Commit Graph

1329 Commits

Author SHA1 Message Date
Daniel Fiala
45a3c592b9 Clear incorrectly reported errors in cms_io.
Fixes openssl#17841.

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18109)
2022-04-21 08:38:13 +02:00
Tomas Mraz
e58ba181de evp_test: Try computing MACs twice with reinitialization of EVP_MAC_CTX
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18100)
2022-04-19 14:06:38 +02:00
Daniel Fiala
b2b8d1883a SSL_conf_cmd: Allow DH Parameters at any position.
Fixes openssl#17326.

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18041)
2022-04-12 10:39:09 +02:00
Tomas Mraz
269c349a76 Add test for openssl ecparam with fips and base providers
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17981)
2022-04-11 11:59:41 +02:00
Tomas Mraz
ffc22e038e test_fipsinstall: Fallback to config(FIPSKEY) for the FIPSKEY
Reviewed-by: Todd Short <todd.short@me.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18048)
2022-04-07 11:25:47 +02:00
Viktor Söderqvist
07342bad1b CMS sign digest
CLI changes: New parameter -digest to CLI command openssl cms, to
provide pre-computed digest for use with -sign.

API changes: New function CMS_final_digest(), like CMS_final() but
uses a pre-computed digest instead of computing it from the data.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
Reviewed-by: Todd Short <todd.short@me.com>
(Merged from https://github.com/openssl/openssl/pull/15348)
2022-04-02 10:42:16 -04:00
Tomas Mraz
db44b55aaa Test processing of a duplicated HRR
Reviewed-by: Todd Short <todd.short@me.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17936)
2022-03-30 11:34:49 +02:00
Daniel Fiala
cfd24cde81 Add support for mac-less password-base PKCS12 files to PKCS12_parse API.
Fixes openssl#17720.

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17882)
2022-03-24 08:54:39 +01:00
Daniel Fiala
388d6f4506 Make openssl check -rsa ... to work for both RSA and RSA-PSS.
Fixes openssl#17167

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17920)

(cherry picked from commit 5d1f357a01)
2022-03-22 14:03:29 +01:00
Tobias Nießen
930a7bd912 Fix typos in CCM test vector titles
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17889)
2022-03-17 13:55:28 +11:00
Tomas Mraz
3469282ed2 Add a negative testcase for BN_mod_sqrt
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
2022-03-15 13:15:12 +00:00
Tomas Mraz
4413fe3520 evp_test: Add testcases for DH KEX with X9.42 KDF
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/17859)
2022-03-14 10:07:05 +01:00
Richard Levitte
abdb2278d2 Make ossltest engine use in test/recipes/20-test_dgst.t platform agnostic
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17861)
2022-03-12 11:00:07 +01:00
Todd Short
a3e53d5683 Add TFO support to socket BIO and s_client/s_server
Supports Linux, MacOS and FreeBSD
Disabled by default, enabled via `enabled-tfo`
Some tests

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8692)
2022-03-10 10:42:43 -05:00
Michael Baentsch
fa66f62ebb Add external testing with oqsprovider
Including running the oqsprovider external test in the
CI external test build.

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17832)
2022-03-09 17:57:37 +01:00
Hugo Landau
df5c86e9f8 Enable openssl req -x509 to create certificates from CSRs
`openssl req -x509` has code allowing it to generate certificates from CSRs
as a replacement for `openssl x509`, but a bug prevents it from working
properly. -CA and -CAkey can now be passed to generate a CA-signed
certificate as documented in openssl-req(1).

Regression testing has been added to `openssl req`.

Fixes #17736.

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17782)
2022-03-03 10:21:51 +01:00
Nicola Tuveri
d71151ae70 [ssl] Add tests for Perfect Forward Secrecy criteria on SECLEVEL >= 3
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17763)
2022-03-01 10:51:03 +02:00
Raul Ferrando
632e8be2b5 Add -quiet option to pkcs7 for -print_certs
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17708)
2022-02-24 11:21:06 +11:00
Armin Fuerst
b089d54624 Prefix output to avoid random ok to confuse test parser
Prefix output of generated dh parameters to avoid misinterpretation
of lines beginning with ok[^a-zA-Z0-9] as a testresult.

Also corrected indent and removed useless comma after last item.

Fixes #17480

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17689)
2022-02-17 16:03:24 +01:00
Armin Fuerst
065121ff19 Add tests for do_updatedb
Fixes #13944

Moved "opt_printf_stderr" out of apps.c to avoid duplicate definition in tests.

Added function "asn1_string_to_time_t" including tests.

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17645)
2022-02-14 10:18:46 +01:00
Tomas Mraz
7585073892 Apply the correct Apache v2 license
There were still a few files mentioning the old OpenSSL license.

Fixes #17684

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17686)
2022-02-14 10:08:21 +01:00
Bernd Edlinger
8fff986d52 Cleanup record length checks for KTLS
In some corner cases the check for packets
which exceed the allowed record length was missing
when KTLS is initially enabled, when some
unprocessed packets are still pending.

Add at least some tests for KTLS, since we have
currently not very much test coverage for KTLS.

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17504)
2022-02-11 11:52:41 +01:00
Matt Caswell
8447f2e391 Add a test for X509_STORE_CTX_set_purpose()
This function was previously incorrectly failing if it is called with
X509_PURPOSE_ANY. Add a test to catch this.

