Age | Commit message (Collapse) | Author |
|
Some compilers complain about unused variables, and some tests do
not run well without OCSP.
Reviewed-by: Rich Salz <rsalz@openssl.org>
(cherry picked from commit 057c676afb2a69b7d2bb9cf6e895e720a2a62b78)
|
|
Also, enlarge test group 20 to include openssl commands that aren't
tested otherwise
Reviewed-by: Rich Salz <rsalz@openssl.org>
(cherry picked from commit 497f3bf9a75a2917e50b16b7985e87c89b86a39b)
|
|
Reviewed-by: Matt Caswell <matt@openssl.org>
(cherry picked from commit 77a42b5f177e308233ab108806c48b9590a780e2)
|
|
This adheres much better to the documentation in test/README
Reviewed-by: Rich Salz <rsalz@openssl.org>
(cherry picked from commit 377ab6d183453dac5454abf62d5341a559caa264)
|
|
This reverts commit eb40eaed727500bf4a15f848c99e37edd18e142e.
Reviewed-by: Emilia Käsper <emilia@openssl.org>
(cherry picked from commit a5e1f1230e09b249ff94cc48aeffd1b874cb937e)
|
|
These tests take a very long time on some platforms, and arent't
always strictly necessary. This makes it possible to turn them
off. The necessary binaries are still built, though, in case
someone still wants to do a manual run.
Reviewed-by: Andy Polyakov <appro@openssl.org>
(cherry picked from commit eb40eaed727500bf4a15f848c99e37edd18e142e)
|
|
The previous commit revealed a long standing problem where CertStatus
processing was broken in DTLS. This would have been revealed by better
testing - so add some!
Reviewed-by: Rich Salz <rsalz@openssl.org>
(cherry picked from commit 767ccc3b77cde82c46ab4af541663f6c80e538d3)
|
|
msan detected an uninit read.
Reviewed-by: Richard Levitte <levitte@openssl.org>
|
|
User can make Windows openssl.exe to treat command-line arguments
and console input as UTF-8 By setting OPENSSL_WIN32_UTF8 environment
variable (to any value). This is likely to be required for data
interchangeability with other OSes and PKCS#12 containers generated
with Windows CryptoAPI.
Reviewed-by: Richard Levitte <levitte@openssl.org>
|
|
The new curves test did not take into account no-ec2m
Reviewed-by: Richard Levitte <levitte@openssl.org>
|
|
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
|
|
Test doesn't work on Windows with non-Greek locale, because of
Win32 perl[!] limitation, not OpenSSL. For example it passes on
Cygwin and MSYS...
Reviewed-by: Matt Caswell <matt@openssl.org>
|
|
There was a block of code at the start that used the Camellia cipher. The
original idea behind this was to fill the buffer with non-zero data so that
oversteps can be detected. However this block failed when using no-camellia.
This has been replaced with a RAND_bytes() call.
I also updated the the CTR test section, since it seems to be using a CBC
cipher instead of a CTR cipher.
Reviewed-by: Andy Polyakov <appro@openssl.org>
|
|
Reviewed-by: Rich Salz <rsalz@openssl.org>
GH: #1472
|
|
The PKCS12 command line utility is not available if no-des is used.
Reviewed-by: Rich Salz <rsalz@openssl.org>
|
|
Also, re-organize RSA check to use goto err.
Add a test case.
Try all checks, not just stopping at first (via Richard Levitte)
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
|
|
The variable 'buffer', allocated by EC_POINT_point2buf(), isn't
free'd on the success path.
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
|
|
The previous ciphersuite broke in no-ec builds.
Reviewed-by: Richard Levitte <levitte@openssl.org>
|
|
In mempacket_test_read(), we've already fetched the top value of the
stack, so when we shift the stack, we don't care for the value. The
compiler needs to be told, or it will complain harshly when we tell it
to be picky.
Reviewed-by: Matt Caswell <matt@openssl.org>
|
|
Originally PKCS#12 subroutines treated password strings as ASCII.
