Commit graph

1856 commits

Author SHA1 Message Date
Rich Salz
6b7b34330b Split test/evptests.txt into separate files.
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3443)
2017-05-11 16:55:35 -04:00
Todd Short
7031ddac94 Fix infinite loops in secure memory allocation.
Issue 1:

sh.bittable_size is a size_t but i is and int, which can result in
freelist == -1 if sh.bittable_size exceeds an int.

This seems to result in an OPENSSL_assert due to invalid allocation
size, so maybe that is "ok."

Worse, if sh.bittable_size is exactly 1<<31, then this becomes an
infinite loop (because 1<<31 is a negative int, so it can be shifted
right forever and sticks at -1).

Issue 2:

CRYPTO_secure_malloc_init() sets secure_mem_initialized=1 even when
sh_init() returns 0.

If sh_init() fails, we end up with secure_mem_initialized=1 but
sh.minsize=0. If you then call secure_malloc(), which then calls,
sh_malloc(), this then enters an infite loop since 0 << anything will
never be larger than size.

Issue 3:

That same sh_malloc loop will loop forever for a size greater
than size_t/2 because i will proceed (assuming sh.minsize=16):
i=16, 32, 64, ..., size_t/8, size_t/4, size_t/2, 0, 0, 0, 0, ....
This sequence will never be larger than "size".

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3449)
2017-05-11 22:35:21 +02:00
Richard Levitte
0b10da806a testutil: Fix non-standard subtest output
In some cases, testutil outputs subtests like this:

    1..6 # Subtest: progname

The standard set by Test::More (because there really is no actual
standard yet) gives this display:

    # Subtest: progname
    1..6

Until the standard is actually agreed upon, let's do it like
Test::More.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3446)
2017-05-11 20:42:01 +02:00
Richard Levitte
46fcbf77bc evp_test: use the test file name as the test title
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3445)
2017-05-11 20:40:23 +02:00
Richard Levitte
b73c5e054a testutil: add the possibility to set the current test title
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3445)
2017-05-11 20:40:23 +02:00
Bernd Edlinger
018fcbec38 Fix gcc-7 warnings.
- Mostly missing fall thru comments
- And uninitialized value used in sslapitest.c

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3440)
2017-05-11 19:39:38 +02:00
Rich Salz
7193f8723e Use compare_mem wrapper
Add file/line# to test error message.
Also remove expected/got fields since TEST structure prints them.

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3324)
2017-05-11 11:28:29 -04:00
Rich Salz
412486070f Address some feedback
Report test detail error.

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3324)
2017-05-11 11:28:29 -04:00
Rich Salz
6c5943c9f6 Convert of evp_test to framework
Also, allow multiple files on commandline (for future splitup of
evptests.txt)

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3324)
2017-05-11 11:28:29 -04:00
Richard Levitte
4f2a569535 Clarify that a test failed
Reviewed-by: Andy Polyakov <appro@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3423)
2017-05-11 10:26:46 +02:00
Pauli
bb616fabd4 Add a descriptive header to diff output from failed tests.
Reviewed-by: Andy Polyakov <appro@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3433)
2017-05-11 10:24:38 +02:00
Matt Caswell
bb01ef3f4a Add a test for SNI in conjunction with custom extensions
Test that custom extensions still work even after a change in SSL_CTX due
to SNI. See #2180.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3425)
2017-05-10 16:49:00 +01:00
Richard Levitte
76e0d0b21c Prefer TAP::Harness over Test::Harness
TAP:Harness came along in perl 5.10.1, and since we claim to support
perl 5.10.0 in configuration and testing, we can only load it
conditionally.

The main reason to use TAP::Harness rather than Test::Harness is its
capability to merge stdout and stderr output from the test recipes,
which Test::Harness can't.  The merge gives much more comprehensible
output when testing verbosely.

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3424)
2017-05-10 12:58:36 +02:00
Pauli
03d8e9cb43 Add test_test tests for bignums.
Add relative tests for bignums.

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3405)
2017-05-09 21:30:29 +02:00
Pauli
dc352c1937 Add BN support to the test infrastructure.
This includes support for:

- comparisions between pairs of BIGNUMs
- comparisions between BIGNUMs and zero
- equality comparison between BIGNUMs and one
- equality comparisons between BIGNUMs and constants
- parity checks for BIGNUMs

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3405)
2017-05-09 21:30:29 +02:00
Matt Caswell
5e3766e2f1 Add test for no change following an HRR
Verify that we fail if we receive an HRR but no change will result in
ClientHello2.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3414)
2017-05-09 17:23:58 +01:00
Matt Caswell
c96ec6f804 More TLSv1.3 cookie tests
Test sending a cookie without a key_share

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3414)
2017-05-09 17:23:58 +01:00
Matt Caswell
ad448b21f8 Fix some copy&paste errors and update following review feedback
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3410)
2017-05-09 17:02:48 +01:00
Matt Caswell
db48a903b3 Add some badly formatted compression methods tests
Test that sending a non NULL compression method fails in TLSv1.3 as well
as other similar tests.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3410)
2017-05-09 17:02:48 +01:00
Benjamin Kaduk
fa3ed5b2c2 Add unit test for PEM_FLAG_ONLY_B64
Get some trivial test coverage that this flag does what it claims to.

[extended tests]

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1700)
2017-05-08 21:20:32 +02:00
Matt Caswell
de65f7b93a Add a test for supported_groups in the EE message
Check we send supported_groups in EE if there is a group we prefer instead
of the one sent in the key_share.

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3395)
2017-05-08 11:09:02 +01:00
Richard Levitte
218712ffdd test/recipes/95-test_*.t : correct skip_all syntax
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3400)
2017-05-06 10:29:16 +02:00
Richard Levitte
b83ace3162 Rearrange test/recipes/95-test_*.t to use skip_all
The conditions to skip these recipes entirely don't show in a
non-verbose test harness output.  We prefer to know, so use skip_all,
as it is a little bit more verbose.

