| Age | Commit message (Collapse) | Author |
|---|
|
Since one generates files that the other depends on, there's no
real reason to keep them separate. Since they were both different
aspects of 'openssl req', the merge ends up in 25-test_req.t.
This also makes cleanup easier.
Reviewed-by: Rich Salz <rsalz@openssl.org>
|
|
Reviewed-by: Rich Salz <rsalz@openssl.org>
|
|
Generate small test programs to check that external programs can be
built with our stuff at a very basic level.
For now, they check that each of our header files can be included
individually without compile failure.
Reviewed-by: Rich Salz <rsalz@openssl.org>
|
|
RT#4557
Reviewed-by: Rich Salz <rsalz@openssl.org>
|
|
Port client auth tests to the new framework, add coverage. The old tests
were only testing success, and only for some protocol versions; the new
tests add all protocol versions and various failure modes.
Reviewed-by: Rich Salz <rsalz@openssl.org>
|
|
The S symbol class wasn't checked.
Notified by Sebastian Andrzej Siewior
Reviewed-by: Tim Hudson <tjh@openssl.org>
|
|
Reviewed-by: Richard Levitte <levitte@openssl.org>
|
|
Add copyright to missing assembler files.
Add copyrights to missing test/* files.
Add copyrights
Various source and misc files.
Reviewed-by: Richard Levitte <levitte@openssl.org>
|
|
Salt must be two ASCII characters. Add tests to check for that,
and a test to test the checks.
Reviewed-by: Matt Caswell <matt@openssl.org>
|
|
Trying to use normal perl conditions to conditionally 'use' a perl
module didn't quite work. Using the 'if' module to do so does work.
Reviewed-by: Andy Polyakov <appro@openssl.org>
|
|
As it turns out default glob's behaviour for quoted argument varies
from version to version, making it impossible to Configure or run
tests in some cases. The reason for quoting globs was to accommodate
source path with spaces in its name, which was treated by default glob
as multiple paths. File::Glob::glob on the other hand doesn't consider
spaces as delimiters and therefore works with unquoted patterns.
[Unfortunaltely File::Glob::glob, being too csh-ly, doesn't work
on VMS, hence the "pinning" is conditional.]
Reviewed-by: Richard Levitte <levitte@openssl.org>
|
|
RT#4486
Reviewed-by: Matt Caswell <matt@openssl.org>
|
|
RT#4486
Reviewed-by: Matt Caswell <matt@openssl.org>
|
|
If using the msys console then msys attempts to "fix" command line
arguments to convert them from Unix style to Windows style. One of the
things it does is to look for arguments seperated by colons. This it
assumes is a list of file paths, so it replaces the colon with a semi-colon.
This was causing one of our tests to fail when calling the "req" command
line app. We were attempting to create a new DSA key and passing the
argument "dsa:../apps/dsa1024.pem". This is exactly what we intended but
Msys mangles it to "dsa;../apps/dsa1024.pem" and the command fails.
There doesn't seem to be a way to suppress Msys name mangling. Fortunately
we can work around this issue by generating the DSA key in a separate step
by calling "gendsa".
RT#4255
Reviewed-by: Richard Levitte <levitte@openssl.org>
|
|
Clang was complaining about some variables possibly being uninitialized
when used. The warnings are bogus, but clang can't figure that out. This
silences the warnings.
Reviewed-by: Richard Levitte <levitte@openssl.org>
|
|
Previous commits fixed the implementation of the %e and %g format
specifiers as well as other issues. This commit adds a test.
Reviewed-by: Richard Levitte <levitte@openssl.org>
|
|
RT#4492
Reviewed-by: Tim Hudson <tjh@openssl.org>
|
|
Fix possible leak in danetest.c
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
|
|
Reviewed-by: Richard Levitte <levitte@openssl.org>
|
|
This adds an async IO test. There are two test runs. The first one does
a normal handshake with lots of async IO events. The second one does the
same but this time breaks up all the written records into multiple records
of one byte in length. We do this all the way up until the CCS.
Reviewed-by: Andy Polyakov <appro@openssl.org>
|
|
The write BIO for handshake messages is bufferred so that we only write
out to the network when we have a complete flight. There was some
complexity in the buffering logic so that we switched buffering on and
off at various points through out the handshake. The only real reason to
do this was historically it complicated the state machine when you wanted
to flush because you had to traverse through the "flush" state (in order
to cope with NBIO). Where we knew up front that there was only going to
be one message in the flight we switched off buffering to avoid that.
In the new state machine there is no longer a need for a flush state so
it is simpler just to have buffering on for the whole handshake. This
also gives us the added benefit that we can simply call flush after every
flight even if it only has one message in it. This means that BIO authors
can implement their own buffering strategies and not have to be aware of
the state of the SSL object (previously they would have to switch off
their own buffering during the handshake because they could not rely on
a flush being received when they really needed to write data out). This
last point addresses GitHub Issue #322.
