto end;
c_to_s_fbio = BIO_new(bio_f_tls_dump_filter());
if (!TEST_ptr(c_to_s_fbio))
goto end;
/* BIO is freed by create_ssl_connection on error */
if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl1, &clientssl1,
NULL, c_to_s_fbio)))
goto end;
if (testidx == 1)
certstatus[RECORD_SEQUENCE] = 0xff;
/*
* Inject a dummy record from the next epoch. In test 0, this should never
* get used because the message sequence number is too big. In test 1 we set
* the record sequence number to be way off in the future. This should not
* have an impact on the record replay protection because the record should
* be dropped before it is marked as arrived
*/
c_to_s_mempacket = SSL_get_wbio(clientssl1);
c_to_s_mempacket = BIO_next(c_to_s_mempacket);
mempacket_test_inject(c_to_s_mempacket, (char *)certstatus,
sizeof(certstatus), 1, INJECT_PACKET_IGNORE_REC_SEQ);
if (!TEST_true(create_ssl_connection(serverssl1, clientssl1,
SSL_ERROR_NONE)))
goto end;
testresult = 1;
end:
SSL_free(serverssl1);
SSL_free(clientssl1);
SSL_CTX_free(sctx);
SSL_CTX_free(cctx);
return testresult;
}
static int dsa_test(void)
{
BN_GENCB *cb;
DSA *dsa = NULL;
int counter, ret = 0, i, j;
unsigned char buf[256];
unsigned long h;
unsigned char sig[256];
unsigned int siglen;
const BIGNUM *p = NULL, *q = NULL, *g = NULL;
if (!TEST_ptr(cb = BN_GENCB_new()))
goto end;
BN_GENCB_set(cb, dsa_cb, NULL);
if (!TEST_ptr(dsa = DSA_new())
|| !TEST_true(DSA_generate_parameters_ex(dsa, 512, seed, 20,
&counter, &h, cb)))
goto end;
if (!TEST_int_eq(counter, 105))
goto end;
if (!TEST_int_eq(h, 2))
goto end;
DSA_get0_pqg(dsa, &p, &q, &g);
i = BN_bn2bin(q, buf);
j = sizeof(out_q);
if (!TEST_int_eq(i, j) || !TEST_mem_eq(buf, i, out_q, i))
goto end;
i = BN_bn2bin(p, buf);
j = sizeof(out_p);
if (!TEST_int_eq(i, j) || !TEST_mem_eq(buf, i, out_p, i))
goto end;
i = BN_bn2bin(g, buf);
j = sizeof(out_g);
if (!TEST_int_eq(i, j) || !TEST_mem_eq(buf, i, out_g, i))
goto end;
DSA_generate_key(dsa);
DSA_sign(0, str1, 20, sig, &siglen, dsa);
if (TEST_true(DSA_verify(0, str1, 20, sig, siglen, dsa)))
ret = 1;
end:
DSA_free(dsa);
BN_GENCB_free(cb);
return ret;
}
static int test_PACKET_remaining()
{
PACKET pkt;
if (!TEST_true(PACKET_buf_init(&pkt, smbuf, sizeof(smbuf))
|| !TEST_size_t_eq(PACKET_remaining(&pkt), BUF_LEN)
|| !TEST_true(PACKET_forward(&pkt, BUF_LEN - 1))
|| !TEST_size_t_eq(PACKET_remaining(&pkt), 1)
|| !TEST_true(PACKET_forward(&pkt, 1))
|| !TEST_size_t_eq(PACKET_remaining(&pkt), 0)))
return 0;
return 1;
}
/*
* Initialise a DRBG based on selftest data
