It's test code that only runs on 64bit time_t machines.
Move it to a standalone test/gmdifftest
Reviewed-by: NRichard Levitte <levitte@openssl.org>

There are many places (nearly 50) where we malloc and then memset.
Add an OPENSSL_zalloc routine to encapsulate that.
(Missed one conversion; thanks Richard)
Also fixes GH328
Reviewed-by: NRichard Levitte <levitte@openssl.org>

Add support for testing ECDSA and DSA ciphersuites.
Reviewed-by: NMatt Caswell <matt@openssl.org>

Use SSL_CONF for certificate handling is ssltest.c, this changes the
behaviour slightly: the -cert and -key options are no longer recognised
and a default certificate file is not used.

This change means that -s_cert and -c_cert can be used mode than once
to support use of multiple certificates.
Reviewed-by: NMatt Caswell <matt@openssl.org>

If supported create DSA and ECDSA certificates and test them.
Reviewed-by: NMatt Caswell <matt@openssl.org>

- Pass in the right ciphertext length to ensure we're indeed testing
  ciphertext corruption (and not truncation).
- Only test one mutation per byte to not make the test too slow.
- Add a separate test for truncated ciphertexts.
Reviewed-by: NRichard Levitte <levitte@openssl.org>

Don't dereference |d| when |top| is zero. Also test that various BIGNUM methods behave correctly on zero/even inputs.

Follow-up to b11980d79a52ec08844f08bea0e66c04b691840b
Reviewed-by: NRich Salz <rsalz@openssl.org>

BN_bntest_rand generates a single-word zero BIGNUM with quite a large probability.

A zero BIGNUM in turn will end up having a NULL |d|-buffer, which we shouldn't dereference without checking.
Reviewed-by: NRichard Levitte <levitte@openssl.org>

Fix more potential leaks in X509_verify_cert()
Fix memory leak in ClientHello test
Fix memory leak in gost2814789 test
Fix potential memory leak in PKCS7_verify()
Fix potential memory leaks in X509_add1_reject_object()
Refactor to use "goto err" in cleanup.
Signed-off-by: NRich Salz <rsalz@akamai.com>
Reviewed-by: NEmilia Käsper <emilia@openssl.org>

Rewrite ssl3_get_client_hello to use the new methods.
Reviewed-by: NMatt Caswell <matt@openssl.org>

Add a set of tests for checking that NewSessionTicket messages are
behaving as expected.
Reviewed-by: NTim Hudson <tjh@openssl.org>

Add DSA tests.

Add tests to verify signatures against public keys. This will also check
that a public key is read in correctly.
Reviewed-by: NBen Laurie <ben@openssl.org>

Reviewed-by: NMatt Caswell <matt@openssl.org>

Enhance the PACKET code readability, and fix a stale comment. Thanks
to Ben Kaduk (bkaduk@akamai.com) for pointing this out.
Reviewed-by: NEmilia Käsper <emilia@openssl.org>

Use a dynamic engine for ossltest engine so that we can build it without
subsequently deploying it during install. We do not want people accidentally
using this engine.
Reviewed-by: NRichard Levitte <levitte@openssl.org>
Reviewed-by: NMatt Caswell <matt@openssl.org>

When using an anon DH ciphersuite a client should reject a 0 value for p.
Reviewed-by: NRichard Levitte <levitte@openssl.org>

Two tests are added: one is a simple version tolerance test; the second is
a test to ensure that OpenSSL operates correctly in the case of a zero
length extensions block. The latter was broken inadvertently (now fixed)
and it would have been helpful to have a test case for it.
Reviewed-by: NRichard Levitte <levitte@openssl.org>

We could just initialize it, but to be consistent with the rest of the file
it seemed to make more sense to just drop.
Reviewed-by: NBen Laurie <ben@openssl.org>
Reviewed-by: NMatt Caswell <matt@openssl.org>

This reverts commit 704563f0.

