summaryrefslogtreecommitdiff
path: root/src/regress (follow)
Commit message (Collapse)AuthorAgeFilesLines
...
* Several improvements required for <openssl/bn.h>:schwarze2022-11-231-26/+39
| | | | | | | | | | * List internal constants and types that are intentionally undocumented. * List unused constants and types that are intentionally undocumented. * Cope with intentionally undocumented identifiers being declared more than once (in this case, because of #if and #else). * Require exact matches for man -k searches (in this case, such that BN_BITS does not match BN_BITS2). * Handle the weird BN_ULONG, which is #define'd instead of using typedef.
* Make a stupid compiler on a stupid OS happy.tb2022-11-231-1/+2
| | | | from bcook
* bn_unit: appease coveritytb2022-11-231-2/+6
| | | | | | | Apparently, the '0' in memset(a, '0', size - 1); could be a typo for '\0'. Randomize the decimal digit to make the intent clear. CID 377009
* asn1_string_to_utf8 test: appease coveritytb2022-11-231-2/+8
| | | | | | | | | | Check for ASN_STRING_to_UTF8() failure before checking it matches our expectations. This should convey clearly that test->want_len is never negative. CID 377011 Diagnosed by jsing
* Neuter getrlimit dance, it's not portable enough. Stupid Windows.tb2022-11-231-14/+4
|
* Fix inconsequential copy-paste errortb2022-11-231-3/+3
| | | | CID 377010
* Plug leaks spotted by ASAN CItb2022-11-221-1/+3
|
* Remove comment obsoleted by API change (and r1.3)tb2022-11-221-2/+1
|
* ed25519 test: make the testvectors table consttb2022-11-221-4/+4
|
* simplify makefileanton2022-11-221-8/+2
|
* Be more helpful and provide details on what the time conversion testsanton2022-11-221-9/+6
| | | | | | need in order to run. Also, output the expected SKIPPED string as dictated by bsd.regress.mk.
* Tweak a printf.tb2022-11-221-3/+3
|
* Add a unit test that crashes without bn_print.c r1.34.tb2022-11-222-1/+95
|
* zap a stray semicolontb2022-11-181-2/+2
|
* Avoid a few unnecessary contortionstb2022-11-171-35/+12
| | | | | Turns out that after ~40 years of practice I still can't do addition with carry correctly :S
* Use a fixed-size array for the message and simplify a few other curlytb2022-11-171-14/+16
| | | | things.
* Add initial Wycheproof EdDSA test coveragetb2022-11-171-1/+111
|
* Add a regression test for curve25519.c r1.14tb2022-11-171-2/+132
| | | | | | | | Generate random signatures of random messages and verify them. Then check that the signature modified by adding the edwards25519 group order to the upper half are rejected. This would not always be accepted without the check in curve25519.c r1.14, but often enough that a few iterations suffice to expose the missing check.
* Remove an outdated TODOtb2022-11-161-4/+1
|
* Start CBS-ifying the name constraints code.beck2022-11-112-34/+52
| | | | ok jsing@ tb@
* Add regress coverage for Ed25519 and X25519 EVP interfaces.jsing2022-11-102-2/+838
|
* Remove obsolete function, struct, and macro namesschwarze2022-11-101-5/+0
| | | | | | | | | | that tb@ removed from asn1.h on January 14: rev. 1.58: ASN1_CTX ASN1_const_CTX rev. 1.60: ASN1_OBJECT_FLAG_CRITICAL ASN1_OBJECT_FLAG_DYNAMIC rev. 1.60: ASN1_OBJECT_FLAG_DYNAMIC_DATA ASN1_OBJECT_FLAG_DYNAMIC_STRINGS rev. 1.61: NETSCAPE_X509 NETSCAPE_X509_free NETSCAPE_X509_new rev. 1.61: d2i_NETSCAPE_X509 i2d_NETSCAPE_X509
* Use /tmp as opposed of /var/tmp as the default directory for temporaryanton2022-11-101-2/+2
| | | | files.
