Commit graph

19483 commits

Author SHA1 Message Date
Matt Caswell
6828358c65 Handle TLSv1.3 being disabled in clienthello test
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2968)
2017-03-16 15:37:41 +00:00
Matt Caswell
6bc6ca623b Add tests for the padding extension
Check that the padding extension pads correctly for various scenarios.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2968)
2017-03-16 15:37:41 +00:00
Matt Caswell
d702ad121c Fix the Padding extension
In OpenSSL 1.1.0 the padding extension MUST be last because it calculates
the length of everything that has been written into the ClientHello to
determine whether it needs to be padded or not. With TLSv1.3 that isn't
possible because the specification requires that the PSK extension is last.
Therefore we need to fix the padding extension to take account of any PSK
extension that will be later added.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2968)
2017-03-16 15:37:41 +00:00
Matt Caswell
635b7d3f2a Updates following review feedback
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2895)
2017-03-16 14:20:38 +00:00
Matt Caswell
c35cb287cb Add some HRR tests
Check that we handle changes of ciphersuite between HRR and ServerHello
correctly.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2895)
2017-03-16 14:20:38 +00:00
Matt Caswell
807551ac0d Add some more PSK tests
Test that if the server selects a ciphersuite with a different hash from
the PSK in the original ClientHello, the second ClientHello does not
contain the PSK.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2895)
2017-03-16 14:20:38 +00:00
Matt Caswell
69b2d39332 Fix ciphersuite handling during an HRR
Choose a new ciphersuite for the HRR. Don't just use the one from the
session.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2895)
2017-03-16 14:20:38 +00:00
Matt Caswell
cf3e221bd9 Ensure after an HRR any PSKs have the right hash
Don't include a PSK that does not have the right hash for the selected
ciphersuite following an HRR.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2895)
2017-03-16 14:20:38 +00:00
Matt Caswell
11c67eeaf4 HelloRetryRequest updates for draft-19
Draft-19 changes the HRR transcript hash so that the initial ClientHello
is replaced in the transcript with a special synthetic message_hash message
that just contains a hash of ClientHello1 as its message body.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2895)
2017-03-16 14:20:38 +00:00
Matt Caswell
9e0ac6a2f1 Check ClientHello boundary as per draft-19
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2895)
2017-03-16 14:20:38 +00:00
Matt Caswell
6594189fa1 Merge early_data_info extension into early_data
As per draft-19

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2895)
2017-03-16 14:20:38 +00:00
Matt Caswell
ef6c191bce Update end of early data processing for draft-19
The end of early data is now indicated by a new handshake message rather
than an alert.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2895)
2017-03-16 14:20:38 +00:00
Matt Caswell
bc993d30fc Update the TLSv1.3 secrets test vectors for draft-19
These are self-generated test vectors which gives us very little
confidence that we've got the implementation right. However until
we can get vectors from somewhere else (or ideally official vectors)
this is all we've got. At least it will tell us if we accidentally
break something at some point in the future.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2895)
2017-03-16 14:20:38 +00:00
Matt Caswell
3e0458fb12 Update secret generation for draft-19
TLSv1.3 draft 19 introduces a new pre HKDF-extract Derive-Secret stage.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2895)
2017-03-16 14:20:38 +00:00
Matt Caswell
e984b535d9 Update the TLSv1.3 version indicator for draft-19
This change will mean we will lose interoperability with draft-18
implementations.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2895)
2017-03-16 14:20:38 +00:00
Paul Yang
7baabf45c4 Fix typo in ASYNC_WAIT_CTX_new.pod doc
For the function that get the changed fds, it should be
'ASYNC_WAIT_CTX_get_changed_fds()' instead of 'ASYNC_WAIT_CTX_fds_have_changed()'.

CLA: trivial

Signed-off-by: Paul Yang <paulyang.inf@gmail.com>

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2966)
2017-03-16 13:50:21 +00:00
FdaSilvaYY
f2ff1432fc Simplify code around next_proto.len by changing 'len' data type.
clean an useless static qualifier and a dead comment.

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2278)
2017-03-16 11:43:39 +01:00
Benjamin Kaduk
0ae407eebe Remove documentation of deleted function
It's even removing a BUGS entry!

