aboutsummaryrefslogtreecommitdiffstats
path: root/src/tests
Commit message (Collapse)AuthorAgeFilesLines
* Avoid (implicitly) using std::rand with std::random_shuffleJack Lloyd2017-12-231-1/+8
| | | | This causes link-time warnings on BSD and may make static analyzers angry.
* Avoid undefined behavior in SipHashJack Lloyd2017-12-231-0/+51
|
* Avoid possible null pointer derefJack Lloyd2017-12-221-2/+2
| | | | Caught with Coverity
* Enable signing X509 structures with rsa-pssFabian Weissberg2017-12-223-37/+289
|
* Avoid test failures when PKCSv1.5 signatures are disabled in buildJack Lloyd2017-12-204-10/+17
|
* Fix some shadow and unused parameter warningsJack Lloyd2017-12-201-1/+1
|
* Fix various x509 path validation bugs + path building with ambiguous DNsFabian Weissberg2017-12-20424-161/+8927
| | | | Signed-off-by: Fabian Weissberg <[email protected]>
* Correct expected PSS errorJack Lloyd2017-12-191-2/+2
|
* Merge GH #1365 Always set domain encoding correctly when loading an ECC keyJack Lloyd2017-12-191-0/+2
|\
| * Always set domain encoding correctly when loading an ECC keyRené Korthaus2017-12-191-0/+2
| | | | | | | | | | | | | | | | When loading an ECC key from file, the domain encoding was always set to explicit instead of depending on the encoded key file read. This resulted in different encodings and therefore different fingerprints of the same key when encoding the same key twice (once after generation, once after re-reading it).
* | Add accessors to ASN1_Attribute and AlgorithmIdentifierJack Lloyd2017-12-191-1/+1
|/
* Fix a bug in PEM decodingJack Lloyd2017-12-161-0/+58
| | | | | | | | If the label param was set to a non-empty string, the decoding would treat it as part of the label and then end up throwing a decoding error. The key fix here is adding the clear() call in decode. Private bug report by email. Add some basic tests for the PEM decoder.
* Fix missing comma in test runner [ci skip]Jack Lloyd2017-12-111-1/+1
| | | | | This ended up trying to run the "aeadkdf" suite first, and then the actual aead and kdf suites didn't end up running until later.
* Enable using NEON on ClangJack Lloyd2017-12-101-2/+2
| | | | | Clang doesn't like the way SIMD shifts were implemented, I guess it fails to inline the constant. Make it a template parameter instead.
* Fix seeding of test RNGJack Lloyd2017-12-061-4/+3
| | | | | If no explicit seed was provided, it ended up ignoring the timestamp derived seed.
* Add some basic tests of CPUID classJack Lloyd2017-12-061-0/+44
|
* Merge GH #1339 Add ability to query supported named groupsJack Lloyd2017-12-061-31/+15
|\
| * Add known_named_groups to EC_Group to list known curves. Fixes GX #1338.J08nY2017-12-051-31/+15
| |
* | Merge GH #1335 Support uninitialized X509 objectsJack Lloyd2017-12-052-0/+37
|\ \
| * | Need binary IO for WindowsJack Lloyd2017-12-041-1/+1
| | |
| * | Support uninitialized certificate objectsJack Lloyd2017-12-042-0/+37
| | | | | | | | | | | | | | | | | | | | | Issued raised by @securitykernel on Slack, there was no non-hacky way to decode a list of certificate objects because creating an uninitialized one wasn't allowed. However after #884 that got much closer to being viable, this is the last pieces.
* | | Simplify date conversion by avoiding OS utilitiesJack Lloyd2017-12-041-14/+14
| |/ |/| | | | | | | | | | | We have to rely on non-portable OS calls to convert UTC times, and they are not available on many systems (including Solaris and MinGW). But instead there is a simple algorithm due to Howard Hinnant that does the same job. Woo.
* | Better debug output in date conversion tests [ci skip]Jack Lloyd2017-12-041-13/+14
|/
* Add copyright statements to files modified in the preceding 2 commitsHarry Reimann2017-12-041-0/+1
|
* Make support for certificate status messages optional via policyHarry Reimann2017-12-041-0/+3
| | | | | | | | Don't postpone the verification of a server certificate if certificate status messages are not expected in client handshake. When using an external crypto device it may be necessary to verify the certificate before using the public key for verification of the signature in the server key exchange message.
