Commit graph

2090 commits

Author SHA1 Message Date
Bernd Edlinger
c911e5da3c Fix bio callback backward compatibility
Don't pass a pointer to uninitialized processed value
for BIO_CB_READ and BIO_CB_WRITE

Check the correct cmd code in BIO_callback_ctrl

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5516)
2018-03-19 14:20:53 +01:00
Matt Caswell
66a925ea8c Fix no-ec
Raw private/public key loading may fail for X25519/X448 if ec has been
disabled.

Also fixed a missing blank line in evppkey.txt resulting in a warning in
the test output.

Reviewed-by: Andy Polyakov <appro@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5664)
2018-03-19 12:34:29 +00:00
Matt Caswell
78fb5374e1 Add a test for 0RTT replay protection
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5644)
2018-03-19 12:21:42 +00:00
Matt Caswell
32305f8850 Always call the new_session_cb when issuing a NewSessionTicket in TLSv1.3
Conceptually in TLSv1.3 there can be multiple sessions associated with a
single connection. Each NewSessionTicket issued can be considered a
separate session. We can end up issuing multiple NewSessionTickets on a
single connection at the moment (e.g. in a post-handshake auth scenario).
Each of those issued tickets should have the new_session_cb called, it
should go into the session cache separately and it should have a unique
id associated with it (so that they can be found individually in the
cache).

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5644)
2018-03-19 12:21:17 +00:00
Richard Levitte
00c8f1b05c Stop test/shlibloadtest.c from failing in a regression test
When doing a regression test, it's obvious that the version
test/shlibloadtest is built for will not be the same as the library
version.  So we change the test to check for assumed compatibility.

Reviewed-by: Andy Polyakov <appro@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5619)
2018-03-19 07:08:51 +01:00
Dr. Matthias St. Pierre
dd07e68b20 Fix miscellaneous typos in docs and source
- d2i_PKC8PrivateKey -> d2i_PKCS8PrivateKey
- bechmark -> benchmark
- ciperhsuite -> ciphersuite
- EncyptedPreMasterSecret -> EncryptedPreMasterSecret

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5570)
2018-03-17 18:24:03 +01:00
Kurt Roeckx
eb238134e0 Propagate the request for prediction resistance to the get entropy call
Reviewed-by: Dr. Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
GH: #5402
2018-03-17 11:35:33 +01:00
Rich Salz
f297e4ecc3 Add code to run test, get malloc counts
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4528)
2018-03-15 10:51:17 -04:00
Matt Caswell
f929439f61 Rename EVP_PKEY_new_private_key()/EVP_PKEY_new_public_key()
Renamed to EVP_PKEY_new_raw_private_key()/EVP_new_raw_public_key() as per
feedback.

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5520)
2018-03-15 12:47:27 +00:00
Matt Caswell
0f987bdab8 Add some test vectors for testing raw 448/25519 keys
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5520)
2018-03-15 12:47:27 +00:00
Matt Caswell
4665244ce2 Add PrivateKeyRaw and PublicKeyRaw support to evp_test
Previously private and public keys had to be pem encoded to be read by
evp_test. This enables us to embed the raw private/public key values
in the test file. The algorithm has to support EVP_PKEY_new_private_key()
and EVP_PKEY_new_public_key() for this to work.

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5520)
2018-03-15 12:47:27 +00:00
Matt Caswell
9442c8d763 Update the tests to use the new EVP_PKEY_new_private_key() function
Also to use the new EVP_PKEY_new_CMAC_key()

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5520)
2018-03-15 12:47:27 +00:00
Matt Caswell
35a164ea6d Fix no-ec
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5618)
2018-03-14 19:24:54 +00:00
Patrick Steuer
65865cb9cc Fix test_out_option
Random path generation code in test/recipes/15-test_out_option.t
does not work: The code sets rand_path to "/test.pem". I.e. the
test will fail as expected for unprivileged user but will pass
for root user.