[extended tests]

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3398)
2017-05-05 23:10:41 +02:00
Pauli
2db85ac97a Conversion of the EC tests to use the framework.
Some refactoring done as well.

The prime_field_tests() function needs splitting and refactoring still.

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Andy Polyakov <appro@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3340)
2017-05-05 19:32:34 +02:00
Rich Salz
292247ea04 Fix tests of TEST tests, as it were
Fix warning/bug in rc5test
Remove useless/warning-only test from dsatest.

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3387)
2017-05-04 12:08:48 -04:00
Pauli
516decaef3 Test framework output improvement.
Format the test failure output more nicely.

More vertical space is used to make things a little clearer.  Tests are expected
to pass so this doesn't impact the normal case.

Strings and memory comparisons highlight differences.

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3357)
2017-05-04 17:20:54 +02:00
Richard Levitte
7104351cd9 test/exptest.c: stop marking progress with a period
Because we now have TAP output for every mod_exp round, there's no
more need to mark the round with outputting a period.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3380)
2017-05-04 17:15:29 +02:00
Matt Caswell
16afd71c1d Add a test for loading serverinfo data from memory
The previous commit fixed a bug which occurs when serverinfo is loaded
from memory (not from a file). This adds a test for loading serverinfo
from memory.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3382)
2017-05-04 16:02:08 +01:00
Matt Caswell
de6ac50ddc Fix an uninit read in igetest
Introduced by commit 0e534337b

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2284)
2017-05-04 15:43:25 +01:00
Matt Caswell
1f6359db72 Update tls13secretstest test vectors for TLSv1.3 draft-20
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3371)
2017-05-03 17:23:02 +01:00
Matt Caswell
c3a48c7b1d Add a test for CT in TLSv1.3
This also tests the SERVERINFO2 file format.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3298)
2017-05-03 14:37:42 +01:00
Matt Caswell
b878afae4b Add a SERVERINFOV2 format test file
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3298)
2017-05-03 14:37:42 +01:00
Marek Klein
f0ef20bf38 Added support for ESSCertIDv2
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/771)
2017-05-03 09:04:23 +02:00
Pauli
0e534337b2 Update igetest to use the test framework.
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3210)
2017-05-03 09:00:34 +10:00
Rich Salz
1f9d203dac Convert danetest, ssl_test_ctx_test
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3256)
2017-05-02 08:32:26 -04:00
Todd Short
c649d10d3f TLS1.3 Padding
Add padding callback for application control
Standard block_size callback
Documentation and tests included
Configuration file/s_client/s_srver option

Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3130)
2017-05-02 09:44:43 +01:00
Todd Short
20ee2bf138 Fix time offset calculation.
ASN1_GENERALIZEDTIME and ASN1_UTCTIME may be specified using offsets,
even though that's not supported within certificates.

To convert the offset time back to GMT, the offsets are supposed to be
subtracted, not added. e.g. 1759-0500 == 2359+0100 == 2259Z.

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2654)
2017-05-02 10:38:54 +02:00
Rich Salz
ee6b68ce4c Fix a stack smash
It occurs when memory compares are made that are larger
than the on stack temporary buffers (either malloced or supplied).

Rework the test test so it doesn't use a macro with a branch.

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3155)
2017-05-01 14:38:49 -04:00
Benjamin Kaduk
f44903a428 Address some -Wold-style-declaration warnings
gcc's -Wextra pulls in -Wold-style-declaration, which triggers when a
declaration has a storage-class specifier as a non-initial qualifier.
The ISO C formal grammar requires the storage-class to be the first
component of the declaration, if present.

Seeint as the register storage-class specifier does not really have any effect
anymore with modern compilers, remove it entirely while we're here, instead of
fixing up the order.

Interestingly, the gcc devteam warnings do not pull in -Wextra, though
the clang ones do.

[extended tests]

Reviewed-by: Andy Polyakov <appro@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3239)
2017-05-01 14:23:28 -04:00
Andy Polyakov
1ff86c5efa test/asn1_encode_test.c: test "next negative minimum" corner case.
Reviewed-by: Richard Levitte <levitte@openssl.org>
2017-04-30 15:18:47 +02:00
Rich Salz
9a837f220a Ensure blank lines between tests.
Also add a comment describing the file format.

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3337)
2017-04-28 10:09:39 -04:00
Pauli
f5a140f7e9 Refactor crltest.c to separate the test cases into individual functions.
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3327)
2017-04-28 16:03:35 +02:00
Richard Levitte
0918b94c9c testutil: Remove test_puts_std{out,err}, they are superfluous
Reviewed-by: Andy Polyakov <appro@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3345)
2017-04-28 15:59:46 +02:00
Richard Levitte
68e49bf223 testutil: Add OpenSSL error stack printing wrapper TEST_openssl_errors
Also added a internal error printing callback to be used both with
ERR_print_errors_cb() and with CRYPTO_mem_leaks_cb

Reviewed-by: Andy Polyakov <appro@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3345)
2017-04-28 15:59:46 +02:00
Richard Levitte
603ddbdb75 testutil: Add commodity printing functions test_printf_std{out,err}
Reviewed-by: Andy Polyakov <appro@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3345)
2017-04-28 15:59:46 +02:00
Richard Levitte
c5657cb710 testutil: make subtest_level() internal
Reviewed-by: Andy Polyakov <appro@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3345)
2017-04-28 15:59:46 +02:00
Richard Levitte
579d0fabcd testutil: Move printing function declarations to "internal" header
These functions aren't meant to be used directly by the test programs,
reflect that by making the declarations a little harder to reach, but
still available enough if there's a need to override them.

