src - OpenBSD base system

Age	Commit message (Collapse)	Author
2020-10-16	Add an explicit cast to make this test compile and pass with gcc.	Theo Buehler
	gcc emits a signed vs unsigned comparison warning which breaks the build due to -Werror.
2020-10-15	Test DTLS timeouts and retransmissions by dropping specific messages.	Joel Sing
	Provide a BIO that can drop specific messages in order to trigger and test DTLS timeouts and retransmissions. Note that the SSL buffering BIO (bbio) has to be removed to ensure that handshake messages are sent individually. This would have detected the recent DTLS breakage with retransmissions for a flight that includes a CCS.
2020-10-15	Improve poll and event handling.	Joel Sing
	In particular, ensure we clear events when the client or server side has completed and fix timeouts to ensure we use a non-zero timeout if present.
2020-10-14	Hook up dtls regress.	Joel Sing

2020-10-14	Add regress tests for DTLS.	Joel Sing
	Test the operation of a DTLS client and server, with and without cookies, using the default MTU and a specifically lowered MTU. Further regress tests will be built on this to exercise other parts of the DTLS code base (such as retransmission, fragmentation and reassembly).
2020-10-12	avoid two overlong lines and drop an unused printf argument	Theo Buehler

2020-10-11	No longer need to cast away const in srtp_find_profile_by_name()	Theo Buehler

2020-10-11	Update regress for method changes.	Joel Sing

2020-10-11	Unbreak regress following SRTP_PROTECTION_PROFILE const change.	Joel Sing

2020-10-10	Don't leak bundle_file and cert_file paths at the end.	Theo Buehler

2020-10-08	Read cert.pem once and reuse it instead of reading it twice per test cert	Theo Buehler
	chain. It only takes a few dozens of ms to read it, but doing this 7290 times adds up to a few minutes run time. This way, the test completes in a handful of seconds. Diagnosed by jsing, ok beck
2020-10-07	zap trailing whitespace	Theo Buehler

2020-10-07	add arguments to skip a bunch of x448 tests	Theo Buehler

2020-10-07	Hook up tlslegacy regress.	Joel Sing

2020-10-07	Add regress tests for switching from the new TLS stack to the legacy stack.	Joel Sing
	This includes a test where the server response includes multiple handhshake messages in the single TLS plaintext record (which would have caught the bug just fixed in tls13_legacy.c).
2020-10-06	Use std=gnu99 to be able to build the tests with both base clang and gcc.	Martin Pieuchot

2020-10-03	KNF	Theo Buehler

2020-10-03	typo	Theo Buehler

2020-10-02	spelling, punctuation, whitespace	Theo Buehler

2020-10-02	Add possibility to link and run this test against the OpenSSL 1.1.1 package	Theo Buehler
	using the make variable EOPENSSL11. Suggested by jsing
2020-10-02	Use += and ?= and tidy up whitespace	Theo Buehler

2020-10-02	Tidy up: no need to link statically against libcrypto and no need	Theo Buehler
	to look at its private headers either.
2020-10-02	Make this test compile against OpenSSL 1.1	Theo Buehler
	The X509_STORE_CTX struct is opaque in OpenSSL 1.1. To avoid reaching inside it, reuse the trusted certificate store that was just assigned to it and use X509_STORE_CTX_get0_param(3) to access the verification parameters.
2020-09-25	move test-tls13-finished.py from slow tests to normal tests.	Theo Buehler

2020-09-25	test-tls13-finished.py has 70 failing tests that expect a "decode_error"	Theo Buehler
	instead of the "decrypt_error" sent by tls13_server_finished_recv(). Both alerts appear to be reasonable in this context, so enable the tests while working around this.
2020-09-25	delete a stale comment	Theo Buehler

2020-09-21	1) Move the interop tests to the end so we see tlsfuzzer first	Bob Beck
	2) Reorder the interop tests so the really slow "cert" test is at the end 3) Change the cert tests to use REGRESS_SLOW_TARGETS when testing combination of client and server that does not involve libressl. This way we can skip testing openssl to openssl11 when running these manually by setting REGRESS_SKIP_SLOW to "yet" in mk.conf ok jsing@
2020-09-21	move a misplaced 'goto done;' so that all invalid uris are tested	Theo Buehler

