Commit graph

18656 commits

Author SHA1 Message Date
Matt Caswell
88858868ab Change various repeated rr[someindex] references to a pointer
Improves the readability of the code, and reduces the liklihood of errors.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-12-05 17:05:40 +00:00
Matt Caswell
e8eb224b8c Ensure compressdata is always initialised
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-12-05 17:05:40 +00:00
Matt Caswell
f31d5e1005 Add a TLS1.3 TODO for the msg callback
At the moment the msg callback only received the record header with the
outer record type in it. We never pass the inner record type - we probably
need to at some point.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-12-05 17:05:40 +00:00
Matt Caswell
b4c6e37e74 Add more TLS1.3 record tests
Add some tests for the new record construction

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-12-05 17:05:40 +00:00
Matt Caswell
e60ce9c451 Update the record layer to use TLSv1.3 style record construction
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-12-05 17:05:40 +00:00
Matt Caswell
6a149cee78 Convert TLS Record receipt to use PACKET
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-12-05 17:05:40 +00:00
Matt Caswell
c7c42022b9 Convert TLS record construction to use WPACKET
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-12-05 17:05:40 +00:00
Matt Caswell
3171bad66e Add an ability to find out the current write location from a WPACKET
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-12-05 17:05:40 +00:00
Viktor Dukhovni
c53f7355b9 Restore last-resort expired untrusted intermediate issuers
Reviewed-by: Matt Caswell <matt@openssl.org>
2016-12-02 19:37:45 -05:00
Kurt Roeckx
ef2bf0f57c Run a some tests with -DFUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION
The fuzzers use -DFUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION, and actually
get different results based on that. We should have at least some
targets that actually fully use the fuzz corpora.

Reviewed-by: Rich Salz <rsalz@openssl.org>
GH: #2023
2016-12-03 00:14:15 +01:00
Kurt Roeckx
d69d8f904c Make the fuzzers more reproducible
We want to be in the same global state each time we come in
FuzzerTestOneInput(). There are various reasons why we might not be that
include:
- Initialization that happens on first use. This is mostly the
  RUN_ONCE() things, or loading of error strings.
- Results that get cached. For instance a stack that is sorted, RSA
  blinding that has been set up, ...

So I try to trigger as much as possible in FuzzerInitialize(), and for
things I didn't find out how to trigger this it needs to happen in
FuzzerTestOneInput().

Reviewed-by: Rich Salz <rsalz@openssl.org>
GH: #2023
2016-12-03 00:14:15 +01:00
Kurt Roeckx
0282aeb690 Move libfuzzer sanitizer options to README
This is something you might want to change depending on the version to
use, there is no point in us fixing this to something.

Reviewed-by: Rich Salz <rsalz@openssl.org>
GH: #2023
2016-12-03 00:14:15 +01:00
Kurt Roeckx
1b6a77a1a0 CMS fuzzer: also use id2
Reviewed-by: Rich Salz <rsalz@openssl.org>
GH: #2023
2016-12-03 00:14:15 +01:00
Kurt Roeckx
3a9b9b2deb Make the random number generator predictable when fuzzing.
Reviewed-by: Rich Salz <rsalz@openssl.org>
GH: #2023
2016-12-03 00:14:15 +01:00
Kurt Roeckx
3a85d05fb3 Use 8bit-counters when using libfuzzer
Reviewed-by: Rich Salz <rsalz@openssl.org>
GH: #2023
2016-12-03 00:14:14 +01:00
Kurt Roeckx
8087bcb323 bndiv fuzzer: move new and free calls to the init and cleanup function.
Reviewed-by: Rich Salz <rsalz@openssl.org>
GH: #2023
2016-12-03 00:14:14 +01:00
Kurt Roeckx
7d22cceecc bignum fuzzer: move new and free calls to the init and cleanup function.
Reviewed-by: Rich Salz <rsalz@openssl.org>
GH: #2023
2016-12-03 00:14:14 +01:00
Kurt Roeckx
da15cb7cd9 asn1parse: create the out bio during init, free it during cleanup
Reviewed-by: Rich Salz <rsalz@openssl.org>
GH: #2023
2016-12-03 00:14:14 +01:00
Kurt Roeckx
ad4da7fbc0 Add a FuzzerClean() function
This allows to free everything we allocated, so we can detect memory
leaks.

Reviewed-by: Rich Salz <rsalz@openssl.org>
GH: #2023
2016-12-03 00:14:14 +01:00
Kurt Roeckx
baae2cbc92 FuzzerInitialize always exists
There was a time it could be NULL, but that was changed to always have it.

Reviewed-by: Rich Salz <rsalz@openssl.org>
GH: #2023
2016-12-03 00:14:14 +01:00
Kurt Roeckx
f3e911d5ed Fix formatting of fuzzers
Reviewed-by: Rich Salz <rsalz@openssl.org>
GH: #2023
2016-12-03 00:14:14 +01:00
Matt Caswell
82cb311fa0 Fix a typo in bio_read_intern
Reviewed-by: Stephen Henson <steve@openssl.org>
2016-12-02 09:15:19 +00:00
Matt Caswell
bcd62c2512 Make refdata in tls13encryptest static
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-11-30 10:57:10 +00:00
Matt Caswell
f60d68dc53 Convert tls13encryptiontest so that we pass around a pointer not an index
We also split the long string literals into 3 to avoid problems where we
go over the 509 character limit.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-11-30 10:53:57 +00:00
Matt Caswell
6606d60054 Fix some style issues in the TLSv1.3 nonce construction code
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-11-29 23:31:10 +00:00
Matt Caswell
d3ab93e9c3 Fix a double free in tls13encryptiontest
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-11-29 23:31:10 +00:00
Matt Caswell
6c67017424 Fix a travis compilation error
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-11-29 23:31:10 +00:00
Matt Caswell
f01675c6b7 Add a test for TLSv1.3 encryption using the new nonce construction
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-11-29 23:31:10 +00:00
Matt Caswell
bebc0c7d85 Use the TLSv1.3 nonce construction
This updates the record layer to use the TLSv1.3 style nonce construciton.
It also updates TLSProxy and ossltest to be able to recognise the new
layout.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-11-29 23:31:10 +00:00
Matt Caswell
54d028aa0f Fix mac-then-encrypt test with enable-tls1_3
Commit b3618f44 added a test for mac-then-encrypt. However the test fails
when running with "enable-tls1_3". The problem is that the test creates a
connection, which ends up being TLSv1.3. However it also restricts the
ciphers to a single mac-then-encrypt ciphersuite that is not TLSv1.3
compatible so the connection aborts and the test fails. Mac-then-encrypt
is not relevant to TLSv1.3, so the test should disable that protocol
version.

