Commit graph

1856 commits

Author SHA1 Message Date
Matt Caswell
bc993d30fc Update the TLSv1.3 secrets test vectors for draft-19
These are self-generated test vectors which gives us very little
confidence that we've got the implementation right. However until
we can get vectors from somewhere else (or ideally official vectors)
this is all we've got. At least it will tell us if we accidentally
break something at some point in the future.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2895)
2017-03-16 14:20:38 +00:00
Pauli
5a81a050aa Rename the test_stack recipe file name to be consistent with the rest of the
tests.

[skip ci]

Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2964)
2017-03-16 11:36:11 +01:00
Pauli
9837496142 Unit tests for crypto/stack.
Reviewed-by: Andy Polyakov <appro@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2924)
2017-03-15 14:15:08 +01:00
Andy Polyakov
b3068d0ac4 test/recipes/03-test_internal_*: call setup() first.
Strawberry Perl bailed out running test\run_tests.pl insisting on
setup() being called explicitly.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2017-03-15 12:16:48 +01:00
Jon Spillett
5c9e344731 Add Python Cryptography.io external test suite
Add python cryptography testing instructions too

Reviewed-by: Andy Polyakov <appro@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2885)
2017-03-15 01:26:36 +01:00
Dr. Stephen Henson
946a515a2b Add additional RSA-PSS and RSA-OAEP tests.
Import test data from:
ftp://ftp.rsasecurity.com/pub/pkcs/pkcs-1/pkcs-1v2-1-vec.zip

This is a set of RSA-PSS and RSA-OAEP test vectors including some edge cases
with unusual key sizes.

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2944)
2017-03-15 00:04:44 +00:00
Matt Caswell
f81f279a73 Re-enable some BoringSSL tests
The previous 2 commits fixed some issues in the Boring tests. This
re-enables those tests.

[extended tests]

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2942)
2017-03-14 23:15:21 +00:00
Matt Caswell
162e120711 SSL_get_peer_cert_chain() does not work after a resumption
After a resumption it is documented that SSL_get_peer_cert_chain() will
return NULL. In BoringSSL it still returns the chain. We don't support that
so we should update the shim to call SSL_get_peer_certificate() instead
when checking whether a peer certificate is available.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2942)
2017-03-14 23:15:21 +00:00
Matt Caswell
e29d7cea33 Ensure we set the session id context in ossl_shim
OpenSSL requires that we set the session id context. BoringSSL apparently
does not require this, so wasn't setting it.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2942)
2017-03-14 23:15:21 +00:00
Rich Salz
4772610ccf Add test for -nameout output
Using a cert with Cyrillic characters, kindly supplied by Dmitry Belyavsky

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2943)
2017-03-14 15:18:07 -04:00
Benjamin Kaduk
aebe9e3991 Fix some -Wshadow warnings
Found using various (old-ish) versions of gcc.

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2940)
2017-03-14 11:44:31 -05:00
Richard Levitte
d8f9213ae2 Rather use -out parameter than redirect stdout
On some platforms, setting stdout to binary mode isn't quite enough,
which makes the result unusable.  With -out, we have better control.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2939)
2017-03-14 17:21:24 +01:00
Matt Caswell
64e2b23ce3 Fix 12 Boring tests involving NULL-SHA ciphersuites
The Boring runner attempts to enable the NULL-SHA ciphersuite using the
cipherstring "DEFAULT:NULL-SHA". However in OpenSSL DEFAULT permanently
switches off NULL ciphersuites, so we fix this up to be "ALL:NULL-SHA"
instead. We can't change the runner so we have to change the shim to
detect this.

(Merged from https://github.com/openssl/openssl/pull/2933)
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Emilia Käsper <emilia@openssl.org>
2017-03-14 14:29:31 +00:00
Emilia Kasper
49619ab008 Port remaining old DTLS tests
We already test DTLS protocol versions. For good measure, add some
DTLS tests with client auth to the new test framework, so that we can
remove the old tests without losing coverage.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2017-03-14 15:16:27 +01:00
Emilia Kasper
ea1ecd9831 Port SRP tests to the new test framework
Also add negative tests for password mismatch.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2017-03-14 15:07:50 +01:00
Matt Caswell
4b5f7e7555 Update ossl_config.json for later BoringSSL commit
Update the list of suppressions so that we can run a later BoringSSL set
of tests. This also adds an ErrorMap to greatly reduce the number of
failing tests. The remaining tests that still fail are just disabled for
now.

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2930)
2017-03-14 12:12:13 +00:00
Matt Caswell
2256f456bc Make the Boring tests pass
The boring tests are currently failing because they send a PSK extension
which isn't in the last place. This is not allowed in the latest TLS1.3
specs. However the Boring tests we have are based on an old commit that
pre-date when that rule first appeared.

The proper solution is to update the tests to a later commit. But for now
to get travis to go green we disable the failing tests.

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2928)
2017-03-14 09:59:51 +00:00
Bernd Edlinger
5e047ebf6d Added a test case for RSA_padding_add_PKCS1_PSS_mgf1.
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Andy Polyakov <appro@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2801)
2017-03-13 22:01:29 +01:00
Richard Levitte
fb68fba05f Encourage having external tests in multiple test recipes
This will make the individual external tests more easily selectable /
deselectable through the usual test selection mechanism.

This also moves external tests to group 95.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2902)
2017-03-10 22:13:04 +01:00
Richard Levitte
22cef4e1f1 Split test/recipes/03_test_internal.t into individual tests
This allows a finer granularity when selecting which tests to run, and
makes the tests more vidible.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2901)
2017-03-10 20:18:56 +01:00
Matt Caswell
717afd9337 Add a test to check that if a PSK extension is not last then we fail
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2896)
2017-03-10 15:29:24 +00:00
Richard Levitte
e5fd8ca43b Make it possible to select or deselect test groups by number
Examples of possible expressions (adapt to your platform):

    make test TESTS=-99
    make test TESTS=10
    make test TESTS=-9?
    make test TESTS=-[89]0
    make test TESTS=[89]0

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2887)
2017-03-10 00:54:57 +01:00
Pauli
777f1708a8 Limit the output of the enc -ciphers command to just the ciphers enc can
process.  This means no AEAD ciphers and no XTS mode.

Update the test script that uses this output to test cipher suites to not
filter out the now missing cipher modes.

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2876)
2017-03-08 10:01:28 -05:00
Matt Caswell
4f7b76bf0f Fix no-comp
The value of SSL3_RT_MAX_ENCRYPTED_LENGTH normally includes the compression
overhead (even if no compression is negotiated for a connection). Except in
a build where no-comp is used the value of SSL3_RT_MAX_ENCRYPTED_LENGTH does
not include the compression overhead.

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2872)
2017-03-08 11:03:37 +00:00
Matt Caswell
75e314f2d5 Fix the number of tests to skip if TLSv1.3 is disabled
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2875)
2017-03-07 16:41:25 +00:00
Matt Caswell
774c909bc9 Add a test for records not on the record boundary
Test that we check that key change messages appear on a record boundary.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2875)
2017-03-07 16:41:25 +00:00
Andy Polyakov
ee6d9dfb39 test: add chacha_internal_test.
Reviewed-by: Richard Levitte <levitte@openssl.org>
2017-03-07 10:56:07 +01:00
Matt Caswell
c1074ce096 Add a test to check that we correctly handle record overflows
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2861)
2017-03-06 20:07:40 +00:00
Rich Salz
697958313b Fix an endless loop in rsa_builtin_keygen.
And add a test case.

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2757)
2017-03-06 09:54:17 -05:00
Matt Caswell
e498d95454 Fix no-ec
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2858)
2017-03-06 10:40:18 +00:00
Matt Caswell
548d0153cc Fix a test failure with no-tls1_1
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2857)
2017-03-06 10:34:42 +00:00
Matt Caswell
ee7002266c Add a test for TLSv1.3 cookies
We just check that if we insert a cookie into an HRR it gets echoed back
in the subsequent ClientHello.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2839)
2017-03-04 23:39:00 +00:00
Dr. Stephen Henson
8336ca13b1 Update and add test
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2840)
2017-03-03 22:02:39 +00:00
Bernd Edlinger
d734582275 Reset executable bits on files where not needed.
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2835)
2017-03-03 09:13:40 +01:00
Matt Caswell
09f2887482 Update early data API for writing to unauthenticated clients
Change the early data API so that the server must use
SSL_write_early_data() to write to an unauthenticated client.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2737)
2017-03-02 17:44:16 +00:00
Matt Caswell
0665b4edae Rename SSL_write_early() to SSL_write_early_data()
This is for consistency with the rest of the API where all the functions
are called *early_data*.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2737)
2017-03-02 17:44:16 +00:00
Matt Caswell
f533fbd44a Rename SSL_read_early() to SSL_read_early_data()
This is for consistency with the rest of the API where all the functions
are called *early_data*.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2737)
2017-03-02 17:44:16 +00:00
Matt Caswell
5f9820380f Add early_data tests
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2737)
2017-03-02 17:44:16 +00:00
Matt Caswell
d49e23ec58 Implement the early data changes required in tls13_change_cipher_state()
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2737)
2017-03-02 17:44:15 +00:00
Richard Levitte
51f5930ae6 -precert doesn't work when configured no-ct, don't try to test it then
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2827)
2017-03-02 18:27:17 +01:00
Richard Levitte
a4c5f8593c Fix the skip numbers in 80-test_ca.t
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2827)
2017-03-02 18:26:26 +01:00
Matt Caswell
b6611753a6 Use the built in boolean type for CompressionExpected
Don't create a custom boolean type for parsing CompressionExpected. Use
the existing one instead.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2814)
2017-03-02 16:49:28 +00:00
Matt Caswell
439db0c97b Add compression tests
Check whether we negotiate compression in various scenarios.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2814)
2017-03-02 16:49:28 +00:00
Emilia Kasper
2f0ca54c32 Remove some obsolete/obscure internal define switches:
- FLAT_INC
- PKCS1_CHECK (the SSL_OP_PKCS1_CHECK options have been
  no-oped)
- PKCS_TESTVECT (debugging leftovers)
- SSL_AD_MISSING_SRP_USERNAME (unfinished feature)
- DTLS_AD_MISSING_HANDSHAKE_MESSAGE (unfinished feature)
- USE_OBJ_MAC (note this removes a define from the public header but
   very unlikely someone would be depending on it)
- SSL_FORBID_ENULL

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Stephen Henson <steve@openssl.org>
Reviewed-by: Andy Polyakov <appro@openssl.org>
2017-03-01 10:44:49 +01:00
Benjamin Kaduk
a00b9560f7 Add AGL's "beer mug" PEM file as another test input
AGL has a history of pointing out the idiosynchronies/laxness of the
openssl PEM parser in amusing ways.  If we want this functionality to
stay present, we should test that it works.

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2756)
2017-02-28 21:23:26 +01:00
Benjamin Kaduk
e8cee55718 Add test corpus for PEM reading
Generate a fresh certificate and DSA private key in their respective PEM
files.  Modify the resulting ASCII in various ways so as to produce input
files that might be generated by non-openssl programs (openssl always
generates "standard" PEM files, with base64 data in 64-character lines
except for a possible shorter last line).

Exercise various combinations of line lengths, leading/trailing
whitespace, non-base64 characters, comments, and padding, for both
unencrypted and encrypted files.  (We do not have any other test coverage
that uses encrypted files, as far as I can see, and the parser enforces
different rules for the body of encrypted files.)

Add a recipe to parse these test files and verify that they contain the
expected string or are rejected, according to the expected status.
Some of the current behavior is perhaps suboptimal and could be revisited.

