| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
| |
Various configurations would fail build or test, fix that.
|
|
|
|
| |
No real bugs, but pointed out some odd constructs and duplicated logic
|
|
|
|
| |
GH #1708
|
|
|
|
| |
Introduced in 3657639ab. Add a test that would have caught this
|
| |
|
| |
|
| |
|
|
|
|
|
| |
Clearing server side state doesn't help because we resume with
a session ticket.
|
|
|
|
|
|
| |
Leaves unit_tls.cpp for the handshake level tests.
Add some basic tests of the string<->enum conversions in tls_algos.h
|
|
|
|
| |
Adds support for PSS signatures (currently verifying only).
|
|
|
|
| |
Previously if the policy changed we'd continue to resume. #1431
|
| |
|
| |
|
| |
|
| |
|
|
|
|
| |
GH #1423
|
| |
|
|
|
|
|
|
|
|
| |
Don't postpone the verification of a server certificate if certificate
status messages are not expected in client handshake. When using an
external crypto device it may be necessary to verify the certificate
before using the public key for verification of the signature in the
server key exchange message.
|
|
|
|
| |
Tested against OpenSSL master
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
|
|
|
|
|
| |
If DSA was disabled, caused memory corruption/crashes due to combination of
uninitialized object and the tests not checking return values as carefully
as they should.
|
| |
|
| |
|
| |
|
| |
|
| |
|
|
|
|
|
| |
As long as we support DSS ciphersuites, we should test them,
even if they're deprecated.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Based on build output sent by @noloader.
If RLIMIT_MEMLOCK is not defined, assume regular user is not able to
call mlock. This probably also affected Clang/GCC on Solaris.
Work around resolution issue in SIMD_4x32 where it finds ambiguity
between arg taking uint32_t and __m128i. This is probably some
artifact of how SunCC represents vector types, and seems highly bogus
in general but is easy to work around here. Change constructor taking
a single value to instead be `SIMD_4x32::splat` function. The SIMD
class is internal, so no API implications.
Fix various warnings about lambda functions that were missing return
types and which were not a single return statement. AIUI C++11 doesn't
guarantee that lambda return type will be deduced in that situation,
though in practice every compiler including SunCC seems to handle it.
Disable AVX2 usage, since SunCC's intrinsics seem to be broken - its
_mm_loadu_si256 takes non-const pointer.
Rename a few variables in the tests to avoid shadowed var warnings.
|
| |
|
|
|
|
| |
GH #798
|
|
|
|
|
| |
Moves BSI policy file to test data dir where it can be compared with
what the hardcoded class outputs.
|
|
|
|
|
| |
Initially planned, then decided to skip because supporting it requires
more changes to the TLS handshake code than I want to do right now.
|
|
|
|
|
|
| |
Clean up the ciphersuite generation script a bit.
[ci skip]
|
| |
|
|
|
|
|
|
| |
Disabling SHA-256 in TLS 1.1/1.2 has the effect of disabling the Camellia
ECDH ciphersuites. So the test policy ended up with an empty ciphersuite
list, when negotiating older versions.
|
|
|
|
|
|
| |
Renames a couple of functions for somewhat better name consistency,
eg make_u32bit becomes make_uint32. The old typedefs remain for now
since probably lots of application code uses them.
|
|
|
|
| |
Reported by @neverhub in GH #758 found by libFuzzer
|
| |
|
|\
| |
| |
| |
| |
| | |
Splits up path validation into several sub-functions for easier testing
and creating customized validation code. Much improved OCSP handling
and OCSP tests.
|
| |
| |
| |
| | |
Create empty CRLs so that revocation information is available.
|
| |
| |
| |
| |
| |
| | |
It is the only function in C_M which is called on to process session-specific
(and adversarially provided) inputs, rather than passively returning some credential
which is typically not session specific.
|
|/ |
|
| |
|
|\ |
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Tested against BoringSSL (as client + server) and google.com (as client).
Fix a stupid crashing bug in NewHope's BoringSSL mode.
Remove unneeded error return from curve25519_donna - always returned 0.
Default policy prefers ChaChaPoly1305 over GCM and CECPQ1 over ECDH/DH, which
means the default no-extra-configuration ciphersuite (for Botan client speaking
to Botan server) is a ciphersuite which is both implemented in constant time
on all platforms and (hopefully) provides post quantum security. Good Things.
|