It worked as long as they were pure ASCII, but if there were some
none-ASCII characters result was non-interoperable. But fixing it
poses problem accessing data protected with broken password. In
order to make asscess to old data possible add retry with old-style
password.
Reviewed-by: Richard Levitte <levitte@openssl.org>
|
|
Reviewed-by: Richard Levitte <levitte@openssl.org>
|
|
RT#4628
Reviewed-by: Rich Salz <rsalz@openssl.org>
|
|
Reviewed-by: Rich Salz <rsalz@openssl.org>
|
|
Clang was complaining about some unused functions. Moving the stack
declaration to the header seems to sort it. Also the certstatus variable
in dtlstest needed to be declared static.
Reviewed-by: Richard Levitte <levitte@openssl.org>
|
|
Injects a record from epoch 1 during epoch 0 handshake, with a record
sequence number in the future, to test that the record replay protection
feature works as expected. This is described more fully in the next commit.
Reviewed-by: Richard Levitte <levitte@openssl.org>
|
|
Add a test to inject a record from the next epoch during the handshake and
make sure it doesn't get processed immediately.
Reviewed-by: Richard Levitte <levitte@openssl.org>
|
|
Split the create_ssl_connection() helper function into two steps: one to
create the SSL objects, and one to actually create the connection. This
provides the ability to make changes to the SSL object before the
connection is actually made.
Reviewed-by: Richard Levitte <levitte@openssl.org>
|
|
This adds a BIO similar to a normal mem BIO but with datagram awareness.
It also has the capability to inject additional packets at arbitrary
locations into the BIO, for testing purposes.
Reviewed-by: Richard Levitte <levitte@openssl.org>
|
|
Dump out the records passed over the BIO. Only works for DTLS at the
moment but could easily be extended to TLS.
Reviewed-by: Richard Levitte <levitte@openssl.org>
|
|
Reviewed-by: Stephen Henson <steve@openssl.org>
|
|
Duplicate alerts have happened, see
70c22888c1648fe8652e77107f3c74bf2212de36
Reviewed-by: Rich Salz <rsalz@openssl.org>
|
|
Make maximum fragment length configurable and add various fragmentation
tests, in addition to the existing multi-buffer tests.
Reviewed-by: Rich Salz <rsalz@openssl.org>
|
|
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
|
|
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
Reviewed-by: Stephen Henson <steve@openssl.org>
|
|
Reviewed-by: Emilia Käsper <emilia@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1461)
|
|
Reviewed-by: Rich Salz <rsalz@openssl.org>
|
|
Reviewed-by: Rich Salz <rsalz@openssl.org>
|
|
Reviewed-by: Tim Hudson <tjh@openssl.org>
|
|
Test that we handle a TLS ClientHello in an SSLv2 record correctly.
Reviewed-by: Tim Hudson <tjh@openssl.org>
|
|
Changes them to have clearer ownership semantics, as suggested in
https://github.com/openssl/openssl/pull/1372#discussion_r73232196.
Reviewed-by: Emilia Käsper <emilia@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1408)
|
|
Reviewed-by: Rich Salz <rsalz@openssl.org>
|
|
Reviewed-by: Rich Salz <rsalz@openssl.org>
|
|
Thanks to Brian Carpter for reporting this.
Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
|
|
In practice, CT isn't really functional without EC anyway, as most logs
use EC keys. So, skip loading the log list with no-ec, and skip CT tests
completely in that conf.
Reviewed-by: Rich Salz <rsalz@openssl.org>
|
|
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1429)
|
|
Reviewed-by: Rich Salz <rsalz@openssl.org>
|
|
Like OPENSSL_assert, but also prints the error stack before exiting.
Reviewed-by: Rich Salz <rsalz@openssl.org>
|
|
This commit only ports existing tests, and adds some coverage for
resumption. We don't appear to have any handshake tests that cover SCT
validation success, and this commit doesn't change that.
Reviewed-by: Rich Salz <rsalz@openssl.org>
|
|
Some failure tests were failing for the wrong reason after the CTX
refactoring. Update those tests.
Reviewed-by: Rich Salz <rsalz@openssl.org>
|
|
As discussed in PR#1409 it can be done differently.
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
|