It seems that Test::More doesn't like 0 tests, a line like this raises
an error and stops the recipe entirely:
plan tests => 0;
So we need to check for 0 tests beforehand and skip the subtest
explicitely in that case.
Reviewed-by: Rich Salz <rsalz@openssl.org>
$EXE_SHELL should only be used with out own programs, not with
surrounding programs such as the perl interpreter.
Reviewed-by: Matt Caswell <matt@openssl.org>
This was done by the following
find . -name '*.[ch]' | /tmp/pl
where /tmp/pl is the following three-line script:
print unless $. == 1 && m@/\* .*\.[ch] \*/@;
close ARGV if eof; # Close file to reset $.
And then some hand-editing of other files.
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
Missing SKIP: block in SSL unit tests for DTLS and TLS version tests.
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
Since we're building some of our perl scripts and the result might not
end up in apps/ (*), we may need to treat them like the compile
programs we use for testing.
This introduces perlapp() and perltest(), which behave like app() and
test(), but will add the perl executable in the command line.
-----
(*) For example, with a mk1mf build, the result will end up in $(BIN_D)
Reviewed-by: Matt Caswell <matt@openssl.org>
Enhances the routines in OpenSSL::Test::Utils for checking disabled
stuff to get their information directly from Configure instead of
'openssl list -disabled'.
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
It is sometimes useful (especially in automated tests) to supply
multiple trusted or untrusted certificates via separate files rather
than have to prepare a single file containing them all.
To that end, change verify(1) to accept these options zero or more
times. Also automatically set -no-CAfile and -no-CApath when
-trusted is specified.
Improve verify(1) documentation, which could still use some work.
Reviewed-by: Richard Levitte <levitte@openssl.org>
These can be re-generated via:
cd test/certs; ./setup.sh
if need be. The keys are all RSA 2048-bit keys, but it is possible
to change that via environment variables.
cd test/certs
rm -f *-key.pem *-key2.pem
OPENSSL_KEYALG=rsa OPENSSL_KEYBITS=3072 ./setup.sh
cd test/certs
rm -f *-key.pem *-key2.pem
OPENSSL_KEYALG=ecdsa OPENSSL_KEYBITS=secp384r1 ./setup.sh
...
Keys are re-used if already present, so the environment variables
are only used when generating any keys that are missing. Hence
the "rm -f"
Reviewed-by: Richard Levitte <levitte@openssl.org>
The GOST engine is now out of date and is removed by this commit. An up
to date GOST engine is now being maintained in an external repository.
See:
https://wiki.openssl.org/index.php/Binaries
Reviewed-by: Richard Levitte <levitte@openssl.org>
Some users want to disable SSL 3.0/TLS 1.0/TLS 1.1, and enable just
TLS 1.2. In the future they might want to disable TLS 1.2 and
enable just TLS 1.3, ...
This commit makes it possible to disable any or all of the TLS or
DTLS protocols. It also considerably simplifies the SSL/TLS tests,
by auto-generating the min/max version tests based on the set of
supported protocols (425 explicitly written out tests got replaced
by two loops that generate all 425 tests if all protocols are
enabled, fewer otherwise).
Reviewed-by: Richard Levitte <levitte@openssl.org>
Remove lint, tags, dclean, tests.
This is prep for a new makedepend scheme.
This is temporary pending unified makefile, and might help it.
Reviewed-by: Richard Levitte <levitte@openssl.org>
- bugfix: should not treat '--' as invalid domain substring.
- '-' should not be the first letter of a domain
Signed-off-by: Viktor Dukhovni <viktor@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
On some platforms, the shell will determine what attributes a file
will have, so while the program might think it's safely outputting
binary data, it's not always true.
For the sake of the tests, it's therefore safer to use -out than to
use redirection.
Reviewed-by: Rich Salz <rsalz@openssl.org>
On VMS, the command MCR will assume SYS$SYSTEM: when the first
argument lacks a directory spec. So for programs in the current
directory, we add [] to tell MCR it is in the current directory.
It's the same as having ./ at the start of a program on Unix so the
shell doesn't start looking along $PATH.
Reviewed-by: Rich Salz <rsalz@openssl.org>
This used to work but somewhere along the line it broke and was failing to
detect duplicate ordinals - which was the whole point of the test!
Reviewed-by: Rich Salz <rsalz@openssl.org>
This test relies on a private function, which isn't exported.