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2756)
2017-02-28 21:23:26 +01:00
Rich Salz
629192c1b9 Exdata test was never enabled.
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2787)
2017-02-28 13:50:40 -05:00
Matt Caswell
4d118fe007 Fix test_ssl_new when compiled with no-tls1_2 or no-dtls1_2
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2788)
2017-02-28 16:26:13 +00:00
Matt Caswell
e9ee653671 Fix sslapitest when compiled with no-tls1_2
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2788)
2017-02-28 16:26:13 +00:00
Dr. Stephen Henson
c5055adf35 Revert rc4test removal, it performs additional tests not in evptests.txt
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2789)
2017-02-28 16:08:42 +00:00
Matt Caswell
a633f2675e Remove some commented out code in the tests
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Andy Polyakov <appro@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2774)
2017-02-28 16:04:15 +00:00
Dr. Stephen Henson
816060d212 Remove more redundant tests: md4, md5, rmd, rc4, p5_crpt2
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2784)
2017-02-28 15:30:12 +00:00
Matt Caswell
cec7dfc6a3 Remove the file r160test.c
It is empty and is not compiled

Reviewed-by: Andy Polyakov <appro@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2777)
2017-02-28 15:07:41 +00:00
Dr. Stephen Henson
a2121e1425 Remove wp_test.c: exactly the same tests are in evptests.txt
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2783)
2017-02-28 14:52:28 +00:00
Emilia Kasper
b53338cbf8 Clean up references to FIPS
This removes the fips configure option. This option is broken as the
required FIPS code is not available.

FIPS_mode() and FIPS_mode_set() are retained for compatibility, but
FIPS_mode() always returns 0, and FIPS_mode_set() can only be used to
turn FIPS mode off.

Reviewed-by: Stephen Henson <steve@openssl.org>
2017-02-28 15:26:25 +01:00
Pauli
533b178db6 Avoid buffer underflow in evp_test.
The second loop in the remove_space function doesn't check for walking
back off of the start of the string while setting white space to 0.

This fix exits this loop once the pointer is before the (updated) beginning
of the string.

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2752)
2017-02-28 09:14:50 -05:00
Emilia Kasper
ebc354a085 Remove methtest.c
This file tests code that doesn't exist.

Reviewed-by: Stephen Henson <steve@openssl.org>
2017-02-28 12:57:45 +01:00
Dr. Stephen Henson
c749308fc4 Add tests for SHA1 and EC point compression
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2739)
2017-02-25 00:46:45 +00:00
Dr. Stephen Henson
d09e903a86 EC certificate with compression point
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2739)
2017-02-24 23:52:22 +00:00
Dr. Stephen Henson
9f577cddf9 Add Suite B tests
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2738)
2017-02-24 23:30:49 +00:00
Dr. Stephen Henson
d343c30e42 Add P-384 root and P-384, P-256 EE certificates.
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2738)
2017-02-24 23:30:49 +00:00
Emilia Kasper
80770da39e X509 time: tighten validation per RFC 5280
- Reject fractional seconds
- Reject offsets
- Check that the date/time digits are in valid range.
- Add documentation for X509_cmp_time

GH issue 2620

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
2017-02-24 17:37:08 +01:00
Bernd Edlinger
01b76c2c5d Add -Wundef to --strict-warnings options.
Avoid a -Wundef warning in refcount.h
Avoid a -Wundef warning in o_str.c
Avoid a -Wundef warning in testutil.h
Include internal/cryptlib.h before openssl/stack.h
to avoid use of undefined symbol OPENSSL_API_COMPAT.

Reviewed-by: Andy Polyakov <appro@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2712)
2017-02-24 09:21:59 +01:00
Benjamin Kaduk
2afaee5193 Add an sslapitest for early callback
Make sure that we can stop handshake processing and resume it later.
Also check that the cipher list and compression methods are sane.
Unfortunately, we don't have the client-side APIs needed to force
a specific (known) session ID to be sent in the ClientHello, so
that accessor cannot be tested here.

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2279)
2017-02-23 19:40:27 +01:00
Benjamin Kaduk
8e2236eff8 Let test handshakes stop on certain errors
Certain callback APIs allow the callback to request async processing
by trickling a particular error value up the stack to the application
as an error return from the handshake function.  In those cases,
SSL_want() returns a code specific to the type of async processing
needed.

The create_ssl_connection() helper function for the tests is very
helpful for several things, including creating API tests.  However,
it does not currently let us test the async processing functionality
of these callback interfaces, because the special SSL error codes
are treated as generic errors and the helper continues to loop until
it reaches its maximum iteration count.

Add a new parameter, 'want', that indicates an expected/desired
special SSL error code, so that the helper will terminate when
either side reports that error, giving control back to the calling
function and allowing the test to proceed.

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2279)
2017-02-23 19:40:27 +01:00
Benjamin Kaduk
694c9180d7 Use correct variable in test diagnostic
create_ssl_connection() prints out the results if SSL_accept() and/or
SSL_connect() fail, but was reusing the client return value when printing
about SSL_accept() failures.

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2279)
2017-02-23 19:40:26 +01:00
Benjamin Kaduk
0f82d2f584 Adopt test to changed behavior
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2279)
2017-02-23 19:40:26 +01:00
Benjamin Kaduk
80de0c5947 Tests for SSL early callback
Plumb things through in the same place as the SNI callback, since
we recommend that the early callback replace (and supplement) the
SNI callback, and add a few test cases.

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2279)
2017-02-23 19:40:26 +01:00
Benjamin Kaduk
6e3dac1995 Tests for SSL_bytes_to_cipher_list()
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2279)
2017-02-23 19:40:25 +01:00
Pauli
227a44b1f6 Add a test case that tests more of the cipher modes.
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2715)
2017-02-23 02:24:51 +01:00
Rob Percival
505fb99964 Change CA.pl flag from --newprecert to --precert
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/843)
2017-02-22 10:40:30 -05:00
Rob Percival
caee75d2c6 Basic test for "openssl req -precert" via apps/CA.pl
TODO(robpercival): Should actually test that the output certificate
contains the poison extension.

Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/843)
2017-02-22 10:40:30 -05:00
Richard Levitte
e4a3d0f968 Correct the no-dh and no-dsa fix
The condition wasn't quite right

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2702)
2017-02-22 01:49:50 +01:00
Dr. Stephen Henson
faadddc906 Add no siglags test for ECDSA certificate
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2679)
2017-02-21 17:41:43 +00:00
Pauli
d42d0a4dc7 Implementation of the ARIA cipher as described in RFC 5794.
This implementation is written in endian agnostic C code. No attempt
at providing machine specific assembly code has been made. This
implementation expands the evptests by including the test cases from
RFC 5794 and ARIA official site rather than providing an individual
test case. Support for ARIA has been integrated into the command line
applications, but not TLS. Implemented modes are CBC, CFB1, CFB8,
CFB128, CTR, ECB and OFB128.

Reviewed-by: Andy Polyakov <appro@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2337)
2017-02-21 11:51:45 +01:00
Todd Short
0837bd869b Internal siphash tests are not run.
Reviewed-by: Andy Polyakov <appro@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2649)
2017-02-19 11:56:20 +01:00
Richard Levitte
d89f66412b VMS fix of test/recipes/80-test_ssl_new.t
On VMS, file names with more than one period get all but the last get
escaped with a ^, so 21-key-update.conf.in becomes 21-key-update^.conf.in
That means that %conf_dependent_tests and %skip become useless unless
we massage the file names that are used as indexes.

Reviewed-by: Andy Polyakov <appro@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2678)
2017-02-19 10:43:51 +01:00
Richard Levitte
7c98706e61 Fix no-dh and no-dsa
Since 20-cert-select.conf will vary depending in no-dh and no-dsa,
don't check it against original when those options are selected

Reviewed-by: Andy Polyakov <appro@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2680)
2017-02-19 07:04:20 +01:00
Andy Polyakov
d0823f7a9b test/README: clarify last test number group
Reviewed-by: Richard Levitte <levitte@openssl.org>
2017-02-17 20:58:04 +01:00
Dr. Stephen Henson
7a08b764cc add DSA cert tests
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2667)
2017-02-17 16:33:12 +00:00
Dr. Stephen Henson
7a02661ac1 Add DH parameters, DSA cert and key
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2667)
2017-02-17 16:33:12 +00:00
Dr. Stephen Henson
0c8736f42e Add DSA support to mkcert.sh
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2667)
2017-02-17 16:33:12 +00:00
Dr. Stephen Henson
31b238ad05 Add and use function test_pem to work out test filenames.
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2667)
2017-02-17 16:33:12 +00:00
Richard Levitte
73540f4729 Fix test_x509_store
Don't run this test unless 'openssl rehash' works properly.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2664)
2017-02-17 14:59:44 +01:00
Matt Caswell
4fbfe86ae3 Don't use an enum in the return type for a public API function
We use an int instead. That means SSL_key_update() also should use an int.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2609)
2017-02-17 10:28:01 +00:00
Matt Caswell
9b92f16170 Add some KeyUpdate tests
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2609)
2017-02-17 10:28:01 +00:00
Richard Levitte
bb0f7eca75 Add a test of the X509_STORE / X509_LOOKUP API
Fortunately, "openssl verify" makes good use of that API

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2652)
2017-02-16 21:09:09 +01:00
Richard Levitte
532e7b36d9 test/README: clarify test number groups
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2652)
2017-02-16 21:09:09 +01:00
Matt Caswell
d605fc3a0c Fix a mem leak in ssl_test_ctx.c
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2650)
2017-02-16 17:14:57 +00:00
Dr. Stephen Henson
86de658a84 Add client auth TLS 1.3 certificate selection tests
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2643)
2017-02-16 16:43:44 +00:00
Dr. Stephen Henson
b4cb7eb7df Add ECDSA client certificates
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2643)
2017-02-16 16:43:44 +00:00
Matt Caswell
28a31a0a10 Don't change the state of the ETM flags until CCS processing
In 1.1.0 changing the ciphersuite during a renegotiation can result in
a crash leading to a DoS attack. In master this does not occur with TLS
(instead you get an internal error, which is still wrong but not a security
issue) - but the problem still exists in the DTLS code.

The problem is caused by changing the flag indicating whether to use ETM
or not immediately on negotiation of ETM, rather than at CCS. Therefore,
during a renegotiation, if the ETM state is changing (usually due to a
change of ciphersuite), then an error/crash will occur.

Due to the fact that there are separate CCS messages for read and write
we actually now need two flags to determine whether to use ETM or not.

CVE-2017-3733

Reviewed-by: Richard Levitte <levitte@openssl.org>
2017-02-16 09:35:56 +00:00
Matt Caswell
cc22cd546b Provide a test for the Encrypt-Then-Mac renegotiation crash
In 1.1.0 changing the ciphersuite during a renegotiation can result in
a crash leading to a DoS attack. In master this does not occur with TLS
(instead you get an internal error, which is still wrong but not a security
issue) - but the problem still exists in the DTLS code.

This commit provides a test for the issue.

CVE-2017-3733

Reviewed-by: Richard Levitte <levitte@openssl.org>
2017-02-16 09:35:56 +00:00
Matt Caswell
b0bfd14085 Update the tls13messages test to add some HRR scenarios
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2341)
2017-02-14 13:14:25 +00:00
Matt Caswell
d542790b07 Update the kex modes tests to check various HRR scenarios
Make sure we get an HRR in the right circumstances based on kex mode.

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2341)
2017-02-14 13:14:25 +00:00
Matt Caswell
f6cec2d8ba Update test counting in checkhandshake.pm
Previously counting the number of tests in checkhandshake.pm took an
initial guess and then modified it based on various known special
cases. That is becoming increasingly untenable, so this changes it to
properly calculate the number of tests we expect to run.

