diff options
| author | Matt Caswell <matt@openssl.org> | 2020-04-07 17:03:19 +0100 |
|---|---|---|
| committer | Matt Caswell <matt@openssl.org> | 2020-04-20 11:29:17 +0100 |
| commit | 682bc861a92d09fb5155cd1aceee7b1ce298ddb9 (patch) | |
| tree | 5ff0daf7044a6606e2fe124cc15d8850c78226b7 | |
| parent | ab5a02f70726e28b3c39391aac29a4aedb080ea3 (diff) | |
Teach ssl_test_new how to test the FIPS module
We load the FIPS module and make sure it is configured before running
the ssl_test_new tests.
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/11511)
| -rw-r--r-- | test/generate_ssl_tests.pl | 11 | ||||
| -rw-r--r-- | test/recipes/80-test_ssl_new.t | 41 | ||||
| -rw-r--r-- | test/ssl-tests/02-protocol-version.cnf.in | 4 | ||||
| -rw-r--r-- | test/ssl-tests/04-client_auth.cnf.in | 11 | ||||
| -rw-r--r-- | test/ssl-tests/05-sni.cnf.in | 4 | ||||
| -rw-r--r-- | test/ssl-tests/07-dtls-protocol-version.cnf.in | 4 | ||||
| -rw-r--r-- | test/ssl-tests/10-resumption.cnf.in | 4 | ||||
| -rw-r--r-- | test/ssl-tests/11-dtls_resumption.cnf.in | 4 | ||||
| -rw-r--r-- | test/ssl-tests/14-curves.cnf | 638 | ||||
| -rw-r--r-- | test/ssl-tests/14-curves.cnf.in | 20 | ||||
| -rw-r--r-- | test/ssl-tests/20-cert-select.cnf | 786 | ||||
| -rw-r--r-- | test/ssl-tests/20-cert-select.cnf.in | 364 | ||||
| -rw-r--r-- | test/ssl-tests/25-cipher.cnf.in | 5 | ||||
| -rw-r--r-- | test/ssl-tests/28-seclevel.cnf.in | 7 | ||||
| -rw-r--r-- | test/ssl-tests/protocol_version.pm | 110 | ||||
| -rw-r--r-- | test/ssl-tests/ssltests_base.pm | 3 | ||||
| -rw-r--r-- | test/ssl_test.c | 8 |
17 files changed, 1088 insertions, 936 deletions
diff --git a/test/generate_ssl_tests.pl b/test/generate_ssl_tests.pl index 580bfb5e70..21515b7a20 100644 --- a/test/generate_ssl_tests.pl +++ b/test/generate_ssl_tests.pl @@ -128,18 +128,13 @@ sub print_templates { sub read_config { my $fname = shift; my $provider = shift; - my $fips_mode = "0"; - my $no_deflt_libctx = "0"; - - $fips_mode = "1" if $provider eq "fips"; - $no_deflt_libctx = "1" if $provider eq "default" || $provider eq "fips"; + local $ssltests::fips_mode = $provider eq "fips"; + local $ssltests::no_deflt_libctx = + $provider eq "default" || $provider eq "fips"; open(INPUT, "< $fname") or die "Can't open input file '$fname'!\n"; local $/ = undef; my $content = <INPUT>; - $content =~ s/FIPS_MODE/$fips_mode/g; - $content =~ s/NO_DEFLT_LIBCTX/$no_deflt_libctx/g; - close(INPUT); eval $content; warn $@ if $@; diff --git a/test/recipes/80-test_ssl_new.t b/test/recipes/80-test_ssl_new.t index 6d6fa5cae3..aa57d1565d 100644 --- a/test/recipes/80-test_ssl_new.t +++ b/test/recipes/80-test_ssl_new.t @@ -13,11 +13,21 @@ use warnings; use File::Basename; use File::Compare qw/compare_text/; use OpenSSL::Glob; -use OpenSSL::Test qw/:DEFAULT srctop_dir srctop_file/; +use OpenSSL::Test qw/:DEFAULT srctop_dir srctop_file bldtop_file bldtop_dir/; use OpenSSL::Test::Utils qw/disabled alldisabled available_protocols/; +BEGIN { setup("test_ssl_new"); +} + +use lib srctop_dir('Configurations'); +use lib bldtop_dir('.'); +use platform; + +my $no_fips = disabled('fips') || ($ENV{NO_FIPS} // 0); +$ENV{OPENSSL_MODULES} = bldtop_dir("providers"); +$ENV{OPENSSL_CONF_INCLUDE} = bldtop_dir("providers"); $ENV{TEST_CERTS_DIR} = srctop_dir("test", "certs"); $ENV{CTLOG_FILE} = srctop_file("test", "ct", "log_list.cnf"); @@ -28,7 +38,8 @@ map { s/\^// } @conf_files if $^O eq "VMS"; # We hard-code the number of tests to double-check that the globbing above # finds all files as expected. -plan tests => 30; # = scalar @conf_srcs +plan tests => 30 # = scalar @conf_srcs + + ($no_fips ? 