Reviewed-by: Emilia Käsper <emilia@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2797)
2017-03-16 11:39:34 +01:00
Benjamin Kaduk
b00d5407b5 Remove unused typedefs from indent config
Some things were not removed from util/indent.pro when they were removed
from the code.

grep '^-T' util/indent.pro | awk '{print $2} > /tmp/a
grep -rF -f /tmp/a --exclude CHANGES --exclude 'INSTALL' --exclude 'LICENSE' --exclude 'NEWS' --exclude 'NOTES*' --exclude 'README*' --exclude indent.pro --exclude-dir corpora -o -h *|sort|uniq>/tmp/b
comm -23 <(sort /tmp/a) /tmp/b >/tmp/c
grep -v -E '(LHASH_OF|STACK_OF)' /tmp/c > /tmp/d
grep -v -Ff /tmp/d util/indent.pro > util/indent.pro

Manually adjusted to retain time_t and the ossl_*intmax_t types.

Reviewed-by: Emilia Käsper <emilia@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2797)
2017-03-16 11:39:34 +01:00
Benjamin Kaduk
f775245245 Remove some unused PEM structures
Reviewed-by: Emilia Käsper <emilia@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2797)
2017-03-16 11:39:34 +01:00
Pauli
5a81a050aa Rename the test_stack recipe file name to be consistent with the rest of the
tests.

[skip ci]

Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2964)
2017-03-16 11:36:11 +01:00
Bernd Edlinger
29d1fad788 Fixed a crash in print_notice.
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2935)
2017-03-15 17:32:28 -04:00
Benjamin Kaduk
dda12ce4e5 Remove dead code
tls1_get_curvelist() does not read from its third parameter, so
the assignments prior to function call were dead code and can be removed.

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2952)
2017-03-15 20:59:42 +00:00
Benjamin Kaduk
d9aea04162 Tighten up client status_request processing
Instead of making a positive comparison against the invalid value
that our server would send, make a negative check against the only
value that is not an error.

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2953)
2017-03-15 20:44:57 +00:00
Richard Levitte
26721d3212 Forgotten 'make update'
Reviewed-by: Rich Salz <rsalz@openssl.org>
2017-03-15 21:20:11 +01:00
Richard Levitte
a2880aec73 VMS: turning off CALL_DEBUG isn't possible on Alpha
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2962)
2017-03-15 17:16:37 +01:00
Richard Levitte
d1da335c55 Add EC_KEY_get0_engine()
Just as for DH, DSA and RSA, this gives the engine associated with the
key.

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2960)
2017-03-15 15:03:11 +01:00
Pauli
89b06ca7b0 Rewrite the documentation for sk_TYPE_find() and sk_TYPE_find_ex() to better
describe the vagaries in their behaviour.

[skip ci]

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2958)
2017-03-15 09:26:26 -04:00
Pauli
9837496142 Unit tests for crypto/stack.
Reviewed-by: Andy Polyakov <appro@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2924)
2017-03-15 14:15:08 +01:00
Matt Caswell
db0e0abb88 Fix a hang in tests that use sessionfile
The logic for testing whether the sessionfile has been created or not
was faulty and could result in race conditions. If you "lose" the tests
hang waiting for a session file that's never going to arrive.

Fixes #2950

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2955)
2017-03-15 11:23:57 +00:00
Andy Polyakov
3a80bd29be NOTES.WIN: mention Strawberry Perl as option.
Reviewed-by: Rich Salz <rsalz@openssl.org>
2017-03-15 12:17:52 +01:00
Andy Polyakov
b3068d0ac4 test/recipes/03-test_internal_*: call setup() first.
Strawberry Perl bailed out running test\run_tests.pl insisting on
setup() being called explicitly.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2017-03-15 12:16:48 +01:00
Benjamin Kaduk
a5bb1aa128 Clear alpn_selected_len for clients, too
Zero out the length alongside the NULLing of the pointer, to
bring parity between the selected and proposed fields..

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2954)
2017-03-15 03:18:01 +01:00
Richard Levitte
1ae4c07e50 VMS: don't use /DSF, turn off CALL_DEBUG instead
It turns out that /DSF didn't do any good for our purposes.  Instead,
remove the CALL_DEBUG flag from any image we link.  This ensures that
we can have debugging information in the image files, but don't
automatically end up in a debugging session upon image activation.

Unfortunately, this means the CALL_DEBUG must be turned on when there
is a need to run with the debugger activated, and to turn it off when
done.  This has been documented in NOTES.VMS.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2957)
2017-03-15 03:09:57 +01:00
Jon Spillett
5c9e344731 Add Python Cryptography.io external test suite
Add python cryptography testing instructions too

Reviewed-by: Andy Polyakov <appro@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2885)
2017-03-15 01:26:36 +01:00
Dr. Stephen Henson
946a515a2b Add additional RSA-PSS and RSA-OAEP tests.
Import test data from:
ftp://ftp.rsasecurity.com/pub/pkcs/pkcs-1/pkcs-1v2-1-vec.zip

This is a set of RSA-PSS and RSA-OAEP test vectors including some edge cases
with unusual key sizes.

