summaryrefslogtreecommitdiff
path: root/test
Commit message (Collapse)AuthorAgeFilesLines
* OSSL_CMP_CTX_reinit(): fix missing reset of ctx->genm_ITAVsDr. David von Oheimb2022-11-251-2/+13
| | | | | | | | | Otherwise, further OSSL_CMP_exec_GENM_ses() calls will go wrong. Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com> (Merged from https://github.com/openssl/openssl/pull/19216)
* CMP+CRMF: fix formatting nits in crypto/, include/, and test/Dr. David von Oheimb2022-11-247-17/+13
| | | | | | | Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com> (Merged from https://github.com/openssl/openssl/pull/19230)
* Add support for KTLS zerocopy sendfile on LinuxMaxim Mikityanskiy2022-11-241-4/+13
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | TLS device offload allows to perform zerocopy sendfile transmissions. FreeBSD provides this feature by default, and Linux 5.19 introduced it as an opt-in. Zerocopy improves the TX rate significantly, but has a side effect: if the underlying file is changed while being transmitted, and a TCP retransmission happens, the receiver may get a TLS record containing both new and old data, which leads to an authentication failure and termination of connection. This effect is the reason Linux makes a copy on sendfile by default. This commit adds support for TLS zerocopy sendfile on Linux disabled by default to avoid any unlikely backward compatibility issues on Linux, although sacrificing consistency in OpenSSL's behavior on Linux and FreeBSD. A new option called KTLSTxZerocopySendfile is added to enable the new zerocopy behavior on Linux. This option should be used when the the application guarantees that the file is not modified during transmission, or it doesn't care about breaking the connection. The related documentation is also added in this commit. The unit test added doesn't test the actual functionality (it would require specific hardware and a non-local peer), but solely checks that it's possible to set the new option flag. Signed-off-by: Maxim Mikityanskiy <maximmi@nvidia.com> Reviewed-by: Tariq Toukan <tariqt@nvidia.com> Reviewed-by: Boris Pismenny <borisp@nvidia.com> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Todd Short <todd.short@me.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18650)
* QUIC TX Packetiser and Streams MapperHugo Landau2022-11-248-52/+1517
| | | | | | | Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/19346)
* Cleanup : directly include of `internal/nelem.h` when required.FdaSilvaYY2022-11-235-6/+0
| | | | | | | | And so clean a few useless includes Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/19721)
* CMP: add API functions OSSL_CMP_CTX_get0_libctx() and OSSL_CMP_CTX_get0_propq()Dr. David von Oheimb2022-11-231-2/+17
| | | | | | | Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com> (Merged from https://github.com/openssl/openssl/pull/19715)
* test/recipes/80-test_cms.t: Fix the "CAdES ko" testRichard Levitte2022-11-221-3/+4
| | | | | | | | | | | | This test had commands that assumes that runner_loop() is used to perform the tests. These tests still run fine because Unix accepts braces in file names, but other operating systems might not. Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/19731) (cherry picked from commit 20d3731006c9d29cbe17c2aedeba5e2abccfcd57)
* Split out thread pool tests into threadpool_testTomas Mraz2022-11-224-290/+312
| | | | | | Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/19695)
* Fix coverity issues in X509v3_addrslontis2022-11-211-0/+44
| | | | | | | | | | CID 1516955 : Null pointer deref (REVERSE_INULL) CID 1516954 : Null pointer deref (REVERSE_INULL) CID 1516953 : RESOURCE_LEAK of child Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/19700)
* Improve FIPS RSA keygen performance.slontis2022-11-211-2/+24
| | | | | | | | | | | | | | | | | | | | | | | FIPS 186-4 has 5 different algorithms for key generation, and all of them rely on testing GCD(a,n) == 1 many times. Cachegrind was showing that during a RSA keygen operation, the function BN_gcd() was taking a considerable percentage of the total cycles. The default provider uses multiprime keygen, which seemed to be much faster. This is because it uses BN_mod_inverse() instead. For a 4096 bit key, the entropy of a key that was taking a long time to generate was recorded and fed back into subsequent runs. Roughly 40% of the cycle time was BN_gcd() with most of the remainder in the prime testing. Changing to use the inverse resulted in the cycle count being 96% in the prime testing. Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/19578)
* test/timing_load_creds.c: use OPENSSL_SYS_ macrosRichard Levitte2022-11-191-8/+8
