aboutsummaryrefslogtreecommitdiffstats
path: root/test
Commit message (Collapse)AuthorAgeFilesLines
* Add sslapitest for SSL_early_get1_extensions_present()Benjamin Kaduk2017-06-121-0/+15
| | | | | | | Call it from the early callback used for testing these functions, and verify the expected contents of the ClientHello Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2976)
* TLS 1.3 client sigalgs test no longer needs TLS 1.2Benjamin Kaduk2017-06-121-8/+8
| | | | | | | | | | | | Per the TODO comment, we now have proper certificate selection for TLS 1.3 client certificates, so this test can move into its own block. (It cannot merge with the previous block, as it requires EC.) Verified that the test passes when configured with enable-tls1_3 no-tls1 no-tls1_1 no-tls1_2. Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3131)
* Introduce ASN1_TIME_set_string_X509 APIRich Salz2017-06-112-0/+144
| | | | | | | | | | | | | | | | | | | | Make funcs to deal with non-null-term'd string in both asn1_generalizedtime_to_tm() and asn1_utctime_to_tm(). Fixes issue #3444. This one is used to enforce strict format (RFC 5280) check and to convert GeneralizedTime to UTCTime. apps/ca has been changed to use the new API. Test cases and documentation are updated/added Signed-off-by: Paul Yang <paulyang.inf@gmail.com> Reviewed-by: Kurt Roeckx <kurt@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3566)
* Fix memory leaks in CTLOG_new_from_base64Benjamin Kaduk2017-06-091-9/+24
| | | | | | | | | | | | | | | Move the call to ct_base64_decode(), which allocates, until after the check for NULL output parameter. Also place a cap on the number of padding characters used to decrement the output length -- any more than two '='s is not permitted in a well-formed base64 text. Prior to this change, ct_base64_decode() would return a length of -1 along with allocated storage for an input of "====". Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3379)
* Fix a bundle of trailing spaces in several filesPaul Yang2017-06-098-12/+12
| | | | | | | | Signed-off-by: Paul Yang <paulyang.inf@gmail.com> Reviewed-by: Kurt Roeckx <kurt@openssl.org> Reviewed-by: Ben Kaduk <kaduk@mit.edu> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3622)
* Fix #2400 Add NO_RENEGOTIATE optionTodd Short2017-06-062-1/+175
| | | | | Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3432)
* Handle the server refusing to reneg in a reneg_setupTodd Short2017-06-061-0/+11
| | | | | | | | During setup of a reneg test the server can refuse to start reneg. If that happens we should let the client continue and then fail. Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3432)
* Fix coding stylePaul Yang2017-06-061-56/+32
| | | | | | | | Signed-off-by: Paul Yang <paulyang.inf@gmail.com> Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3614)
* Set local variable to 0 to avoid build errorPaul Yang2017-06-061-1/+1
| | | | | | | Signed-off-by: Paul Yang <paulyang.inf@gmail.com> Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3614)
* Add test cases for X509_check_private_keyPaul Yang2017-06-065-1/+225
| | | | | | | | | | | | To test X509_check_private_key and relatives. Add a CSR and corresponding RSA private key to test X509_REQ_check_private_key function. Signed-off-by: Paul Yang <paulyang.inf@gmail.com> Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3614)
* Use common STANZA for bn and exp testsRich Salz2017-06-0510-362/+360
| | | | | | | | | | Standardize file:line messages Reduce buff size; move to end of STANZA Add some Title entries (with blank line after) Add Title to some BN test files. Reviewed-by: Andy Polyakov <appro@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3608)
* Fix ex_data and session_dup issuesTodd Short2017-06-021-4/+122
| | | | | | | | | | | | | | | | Code was added in commit b3c31a65 that overwrote the last ex_data value using CRYPTO_dup_ex_data() causing a memory leak, and potentially confusing the ex_data dup() callback. In ssl_session_dup(), fix error handling (properly reference and up-ref shared data) and new-up the ex_data before calling CRYPTO_dup_ex_data(); all other structures that dup ex_data have the destination ex_data new'd before the dup. Fix up some of the ex_data documentation. Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3323)
* no-ec fixDr. Stephen Henson2017-05-301-3/+10
| | | | Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3503)
* Add Ed25519 verify test.Dr. Stephen Henson2017-05-303-1/+23
| | | | | | | Add Ed25519 certificate verify test using certificate from draft-ietf-curdle-pkix-04 and custom generated root certificate. Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3503)
* Add RFC8032 tests and additional casesDr. Stephen Henson2017-05-301-0/+118
| | | | Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3503)
* Fix certificate version number in testThijs Wenker2017-05-291-1/+1
| | | | | | | | | The version number 3 means version 4, while 2 means version 3. Since this is the v3nametest, version 3 should be used. CLA: Trivial Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3577)
* Fix use of "can_load()" in run_tests.pl.Rainer Jung2017-05-261-1/+1
| | | | | | | | | CLA: Trivial Fixes #3563. Reviewed-by: Andy Polyakov <appro@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3564)
* test/evp_test.c: improve output in case of errors.Andy Polyakov2017-05-261-146/+145
| | | | | | | Recently introduced TEST_* macros print variables' symbolic names. In order to make error output more readable rename some variables. Reviewed-by: Rich Salz <rsalz@openssl.org>
* Fix BoringSSL alert related test failuresMatt Caswell2017-05-251-1/+1
| | | | | | | | | Commit bd990e2535 changed our handling of alerts. Some of the BoringSSl tests were expecting specific errors to be created if bad alerts were sent. Those errors have now changed as a result of that commit, so the BoringSSL test config needs to be updated to match. Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3549)
* Fix va_arg all in test_error_c90Rich Salz2017-05-231-1/+1
| | | | Reviewed-by: Andy Polyakov <appro@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3506)
* Revise evp_test parser; make like bn_testRich Salz2017-05-231-662/+709
| | | | | | Re-order and comment on the functions Reviewed-by: Andy Polyakov <appro@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3506)
* Add titles to groups of EVP testsRich Salz2017-05-237-963/+1000
| | | | Reviewed-by: Andy Polyakov <appro@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3529)
* Fix line numbering for errors.Rich Salz2017-05-231-8/+14
| | | | Reviewed-by: Andy Polyakov <appro@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3528)
* Reformat the string output to be more in line with the decisions made in #3465Pauli2017-05-222-22/+22
| | | | | | | | | Don't highlight excess when comparing unequal length strings. Clean up the NULL / empty string display. Reviewed-by: Andy Polyakov <appro@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3514)
* Bring the memory output inline with the suggestions in #3465.Pauli2017-05-221-26/+19
| | | | | | | | | | Excess bytes, when one block is longer than the other, are not explicitly highlighted. The NULL / zero length block output has been cleaned up. Reviewed-by: Andy Polyakov <appro@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3515)
* Fixed merge nonsenseAlex Gaynor2017-05-221-2/+0
| | | | | Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3149)
* Newlines!Alex Gaynor2017-05-221-0/+2
| | | | | Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3149)
* Update the test to assert that the SCT is from an X.509 extensionAlex Gaynor2017-05-221-9/+8
| | | | | Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3149)
* Fix the mem_sec "small arena"Todd Short2017-05-221-6/+9
| | | | | | | | | | Fix the small arena test to just check for the symptom of the infinite loop (i.e. initialized set on failure), rather than the actual infinite loop. This avoids some valgrind errors. Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Andy Polyakov <appro@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3512)
* test/secmemtest.c: clarify limitations for huge secure memory arena test.Andy Polyakov2017-05-221-10/+15
| | | | Reviewed-by: Rich Salz <rsalz@openssl.org>
* test/run_tests.pl: don't mask test failures.Andy Polyakov2017-05-211-1/+4
| | | | | | | | | Switch to TAP::Harness inadvertently masked test failures. Test::Harness::runtests was terminating with non-zero exit code in case of failure[s], while TAP::Harness apparently holds caller responsible for doing so. Reviewed-by: Rich Salz <rsalz@openssl.org>
