Commit graph

17067 commits

Author SHA1 Message Date
Richard Levitte
78e91586fb tests: Shut the shell up unless verbose
In rare cases, the shell we run test programs in may have complaints.
Shut those up unless testing verbosely.

Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
2016-06-06 10:03:01 +02:00
Rich Salz
35d2e3275f Remove extra include's in synopsis.
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-06-05 18:32:56 -04:00
Richard Levitte
65cc6d5c0a Configure: complete the changed fuzz option checks
Reviewed-by: Andy Polyakov <appro@openssl.org>
2016-06-05 21:38:59 +02:00
Viktor Dukhovni
501d53c600 Silence misleading test_abort stderr output
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-06-05 12:06:02 -04:00
FdaSilvaYY
3470795171 Constify X509V3_EXT_*_conf*
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Kurt Roeckx <kurt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1074)
2016-06-04 21:30:41 -04:00
FdaSilvaYY
009951d24d Constify ASN1_generate_nconf
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Kurt Roeckx <kurt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1074)
2016-06-04 21:30:41 -04:00
FdaSilvaYY
12eaf3b849 Constify ASN1_generate_v3
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Kurt Roeckx <kurt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1074)
2016-06-04 21:30:41 -04:00
FdaSilvaYY
13f74c66ce Constify s2i_ASN1_IA5STRING
Return directly NULL after ASN1_STRING_set, as it already has set an error code.

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Kurt Roeckx <kurt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1074)
2016-06-04 21:30:41 -04:00
FdaSilvaYY
2b91da968c Constify s2i_ASN1_INTEGER
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Kurt Roeckx <kurt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1074)
2016-06-04 21:30:41 -04:00
FdaSilvaYY
7d7da288b8 Constify X509_OBJECT_get_type & X509_OBJECT_get0_X509
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Kurt Roeckx <kurt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1074)
2016-06-04 21:30:41 -04:00
Richard Levitte
a9936b5a12 Clean away the last unixmake vestiges
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-06-04 23:21:43 +02:00
Rich Salz
d485806092 Fix re-used function code
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-06-04 15:01:37 -04:00
Rich Salz
e8e36da676 Ignore buildtest artifacts.
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-06-04 14:49:56 -04:00
Richard Levitte
0ad1d94df4 Add developer targets for each subdirectory we have something to build in
Previous build scheme allowed building just the stuff in one
subdirectory, like this:

    make -C crypto/aes

Because the unified only has a top-level Makefile, this is not
possible with it.  This change adds a replacement where each directory
we have something to build in becomes a target in its own right,
allowing building something like this:

    make crypto/aes

The exception is the directory test, because we already have such a
target.

Reviewed-by: Stephen Henson <steve@openssl.org>
2016-06-04 20:33:46 +02:00
Kurt Roeckx
578b551441 Specifiy size of arrays
Reviewed-by: Rich Salz <rsalz@openssl.org>

GH: #1139
2016-06-04 15:08:32 +02:00
Dr. Stephen Henson
bd95d64ace Check for overflows in EOC.
RT#4474 (partial)

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-06-04 13:54:49 +01:00
Kurt Roeckx
f59d0131cb Add support for fuzzing with AFL
Reviewed-by: Ben Laurie <ben@links.org>

MR: #2740
2016-06-04 14:39:24 +02:00
Rich Salz
255cf605d6 RT3895: Remove fprintf's from SSL library.
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-06-04 07:08:29 -04:00
Rich Salz
843666ffdc More utils cleanup.
Remove some unused files.
Rename doc-nit-check to be consistent.
Add check for multiple #include in synopsis.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-06-04 07:06:31 -04:00
Richard Levitte
e2ec7332c4 Make 25-test_gen.t and 25-test_req.t into one
Since one generates files that the other depends on, there's no
real reason to keep them separate.  Since they were both different
aspects of 'openssl req', the merge ends up in 25-test_req.t.

This also makes cleanup easier.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-06-04 09:43:26 +02:00
Richard Levitte
c9d2437385 Have some more test recipes clean up after themselves
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-06-04 09:43:26 +02:00
Richard Levitte
67152812f4 Windows build: Remove .manifest files in test/ as well
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-06-04 09:43:26 +02:00
Richard Levitte
f6ce429084 Change inclusion of sys/types.h to stdlib.h in include/openssl/ebcdic.h
Needed to get size_t on Windows

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-06-04 01:22:08 +02:00
Richard Levitte
2d5724aa21 Add inclusion of stdlib.h in include/openssl/mdc2.h
Needed to get size_t

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-06-04 01:22:08 +02:00
Richard Levitte
e30dff9ee2 Add inclusion of openssl/x509.h in include/openssl/tls1.h
Needed to get the needed declarations for STACK_OF(X509)

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-06-04 01:22:08 +02:00
Richard Levitte
bffb149054 Generate simple build test files
Generate small test programs to check that external programs can be
built with our stuff at a very basic level.

For now, they check that each of our header files can be included
individually without compile failure.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-06-04 01:22:08 +02:00
Matt Caswell
39a470088a Fix documentation error in x509 app certopt flag
According to the x509 man page in the section discussing -certopt it says
that the ca_default option is the same as that used by the ca utility and
(amongst other things) has the effect of suppressing printing of the
signature - but in fact it doesn't. This error seems to have been present
since the documentation was written back in 2001. It never had this effect.

