| Age | Commit message (Collapse) | Author |
|---|
|
|
|
This one covers the silly minuses between the hexdump and the ASCII dump
when dumping eight bytes per line.
|
|
|
|
Some software relies on SSL_shutdown() returning 0 (indicating close-notify
sent) before returning 1 on a subsequent call (indicating close-notify sent
and received). It is worth noting that there is no guarantee that this will
occur in normal operation, as the peer could send a close-notify prior to
SSL_shutdown() being called.
This is currently failing for TLSv1.3.
|
|
|
|
OBJ_NAME_do_all()
|
|
|
|
|
|
This tests and codifies the behaviour of SSL_shutdown() with respect to
SSL_quiet_shutdown() and SSL_set_shutdown(). For now, only the legacy stack
(TLSv1.2) is tested, as there are currently some subtle differences with
the TLSv1.3 stack.
|
|
|
|
|
|
|
|
This is a minimal test for an API that will be removed in a subsequent
commit.
|
|
|
|
Validate that every alias resolves to a non-alias in one step and that
non-aliases have pkey_id == pkey_base_id, an info string and a pem_str.
They can be looked up by their pkey_id or pem_str.
Conversely, all these are false for aliases.
|
|
|
|
|
|
Engines are no longer a thing.
Discussed with tb@
|
|
|
|
This currently only covers Ed25519 using the c2sp-testvectors package
and checks that our Ed25519 implementation behaves as expected from a
"ref10" implementation.
This test has Go and c2sp-testvectors as a hard dependency. It will
optionally pick up any OpenSSL package installed on the system and
test that as well.
https://github.com/C2SP/CCTV
https://github.com/C2SP/CCTV/tree/main/ed25519
|
|
If it wasn't for security/xca, all of the ASN1_STRING_TABLE API would
hit the attic before long. API design by a trained professional...
The table can at least be made immutable, which in turn makes this test
entirely pointless.
|
|
This is already included in the typedef (yuck) and makes some Windows
compilers unhappy.
|
|
|
|
|
|
|
|
|
|
While this may seem a bit out of place since is an objects API by name,
it really is about EVP. Plus, we want to leverage some things we already
needed for the EVP_*do_all() API (which currently wraps OBJ_NAME_do_all*
but that will change soon).
|
|
|
|
|
|
But do away with the OPENSSL_NO_ENGINE dance.
|
|
|
|
|
|
This silences lots of K&R warning noise.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
The hex decoding is only done from the JSON files provided by the
wycheproof-testvectors package. Failure is always fatal. So there
is no need for repeated error checks, and we can use an ergonomic
wrapper.
Also rework the calculation of the message digest from input data
this had a similar deficit.
All in all this shaves off about 10% of the code and removes a lot
of tedious repetition.
|
|
|
|
|
|
This simplifies and unifies a lot of error messages.
|
|
The determination of the test group type and the JSON unmarshalling can be
done before the closure without performance impact. This is more readable
and eliminates the need of a temporary variable again.
Suggested by jsing
|
|
This factors another ugly switch into a helper function. This should
probably become a map eventually, but for now keep things straightforward.
|
|
This allows us to use a simpler way of running the individual test groups
and gets rid of an ugly mostly copy-pasted switch inside a closure.
|
|
These used the wycheproofTestGroupAead type but an upcoming change requires
to change this. Introduce the aliases now to make the next diff cleaner.
|
|
Due to Go's idiosyncratic semantics of for loops, tests would only run
some of the test groups in the JSON file because by the time the closure
is called, the array index could be changed. For example, on fast 8 core
machines, the CMAC tests would run the last test group with key size 320
eight times rather than each of the eight test groups once.
Make a copy of the pointer before passing it to the closure to avoid this
issue.
Simpler version of my initial fix from jsing
|
|
|
|
|