| | | | | | | | | | A previous change was only half done. To avoid such mistakes again, we switch to using the OPENSSL_SYS_ macros, as the are clearer than having to check a pile of very platform and compiler specific macros. Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> (Merged from https://github.com/openssl/openssl/pull/19720)
* Disable test/timing_load_creds.c on VMSRichard Levitte2022-11-181-1/+7
| | | | | | Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> (Merged from https://github.com/openssl/openssl/pull/19713)
* test/smime-certs/ca.cnf: clean up comments, simplify settings using SKID and ↵Dr. David von Oheimb2022-11-181-29/+22
| | | | | | | | AKID defaults Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/19064)
* evp_extra_test2: Test DH param checks with non-NULL libctxTomas Mraz2022-11-181-0/+7
| | | | | | | Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Hugo Landau <hlandau@openssl.org> (Merged from https://github.com/openssl/openssl/pull/19656)
* Add test to confirm IPAddressFamily_check_len catches invalid lenGraham Woodward2022-11-161-0/+87
| | | | | | Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/19273)
* Drop explicit check for engines in opt_legacy_okaySimo Sorce2022-11-161-0/+23
| | | | | | | | | | | | | | | | The providers indication should always indicate that this is not a legacy request. This makes a check for engines redundant as the default return is that legacy is ok if there are no explicit providers. Fixes #19662 Signed-off-by: Simo Sorce <simo@redhat.com> Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/19671)
* list: add debug sanity checksPauli2022-11-161-2/+6
| | | | | | Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/19377)
* list: add an is empty functionPauli2022-11-161-1/+5
| | | | | | Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/19377)
* test: fix typo in test descriptionPauli2022-11-151-1/+1
| | | | | | Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/19666)
* test: add two comparision options to fips version test utility codePauli2022-11-152-1/+41
| | | | | | Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/19666)
* Add test for EVP_PKEY_eqSimo Sorce2022-11-153-16/+196
| | | | | | | | | | | This tests that the comparison work even if a provider can only return a public key. Signed-off-by: Simo Sorce <simo@redhat.com> Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/19648)
* Test SSL_shutdown() with async writesMatt Caswell2022-11-141-0/+77
| | | | | | | | | As well as SSL_shutdown() itself this excercises the async write paths in ssl3_dispatch_alert(). Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/19550)
* QUIC Receive Stream Management: Call QUIC flow controlTomas Mraz2022-11-141-2/+2
| | | | | | Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Hugo Landau <hlandau@openssl.org> (Merged from https://github.com/openssl/openssl/pull/19351)
* QUIC Receive Stream ManagementTomas Mraz2022-11-141-6/+160
| | | | | | | | | Added SFRAME_LIST structure and QUIC_RSTREAM object to manage received stream data. Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Hugo Landau <hlandau@openssl.org> (Merged from https://github.com/openssl/openssl/pull/19351)
* Rename SSL3_RECORD to TLS_RL_RECORDMatt Caswell2022-11-141-4/+5
| | | | | | | | | The SSL3 prefix no longer seems appropriate. We choose TLS_RL_RECORD instead of TLS_RECORD because that type already exists elsewhere. Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/19586)
* Cast values to match printf format strings.J.W. Jagersma2022-11-142-3/+6
| | | | | | | | | | | | | | | For some reason djgpp uses '(unsigned) long int' for (u)int32_t. This causes errors with -Werror=format, even though these types are in practice identical. Obvious solution: cast to the types indicated by the format string. For asn1_time_test.c I changed the format string to %lli since time_t may be 'long long' some platforms. Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/19322)
* Resign test/certs/rootCA.pem to expire in 100 yearsBernd Edlinger2022-11-121-18/+76
| | | | | | Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/19654)
* Update the validity period of ed25519 cerificatesBernd Edlinger2022-11-122-14/+74
| | | | | | | | Note: The private key is test/certs/root-ed25519.privkey.pem Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/19654)
* test_CMAC_keygen(): Avoid using ECB cipher with CMACTomas Mraz2022-11-111-2/+2
| | | | | | Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/19401)
* cmac_set_ctx_params(): Fail if cipher mode is not CBCTomas Mraz2022-11-111-0/+13
| | | | | | | | | Also add negative test cases for CMAC and GMAC using a cipher with wrong mode. Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/19401)
* Add test for generating safeprime DH parametersTomas Mraz2022-11-111-0/+25
| | | | | | Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/19635)
