GitHub/openssl
1
0
Fork 0
mirror of https://github.com/openssl/openssl.git synced 2026-05-07 20:12:39 +00:00
Code Issues Packages Projects Releases Wiki Activity
39,780 Commits 39 Branches 433 Tags
master
Commit Graph

165 Commits

Author SHA1 Message Date
Jakub Zelenka 3cff7c2181 Add memory allocation failure testing framework 
Introduce ADD_MFAIL_TEST for exhaustive testing of allocation failure
handling in individual functions. The framework repeatedly calls the
test function, each time failing one allocation later within the
section bracketed by mfail_start() and mfail_end(), verifying that
every failure path returns 0 without crashing or leaking.

Custom allocators are installed once at startup via
CRYPTO_set_mem_functions(). When not armed, they pass through to
malloc/realloc/free. Installation can be disabled by setting
OPENSSL_TEST_MFAIL_DISABLE for tests that need the default allocator
(e.g. those using OPENSSL_MALLOC_FAILURES).

Additional environment variables control test execution:
OPENSSL_TEST_MFAIL_SKIP_ALL, OPENSSL_TEST_MFAIL_SKIP_SLOW,
OPENSSL_TEST_MFAIL_POINT, and OPENSSL_TEST_MFAIL_START.

Reviewed-by: Saša Nedvědický <sashan@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.foundation>
MergeDate: Thu Apr 23 20:23:34 2026
(Merged from https://github.com/openssl/openssl/pull/30871)
 2026-04-23 20:22:45 +00:00
Alexandr Nedvedicky 69755d2a10 fix BIO_vsnprintf() with NULL string arg crash on Solaris 10 
Issue was kindly reported and fixes suggested by @rainerjung

Fixes #30402

Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.foundation>
MergeDate: Fri Apr 10 12:22:44 2026
(Merged from https://github.com/openssl/openssl/pull/30596)
 2026-04-10 14:22:43 +02:00
openssl-machine c721580653 Copyright year updates 
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Eugene Syromiatnikov <esyr@openssl.org>
MergeDate: Tue Mar 10 14:37:54 2026
Release: yes
 2026-03-10 14:37:52 +00:00
Bob Beck bf39120c27 Allow testing the valgrind suppression file in CI 
Skip the OPENSSL_cleanup() call from the openssl app and in tests
when OSSL_USE_VALGRIND environment variable is set.

This can be used in the CI to test the valgrind suppressions.

Builds upon https://github.com/openssl/openssl/pull/29573

Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Saša Nedvědický <sashan@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
MergeDate: Tue Feb 10 14:00:54 2026
(Merged from https://github.com/openssl/openssl/pull/29575)
 2026-02-10 15:00:52 +01:00
Milan Broz 1f23e41029 Fix const spec in test 
This patch fixes several const specifiers and unneeded casts
(visible with non-default const-qual warning).

Signed-off-by: Milan Broz <gmazyland@gmail.com>

Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Saša Nedvědický <sashan@openssl.org>
MergeDate: Thu Feb  5 09:13:46 2026
(Merged from https://github.com/openssl/openssl/pull/29800)
 2026-02-05 10:13:37 +01:00
Daniel Kubec dc01d6cfa1 ASN.1: Raise additional errors in crl_set_issuers() 
Additional ASN.1 parsing errors are now raised to the error stack,
allowing invalid CRLs to be rejected early with detailed error messages.

Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
MergeDate: Tue Feb  3 09:02:15 2026
(Merged from https://github.com/openssl/openssl/pull/29750)
 2026-02-03 10:01:47 +01:00
Pauli b79ec4cb22 test: get rid of the TEST_strn2_ functions 
Their semantics are poorly defined and they are rarely used.  The _ne
version being completely unused & tricky to define properly.

Reviewed-by: Norbert Pocs <norbertp@openssl.org>
Reviewed-by: Nikola Pajkovsky <nikolap@openssl.org>
Reviewed-by: Frederik Wedel-Heinen <fwh.openssl@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/29627)
 2026-01-16 08:31:20 +11:00
Sashan 994413f995 Update NEWS.md 
Co-authored-by: Matt Caswell <matt@openssl.org>

Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/29385)
 2025-12-19 12:06:38 -05:00
Daniel Kubec fed15f076f ASN1: Reject negative BIGNUM components 
In the ASN.1 structures we define the BIGNUM as positive and enforce
this during parsing. If the encoded value is negative, we raise an error
and reject the material.

