2
0
mirror of https://github.com/openssl/openssl.git synced 2024-12-21 06:09:35 +08:00
Commit Graph

9 Commits

Author SHA1 Message Date
Tomas Mraz
0977eac565 Adjust tests that were depending on X25519 and X448 in fips
Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Paul Dale <ppzgs1@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/24099)
2024-04-19 10:32:27 +02:00
Matt Caswell
2c59d54cd7 Add some test_ssl_new tests for the ffdhe groups
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21274)
2023-06-27 10:50:08 +01:00
Matt Caswell
7b141d4934 Add a test for TLSv1.3 only client sending a correct key_share
Make sure that a TLSv1.3 only client does not send a TLSv1.3 key_share.

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/19317)
2022-10-12 15:55:58 +01:00
Matt Caswell
3f76339a3f Add some more brainpool tests for TLSv1.3
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/19315)
2022-10-07 10:01:48 +01:00
Matt Caswell
61cab65029 Fix tests for new default security level
Fix tests that were expecting a default security level of 1 to work with
the new default of 2.

Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/16760)
2021-10-09 19:57:02 +02:00
Tomas Mraz
9ff5bd612a ssl_test: Add testcases for disallowing non-TLS1.3 curves with TLS1.3
Also correctly mark max protocol version for some curves.

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14154)
2021-02-12 19:05:17 +01:00
Shane Lontis
341c3e7f28 Add fips checks for ecdh key agreement
For key agreement only NIST curves that have a security strength of 112 bits or more are allowed.
Fixed tests so they obey these restrictions when testing in fips mode.

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/12745)
2020-09-18 14:20:38 +01:00
Matt Caswell
682bc861a9 Teach ssl_test_new how to test the FIPS module
We load the FIPS module and make sure it is configured before running
the ssl_test_new tests.

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/11511)
2020-04-20 11:29:17 +01:00
Rich Salz
433deaffce Use .cnf for config files, not .conf
The default is openssl.cnf  The project seems to prefer xxx.conf these
days, but we should use the default convention.

Rename all foo.conf (except for Configurations) to foo.cnf

Fixes 

Reviewed-by: Paul Yang <kaishen.yy@antfin.com>
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/11176)
2020-03-06 18:25:13 +01:00