summaryrefslogtreecommitdiff
path: root/src/regress/lib/libssl (follow)
Commit message (Collapse)AuthorAgeFilesLines
...
* Add openssl 3.0 interop teststb2023-01-275-12/+70
| | | | | | | | | | The plan is to retire the 1.0.2 interop tests soon so as to be able to drop the dead and dangerous OpenSSL 1.0.2 port. The cert part is extremely slow on arm64: the whole interop test on an m1 is about 10x slower (~45 min!) than on a modern amd64 laptop, so people running regress may want to wait a bit with adding OpenSSL 3 to their test boxes until this is sorted out.
* tlsfuzzer: hook up new connection abort tests while skipping the NSTtb2023-01-061-1/+5
| | | | tests for TLSv1.3 since that's not currently handled.
* Add explicit LL suffixes to large constants to appease some compilers onmiod2023-01-011-3/+3
| | | | 32-bit systems.
* Revise cipher list regress coverage of SSL_set_security_level().jsing2022-12-171-21/+43
| | | | | | | A SSL_set_security_level() call was added to the cipher list regress, which expects a failure - however, it should succeed and fails for a completely unrelated reason. Rework this regress so that it actually passes and tests for the expected behaviour.
* Unbreak rust-openssl-tests on sparc64tb2022-12-051-8/+4
| | | | | For the test compilation using the CC crate, base clang is good enough, so we don't need to pull in another heavy dependency just for this test.
* zap weird spaces $EDITOR added in previoustb2022-12-041-2/+2
|
* skip rust-openssl-tests on sparc64tb2022-12-031-3/+17
| | | | | | | | The issue is likely that the build is trying to compile some generated C code with the prehistoric gcc from base, so add a tentative workaround for that. Since I don't currently have access to a sparc64 box where I could validate this easily and check if the workaround is enough, let's not waste lots of cycles on this.
* regres/libssl/unit: simplify Makefiletb2022-12-021-20/+10
|
* Use regress framework rather than handrolling ittb2022-12-021-12/+1
|
* Refrain from printing SUCCESS in some of my teststb2022-12-012-8/+2
| | | | Silence is good. On failure, the regress framework will make it clear.
* Make internal header file names consistenttb2022-11-2611-22/+22
| | | | | | | | | | | | | | | | Libcrypto currently has a mess of *_lcl.h, *_locl.h, and *_local.h names used for internal headers. Move all these headers we inherited from OpenSSL to *_local.h, reserving the name *_internal.h for our own code. Similarly, move dtls_locl.h and ssl_locl.h to dtls_local and ssl_local.h. constant_time_locl.h is moved to constant_time.h since it's special. Adjust all .c files in libcrypto, libssl and regress. The diff is mechanical with the exception of tls13_quic.c, where #include <ssl_locl.h> was fixed manually. discussed with jsing, no objection bcook
* Add regress coverage for TLS exporters.jsing2022-11-053-1/+677
|
* dtlstest: Ensure the timeouts are at least 10 ms. This makes these teststb2022-10-261-1/+7
| | | | | | a bit less flaky if the machine is otherwise under load. from jsing
* tlsexttest.c: make various static structs consttb2022-10-211-19/+19
|
* quic tlsext tests: use byte vector in place of stringtb2022-10-211-10/+8
| | | | | | | While this doesn't actually change anything, it should appease Coverity. CID 358678 CID 358679
* Link rust-openssl to regresstb2022-10-201-1/+2
|
* Provide a harness driving rust-openssl's regress teststb2022-10-203-0/+62
| | | | | | | | | | | | | | | rust-openssl is an integral part of the Rust ecosystem and more than a dozen ports, including lang/rust itself, depend on it. We need to ensure that it keeps working with LibreSSL. If the rust and rust-openssl-tests packages are installed, create a cargo workspace under obj/ that compiles and runs the rust-openssl regress tests much like what is done for the openssl-ruby tests. This expands our regress coverage: for instance, this would have caught the broken ASN.1 indefinite length encoding caused by asn1/tasn_enc.c r1.25. Positive feedback beck jsing semarie Testing and ok anton
* Dynamically link libssl for QUIC regress.jsing2022-10-021-2/+2
| | | | Now that the QUIC API is public, we can stop linking this statically.
