| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* Improve client certificate selection to allow EC certificates
instead of only RSA certificates.
* Do not error out if a TLSv1.3 server requests an OCSP response as
part of a certificate request.
* Fix SSL_shutdown behavior to match the legacy stack. The previous
behaviour could cause a hang.
* Fix a memory leak and add a missing error check in the handling of
the key update message.
* Fix a memory leak in tls13_record_layer_set_traffic_key.
* Avoid calling freezero with a negative size if a server sends a
malformed plaintext of all zeroes.
* Ensure that only PSS may be used with RSA in TLSv1.3 in order
to avoid using PKCS1-based signatures.
* Add the P-521 curve to the list of curves supported by default
in the client.
This is errata/6.7/019_libssl.patch.sig
|
| |
|
|
| |
Otherwise we fail to do PSS signatures since the key size is too small.
|
| |
|
|
|
|
| |
regress on i386 after inoguchi moved some symbols to const.
ok inoguchi jsing deraadt
|
| |
|
|
|
| |
1. Use the correct slice for comparing the cipher output
2. Fix logic error similar to the one in AES-GCM in the previous commit
|
| |
|
|
| |
This issue was fixed in lib/libcrypto/evp/e_aes.c r1.40.
|
| | |
|
| | |
|
| |
|
|
| |
included in the output from `openssl ciphers`.
|
| | |
|
| | |
|
| | |
|
| |
|
|
| |
This allows the test to pass again.
|
| | |
|
| |
|
|
|
|
| |
First check the client random against the zeroed value, then zero the
client random in the client hello, before comparing with the golden value.
This makes failures more obvious and the test code more readable.
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
| |
and a compact test suite for getopt(3) intended automated regression
testing, both written from scratch.
The suite is intended to provide full coverage, except that it doesn't
test manual changes of optind and optreset and except that it so far
avoids the situation where we have a known bug.
|
| | |
|
| |
|
|
| |
crossing a byte boundary.
|
| | |
|
| | |
|
| | |
|
| | |
|
| |
|
|
| |
ok bcook@ tb@
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
- Don't remove multi line CR/LF from bt->out when NL mode
base64_encoding_test removes CR/LF from bt->out to compare with the encoding
result. This is fine with NO NL mode, but it goes wrong with NL mode if
encoding result is larger than 64 and multi line, like below.
"eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4\neHh4eHh4eHh4eHh4\n"
- Use memcpy instead of asprintf to avoid lost '\0' at the end of data
This test data loses trailing '\0' if using asprintf.
"\x61\x47\x56\x73\x62\x47\x38\x3d\x0a\x00"
- Print original data if decoding result comparison fails
This change is not for importing test data, but I just notice.
It prints bt->out if fail to memcmp bt->in with decoding result.
ok bcook@ tb@
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
some errx lines in if statements were terminated with commas, which
caused the following statement to be considered part of the error
handling. while it is bad style, ingo points out it was also a bug
which which caused some tests in the code to be skipped.
this reminds me of a haiku that Chris Pascoe (cpascoe@) had behind
his desk:
Also, that comma
Should be a semi-colon.
Cherry blossoms fall.
this was found by Robert Mustacchi when porting the tests to illumos.
ok schwarze@ stsp@
thank you robert.
|
| | |
|
| |
|
|
|
|
| |
when <unistd.h> is included;
patch from Jan Stary <hans at stare dot cz>;
OK millert
|
| | |
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
| |
Note that the last test triggers a kernel bug related to waitpid(9) and
ptraced processes. This is now visible thanks to recent make(1) changes.
guenther@ suggests to look at the logic behind `p_orphan' in FreeBSD to
fix this bug.
|
| |
|
|
|
| |
4672ff74d68766e7785c2cac4c597effccef2c5c have a zero byte prepended.
Run the secp224k1 ECDH tests and adjust this if needed.
|
| |
|
|
| |
in OpenSSL's test suite.
|
| | |
|
| |
|
|
| |
Test vectors taken from OpenSSL 1.1.1d (under OpenSSL's old license).
|
| |
|
|
|
|
|
|
| |
The libressl TLSv1.3 client and server currently lack client certificate
authentication support and this test expects all clients can auth with
all servers.
We can likely turn this back on in the near future.
|
| | |
|
| |
|
|
|
|
|
|
|
|
| |
These make far too many assumptions about cipher suites - TLSv1.3 cipher
suites can only be used with TLSv1.3 and there is tests using TLSv1.3
cipher suites with TLSv1.2 will not work. Likewise, expecting TLSv1.2
cipher suites to work with TLSv1.3 is futile. Additionally, eopenssl11
lists TLSv1.3 cipher suites with different names to libressl.
Futher work will be necessary before this can be re-enabled.
|
| |
|
|
|
| |
This can potentially be improved by adding knowledge about which libraries
support which versions and handle differences between clients and servers.
|
| |
|
|
| |
This is now talking over TLSv1.3 and needs session support.
|
| |
|
|
|
|
|
| |
The golden values have changed due to TLSv1.3 and will likely change more
in the near future. This will be updated and re-enabled when things settle.
Discussed with beck@
|
| |
|
|
| |
hello tests.
|
| | |
|
| |
|
|
|
| |
Use exit code 2 for setup failure and 1 for test fail. Unfortunately
this regress is still failing.
|
| | |
|
| |
|
|
| |
printable error message when failing.
|
| | |
|
| |
|
|
| |
potential problems. Regress still failing on amd64.
|
