letrhee-nsr [Tue, 18 Apr 2017 10:39:46 +0000 (19:39 +0900)]
Add ARIA 32-bit implementation
Modified code from http://seed.kisa.or.kr to human readable code.
Previous 8-bit code is available with -DOPENSSL_SMALL_FOOTPRINT.
New code is >2x faster.
Reviewed-by: Andy Polyakov <appro@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3242)
Adam Langley [Thu, 20 Apr 2017 16:20:50 +0000 (09:20 -0700)]
Small primes are primes too.
Previously, BN_is_prime_fasttest_ex, when doing trial-division, would
check whether the candidate is a multiple of a number of small primes
and, if so, reject it. However, three is a multiple of three yet is
still a prime number.
This change accepts small primes as prime when doing trial-division.
Reviewed-by: Kurt Roeckx <kurt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3264)
Rich Salz [Thu, 20 Apr 2017 19:33:42 +0000 (15:33 -0400)]
Ignore dups in X509_STORE_add_*
X509_STORE_add_cert and X509_STORE_add_crl are changed to return
success if the object to be added was already found in the store, rather
than returning an error.
Raise errors if empty or malformed files are read when loading certificates
and CRLs.
Remove NULL checks and allow a segv to occur.
Add error handing for all calls to X509_STORE_add_c{ert|tl}
Refactor these two routines into one.
Bring the unit test for duplicate certificates up to date using the test
framework.
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2830)
Marek Klein [Thu, 21 Jan 2016 18:43:57 +0000 (18:43 +0000)]
explicitText encoding
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/576)
Rich Salz [Thu, 20 Apr 2017 18:00:52 +0000 (14:00 -0400)]
Convert hmactest to new test framework
Updated after code review, and fix indenting
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3175)
Rich Salz [Thu, 20 Apr 2017 17:03:11 +0000 (13:03 -0400)]
fix dh_test.
The issues were introduced by commit
93d0298.
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3263)
Richard Levitte [Thu, 20 Apr 2017 11:30:08 +0000 (13:30 +0200)]
Fix test/recipes/95-test_external_krb5.t
"skip() needs to know $how_many tests are in the block"
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3261)
Richard Levitte [Thu, 20 Apr 2017 09:16:40 +0000 (11:16 +0200)]
VMS: remove name mangling guards around inclusion of internals
Note that these guards are still needed around local header files that
declare linkable symbols.
Reviewed-by: Andy Polyakov <appro@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3259)
Richard Levitte [Thu, 20 Apr 2017 08:14:03 +0000 (10:14 +0200)]
VMS: Copy DECC inclusion epi- and prologues to internals
Because many of our test programs use internal headers, we need to make
sure they know how, exactly, to mangle the symbols. So far, we've done
so by specifying it in the affected test programs, but as things change,
that will develop into a goose chase. Better then to declare once and
for all how symbols belonging in our libraries are meant to be treated,
internally as well as publically.
Reviewed-by: Andy Polyakov <appro@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3259)
Jon Spillett [Wed, 19 Apr 2017 06:21:29 +0000 (16:21 +1000)]
Change 64-bit time type for windows
Reviewed-by: Andy Polyakov <appro@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3248)
Todd Short [Thu, 13 Apr 2017 14:20:04 +0000 (10:20 -0400)]
Fix minor compiler issues.
Reviewed-by: Andy Polyakov <appro@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3220)
Rich Salz [Wed, 19 Apr 2017 16:38:27 +0000 (12:38 -0400)]
Document Next Protocol Negotiation APIs
Add callback function prototypes, fix description
Reviewed-by: Kurt Roeckx <kurt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3084)
Rich Salz [Thu, 13 Apr 2017 00:25:53 +0000 (20:25 -0400)]
Convert dhtest, dsatest, cipherbytes_test
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3209)
Richard Levitte [Tue, 18 Apr 2017 21:30:57 +0000 (23:30 +0200)]
VMS: Fix internals test programs
The internals test programs access header files that aren't guarded by
the public __DECC_INCLUDE_PROLOGUE.H and __DECC_INCLUDE_EPILOGUE.H files,
and therefore have no idea what the naming convention is. Therefore, we
need to specify that explicitely in the internals test programs, since
they aren't built with the same naming convention as the library they
belong with.
Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3247)
Richard Levitte [Tue, 18 Apr 2017 20:50:10 +0000 (22:50 +0200)]
VMS: Fix the passing of cflags for things not being installed
When building object files for libraries, information whether the
library would be installed or not wasn't passed down to the object
file building rules.