Signed-off-by: Patrick Steuer <patrick.steuer@de.ibm.com>

Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5595)
2018-03-14 18:37:08 +01:00
Matt Caswell
7482690137 Fix clienthellotest for new TLSv1.3 ciphersuite configuration
A place in clienthellotest was missed in converting to the new mechanism
for configuration of TLSv1.3 ciphersuites.

Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5392)
2018-03-14 10:15:50 +00:00
Matt Caswell
f865b08143 Split configuration of TLSv1.3 ciphers from older ciphers
With the current mechanism, old cipher strings that used to work in 1.1.0,
may inadvertently disable all TLSv1.3 ciphersuites causing connections to
fail. This is confusing for users.

In reality TLSv1.3 are quite different to older ciphers. They are much
simpler and there are only a small number of them so, arguably, they don't
need the same level of control that the older ciphers have.

This change splits the configuration of TLSv1.3 ciphers from older ones.
By default the TLSv1.3 ciphers are on, so you cannot inadvertently disable
them through your existing config.

Fixes #5359

Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5392)
2018-03-14 10:15:50 +00:00
Matt Caswell
3295d24238 Use the TLSv1.3 record header as AAD
As of TLSv1.3 draft-25 the record header data must be used as AAD

Reviewed-by: Ben Kaduk <kaduk@mit.edu>
(Merged from https://github.com/openssl/openssl/pull/5604)
2018-03-14 09:51:20 +00:00
Richard Levitte
86a227ee1b CONF inclusion test: Add VMS specific tests
We want to see that VMS syntax paths are treated correctly.

Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5587)
2018-03-12 23:01:02 +01:00
Benjamin Saunders
3fa2812f32 Introduce SSL_CTX_set_stateless_cookie_{generate,verify}_cb
These functions are similar to SSL_CTX_set_cookie_{generate,verify}_cb,
but used for the application-controlled portion of TLS1.3 stateless
handshake cookies rather than entire DTLSv1 cookies.

Reviewed-by: Ben Kaduk <kaduk@mit.edu>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5463)
2018-03-12 19:34:13 +00:00
Matt Caswell
aaaa6ac11b Don't negotiate TLSv1.3 with the ossl_shim
The ossl_shim doesn't know about TLSv1.3 so we should disable that
protocol version for all tests for now.

This fixes the current Travis failures.

[extended tests]

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5593)
2018-03-12 15:08:15 +00:00
Todd Short
df0fed9aab Session Ticket app data
Adds application data into the encrypted session ticket

Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3802)
2018-03-12 10:31:09 +00:00
Ben Kaduk
9ad9794273 Attempt to fix boringssl tests
Commit abe256e795 changed the config target
element from 'cxx' to 'CXX'; catch up accordingly.
Also use a space to offset the template boundary, per convention.

[extended tests]

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5577)
2018-03-09 17:23:00 -06:00
Matt Caswell
e440f51395 Give more information in the SSL_stateless return code
Allow users to distinguish between an error occurring and an HRR being
issued.

Fixes #5549

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5562)
2018-03-09 11:37:58 +00:00
Matt Caswell
532f95783e Test the new PSK behaviour
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5554)
2018-03-09 11:25:13 +00:00
Bryan Donlan
082193ef2b Fix issues in ia32 RDRAND asm leading to reduced entropy
This patch fixes two issues in the ia32 RDRAND assembly code that result in a
(possibly significant) loss of entropy.

The first, less significant, issue is that, by returning success as 0 from
OPENSSL_ia32_rdrand() and OPENSSL_ia32_rdseed(), a subtle bias was introduced.
Specifically, because the assembly routine copied the remaining number of
retries over the result when RDRAND/RDSEED returned 'successful but zero', a
bias towards values 1-8 (primarily 8) was introduced.

The second, more worrying issue was that, due to a mixup in registers, when a
buffer that was not size 0 or 1 mod 8 was passed to OPENSSL_ia32_rdrand_bytes
or OPENSSL_ia32_rdseed_bytes, the last (n mod 8) bytes were all the same value.
This issue impacts only the 64-bit variant of the assembly.

