summaryrefslogtreecommitdiff
path: root/src/regress/lib/libcrypto (follow)
Commit message (Collapse)AuthorAgeFilesLines
...
* Adjust ectest.c for get_Jprojective coordinate changetb2021-04-201-2/+2
|
* Adjust ecdhtest.c for affine_coordinates changetb2021-04-202-7/+7
|
* Adjust ectest.c for affine_coordinates changetb2021-04-201-17/+17
|
* Adjust ectest.c for EC_GROUP_{g,s}et_curve changetb2021-04-202-15/+15
|
* Use ERR_print_error_fp() to avoid leaking a BIO in fatal()tb2021-04-071-2/+2
|
* use errx() instead of err()tb2021-04-061-8/+8
|
* spaces -> tabstb2021-04-061-5/+5
|
* minor style tweakstb2021-04-061-5/+6
|
* Add missing error check for AES_unwrap_key().tb2021-04-041-1/+3
|
* Explicitly NULL pointers to avoid a double free.tb2021-04-041-1/+3
|
* Don't leak key and dh in the error path.tb2021-04-041-4/+7
|
* Run the CMAC tests through EVP_PKEY_new_CMAC_key().tb2021-04-031-10/+22
|
* Remove workaround for missing d2i_DSAPrivateKey_fp prototypetb2021-03-311-5/+1
|
* Don't leak ca in test_cms_sign_verify().tb2021-03-221-1/+2
| | | | Reported by Ilya Shipitsin
* Plug memory leak reported by Ilya Shipitsintb2021-03-211-3/+2
| | | | | Since r1.7, input in base64_decoding_test() is allocated unconditionally, so free it unconditionally.
* Make this test module aware so it passes with Go 1.16tb2021-02-231-0/+4
|
* Start each regress run from scratch with new keys and CA database.bluhm2020-12-261-12/+17
|
* Convert CA regress implementation from shell script to make file.bluhm2020-12-265-141/+100
| | | | Ensure that it works with obj directory and link regress to build.
* Remove echo headlines.bluhm2020-12-172-6/+2
|
* Don't leak verify and store contexts.tb2020-11-181-1/+3
|
* Skip test if web server cannot be pinged.bluhm2020-11-051-6/+14
|
* catch unset error when validation fails.beck2020-10-262-2/+16
|
* avoid two overlong lines and drop an unused printf argumenttb2020-10-121-4/+4
|
* Don't leak bundle_file and cert_file paths at the end.tb2020-10-101-1/+3
|
* Read cert.pem once and reuse it instead of reading it twice per test certtb2020-10-081-18/+10
| | | | | | | | chain. It only takes a few dozens of ms to read it, but doing this 7290 times adds up to a few minutes run time. This way, the test completes in a handful of seconds. Diagnosed by jsing, ok beck
* KNFtb2020-10-031-12/+11
|
* typotb2020-10-031-1/+1
|
* spelling, punctuation, whitespacetb2020-10-022-6/+6
|
* Add possibility to link and run this test against the OpenSSL 1.1.1 packagetb2020-10-021-1/+7
| | | | | | using the make variable EOPENSSL11. Suggested by jsing
* Use += and ?= and tidy up whitespacetb2020-10-021-8/+8
|
* Tidy up: no need to link statically against libcrypto and no needtb2020-10-021-4/+4
| | | | to look at its private headers either.
* Make this test compile against OpenSSL 1.1tb2020-10-021-11/+21
| | | | | | | The X509_STORE_CTX struct is opaque in OpenSSL 1.1. To avoid reaching inside it, reuse the trusted certificate store that was just assigned to it and use X509_STORE_CTX_get0_param(3) to access the verification parameters.
* move a misplaced 'goto done;' so that all invalid uris are testedtb2020-09-211-1/+1
|
* add a few short invalid URIs in test_constraints1() that cause earlytb2020-09-211-0/+4
| | | | failure of x509_constraints_uri_host() in x509_constraints_uri()
* Correct a 1 byte read overflow in x509_contraints_uri and addbeck2020-09-201-0/+4
| | | | | | | | regress to catch it in the future. found by Guido Vranken's cryptofuzzer ok tb@
* Move variable declaration to beginning of scope in order to make thistb2020-09-181-3/+4
| | | | test compile and pass on sparc64.