Also, make it so settings like |no_inst_lib_cflags| can be the empty
string.
Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3247)
Rich Salz [Tue, 18 Apr 2017 20:33:15 +0000 (16:33 -0400)]
Convert more tests
ct_test,evp_extra_test,wpackettest,packettest
Add strncmp TEST wrappers
And make some style/consistency fixes to ct_test
Silence travis; gcc bug?
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3234)
Rich Salz [Mon, 17 Apr 2017 17:54:45 +0000 (13:54 -0400)]
Update more tests
modes_internal_test, sslcorrupttest, v3nametest
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3238)
Rich Salz [Tue, 18 Apr 2017 18:50:00 +0000 (14:50 -0400)]
Convert more tests to framework
randtest, cipher_overhead_test, bioprintest, constant_time_test
Move test_bioprint to 04 group
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3228)
Rich Salz [Tue, 18 Apr 2017 18:34:43 +0000 (14:34 -0400)]
Convert more tests
recordlentest, srptest, ecdsatest, enginetest, pbelutest
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3237)
Robbie Harwood [Wed, 5 Apr 2017 16:54:41 +0000 (12:54 -0400)]
[extended tests] Enable krb5 tests in Travis
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2022)
Robbie Harwood [Wed, 5 Apr 2017 16:50:07 +0000 (12:50 -0400)]
Fix formatting of PYCA external test instructions
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2022)
Robbie Harwood [Wed, 5 Apr 2017 16:49:27 +0000 (12:49 -0400)]
Update external test README for running krb5
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2022)
Robbie Harwood [Wed, 5 Apr 2017 16:40:22 +0000 (12:40 -0400)]
Add external krb5 test support
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2022)
Thiago Arrais [Wed, 5 Apr 2017 15:10:26 +0000 (15:10 +0000)]
update docs because depth refers only to intermediate certs
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3132)
Andy Polyakov [Sat, 15 Apr 2017 13:53:50 +0000 (15:53 +0200)]
asn1/a_int.c: clean up asn1_get_int64.
Trouble was that integer negation wasn't producing *formally* correct
result in platform-neutral sense. Formally correct thing to do is
-(int64_t)u, but this triggers undefined behaviour for one value that
would still be representable in ASN.1. The trigger was masked with
(int64_t)(0-u), but this is formally inappropriate for values other
than the problematic one. [Also reorder branches to favour most-likely
paths and harmonize asn1_string_set_int64 with asn1_get_int64].]
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3231)
Rich Salz [Sun, 16 Apr 2017 13:17:39 +0000 (09:17 -0400)]
[squash]Build works with/out NO_ENGINE and NO_AFALG
Reviewed-by: Andy Polyakov <appro@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3229)
Rich Salz [Sat, 15 Apr 2017 00:32:20 +0000 (20:32 -0400)]
Convert afalgtest
Reviewed-by: Andy Polyakov <appro@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3229)
Rich Salz [Mon, 17 Apr 2017 01:46:31 +0000 (21:46 -0400)]
Catch EC_R_UNKNOWN_GROUP in check_unsupported()
If EC support is enabled we should catch also EC_R_UNKNOWN_GROUP as an hint to
an unsupported algorithm/curve (e.g. if binary EC support is disabled).
Before this commit the issue arise for example if binary EC keys are added in
evptests.txt, and the test is run when EC is enabled but EC2m is disabled.
E.g. adding these lines to evptests.txt would reproduce the issue:
~~~
PrivateKey=KAS-ECC-CDH_K-163_C0
-----BEGIN PRIVATE KEY-----
MGMCAQAwEAYHKoZIzj0CAQYFK4EEAAEETDBKAgEBBBUAZlO2B3OY+tx79eYBWBcB
SMPcRSehLgMsAAQHH4sod9YCfZwa3kJE8t6hJpLvI9UFwV7ndiIccrhLNHzjg/OA
Z7icPpo=
-----END PRIVATE KEY-----
PublicKey=KAS-ECC-CDH_K-163_C0-PUBLIC
-----BEGIN PUBLIC KEY-----
MEAwEAYHKoZIzj0CAQYFK4EEAAEDLAAEBx+LKHfWAn2cGt5CRPLeoSaS7yPVBcFe
53YiHHK4SzR844PzgGe4nD6a
-----END PUBLIC KEY-----
PublicKey=KAS-ECC-CDH_K-163_C0-Peer-PUBLIC
-----BEGIN PUBLIC KEY-----
MEAwEAYHKoZIzj0CAQYFK4EEAAEDLAAEBXQjbxQoxDITCUZ4Ols6q7bCfqXWB5CM
JRuNoCHLrCgfEj969PrFs9u4
-----END PUBLIC KEY-----
Derive=KAS-ECC-CDH_K-163_C0
PeerKey=KAS-ECC-CDH_K-163_C0-Peer-PUBLIC
Ctrl=ecdh_cofactor_mode:1
SharedSecret=
04325bff38f1b0c83c27f554a6c972a80f14bc23bc
~~~
Reviewed-by: Andy Polyakov <appro@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3226)
Kurt Roeckx [Mon, 13 Mar 2017 21:43:36 +0000 (22:43 +0100)]
Optionally check for early data
This adds a way to use the last byte of the buffer to change the
behavior of the server. The last byte is used so that the existing
corpus can be reused either without changing it, or just adding a single
byte, and that it can still be used by other projects.
