summaryrefslogtreecommitdiffstats
path: root/test (follow)
Commit message (Collapse)AuthorAgeFilesLines
* Add some tests for -inform/keyform enforcementTomas Mraz2021-05-064-8/+40
| | | | | Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15100)
* Make the -inform option to be respected if possibleTomas Mraz2021-05-061-3/+3
| | | | | | | | | | | | | | | | Add OSSL_STORE_PARAM_INPUT_TYPE and make it possible to be set when OSSL_STORE_open_ex() or OSSL_STORE_attach() is called. The input type format is enforced only in case the file type file store is used. By default we use FORMAT_UNDEF meaning the input type is not enforced. Fixes #14569 Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15100)
* APPS: Slightly extend and improve documentation of the opt_ APIDr. David von Oheimb2021-05-051-2/+2
| | | | | | | Also remove redundant opt_name() and make names of opt_{i,u}ntmax() consistent. Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15111)
* adapt tests to SSL_OP_LEGACY_SERVER_CONNECT changeBenjamin Kaduk2021-05-052-1/+3
| | | | | | | | | | | | The "bad DTLS" tests run into trouble due to the special behavior for that "bad" version, and the SSL record tests need to set the -legacy_server_connect flag to allow an SSLv2 ClientHello to work against any TLS server (since SSLv2 ClientHello messages cannot carry extensions as would be needed in order to negotiate the use of the renegitiation_info extension). Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15127)
* mac: allow XOF MACs to be specified either via control or via the dedicated ↵Pauli2021-05-052-15/+92
| | | | | | | function Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15061)
* Add .includedir pragmaRich Salz2021-05-052-1/+8
| | | | | | | | Also add a negative test, and fix typo's. Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15090)
* cleanup where purpose is not needed in 25-test_verify.tDr. David von Oheimb2021-05-051-67/+67
| | | | | | Reviewed-by: Viktor Dukhovni <viktor@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14413)
* test/certs/setup.sh: Fix two glitchesDr. David von Oheimb2021-05-053-12/+12
| | | | | | Reviewed-by: Viktor Dukhovni <viktor@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14413)
* update test/certs/ee-pathlen.pem to contain SKID and AKIDDr. David von Oheimb2021-05-051-9/+10
| | | | | | Reviewed-by: Viktor Dukhovni <viktor@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14413)
* test/certs/setup.sh: structural cleanupDr. David von Oheimb2021-05-051-41/+32
| | | | | | Reviewed-by: Viktor Dukhovni <viktor@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14413)
* Fetch cipher-wrap after loading providers.Rich Salz2021-05-051-1/+10
| | | | | | | | Use official (first) names for wrapping algorithms. Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14182)
* Fix KMAC bounds checks.Shane Lontis2021-05-051-0/+8
| | | | | | | | | | | | | | | | | Setting an output length higher than 8191 was causing a buffer overflow. This was reported by Acumen (FIPS lab). The max output size has increased to ~2M and it now checks this during set_parameters. The encoder related functions now pass in the maximum size of the output buffer so they can correctly check their size. kmac_bytepad_encode_key() calls bytepad twice in order to calculate and check the length before encoding. Note that right_encode() is currently only used in one place but this may change if other algorithms are supported (such as TupleHash). Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15106)
* testutil/load.c: Add checks for file(name) == NULLDr. David von Oheimb2021-05-041-7/+4
| | | | | Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15120)
* Add a test for the public core bio APIMatt Caswell2021-05-043-1/+124
| | | | | | | | Check that reading/writing to a core bio via BIO_new_from_core_bio() works as expected. Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15072)
* test: fix failure with FIPS and no-des configured.Pauli2021-05-041-2/+2
| | | | | Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15105)
* Fix no-fips-securitychecks test failureShane Lontis2021-05-011-0/+1
| | | | | Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15091)
* SM2 signatures work correctly only with SM3 digestsTomas Mraz2021-04-301-0/+1
| | | | | Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15074)
* acvp: fix the no-acvp_test buildPauli2021-04-302-3/+5
