summaryrefslogtreecommitdiffstats
path: root/test/recipes (follow)
Commit message (Collapse)AuthorAgeFilesLines
* KMAC implementation using EVP_MACShane Lontis2018-11-131-0/+86
| | | | | | Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/7597)
* Fix SipHash init order.Richard Levitte2018-11-121-1/+1
| | | | | | | | | | | | | | | | Setting the SipHash hash size and setting its key is done with two independent functions... and yet, the internals depend on both. Unfortunately, the function to change the size wasn't adapted for the possibility that the key was set first, with a different hash size. This changes the hash setting function to fix the internal values (which is easy, fortunately) according to the hash size. evpmac.txt value for digestsize:8 is also corrected. Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/7613)
* Unbreak SECLEVEL 3 regression causing it to not accept any ciphers.Tomas Mraz2018-11-101-1/+1
| | | | | | Reviewed-by: Kurt Roeckx <kurt@roeckx.be> Reviewed-by: Richard Levitte <levitte@openssl.org> GH: #7391
* Test: enable internal tests for shared Windows buildsDr. Matthias St. Pierre2018-11-0813-39/+0
| | | | | Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/7462)
* Add poly1305 MAC supportPaul Yang2018-11-051-0/+20
| | | | | | | This is based on the latest EVP MAC interface introduced in PR #7393. Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/7459)
* GMAC implementationPauli2018-11-041-0/+69
| | | | | | | Remove GMAC demo program because it has been superceded by the EVP MAC one Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/7548)
* Have a couple of SipHash test uses the EVP_PKEY methodRichard Levitte2018-10-301-1/+9
| | | | | Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/7494)
* EVP_MAC: Add SipHash implementationRichard Levitte2018-10-301-1/+1
| | | | | Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/7494)
* Make sure at least one HMAC test still uses the EVP_PKEY methodRichard Levitte2018-10-301-1/+1
| | | | | Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/7483)
* Make sure at least one CMAC test still uses the EVP_PKEY methodRichard Levitte2018-10-301-1/+1
| | | | | Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/7484)
* test/evp_test.c: don't misuse pkey_test_ctrl() in mac_test_run()Richard Levitte2018-10-291-2/+1
| | | | | | | | | | | | | | | | | pkey_test_ctrl() was designed for parsing values, not for using in test runs. Relying on its returned value when it returned 1 even for control errors made it particularly useless for mac_test_run(). Here, it gets replaced with a MAC specific control function, that parses values the same way but is designed for use in a _run() rather than a _parse() function. This uncovers a SipHash test with an invalid control that wasn't caught properly. After all, that stanza is supposed to test that invalid control values do generate an error. Now we catch that. Reviewed-by: Tim Hudson <tjh@openssl.org> (Merged from https://github.com/openssl/openssl/pull/7500)
* Refactor util/mkdef.pl for clearer separation of functionalityRichard Levitte2018-10-031-2/+3
| | | | | | | | | | | Move the .num updating functionality to util/mknum.pl. Rewrite util/mkdef.pl to create .def / .map / .opt files exclusively, using the separate ordinals reading module. Adapt the build files. Adapt the symbol presence test. Reviewed-by: Tim Hudson <tjh@openssl.org> (Merged from https://github.com/openssl/openssl/pull/7191)
* FIPS 140-2 IG A.9 XTS key check.Pauli2018-09-121-0/+1
| | | | | | | | | | Add a check that the two keys used for AES-XTS are different. One test case uses the same key for both of the AES-XTS keys. This causes a failure under FIP 140-2 IG A.9. Mark the test as returning a failure. Reviewed-by: Tim Hudson <tjh@openssl.org> (Merged from https://github.com/openssl/openssl/pull/7120)
* Update copyright yearMatt Caswell2018-09-117-7/+7
| | | | | Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/7176)
* TESTS: add test of decoding of invalid zero length ASN.1 INTEGER zeroRichard Levitte2018-09-091-0/+12
| | | | | | | | Confirms #7134 Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/7153)
* TESTS: add SipHash tests with digestsize controlsRichard Levitte2018-09-091-0/+32
| | | | | | | Confirms #7143 Reviewed-by: Tim Hudson <tjh@openssl.org> (Merged from https://github.com/openssl/openssl/pull/7154)
* Do not reset SNI data in SSL_do_handshake()Matt Caswell2018-09-071-2/+6
| | | | | | | | | | | | | | | | | PR #3783 introduce coded to reset the server side SNI state in SSL_do_handshake() to ensure any erroneous config time SNI changes are cleared. Unfortunately SSL_do_handshake() can be called mid-handshake multiple times so this is the wrong place to do this and can mean that any SNI data is cleared later on in the handshake too. Therefore move the code to a more appropriate place. Fixes #7014 Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Viktor Dukhovni <viktor@openssl.org> Reviewed-by: Ben Kaduk <kaduk@mit.edu> (Merged from https://github.com/openssl/openssl/pull/7149)