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Andy Polyakov <appro@openssl.org>
GH: #2683
Kurt Roeckx [Sun, 19 Feb 2017 15:59:25 +0000 (16:59 +0100)]
Use a fixed time when fuzzing.
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Andy Polyakov <appro@openssl.org>
GH: #2683
Kurt Roeckx [Sun, 19 Feb 2017 16:09:45 +0000 (17:09 +0100)]
Document how to update the corpus.
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Andy Polyakov <appro@openssl.org>
GH: #2683
Kurt Roeckx [Sun, 19 Feb 2017 16:04:11 +0000 (17:04 +0100)]
Make x509 and asn1 fuzzer reproducible
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Andy Polyakov <appro@openssl.org>
GH: #2683
Kurt Roeckx [Sun, 19 Feb 2017 16:05:00 +0000 (17:05 +0100)]
Switch libfuzzer to use trace-pc-guard
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Andy Polyakov <appro@openssl.org>
GH: #2683
Rich Salz [Sat, 15 Apr 2017 01:20:54 +0000 (21:20 -0400)]
Add -f -r flags to find-unused-errs
Reviewed-by: Andy Polyakov <appro@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3230)
Nicola Tuveri [Thu, 13 Apr 2017 17:56:19 +0000 (20:56 +0300)]
Reformat evptests.txt
When compiling without EC support the test fails abruptly reading some keys.
Some keys merged in commit
db04055 start with
------BEGIN EC PRIVATE KEY-----
this format is not supported without EC support.
This commit reformat those keys with the generic format. After this change the
test simply skips the unsupported EC keys when EC is disabled, without parsing
errors.
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Andy Polyakov <appro@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3223)
Nicola Tuveri [Thu, 13 Apr 2017 13:09:21 +0000 (16:09 +0300)]
Remove ecdhtest.c
All tests from ecdhtest.c have been ported to evptests.txt
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3219)
Nicola Tuveri [Thu, 13 Apr 2017 12:54:06 +0000 (15:54 +0300)]
ecdhtest.c: move co-factor ECDH KATs to evptests
move NIST SP800-56A co-factor ECDH KATs from ecdhtest.c to evptests.txt
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3219)
Rich Salz [Wed, 12 Apr 2017 03:12:04 +0000 (23:12 -0400)]
WIP: Convert ui,v3ext,verify_extra_test
verify_extra_test still failing :(
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3194)
Todd Short [Wed, 12 Apr 2017 20:32:38 +0000 (16:32 -0400)]
Fix unit tests when no-bf configured
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3206)
Andy Polyakov [Tue, 11 Apr 2017 22:05:26 +0000 (00:05 +0200)]
asn1/a_int.c: don't write result if returning error.
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3192)
Andy Polyakov [Tue, 11 Apr 2017 22:03:35 +0000 (00:03 +0200)]
asn1/a_int.c: simplify asn1_put_uint64.
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3192)
Andy Polyakov [Tue, 11 Apr 2017 21:15:55 +0000 (23:15 +0200)]
asn1/a_int.c: remove code duplicate and optimize branches,
i.e. reduce amount of branches and favour likely ones.
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3192)
Andy Polyakov [Wed, 12 Apr 2017 20:51:30 +0000 (22:51 +0200)]
testlib/OpenSSL/Test.pm: keep default input private.
If $_ is not private, it can wipe caller's one, which proved to be
problematic...
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
Pauli [Wed, 12 Apr 2017 22:51:28 +0000 (08:51 +1000)]
Guarantee single argument evaluation for test macros.
Add test case that checks some of them.
