Reviewed-by: Dr Stephen Henson <steve@openssl.org>

This code does open-coded division on 64-bit quantities and thus when
building with GCC on 32-bit platforms will require functions such as
__umoddi3 and __udivdi3 from libgcc.

In constrained environments such as firmware, those functions may not
be available. So make it possible to compile out SCT support, which in
fact (in the case of UEFI) we don't need anyway.

Signed-off-by: Rich Salz <rsalz@akamai.com>
Reviewed-by: Tim Hudson <tjh@openssl.org>

Reviewed-by: Rich Salz <rsalz@openssl.org>

If a test recipe does something like this:

    indir "foo.$$" => sub {
        chmod 0500, File::Spec->curdir();
        ok(run(app(["something"])));
    }

we get a problem, because we were storing the temporary stderr file in
the current directory at all times (so while inside the 'indir', we
would attemp to store it in "foo.$$").

So, change our ways to always store that temporary file in the exact
same location, defined by the environment variable RESULT_D, or
failing that TEST_D, or failing that $TOP/test.

Reviewed-by: Rich Salz <rsalz@openssl.org>

Reviewed-by: Richard Levitte <levitte@openssl.org>

Use each once in s3_srvr.c to show how they work.

Also fix a bug introduced in c3fc7eea


and made apparent by this change:
ssl3_get_next_proto wasn't updating next_proto_negotiated_len

Reviewed-by: Matt Caswell <matt@openssl.org>

Cast and then negate, don't negate an unsigned.

Signed-off-by: Rich Salz <rsalz@akamai.com>
Reviewed-by: Tim Hudson <tjh@openssl.org>

This provides support for building in the EDK II reference implementation
of UEFI. Most UEFI firmware in existence uses OpenSSL for implementing
the core cryptographic functionality needed for Secure Boot.

This has always previously been handled with external patches to OpenSSL
but we are now making a concerted effort to eliminate those.

In this mode, we don't actually use the OpenSSL makefiles; we process
the MINFO file generated by 'make files' and incorporate it into the
EDK2 build system.

Since EDK II builds for various targets with varying word size and we
need to have a single prepackaged configuration, we deliberately don't
hard-code the setting of SIXTY_FOUR_BIT vs. THIRTY_TWO_BIT in
opensslconf.h. We bypass that for OPENSSL_SYS_UEFI and allow EDK II
itself to set those, depending on the architecture.

For x86_64, EDK II sets SIXTY_FOUR_BIT and thus uses 'long long' for the
64-bit type, even when building with GCC where 'long' is also 64-bit. We
do this because the Microsoft toolchain has 32-bit 'long'.

Signed-off-by: Rich Salz <rsalz@akamai.com>
Reviewed-by: Tim Hudson <tjh@openssl.org>

Both now warn once if directory isn't writeable.
Both now warn on file-write errors (multiple times).
Update manpage to describe both program and script correctly.

Reviewed-by: Richard Levitte <levitte@openssl.org>

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>

Reviewed-by: Richard Levitte <levitte@openssl.org>

test_ecdh and test_ecdsa are made to depend on no-ec being false.
test_hmac is made not to depend on algorithm at all.

Based on a contribution by Alessandro Ghedini <alessandro@ghedini.me>

Reviewed-by: Rich Salz <rsalz@openssl.org>

Having a general fill-column of 78 may look nice at first sight, but
if the edited text gets indented a bit afterward (such as with git
comments in 'git log'), it suddenly turns not so nice on a classic 80
columns terminal.  A fill-column of 70 will serve us better.

Reviewed-by: Rich Salz <rsalz@openssl.org>

The verify_extra_test was recently changed to take its parameters as
arguments instead of having them hardcoded.

Reviewed-by: Rich Salz <rsalz@openssl.org>

Also make internal functions consistently return values, and
add a comment documenting them.

Reviewed-by: Ben Laurie <ben@openssl.org>

This recipe counted too much on being called with test/ as its current
working directory.  That's a mistake on, for example, Windows.

