Commit Graph

19695 Commits

Author SHA1 Message Date
Rich Salz
b66411f6cd Convert more tests
recordlentest, srptest, ecdsatest, enginetest, pbelutest

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3237)
2017-04-18 14:34:43 -04:00
Robbie Harwood
0fef74486e [extended tests] Enable krb5 tests in Travis
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2022)
2017-04-18 19:10:25 +02:00
Robbie Harwood
483bc2dcd3 Fix formatting of PYCA external test instructions
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2022)
2017-04-18 19:10:25 +02:00
Robbie Harwood
77edd02f34 Update external test README for running krb5
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2022)
2017-04-18 19:10:25 +02:00
Robbie Harwood
7c82f5673b Add external krb5 test support
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2022)
2017-04-18 19:10:25 +02:00
Thiago Arrais
800b5dac00 update docs because depth refers only to intermediate certs
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3132)
2017-04-18 11:06:27 -04:00
Andy Polyakov
786b6a45fb asn1/a_int.c: clean up asn1_get_int64.
Trouble was that integer negation wasn't producing *formally* correct
result in platform-neutral sense. Formally correct thing to do is
-(int64_t)u, but this triggers undefined behaviour for one value that
would still be representable in ASN.1. The trigger was masked with
(int64_t)(0-u), but this is formally inappropriate for values other
than the problematic one. [Also reorder branches to favour most-likely
paths and harmonize asn1_string_set_int64 with asn1_get_int64].]

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3231)
2017-04-17 21:10:27 +02:00
Rich Salz
5c8e9d531b [squash]Build works with/out NO_ENGINE and NO_AFALG
Reviewed-by: Andy Polyakov <appro@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3229)
2017-04-16 21:57:22 -04:00
Rich Salz
529243992b Convert afalgtest
Reviewed-by: Andy Polyakov <appro@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3229)
2017-04-16 21:57:22 -04:00
Rich Salz
0c44545c0f Catch EC_R_UNKNOWN_GROUP in check_unsupported()
If EC support is enabled we should catch also EC_R_UNKNOWN_GROUP as an hint to
an unsupported algorithm/curve (e.g. if binary EC support is disabled).

Before this commit the issue arise for example if binary EC keys are added in
evptests.txt, and the test is run when EC is enabled but EC2m is disabled.

E.g. adding these lines to evptests.txt would reproduce the issue:

~~~

PrivateKey=KAS-ECC-CDH_K-163_C0
-----BEGIN PRIVATE KEY-----
MGMCAQAwEAYHKoZIzj0CAQYFK4EEAAEETDBKAgEBBBUAZlO2B3OY+tx79eYBWBcB
SMPcRSehLgMsAAQHH4sod9YCfZwa3kJE8t6hJpLvI9UFwV7ndiIccrhLNHzjg/OA
Z7icPpo=
-----END PRIVATE KEY-----

PublicKey=KAS-ECC-CDH_K-163_C0-PUBLIC
-----BEGIN PUBLIC KEY-----
MEAwEAYHKoZIzj0CAQYFK4EEAAEDLAAEBx+LKHfWAn2cGt5CRPLeoSaS7yPVBcFe
53YiHHK4SzR844PzgGe4nD6a
-----END PUBLIC KEY-----

PublicKey=KAS-ECC-CDH_K-163_C0-Peer-PUBLIC
-----BEGIN PUBLIC KEY-----
MEAwEAYHKoZIzj0CAQYFK4EEAAEDLAAEBXQjbxQoxDITCUZ4Ols6q7bCfqXWB5CM
JRuNoCHLrCgfEj969PrFs9u4
-----END PUBLIC KEY-----

Derive=KAS-ECC-CDH_K-163_C0
PeerKey=KAS-ECC-CDH_K-163_C0-Peer-PUBLIC
Ctrl=ecdh_cofactor_mode:1
SharedSecret=04325bff38f1b0c83c27f554a6c972a80f14bc23bc

~~~

Reviewed-by: Andy Polyakov <appro@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3226)
2017-04-16 21:46:31 -04:00
Kurt Roeckx
ff54cd9beb Optionally check for early data
This adds a way to use the last byte of the buffer to change the
behavior of the server. The last byte is used so that the existing
corpus can be reused either without changing it, or just adding a single
byte, and that it can still be used by other projects.