Fixes #29210
Fixes #27407

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/29370)
 2025-12-12 15:02:06 +01:00
Bob Beck 2fab90bb5e 4.0-POST-CLANG-FORMAT-WEBKIT 
Reviewed-by: Saša Nedvědický <sashan@openssl.org>
Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Nikola Pajkovsky <nikolap@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/29242)
 2025-12-09 00:28:19 -07:00
Norbert Pocs 4e96426a8d apps: Remove opt_legacy_okay function 
The function used to check for ENGINEs to determine if a legacy code
path is available, but it makes no sense to keep it after the ENGINE
removal, as the legacy path will always fail.

Signed-off-by: Norbert Pocs <norbertp@openssl.org>

Reviewed-by: Eugene Syromiatnikov <esyr@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Saša Nedvědický <sashan@openssl.org>
Reviewed-by: Saša Nedvědický <sashan@openssl.org>
Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/29305)
 2025-12-04 07:32:18 -05:00
Bob Beck 2fbc715b18 Adapt the tests to not care about failures from platform gmtime() 
Now that we don't use gmtime, timegm and friends from the platform
we should be able to handle all values the same on any platform
with no concerns other than what the platform has decided to use
for time_t.

The hpux #ifdef is removed, as looking at f5e3115361 shows this
was added due to a gmtime() failure on the platform.

This then clears out all the platform specific chaos in helper.c
as an example of why the public API being added is actually
generally useful, as it has been noticed that users of OpenSSL
frequently end up dealing with the same issues in the same really
awful ways in their own software as were were doing in that file
in the tests.

Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Saša Nedvědický <sashan@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/28748)
 2025-10-21 12:19:00 -04:00
Nikola Pajkovsky 0955904db1 Move handy test functions to testutil 
Signed-off-by: Nikola Pajkovsky <nikolap@openssl.org>

Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Saša Nedvědický <sashan@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/28599)
 2025-10-16 09:10:54 -04:00
Ryan Hooper f2a41c74ae Updated SSL Trace to display the name for all MLKEM-based groups 
Make SSL Trace to display the name of the MLKEM512, MLKEM768,
MLKEM1024 and SecP384r1MLKEM1024 groups.

Fixes #28476

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/28499)
 2025-09-18 17:27:29 +02:00
Eugene Syromiatnikov 4f288b60e8 apps: introduce app_malloc_array() 
Similar to app_malloc(), provides a wrapper for OPENSSL_malloc_array()
that bails out when a NULL pointer is returned.

Signed-off-by: Eugene Syromiatnikov <esyr@openssl.org>

Reviewed-by: Paul Dale <ppzgs1@gmail.com>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Neil Horman <nhorman@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/28444)
 2025-09-07 07:22:24 -04:00
openssl-machine e66332418f Copyright year updates 
Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Saša Nedvědický <sashan@openssl.org>
Release: yes
 2025-09-02 13:05:45 +00:00
Eugene Syromiatnikov 39029a1bb0 test/testutil/main.c: move global_init before test_open_streams 
So it is possible to change the allocator implementation,
as it must be before the first malloc call.

Suggested-by: Matt Caswell <matt@openssl.org>
Signed-off-by: Eugene Syromiatnikov <esyr@openssl.org>

Reviewed-by: Saša Nedvědický <sashan@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <ppzgs1@gmail.com>
Reviewed-by: Neil Horman <nhorman@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/28059)
 2025-08-08 12:22:10 -04:00
Eugene Syromiatnikov 5fab189ddd test: use array memory (re)allocation routines 
Signed-off-by: Eugene Syromiatnikov <esyr@openssl.org>

Reviewed-by: Saša Nedvědický <sashan@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <ppzgs1@gmail.com>
Reviewed-by: Neil Horman <nhorman@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/28059)
 2025-08-08 12:22:10 -04:00
GAlvare 7eee9d543e Fixes for build failures on OS X 10.4 Tiger 
Also added darwin8-ppc-cc and darwin8-ppc64-cc build configurations for
handling OS X 10.4 PowerPC specific configuration options, specifically
disabling async by default.

Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
Reviewed-by: Paul Dale <ppzgs1@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/27578)
 2025-08-08 13:56:02 +02:00
Tomas Mraz a3af1c036c test: Silence warnings on Win64 builds 
Reviewed-by: Saša Nedvědický <sashan@openssl.org>
Reviewed-by: Neil Horman <nhorman@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27806)
 2025-07-02 17:26:26 +02:00
JiashengJiang 3818f7779e test/testutil/testutil_init.c: Add OPENSSL_free() to avoid memory leak 
Free trace_data if error occurs to avoid memory leak.

Fixes: d73458d17a ("Add tracing capability in test utilities")
Signed-off-by: JiashengJiang <jiasheng@purdue.edu>

Reviewed-by: Paul Dale <ppzgs1@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27600)
 2025-05-13 14:17:28 +02:00
openssl-machine 0c679f5566 Copyright year updates 
Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Release: yes
 2025-03-12 13:35:59 +00:00
Pauli 4439b8d3cc testutil: increase the line length for reading stanzas 
PQC algorithms and SLH-DSA in particular have very long lines of data.

Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/26750)
 2025-02-20 11:17:39 +11:00
Hugo Landau ea236623c8 testutil: Allow overriding output BIOs thread-locally 
Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23487)
 2025-02-17 11:27:32 -05:00
Bernd Edlinger c37f564bb8 Fix test failure in 30-test_evp_pkey_provided.t 
In this test there is a random test output corruption.
`make test TESTS=test_evp_pkey_provided V=1` has some random output,
that can with a certain probability start a line with "ok" or so:

    # Setting up a OSSL_ENCODER context with passphrase
    # Testing with no encryption
jLixONcRPi/m64CGie4KKKDuGeTjtYwfima3BNYCGlgbLGeK3yYxBfZb9JjviOJ4
    # nHaNsRsONTAKyg==

This happens because large random data is output to bio_out
but some data remains buffered, and then test_note() is used to print
some comments on the bio_err file.  This causes output corruption that
confuses the TAP parser.
Fix that by flushing any pending output with test_flush_stdout() first.

Fixes #23992

Reviewed-by: Saša Nedvědický <sashan@openssl.org>
Reviewed-by: Paul Dale <ppzgs1@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/26383)
 2025-01-15 09:16:04 +01:00
Tomas Mraz 7ed6de997f Copyright year updates 
Reviewed-by: Neil Horman <nhorman@openssl.org>
Release: yes
 2024-09-05 09:35:49 +02:00
slontis f98e49b326 Add FIPS DSA Keygen tests 
Adjust the existing tests to disable DSA keygen in FIPS mode.

Allow evp_test to load DSA 'KeyParams' that can then be used to
perform a DSA KeyGen.

Reviewed-by: Paul Dale <ppzgs1@gmail.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24978)
 2024-08-06 11:01:13 +02:00
shridhar kalavagunta 57bb112c07 Move ossl_asn1_string_to_time_t() to libtestutil 
It is not used anywhere else than in tests.

Fixes #22965

Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23269)
 2024-05-07 12:07:49 +02:00
Matt Caswell 556009c596 Copyright year updates 
Reviewed-by: Richard Levitte <levitte@openssl.org>
Release: yes
 2023-09-28 14:23:29 +01:00
Matt Caswell 44fbe0de34 Enable the ability to seed the test RNG without randomising test ordering 
Numerous tests use the test_random() function to get a random number. If a
test fails then the seed that was used for the test RNG is displayed.
Setting the seed to the same value in a future run is supposed to cause the
same random numbers to be generated again.

The way to set the RNG seed again is to use the `OPENSSL_TEST_RAND_ORDER`
environment variable. However setting this environment variable *also*
randomises the test ordering as well as seeding the RNG. This in itself
calls test_random() so, in fact, when the test finally runs it gets
different random numbers to when it originally run (defeating the
repeatability objective).

This means that only way repeatability can be obtained is if the test was
originally run with `OPENSSL_TEST_RAND_ORDER` set to 0. If that wasn't done
then the seed printed when the test failed is not useful.