2020-09-21	add a few short invalid URIs in test_constraints1() that cause early	Theo Buehler
	failure of x509_constraints_uri_host() in x509_constraints_uri()
2020-09-20	Correct a 1 byte read overflow in x509_contraints_uri and add	Bob Beck
	regress to catch it in the future. found by Guido Vranken's cryptofuzzer ok tb@
2020-09-18	Move variable declaration to beginning of scope in order to make this	Theo Buehler
	test compile and pass on sparc64.
2020-09-18	make this test compile and pass on sparc64 by moving variable declarations	Theo Buehler
	to the beginning of the respective scopes (and out of for loops)
2020-09-18	move variable declaration up to top to make this compile and pass	Theo Buehler
	on sparc64
2020-09-18	Use void function argument to appease gcc 4.2.1	Theo Buehler

2020-09-18	fix "warning: value computed is not used"	Theo Buehler
	Add a cast to tell gcc 4.2.1 that the return value is deliberately ignored. This makes the test compile and pass on sparc64.
2020-09-18	fix "warning: function declaration isn't a prototype"	Theo Buehler
	Make tests compile and pass on sparc64 with gcc 4.2.1 by properly declaring "static int foo()" as "static int foo(void)".
2020-09-18	zap redundant line	Theo Buehler

2020-09-18	hook symbols test to regress	Theo Buehler

2020-09-18	Check availability of the symbols in Symbols.list	Theo Buehler
	This regress parses Symbols.list and pulls all public headers out of libcrypto's Makefile to generate a simple program that uses all public symbols. A number of symbols need to be declared extern since they are unavailable in public headers and a handful must be skipped since they are apparently architecture dependent. This would have caught the recent breakage due to the accidental removal of the NAME_CONSTRAINTS_check() function and points out a number of places where cleanup may happen in the future. discussed with beck
2020-09-16	Add cipher set tests with empty SSL_set_ciphersuites().	Joel Sing

2020-09-16	Correct cipher_set_test() when run on a machine without AES acceleration.	Joel Sing
	Noted by bcook@ and inoguchi@ while working on portable.
2020-09-16	Make cipher_set_test() log failures and continue, rather than aborting.	Joel Sing

2020-09-15	Test botan TLS client with libressl, openssl, openssl11 server.	Alexander Bluhm

2020-09-14	Change the known output to be the expected output, so that we	Bob Beck
	no longer ignore the expected failures from the legacy name constraints validation, and will have a regress failure if we regress.
2020-09-14	Use a fixed validation time in these tests so we never	Bob Beck
	have to re-generate these certificates and this should just keep working even if the certs get old
2020-09-14	Connect a client to a server. Both can be current libressl, or	Alexander Bluhm
	openssl 1.0.2, or openssl 1.1. Pin client or server to a fixed TLS version number. Incompatible versions must fail. Check that client and server have used correct version by grepping in their session print out.
2020-09-13	Add regress for SSL_{CTX_,}set_ciphersuites().	Joel Sing

2020-09-13	Add new x509 certificate chain validator in x509_verify.c	Bob Beck
	The new validator finds multiple validated chains to handle the modern PKI cases which may frequently have multiple paths via different intermediates to different roots. It is loosely based on golang's x509 validator This includes integration so that the new validator can be used via X509_verify_cert() as well as a new api x509_verify() which will return multiple chains (similar to go). The new validator is not enabled by default with this commit, this will be changed in a follow on commit. The new public API is not yet exposed, and will be finalized and exposed with a man page and a library minor bump later. ok tb@ inoguchi@ jsing@
2020-09-12	If CPU does not support AES-NI, LibreSSL TLS 1.3 client prefers	Alexander Bluhm
	chacha-poly over aes-gcm. Expect both fallbacks for non 1.3 ciphers.
2020-09-12	remove unused include that breaks regress	Bob Beck