Commit graph

18597 commits

Author SHA1 Message Date
Richard Levitte
7d9533bfa2 HP-UX doesn't have hstrerror(), so make our own for that platform
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2092)
(cherry picked from commit 46766d0036)
2016-12-16 14:37:56 +01:00
Kurt Roeckx
4e9954799a Make client and server fuzzer support all ciphers
Also send a SNI extension in the client so the fuzzer can react to it.

Reviewed-by: Rich Salz <rsalz@openssl.org>
GH: #2088
2016-12-16 01:08:22 +01:00
Kurt Roeckx
e104d01deb Document the recommended parameters for fuzzing
We use those parameters for calculating the coverage.

Reviewed-by: Rich Salz <rsalz@openssl.org>
GH: #2088
2016-12-16 01:08:22 +01:00
Kurt Roeckx
2fd54ebadf Enable TLS1.3 and PEDANTIC in the coverage target
This make sure that the coverage is the same for the fuzzers and this
coverage target

Reviewed-by: Rich Salz <rsalz@openssl.org>
GH: #2088
2016-12-16 01:08:22 +01:00
Kurt Roeckx
eeab356c29 Don't call memcpy with NULL as source
Calling it with lenght 0 and NULL as source is undefined behaviour.

Reviewed-by: Rich Salz <rsalz@openssl.org>
GH: #2089
2016-12-15 21:45:25 +01:00
Andy Polyakov
1ea01427c5 poly1305/asm/poly1305-x86_64.pl: allow nasm to assemble AVX512 code.
chacha/asm/chacha-x86_64.pl: refine nasm version detection logic.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-12-15 17:57:50 +01:00
Andy Polyakov
526ab89645 perlasm/x86_64-xlate.pl: add support for AVX512 OPMASK-ing.
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-12-15 17:57:45 +01:00
Andy Polyakov
569204be90 man3/OPENSSL_ia32cap.pod: clarify AVX512 support in clang context.
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-12-15 17:57:38 +01:00
Rich Salz
2b40699082 CRL critical extension bugfix
More importantly, port CRL test from boringSSL crypto/x509/x509_test.cc

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1775)
2016-12-14 12:32:49 -05:00
Dr. Stephen Henson
99f2f1dc3e Add function and reason checking to evp_test
Add options to check the function and reason code matches expected values.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-12-14 16:33:41 +00:00
Rich Salz
a47bc28317 Add X509_VERIFY_PARAM inheritance flag set/get
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2079)
2016-12-13 14:30:21 -05:00
Rich Salz
3dfda1a636 Fix various doc nits.
find-doc-nits warns if you don't give a "what to do flag"
Don't use regexps for section names, just strings:  More consistency.
Rename "COMMAND OPTIONS" to OPTIONS.
Fix a couple of other nit-level things.

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2076)
2016-12-13 12:12:35 -05:00
Azat Khuzhin
b9b5181dd2 Remove ENGINE_load_dasync() (no OPENSSL_INIT_ENGINE_DASYNC already)
Fixes: 8d00e30f96 ("Don't try to init
dasync internally")

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
CLA: trivial
2016-12-12 17:32:48 +00:00
Dmitry Belyavskiy
498180de5c Typo fixed
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2075)
2016-12-12 09:28:56 -05:00
Paul Hovey
6974fca49d updated macro spacing for styling purposes
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
CLA: trivial
2016-12-12 13:50:17 +00:00
Paul Hovey
8bd62abe00 fix undoes errors introduced by fc6076ca27 (diff-1014acebaa2c13d44ca196b9a433ef2eR184)
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
CLA: trivial
2016-12-12 13:50:17 +00:00
Benjamin Kaduk
036ba500f7 Restore the ERR_FATAL_ERROR() macro
Commit 0cd0a820ab removed this macro
along with many unused function and reason codes; ERR_FATAL_ERROR()
was not used in the tree, but did have external consumers.

Add it back to restore the API compatibility and avoid breaking
applications for no internal benefit.

