Commit message (Collapse) | Author | Age | Files | Lines | |
---|---|---|---|---|---|
* | add support for verification of webauthn sshsig signature, and | djm | 2020-06-22 | 4 | -7/+718 |
| | | | | | example HTML/JS to generate webauthn signatures in SSH formats (also used to generate the testdata/* for the test). | ||||
* | Enable lucky 13 test. | tb | 2020-06-19 | 1 | -5/+2 |
| | |||||
* | Test that ssh-agent exits when running as as subprocess of a specified | dtucker | 2020-06-19 | 2 | -1/+24 |
| | | | | command (ie "ssh-agent command"). Would have caught bz#3181. | ||||
* | run sshsig unit tests | djm | 2020-06-19 | 1 | -2/+2 |
| | |||||
* | basic unit test for sshsig.[ch], including FIDO keys | djm | 2020-06-19 | 23 | -0/+339 |
| | | | | verification only so far | ||||
* | basic unit test for FIDO kep parsing | djm | 2020-06-19 | 24 | -7/+258 |
| | |||||
* | Add test that splicing inet and unix sockets. This test should be aborted | mvs | 2020-06-18 | 1 | -0/+24 |
| | | | | | | with EPROTONOSUPPORT. ok mpi@ | ||||
* | Add test for passive interfaces | denis | 2020-06-12 | 4 | -7/+9 |
| | |||||
* | Add lucky13 and bleichenbacher-timing tests | tb | 2020-06-10 | 1 | -1/+7 |
| | |||||
* | Implement a rolling hash of the ClientHello message, Enforce RFC 8446 | beck | 2020-06-06 | 1 | -2/+2 |
| | | | | | | | | section 4.1.2 to ensure subsequent ClientHello messages after a HelloRetryRequest messages must be unchanged from the initial ClientHello. ok tb@ jsing@ | ||||
* | When X509_ATTRIBUTE_create() receives an invalid NID (e.g., -1), return | schwarze | 2020-06-04 | 2 | -5/+115 |
| | | | | | | | | | | | failure rather than silently constructing a broken X509_ATTRIBUTE object that might cause NULL pointer accesses later on. This matters because X509_ATTRIBUTE_create() is used by documented API functions like PKCS7_add_attribute(3) and the NID comes straight from the user. This fixes a bug found while working on documentation. OK tb@ and "thanks" bluhm@ | ||||
* | Enable the record layer limits test and mark two finished test cases as | tb | 2020-06-03 | 1 | -5/+8 |
| | | | | | xfail for now. Arguably, the expected decode_error is more appropriate than the decrypt_error that we send at the moment. | ||||
* | Enable the test-tls13-zero-length-data.py test, skipping the | tb | 2020-06-01 | 1 | -8/+10 |
| | | | | three tests that fail due to a BIO_gets() bug. | ||||
* | Enable test-dhe-rsa-key-exchange-with-bad-messages.py | tb | 2020-06-01 | 1 | -4/+2 |
| | |||||
* | Fix printing long doubles on architectures with hm and lm bits. | mortimer | 2020-05-31 | 1 | -1/+9 |
| | | | | | | Issue reported with initial patch by enh@google.com. ok deraadt@ | ||||
* | Add checks for SH downgrade sentinel and HRR hash in appstest.sh | inoguchi | 2020-05-29 | 1 | -1/+27 |
| | |||||
* | Add regression and unit tests for ${ENV} style environment variable | dtucker | 2020-05-29 | 2 | -5/+79 |
| | | | | expansion in various keywords (bz#3140). ok djm@ | ||||
* | Unit test for convtime. ok djm@ | dtucker | 2020-05-29 | 1 | -1/+20 |
| | |||||
* | two new tests for Include in sshd_config, checking whether Port | djm | 2020-05-27 | 1 | -1/+35 |
| | | | | | | directives are processed correctly and handling of Include directives that appear before Match. Both tests currently fail. bz#3122 and bz#3169 - patch from Jakub Jelen | ||||
* | more tests after getopt_long.c rev. 1.32; | schwarze | 2020-05-27 | 1 | -10/+43 |
| | | | | OK martijn@ | ||||
* | The unmount-nested test creates 15 partitions with file systems. | bluhm | 2020-05-25 | 1 | -17/+17 |
| | | | | Use FFS1 for newfs as the file system size is below the FFS2 minimum. | ||||
* | Test that syslogd closes the UDP sockets only if not configured to | bluhm | 2020-05-25 | 2 | -0/+52 |
| | | | | send UDP packets. | ||||
* | Previous commit caught a few errx() cases by accident. undo them. | tb | 2020-05-24 | 1 | -25/+25 |
| | |||||
* | include newlines in FAIL messages | tb | 2020-05-24 | 1 | -108/+108 |
| | |||||
