Commit Graph

26442 Commits

Author SHA1 Message Date
Dr. David von Oheimb
a812549108 test/run_tests.pl: Add visual separator after failed test case for VFP and VFP modes
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/12279)
2020-07-03 10:12:22 +02:00
Dr. David von Oheimb
e4522e1059 test/run_tests.pl: Enhance the semantics of HARNESS_VERBOSE_FAILURES (VF)
Make the improved semantics of VFO replace the previous VF and remove VFO
Add warnings about overriding use of HARNESS_VERBOSE* variables

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/12279)
2020-07-03 10:12:22 +02:00
Richard Levitte
ea4ee152a7 Configure: fix handling of build.info attributes with value
This line wasn't properly handled:

    SCRIPTS{misc,linkname=tsget}=tsget.pl

It generated an attribute "linkname=tsget" with the value 1, instead of
what it should have, an attribute "linkname" with the value "tsget".

Fixes #12341

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/12344)
2020-07-03 09:12:07 +02:00
Jon Spillett
e7869ef137 Fix up build issue when running cpp tests
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/12334)
2020-07-03 10:00:12 +10:00
Jakub Wilk
0c4444121c doc: Remove stray backtick
CLA: trivial

Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12329)
2020-07-03 09:51:11 +10:00
Richard Levitte
610e2b3b70 Configure: Check source and build dir equality a little more thoroughly
'absolutedir' does a thorough job ensuring that we have a "real" path
to both source and build directory, unencumbered by symbolic links.
However, that isn't enough on case insensitive file systems on Unix
flavored platforms, where it's possible to stand in, for example,
/PATH/TO/Work/openssl, and then do this:

    perl ../../work/openssl/Configure

... and thereby having it look like the source directory and the build
directory aren't the same.

We solve this by having a closer look at the computed source and build
directories, and making sure they are exactly the same strings if they
are in fact the same directory.

This is especially important when making symbolic links based on this
directories, but may have other ramifications as well.

Fixes #12323

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12337)
2020-07-02 18:53:25 +02:00
Nicola Tuveri
9576c498ca [test/README.md] minor fix of examples missing the test target
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/12326)
2020-07-02 16:48:15 +03:00
Nicola Tuveri
af3e8c298a Travis: default to HARNESS_JOBS=4
We can run tests in parallel by setting the HARNESS_JOBS environment
variable.

Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/12326)
2020-07-02 16:48:15 +03:00
Nicola Tuveri
a20c9075d6 Run tests in parallel
The environment variable `HARNESS_JOBS` can be used to control how many
jobs to run in parallel.  The default is still to run jobs sequentially.

This commit does not define custom `rules`, and different versions of
`TAP::Harness` come with different strategies regarding the default
`rules` that define which test recipes can be run in parallel.
In recent versions of Perl, unless specified otherwise any task can be
run in parallel.

Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/12326)
2020-07-02 16:47:17 +03:00
Nicola Tuveri
587e4e53f8 Fix memory leaks on OSSL_SERIALIZER_CTX_new_by_EVP_PKEY
Fixes #12303

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12304)
2020-07-02 16:45:14 +03:00
Miłosz Kaniewski
94941cada2 Free pre_proc_exts in SSL_free()
Usually it will be freed in tls_early_post_process_client_hello().
However if a ClientHello callback will be used and will return
SSL_CLIENT_HELLO_RETRY then tls_early_post_process_client_hello()
may never come to the point where pre_proc_exts is freed.

Fixes #12194

CLA: trivial

Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Ben Kaduk <kaduk@mit.edu>
(Merged from https://github.com/openssl/openssl/pull/12330)
2020-07-01 17:25:48 -07:00
Pauli
69f982679e doc: remove reference to the predecessor of SHA-1.
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12322)
2020-07-02 09:08:33 +10:00
Matt Caswell
0577959cea Don't forget our provider ctx when resetting
A number of the KDF reset functions were resetting a little too much

Fixes #12225

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/12229)
2020-07-01 11:31:45 +01:00
Dr. David von Oheimb
b4cb9498c9 X509v3_cache_extensions(): Improve coding style and doc, fix case 'sha1 == NULL'
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10587)
2020-07-01 11:14:54 +02:00
Dr. David von Oheimb
0d8dbb52e3 Add X509_self_signed(), extending and improving documenation and tests
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10587)
2020-07-01 11:14:54 +02:00
Dr. David von Oheimb
4cec750c2f Move doc of X509{,_REQ,_CRL}_verify{,_ex}() from X509_sign.pod to new X509_verify.pod
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10587)
2020-07-01 11:14:54 +02:00
Dr. David von Oheimb
0e7b1383e1 Fix issue 1418 by moving check of KU_KEY_CERT_SIGN and weakening check_issued()
Move check that cert signing is allowed from x509v3_cache_extensions() to
where it belongs: internal_verify(), generalize it for proxy cert signing.
Correct and simplify check_issued(), now checking self-issued (not: self-signed).
Add test case to 25-test_verify.t that demonstrates successful fix