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2049)
2016-12-12 08:23:03 -05:00
Matt Caswell
4bf086005f Fix a leak in SSL_clear()
SSL_clear() was resetting numwpipes to 0, but not freeing any allocated
memory for existing write buffers.

Fixes #2026

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-12-12 13:12:25 +00:00
Andy Polyakov
82e089308b perlasm/x86_64-xlate.pl: refine sign extension in ea package.
$1<<32>>32 worked fine with either 32- or 64-bit perl for a good while,
relying on quirk that [pure] 32-bit perl performed it as $1<<0>>0. But
this apparently changed in some version past minimally required 5.10,
and operation result became 0. Yet, it went unnoticed for another while,
because most perl package providers configure their packages with
-Duse64bitint option.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-12-12 11:00:50 +01:00
Andy Polyakov
abb8c44fba x86_64 assembly pack: add AVX512 ChaCha20 and Poly1305 code paths.
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-12-12 10:58:04 +01:00
Andy Polyakov
f2d78649fb poly1305/poly1305_base2_44.c: add reference base 2^44 implementation.
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-12-12 10:54:59 +01:00
Davide Galassi
210fe4edee Avoid the call to OPENSSL_malloc with a negative value (then casted to unsigned)
CLA: trivial
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2021)
2016-12-10 16:41:59 -05:00
Markus Triska
eb43101ff8 Fix reference to SSL_set_max_proto_version.
CLA: trivial
Reviewed-by: Kurt Roeckx <kurt@openssl.org>
Reviewed-by: Andy Polyakov <appro@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2059)
2016-12-10 16:34:58 -05:00
Dr. Stephen Henson
cce6526629 Additional error tests in evp_test.c
Support checking for errors during test initialisation and parsing.

Add errors and tests for key operation initalisation and ctrl errors.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-12-10 13:59:29 +00:00
Richard Levitte
c922ebe232 VMS UI_OpenSSL: generate OpenSSL errors when things go wrong.
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2063)
2016-12-10 10:16:41 +01:00
Richard Levitte
18edbe6519 VMS UI_OpenSSL: if the TT device isn't a tty, flag instead of error
On all platforms, if the controlling tty isn't an actual tty, this is
flagged by setting is_a_tty to zero...  except on VMS, where this was
treated as an error.  Change this to behave like the other platforms.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2063)
2016-12-10 10:16:41 +01:00
Dr. Stephen Henson
2d7bbd6c9f Add RSA PSS tests
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2065)
2016-12-09 23:05:45 +00:00
Dr. Stephen Henson
71bbc79b7d Check input length to pkey_rsa_verify()
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2065)
2016-12-09 23:05:44 +00:00
Kurt Roeckx
6c0e1e20d2 Update client fuzz corpus
Reviewed-by: Rich Salz <rsalz@openssl.org>
GH: #2060
2016-12-09 23:35:06 +01:00
Richard Levitte
6c6a2ae6fc Test framework: Add the possibility to have a test specific data dir
This data directory is formed automatically by taking the recipe name
and changing '.t' to '_data'.  Files in there can be reached with the
new function data_file()

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2027)
2016-12-09 21:17:15 +01:00
Kurt Roeckx
af5a4b40d7 Update client fuzzer corpus
Reviewed-by: Rich Salz <rsalz@openssl.org>
GH: #2053
2016-12-09 18:13:18 +01:00
Richard Levitte
949320c567 Remove extra bang
A bang (!) slipped through in the recent UI cleanup

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2051)
2016-12-08 21:40:41 +01:00
Kurt Roeckx
a19fc66a6b Only call memcpy when the length is larger than 0.
Reviewed-by: Rich Salz <rsalz@openssl.org>
GH: #2050
2016-12-08 20:17:01 +01:00
Richard Levitte
120fb9e436 UI code style cleanup
Mostly condition check changes.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2047)
2016-12-08 19:31:28 +01:00
Kurt Roeckx
141ecc4e55 Fuzz corpora update
Reviewed-by: Rich Salz <rsalz@openssl.org>
GH: #2041
2016-12-08 19:06:19 +01:00
Kurt Roeckx
4410f9d786 And client fuzzer
Reviewed-by: Rich Salz <rsalz@openssl.org>
GH: #2041
2016-12-08 19:06:18 +01:00
Kurt Roeckx
e512840d7a Make the predictable numbers start from 1
There is code that retries calling RAND_bytes() until it gets something
other than 0, which just hangs if we always return 0.

