Commit Graph

629 Commits

Author SHA1 Message Date
Matt Caswell
4b464e7b46 Fix ABI break with HMAC
Recent HMAC changes broke ABI compatibility due to a new field in HMAC_CTX.
This backs that change out, and does it a different way.

Thanks to Timo Teras for the concept.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-06-12 13:16:09 +01:00
Matt Caswell
68886be7e2 EC_POINT_is_on_curve does not return a boolean
The function EC_POINT_is_on_curve does not return a boolean value.
It returns 1 if the point is on the curve, 0 if it is not, and -1
on error. Many usages within OpenSSL were incorrectly using this
function and therefore not correctly handling error conditions.

With thanks to the Open Crypto Audit Project for reporting this issue.

Reviewed-by: Kurt Roeckx <kurt@openssl.org>
2015-06-10 10:43:53 +01:00
Richard Levitte
e36c5fc4f5 Make sure test/gost2814789test.c can see configuration macros
test/gost2814789test.c needs to include openssl/e_os2.h or it wouldn't
see the defined OPENSSL_NO_* macros.

Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-06-10 02:03:03 +02:00
Richard Levitte
acaff3b797 When making libcrypto from apps or test, make sure to include engines
For librypto to be complete, the stuff in both crypto/ and engines/
have to be built.  Doing 'make test' or 'make apps' from a clean
source tree failed to do so.
Corrected by using the new 'build_libcrypto' in the top Makefile.

Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-06-10 02:01:49 +02:00
Rich Salz
51b04a6117 No fprintf in the txt_db component
Also removed a source file that isn't built, and moved
another one to test for eventual fixing.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-06-09 12:39:08 -04:00
Richard Levitte
7ea9f90d77 Remove OPENSSL_CONF=/dev/null from tests
Almost two months ago, the warning about non-existing config file was
supressed by setting the environment variable OPENSSL_CONF to /dev/null
everywhere.  Now that this warning is gone, that practice is no longer
needed.

Reviewed-by: Stephen Henson <steve@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-05-29 12:41:50 +02:00
Emilia Kasper
15a06488fc Enable DH tests
In master, the 'dh' command is gone, so use 'dhparam' instead to
determine if we're compiled with DH.

Also, set "@SECLEVEL=1" for the weak DH test, so that it actually
passes.

Reviewed-by: Dr Stephen Henson <steve@openssl.org>
2015-05-27 17:22:56 +02:00
Dr. Stephen Henson
f2e19cb15e make update
Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-05-26 13:24:59 +01:00
Dr. Stephen Henson
351fe21402 Add PBE tests.
Add support for PKCS#12 and PBKDF2 password based encryption tests. Add
additional test data.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-05-26 13:04:13 +01:00
Emilia Kasper
e8356e32ae Fix ssltest to use 1024-bit DHE parameters
Also add more ciphersuite test coverage, and a negative test for
512-bit DHE.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(cherry picked from commit 1ee85aab75)
2015-05-26 12:49:26 +02:00
Richard Levitte
0f539dc1a2 Fix the update target and remove duplicate file updates
We had updates of certain header files in both Makefile.org and the
Makefile in the directory the header file lived in.  This is error
prone and also sometimes generates slightly different results (usually
just a comment that differs) depending on which way the update was
done.

This removes the file update targets from the top level Makefile, adds
an update: target in all Makefiles and has it depend on the depend: or
local_depend: targets, whichever is appropriate, so we don't get a
double run through the whole file tree.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-05-22 18:44:33 +02:00
Dr. Stephen Henson
941fbf711a correction
Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-05-21 12:48:03 +01:00
Emilia Kasper
de57d23729 Only support >= 256-bit elliptic curves with ecdh_auto (server) or by default (client).
Also reorder preferences to prefer prime curves to binary curves, and P-256 to everything else.

The result:

$ openssl s_server -named_curves "auto"

This command will negotiate an ECDHE ciphersuite with P-256:

$ openssl s_client

This command will negotiate P-384:

$ openssl s_client -curves "P-384"

This command will not negotiate ECDHE because P-224 is disabled with "auto":

$ openssl s_client -curves "P-224"

Reviewed-by: Kurt Roeckx <kurt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-05-20 15:47:51 +02:00
Dr. Stephen Henson
5a1d250906 make update
Reviewed-by: Emilia Käsper <emilia@openssl.org>
2015-05-20 14:01:19 +01:00
Dr. Stephen Henson
3b53e18a4f Add scrypt tests.
Add scrypt test support to evp_test and add test values from
from draft-josefsson-scrypt-kdf-03.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-05-20 12:21:31 +01:00
Matt Caswell
a3680c8f9c Version negotiation rewrite cleanup
Following the version negotiation rewrite all of the previous code that was
dedicated to version negotiation can now be deleted - all six source files
of it!!