* Remove unused headers.jsing2022-10-021-5/+1
|
* Revise for SSL_CTX_INTERNAL and SSL_INTERNAL removal.jsing2022-10-025-68/+66
|
* Wire up QUIC regress.jsing2022-08-271-1/+2
|
* Add regress for QUIC.jsing2022-08-272-0/+358
| | | | | This exercises the libssl QUIC implementation and completes a TLS handshake using the SSL_QUIC_METHOD interface.
* Revise regress now that SSL_QUIC_METHOD exists.jsing2022-08-211-4/+6
|
* fix error messagetb2022-08-051-2/+2
|
* Use the FAIL macro instead of fprintf(stderr, "FAIL: ...\n");tb2022-08-051-10/+10
|
* Make the bogokey[] global static const.tb2022-08-051-7/+8
|
* Move CBB_init() to a consistent place.tb2022-08-051-10/+10
|
* Consistently initialize failure to 1 at the top of the function andtb2022-08-051-76/+62
| | | | clear it right before the done label.
* Consistently check for CBB_init() failure.tb2022-08-051-45/+89
|
* Remove most of the indirection introduced in previous and instead fetchtb2022-08-051-400/+339
| | | | | | | the appropriate tls_extension_funcs pointers for client and server from libssl and reach into them directly. ok jsing
* Add some glue to fetch the tlsext functions from the tls_extensions[]tb2022-08-041-190/+440
| | | | table rather than calling the functions directly.
* Extend TLS buffer regress to cover read/write usage.jsing2022-07-221-13/+219
|
* Make test table based, extend it a littletb2022-07-211-69/+117
|
* link ssl_set_alpn_protos to regresstb2022-07-201-1/+2
|
* Add a quick and dirty regress for SSL{_CTX,}_set_alpn_protos()tb2022-07-201-0/+156
|
* zap trailing spacestb2022-07-191-2/+2
|
* Regenerate golden numbers due to RC4-MD5 now being disabled by default.tb2022-07-191-61/+58
|
* Revert accidental committb2022-07-181-2/+2
|
* Add comments to explain the magic numbers 57 and 58tb2022-07-182-3/+6
|
* Avoid sending the QUIC transport parameters extension now that wetb2022-07-181-4/+4
| | | | | | send an unsupported extension alert. Noted by anton
* Revise regress for QUIC transport parameters TLS extension.jsing2022-07-171-15/+32
|
* Use the security level knob in the test script.tb2022-07-071-2/+14
| | | | from beck
* Only run tests against ciphers supported by the method.tb2022-07-072-4/+28
|
* Add some minimal regress coverage for the security level.tb2022-07-071-1/+6
| | | | From beck
* Make the ssltest security level aware.tb2022-07-071-1/+9
| | | | From beck
* Switch ssltest to using the newly generated certs that use SHA-256 insteadtb2022-07-072-8/+6
| | | | | | of SHA-1. This helps the switch to security-level aware ssltest. From jsing
* Adjust to new tls1_ec_nid2group_id API.tb2022-07-021-7/+13
|
* Add support for sending QUIC transport parametersbeck2022-06-291-1/+257
| | | | | | | | | | This is the start of adding the boringssl API for QUIC support, and the TLS extensions necessary to send and receive QUIC transport data. Inspired by boringssl's https://boringssl-review.googlesource.com/24464 ok jsing@ tb@
* Use relative paths so beck can run regress in his git tree and havetb2022-06-294-8/+12
| | | | the correct ssl_local.h etc be picked up.
* More %i vs %d cleanuptb2022-06-107-20/+20
|
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-09-07 05:00:55 +0000