OpenSSL: tidy DH and ECDH param setup

Testsuite: expand DH testcase
author: Jeremy Harris <jgh146exb@wizmail.org> 2021-12-01 18:52:21 +0000
committer: Jeremy Harris <jgh146exb@wizmail.org> 2021-12-03 19:08:37 +0000
commit: c6a290f4d8df3734b3cdc2232b4334ff8386c1da (patch)
tree: ac9e874f2a19ffcf7602bc516564cb181ac00cb6 /test
parent: a5d79c99f4948d9fd288a1bfaca3a44cf2caaa32 (diff)
13 files changed, 142 insertions, 17 deletions
diff --git a/test/aux-fixed/dh2048 b/test/aux-fixed/dh2048
new file mode 100644
index 000000000..24260bf84
--- /dev/null
+++ b/test/aux-fixed/dh2048
@@ -0,0 +1,8 @@
+-----BEGIN DH PARAMETERS-----
+MIIBDAKCAQEA//////////+t+FRYortKmq/cViAnPTzx2LnFg84tNpWp4TZBFGQz
++8yTnc4kmz75fS/jY2MMddj2gbICrsRhetPfHtXV/WVhJDP1H18GbtCFY2VVPe0a
+87VXE15/V8k1mE8McODmi3fipona8+/och3xWKE2rec1MKzKT0g6eXq8CrGCsyT7
+YdEIqUuyyOP7uWrat2DX9GgdT0Kj3jlN9K5W7edjcrsZCwenyO4KbXCeAvzhzffi
+7MA0BM0oNC9hkXL+nOmFg/+OTxIy7vKBg8P+OxtMb61zO7X8vC7CIAXFjvGDfRaD
+ssbzSibBsu/6iGtCOGEoXJf//////////wIBAgICB/8=
+-----END DH PARAMETERS-----
diff --git a/test/aux-fixed/dh3072 b/test/aux-fixed/dh3072
new file mode 100644
index 000000000..4949d336a
--- /dev/null
+++ b/test/aux-fixed/dh3072
@@ -0,0 +1,11 @@
+-----BEGIN DH PARAMETERS-----
+MIIBjAKCAYEA//////////+t+FRYortKmq/cViAnPTzx2LnFg84tNpWp4TZBFGQz
++8yTnc4kmz75fS/jY2MMddj2gbICrsRhetPfHtXV/WVhJDP1H18GbtCFY2VVPe0a
+87VXE15/V8k1mE8McODmi3fipona8+/och3xWKE2rec1MKzKT0g6eXq8CrGCsyT7
+YdEIqUuyyOP7uWrat2DX9GgdT0Kj3jlN9K5W7edjcrsZCwenyO4KbXCeAvzhzffi
+7MA0BM0oNC9hkXL+nOmFg/+OTxIy7vKBg8P+OxtMb61zO7X8vC7CIAXFjvGDfRaD
+ssbzSibBsu/6iGtCOGEfz9zeNVs7ZRkDW7w09N75nAI4YbRvydbmyQd62R0mkff3
+7lmMsPrBhtkcrv4TCYUTknC0EwyTvEN5RPT9RFLi103TZPLiHnH1S/9croKrnJ32
+nuhtK8UiNjoNq8Uhl5sN6todv5pC1cRITgq80Gv6U93vPBsg7j/VnXwl5B0rZsYu
+N///////////AgECAgIL/w==
+-----END DH PARAMETERS-----
diff --git a/test/aux-fixed/dh1 b/test/aux-fixed/dh512
index 19790719c..19790719c 100644
--- a/test/aux-fixed/dh1
+++ b/test/aux-fixed/dh512
diff --git a/test/confs/2149 b/test/confs/2149
index dda9094a9..d70cd5c63 100644
--- a/test/confs/2149
+++ b/test/confs/2149
@@ -10,12 +10,9 @@ primary_hostname = myhost.test.ex
 
 acl_smtp_rcpt = accept
 
-queue_only
-queue_run_in_order
-
 tls_advertise_hosts = *
 tls_certificate = DIR/aux-fixed/cert1
-tls_dhparam = ${if eq {SERVER}{server}{DIR/aux-fixed/dh1}fail}
+tls_dhparam = ${if eq {SERVER}{server}{DATA}fail}
 
 
 # ----- Routers -----
diff --git a/test/log/2149 b/test/log/2149
index 234fbcc8e..4b7e651b0 100644
--- a/test/log/2149
+++ b/test/log/2149
@@ -1,13 +1,31 @@
 1999-03-02 09:44:33 10HmaX-0005vi-00 <= CALLER@myhost.test.ex U=CALLER P=local S=sss
-1999-03-02 09:44:33 Start queue run: pid=pppp -qf
-1999-03-02 09:44:33 10HmaX-0005vi-00 => userx@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=yes C="250 OK id=10HmaY-0005vi-00"
+1999-03-02 09:44:33 10HmaX-0005vi-00 => userw@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=yes C="250 OK id=10HmaY-0005vi-00"
 1999-03-02 09:44:33 10HmaX-0005vi-00 Completed