Reviewed-by: Andy Polyakov <appro@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3345)
2017-04-28 15:59:46 +02:00
Bernd Edlinger
8f3f9623a4 Fix a pedantic gcc-7 warning.
Reviewed-by: Andy Polyakov <appro@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3328)
2017-04-28 15:04:08 +02:00
Matt Caswell
11ba87f2ff Ensure s_client sends an SNI extension by default
Enforcement of an SNI extension in the initial ClientHello is becoming
increasingly common (e.g. see GitHub issue #2580). This commit changes
s_client so that it adds SNI be default, unless explicitly told not to via
the new "-noservername" option.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2614)
2017-04-27 11:43:55 +01:00
Rich Salz
cf10df81e1 Fix ISO C function/object pointer issue
Showed up on GCC with strict warnings.

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3325)
2017-04-26 16:43:54 -04:00
Rich Salz
710756a9b3 Convert sslapitest to test framework
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3252)
2017-04-26 13:42:57 -04:00
Rich Salz
30bea14be6 Convert bntest to TEST_ framework
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3265)
2017-04-26 12:48:24 -04:00
Rich Salz
8ed9a26616 Convert dtls_mtu_test, dtlsv1listentest
Also converted most of ssltestlib but left the packet_dump output
as-is (for now).

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3257)
2017-04-26 12:20:44 -04:00
Dr. Stephen Henson
aa24cd1bfb Fix no-ec
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3321)
2017-04-26 17:12:23 +01:00
Rich Salz
b6e3250671 Fix unit-tests when no-srp configured
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3274)
2017-04-26 11:21:29 -04:00
Rich Salz
58e754fcb8 Convert modular exponentiation tests to new framework
Updated due to test framework changes
Updates after code review
Missed some checks

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3269)
2017-04-26 11:02:09 -04:00
Matt Caswell
975922fd0c Add tests for version/ciphersuite sanity checks
The previous commits added sanity checks for where the max enabled protocol
version does not have any configured ciphersuites. We should check that we
fail in those circumstances.

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3316)
2017-04-26 14:31:00 +01:00
Matt Caswell
38a7315060 Add a ciphersuite config sanity check for servers
Ensure that there are ciphersuites enabled for the maximum supported
version we will accept in a ClientHello.

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3316)
2017-04-26 14:31:00 +01:00
Matt Caswell
aafec89c63 Add a ciphersuite config sanity check for clients
Ensure that there are ciphersuites enabled for the maximum supported
version we are claiming in the ClientHello.

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3316)
2017-04-26 14:31:00 +01:00
Rich Salz
d91b7423af evp_test.c: Add PrivPubKeyPair tests
Reviewed-by: Stephen Henson <steve@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3245)
2017-04-25 21:00:48 -04:00
Andy Polyakov
dd05be5d78 test: don't make it more complicated than necessary.
Original rationale behind using write in testutil was to accommodate
no-stdio builds. But is there evidence that no-stdio users would have
write or pre-defined meaning for file descriptors 1 and 2? Correct
answer is to provide way for no-stdio users who want to exercise
tests to plug in own BIO, not to make assumption that they have write.
And since we don't have to make such assumption, we can as well go
for simplest that works with standard library as specified by C
language standard.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2017-04-25 23:26:51 +02:00
Dr. Stephen Henson
451a0c3dc8 Add PSS certificate signature tests
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3301)
2017-04-25 22:12:35 +01:00
Dr. Stephen Henson
9bf45ba4ca Add certificates with PSS signatures
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3301)
2017-04-25 22:12:34 +01:00
Richard Levitte
7531b3a6cd Tapify libtestutil a bit better
This includes better signals of skips and subtests according to TAP 12,
and flushing stdout and stderr at the end of every test function to
make sure we get the output in good order.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3309)
2017-04-25 21:13:26 +02:00
Richard Levitte
4114f8f0b6 Add include path '..' for libtestutil
Since it uses some of the apps/ stuff and some of them include e_os.h...

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3307)
2017-04-25 18:59:50 +02:00
Dmitry Belyavskiy
b5c4209be9 Switch command-line utils to new nameopt API.
The CA names should be printed according to user's decision
print_name instead of set of BIO_printf
dump_cert_text instead of set of BIO_printf
Testing cyrillic output of X509_CRL_print_ex
Write and use X509_CRL_print_ex
Reduce usage of X509_NAME_online
Using X509_REQ_print_ex instead of X509_REQ_print
Fix nameopt processing.
Make dump_cert_text nameopt-friendly
Move nameopt getter/setter to apps/apps.c

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3262)
2017-04-25 12:37:17 -04:00
Richard Levitte
d88ab353d3 Correct some badly formated preprocessor lines
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3304)
2017-04-25 15:44:48 +02:00
Richard Levitte
208d721a00 TAPify testutil
With the perl test framework comes the output format TAP
(Test Anything Protocol, see http://testanything.org/) with
extra extension for subtests.  This change extends that same
output format to any test program using testutil.

In this implementation, each test program is seen as a full test that
can be used as a subtest.  The perl framework passes on the subtest
level to the test programs with the environment variable
HARNESS_OSSL_LEVEL.  Furthermore, and series of tests added with
ADD_ALL_TESTS is regarded as another subtest level.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3296)
2017-04-25 15:43:04 +02:00
Matt Caswell
561f6f1ed2 Address review feedback for the SCTP changes
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3286)
2017-04-25 11:13:39 +01:00
Matt Caswell
ce466c96f0 Fix issue in 18-dtls-renegotiate.conf.in
Don't skip all tests if SCTP is disabled!

