summaryrefslogtreecommitdiff
path: root/tests
Commit message (Collapse)AuthorAgeFilesLines
* base64: minor improvements in OOM handling and test suiteNikos Mavrogiannopoulos2019-11-291-0/+6
| | | | Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* gnutls_base64_decode2() succeeds decoding the empty stringNikos Mavrogiannopoulos2019-11-281-6/+6
| | | | | | | | | This is a behavioral change of the API but it conforms to the RFC4648 expectations. Resolves: #834 Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* Revert "tests: ignore datefudge-check check when running on command line"Nikos Mavrogiannopoulos2019-11-271-3/+3
| | | | | | | | This commit was breaking CI on FreeBSD systems. This reverts commit 1fe4f8e289d666979618fbb909983ac05aad11ac. Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* certtool: always include the CRL distribution points on CAsNikos Mavrogiannopoulos2019-11-253-1/+44
| | | | | | | | | Previously we would omit the CRL distribution points from a non-self signed CA certificate, even if contained in the template. Resolves: #765 Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
* tests: ignore datefudge-check check when running on command lineNikos Mavrogiannopoulos2019-11-251-3/+3
| | | | | | | That allows running the tests individually without make or setting top_builddir variable. Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
* tests: make tests pass with disabled GOST algorithmsDmitry Eremin-Solenikov2019-11-224-5/+22
| | | | Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
* prf: don't crash when called before handshake completionMiroslav Lichvar2019-11-061-0/+8
| | | | | | | If a gnutls_prf*() function is called before the handshake is completed, return GNUTLS_E_INVALID_REQUEST instead of crashing. Signed-off-by: Miroslav Lichvar <mlichvar@redhat.com>
* tests: include config.h in rawpk-api.cNikos Mavrogiannopoulos2019-10-301-0/+4
| | | | | | This seems to have impacted windows compilation. Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
* tests: global-init-override do not run in windowsNikos Mavrogiannopoulos2019-10-301-2/+3
| | | | | | It cannot be compiled in f30. Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* ecc: fix curve sizes for TC26-256 gost curvesDmitry Eremin-Solenikov2019-10-271-0/+23
| | | | | | | Fix curve size being incorrectly set to 64 instead of 32 for several GOST curves. Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
* lib: drop gnutls_uint64 usage as sequence numberDmitry Eremin-Solenikov2019-10-241-147/+124
| | | | | | | | GnuTLS is depending already on uint64_t being a properly defined type. So there is no need to have a special byte-array type for 8-byte integers. Use uint64_t instead, thus simplifying a code quite heavily. Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
* Merge branch 'gost-prf' into 'master'Nikos Mavrogiannopoulos2019-10-171-26/+30
|\ | | | | | | | | prf: add Streebog PRF support See merge request gnutls/gnutls!1088
| * prf: add Streebog (GOST R 34.11-2012) PRF supportDmitry Eremin-Solenikov2019-10-151-26/+30
| | | | | | | | | | | | | | Add support and tests for PRF generated using both Streebog versions. This is necessary for adding GOST TLS ciphersuites support. Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
* | Add const to several read-only packet sequence paramstmp-fix-coverityTim Rühsen2019-10-151-1/+1
| | | | | | | | Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>
* | tests/buffer.c: Add unit test for _gnutls_buffer_unescape()Tim Rühsen2019-10-153-1/+86
| | | | | | | | Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>
* | Merge branch 'tmp-ext-mandatory' into 'master'Nikos Mavrogiannopoulos2019-10-101-0/+17
|\ \ | | | | | | | | | | | | | | | | | | session tickets: parse extension during session resumption Closes #841 See merge request gnutls/gnutls!1087
| * | session tickets: parse extension during session resumption on client sideNikos Mavrogiannopoulos2019-10-081-0/+17
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | It is possible for a server to send a new session ticket during TLS1.2 resumption. To be able to parse it as client we need to check the extension during resumption as well. Resolves: #841 Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
* | | Merge branch 'gost-pkcs11' into 'master'Dmitry Eremin-Solenikov2019-10-101-0/+28