Reviewed-by: Kurt Roeckx <kurt@openssl.org>
2015-05-16 09:20:38 +01:00
Matt Caswell
32ec41539b Server side version negotiation rewrite
This commit changes the way that we do server side protocol version
negotiation. Previously we had a whole set of code that had an "up front"
state machine dedicated to the negotiating the protocol version. This adds
significant complexity to the state machine. Historically the justification
for doing this was the support of SSLv2 which works quite differently to
SSLv3+. However, we have now removed support for SSLv2 so there is little
reason to maintain this complexity.

The one slight difficulty is that, although we no longer support SSLv2, we
do still support an SSLv3+ ClientHello in an SSLv2 backward compatible
ClientHello format. This is generally only used by legacy clients. This
commit adds support within the SSLv3 code for these legacy format
ClientHellos.

Server side version negotiation now works in much the same was as DTLS,
i.e. we introduce the concept of TLS_ANY_VERSION. If s->version is set to
that then when a ClientHello is received it will work out the most
appropriate version to respond with. Also, SSLv23_method and
SSLv23_server_method have been replaced with TLS_method and
TLS_server_method respectively. The old SSLv23* names still exist as
macros pointing at the new name, although they are deprecated.

Subsequent commits will look at client side version negotiation, as well of
removal of the old s23* code.

Reviewed-by: Kurt Roeckx <kurt@openssl.org>
2015-05-16 09:19:56 +01:00
Richard Levitte
7a05eaac5e Adjust unixly mk1mf after introduction of tkey
Added depencies on the public variants of some keys in test to Makefile.
Added the newly introduced key files from test/ in the list of files
to copy in util/pl/unix.pl.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-05-14 15:55:59 +02:00
Richard Levitte
c40dba984a make depend
Reviewed-by: Matt Caswell <matt@openssl.org>
2015-05-14 15:14:25 +02:00
Richard Levitte
6857079791 Identify and move OpenSSL internal header files
There are header files in crypto/ that are used by the rest of
OpenSSL.  Move those to include/internal and adapt the affected source
code, Makefiles and scripts.

The header files that got moved are:

crypto/constant_time_locl.h
crypto/o_dir.h
crypto/o_str.h

Reviewed-by: Matt Caswell <matt@openssl.org>
2015-05-14 15:13:49 +02:00
Matt Caswell
e36827f6d1 Remove remaining Kerberos references
Following on from the removal of libcrypto and libssl support for Kerberos
this commit removes all remaining references to Kerberos.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-05-13 15:08:10 +01:00
Matt Caswell
55a9a16f1c Remove Kerberos support from libssl
Remove RFC2712 Kerberos support from libssl. This code and the associated
standard is no longer considered fit-for-purpose.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-05-13 15:07:57 +01:00
Rich Salz
9a555706a3 Make COMP_CTX and COMP_METHOD opaque
Since COMP_METHOD is now defined in comp_lcl.h, it is no
longer possible to create new TLS compression methods without
using the OpenSSL source.  Only ZLIB is supported by default.
Also, since the types are opaque, #ifdef guards to use "char *"
instead of the real type aren't necessary.

The changes are actually minor.  Adding missing copyright to some
files makes the diff misleadingly big.

Reviewed-by: Matt Caswell <matt@openssl.org>
2015-05-12 10:24:48 -04:00
Rich Salz
75ebbd9aa4 Use p==NULL not !p (in if statements, mainly)
Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-05-11 10:06:38 -04:00
Rich Salz
86885c2895 Use "==0" instead of "!strcmp" etc
For the various string-compare routines (strcmp, strcasecmp, str.*cmp)
use "strcmp()==0" instead of "!strcmp()"

Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-05-06 22:37:53 -04:00
Richard Levitte
2455eaf43f Add a -CAserial argument for signing the user cert request
This is just to make sure that option is tested on a Unix build.  This
option is already present in ms/testss.bat, so it's an easy steal.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-05-06 19:43:59 +02:00
Gunnar Kudrjavets
4c9b0a0314 Initialize potentially uninitialized local variables
Compiling OpenSSL code with MSVC and /W4 results in a number of warnings.
One category of warnings is particularly interesting - C4701 (potentially
uninitialized local variable 'name' used). This warning pretty much means
that there's a code path which results in uninitialized variables being used
or returned. Depending on compiler, its options, OS, values in registers
and/or stack, the results can be nondeterministic. Cases like this are very
hard to debug so it's rational to fix these issues.