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3286)
2017-04-25 11:13:39 +01:00
Matt Caswell
0f5df0f103 Add SCTP testing for 04-client_auth.conf
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3286)
2017-04-25 11:13:39 +01:00
Matt Caswell
cf15600923 Add SCTP testing for 11-dtls_resumption.conf
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3286)
2017-04-25 11:13:39 +01:00
Matt Caswell
00da4f4dd9 Add SCTP testing to 07-dtls-protocol-version.conf
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3286)
2017-04-25 11:13:39 +01:00
Matt Caswell
4ef8a6b22b Add SCTP testing to 18-dtls-renegotiate.conf
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3286)
2017-04-25 11:13:39 +01:00
Matt Caswell
978b945b94 Add SCTP testing to 16-dtls-certstatus.conf
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3286)
2017-04-25 11:13:39 +01:00
Matt Caswell
83964ca0da Add support to test_ssl_new for testing with DTLS over SCTP
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3286)
2017-04-25 11:13:39 +01:00
Richard Levitte
f044cd05a1 Avoid using BIO streams in bioprinttest.c
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3243)
2017-04-24 18:09:01 +02:00
Richard Levitte
a9c6d22105 Adapt all test programs
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3243)
2017-04-24 18:09:01 +02:00
Richard Levitte
b3e5db40ec VMS: Make sure to include MAIN from static libraries if needed
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3243)
2017-04-24 18:09:01 +02:00
Richard Levitte
4db40c94c3 Refactor the test framework testutil
It's now built as a static library, and greatly simplified for test
programs, which no longer need to include test_main_custom.h or
test_main.h and link with the corresponding object files.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3243)
2017-04-24 18:09:01 +02:00
Jon Spillett
dd94c37a5c Converted the bio_enc tests to use new test framework.
This includes reworked reworked tests to do both encrypt and decrypt,
and a few more ciphers added.

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3197)
2017-04-24 17:14:19 +02:00
Adam Langley
6e64c56066 Small primes are primes too.
Previously, BN_is_prime_fasttest_ex, when doing trial-division, would
check whether the candidate is a multiple of a number of small primes
and, if so, reject it. However, three is a multiple of three yet is
still a prime number.

This change accepts small primes as prime when doing trial-division.

Reviewed-by: Kurt Roeckx <kurt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3264)
2017-04-20 16:10:10 -04:00
Rich Salz
c0452248ea Ignore dups in X509_STORE_add_*
X509_STORE_add_cert and X509_STORE_add_crl are changed to return
success if the object to be added was already found in the store, rather
than returning an error.

Raise errors if empty or malformed files are read when loading certificates
and CRLs.

Remove NULL checks and allow a segv to occur.
Add error handing for all calls to X509_STORE_add_c{ert|tl}

Refactor these two routines into one.

Bring the unit test for duplicate certificates up to date using the test
framework.

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2830)
2017-04-20 15:33:42 -04:00
Rich Salz
623d1056de Convert hmactest to new test framework
Updated after code review, and fix indenting

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3175)
2017-04-20 14:00:52 -04:00
Rich Salz
9d9d287962 fix dh_test.
The issues were introduced by commit 93d0298.

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3263)
2017-04-20 13:03:11 -04:00
Richard Levitte
112c4e0268 Fix test/recipes/95-test_external_krb5.t
"skip() needs to know $how_many tests are in the block"

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3261)
2017-04-20 13:30:08 +02:00
Richard Levitte
27fc8ae220 VMS: remove name mangling guards around inclusion of internals
Note that these guards are still needed around local header files that
declare linkable symbols.

Reviewed-by: Andy Polyakov <appro@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3259)
2017-04-20 13:10:06 +02:00
Todd Short
d1186c30a2 Fix minor compiler issues.
Reviewed-by: Andy Polyakov <appro@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3220)
2017-04-19 12:51:08 -04:00
Rich Salz
93d0298665 Convert dhtest, dsatest, cipherbytes_test
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3209)
2017-04-18 21:48:26 -04:00
Richard Levitte
edd689efbf VMS: Fix internals test programs
The internals test programs access header files that aren't guarded by
the public __DECC_INCLUDE_PROLOGUE.H and __DECC_INCLUDE_EPILOGUE.H files,
and therefore have no idea what the naming convention is.  Therefore, we
need to specify that explicitely in the internals test programs, since
they aren't built with the same naming convention as the library they
belong with.

Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3247)
2017-04-18 23:46:13 +02:00
Rich Salz
adcd8e37db Convert more tests
ct_test,evp_extra_test,wpackettest,packettest
Add strncmp TEST wrappers
And make some style/consistency fixes to ct_test
Silence travis; gcc bug?

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3234)
2017-04-18 16:33:15 -04:00
Rich Salz
f3ab6c16c4 Update more tests
modes_internal_test, sslcorrupttest, v3nametest

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3238)
2017-04-18 15:01:26 -04:00
Rich Salz
3304d57848 Convert more tests to framework
randtest, cipher_overhead_test, bioprintest, constant_time_test
Move test_bioprint to 04 group

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3228)
2017-04-18 14:50:00 -04:00
Rich Salz
b66411f6cd Convert more tests
recordlentest, srptest, ecdsatest, enginetest, pbelutest

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3237)
2017-04-18 14:34:43 -04:00
Robbie Harwood
483bc2dcd3 Fix formatting of PYCA external test instructions
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2022)
2017-04-18 19:10:25 +02:00
Robbie Harwood
77edd02f34 Update external test README for running krb5
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2022)
2017-04-18 19:10:25 +02:00
Robbie Harwood
7c82f5673b Add external krb5 test support
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2022)
2017-04-18 19:10:25 +02:00
Rich Salz
5c8e9d531b [squash]Build works with/out NO_ENGINE and NO_AFALG
Reviewed-by: Andy Polyakov <appro@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3229)
2017-04-16 21:57:22 -04:00
Rich Salz
529243992b Convert afalgtest
Reviewed-by: Andy Polyakov <appro@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3229)
2017-04-16 21:57:22 -04:00
Rich Salz
0c44545c0f Catch EC_R_UNKNOWN_GROUP in check_unsupported()
If EC support is enabled we should catch also EC_R_UNKNOWN_GROUP as an hint to
an unsupported algorithm/curve (e.g. if binary EC support is disabled).