| | | | | | | | A pair of the disabled string checks were incorrect. Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/15082)
* Fix CRL app so that stdin works.Shane Lontis2021-04-301-1/+16
| | | | | | | | | | Fixes #15031 The maybe_stdin needed to be passed to load_key_certs_crls(). Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15058)
* remove end of line whitespacePauli2021-04-301-8/+8
| | | | | Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14434)
* Add library context and property query support into the PKCS12 APIJon Spillett2021-04-304-26/+436
| | | | | | Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14434)
* Adjust ssl_test_new for SHA1 security levelMatt Caswell2021-04-295-28/+68
| | | | | | | | | | | | | | SHA1 is now in security level 0. SHA1 is required for DTLSv1.1. Therefore ssl_test_new needed some adjustments in the event that DTLSv1.2 is disabled. There are also adjustments required if using the FIPS module and DTLSv1.2 is disabled. The only DTLS version supported by the FIPS module is DTLSv1.2. Fixes #14956 Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15047)
* Adjust sslapitest for SHA1 security levelMatt Caswell2021-04-291-0/+55
| | | | | | | | SHA1 is now in security level 0. SHA1 is required for DTLSv1.1. Therefore sslapitest needed some adjustments in the event that DTLSv1.2 is disabled. Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15047)
* Adjust dtlstest for SHA1 security levelMatt Caswell2021-04-291-0/+32
| | | | | | | | SHA1 is now in security level 0. SHA1 is required for DTLSv1.1. Therefore dtlstest needed some adjustments in the event that DTLSv1.2 is disabled. Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15047)
* Add test case for openssl crl -noout -hash outputTomas Mraz2021-04-291-1/+4
| | | | | | Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15044)
* Test a Finished message at the wrong time results in unexpected messageMatt Caswell2021-04-281-0/+74
| | | | | | | | | We test that sending a Finished message instead of a ClientHello results in an unexpected message error. Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tim Hudson <tjh@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14930)
* Add a threading test for loading/unloading providersMatt Caswell2021-04-281-1/+25
| | | | | | | | Check that we don't see any threading issues when loading/unloading a provider from multiple threads. Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15010)
* ESS: Export three core functions, clean up TS and CMS CAdES-BES usageDr. David von Oheimb2021-04-281-1/+1
| | | | | Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14601)
* Skip test_fipsload when fips is disabled.Tomas Mraz2021-04-281-0/+1
| | | | | Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com> (Merged from https://github.com/openssl/openssl/pull/15027)
* Add X509 version constants.David Benjamin2021-04-281-1/+1
| | | | | | | | | | | | | | | The X509 version APIs return the numerical values of the version numbers, which are one off from the names. This is a bit confusing. Where they don't get it wrong (accidentally making an "X509v4" certificate), callers tend to try commenting every call site to explain the mismatch, including in OpenSSL itself. Define constants for these values, so code can be self-documenting and callers are nudged towards the right values. Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14549)
* memleaktest with MSVC's AddressSanitizerKevin Cadieux2021-04-281-1/+4
| | | | | | | | | | Disabling memleaktest under MSVC because leak detection is not a supported feature with MSVC's AddressSanitizer. Leaving ASan enabled in this case causes a test failure because the test suite is expecting the leak to be detected. CLA: trivial Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14581)
* Add testing for updated cipher IVJon Spillett2021-04-289-1/+220
| | | | | | Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15041)
* Use "canonical" names when matching the output of the commandsTomas Mraz2021-04-282-3/+3
| | | | | Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15028)
* Skip GOST engine tests in out of tree buildsTomas Mraz2021-04-281-1/+3
| | | | | Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15028)
* Test that we don't have a memory leak in d2i_ASN1_OBJECT.Shane Lontis2021-04-271-0/+26
