History log of /openssl/test/recipes/90-test_sslapi.t (Results 1 – 25 of 25)
Revision (<<< Hide revision tags) (Show revision tags >>>) Date Author Comments
# 7ed6de99 05-Sep-2024 Tomas Mraz

Copyright year updates


Reviewed-by: Neil Horman <nhorman@openssl.org>
Release: yes


# f6a296c3 12-Aug-2024 slontis

Cleanups for FIPS options..

The options in fipsprov.c are now generated using macros with fips_indicator_params.inc.
This should keep the naming consistent.

Some FIPS related he

Cleanups for FIPS options..

The options in fipsprov.c are now generated using macros with fips_indicator_params.inc.
This should keep the naming consistent.

Some FIPS related headers have moved to providers/fips/include so that
they can use fips_indicator_params.inc.
securitycheck.h now includes fipsindicator.h, and fipsindicator.h includes
fipscommon.h.

fipsinstall.c uses OSSL_PROV_PARAM_ for the configurable FIPS options rather than
using OSSL_PROV_FIPS_PARAM_* as this was confusing as to which one should be used.
fips_names.h just uses aliases now for existing public names.

Reviewed-by: Paul Dale <ppzgs1@gmail.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25162)

show more ...


# 00f32b22 02-Aug-2024 Pauli

test: update SSL API test in light of PKCS#1 version 1.5 padding change under FIPS

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>

test: update SSL API test in light of PKCS#1 version 1.5 padding change under FIPS

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/25070)

show more ...


# d2af5e4c 10-May-2024 Tomas Mraz

90-test_sslapi.t: Fix execution of sslapitest with fips provider

Default configuration of the fips provider for tests is pedantic
which means that sslapitest was not fully executed with

90-test_sslapi.t: Fix execution of sslapitest with fips provider

Default configuration of the fips provider for tests is pedantic
which means that sslapitest was not fully executed with fips provider.

The ems check must be switched off for full execution.

Reviewed-by: Paul Dale <ppzgs1@gmail.com>
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
(Merged from https://github.com/openssl/openssl/pull/24347)

show more ...


# cee0628e 27-Feb-2023 Jairus Christensen

[feat] SSL RTT in both client and server statem. SSL_get_handshake_rtt makes it available

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: David von Oheimb <david.von.oheimb@siem

[feat] SSL RTT in both client and server statem. SSL_get_handshake_rtt makes it available

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/20248)

show more ...


# bc5d9502 18-Apr-2023 Pauli

sslapi: use correct fipsmodule.cnf

The SSL API tests copies fipsmodule.cnf and modifies it. Unfortunately, it
grabbed the wrong instance of this file.

Reviewed-by: Tomas Mraz <

sslapi: use correct fipsmodule.cnf

The SSL API tests copies fipsmodule.cnf and modifies it. Unfortunately, it
grabbed the wrong instance of this file.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20762)

show more ...


# 50ea5cdc 08-Feb-2023 slontis

Add option to FIPS module to enforce EMS check during KDF TLS1_PRF.

Fixes #19989

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merg

Add option to FIPS module to enforce EMS check during KDF TLS1_PRF.

Fixes #19989

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20241)

show more ...


# fecb3aae 03-May-2022 Matt Caswell

Update copyright year

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Release: yes


# b2b8d188 04-Apr-2022 Daniel Fiala

SSL_conf_cmd: Allow DH Parameters at any position.

Fixes openssl#17326.

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from h

SSL_conf_cmd: Allow DH Parameters at any position.

Fixes openssl#17326.

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18041)

show more ...


Revision tags: openssl-3.0.0-alpha17, openssl-3.0.0-alpha16, openssl-3.0.0-alpha15, openssl-3.0.0-alpha14, OpenSSL_1_1_1k, openssl-3.0.0-alpha13
# 8020d79b 11-Mar-2021 Matt Caswell

Update copyright year

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14512)


Revision tags: openssl-3.0.0-alpha12, OpenSSL_1_1_1j, openssl-3.0.0-alpha11, openssl-3.0.0-alpha10, OpenSSL_1_1_1i, openssl-3.0.0-alpha9, openssl-3.0.0-alpha8, openssl-3.0.0-alpha7
# e25b4db7 29-Sep-2020 Richard Levitte

TEST: Remove the build of fipsmodule.cnf from test recipes

The exception is the test recipe that tests 'openssl fipsinstall'.
However, that one uses a different output file name, so it's

TEST: Remove the build of fipsmodule.cnf from test recipes

The exception is the test recipe that tests 'openssl fipsinstall'.
However, that one uses a different output file name, so it's safe.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14320)

show more ...


Revision tags: OpenSSL_1_1_1h
# 7192e4df 30-Aug-2020 Richard Levitte

TEST: Ensure that the base provider i activated when needed

The fips providers can't be activated alone if encoding, decoding or
STORE are going to be used.

To enable this, we s

TEST: Ensure that the base provider i activated when needed

The fips providers can't be activated alone if encoding, decoding or
STORE are going to be used.

To enable this, we selectively use test/fips-and-base.cnf instead of
test/fips.cnf in our test recipes.

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12587)

show more ...


Revision tags: openssl-3.0.0-alpha6, openssl-3.0.0-alpha5
# 5744dacb 29-Jun-2020 Rich Salz

Make -provider_name and -section_name optional

Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https:

Make -provider_name and -section_name optional

Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/12311)

show more ...


# 31214258 29-Jun-2020 Rich Salz

Add --fips-key configuration parameter to fipsinstall application.