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2341)
2017-02-14 13:14:25 +00:00
Matt Caswell
38f5c30b31 Update the key_share tests for HelloRetryRequest
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2341)
2017-02-14 13:14:25 +00:00
Andrea Grandi
f44e63644d Add test to show wrong behavior of ASYNC_WAIT_CTX
This happens when a fd is added and then immediately removed from the
ASYNC_WAIT_CTX before pausing the job.

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2581)
2017-02-13 15:29:42 +00:00
Richard Levitte
4bbd8a5daa test_rehash does nothing, have it do something
test/recipes/40-test_rehash.t uses test files from certs/demo, which
doesn't exist any longer.  Have it use PEM files from test/ instead.

Because rehash wants only one certificate or CRL per file, we must
also filter those PEM files to produce test files with a single object
each.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2594)
2017-02-13 05:05:38 +01:00
Richard Levitte
01ede84d56 Add needed module in 25-test_sid.t
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2579)
2017-02-09 11:12:06 +01:00
Richard Levitte
68a55f3b45 Because our test sid file contains EC, don't try it when configured no-ec
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2564)
2017-02-08 23:10:28 +01:00
Matt Caswell
18b3a80a5f Fix crash in tls13_enc
If s->s3->tmp.new_cipher is NULL then a crash can occur. This can happen
if an alert gets sent after version negotiation (i.e. we have selected
TLSv1.3 and ended up in tls13_enc), but before a ciphersuite has been
selected.

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2575)
2017-02-08 11:41:45 +00:00
Dr. Stephen Henson
1bbede20e3 update test
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2550)
2017-02-08 02:16:28 +00:00
Dr. Stephen Henson
00212c6662 Call EVP_CipherFinal in CCM mode for tests.
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2550)
2017-02-08 02:16:27 +00:00
Andy Polyakov
e05a453f6a Rename 90-test_fuzz.t to 99-test_fuzz.t to ensure that it's executed last.
Idea is to keep it last for all eternity, so that if you find yourself
in time-pressed situation and deem that fuzz test can be temporarily
skipped, you can terminate the test suite with less hesitation about
following tests that you would have originally missed.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2017-02-06 08:25:09 +01:00
Dr. Stephen Henson
0e2c7b3ee3 Add missing MinProtocol/MaxProtocol
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2339)
2017-02-02 14:45:11 +00:00
Dr. Stephen Henson
53f0873714 Add TLS 1.3 certificate selection tests.
For TLS 1.3 we select certificates with signature algorithms extension
only. For ECDSA+SHA384 there is the additional restriction that the
curve must be P-384: since the test uses P-256 this should fail.

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2339)
2017-02-02 14:45:11 +00:00
Cory Benfield
f1a5939f17 Test logging TLSv1.3 secrets.
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2287)
2017-02-02 09:34:00 +00:00
Todd Short
3f5616d734 Add support for parameterized SipHash
The core SipHash supports either 8 or 16-byte output and a configurable
number of rounds.
The default behavior, as added to EVP, is to use 16-byte output and
2,4 rounds, which matches the behavior of most implementations.
There is an EVP_PKEY_CTRL that can control the output size.

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2216)
2017-02-01 14:14:36 -05:00
Richard Levitte
383e9ade2b bntests.txt: add a couple of checks of possibly negative zero
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2335)
2017-02-01 02:03:29 +01:00
Richard Levitte
24dc7fe0c0 bntest: do not stop on first fautl encountered
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2335)
2017-02-01 02:03:29 +01:00
Richard Levitte
ceac197535 bntest: make sure file_rshift tests BN_rshift1 as well when appropriate
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2335)
2017-02-01 02:03:29 +01:00
Richard Levitte
26141babcf bntest: make sure that equalBN takes note of negative zero
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2335)
2017-02-01 02:03:29 +01:00
Dr. Stephen Henson
d8979bdda8 Use PSS for simple test so TLS 1.3 handhake is successful.
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2301)
2017-01-30 13:00:17 +00:00
Dr. Stephen Henson
a92e710b7a Add tests for client and server signature type
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2301)
2017-01-30 13:00:17 +00:00
Dr. Stephen Henson
54b7f2a5ca Add test support for TLS signature types.
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2301)
2017-01-30 13:00:17 +00:00
Matt Caswell
3ae6b5f800 Add a test for the PSK kex modes extension
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2259)
2017-01-30 10:18:24 +00:00
Matt Caswell
342543426d Add a test for WPACKET_fill_lengths()
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2259)
2017-01-30 10:18:24 +00:00
Matt Caswell
e463cb39d3 Enable wpacket test on shared builds
Now that we support internal tests properly, we can test wpacket even in
shared builds.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2259)
2017-01-30 10:18:24 +00:00
Matt Caswell
79495812fb Re-enable resumption for TLS1.3 CT tests
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2259)
2017-01-30 10:18:23 +00:00
Matt Caswell
a23bb15abe Add testing of TLSv1.3 resumption in test_tls13messages
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2259)
2017-01-30 10:18:23 +00:00
Matt Caswell
93fa7e8dbe Re-enable test_ssl_new resumption tests for TLSv1.3
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2259)
2017-01-30 10:18:22 +00:00
Matt Caswell
dd1e75bd8e Remove a TLS1.3 TODO that is now completed
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2259)
2017-01-30 10:18:22 +00:00
Matt Caswell
b05e4ce6e1 Re-enable TLSv1.3 session resumption related tests in sslapitest
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2259)
2017-01-30 10:18:22 +00:00
Matt Caswell
59db06f160 Update create_ssl_connection() to make sure its gets a session
In TLSv1.3 the connection will be created before the session is
established. In OpenSSL we send the NewSessionTicket message immediately
after the client finished has been received. Therefore we change
create_ssl_connection() to attempt a read of application data after the
handshake has completed. We expect this to fail but it will force the
reading of the NewSessionTicket and the session to be set up.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2259)
2017-01-30 10:18:22 +00:00
Matt Caswell
4b7ffd8bbe Re-enable ALPN resumption tests where we are using TLSv1.3
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2259)
2017-01-30 10:18:22 +00:00
Matt Caswell
ec15acb6bc Construct the client side psk extension for TLSv1.3
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2259)
2017-01-30 10:18:19 +00:00
Matt Caswell
b2f7e8c0fe Add support for the psk_key_exchange_modes extension
This is required for the later addition of resumption support.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2259)
2017-01-30 10:17:49 +00:00
Richard Levitte
31b69e9a26 test/evp_test.c: If no algorithm was specified, don't try to check for DES
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2319)
2017-01-29 01:19:14 +01:00
Richard Levitte
929860d0e6 Add a couple of test to check CRL fingerprint
Reviewed-by: Kurt Roeckx <kurt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2314)
2017-01-28 20:07:04 +01:00
Rich Salz
26a39fa953 Avoid over-long strings. Fix a mem leak.
Reviewed-by: Stephen Henson <steve@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2299)
2017-01-26 15:06:20 -05:00
Dr. Stephen Henson
9cf847d705 Add server signature algorithm bug test.
Add a client authentication signature algorithm to simple
ssl test and a server signature algorithm. Since we don't
do client auth this should have no effect. However if we
use client auth signature algorithms by mistake this will
abort the handshake with a no shared signature algorithms
error.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2290)
2017-01-26 16:44:18 +00:00
Andy Polyakov
3e7a496307 test/bntest.c: regression test for carry bug in bn_sqr8x_internal.
Reviewed-by: Rich Salz <rsalz@openssl.org>
2017-01-26 10:54:01 +00:00
Cory Benfield
f0deb4d352 Limit the length of the encrypted premaster key.
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2288)
2017-01-25 21:54:35 +01:00
Richard Levitte
4bb0b4381e Fix small typo
In test/ssl_test, parsing ExpectedClientSignHash ended up in the
expected_server_sign_hash field.

Reviewed-by: Stephen Henson <steve@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2289)
2017-01-25 21:46:52 +01:00
Matt Caswell
ef055ec536 Adjust in and in_len instead of donelen
Don't use the temp variable donelen in the non-aad fragmented code path.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2275)
2017-01-25 15:02:45 +00:00
Matt Caswell
7141ba3196 Fix the overlapping check for fragmented "Update" operations
When doing in place encryption the overlapping buffer check can fail
incorrectly where we have done a partial block "Update" operation. This
fixes things to take account of any pending partial blocks.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2275)
2017-01-25 15:02:44 +00:00
Matt Caswell
0b96d77a62 Update evp_test to make sure passing partial block to "Update" is ok
The previous commit fixed a bug where a partial block had been passed to
an "Update" function and it wasn't properly handled. We should catch this
type of error in evp_test.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2275)
2017-01-25 15:02:44 +00:00
FdaSilvaYY
28b86f313b Fix some extra or missing whitespaces...
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1618)
2017-01-25 09:06:34 +00:00
Todd Short
52ad5b60e3 Add support for Poly1305 in EVP_PKEY
Add Poly1305 as a "signed" digest.

Reviewed-by: Andy Polyakov <appro@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2128)
2017-01-24 15:40:37 +01:00
Cory Benfield
6acdd3e531 Add tests for the key logging callbacks.
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1646)
2017-01-23 17:07:43 +01:00
Richard Levitte
ea24bb0ac5 Fix no-tls1_2
It seems that the ssl test 20-cert-select.conf dislikes the lack of TLSv1.2

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2268)
2017-01-23 17:02:35 +01:00
Matt Caswell
dff70a2b73 Extend the test_ssl_new renegotiation tests to include client auth
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1982)
2017-01-23 14:04:44 +00:00
Gaétan Njinang
037f2c3f48 'openssl passwd' command can now compute AIX MD5-based passwords hashes.
The difference between the AIX MD5 password algorithm and the standard MD5
password algorithm is that in AIX there is no magic string while in the
standard MD5 password algorithm the magic string is "$1$"

Documentation of '-aixmd5' option of 'openssl passwd' command is added.

1 test is added in test/recipes/20-test-passwd.t

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2251)
2017-01-21 10:44:23 -05:00
Dr. Stephen Henson
062540cbc5 Add signing hash tests
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2235)
2017-01-20 01:16:31 +00:00
Dr. Stephen Henson
ee5b6a42be Add options to check TLS signing hashes
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2235)
2017-01-20 01:16:31 +00:00
Rich Salz
4f326dd899 Skip ECDH tests for SSLv3
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1597)
2017-01-18 12:24:28 -05:00
Dr. Stephen Henson
137096a7ea Defines and strings for special salt length values, add tests
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2236)
2017-01-18 15:04:49 +00:00
Dr. Stephen Henson
3c441c2eb7 additional PSS tests for -1 and invalid salt length
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2236)
2017-01-18 15:04:49 +00:00
Dr. Stephen Henson
a470f02360 Add client cert type tests
Reviewed-by: Emilia Käsper <emilia@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2224)
2017-01-15 00:23:34 +00:00
Dr. Stephen Henson
edb8a5eb54 Add certificate selection tests.
Add certifcate selection tests: the certificate type is selected by cipher
string and signature algorithm.

Reviewed-by: Emilia Käsper <emilia@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2224)
2017-01-15 00:23:34 +00:00
Dr. Stephen Henson
7289ab49d1 add ECDSA test server certificate
Reviewed-by: Emilia Käsper <emilia@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2224)
2017-01-15 00:23:33 +00:00
Dr. Stephen Henson
7f5f35af22 Add options to check certificate types.
Reviewed-by: Emilia Käsper <emilia@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2224)
2017-01-15 00:23:33 +00:00
Rich Salz
329f2f4a42 GH2176: Add X509_VERIFY_PARAM_get_time
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2208)
2017-01-12 09:54:09 -05:00
Richard Levitte
6a15d5b637 UI: fix uitest for VMS
- On VMS, apps/apps.c depends on apps/vms_term_sock.c, so add it to
  the build
- On VMS, apps/*.c are compiled with default symbol settings,
  i.e. uppercased and truncated symbols, which differs from test
  programs.  Make sure uitest.c knows that with a few pragmas.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2218)
2017-01-12 15:23:15 +01:00
Richard Levitte
027609f956 UI: fix uitest for no-ui configuration
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2218)
2017-01-12 15:23:15 +01:00
Matt Caswell
928933f92f Fix no-dh builds
One of the new tests uses a DH based ciphersuite. That test should be
disabled if DH is disabled.