Before this commit the issue arise for example if binary EC keys are added in
evptests.txt, and the test is run when EC is enabled but EC2m is disabled.

E.g. adding these lines to evptests.txt would reproduce the issue:

~~~

PrivateKey=KAS-ECC-CDH_K-163_C0
-----BEGIN PRIVATE KEY-----
MGMCAQAwEAYHKoZIzj0CAQYFK4EEAAEETDBKAgEBBBUAZlO2B3OY+tx79eYBWBcB
SMPcRSehLgMsAAQHH4sod9YCfZwa3kJE8t6hJpLvI9UFwV7ndiIccrhLNHzjg/OA
Z7icPpo=
-----END PRIVATE KEY-----

PublicKey=KAS-ECC-CDH_K-163_C0-PUBLIC
-----BEGIN PUBLIC KEY-----
MEAwEAYHKoZIzj0CAQYFK4EEAAEDLAAEBx+LKHfWAn2cGt5CRPLeoSaS7yPVBcFe
53YiHHK4SzR844PzgGe4nD6a
-----END PUBLIC KEY-----

PublicKey=KAS-ECC-CDH_K-163_C0-Peer-PUBLIC
-----BEGIN PUBLIC KEY-----
MEAwEAYHKoZIzj0CAQYFK4EEAAEDLAAEBXQjbxQoxDITCUZ4Ols6q7bCfqXWB5CM
JRuNoCHLrCgfEj969PrFs9u4
-----END PUBLIC KEY-----

Derive=KAS-ECC-CDH_K-163_C0
PeerKey=KAS-ECC-CDH_K-163_C0-Peer-PUBLIC
Ctrl=ecdh_cofactor_mode:1
SharedSecret=04325bff38f1b0c83c27f554a6c972a80f14bc23bc

~~~

Reviewed-by: Andy Polyakov <appro@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3226)
2017-04-16 21:46:31 -04:00
Nicola Tuveri
7db0289ea7 Reformat evptests.txt
When compiling without EC support the test fails abruptly reading some keys.
Some keys merged in commit db04055 start with
------BEGIN EC PRIVATE KEY-----

this format is not supported without EC support.

This commit reformat those keys with the generic format. After this change the
test simply skips the unsupported EC keys when EC is disabled, without parsing
errors.

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Andy Polyakov <appro@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3223)
2017-04-14 08:19:19 -04:00
Nicola Tuveri
a81c33ef65 Remove ecdhtest.c
All tests from ecdhtest.c have been ported to evptests.txt

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3219)
2017-04-14 07:55:22 -04:00
Nicola Tuveri
821d6c6d81 ecdhtest.c: move co-factor ECDH KATs to evptests
move NIST SP800-56A co-factor ECDH KATs from ecdhtest.c to evptests.txt

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3219)
2017-04-14 07:55:22 -04:00
Rich Salz
4afc60605a WIP: Convert ui,v3ext,verify_extra_test
verify_extra_test still failing :(

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3194)
2017-04-14 07:45:46 -04:00
Todd Short
80b06b0cc0 Fix unit tests when no-bf configured
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3206)
2017-04-14 07:33:45 -04:00
Andy Polyakov
93f725a3fc testlib/OpenSSL/Test.pm: keep default input private.
If $_ is not private, it can wipe caller's one, which proved to be
problematic...

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
2017-04-14 10:01:24 +02:00
Pauli
d063add7cb Guarantee single argument evaluation for test macros.
Add test case that checks some of them.

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3208)
2017-04-13 08:33:12 -04:00
Pauli
a24c1e2243 Update the internal siphash tests to use the framework's output.
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3212)
2017-04-13 10:36:52 +02:00
Pauli
026aebb3ea Split the CAST tests up.
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3211)
2017-04-13 10:31:34 +02:00
Richard Levitte
9612e15760 ASN.1: adapt our use of INTxx et al by making them explicitely embedded
Fixes #3191

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3199)
2017-04-13 10:23:31 +02:00
Richard Levitte
8edefd7bb3 Test printing of ASN.1 types INTxx et al
[extended tests]

Reviewed-by: Andy Polyakov <appro@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3190)
2017-04-12 23:18:00 +02:00
Rob Percival
2094ea070a Add SSL tests for certificates with embedded SCTs
The only SSL tests prior to this tested using certificates with no
embedded Signed Certificate Timestamps (SCTs), which meant they couldn't
confirm whether Certificate Transparency checks in "strict" mode were
working.

These tests reveal a bug in the validation of SCT timestamps, which is
fixed by the next commit.

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Andy Polyakov <appro@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3138)
2017-04-12 19:08:57 +02:00
Rich Salz
f1e793cc97 Address review feedback (to be squashed)
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3189)
2017-04-12 11:20:48 -04:00
Rich Salz
e2a29ad6c5 Convert x509aux, cipherlist, casttest
To new test framework

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3189)
2017-04-12 10:01:26 -04:00
Richard Levitte
f75f007c35 OpenSSL::Test: supported filtered command output
95-test_external_boringssl.t had a specialised run() variant to prefix
the command output so it wouldn't disturb Test::Harness.  This
functionality if now moved to the run() command, using the added
option 'prefix' that can be set to the string to prefix the output
with.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3201)
2017-04-12 15:53:09 +02:00
Nicola Tuveri
e80a0f65d4 Remove more stale code in ecdhtest.c
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3187)
2017-04-12 15:04:17 +02:00
Nicola Tuveri
29cbf152ff ecdhtest.c: move KATs to evptests.txt
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3187)
2017-04-12 15:04:17 +02:00
Nicola Tuveri
5c64c1bfde Remove stale code in ecdhtest.c
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3187)
2017-04-12 15:04:17 +02:00
Nicola Tuveri
d663c2db56 ecdhtest.c: move NAMED CURVES TESTS to evptests.txt
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3187)
2017-04-12 15:04:17 +02:00
Pauli
c491a39986 Update destest to use the test infrastructure
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3173)
2017-04-12 15:02:44 +02:00
Richard Levitte
a743b817d2 test/testutil.c: Flush stdout when running tests
Because stdout is usually buffered and stderr isn't, error output
might get printed in one bunch and all the lines saying which test
failed all in one bunch, making it difficult to see exactly what error
output belongs to what test.  Flushing stdout makes sure the runner
output is displayed together with the corresponding error output.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3198)
2017-04-12 15:00:51 +02:00
Pauli
4833caed46 Remove fprintfs from the poly1305 internal test but keep the test number
information.

