test: rename apps_mem.c to be apps_shims.c in anticipation of additonal functions

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16022)

test: add sm3 low level test case to test suite.

Reviewed-by: Paul Yang <kaishen.yy@antfin.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/ope

test: add sm3 low level test case to test suite.

Reviewed-by: Paul Yang <kaishen.yy@antfin.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14271)

show more ...

gost: remove the internal GOST test.

The external GOST test is sufficient according @beldmit. This avoids having
to manually update and build the GOST engine when something changes.

gost: remove the internal GOST test.

The external GOST test is sufficient according @beldmit. This avoids having
to manually update and build the GOST engine when something changes.

Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15795)

show more ...

Add a test for fetching various non-evp objects

We fetch an Encoder, Decoder and Loader.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>

Add a test for fetching various non-evp objects

We fetch an Encoder, Decoder and Loader.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15741)

show more ...

test: add test cases for SHAxxx helper functions

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15752)

Add a test for the newly added OBJ upcalls

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>

Add a test for the newly added OBJ upcalls

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15681)

show more ...

When linking to static libssl always link to static libcrypto

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://githu

When linking to static libssl always link to static libcrypto

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15714)

show more ...

Fix PKCS7_verify to not have an error stack if it succeeds.

Revert a change in behavior to BIO_write(). If a NULL BIO
is passed, no error is raised and the return value is 0. There are

Fix PKCS7_verify to not have an error stack if it succeeds.

Revert a change in behavior to BIO_write(). If a NULL BIO
is passed, no error is raised and the return value is 0. There are
many places where the return code from the write was not checked,
resulting in an error stack with no error status being returned.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15493)

show more ...

Add a test for PKCS5_PBE_keyivgen()

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pul

Add a test for PKCS5_PBE_keyivgen()

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14326)

show more ...

test: add test case to reliably reproduce RAND leak during POST

The FIPS provider leaks a RAND if the POST is run at initialisation time.
This test case reliably reproduces this event.

test: add test case to reliably reproduce RAND leak during POST

The FIPS provider leaks a RAND if the POST is run at initialisation time.
This test case reliably reproduces this event.

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15278)

show more ...

CMP test server: move apps/{,lib/}cmp_mock_srv.c and apps/{,include/}cmp_mock_srv.h

Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15343)

property: add test case for setting default user properties before fetching

Shamelessly culled from #15218.

Co-authored-by: Dr Paul Dale <pauli@openssl.org>

Reviewed-by: Ti

property: add test case for setting default user properties before fetching

Shamelessly culled from #15218.

Co-authored-by: Dr Paul Dale <pauli@openssl.org>

Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15222)

show more ...

Add a test for the public core bio API

Check that reading/writing to a core bio via BIO_new_from_core_bio()
works as expected.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(M

Add a test for the public core bio API

Check that reading/writing to a core bio via BIO_new_from_core_bio()
works as expected.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15072)

show more ...

acvp: fix the no-acvp_test build

A pair of the disabled string checks were incorrect.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.

acvp: fix the no-acvp_test build

A pair of the disabled string checks were incorrect.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/15082)

show more ...

Avoid more MSVC-specific C runtime library functions

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github

Avoid more MSVC-specific C runtime library functions

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/13540)

show more ...

Remove the external BoringSSL test

Fixes #14424

Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14682)

Fix DER reading from stdin for BIO_f_readbuffer

Fixes #14559

The intitial implementation of the gets() function tried using the next bio's gets() function.
For a file BIO this r

Fix DER reading from stdin for BIO_f_readbuffer

Fixes #14559

The intitial implementation of the gets() function tried using the next bio's gets() function.
For a file BIO this returned incorrect data for binary data containing 0x00.
Just buffering all data during gets() did not work however since some
applications open and close the bio multiple times when dealing with pem
files containing multiple entries.. This does not work
when reading from stdin unless the data if buffered one byte at a time.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14599)

show more ...

Test errors from a provider can still be accessed after unload

Providers can create errors that may refer to const strings within the
provider module itself. If the provider gets unloade

Test errors from a provider can still be accessed after unload

Providers can create errors that may refer to const strings within the
provider module itself. If the provider gets unloaded we need to be sure
that we can still access the errors in the error stack.

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14213)

show more ...

test: add framework for generic fake random number generator

Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13652)

Deprecate the libssl level SRP APIs

The low level SRP implementation has been deprecated with no replacement.
Therefore the libssl level APIs need to be similarly deprecated.

Re

Deprecate the libssl level SRP APIs

The low level SRP implementation has been deprecated with no replacement.
Therefore the libssl level APIs need to be similarly deprecated.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14132)

show more ...

TEST: Add an algorithm ID tester for libcrypto vs provider

Providers produce algorithm IDs of their own, and we need to compare
them against the same thing produced by libcrypto's ASN.1

TEST: Add an algorithm ID tester for libcrypto vs provider

Providers produce algorithm IDs of their own, and we need to compare
them against the same thing produced by libcrypto's ASN.1 code and
with legacy keys.

This tester can compare algorithm IDs for signatures and for keys,
given certificates that hold such data.

To verify key algorithm IDs, only one certificate is necessary, and
its public key is used.

To verify certificate algorithm IDs, we need to launch the signature
operation that would verify a certificate against the public key of
its signing CA, so that test needs two files.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14049)

show more ...

Deprecate EC_KEY + Update ec apps to use EVP_PKEY

Co-author: Richard Levitte <levitte@openssl.org>
Co-author: Tomas Mraz <tmraz@openssl.org>

Reviewed-by: Matt Caswell <matt@open

Deprecate EC_KEY + Update ec apps to use EVP_PKEY

Co-author: Richard Levitte <levitte@openssl.org>
Co-author: Tomas Mraz <tmraz@openssl.org>

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13139)

show more ...

TEST: move cert, key, and CSR loading aux functions to new testutil/load.c

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/13762)

Use adapted test_get_libctx() for simpler test setup and better error reporting

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/13001)

TEST: Add a simple module loader, and test the FIPS module with it

This very simple module loader is only linked with the standard C
library, so cannot and should not provide any other s

TEST: Add a simple module loader, and test the FIPS module with it

This very simple module loader is only linked with the standard C
library, so cannot and should not provide any other symbol to the
module it tries to load. It can thereby be used to verify that the
module it tries to load doesn't have any surprising dependencies when
it's supposed to be self contained.

A test recipe is added to verify the FIPS module with this loader.

Fixes #11020

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/13507)

show more ...