summaryrefslogtreecommitdiff
path: root/src/regress/lib (follow)
Commit message (Collapse)AuthorAgeFilesLines
...
* Force TLSv1.2 when testing SSLv3/TLSv1.2 cipher suites.jsing2020-07-141-1/+1
| | | | Otherwise we end up switching to TLSv1.3 and using a TLSv1.3 cipher suite.
* Add a -tls1_2 option so we can force TLSv1.2 for testing.jsing2020-07-141-5/+9
|
* getopt(3) returns an int so don't use a char to store its return value.kettenis2020-07-142-4/+4
| | | | | | Makes the test work on architectures where char is unsigned. ok deraadt@, millert@
* New regression tests for integral type conversionsschwarze2020-07-092-2/+378
| | | | and for their modifiers, written from scratch.
* New regression tests for character and string conversionsschwarze2020-07-082-2/+445
| | | | and for their modifiers, written from scratch.
* Remove temporary RSA keys/callbacks code.jsing2020-07-071-43/+0
| | | | This was removed from libssl a very long time ago...
* Test TLSv1.3 ciphersuites now that TLS_method() supports TLSv1.3.jsing2020-07-071-0/+12
|
* Add support for timeconting in userland.pirofti2020-07-064-0/+140
| | | | | | | | | | | | | | | | | | | | | | | | | | This diff exposes parts of clock_gettime(2) and gettimeofday(2) to userland via libc eliberating processes from the need for a context switch everytime they want to count the passage of time. If a timecounter clock can be exposed to userland than it needs to set its tc_user member to a non-zero value. Tested with one or multiple counters per architecture. The timing data is shared through a pointer found in the new ELF auxiliary vector AUX_openbsd_timekeep containing timehands information that is frequently updated by the kernel. Timing differences between the last kernel update and the current time are adjusted in userland by the tc_get_timecount() function inside the MD usertc.c file. This permits a much more responsive environment, quite visible in browsers, office programs and gaming (apparently one is are able to fly in Minecraft now). Tested by robert@, sthen@, naddy@, kmos@, phessler@, and many others! OK from at least kettenis@, cheloha@, naddy@, sthen@
* Add a missing circular_init() call in the TLS ordering test.jsing2020-07-041-1/+3
| | | | | | | This makes the regress work correctly again - this was previously masked by the fact that tls_close() (and hence SSL_shutdown()) was draining the circular buffer, whereas now we're leaving data behind from a previous test, resulting in the ordering test failing.
* tlsexttest: pass message type to the extension functionstb2020-07-031-144/+144
| | | | ok beck jsing
* adjust alpn extension test to new argument ordertb2020-07-031-3/+3
|
* adjust tlsexttest to new argument ordertb2020-07-031-5/+5
|
* Provide an optimized implementation of ffs(3) in libc onnaddy2020-06-263-2/+26
| | | | | | aarch64/powerpc/powerpc64, making use of the count leading zeros instruction. Also add a brief regression test. ok deraadt@ kettenis@
* enable test-tls13-keyshare-omitted.pytb2020-06-241-5/+2
|
* Add test-ffdhe-expected-params.pytb2020-06-241-1/+2
|
* Enable lucky 13 test.tb2020-06-191-5/+2
|
* Add lucky13 and bleichenbacher-timing teststb2020-06-101-1/+7
|
* Implement a rolling hash of the ClientHello message, Enforce RFC 8446beck2020-06-061-2/+2
| | | | | | | | section 4.1.2 to ensure subsequent ClientHello messages after a HelloRetryRequest messages must be unchanged from the initial ClientHello. ok tb@ jsing@
* When X509_ATTRIBUTE_create() receives an invalid NID (e.g., -1), returnschwarze2020-06-042-5/+115
| | | | | | | | | | | failure rather than silently constructing a broken X509_ATTRIBUTE object that might cause NULL pointer accesses later on. This matters because X509_ATTRIBUTE_create() is used by documented API functions like PKCS7_add_attribute(3) and the NID comes straight from the user. This fixes a bug found while working on documentation. OK tb@ and "thanks" bluhm@
* Enable the record layer limits test and mark two finished test cases astb2020-06-031-5/+8
| | | | | xfail for now. Arguably, the expected decode_error is more appropriate than the decrypt_error that we send at the moment.