-1999-03-02 09:44:33 End queue run: pid=pppp -qf
+1999-03-02 09:44:33 10HmaZ-0005vi-00 <= CALLER@myhost.test.ex U=CALLER P=local S=sss
+1999-03-02 09:44:33 10HmaZ-0005vi-00 => userx@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=yes C="250 OK id=10HmbA-0005vi-00"
+1999-03-02 09:44:33 10HmaZ-0005vi-00 Completed
+1999-03-02 09:44:33 10HmbB-0005vi-00 <= CALLER@myhost.test.ex U=CALLER P=local S=sss
+1999-03-02 09:44:33 10HmbB-0005vi-00 => usery@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=yes C="250 OK id=10HmbC-0005vi-00"
+1999-03-02 09:44:33 10HmbB-0005vi-00 Completed
+1999-03-02 09:44:33 10HmbD-0005vi-00 <= CALLER@myhost.test.ex U=CALLER P=local S=sss
+1999-03-02 09:44:33 10HmbD-0005vi-00 => userz@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=yes C="250 OK id=10HmbE-0005vi-00"
+1999-03-02 09:44:33 10HmbD-0005vi-00 Completed
 
 ******** SERVER ********
 1999-03-02 09:44:33 exim x.yz daemon started: pid=pppp, no queue runs, listening for SMTP on port PORT_D
 1999-03-02 09:44:33 10HmaY-0005vi-00 <= CALLER@myhost.test.ex H=localhost (myhost.test.ex) [127.0.0.1] P=esmtps X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=no S=sss id=E10HmaX-0005vi-00@myhost.test.ex
-1999-03-02 09:44:33 Start queue run: pid=pppp -qf
-1999-03-02 09:44:33 10HmaY-0005vi-00 => userx <userx@test.ex> R=server T=local_delivery
+1999-03-02 09:44:33 10HmaY-0005vi-00 => userw <userw@test.ex> R=server T=local_delivery
 1999-03-02 09:44:33 10HmaY-0005vi-00 Completed
-1999-03-02 09:44:33 End queue run: pid=pppp -qf
+1999-03-02 09:44:33 exim x.yz daemon started: pid=pppp, no queue runs, listening for SMTP on port PORT_D
+1999-03-02 09:44:33 10HmbA-0005vi-00 <= CALLER@myhost.test.ex H=localhost (myhost.test.ex) [127.0.0.1] P=esmtps X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=no S=sss id=E10HmaZ-0005vi-00@myhost.test.ex
+1999-03-02 09:44:33 10HmbA-0005vi-00 => userx <userx@test.ex> R=server T=local_delivery
+1999-03-02 09:44:33 10HmbA-0005vi-00 Completed
+1999-03-02 09:44:33 exim x.yz daemon started: pid=pppp, no queue runs, listening for SMTP on port PORT_D
+1999-03-02 09:44:33 TLS error (D-H param setting 'TESTSUITE/aux-fixed/dh512'): error:xxxxxxxx:SSL routines::dh key too small
+1999-03-02 09:44:33 10HmbC-0005vi-00 <= CALLER@myhost.test.ex H=localhost (myhost.test.ex) [127.0.0.1] P=esmtps X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=no S=sss id=E10HmbB-0005vi-00@myhost.test.ex
+1999-03-02 09:44:33 10HmbC-0005vi-00 => usery <usery@test.ex> R=server T=local_delivery
+1999-03-02 09:44:33 10HmbC-0005vi-00 Completed
+1999-03-02 09:44:33 exim x.yz daemon started: pid=pppp, no queue runs, listening for SMTP on port PORT_D
+1999-03-02 09:44:33 10HmbE-0005vi-00 <= CALLER@myhost.test.ex H=localhost (myhost.test.ex) [127.0.0.1] P=esmtps X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=no S=sss id=E10HmbD-0005vi-00@myhost.test.ex
+1999-03-02 09:44:33 10HmbE-0005vi-00 => userz <userz@test.ex> R=server T=local_delivery