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Andy Polyakov <appro@openssl.org>
GH: #2683
2017-04-16 19:30:15 +02:00
Kurt Roeckx
14a6570f31 Use a fixed time when fuzzing.
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Andy Polyakov <appro@openssl.org>
GH: #2683
2017-04-16 19:30:15 +02:00
Kurt Roeckx
930aa9eeed Document how to update the corpus.
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Andy Polyakov <appro@openssl.org>
GH: #2683
2017-04-16 19:30:14 +02:00
Kurt Roeckx
b534df96c9 Make x509 and asn1 fuzzer reproducible
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Andy Polyakov <appro@openssl.org>
GH: #2683
2017-04-16 19:30:14 +02:00
Kurt Roeckx
644fb113a0 Switch libfuzzer to use trace-pc-guard
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Andy Polyakov <appro@openssl.org>
GH: #2683
2017-04-16 19:30:14 +02:00
Rich Salz
cad3f9dacb Add -f -r flags to find-unused-errs
Reviewed-by: Andy Polyakov <appro@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3230)
2017-04-16 07:57:12 -04:00
Nicola Tuveri
7db0289ea7 Reformat evptests.txt
When compiling without EC support the test fails abruptly reading some keys.
Some keys merged in commit db04055 start with
------BEGIN EC PRIVATE KEY-----

this format is not supported without EC support.

This commit reformat those keys with the generic format. After this change the
test simply skips the unsupported EC keys when EC is disabled, without parsing
errors.

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Andy Polyakov <appro@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3223)
2017-04-14 08:19:19 -04:00
Nicola Tuveri
a81c33ef65 Remove ecdhtest.c
All tests from ecdhtest.c have been ported to evptests.txt

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3219)
2017-04-14 07:55:22 -04:00
Nicola Tuveri
821d6c6d81 ecdhtest.c: move co-factor ECDH KATs to evptests
move NIST SP800-56A co-factor ECDH KATs from ecdhtest.c to evptests.txt

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3219)
2017-04-14 07:55:22 -04:00
Rich Salz
4afc60605a WIP: Convert ui,v3ext,verify_extra_test
verify_extra_test still failing :(

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3194)
2017-04-14 07:45:46 -04:00
Todd Short
80b06b0cc0 Fix unit tests when no-bf configured
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3206)
2017-04-14 07:33:45 -04:00
Andy Polyakov
b997adb3a5 asn1/a_int.c: don't write result if returning error.
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3192)
2017-04-14 11:56:39 +02:00
Andy Polyakov
6d4321fc24 asn1/a_int.c: simplify asn1_put_uint64.
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3192)
2017-04-14 11:56:32 +02:00
Andy Polyakov
a3ea6bf0ef asn1/a_int.c: remove code duplicate and optimize branches,
i.e. reduce amount of branches and favour likely ones.

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3192)
2017-04-14 11:55:06 +02:00
Andy Polyakov
93f725a3fc testlib/OpenSSL/Test.pm: keep default input private.
If $_ is not private, it can wipe caller's one, which proved to be
problematic...

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
2017-04-14 10:01:24 +02:00
Pauli
d063add7cb Guarantee single argument evaluation for test macros.
Add test case that checks some of them.

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3208)
2017-04-13 08:33:12 -04:00
Pauli
a24c1e2243 Update the internal siphash tests to use the framework's output.
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3212)
2017-04-13 10:36:52 +02:00
Pauli
026aebb3ea Split the CAST tests up.
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3211)
2017-04-13 10:31:34 +02:00
Richard Levitte
9612e15760 ASN.1: adapt our use of INTxx et al by making them explicitely embedded
Fixes #3191

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3199)
2017-04-13 10:23:31 +02:00
Richard Levitte
da26ff3085 ASN.1: change INTxx, UINTxx and Z variants to be embedable
Fixes #3191

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3199)
2017-04-13 10:23:31 +02:00
Richard Levitte
49005bb8b3 ASN.1: extend the possibilities to embed data instead of pointers
Also, when "allocating" or "deallocating" an embedded item, never call
prim_new() or prim_free().  Call prim_clear() instead.

