Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15539)
return test_spki_aid(pubkey, filename);
}
return test_spki_aid(pubkey, filename);
}
-/*
- * TODO
- * When we gain the ability to get an EVP_SIGNATURE with a complete signature
- * algorithm name (like "sha1WithRSAEncryption" or its corresponding OID in
- * text form, "1.2.840.113549.1.1.2"), we won't have to limit this test to
- * what we have in libcrypto's cross-reference db, i.e. won't have to call
- * OBJ_find_sigid_algs() to find out the EVP_PKEY_METHOD NID any more.
- * All we'd have to do is used OBJ_obj2txt() on an ASN1_OBJECT and pass the
- * result.
- */
static int test_x509_sig_aid(X509 *eecert, const char *ee_filename,
X509 *cacert, const char *ca_filename)
{
static int test_x509_sig_aid(X509 *eecert, const char *ee_filename,
X509 *cacert, const char *ca_filename)
{
- * Things in boring, not in openssl. TODO we should add them.
+ * Things in boring, not in openssl.
*/
#define HAVE_BN_PADDED 0
#define HAVE_BN_SQRT 0
*/
#define HAVE_BN_PADDED 0
#define HAVE_BN_SQRT 0
/*
* Test that the functions work when |r| and |a| point to the same BIGNUM,
* or when |r| and |b| point to the same BIGNUM.
/*
* Test that the functions work when |r| and |a| point to the same BIGNUM,
* or when |r| and |b| point to the same BIGNUM.
- * TODO: Test where all of |r|, |a|, and |b| point to the same BIGNUM.
+ * There is no test for all of |r|, |a|, and |b| pointint to the same BIGNUM.
*/
if (!TEST_true(BN_copy(ret, a))
|| !TEST_true(BN_add(ret, ret, b))
*/
if (!TEST_true(BN_copy(ret, a))
|| !TEST_true(BN_add(ret, ret, b))
* documented as having. Note that these functions are frequently used
* when the prerequisites don't hold. In those cases, they are supposed
* to work as if the prerequisite hold, but we don't test that yet.
* documented as having. Note that these functions are frequently used
* when the prerequisites don't hold. In those cases, they are supposed
* to work as if the prerequisite hold, but we don't test that yet.
*/
if (!BN_is_negative(a) && !BN_is_negative(b) && BN_cmp(a, b) >= 0) {
if (!TEST_true(BN_uadd(ret, a, b))
*/
if (!BN_is_negative(a) && !BN_is_negative(b) && BN_cmp(a, b) >= 0) {
if (!TEST_true(BN_uadd(ret, a, b))
/*
* Test that the functions work when |r| and |a| point to the same
* BIGNUM, or when |r| and |b| point to the same BIGNUM.
/*
* Test that the functions work when |r| and |a| point to the same
* BIGNUM, or when |r| and |b| point to the same BIGNUM.
- * TODO: Test where all of |r|, |a|, and |b| point to the same BIGNUM.
+ * There is no test for all of |r|, |a|, and |b| pointint to the same
+ * BIGNUM.
*/
if (!TEST_true(BN_copy(ret, a))
|| !TEST_true(BN_uadd(ret, ret, b))
*/
if (!TEST_true(BN_copy(ret, a))
|| !TEST_true(BN_uadd(ret, ret, b))
ADD_TEST(test_cmp_asn1_get_int);
ADD_TEST(test_ASN1_OCTET_STRING_set);
ADD_TEST(test_ASN1_OCTET_STRING_set_tgt_is_src);
ADD_TEST(test_cmp_asn1_get_int);
ADD_TEST(test_ASN1_OCTET_STRING_set);
ADD_TEST(test_ASN1_OCTET_STRING_set_tgt_is_src);
- /*
- * TODO make sure that total number of tests (here currently 24) is shown,
- * also for other cmp_*text.c. Currently the test drivers always show 1.
- */
-
if (!TEST_ptr(itavs = OSSL_CMP_exec_GENM_ses(fixture->cmp_ctx)))
return 0;
sk_OSSL_CMP_ITAV_pop_free(itavs, OSSL_CMP_ITAV_free);
if (!TEST_ptr(itavs = OSSL_CMP_exec_GENM_ses(fixture->cmp_ctx)))
return 0;
sk_OSSL_CMP_ITAV_pop_free(itavs, OSSL_CMP_ITAV_free);
- /* TODO: check if the returned value is the expected one (same as sent) */
if (!TEST_ptr(res) || !TEST_int_eq(X509_cmp(res, client_cert), 0))
return 0;
if (!TEST_ptr(res) || !TEST_int_eq(X509_cmp(res, client_cert), 0))
return 0;
- /* TODO: check that cerfConf has been exchanged unless implicitConfirm */
if (fixture->caPubs != NULL) {
STACK_OF(X509) *caPubs = OSSL_CMP_CTX_get1_caPubs(fixture->cmp_ctx);
int ret = TEST_int_eq(STACK_OF_X509_cmp(fixture->caPubs, caPubs), 0);
if (fixture->caPubs != NULL) {
STACK_OF(X509) *caPubs = OSSL_CMP_CTX_get1_caPubs(fixture->cmp_ctx);
int ret = TEST_int_eq(STACK_OF_X509_cmp(fixture->caPubs, caPubs), 0);
ossl_cmp_mock_srv_set_pollCount(fixture->srv_ctx, 2);
ossl_cmp_mock_srv_set_checkAfterTime(fixture->srv_ctx, checkAfter);
EXECUTE_TEST(execute_exec_certrequest_ses_test, tear_down);
ossl_cmp_mock_srv_set_pollCount(fixture->srv_ctx, 2);
ossl_cmp_mock_srv_set_checkAfterTime(fixture->srv_ctx, checkAfter);
EXECUTE_TEST(execute_exec_certrequest_ses_test, tear_down);
- /* TODO: check that 2 rounds are done or session takes 2..3 seconds */
/* also tests internal function ossl_cmp_hdr_get_pvno(): */
ADD_TEST(test_HDR_init_with_ref);
ADD_TEST(test_HDR_init_with_subject);
/* also tests internal function ossl_cmp_hdr_get_pvno(): */
ADD_TEST(test_HDR_init_with_ref);
ADD_TEST(test_HDR_init_with_subject);
- /*
- * TODO make sure that total number of tests (here currently 24) is shown,
- * also for other cmp_*text.c. Currently the test drivers always show 1.