Reviewed-by: Ben Kaduk <kaduk@mit.edu>
(Merged from https://github.com/openssl/openssl/pull/17382)
2022-01-27 15:30:04 +00:00
Tomas Mraz
d450eb84c8 Fix IV length of DES EDE ECB implementations
Fixes #17587

Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17591)
2022-01-27 12:01:41 +11:00
Tomas Mraz
3bfb7239da test_gendhparam: Drop expected error output
Otherwise it sometimes confuses the TAP parser.

Fixes #17480

Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
(Merged from https://github.com/openssl/openssl/pull/17481)
2022-01-13 13:18:58 +01:00
Dmitry Belyavskiy
e5fb4b1469 Don't run TLSFuzzer tests when it is not properly set
Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17448)
2022-01-11 18:01:47 +01:00
Bernd Edlinger
21095479c0 Add a test case for the short password
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17441)
2022-01-08 13:02:05 +01:00
Dimitris Apostolou
e304aa87b3 Fix typos
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17392)
2022-01-05 12:37:20 +01:00
Dmitry Belyavskiy
db87f89b73 TLS Fuzzer: initial test infrastructure
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17340)
2022-01-05 11:24:51 +01:00
Dr. David von Oheimb
b971d4198d CMP mock server: add -ref_cert option and corresponding ossl_cmp_mock_srv_set1_refCert()
Fixes #16041

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16050)
2022-01-04 17:04:56 +01:00
Matt Caswell
805bdac5f3 Fix the symbol_presence test with a shlib_variant
If a shlib_variant is used then the dynamic version information for
symbols will be different from what the symbol presence test was
expecting. We just make it more liberal about what it accepts as dynamic
version information.

Fixes #17366

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17372)
2021-12-30 16:50:02 +00:00
Orr Toledano
1f8ce0c9fa Add tests for RNDR and combine tests with RDRAND
Add test cases for RNDR and RNDRRS. Combine tests for RDRAND and RNDR to
share common logic.

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15361)
2021-12-16 12:38:09 +01:00
Matt Caswell
0fcf2351ec Add a test case for the name constraints bug
Where a chain has name constraints but a certificate does not have a SAN
extension but the CN meets the constraints, then this should be acceptable.
However, and OpenSSL bug meant that an internal error was being reported.
This adds a test case for that scenario.

Test for CVE-2021-4044

Reviewed-by: Tomas Mraz <tomas@openssl.org>
2021-12-14 13:48:34 +00:00
Dr. David von Oheimb
20b0579cbf CMP test_commands.csv: improve test for -reqin, adding -reqin_new_tid
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17252)
2021-12-13 09:48:25 +01:00
Dr. David von Oheimb
22dd3f8b27 CMP test_verification.csv: add missing test case for -untrusted with non-matching cert
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17252)
2021-12-13 09:48:25 +01:00
Dr. David von Oheimb
7e5be5c326 CMP test_enrollment.csv: clean up test cases regarding (non-existing) directories
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17252)
2021-12-13 09:48:25 +01:00
Dr. David von Oheimb
5adda344c2 80-test_cmp_http_data/test_commands.csv: fix minor glitch in column alignment
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17224)
2021-12-09 18:05:26 +01:00
Dr. David von Oheimb
7ee0954a08 APPS/cmp: fix -rspin option such that it works again without -reqin
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17222)
2021-12-09 07:57:39 +01:00
Matt Caswell
d09f4501e4 Don't run the symbol presence test on windows
Fixes #17109

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17119)
2021-12-06 16:45:25 +01:00
Tomas Mraz
a44eb8421d test_rsa: Test for PVK format conversion
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17181)
2021-12-06 16:38:03 +01:00
Patrick Uiterwijk
0e9a265e42 Support different R_BITS lengths for KBKDF
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17063)
2021-11-24 11:02:53 +10:00
Bernd Edlinger
2595eef82c Add a test case for duplicate engine loading
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/17073)
2021-11-23 06:08:17 +01:00
Dr. David von Oheimb
e7313323cc 02-test_errstr.t: print errorcodes in hex (rather than decimal) format
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17056)
2021-11-22 14:38:18 +01:00
Dr. David von Oheimb
a6838c8d52 80-test_cmp_http: Make server diagnostics more verbose to aid debugging
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16051)
2021-11-17 12:43:17 +01:00
Dr. David von Oheimb
00cf3a2d30 25-test_req.t: Add systematic SKID+AKID tests for self-issued (incl. self-signed) certs
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/16342)
2021-11-11 20:18:56 +01:00
Dr. David von Oheimb
9bf1061c44 APPS/x509: Fix generation of AKID via v2i_AUTHORITY_KEYID()
Fixes #16300

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16442)
2021-11-08 09:15:13 +01:00
Tomas Mraz
051228353a test: fetching proper signature provider for non-exportable keys
Co-author: Selva Nair <selva.nair@gmail.com>

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16725)
2021-10-27 12:41:51 +02:00
Pauli
d4dfd983e3 test-rand: return failure on not enough data, allow parent
The test-rand RNG was returning success when it had some but insufficient data.
Now, it returns failure and doesn't advance the data pointer.

The test-rand RNG was failing when a parent was specified.  This case is now
ignored.

Fixes #16785

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16905)
2021-10-26 20:02:55 +10:00
Tomas Mraz
bf585c9c07 tests: Add test for X509_dup with ENGINE based key
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16648)
2021-10-25 14:32:43 +02:00
Richard Levitte
73970cb91f Fix test/recipes/01-test_symbol_presence.t to disregard version info
The output of 'nm -DPg' contains version info attached to the symbols,
which makes the test fail.  Simply dropping the version info makes the
test work again.

Fixes #16810 (followup)

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16840)
2021-10-14 19:03:28 +02:00