openssl - openssl

	Commit message (Collapse)	Author	Age	Files	Lines
*	Compat self-signed trust with reject-only aux data	Viktor Dukhovni	2016-02-01	35	-38/+815
\| \| \| \| \| \| \| \| \| \| \| \|	When auxiliary data contains only reject entries, continue to trust self-signed objects just as when no auxiliary data is present. This makes it possible to reject specific uses without changing what's accepted (and thus overring the underlying EKU). Added new supported certs and doubled test count from 38 to 76. Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
*	Check chain extensions also for trusted certificates	Viktor Dukhovni	2016-02-01	7	-35/+168
\| \| \| \| \| \| \| \| \|	This includes basic constraints, key usages, issuer EKUs and auxiliary trust OIDs (given a trust suitably related to the intended purpose). Added tests and updated documentation. Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
*	Move more BN internals to bn_lcl.h	Rich Salz	2016-01-30	2	-12/+19
\| \| \| \| \| \| \| \|	There was an unused macro in ssl_locl.h that used an internal type, so I removed it. Move bio_st from bio.h to ossl_type.h Reviewed-by: Andy Polyakov <appro@openssl.org>
*	When checking if there's a VMS directory spec, don't forget the possible device	Richard Levitte	2016-01-30	1	-1/+1
\| \| \| \|	Reviewed-by: Rich Salz <rsalz@openssl.org>
*	Fix test/recipes/25-test_verify.t	Richard Levitte	2016-01-30	1	-4/+4
\| \| \| \| \| \| \|	top_dir() are used to create directory names, top_file() should be used for files. In a Unixly environment, that doesn't matter, but... Reviewed-by: Rich Salz <rsalz@openssl.org>
*	handle "Ctrl" in separate function	Dr. Stephen Henson	2016-01-30	1	-16/+20
\| \| \| \|	Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
*	Add test data for ECDH	Dr. Stephen Henson	2016-01-30	1	-0/+25
\| \| \| \|	Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
*	Add support for EVP_PKEY_derive in evp_test	Dr. Stephen Henson	2016-01-30	1	-0/+71
\| \| \| \|	Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
*	fix warning	Dr. Stephen Henson	2016-01-30	1	-0/+2
\| \| \| \|	Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
*	Templatize util/domd	Rich Salz	2016-01-29	1	-1/+1
\| \| \| \|	Reviewed-by: Richard Levitte <levitte@openssl.org>
*	Configure et al: split up the lflags configuration item into two	Richard Levitte	2016-01-29	1	-7/+7
\| \| \| \| \| \| \| \| \| \| \| \| \| \|	The lflags configuration had a weird syntax with a % as separator. If it was present, whatever came before ended up as PEX_LIBS in Makefile (usually, this is LDFLAGS), while whatever came after ended up as EX_LIBS. This change splits that item into lflags and ex_libs, making their use more explicit. Also, PEX_LIBS in all the Makefiles are renamed to LDFLAGS. Reviewed-by: Rich Salz <rsalz@openssl.org>
*	Add have_precompute_mult tests	Matt Caswell	2016-01-29	1	-0/+9
\| \| \| \| \| \| \|	Add tests for have_precompute_mult for the optimised curves (nistp224, nistp256 and nistp521) if present Reviewed-by: Richard Levitte <levitte@openssl.org>
*	Add a test for small subgroup attacks on DH/DHE	Matt Caswell	2016-01-28	1	-4/+65
\| \| \| \| \| \| \| \| \|	Following on from the previous commit, add a test to ensure that DH_compute_key correctly fails if passed a bad y such that: y^q (mod p) != 1 Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
*	Test all built-in curves and let the library choose the EC_METHOD	Billy Brumley	2016-01-27	1	-0/+14
\| \| \| \| \|	Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org>
*	Skip all explicitely if the number of tests is 0	Richard Levitte	2016-01-27	1	-0/+3
\| \| \| \| \| \| \| \| \| \| \| \|	It seems that Test::More doesn't like 0 tests, a line like this raises an error and stops the recipe entirely: plan tests => 0; So we need to check for 0 tests beforehand and skip the subtest explicitely in that case. Reviewed-by: Rich Salz <rsalz@openssl.org>
*	Be careful when applying EXE_SHELL	Richard Levitte	2016-01-27	1	-4/+9
\| \| \| \| \| \| \|	$EXE_SHELL should only be used with out own programs, not with surrounding programs such as the perl interpreter. Reviewed-by: Matt Caswell <matt@openssl.org>
*	Fix Custom Extension tests skip count	Viktor Dukhovni	2016-01-27	1	-1/+1
\| \| \| \|	Reviewed-by: Richard Levitte <levitte@openssl.org>
*	Remove /* foo.c */ comments	Rich Salz	2016-01-26	37	-37/+0
