summaryrefslogtreecommitdiff
path: root/src/regress (follow)
Commit message (Collapse)AuthorAgeFilesLines
...
* zap trailing spacestb2022-07-191-2/+2
|
* Regenerate golden numbers due to RC4-MD5 now being disabled by default.tb2022-07-191-61/+58
|
* Revert accidental committb2022-07-181-2/+2
|
* Add comments to explain the magic numbers 57 and 58tb2022-07-182-3/+6
|
* Avoid sending the QUIC transport parameters extension now that wetb2022-07-181-4/+4
| | | | | | send an unsupported extension alert. Noted by anton
* Revise regress for QUIC transport parameters TLS extension.jsing2022-07-171-15/+32
|
* Revert previous. The added includes were already there. Duh.tb2022-07-161-4/+1
|
* Only run the client connection test with supported ciphers. Avoids testtb2022-07-141-2/+2
| | | | breakage also noted by anton.
* Enable Wycheproof primality tests.tb2022-07-132-4/+4
|
* The asn1time test no longer needs static linking.tb2022-07-121-4/+1
|
* Check that ASN1_{INTEGER,ENUMERATED}_get(NULL) return 0 as documented.tb2022-07-091-1/+22
|
* whitespacetb2022-07-081-3/+3
|
* Add to variables instead of overriding themtb2022-07-081-4/+4
|
* Add support for primality checkingtb2022-07-074-10/+218
| | | | | | | | | | | | | Project Wycheproof's primality_tests.json contain a set of 280 numbers that trigger edge cases in Miller-Rabin and related checks. libcrypto's Miller-Rabin test is known to be rather poor, hopefully we will soon see a diff on tech that improves on this. This extends the Go test in the usual way and also adds a perl script that allows testing on non-Go architectures. Deliberately not yet linked to regress since the tests are flaky with the current BN_is_prime_ex() implementatation.
* Use the security level knob in the test script.tb2022-07-071-2/+14
| | | | from beck
* Only run tests against ciphers supported by the method.tb2022-07-072-4/+28
|
* Add some minimal regress coverage for the security level.tb2022-07-071-1/+6
| | | | From beck
* Make the ssltest security level aware.tb2022-07-071-1/+9
| | | | From beck
* Switch ssltest to using the newly generated certs that use SHA-256 insteadtb2022-07-072-8/+6
| | | | | | of SHA-1. This helps the switch to security-level aware ssltest. From jsing
* cope with ASN1_TIME_set_string_X509() renameanton2022-07-051-3/+3
|
* Adjust to new tls1_ec_nid2group_id API.tb2022-07-021-7/+13
|
* Add valid time test from ruby regress, and check ASN1_time_to_tmbeck2022-06-301-1/+27
| | | | against recorded time value.
* add valid utc time that should fail to parse as generalizedbeck2022-06-301-2/+6
|
* Add tests for times missing seconds, and to be able to testbeck2022-06-301-3/+43
| | | | invalid generalized times specifically
* Add support for sending QUIC transport parametersbeck2022-06-291-1/+257
| | | | | | | | | | This is the start of adding the boringssl API for QUIC support, and the TLS extensions necessary to send and receive QUIC transport data. Inspired by boringssl's https://boringssl-review.googlesource.com/24464 ok jsing@ tb@
* Use relative paths so beck can run regress in his git tree and havetb2022-06-294-8/+12
| | | | the correct ssl_local.h etc be picked up.
* Botan 2.19.2 has removed support for the OpenSSL crypto provider.bluhm2022-06-282-24/+1
| | | | | | | It was incompatible with OpenSSL 3.0. Remove the regression test to check that LibreSSL crypto works with Botan tests. This is better than to keep an outdated Botan in ports. discussed with tb@ beck@
* Only asn1time needs to be static for now.tb2022-06-281-2/+4
|
* Make this regress test link staticly and use internal symbolsbeck2022-06-281-1/+2
| | | | so that it works and compiles during the tb@ pre-bump shuffle(tm).
* Fix the legacy verifier callback behaviour for untrusted certs.beck2022-06-282-2/+303
| | | | | | | | | | | | | | | | | | The verifier callback is used by mutt to do a form of certificate pinning where the callback gets fired and depending on a cert saved to a file will decide to accept an untrusted cert. This corrects two problems that affected this. The callback was not getting the correct depth and chain for the error where mutt would save the certificate in the first place, and then the callback was not getting fired to allow it to override the failing certificate validation. thanks to Avon Robertson <avon.r@xtra.co.nz> for the report and sthen@ for analysis. "The callback is not an API, it's a gordian knot - tb@" ok jsing@
* Add new time manipulation funcitons that OpenSSL has exposed thatbeck2022-06-271-2/+35
| | | | | | | | the world seems to be using. Symbols.list changes and exposure to wait for minor bump ok jsing@ jca@
* Fix URI name constraints, allow for URI's with no host part.beck2022-06-261-0/+26
| | | | | | | | | | | Such uri's must be parsed and allowed, but then should fail if a name constraint is present. Adds regress testing for this same case. fixes https://github.com/libressl-portable/openbsd/issues/131 ok tb@
* Move leaf certificate checks to the last thing after chain validation.beck2022-06-252-1/+285
| | | | | | | | While seemingly illogical and not what is done in Go's validator, this mimics OpenSSL's behavior so that callback overrides for the expiry of a certificate will not "sticky" override a failure to build a chain. ok jsing@
* Check pointer argument after {d2i,i2d}_ASN1_{BIT_STRING,BOOLEAN,INTEGER}()jsing2022-06-251-2/+46
|
* Add regress for ASN1_INTEGER_{get,set}_{u,}int64()jsing2022-06-251-1/+103
|
* Add regress for ASN1_INTEGER_cmp()jsing2022-06-251-1/+76
|
* Use dynamic linking correctly. bntest and bn_to_string need static linking.tb2022-06-231-3/+5
|
* Explicitly include fcntl.h and unistd.h for pipe2tb2022-06-221-1/+4
|
* Fix format strings for size_ttb2022-06-221-5/+5
|
* Fix format string: use %zu for size_t, not %lu.tb2022-06-221-3/+3
|
* Use uppercase for SUCCESS for consistencytb2022-06-191-2/+2
|
* None of these tests needs to link statically.tb2022-06-192-4/+4
|
* Drop bogus DPADD += ${LIBSSL}tb2022-06-193-7/+6
|
* Quick regression test that checks that BN_is_prime_fasttest_ex()tb2022-06-182-1/+97
| | | | | recognizes the primes in the primes[] table with and without trial division. Would have caught the bug fixed in bn_primes.c r1.9.
* Switch to using TLS_INT instead of handrolling ittb2022-06-151-3/+2
|
* More %i vs %d cleanuptb2022-06-107-20/+20
|
* Fix format strings: change %i, %li, %lli to %d, %ld, %lld and switch totb2022-06-071-18/+18
| | | | | %zu for master_key_length, session_id_length and sid_ctx_length, which are now size_t.
* Minor tweaks to psk modes regresstb2022-06-061-3/+3
|
* move the calls to psk kex modes tests down to match order in ssl_tlsext.ctb2022-06-051-4/+4
|
* Add regress coverage for PSK kex modes tlsext handlers.tb2022-06-051-2/+210
|
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-03-19 20:29:07 +0000