* Remove prime_t remnant and link bn_primes test staticallytb2022-11-092-3/+4
|
* Add tests for boundary conditions of struct tm.beck2022-11-091-1/+125
| | | | Struct tm is limited by it's year being an int.
* Revise ED25519 regress following API changes.jsing2022-11-091-25/+5
|
* Add some regress coverage for EVP_PKEY_METHOD.jsing2022-11-091-3/+40
|
* Add some regress coverage for EVP_PKEY_ASN1_METHODjsing2022-11-092-2/+118
|
* Remove unnecessary sizeofjoshua2022-11-092-6/+6
| | | | ok jsing@ tb@
* Wrap long linesjoshua2022-11-071-3/+5
| | | | ok jsing@
* Move variables above codejoshua2022-11-071-18/+18
| | | | ok jsing@
* Link aes/ to regressjoshua2022-11-071-1/+2
|
* Add regress coverage for AESjoshua2022-11-072-0/+986
| | | | ok tb@
* Fix whitespace. Looks like I was a pig 3 years ago...tb2022-11-071-205/+205
|
* Add regress for Ed25519.jsing2022-11-062-4/+409
| | | | From tb@
* Replace existing Blowfish regress testsjoshua2022-11-063-515/+1370
| | | | ok tb@ jsing@
* Enable time_conversion regress testsbeck2022-11-061-1/+2
|
* Add a bunch of regression tests for time conversion.beck2022-11-062-0/+1736
| | | | | | | | | | | | This regression tests time conversion across various limits, leap seconds, and daylight transistions. gmtime_r, localtime_r, timegm, and mktime are tested against themselves and expected outputs. It requires the "posix" and "right" zoneinfo to be installed on the test running machine in order to access testable time zones. If those are not present the test is skipped successfully with a warning.
* Add regress coverage for TLS exporters.jsing2022-11-053-1/+677
|
* The previous commit message out to say this:kn2022-10-301-1/+1
| | | | | | | | | | | --- Fix sparc64 build cc1: warnings being treated as errors .../constraints.c: In function 'test_constraints1': .../constraints.c:451: warning: ISO C90 forbids mixed declarations and code Fix RCS ID while here.
* /* $OpenBSD: $ */kn2022-10-301-2/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | /* * Copyright (c) 2020 Bob Beck <beck@openbsd.org> * * Permission to use, copy, modify, and distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ #include <err.h> #include <string.h> #include <openssl/safestack.h> #include <openssl/x509.h> #include <openssl/x509v3.h> #include "x509_internal.h" #define FAIL(msg, ...) \ do { \ fprintf(stderr, "[%s:%d] FAIL: ", __FILE__, __LINE__); \ fprintf(stderr, msg, ##__VA_ARGS__); \ } while(0) unsigned char *valid_hostnames[] = { "openbsd.org", "op3nbsd.org", "org", "3openbsd.com", "3-0penb-d.c-m", "a", "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa.com", "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa." "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa." "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa." "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", "open_bsd.org", /* because this is liberal */ NULL, }; unsigned char *valid_sandns_names[] = { "*.ca", "*.op3nbsd.org", "c*.openbsd.org", "foo.*.d*.c*.openbsd.org", NULL, }; unsigned char *valid_domain_constraints[] = { "", ".ca", ".op3nbsd.org", ".aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa." "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa." "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa." "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", "www.openbsd.org", NULL, }; unsigned char *valid_mbox_names[] = { "\"!#$%&\\\"*+-/=?\002^_`{|}~.