summaryrefslogtreecommitdiff
path: root/src/regress/lib/libssl (follow)
Commit message (Collapse)AuthorAgeFilesLines
* LibreSSL 3.1.4 - Interoperability and bug fixes for the TLSv1.3 client:tb2020-08-102-30/+32
| | | | | | | | | | | | | | | | | | | | | | | | | | | * Improve client certificate selection to allow EC certificates instead of only RSA certificates. * Do not error out if a TLSv1.3 server requests an OCSP response as part of a certificate request. * Fix SSL_shutdown behavior to match the legacy stack. The previous behaviour could cause a hang. * Fix a memory leak and add a missing error check in the handling of the key update message. * Fix a memory leak in tls13_record_layer_set_traffic_key. * Avoid calling freezero with a negative size if a server sends a malformed plaintext of all zeroes. * Ensure that only PSS may be used with RSA in TLSv1.3 in order to avoid using PKCS1-based signatures. * Add the P-521 curve to the list of curves supported by default in the client. This is errata/6.7/019_libssl.patch.sig
* Fix out-of-bounds access in tables[][] that was exposed in bluhm'stb2020-05-041-6/+8
| | | | | | regress on i386 after inoguchi moved some symbols to const. ok inoguchi jsing deraadt
* Revise regress to match state transition changes.jsing2020-04-221-11/+13
|
* Update key share regress to match previous change.jsing2020-04-171-4/+4
|
* Revise test to handle the fact that TLSv1.3 cipher suites are now beingjsing2020-04-091-2/+4
| | | | included in the output from `openssl ciphers`.
* Test both SSLv3 (aka pre-TLSv1.2) and TLSv1.2 cipher suites with TLS.jsing2020-04-091-1/+1
|
* Re-enable the client test now that it passes again.jsing2020-04-061-2/+2
|
* Minor code improvements.jsing2020-04-061-3/+3
|
* Add tests that cover TLSv1.2 and disable those that trigger TLSv1.3.jsing2020-04-061-3/+32
| | | | This allows the test to pass again.
* Zero the client random field in the TLSv1.2 golden value.jsing2020-04-061-5/+5
|
* Improve comparision with test data.jsing2020-04-061-7/+9
| | | | | | First check the client random against the zeroed value, then zero the client random in the client hello, before comparing with the golden value. This makes failures more obvious and the test code more readable.
* Dump the test data when the lengths differ in order to aid debugging.jsing2020-04-061-0/+3
|
* Use errx() if we fail to build the client hello.jsing2020-04-061-1/+1
|
* Adapt to tls13_record_layer.c r1.30 (the sequence number shouldn't wrap).tb2020-03-161-2/+2
|
* Increment a few more sequence numbers where the carry is close totb2020-03-131-1/+41
| | | | crossing a byte boundary.
* Add regress for TLSv1.3 sequence number handling.jsing2020-03-133-1/+135
|
* Add missing $OpenBSD$ tag.jsing2020-03-131-0/+1
|
* Add regress for CBB_add_space().jsing2020-03-131-1/+41
|
* Update to follow handshake enum removal.jsing2020-03-101-7/+1
|
* Reset the key share so that we do not have an existing peer public key.jsing2020-02-051-1/+7
|
* Tweak regress to match change made to tls13_key_share_peer_public().jsing2020-02-011-2/+1
|
* Revise for TLSv1.3 key share changes.jsing2020-01-301-8/+27
|
* server sigalgs test is now bogus, disable for nowbeck2020-01-261-2/+3
|
* Disable cert interop tests for now.jsing2020-01-251-2/+2
| | | | | | | | The libressl TLSv1.3 client and server currently lack client certificate authentication support and this test expects all clients can auth with all servers. We can likely turn this back on in the near future.
* Actually disable cipher interop tests.jsing2020-01-251-3/+3
|
* Disable the cipher interop tests.jsing2020-01-251-3/+4
| | | | | | | | | | These make far too many assumptions about cipher suites - TLSv1.3 cipher suites can only be used with TLSv1.3 and there is tests using TLSv1.3 cipher suites with TLSv1.2 will not work. Likewise, expecting TLSv1.2 cipher suites to work with TLSv1.3 is futile. Additionally, eopenssl11 lists TLSv1.3 cipher suites with different names to libressl. Futher work will be necessary before this can be re-enabled.
* Accept both TLSv1.2 and TLSv1.3 protocols for netcat.jsing2020-01-251-4/+3
| | | | | This can potentially be improved by adding knowledge about which libraries support which versions and handle differences between clients and servers.
* Disable session regress for libressl client talking to openssl11 server.jsing2020-01-251-1/+2
| | | | This is now talking over TLSv1.3 and needs session support.
* Disable the client hello message regress test for now.jsing2020-01-251-2/+2
| | | | | | | The golden values have changed due to TLSv1.3 and will likely change more in the near future. This will be updated and re-enabled when things settle. Discussed with beck@
* Ensure that TLSv1.0 and TLSv1.1 are enabled before running SSLv2 clientjsing2020-01-251-5/+10
| | | | hello tests.
* Nuke trailing whitespace that is annoying before changing things in herebeck2019-11-261-6/+6
|
* fix printing of client app secretbeck2019-11-181-2/+2
|
* Add regress for the updating of sever and client application secretsbeck2019-11-181-2/+47
|
* It has been called to my attention that the cookie monster ascii artbeck2019-11-101-17/+7
| | | | | | | | | in this test which I had obtained from a site purporting it to be free for use with artist attribtion might not be. After looking at at some other muppett ascii art for inspiration I am replacing this with my own ascii art muppet to replace the previously used cookie monster. The copyright for the art is the same as my code.
* use curly braces for consistencytb2019-11-061-2/+2
|
* Proper prototype for main(). Make sparc64 happier.claudio2019-05-091-2/+4
|
* exitting -> exitingtb2019-04-071-1/+1
| | | | From Michael Scovetta, PR #108
* whitespace consistencytb2019-04-051-1/+2
|
* Add SERVER_HELLO_RETRY statetb2019-04-051-1/+7
|
* I forgot to mark some targets as .PHONYtb2019-04-041-1/+5
|
* Use correct define.jsing2019-04-041-2/+2
|
* Enable GOST cipher selection test after libssl has been fixed.bluhm2019-03-281-6/+1
|
* Update regress following sigalgs changes.jsing2019-03-251-17/+1
|
* Fix typo in usage and comment.bluhm2019-03-213-6/+6
|
* Test that all supported TLS ciphers actually work. Establishbluhm2019-02-218-26/+308
| | | | | | connections between client and server implemented with LibreSSL or OpenSSL with a fixed cipher on each side. Check the used cipher in the session print out.
* one more error message that should go to stderrtb2019-02-131-2/+3
|
* getopt(3) returns int, not char. Fix type of ch variable to preventbluhm2019-02-112-6/+6
| | | | sign error during arm regress.
* Use malloc() and memcpy() the test X25519 x25519_peer_public value.jsing2019-02-031-3/+6
| | | | | | | Otherwise, if tlsext_keyshare_server_build() fails we call free with a pointer to static memory and bad things happen. Reported by bcook@
* zap a commented out line. 0RTT will need more thought thantb2019-01-271-2/+1
| | | | just uncommenting this.
* refactor and clean up the code generating dot output.tb2019-01-271-53/+76
|
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-03-20 05:11:41 +0000