Using a byte buffer causes problems for device that don't handle unaligned
reads. Instead use the properly aligned variable that was already pointed at.
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8696)
than the update call. The means an earlier error return at the cost of some
duplicated code.
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/8625)
Fixes no-sm2 (and also no-sm3 and no-ec)
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/8650)
Since the macro to indicate if the test provider module is available
is local to the test programs, it's better to use a name that isn't
as easily confused with a library feature disabling macro that one
would expect to find in opensslconf.h.
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8664)
We reuse test/provider_internal_test.c and test/p_test.c,
and get it loaded one more time via the configuration file
test/provider_internal_test.conf
To support different platform standards regarding module
extensions, we generate test/provider_internal_test.conf
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/8549)
Previously, the macro OPENSSL_NO_SHARED was defined of the test/p_test
module wasn't built, but the provider test programs didn't check that
macro. We rename it to OPENSSL_NO_MODULE, since that name describes
the situation more than OPENSSL_NO_SHARED does, and use it.
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/8623)
While we're at it, sort out inconsistencies with the build of modules:
- not building shared libraries means not building dynamic engines.
However, other modules may still be built.
- not having DSO functionality doesn't mean not to build modules (even
though we can't use them from apps linked with libraries that are
built this way).
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/8623)
Add a unit-test for ktls receive side.
Change-Id: I890588681d05fba419f644f6d903be6dc83c9ed5
Signed-off-by: Boris Pismenny <borisp@mellanox.com>
Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7848)
The output format now matches coreutils *dgst tools.
[ edited to remove trailing white space ]
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/8578)
This follows #8321 which added the SM2 certificate verification feature.
This commit adds some test cases for #8321.
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/8465)
Refer to FIPS 140-2 section 4.9.2 Conditional Tests for details.
The check is fairly simplistic, being for the entropy sources to not feed
the DRBG the same block of seed material twice in a row. Only the first
DRBG in a chain is subject to this check, latter DRBGs are assumed to be
safely seeded via the earlier DRBGs.
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8599)
/usr/include/bits/waitstatus.h includes endian.h under some libc's.
This clashes with the new test header file, so rename the latter.
Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8600)
Complete and improve error output of parse_name() in apps/apps.c
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/8193)
size_t isn't always as large as a int64_t, so the compiler complains
about possible data loss. In this case, we are in control, so a
simple cast will do.
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/8497)
With the recent addition of the -rawin option it should be possible for
pkeyutl to sign and verify with Ed448 and Ed2559. The main remaining
stumbling block is that those algorirthms only support "oneshot" operation.
This commit enables pkeyutl to handle that.
Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/8431)
TEST_ulong_eq was used previously because TEST_double_eq didn't exist
at the time.
Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/8469)
With enough warning flags, compilers complain when a non-static
function hasn't been properly declared...
Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/8469)
test/params_test.c is a program that tries to mimic how a provider and
an application would or could handle OSSL_PARAM arrays.
For the moment, this program tests a very raw way of handling
OSSL_PARAM arrays. It is, however, written in a way that will
hopefully make it possible to extend with other methods as APIs arise,
and to set up test cases where a "provider" handles the array one way
while the "application" handles it another way.
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/8396)
Don't try to load external provider modules in tests if we don't have DSO
capability
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/8459)
no-cmac, no-poly1305 and no-siphash all caused the new test_mac to fail.
Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8458)
Provide a number of functions to allow parameters to be set and
retrieved in a type safe manner. Functions are provided for many
integral types plus double, BIGNUM, UTF8 strings and OCTET strings.
All of the integer functions will widen the parameter data as
required. This permits a degree of malleability in the parameter
definition. For example a type can be changed from a thirty two bit
integer to a sixty four bit one without changing application code.
Only four and eight byte integral sizes are supported here.
A pair of real functions are available for doubles.
A pair of functions is available for BIGNUMs. These accept any sized
unsigned integer input and convert to/from a BIGNUM.
For each OCTET and UTF8 strings, four functions are defined. This
provide get and set functionality for string and for pointers to
strings. The latter avoiding copies but have other inherent risks.
Finally, some utility macros and functions are defined to allow
OSSL_PARAM definition arrays to be specified in a simple manner.
There are two macro and one function for most types. The exception
being BIGNUM, for which there is one macro and one function.
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8451)
The OSSL_PARAM attribute names |buffer| and |buffer_size| may lead to
confusion, as they may make some think that the memory pointed at is
an intermediate memory are. This is not generally the case, so we
rename |buffer| and |buffer_size| to |data| and |data_size|
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8451)
Two tests are added, one that tests the internal API, the other tests
the public API. Those two tests both test the same provider, which
acts both as a built-in provider and as a loadable provider module.
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8287)
The previous commit fixed an underflow that may occur in ecp_nistp521.c.
This commit adds a test for that condition. It is heavily based on an
original test harness by Billy Brumley.
Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/8405)
This should never reduce the range covered and might increase it on some
platforms.
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8415)
From a Unix point of view, some other platform families have certain
quirks. Windows command prompt doesn't expand globs into actual file
names, so we must do this. VMS has some oddity with argv pointer size
that can cause crashes if you're not careful (by copying it to a less
surprising pointer size array).
The fixups already exist and are used in the apps/ code. However, the
testutil code started using the opt routines from apps/ without
including the non-Unix fixups. This change fixes that.
For VMS' sake, libtestutil gets an app_malloc() shim, to avoid sucking
in all of apps/apps.c.
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/8381)
SSH's KDF is defined in RFC 4253 in Section 7.2
Signed-off-by: Simo Sorce <simo@redhat.com>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7290)
Some signature algorithms require special treatment for digesting, such
as SM2. This patch adds the ability of handling raw input data in
apps/pkeyutl other than accepting only pre-hashed input data.
Beside, SM2 requries an ID string when signing or verifying a piece of data,
this patch also adds the ability for apps/pkeyutil to specify that ID
string.
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8186)
There is too high a risk that perl and OpenSSL are linked with
different C RTLs, and thereby get different messages for even the most
mundane error numbers.
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8343)
Prior to this commit we were keeping a count of how many KeyUpdates we
have processed and failing if we had had too many. This simplistic approach
is not sufficient for long running connections. Since many KeyUpdates
would not be a particular good DoS route anyway, the simplest solution is
to simply remove the key update count.
Fixes#8068
Reviewed-by: Kurt Roeckx <kurt@roeckx.be>
(Merged from https://github.com/openssl/openssl/pull/8299)
This commit adds a simple unit test to make sure that the constant-time
flag does not "leak" among BN_CTX frames:
- test_ctx_consttime_flag() initializes (and later frees before
returning) a BN_CTX object, then it calls in sequence
test_ctx_set_ct_flag() and test_ctx_check_ct_flag() using the same
BN_CTX object. The process is run twice, once with a "normal"
BN_CTX_new() object, then with a BN_CTX_secure_new() one.
- test_ctx_set_ct_flag() starts a frame in the given BN_CTX and sets the
BN_FLG_CONSTTIME flag on some of the BIGNUMs obtained from the frame
before ending it.
- test_ctx_check_ct_flag() then starts a new frame and gets a number of
BIGNUMs from it. In absence of leaks, none of the BIGNUMs in the new
frame should have BN_FLG_CONSTTIME set.
In actual BN_CTX usage inside libcrypto the leak could happen at any
depth level in the BN_CTX stack, with varying results depending on the
patterns of sibling trees of nested function calls sharing the same
BN_CTX object, and the effect of unintended BN_FLG_CONSTTIME on the
called BN_* functions.
This simple unit test abstracts away this complexity and verifies that
the leak does not happen between two sibling functions sharing the same
BN_CTX object at the same level of nesting.
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8253)
Because test order can be randomized, running foo_init() as a separate
test is unsafe practice. Instead, we make it possible to call it
multiple times, and call it at the start of each separate test.
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8288)
A randomised order causes failure due to unintentional dependencies between
two of the test cases.
[extended tests]
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/8279)
Properties are a sequence of comma separated name=value pairs. A name
without a corresponding value is assumed to be a Boolean and have the
true value 'yes'. Values are either strings or numbers. Strings can be
quoted either _"_ or _'_ or unquoted (with restrictions). There are no
escape characters inside strings. Number are either decimal digits or
'0x' followed by hexidecimal digits. Numbers are represented internally
as signed sixty four bit values.
Queries on properties are a sequence comma separated conditional tests.
These take the form of name=value (equality test), name!=value (inequality
test) or name (Boolean test for truth). Queries can be parsed, compared
against a definition or merged pairwise.
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8224)
The context builds on CRYPTO_EX_DATA, allowing it to be dynamically
extended with new data from the different parts of libcrypto.
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8225)
This allows allocation of items at indexes that were created after the
CRYPTO_EX_DATA variable was initialized, using the exact same method
that was used then.
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8225)
New function to return internal pointer for field.
Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8195)
Add SSL_OP64_NO_EXTENDED_MASTER_SECRET, that can be set on either
an SSL or an SSL_CTX. When processing a ClientHello, if this flag
is set, do not indicate that the EMS TLS extension was received in
either the ssl3 object or the SSL_SESSION. Retain most of the
sanity checks between the previous and current session during
session resumption, but weaken the check when the current SSL
object is configured to not use EMS.
Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3910)
Otherwise this can result in an incorrect calculation of the maximum
encoded integer length, meaning an insufficient buffer size is allocated.
Thanks to Billy Brumley for helping to track this down.
Fixes#8209
Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com>
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/8237)
The original 1.1.1 design was to use SSL_CB_HANDSHAKE_START and
SSL_CB_HANDSHAKE_DONE to signal start/end of a post-handshake message
exchange in TLSv1.3. Unfortunately experience has shown that this confuses
some applications who mistake it for a TLSv1.2 renegotiation. This means
that KeyUpdate messages are not handled properly.
This commit removes the use of SSL_CB_HANDSHAKE_START and
SSL_CB_HANDSHAKE_DONE to signal the start/end of a post-handshake
message exchange. Individual post-handshake messages are still signalled in
the normal way.
This is a potentially breaking change if there are any applications already
written that expect to see these TLSv1.3 events. However, without it,
KeyUpdate is not currently usable for many applications.
Fixes#8069
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8096)
set_cipher_list() sets TLSv1.2 (and below) ciphers, and its success or
failure should not depend on whether set_ciphersuites() has been used to
setup TLSv1.3 ciphers.
Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Ben Kaduk <kaduk@mit.edu>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7759)
Iterators over the sparse array structures have gained an initial argument
which indicates the index into the array of the element. This can be used,
e.g., to delete or modify the associated value.
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8229)
Changed PKEY/KDF API to call the new API.
Added wrappers for PKCS5_PBKDF2_HMAC() and EVP_PBE_scrypt() to call the new EVP KDF APIs.
Documentation updated.
Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/6674)
This got triggered by test/testutil.h including ../apps/opt.h.
Some compilers do all inclusions from the directory of the C file
being compiled, so when a C file includes a header file with a
relative file spec, and that header file also includes another header
file with a relative file spec, the compiler no longer follows.
As a specific example, test/testutil/basic_output.c included
../testutil.h. Fine so far, but then, test/testutil.h includes
../apps/opt.h, and the compiler ends up trying to include (seen from
the source top) test/apps/opt.h rather than apps/opt.h, and fails.
The solution could have been to simply add apps/ as an inclusion
directory. However, that directory also has header files that have
nothing to do with libapps, so we take this a bit further, create
apps/include and move libapps specific headers there, and then add
apps/include as inclusion directory in the build.info files where
needed.
Reviewed-by: Paul Yang <yang.yang@baishancloud.com>
(Merged from https://github.com/openssl/openssl/pull/8210)
This commit adds a space and time efficient sparse array data structure.
The structure's raw API is wrapped by inline functions which provide type
safety.
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/8197)
If the old openssl versions not supporting the .include directive
load a config file with it, they will bail out with error.
This change allows using the .include = <filename> syntax which
is interpreted as variable assignment by the old openssl
config file parser.
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8141)
The manual says this in its notes:
... and therefore applications using static linking should also call
OPENSSL_thread_stop() on each thread. ...
Fixes#8171
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/8173)
Signed-off-by: Antoine Salon <asalon@vmware.com>
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7726)
Trim trailing whitespace. It doesn't match OpenSSL coding standards,
AFAICT, and it can cause problems with git tooling.
Trailing whitespace remains in test data and external source.
Reviewed-by: Kurt Roeckx <kurt@roeckx.be>
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8092)
When computing the end-point shared secret, don't take the
terminating NULL character into account.
Please note that this fix breaks interoperability with older
versions of OpenSSL, which are not fixed.
Fixes#7956
Reviewed-by: Kurt Roeckx <kurt@roeckx.be>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7957)
There was a hack specifically for VMS, which involved setting a make
variable to indicate that test/libtestutil contains a 'main'.
Instead, we use the new attributes 'has_main' to indicate this, and
let the VMS build file template fend with it appropriately.
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8125)
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/8111)
A CAdES Basic Electronic Signature (CAdES-BES) contains, among other
specifications, a collection of Signing Certificate reference attributes,
stored in the signedData ether as ESS signing-certificate or as
ESS signing-certificate-v2. These are described in detail in Section 5.7.2
of RFC 5126 - CMS Advanced Electronic Signatures (CAdES).
This patch adds support for adding ESS signing-certificate[-v2] attributes
to CMS signedData. Although it implements only a small part of the RFC, it
is sufficient many cases to enable the `openssl cms` app to create signatures
which comply with legal requirements of some European States (e.g Italy).
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/7893)
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Yang <yang.yang@baishancloud.com>
Signed-off-by: Ping Yu <ping.yu@intel.com>
Signed-off-by: Steven Linsell <stevenx.linsell@intel.com>
(Merged from https://github.com/openssl/openssl/pull/7573)
During a DTLS handshake we may need to periodically handle timeouts in the
DTLS timer to ensure retransmits due to lost packets are performed. However,
one peer will always complete a handshake before the other. The DTLS timer
stops once the handshake has finished so any handshake messages lost after
that point will not automatically get retransmitted simply by calling
DTLSv1_handle_timeout(). However attempting an SSL_read implies a
DTLSv1_handle_timeout() and additionally will process records received from
the peer. If those records are themselves retransmits then we know that the
peer has not completed its handshake yet and a retransmit of our final
flight automatically occurs.
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/8047)
This means that all PROGRAMS_NO_INST, LIBS_NO_INST, ENGINES_NO_INST
and SCRIPTS_NO_INST are changed to be PROGRAM, LIBS, ENGINES and
SCRIPTS with the associated attribute 'noinst'.
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7581)
The platform module collection is made in such a way that any Perl
script that wants to take part of the available information can use
them just as well as the build system.
This change adapts test/recipes/90-test_shlibload.t, util/mkdef.pl,
and util/shlib_wrap.sh.in
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/7473)
If you use a BIO and set up your own buffer that is not freed, the
memory bio will leak the BIO_BUF_MEM object it allocates.
The trouble is that the BIO_BUF_MEM is allocated and kept around,
but it is not freed if BIO_NOCLOSE is set.
The freeing of BIO_BUF_MEM was fairly confusing, simplify things
so mem_buf_free only frees the memory buffer and free the BIO_BUF_MEM
in mem_free(), where it should be done.
Alse add a test for a leak in the memory bio
Setting a memory buffer caused a leak.
Signed-off-by: Corey Minyard <minyard@acm.org>
Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/8051)
5. check_return: Calling EVP_EncodeUpdate without checking return value
(as is done elsewhere 4 out of 5 times).
Fix CID 1371695, 1371698: Resource leak in test/evp_test.c
- leaked_storage: Variable edata going out of scope leaks the storage it
points to.
- leaked_storage: Variable encode_ctx going out of scope leaks the
storage it points to
Fix CID 1430437, 1430426, 1430429 : Dereference before null check in test/drbg_cavs_test.c
check_after_deref: Null-checking drbg suggests that it
may be null, but it has already been dereferenced on all paths leading
to the check
Fix CID 1440765: Dereference before null check in test/ssltestlib.c
check_after_deref: Null-checking ctx suggests that it may be null, but
it has already been dereferenced on all paths leading to the check.
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
(Merged from https://github.com/openssl/openssl/pull/7993)
This was complicated by the fact that we were using this extension for our
duplicate extension handling tests. In order to add tests for cryptopro
bug the duplicate extension handling tests needed to change first.
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/7984)
Test that atexit handlers get called properly at process exit, unless we
have explicitly asked for them not to be.
Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7647)
The whole point of shlibloadtest is to test dynamically loading and
unloading the library. If we link shlibloadtest against libcrypto then that
might mask potential issues.
Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7647)
Based originally on github.com/dfoxfranke/libaes_siv
This creates an SIV128 mode that uses EVP interfaces for the CBC, CTR
and CMAC code to reduce complexity at the cost of perfomance. The
expected use is for short inputs, not TLS-sized records.
Add multiple AAD input capacity in the EVP tests.
Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
(Merged from https://github.com/openssl/openssl/pull/3540)
Engine names and ids are typically static strings. If an application
actually dynamically allocated these, the application owns the
storage, and should dispose of it via the original handle, rather
than the "const char *" returned by the engine.
In any case, this resolves the test code issue without resort to
"unconst" macros/casts.
Reviewed-by: Richard Levitte <levitte@openssl.org>
Add a unit-test for ktls.
Signed-off-by: Boris Pismenny <borisp@mellanox.com>
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Paul Yang <yang.yang@baishancloud.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5253)
Previously, the API version limit was indicated with a numeric version
number. This was "natural" in the pre-3.0.0 because the version was
this simple number.
With 3.0.0, the version is divided into three separate numbers, and
it's only the major number that counts, but we still need to be able
to support pre-3.0.0 version limits.
Therefore, we allow OPENSSL_API_COMPAT to be defined with a pre-3.0.0
style numeric version number or with a simple major number, i.e. can
be defined like this for any application:
-D OPENSSL_API_COMPAT=0x10100000L
-D OPENSSL_API_COMPAT=3
Since the pre-3.0.0 numerical version numbers are high, it's easy to
distinguish between a simple major number and a pre-3.0.0 numerical
version number and to thereby support both forms at the same time.
Internally, we define the following macros depending on the value of
OPENSSL_API_COMPAT:
OPENSSL_API_0_9_8
OPENSSL_API_1_0_0
OPENSSL_API_1_1_0
OPENSSL_API_3
They indicate that functions marked for deprecation in the
corresponding major release shall not be built if defined.
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7724)
We're strictly use version numbers of the form MAJOR.MINOR.PATCH.
Letter releases are things of days past.
The most central change is that we now express the version number with
three macros, one for each part of the version number:
OPENSSL_VERSION_MAJOR
OPENSSL_VERSION_MINOR
OPENSSL_VERSION_PATCH
We also provide two additional macros to express pre-release and build
metadata information (also specified in semantic versioning):
OPENSSL_VERSION_PRE_RELEASE
OPENSSL_VERSION_BUILD_METADATA
To get the library's idea of all those values, we introduce the
following functions:
unsigned int OPENSSL_version_major(void);
unsigned int OPENSSL_version_minor(void);
unsigned int OPENSSL_version_patch(void);
const char *OPENSSL_version_pre_release(void);
const char *OPENSSL_version_build_metadata(void);
Additionally, for shared library versioning (which is out of scope in
semantic versioning, but that we still need):
OPENSSL_SHLIB_VERSION
We also provide a macro that contains the release date. This is not
part of the version number, but is extra information that we want to
be able to display:
OPENSSL_RELEASE_DATE
Finally, also provide the following convenience functions:
const char *OPENSSL_version_text(void);
const char *OPENSSL_version_text_full(void);
The following macros and functions are deprecated, and while currently
existing for backward compatibility, they are expected to disappear:
OPENSSL_VERSION_NUMBER
OPENSSL_VERSION_TEXT
OPENSSL_VERSION
OpenSSL_version_num()
OpenSSL_version()
Also, this function is introduced to replace OpenSSL_version() for all
indexes except for OPENSSL_VERSION:
OPENSSL_info()
For configuration, the option 'newversion-only' is added to disable all
the macros and functions that are mentioned as deprecated above.
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7724)
This is in preparation for a switch to MAJOR.MINOR.PATCH versioning
and calling the next major version 3.0.0.
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7724)
Fix some issues in tls13_hkdf_expand() which impact the above function
for TLSv1.3. In particular test that we can use the maximum label length
in TLSv1.3.
Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7755)
Config options 'no-err' and 'no-autoerrinit'
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/7711)
There's too high a chance that the openssl app and perl get different
messages for some error numbers.
[extended tests]
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7699)
This ensures we collected them properly and and as completely as can
be tested safely.
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7681)
When libssl and libcrypto are compiled on Linux with "-rpath", but
not "--enable-new-dtags", the RPATH takes precedence over
LD_LIBRARY_PATH, and we end up running with the wrong libraries.
This is resolved by using full (or at least relative, rather than
just the filename to be found on LD_LIBRARY_PATH) paths to the
shared objects.
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7626)