Fixes #3191

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3199)
2017-04-13 10:23:31 +02:00
Richard Levitte
8edefd7bb3 Test printing of ASN.1 types INTxx et al
[extended tests]

Reviewed-by: Andy Polyakov <appro@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3190)
2017-04-12 23:18:00 +02:00
Todd Short
3bb0f989b5 OCSP Updates: error codes and multiple certificates
RT3877: Add X509 OCSP error codes and messages
Add additional OCSP error codes for X509 verify usage

RT3867: Support Multiple CA certs in ocsp app
Add the ability to read multiple CA certs from a single file in the
ocsp app.

Update some missing X509 errors in documentation.

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/941)
2017-04-12 14:41:10 -04:00
Richard Levitte
2da3f9687f Correct travis.yml to only build extended tests when explicitely asked to
The check for this was done by checking if $TRAVIS_EVENT_TYPE is
"pull_request".  The trouble is that when new data is pushed to an
already existing pull request, the event type is "push".

Better then to go with another documented variable, $TRAVIS_PULL_REQUEST,
which is "false" in non-PR builds.

Ref: https://docs.travis-ci.com/user/environment-variables/#Default-Environment-Variables

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3205)
2017-04-12 19:28:28 +02:00
Rob Percival
6a71e06d7a CT_POLICY_EVAL_CTX_set_time expects milliseconds, but given seconds
This resulted in the SCT timestamp check always failing, because the
timestamp appeared to be in the future.

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Andy Polyakov <appro@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3138)
2017-04-12 19:08:57 +02:00
Rob Percival
2094ea070a Add SSL tests for certificates with embedded SCTs
The only SSL tests prior to this tested using certificates with no
embedded Signed Certificate Timestamps (SCTs), which meant they couldn't
confirm whether Certificate Transparency checks in "strict" mode were
working.

These tests reveal a bug in the validation of SCT timestamps, which is
fixed by the next commit.

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Andy Polyakov <appro@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3138)
2017-04-12 19:08:57 +02:00
Rich Salz
f1e793cc97 Address review feedback (to be squashed)
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3189)
2017-04-12 11:20:48 -04:00
Rich Salz
e2a29ad6c5 Convert x509aux, cipherlist, casttest
To new test framework

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3189)
2017-04-12 10:01:26 -04:00
Richard Levitte
f75f007c35 OpenSSL::Test: supported filtered command output
95-test_external_boringssl.t had a specialised run() variant to prefix
the command output so it wouldn't disturb Test::Harness.  This
functionality if now moved to the run() command, using the added
option 'prefix' that can be set to the string to prefix the output
with.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3201)
2017-04-12 15:53:09 +02:00
Nicola Tuveri
e80a0f65d4 Remove more stale code in ecdhtest.c
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3187)
2017-04-12 15:04:17 +02:00
Nicola Tuveri
29cbf152ff ecdhtest.c: move KATs to evptests.txt
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3187)
2017-04-12 15:04:17 +02:00
Nicola Tuveri
5c64c1bfde Remove stale code in ecdhtest.c
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3187)
2017-04-12 15:04:17 +02:00
Nicola Tuveri
d663c2db56 ecdhtest.c: move NAMED CURVES TESTS to evptests.txt
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3187)
2017-04-12 15:04:17 +02:00
Pauli
c491a39986 Update destest to use the test infrastructure
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3173)
2017-04-12 15:02:44 +02:00
Richard Levitte
a743b817d2 test/testutil.c: Flush stdout when running tests
Because stdout is usually buffered and stderr isn't, error output
might get printed in one bunch and all the lines saying which test
failed all in one bunch, making it difficult to see exactly what error
output belongs to what test.  Flushing stdout makes sure the runner
output is displayed together with the corresponding error output.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3198)
2017-04-12 15:00:51 +02:00
Pauli
4833caed46 Remove fprintfs from the poly1305 internal test but keep the test number
information.

The framework will display the non-matching memory.

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3156)
2017-04-12 13:37:12 +02:00
Pauli
ee25dd45cb Update threadstest to use the test framework
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3196)
2017-04-12 13:01:12 +02:00
Pauli
bea4ac2b2e Update the internal chacha test to use the framework
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3195)
2017-04-12 11:51:34 +01:00
Richard Levitte
c983bc4fb2 Add tests of custom negative 1
Reviewed-by: Andy Polyakov <appro@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3174)
2017-04-12 12:30:38 +02:00
Richard Levitte
9fea3a51e5 Fix definition of i2d_fn in asn1_encode_test.c
Reviewed-by: Andy Polyakov <appro@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3174)
2017-04-12 12:30:38 +02:00