The framework will display the non-matching memory.

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3156)
2017-04-12 13:37:12 +02:00
Pauli
ee25dd45cb Update threadstest to use the test framework
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3196)
2017-04-12 13:01:12 +02:00
Pauli
bea4ac2b2e Update the internal chacha test to use the framework
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3195)
2017-04-12 11:51:34 +01:00
Richard Levitte
c983bc4fb2 Add tests of custom negative 1
Reviewed-by: Andy Polyakov <appro@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3174)
2017-04-12 12:30:38 +02:00
Richard Levitte
9fea3a51e5 Fix definition of i2d_fn in asn1_encode_test.c
Reviewed-by: Andy Polyakov <appro@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3174)
2017-04-12 12:30:38 +02:00
Richard Levitte
fa2274e805 In asn1_encode_test.c, add custom DER encoding checks
We're already checking that custom DER decodes to expected values (or
fails to do so), but we didn't check if values encode back to expected
DER.

Reviewed-by: Andy Polyakov <appro@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3174)
2017-04-12 12:30:38 +02:00
Pauli
cbf0cfafd1 Update sanitytest to use the test infrastructure
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3176)
2017-04-12 11:10:09 +01:00
Pauli
deeac6c346 Update ideatest to use the test infrastructure
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3172)
2017-04-12 11:05:57 +01:00
Pauli
7635e5bccc Update gmdifftime to use the test infrastructure
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3171)
2017-04-12 11:03:09 +01:00
Pauli
789dfc478e Update secmemtest and memeleaktest to use the test infrastructure.
It isn't easy to use the test framework since it turns memory debugging
on as well and the CRYPTO_mem_leaks_fp function cannot be called twice.

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3169)
2017-04-12 10:59:53 +01:00
Pauli
f5864227dc Update d2i_test to use the test infrastructure
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3166)
2017-04-12 10:56:31 +01:00
Jon Spillett
0bf3c66c9d Remove unused variable. Thanks @pauli-oracle
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3177)
2017-04-12 10:27:16 +01:00
Jon Spillett
56bf5c55cd Code review. Split tests up
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3177)
2017-04-12 10:24:58 +01:00
Jon Spillett
70e1acd786 Convert blowfish tests to new framework
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3177)
2017-04-12 10:19:05 +01:00
Jon Spillett
b19e93ec3d Remove seed completely...
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3179)
2017-04-12 10:07:32 +01:00
Jon Spillett
14281c47aa Updates after code review
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3179)
2017-04-12 10:05:14 +01:00
Jon Spillett
48f1739600 Convert RSA tests to new framework
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3179)
2017-04-12 10:05:13 +01:00
Pauli
74284c887e Update rc4test to use the test infrastructure
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3162)
2017-04-12 09:54:08 +01:00
Pauli
7f13fad218 Update rc5test to use the test infrastructure
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3163)
2017-04-12 09:53:03 +01:00
Pauli
850b55a985 Update mdc2test to use the test infrastructure
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3164)
2017-04-12 09:45:11 +01:00
Pauli
e49429aa3f Update sha1test to use the test infrastructure
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3167)
2017-04-12 09:41:47 +01:00
Pauli
f46074c7b9 Update sha256t and sha512t to use the test infrastructure
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3168)
2017-04-12 09:38:47 +01:00
Jon Spillett
eb16fc8fb6 Convert exdata tests to new test framework
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3193)
2017-04-12 08:32:13 +02:00
Matt Caswell
a105d5603b Convert clienthellotest for the new test framework
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3186)
2017-04-12 00:02:40 +01:00
Matt Caswell
c791079610 Convert asynciotest for the new test framework
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3182)
2017-04-11 23:59:09 +01:00
Matt Caswell
829b2b8543 Convert bad_dtls_test for the new test framework
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3184)
2017-04-11 23:40:37 +01:00
Richard Levitte
afd7cae271 Fix int64 test of t_4bytes_4_neg
{ 0x80, 0x00, 0x00, 0x00 } decoded isn't (positive) 0x80000000,
it's (negative) INT32_MIN.

Reviewed-by: Andy Polyakov <appro@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3160)
2017-04-11 22:08:41 +02:00
Matt Caswell
0856e3f167 Reject decoding of an INT64 with a value >INT64_MAX
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Andy Polyakov <appro@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3159)
2017-04-11 15:29:42 +01:00
Pauli
745dec3aed Update dtlstest to use the test infrastructure
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3170)
2017-04-11 13:54:08 +01:00
Pauli
524080c688 Update md2test to use the test infrastructure
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3165)
2017-04-11 13:49:51 +01:00
Pauli
05d775288e Update rc2test to use the test infrastructure
Reviewed-by: Kurt Roeckx <kurt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3161)
2017-04-10 20:27:48 -04:00
Pauli
298f40e1f1 Make test marcos for true/false checks reliable for all integral types.
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3154)
2017-04-10 19:44:02 -04:00
Benjamin Kaduk
8313a787d7 Allow an ALPN callback to pretend to not exist
RFC 7301 mandates that the server SHALL respond with a fatal
"no_application_protocol" alert when there is no overlap between
the client's supplied list and the server's list of supported protocols.
In commit 062178678f we changed from
ignoring non-success returns from the supplied alpn_select_cb() to
treating such non-success returns as indicative of non-overlap and
sending the fatal alert.