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3208)
Pauli [Thu, 13 Apr 2017 04:40:15 +0000 (14:40 +1000)]
Update the internal siphash tests to use the framework's output.
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3212)
Pauli [Thu, 13 Apr 2017 01:40:35 +0000 (11:40 +1000)]
Split the CAST tests up.
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3211)
Richard Levitte [Wed, 12 Apr 2017 09:52:52 +0000 (11:52 +0200)]
ASN.1: adapt our use of INTxx et al by making them explicitely embedded
Fixes #3191
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3199)
Richard Levitte [Wed, 12 Apr 2017 09:50:48 +0000 (11:50 +0200)]
ASN.1: change INTxx, UINTxx and Z variants to be embedable
Fixes #3191
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3199)
Richard Levitte [Wed, 12 Apr 2017 09:48:12 +0000 (11:48 +0200)]
ASN.1: extend the possibilities to embed data instead of pointers
Also, when "allocating" or "deallocating" an embedded item, never call
prim_new() or prim_free(). Call prim_clear() instead.
Fixes #3191
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3199)
Richard Levitte [Tue, 11 Apr 2017 21:46:44 +0000 (23:46 +0200)]
Test printing of ASN.1 types INTxx et al
[extended tests]
Reviewed-by: Andy Polyakov <appro@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3190)
Todd Short [Tue, 31 Mar 2015 21:06:21 +0000 (17:06 -0400)]
OCSP Updates: error codes and multiple certificates
RT3877: Add X509 OCSP error codes and messages
Add additional OCSP error codes for X509 verify usage
RT3867: Support Multiple CA certs in ocsp app
Add the ability to read multiple CA certs from a single file in the
ocsp app.
Update some missing X509 errors in documentation.
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/941)
Richard Levitte [Wed, 12 Apr 2017 16:57:02 +0000 (18:57 +0200)]
Correct travis.yml to only build extended tests when explicitely asked to
The check for this was done by checking if $TRAVIS_EVENT_TYPE is
"pull_request". The trouble is that when new data is pushed to an
already existing pull request, the event type is "push".
Better then to go with another documented variable, $TRAVIS_PULL_REQUEST,
which is "false" in non-PR builds.
Ref: https://docs.travis-ci.com/user/environment-variables/#Default-Environment-Variables
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3205)
Rob Percival [Tue, 4 Apr 2017 22:24:28 +0000 (23:24 +0100)]
CT_POLICY_EVAL_CTX_set_time expects milliseconds, but given seconds
This resulted in the SCT timestamp check always failing, because the
timestamp appeared to be in the future.
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Andy Polyakov <appro@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3138)
Rob Percival [Thu, 6 Apr 2017 12:21:27 +0000 (13:21 +0100)]
Add SSL tests for certificates with embedded SCTs
The only SSL tests prior to this tested using certificates with no
embedded Signed Certificate Timestamps (SCTs), which meant they couldn't
confirm whether Certificate Transparency checks in "strict" mode were
working.
These tests reveal a bug in the validation of SCT timestamps, which is
fixed by the next commit.
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Andy Polyakov <appro@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3138)
Rich Salz [Wed, 12 Apr 2017 13:27:33 +0000 (09:27 -0400)]
Address review feedback (to be squashed)
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3189)
Rich Salz [Tue, 11 Apr 2017 20:16:33 +0000 (16:16 -0400)]
Convert x509aux, cipherlist, casttest
To new test framework
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3189)
Richard Levitte [Wed, 12 Apr 2017 13:53:09 +0000 (15:53 +0200)]
OpenSSL::Test: supported filtered command output
95-test_external_boringssl.t had a specialised run() variant to prefix
the command output so it wouldn't disturb Test::Harness. This
functionality if now moved to the run() command, using the added
option 'prefix' that can be set to the string to prefix the output
with.
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3201)
Nicola Tuveri [Wed, 12 Apr 2017 03:36:50 +0000 (06:36 +0300)]
Remove more stale code in ecdhtest.c
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3187)
Nicola Tuveri [Tue, 11 Apr 2017 16:46:13 +0000 (19:46 +0300)]
ecdhtest.c: move KATs to evptests.txt
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3187)
Nicola Tuveri [Tue, 11 Apr 2017 16:36:06 +0000 (19:36 +0300)]
Remove stale code in ecdhtest.c
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3187)
Nicola Tuveri [Tue, 11 Apr 2017 16:22:13 +0000 (19:22 +0300)]
ecdhtest.c: move NAMED CURVES TESTS to evptests.txt
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3187)
Pauli [Mon, 10 Apr 2017 03:36:59 +0000 (13:36 +1000)]
Update destest to use the test infrastructure
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3173)
Richard Levitte [Wed, 12 Apr 2017 06:55:34 +0000 (08:55 +0200)]
test/testutil.c: Flush stdout when running tests
Because stdout is usually buffered and stderr isn't, error output
might get printed in one bunch and all the lines saying which test
failed all in one bunch, making it difficult to see exactly what error
output belongs to what test. Flushing stdout makes sure the runner
output is displayed together with the corresponding error output.
