| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
| |
This verifies that we put PSK always last and that the Apache 2 special
does what it is supposed to do. There is also some weak validation of
the Fisher-Yates shuffle that will likely catch errors introduced in
tlsext_randomize_build_order()
|
| |
|
|
|
| |
TLS extensions (this involves unrandomizing the extension order
for the tests that rely on golden numbers.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
A few years back beck introduced REGRESS_SKIP_SLOW dances with the idea
that this should speed up the interop tests for us devs because this also
checked interop between opensslX and opensslY, which we don't particularly
care about. This never really worked. On a mac m1 mini the result is this:
REGRESS_SKIP_SLOW unset
9m56.69s real 3m42.24s user 3m00.70s system
REGRESS_SKIP_SLOW=yes
11m04.61s real 7m29.61s user 1m40.29s system
The problem is that REGRESS_SKIP_SLOW simply wasn't designed to handle
the huge number of tests we have here. There are many nested .for loops
resulting in several thousand tests. Each test has a name of length ~80.
REGRESS_SKIP_SLOW concatenates them into a several hundred kilobytes
long string in REGRESS_SKIP_TARGETS, iterates over all regress targets and
tests with ".if ${REGRESS_SKIP_TARGETS:M${RT}}" if it should skip them.
This means that during a regress run, make spends a lot of time linearly
scanning a huge string.
I ran into this when I added OpenSSL 3.0 tests to the already existing
1.0.2 and 1.1 tests with the result that with REGRESS_SLOW_TARGTS set
it took the better part of an hour while without it it took about 15 min.
The hack here is simply to avoid using REGRESS_SLOW_TARGTES here and
handle the situation differently.
patch, REGRESS_SKIP_SLOW=yes
5m42.32s real 2m09.98s user 1m45.21s system
The real solution would be to fix this in bsd.regress.mk, which someone
who understands make well is very welcome to do. For now, I'm happy with
this.
Debugged with jsing a few months ago
|
| |
|
|
| |
Hopefully that is all. What an absolutely horrid mess.
|
| | |
|
| |
|
|
| |
SSL_set_session() should really be called SSL_set1_session()...
|
| | |
|
| |
|
|
| |
ok jsing@
|
| | |
|
| | |
|
| | |
|
| |
|
|
| |
for some reason.
|
| |
|
|
|
|
| |
Now that the OpenSSL 1.0.2 port is gone, there's no need to keep the
interop tests anymore. anton's and bluhm's regress tests will switch
to testing interoperability with OpenSSL 3.0.
|
| |
|
|
|
|
|
|
|
|
| |
The plan is to retire the 1.0.2 interop tests soon so as to be able to
drop the dead and dangerous OpenSSL 1.0.2 port.
The cert part is extremely slow on arm64: the whole interop test on an m1
is about 10x slower (~45 min!) than on a modern amd64 laptop, so people
running regress may want to wait a bit with adding OpenSSL 3 to their test
boxes until this is sorted out.
|
| |
|
|
| |
tests for TLSv1.3 since that's not currently handled.
|
| |
|
|
| |
32-bit systems.
|
| |
|
|
|
|
|
| |
A SSL_set_security_level() call was added to the cipher list regress, which
expects a failure - however, it should succeed and fails for a completely
unrelated reason. Rework this regress so that it actually passes and tests
for the expected behaviour.
|
| |
|
|
|
| |
For the test compilation using the CC crate, base clang is good enough,
so we don't need to pull in another heavy dependency just for this test.
|
| | |
|
| |
|
|
|
|
|
|
| |
The issue is likely that the build is trying to compile some generated
C code with the prehistoric gcc from base, so add a tentative workaround
for that. Since I don't currently have access to a sparc64 box where I
could validate this easily and check if the workaround is enough, let's
not waste lots of cycles on this.
|
| | |
|
| | |
|
| |
|
|
| |
Silence is good. On failure, the regress framework will make it clear.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Libcrypto currently has a mess of *_lcl.h, *_locl.h, and *_local.h names
used for internal headers. Move all these headers we inherited from
OpenSSL to *_local.h, reserving the name *_internal.h for our own code.
Similarly, move dtls_locl.h and ssl_locl.h to dtls_local and ssl_local.h.
constant_time_locl.h is moved to constant_time.h since it's special.
Adjust all .c files in libcrypto, libssl and regress.
The diff is mechanical with the exception of tls13_quic.c, where
#include <ssl_locl.h> was fixed manually.
discussed with jsing,
no objection bcook
|
| | |
|
| |
|
|
|
|
| |
a bit less flaky if the machine is otherwise under load.
from jsing
|
| | |
|
| |
|
|
|
|
|
| |
While this doesn't actually change anything, it should appease Coverity.
CID 358678
CID 358679
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
rust-openssl is an integral part of the Rust ecosystem and more than a
dozen ports, including lang/rust itself, depend on it. We need to ensure
that it keeps working with LibreSSL.
If the rust and rust-openssl-tests packages are installed, create a cargo
workspace under obj/ that compiles and runs the rust-openssl regress tests
much like what is done for the openssl-ruby tests. This expands our regress
coverage: for instance, this would have caught the broken ASN.1 indefinite
length encoding caused by asn1/tasn_enc.c r1.25.
Positive feedback beck jsing semarie
Testing and ok anton
|
| |
|
|
| |
Now that the QUIC API is public, we can stop linking this statically.
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
| |
This exercises the libssl QUIC implementation and completes a TLS handshake
using the SSL_QUIC_METHOD interface.
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| |
|
|
| |
clear it right before the done label.
|
| | |
|
| |
|
|
|
|
|
| |
the appropriate tls_extension_funcs pointers for client and server from
libssl and reach into them directly.
ok jsing
|
| |
|
|
| |
table rather than calling the functions directly.
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