* make this test compile and pass on sparc64 by moving variable declarationstb2020-09-181-4/+9
| | | | to the beginning of the respective scopes (and out of for loops)
* move variable declaration up to top to make this compile and passtb2020-09-181-1/+1
| | | | on sparc64
* Use void function argument to appease gcc 4.2.1tb2020-09-181-1/+1
|
* fix "warning: value computed is not used"tb2020-09-181-2/+2
| | | | | Add a cast to tell gcc 4.2.1 that the return value is deliberately ignored. This makes the test compile and pass on sparc64.
* fix "warning: function declaration isn't a prototype"tb2020-09-181-3/+3
| | | | | Make tests compile and pass on sparc64 with gcc 4.2.1 by properly declaring "static int foo()" as "static int foo(void)".
* zap redundant linetb2020-09-181-2/+1
|
* hook symbols test to regresstb2020-09-181-1/+2
|
* Check availability of the symbols in Symbols.listtb2020-09-182-0/+182
| | | | | | | | | | | | | | This regress parses Symbols.list and pulls all public headers out of libcrypto's Makefile to generate a simple program that uses all public symbols. A number of symbols need to be declared extern since they are unavailable in public headers and a handful must be skipped since they are apparently architecture dependent. This would have caught the recent breakage due to the accidental removal of the NAME_CONSTRAINTS_check() function and points out a number of places where cleanup may happen in the future. discussed with beck
* Change the known output to be the expected output, so that webeck2020-09-141-1421/+1421
| | | | | | no longer ignore the expected failures from the legacy name constraints validation, and will have a regress failure if we regress.
* Use a fixed validation time in these tests so we neverbeck2020-09-141-2/+4
| | | | | have to re-generate these certificates and this should just keep working even if the certs get old
* Add new x509 certificate chain validator in x509_verify.cbeck2020-09-131-9/+90
| | | | | | | | | | | | | | | | | | | The new validator finds multiple validated chains to handle the modern PKI cases which may frequently have multiple paths via different intermediates to different roots. It is loosely based on golang's x509 validator This includes integration so that the new validator can be used via X509_verify_cert() as well as a new api x509_verify() which will return multiple chains (similar to go). The new validator is not enabled by default with this commit, this will be changed in a follow on commit. The new public API is not yet exposed, and will be finalized and exposed with a man page and a library minor bump later. ok tb@ inoguchi@ jsing@
* remove unused include that breaks regressbeck2020-09-121-1/+0
|
* Add x509_constraints.c - a new implementation of x509 name constraints, withbeck2020-09-112-5/+495
| | | | | | | regression tests. The use of the new name constraints is not yet activated in x509_vfy.c and will be activated in a follow on commit ok jsing@
* Fix a bug in PEM_X509_INFO_read_bio(3) that is very likely to causeschwarze2020-07-233-1/+194
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | use-after-free and double-free issues in calling programs. The bug was introduced in SSLeay-0.6.0 released on June 21, 1996 and has been present since OpenBSD 2.4. I found the bug while documenting the function. The bug could bite in two ways that looked quite different from the perspective of the calling code: * If a stack was passed in that already contained some X509_INFO objects and an error occurred, all the objects passed in would be freed, but without removing the freed pointers from the stack, so the calling code would probable continue to access the freed pointers and eventually free them a second time. * If the input BIO contained at least two valid PEM objects followed by at least one PEM object causing an error, at least one freed pointer would be put onto the stack, even though the function would return NULL rather than the stack. But the calling code would still have a pointer to the stack, so it would be likely to access the new bogus pointers sooner or later. Fix all this by remembering the size of the input stack on entry and cutting it back to exactly that size when exiting due to an error, but no further. While here, do some related cleanup: * Garbage collect the automatic variables "error" and "i" which were only used at one single place each. * Use NULL rather than 0 for pointers. I like bugfixes that make the code four lines shorter, reduce the number of variables by one, reduce the number of brace-blocks by one, reduce the number if if-statements by one, and reduce the number of else-clauses by one. Tweaks and OK tb@.
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-08-21 11:53:43 +0000