Change default FIPS HMAC KEY from all-zero's
Use default FIPSKEY if not given on command line.
Make all -macopt in

Add --fips-key configuration parameter to fipsinstall application.

Change default FIPS HMAC KEY from all-zero's
Use default FIPSKEY if not given on command line.
Make all -macopt in fipsinstall optional
Make all tests, except fipsinstall, use the default -macopt and
-mac_name flags.
Define and use FIPSDIR variable on VMS/MMS.
Also use SRCDIR/BLDDIR in SRCTOP/BLDTOP.

Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/12235)

show more ...


Revision tags: openssl-3.0.0-alpha4, openssl-3.0.0-alpha3, openssl-3.0.0-alpha2
# 6ed34b3e 30-Apr-2020 Matt Caswell

Centralise Environment Variables for the tests

The test_includes test was failing if OPENSSL_CONF_INCLUDE happened to
be set in the user's environment. To ensure that no tests accidental

Centralise Environment Variables for the tests

The test_includes test was failing if OPENSSL_CONF_INCLUDE happened to
be set in the user's environment. To ensure that no tests accidentally
use this or other enviroment variables from the user's environment we
automatically set them centrally for all tests.

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/11691)

show more ...


Revision tags: openssl-3.0.0-alpha1
# 713fc10f 21-Apr-2020 Rich Salz

Rename fipsinstall.cnf->fipsmodule.cnf

Introduced by rebasing

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged f

Rename fipsinstall.cnf->fipsmodule.cnf

Introduced by rebasing

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/11177)

show more ...


# 33388b44 23-Apr-2020 Matt Caswell

Update copyright year

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/11616)


Revision tags: OpenSSL_1_1_1g, OpenSSL_1_1_1f
# 4f6c7044 21-Mar-2020 Matt Caswell

Re-enable FIPS testing in sslapitest.c

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/11508)


# 5e30f2fd 18-Mar-2020 Matt Caswell

Use a non-default libctx in sslapitest

We also don't load the default provider into the default libctx to make
sure there is no accidental "leakage".

Reviewed-by: Paul Dale <pau

Use a non-default libctx in sslapitest

We also don't load the default provider into the default libctx to make
sure there is no accidental "leakage".

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/11508)

show more ...


Revision tags: OpenSSL_1_1_1e, OpenSSL_1_0_2u, OpenSSL_1_0_2t, OpenSSL_1_1_0l, OpenSSL_1_1_1d
# 1a2a3a42 23-Jul-2019 Matt Caswell

Extend tests of SSL_check_chain()

Actually supply a chain and then test:
1) A successful check of both the ee and chain certs
2) A failure to check the ee cert
3) A failure to ch

Extend tests of SSL_check_chain()

Actually supply a chain and then test:
1) A successful check of both the ee and chain certs
2) A failure to check the ee cert
3) A failure to check a chain cert

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/9442)

show more ...


Revision tags: OpenSSL_1_1_1c, OpenSSL_1_1_0k, OpenSSL_1_0_2s, OpenSSL_1_0_2r, OpenSSL_1_1_1b
# 909f1a2e 06-Dec-2018 Richard Levitte

Following the license change, modify the boilerplates in test/

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7767)


Revision tags: OpenSSL_1_0_2q, OpenSSL_1_1_0j, OpenSSL_1_1_1a, OpenSSL_1_1_1, OpenSSL_1_1_1-pre9, OpenSSL_1_0_2p, OpenSSL_1_1_0i, OpenSSL_1_1_1-pre8, OpenSSL_1_1_1-pre7, OpenSSL_1_1_1-pre6, OpenSSL_1_1_1-pre5
# 28428130 17-Apr-2018 Richard Levitte

Update copyright year

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5990)


# 76fd7a1d 10-Apr-2018 Matt Caswell

Add a test for SRP

Reviewed-by: Andy Polyakov <appro@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5925)


Revision tags: OpenSSL_1_1_1-pre4, OpenSSL_1_0_2o, OpenSSL_1_1_0h, OpenSSL_1_1_1-pre3, OpenSSL_1_1_1-pre2, OpenSSL_1_1_1-pre1, OpenSSL_1_0_2n, OpenSSL_1_0_2m, OpenSSL_1_1_0g, OpenSSL_1_0_2l, OpenSSL_1_1_0f, OpenSSL-fips-2_0_16, OpenSSL_1_1_0e, OpenSSL_1_0_2k, OpenSSL_1_1_0d, OpenSSL-fips-2_0_15, OpenSSL-fips-2_0_14, OpenSSL_1_1_0c
# 2c4a3f93 01-Nov-2016 Richard Levitte

Test recipes: remove duplicate OpenSSL::Test usage

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1815)


Revision tags: OpenSSL_1_0_2j, OpenSSL_1_1_0b, OpenSSL_1_0_1u, OpenSSL_1_0_2i, OpenSSL_1_1_0a, OpenSSL_1_1_0, OpenSSL_1_1_0-pre6, OpenSSL-fips-2_0_13
# 2cb4b5f6 09-Jun-2016 Matt Caswell

Add some session API tests

This commit adds some session API tests, and in particular tests the
modified behaviour of SSL_set_session() introduced in the last commit. To
do this I ha

Add some session API tests

This commit adds some session API tests, and in particular tests the
modified behaviour of SSL_set_session() introduced in the last commit. To
do this I have factored out some common code from the asynciotest into a
new ssltestlib.c file. I've also renamed getsettest to sslapitest as this
more closely matches what it now is!

Reviewed-by: Rich Salz <rsalz@openssl.org>

show more ...