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3198)
Pauli [Mon, 10 Apr 2017 03:38:24 +0000 (13:38 +1000)]
Remove fprintfs from the poly1305 internal test but keep the test number
information.
The framework will display the non-matching memory.
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3156)
Pauli [Wed, 12 Apr 2017 04:24:21 +0000 (14:24 +1000)]
Update threadstest to use the test framework
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3196)
Pauli [Wed, 12 Apr 2017 03:45:02 +0000 (13:45 +1000)]
Update the internal chacha test to use the framework
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3195)
Richard Levitte [Mon, 10 Apr 2017 23:38:00 +0000 (01:38 +0200)]
Add tests of custom negative 1
Reviewed-by: Andy Polyakov <appro@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3174)
Richard Levitte [Mon, 10 Apr 2017 23:37:28 +0000 (01:37 +0200)]
Fix definition of i2d_fn in asn1_encode_test.c
Reviewed-by: Andy Polyakov <appro@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3174)
Richard Levitte [Mon, 10 Apr 2017 23:33:50 +0000 (01:33 +0200)]
In asn1_encode_test.c, add custom DER encoding checks
We're already checking that custom DER decodes to expected values (or
fails to do so), but we didn't check if values encode back to expected
DER.
Reviewed-by: Andy Polyakov <appro@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3174)
Pauli [Tue, 11 Apr 2017 02:47:00 +0000 (12:47 +1000)]
Update sanitytest to use the test infrastructure
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3176)
Pauli [Mon, 10 Apr 2017 04:21:44 +0000 (14:21 +1000)]
Update ideatest to use the test infrastructure
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3172)
Pauli [Mon, 10 Apr 2017 04:05:41 +0000 (14:05 +1000)]
Update gmdifftime to use the test infrastructure
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3171)
Pauli [Mon, 10 Apr 2017 00:05:55 +0000 (10:05 +1000)]
Update secmemtest and memeleaktest to use the test infrastructure.
It isn't easy to use the test framework since it turns memory debugging
on as well and the CRYPTO_mem_leaks_fp function cannot be called twice.
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3169)
Pauli [Sun, 9 Apr 2017 21:44:08 +0000 (07:44 +1000)]
Update d2i_test to use the test infrastructure
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3166)
Jon Spillett [Wed, 12 Apr 2017 01:56:45 +0000 (11:56 +1000)]
Remove unused variable. Thanks @pauli-oracle
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3177)
Jon Spillett [Wed, 12 Apr 2017 01:03:29 +0000 (11:03 +1000)]
Code review. Split tests up
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3177)
Jon Spillett [Tue, 11 Apr 2017 04:31:28 +0000 (14:31 +1000)]
Convert blowfish tests to new framework
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3177)
Jon Spillett [Wed, 12 Apr 2017 04:43:02 +0000 (14:43 +1000)]
Remove seed completely...