\"@openbsd.org", "beck@openbsd.org", "beck@openbsd.org", "beck@op3nbsd.org", "beck@org", "beck@3openbsd.com", "beck@3-0penb-d.c-m", "bec@a", "beck@aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa.com", "beck@aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa." "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa." "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa." "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", "beck@open_bsd.org", /* because this is liberal */ NULL, }; unsigned char *invalid_hostnames[] = { "openbsd.org.", "openbsd..org", "openbsd.org-", "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa.com", "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa." "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa." "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa." "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa.a", "-p3nbsd.org", "openbs-.org", "openbsd\n.org", "open\178bsd.org", "open\255bsd.org", "*.openbsd.org", NULL, }; unsigned char *invalid_sandns_names[] = { "", ".", "*.a", "*.", "*.aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa.com", ".aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa." "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa." "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa." "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa.a", "*.-p3nbsd.org", "*.*..openbsd.org", "*..openbsd.org", ".openbsd.org", "c*c.openbsd.org", NULL, }; unsigned char *invalid_mbox_names[] = { "beck@aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa.com", "beck@aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa." "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa." "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa." "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa.a", "beck@.-openbsd.org", "beck@.openbsd.org.", "beck@.a", "beck@.", "beck@", "beck@.ca", "@openbsd.org", NULL, }; unsigned char *invalid_domain_constraints[] = { ".", ".a", "..", ".aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa.com", ".aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa." "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa." "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa." "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa.a", ".-p3nbsd.org", "..openbsd.org", NULL, }; unsigned char *invaliduri[] = { "https://-www.openbsd.org", "https://.www.openbsd.org/", "https://www.ope|nbsd.org%", "https://www.openbsd.org.#", "///", "//", "/", "", NULL, }; static int test_valid_hostnames(void) { int i, failure = 0; for (i = 0; valid_hostnames[i] != NULL; i++) { if (!x509_constraints_valid_host(valid_hostnames[i], strlen(valid_hostnames[i]))) { FAIL("Valid hostname '%s' rejected\n", valid_hostnames[i]); failure = 1; goto done; } if (!x509_constraints_valid_sandns(valid_hostnames[i], strlen(valid_hostnames[i]))) { FAIL("Valid sandns '%s' rejected\n", valid_hostnames[i]); failure = 1; goto done; } } done: return failure; } static int test_valid_sandns_names(void) { int i, failure = 0; for (i = 0; valid_sandns_names[i] != NULL; i++) { if (!x509_constraints_valid_sandns(valid_sandns_names[i], strlen(valid_sandns_names[i]))) { FAIL("Valid dnsname '%s' rejected\n", valid_sandns_names[i]); failure = 1; goto done; } } done: return failure; } static int test_valid_domain_constraints(void) { int i, failure = 0; for (i = 0; valid_domain_constraints[i] != NULL; i++) { if (!x509_constraints_valid_domain_constraint(valid_domain_constraints[i], strlen(valid_domain_constraints[i]))) { FAIL("Valid dnsname '%s' rejected\n", valid_domain_constraints[i]); failure = 1; goto done; } } done: return failure; } static int test_valid_mbox_names(void) { struct x509_constraints_name name = {0}; int i, failure = 0; for (i = 0; valid_mbox_names[i] != NULL; i++) { if (!x509_constraints_parse_mailbox(valid_mbox_names[i], strlen(valid_mbox_names[i]), &name)) { FAIL("Valid mailbox name '%s' rejected\n", valid_mbox_names[i]); failure = 1; goto done; } free(name.name); name.name = NULL; free(name.local); name.local = NULL; } done: return failure; } static int test_invalid_hostnames(void) { int i, failure = 0; char *nulhost = "www.openbsd.org\0"; for (i = 0; invalid_hostnames[i] != NULL; i++) { if (x509_constraints_valid_host(invalid_hostnames[i], strlen(invalid_hostnames[i]))) { FAIL("Invalid