This test would work better as a unit test in crypto/bn/bn_prime.c.
Reviewed-by: Rich Salz <rsalz@openssl.org>
VMS being a record oriented operating system, it's uncertain how the
'pipe' passes binary data from one process to another. Experience
shows that we get in trouble, and it's probably due to the pipe in
itself being opened in text mode (variable length records).
It's safer to pass data via an intermediary file instead.
Reviewed-by: Rich Salz <rsalz@openssl.org>
VMS uses a variant of openssl.cnf named openssl-vms.cnf.
There's a Perl on VMS mystery where a open pipe will not SIGPIPE when
the child process exits, which means that a loop sending "y\n" to it
will never stop. Adding a counter helps fix this (set to 10, we know
that none of the CA.pl commands will require more).
Reviewed-by: Rich Salz <rsalz@openssl.org>
Create Makefile's from Makefile.in
Rename Makefile.org to Makefile.in
Rename Makefiles to Makefile.in
Address review feedback from Viktor and Richard
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
Since danetest is to test DANE rather than specific algorithms, it's
acceptable to require EC when testing it.
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
Only two macros CRYPTO_MDEBUG and CRYPTO_MDEBUG_ABORT to control this.
If CRYPTO_MDEBUG is not set, #ifdef out the whole debug machinery.
(Thanks to Jakob Bohm for the suggestion!)
Make the "change wrapper functions" be the only paradigm.
Wrote documentation!
Format the 'set func' functions so their paramlists are legible.
Format some multi-line comments.
Remove ability to get/set the "memory debug" functions at runtme.
Remove MemCheck_* and CRYPTO_malloc_debug_init macros.
Add CRYPTO_mem_debug(int flag) function.
Add test/memleaktest.
Rename CRYPTO_malloc_init to OPENSSL_malloc_init; remove needless calls.
Reviewed-by: Richard Levitte <levitte@openssl.org>
If the client sends a status_request extension in the ClientHello
and the server responds with a status_request extension in the
ServerHello then normally the server will also later send a
CertificateStatus message. However this message is *optional* even
if the extensions were sent. This adds a test to ensure that if
the extensions are sent then we can still omit the message.
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
Add macro ossl_inline for use in public headers where a portable inline
is required. Change existing inline to use ossl_inline
Reviewed-by: Kurt Roeckx <kurt@openssl.org>
Some URLs in the source code ended up getting mangled by indent. This fixes
it. Based on a patch supplied by Arnaud Lacombe <al@aerilon.ca>
Reviewed-by: Richard Levitte <levitte@openssl.org>
Rename BUF_{strdup,strlcat,strlcpy,memdup,strndup,strnlen}
to OPENSSL_{strdup,strlcat,strlcpy,memdup,strndup,strnlen}
Add #define's for the old names.
Add CRYPTO_{memdup,strndup}, called by OPENSSL_{memdup,strndup} macros.
Reviewed-by: Tim Hudson <tjh@openssl.org>
On Linux when creating the .so file we were exporting all symbols. We should
only be exporting public symbols. This commit fixes the issue. It is only
applicable to linux currently although the same technique may work for other
platforms (e.g. Solaris should work the same way).
This also adds symbol version information to our exported symbols.
Reviewed-by: Richard Levitte <levitte@openssl.org>
Commit 2b0180c37f attempted to do this but
only hit one of many BN_mod_exp codepaths. Fix remaining variants and add
a test for each method.
Thanks to Hanno Boeck for reporting this issue.
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
This change required some special treatment, as HMAC is intertwined
with EVP_MD. For now, all local HMAC_CTX variables MUST be
initialised with HMAC_CTX_EMPTY, or whatever happens to be on the
stack will be mistaken for actual pointers to EVP_MD_CTX. This will
change as soon as HMAC_CTX becomes opaque.
Also, since HMAC_CTX_init() can fail now, its return type changes from
void to int, and it will return 0 on failure, 1 on success.
Reviewed-by: Rich Salz <rsalz@openssl.org>
SSL_{CTX}_set_tmp_ecdh() allows to set 1 EC curve and then tries to use it. On
the other hand SSL_{CTX_}set1_curves() allows you to set a list of curves, but
only when SSL_{CTX_}set_ecdh_auto() was called to turn it on.
Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
Remove sign/verify and required_pkey_type fields of EVP_MD: these are a
legacy from when digests were linked to public key types. All signing is
now handled by the corresponding EVP_PKEY_METHOD.
Only allow supported digest types in RSA EVP_PKEY_METHOD: other algorithms
already block unsupported types.
Remove now obsolete EVP_dss1() and EVP_ecdsa().
Reviewed-by: Richard Levitte <levitte@openssl.org>
The feature_test_macros(7) manual tells us that _BSD_SOURCE is
deprecated since glibc 2.20 and that the compiler will warn about it
being used, unless _DEFAULT_SOURCE is defined as well.
Reviewed-by: Rich Salz <rsalz@openssl.org>
Add CRYPTO_free_ex_index (for shared libraries)
Unify and complete the documentation for all "ex_data" API's and objects.
Replace xxx_get_ex_new_index functions with a macro.
Added an exdata test.
Renamed the ex_data internal datatypes.
Reviewed-by: Matt Caswell <matt@openssl.org>
In theory the pthreads approach for Thread Local Storage should be more
portable.
This also changes some APIs in order to accommodate this change. In
particular ASYNC_init_pool is renamed ASYNC_init_thread and
ASYNC_free_pool is renamed ASYNC_cleanup_thread. Also introduced ASYNC_init
and ASYNC_cleanup.
Reviewed-by: Rich Salz <rsalz@openssl.org>
We were using _pipe to create a pipe on windows. This uses the "int" type
for its file descriptor for compatibility. However most windows functions
expect to use a "HANDLE". Probably we could get away with just casting but
it seems more robust to use the proper type and main stream windows
functions.
Reviewed-by: Rich Salz <rsalz@openssl.org>
There are potential deadlock situations that can occur if code executing
within the context of a job aquires a lock, and then pauses the job. This
adds an ability to temporarily block pauses from occuring whilst performing
work and holding a lock.
Reviewed-by: Rich Salz <rsalz@openssl.org>
The ASYNC null implementation has not kept pace with the rest of the async
development and so was failing to compile.
Reviewed-by: Rich Salz <rsalz@openssl.org>
The following entry points have been made async aware:
SSL_accept
SSL_read
SSL_write
Also added is a new mode - SSL_MODE_ASYNC. Calling the above functions with
the async mode enabled will initiate a new async job. If an async pause is
encountered whilst executing the job (such as for example if using SHA1/RSA
with the Dummy Async engine), then the above functions return with
SSL_WANT_ASYNC. Calling the functions again (with exactly the same args
as per non-blocking IO), will resume the job where it left off.
Reviewed-by: Rich Salz <rsalz@openssl.org>
Pull out the state machine into a separate sub directory. Also moved some
functions which were nothing to do with the state machine but were in state
machine files. Pulled all the SSL_METHOD definitions into one place...most
of those files had very little left in them any more.
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
Note that this commit constifies a user callback parameter and therefore
will break compilation for applications using this callback. But unless
they are abusing write access to the buffer, the fix is trivial.
Reviewed-by: Andy Polyakov <appro@openssl.org>
-Allow mingw debug builds to fail on Travis CI
-Fix Travis email notifications config
-Rename a variable to avoid a bogus warning with old GCC
error: declaration of ``dup'' shadows a global declaration [-Werror=shadow]
-Disable pedantic ms-format warnings with mingw
-Properly define const DH parameters
-Restore --debug flag in Travis CI builds; -d would get incorrectly passed
to ./Configure in mingw debug builds.
Signed-off-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Move all packet parsing to the beginning of the method. This limits the
SSLv2 compatibility soup to the parsing, and makes the rest of the
processing uniform.
This is also needed for simpler EMS support: EMS servers need to do an
early scan for EMS to make resumption decisions. This'll be easier when
the entire ClientHello is parsed in the beginning.
As a side effect,
1) PACKETize ssl_get_prev_session and tls1_process_ticket; and
2) Delete dead code for SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG.
Reviewed-by: Matt Caswell <matt@openssl.org>
Looks like someone forgot to do a "make update" since crypto/ts/Makefile
keeps changing. So include that.
Second is that the declare_dh_bn macro fools the libeay.num script.
The declarations are only needed in one file (dh_rfc5114) so remove
them from the header and put the "raw" declarations directly into that
file.