Fixes #1418

Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10587)
2020-07-01 11:14:54 +02:00
Dr. David von Oheimb
d18c7ad66a Optimization and safety precaution in find_issuer() of x509_vfy.c:
candidate issuer cert cannot be the same as the subject cert 'x'

Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10587)
2020-07-01 11:14:54 +02:00
Dr. David von Oheimb
da1f88bf53 Add four more verify test cases on the self-signed Ed25519 and self-issed X25519 certs
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10587)
2020-07-01 11:14:54 +02:00
Dr. David von Oheimb
4acd484d55 Make x509 -force_pubkey test case with self-issued cert more realistic
by adding CA basic constraints, CA key usage, and key IDs to the cert
and by add -partial_chain to the verify call that trusts this cert

Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10587)
2020-07-01 11:14:54 +02:00
Dr. David von Oheimb
023697870b Refactor (without semantic changes) crypto/x509/{v3_purp.c,x509_vfy.c}
This prepares some corrections and improves readability (coding style).
Among others, it adds the static function check_sig_alg_match() and
the internal functions x509_likely_issued() and x509_signing_allowed().

Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10587)
2020-07-01 11:14:54 +02:00
Dr. David von Oheimb
ade08735f9 Improve documentation, layout, and code comments regarding self-issued certs etc.
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10587)
2020-07-01 11:14:54 +02:00
Matt Caswell
5188d0d55c Fix a typo on the SSL_dup page
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/12245)

(cherry picked from commit 0c3d0247a7)
2020-06-30 14:14:05 +01:00
Shane Lontis
9beffaf695 Fix CID-1464802
Improper use of negative value (It just needs to pass zero instead of -1).

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/12237)
2020-06-30 11:52:15 +10:00
Benny Baumann
2c9ba46c90 Force ssl/tls protocol flags to use stream sockets
Prior to this patch doing something like
  openssl s_client -dtls1 -tls1 ...
could cause s_client to speak TLS on a UDP socket
which does not normally make much sense.

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/12266)
2020-06-30 11:12:59 +10:00
Pauli
64fdea12be rand: include the CPU source in a build.
Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
(Merged from https://github.com/openssl/openssl/pull/12267)
2020-06-30 09:47:57 +10:00
Pauli
7f791b25eb rand: fix CPU and timer sources.
Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
(Merged from https://github.com/openssl/openssl/pull/12267)
2020-06-30 09:47:57 +10:00
Rich Salz
3121425830 Add --fips-key configuration parameter to fipsinstall application.
Change default FIPS HMAC KEY from all-zero's
Use default FIPSKEY if not given on command line.
Make all -macopt in fipsinstall optional
Make all tests, except fipsinstall, use the default -macopt and
-mac_name flags.
Define and use FIPSDIR variable on VMS/MMS.
Also use SRCDIR/BLDDIR in SRCTOP/BLDTOP.

Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/12235)
2020-06-29 12:20:41 +10:00
Dr. David von Oheimb
9afbb681ec INSTALL.md and NOTES.VALGRIND: Further cleanup of references and code/symbol quotation layout
Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/12232)
2020-06-28 21:10:52 +02:00
Dr. David von Oheimb
3a0b3cc905 Move test-related info from INSTALL.md to new test/README.md, updating references
Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/12232)
2020-06-28 20:55:39 +02:00
Richard Levitte
96e0445195 apps/openssl: clean-up of unused fallback code
Remove code in help_main() that duplicates the case when 'openssl' is
called with no arguments, which is now handled in main().

Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/12295)
2020-06-28 18:49:50 +02:00
Richard Levitte
c9741726c1 Configurations: drop toolchain from configuration targets
Some configuration targets pretend to be for a specific compiler, but
are more widely usable, and should reflect that.

[work in progress]

Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/11230)
2020-06-28 18:43:04 +02:00
Richard Levitte
16b0e0fcb3 DOC: Mention Configure consistently
'config' is now a mere wrapper for backward compatibility.
All documentation is changed accordingly.

Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/11230)
2020-06-28 18:43:04 +02:00
Richard Levitte
180626159e Configure: pick up options from older 'config'
These options were coded in util/perl/OpenSSL/config.pm, but that got
removed when the OpenSSL::config::main() function was removed.  We're
not putting them back, but in 'Configure'.

Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/11230)
2020-06-28 18:35:34 +02:00
Richard Levitte
bfa684622a util/perl/OpenSSL/config.pm: refactor guess_system()
There's no reason to have two different tables, when we can simply
detect if the tuple elements are code or scalar.  Furthermore, order
is important in some cases, and that order is harder not to say
impossible when maintaining two tables.

Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/11230)
2020-06-28 18:34:36 +02:00
Richard Levitte
019e3a0b6b util/perl/OpenSSL/config.pm: remove expand() and use eval
The strings we expand contain other variable references than just
${MACHINE}.  Instead of having to remember what to expand, we simply
evaluate the string as a, well, string.

Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/11230)
2020-06-28 18:34:36 +02:00
Richard Levitte
2f44c8151e config: Turn into a simple wrapper
Now that Configure called config.pm's functions directly, the 'config'
script doesn't have much else to do than to pass arguments.

Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/11230)
2020-06-28 18:34:36 +02:00
Richard Levitte
e39795af0a util/perl/OpenSSL/config.pm: refactor map_guess()
map_guess() is now table driven, just like get_system().
Additionally, it now takes a config hash table and returns one of its
own.  This way, 'Configure' can pass whatever it has already found to
OpenSSL::config::get_platform(), and easily merge the returned hash
table into its %config.

This also gets rid of variables that we no longer need.  That includes
$PERL and all the $__CNF_ environment variables.

Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/11230)
2020-06-28 18:34:35 +02:00
Richard Levitte
081436bf73 util/perl/OpenSSL/config.pm, Configure: move check of target with compiler
Previously, ./config would check if "$target-$CC", then "$target"
exists and choose the one that does.  This is now moved to Configure.

Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/11230)
2020-06-28 18:34:35 +02:00
Richard Levitte
a3310b182c util/perl/OpenSSL/config.pm: Rework determining compiler information
determine_compiler_settings() has been refactored to:

- find a compiler if none has been given by the user
- allow platform specific overrides, but only when the user didn't
  already specify a desired compiler
- figure out the compiler vendor and version, making sure that the
  version number is deterministic
- gather platform specific compiler information

Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/11230)
2020-06-28 18:34:35 +02:00
Richard Levitte
48704cc651 Remove OpenSSL::config::main(), it's not necessary
This also remove all option parsing.  We leave that to Configure.

Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/11230)
2020-06-28 18:34:35 +02:00
Richard Levitte
69aa579e6d util/perl/OpenSSL/config.pm: Prefer POSIX::uname() over piping the command
POSIX::uname() has the advantage to work on non-POSIX systems as well,
such as the Windows command prompt and VMS.

Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/11230)
2020-06-28 18:34:35 +02:00
Richard Levitte
33d5b4a68a util/perl/OpenSSL/config.pm: Don't detect removed directories in
This is much better handled in Configure.

[There's another PR moving this to Configure, so this commit should
eventually disappear because rebase]

Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/11230)
2020-06-28 18:34:35 +02:00
Rich Salz
4901b570ba Initial rewrite of config as a Perl module
- Use $^X; to find perl.
- Big re-ordering: Put all variables at the top, move most inline code into
  functions. The heart of the script now basically just calls
  functions to do its work.
- Unify warning text, add -w option
- Don't use needless (subshells)
- Ensure Windows gets a VC-xxx option
- Make config a perl module
- Top-level "config" command-line is a dummy that just calls the module.
  Added module stuff so that it can be called from Configure.

Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/11230)
2020-06-28 18:34:35 +02:00
Matt Caswell
92db29e5e8 Add a test to make sure ASYNC aware code gets the right default libctx
Even if a fibre changes the default libctx - or the main application code
changes it, the "current" default libctx should remain consistent.

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12228)
2020-06-28 10:55:52 +02:00
Matt Caswell
6c689e58f7 Make the ASYNC code default libctx aware
Since the default libctx is now stored in a thread local variable
swapping in and out of fibres in the ASYNC code could mean that the
"current" default libctx can get confused. Therefore we ensure that
everytime we call async_fibre_swapcontext() we always restore the default
libctx to whatever it was the last time the fibre ran. Similarly when
async_fibre_swapcontext() returns we need to restore the current thread's
default libctx.

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12228)
2020-06-28 10:55:52 +02:00
Richard Levitte
cfbd76c1a9 CORE: Add an internal function to distinguish the global default context
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12228)
2020-06-28 10:55:52 +02:00
Richard Levitte
e31eda006f TEST: Add test to exercise OPENSSL_CTX_set0_default()
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12228)
2020-06-28 10:55:51 +02:00
Richard Levitte
3bd65f9b5b Update NEWS and CHANGES
NEWS and CHANGES hasn't mentioned OPENSSL_CTX before, so adding entries now.

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12228)
2020-06-28 10:55:51 +02:00
Richard Levitte
5a9752756b CORE: Add OPENSSL_CTX_set0_default(), to set a default library context
Applications may want to set their own default library context,
possibly per-thread.  OPENSSL_CTX_set0_default() does that.

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12228)
2020-06-28 10:55:51 +02:00