openbsd - A mirror of https://github.com/libressl/openbsd.git

	Commit message (Collapse)	Author	Age	Files	Lines
*	typo	tb	2021-03-20	1	-2/+2
\|
*	Add new test-tls13-multiple-ccs-messages.py	tb	2021-03-20	1	-1/+8
\| \| \| \| \| \| \| \| \| \| \|	This is a test that checks for NSS's CCS flood DoS CVE-2020-25648. The test script currently fails on LibreSSL and OpenSSL 1.1.1j because it sends invalid records with version 0x0300 instead of 0x0303. We have the ccs_seen logic corresponding to NSS's fix: https://hg.mozilla.org/projects/nss/rev/57bbefa793232586d27cee83e74411171e128361 but we do allow up to two CCS due to an interop issue with Fizz, so at least one of the tests will likey be broken once the record version is fixed.
*	wrap an overlong line	tb	2021-01-27	1	-2/+3
\|
*	add arguments to skip a bunch of x448 tests	tb	2020-10-07	1	-3/+18
\|
*	move test-tls13-finished.py from slow tests to normal tests.	tb	2020-09-25	1	-27/+26
\|
*	test-tls13-finished.py has 70 failing tests that expect a "decode_error"	tb	2020-09-25	1	-6/+94
\| \| \| \| \| \|	instead of the "decrypt_error" sent by tls13_server_finished_recv(). Both alerts appear to be reasonable in this context, so enable the tests while working around this.
*	delete a stale comment	tb	2020-09-25	1	-5/+1
\|
*	Enable test-tls13-large-number-of-extensions.py	tb	2020-09-10	1	-2/+7
\| \| \| \| \| \|	Skip sending an empty ECPF extension for now: we don't accept it since according to RFC 4492 and 8422 it needs to advertise uncompressed point formats.
*	Also print a list of missing scripts in summary	tb	2020-08-17	1	-5/+10
\|
*	Avoid test failures due to outdated packages	tb	2020-08-17	1	-1/+6
\| \| \| \| \|	Indicate missing test scripts prominently in the result but do not count them as an error.
*	enable jsing's zero content type test	tb	2020-08-15	1	-1/+2
\|
*	Session resumption is not currently supported for TLSv1.3.	tb	2020-08-08	1	-4/+4
\|
*	Enable P-521 and run the tests that use it.	tb	2020-08-08	1	-5/+3
\|
*	enable test-tls13-keyshare-omitted.py	tb	2020-06-24	1	-5/+2
\|
*	Add test-ffdhe-expected-params.py	tb	2020-06-24	1	-1/+2
\|
*	Enable lucky 13 test.	tb	2020-06-19	1	-5/+2
\|
*	Add lucky13 and bleichenbacher-timing tests	tb	2020-06-10	1	-1/+7
\|
*	Implement a rolling hash of the ClientHello message, Enforce RFC 8446	beck	2020-06-06	1	-2/+2
\| \| \| \| \| \| \| \|	section 4.1.2 to ensure subsequent ClientHello messages after a HelloRetryRequest messages must be unchanged from the initial ClientHello. ok tb@ jsing@
*	Enable the record layer limits test and mark two finished test cases as	tb	2020-06-03	1	-5/+8
\| \| \| \| \|	xfail for now. Arguably, the expected decode_error is more appropriate than the decrypt_error that we send at the moment.
*	Enable the test-tls13-zero-length-data.py test, skipping the	tb	2020-06-01	1	-8/+10
\| \| \| \|	three tests that fail due to a BIO_gets() bug.
*	Enable test-dhe-rsa-key-exchange-with-bad-messages.py	tb	2020-06-01	1	-4/+2
\|
*	The version detection doesn't work on bluhm's test machine, causing	tb	2020-05-24	1	-3/+3
\| \| \| \| \| \| \|	the test to fail. Neuter it for now and just assume we do TLSv1.3. I have been intending to purge this version detection hack once I'm sure we can leave the 1.3 server enabled but I'll leave it here for now.
*	beck fixed most of the keyupdate tests. update annotation	tb	2020-05-21	1	-3/+8
\|
*	Add a harness that runs tests from tlsfuzzer	tb	2020-05-21	1	-0/+736
	This currently runs 54 tests from the tlsfuzzer suite against the TLSv1.3 server which exercise a large portion of the code. They already found a number of bugs and misbehaviors and also inspired a few diffs currently in the pipeline. This regress requires the py3-tlsfuzzer package to be installed, otherwise the tests are skipped. Many thanks to kmos for helping with the ports side and to beck for his positive feedback. ok beck