Looks like someone forgot to do a "make update" since crypto/ts/Makefile
keeps changing. So include that.
Second is that the declare_dh_bn macro fools the libeay.num script.
The declarations are only needed in one file (dh_rfc5114) so remove
them from the header and put the "raw" declarations directly into that
file.
Reviewed-by: Richard Levitte <levitte@openssl.org>
Occaisionally we have had problems where there are duplicated ordinals in
libeay.num or ssleay.num. This adds a test for this issue.
Reviewed-by: Richard Levitte <levitte@openssl.org>
Much related/similar work also done by
Ivan Nestlerode <ivan.nestlerode@sonos.com>
+Replace FILE BIO's with dummy ops that fail.
+Include <stdio.h> for sscanf() even with no-stdio (since the declaration
is there). We rely on sscanf() to parse the OPENSSL_ia32cap environment
variable, since it can be larger than a 'long'. And we don't rely on the
availability of strtoull().
+Remove OPENSSL_stderr(); not used.
+Make OPENSSL_showfatal() do nothing (currently without stdio there's
nothing we can do).
+Remove file-based functionality from ssl/. The function
prototypes were already gone, but not the functions themselves.
+Remove unviable conf functionality via SYS_UEFI
+Add fallback definition of BUFSIZ.
+Remove functions taking FILE * from header files.
+Add missing DECLARE_PEM_write_fp_const
+Disable X509_LOOKUP_hash_dir(). X509_LOOKUP_file() was already compiled out,
so remove its prototype.
+Use OPENSSL_showfatal() in CRYPTO_destroy_dynlockid().
+Eliminate SRP_VBASE_init() and supporting functions. Users will need to
build the verifier manually instead.
+Eliminate compiler warning for unused do_pk8pkey_fp().
+Disable TEST_ENG_OPENSSL_PKEY.
+Disable GOST engine as is uses [f]printf all over the place.
+Eliminate compiler warning for unused send_fp_chars().
Signed-off-by: Rich Salz <rsalz@akamai.com>
Reviewed-by: Tim Hudson <tjh@openssl.org>
The windows test uses the pseudo file "nul" to indicate no file for the
-CApath option. This does not work on all versions of Windows. Instead use
the new -no-CApath option.
Reviewed-by: Andy Polyakov <appro@openssl.org>
The openssl rehash command is not available on some platforms including
Windows. This change skips the associated tests if rehash is not available.
Reviewed-by: Richard Levitte <levitte@openssl.org>
It depended on 'openssl no-wp', which always exited with code 0, so
this test would never be performed, and this, I never discovered that
the program it's supposed to run was misspellt. Furthermore, the
feature to check is 'whirlpool', not 'wp'.
All corrected.
Reviewed-by: Stephen Henson <steve@openssl.org>
Add Utils.pm for test utilities. This currently just contains one function:
disabled which checks if a feature is disabled based on the output of
openssl list -disabled
Reviewed-by: Richard Levitte <levitte@openssl.org>
Obvious typo, and it took configuring with 'zlib' to discover it,
otherwise there was a previous skip that bypassed this section
entirely.
Reviewed-by: Tim Hudson <tjh@openssl.org>
If test/recipes/40-test_rehash.t is executed as root, the last test
will fail, since the created directory will remain writable no matter
what. Make sure it complains loudly about being run as root.
Reviewed-by: Rich Salz <rsalz@openssl.org>
Rewrite EVP_DecodeUpdate.
In particular: reject extra trailing padding, and padding in the middle
of the content. Don't limit line length. Add tests.
Previously, the behaviour was ill-defined, and depended on the position
of the padding within the input.
In addition, this appears to fix a possible two-byte oob read.
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Dr Stephen Henson <steve@openssl.org>
The bookmark API results in a lot of boilerplate error checking that can
be much more easily achieved with a simple struct copy. It also lays the
path for removing the third PACKET field.
Reviewed-by: Rich Salz <rsalz@openssl.org>
If a test recipe does something like this:
indir "foo.$$" => sub {
chmod 0500, File::Spec->curdir();
ok(run(app(["something"])));
}
we get a problem, because we were storing the temporary stderr file in
the current directory at all times (so while inside the 'indir', we
would attemp to store it in "foo.$$").
So, change our ways to always store that temporary file in the exact
same location, defined by the environment variable RESULT_D, or
failing that TEST_D, or failing that $TOP/test.
Reviewed-by: Rich Salz <rsalz@openssl.org>
Use each once in s3_srvr.c to show how they work.
Also fix a bug introduced in c3fc7eeab884b6876a1b4006163f190d325aa047
and made apparent by this change:
ssl3_get_next_proto wasn't updating next_proto_negotiated_len
Reviewed-by: Matt Caswell <matt@openssl.org>
test_ecdh and test_ecdsa are made to depend on no-ec being false.
test_hmac is made not to depend on algorithm at all.
Based on a contribution by Alessandro Ghedini <alessandro@ghedini.me>
Reviewed-by: Rich Salz <rsalz@openssl.org>
The verify_extra_test was recently changed to take its parameters as
arguments instead of having them hardcoded.
Reviewed-by: Rich Salz <rsalz@openssl.org>
This recipe counted too much on being called with test/ as its current
working directory. That's a mistake on, for example, Windows.
Reviewed-by: Rich Salz <rsalz@openssl.org>
The testsslproxy tests turned out to be useless as they were. They
were really just for show and the results were ignore. Now they are
changed into a more veerifiable test
Reviewed-by: Rich Salz <rsalz@openssl.org>
Be careful when shifting in a function argument, you end up changing
the caller's value. Instead, when it is an array, make a shallow copy
and shift in that instead.
Reviewed-by: Rich Salz <rsalz@openssl.org>
Some tests were copied from test_jpake, but the title wasn't changed
accordingly. This might seem like a small thing, but it does affect
the log file name...
Reviewed-by: Rich Salz <rsalz@openssl.org>
MINFO may be an old file lying around, which might have
00-check_testexes.t produce incorrect results. To make sure this
doesn't happen, check the variable VERSION in it against the same
variable in the top Makefile.
Reviewed-by: Rich Salz <rsalz@openssl.org>
Before trying to read MINFO, we have no idea how many to test for, and
because skip expects to get an exact number somehow, it's better to
use 'plan skip_all'.
Reviewed-by: Rich Salz <rsalz@openssl.org>
Following the commit from July 2 that removed netscape formated certs,
it is no longer necessary to have conversion tests for it.
Reviewed-by: Rich Salz <rsalz@openssl.org>
VMS files are normally record oriented rather than stream oriented.
This means that every write() will create a new record, which is seen
as a line of its own, regardless of if there was a \n in there or not.
bntest uses BN_print, which prints out number with more than one
write(), thereby dividing up the numbers in several lines, which
greatly disturbs the post-bntest checks that expect to find a full
formula to calculate on one line.
So, for VMS, we need to push the linebuffer filter on the out BIO.
Reviewed-by: Rich Salz <rsalz@openssl.org>