* | address some nits from jsing | tb | 2020-05-24 | 1 | -7/+11 |
| | |||||
* | The version detection doesn't work on bluhm's test machine, causing | tb | 2020-05-24 | 1 | -3/+3 |
| | | | | | | | the test to fail. Neuter it for now and just assume we do TLSv1.3. I have been intending to purge this version detection hack once I'm sure we can leave the 1.3 server enabled but I'll leave it here for now. | ||||
* | Define REGRESS_TARGETS explicitly. | tb | 2020-05-23 | 1 | -2/+4 |
| | |||||
* | Enforce that SNI hostnames be correct as per rfc 6066 and 5980. | beck | 2020-05-23 | 1 | -1/+79 |
| | | | | | | | Correct SNI alerts to differentiate between illegal parameter and an unknown name. ok tb@` | ||||
* | Add test covering revision 1.64 of c_sh, fix exit code of compound lists | anton | 2020-05-22 | 1 | -1/+12 |
| | | | | while using option e. | ||||
* | beck fixed most of the keyupdate tests. update annotation | tb | 2020-05-21 | 1 | -3/+8 |
| | |||||
* | hook tlsfuzzer to regress | tb | 2020-05-21 | 1 | -1/+2 |
| | |||||
* | Add a harness that runs tests from tlsfuzzer | tb | 2020-05-21 | 2 | -0/+781 |
| | | | | | | | | | | | | | This currently runs 54 tests from the tlsfuzzer suite against the TLSv1.3 server which exercise a large portion of the code. They already found a number of bugs and misbehaviors and also inspired a few diffs currently in the pipeline. This regress requires the py3-tlsfuzzer package to be installed, otherwise the tests are skipped. Many thanks to kmos for helping with the ports side and to beck for his positive feedback. ok beck | ||||
* | LibreSSL error message has been improved, adapt syslogd TLS tests. | bluhm | 2020-05-19 | 2 | -2/+2 |
| | |||||
* | Add -status and -servername test for s_server and s_client in appstest.sh | inoguchi | 2020-05-19 | 1 | -1/+3 |
| | |||||
* | Add -groups test for s_server and s_client in appstest.sh | inoguchi | 2020-05-19 | 1 | -3/+17 |
| | |||||
* | Add client certificate test in appstest.sh | inoguchi | 2020-05-18 | 1 | -2/+89 |
| | |||||
* | Rename variables for key, csr, pass, cert | inoguchi | 2020-05-18 | 1 | -85/+85 |
| | |||||
* | Make ffs2 the default for newfs; change all calls to create e.g. floppy | otto | 2020-05-18 | 1 | -2/+2 |
| | | | | | filesystems or ramdisks to use explicit -O 1; installer already does that. ok sthen@ | ||||
* | Add GOST certificate test in appstest.sh | inoguchi | 2020-05-17 | 1 | -26/+107 |
| | | | | Enabled by -g option, and default to disabled (RSA certificate is used) | ||||
* | Suppress display output and reduce s_time to 1 sec in appstest.sh | inoguchi | 2020-05-17 | 1 | -28/+38 |
| | |||||
* | Fix server client test with TLSv1.3 in appstest.sh | inoguchi | 2020-05-17 | 1 | -20/+27 |
| | |||||
* | Factor out session reuse test and verification test | inoguchi | 2020-05-15 | 1 | -56/+74 |
| | |||||
* | Factor out the test for all available ciphers and add TLSv1.3 case | inoguchi | 2020-05-15 | 1 | -46/+61 |
| | |||||
* | Add ECDSA certificate test in appstest.sh | inoguchi | 2020-05-15 | 1 | -8/+71 |
| | | | | Enabled by -e option, and default to disabled (RSA certificate is used) | ||||
* | go fmt whitespace nit | tb | 2020-05-14 | 1 | -3/+3 |
| | |||||
* | reinstate an error check that was commented out while waiting for arm | tb | 2020-05-14 | 1 | -5/+4 |
| | | | | packages to appear | ||||
* | move a #define after the last #include line | tb | 2020-05-14 | 1 | -3/+3 |
| | |||||
* | Skip protocol version message check in appstest.sh | inoguchi | 2020-05-14 | 1 | -10/+15 |
| | | | | | - OpenSSL1.1.1 with TLSv1.3 does not call SSL_SESSION_print() until NewSessionTicket arrival - Shorten function name | ||||
* | Factor out the protocol version test in appstest.sh | inoguchi | 2020-05-14 | 1 | -49/+26 |
| | | | | OTHER_OPENSSL default to eopenssl11 | ||||
* | Add TLS versioning tests. | jsing | 2020-05-13 | 1 | -2/+96 |
| | | | | | This ensures that a TLSv1.0, TLSv1.1, TLSv1.2 or TLSv1.3 client can talk with an appropriately configured server and vice versa. |