+1999-03-02 09:44:33 10HmbE-0005vi-00 Completed
diff --git a/test/mail/2149.userw b/test/mail/2149.userw
new file mode 100644
index 000000000..5e571319d
--- /dev/null
+++ b/test/mail/2149.userw
@@ -0,0 +1,20 @@
+From CALLER@myhost.test.ex Tue Mar 02 09:44:33 1999
+Received: from localhost ([127.0.0.1] helo=myhost.test.ex)
+	by myhost.test.ex with esmtps (TLS1.x:ke-RSA-AES256-SHAnnn:xxx)
+	(Exim x.yz)
+	(envelope-from <CALLER@myhost.test.ex>)
+	id 10HmaY-0005vi-00
+	for userw@test.ex;
+	Tue, 2 Mar 1999 09:44:33 +0000
+Received: from CALLER by myhost.test.ex with local (Exim x.yz)
+	(envelope-from <CALLER@myhost.test.ex>)
+	id 10HmaX-0005vi-00
+	for userw@test.ex;
+	Tue, 2 Mar 1999 09:44:33 +0000
+Message-Id: <E10HmaX-0005vi-00@myhost.test.ex>
+From: CALLER_NAME <CALLER@myhost.test.ex>
+Date: Tue, 2 Mar 1999 09:44:33 +0000
+TLS: cipher=TLS1.x:ke-RSA-AES256-SHAnnn:xxx peerdn=
+
+Test message
+
diff --git a/test/mail/2149.userx b/test/mail/2149.userx
index 72c9a3f6f..fa117a23e 100644
--- a/test/mail/2149.userx
+++ b/test/mail/2149.userx
@@ -3,15 +3,15 @@ Received: from localhost ([127.0.0.1] helo=myhost.test.ex)
 	by myhost.test.ex with esmtps (TLS1.x:ke-RSA-AES256-SHAnnn:xxx)
 	(Exim x.yz)
 	(envelope-from <CALLER@myhost.test.ex>)
-	id 10HmaY-0005vi-00
+	id 10HmbA-0005vi-00
 	for userx@test.ex;
 	Tue, 2 Mar 1999 09:44:33 +0000
 Received: from CALLER by myhost.test.ex with local (Exim x.yz)
 	(envelope-from <CALLER@myhost.test.ex>)
-	id 10HmaX-0005vi-00
+	id 10HmaZ-0005vi-00
 	for userx@test.ex;
 	Tue, 2 Mar 1999 09:44:33 +0000
-Message-Id: <E10HmaX-0005vi-00@myhost.test.ex>
+Message-Id: <E10HmaZ-0005vi-00@myhost.test.ex>
 From: CALLER_NAME <CALLER@myhost.test.ex>
 Date: Tue, 2 Mar 1999 09:44:33 +0000
 TLS: cipher=TLS1.x:ke-RSA-AES256-SHAnnn:xxx peerdn=
diff --git a/test/mail/2149.usery b/test/mail/2149.usery
new file mode 100644
index 000000000..1cf700b26
--- /dev/null
+++ b/test/mail/2149.usery
@@ -0,0 +1,20 @@
+From CALLER@myhost.test.ex Tue Mar 02 09:44:33 1999
+Received: from localhost ([127.0.0.1] helo=myhost.test.ex)
+	by myhost.test.ex with esmtps (TLS1.x:ke-RSA-AES256-SHAnnn:xxx)
+	(Exim x.yz)
+	(envelope-from <CALLER@myhost.test.ex>)
+	id 10HmbC-0005vi-00
+	for usery@test.ex;
+	Tue, 2 Mar 1999 09:44:33 +0000
+Received: from CALLER by myhost.test.ex with local (Exim x.yz)
+	(envelope-from <CALLER@myhost.test.ex>)
+	id 10HmbB-0005vi-00
+	for usery@test.ex;
+	Tue, 2 Mar 1999 09:44:33 +0000
+Message-Id: <E10HmbB-0005vi-00@myhost.test.ex>
+From: CALLER_NAME <CALLER@myhost.test.ex>
+Date: Tue, 2 Mar 1999 09:44:33 +0000
+TLS: cipher=TLS1.x:ke-RSA-AES256-SHAnnn:xxx peerdn=
+
+Test message
+
diff --git a/test/mail/2149.userz b/test/mail/2149.userz
new file mode 100644
index 000000000..a09b0f05d
--- /dev/null
+++ b/test/mail/2149.userz
@@ -0,0 +1,20 @@
+From CALLER@myhost.test.ex Tue Mar 02 09:44:33 1999
+Received: from localhost ([127.0.0.1] helo=myhost.test.ex)
+	by myhost.test.ex with esmtps (TLS1.x:ke-RSA-AES256-SHAnnn:xxx)
+	(Exim x.yz)