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2217)
2017-01-12 11:15:12 +00:00
Richard Levitte
66ed24b162 Add a test "uitest"
It tests both the use of UI_METHOD (through the apps/apps.h API) and
wrapping an older style PEM password callback in a UI_METHOD.

Replace the earlier UI test with a run of this test program

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2204)
2017-01-11 18:27:27 +01:00
Matt Caswell
5eeb6c6e56 Fix no-ec following sigalgs refactor
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2157)
2017-01-10 23:02:51 +00:00
Matt Caswell
a2de794304 Add some signature tests
Check that signatures actually work, and that an incorrect signature
results in a handshake failure.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2157)
2017-01-10 23:02:50 +00:00
Matt Caswell
79d8c16785 Extend ServerKeyExchange parsing to work with a signature
Previously SKE in TLSProxy only knew about one anonymous ciphersuite so
there was never a signature. Extend that to include a ciphersuite that is
not anonymous. This also fixes a bug where the existing SKE processing was
checking against the wrong anon ciphersuite value. This has a knock on
impact on the sslskewith0p test. The bug meant the test was working...but
entirely by accident!

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2157)
2017-01-10 23:02:50 +00:00
Matt Caswell
cd61b55f87 Add a sigalg test to check we only allow sigalgs we sent
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2157)
2017-01-10 23:02:50 +00:00
Matt Caswell
fe3066ee40 Extend PSS signature support to TLSv1.2
TLSv1.3 introduces PSS based sigalgs. Offering these in a TLSv1.3 client
implies that the client is prepared to accept these sigalgs even in
TLSv1.2.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2157)
2017-01-10 23:02:50 +00:00
Matt Caswell
16abbd11cd Fix test_sslversions to know that TLSv1.3 sets record version to TLSv1.0
This also acts as a test for the bug fixed in the previous commit.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2157)
2017-01-10 23:02:50 +00:00
Matt Caswell
6f68a52ebf Add some sig algs tests
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2157)
2017-01-10 23:02:50 +00:00
Matt Caswell
0490431272 Verify that the sig algs extension has been sent for TLSv1.3
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2157)
2017-01-10 23:02:50 +00:00
Matt Caswell
ace081c1ed Fix client application traffic secret
A misreading of the TLS1.3 spec meant we were using the handshake hashes
up to and including the Client Finished to calculate the client
application traffic secret. We should be only use up until the Server
Finished.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2157)
2017-01-10 23:02:50 +00:00
Matt Caswell
2c5dfdc357 Make CertificateVerify TLS1.3 aware
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2157)
2017-01-10 23:02:50 +00:00
Rich Salz
aff8c126fd Move extension data into sub-structs
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2052)
2017-01-09 22:26:47 -05:00
Dr. Stephen Henson
9c4319bd03 Add server temp key type checks
Reviewed-by: Kurt Roeckx <kurt@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2191)
2017-01-08 19:36:59 +00:00
Dr. Stephen Henson
b93ad05dba Add new ssl_test option.
Add option ExpectedTmpKeyType to test the temporary key the server
sends is of the correct type.

Reviewed-by: Kurt Roeckx <kurt@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2191)
2017-01-08 19:36:59 +00:00
Dr. Stephen Henson
23d674e802 add test for invalid key parameters
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2177)
2017-01-08 01:42:50 +00:00
Dr. Stephen Henson
1b2146855e add PSS key tests
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2177)
2017-01-08 01:42:50 +00:00
Matt Caswell
f63e428872 Implement TLSv1.3 style CertificateStatus
We remove the separate CertificateStatus message for TLSv1.3, and instead
send back the response in the appropriate Certificate message extension.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2020)
2017-01-06 10:25:13 +00:00
Matt Caswell
e96e0f8e42 Create Certificate messages in TLS1.3 format
Also updates TLSProxy to be able to understand the format and parse the
contained extensions.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2020)
2017-01-06 10:25:13 +00:00
Dr. Stephen Henson
71f60ef337 Remove BIO_seek/BIO_tell from evp_test.c
BIO_seek and BIO_tell can cause problems with evp_test.c on some platforms.
Avoid them by using a temporary memory BIO to store key PEM data.

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2183)
2017-01-05 23:00:28 +00:00
Richard Levitte
d8594555ff Don't run MSBLOB conversion tests when RSA or DSA are disabled
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2174)
2017-01-04 15:29:03 +01:00
Richard Levitte
aec23ecebd Don't run OCSP tests when OCSP is disabled
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2173)
2017-01-04 15:27:00 +01:00
Richard Levitte
8f8c11d83f Don't build OCSP stuff when OCSP is disabled
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2173)
2017-01-04 15:27:00 +01:00
Richard Levitte
327d38d0ac Don't test SRP when it's disabled
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2172)
2017-01-04 15:24:34 +01:00
Richard Levitte
e0c47b2c3a Don't run NPN tests when NPN is disabled
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2171)
2017-01-04 08:28:43 +01:00
Dr. Stephen Henson
13ab87083a Add RSA decrypt and OAEP tests.
Reviewed-by: Rich Salz <rsalz@openssl.org>
2017-01-01 19:29:26 +00:00
Dr. Stephen Henson
4fee75ca23 evptests.txt is not a shell script
Reviewed-by: Rich Salz <rsalz@openssl.org>
2017-01-01 19:23:28 +00:00
Matt Caswell
d2e491f225 Don't run the sigalgs tests over a TLSv1.3 connection
We need a new API for TLSv1.3 sig algs

Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2160)
2016-12-30 20:59:16 +00:00
Matt Caswell
f1b25aaed3 Provide some tests for the sig algs API
Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2160)
2016-12-30 20:58:58 +00:00
Richard Levitte
2ed4c57149 70-test_sslvertol.t: skip test 1 and 2 if too few protocols are enabled
These tests depend on there being at least one protocol version below
TLSv1.3 enabled.

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2144)
2016-12-29 15:42:23 +01:00
Richard Levitte
ac6eb15293 80-test_ssl_new.t: Make 19-mac-then-encrypt.conf work without TLSv1.2
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2144)
2016-12-29 15:42:22 +01:00
Richard Levitte
7638e37846 70-test_sslvertol.t: Make sure to check a max TLS version that matches configuration
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2144)
2016-12-29 15:42:22 +01:00
Richard Levitte
f6e752c0ac 70-test_sslmessages.t: Don't check EXT_SIG_ALGS if TLS 1.2 is disabled
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2144)
2016-12-29 15:12:09 +01:00
Matt Caswell
0a6793c942 Fix CT test_sslmessages hangs
The CT tests in test_sslmessages require EC to be available, therefore
we must skip these if no-ec

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2153)
2016-12-29 13:32:54 +00:00
Matt Caswell
397f4f7876 Add a test to check the EC point formats extension appears when we expect
The previous commit fixed a bug where the EC point formats extensions did
not appear in the ServerHello. This should have been caught by
70-test_sslmessages but that test never tries an EC ciphersuite. This
updates the test to do that.

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2153)
2016-12-29 13:32:54 +00:00
Richard Levitte
ceb6d74694 test/ssl_test: give up if both client and server wait on read
In some cases, both client and server end of the test can end up in
SSL_ERROR_WANT_READ and never get out of it, making the test spin.
Detect it and give up instead of waiting endlessly.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2096)
2016-12-16 14:46:58 +01:00
Richard Levitte
a05bed1952 Fix no-ct, skip tests recipes that try to test CT
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2096)
2016-12-16 14:46:58 +01:00
Richard Levitte
cd3fe0e09c evp_test: when function and reason strings aren't available, just skip
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2093)
2016-12-16 14:39:46 +01:00
Rich Salz
2b40699082 CRL critical extension bugfix
More importantly, port CRL test from boringSSL crypto/x509/x509_test.cc

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1775)
2016-12-14 12:32:49 -05:00
Dr. Stephen Henson
99f2f1dc3e Add function and reason checking to evp_test
Add options to check the function and reason code matches expected values.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-12-14 16:33:41 +00:00
Matt Caswell
4bf086005f Fix a leak in SSL_clear()
SSL_clear() was resetting numwpipes to 0, but not freeing any allocated
memory for existing write buffers.

Fixes #2026

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-12-12 13:12:25 +00:00
Andy Polyakov
abb8c44fba x86_64 assembly pack: add AVX512 ChaCha20 and Poly1305 code paths.
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-12-12 10:58:04 +01:00
Dr. Stephen Henson
cce6526629 Additional error tests in evp_test.c
Support checking for errors during test initialisation and parsing.

Add errors and tests for key operation initalisation and ctrl errors.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-12-10 13:59:29 +00:00
Dr. Stephen Henson
2d7bbd6c9f Add RSA PSS tests
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2065)
2016-12-09 23:05:45 +00:00
Richard Levitte
6c6a2ae6fc Test framework: Add the possibility to have a test specific data dir
This data directory is formed automatically by taking the recipe name
and changing '.t' to '_data'.  Files in there can be reached with the
new function data_file()

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2027)
2016-12-09 21:17:15 +01:00
Kurt Roeckx
4410f9d786 And client fuzzer
Reviewed-by: Rich Salz <rsalz@openssl.org>
GH: #2041
2016-12-08 19:06:18 +01:00
Matt Caswell
9615387408 Fix various indentation
The indentation was a bit off in some of the perl files following the
extensions refactor.

Perl changes reviewed by Richard Levitte. Non-perl changes reviewed by Rich
Salz

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-12-08 17:21:35 +00:00
Matt Caswell
1e566129ad Move the checkhandshake.pm module into test/testlib
Move this module into the same place as other test helper modules. It
simplifies the code and keeps like things together.

Perl changes reviewed by Richard Levitte. Non-perl changes reviewed by Rich
Salz

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-12-08 17:21:30 +00:00
Matt Caswell
ecc2f938cf Fix more style issues following extensions refactor feedback
Perl changes reviewed by Richard Levitte. Non-perl changes reviewed by Rich
Salz

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-12-08 17:21:15 +00:00
Matt Caswell
14d21b690a Suppress some BoringSSL test failures
The external BoringSSL tests had some failures as a result of
the extensions refactor. This was due to a deliberate relaxation
of the duplicate extensions checking code. We now only check
known extensions for duplicates. Unknown extensions are ignored.
This is allowed behaviour, so we suppress those BoringSSL tests.

Perl changes reviewed by Richard Levitte. Non-perl changes reviewed by Rich
Salz

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-12-08 17:20:45 +00:00
Matt Caswell
22ab4b7dd3 Correct imports for checkhandshake module
Ensure the tests can find the checkhandshake module on all platforms

Perl changes reviewed by Richard Levitte. Non-perl changes reviewed by Rich
Salz

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-12-08 17:20:39 +00:00
Matt Caswell
7caf619f1a Add some extra key_share tests
Check that the extension framework properly handles extensions specific
to a protocol version

Perl changes reviewed by Richard Levitte. Non-perl changes reviewed by Rich
Salz

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-12-08 17:20:28 +00:00
Matt Caswell
a1448c26d2 Remove some spurious whitespace
Perl changes reviewed by Richard Levitte. Non-perl changes reviewed by Rich
Salz

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-12-08 17:20:22 +00:00
Matt Caswell
bc34928188 Add a renegotiation test
Make sure we did not break the unsafe legacy reneg checks with the extension
work.