* punycode: update to use WPACKET instead of using custom range checkingPauli2022-11-111-16/+53
| | | | | | | | | | | | | | Add test for `.' overflows, remove the output size argument from ossl_a2ulabel() since it was never used and greatly complicated the code. Convert ossl_a2ulabel() to use WPACKET for building the output string. Update the documentation to match the new definition of ossl_a2ulabel(). x509: let punycode handle the '\0' string termination. Saves a memset(3) and some size fiddling. Also update to deal with the modified parameters. Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> (Merged from https://github.com/openssl/openssl/pull/19591)
* pem: avoid segfault if PKEY is NULL in PEM_write_bio_PrivateKeyMilan Broz2022-11-101-1/+6
| | | | | | | | | | | Make the code more robust and correctly handle EVP_PKEY set to NULL instead of dereferencing null pointer. Signed-off-by: Milan Broz <gmazyland@gmail.com> Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/19536)
* Limit size of modulus for BN_mod_exp_mont_consttime()Tomas Mraz2022-11-101-0/+20
| | | | | | | | | | Otherwise the powerbufLen can overflow. Issue reported by Jiayi Lin. Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> (Merged from https://github.com/openssl/openssl/pull/19632)
* Revert "Skip DES based tests in FIPS mode"Pauli2022-11-101-10/+7
| | | | | | | | This reverts commit 5db2b4a292b4576185287a9e01e4ba4098b4aa66. Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/19631)
* Revert "Remove conditional FIPS dependence for 3DES"Pauli2022-11-101-7/+1
| | | | | | | | This reverts commit 464c1011b02936850fc779739013dba52650840a. Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/19631)
* Revert "Move DES based test cases out of FIPS territory"Pauli2022-11-101-2/+2
| | | | | | | | This reverts commit c511953a0828e126b80a9ea8cee12d001d685ba8. Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/19631)
* Fix PACKET_equal test with BUF_LEN+1 on -Wstringop-overreadReinhard Urban2022-11-071-3/+3
| | | | | | | | | | | Either suppress the error, or better make smbuf longer. Detected with -Werror. CLA: trivial Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/19528)
* QUIC CFQ FixesHugo Landau2022-11-071-3/+3
| | | | | | Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/19206)
* QUIC FIFDHugo Landau2022-11-073-1/+382
| | | | | | Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/19206)
* QUIC TXPIMHugo Landau2022-11-073-1/+91
| | | | | | Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/19206)
* QUIC CFQHugo Landau2022-11-073-1/+201
| | | | | | Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/19206)
* Test that signatures using hash name commands work properlyTomas Mraz2022-11-072-1/+53
| | | | | | Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> Reviewed-by: Todd Short <todd.short@me.com> (Merged from https://github.com/openssl/openssl/pull/19606)
* Check for private key existence before calling eddsa sign functionsWangchong Zhou2022-11-041-1/+75
| | | | | | | | Fixes #19524 Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/19525)
* Coverity 1516624: Fix overrun memory access.Pauli2022-11-031-1/+1
| | | | | | | | Not possible to hit but good to address. Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/19576)
* Add d2i_PUBKEY_ex_fp and d2i_PUBKEY_ex_bio.slontis2022-11-022-1/+31
| | | | | | | | | These functions pass a library content and prop query. The i2d documentation related to these functions has been corrected since the bio and fp functions always return 0 or 1. Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18427)
* Add test for X509 sign TBS cache regression.slontis2022-11-023-2/+162
| | | | | | | | | See Issue #19388. Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/19406)
* Add a test for TLS pipeliningMatt Caswell2022-11-021-0/+196
| | | | | | | | | | | | | TLS pipelining provides the ability for libssl to read or write multiple records in parallel. It requires special ciphers to do this, and there are currently no built-in ciphers that provide this capability. However, the dasync engine does have such a cipher, so we add a test for this capability using that engine. Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Todd Short <todd.short@me.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/19456)
* Add a test case for the engine crash with AES-256-CTRBernd Edlinger2022-11-021-1/+22
| | | | | | | | | | | | | Implement the AES-256-CTR cipher in the dasync engine. Use that to reproduce the reported problems with the devcrypto engine in our normal test environment. See #17995 and #17532 for details. Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/19386)
* Potential null pointer referenceyangyangtiantianlonglong2022-11-021-7/+7
| | | | | | Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/19429)
View Lorry Controller Status