- */
-
/* The client failed immediately before sending the ClientHello */
return client_spoke_last ? CLIENT_ERROR : INTERNAL_ERROR;
case PEER_SUCCESS:
/* The client failed immediately before sending the ClientHello */
return client_spoke_last ? CLIENT_ERROR : INTERNAL_ERROR;
case PEER_SUCCESS:
- /*
- * First peer succeeded but second peer errored.
- * TODO(emilia): we should be able to continue here (with some
- * application data?) to ensure the first peer receives the
- * alert / close_notify.
- * (No tests currently exercise this branch.)
- */
+ /* First peer succeeded but second peer errored. */
return client_spoke_last ? CLIENT_ERROR : SERVER_ERROR;
case PEER_RETRY:
/* We errored; let the peer finish. */
return client_spoke_last ? CLIENT_ERROR : SERVER_ERROR;
case PEER_RETRY:
/* We errored; let the peer finish. */
if (enc) {
if (!TEST_int_eq(bagnid, NID_pkcs7_encrypted))
goto err;
if (enc) {
if (!TEST_int_eq(bagnid, NID_pkcs7_encrypted))
goto err;
- /* TODO: Check algorithm (iterations?) against what we originally set */
bags = PKCS12_unpack_p7encdata(p7, enc->pass, strlen(enc->pass));
} else {
if (!TEST_int_eq(bagnid, NID_pkcs7_data))
bags = PKCS12_unpack_p7encdata(p7, enc->pass, strlen(enc->pass));
} else {
if (!TEST_int_eq(bagnid, NID_pkcs7_data))
while(p_attr->oid != NULL) {
/* Find a matching attribute type */
if (strcmp(p_attr->oid, attr_txt) == 0) {
while(p_attr->oid != NULL) {
/* Find a matching attribute type */
if (strcmp(p_attr->oid, attr_txt) == 0) {
-
- /* TODO: Handle multi-value attributes */
if (!TEST_int_eq(X509_ATTRIBUTE_count(attr), 1))
goto err;
if (!TEST_int_eq(X509_ATTRIBUTE_count(attr), 1))
goto err;
pb->success = 0;
goto err;
}
pb->success = 0;
goto err;
}
- /* TODO: handle key attributes */
- /* PKCS8_pkey_get0_attrs(p8c); */
break;
case NID_pkcs8ShroudedKeyBag:
break;
case NID_pkcs8ShroudedKeyBag:
pb->success = 0;
goto err;
}
pb->success = 0;
goto err;
}
- /* TODO: handle key attributes */
- /* PKCS8_pkey_get0_attrs(p8); */
PKCS8_PRIV_KEY_INFO_free(p8);
break;
PKCS8_PRIV_KEY_INFO_free(p8);
break;
#endif
fprintf(stderr, " -no_dhe - disable DHE\n");
#ifndef OPENSSL_NO_EC
#endif
fprintf(stderr, " -no_dhe - disable DHE\n");
#ifndef OPENSSL_NO_EC
- fprintf(stderr, " -no_ecdhe - disable ECDHE\nTODO(openssl-team): no_ecdhe was broken by auto ecdh. Make this work again.\n");
+ fprintf(stderr, " -no_ecdhe - disable ECDHE\n");
#endif
#ifndef OPENSSL_NO_PSK
fprintf(stderr, " -psk arg - PSK in hex (without 0x)\n");
#endif
#ifndef OPENSSL_NO_PSK
fprintf(stderr, " -psk arg - PSK in hex (without 0x)\n");
if (!TEST_ptr(token = strtok(NULL, " \n")))
return 0;
if (!TEST_ptr(token = strtok(NULL, " \n")))
return 0;
-
- /*
- * TODO(TLS1.3): test that application traffic secrets are what
- * we expect */
} else {
TEST_info("Unexpected token %s\n", token);
return 0;
} else {
TEST_info("Unexpected token %s\n", token);
return 0;
&sctx, &cctx, cert, privkey)))
return 0;
&sctx, &cctx, cert, privkey)))
return 0;
- /*
- * TODO(TLS1.3): These APIs cannot set TLSv1.3 sig algs so we just test it
- * for TLSv1.2 for now until we add a new API.
- */
SSL_CTX_set_max_proto_version(cctx, TLS1_2_VERSION);
if (testctx) {
SSL_CTX_set_max_proto_version(cctx, TLS1_2_VERSION);
if (testctx) {