Perl changes reviewed by Richard Levitte. Non-perl changes reviewed by Rich
Salz

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-12-08 17:20:16 +00:00
Matt Caswell
60ea0034b8 Add more extension tests to test_sslmessages
Perl changes reviewed by Richard Levitte. Non-perl changes reviewed by Rich
Salz

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-12-08 17:20:09 +00:00
Matt Caswell
f50306c298 Merge common code between test_tls13messages and test_sslmessages
Perl changes reviewed by Richard Levitte. Non-perl changes reviewed by Rich
Salz

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-12-08 17:19:58 +00:00
Matt Caswell
6ca94f1058 Add extension tests in test_sslmessages
Perl changes reviewed by Richard Levitte. Non-perl changes reviewed by Rich
Salz

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-12-08 17:19:52 +00:00
Matt Caswell
2de94a3601 Enable status_request test in test_sslmessages
The s_server option -status_file has been added so this test can be
enabled.

Perl changes reviewed by Richard Levitte. Non-perl changes reviewed by Rich
Salz

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-12-08 17:19:46 +00:00
Matt Caswell
0bfe166b8f Add a test to check messsages sent are the ones we expect
Repeat for various handshake types

Perl changes reviewed by Richard Levitte. Non-perl changes reviewed by Rich
Salz

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-12-08 17:19:28 +00:00
Matt Caswell
9ce3ed2a58 Add tests for new extension code
Extend test_tls13messages to additionally check the expected extensions
under different options given to s_client/s_server.

Perl changes reviewed by Richard Levitte. Non-perl changes reviewed by Rich
Salz

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-12-08 17:19:16 +00:00
Matt Caswell
3434f40b6f Split ServerHello extensions
In TLS1.3 some ServerHello extensions remain in the ServerHello, while
others move to the EncryptedExtensions message. This commit performs that
move.

Perl changes reviewed by Richard Levitte. Non-perl changes reviewed by Rich
Salz

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-12-08 17:19:11 +00:00
Matt Caswell
e46f233444 Add EncryptedExtensions message
At this stage the message is just empty. We need to fill it in with
extension data.

Perl changes reviewed by Richard Levitte. Non-perl changes reviewed by Rich
Salz

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-12-08 17:17:12 +00:00
Matt Caswell
71728dd8aa Send and Receive a TLSv1.3 format ServerHello
There are some minor differences in the format of a ServerHello in TLSv1.3.

Perl changes reviewed by Richard Levitte. Non-perl changes reviewed by Rich
Salz

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-12-08 17:16:23 +00:00
Richard Levitte
17ac8eaf61 Add a test for the UI API
The best way to test the UI interface is currently by using an openssl
command that uses password_callback.  The only one that does this is
'genrsa'.
Since password_callback uses a UI method derived from UI_OpenSSL(), it
ensures that one gets tested well enough as well.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2040)
2016-12-08 00:34:47 +01:00
Matt Caswell
b4c6e37e74 Add more TLS1.3 record tests
Add some tests for the new record construction

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-12-05 17:05:40 +00:00
Matt Caswell
e60ce9c451 Update the record layer to use TLSv1.3 style record construction
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-12-05 17:05:40 +00:00
Matt Caswell
bcd62c2512 Make refdata in tls13encryptest static
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-11-30 10:57:10 +00:00
Matt Caswell
f60d68dc53 Convert tls13encryptiontest so that we pass around a pointer not an index
We also split the long string literals into 3 to avoid problems where we
go over the 509 character limit.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-11-30 10:53:57 +00:00
Matt Caswell
6606d60054 Fix some style issues in the TLSv1.3 nonce construction code
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-11-29 23:31:10 +00:00
Matt Caswell
d3ab93e9c3 Fix a double free in tls13encryptiontest
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-11-29 23:31:10 +00:00
Matt Caswell
f01675c6b7 Add a test for TLSv1.3 encryption using the new nonce construction
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-11-29 23:31:10 +00:00
Matt Caswell
54d028aa0f Fix mac-then-encrypt test with enable-tls1_3
Commit b3618f44 added a test for mac-then-encrypt. However the test fails
when running with "enable-tls1_3". The problem is that the test creates a
connection, which ends up being TLSv1.3. However it also restricts the
ciphers to a single mac-then-encrypt ciphersuite that is not TLSv1.3
compatible so the connection aborts and the test fails. Mac-then-encrypt
is not relevant to TLSv1.3, so the test should disable that protocol
version.

Reviewed-by: Emilia Käsper <emilia@openssl.org>
2016-11-29 22:51:12 +00:00
Rich Salz
8d1ebff41c Make bntest be (mostly) file-based.
Test suite used from boring, written by David Benjamin.
Test driver converted from C++ to C.
Added a Perl program to check the testsuite file.
Extensive review feedback incorporated (thanks folks).

Reviewed-by: Emilia Käsper <emilia@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-11-28 12:26:05 -05:00
Emilia Kasper
b3618f44a7 Test mac-then-encrypt
Verify that the encrypt-then-mac negotiation is handled
correctly. Additionally, when compiled with no-asm, this test ensures
coverage for the constant-time MAC copying code in
ssl3_cbc_copy_mac. The proxy-based CBC padding test covers that as
well but it's nevertheless better to have an explicit handshake test
for mac-then-encrypt.

Reviewed-by: Andy Polyakov <appro@openssl.org>
2016-11-28 12:23:36 +01:00
Dr. Stephen Henson
c6d67f09f3 add CMS SHA1 signing test
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-11-25 20:50:58 +00:00
Andy Polyakov
b47f116b1e test/evptests.txt: add regression test for false carry in ctr128.c.
GH issue #1916 affects only big-endian platforms. TLS is not affected,
because TLS fragment is never big enough.

Reviewed-by: Matt Caswell <matt@openssl.org>
2016-11-25 17:21:30 +01:00
Matt Caswell
f231b4e7a6 Fix a warning about an uninit var
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-11-24 18:02:43 +00:00
Emilia Kasper
ab29eca645 Run BoringSSL tests on Travis
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-11-24 12:21:33 +01:00
Matt Caswell
66889e4399 Fix some defines in ossl_shim
ossl_shim had some TLS1.3 defines that are now in ssl.h so need to be
removed.

Reviewed-by: Emilia Käsper <emilia@openssl.org>
2016-11-23 17:01:33 +00:00
Matt Caswell
5d8ce30634 Fix an uninit variable usage
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-11-23 16:06:46 +00:00
Matt Caswell
fb83f20c30 Update tls13secretstest to use the new simpler test framework
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-11-23 15:44:08 +00:00
Matt Caswell
6530c4909f Fix some style issues with TLSv1.3 state machine PR
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-11-23 15:38:32 +00:00
Matt Caswell
cc24a22b83 Extend test_tls13messages
Add various different handshake types that are possible.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-11-23 15:31:21 +00:00
Matt Caswell
c11237c23e Add a test for the TLSv1.3 state machine
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-11-23 15:31:21 +00:00
Matt Caswell
9970290e1d Fix the tests following the state machine changes for TLSv1.3
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-11-23 15:31:21 +00:00
Matt Caswell
92760c21e6 Update state machine to be closer to TLS1.3
This is a major overhaul of the TLSv1.3 state machine. Currently it still
looks like TLSv1.2. This commit changes things around so that it starts
to look a bit less like TLSv1.2 and bit more like TLSv1.3.

After this commit we have:

ClientHello
+ key_share          ---->
                           ServerHello
                           +key_share
                           {CertificateRequest*}
                           {Certificate*}
                           {CertificateStatus*}
                     <---- {Finished}
{Certificate*}
{CertificateVerify*}
{Finished}           ---->
[ApplicationData]    <---> [Application Data]

Key differences between this intermediate position and the final TLSv1.3
position are:
- No EncryptedExtensions message yet
- No server side CertificateVerify message yet
- CertificateStatus still exists as a separate message
- A number of the messages are still in the TLSv1.2 format
- Still running on the TLSv1.2 record layer

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-11-23 15:31:21 +00:00
Matt Caswell
0d9824c171 Implement tls13_change_cipher_state()
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-11-23 15:31:21 +00:00
Matt Caswell
9362c93ebc Remove old style NewSessionTicket from TLSv1.3
TLSv1.3 has a NewSessionTicket message, but it is *completely* different to
the TLSv1.2 one and may as well have been called something else. This commit
removes the old style NewSessionTicket from TLSv1.3. We will have to add the
new style one back in later.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-11-23 15:31:21 +00:00
Todd Short
024d681e69 Skipping tests in evp_test leaks memory
When configured with "no-mdc2 enable-crypto-mdebug" the evp_test
will leak memory due to skipped tests, and error out.

Also fix a skip condition

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1968)
2016-11-21 16:04:39 -05:00
Kurt Roeckx
beacb0f0c1 Make SSL_read and SSL_write return the old behaviour and document it.
This reverts commit 4880672a9b.

Fixes: #1903

Reviewed-by: Matt Caswell <matt@openssl.org>

GH: #1931
2016-11-21 21:54:28 +01:00
Dr. Stephen Henson
52fe14e662 Add test to check EVP_PKEY method ordering.
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-11-20 00:22:02 +00:00
Dr. Stephen Henson
d922634d0c Add conversion test for MSBLOB format.
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-11-17 03:53:03 +00:00
Rob Percival
765731a888 Make sure things get deleted when test setup fails in ct_test.c
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1548)
2016-11-16 13:54:17 +00:00
Rob Percival
e2635c49f3 Use valid signature in test_decode_tls_sct()
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1548)
2016-11-16 13:43:36 +00:00
Rob Percival
f7a39a5a3f Construct SCT from base64 in ct_test
This gives better code coverage and is more representative of how a
user would likely construct an SCT (using the base64 returned by a CT log).

Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1548)
2016-11-16 13:43:36 +00:00
Matt Caswell
e304d3e20f Remove a hack from ssl_test_old
ssl_test_old was reaching inside the SSL structure and changing the internal
BIO values. This is completely unneccessary, and was causing an abort in the
test when enabling TLSv1.3.

I also removed the need for ssl_test_old to include ssl_locl.h. This
required the addition of some missing accessors for SSL_COMP name and id
fields.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-11-16 10:27:40 +00:00
Matt Caswell
94ed2c6739 Fixed various style issues in the key_share code
Numerous style issues as well as references to TLS1_3_VERSION instead of
SSL_IS_TLS13(s)

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-11-16 10:09:46 +00:00
Matt Caswell
5a8e54d9dc Add some tests for the key_share extension
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-11-16 10:09:46 +00:00
Matt Caswell
0f1e51ea11 Start using the key_share data to derive the PMS
The previous commits put in place the logic to exchange key_share data. We
now need to do something with that information. In <= TLSv1.2 the equivalent
of the key_share extension is the ServerKeyExchange and ClientKeyExchange
messages. With key_share those two messages are no longer necessary.

The commit removes the SKE and CKE messages from the TLSv1.3 state machine.
TLSv1.3 is completely different to TLSv1.2 in the messages that it sends
and the transitions that are allowed. Therefore, rather than extend the
existing <=TLS1.2 state transition functions, we create a whole new set for
TLSv1.3. Intially these are still based on the TLSv1.2 ones, but over time
they will be amended.

The new TLSv1.3 transitions remove SKE and CKE completely. There's also some
cleanup for some stuff which is not relevant to TLSv1.3 and is easy to
remove, e.g. the DTLS support (we're not doing DTLSv1.3 yet) and NPN.

I also disable EXTMS for TLSv1.3. Using it was causing some added
complexity, so rather than fix it I removed it, since eventually it will not
be needed anyway.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-11-16 10:09:46 +00:00
Rob Percival
ebcb536858 Add test for CT_POLICY_EVAL_CTX default time
Checks that the epoch_time_in_ms field of CT_POLICY_EVAL_CTX is initialized
to approximately the current time (as returned by time()) by default. This
prevents the addition of this field, and its verification during SCT
validation, from breaking existing code that calls SCT_validate directly.

Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1554)
2016-11-15 16:12:41 -05:00
Rob Percival
1fa9ffd934 Check that SCT timestamps are not in the future
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1554)
2016-11-15 16:12:41 -05:00
Richard Levitte
e72040c1dc Remove heartbeat support
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1669)
2016-11-13 16:24:02 -05:00
Matthias Kraft
af5883fec9 Solution proposal for issue #1647.
Avoid a memory alignment issue.

Signed-off-by: Matthias Kraft <Matthias.Kraft@softwareag.com>
CLA: trivial
Reviewed-by: Andy Polyakov <appro@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1650)
2016-11-12 22:26:20 -05:00
Matt Caswell
b4eee58a5f Fix test_sslcorrupt when using TLSv1.3
The test loops through all the ciphers, attempting to test each one in turn.
However version negotiation happens before cipher selection, so with TLSv1.3
switched on if we use a non-TLSv1.3 compatible cipher suite we get "no
share cipher".

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-11-10 15:51:11 +00:00
Richard Levitte
cf551a51d2 Link internal tests with static OpenSSL libraries when needed
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1889)
2016-11-10 15:51:43 +01:00
Richard Levitte
42e055e124 Fix no-ct in test/ct_test.c
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1890)
2016-11-10 15:49:22 +01:00
Matt Caswell
f07d639edf Fix the no-tls option
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-11-10 13:04:11 +00:00
Richard Levitte
9d7ce8d42b Fix no-cms (CVE-2016-7053)
Reviewed-by: Matt Caswell <matt@openssl.org>
2016-11-10 13:04:11 +00:00
Andy Polyakov
70d8b304d0 test/evptests.txt: add negative tests for AEAD ciphers.
This is done by taking one vector, "corrupting" last bit of the
tag value and verifying that decrypt fails.

Reviewed-by: Emilia Käsper <emilia@openssl.org>
2016-11-10 13:04:11 +00:00
Andy Polyakov
c5a569927f test: add TLS application data corruption test.
Reviewed-by: Emilia Käsper <emilia@openssl.org>
2016-11-10 13:04:11 +00:00
Dr. Stephen Henson
a378a46985 add test for CVE-2016-7053
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-11-10 13:04:11 +00:00
Andy Polyakov
dca2e0ee17 test/bntest.c: regression test for CVE-2016-7055.
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-11-10 10:30:49 +00:00
Richard Levitte
dfbdf4abb7 Fix the evp_test Ctrl keyword processing
Skip the test if the value after ":" is a disabled algorithm, rather
than failing it

Reviewed-by: Matt Caswell <matt@openssl.org>
2016-11-10 10:19:27 +00:00
Richard Levitte
586b79d888 Fix no-dso (shlibloadtest)
Reviewed-by: Matt Caswell <matt@openssl.org>
2016-11-10 10:12:00 +00:00
Matt Caswell
54682aa357 Give the test with only TLS1.1 and TLS1.0 a better name
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-11-09 16:03:09 +00:00
Matt Caswell
17d01b4201 Add some more version tests
Send a TLS1.4 ClientHello with supported_versions and get TLS1.3
Send a TLS1.3 ClientHello without supported_versions and get TLS1.2

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-11-09 16:03:09 +00:00
Matt Caswell
7b21c00e1c Look at the supported_versions extension even if the server <TLS1.3
If supported_versions is present it takes precedence.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-11-09 16:03:08 +00:00
Matt Caswell
203b1cdf73 Add a test for the supported_versions extension
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-11-09 16:03:08 +00:00
Matt Caswell
cd99883755 Add server side support for supported_versions extension
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-11-09 16:03:08 +00:00
Emilia Kasper
e364c3b24e Add main() test methods to reduce test boilerplate.
Simple tests only need to implement register_tests().
Tests that need a custom main() should implement test_main(). This will
be wrapped in a main() that performs common setup/teardown (currently
crypto-mdebug).

Note that for normal development, enable-asan is usually
sufficient for detecting leaks, and more versatile.

enable-crypto-mdebug is stricter as it will also
insist that all static variables be freed. This is useful for debugging
library init/deinit; however, it also means that test_main() must free
everything it allocates.

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-11-09 16:07:16 +01:00
EasySec
7380737d77 dtl_mtu_test doesn't follow BIO_* conventions and make Windows build fail
Reviewed-by: Kurt Roeckx <kurt@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-11-09 15:54:41 +01:00
Matt Caswell
134bfe56c4 Add a test for the TLS1.3 secret generation
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-11-09 14:08:14 +00:00
Matt Caswell
9b36b7d9bd Add support for initialising WPACKETs from a static buffer
Normally WPACKETs will use a BUF_MEM which can grow as required. Sometimes
though that may be overkill for what is needed - a static buffer may be
sufficient. This adds that capability.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-11-09 10:36:54 +00:00
Matt Caswell
ddd2c38917 Following the changes to HKDF to accept a mode, add some tests for this
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-11-09 10:36:54 +00:00
David Benjamin
f320555735 Improve RSA test coverage.
MD5/SHA1 and MDC-2 have special-case logic beyond the generic DigestInfo
wrapping. Test that each of these works, including hash and length
mismatches (both input and signature). Also add VerifyRecover tests. It
appears 5824cc2981 added support for
VerifyRecover, but forgot to add the test data.

Reviewed-by: Kurt Roeckx <kurt@roeckx.be>
Reviewed-by: Rich Salz <rsalz@openssl.org>

GH: #1474
2016-11-07 21:05:09 +01:00
David Benjamin
608a026494 Implement RSASSA-PKCS1-v1_5 as specified.
RFC 3447, section 8.2.2, steps 3 and 4 states that verifiers must encode
the DigestInfo struct and then compare the result against the public key
operation result. This implies that one and only one encoding is legal.

OpenSSL instead parses with crypto/asn1, then checks that the encoding
round-trips, and allows some variations for the parameter. Sufficient
laxness in this area can allow signature forgeries, as described in
https://www.imperialviolet.org/2014/09/26/pkcs1.html

Although there aren't known attacks against OpenSSL's current scheme,
this change makes OpenSSL implement the algorithm as specified. This
avoids the uncertainty and, more importantly, helps grow a healthy
ecosystem. Laxness beyond the spec, particularly in implementations
which enjoy wide use, risks harm to the ecosystem for all. A signature
producer which only tests against OpenSSL may not notice bugs and
accidentally become widely deployed. Thus implementations have a
responsibility to honor the specification as tightly as is practical.

In some cases, the damage is permanent and the spec deviation and
security risk becomes a tax all implementors must forever pay, but not
here. Both BoringSSL and Go successfully implemented and deployed
RSASSA-PKCS1-v1_5 as specified since their respective beginnings, so
this change should be compatible enough to pin down in future OpenSSL
releases.

See also https://tools.ietf.org/html/draft-thomson-postel-was-wrong-00

As a bonus, by not having to deal with sign/verify differences, this
version is also somewhat clearer. It also more consistently enforces
digest lengths in the verify_recover codepath. The NID_md5_sha1 codepath
wasn't quite doing this right.

Reviewed-by: Kurt Roeckx <kurt@roeckx.be>
Reviewed-by: Rich Salz <rsalz@openssl.org>

GH: #1474
2016-11-07 21:04:54 +01:00
Emilia Kasper
d836d71b2d Simplify tests part 2
1) Remove some unnecessary fixtures
2) Add EXECUTE_TEST_NO_TEARDOWN shorthand when a fixture exists but has
no teardown.
3) Fix return values in ct_test.c (introduced by an earlier refactoring,
oops)

Note that for parameterized tests, the index (test vector) usually holds all the
customization, and there should be no need for a separate test
fixture. The CTS test is an exception: it demonstrates how to combine
customization with parameterization.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-11-07 16:55:16 +01:00
Matt Caswell
8e47ee18c8 Add a test for the wrong version number in a record
Prior to TLS1.3 we check that the received record version number is correct.
In TLS1.3 we need to ignore the record version number. This adds a test to
make sure we do it correctly.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-11-07 15:52:33 +00:00
Matt Caswell
185c29b14e test_sslcbcpadding only makes sense <TLS1.3
We may get failures if we run it in TLS1.3, and it makes no sense anyway
so force TLS1.2

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-11-07 15:52:33 +00:00
Richard Levitte
c76da13cd9 constant time test: include our internal/numbers.h rather than limits.h
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1856)
2016-11-05 11:38:29 +01:00
Richard Levitte
b93cb1657a Correct internal tests sources
The sources for internal tests were sometimes badly formed, assuming
perl variables such as $target{cpuid_asm_src} contains only one file
name.  This change correctly massages all file names in such a
variable.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1850)
2016-11-04 15:37:13 +01:00
Emilia Kasper
308b876da9 Don't create fixtures for simple tests
The test fixtures are (meant to be) useful for sharing common
setup. Don't bother when we don't have any setup/teardown.

This only addresses simple tests. Parameterized tests (ADD_ALL_TESTS)
will be made more user-friendly in a follow-up.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-11-04 15:05:37 +01:00
Emilia Kasper
6ec327eed6 testutil: always print errors on failure
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-11-04 15:05:29 +01:00
Matt Caswell
be2ef0e2e3 Test the size_t constant time functions
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-11-04 12:09:46 +00:00
Matt Caswell
a1ca39c02c Remove an unused field in ossl_shim
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-11-04 10:38:54 +00:00
Matt Caswell
e8585479a1 Add a wildcard exception for TLS13 tests
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-11-04 10:38:54 +00:00
Matt Caswell
92ab7db6f8 Swap header copyrights to standard OpenSSL
As per permission from Google (Emilia).

Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-11-04 10:38:54 +00:00
Matt Caswell
bc708af4b0 Add missing bn.h include
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-11-04 10:38:54 +00:00
Matt Caswell
b289bff830 Update the BoringSSL suppressions file based on the latest shim
The updated shim has the ability to skip tests using unimplemented flags.
This should reduce the number of test failures.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-11-04 10:38:54 +00:00
Matt Caswell
1669b7b587 Rename BoringSSL style OPENSSL_WINDOWS to OPENSSL_SYS_WINDOWS
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-11-04 10:38:54 +00:00
Matt Caswell
1c8235c9b3 Fix a code inconsistency
Move from two ifs to a single one with an &&

Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-11-04 10:38:54 +00:00
Matt Caswell
fc237de7ff Remove some #if 0'd out code
It was only a sanity check anyway, so isn't needed

Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-11-04 10:38:54 +00:00
Matt Caswell
0abcaddfcb Removed scoped_types.h
It is no longer used (replaced with bssl:UniquePtr)

Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-11-04 10:38:54 +00:00
Matt Caswell
aedf33aed5 Remove some flags that are unused in the shim
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-11-04 10:38:54 +00:00
Matt Caswell
06e452fbc1 Use the -allow-unimplemented feature of the BoringSSL runner
That way we can remove flags that we don't support

Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-11-04 10:38:54 +00:00
Matt Caswell
8beda2c12d Remove unused BoringSSL specific flags
We will rely on the -allow-unimplemented feature instead.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-11-04 10:38:54 +00:00
Matt Caswell
5b2d35c344 Remove some unreferenced fields from TestState
They were there for BoringSSL only features which are not relevant to us.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-11-04 10:38:54 +00:00
Matt Caswell
2fd0dfd9f6 Remove some #if 0'd out code
It was just a sanity check and isn't needed

Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-11-04 10:38:54 +00:00
Matt Caswell
da88e88a79 Fix argument order in documentation
git clone has the directory name last

Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-11-04 10:38:54 +00:00
Matt Caswell
d664ff498c Remove test/ossl_shim/Makefile
This Makefile was temporary. Building ossl_shim has now been integrated into
to the build system.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-11-04 10:38:54 +00:00
Matt Caswell
5227337a7c Add documentation on the BoringSSL test suite integration
Added the file README.external which describes how to build and run OpenSSL
to use the BoringSSL test suite. Also updated INSTALL to point to it.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-11-04 10:38:54 +00:00
Matt Caswell
4d040e283e Fix some unused variable warnings in ossl_shim
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-11-04 10:38:54 +00:00
Matt Caswell
9e663b1371 Add a comment to 90-test_external.t to explain why we need filter_run
Also rename executable to cmd...otherwise it breaks!

Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-11-04 10:38:54 +00:00
Richard Levitte
d5df08afb4 Convert 90-test_external.t to using "executable" rather than "system"
Use the newly added "executable" function rather than "system". Also filter
the output to add a prefix to every line so that the "ok" doesn't confuse
Test::More

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
2016-11-04 10:38:54 +00:00
Matt Caswell
ce2596d404 Control building of ossl_shim through Configure
Don't build ossl_shim by default. Switch it on through
enable-external-tests.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-11-04 10:38:54 +00:00
Richard Levitte
cfa7697986 Integrate ossl_shim into the build
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
2016-11-04 10:38:54 +00:00
Matt Caswell
50b014e4c6 Add a shim config file
This just disables all tests that fail at the moment. Over time we will
want to go over these and figure out why they are failing (and fix them if
appropriate)

Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-11-04 10:38:54 +00:00
Matt Caswell
7b73b7beda Rebase shim against latest boringssl code
Numerous conflicts resolved. rebase was against commit 490469f850.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-11-04 10:38:54 +00:00
Matt Caswell
8c6c5077b2 Add a test to call the BoringSSL test suite
This adds a test to the OpenSSL test suite to invoke the BoringSSL test
suite.

It assumes you have already compiled the ossl_shim (see previous commit).
It also assumes that you have an environment variable BORING_RUNNER_DIR
set up to point to the ssl/test/runner directory of a checkout of BoringSSL.

This has only been tested with a very old version of BoringSSL (from commit
f277add6c) - since that was the last known checkout where the shim compiles
successfully. Even with that version of BoringSSL this test will fail. There
are lots of Boring tests that are failing for various reasons. Some might
be due to bugs in OpenSSL, some might be due to features that BoringSSL has
that OpenSSL doesn't, some are due to assumptions about the way BoringSSL
behaves that are not true for OpenSSL etc.

To get the verbose BoringSSL test output, run like this:

VERBOSE=1 BORING_RUNNER_DIR=/path/to/boring/ssl/test/runner make \
TESTS="test_external" test

Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-11-04 10:38:54 +00:00
Matt Caswell
eef977aa0e Integrate BoringSSL shim
The BoringSSL test suite contains numerous tests which OpenSSL does not.

The BoringSSL test runner uses a shim to launch the library and execute the
tests. This is a version of the BoringSSL shim converted to compile against
OpenSSL instead.

This is primarily based on the work of David Benjamin from the BoringSSL
project who did most of the necessary conversion. It also includes a few
other tweaks for opacity changes etc.

This is based on a *very* old version of BoringSSL from commit f277add6c.
That was the last commit known to work with this patched shim. Later
versions may also work but lots of merge conflicts occur when trying to
bring it up to date.

At the moment this has not been integrated into the build system. There is
a very simple standalone makefile in the ossl_shim directory which should
be executed directly before tyring to use the shim.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-11-04 10:38:54 +00:00
Richard Levitte
62dd3351a1 Don't assume to know the shared library extension
test/shlibloadtest.c assumes all Unix style platforms use .so as
shared library extension.  This is not the case for Mac OS X, which
uses .dylib.  Instead of this, have the test recipe find out the
extension from configuration data.

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1844)
2016-11-04 00:19:14 +01:00
Richard Levitte
3b0478fe03 test/shlibloadtest: small fixes
- Make sure to initialise SHLIB variables
- Make sure to make local variables static

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1838)
2016-11-03 16:21:36 +01:00
Richard Levitte
59cec20e78 Finally, add a test recipe for the internal tests
Reviewed-by: Emilia Käsper <emilia@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1789)
2016-11-03 13:15:40 +01:00
Richard Levitte
97f1e97114 Convert mdc2 test print to internal test
Reviewed-by: Emilia Käsper <emilia@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1789)
2016-11-03 13:13:31 +01:00
Richard Levitte
f12d6273a5 Convert x509 selftests to internal test
Reviewed-by: Emilia Käsper <emilia@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1789)
2016-11-03 13:13:31 +01:00
Richard Levitte
f2ae2348ce Convert modes selftests (cts128 and gcm128) to internal test
Reviewed-by: Emilia Käsper <emilia@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1789)
2016-11-03 13:13:31 +01:00
Richard Levitte
2c16617148 Convert asn1 selftests (a_strnid and ameth_lib) into internal test
Reviewed-by: Emilia Käsper <emilia@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1789)
2016-11-03 13:13:31 +01:00
Richard Levitte
b5b7c61fe3 Explain the deal with internal test programs
Reviewed-by: Emilia Käsper <emilia@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1789)
2016-11-03 13:13:31 +01:00
Richard Levitte
aeac218372 Convert poly1305 selftest into internal test
Reviewed-by: Emilia Käsper <emilia@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1789)
2016-11-03 13:13:31 +01:00
Richard Levitte
9c89c8460a test/build.info: typo, $ missing
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1832)
2016-11-03 11:31:12 +01:00
Matt Caswell
b987d748e4 Add a test to dynamically load and unload the libraries
This should demonstrate that the atexit() handling is working properly (or
at least not crashing) on process exit.

Reviewed-by: Tim Hudson <tjh@openssl.org>
2016-11-02 23:32:50 +00:00
Matt Caswell
1f3e70a450 Add a test for unrecognised record types
We should fail if we receive an unrecognised record type

Reviewed-by: Tim Hudson <tjh@openssl.org>
2016-11-02 23:22:48 +00:00
Richard Levitte
2c4a3f938c Test recipes: remove duplicate OpenSSL::Test usage
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1815)
2016-11-02 18:14:04 +01:00
Matt Caswell
7856332e8c Add a read_ahead test
This test checks that read_ahead works correctly when dealing with large
records.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-11-02 16:47:14 +00:00
David Woodhouse
02e22dd444 Add test cases for DTLS_get_data_mtu()
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
2016-11-02 14:00:11 +00:00
David Woodhouse
542dd9c587 Add unit test for ssl_cipher_get_overhead()
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
2016-11-02 14:00:11 +00:00
Matt Caswell
837e591d42 Enable TLSProxy to talk TLS1.3
Now that ossltest knows about a TLS1.3 cipher we can now do TLS1.3 in
TLSProxy

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-11-02 13:28:21 +00:00
Matt Caswell
84a6833658 Update Configure to know about tls1_3
Also we disable TLS1.3 by default (use enable-tls1_3 to re-enable). This is
because this is a WIP and will not be interoperable with any other TLS1.3
implementation.

Finally, we fix some tests that started failing when TLS1.3 was disabled by
default.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-11-02 13:08:21 +00:00
Matt Caswell
582a17d662 Add the SSL_METHOD for TLSv1.3 and all other base changes required
Includes addition of the various options to s_server/s_client. Also adds
one of the new TLS1.3 ciphersuites.

This isn't "real" TLS1.3!! It's identical to TLS1.2 apart from the protocol
and the ciphersuite...and the ciphersuite is just a renamed TLS1.2 one (not
a "real" TLS1.3 ciphersuite).

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-11-02 13:08:21 +00:00
Emilia Kasper
ffd3d0ef34 TEST_check macro: don't end with semi
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-11-02 11:34:25 +01:00
Matt Caswell
a34ac5b8b9 Add a test for BIO_read() returning 0 in SSL_read() (and also for write)
A BIO_read() 0 return indicates that a failure occurred that may be
retryable. An SSL_read() 0 return indicates a non-retryable failure. Check
that if BIO_read() returns 0, SSL_read() returns <0. Same for SSL_write().

The asyncio test filter BIO already returns 0 on a retryable failure so we
build on that.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-10-28 09:13:49 +01:00
Richard Levitte
e972273194 OpenSSL::Test - small fixup
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1686)
2016-10-19 17:14:33 +02:00
Richard Levitte
753663a9e5 OpenSSL::Test cleanup - no forward declarations needed
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1686)
2016-10-19 17:14:33 +02:00
Richard Levitte
28e0f6eb7e Add documentation of internal OpenSSL::Test functions
Also, fix __wrap_cmd so it doesn't return unnecessary empty strings

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1686)
2016-10-19 17:14:33 +02:00
Richard Levitte
9ddf67f34d Make OpenSSL::Test a bit more flexible
So far, apps and test programs, were a bit rigidely accessible as
executables or perl scripts.  But what about scripts in some other
language?  Or what about running entirely external programs?  The
answer is certainly not to add new functions to access scripts for
each language or wrapping all the external program calls in our magic!

Instead, this adds a new functions, cmd(), which is useful to access
executables and scripts in a more generalised manner.  app(), test(),
fuzz(), perlapp() and perltest() are rewritten in terms of cmd(), and
serve as examples how to do something similar for other scripting
languages, or constrain the programs to certain directories.

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1686)
2016-10-19 17:14:33 +02:00
Dr. Stephen Henson
4a4c4bf06d Add memory leak detection to d2i_test
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1707)
2016-10-13 19:26:58 +01:00
FdaSilvaYY
32804b04b8 Fix copy-paste test labels
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-10-13 13:40:19 +02:00
David Benjamin
609b0852e4 Remove trailing whitespace from some files.
The prevailing style seems to not have trailing whitespace, but a few
lines do. This is mostly in the perlasm files, but a few C files got
them after the reformat. This is the result of:

  find . -name '*.pl' | xargs sed -E -i '' -e 's/( |'$'\t'')*$//'
  find . -name '*.c' | xargs sed -E -i '' -e 's/( |'$'\t'')*$//'
  find . -name '*.h' | xargs sed -E -i '' -e 's/( |'$'\t'')*$//'

Then bn_prime.h was excluded since this is a generated file.

Note mkerr.pl has some changes in a heredoc for some help output, but
other lines there lack trailing whitespace too.

Reviewed-by: Kurt Roeckx <kurt@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
2016-10-10 23:36:21 +01:00
Ben Laurie
c1eba83fa0 Don't use DES when disabled.
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-10-02 11:19:29 +01:00
Dr. Stephen Henson
198d805900 Add SRP test vectors from RFC5054
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-10-01 13:46:54 +01:00
Dr. Stephen Henson
adffae15d3 add item list support to d2i_test
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-09-29 16:21:46 +01:00
Matt Caswell
55386bef80 Fix no-dtls
The new large message test in sslapitest needs OPENSSL_NO_DTLS guards

Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-09-29 09:52:31 +01:00
Matt Caswell
f9b1b6644a Add DTLS renegotiation tests
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-09-28 09:15:07 +01:00
Matt Caswell
fe7dd55341 Extend the renegotiation tests
Add the ability to test both server initiated and client initiated reneg.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-09-28 09:15:07 +01:00
Matt Caswell
1329b952a6 Update README.ssltest.md
Add update for testing renegotiation. Also change info on CTLOG_FILE
environment variable - which always seems to be required.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-09-28 09:15:07 +01:00
Matt Caswell
e42c4544c8 Add support for testing renegotiation
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-09-28 09:15:07 +01:00
David Benjamin
243ecf19dd Add missing parameter.
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
2016-09-26 23:10:29 +01:00
David Benjamin
f3ea8d7708 Switch back to assuming TLS 1.2.
The TLSProxy::Record->new call hard-codes a version, like
70-test_sslrecords.t.