This patch contains a set of trivial fixes for all the C4701 warnings (just
initializing variables to 0 or NULL or appropriate error code) to make sure
that deterministic values will be returned from all the execution paths.

RT#3835

Signed-off-by: Matt Caswell <matt@openssl.org>

Matt's note: All of these appear to be bogus warnings, i.e. there isn't
actually a code path where an unitialised variable could be used - its just
that the compiler hasn't been able to figure that out from the logic. So
this commit is just about silencing spurious warnings.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-05-06 13:06:46 +01:00
Rich Salz
16f8d4ebf0 memset, memcpy, sizeof consistency fixes
Just as with the OPENSSL_malloc calls, consistently use sizeof(*ptr)
for memset and memcpy.  Remove needless casts for those functions.
For memset, replace alternative forms of zero with 0.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-05-05 22:18:59 -04:00
Rich Salz
45ddce21fa Remove the fake RLE compression method.
RLE is a no-op only for testing.  Remove it.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-05-04 15:14:26 -04:00
Rich Salz
b4faea50c3 Use safer sizeof variant in malloc
For a local variable:
        TYPE *p;
Allocations like this are "risky":
        p = OPENSSL_malloc(sizeof(TYPE));
if the type of p changes, and the malloc call isn't updated, you
could get memory corruption.  Instead do this:
        p = OPENSSL_malloc(sizeof(*p));
Also fixed a few memset() calls that I noticed while doing this.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-05-04 15:00:13 -04:00
Dr. Stephen Henson
bdcb1a2cf5 more OSSL_NELEM cases
Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-05-04 13:03:49 +01:00
Rich Salz
25aaa98aa2 free NULL cleanup -- coda
After the finale, the "real" final part. :)  Do a recursive grep with
"-B1 -w [a-zA-Z0-9_]*_free" to see if any of the preceeding lines are
an "if NULL" check that can be removed.

Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-05-01 14:37:16 -04:00
Ben Laurie
8b68b7e97b Use BN_ULONG format.
Reviewed-by: Andy Polyakov
2015-05-01 17:46:17 +01:00
Rich Salz
efa7dd6444 free NULL cleanup 11
Don't check for NULL before calling free functions. This gets:
        ERR_STATE_free
        ENGINE_free
        DSO_free
        CMAC_CTX_free
        COMP_CTX_free
        CONF_free
        NCONF_free NCONF_free_data _CONF_free_data
        A sk_free use within OBJ_sigid_free
        TS_TST_INFO_free (rest of TS_ API was okay)
        Doc update for UI_free (all uses were fine)
        X509V3_conf_free
        X509V3_section_free
        X509V3_string_free

Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-05-01 10:15:18 -04:00
Rich Salz
b548a1f11c free null cleanup finale
Don't check for NULL before calling OPENSSL_free

Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-05-01 10:02:07 -04:00
Rich Salz
23a1d5e97c free NULL cleanup 7
This gets BN_.*free:
    BN_BLINDING_free BN_CTX_free BN_FLG_FREE BN_GENCB_free
    BN_MONT_CTX_free BN_RECP_CTX_free BN_clear_free BN_free BUF_MEM_free

Also fix a call to DSA_SIG_free to ccgost engine and remove some #ifdef'd
dead code in engines/e_ubsec.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-04-30 21:37:06 -04:00
Rich Salz
b196e7d936 remove malloc casts
Following ANSI C rules, remove the casts from calls to
OPENSSL_malloc and OPENSSL_realloc.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-04-28 15:28:14 -04:00
Rich Salz
2f58faad66 Remove the special list-xxxx commands
There's a new "list" command, which takes a flag to say what
to list.  Removing the old hacky commands.  Re-ordered some
functions to remove some needless declarations.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-04-26 10:31:48 -04:00
Rich Salz
3dca57f8ca ssltest output cleanup
Make only errors go to stderr.
Print count and size before the loop, so you can see it's an 838K
message that will take a few moments.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-04-21 15:52:51 -04:00
Richard Levitte
a169a93a6f test/Makefile dclean cleans out a few files too many.
The files removed are the ones that were symbolic links before, but
aren't now, so we should not remove them any more.

