Commit graph

2450 commits

Author SHA1 Message Date
Richard Levitte
521b7cb388 Correct the checks of module availability in provider test programs
Previously, the macro OPENSSL_NO_SHARED was defined of the test/p_test
module wasn't built, but the provider test programs didn't check that
macro.  We rename it to OPENSSL_NO_MODULE, since that name describes
the situation more than OPENSSL_NO_SHARED does, and use it.

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/8623)
2019-04-02 07:30:07 +02:00
Richard Levitte
34786bdee0 Configuration / build: make it possible to disable building of modules
While we're at it, sort out inconsistencies with the build of modules:
- not building shared libraries means not building dynamic engines.
  However, other modules may still be built.
- not having DSO functionality doesn't mean not to build modules (even
  though we can't use them from apps linked with libraries that are
  built this way).

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/8623)
2019-04-02 07:30:06 +02:00
Boris Pismenny
2fab79af46 sslapitest: add test ktls Rx
Add a unit-test for ktls receive side.

Change-Id: I890588681d05fba419f644f6d903be6dc83c9ed5
Signed-off-by: Boris Pismenny <borisp@mellanox.com>

Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7848)
2019-04-01 11:54:48 +01:00
Shane Lontis
cad8347be2 fixed public range check in ec_GF2m_simple_oct2point
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
(Merged from https://github.com/openssl/openssl/pull/8607)
2019-03-30 14:49:00 +01:00
Pauli
f3448f5481 issue-8493: Fix for filenames with newlines using openssl dgst
The output format now matches coreutils *dgst tools.

[ edited to remove trailing white space ]

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/8578)
2019-03-30 11:22:51 +10:00
Paul Yang
317ba78fe1 Add test cases for SM2 cert verification
This follows #8321 which added the SM2 certificate verification feature.
This commit adds some test cases for #8321.

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/8465)
2019-03-30 08:31:25 +09:00
Pauli
72962d025f Correctly initialise PACKET to zero in the tests to avoid possible problems
with padding bytes.

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8611)
2019-03-29 20:52:01 +10:00
Pauli
6fc1e6246f Propery initialise struct sslapitest_log_counts to zero using memset.
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8611)
2019-03-29 20:52:01 +10:00
Pauli
d69226a3fc Add the FIPS related continuous random number generator (CRNG) testing.
Refer to FIPS 140-2 section 4.9.2 Conditional Tests for details.

The check is fairly simplistic, being for the entropy sources to not feed
the DRBG the same block of seed material twice in a row.  Only the first
DRBG in a chain is subject to this check, latter DRBGs are assumed to be
safely seeded via the earlier DRBGs.

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8599)
2019-03-29 17:50:48 +10:00
Shane Lontis
a3c62426b9 coverity fixes for SSKDF + mac_app + kdf test cleanup
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8566)
2019-03-28 10:17:38 +00:00
Pauli
a9e34e9ef1 Fix test builds.
/usr/include/bits/waitstatus.h includes endian.h under some libc's.
This clashes with the new test header file, so rename the latter.

Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8600)
2019-03-28 15:02:19 +10:00
Pauli
045162e52c Detect endian without relying on defined symbols.
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8572)
2019-03-28 08:05:18 +10:00
Matt Caswell
48fdeca01d Don't allow SHAKE128/SHAKE256 with HMAC
See discussion in github issue #8563

Fixes #8563

Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/8584)
2019-03-27 14:32:08 +00:00
Matt Caswell
183f52e29a Fix a memory leak in ARIA GCM
Fixes #8567

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/8586)
2019-03-27 10:26:52 +00:00
Matt Caswell
1f019cd0ac Fix no-ec
Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8588)
2019-03-27 10:09:04 +00:00
Shane Lontis
866cc2334c style nit fix
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/8580)
2019-03-26 15:20:22 +10:00
Shane Lontis
f4b4574f4b replaced snprintf with BIO version (for windows builds)
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/8571)
2019-03-25 11:37:24 +10:00
Matt Caswell
847d0f81bb Add a test for EVP_MD_fetch
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/8513)
2019-03-21 09:23:38 +00:00
Shane Lontis
a12864a5de removed BN_clear NULL checks
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/8507)
2019-03-20 09:17:42 +10:00
Shane Lontis
9537fe5757 Single step kdf implementation
Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8230)
2019-03-19 11:03:45 +00:00
Pauli
5d677186e9 Fix resource leak coverity 1443711.
Free the allocated pointer on error.