\| \| \| \| \| \| \| \| \| \| \| \|	This was done by the following find . -name '.[ch]' \| /tmp/pl where /tmp/pl is the following three-line script: print unless $. == 1 && m@/\ .\.[ch] \/@; close ARGV if eof; # Close file to reset $. And then some hand-editing of other files. Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
*	RT4272: Unit tests fail when DTLS disabled	Todd Short	2016-01-26	1	-2/+4
\| \| \| \| \| \| \|	Missing SKIP: block in SSL unit tests for DTLS and TLS version tests. Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org>
*	80-test_ca.t is made to use the new perlapp()	Richard Levitte	2016-01-26	1	-11/+6
\| \| \| \|	Reviewed-by: Matt Caswell <matt@openssl.org>
*	Have OpenSSL::Test handle perl scripts like any program	Richard Levitte	2016-01-26	1	-11/+77
\| \| \| \| \| \| \| \| \| \| \| \| \| \| \|	Since we're building some of our perl scripts and the result might not end up in apps/ (), we may need to treat them like the compile programs we use for testing. This introduces perlapp() and perltest(), which behave like app() and test(), but will add the perl executable in the command line. ----- () For example, with a mk1mf build, the result will end up in $(BIN_D) Reviewed-by: Matt Caswell <matt@openssl.org>
*	Use the new OpenSSL::Test::Utils routines.	Richard Levitte	2016-01-26	7	-11/+11
\| \| \| \|	Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
*	Use Configure's @disablables and %disabled through configdata.pm	Richard Levitte	2016-01-26	1	-34/+87
\| \| \| \| \| \| \| \|	Enhances the routines in OpenSSL::Test::Utils for checking disabled stuff to get their information directly from Configure instead of 'openssl list -disabled'. Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
*	For every test in 80-test_ssl.t, check that the protocol(s) used is enabled	Richard Levitte	2016-01-25	1	-138/+214
\| \| \| \|	Reviewed-by: Rich Salz <rsalz@openssl.org>
*	Make tests use configdata.pm rather than parsing Makefile	Richard Levitte	2016-01-25	7	-20/+26
\| \| \| \|	Reviewed-by: Rich Salz <rsalz@openssl.org>
*	Fix OpenSSL::Test::Simple to take more than one algorithm	Richard Levitte	2016-01-25	1	-4/+10
\| \| \| \| \| \| \|	Some test programs may depend on more than just one TLS version, for example. Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
*	dsatest: use the correct BIO to print the test error	Marcus Meissner	2016-01-22	1	-1/+1
\| \| \| \| \|	Signed-off-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Kurt Roeckx <kurt@openssl.org>
*	few typo fixes	FdaSilvaYY	2016-01-22	1	-1/+1
\| \| \| \| \|	Signed-off-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Kurt Roeckx <kurt@openssl.org>
*	Remove outdated conftest.c	Rich Salz	2016-01-22	1	-99/+0
\| \| \| \|	Reviewed-by: Matt Caswell <matt@openssl.org>
*	Multiple -trusted/-untrusted/-CRLfile options in verify	Viktor Dukhovni	2016-01-21	1	-4/+0
\| \| \| \| \| \| \| \| \| \| \| \| \| \|	It is sometimes useful (especially in automated tests) to supply multiple trusted or untrusted certificates via separate files rather than have to prepare a single file containing them all. To that end, change verify(1) to accept these options zero or more times. Also automatically set -no-CAfile and -no-CApath when -trusted is specified. Improve verify(1) documentation, which could still use some work. Reviewed-by: Richard Levitte <levitte@openssl.org>
*	More X509_verify_cert() tests via verify(1).	Viktor Dukhovni	2016-01-21	9	-5/+259
\| \| \| \| \| \| \|	Still need tests for trusted-first and tests that probe construction of alternate chains. Reviewed-by: Richard Levitte <levitte@openssl.org>
*	Commit pre-generated test_verify certs	Viktor Dukhovni	2016-01-21	30	-0/+608
\| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \|	These can be re-generated via: cd test/certs; ./setup.sh if need be. The keys are all RSA 2048-bit keys, but it is possible to change that via environment variables. cd test/certs rm -f -key.pem -key2.pem OPENSSL_KEYALG=rsa OPENSSL_KEYBITS=3072 ./setup.sh cd test/certs rm -f -key.pem -key2.pem OPENSSL_KEYALG=ecdsa OPENSSL_KEYBITS=secp384r1 ./setup.sh ... Keys are re-used if already present, so the environment variables are only used when generating any keys that are missing. Hence the "rm -f" Reviewed-by: Richard Levitte <levitte@openssl.org>
*	Scripts to generate verify test certs	Viktor Dukhovni	2016-01-21	2	-0/+222
\| \| \| \|	Reviewed-by: Richard Levitte <levitte@openssl.org>
*	Remove update tags	Rich Salz	2016-01-20	1	-6/+1
\| \| \| \| \|	Also remove depend/local_depend. Reviewed-by: Richard Levitte <levitte@openssl.org>