0 : 1); # fipsinstall # Some test results depend on the configuration of enabled protocols. We only # verify generated sources in the default configuration. @@ -106,9 +117,19 @@ my %skip = ( "29-dtls-sctp-label-bug.cnf" => disabled("sctp") || disabled("sock"), ); +unless ($no_fips) { + ok(run(app(['openssl', 'fipsinstall', + '-out', bldtop_file('providers', 'fipsinstall.cnf'), + '-module', bldtop_file('providers', platform->dso('fips')), + '-provider_name', 'fips', '-mac_name', 'HMAC', + '-macopt', 'digest:SHA256', '-macopt', 'hexkey:00', + '-section_name', 'fips_sect'])), + "fipsinstall"); +} + foreach my $conf (@conf_files) { subtest "Test configuration $conf" => sub { - plan tests => 6; + plan tests => 6 + ($no_fips ? 0 : 3); test_conf($conf, $conf_dependent_tests{$conf} || $^O eq "VMS" ? 0 : 1, defined($skip{$conf}) ? $skip{$conf} : $no_tls, @@ -117,6 +138,10 @@ foreach my $conf (@conf_files) { 0, defined($skip{$conf}) ? $skip{$conf} : $no_tls, "default"); + test_conf($conf, + 0, + defined($skip{$conf}) ? $skip{$conf} : $no_tls, + "fips") unless $no_fips; } } @@ -149,8 +174,14 @@ sub test_conf { skip "No tests available; skipping tests", 1 if $skip; skip "Stale sources; skipping tests", 1 if !$run_test; - ok(run(test(["ssl_test", $output_file, $provider])), - "running ssl_test $conf"); + if ($provider eq "fips") { + ok(run(test(["ssl_test", $output_file, $provider, + srctop_file("test", "fips.cnf")])), + "running ssl_test $conf"); + } else { + ok(run(test(["ssl_test", $output_file, $provider])), + "running ssl_test $conf"); + } } } diff --git a/test/ssl-tests/02-protocol-version.cnf.in b/test/ssl-tests/02-protocol-version.cnf.in index a6799df0ac..70bad4cf6c 100644 --- a/test/ssl-tests/02-protocol-version.cnf.in +++ b/test/ssl-tests/02-protocol-version.cnf.in @@ -16,4 +16,6 @@ use warnings; use protocol_version; -our @tests = generate_version_tests("TLS"); +our $fips_mode; + +our @tests = generate_version_tests("TLS", $fips_mode); diff --git a/test/ssl-tests/04-client_auth.cnf.in b/test/ssl-tests/04-client_auth.cnf.in index b9c014d2c0..f90f7eb79d 100644 --- a/test/ssl-tests/04-client_auth.cnf.in +++ b/test/ssl-tests/04-client_auth.cnf.in @@ -11,12 +11,19 @@ use OpenSSL::Test; use OpenSSL::Test::Utils qw(anydisabled disabled); setup("no_test_here"); -# We test version-flexible negotiation (undef) and each protocol version. -my @protocols = (undef, "SSLv3", "TLSv1", "TLSv1.1", "TLSv1.2", "DTLSv1", "DTLSv1.2"); +our $fips_mode; +my @protocols; my @is_disabled = (0); push @is_disabled, anydisabled("ssl3", "tls1", "tls1_1", "tls1_2", "dtls1", "dtls1_2"); +# We test version-flexible negotiation (undef) and each protocol version. +if ($fips_mode) { + @protocols = (undef, "TLSv1.2", "DTLSv1.2"); +} else { + @protocols = (undef, "SSLv3", "TLSv1", "TLSv1.1", "TLSv1.2", "DTLSv1", "DTLSv1.2"); +} + our @tests = (); sub generate_tests() { diff --git a/test/ssl-tests/05-sni.cnf.in b/test/ssl-tests/05-sni.cnf.in index 6651899618..b34a55c7d2 100644 --- a/test/ssl-tests/05-sni.cnf.in +++ b/test/ssl-tests/05-sni.cnf.in @@ -15,6 +15,8 @@ use warnings; package ssltests; use OpenSSL::Test::Utils; +our $fips_mode; + our @tests = ( { name => "SNI-switch-context", @@ -166,4 +168,4 @@ our @tests_tls_1_1 = ( }, ); -push @tests, @tests_tls_1_1 unless disabled("tls1_1"); +push @tests, @tests_tls_1_1 unless disabled("tls1_1") || $fips_mode; diff --git a/test/ssl-tests/07-dtls-protocol-version.cnf.in b/test/ssl-tests/07-dtls-protocol-version.cnf.in index 2a53433b68..9f9ab6e72f 100644 --- a/test/ssl-tests/07-dtls-protocol-version.cnf.in +++ b/test/ssl-tests/07-dtls-protocol-version.cnf.in @@ -16,4 +16,6 @@ use warnings; use protocol_version; -our @tests = generate_version_tests("DTLS"); +our $fips_mode; + +our @tests = generate_version_tests("DTLS", $fips_mode); diff --git a/test/ssl-tests/10-resumption.cnf.in b/test/ssl-tests/10-resumption.cnf.in index 39c69395bf..ace714a8b5 100644 --- a/test/ssl-tests/10-resumption.cnf.in +++ b/test/ssl-tests/10-resumption.cnf.in @@ -16,4 +16,6 @@ package ssltests; use protocol_version; -our @tests = generate_resumption_tests("TLS"); +our $fips_mode; + +our @tests = generate_resumption_tests("TLS", $fips_mode); diff --git a/test/ssl-tests/11-dtls_resumption.cnf.in b/test/ssl-tests/11-dtls_resumption.cnf.in index 9f600e6625..4cee1e2022 100644 --- a/test/ssl-tests/11-dtls_resumption.cnf.in +++ b/test/ssl-tests/11-dtls_resumption.cnf.in @@ -16,4 +16,6 @@ package ssltests; use protocol_version; -our @tests = generate_resumption_tests("DTLS"); +our $fips_mode; + +our @tests = generate_resumption_tests("DTLS", $fips_mode); diff --git a/test/ssl-tests/14-curves.cnf b/test/ssl-tests/14-curves.cnf index f76f08fd7d..26d0949f0d 100644 --- a/test/ssl-tests/14-curves.cnf +++ b/test/ssl-tests/14-curves.cnf @@ -3,35 +3,35 @@ num_tests = 30 test-0 = 0-curve-sect163k1 -test-1 = 1-curve-sect163r1 -test-2 = 2-curve-sect163r2 -test-3 = 3-curve-sect193r1 -test-4 = 4-curve-sect193r2 -test-5 = 5-curve-sect233k1 -test-6 = 6-curve-sect233r1 -test-7 = 7-curve-sect239k1 -test-8 = 8-curve-sect283k1 -test-9 = 9-curve-sect283r1 -test-10 = 10-curve-sect409k1 -test-11 = 11-curve-sect409r1 -test-12 = 12-curve-sect571k1 -test-13 = 13-curve-sect571r1 -test-14 = 14-curve-secp160k1 -test-15 = 15-curve-secp160r1 -test-16 = 16-curve-secp160r2 -test-17 = 17-curve-secp192k1 -test-18 = 18-curve-prime192v1 -test-19 = 19-curve-secp224k1 -test-20 = 20-curve-secp224r1 -test-21 = 21-curve-secp256k1 -test-22 = 22-curve-prime256v1 -test-23 = 23-curve-secp384r1 -test-24 = 24-curve-secp521r1 -test-25 = 25-curve-brainpoolP256r1 -test-26 = 26-curve-brainpoolP384r1 -test-27 = 27-curve-brainpoolP512r1 -test-28 = 28-curve-X25519 -test-29 = 29-curve-X448 +test-1 = 1-curve-sect163r2 +test-2 = 2-curve-sect233k1 +test-3 = 3-curve-sect233r1 +test-4 = 4-curve-sect283k1 +test-5 = 5-curve-sect283r1 +test-6 = 6-curve-sect409k1 +test-7 = 7-curve-sect409r1 +test-8 = 8-curve-sect571k1 +test-9 = 9-curve-sect571r1 +test-10 = 10-curve-prime192v1 +test-11 = 11-curve-secp224r1 +test-12 = 12-curve-prime256v1 +test-13 = 13-curve-secp384r1 +test-14 = 14-curve-secp521r1 +test-15 = 15-curve-X25519 +test-16 = 16-curve-X448 +test-17 = 17-curve-sect163r1 +test-18 = 18-curve-sect193r1 +test-19 = 19-curve-sect193r2 +test-20 = 20-curve-sect239k1 +test-21 = 21-curve-secp160k1 +test-22 = 