The default config file sets the certopt value to ca_default. The ca utility
takes that and THEN adds additional options to suppress printing of the
signature. So the ca utility DOES suppress printing of the signature - but
it is not as a result of using the ca_default option.

GitHub Issue #247

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-06-03 21:52:41 +01:00
Matt Caswell
416a5b6c92 BIO_printf() can fail to print the last character
If the string to print is exactly 2048 character long (excluding the NULL
terminator) then BIO_printf will chop off the last byte. This is because
it has filled its static buffer but hasn't yet allocated a dynamic buffer.
In cases where we don't have a dynamic buffer we need to truncate but that
is not the case for BIO_printf(). We need to check whether we are able to
have a dynamic buffer buffer deciding to truncate.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-06-03 20:29:04 +01:00
Jonas Maebe
93879f8eed cryptodev_asym, zapparams: use OPENSSL_* allocation routines, handle errors
zapparams modification based on tip from Matt Caswell

RT#3198

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
2016-06-03 20:29:04 +01:00
Matt Caswell
2c4a056f59 Handle a memory allocation failure in ssl3_init_finished_mac()
The ssl3_init_finished_mac() function can fail, in which case we need to
propagate the error up through the stack.

RT#3198

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-06-03 20:29:04 +01:00
Matt Caswell
fa28bfd66f Update INSTALL instructions
Fill out the INSTALL instructions with more information on Configure
arguments, environment variables and Makefile targets.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-06-03 17:24:50 +01:00
Mat
6191fc8634 Added define for STATUS_SUCCESS
Use STATUS_SUCCESS instead of 0.
Renamed USE_BCRYPT to RAND_WINDOWS_USE_BCRYPT to avoid possible collisions with other defines.
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1142)
2016-06-03 12:18:59 -04:00
Mat
e56f956ef1 Adds casts for 64-bit
Adds missing casts for 64-bit.
Removed zero initialization of hProvider. hProvider is an "out" parameter of CryptAcquireContextW.
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1142)
2016-06-03 12:18:59 -04:00
Mat
0814afcfa4 Define USE_BCRYPT
Define USE_BCRYPT
Removed _WIN32_WINNT define
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1142)
2016-06-03 12:18:59 -04:00
Mat
fa64e63373 Use BCryptGenRandom on Windows 7 or higher
When openssl is compiled with MSVC and _WIN32_WINNT>=0x0601 (Windows 7), BCryptGenRandom is used instead of the legacy CryptoAPI.

This change brings the following benefits:
- Removes dependency on CryptoAPI (legacy API) respectively advapi32.dll
- CryptoAPI Cryptographic Service Providers (rsa full) are not dynamically loaded.
- Allows Universal Windows Platform (UWP) apps to use openssl (CryptGenRandom is not available for Windows store apps)
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1142)
2016-06-03 12:18:59 -04:00
Matt Caswell
49c2a00d14 Add a paragraph on documentation to CONTRIBUTING
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-06-03 17:10:16 +01:00
Matt Caswell
4d6013c762 Further update CONTRIBUTING
Tweak to the wording on merge commits.

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-06-03 17:10:16 +01:00
Matt Caswell
073b1b72f6 Tweaks to NOTES.PERL
Fix some typos and other minor amendments to NOTES.PERL.

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-06-03 17:10:16 +01:00
Matt Caswell
8c4f8039df Update NOTES.WIN
Make the recommendation for MSYS perl in an MSYS environment more forceful.

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-06-03 17:10:16 +01:00
Matt Caswell
75737d4fcd Update CONTRIBUTING
Fix typos and clarify a few things in the CONTRIBUTING file.

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-06-03 17:10:16 +01:00
Matt Caswell
26dee42d6a Bring the README file up to date
The README file was a little out of date so needed a refresh

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-06-03 17:10:16 +01:00
Pauli
7d6df9e915 Fix threading issue that at best will leak memory
The problem is the checking in policy_cache_set, there is a race
condition between the null check and obtaining the lock.  The fix is in
policy_cache_new to detect if the creation has happened already.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-06-03 12:08:13 -04:00
Richard Levitte
b38c43f7bc tests: clean up temporary SSL session files.
RT#4557

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-06-03 15:31:16 +02:00
Ben Laurie
4a2c4c1ab8 Add ct fuzzer.
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-06-03 11:24:51 +01:00
Ben Laurie
75a112295d Linkify libfuzzer.
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-06-03 11:24:51 +01:00
Ben Laurie
e298cb10fe Fuzz everything with every input.
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-06-03 11:24:51 +01:00
Ben Laurie
e78fadede2 Sort.
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-06-03 11:24:51 +01:00
Emilia Kasper
63936115e8 Update client authentication tests
Port client auth tests to the new framework, add coverage. The old tests
were only testing success, and only for some protocol versions; the new
tests add all protocol versions and various failure modes.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-06-03 11:59:46 +02:00
Andy Polyakov
66bceb5f19 chacha/chacha_enc.c: harmonize counter width with subroutine name.
_ctr32 in function name refers to 32-bit counter, but it was implementing
64-bit one. This didn't pose problem to EVP, but 64-bit counter was just
misleading.

RT#4512

Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-06-03 10:23:58 +02:00
Rich Salz
b1ffe8dbee GH1123: sort dir before rehash
This is needed to generate stable output names/symlinks.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-06-02 15:12:50 -04:00