summaryrefslogtreecommitdiff
path: root/src/regress (follow)
Commit message (Collapse)AuthorAgeFilesLines
...
* New regression tests for integral type conversionsschwarze2020-07-092-2/+378
| | | | and for their modifiers, written from scratch.
* New regression tests for character and string conversionsschwarze2020-07-082-2/+445
| | | | and for their modifiers, written from scratch.
* Remove temporary RSA keys/callbacks code.jsing2020-07-071-43/+0
| | | | This was removed from libssl a very long time ago...
* Test TLSv1.3 ciphersuites now that TLS_method() supports TLSv1.3.jsing2020-07-071-0/+12
|
* Add support for timeconting in userland.pirofti2020-07-064-0/+140
| | | | | | | | | | | | | | | | | | | | | | | | | | This diff exposes parts of clock_gettime(2) and gettimeofday(2) to userland via libc eliberating processes from the need for a context switch everytime they want to count the passage of time. If a timecounter clock can be exposed to userland than it needs to set its tc_user member to a non-zero value. Tested with one or multiple counters per architecture. The timing data is shared through a pointer found in the new ELF auxiliary vector AUX_openbsd_timekeep containing timehands information that is frequently updated by the kernel. Timing differences between the last kernel update and the current time are adjusted in userland by the tc_get_timecount() function inside the MD usertc.c file. This permits a much more responsive environment, quite visible in browsers, office programs and gaming (apparently one is are able to fly in Minecraft now). Tested by robert@, sthen@, naddy@, kmos@, phessler@, and many others! OK from at least kettenis@, cheloha@, naddy@, sthen@
* Add a missing circular_init() call in the TLS ordering test.jsing2020-07-041-1/+3
| | | | | | | This makes the regress work correctly again - this was previously masked by the fact that tls_close() (and hence SSL_shutdown()) was draining the circular buffer, whereas now we're leaving data behind from a previous test, resulting in the ordering test failing.
* tlsexttest: pass message type to the extension functionstb2020-07-031-144/+144
| | | | ok beck jsing
* adjust alpn extension test to new argument ordertb2020-07-031-3/+3
|
* adjust tlsexttest to new argument ordertb2020-07-031-5/+5
|
* Provide an optimized implementation of ffs(3) in libc onnaddy2020-06-263-2/+26
| | | | | | aarch64/powerpc/powerpc64, making use of the count leading zeros instruction. Also add a brief regression test. ok deraadt@ kettenis@
* enable test-tls13-keyshare-omitted.pytb2020-06-241-5/+2
|
* Add test-ffdhe-expected-params.pytb2020-06-241-1/+2
|
* Enable lucky 13 test.tb2020-06-191-5/+2
|
* Add lucky13 and bleichenbacher-timing teststb2020-06-101-1/+7
|
* Implement a rolling hash of the ClientHello message, Enforce RFC 8446beck2020-06-061-2/+2
| | | | | | | | section 4.1.2 to ensure subsequent ClientHello messages after a HelloRetryRequest messages must be unchanged from the initial ClientHello. ok tb@ jsing@
* When X509_ATTRIBUTE_create() receives an invalid NID (e.g., -1), returnschwarze2020-06-042-5/+115
| | | | | | | | | | | failure rather than silently constructing a broken X509_ATTRIBUTE object that might cause NULL pointer accesses later on. This matters because X509_ATTRIBUTE_create() is used by documented API functions like PKCS7_add_attribute(3) and the NID comes straight from the user. This fixes a bug found while working on documentation. OK tb@ and "thanks" bluhm@
* Enable the record layer limits test and mark two finished test cases astb2020-06-031-5/+8
| | | | | xfail for now. Arguably, the expected decode_error is more appropriate than the decrypt_error that we send at the moment.
* Enable the test-tls13-zero-length-data.py test, skipping thetb2020-06-011-8/+10
| | | | three tests that fail due to a BIO_gets() bug.
