This adds a test to the OpenSSL test suite to invoke the BoringSSL test
suite.
It assumes you have already compiled the ossl_shim (see previous commit).
It also assumes that you have an environment variable BORING_RUNNER_DIR
set up to point to the ssl/test/runner directory of a checkout of BoringSSL.
This has only been tested with a very old version of BoringSSL (from commit
f277add6c) - since that was the last known checkout where the shim compiles
successfully. Even with that version of BoringSSL this test will fail. There
are lots of Boring tests that are failing for various reasons. Some might
be due to bugs in OpenSSL, some might be due to features that BoringSSL has
that OpenSSL doesn't, some are due to assumptions about the way BoringSSL
behaves that are not true for OpenSSL etc.
To get the verbose BoringSSL test output, run like this:
VERBOSE=1 BORING_RUNNER_DIR=/path/to/boring/ssl/test/runner make \
TESTS="test_external" test
Reviewed-by: Richard Levitte <levitte@openssl.org>
The BoringSSL test suite contains numerous tests which OpenSSL does not.
The BoringSSL test runner uses a shim to launch the library and execute the
tests. This is a version of the BoringSSL shim converted to compile against
OpenSSL instead.
This is primarily based on the work of David Benjamin from the BoringSSL
project who did most of the necessary conversion. It also includes a few
other tweaks for opacity changes etc.
This is based on a *very* old version of BoringSSL from commit f277add6c.
That was the last commit known to work with this patched shim. Later
versions may also work but lots of merge conflicts occur when trying to
bring it up to date.
At the moment this has not been integrated into the build system. There is
a very simple standalone makefile in the ossl_shim directory which should
be executed directly before tyring to use the shim.
Reviewed-by: Richard Levitte <levitte@openssl.org>
test/shlibloadtest.c assumes all Unix style platforms use .so as
shared library extension. This is not the case for Mac OS X, which
uses .dylib. Instead of this, have the test recipe find out the
extension from configuration data.
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1844)
- Make sure to initialise SHLIB variables
- Make sure to make local variables static
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1838)
This should demonstrate that the atexit() handling is working properly (or
at least not crashing) on process exit.
Reviewed-by: Tim Hudson <tjh@openssl.org>
Also we disable TLS1.3 by default (use enable-tls1_3 to re-enable). This is
because this is a WIP and will not be interoperable with any other TLS1.3
implementation.
Finally, we fix some tests that started failing when TLS1.3 was disabled by
default.
Reviewed-by: Rich Salz <rsalz@openssl.org>
Includes addition of the various options to s_server/s_client. Also adds
one of the new TLS1.3 ciphersuites.
This isn't "real" TLS1.3!! It's identical to TLS1.2 apart from the protocol
and the ciphersuite...and the ciphersuite is just a renamed TLS1.2 one (not
a "real" TLS1.3 ciphersuite).
Reviewed-by: Rich Salz <rsalz@openssl.org>
A BIO_read() 0 return indicates that a failure occurred that may be
retryable. An SSL_read() 0 return indicates a non-retryable failure. Check
that if BIO_read() returns 0, SSL_read() returns <0. Same for SSL_write().
The asyncio test filter BIO already returns 0 on a retryable failure so we
build on that.
Reviewed-by: Richard Levitte <levitte@openssl.org>
So far, apps and test programs, were a bit rigidely accessible as
executables or perl scripts. But what about scripts in some other
language? Or what about running entirely external programs? The
answer is certainly not to add new functions to access scripts for
each language or wrapping all the external program calls in our magic!
Instead, this adds a new functions, cmd(), which is useful to access
executables and scripts in a more generalised manner. app(), test(),
fuzz(), perlapp() and perltest() are rewritten in terms of cmd(), and
serve as examples how to do something similar for other scripting
languages, or constrain the programs to certain directories.
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1686)
The prevailing style seems to not have trailing whitespace, but a few
lines do. This is mostly in the perlasm files, but a few C files got
them after the reformat. This is the result of:
find . -name '*.pl' | xargs sed -E -i '' -e 's/( |'$'\t'')*$//'
find . -name '*.c' | xargs sed -E -i '' -e 's/( |'$'\t'')*$//'
find . -name '*.h' | xargs sed -E -i '' -e 's/( |'$'\t'')*$//'
Then bn_prime.h was excluded since this is a generated file.
Note mkerr.pl has some changes in a heredoc for some help output, but
other lines there lack trailing whitespace too.
Reviewed-by: Kurt Roeckx <kurt@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Add update for testing renegotiation. Also change info on CTLOG_FILE
environment variable - which always seems to be required.
Reviewed-by: Rich Salz <rsalz@openssl.org>
The TLSProxy::Record->new call hard-codes a version, like
70-test_sslrecords.t.
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
This is a regression test for
https://github.com/openssl/openssl/pull/1431. It tests a
maximally-padded record with each possible invalid offset.
This required fixing a bug in Message.pm where the client sending a
fatal alert followed by close_notify was still treated as success.
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
A mem leak could occur on an error path. Also the mempacket BIO_METHOD
needs to be cleaned up, because of the newly added DTLS test.
Also fixed a double semi-colon in ssltestlib.c
Reviewed-by: Rich Salz <rsalz@openssl.org>
There are cases when argc is more trustable than proper argv termination.
Since we trust argc in all other test programs, we might as well treat it
the same way in this program.
Reviewed-by: Matt Caswell <matt@openssl.org>
All the other functions that take an argument for the number of bytes
use convenience macros for this purpose. We should do the same with
WPACKET_put_bytes().
Reviewed-by: Rich Salz <rsalz@openssl.org>