hostname '%s' accepted\n", invalid_hostnames[i]); failure = 1; goto done; } } if (x509_constraints_valid_host(nulhost, strlen(nulhost) + 1)) { FAIL("hostname with NUL byte accepted\n"); failure = 1; goto done; } if (x509_constraints_valid_sandns(nulhost, strlen(nulhost) + 1)) { FAIL("sandns with NUL byte accepted\n"); failure = 1; goto done; } done: return failure; } static int test_invalid_sandns_names(void) { int i, failure = 0; for (i = 0; invalid_sandns_names[i] != NULL; i++) { if (x509_constraints_valid_sandns(invalid_sandns_names[i], strlen(invalid_sandns_names[i]))) { FAIL("Valid dnsname '%s' rejected\n", invalid_sandns_names[i]); failure = 1; goto done; } } done: return failure; } static int test_invalid_mbox_names(void) { int i, failure = 0; struct x509_constraints_name name = {0}; for (i = 0; invalid_mbox_names[i] != NULL; i++) { if (x509_constraints_parse_mailbox(invalid_mbox_names[i], strlen(invalid_mbox_names[i]), &name)) { FAIL("invalid mailbox name '%s' accepted\n", invalid_mbox_names[i]); failure = 1; goto done; } free(name.name); name.name = NULL; free(name.local); name.local = NULL; } done: return failure; } static int test_invalid_domain_constraints(void) { int i, failure = 0; for (i = 0; invalid_domain_constraints[i] != NULL; i++) { if (x509_constraints_valid_domain_constraint(invalid_domain_constraints[i], strlen(invalid_domain_constraints[i]))) { FAIL("invalid dnsname '%s' accepted\n", invalid_domain_constraints[i]); failure = 1; goto done; } } done: return failure; } static int test_invalid_uri(void) { int j, failure=0; char *hostpart = NULL; for (j = 0; invaliduri[j] != NULL; j++) { if (x509_constraints_uri_host(invaliduri[j], strlen(invaliduri[j]), &hostpart) != 0) { FAIL("invalid URI '%s' accepted\n", invaliduri[j]); failure = 1; goto done; } free(hostpart); hostpart = NULL; } done: return failure; } static int test_constraints1(void) { char *c; size_t cl; char *d; size_t dl; int failure = 0; int error = 0; int i, j; unsigned char *constraints[] = { ".org", ".openbsd.org", "www.openbsd.org", NULL, }; unsigned char *failing[] = { ".ca", "openbsd.ca", "org", NULL, }; unsigned char *matching[] = { "www.openbsd.org", NULL, }; unsigned char *matchinguri[] = { "https://www.openbsd.org", "https://www.openbsd.org/", "https://www.openbsd.org?", "https://www.openbsd.org#", "herp://beck@www.openbsd.org:", "spiffe://beck@www.openbsd.org/this/is/so/spiffe/", NULL, }; unsigned char *failinguri[] = { "https://www.openbsd.ca", "https://www.freebsd.com/", "https://www.openbsd.net?", "https://org#", "herp://beck@org:", "///", "//", "/", "", NULL, }; unsigned char *noauthority[] = { "urn:open62541.server.application", NULL, }; for (i = 0; constraints[i] != NULL; i++) { char *constraint = constraints[i]; size_t clen = strlen(constraints[i]); for (j = 0; matching[j] != NULL; j++) { if (!x509_constraints_domain(matching[j], strlen(matching[j]), constraint, clen)) { FAIL("constraint '%s' should have matched" " '%s'\n", constraint, matching[j]); failure = 1; goto done; } } for (j = 0; matchinguri[j] != NULL; j++) { error = 0; if (!x509_constraints_uri(matchinguri[j], strlen(matchinguri[j]), constraint, clen, &error)) { FAIL("constraint '%s' should have matched URI" " '%s' (error %d)\n", constraint, matchinguri[j], error); failure = 1; goto done; } } for (j = 0; failing[j] != NULL; j++) { if (x509_constraints_domain(failing[j], strlen(failing[j]), constraint, clen)) { FAIL("constraint '%s' should not have matched" " '%s'\n", constraint, failing[j]); failure = 1; goto done; } } for (j = 0; failinguri[j] != NULL; j++) { error = 0; if (x509_constraints_uri(failinguri[j], strlen(failinguri[j]), constraint, clen, &error)) { FAIL("constraint '%s' should not have matched URI" " '%s' (error %d)\n", constraint, failinguri[j], error); failure = 1; goto done; } } for (j = 0; noauthority[j] != NULL; j++) { char *hostpart = NULL; error = 0; if (!x509_constraints_uri_host(noauthority[j], strlen(noauthority[j]), &hostpart)) { FAIL("name '%s' should parse as a URI", noauthority[j]); failure = 1; free(hostpart); goto done; } free(hostpart); if (x509_constraints_uri(noauthority[j], strlen(noauthority[j]), constraint, clen, &error)) { FAIL("constraint '%s' should not have matched URI" " '%s' (error %d)\n", constraint, failinguri[j], error); failure = 1; goto done; } } } c = ".openbsd.org"; cl = strlen(".openbsd.org"); d = "*.openbsd.org"; dl = strlen("*.openbsd.org"); if (!x509_constraints_domain(d, dl, c, cl)) { FAIL("constraint '%s' should have matched '%s'\n", c, d); failure = 1; goto done; } c = "www.openbsd.org"; cl = strlen("www.openbsd.org"); if (x509_constraints_domain(d, dl, c, cl)) { FAIL("constraint '%s' should not have matched '%s'\n", c, d); failure = 1; goto done; } c = ""; cl = 0; if (!x509_constraints_domain(d, dl, c, cl)) { FAIL("constraint '%s' should have matched '%s'\n", c, d); failure = 1; goto done; } done: return failure; } int main(int argc, char **argv) { int failed = 0; failed |= test_valid_hostnames(); failed |= test_invalid_hostnames(); failed |= test_valid_sandns_names(); failed |= test_invalid_sandns_names(); failed |= test_valid_mbox_names(); failed |= test_invalid_mbox_names(); failed |= test_valid_domain_constraints(); failed |= test_invalid_domain_constraints(); failed |= test_invalid_uri(); failed |= test_constraints1(); return (failed); }
* Enable waitid(2) regress tests and a new test derived from NetBSD'skettenis2022-10-263-12/+279
| | | | | | wait6(2) tests. ok millert@, deraadt@
* dtlstest: Ensure the timeouts are at least 10 ms. This makes these teststb2022-10-261-1/+7
| | | | | | a bit less flaky if the machine is otherwise under load. from jsing
* tlsexttest.c: make various static structs consttb2022-10-211-19/+19
|
* quic tlsext tests: use byte vector in place of stringtb2022-10-211-10/+8
| | | | | | | While this doesn't actually change anything, it should appease Coverity. CID 358678 CID 358679
* Link rust-openssl to regresstb2022-10-201-1/+2
|
* Provide a harness driving rust-openssl's regress teststb2022-10-203-0/+62
| | | | | | | | | | | | | | | rust-openssl is an integral part of the Rust ecosystem and more than a dozen ports, including lang/rust itself, depend on it. We need to ensure that it keeps working with LibreSSL. If the rust and rust-openssl-tests packages are installed, create a cargo workspace under obj/ that compiles and runs the rust-openssl regress tests much like what is done for the openssl-ruby tests. This expands our regress coverage: for instance, this would have caught the broken ASN.1 indefinite length encoding caused by asn1/tasn_enc.c r1.25. Positive feedback beck jsing semarie Testing and ok anton
* Remove references to four definitions that tb@ deleted in x509.h rev. 1.89schwarze2022-10-181-4/+3
| | | | | | | | on Jan 10, 2022: X509_EX_V_INIT X509_EX_V_NETSCAPE_HACK X509_EXT_PACK_STRING X509_EXT_PACK_UNKNOWN. Mark BN_set_params and BN_get_params as deprecated, unused, and intentionally undocumented.
* Revise expire callback regress to use chains with expired certificates.jsing2022-10-171-25/+66
| | | | | | | | | | Rather than using X509_STORE_CTX_set_time() (which is resulting all certificates in the chain being treated as expired), use chains that have an expired leaf or expired intermediate. This triggers a different code path, which is currently mishandled (and hence failing). Also ensure that the resulting error and error depth match what we expect them to be.
* Ensure that verification results in the expected error and error depth.jsing2022-10-171-16/+113
| | | | | Improve verification regress and ensure that the legacy or modern verification completes with the expected error and error depth.
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-04-02 01:48:37 +0000