-
Notifications
You must be signed in to change notification settings - Fork 48
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Based on the OpenSSL coverage done in the following issue: openssl/openssl#25724 Signed-off-by: Jakub Jelen <[email protected]>
- Loading branch information
Showing
6 changed files
with
139 additions
and
19 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -29,7 +29,9 @@ Files: .github/* | |
tools/openssl*.cnf | ||
tests/*.pem | ||
tests/cert.json.in | ||
tests/cert.json.part.in | ||
tests/cert.json.rsa.in | ||
tests/cert.json.ecdsa.in | ||
tests/cert.json.eddsa.in | ||
scripts/clean-dist.sh | ||
Copyright: (C) 2022 - 2024 Simo Sorce <[email protected]> | ||
License: Apache-2.0 | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,67 @@ | ||
, | ||
{"server_command": [@CHECKER@"openssl", "s_server", @PROPQ@"-www", "-port", "@PORT@", "-key", "@PRIURI@", "-cert", "@CRTURI@"], | ||
"comment": "Run test with @PRIURI@ without certificate verify", | ||
"environment": {"PYTHONPATH" : "."}, | ||
"server_hostname": "localhost", | ||
"server_port": @PORT@, | ||
"common_arguments": ["-p", "@PORT@"], | ||
"tests" : [ | ||
{"name" : "test-tls13-conversation.py"}, | ||
{"name" : "test-conversation.py", | ||
"arguments" : ["-d"]}, | ||
{"name" : "test-ecdsa-sig-flexibility.py", | ||
"arguments" : [ | ||
"-n", "0", | ||
"-e", "connect with ecdsa_brainpoolP256r1tls13_sha256 only", | ||
"-e", "connect with ecdsa_brainpoolP384r1tls13_sha384 only", | ||
"-e", "connect with ecdsa_brainpoolP512r1tls13_sha512 only", | ||
"-x", "connect with sha1+ecdsa only", "-X", "handshake_failure" | ||
], | ||
"comment": "Crypto-Policies disable SHA-1. The brainpool is broken in OpenSSL." | ||
}, | ||
{"name" : "test-signature-algorithms.py", | ||
"arguments" : [ | ||
"-n", "0", "--ecdsa", | ||
"-x", "duplicated 206 non-rsa schemes", "-X", "handshake_failure", | ||
"-x", "duplicated 2346 non-rsa schemes", "-X", "handshake_failure", | ||
"-x", "duplicated 8123 non-rsa schemes", "-X", "handshake_failure", | ||
"-x", "duplicated 23745 non-rsa schemes", "-X", "handshake_failure", | ||
"-x", "duplicated 32748 non-rsa schemes", "-X", "handshake_failure", | ||
"-x", "explicit SHA-256+RSA or ECDSA", "-X", "handshake_failure", | ||
"-x", "explicit SHA-1+RSA/ECDSA", "-X", "handshake_failure", | ||
"-x", "explicit SHA-1+RSA/ECDSA", "-X", "handshake_failure", | ||
"-x", "implicit SHA-1 check", "-X", "handshake_failure", | ||
"-x", "tolerance 10+RSA or ECDSA method", "-X", "handshake_failure", | ||
"-x", "tolerance 215 RSA or ECDSA methods", "-X", "handshake_failure", | ||
"-x", "tolerance 2355 RSA or ECDSA methods", "-X", "handshake_failure", | ||
"-x", "tolerance 8132 RSA or ECDSA methods", "-X", "handshake_failure", | ||
"-x", "tolerance 32758 methods with sig_alg_cert", "-X", "handshake_failure", | ||
"-x", "tolerance max 32748 number of methods with sig_alg_cert", "-X", "handshake_failure", | ||
"-x", "tolerance none+RSA or ECDSA", "-X", "handshake_failure", | ||
"-x", "unique and well-known sig_algs, ecdsa algorithm last", "-X", "handshake_failure" | ||
], | ||
"comment": "Crypto-Policies disable SHA-1." | ||
}, | ||
{"name" : "test-signature-algorithms.py", | ||
"arguments" : [ | ||
"-n", "0", "--ecdsa", "-g", "secp384r1", | ||
"-x", "sanity", "-X", "handshake_failure", | ||
"-x", "explicit SHA-256+RSA or ECDSA", "-X", "handshake_failure", | ||
"sanity", "explicit SHA-256+RSA or ECDSA" | ||
], | ||
"comment": "Incompatible curve should fail" | ||
}, | ||
{"name" : "test-tls13-ecdsa-support.py", | ||
"arguments" : [ | ||
"-n", "0", | ||
"-x", "Test with ecdsa_secp384r1_sha384", "-X", "handshake_failure", | ||