Reviewed-by: Andy Polyakov <appro@openssl.org>
|
|
Reviewed-by: Richard Levitte <levitte@openssl.org>
|
|
Reviewed-by: Emilia Käsper <emilia@openssl.org>
|
|
Reviewed-by: Richard Levitte <levitte@openssl.org>
|
|
Document thread-safe lock creation
Reviewed-by: Richard Levitte <levitte@openssl.org>
|
|
In some cases, perl's glob() thinks it needs to return file names with
generation numbers, such as when a file name pattern includes two
periods. Constructing other file names by simple appending to file
names with generation numbers isn't a good idea, so for the VMS case,
just peal the generation numbers if they are there.
Fortunately, this is easy, as the returned generation number delimiter
will always be a semi-colon.
Reviewed-by: Rich Salz <rsalz@openssl.org>
|
|
If the server does not send a session ticket extension, it should not then
send the NewSessionTicket message.
If the server sends the session ticket extension, it MUST then send the
NewSessionTicket message.
Reviewed-by: Emilia Käsper <emilia@openssl.org>
|
|
The old proxy tests test the implementation of an application proxy
policy callback defined in the test itself, which is not particularly
useful.
It is, however, useful to test cert verify overrides in
general. Therefore, replace these tests with tests for cert verify
callback behaviour.
Also glob the ssl test inputs on the .in files to catch missing
generated files.
Reviewed-by: Rich Salz <rsalz@openssl.org>
|
|
The old cipherlist test in ssltest.c only tests the internal order of
the cipher table, which is pretty useless.
Replace this test with a test that catches inadvertent changes to the
default cipherlist.
Fix run_tests.pl to correctly filter tests that have "list" in their name.
(Also includes a small drive-by fix in .gitignore.)
Reviewed-by: Rich Salz <rsalz@openssl.org>
|
|
When *pp is NULL, don't write garbage, return an unexpected pointer
or leak memory on error.
Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
|
|
PR#4462
Reviewed-by: Rich Salz <rsalz@openssl.org>
|
|
No code change
Reviewed-by: Kurt Roeckx <kurt@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
|
|
Reviewed-by: Richard Levitte <levitte@openssl.org>
|
|
Reviewed-by: Emilia Käsper <emilia@openssl.org>
|
|
The TLSProxy based tests don't work when TLS is disabled so we shouldn't
run them.
Reviewed-by: Richard Levitte <levitte@openssl.org>
|
|
Add tests for ASN.1 INTEGER: invalid tag, valid 0, 1, -1 and 0, -1 with
illegal padding.
Also add ASN1_ANY tests for 0, 1 and -1.
Reviewed-by: Emilia Käsper <emilia@openssl.org>
|
|
Reviewed-by: Emilia Käsper <emilia@openssl.org>
|
|
Reviewed-by: Emilia Käsper <emilia@openssl.org>
|
|
Fix some of the variables to be (s)size_t, so that more than 1GB of
secure memory can be allocated. The arena has to be a power of 2, and
2GB fails because it ends up being a negative 32-bit signed number.
The |too_late| flag is not strictly necessary; it is easy to figure
out if something is secure memory by looking at the arena. As before,
secure memory allocations will not fail, but now they can be freed
correctly. Once initialized, secure memory can still be used, even if
allocations occured before initialization.
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
|
|
Reviewed-by: Andy Polyakov <appro@openssl.org>
|
|
Most of the tests already pass with EBCIDC but a few were trying to
write into read only memory.
Reviewed-by: Andy Polyakov <appro@openssl.org>
|
|
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/952)
|
|
Reviewed-by: Richard Levitte <levitte@openssl.org>
|
|
Bad ASN.1 data should never be able to trigger a malloc failure so return
an error in d2i_test if a malloc failure occurs.
Reviewed-by: Richard Levitte <levitte@openssl.org>
|
|
Using ASN1_ITEM tables in d2i_test: this then uses consistent names and
makes it easier to extend.
Add bio, reencode and compare tests.
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
|
|
Reviewed-by: Richard Levitte <levitte@openssl.org>
|
|
Our main development platforms are of the Unix family, which doesn't
have the same strictness regarding a shared library being consistent
with the contents of the ld script (.map file, on Linux and Solaris)
as Windows is with the contents of the .def file or VMS is with the
linker symb_vector option.
To eliminate surprises, we therefore need to make sure to check that
the contents of the .map file is matched with the shared library, at
least to check that the shared library isn't missing any symbols that
should be present.
This test isn't absolutely perfect, as it will only check the symbols
that would be present on Linux / Solaris and will therefore miss those
that would only appear on Windows or VMS. On the other hand, those
platform specific are few and far apart in time, so it's not likely
they will pose a problem.
Reviewed-by: Matt Caswell <matt@openssl.org>
|
|
Reviewed-by: Richard Levitte <levitte@openssl.org>
|
|
The Unix build was the last to retain the classic build scheme. The
new unified scheme has matured enough, even though some details may
need polishing.
Reviewed-by: Rich Salz <rsalz@openssl.org>
|
|
Add copyright to most .pl files
This does NOT cover any .pl file that has other copyright in it.
Most of those are Andy's but some are public domain.
Fix typo's in some existing files.
Reviewed-by: Richard Levitte <levitte@openssl.org>
|