* Fix HMAC SHA3-224 and HMAC SHA3-256.Pauli2018-09-041-0/+36
| | | | | | | | | | Added NIST test cases for these two as well. Additionally deprecate the public definiton of HMAC_MAX_MD_CBLOCK in 1.2.0. Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/6972)
* Make OBJ_NAME case insensitive.Pauli2018-09-032-1/+56
| | | | | Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/7089)
* [test] throw error from wrapper function instead of an EC_METHOD specific oneBilly Brumley2018-09-032-85/+85
| | | | | | Reviewed-by: Paul Dale <paul.dale@oracle.com> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/7028)
* [test] ECC: make sure negative tests pass for the right reasonsBilly Brumley2018-09-032-0/+170
| | | | | | Reviewed-by: Paul Dale <paul.dale@oracle.com> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/7028)
* Don't detect a downgrade where the server has a protocol version holeMatt Caswell2018-08-221-4/+11
| | | | | Reviewed-by: Viktor Dukhovni <viktor@openssl.org> (Merged from https://github.com/openssl/openssl/pull/7013)
* Test that a client protocol "hole" doesn't get detected as a downgradeMatt Caswell2018-08-221-1/+11
| | | | | Reviewed-by: Viktor Dukhovni <viktor@openssl.org> (Merged from https://github.com/openssl/openssl/pull/7013)
* Replace GFp ladder implementation with ladd-2002-it-4 from EFDNicola Tuveri2018-08-211-0/+237
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The EFD database does not state that the "ladd-2002-it-3" algorithm assumes X1 != 0. Consequently the current implementation, based on it, fails to compute correctly if the affine x coordinate of the scalar multiplication input point is 0. We replace this implementation using the alternative algorithm based on Eq. (9) and (10) from the same paper, which being derived from the additive relation of (6) does not incur in this problem, but costs one extra field multiplication. The EFD entry for this algorithm is at https://hyperelliptic.org/EFD/g1p/auto-shortw-xz.html#ladder-ladd-2002-it-4 and the code to implement it was generated with tooling. Regression tests add one positive test for each named curve that has such a point. The `SharedSecret` was generated independently from the OpenSSL codebase with sage. This bug was originally reported by Dmitry Belyavsky on the openssl-users maling list: https://mta.openssl.org/pipermail/openssl-users/2018-August/008540.html Co-authored-by: Billy Brumley <bbrumley@gmail.com> Reviewed-by: Andy Polyakov <appro@openssl.org> Reviewed-by: Tim Hudson <tjh@openssl.org> (Merged from https://github.com/openssl/openssl/pull/7000)
* Change Post Handshake auth so that it is opt-inMatt Caswell2018-08-201-1/+1
| | | | | | | | | | | | Having post handshake auth automatically switched on breaks some applications written for TLSv1.2. This changes things so that an explicit function call is required for a client to indicate support for post-handshake auth. Fixes #6933. Reviewed-by: Tim Hudson <tjh@openssl.org> (Merged from https://github.com/openssl/openssl/pull/6938)
* test/recipes/30-test_evp_data: fix two typosDr. Matthias St. Pierre2018-08-182-2/+2
| | | | | Reviewed-by: Tim Hudson <tjh@openssl.org> (Merged from https://github.com/openssl/openssl/pull/7001)
* Fix a bug in test_sslversionsMatt Caswell2018-08-151-0/+1
| | | | | | | | The TLSv1.4 tolerance test wasn't testing what we thought it was. Reviewed-by: Ben Kaduk <kaduk@mit.edu> Reviewed-by: Tim Hudson <tjh@openssl.org> (Merged from https://github.com/openssl/openssl/pull/6741)
* Turn on TLSv1.3 downgrade protection by defaultMatt Caswell2018-08-151-4/+0
| | | | | | Reviewed-by: Ben Kaduk <kaduk@mit.edu> Reviewed-by: Tim Hudson <tjh@openssl.org> (Merged from https://github.com/openssl/openssl/pull/6741)
* Update code for the final RFC version of TLSv1.3 (RFC8446)Matt Caswell2018-08-152-6/+2
| | | | | | Reviewed-by: Ben Kaduk <kaduk@mit.edu> Reviewed-by: Tim Hudson <tjh@openssl.org> (Merged from https://github.com/openssl/openssl/pull/6741)
* Add SHA3 HMAC test vectors from NIST.Pauli2018-08-151-0/+45
| | | | | Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/6963)
* Add a test for TLSv1.3 fallbackMatt Caswell2018-08-091-11/+31
| | | | | | Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/6894)
* Add a test for unencrypted alertMatt Caswell2018-08-081-0/+56
| | | | | | | | Test that a server can handle an unecrypted alert when normally the next message is encrypted. Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/6887)
* Add test for DSA signatures of raw digests of various sizesBryan Donlan2018-07-291-1/+2
| | | | | | Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Andy Polyakov <appro@openssl.org> (Merged from https://github.com/openssl/openssl/pull/6749)
* Validate legacy_versionMatt Caswell2018-07-201-5/+13
| | | | | | | | | | The spec says that a client MUST set legacy_version to TLSv1.2, and requires servers to verify that it isn't SSLv3. Fixes #6600 Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/6747)
* Add a test for mismatch between key OID and sig algMatt Caswell2018-07-181-17/+43
| | | | | Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/6732)
* Skip the GOST test where appropriateMatt Caswell2018-07-171-1/+5
| | | | | | | | | The GOST ciphers are dynamically loaded via the GOST engine, so we must be able to support that. The engine also uses DSA and CMS symbols, so we skip the test on no-dsa or no-cms. Reviewed-by: Tim Hudson <tjh@openssl.org> (Merged from https://github.com/openssl/openssl/pull/6730)
* test/.../evppkey.txt: X25519 regression test vectors.Andy Polyakov2018-07-151-0/+38
| | | | | Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/6699)
* Add a GOST testMatt Caswell2018-07-136-0/+84
| | | | | | | Test that we never negotiate TLSv1.3 using GOST Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/6650)
* Add tests for the "req" command, -addext flagRich Salz2018-07-091-15/+19
| | | | | | | Also fixed a memory leak found by the test. Reviewed-by: Andy Polyakov <appro@openssl.org> (Merged from https://github.com/openssl/openssl/pull/6681)
* Reject duplicate -addext parametersRich Salz2018-07-061-1/+12
| | | | | Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/6636)
* Tests for MD5-SHA1 combined digest.Pauli2018-07-041-0/+14
| | | | | Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/6642)
* More EVP ECC testing: positive and negativeBilly Brumley2018-06-292-1/+4367
| | | | | | | | | | | | | | | | | | | | | | | | | | 1. For every named curve, two "golden" keypair positive tests. 2. Also two "golden" stock ECDH positive tests. 3. For named curves with non-trivial cofactors, additionally two "golden" ECC CDH positive tests. 4. For named curves with non-trivial cofactors, additionally two negative tests. There is some overlap with existing EVP tests, especially for the NIST curves (for example, positive testing ECC CDH KATs for NIST curves). "Golden" here means all the values are independent from OpenSSL's ECC code. I used sage to calculate them. What comes from OpenSSL is: 1. The OIDs (parsed by tooling) 2. The curve parameters (parsing ecparam output with tooling) The values inside the PEMs (private keys, public keys) and shared keys are from sage. The PEMs themselves are the output of asn1parse, with input taken from sage. Reviewed-by: Andy Polyakov <appro@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/6608)
* recipes/90-test_shlibload.t: disable tests on AIX till further notice.Andy Polyakov2018-06-221-0/+1
| | | | | Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/6487)
* [crypto/ec] don't assume points are of order group->orderBilly Brumley2018-06-211-0/+29
| | | | | | Reviewed-by: Paul Dale <paul.dale@oracle.com> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/6535)
* Move SM2 algos to SM2 specific PKEY methodJack Lloyd2018-06-191-0/+10
| | | | | | | | Use EVP_PKEY_set_alias_type to access Reviewed-by: Andy Polyakov <appro@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/6443)
* Improve use of the test framework in the SM2 internal testsMatt Caswell2018-06-042-21/+2
| | | | | | | Also general clean up of those tests Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/6386)
* Add test recipes for internal SM2 testsMatt Caswell2018-06-042-0/+38
| | | | | Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/6386)
* OSSL_STORE: don't test file: URIs on MingwRichard Levitte2018-05-301-7/+18
| | | | | | | | | | | | Under a mingw shell, the command line path conversion either mangles file: URIs to something useless (file;C:\...) or not at all (which can't be opened by the Windows C RTL unless we're really lucky), so we simply skip testing them in that environment. Fixes #6369 Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/6376)
* Update copyright yearMatt Caswell2018-05-291-1/+1
| | | | | Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/6371)
* Save and restore the Windows error around TlsGetValue.David Benjamin2018-05-231-0/+12
| | | | | | | | | | | | | | TlsGetValue clears the last error even on success, so that callers may distinguish it successfully returning NULL or failing. This error-mangling behavior interferes with the caller's use of GetLastError. In particular SSL_get_error queries the error queue to determine whether the caller should look at the OS's errors. To avoid destroying state, save and restore the Windows error. Fixes #6299. Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/6316)
generated by cgit v1.2.3 (git 2.39.1) at 2024-12-19 13:56:11 +0100