Reviewed-by: Emilia Käsper <emilia@openssl.org>
2016-11-29 22:51:12 +00:00
Matt Caswell
5bdcd362d2 Ensure we are in accept state in DTLSv1_listen
Calling SSL_set_accept_state() after DTLSv1_listen() clears the state, so
SSL_accept() no longer works. In 1.0.2 calling DTLSv1_listen() would set
the accept state automatically. We should still do that.

Fixes #1989

Reviewed-by: Andy Polyakov <appro@openssl.org>
2016-11-29 10:01:49 +00:00
Rich Salz
8d1ebff41c Make bntest be (mostly) file-based.
Test suite used from boring, written by David Benjamin.
Test driver converted from C++ to C.
Added a Perl program to check the testsuite file.
Extensive review feedback incorporated (thanks folks).

Reviewed-by: Emilia Käsper <emilia@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-11-28 12:26:05 -05:00
Emilia Kasper
b3618f44a7 Test mac-then-encrypt
Verify that the encrypt-then-mac negotiation is handled
correctly. Additionally, when compiled with no-asm, this test ensures
coverage for the constant-time MAC copying code in
ssl3_cbc_copy_mac. The proxy-based CBC padding test covers that as
well but it's nevertheless better to have an explicit handshake test
for mac-then-encrypt.

Reviewed-by: Andy Polyakov <appro@openssl.org>
2016-11-28 12:23:36 +01:00
Dr. Stephen Henson
c6d67f09f3 add CMS SHA1 signing test
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-11-25 20:50:58 +00:00
Dr. Stephen Henson
a5abd438f8 Fix ctrl operation for SHA1/MD5SHA1.
This makes S/MIME and CMS signing in MIME format for SHA1 work again.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-11-25 20:50:58 +00:00
Andy Polyakov
5ae5dc9661 INSTALL: clarify 386 and no-sse2 options.
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-11-25 17:34:28 +01:00
Andy Polyakov
76f572ed04 modes/ctr128.c: fix false carry in counter increment procedure.
GH issue #1916 affects only big-endian platforms. TLS is not affected,
because TLS fragment is never big enough.

Reviewed-by: Matt Caswell <matt@openssl.org>
2016-11-25 17:22:21 +01:00
Andy Polyakov
b47f116b1e test/evptests.txt: add regression test for false carry in ctr128.c.
GH issue #1916 affects only big-endian platforms. TLS is not affected,
because TLS fragment is never big enough.

Reviewed-by: Matt Caswell <matt@openssl.org>
2016-11-25 17:21:30 +01:00
Andy Polyakov
90fc4832a3 bn/asm/ppc-mont.pl: signal no-op in 32-bit bit build.
The bug was introduced in 80d27cdb84,
one too many instructions was removed. It went unnoticed, because
new subroutine introduced in previous commit is called in real-life
RSA/DSA/DH cases, while original code is called only in rare tests.
The bug was caught in test_fuzz.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-11-25 17:18:24 +01:00
Kurt Roeckx
20d14461fb coveralls: Use gcov-5 since we build it using gcc-5
Reviewed-by: Emilia Käsper <emilia@openssl.org>

GH: #2003
2016-11-24 21:28:31 +01:00
Matt Caswell
0528f253c7 Fix a bogus uninit var warning
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-11-24 18:02:43 +00:00
Matt Caswell
f231b4e7a6 Fix a warning about an uninit var
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-11-24 18:02:43 +00:00
Emilia Kasper
ab29eca645 Run BoringSSL tests on Travis
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-11-24 12:21:33 +01:00
Matt Caswell
a1fd1fb241 Fix a missing function prototype in AFALG engine
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-11-24 09:28:16 +00:00
Matt Caswell
884a790e17 Fix missing NULL checks in key_share processing
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-11-23 22:39:27 +00:00
Matt Caswell
b599ce3b64 Fix missing NULL checks in CKE processing
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-11-23 22:39:27 +00:00
Matt Caswell
7acb8b64c3 Use ClientHello.legacy_version for the RSA pre-master no matter what
Don't use what is in supported_versions for the RSA pre-master

Reviewed-by: Emilia Käsper <emilia@openssl.org>
2016-11-23 17:01:33 +00:00
Matt Caswell
66889e4399 Fix some defines in ossl_shim
ossl_shim had some TLS1.3 defines that are now in ssl.h so need to be
removed.

Reviewed-by: Emilia Käsper <emilia@openssl.org>
2016-11-23 17:01:33 +00:00
Matt Caswell
902d036c14 Fix a double ;; causing a travis failure
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-11-23 16:09:30 +00:00
Matt Caswell
5d8ce30634 Fix an uninit variable usage
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-11-23 16:06:46 +00:00