22-curve-secp160r1 +test-23 = 23-curve-secp160r2 +test-24 = 24-curve-secp192k1 +test-25 = 25-curve-secp224k1 +test-26 = 26-curve-secp256k1 +test-27 = 27-curve-brainpoolP256r1 +test-28 = 28-curve-brainpoolP384r1 +test-29 = 29-curve-brainpoolP512r1 # =========================================================== [0-curve-sect163k1] @@ -62,813 +62,813 @@ ExpectedTmpKeyType = sect163k1 # =========================================================== -[1-curve-sect163r1] -ssl_conf = 1-curve-sect163r1-ssl +[1-curve-sect163r2] +ssl_conf = 1-curve-sect163r2-ssl -[1-curve-sect163r1-ssl] -server = 1-curve-sect163r1-server -client = 1-curve-sect163r1-client +[1-curve-sect163r2-ssl] +server = 1-curve-sect163r2-server +client = 1-curve-sect163r2-client -[1-curve-sect163r1-server] +[1-curve-sect163r2-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -Curves = sect163r1 +Curves = sect163r2 MaxProtocol = TLSv1.2 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem -[1-curve-sect163r1-client] +[1-curve-sect163r2-client] CipherString = ECDHE -Curves = sect163r1 +Curves = sect163r2 MaxProtocol = TLSv1.2 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-1] ExpectedResult = Success -ExpectedTmpKeyType = sect163r1 +ExpectedTmpKeyType = sect163r2 # =========================================================== -[2-curve-sect163r2] -ssl_conf = 2-curve-sect163r2-ssl +[2-curve-sect233k1] +ssl_conf = 2-curve-sect233k1-ssl -[2-curve-sect163r2-ssl] -server = 2-curve-sect163r2-server -client = 2-curve-sect163r2-client +[2-curve-sect233k1-ssl] +server = 2-curve-sect233k1-server +client = 2-curve-sect233k1-client -[2-curve-sect163r2-server] +[2-curve-sect233k1-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -Curves = sect163r2 +Curves = sect233k1 MaxProtocol = TLSv1.2 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem -[2-curve-sect163r2-client] +[2-curve-sect233k1-client] CipherString = ECDHE -Curves = sect163r2 +Curves = sect233k1 MaxProtocol = TLSv1.2 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-2] ExpectedResult = Success -ExpectedTmpKeyType = sect163r2 +ExpectedTmpKeyType = sect233k1 # =========================================================== -[3-curve-sect193r1] -ssl_conf = 3-curve-sect193r1-ssl +[3-curve-sect233r1] +ssl_conf = 3-curve-sect233r1-ssl -[3-curve-sect193r1-ssl] -server = 3-curve-sect193r1-server -client = 3-curve-sect193r1-client +[3-curve-sect233r1-ssl] +server = 3-curve-sect233r1-server +client = 3-curve-sect233r1-client -[3-curve-sect193r1-server] +[3-curve-sect233r1-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -Curves = sect193r1 +Curves = sect233r1 MaxProtocol = TLSv1.2 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem -[3-curve-sect193r1-client] +[3-curve-sect233r1-client] CipherString = ECDHE -Curves = sect193r1 +Curves = sect233r1 MaxProtocol = TLSv1.2 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-3] ExpectedResult = Success -ExpectedTmpKeyType = sect193r1 +ExpectedTmpKeyType = sect233r1 # =========================================================== -[4-curve-sect193r2] -ssl_conf = 4-curve-sect193r2-ssl +[4-curve-sect283k1] +ssl_conf = 4-curve-sect283k1-ssl -[4-curve-sect193r2-ssl] -server = 4-curve-sect193r2-server -client = 4-curve-sect193r2-client +[4-curve-sect283k1-ssl] +server = 4-curve-sect283k1-server +client = 