*/
static int init(RAND_DRBG *drbg, DRBG_SELFTEST_DATA *td, TEST_CTX *t)
{
if (!TEST_true(RAND_DRBG_set(drbg, td->nid, td->flags))
|| !TEST_true(RAND_DRBG_set_callbacks(drbg, kat_entropy, NULL,
kat_nonce, NULL)))
return 0;
RAND_DRBG_set_ex_data(drbg, app_data_index, t);
t->entropy = td->entropy;
t->entropylen = td->entropylen;
t->nonce = td->nonce;
t->noncelen = td->noncelen;
t->entropycnt = 0;
t->noncecnt = 0;
return 1;
}
static int test_is_composite_enhanced(int id)
{
int ret;
int status = 0;
BIGNUM *bn = NULL;
ret = TEST_ptr(bn = BN_new())
/* negative tests for different composite numbers */
&& TEST_true(BN_set_word(bn, composites[id]))
&& TEST_true(bn_miller_rabin_is_prime(bn, 10, ctx, NULL, 1, &status))
&& TEST_int_ne(status, BN_PRIMETEST_PROBABLY_PRIME);
BN_free(bn);
return ret;
}
static int test_is_prime_enhanced(void)
{
int ret;
int status = 0;
BIGNUM *bn = NULL;
ret = TEST_ptr(bn = BN_new())
/* test passing a prime returns the correct status */
&& TEST_true(BN_set_word(bn, 11))
/* return extra parameters related to composite */
&& TEST_true(bn_miller_rabin_is_prime(bn, 10, ctx, NULL, 1, &status))
&& TEST_int_eq(status, BN_PRIMETEST_PROBABLY_PRIME);
BN_free(bn);
return ret;
}
static int test_PACKET_buf_init()
{
unsigned char buf1[BUF_LEN];
PACKET pkt;
/* Also tests PACKET_remaining() */
if (!TEST_true(PACKET_buf_init(&pkt, buf1, 4))
|| !TEST_size_t_eq(PACKET_remaining(&pkt), 4)
|| !TEST_true(PACKET_buf_init(&pkt, buf1, BUF_LEN))
|| !TEST_size_t_eq(PACKET_remaining(&pkt), BUF_LEN)
|| !TEST_false(PACKET_buf_init(&pkt, buf1, -1)))
return 0;
return 1;
}
static int test_sp80056b_keygen(int id)
{
RSA *key = NULL;
int ret;
int sz = keygen_size[id];
ret = TEST_ptr(key = RSA_new())
&& TEST_true(rsa_sp800_56b_generate_key(key, sz, NULL, NULL))
&& TEST_true(rsa_sp800_56b_check_public(key))
&& TEST_true(rsa_sp800_56b_check_private(key))
&& TEST_true(rsa_sp800_56b_check_keypair(key, NULL, -1, sz));
RSA_free(key);
return ret;
}
static int test_v2(void)
{
STACK_OF(SSL_CIPHER) *sk, *scsv;
/* ECDHE-ECDSA-AES256GCM, SSL2_RC4_1238_WITH_MD5,
* ECDHE-ECDSA-CHACHA20-POLY1305 */
const unsigned char bytes[] = {0x00, 0x00, 0x35, 0x01, 0x00, 0x80,
0x00, 0x00, 0x33};
int ret = 0;
if (!TEST_true(SSL_bytes_to_cipher_list(s, bytes, sizeof(bytes), 1,
&sk, &scsv))
|| !TEST_ptr(sk)
|| !TEST_int_eq(sk_SSL_CIPHER_num(sk), 2)
|| !TEST_ptr(scsv)
|| !TEST_int_eq(sk_SSL_CIPHER_num(scsv), 0))
goto err;
if (strcmp(SSL_CIPHER_get_name(sk_SSL_CIPHER_value(sk, 0)),
"AES256-SHA") != 0 ||