* Merge GH #1302 Add PSK database interfaceJack Lloyd2017-11-261-0/+248
|\
| * PSK DatabaseJack Lloyd2017-11-261-0/+248
| |
* | Fix errors caught with tlsfuzzerJack Lloyd2017-11-261-0/+1
| | | | | | | | | | | | | | | | | | | | | | Don't send EC point format extension in server hello unless an EC suite was negotiated *and* the client sent the extension. Fix server FFDHE logic, this effectively disabled DHE ciphersuites for clients without FFDHE extension. Use unexpected_message alert in case of an unexpected message. (Previously an internal_error alert was sent.)
* | Merge #1311 Add create and create_or_throw factories for ↵Jack Lloyd2017-11-251-0/+58
|\ \ | |/ |/| | | Compression_Algorithm and Decompression_Algorithm.
| * Add create and create_or_throw factories for Compression_Algorithm and ↵Marcus Brinkmann2017-11-251-0/+58
| | | | | | | | Decompression_Algorithm.
* | Fix bzip2 compression issue.Jack Lloyd2017-11-252-22/+40
| | | | | | | | | | | | When finishing, bzip2 returns BZ_STREAM_END when it has produced all output. If we end up calling the compression routine again (even with avail_in == 0), bzip2 returns an error.
* | Add test case for bzip2 compression filter.Marcus Brinkmann2017-11-251-0/+36
|/
* Add Pipe::append_filterJack Lloyd2017-11-241-0/+13
| | | | | Similar to append but it only allows modfication before start_msg. See GH #1306
* Avoid uncontrolled recusion on indefinite length encodingsJack Lloyd2017-11-201-0/+43
| | | | | A sufficiently nested indefinite length construction would cause stack exhaustion and a crash. Found by OSS-Fuzz - issue 4353
* Add AES key wrap with paddingJack Lloyd2017-11-194-1/+715
|
* Avoid OCSPing on the Let's Encrypt CA certJack Lloyd2017-11-191-6/+2
| | | | | | Their issuing CA seems to have some performance problems with OCSP (https://github.com/letsencrypt/boulder/issues/1929) and it's currently causing timeouts in the tests.
* Optimize TwofishJack Lloyd2017-11-161-18/+2
| | | | | Interleaving two blocks is 40-50% faster for any mode that supports parallel operation.
* Fix path to cert test dataJack Lloyd2017-11-161-1/+1
|
* Move all the various X509 test data files under src/tests/data/x509Jack Lloyd2017-11-16659-41/+41
|
* Correct CAST-128 decryption with more than 1 blockJack Lloyd2017-11-161-0/+4
|
* Catch exceptions in NIST validation testsJack Lloyd2017-11-141-33/+41
|
* Fix PKCS10 subject alt name usageJack Lloyd2017-11-141-0/+5
| | | | GH #1010
* Add a test for GH #1252Jack Lloyd2017-11-143-0/+54
|
* Small cleanups in X509 testsJack Lloyd2017-11-141-22/+41
|
* Move X509_DN and AlternativeName from asn1 to x509Jack Lloyd2017-11-142-2/+3
|
* Support seeking in Salsa20Jack Lloyd2017-11-142-0/+38
| | | | Add a test that StreamCipher::seek throws if not keyed.
* rename cert containing UTF8String consistentlyRené Meusel2017-11-102-1/+1
|
* TEST: read (self signed) cert containing BMPString fieldsRené Meusel2017-11-102-0/+52
|
* Switch test code to use big-endian UCS2/UCS4Jack Lloyd2017-11-091-13/+11
| | | | | | Specifications are somewhat unclear but as best I can tell only big-endian codepoints are allowed and that follows OpenSSL and GnuTLS behavior.
* Remove use of transcodeJack Lloyd2017-11-091-21/+14
|
generated by cgit v1.2.3 (git 2.39.1) at 2024-12-26 19:55:10 +0000