In effect, this is using the presence of an alpn_select_cb() as a proxy
to attempt to determine whether the application has configured a list
of supported protocols.  However, there may be cases in which an
application's architecture leads it to supply an alpn_select_cb() but
have that callback be configured to take no action on connections that
do not have ALPN configured; returning SSL_TLSEXT_ERR_NOACK from
the callback would be the natural way to do so.  Unfortunately, the
aforementioned behavior change also treated SSL_TLSEXT_ERR_NOACK as
indicative of no overlap and terminated the connection; this change
supplies special handling for SSL_TLSEXT_ERR_NOACK returns from the
callback.  In effect, it provides a way for a callback to obtain the
behavior that would have occurred if no callback was registered at
all, which was not possible prior to this change.

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2570)
2017-04-10 11:57:37 -04:00
Richard Levitte
31ae516116 Act on deprecation of LONG and ZLONG, step 1
Don't compile code that still uses LONG when it's deprecated

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3126)
2017-04-10 12:11:00 +02:00
Richard Levitte
64f11ee888 Publish our INT32, UINT32, INT64, UINT64 ASN.1 types and Z variants
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3126)
2017-04-10 12:10:59 +02:00
Matt Caswell
a273157a3e Fix a test failure when configured without TLSv1.3
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3139)
2017-04-07 13:41:04 +01:00
Matt Caswell
a37008d90f Add some tests for the new custom extensions API
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3139)
2017-04-07 13:41:04 +01:00
Richard Levitte
5748e4dc3a Fix test/asn1_encode_test.c, ASN1_LONG_DATA used inappropriately
It's sheer luck that this was used for the first field only which also
has the same type in all data structures, so the offsets were never wrong

Reviewed-by: Andy Polyakov <appro@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3127)
2017-04-05 13:37:37 +02:00
Richard Levitte
37332ecc01 Add a test of encoding and decoding LONG, INT32, UINT32, INT64 and UINT64
Also Z varieties.

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3088)
2017-04-04 11:29:23 +02:00
Dr. Stephen Henson
25a9fabbef Add certificate_authorities tests client to server.
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3015)
2017-04-03 23:47:22 +01:00
Dr. Stephen Henson
f15b50c4cb Add ExpectedServerCANames
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3015)
2017-04-03 23:47:22 +01:00
Matt Caswell
90049cea23 Add a test for the problem fixed by the previous commit
Make sure the server can write normal data after earlier writing early data.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3091)
2017-04-03 19:07:29 +01:00
Matt Caswell
f8a303fa7d Update early data test for an even later arrival of CF
Commit 9b5c865df introduced a synthetic delay between arrival of EoED and
CF. We actually want to delay the arrival of CF even further to demonstrate
that we can write early data even when "in init".

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3091)
2017-04-03 19:07:29 +01:00
Richard Levitte
a4750ce55e Disable 15-test_ecparam.t when configured no-ec2m
This test doesn't actually fail completely, but there's no real
pattern to distinguish which data files should be omitted when no-ec2m
is configured and which should not.

Reviewed-by: Andy Polyakov <appro@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3103)
2017-04-02 21:53:06 +02:00
Andy Polyakov
74d9519a68 bio/b_print.c: recognize even 'j' format modifier.
'j' is specified as modifier for "greatest-width integer type", which in
practice means 64 bits on both 32- and 64-bit platforms. Since we rely
on __attribute__((__format__(__printf__,...))) to sanitize BIO_print
format, we can use it to denote [u]int64_t-s in platform-neutral manner.

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3083)
2017-03-30 19:33:32 +02:00
Matt Caswell
9b5c865df0 Provide a test for pause between EoED and CF
This tests the bug fixed in the previous commit. We introduce a synthetic
delay between the server receiving EoED and CF and check that we can still
send early data.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3089)
2017-03-30 15:45:45 +01:00
Matt Caswell
3cb47b4ec1 Add a test for the bug fixed in the previous commit
We want to make sure that if we if are using SSL_MODE_AUTO_RETRY then
if SSL_read_early_data() hits EndOfEarlyData then it doesn't auto retry
and end up with normal data. The same issue could occur with read_ahead
which is what we use in this test.

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3077)
2017-03-30 09:13:13 +01:00
Richard Levitte
6e6aa5a9db Add a simple test for the z modifier
Reviewed-by: Andy Polyakov <appro@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3064)
2017-03-29 16:16:25 +02:00
Richard Levitte
1bcf7d45c6 Use the z modifier instead of OSSLzu with BIO_printf
Reviewed-by: Andy Polyakov <appro@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3064)
2017-03-29 16:16:25 +02:00
Emilia Kasper
6edc714564 cipherbytes_test: remove unused includes
cipherbytes_test does not use the testutil / test_main test framework.

Reviewed-by: Andy Polyakov <appro@openssl.org>
2017-03-29 12:48:41 +02:00
FdaSilvaYY
69687aa829 More typo fixes
Fix some comments too
[skip ci]

Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3069)
2017-03-29 07:14:29 +02:00
Pauli
2fae041d6c Test infrastructure additions.
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Emilia Käsper <emilia@openssl.org>
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3011)
2017-03-29 08:51:43 +10:00
Rich Salz
43708c1545 Move PRIu64, OSSLzu to e_os.h
Those macros are private, not public.

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3044)
2017-03-28 08:43:48 -04:00
Emilia Kasper
a0f44a34d2 asynctest: don't depend on apps
Remove unnecessary include of apps.h. Tests shouldn't take a
dependency on apps. In this case, there is no dependency, the include
is unnecessary.