Reviewed-by: Richard Levitte <levitte@openssl.org>
Occaisionally we have had problems where there are duplicated ordinals in
libeay.num or ssleay.num. This adds a test for this issue.
Reviewed-by: Richard Levitte <levitte@openssl.org>
Much related/similar work also done by
Ivan Nestlerode <ivan.nestlerode@sonos.com>
+Replace FILE BIO's with dummy ops that fail.
+Include <stdio.h> for sscanf() even with no-stdio (since the declaration
is there). We rely on sscanf() to parse the OPENSSL_ia32cap environment
variable, since it can be larger than a 'long'. And we don't rely on the
availability of strtoull().
+Remove OPENSSL_stderr(); not used.
+Make OPENSSL_showfatal() do nothing (currently without stdio there's
nothing we can do).
+Remove file-based functionality from ssl/. The function
prototypes were already gone, but not the functions themselves.
+Remove unviable conf functionality via SYS_UEFI
+Add fallback definition of BUFSIZ.
+Remove functions taking FILE * from header files.
+Add missing DECLARE_PEM_write_fp_const
+Disable X509_LOOKUP_hash_dir(). X509_LOOKUP_file() was already compiled out,
so remove its prototype.
+Use OPENSSL_showfatal() in CRYPTO_destroy_dynlockid().
+Eliminate SRP_VBASE_init() and supporting functions. Users will need to
build the verifier manually instead.
+Eliminate compiler warning for unused do_pk8pkey_fp().
+Disable TEST_ENG_OPENSSL_PKEY.
+Disable GOST engine as is uses [f]printf all over the place.
+Eliminate compiler warning for unused send_fp_chars().
Signed-off-by: Rich Salz <rsalz@akamai.com>
Reviewed-by: Tim Hudson <tjh@openssl.org>
The windows test uses the pseudo file "nul" to indicate no file for the
-CApath option. This does not work on all versions of Windows. Instead use
the new -no-CApath option.
Reviewed-by: Andy Polyakov <appro@openssl.org>
The openssl rehash command is not available on some platforms including
Windows. This change skips the associated tests if rehash is not available.
Reviewed-by: Richard Levitte <levitte@openssl.org>
It depended on 'openssl no-wp', which always exited with code 0, so
this test would never be performed, and this, I never discovered that
the program it's supposed to run was misspellt. Furthermore, the
feature to check is 'whirlpool', not 'wp'.
All corrected.
Reviewed-by: Stephen Henson <steve@openssl.org>
Add Utils.pm for test utilities. This currently just contains one function:
disabled which checks if a feature is disabled based on the output of
openssl list -disabled
Reviewed-by: Richard Levitte <levitte@openssl.org>
Obvious typo, and it took configuring with 'zlib' to discover it,
otherwise there was a previous skip that bypassed this section
entirely.
Reviewed-by: Tim Hudson <tjh@openssl.org>
If test/recipes/40-test_rehash.t is executed as root, the last test
will fail, since the created directory will remain writable no matter
what. Make sure it complains loudly about being run as root.
Reviewed-by: Rich Salz <rsalz@openssl.org>
Rewrite EVP_DecodeUpdate.
In particular: reject extra trailing padding, and padding in the middle
of the content. Don't limit line length. Add tests.
Previously, the behaviour was ill-defined, and depended on the position
of the padding within the input.
In addition, this appears to fix a possible two-byte oob read.
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Dr Stephen Henson <steve@openssl.org>
The bookmark API results in a lot of boilerplate error checking that can
be much more easily achieved with a simple struct copy. It also lays the
path for removing the third PACKET field.
Reviewed-by: Rich Salz <rsalz@openssl.org>
If a test recipe does something like this:
indir "foo.$$" => sub {
chmod 0500, File::Spec->curdir();
ok(run(app(["something"])));
}
we get a problem, because we were storing the temporary stderr file in
the current directory at all times (so while inside the 'indir', we
would attemp to store it in "foo.$$").
So, change our ways to always store that temporary file in the exact
same location, defined by the environment variable RESULT_D, or
failing that TEST_D, or failing that $TOP/test.
Reviewed-by: Rich Salz <rsalz@openssl.org>
Use each once in s3_srvr.c to show how they work.
Also fix a bug introduced in c3fc7eeab8
and made apparent by this change:
ssl3_get_next_proto wasn't updating next_proto_negotiated_len
Reviewed-by: Matt Caswell <matt@openssl.org>
test_ecdh and test_ecdsa are made to depend on no-ec being false.
test_hmac is made not to depend on algorithm at all.