Reviewed-by: Stephen Henson <steve@openssl.org>
2015-04-21 21:16:54 +02:00
Rich Salz
fec669388c Use 2K RSA and SHA256 in tests
Reviewed-by: Andy Polyakov <appro@openssl.org>
2015-04-20 07:23:04 -04:00
Viktor Dukhovni
323daa74fc SunOS non-posix shells do not grok export name=value
Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-04-17 01:33:51 -04:00
Viktor Dukhovni
61986d32f3 Code style: space after 'if'
Reviewed-by: Matt Caswell <matt@openssl.org>
2015-04-16 13:44:59 -04:00
Rich Salz
e0e920b1a0 free NULL cleanup 9
Ongoing work to skip NULL check before calling free routine.  This gets:
    ecp_nistz256_pre_comp_free nistp224_pre_comp_free nistp256_pre_comp_free
    nistp521_pre_comp_free PKCS7_free PKCS7_RECIP_INFO_free
    PKCS7_SIGNER_INFO_free sk_PKCS7_pop_free PKCS8_PRIV_KEY_INFO_free
    PKCS12_free PKCS12_SAFEBAG_free PKCS12_free sk_PKCS12_SAFEBAG_pop_free
    SSL_CONF_CTX_free SSL_CTX_free SSL_SESSION_free SSL_free ssl_cert_free
    ssl_sess_cert_free

Reviewed-by: Kurt Roeckx <kurt@openssl.org>
2015-04-11 16:32:54 -04:00
Rich Salz
62adbcee39 free NULL cleanup 10
Avoid checking for NULL before calling free functions.  This gets
ssl.*free:
    ssl_sess_cert_free ssl_free ssl_excert_free ssl_cert_free
    SSL_free SSL_SRP_CTX_free SSL_SESSION_free SSL_CTX_free
    SSL_CTX_SRP_CTX_free SSL_CONF_CTX_free

Reviewed-by: Kurt Roeckx <kurt@openssl.org>
2015-04-11 10:22:36 -04:00
Dr. Stephen Henson
9fdbc9df76 Fix ECDH detection, add ECDH keyid test.
Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-04-10 18:51:52 +01:00
Viktor Dukhovni
34b0a927ab Polish shell script to avoid needless complexity.
No need for here documents, just use "yes" or </dev/null.
No need for "|| exit 1" clauses, just use "set -e".

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-04-10 12:28:07 -04:00
Rich Salz
e71cecd551 fix to "test script cleanup"
Fix commit 30f54ad295 which used
non-portable syntax for checking exit status.

Reviewed-by: Matt Caswell <matt@openssl.org>
2015-04-10 11:40:25 -04:00
Rich Salz
30f54ad295 test script cleanup
Removed commented-out tests

Standardize on doing
        cmd ... || exit 1
instead of
        cmd ...
        if [ $? != 0] ; then
           exit 1
        fi
where that if statement has ben one, three, or four lines, variously.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-04-10 10:06:17 -04:00
Rich Salz
be739b0cc0 Drop CA.sh for CA.pl
Remove CA.sh script and use CA.pl for testing, etc.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-04-08 14:07:39 -04:00
Rich Salz
5adac91eab consistent test-start logging
Output a consistent "start" marker for each test.
Remove "2>/dev/null" from Makefile command lines.
Add OPENSSL_CONFIG=/dev/null for places where it's needed, in
order to suppress a warning message from the openssl CLI.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-04-08 12:28:15 -04:00
Rich Salz
22ebaae08c Fewer newlines in comp method output
Print "supported compression methods" all on one line.

Reviewed-by: Andy Polyakov <appro@openssl.org>
2015-04-02 15:58:10 -04:00
Emilia Kasper
11305038e9 make update
Reviewed-by: Matt Caswell <matt@openssl.org>
2015-04-01 22:31:28 +02:00
Richard Levitte
a80e33b991 Remove EXHEADER, TEST, APPS, links:, install: and uninstall: where relevant
With no more symlinks, there's no need for those variables, or the links
target.  This also goes for all install: and uninstall: targets that do
nothing but copy $(EXHEADER) files, since that's now taken care of by the
top Makefile.

Also, removed METHTEST from test/Makefile.  It looks like an old test that's
forgotten...

Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-03-31 20:16:01 +02:00
Richard Levitte
dee502be89 Stop symlinking, move files to intended directory
Rather than making include/openssl/foo.h a symlink to
crypto/foo/foo.h, this change moves the file to include/openssl/foo.h
once and for all.

Likewise, move crypto/foo/footest.c to test/footest.c, instead of
symlinking it there.