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
2017-03-28 14:40:25 +02:00
Matt Caswell
b9647e34ff Add a test for the TLSv1.3 downgrade mechanism
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3022)
2017-03-24 14:07:11 +00:00
Richard Levitte
e8763c6974 Fix 80-test_ssl_old.t: only count the ciphers if there are any.
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3014)
2017-03-22 11:12:48 +01:00
Richard Levitte
089a45c5df Change exit_checker comment on returned status
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3012)
2017-03-22 08:49:57 +01:00
Richard Levitte
34fffdb521 Refuse to run the PYCA external test if configured 'no-shared'
[extended tests]

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3007)
2017-03-21 23:24:34 +01:00
Richard Levitte
8c1054ae08 95-test_external_pyca_data/cryptography.py: only install for testing
Also, be less silent when installing, so possible errors are shown.

[extended tests]

Fixes #3005

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3007)
2017-03-21 23:24:34 +01:00
Richard Levitte
30f1c9c4e0 Adapt 20-test_enc.t and 20-test_enc_more.t to use statusvar
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3004)
2017-03-21 16:12:29 +01:00
Richard Levitte
7e46e56aca Adapt 80-test_ssl_old.t to use statusvar
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3004)
2017-03-21 16:12:29 +01:00
Richard Levitte
34a6a9b159 OpenSSL::Test: add a statusvar option for run with capture => 1
When using run() with capture => 1, there was no way to find out if
the command was successful or not.  This change adds a statusvar
option, that must refer to a scalar variable, for example:

    my $status = undef;
    my @line = run(["whatever"], capture => 1, statusvar => \$status);

$status will be 1 if the command "whatever" was successful, 0
otherwise.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3004)
2017-03-21 16:12:29 +01:00
Matt Caswell
1763ab1029 Add a test for resumption after HRR
Make sure we actually test resumption where an HRR has occurred.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2996)
2017-03-21 10:00:44 +00:00
Richard Levitte
9ea6d56d04 Rework how protocol specific ciphers in 80-test_ssl_old.t are picked out
The code to do this incorrectly assumed that the protocol version
could be used as a valid cipher suite  for the 'openssl cipher'
command.  While this is true in some cases, that isn't something to be
trusted.  Replace that assumption with code that takes the full
'openssl ciphers' command output and parses it to find the ciphers we
look for.

Reviewed-by: Emilia Käsper <emilia@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2956)
2017-03-21 10:16:23 +01:00
Bernd Edlinger
b3c31a6572 Fix the error handling in CRYPTO_dup_ex_data.
Fix a strict aliasing issue in ui_dup_method_data.
Add test coverage for CRYPTO_dup_ex_data, use OPENSSL_assert.

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2988)
2017-03-20 13:11:31 +01:00
Richard Levitte
e41e5d1e73 Fix a few internals tests
The internals tests for chacha, poly1305 and siphash were erroneously
made conditional on if mdc2 was enabled.  Corrected to depend on the
correct algorithms being enabled instead.

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2991)
2017-03-20 11:24:33 +01:00
Richard Levitte
691e302be3 Improve testing of elliptic curve validation
Add a test recipe (test/recipes/15-test_ecparams.t) which uses 'openssl
ecparam' to check the test vectors.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2544)
2017-03-20 06:40:16 +01:00
Joseph Birr-Pixton
6d0b5ee1d6 Improve testing of elliptic curve validation
This involves:

- A directory of valid and invalid PEM-encoded curves.
  This is non-exhaustive and can be added to.
- A minor patch to 'openssl ecparam' to make it exit non-zero
  when curve validation fails.

- A test recipe is added in a separate commit.

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2544)
2017-03-20 06:40:16 +01:00
Joseph Birr-Pixton
bf6af21e13 Update test vectors in tls13secretstest
These were still generated by openssl, but with
the previous commit are corroborated by rustls.

(cherry picked from commit eae1982619e90c6b79a6ebc89603d81c13c81ce8)

Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2989)
2017-03-19 20:59:59 +00:00
Péter Budai
fa013b6524 Fixed PKCS5_PBKDF2_HMAC() to adhere to the documentation.
The documentation of this function states that the password parameter
can be NULL. However, the implementation returns an error in this case
due to the inner workings of the HMAC_Init_ex() function.
With this change, NULL password will be treated as an empty string and
PKCS5_PBKDF2_HMAC() no longer fails on this input.

I have also added two new test cases that tests the handling of the
special values NULL and -1 of the password and passlen parameters,
respectively.

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1692)
2017-03-17 08:47:11 -04:00
Matt Caswell
3fb2c3e452 Fix some undefined behaviour in stack test
At one point the stack was passing a pointer of the element *before* an
array which is undefined.

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2971)
2017-03-17 10:09:46 +00:00
Pauli
508ee8f5ff Add unit tests for the lhash functionality.
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2965)
2017-03-16 20:24:49 -04:00
Dr. Stephen Henson
2c1b0f1e06 Add Client CA names tests
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2969)
2017-03-16 18:07:19 +00:00
Dr. Stephen Henson
2e21539b2b Add ExpectedClientCANames
Add ExpectedClientCANames: for client auth this checks to see if the
list of certificate authorities supplied by the server matches the
expected value.

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2969)
2017-03-16 18:07:19 +00:00
Matt Caswell
6828358c65 Handle TLSv1.3 being disabled in clienthello test
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2968)
2017-03-16 15:37:41 +00:00
Matt Caswell
6bc6ca623b Add tests for the padding extension
Check that the padding extension pads correctly for various scenarios.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2968)
2017-03-16 15:37:41 +00:00
Matt Caswell
c35cb287cb Add some HRR tests
Check that we handle changes of ciphersuite between HRR and ServerHello
correctly.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2895)
2017-03-16 14:20:38 +00:00
Matt Caswell
807551ac0d Add some more PSK tests
Test that if the server selects a ciphersuite with a different hash from
the PSK in the original ClientHello, the second ClientHello does not
contain the PSK.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2895)
2017-03-16 14:20:38 +00:00
Matt Caswell
ef6c191bce Update end of early data processing for draft-19
The end of early data is now indicated by a new handshake message rather
than an alert.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2895)
2017-03-16 14:20:38 +00:00