|\ \ \ | | | | | | | | | | | | | | | | P11tool improvements See merge request gnutls/gnutls!1071
| * | | testpkcs11.sh: test that we output mechanism flags correctlyDmitry Eremin-Solenikov2019-10-091-0/+28
| | | | | | | | | | | | | | | | | | | | | | | | Verify some of PKCS#11 mechanism flags. Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
* | | | Merge branch 'psk-file-fix' into 'master'Dmitry Eremin-Solenikov2019-10-101-1/+10
|\ \ \ \ | |/ / / |/| | | | | | | | | | | tests/psk-file: fix heizenbug in last test See merge request gnutls/gnutls!1090
| * | | tests/psk-file: fix heizenbug in last testDmitry Eremin-Solenikov2019-10-091-1/+10
| | |/ | |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | Currently last test case in psk-file expects that the server will terminate connection with fatal error and close connection. Client will receive GNUTLS_E_PUSH_ERROR error. However on slow boxes (or under qemu) client is able to receive server's fatal alert thus returning unexpected error. To make this behaviour predictable make server wait for client to read all data and actually close connection on it's own. Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
* | | tests: correct gost server certificatesDmitry Eremin-Solenikov2019-10-081-43/+42
|/ / | | | | | | | | | | | | | | Correct GOST server certificates: - use only Digital Signature Key Usage, - use new format for 512-bit curve key and certificate. Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
* | cert-tests/gost: add certificate with new GOSTParameters structDmitry Eremin-Solenikov2019-10-074-1/+164
|/ | | | | | Add certificate example using simplified (new) GOSTParameters structure. Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
* Merge branch 'tmp-iov-fixes' into 'master'Daiki Ueno2019-10-062-50/+151
|\ | | | | | | | | gnutls_aead_cipher_{en,de}cryptv2: write back cached data to buffers See merge request gnutls/gnutls!1085
| * gnutls_aead_cipher_{en,de}cryptv2: write back cached data to bufferstmp-iov-fixesDaiki Ueno2019-10-061-6/+8
| | | | | | | | | | | | | | | | Previously, those functions failed to write the output to the buffers if the buffer length is not multiple of cipher block size. This makes sure that the cached data is always flushed. Signed-off-by: Daiki Ueno <dueno@redhat.com>
| * iov: add _gnutls_iov_iter_sync to write back cached data to iovDaiki Ueno2019-10-061-5/+56
| | | | | | | | Signed-off-by: Daiki Ueno <dueno@redhat.com>
| * iov: _gnutls_iov_iter_next: return bytes instead of blocksDaiki Ueno2019-10-061-39/+87
| | | | | | | | | | | | | | This eliminates the need of special handling of final block. Also adds more tests in exceptional cases. Signed-off-by: Daiki Ueno <dueno@redhat.com>
* | Added functional regression tests for rawpk functionality in gnutls-cli and ↵Tom Vrancken2019-10-042-1/+321
|/ | | | | | gnutls-serv. Signed-off-by: Tom Vrancken <dev@tomvrancken.nl>
* cipher-alignment: migrate LDADD/CFLAGS after renameAndreas Metzler2019-09-301-2/+2
| | | | | | Test was renamed from mini-alignment to cipher-alignment. Signed-off-by: Andreas Metzler <ametzler@bebt.de>
* certtool: ensure that PKCS#8 file does not contain key descriptionNikos Mavrogiannopoulos2019-09-282-0/+25
| | | | | | Resolves: #840 Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
* Merge branch 'gost-attrs' into 'master'Dmitry Eremin-Solenikov2019-09-283-1/+100
|\ | | | | | | | | x509: add support for Russian extensions defined for qualified certificate See merge request gnutls/gnutls!1075
| * x509: add support for Russian extensions defined for qualified certificateDmitry Eremin-Solenikov2019-09-283-1/+100
| | | | | | | | Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
* | Merge branch 'kx-neg-verbose' into 'master'Nikos Mavrogiannopoulos2019-09-281-0/+13
|\ \ | | | | | | | | | | | | tests: add verbose logging to server-kx-neg tests See merge request gnutls/gnutls!1078
| * | tests: add verbose logging to server-kx-neg testsDmitry Eremin-Solenikov2019-09-281-0/+13
| | | | | | | | | | | | | | | | | | Add support for verbose logging to tls*-server-kx-neg tests. Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
* | | Merge branch 'tmp-ocsp-fixes' into 'master'Nikos Mavrogiannopoulos2019-09-286-1/+311
|\ \ \ | |/ / |/| | | | | | | | | | | | | | ocsp: test suite and doc improvements Closes #836 See merge request gnutls/gnutls!1066