Originally-by: Geoff Thorpe <geoff@openssl.org>

Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-03-31 20:16:01 +02:00
Dr. Stephen Henson
79a578b902 Add private/public key conversion tests
Reviewed-by: Matt Caswell <matt@openssl.org>
2015-03-29 03:26:12 +01:00
Matt Caswell
266483d2f5 RAND_bytes updates
Ensure RAND_bytes return value is checked correctly, and that we no longer
use RAND_pseudo_bytes.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-03-25 12:38:07 +00:00
Dr. Stephen Henson
86d20cb6fd make depend
Reviewed-by: Matt Caswell <matt@openssl.org>
2015-03-24 12:05:05 +00:00
Matt Caswell
3c381e5423 Add DTLS tests to make test
Updated test/testssl script to include the new DTLS capability in ssltest.

Reviewed-by: Emilia Käsper <emilia@openssl.org>
2015-03-20 12:00:56 +00:00
Richard Levitte
cdca82dcde Catch up the VMS build.
crypto/crypto-lib.com - catch up with the OCSP changes
test/maketest.com and test/tests.com - catch up with the addition of test_evp_extra

Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-03-05 18:20:06 +01:00
Matt Caswell
71ea6b4836 Import evp_test.c from BoringSSL. Unfortunately we already have a file
called evp_test.c, so I have called this one evp_extra_test.c

Reviewed-by: Emilia Käsper <emilia@openssl.org>
2015-02-25 17:12:53 +00:00
Rich Salz
05c3234ddf ui_compat cleanup; makefiles and vms
Remove ui_compat.h from Makefile dependencies
And from two VMS build/install scripts.

Reviewed-by: Matt Caswell <matt@openssl.org>
2015-02-06 16:49:17 -05:00
Dr. Stephen Henson
5496cd3e5d More unused FIPS module code.
Remove fips_algvs.c

Remove unused fips module build code from Configure and Makefile.org
Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-02-04 18:54:36 +00:00
Rich Salz
24956ca00f Remove old DES API
Includes VMS fixes from Richard.
Includes Kurt's destest fixes (RT 1290).
Closes tickets 1290 and 1291

Reviewed-by: Kurt Roeckx <kurt@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-02-02 18:46:01 -05:00
Andy Polyakov
5da05a26f2 cms-test.pl: "localize" /dev/null even further [as follow-up to VMS].
Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-02-02 15:27:07 +01:00
Richard Levitte
4938ebc406 Since SHA0 was completely removed, also remove the related test
Reviewed-by: Andy Polyakov <appro@openssl.org>
2015-01-30 15:14:48 +01:00
Richard Levitte
e00ab250c8 VMS exit codes weren't handled well enough and were unclear
Making a specific variable $failure_code and a bit of commenting in the
VMS section should help clear things up.

Reviewed-by: Andy Polyakov <appro@openssl.org>
2015-01-30 14:44:36 +01:00
Richard Levitte
36ed7adfbc VMS adjustments:
test/cms-test.pl adjusted to handle NL: instead of /dev/null on VMS

Reviewed-by: Andy Polyakov <appro@openssl.org>
2015-01-30 14:44:18 +01:00
Richard Levitte
132536f96e VMS adjustments:
catch up with the Unix build.
A number of new tests, among others test/tocsp.com
Define INTERNAL in ssl/ssl-lib.com to allow for '#include "internal/foo.h"'

Reviewed-by: Andy Polyakov <appro@openssl.org>
2015-01-30 14:43:57 +01:00
Matt Caswell
35a1cc90bc More comment realignment
Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-01-22 09:20:10 +00:00
Matt Caswell
0f113f3ee4 Run util/openssl-format-source -v -c .
Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-01-22 09:20:09 +00:00
Rich Salz
9405a9a2e1 RT478: Add uninstall make target
Add INSTALLDIRS variable, list of directories where things get
installed. Change install_html_docs to use perl mkdir-p script.

Add uninstall, uninstall_sw, uninstall_docs, uninstall_html_docs
to Makefile.org.  The actions of these targets were figured out
by "inverting" the install target.

Recurse into subdirs to do uninstall as needed.  Added uninstall
targets whose actions were similarly figured out by "inverting"
the install target.