We introduce a new environment variable `OPENSSL_TEST_RAND_SEED` which can
be used to independently seed the test RNG without randomising the test
ordering. This can be used to get repeatability in cases where test ordering
randomisation was not done in the first place.

Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22118)
 2023-09-20 18:02:54 +10:00
Dimitri Papadopoulos 10fe5e29ca Fix new typos found by codespell 
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22098)
 2023-09-18 09:04:22 +10:00
Matt Caswell da1c088f59 Copyright year updates 
Reviewed-by: Richard Levitte <levitte@openssl.org>
Release: yes
 2023-09-07 09:59:15 +01:00
Pauli badf3c162d testutil: allow a failure return from setup_tests that doesn't print help 
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/21621)
 2023-08-04 11:57:27 +10:00
Michael Baentsch 8a2e74d053 Cast the argument to unsigned char when calling isspace() 
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21151)
 2023-06-09 17:30:28 +02:00
Michael Baentsch 8229874476 Cast the argument to unsigned char when calling isdigit() 
Fixes #21123

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21127)
 2023-06-06 15:48:46 +02:00
Hugo Landau 6dea91f56d Resolve a djgpp function name conflict 
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20856)
 2023-05-24 10:34:55 +01:00
Hugo Landau 2fa9044298 Make testutil text output functions thread safe (tsan) 
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20856)
 2023-05-24 10:34:55 +01:00
Irak Rigia 1e6bd31e58 Replaced '{ 0, NULL }' with OSSL_DISPATCH_END in OSSL_DISPATCH arrays 
Fixes #20710

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20745)
 2023-04-21 16:19:11 +02:00
Dr. David von Oheimb 13cb5416f4 test_get_libctx(): prevent crash when called with NULL provider arg 
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20190)
 2023-02-08 17:05:47 +01:00
FdaSilvaYY f2a6f83862 Cleanup : directly include of internal/nelem.h when required. 
And so clean a few useless includes

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19721)
 2022-11-23 18:08:25 +01:00
Pauli fe84acc227 test: add two comparision options to fips version test utility code 
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19666)
 2022-11-15 12:10:39 +01:00
Tomas Mraz d8eb0e1988 tests: clear error queue before executing a testcase 
There can be errors in the queue from previous tests and
we look at it to verify we do not add spurious errors in
some testcases.

Fixes #19477

Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19483)

(cherry picked from commit 4bae06d47a)
 2022-10-27 18:39:29 +02:00
Sam James 6a94c5849e test: driver: fix -Wunused-but-set-variable 
The value of 'num_failed_inner' isn't ever used.

Fixes this error with Clang 15:
```
test/testutil/driver.c:341:17: error: variable 'num_failed_inner' set but not used [-Werror,-Wunused-but-set-variable]
            int num_failed_inner = 0;
                ^
1 error generated.
```

Signed-off-by: Sam James <sam@gentoo.org>

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19450)
 2022-10-21 15:56:32 +02:00
Daniel Fiala a1de5eb884 Disable printf format checking on MinGW 
Fixes openssl#19185

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19292)
 2022-10-04 11:53:38 +01:00
Tomas Mraz e1289d90d0 With fips provider 3.0.0 skip tests related to explicit curves handling 
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19201)
 2022-09-16 08:34:53 +10:00
Pauli eaac0584db test: make unit tests FIPS provider version aware 
Fixes #19171

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/19201)
 2022-09-16 08:34:52 +10:00
Hugo Landau 416d0a638c QUIC wire format support 
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18382)
 2022-05-27 08:00:52 +02:00
Dr. David von Oheimb 79b2a2f2ee add OSSL_STACK_OF_X509_free() for commonly used pattern 
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17307)
 2021-12-21 12:11:49 +01:00
Dr. David von Oheimb 2ff286c26c Add and use HAS_PREFIX() and CHECK_AND_SKIP_PREFIX() for checking if string has literal prefix 
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15847)
 2021-11-17 15:48:34 +01:00
x2018 d99004fe5d check the return value of BN_new() and BN_dup() 
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16948)
 2021-11-03 14:28:23 +01:00