Reviewed-by: Rich Salz <rsalz@openssl.org>

Reviewed-by: Rich Salz <rsalz@openssl.org>

Reviewed-by: Rich Salz <rsalz@openssl.org>

Reviewed-by: Rich Salz <rsalz@openssl.org>

The testsslproxy tests turned out to be useless as they were.  They
were really just for show and the results were ignore.  Now they are
changed into a more veerifiable test

Reviewed-by: Rich Salz <rsalz@openssl.org>

Be careful when shifting in a function argument, you end up changing
the caller's value.  Instead, when it is an array, make a shallow copy
and shift in that instead.

Reviewed-by: Rich Salz <rsalz@openssl.org>

Reviewed-by: Rich Salz <rsalz@openssl.org>

Reviewed-by: Rich Salz <rsalz@openssl.org>

Reviewed-by: Rich Salz <rsalz@openssl.org>

Some tests were copied from test_jpake, but the title wasn't changed
accordingly.  This might seem like a small thing, but it does affect
the log file name...

Reviewed-by: Rich Salz <rsalz@openssl.org>

Reviewed-by: Rich Salz <rsalz@openssl.org>

This involves adding $TOP/util as perl library in test/run_tests.pl.

Reviewed-by: Rich Salz <rsalz@openssl.org>

MINFO may be an old file lying around, which might have
00-check_testexes.t produce incorrect results.  To make sure this
doesn't happen, check the variable VERSION in it against the same
variable in the top Makefile.

Reviewed-by: Rich Salz <rsalz@openssl.org>

Before trying to read MINFO, we have no idea how many to test for, and
because skip expects to get an exact number somehow, it's better to
use 'plan skip_all'.

Reviewed-by: Rich Salz <rsalz@openssl.org>

Following the commit from July 2 that removed netscape formated certs,
it is no longer necessary to have conversion tests for it.

Reviewed-by: Rich Salz <rsalz@openssl.org>

test_clienthello
test_packet
test_verify_extra
test_secmem

Reviewed-by: Rich Salz <rsalz@openssl.org>

VMS files are normally record oriented rather than stream oriented.
This means that every write() will create a new record, which is seen
as a line of its own, regardless of if there was a \n in there or not.
bntest uses BN_print, which prints out number with more than one
write(), thereby dividing up the numbers in several lines, which
greatly disturbs the post-bntest checks that expect to find a full
formula to calculate on one line.

So, for VMS, we need to push the linebuffer filter on the out BIO.

Reviewed-by: Rich Salz <rsalz@openssl.org>

Unfortunately, a file spec with character range globs interfere with
paths on VMS, and are therefore disabled.  Rework this test to collect
a list of expected tests and a list of all recipes and compare the two
using grep.

Reviewed-by: Rich Salz <rsalz@openssl.org>

For OpenSSL::Test, it meant rearranging the code to better suite the
structure of the documentation.

Reviewed-by: Rich Salz <rsalz@openssl.org>

It became tedious as well as error prone to have all recipes use
Test::More as well as OpenSSL::Test.  The easier way is to make
OpenSSL::Test an extension of Test::More, thereby having all version
checks as well as future checks firmly there.  Additionally, that
allows us to extend existing Test::More functions if the need would
arise.

Reviewed-by: Rich Salz <rsalz@openssl.org>

When the environment variable STOPTEST is defined (with any value other
than the empty string), the test machinery in OpenSSL::Test goes into a
different mode that will stop all testing at the end of a failing recipe.

Reviewed-by: Rich Salz <rsalz@openssl.org>

Reviewed-by: Rich Salz <rsalz@openssl.org>

Reviewed-by: Rich Salz <rsalz@openssl.org>

00-check_testexes.t was a way for me to check that I didn't forget a
compiled test app.  The way it worked was to require MINFO to be present.
Considering the need for this test has diminished considerably at this
point, I might as well tone down the requirement, and have it skip the
test (and not fail it) if MINFO isn't present.

Reviewed-by: Rich Salz <rsalz@openssl.org>

For now, I'm moving them into Attic/.  They will be removed later.

Reviewed-by: Rich Salz <rsalz@openssl.org>