Since there seems to be no way to avoid linking to libssl and libcrypto,
just wrap the test. This unbreaks "shared" builds when using clang and/or
OS X.
Signed-off-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Ben Laurie <ben@openssl.org>
Commit d4ab70f27c added a test program
to check that the NULL pointer is represented as all zero bits, but
did not specify a build rule for that new executable. On many platforms,
the implicit rule sufficed, since nptest is a very simple program, but
for at least darwin-i386-cc, an explicit rule is needed. On darwin-i386-cc,
the implicit rule targetted a 64-bit executable, but the object file
containing the definition of main was a 32-bit object, which the linker
excluded from consideration, resulting in a link failure due to no
definition for _main.
Add the missing build rule to fix the build on such platforms.
Signed-off-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
This does 64-bit division and multiplication, and on 32-bit platforms
pulls in libgcc symbols (and MSVC does similar) which may not be
available. Mostly done by David Woodhouse.
Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
Also has changes from from David Woodhouse <David.Woodhouse@intel.com>
and some tweaks from me.
Signed-off-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Tim Hudson <tjh@openssl.org>
Add test to check PBE lookups: these can fail if the PBE table is not
correctly orders. Add to "make test".
Reviewed-by: Matt Caswell <matt@openssl.org>
There are many places (nearly 50) where we malloc and then memset.
Add an OPENSSL_zalloc routine to encapsulate that.
(Missed one conversion; thanks Richard)
Also fixes GH328
Reviewed-by: Richard Levitte <levitte@openssl.org>
Use SSL_CONF for certificate handling is ssltest.c, this changes the
behaviour slightly: the -cert and -key options are no longer recognised
and a default certificate file is not used.
This change means that -s_cert and -c_cert can be used mode than once
to support use of multiple certificates.
Reviewed-by: Matt Caswell <matt@openssl.org>
- Pass in the right ciphertext length to ensure we're indeed testing
ciphertext corruption (and not truncation).
- Only test one mutation per byte to not make the test too slow.
- Add a separate test for truncated ciphertexts.
Reviewed-by: Richard Levitte <levitte@openssl.org>
Don't dereference |d| when |top| is zero. Also test that various BIGNUM methods behave correctly on zero/even inputs.
Follow-up to b11980d79a
Reviewed-by: Rich Salz <rsalz@openssl.org>
BN_bntest_rand generates a single-word zero BIGNUM with quite a large probability.
A zero BIGNUM in turn will end up having a NULL |d|-buffer, which we shouldn't dereference without checking.
Reviewed-by: Richard Levitte <levitte@openssl.org>
Fix more potential leaks in X509_verify_cert()
Fix memory leak in ClientHello test
Fix memory leak in gost2814789 test
Fix potential memory leak in PKCS7_verify()
Fix potential memory leaks in X509_add1_reject_object()
Refactor to use "goto err" in cleanup.
Signed-off-by: Rich Salz <rsalz@akamai.com>
Reviewed-by: Emilia Käsper <emilia@openssl.org>
Add DSA tests.
Add tests to verify signatures against public keys. This will also check
that a public key is read in correctly.
Reviewed-by: Ben Laurie <ben@openssl.org>
Enhance the PACKET code readability, and fix a stale comment. Thanks
to Ben Kaduk (bkaduk@akamai.com) for pointing this out.
Reviewed-by: Emilia Käsper <emilia@openssl.org>
Use a dynamic engine for ossltest engine so that we can build it without
subsequently deploying it during install. We do not want people accidentally
using this engine.
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Two tests are added: one is a simple version tolerance test; the second is
a test to ensure that OpenSSL operates correctly in the case of a zero
length extensions block. The latter was broken inadvertently (now fixed)
and it would have been helpful to have a test case for it.
Reviewed-by: Richard Levitte <levitte@openssl.org>
We could just initialize it, but to be consistent with the rest of the file
it seemed to make more sense to just drop.
Reviewed-by: Ben Laurie <ben@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
This reverts commit 704563f04a.
Reverting in favour of the next commit which removes the underlying cause
of the warning.
Reviewed-by: Ben Laurie <ben@openssl.org>
Some of the PACKET functions were returning incorrect data. An unfortunate
choice of test data in the unit test was masking the failure.
Reviewed-by: Tim Hudson <tjh@openssl.org>
Provide more robust (inline) functions to replace n2s, n2l, etc. These
functions do the same thing as the previous macros, but also keep track
of the amount of data remaining and return an error if we try to read more
data than we've got.
Reviewed-by: Tim Hudson <tjh@openssl.org>
The function SSL_set_session_ticket_ext sets the ticket data to be sent in
the ClientHello. This is useful for EAP-FAST. This commit adds a test to
ensure that when this function is called the expected ticket data actually
appears in the ClientHello.
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
This adds a test for CVE-2015-1793. This adds a new test file
verify_extra_test.c, which could form the basis for additional
verification tests.
Reviewed-by: Stephen Henson <steve@openssl.org>
Add secure heap for storage of private keys (when possible).
Add BIO_s_secmem(), CBIGNUM, etc.
Add BIO_CTX_secure_new so all BIGNUM's in the context are secure.
Contributed by Akamai Technologies under the Corporate CLA.
Reviewed-by: Richard Levitte <levitte@openssl.org>
Recent HMAC changes broke ABI compatibility due to a new field in HMAC_CTX.
This backs that change out, and does it a different way.
Thanks to Timo Teras for the concept.
Reviewed-by: Richard Levitte <levitte@openssl.org>
The function EC_POINT_is_on_curve does not return a boolean value.
It returns 1 if the point is on the curve, 0 if it is not, and -1
on error. Many usages within OpenSSL were incorrectly using this
function and therefore not correctly handling error conditions.
With thanks to the Open Crypto Audit Project for reporting this issue.
Reviewed-by: Kurt Roeckx <kurt@openssl.org>
For librypto to be complete, the stuff in both crypto/ and engines/
have to be built. Doing 'make test' or 'make apps' from a clean
source tree failed to do so.
Corrected by using the new 'build_libcrypto' in the top Makefile.
Reviewed-by: Tim Hudson <tjh@openssl.org>
Almost two months ago, the warning about non-existing config file was
supressed by setting the environment variable OPENSSL_CONF to /dev/null
everywhere. Now that this warning is gone, that practice is no longer
needed.
Reviewed-by: Stephen Henson <steve@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
In master, the 'dh' command is gone, so use 'dhparam' instead to
determine if we're compiled with DH.
Also, set "@SECLEVEL=1" for the weak DH test, so that it actually
passes.
Reviewed-by: Dr Stephen Henson <steve@openssl.org>
Also add more ciphersuite test coverage, and a negative test for
512-bit DHE.
Reviewed-by: Rich Salz <rsalz@openssl.org>
(cherry picked from commit 1ee85aab75)