"-x", "Test with ecdsa_secp521r1_sha512", "-X", "handshake_failure", | ||
"-x", "Test with ecdsa_brainpoolP256r1tls13_sha256", "-X", "handshake_failure", | ||
"-x", "Test with ecdsa_brainpoolP384r1tls13_sha384", "-X", "handshake_failure", | ||
"-x", "Test with ecdsa_brainpoolP512r1tls13_sha512", "-X", "handshake_failure" | ||
], | ||
"comment": "We have only P-256 key. The brainpool is broken in OpenSSL." | ||
} | ||
] | ||
} | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,25 @@ | ||
, | ||
{"server_command": [@CHECKER@"openssl", "s_server", @PROPQ@"-www", "-port", "@PORT@", "-key", "@PRIURI@", "-cert", "@CRTURI@"], | ||
"comment": "Run test with @PRIURI@ without certificate verify", | ||
"environment": {"PYTHONPATH" : "."}, | ||
"server_hostname": "localhost", | ||
"server_port": @PORT@, | ||
"common_arguments": ["-p", "@PORT@"], | ||
"tests" : [ | ||
{"name" : "test-tls13-conversation.py"}, | ||
{"name" : "test-conversation.py", | ||
"arguments" : ["-d"]}, | ||
{"name" : "test-signature-algorithms.py", | ||
"arguments" : [ | ||
"--ecdsa", "-x", "implicit SHA-1 check", | ||
"-X", "handshake_failure", "sanity", "implicit SHA-1 check" | ||
], | ||
"comment": "SHA-1 is disabled by crypto policies." | ||
}, | ||
{"name" : "test-tls13-eddsa.py", | ||
"arguments" : ["-x", "ed448 only", "-X", "handshake_failure"], | ||
"comment": "We have only ed25519 key." | ||
} | ||
] | ||
} | ||
|
This file was deleted.
Oops, something went wrong.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,41 @@ | ||
, | ||
{"server_command": [@CHECKER@"openssl", "s_server", @PROPQ@"-www", "-port", "@PORT@", "-key", "@PRIURI@", "-cert", "@CRTURI@"], | ||
"comment": "Run test with @PRIURI@ without certificate verify", | ||
"environment": {"PYTHONPATH" : "."}, | ||
"server_hostname": "localhost", | ||
"server_port": @PORT@, | ||
"common_arguments": ["-p", "@PORT@"], | ||
"tests" : [ | ||
{"name" : "test-tls13-conversation.py"}, | ||
{"name" : "test-conversation.py", | ||
"arguments" : ["-d"]}, | ||
{"name" : "test-dhe-rsa-key-exchange-signatures.py", | ||
"arguments" : [ | ||
"-n", "0", | ||
"-x", "TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA sha1 signature", "-X", "handshake_failure", | ||
"-x", "TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA sha224 signature", "-X", "handshake_failure", | ||
"-x", "TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA sha256 signature", "-X", "handshake_failure", | ||
"-x", "TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA sha384 signature", "-X", "handshake_failure", | ||
"-x", "TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA sha512 signature", "-X", "handshake_failure", | ||
"-x", "TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 sha1 signature", "-X", "handshake_failure", | ||
"-x", "TLS_DHE_RSA_WITH_AES_128_CBC_SHA sha1 signature", "-X", "handshake_failure", | ||
"-x", "TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 sha1 signature", "-X", "handshake_failure", | ||
"-x", "TLS_DHE_RSA_WITH_AES_256_CBC_SHA sha1 signature", "-X", "handshake_failure" | ||
], | ||
"comment": "The 3DES ciphersuites are not enabled. Crypto-Policies disable SHA-1 signatures." | ||
}, | ||
{"name" : "test-sig-algs.py", | ||
"arguments" : [ | ||
"-n", "0", | ||
"-x", "rsa_pss_pss_sha256 only", "-X", "handshake_failure", | ||
"-x", "rsa_pss_pss_sha384 only", "-X", "handshake_failure", | ||
"-x", "rsa_pss_pss_sha512 only", "-X", "handshake_failure" | ||
], | ||
"comment": "Server has only RSA key here." | ||
}, | ||
{"name" : "test-tls13-rsa-signatures.py"}, | ||
{"name" : "test-tls13-signature-algorithms.py", | ||
"arguments" : ["-n", "0"]} | ||
] | ||
} | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters