These can be re-generated via:
cd test/certs; ./setup.sh
if need be. The keys are all RSA 2048-bit keys, but it is possible
to change that via environment variables.
cd test/certs
rm -f *-key.pem *-key2.pem
OPENSSL_KEYALG=rsa OPENSSL_KEYBITS=3072 ./setup.sh
cd test/certs
rm -f *-key.pem *-key2.pem
OPENSSL_KEYALG=ecdsa OPENSSL_KEYBITS=secp384r1 ./setup.sh
...
Keys are re-used if already present, so the environment variables
are only used when generating any keys that are missing. Hence
the "rm -f"
Reviewed-by: Richard Levitte <levitte@openssl.org>
The GOST engine is now out of date and is removed by this commit. An up
to date GOST engine is now being maintained in an external repository.
See:
https://wiki.openssl.org/index.php/Binaries
Reviewed-by: Richard Levitte <levitte@openssl.org>
Some users want to disable SSL 3.0/TLS 1.0/TLS 1.1, and enable just
TLS 1.2. In the future they might want to disable TLS 1.2 and
enable just TLS 1.3, ...
This commit makes it possible to disable any or all of the TLS or
DTLS protocols. It also considerably simplifies the SSL/TLS tests,
by auto-generating the min/max version tests based on the set of
supported protocols (425 explicitly written out tests got replaced
by two loops that generate all 425 tests if all protocols are
enabled, fewer otherwise).
Reviewed-by: Richard Levitte <levitte@openssl.org>
Remove lint, tags, dclean, tests.
This is prep for a new makedepend scheme.
This is temporary pending unified makefile, and might help it.
Reviewed-by: Richard Levitte <levitte@openssl.org>
- bugfix: should not treat '--' as invalid domain substring.
- '-' should not be the first letter of a domain
Signed-off-by: Viktor Dukhovni <viktor@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
On some platforms, the shell will determine what attributes a file
will have, so while the program might think it's safely outputting
binary data, it's not always true.
For the sake of the tests, it's therefore safer to use -out than to
use redirection.
Reviewed-by: Rich Salz <rsalz@openssl.org>
On VMS, the command MCR will assume SYS$SYSTEM: when the first
argument lacks a directory spec. So for programs in the current
directory, we add [] to tell MCR it is in the current directory.
It's the same as having ./ at the start of a program on Unix so the
shell doesn't start looking along $PATH.
Reviewed-by: Rich Salz <rsalz@openssl.org>
This used to work but somewhere along the line it broke and was failing to
detect duplicate ordinals - which was the whole point of the test!
Reviewed-by: Rich Salz <rsalz@openssl.org>
This test relies on a private function, which isn't exported.
This test would work better as a unit test in crypto/bn/bn_prime.c.
Reviewed-by: Rich Salz <rsalz@openssl.org>
VMS being a record oriented operating system, it's uncertain how the
'pipe' passes binary data from one process to another. Experience
shows that we get in trouble, and it's probably due to the pipe in
itself being opened in text mode (variable length records).
It's safer to pass data via an intermediary file instead.
Reviewed-by: Rich Salz <rsalz@openssl.org>
VMS uses a variant of openssl.cnf named openssl-vms.cnf.
There's a Perl on VMS mystery where a open pipe will not SIGPIPE when
the child process exits, which means that a loop sending "y\n" to it
will never stop. Adding a counter helps fix this (set to 10, we know
that none of the CA.pl commands will require more).
Reviewed-by: Rich Salz <rsalz@openssl.org>
Create Makefile's from Makefile.in
Rename Makefile.org to Makefile.in
Rename Makefiles to Makefile.in
Address review feedback from Viktor and Richard
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
Since danetest is to test DANE rather than specific algorithms, it's
acceptable to require EC when testing it.
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
Only two macros CRYPTO_MDEBUG and CRYPTO_MDEBUG_ABORT to control this.
If CRYPTO_MDEBUG is not set, #ifdef out the whole debug machinery.
(Thanks to Jakob Bohm for the suggestion!)
Make the "change wrapper functions" be the only paradigm.
Wrote documentation!
Format the 'set func' functions so their paramlists are legible.
Format some multi-line comments.
Remove ability to get/set the "memory debug" functions at runtme.
Remove MemCheck_* and CRYPTO_malloc_debug_init macros.
Add CRYPTO_mem_debug(int flag) function.
Add test/memleaktest.
Rename CRYPTO_malloc_init to OPENSSL_malloc_init; remove needless calls.
Reviewed-by: Richard Levitte <levitte@openssl.org>
If the client sends a status_request extension in the ClientHello
and the server responds with a status_request extension in the
ServerHello then normally the server will also later send a
CertificateStatus message. However this message is *optional* even
if the extensions were sent. This adds a test to ensure that if
the extensions are sent then we can still omit the message.
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
Add macro ossl_inline for use in public headers where a portable inline
is required. Change existing inline to use ossl_inline
Reviewed-by: Kurt Roeckx <kurt@openssl.org>
Some URLs in the source code ended up getting mangled by indent. This fixes
it. Based on a patch supplied by Arnaud Lacombe <al@aerilon.ca>
Reviewed-by: Richard Levitte <levitte@openssl.org>
Rename BUF_{strdup,strlcat,strlcpy,memdup,strndup,strnlen}
to OPENSSL_{strdup,strlcat,strlcpy,memdup,strndup,strnlen}
Add #define's for the old names.
Add CRYPTO_{memdup,strndup}, called by OPENSSL_{memdup,strndup} macros.
Reviewed-by: Tim Hudson <tjh@openssl.org>
On Linux when creating the .so file we were exporting all symbols. We should
only be exporting public symbols. This commit fixes the issue. It is only
applicable to linux currently although the same technique may work for other
platforms (e.g. Solaris should work the same way).
This also adds symbol version information to our exported symbols.
Reviewed-by: Richard Levitte <levitte@openssl.org>
Commit 2b0180c37f attempted to do this but
only hit one of many BN_mod_exp codepaths. Fix remaining variants and add
a test for each method.
Thanks to Hanno Boeck for reporting this issue.
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