Reviewed-by: Rich Salz <rsalz@openssl.org>
GH: #2041
2016-12-08 19:06:18 +01:00
Kurt Roeckx
231f13370b Make asn1 fuzzer more reproducible
Reviewed-by: Rich Salz <rsalz@openssl.org>
GH: #2041
2016-12-08 19:06:17 +01:00
Matt Caswell
7d152a3c4f Fix the declaration of tls_parse_extension in statem_locl.h
Perl changes reviewed by Richard Levitte. Non-perl changes reviewed by Rich
Salz

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-12-08 17:21:48 +00:00
Matt Caswell
625b0d514e Fix a travis failure
Travis was indicating a bogus uninit var warning. This fixes it.

Perl changes reviewed by Richard Levitte. Non-perl changes reviewed by Rich
Salz

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-12-08 17:21:41 +00:00
Matt Caswell
9615387408 Fix various indentation
The indentation was a bit off in some of the perl files following the
extensions refactor.

Perl changes reviewed by Richard Levitte. Non-perl changes reviewed by Rich
Salz

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-12-08 17:21:35 +00:00
Matt Caswell
1e566129ad Move the checkhandshake.pm module into test/testlib
Move this module into the same place as other test helper modules. It
simplifies the code and keeps like things together.

Perl changes reviewed by Richard Levitte. Non-perl changes reviewed by Rich
Salz

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-12-08 17:21:30 +00:00
Matt Caswell
7fe97c077b Fix make update issues
Various functions got renamed. We need to rename the error codes too.

Perl changes reviewed by Richard Levitte. Non-perl changes reviewed by Rich
Salz

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-12-08 17:21:21 +00:00
Matt Caswell
ecc2f938cf Fix more style issues following extensions refactor feedback
Perl changes reviewed by Richard Levitte. Non-perl changes reviewed by Rich
Salz

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-12-08 17:21:15 +00:00
Matt Caswell
cbb0954471 Introduce TLSEXT_STATUSTYPE_nothing constant
The existing code used the magic number -1 to represent the absence of
a status_type in the extension. This commit replaces it with a macro.

Perl changes reviewed by Richard Levitte. Non-perl changes reviewed by Rich
Salz

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-12-08 17:21:09 +00:00
Matt Caswell
d270de322c Change TLSEXT_IDX_* values into an enum
Perl changes reviewed by Richard Levitte. Non-perl changes reviewed by Rich
Salz

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-12-08 17:21:03 +00:00
Matt Caswell
1266eefdb6 Various style updates following extensions refactor
Perl changes reviewed by Richard Levitte. Non-perl changes reviewed by Rich
Salz

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-12-08 17:20:58 +00:00
Matt Caswell
89247375ef Fix travis mixed declarations and code error
Perl changes reviewed by Richard Levitte. Non-perl changes reviewed by Rich
Salz

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-12-08 17:20:51 +00:00
Matt Caswell
14d21b690a Suppress some BoringSSL test failures
The external BoringSSL tests had some failures as a result of
the extensions refactor. This was due to a deliberate relaxation
of the duplicate extensions checking code. We now only check
known extensions for duplicates. Unknown extensions are ignored.
This is allowed behaviour, so we suppress those BoringSSL tests.

Perl changes reviewed by Richard Levitte. Non-perl changes reviewed by Rich
Salz

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-12-08 17:20:45 +00:00
Matt Caswell
22ab4b7dd3 Correct imports for checkhandshake module
Ensure the tests can find the checkhandshake module on all platforms

Perl changes reviewed by Richard Levitte. Non-perl changes reviewed by Rich
Salz

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-12-08 17:20:39 +00:00