+	(envelope-from <CALLER@myhost.test.ex>)
+	id 10HmbE-0005vi-00
+	for userz@test.ex;
+	Tue, 2 Mar 1999 09:44:33 +0000
+Received: from CALLER by myhost.test.ex with local (Exim x.yz)
+	(envelope-from <CALLER@myhost.test.ex>)
+	id 10HmbD-0005vi-00
+	for userz@test.ex;
+	Tue, 2 Mar 1999 09:44:33 +0000
+Message-Id: <E10HmbD-0005vi-00@myhost.test.ex>
+From: CALLER_NAME <CALLER@myhost.test.ex>
+Date: Tue, 2 Mar 1999 09:44:33 +0000
+TLS: cipher=TLS1.x:ke-RSA-AES256-SHAnnn:xxx peerdn=
+
+Test message
+
diff --git a/test/paniclog/2149 b/test/paniclog/2149
new file mode 100644
index 000000000..2221cd458
--- /dev/null
+++ b/test/paniclog/2149
@@ -0,0 +1,3 @@
+
+******** SERVER ********
+1999-03-02 09:44:33 TLS error (D-H param setting 'TESTSUITE/aux-fixed/dh512'): error:xxxxxxxx:SSL routines::dh key too small
diff --git a/test/runtest b/test/runtest
index f595634e9..0f883e8fc 100755
--- a/test/runtest
+++ b/test/runtest
@@ -908,6 +908,9 @@ RESET_AFTER_EXTRA_LINE_READ:
   s/(TLS error on connection from .* \(SSL_\w+\): error:)(.*)/$1 <<detail omitted>>/;
   next if /SSL verify error: depth=0 error=certificate not trusted/;
 
+  # OpenSSL 3.0.0
+  s/TLS error \(D-H param setting .* error:\K.*dh key too small/xxxxxxxx:SSL routines::dh key too small/;
+
   # ======== Maildir things ========
   # timestamp output in maildir processing
   s/(timestamp=|\(timestamp_only\): )\d+/$1ddddddd/g;
diff --git a/test/scripts/2100-OpenSSL/2149 b/test/scripts/2100-OpenSSL/2149
index bba059158..4435fca19 100644
--- a/test/scripts/2100-OpenSSL/2149
+++ b/test/scripts/2100-OpenSSL/2149
@@ -1,11 +1,33 @@
 # TLS: DH ciphers for OpenSSL
-exim -DSERVER=server -bd -oX PORT_D
+#
+# DH param from file
+exim -DSERVER=server -DDATA=DIR/aux-fixed/dh2048 -bd -oX PORT_D
 ****
-exim userx@test.ex
+exim -odf userw@test.ex
 Test message
 ****
-exim -qf
+killdaemon
+#
+# Too-big DH param (vs. tls_dh_max_bits), from file
+exim -DSERVER=server -DDATA=DIR/aux-fixed/dh3072 -bd -oX PORT_D
+****
+exim -odf userx@test.ex
+Test message
+****
+killdaemon
+#
+# Too-small DH param (library limitation), from file
+exim -DSERVER=server -DDATA=DIR/aux-fixed/dh512 -bd -oX PORT_D
+****
+exim -odf usery@test.ex
+Test message
 ****
 killdaemon
-exim -DSERVER=server -DNOTDAEMON -qf
+#
+# Named DH-param
+exim -DSERVER=server -DDATA=ffdhe2048 -bd -oX PORT_D
 ****
+exim -odf userz@test.ex
+Test message
+****
+killdaemon
diff --git a/test/stderr/2149 b/test/stderr/2149
new file mode 100644
index 000000000..2221cd458
--- /dev/null
+++ b/test/stderr/2149
@@ -0,0 +1,3 @@
+
+******** SERVER ********
+1999-03-02 09:44:33 TLS error (D-H param setting 'TESTSUITE/aux-fixed/dh512'): error:xxxxxxxx:SSL routines::dh key too small
author	Jeremy Harris <jgh146exb@wizmail.org>	2021-12-01 18:52:21 +0000
committer	Jeremy Harris <jgh146exb@wizmail.org>	2021-12-03 19:08:37 +0000
commit	c6a290f4d8df3734b3cdc2232b4334ff8386c1da (patch)
tree	ac9e874f2a19ffcf7602bc516564cb181ac00cb6 /test
parent	a5d79c99f4948d9fd288a1bfaca3a44cf2caaa32 (diff)