| * | tests: added server side OCSP checkNikos Mavrogiannopoulos2019-09-202-0/+111
| | | | | | | | | | | | | | | | | | | | | | | | | | | This checks whether gnutls_ocsp_status_request_is_checked() is functional on server-side verification. Relates: #829 Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
| * | tests: added server-side verification testNikos Mavrogiannopoulos2019-09-202-1/+161
| | | | | | | | | | | | | | | | | | | | | This tests gnutls_certificate_verify_peers2() operation in server side. Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
| * | gnutls_ocsp_status_request_is_checked: added tests in client sideNikos Mavrogiannopoulos2019-09-203-0/+39
| | | | | | | | | | | | | | | | | | This ensures that this function has functional tests. Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
* | | Merge branch 'tmp-supported-versions' into 'master'Daiki Ueno2019-09-271-0/+7
|\ \ \ | | | | | | | | | | | | | | | | | | | | | | | | ext/supported_versions: reorder client precedence if necessary Closes #837 See merge request gnutls/gnutls!1074
| * | | ext/supported_versions: reorder client precedence if necessaryDaiki Ueno2019-09-271-0/+7
| | |/ | |/| | | | | | | | | | | | | | | | | | | If the client advertises TLS < 1.2 before TLS 1.3 and the server is configured with TLS 1.3 enabled, the server should select TLS 1.3; otherwise the client will disconnect when seeing downgrade sentinel. Signed-off-by: Daiki Ueno <dueno@redhat.com>
* | | gnutls_session_get_data2: fix operation without a timeout callbackNikos Mavrogiannopoulos2019-09-262-1/+147
|/ / | | | | | | | | | | | | | | | | | | | | | | | | When TLS1.3 was introduced, gnutls_session_get_data2 was modified to assume that the callbacks set included the timeout one which was not previously necessary except for some special cases. This corrects that issue and makes sure that gnutls_session_get_data2() does not fail (but not necessarily succeed), if that timeout callback is not set. Resolves: #823 Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* | tests: cipher-alignment: ensure cipher registrationNikos Mavrogiannopoulos2019-09-231-1/+6
| | | | | | | | | | | | | | | | That is, ensure that the registered cipher is called at least once in the program. That is, to make this test fail if the registration API ever become deprecated/no-op. Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* | tests: mini-alignment moved to modern nettle APINikos Mavrogiannopoulos2019-09-232-14/+9
| | | | | | | | | | | | | | | | | | That is, it no longer uses the deprecated API, and it is also removed to cipher-alignment for clarity. Resolves: #835 Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* | pkcs11-mock: updated license based on upstream project [ci skip]Nikos Mavrogiannopoulos2019-09-202-20/+31
|/ | | | | | | | | Based on the relicense of the original project: https://github.com/Pkcs11Interop/pkcs11-mock Applied in commit: 8751256956e414c1b0a30414831f5083afbf64bf Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* tlsfuzzer: enable atypical padding checkNikos Mavrogiannopoulos2019-09-134-18/+32
| | | | | | | | | | The atypical padding check is complementary to the existing GnuTLS 2.12.x interop test. This commit also upgrades to the latest version, and adds new TLS1.3 tests as well. Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* tests: check interoperability testing with gnutls 2.12.x and SHA256Nikos Mavrogiannopoulos2019-09-061-2/+14
| | | | Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* tests: added interoperability test with gnutls 2.12.xNikos Mavrogiannopoulos2019-09-012-0/+194
| | | | | | This enables this test in debian build. Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
* crypto-api: add gnutls_aead_cipher_{en,de}cryptv2tmp-encryptv2Daiki Ueno2019-08-092-1/+124
| | | | | | | This adds an in-place equivalent of gnutls_aead_cipher_encrypt() and gnutls_aead_cipher_decrypt(), that works on data buffers. Signed-off-by: Daiki Ueno <dueno@redhat.com>
* iov: add iterator interface for giovec_tDaiki Ueno2019-08-092-1/+175
| | | | | | | This adds an iterator interface over giovec_t array, extracting a fixed sized block. Signed-off-by: Daiki Ueno <dueno@redhat.com>
* nettle: prohibit deterministic ECDSA/DSA under FIPS except selfteststmp-deterministic-ecdsaDaiki Ueno2019-08-081-7/+20
| | | | Signed-off-by: Daiki Ueno <dueno@redhat.com>
View Lorry Controller Status