| | | | | | | | | | | Fixes #14667 Reworked test supplied by @smcpeak into a unit test. Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14938) (cherry picked from commit 7c65179ad95d0f6f598ee82e763fce2567fe5802)
* re-add pyca/cryptography testingPaul Kehrer2021-04-271-8/+8
| | | | | | | | Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15018)
* Deprecate EVP_PKEY_cmp() and EVP_PKEY_cmp_parameters().Shane Lontis2021-04-271-1/+1
| | | | | | | | | The replacement functions EVP_PKEY_eq() and EVP_PKEY_parameters_eq() already exist. Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com> (Merged from https://github.com/openssl/openssl/pull/14997)
* Fixes related to separation of DH and DHX typesShane Lontis2021-04-267-40/+191
| | | | | | | | | | | | | | | | | | | | | Fix dh_rfc5114 option in genpkey. Fixes #14145 Fixes #13956 Fixes #13952 Fixes #13871 Fixes #14054 Fixes #14444 Updated documentation for app to indicate what options are available for DH and DHX keys. DH and DHX now have different keymanager gen_set_params() methods. Added CHANGES entry to indicate the breaking change. Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14883)
* Add type_name member to provided methods and use itTomas Mraz2021-04-261-10/+23
| | | | | | | Fixes #14701 Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14898)
* TEST: correct test/recipes/30-test_evp_data/evppkey_ecdh.txtRichard Levitte2021-04-231-0/+8
| | | | | | | | | | | | | | | Some keys with groups that aren't supported by FIPS were still used for Derive stanzas, even when testing with the FIPS provider. This was due to the flaw in evp_keymgmt_util_try_import() that meant that even though the key was invalid for FIPS, it could still come through, because the imported keydata wasn't cleared on import error. With that flaw corrected, these few Derive stanzas start failing. We mitigate this by making of "offending" Derive stanzas only available with the default provider. Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> (Merged from https://github.com/openssl/openssl/pull/15008)
* test: separate some DES based tests out to permit a no-des build to workPauli2021-04-235-30/+59
| | | | | | | | | | | One of the KDFs and one of the MACs use DES as an underlying algorithm in some tests. Separate these out into their own files which are conditionally excluded. Fixes #14958 Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14975)
* test: fix test_evp_kdf when DES is disabled.Pauli2021-04-231-2/+2
| | | | | | | | Fixes #14958 Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14975)
* Runchecker fix for the no-autoerrinit buildPauli2021-04-231-1/+5
| | | | | | | | | | | In this case, there was a slight different error output format that wasn't being accounted for in the error test. Fixes #14961 Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14976)
* Runchecker: fix TLS curves test failure with no-tls1_3 optionPauli2021-04-231-1/+2
| | | | | | | | | | | | The TLS curves test strong assumes that TLS 1.2 and TLS 1.3 are present. It is only conditioned out if TLS 1.2 isn't. This changes also conditions it out if TLS 1.3 isn't present. Fixes ##14965 Reviewed-by: Ben Kaduk <kaduk@mit.edu> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14978)
* Runchecker: fix no-ec2m build which was trying to validate the e2cm curvesPauli2021-04-231-3/+8
| | | | | | | | | | The evp_extra_test program was trying to validate these curves when they were not build. Fixes #14959 Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14977)
* Trivial shortcuts for EVP_PKEY_eq()Tomas Mraz2021-04-231-7/+14
| | | | | Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14942)
* test_sslextension: skip tests that cannot work with no-tls1_2Tomas Mraz2021-04-221-20/+22
| | | | | | | Fixes runchecker failure of no-tls1_2 build. Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14955)
* Fix potential NULL dereference in OSSL_PARAM_get_utf8_string()Tomas Mraz2021-04-221-1/+1
| | | | | | | Fixes Coverity ID 1476283 Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14928)
* Update copyright yearMatt Caswell2021-04-228-8/+8
| | | | | Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14986)
* Fix typosMichaM2021-04-221-1/+1
| | | | | | | | | | | CLA: trivial Signed-off-by: MichaM <contact-micha+github@posteo.de> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14879)
generated by cgit v1.2.3 (git 2.39.1) at 2025-01-20 19:56:06 +0100