strcmp(SSL_CIPHER_get_name(sk_SSL_CIPHER_value(sk, 1)),
"DHE-RSA-AES128-SHA") != 0)
goto err;
ret = 1;
err:
sk_SSL_CIPHER_free(sk);
sk_SSL_CIPHER_free(scsv);
return ret;
}
static int check_time(long offset)
{
struct tm tm1, tm2, o1;
int off_day, off_sec;
long toffset;
time_t t1, t2;
time(&t1);
t2 = t1 + offset;
OPENSSL_gmtime(&t2, &tm2);
OPENSSL_gmtime(&t1, &tm1);
o1 = tm1;
OPENSSL_gmtime_adj(&tm1, 0, offset);
if (!TEST_int_eq(tm1.tm_year, tm2.tm_year)
|| !TEST_int_eq(tm1.tm_mon, tm2.tm_mon)
|| !TEST_int_eq(tm1.tm_mday, tm2.tm_mday)
|| !TEST_int_eq(tm1.tm_hour, tm2.tm_hour)
|| !TEST_int_eq(tm1.tm_min, tm2.tm_min)
|| !TEST_int_eq(tm1.tm_sec, tm2.tm_sec)
|| !TEST_true(OPENSSL_gmtime_diff(&off_day, &off_sec, &o1, &tm1)))
return 0;
toffset = (long)off_day * SECS_PER_DAY + off_sec;
if (!TEST_long_eq(offset, toffset))
return 0;
return 1;
}
static int test_X509_PUBKEY_inplace(void)
{
int ret = 0;
X509_PUBKEY *xp = NULL;
const unsigned char *p = kExampleECPubKeyDER;
size_t input_len = sizeof(kExampleECPubKeyDER);
if (!TEST_ptr(xp = d2i_X509_PUBKEY(NULL, &p, input_len)))
goto done;
if (!TEST_ptr(X509_PUBKEY_get0(xp)))
goto done;
p = kExampleBadECPubKeyDER;
input_len = sizeof(kExampleBadECPubKeyDER);
if (!TEST_ptr(xp = d2i_X509_PUBKEY(&xp, &p, input_len)))
goto done;
if (!TEST_true(X509_PUBKEY_get0(xp) == NULL))
goto done;
ret = 1;
done:
X509_PUBKEY_free(xp);
return ret;
}
static int test_PACKET_get_4()
{
unsigned long i;
PACKET pkt;
if (!TEST_true(PACKET_buf_init(&pkt, smbuf, BUF_LEN))
|| !TEST_true(PACKET_get_4(&pkt, &i))
|| !TEST_ulong_eq(i, 0x08060402UL)
|| !TEST_true(PACKET_forward(&pkt, BUF_LEN - 8))
|| !TEST_true(PACKET_get_4(&pkt, &i))
|| !TEST_ulong_eq(i, 0xfefcfaf8UL)
|| !TEST_false(PACKET_get_4(&pkt, &i)))
return 0;
return 1;
}
static int test_PACKET_get_net_2()
{
unsigned int i;
PACKET pkt;
if (!TEST_true(PACKET_buf_init(&pkt, smbuf, BUF_LEN))
|| !TEST_true(PACKET_get_net_2(&pkt, &i))
|| !TEST_uint_eq(i, 0x0204)
|| !TEST_true(PACKET_forward(&pkt, BUF_LEN - 4))
|| !TEST_true(PACKET_get_net_2(&pkt, &i))
|| !TEST_uint_eq(i, 0xfcfe)
|| !TEST_false(PACKET_get_net_2(&pkt, &i)))
return 0;
return 1;
}
static int test_PACKET_get_net_3()
{
unsigned long i;
PACKET pkt;
if (!TEST_true(PACKET_buf_init(&pkt, smbuf, BUF_LEN))
|| !TEST_true(PACKET_get_net_3(&pkt, &i))
|| !TEST_ulong_eq(i, 0x020406UL)
|| !TEST_true(PACKET_forward(&pkt, BUF_LEN - 6))
|| !TEST_true(PACKET_get_net_3(&pkt, &i))
|| !TEST_ulong_eq(i, 0xfafcfeUL)
|| !TEST_false(PACKET_get_net_3(&pkt, &i)))
return 0;
return 1;
}