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
2016-09-26 23:10:29 +01:00
David Benjamin
3058b74266 Address review comments.
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
2016-09-26 23:10:29 +01:00
David Benjamin
5cf6d7c51f Don't test quite so many of them.
Avoid making the CI blow up.

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
2016-09-26 23:10:29 +01:00
David Benjamin
8523288e6d Test CBC mode padding.
This is a regression test for
https://github.com/openssl/openssl/pull/1431. It tests a
maximally-padded record with each possible invalid offset.

This required fixing a bug in Message.pm where the client sending a
fatal alert followed by close_notify was still treated as success.

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
2016-09-26 23:10:29 +01:00
Matt Caswell
fa454945cf Fix some mem leaks in sslapitest
A mem leak could occur on an error path. Also the mempacket BIO_METHOD
needs to be cleaned up, because of the newly added DTLS test.

Also fixed a double semi-colon in ssltestlib.c

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-09-26 17:26:50 +01:00
David Benjamin
8ff70f3326 Add a basic test for BN_bn2dec.
This would have caught 099e2968ed. This is
a port of the test added in
https://boringssl.googlesource.com/boringssl/+/7c040756178e14a4d181b6d93abb3827c93189c4

Reviewed-by: Emilia Käsper <emilia@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1496)
2016-09-26 11:03:37 -04:00
Matt Caswell
84d5549e69 Add a test for large messages
Ensure that we send a large message during the test suite.

Reviewed-by: Emilia Käsper <emilia@openssl.org>
2016-09-26 08:52:48 +01:00
Rich Salz
f3b3d7f003 Add -Wswitch-enum
Change code so when switching on an enumeration, have case's for all
enumeration values.

Reviewed-by: Andy Polyakov <appro@openssl.org>
2016-09-22 08:36:26 -04:00
Matt Caswell
ba881d3b39 Add some more OCSP testing
Test that the OCSP callbacks work as expected.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-09-22 09:27:45 +01:00
Richard Levitte
780bbb96bf test/x509aux.c: Fix argv loop
There are cases when argc is more trustable than proper argv termination.
Since we trust argc in all other test programs, we might as well treat it
the same way in this program.

Reviewed-by: Matt Caswell <matt@openssl.org>
2016-09-21 16:19:22 +02:00
Matt Caswell
08029dfa03 Convert WPACKET_put_bytes to use convenience macros
All the other functions that take an argument for the number of bytes
use convenience macros for this purpose. We should do the same with
WPACKET_put_bytes().

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-09-20 14:47:44 +01:00
Richard Levitte
057c676afb Fix no-ocsp
Some compilers complain about unused variables, and some tests do
not run well without OCSP.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-09-19 15:08:58 +02:00
Richard Levitte
49681ae147 Test the new SHA256 and SHA512 based password generation options
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-09-14 18:02:29 +02:00
Matt Caswell
869d0a37cf Encourage use of the macros for the various "sub" functions
Don't call WPACKET_sub_memcpy(), WPACKET_sub_allocation_bytes() and
WPACKET_start_sub_packet_len() directly.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-09-14 00:02:34 +01:00
Matt Caswell
c9216d1485 Make wpackettest conform to style rules
Remove extra indentation at the start of an "if".

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-09-14 00:02:34 +01:00
Matt Caswell
b2b3024e0e Add a WPACKET_sub_allocate_bytes() function
Updated the construction code to use the new function. Also added some
convenience macros for WPACKET_sub_memcpy().

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-09-14 00:02:34 +01:00
Richard Levitte
497f3bf9a7 Add a test for 'openssl passwd'
Also, enlarge test group 20 to include openssl commands that aren't
tested otherwise

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-09-14 00:30:50 +02:00
Matt Caswell
de451856f0 Address WPACKET review comments
A few style tweaks here and there. The main change is that curr and
packet_len are now offsets into the buffer to account for the fact that
the pointers can change if the buffer grows. Also dropped support for the
WPACKET_set_packet_len() function. I thought that was going to be needed
but so far it hasn't been. It doesn't really work any more due to the
offsets change.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-09-13 09:41:21 +01:00
Matt Caswell
d6c4cc2939 Add tests for the WPACKET implementation
The tests will only work in no-shared builds because WPACKET is an
internal only API that does not get exported by the shared library.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-09-13 09:41:21 +01:00
Richard Levitte
77a42b5f17 Correct detection of group end in map file when testing symbol presence
Reviewed-by: Matt Caswell <matt@openssl.org>
2016-09-06 00:48:13 +02:00
Richard Levitte
377ab6d183 Move 05-test_fuzz.t to 90-test_fuzz.t
This adheres much better to the documentation in test/README

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-09-01 21:05:34 +02:00
Richard Levitte
a5e1f1230e Revert "Make it possible to disable fuzz testing"
This reverts commit eb40eaed72.

Reviewed-by: Emilia Käsper <emilia@openssl.org>
2016-09-01 20:58:40 +02:00
Richard Levitte
90aeaf6bce Add a more versatile test chooser
So far, the test runner (test/run_tests.pl) could get a list of tests
to run, and if non were given, it assumes all available tests should
be performed.

However, that makes skipping just one or two tests a bit of a pain.
This change makes the possibilities more versatile, run_checker.pl
takes these arguments and will process them in the given order,
starting with an empty set of tests to perform:

    alltests            The current set becomes the whole set of
                        available tests.
    test_xxx            Adds 'test_xxx' to the current set.
    -test_xxx           Removes 'test_xxx' from the current set.  If
                        nothing has been added to the set before this
                        argument, the current set is first initialised
                        to the whole set of available tests, then
                        'test_xxx' is removed from the current set.
    list                Display all available tests, then stop.

If no arguments are given, 'alltests' is assumed.

Reviewed-by: Emilia Käsper <emilia@openssl.org>
2016-09-01 20:58:40 +02:00
Richard Levitte
eb40eaed72 Make it possible to disable fuzz testing
These tests take a very long time on some platforms, and arent't
always strictly necessary.  This makes it possible to turn them
off.  The necessary binaries are still built, though, in case
someone still wants to do a manual run.

Reviewed-by: Andy Polyakov <appro@openssl.org>
2016-08-31 17:43:51 +02:00
Matt Caswell
767ccc3b77 Add some CertStatus tests
The previous commit revealed a long standing problem where CertStatus
processing was broken in DTLS. This would have been revealed by better
testing - so add some!

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-08-30 14:49:10 +01:00
Matt Caswell
bee5ee5f06 Fix uninit read in sslapitest
msan detected an uninit read.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-08-25 15:58:53 +01:00
Andy Polyakov
fb5d9f1db5 Windows: UTF-8 opt-in for command-line arguments and console input.
User can make Windows openssl.exe to treat command-line arguments
and console input as UTF-8 By setting OPENSSL_WIN32_UTF8 environment
variable (to any value). This is likely to be required for data
interchangeability with other OSes and PKCS#12 containers generated
with Windows CryptoAPI.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-08-25 11:56:28 +01:00
Matt Caswell
0a307450bf Fix no-ec2m
The new curves test did not take into account no-ec2m

Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-08-24 14:44:19 +01:00
Rich Salz
d33726b92e To avoid SWEET32 attack, move 3DES to weak
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
2016-08-24 14:05:52 +01:00
Andy Polyakov
652c52a602 80-test_pkcs12.t: skip the test on Windows with non-Greek locale.
Test doesn't work on Windows with non-Greek locale, because of
Win32 perl[!] limitation, not OpenSSL. For example it passes on
Cygwin and MSYS...

Reviewed-by: Matt Caswell <matt@openssl.org>
2016-08-23 21:05:04 +01:00
Matt Caswell
61884b8140 Fix bio_enc_test
There was a block of code at the start that used the Camellia cipher. The
original idea behind this was to fill the buffer with non-zero data so that
oversteps can be detected. However this block failed when using no-camellia.
This has been replaced with a RAND_bytes() call.

I also updated the the CTR test section, since it seems to be using a CBC
cipher instead of a CTR cipher.

Reviewed-by: Andy Polyakov <appro@openssl.org>
2016-08-23 09:24:29 +01:00
Kurt Roeckx
b1b22b0b77 Test the support curves in tls
Reviewed-by: Rich Salz <rsalz@openssl.org>
GH: #1472
2016-08-22 22:13:04 +02:00
Matt Caswell
1c55e372b9 Fix no-des
The PKCS12 command line utility is not available if no-des is used.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-08-22 16:39:28 +01:00
Rich Salz
464d59a5bb RT2676: Reject RSA eponent if even or 1
Also, re-organize RSA check to use goto err.
Add a test case.
Try all checks, not just stopping at first (via Richard Levitte)

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-08-22 11:25:12 -04:00
Kazuki Yamaguchi
0110a47036 Fix a memory leak in EC_GROUP_get_ecparameters()
The variable 'buffer', allocated by EC_POINT_point2buf(), isn't
free'd on the success path.

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
2016-08-22 15:10:03 +01:00
Matt Caswell
fe34735c19 Choose a ciphersuite for testing that won't be affected by "no-*" options
The previous ciphersuite broke in no-ec builds.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-08-22 13:52:02 +01:00
Richard Levitte
1c288878af ssltestlib: Tell compiler we don't care about the value when we don't
In mempacket_test_read(), we've already fetched the top value of the
stack, so when we shift the stack, we don't care for the value.  The
compiler needs to be told, or it will complain harshly when we tell it
to be picky.

Reviewed-by: Matt Caswell <matt@openssl.org>
2016-08-22 14:02:31 +02:00
Andy Polyakov
1194ea8dc3 crypto/pkcs12: facilitate accessing data with non-interoperable password.
Originally PKCS#12 subroutines treated password strings as ASCII.
It worked as long as they were pure ASCII, but if there were some
none-ASCII characters result was non-interoperable. But fixing it
poses problem accessing data protected with broken password. In
order to make asscess to old data possible add retry with old-style
password.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-08-22 13:52:59 +02:00
Andy Polyakov
70bf33d182 Add PKCS#12 UTF-8 interoperability test.
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-08-22 13:52:51 +02:00
Andy Polyakov
e6ed2b9108 Add test/bio_enc_test.c.
RT#4628

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-08-21 23:34:26 +02:00
Richard Levitte
0556f2aa43 MEMPACKET is typedef'd in ssltestlib.h, don't do so again in ssltestlib.c
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-08-19 17:17:20 +02:00
Matt Caswell
52a03d2a5e Fix some clang warnings
Clang was complaining about some unused functions. Moving the stack
declaration to the header seems to sort it. Also the certstatus variable
in dtlstest needed to be declared static.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-08-19 13:52:40 +01:00
Matt Caswell
ac9fc67a48 Add DTLS replay protection test
Injects a record from epoch 1 during epoch 0 handshake, with a record
sequence number in the future, to test that the record replay protection
feature works as expected. This is described more fully in the next commit.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-08-19 13:52:40 +01:00
Matt Caswell
6fc1748ec6 Add a DTLS unprocesed records test
Add a test to inject a record from the next epoch during the handshake and
make sure it doesn't get processed immediately.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-08-19 13:52:40 +01:00
Matt Caswell
b4982125e6 Split create_ssl_connection()
Split the create_ssl_connection() helper function into two steps: one to
create the SSL objects, and one to actually create the connection. This
provides the ability to make changes to the SSL object before the
connection is actually made.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-08-19 13:52:40 +01:00
Matt Caswell
d82dec40ba Add a DTLS packet mem BIO
This adds a BIO similar to a normal mem BIO but with datagram awareness.
It also has the capability to inject additional packets at arbitrary
locations into the BIO, for testing purposes.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-08-19 13:52:40 +01:00
Matt Caswell
d9a2e90bce Add a (D)TLS dumper BIO
Dump out the records passed over the BIO. Only works for DTLS at the
moment but could easily be extended to TLS.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-08-19 13:52:40 +01:00