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2944)
2017-03-15 00:04:44 +00:00
Matt Caswell
f81f279a73 Re-enable some BoringSSL tests
The previous 2 commits fixed some issues in the Boring tests. This
re-enables those tests.

[extended tests]

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2942)
2017-03-14 23:15:21 +00:00
Matt Caswell
162e120711 SSL_get_peer_cert_chain() does not work after a resumption
After a resumption it is documented that SSL_get_peer_cert_chain() will
return NULL. In BoringSSL it still returns the chain. We don't support that
so we should update the shim to call SSL_get_peer_certificate() instead
when checking whether a peer certificate is available.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2942)
2017-03-14 23:15:21 +00:00
Matt Caswell
e29d7cea33 Ensure we set the session id context in ossl_shim
OpenSSL requires that we set the session id context. BoringSSL apparently
does not require this, so wasn't setting it.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2942)
2017-03-14 23:15:21 +00:00
Benjamin Kaduk
e0926ef49d De-obfuscate
No need to break out of the loop and repeat the loop termination
condition when we can just return.

Reviewed-by: Kurt Roeckx <kurt@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2949)
2017-03-14 22:45:44 +00:00
Richard Levitte
a74db02a2e VMS: throw away [.util]shareable_image_wrap.c.in and add replacement scripts
[.util]shareable_image_wrap.c.in was never useful because lib$spawn()
insisted on combining stdout and stderr into one.

Instead, we introduce two scripts that create and destroy a temporary
environment where the local shareable images become available,
[.util]local_shlib.com and [.util]unlocal_shlib.com.  They also define
DBG$IMAGE_DSF_PATH, which is require so the debugger can find the Debug
Symbol Files.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2947)
2017-03-14 22:27:17 +01:00
Richard Levitte
2de2df7fe8 VMS: Change debug linking method to generate a separate Debug Symbol File
That makes it possible to run images without automagically ending up
in a debug session, while still being able to debug when required.

All .DSF files must reside in the same directory to be useful.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2947)
2017-03-14 22:27:17 +01:00
Andy Polyakov
22df22e7c3 .travis.yml: make git submodule update conditional.
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
2017-03-14 21:06:03 +01:00
Rich Salz
4772610ccf Add test for -nameout output
Using a cert with Cyrillic characters, kindly supplied by Dmitry Belyavsky

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2943)
2017-03-14 15:18:07 -04:00
Emilia Kasper
703324a7e7 Update master Travis to Trusty
This gets us a newer Clang, and newer Go.
1.1.0 already runs on Trusty without issues.

To do this, we need to disable afalgeng in the -Werror build.

afalgeng isn't compatible with the -Werror build on
Travis Trusty due to kernel header mismatch.

(See also 97043e46aa)

Reviewed-by: Richard Levitte <levitte@openssl.org>
2017-03-14 19:00:40 +01:00
Benjamin Kaduk
96a5d7fdba Fix a -Wsign-compare warning
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2940)
2017-03-14 11:44:34 -05:00
Benjamin Kaduk
aebe9e3991 Fix some -Wshadow warnings
Found using various (old-ish) versions of gcc.

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2940)
2017-03-14 11:44:31 -05:00
Richard Levitte
d8f9213ae2 Rather use -out parameter than redirect stdout
On some platforms, setting stdout to binary mode isn't quite enough,
which makes the result unusable.  With -out, we have better control.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2939)
2017-03-14 17:21:24 +01:00
Matt Caswell
64e2b23ce3 Fix 12 Boring tests involving NULL-SHA ciphersuites
The Boring runner attempts to enable the NULL-SHA ciphersuite using the
cipherstring "DEFAULT:NULL-SHA". However in OpenSSL DEFAULT permanently
switches off NULL ciphersuites, so we fix this up to be "ALL:NULL-SHA"
instead. We can't change the runner so we have to change the shim to
detect this.

(Merged from https://github.com/openssl/openssl/pull/2933)
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Emilia Käsper <emilia@openssl.org>
2017-03-14 14:29:31 +00:00
Emilia Kasper
49619ab008 Port remaining old DTLS tests
We already test DTLS protocol versions. For good measure, add some
DTLS tests with client auth to the new test framework, so that we can
remove the old tests without losing coverage.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2017-03-14 15:16:27 +01:00