summaryrefslogtreecommitdiff
path: root/test
Commit message (Collapse)AuthorAgeFilesLines
* des: prevent error when using two key triple DES with a random keyPauli2023-02-081-0/+24
| | | | | | | | | | | Two key 3DES only sets two keys and the random generation errors out if fewer than three keys are required. It shouldn't. Fixes #20212 Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/20224)
* Additional testcase for missing return check of BIO_set_md() callsTomas Mraz2023-02-072-2/+49
| | | | | | | This tests the handling of PKCS7 signedAndEnveloped type. Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org>
* Add testcase for missing return check of BIO_set_md() callsTomas Mraz2023-02-072-2/+45
| | | | | Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org>
* Fix GENERAL_NAME_cmp for x400Address (master)Hugo Landau2023-02-071-0/+8
| | | | | | | CVE-2023-0286 Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org>
* Add test for DSA pubkey without param import and checkTomas Mraz2023-02-073-11/+49
| | | | | Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org>
* Fix NULL deference when validating FFC public key.slontis2023-02-071-0/+31
| | | | | | | | | | | | | | | Fixes CVE-2023-0217 When attempting to do a BN_Copy of params->p there was no NULL check. Since BN_copy does not check for NULL this is a NULL reference. As an aside BN_cmp() does do a NULL check, so there are other checks that fail because a NULL is passed. A more general check for NULL params has been added for both FFC public and private key validation instead. Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org>
* Add test for d2i_PKCS7 NULL dereferenceTomas Mraz2023-02-072-4/+10
| | | | | Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org>
* Check CMS failure during BIO setup with -stream is handled correctlyMatt Caswell2023-02-072-2/+31
| | | | | | | Test for the issue fixed in the previous commit Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org>
* Add a test for CVE-2022-4450Matt Caswell2023-02-071-0/+30
| | | | | | | | | Call PEM_read_bio_ex() and expect a failure. There should be no dangling ptrs and therefore there should be no double free if we free the ptrs on error. Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org>
* Add testcase for nc_match_single type confusionTomas Mraz2023-02-075-1/+83
| | | | | Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org>
* APPS/{storeutl,gendsa}: give error on extra arguments, improve docDr. David von Oheimb2023-02-022-2/+18
| | | | | | | | Point out that options must be given before the final file/URI arg. Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/20156)
* Workaround crash in atexit on NonStop platformsTomas Mraz2023-01-311-0/+4
| | | | | | | | | | | | | | We cannot dynamically load the legacy provider into an application that is linked statically to libcrypto as this causes a double loading of libcrypto (one static and one dynamic) and on NonStop this leads to a segfault in atexit(). Fixes #17537 Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/19844)
* ChaCha20-Poly1305 no longer supports truncated IV's.slontis2023-01-301-0/+10
| | | | | | | | | | | | | | | | | | | | | Fixes #20084 In the 3.0 provider implementation the generic code that handles IV's only allows a 12 byte IV. Older code intentionally added the ability for the IV to be truncated. As this truncation is unsafe, the documentation has been updated to state that this in no longer allowed. The code has been updated to produce an error when the iv length is set to any value other than 12. NOTE: It appears that this additional padding may have originated from the code which uses a 12 byte IV, that is then passed to CHACHA which zero pads it to 16 bytes. Note that legacy behaviour in e_chacha20_poly1305.c has not been updated. Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/20151)
* QUIC Probes Support: Minor tweaksHugo Landau2023-01-302-6/+6
| | | | | | Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/19925)
* QUIC TXP: Allow TXP to generate probesHugo Landau2023-01-301-1/+91
| | | | | | Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/19925)
* QUIC ACKM: Rework probe reporting to allow use for bookkeepingHugo Landau2023-01-301-6/+5
| | | | | | Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/19925)
* QUIC ACKM: Clarify probe typesHugo Landau2023-01-301-4/+4
| | | | | | Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/19925)
* coverity 1520506: error handlingPauli2023-01-301-1/+4
| | | | | | Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/20132)
* coverity 1520505: error handlingPauli2023-01-301-2/+2
| | | | | | Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/20132)
* Implement BIO_s_dgram_mem() reusing the BIO_s_dgram_pair() codeTomas Mraz2023-01-272-10/+23
| | | | | | Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Hugo Landau <hlandau@openssl.org> (Merged from https://github.com/openssl/openssl/pull/20012)
* QUIC TSERVER: Fix probable nondeterminism in some OS network stacksHugo Landau2023-01-271-4/+11
| | | | | | Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/19897)
* QUIC Test Server: Exercise end-of-stream condition on read and writeHugo Landau2023-01-271-13/+34
| | | | | | Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/19897)
* rename 90-test_traceapi.t to 90-test_trace_api.t for consistencyDr. David von Oheimb2023-01-261-1/+1
| | | | | | | Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com> (Merged from https://github.com/openssl/openssl/pull/18704)
* add OSSL_TRACE_STRING(), OSSL_TRACE_STRING_MAX, and OSSL_trace_string()Dr. David von Oheimb2023-01-261-15/+43
| | | | | | | Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com> (Merged from https://github.com/openssl/openssl/pull/18704)
* Add QUIC-TLS server supportMatt Caswell2023-01-242-4/+25
| | | | | | Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/19748)
* Extend the new_record_layer functionMatt Caswell2023-01-242-8/+11