* test/test_test.c: fix wrong BN test [and rearrange tests a little bit].Andy Polyakov2017-05-201-2/+2
| | | | | Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3502)
* Tweak sec_mem testsTodd Short2017-05-201-3/+22
| | | | | | | | Remove assertion when mmap() fails. Only run the 1<<31 limit test on Linux Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3455)
* move comments to same line as fieldsDr. Stephen Henson2017-05-201-16/+9
| | | | Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3500)
* Add test data for EVP_DigestSign/EVP_DigestVerify tests.Dr. Stephen Henson2017-05-201-0/+58
| | | | Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3500)
* Add test support for "oneshot" versions EVP_DigestSign, EVP_DigestVerify.Dr. Stephen Henson2017-05-201-9/+94
| | | | Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3500)
* Add tests in evp_test for EVP_Digest{Sign,Verify}{Init,Update,Final}Dr. Stephen Henson2017-05-201-0/+187
| | | | Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3500)
* remove duplicate testsDr. Stephen Henson2017-05-197-511/+1
| | | | Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3451)
* Add testsDr. Stephen Henson2017-05-191-2/+72
| | | | | | | Import test data from sha1test.c, sha256t.c and sha512t.c which is from RFC6234 section 8.5 Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3451)
* Add support for multiple update calls in evp_testDr. Stephen Henson2017-05-192-21/+155
| | | | | | | | | | | | Allow multiple "Input" lines to call the update function multiple times. Add "Ncopy" keyword to copy the input buffer. So for example: Input = "a" Ncopy = 1024 Will create a buffer consisting of 1024 "a" characters. Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3451)
* Reformat the output of BIGNUMS where test cases fail.Pauli2017-05-192-48/+244
| | | | | | Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Andy Polyakov <appro@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3465)
* Fix compile error/warning in packettest.cTodd Short2017-05-171-2/+2
| | | | | Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3416)
* Add a test for a missing sig algs extensionMatt Caswell2017-05-171-3/+23
| | | | | | Check that a missing sig algs extension succeeds if we are resuming. Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3478)
* Add tests for unsolicited extensionsMatt Caswell2017-05-171-1/+69
| | | | Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3418)
* Don't allow fragmented alertsMatt Caswell2017-05-171-4/+4
| | | | | | | | | | | | | | | | | | | An alert message is 2 bytes long. In theory it is permissible in SSLv3 - TLSv1.2 to fragment such alerts across multiple records (some of which could be empty). In practice it make no sense to send an empty alert record, or to fragment one. TLSv1.3 prohibts this altogether and other libraries (BoringSSL, NSS) do not support this at all. Supporting it adds significant complexity to the record layer, and its removal is unlikely to cause inter-operability issues. The DTLS code for this never worked anyway and it is not supported at a protocol level for DTLS. Similarly fragmented DTLS handshake records only work at a protocol level where at least the handshake message header exists within the record. DTLS code existed for trying to handle fragmented handshake records smaller than this size. This code didn't work either so has also been removed. Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3476)
* Use BIO not FILE for test fileRich Salz2017-05-158-10592/+10619
| | | | | | | Allow multiple file arguments. Split bntests.txt into separate files. Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3471)
* Randomise the ordering of the C unit tests.Pauli2017-05-152-39/+98
| | | | | Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3393)
* Review feedback; use single main, #ifdef ADD_TESTRich Salz2017-05-121-20/+25
| | | | | | Suppose OPENSSL_USE_NODELETE (via Nick Reilly) Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3399)
* Convert shlibloadtest to new frameworkRich Salz2017-05-122-144/+109
| | | | Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3399)
* Add "Title" directive to evp_testRich Salz2017-05-129-20/+22
| | | | Reviewed-by: Stephen Henson <steve@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3454)
generated by cgit v1.2.3 (git 2.39.1) at 2024-07-01 19:56:08 +0000