Reverting in favour of the next commit which removes the underlying cause
of the warning.
Reviewed-by: NBen Laurie <ben@openssl.org>

Reviewed-by: NRich Salz <rsalz@openssl.org>

Some of the PACKET functions were returning incorrect data. An unfortunate
choice of test data in the unit test was masking the failure.
Reviewed-by: NTim Hudson <tjh@openssl.org>

Add some unit tests for the new PACKET API
Reviewed-by: NTim Hudson <tjh@openssl.org>

Provide more robust (inline) functions to replace n2s, n2l, etc. These
functions do the same thing as the previous macros, but also keep track
of the amount of data remaining and return an error if we try to read more
data than we've got.
Reviewed-by: NTim Hudson <tjh@openssl.org>

The function SSL_set_session_ticket_ext sets the ticket data to be sent in
the ClientHello. This is useful for EAP-FAST. This commit adds a test to
ensure that when this function is called the expected ticket data actually
appears in the ClientHello.
Reviewed-by: NViktor Dukhovni <viktor@openssl.org>

Remove support for RSA_NET and Netscape key format (-keyform n).

Also removed documentation of SGC.
Reviewed-by: NViktor Dukhovni <viktor@openssl.org>

Reviewed-by: NStephen Henson <steve@openssl.org>

This adds a test for CVE-2015-1793. This adds a new test file
verify_extra_test.c, which could form the basis for additional
verification tests.
Reviewed-by: NStephen Henson <steve@openssl.org>

Reviewed-by: NMatt Caswell <matt@openssl.org>

Add secure heap for storage of private keys (when possible).
Add BIO_s_secmem(), CBIGNUM, etc.
Add BIO_CTX_secure_new so all BIGNUM's in the context are secure.
Contributed by Akamai Technologies under the Corporate CLA.
Reviewed-by: NRichard Levitte <levitte@openssl.org>

Reviewed-by: NMatt Caswell <matt@openssl.org>

Typo in local variable name; introduced by previous fix.
Reviewed-by: NRichard Levitte <levitte@openssl.org>

Reviewed-by: NRichard Levitte <levitte@openssl.org>

Recent HMAC changes broke ABI compatibility due to a new field in HMAC_CTX.
This backs that change out, and does it a different way.

Thanks to Timo Teras for the concept.
Reviewed-by: NRichard Levitte <levitte@openssl.org>

The function EC_POINT_is_on_curve does not return a boolean value.
It returns 1 if the point is on the curve, 0 if it is not, and -1
on error. Many usages within OpenSSL were incorrectly using this
function and therefore not correctly handling error conditions.

With thanks to the Open Crypto Audit Project for reporting this issue.
Reviewed-by: NKurt Roeckx <kurt@openssl.org>

test/gost2814789test.c needs to include openssl/e_os2.h or it wouldn't
see the defined OPENSSL_NO_* macros.
Reviewed-by: NTim Hudson <tjh@openssl.org>

For librypto to be complete, the stuff in both crypto/ and engines/
have to be built.  Doing 'make test' or 'make apps' from a clean
source tree failed to do so.
Corrected by using the new 'build_libcrypto' in the top Makefile.
Reviewed-by: NTim Hudson <tjh@openssl.org>

Also removed a source file that isn't built, and moved
another one to test for eventual fixing.
Reviewed-by: NRichard Levitte <levitte@openssl.org>

Almost two months ago, the warning about non-existing config file was
supressed by setting the environment variable OPENSSL_CONF to /dev/null
everywhere.  Now that this warning is gone, that practice is no longer
needed.
Reviewed-by: NStephen Henson <steve@openssl.org>
Reviewed-by: NRich Salz <rsalz@openssl.org>

In master, the 'dh' command is gone, so use 'dhparam' instead to
determine if we're compiled with DH.

Also, set "@SECLEVEL=1" for the weak DH test, so that it actually
passes.
Reviewed-by: NDr Stephen Henson <steve@openssl.org>

Reviewed-by: NRich Salz <rsalz@openssl.org>