This change fixes both issues by first eliminating the only use of
OPENSSL_ia32_rdrand, replacing it with OPENSSL_ia32_rdrand_bytes, and fixes the
register mixup in OPENSSL_ia32_rdrand_bytes. It also adds a sanity test for
OPENSSL_ia32_rdrand_bytes and OPENSSL_ia32_rdseed_bytes to help catch problems
of this nature in the future.

Reviewed-by: Andy Polyakov <appro@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5342)
2018-03-08 10:27:49 -05:00
Matt Caswell
d8b67b9d0f Remove OPENSSL_USE_NODELETE guards in shlibloadtest
PR #3399 converted shlibloadtest to the new test framework. It also
seemed to add some `OPENSSL_USE_NODELETE` guards to the library
unloading part of the test. This part was added in a commit with this
description:

    Review feedback; use single main, #ifdef ADD_TEST

    Suppose OPENSSL_USE_NODELETE (via Nick Reilly)

Strangely though there doesn't seem to be any relevant review feedback
in that PR that could justify the addition of those guards. The guards
do not appear in 1.1.0.

Having the guards changes the nature of the test, so that we only test
library unloading on platforms where OPENSSL_USE_NODELETE is set (Linux
and Windows). I can't think of any good reason for this and as it doesn't
seem to be necessary in 1.1.0 so I think we should remove them.

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5530)
2018-03-07 16:20:35 +00:00
Bernd Edlinger
fce1b86f61 Fix a bunch of gcc warnings in packettest.c
Had been observed with recent gcc-8 snapshot and
$ ./config --strict-warnings enable-asan

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5519)
2018-03-06 19:07:46 +01:00
Tomas Mraz
b524b808a1 Add support for .include directive in config files
Either files or directories of *.cnf or *.conf files
can be included.
Recursive inclusion of directories is not supported.

Reviewed-by: Andy Polyakov <appro@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5351)
2018-03-05 13:32:40 +00:00
Matt Caswell
fe93b010e7 Update tests for TLS Ed448
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Kurt Roeckx <kurt@roeckx.be>
(Merged from https://github.com/openssl/openssl/pull/5470)
2018-03-05 11:39:44 +00:00
Andy Polyakov
ab9c0d2861 test/ctype_internal_test.c: portability fixup.
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Ben Kaduk <kaduk@mit.edu>
(Merged from https://github.com/openssl/openssl/pull/5493)
2018-03-03 22:15:15 +01:00
Matt Caswell
92521a3ae7 Add test vectors for X448 and Ed448
This adds the Ed448 test vectors from RFC8032 and the X448 test vectors
from RFC7748.

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Kurt Roeckx <kurt@roeckx.be>
(Merged from https://github.com/openssl/openssl/pull/5481)
2018-03-02 10:14:31 +00:00
Benjamin Kaduk
c39e4048b5 Do not set a nonzero default max_early_data
When early data support was first added, this seemed like a good
idea, as it would allow applications to just add SSL_read_early_data()
calls as needed and have things "Just Work".  However, for applications
that do not use TLS 1.3 early data, there is a negative side effect.
Having a nonzero max_early_data in a SSL_CTX (and thus, SSL objects
derived from it) means that when generating a session ticket,
tls_construct_stoc_early_data() will indicate to the client that
the server supports early data.  This is true, in that the implementation
of TLS 1.3 (i.e., OpenSSL) does support early data, but does not
necessarily indicate that the server application supports early data,
when the default value is nonzero.  In this case a well-intentioned
client would send early data along with its resumption attempt, which
would then be ignored by the server application, a waste of network
bandwidth.

Since, in order to successfully use TLS 1.3 early data, the application
must introduce calls to SSL_read_early_data(), it is not much additional
burden to require that the application also calls
SSL_{CTX_,}set_max_early_data() in order to enable the feature; doing
so closes this scenario where early data packets would be sent on
the wire but ignored.