4-curve-sect283k1-client -[4-curve-sect193r2-server] +[4-curve-sect283k1-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -Curves = sect193r2 +Curves = sect283k1 MaxProtocol = TLSv1.2 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem -[4-curve-sect193r2-client] +[4-curve-sect283k1-client] CipherString = ECDHE -Curves = sect193r2 +Curves = sect283k1 MaxProtocol = TLSv1.2 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-4] ExpectedResult = Success -ExpectedTmpKeyType = sect193r2 +ExpectedTmpKeyType = sect283k1 # =========================================================== -[5-curve-sect233k1] -ssl_conf = 5-curve-sect233k1-ssl +[5-curve-sect283r1] +ssl_conf = 5-curve-sect283r1-ssl -[5-curve-sect233k1-ssl] -server = 5-curve-sect233k1-server -client = 5-curve-sect233k1-client +[5-curve-sect283r1-ssl] +server = 5-curve-sect283r1-server +client = 5-curve-sect283r1-client -[5-curve-sect233k1-server] +[5-curve-sect283r1-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -Curves = sect233k1 +Curves = sect283r1 MaxProtocol = TLSv1.2 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem -[5-curve-sect233k1-client] +[5-curve-sect283r1-client] CipherString = ECDHE -Curves = sect233k1 +Curves = sect283r1 MaxProtocol = TLSv1.2 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-5] ExpectedResult = Success -ExpectedTmpKeyType = sect233k1 +ExpectedTmpKeyType = sect283r1 # =========================================================== -[6-curve-sect233r1] -ssl_conf = 6-curve-sect233r1-ssl +[6-curve-sect409k1] +ssl_conf = 6-curve-sect409k1-ssl -[6-curve-sect233r1-ssl] -server = 6-curve-sect233r1-server -client = 6-curve-sect233r1-client +[6-curve-sect409k1-ssl] +server = 6-curve-sect409k1-server +client = 6-curve-sect409k1-client -[6-curve-sect233r1-server] +[6-curve-sect409k1-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -Curves = sect233r1 +Curves = sect409k1 MaxProtocol = TLSv1.2 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem -[6-curve-sect233r1-client] +[6-curve-sect409k1-client] CipherString = ECDHE -Curves = sect233r1 +Curves = sect409k1 MaxProtocol = TLSv1.2 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-6] ExpectedResult = Success -ExpectedTmpKeyType = sect233r1 +ExpectedTmpKeyType = sect409k1 # =========================================================== -[7-curve-sect239k1] -ssl_conf = 7-curve-sect239k1-ssl +[7-curve-sect409r1] +ssl_conf = 7-curve-sect409r1-ssl -[7-curve-sect239k1-ssl] -server = 7-curve-sect239k1-server -client = 7-curve-sect239k1-client +[7-curve-sect409r1-ssl] +server = 7-curve-sect409r1-server +client = 7-curve-sect409r1-client -[7-curve-sect239k1-server] +[7-curve-sect409r1-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -Curves = sect239k1 +Curves = sect409r1 MaxProtocol = TLSv1.2 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem -[7-curve-sect239k1-client] +[7-curve-sect409r1-client] CipherString = ECDHE -Curves = sect239k1 +Curves = sect409r1 MaxProtocol = TLSv1.2 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-7] ExpectedResult = Success -ExpectedTmpKeyType = sect239k1 +ExpectedTmpKeyType = sect409r1 # =========================================================== -[8-curve-sect283k1] -ssl_conf = 8-curve-sect283k1-ssl +[8-curve-sect571k1] +ssl_conf = 8-curve-sect571k1-ssl -[8-curve-sect283k1-ssl] -server = 8-curve-sect283k1-server -client = 8-curve-sect283k1-client +[8-curve-sect571k1-ssl] +server = 8-curve-sect571k1-server +client = 8-curve-sect571k1-client -[8-curve-sect283k1-server] +[8-curve-sect571k1-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -Curves = sect283k1 +Curves = sect571k1 MaxProtocol = TLSv1.2 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem -[8-curve-sect283k1-client] +[8-curve-sect571k1-client] CipherString = ECDHE -Curves = sect283k1 +Curves = sect571k1 MaxProtocol = TLSv1.2 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-8] ExpectedResult = Success -ExpectedTmpKeyType = sect283k1 +ExpectedTmpKeyType = sect571k1 # =========================================================== -[9-curve-sect283r1] -ssl_conf = 9-curve-sect283r1-ssl +[9-curve-sect571r1] +ssl_conf = 9-curve-sect571r1-ssl -[9-curve-sect283r1-ssl] -server = 9-curve-sect283r1-server -client = 9-curve-sect283r1-client +[9-curve-sect571r1-ssl] +server = 9-curve-sect571r1-server +client = 9-curve-sect571r1-client -[9-curve-sect283r1-server] +[9-curve-sect571r1-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -Curves = sect283r1 +Curves = sect571r1 MaxProtocol = TLSv1.2 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem -[9-curve-sect283r1-client] +[9-curve-sect571r1-client] CipherString = ECDHE -Curves = sect283r1 +Curves = sect571r1 MaxProtocol = TLSv1.2 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-9] ExpectedResult = Success -ExpectedTmpKeyType = sect283r1 +ExpectedTmpKeyType = sect571r1 # =========================================================== -[10-curve-sect409k1] -ssl_conf = 10-curve-sect409k1-ssl +[10-curve-prime192v1] +ssl_conf = 10-curve-prime192v1-ssl -[10-curve-sect409k1-ssl] -server = 10-curve-sect409k1-server -client = 10-curve-sect409k1-client +[10-curve-prime192v1-ssl] +server = 10-curve-prime192v1-server +client = 10-curve-prime192v1-client -[10-curve-sect409k1-server] +[10-curve-prime192v1-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -Curves = sect409k1 +Curves = prime192v1 MaxProtocol = TLSv1.2 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem -[10-curve-sect409k1-client] +[10-curve-prime192v1-client] CipherString = ECDHE -Curves = sect409k1 +Curves = prime192v1 MaxProtocol = TLSv1.2 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-10] ExpectedResult = Success -ExpectedTmpKeyType = sect409k1 +ExpectedTmpKeyType = prime192v1 # =========================================================== -[11-curve-sect409r1] -ssl_conf = 11-curve-sect409r1-ssl +[11-curve-secp224r1] +ssl_conf = 11-curve-secp224r1-ssl -[11-curve-sect409r1-ssl] -server = 11-curve-sect409r1-server -client = 11-curve-sect409r1-client +[11-curve-secp224r1-ssl] +server = 11-curve-secp224r1-server +client = 11-curve-secp224r1-client -[11-curve-sect409r1-server] +[11-curve-secp224r1-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -Curves = sect409r1 +Curves = secp224r1 MaxProtocol = TLSv1.2 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem -[11-curve-sect409r1-client] +[11-curve-secp224r1-client] CipherString = ECDHE -Curves = sect409r1 +Curves = secp224r1 MaxProtocol = TLSv1.2 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-11] ExpectedResult = Success -ExpectedTmpKeyType = sect409r1 +ExpectedTmpKeyType = secp224r1 # =========================================================== -[12-curve-sect571k1] -ssl_conf = 12-curve-sect571k1-ssl +[12-curve-prime256v1] +ssl_conf = 12-curve-prime256v1-ssl -[12-curve-sect571k1-ssl] -server = 12-curve-sect571k1-server -client = 12-curve-sect571k1-client +[12-curve-prime256v1-ssl] +server = 12-curve-prime256v1-server +client = 12-curve-prime256v1-client -[12-curve-sect571k1-server] +[12-curve-prime256v1-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -Curves = sect571k1 +Curves = prime256v1 MaxProtocol = TLSv1.2 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem -[12-curve-sect571k1-client] +[12-curve-prime256v1-client] CipherString = ECDHE -Curves = sect571k1 +Curves = prime256v1 MaxProtocol = TLSv1.2 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-12] ExpectedResult = Success -ExpectedTmpKeyType = sect571k1 +ExpectedTmpKeyType = prime256v1 # =========================================================== -[13-curve-sect571r1] -ssl_conf = 13-curve-sect571r1-ssl +[13-curve-secp384r1] +ssl_conf = 13-curve-secp384r1-ssl -[13-curve-sect571r1-ssl] -server = 13-curve-sect571r1-server -client = 13-curve-sect571r1-client +[13-curve-secp384r1-ssl] +server = 13-curve-secp384r1-server +client = 13-curve-secp384r1-client -[13-curve-sect571r1-server] +[13-curve-secp384r1-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -Curves = sect571r1 +Curves = secp384r1 MaxProtocol = TLSv1.2 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem -[13-curve-sect571r1-client] +[13-curve-secp384r1-client] CipherString = ECDHE -Curves = sect571r1 +Curves = secp384r1 MaxProtocol = TLSv1.2 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-13] ExpectedResult = Success -ExpectedTmpKeyType = sect571r1 +ExpectedTmpKeyType = secp384r1 # =========================================================== -[14-curve-secp160k1] -ssl_conf = 14-curve-secp160k1-ssl +[14-curve-secp521r1] +ssl_conf = 14-curve-secp521r1-ssl -[14-curve-secp160k1-ssl] -server = 14-curve-secp160k1-server -client = 14-curve-secp160k1-client +[14-curve-secp521r1-ssl] +server = 14-curve-secp521r1-server +client = 14-curve-secp521r1-client -[14-curve-secp160k1-server] +[14-curve-secp521r1-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -Curves = secp160k1 +Curves = secp521r1 MaxProtocol = TLSv1.2 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem -[14-curve-secp160k1-client] +[14-curve-secp521r1-client] CipherString = ECDHE -Curves = secp160k1 +Curves = secp521r1 MaxProtocol = TLSv1.2 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-14] ExpectedResult = Success -ExpectedTmpKeyType = secp160k1 +ExpectedTmpKeyType = secp521r1 # =========================================================== -[15-curve-secp160r1] -ssl_conf = 15-curve-secp160r1-ssl +[15-curve-X25519] +ssl_conf = 15-curve-X25519-ssl -[15-curve-secp160r1-ssl] -server = 15-curve-secp160r1-server -client = 15-curve-secp160r1-client +[15-curve-X25519-ssl] +server = 15-curve-X25519-server +client = 15-curve-X25519-client -[15-curve-secp160r1-server] +[15-curve-X25519-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -Curves = secp160r1 +Curves = X25519 MaxProtocol = TLSv1.2 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem -[15-curve-secp160r1-client] +[15-curve-X25519-client] CipherString = ECDHE -Curves = secp160r1 +Curves = X25519 MaxProtocol = TLSv1.2 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-15] ExpectedResult = Success -ExpectedTmpKeyType = secp160r1 +ExpectedTmpKeyType = X25519 # =========================================================== -[16-curve-secp160r2] -ssl_conf = 16-curve-secp160r2-ssl +[16-curve-X448] +ssl_conf = 16-curve-X448-ssl -[16-curve-secp160r2-ssl] -server = 16-curve-secp160r2-server -client = 16-curve-secp160r2-client +[16-curve-X448-ssl] +server = 16-curve-X448-server +client = 16-curve-X448-client -[16-curve-secp160r2-server] +[16-curve-X448-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -Curves = secp160r2 +Curves = X448 MaxProtocol = TLSv1.2 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem -[16-curve-secp160r2-client] +[16-curve-X448-client] CipherString = ECDHE -Curves = secp160r2 +Curves = X448 MaxProtocol = TLSv1.2 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-16] ExpectedResult = Success -ExpectedTmpKeyType = secp160r2 +ExpectedTmpKeyType = X448 # =========================================================== -[17-curve-secp192k1] -ssl_conf = 17-curve-secp192k1-ssl +[17-curve-sect163r1] +ssl_conf = 17-curve-sect163r1-ssl -[17-curve-secp192k1-ssl] -server = 17-curve-secp192k1-server -client = 17-curve-secp192k1-client +[17-curve-sect163r1-ssl] +server = 17-curve-sect163r1-server +client = 17-curve-sect163r1-client -[17-curve-secp192k1-server] +[17-curve-sect163r1-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -Curves = secp192k1 +Curves = sect163r1 MaxProtocol = TLSv1.2 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem -[17-curve-secp192k1-client] +[17-curve-sect163r1-client] CipherString = ECDHE -Curves = secp192k1 +Curves = sect163r1 MaxProtocol = TLSv1.2 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-17] ExpectedResult = Success -ExpectedTmpKeyType = secp192k1 +ExpectedTmpKeyType = sect163r1 # =========================================================== -[18-curve-prime192v1] -ssl_conf = 18-curve-prime192v1-ssl +[18-curve-sect193r1] +ssl_conf = 18-curve-sect193r1-ssl -[18-curve-prime192v1-ssl] -server = 18-curve-prime192v1-server -client = 18-curve-prime192v1-client +[18-curve-sect193r1-ssl] +server = 18-curve-sect193r1-server +client = 18-curve-sect193r1-client -[18-curve-prime192v1-server] +[18-curve-sect193r1-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -Curves = prime192v1 +Curves = sect193r1 MaxProtocol = TLSv1.2 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem -[18-curve-prime192v1-client] +[18-curve-sect193r1-client] CipherString = ECDHE -Curves = prime192v1 +Curves = sect193r1 MaxProtocol = TLSv1.2 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-18] ExpectedResult = Success -ExpectedTmpKeyType = prime192v1 +ExpectedTmpKeyType = sect193r1 # =========================================================== -[19-curve-secp224k1] -ssl_conf = 19-curve-secp224k1-ssl +[19-curve-sect193r2] +ssl_conf = 19-curve-sect193r2-ssl -[19-curve-secp224k1-ssl] -server = 19-curve-secp224k1-server -client = 19-curve-secp224k1-client +[19-curve-sect193r2-ssl] +server = 19-curve-sect193r2-server +client = 19-curve-sect193r2-client -[19-curve-secp224k1-server] +[19-curve-sect193r2-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -Curves = secp224k1 +Curves = sect193r2 MaxProtocol = TLSv1.2 |