| | | | | | | | | Add the ability to pass the main secret and length, as well as the digest used for the KDF. Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/19748)
* Add support for setting a custom TLS Record LayerMatt Caswell2023-01-241-2/+2
| | | | | | | | | | This is just an internal API for now. Something like this will be made public API at some point - but it is likely to be based on the provider interface rather that a direct setting of a METHOD like we do for now. Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/19748)
* Move recordmethod.h to be an "internal" headerMatt Caswell2023-01-242-2/+2
| | | | | | Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/19748)
* APPS: generated certs bear X.509 V3, unless -x509v1 option of req app is givenDr. David von Oheimb2023-01-246-21/+66
| | | | | | | Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com> (Merged from https://github.com/openssl/openssl/pull/19271)
* test: note that a default property query must be included for FIPS validityPauli2023-01-241-0/+6
| | | | | | Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Hugo Landau <hlandau@openssl.org> (Merged from https://github.com/openssl/openssl/pull/20079)
* Fix windows buildsFdaSilvaYY2023-01-241-2/+2
| | | | | | | Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Hugo Landau <hlandau@openssl.org> (Merged from https://github.com/openssl/openssl/pull/20109)
* Add DTLS support to the large app data testMatt Caswell2023-01-241-5/+26
| | | | | | Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/20085)
* Add a test for large app dataMatt Caswell2023-01-241-0/+141
| | | | | | | | Test that sending large app data records works correctly. Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/20085)
* cmp_client_test.c: add tests for end_time being initialized for RR/GENMDr. David von Oheimb2023-01-231-7/+17
| | | | | | | | | To this end, tweak the internal handling of ctx->total_timeout. Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com> (Merged from https://github.com/openssl/openssl/pull/19391)
* Allow OSSL_SIGNATURE_PARAM_NONCE_TYPE to be retrievedIngo Franzki2023-01-231-0/+6
| | | | | | | | | | | Context parameter OSSL_SIGNATURE_PARAM_NONCE_TYPE can now also be retrieved for ECDSA and DSA. Signed-off-by: Ingo Franzki <ifranzki@linux.ibm.com> Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/20070)
* bn2bin(): Don't accept len < 0Richard Levitte2023-01-201-0/+39
| | | | | | | | | Test included Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Hugo Landau <hlandau@openssl.org> (Merged from https://github.com/openssl/openssl/pull/20033)
* Add a test for public variants of bn2bin()Richard Levitte2023-01-201-0/+31
| | | | | | | | | We test with binary input of length 1, length 0, and NULL input with length 0 Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Hugo Landau <hlandau@openssl.org> (Merged from https://github.com/openssl/openssl/pull/20033)
* Add negative test for unquoted property stringPauli2023-01-201-0/+1
| | | | | | | Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/20023)
* QUIC Test Server: Minor fixupsHugo Landau2023-01-192-1/+4
| | | | | | Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/19734)
* QUIC Test Server: Basic echo server testHugo Landau2023-01-193-1/+245
| | | | | | Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/19734)
* PKCS12 - Add additional libctx and propq support.slontis2023-01-161-10/+10
| | | | | | | | | | | | | | | | | Fixes #19718 Fixes #19716 Added PKCS12_SAFEBAG_get1_cert_ex(), PKCS12_SAFEBAG_get1_crl_ex() and ASN1_item_unpack_ex(). parse_bag and parse_bags now use the libctx/propq stored in the P7_CTX. PKCS12_free() needed to be manually constructed in order to free the propq. pkcs12_api_test.c changed so that it actually tests the libctx, propq. Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/19942)
* CMP app: fix file output of certs and cert lists on non-existing cert(s)Dr. David von Oheimb2023-01-161-0/+1
| | | | | | | Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Todd Short <todd.short@me.com> Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com> (Merged from https://github.com/openssl/openssl/pull/20035)
* Limit size of modulus for bn_mul_mont and BN_mod_exp_mont_consttimeBernd Edlinger2023-01-141-0/+29
| | | | | | | | | | Otherwise the alloca can cause an exception. Issue reported by Jiayi Lin. Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Todd Short <todd.short@me.com> (Merged from https://github.com/openssl/openssl/pull/20005)
* Revert "Limit size of modulus for BN_mod_exp_mont_consttime()"Bernd Edlinger2023-01-141-20/+0
| | | | | | | | This reverts commit 4378e3cd2a4d73a97a2349efaa143059d8ed05e8. Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Todd Short <todd.short@me.com> (Merged from https://github.com/openssl/openssl/pull/20005)
* QUIC TXP: Fix bug in send stream handling, cleanupHugo Landau2023-01-131-1/+1
| | | | | | Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/19703)
* QUIC DEMUX: Allow MTU to vary over time and autodetect MTUHugo Landau2023-01-132-2/+1
| | | | | | Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/19703)
* QUIC: Enable building with QUIC support disabledHugo Landau2023-01-132-0/+16
| | | | | | Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/19703)
* QUIC: Temporarily disable front-end API testsHugo Landau2023-01-132-1/+9
| | | | | | Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/19703)
* QUIC: Remove RX depacketiser tests from QRL test suiteHugo Landau2023-01-131-142/+45
| | | | | | | | | | | These create significant coupling between the QRL tests and the RXDP. Moreover, the RXDP has no state of its own and is implemented as part of the QUIC_CHANNEL, ergo it doesn't make that much sense to test it in isolation. Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/19703)
* QUIC Stream Mapper: CSM-related changes, stream limits handlingHugo Landau2023-01-131-1/+1
| | | | | | Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/19703)
View Lorry Controller Status