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8503)
2019-03-19 17:42:05 +10:00
David von Oheimb
529586085e Add -new and -subj options to x509 app for direct cert generation
Complete and improve error output of parse_name() in apps/apps.c

Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/8193)
2019-03-19 09:35:03 +10:00
David von Oheimb
5743d1268d add 'Signature Value:' line and correct indentation when printing X.509 signature value
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/6226)
2019-03-18 17:20:23 +00:00
David von Oheimb
0742eb9f66 update reference output of test_x509 in test/certs/cyrillic.*
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/6226)
2019-03-18 17:20:23 +00:00
Shane Lontis
e2f5081116 coverity fixes for bntest.c
Reviewed-by: Paul Yang <yang.yang@baishancloud.com>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/8508)
2019-03-18 11:15:31 +10:00
Richard Levitte
f7f2a55aee test/params_api_test.c: fix size_t assumptions
size_t isn't always as large as a int64_t, so the compiler complains
about possible data loss.  In this case, we are in control, so a
simple cast will do.

Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/8497)
2019-03-17 09:13:29 +01:00
Matt Caswell
ee633ace73 Enable pkeyutl to use Ed448 and Ed25519
With the recent addition of the -rawin option it should be possible for
pkeyutl to sign and verify with Ed448 and Ed2559. The main remaining
stumbling block is that those algorirthms only support "oneshot" operation.
This commit enables pkeyutl to handle that.

Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/8431)
2019-03-14 12:42:16 +00:00
Nicola Tuveri
81d61a62fa Fix memory leak in ectest
Fixes #8462

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8466)
2019-03-13 19:06:43 +02:00
Richard Levitte
d3620841cc test/params_test.c: use TEST_double_eq to check doubles
TEST_ulong_eq was used previously because TEST_double_eq didn't exist
at the time.

Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/8469)
2019-03-13 14:28:27 +01:00
Richard Levitte
932c3d0f67 test/params_test.c: make more global variables static
Again, compilers that don't like them being undeclared...

Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/8469)
2019-03-13 14:05:41 +01:00
Richard Levitte
847275075f test/params_test.c: make construct_api_params() static
With enough warning flags, compilers complain when a non-static
function hasn't been properly declared...

Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/8469)
2019-03-13 13:56:46 +01:00
Richard Levitte
fff684168c test/params_test.c: Add run-time constructed OSSL_PARAM variant
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/8396)
2019-03-13 11:32:17 +01:00
Richard Levitte
bc1e0be709 test/params_test.c: Add API test case, and mixed methods
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/8396)
2019-03-13 11:32:17 +01:00
Richard Levitte
9ad41d246f test/params_test.c: Add "real world" parameter testing
test/params_test.c is a program that tries to mimic how a provider and
an application would or could handle OSSL_PARAM arrays.

For the moment, this program tests a very raw way of handling
OSSL_PARAM arrays.  It is, however, written in a way that will
hopefully make it possible to extend with other methods as APIs arise,
and to set up test cases where a "provider" handles the array one way
while the "application" handles it another way.

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/8396)
2019-03-13 11:32:17 +01:00
Matt Caswell
80889e41a7 Fix no-dso
Don't try to load external provider modules in tests if we don't have DSO
capability

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/8459)
2019-03-13 10:03:54 +00:00
Matt Caswell
5810bbd8c7 Fix various no-* options
no-cmac, no-poly1305 and no-siphash all caused the new test_mac to fail.

Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8458)
2019-03-13 09:59:11 +00:00
Richard Levitte
e2146e120f Change OSSL_PARAM_UTF8_STRING_PTR to OSSL_PARAM_UTF8_PTR
In unrelated code

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8451)
2019-03-12 19:14:50 +01:00
Pauli
7ffbd7ca96 OSSL_PARAM helper functions.
Provide a number of functions to allow parameters to be set and
retrieved in a type safe manner.  Functions are provided for many
integral types plus double, BIGNUM, UTF8 strings and OCTET strings.

All of the integer functions will widen the parameter data as
required.  This permits a degree of malleability in the parameter
definition.  For example a type can be changed from a thirty two bit
integer to a sixty four bit one without changing application code.
Only four and eight byte integral sizes are supported here.

A pair of real functions are available for doubles.

A pair of functions is available for BIGNUMs.  These accept any sized
unsigned integer input and convert to/from a BIGNUM.

For each OCTET and UTF8 strings, four functions are defined.  This
provide get and set functionality for string and for pointers to
strings.  The latter avoiding copies but have other inherent risks.

Finally, some utility macros and functions are defined to allow
OSSL_PARAM definition arrays to be specified in a simple manner.
There are two macro and one function for most types.  The exception
being BIGNUM, for which there is one macro and one function.

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8451)
2019-03-12 19:12:12 +01:00
Richard Levitte
8c4412ed8f Rename 'buffer' to 'data' in OSSL_PARAM
The OSSL_PARAM attribute names |buffer| and |buffer_size| may lead to
confusion, as they may make some think that the memory pointed at is
an intermediate memory are.  This is not generally the case, so we
rename |buffer| and |buffer_size| to |data| and |data_size|

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8451)
2019-03-12 18:56:42 +01:00
Shane Lontis
8240d5fa65 FIPS 186-4 RSA Generation & Validation
Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/6652)
2019-03-12 12:00:52 +00:00
Richard Levitte
021a655277 Add provider tests
Two tests are added, one that tests the internal API, the other tests
the public API.  Those two tests both test the same provider, which
acts both as a built-in provider and as a loadable provider module.

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8287)
2019-03-11 20:40:13 +01:00
Shane Lontis
98f29466dc fix truncation of integers on 32bit AIX
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8417)
2019-03-11 14:45:18 +01:00
Shane Lontis
4d768e966f openssl app for macs that uses the new EVP_MAC interface (the code inside dgst uses EVP_PKEY)
Reviewed-by: Paul Yang <yang.yang@baishancloud.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7661)
2019-03-11 12:44:56 +00:00
Bernd Edlinger
ac6fff700a Add a simple test for RSA_SSLV23_PADDING
Reviewed-by: Kurt Roeckx <kurt@roeckx.be>
(Merged from https://github.com/openssl/openssl/pull/8365)
2019-03-07 22:45:53 +01:00
Matt Caswell
6855b496b2 Add a test for underflow in ecp_nistp521.c
The previous commit fixed an underflow that may occur in ecp_nistp521.c.
This commit adds a test for that condition. It is heavily based on an
original test harness by Billy Brumley.

Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/8405)
2019-03-07 14:46:46 +00:00
Shane Lontis
bcf082d130 FIPS AES_GCM IV gen changes
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/8393)
2019-03-07 07:30:04 +10:00
David von Oheimb
9fdcc21fdc constify *_dup() and *i2d_*() and related functions as far as possible, introducing DECLARE_ASN1_DUP_FUNCTION
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8029)
2019-03-06 16:10:09 +00:00
Matt Caswell
a4f0b50eaf Test an overlong ChaCha20-Poly1305 nonce
Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8406)
2019-03-06 13:25:21 +00:00
Pauli
8ab53b193a Make the sparse array code use ossl_uintmax_t as its index rather than size_t.
This should never reduce the range covered and might increase it on some
platforms.

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8415)
2019-03-06 13:50:54 +10:00
Richard Levitte
ac4033d658 Configure: make C++ build tests optional and configurable
Disabled by default

Fixes #8360

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/8370)
2019-03-05 09:26:13 +01:00