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3179)
Jon Spillett [Tue, 11 Apr 2017 23:45:54 +0000 (09:45 +1000)]
Updates after code review
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3179)
Jon Spillett [Tue, 11 Apr 2017 06:42:20 +0000 (16:42 +1000)]
Convert RSA tests to new framework
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3179)
Pauli [Fri, 7 Apr 2017 03:11:57 +0000 (13:11 +1000)]
Update rc4test to use the test infrastructure
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3162)
Pauli [Fri, 7 Apr 2017 03:27:35 +0000 (13:27 +1000)]
Update rc5test to use the test infrastructure
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3163)
Pauli [Fri, 7 Apr 2017 03:49:26 +0000 (13:49 +1000)]
Update mdc2test to use the test infrastructure
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3164)
Pauli [Sun, 9 Apr 2017 22:20:10 +0000 (08:20 +1000)]
Update sha1test to use the test infrastructure
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3167)
Pauli [Sun, 9 Apr 2017 23:14:49 +0000 (09:14 +1000)]
Update sha256t and sha512t to use the test infrastructure
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3168)
Jon Spillett [Wed, 12 Apr 2017 01:40:48 +0000 (11:40 +1000)]
Convert exdata tests to new test framework
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3193)
Frank Morgner [Mon, 10 Apr 2017 12:15:09 +0000 (14:15 +0200)]
Added error checking for OBJ_create
fixes segmentation fault in case of not enough memory for object creation
CLA: trivial
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3157)
Matt Caswell [Tue, 11 Apr 2017 16:36:01 +0000 (17:36 +0100)]
Convert clienthellotest for the new test framework
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3186)
Matt Caswell [Tue, 11 Apr 2017 14:23:07 +0000 (15:23 +0100)]
Convert asynciotest for the new test framework
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3182)
Matt Caswell [Tue, 11 Apr 2017 15:26:13 +0000 (16:26 +0100)]
Convert bad_dtls_test for the new test framework
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3184)
Richard Levitte [Mon, 10 Apr 2017 20:01:05 +0000 (22:01 +0200)]
Fix x_int64.c
Clearing a misunderstanding. The routines c2i_uint64_int() and
i2c_uint64_int() expect to receive that internal values are absolute
and with a separate sign flag, and the x_int64.c code handles values
that aren't absolute and have the sign bit embedded. We therefore
need to convert between absolute and non-absolute values for the
encoding of negative values to be correct.
[extended tests]
Reviewed-by: Andy Polyakov <appro@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3160)
Richard Levitte [Mon, 10 Apr 2017 19:50:25 +0000 (21:50 +0200)]
Fix int64 test of t_4bytes_4_neg
{ 0x80, 0x00, 0x00, 0x00 } decoded isn't (positive) 0x80000000,
it's (negative) INT32_MIN.
Reviewed-by: Andy Polyakov <appro@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3160)
Todd Short [Tue, 11 Apr 2017 13:02:05 +0000 (09:02 -0400)]
Remove ECDH(E) ciphers from SSLv3
SSLv3 does not support TLS extensions, and thus, cannot provide any
curves for ECDH(E). With the removal of the default (all) list of curves
being used for connections that didn't provide any curves, ECDHE is no
longer possible.
Reviewed-by: Kurt Roeckx <kurt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3181)
Rich Salz [Tue, 11 Apr 2017 15:59:59 +0000 (11:59 -0400)]
Additional check to handle BAD SSL_write retry
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3124)
Matt Caswell [Mon, 10 Apr 2017 16:33:29 +0000 (17:33 +0100)]
Reject decoding of an INT64 with a value >INT64_MAX
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Andy Polyakov <appro@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3159)
Pauli [Mon, 10 Apr 2017 03:45:01 +0000 (13:45 +1000)]
Update dtlstest to use the test infrastructure
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3170)
Pauli [Fri, 7 Apr 2017 04:09:53 +0000 (14:09 +1000)]
Update md2test to use the test infrastructure
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3165)
Pauli [Fri, 7 Apr 2017 03:54:09 +0000 (13:54 +1000)]
Update rc2test to use the test infrastructure
Reviewed-by: Kurt Roeckx <kurt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3161)
Pauli [Sun, 9 Apr 2017 21:13:59 +0000 (07:13 +1000)]
Make test marcos for true/false checks reliable for all integral types.
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3154)
Benjamin Kaduk [Tue, 7 Feb 2017 22:23:16 +0000 (16:23 -0600)]
Allow an ALPN callback to pretend to not exist
RFC 7301 mandates that the server SHALL respond with a fatal
"no_application_protocol" alert when there is no overlap between
the client's supplied list and the server's list of supported protocols.
In commit
062178678f5374b09f00d70796f6e692e8775aca we changed from
ignoring non-success returns from the supplied alpn_select_cb() to
treating such non-success returns as indicative of non-overlap and
sending the fatal alert.
In effect, this is using the presence of an alpn_select_cb() as a proxy
to attempt to determine whether the application has configured a list
of supported protocols. However, there may be cases in which an
application's architecture leads it to supply an alpn_select_cb() but
have that callback be configured to take no action on connections that
do not have ALPN configured; returning SSL_TLSEXT_ERR_NOACK from
the callback would be the natural way to do so. Unfortunately, the
aforementioned behavior change also treated SSL_TLSEXT_ERR_NOACK as
indicative of no overlap and terminated the connection; this change
supplies special handling for SSL_TLSEXT_ERR_NOACK returns from the
callback. In effect, it provides a way for a callback to obtain the
behavior that would have occurred if no callback was registered at
all, which was not possible prior to this change.
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2570)