Also remove some 'space before tab' complaints in Makefile.org

Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-01-12 10:28:05 -05:00
Tim Hudson
1d97c84351 mark all block comments that need format preserving so that
indent will not alter them when reformatting comments

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
2014-12-30 22:10:26 +00:00
Matt Caswell
6385043fa1 make update following changes to default config settings
Reviewed-by: Rich Salz <rsalz@openssl.org>
2014-12-18 19:57:22 +00:00
Matt Caswell
ad500fdc49 Rename gost2814789t.c to gost2814789test.c. The old name caused problems
for dummytest if gost is compiled out, since the name of the test is not
standard (dummytest segfaults). Also the old name caused problems for git
because the executable was not in the .gitignore file

Reviewed-by: Emilia Käsper <emilia@openssl.org>
2014-12-16 14:14:03 +00:00
Matt Caswell
af6e2d51bf Add OPENSSL_NO_ECDH guards
Reviewed-by: Emilia Käsper <emilia@openssl.org>
2014-12-16 14:13:45 +00:00
Matt Caswell
fd0ba77717 make update
Reviewed-by: Tim Hudson <tjh@openssl.org>
2014-12-11 23:52:47 +00:00
Matt Caswell
85bcf27ccc Prepare for bn opaquify. Implement internal helper functions.
Reviewed-by: Tim Hudson <tjh@openssl.org>
2014-12-08 21:40:12 +00:00
Dr. Stephen Henson
cc2f1045d1 make depend
Reviewed-by: Tim Hudson <tjh@openssl.org>
2014-12-08 13:25:38 +00:00
Dr. Stephen Henson
a42366a406 Remove fips utility build rules from test/Makefile
The fips test utilities are only build if an FIPS module is being
built from source. As this isn't done in master these are redundant.
Reviewed-by: Tim Hudson <tjh@openssl.org>
2014-12-08 13:23:48 +00:00
Kurt Roeckx
45f55f6a5b Remove SSLv2 support
The only support for SSLv2 left is receiving a SSLv2 compatible client hello.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2014-12-04 11:55:03 +01:00
Rich Salz
8cfe08b4ec Remove all .cvsignore files
Reviewed-by: Tim Hudson <tjh@openssl.org>
2014-11-28 18:32:43 -05:00
Matt Caswell
d253c9cd30 Fixed cms-test.pl for no-ec2m
Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
2014-11-18 13:01:45 +00:00
Emilia Kasper
51b7be8d5f make update
Sync libeay.num from 1.0.2

Reviewed-by: Dr Stephen Henson <steve@openssl.org>
2014-09-23 18:37:23 +02:00
Emilia Kasper
2f32016bb9 make update
Reviewed-by: Dr Stephen Henson <steve@openssl.org>
2014-09-05 17:19:36 +02:00
Emilia Kasper
5a3d21c058 Constant-time utilities
Pull constant-time methods out to a separate header, add tests.

Reviewed-by: Bodo Moeller <bodo@openssl.org>
2014-08-28 15:48:45 +02:00
Emilia Kasper
f0ca9ccaef make depend
Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
2014-08-14 15:24:58 +02:00
Dr. Stephen Henson
562fd0d883 Test SRP authentication ciphersuites.
Reviewed-by: Matt Caswell <matt@openssl.org>
2014-08-09 13:21:29 +01:00
Dr. Stephen Henson
8e55e6de45 Don't call setenv in gost2814789t.c
The call to setenv in gost2814789t.c is not portable and may
not reflect the location of the GOST ENGINE on all platforms anyway.
Instead set OPENSSL_ENGINES in test/Makefile
Reviewed-by: Geoff Thorpe <geoff@openssl.org>
2014-07-24 18:18:54 +01:00
Dr. Stephen Henson
841072ef65 Add test header, sync ordinals with 1.0.2
Reviewed-by: Tim Hudson <tjh@openssl.org>
2014-07-20 20:51:06 +01:00
Mike Bland
b2e50bcd0e Check the test registry size during add_test()
Reviewed-by: Tim Hudson <tjh@openssl.org>
2014-07-19 19:24:36 +01:00
Mike Bland
6017a55143 Use testutil registry in heartbeat_test
Reviewed-by: Tim Hudson <tjh@openssl.org>
2014-07-19 19:24:35 +01:00
Mike Bland
5e3de8e609 test/testutil.c test registry functions.
These help standardize the structure of main() and result reporting.