* Enable test-dhe-rsa-key-exchange-with-bad-messages.pytb2020-06-011-4/+2
|
* Fix printing long doubles on architectures with hm and lm bits.mortimer2020-05-311-1/+9
| | | | | | Issue reported with initial patch by enh@google.com. ok deraadt@
* Add checks for SH downgrade sentinel and HRR hash in appstest.shinoguchi2020-05-291-1/+27
|
* more tests after getopt_long.c rev. 1.32;schwarze2020-05-271-10/+43
| | | | OK martijn@
* Previous commit caught a few errx() cases by accident. undo them.tb2020-05-241-25/+25
|
* include newlines in FAIL messagestb2020-05-241-108/+108
|
* address some nits from jsingtb2020-05-241-7/+11
|
* The version detection doesn't work on bluhm's test machine, causingtb2020-05-241-3/+3
| | | | | | | the test to fail. Neuter it for now and just assume we do TLSv1.3. I have been intending to purge this version detection hack once I'm sure we can leave the 1.3 server enabled but I'll leave it here for now.
* Define REGRESS_TARGETS explicitly.tb2020-05-231-2/+4
|
* Enforce that SNI hostnames be correct as per rfc 6066 and 5980.beck2020-05-231-1/+79
| | | | | | | Correct SNI alerts to differentiate between illegal parameter and an unknown name. ok tb@`
* beck fixed most of the keyupdate tests. update annotationtb2020-05-211-3/+8
|
* hook tlsfuzzer to regresstb2020-05-211-1/+2
|
* Add a harness that runs tests from tlsfuzzertb2020-05-212-0/+781
| | | | | | | | | | | | | This currently runs 54 tests from the tlsfuzzer suite against the TLSv1.3 server which exercise a large portion of the code. They already found a number of bugs and misbehaviors and also inspired a few diffs currently in the pipeline. This regress requires the py3-tlsfuzzer package to be installed, otherwise the tests are skipped. Many thanks to kmos for helping with the ports side and to beck for his positive feedback. ok beck
* Add -status and -servername test for s_server and s_client in appstest.shinoguchi2020-05-191-1/+3
|
* Add -groups test for s_server and s_client in appstest.shinoguchi2020-05-191-3/+17
|
* Add client certificate test in appstest.shinoguchi2020-05-181-2/+89
|
* Rename variables for key, csr, pass, certinoguchi2020-05-181-85/+85
|
* Add GOST certificate test in appstest.shinoguchi2020-05-171-26/+107
| | | | Enabled by -g option, and default to disabled (RSA certificate is used)
* Suppress display output and reduce s_time to 1 sec in appstest.shinoguchi2020-05-171-28/+38
|
* Fix server client test with TLSv1.3 in appstest.shinoguchi2020-05-171-20/+27
|
* Factor out session reuse test and verification testinoguchi2020-05-151-56/+74
|
* Factor out the test for all available ciphers and add TLSv1.3 caseinoguchi2020-05-151-46/+61
|
* Add ECDSA certificate test in appstest.shinoguchi2020-05-151-8/+71
| | | | Enabled by -e option, and default to disabled (RSA certificate is used)
* go fmt whitespace nittb2020-05-141-3/+3
|
* reinstate an error check that was commented out while waiting for armtb2020-05-141-5/+4
| | | | packages to appear
* move a #define after the last #include linetb2020-05-141-3/+3
|
* Skip protocol version message check in appstest.shinoguchi2020-05-141-10/+15
| | | | | - OpenSSL1.1.1 with TLSv1.3 does not call SSL_SESSION_print() until NewSessionTicket arrival - Shorten function name
* Factor out the protocol version test in appstest.shinoguchi2020-05-141-49/+26
| | | | OTHER_OPENSSL default to eopenssl11
* Add TLS versioning tests.jsing2020-05-131-2/+96
| | | | | This ensures that a TLSv1.0, TLSv1.1, TLSv1.2 or TLSv1.3 client can talk with an appropriately configured server and vice versa.
* Revise regress for TLSv1.3 server being enabled.jsing2020-05-114-14/+17
|
* Use tls_legacy_server_method() for SSLv2 record tests.jsing2020-05-112-5/+7
|
* Revise regress now that record overflows are propagated.jsing2020-05-111-2/+2
|
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-03-19 20:29:19 +0000