*	Remove the GOST engine	Matt Caswell	2016-01-19	3	-1467/+3
\| \| \| \| \| \| \| \| \| \|	The GOST engine is now out of date and is removed by this commit. An up to date GOST engine is now being maintained in an external repository. See: https://wiki.openssl.org/index.php/Binaries Reviewed-by: Richard Levitte <levitte@openssl.org>
*	Support disabling any or all TLS or DTLS versions	Viktor Dukhovni	2016-01-19	2	-534/+152
\| \| \| \| \| \| \| \| \| \| \| \| \| \| \|	Some users want to disable SSL 3.0/TLS 1.0/TLS 1.1, and enable just TLS 1.2. In the future they might want to disable TLS 1.2 and enable just TLS 1.3, ... This commit makes it possible to disable any or all of the TLS or DTLS protocols. It also considerably simplifies the SSL/TLS tests, by auto-generating the min/max version tests based on the set of supported protocols (425 explicitly written out tests got replaced by two loops that generate all 425 tests if all protocols are enabled, fewer otherwise). Reviewed-by: Richard Levitte <levitte@openssl.org>
*	add TLS1-PRF tests	Dr. Stephen Henson	2016-01-19	1	-0/+48
\| \| \| \|	Reviewed-by: Matt Caswell <matt@openssl.org>
*	Add TLS1-PRF test support to evp_test	Dr. Stephen Henson	2016-01-19	1	-0/+115
\| \| \| \|	Reviewed-by: Matt Caswell <matt@openssl.org>
*	Use POSIX functions on Cygwin, not Win32 function	Corinna Vinschen	2016-01-18	1	-2/+2
\| \| \| \| \| \| \|	Signed-off-by: Corinna Vinschen <vinschen@redhat.com> Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org>
*	Fix build break; restore missing target	Rich Salz	2016-01-18	1	-0/+3
\| \| \| \|	Reviewed-by: Richard Levitte <levitte@openssl.org>
*	Remove some old makefile targets	Rich Salz	2016-01-17	1	-10/+0
\| \| \| \| \| \| \| \|	Remove lint, tags, dclean, tests. This is prep for a new makedepend scheme. This is temporary pending unified makefile, and might help it. Reviewed-by: Richard Levitte <levitte@openssl.org>
*	The TLSProxy tests can't run if no-engine has been configured	Richard Levitte	2016-01-17	6	-0/+23
\| \| \| \| \| \|	Make sure they detect that. Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
*	NGX-2040 - fix wildcard match on punycode/IDNA DNS names	Zi Lin	2016-01-15	1	-0/+10
\| \| \| \| \| \| \| \|	- bugfix: should not treat '--' as invalid domain substring. - '-' should not be the first letter of a domain Signed-off-by: Viktor Dukhovni <viktor@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org>
*	In __cwd, make sure the given directory is seen as such and not a file	Richard Levitte	2016-01-14	1	-2/+1
\| \| \| \| \| \|	On Unixly platforms, this doesn't matter. On VMS, it does. Reviewed-by: Rich Salz <rsalz@openssl.org>
*	Do not use redirection on binary files	Richard Levitte	2016-01-14	2	-8/+8
\| \| \| \| \| \| \| \| \| \| \|	On some platforms, the shell will determine what attributes a file will have, so while the program might think it's safely outputting binary data, it's not always true. For the sake of the tests, it's therefore safer to use -out than to use redirection. Reviewed-by: Rich Salz <rsalz@openssl.org>
*	Add a directry spec for mcr if there is none	Richard Levitte	2016-01-14	1	-1/+1
\| \| \| \| \| \| \| \| \| \|	On VMS, the command MCR will assume SYS$SYSTEM: when the first argument lacks a directory spec. So for programs in the current directory, we add [] to tell MCR it is in the current directory. It's the same as having ./ at the start of a program on Unix so the shell doesn't start looking along $PATH. Reviewed-by: Rich Salz <rsalz@openssl.org>
*	Fix verify(1) to report failure when verification fails	Viktor Dukhovni	2016-01-13	1	-2/+1
\| \| \| \| \| \|	Regenerated expired test certificates, good for the next 100 years. Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
*	Fix test_ordinals	Matt Caswell	2016-01-13	1	-1/+1
\| \| \| \| \| \| \|	This used to work but somewhere along the line it broke and was failing to detect duplicate ordinals - which was the whole point of the test! Reviewed-by: Rich Salz <rsalz@openssl.org>
*	Remove test_probable_prime_coprime from test/bntest.c	Richard Levitte	2016-01-13	1	-42/+0
\| \| \| \| \| \| \|	This test relies on a private function, which isn't exported. This test would work better as a unit test in crypto/bn/bn_prime.c. Reviewed-by: Rich Salz <rsalz@openssl.org>
*	VMS perl doesn't implement fork(), so don't run the TLSProxy tests there	Richard Levitte	2016-01-13	6	-0/+18
\| \| \| \|	Reviewed-by: Viktor Dukhovni <viktor@openssl.org>