* Enable the test-tls13-zero-length-data.py test, skipping thetb2020-06-011-8/+10
| | | | three tests that fail due to a BIO_gets() bug.
* Enable test-dhe-rsa-key-exchange-with-bad-messages.pytb2020-06-011-4/+2
|
* Fix printing long doubles on architectures with hm and lm bits.mortimer2020-05-311-1/+9
| | | | | | Issue reported with initial patch by enh@google.com. ok deraadt@
* more tests after getopt_long.c rev. 1.32;schwarze2020-05-271-10/+43
| | | | OK martijn@
* Previous commit caught a few errx() cases by accident. undo them.tb2020-05-241-25/+25
|
* include newlines in FAIL messagestb2020-05-241-108/+108
|
* address some nits from jsingtb2020-05-241-7/+11
|
* The version detection doesn't work on bluhm's test machine, causingtb2020-05-241-3/+3
| | | | | | | the test to fail. Neuter it for now and just assume we do TLSv1.3. I have been intending to purge this version detection hack once I'm sure we can leave the 1.3 server enabled but I'll leave it here for now.
* Define REGRESS_TARGETS explicitly.tb2020-05-231-2/+4
|
* Enforce that SNI hostnames be correct as per rfc 6066 and 5980.beck2020-05-231-1/+79
| | | | | | | Correct SNI alerts to differentiate between illegal parameter and an unknown name. ok tb@`
* beck fixed most of the keyupdate tests. update annotationtb2020-05-211-3/+8
|
* hook tlsfuzzer to regresstb2020-05-211-1/+2
|
* Add a harness that runs tests from tlsfuzzertb2020-05-212-0/+781
| | | | | | | | | | | | | This currently runs 54 tests from the tlsfuzzer suite against the TLSv1.3 server which exercise a large portion of the code. They already found a number of bugs and misbehaviors and also inspired a few diffs currently in the pipeline. This regress requires the py3-tlsfuzzer package to be installed, otherwise the tests are skipped. Many thanks to kmos for helping with the ports side and to beck for his positive feedback. ok beck
* go fmt whitespace nittb2020-05-141-3/+3
|
* reinstate an error check that was commented out while waiting for armtb2020-05-141-5/+4
| | | | packages to appear
* move a #define after the last #include linetb2020-05-141-3/+3
|
* Add TLS versioning tests.jsing2020-05-131-2/+96
| | | | | This ensures that a TLSv1.0, TLSv1.1, TLSv1.2 or TLSv1.3 client can talk with an appropriately configured server and vice versa.
* Revise regress for TLSv1.3 server being enabled.jsing2020-05-114-14/+17
|
* Use tls_legacy_server_method() for SSLv2 record tests.jsing2020-05-112-5/+7
|
* Revise regress now that record overflows are propagated.jsing2020-05-111-2/+2
|
* Use a larger (2048 bit) RSA test key.jsing2020-05-041-1/+63
| | | | Otherwise we fail to do PSS signatures since the key size is too small.
* Fix out-of-bounds access in tables[][] that was exposed in bluhm'stb2020-05-041-6/+8
| | | | | | regress on i386 after inoguchi moved some symbols to const. ok inoguchi jsing deraadt
* Fix two bugs in the AES-CBC-PKCS5 tests that didn't hide failing tests:tb2020-04-271-3/+3
| | | | | 1. Use the correct slice for comparing the cipher output 2. Fix logic error similar to the one in AES-GCM in the previous commit
* Fix a logic error that hid the failing ZeroLengthIv tests.tb2020-04-271-3/+3
| | | | This issue was fixed in lib/libcrypto/evp/e_aes.c r1.40.
* Revise regress to match state transition changes.jsing2020-04-221-11/+13
|
* Update key share regress to match previous change.jsing2020-04-171-4/+4
|
* Revise test to handle the fact that TLSv1.3 cipher suites are now beingjsing2020-04-091-2/+4
| | | | included in the output from `openssl ciphers`.
* Test both SSLv3 (aka pre-TLSv1.2) and TLSv1.2 cipher suites with TLS.jsing2020-04-091-1/+1
|
* Re-enable the client test now that it passes again.jsing2020-04-061-2/+2
|
* Minor code improvements.jsing2020-04-061-3/+3
|
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-03-20 06:51:39 +0000