Update SSL_read_early_data.pod accordingly, and make s_server and
our test programs into applications that are compliant with the new
requirements on applications that use early data.

Fixes #4725

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5483)
2018-02-28 21:47:09 -06:00
Richard Levitte
000edfec50 Adapt 15-test_out_option.t for more than just Unix
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4008)
2018-02-28 18:48:05 +01:00
Richard Levitte
b107e7f557 Enable the -out option test on VMS as well
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4008)
2018-02-28 18:48:05 +01:00
Paul Yang
c7702e077d Add test cases for this -out option check
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3709)
2018-02-28 18:44:56 +01:00
Matt Caswell
0d66475908 Update copyright year
Reviewed-by: Richard Levitte <levitte@openssl.org>
2018-02-27 13:59:42 +00:00
Matt Caswell
34ff74eb18 Clear some sslapitest global variables after use
Otherwise we get a use after free if the test order is randomised.

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5467)
2018-02-26 23:13:56 +00:00
Andy Polyakov
b9d1ad3203 test/ct_test.c: remove dependency on -lm.
fabs(3m) is customarily inlined, but it's not, one has to link with -lm.
Since fabs(3m) is the only reference, it makes more sense to avoid it.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2018-02-26 17:48:06 +01:00
Tatsuhiro Tsujikawa
b38ede8043 Export keying material using early exporter master secret
This commit adds SSL_export_keying_material_early() which exports
keying material using early exporter master secret.

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5252)
2018-02-26 13:35:54 +00:00
Bernd Edlinger
e42809f808 Remove executable bit from test/recipes/03-test_internal_sm4.t
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5434)
2018-02-23 14:08:08 +01:00
Richard Levitte
a75831f9cc Test the storeutl searching options
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2688)
2018-02-23 07:40:42 +01:00
Richard Levitte
7622baf8a7 Test the storeutl expectation options
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2688)
2018-02-23 07:40:42 +01:00
Viktor Dukhovni
649cfb5cbb Use malloc to avoid alignment problems.
Thanks to Norm Green for reporting this issue.

Signed-off-by: Rich Salz <rsalz@openssl.org>

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5423)
2018-02-21 08:25:49 -05:00
Matt Caswell
c7a47adca2 Fix no-ec build
[extended tests]

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5418)
2018-02-21 11:13:15 +00:00
Richard Levitte
b8a3f39b89 VMS: Fix curve448 internal test program
The internals test programs access header files that aren't guarded by
the public __DECC_INCLUDE_PROLOGUE.H and __DECC_INCLUDE_EPILOGUE.H
files, and therefore have no idea what the naming convention is.
Therefore, we need to specify that explicitely in the internals test
programs, since they aren't built with the same naming convention as
the library they belong with.

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5425)
2018-02-21 10:50:35 +01:00
Andy Polyakov
d4c499f562 test/recipes/80-test_pkcs12.t: handle lack of Win32::API.
So far check for availability of Win32::API served as implicit check
for $^O being MSWin32. Reportedly it's not safe assumption, and check
for MSWin32 has to be explicit.

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5416)
2018-02-21 10:17:44 +01:00
Matt Caswell
59bf467cca Add tests for newly added constant time functions
Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
(Merged from https://github.com/openssl/openssl/pull/5105)
2018-02-20 12:59:52 +00:00
Matt Caswell
68b20c0065 More style fixes to Curve448 code based on review feedback
Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
(Merged from https://github.com/openssl/openssl/pull/5105)
2018-02-20 12:59:30 +00:00
Matt Caswell
7d9e120fea Fixes for compilation using clang
Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
(Merged from https://github.com/openssl/openssl/pull/5105)
2018-02-20 12:59:30 +00:00
Matt Caswell
e54f5f397a Update the curve448 internal test to use testutil.h
Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
(Merged from https://github.com/openssl/openssl/pull/5105)
2018-02-20 12:59:30 +00:00