Based on a contribution by Alessandro Ghedini <alessandro@ghedini.me>
Reviewed-by: Rich Salz <rsalz@openssl.org>
The verify_extra_test was recently changed to take its parameters as
arguments instead of having them hardcoded.
Reviewed-by: Rich Salz <rsalz@openssl.org>
This recipe counted too much on being called with test/ as its current
working directory. That's a mistake on, for example, Windows.
Reviewed-by: Rich Salz <rsalz@openssl.org>
The testsslproxy tests turned out to be useless as they were. They
were really just for show and the results were ignore. Now they are
changed into a more veerifiable test
Reviewed-by: Rich Salz <rsalz@openssl.org>
Be careful when shifting in a function argument, you end up changing
the caller's value. Instead, when it is an array, make a shallow copy
and shift in that instead.
Reviewed-by: Rich Salz <rsalz@openssl.org>
Some tests were copied from test_jpake, but the title wasn't changed
accordingly. This might seem like a small thing, but it does affect
the log file name...
Reviewed-by: Rich Salz <rsalz@openssl.org>
MINFO may be an old file lying around, which might have
00-check_testexes.t produce incorrect results. To make sure this
doesn't happen, check the variable VERSION in it against the same
variable in the top Makefile.
Reviewed-by: Rich Salz <rsalz@openssl.org>
Before trying to read MINFO, we have no idea how many to test for, and
because skip expects to get an exact number somehow, it's better to
use 'plan skip_all'.
Reviewed-by: Rich Salz <rsalz@openssl.org>
Following the commit from July 2 that removed netscape formated certs,
it is no longer necessary to have conversion tests for it.
Reviewed-by: Rich Salz <rsalz@openssl.org>
VMS files are normally record oriented rather than stream oriented.
This means that every write() will create a new record, which is seen
as a line of its own, regardless of if there was a \n in there or not.
bntest uses BN_print, which prints out number with more than one
write(), thereby dividing up the numbers in several lines, which
greatly disturbs the post-bntest checks that expect to find a full
formula to calculate on one line.
So, for VMS, we need to push the linebuffer filter on the out BIO.
Reviewed-by: Rich Salz <rsalz@openssl.org>
Unfortunately, a file spec with character range globs interfere with
paths on VMS, and are therefore disabled. Rework this test to collect
a list of expected tests and a list of all recipes and compare the two
using grep.
Reviewed-by: Rich Salz <rsalz@openssl.org>
It became tedious as well as error prone to have all recipes use
Test::More as well as OpenSSL::Test. The easier way is to make
OpenSSL::Test an extension of Test::More, thereby having all version
checks as well as future checks firmly there. Additionally, that
allows us to extend existing Test::More functions if the need would
arise.
Reviewed-by: Rich Salz <rsalz@openssl.org>
When the environment variable STOPTEST is defined (with any value other
than the empty string), the test machinery in OpenSSL::Test goes into a
different mode that will stop all testing at the end of a failing recipe.
Reviewed-by: Rich Salz <rsalz@openssl.org>
00-check_testexes.t was a way for me to check that I didn't forget a
compiled test app. The way it worked was to require MINFO to be present.
Considering the need for this test has diminished considerably at this
point, I might as well tone down the requirement, and have it skip the
test (and not fail it) if MINFO isn't present.
Reviewed-by: Rich Salz <rsalz@openssl.org>
Very simple test recipes easily become tedious, so they might benefit
from being made as simple as possible. Therefore, OpenSSL::Test::Simple
is born. It currently provides but one function, simple_test(), which
takes a minimum of two parameters (test name and program to run), with
the optional third, being the algorithm to be checked for before
running the test itself.
All recipes with that simple thing to do have been rewritten to be as
minimal as possible.
Reviewed-by: Rich Salz <rsalz@openssl.org>
Also remove recipes/00-check_testalltests.t, since it will lack the
information from the now gone alltests target.
Reviewed-by: Rich Salz <rsalz@openssl.org>
Note that this required a change in constant_time_test.c, as it says
"ok", which interferes with what Test::Harness expects to see. I had
constant_time_test.c say "success" instead.
Reviewed-by: Rich Salz <rsalz@openssl.org>
As tests are done until now, there are a few scripts that look almost,
but not quite the same. tkey, tx509, tcrl, tpkcs7, treq, tsid and
probably a few more.
recipes/tconversions.pl is a helper script that generalises the
function of each of those, and can then be used in a general manner
from test recipes.
Reviewed-by: Rich Salz <rsalz@openssl.org>
The math recipes are among the heavier, but also quite important.
For the BN test, we have previously relied on bc to verify the numbers.
Unfortunately, bc doesn't exist everywhere, making tests on some platforms
rather painful. With the new recipe (recipes/10-test_bn.t), we rely
on perl's Math::BigInt and a homegrown simple calculator (recipes/bc.pl)
that can do enough to cover for bc.
Reviewed-by: Rich Salz <rsalz@openssl.org>
The idea with this perl based testing framework is to make use of
what's delivered with perl and exists on all sorts of platforms.
The choice came to using Test::More and Test::Harness, as that seems
to be the most widely spread foundation, even if perl is aged.
The main runner of the show is run_tests.pl. As it currently stands,
it's designed to run from inside Makefile, but it's absolutely
possible to run it from the command line as well, like so:
cd test
OPENSSL_SRCDIR=.. perl run_tests.pl
The tester scripts themselves are stored in the subdirectory recipes/,
and initially, we have two such scripts, recipes/00-check_testalltests.t
and recipes/00-check_testexes.t. recipes/00-check_testalltests.t will
pick out the dependencies of "alltests" in test/Makefile, and check if
it can find recipes with corresponding names. recipes/00-check_testexes.t
does something similar, but bases it on existing compiled test binaries.
They make it easy to figure out what's to be added, and will be
removed when this effort is finished.
Individual recipes can be run as well, of course, as they are perl
scripts in themselves. For example, you can run only
recipes/00-check_testexes.t like so:
cd test
OPENSSL_SRCDIR=.. perl recipes/00-check_testexes.t
To make coding easier, there's a routine library OpenSSL::Test, which
is reachable in a perl script like so:
use lib 'testlib';
use OpenSSL::Test;
Reviewed-by: Rich Salz <rsalz@openssl.org>
The test executables use standard output and standard error for text output,
so let's open the corresponding BIOs in text mode.
Reviewed-by: Tim Hudson <tjh@openssl.org>
Depending on platform, verify_extra_test may fail because it relies on
test/ being the current working directory. Make it get all the required
files on the command line instead to solve that issue.
Reviewed-by: Tim Hudson <tjh@openssl.org>
Since there seems to be no way to avoid linking to libssl and libcrypto,
just wrap the test. This unbreaks "shared" builds when using clang and/or
OS X.
Signed-off-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Ben Laurie <ben@openssl.org>
Commit d4ab70f27c added a test program
to check that the NULL pointer is represented as all zero bits, but
did not specify a build rule for that new executable. On many platforms,
the implicit rule sufficed, since nptest is a very simple program, but
for at least darwin-i386-cc, an explicit rule is needed. On darwin-i386-cc,
the implicit rule targetted a 64-bit executable, but the object file
containing the definition of main was a 32-bit object, which the linker
excluded from consideration, resulting in a link failure due to no
definition for _main.
Add the missing build rule to fix the build on such platforms.
Signed-off-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
This does 64-bit division and multiplication, and on 32-bit platforms
pulls in libgcc symbols (and MSVC does similar) which may not be
available. Mostly done by David Woodhouse.
Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
Also has changes from from David Woodhouse <David.Woodhouse@intel.com>
and some tweaks from me.
Signed-off-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Tim Hudson <tjh@openssl.org>
Add test to check PBE lookups: these can fail if the PBE table is not
correctly orders. Add to "make test".
Reviewed-by: Matt Caswell <matt@openssl.org>
There are many places (nearly 50) where we malloc and then memset.
Add an OPENSSL_zalloc routine to encapsulate that.
(Missed one conversion; thanks Richard)
Also fixes GH328
Reviewed-by: Richard Levitte <levitte@openssl.org>
Use SSL_CONF for certificate handling is ssltest.c, this changes the
behaviour slightly: the -cert and -key options are no longer recognised
and a default certificate file is not used.
This change means that -s_cert and -c_cert can be used mode than once
to support use of multiple certificates.
Reviewed-by: Matt Caswell <matt@openssl.org>