Reviewed-by: Tim Hudson <tjh@openssl.org>
2014-07-19 19:24:35 +01:00
Ben Laurie
e3ba6a5f83 Make depend. 2014-06-30 16:03:29 +01:00
Andy Polyakov
77a27a5066 Enable multi-block support by default. 2014-06-11 20:40:51 +02:00
Mike Bland
3ead9f3798 Create test/testutil.h for unit test helper macros
Defines SETUP_TEST_FIXTURE and EXECUTE_TEST, and updates ssl/heartbeat_test.c
using these macros. SETUP_TEST_FIXTURE makes use of the new TEST_CASE_NAME
macro, defined to use __func__ or __FUNCTION__ on platforms that support those
symbols, or to use the file name and line number otherwise. This should fix
several reported build problems related to lack of C99 support.
2014-06-10 19:20:25 +01:00
Kurt Roeckx
95fe635d90 Link heartbeat_test with the static version of the libraries
It's using an internal API that that might not be available in the shared
library.
2014-06-09 00:10:24 +01:00
Peter Mosmans
028bac0670 Fix for test_bn regular expression to work on Windows using MSYS. PR#3346 2014-05-27 23:29:32 +01:00
Christian Heimes
56431240ae add test case to makefiles 2014-05-25 17:35:04 +01:00
Ben Laurie
f41231d62a Make it build/run. 2014-05-19 17:39:41 +01:00
Mike Bland
6af080acaf Unit/regression test for TLS heartbeats.
Regression test against CVE-2014-0160 (Heartbleed).

More info: http://mike-bland.com/tags/heartbleed.html
2014-05-19 17:39:41 +01:00
Andy Polyakov
687403fb24 test/Makefile: allow emulated test (e.g. under wine).
Submitted by: Roumen Petrov
2014-03-06 14:08:02 +01:00
Dr. Stephen Henson
4cfeb00be9 make depend 2014-02-19 20:09:08 +00:00
Trevor Perrin
c655f40ed2 Require ServerInfo PEMs to be named "BEGIN SERVERINFO FOR"... 2013-09-13 19:32:55 -07:00
Veres Lajos
478b50cf67 misspellings fixes by https://github.com/vlajos/misspell_fixer 2013-09-05 21:39:42 +01:00
Ben Laurie
d5605699a1 Correctly test for no-ec. 2013-08-21 04:21:57 +01:00
Dr. Stephen Henson
b85f8afe37 Don't run ECDH CMS tests if EC disabled. 2013-08-17 17:41:14 +01:00
Dr. Stephen Henson
bbc098ffb3 Add X9.42 DH test. 2013-08-05 16:23:22 +01:00
Dr. Stephen Henson
75787fd833 Add X9.42 DH certificate to S/MIME test 2013-08-05 16:23:22 +01:00
Adam Langley
a898936218 Add tests for ALPN functionality.
Conflicts:
	ssl/ssltest.c
2013-07-22 15:47:48 +01:00
Dr. Stephen Henson
584ac22110 Make ecdsatest work with nonces.
Update ecdsatest to use ECDSA_sign_setup and ECDSA_sign_ex, this
avoids the nonce generation which would otherwise break the test.

Reinstate ecdsatest.
2013-07-19 14:11:43 +01:00
Dr. Stephen Henson
527c898ce8 Temporarily disable ECDSA test.
Disable ECDSA test temporarily: it is incompatible with ECDSA nonces.
2013-07-19 13:46:48 +01:00
Dr. Stephen Henson
5cdc25a754 New CMS tests.
Add some ECDH CMS tests.
2013-07-17 21:45:01 +01:00
Dr. Stephen Henson
a0957d5505 Scripts to recreate S/MIME test certificates.
Add a script to generate keys and certificates for the S/MIME and CMS
tests.

Update certificates and add EC examples.
2013-07-17 21:45:01 +01:00
Dr. Stephen Henson
32b18e0338 Add new CMS tests.
Add new tests to cms-test.pl covering PSS and OAEP.
2013-06-21 23:43:06 +01:00
Trevor
9cd50f738f Cleanup of custom extension stuff.
serverinfo rejects non-empty extensions.

Omit extension if no relevant serverinfo data.

Improve error-handling in serverinfo callback.

Cosmetic cleanups.

s_client documentation.

s_server documentation.

SSL_CTX_serverinfo documentation.

Cleaup -1 and NULL callback handling for custom extensions, add tests.

Cleanup ssl_rsa.c serverinfo code.

Whitespace cleanup.

Improve comments in ssl.h for serverinfo.

Whitespace.

Cosmetic cleanup.

Reject non-zero-len serverinfo extensions.

Whitespace.

Make it build.
2013-06-18 16:13:08 +01:00
Trevor
a398f821fa Add support for arbitrary TLS extensions.
Contributed by Trevor Perrin.
2013-06-12 17:01:13 +01:00
Ben Laurie
92584bd3d5 Tests pass! 2013-05-05 16:15:34 +01:00
Ben Laurie
29d422e2a0 Make sure all tests are actually run, plus some fixups for things that
turn out to be made somewhere by existing Makefiles.
2013-04-07 16:52:54 +01:00
Ben Laurie
ea4507ee1c Fix test_ss. 2013-04-06 15:13:12 +01:00
Ben Laurie
3426b8ed3f Avoid collisions. 2013-04-06 15:13:12 +01:00
Ben Laurie
f5cd3db541 Make session ID test work. 2013-04-06 15:13:12 +01:00
Ben Laurie
15e5f592c1 Make S/MIME test work. 2013-04-06 15:13:11 +01:00
Ben Laurie
509a83dd36 Make RSA test work. 2013-04-06 15:13:11 +01:00
Ben Laurie
8c7f5f3bec Make PKCS#7 test work. 2013-04-06 15:13:11 +01:00
Ben Laurie
3675fb882c More progress towards working tests. 2013-04-06 15:13:11 +01:00
Ben Laurie
3b4d86bff5 Get closer to a working single Makefile with test support. 2013-04-06 15:11:11 +01:00
Andy Polyakov
c5d975a743 Add support for SPARC T4 DES opcode. 2013-03-31 14:32:05 +02:00
Ben Laurie
975dfb1c6c make depend. 2013-02-21 18:17:38 +00:00
Adam Langley
32620fe9d1 Fix for EXP-RC2-CBC-MD5
MD5 should use little endian order. Fortunately the only ciphersuite
affected is EXP-RC2-CBC-MD5 (TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5) which
is a rarely used export grade ciphersuite.
(cherry picked from commit f306b87d76)
2013-02-06 16:11:31 +00:00
Ben Laurie
6f0a93b069 Merge branch 'master' of openssl.net:openssl 2013-01-19 17:35:41 +00:00
Andy Polyakov
26906f2d93 engines/ccgost: add test case.
Submitted by: Serguei Leontiev
PR: 2821
2013-01-19 17:56:56 +01:00
Ben Laurie
a6bbbf2ff5 Make "make depend" work on MacOS out of the box. 2013-01-19 14:14:30 +00:00
Dr. Stephen Henson
48b0951681 Fix tocsp: we don't need -trust_other any more.
Fix typo.
2012-12-21 18:32:33 +00:00
Dr. Stephen Henson
032b33059e Update test OCSP script "tocsp" to use shell functions and to use
December 17th as check date to avoid certificate expiry errors.
2012-12-20 18:48:11 +00:00
Ben Laurie
fefc111a2a Make openssl verify return errors. 2012-12-11 16:05:14 +00:00
Ben Laurie
ec40e5ff42 Tabification. Remove accidental duplication. 2012-12-10 16:52:17 +00:00
Ben Laurie
30c278aa6b Fix OCSP checking. 2012-12-07 18:47:47 +00:00
Dr. Stephen Henson
98a7edf9f0 make depend 2012-11-19 13:18:09 +00:00
Dr. Stephen Henson
d88926f181 PR: 2909
Contributed by: Florian Weimer <fweimer@redhat.com>

Fixes to X509 hostname and email address checking. Wildcard matching support.
New test program and manual page.
2012-11-18 15:13:55 +00:00
Andy Polyakov
536a16435b util/fipslink.pl: further adjustments. 2012-10-27 23:36:43 +00:00
Andy Polyakov
cfb399ad55 test_t4: cover even Camellia. 2012-10-25 12:10:44 +00:00
Andy Polyakov
c5f6da54fc Add SPARC T4 AES support.
Submitted by: David Miller
2012-10-06 18:08:09 +00:00
Andy Polyakov
799379215e test_aesni: harmonize with AES-NI support at EVP layer. 2012-07-15 13:38:51 +00:00
Ben Laurie
71fa451343 Version skew reduction: trivia (I hope). 2012-06-03 22:00:21 +00:00
Dr. Stephen Henson
84b6e277d4 make update 2011-12-27 14:46:03 +00:00
Dr. Stephen Henson
be16cc23c6 detect and use older PKITS data 2011-12-11 16:39:25 +00:00
Dr. Stephen Henson
3bfe583b8d add commented out option to allow use of older PKITS data 2011-12-10 00:49:55 +00:00
Dr. Stephen Henson
69569dd168 Add support for memory leak checking in fips_algvs.
Fix many memory leaks in algorithm test utilities.
2011-11-02 19:17:30 +00:00
Dr. Stephen Henson
3ec9dceb15 Add fips_algvs utility (from FIPS 2.0 stable branch). 2011-11-02 00:57:22 +00:00