openssl

Author	SHA1	Message	Date
Kurt Roeckx	e512840d7a	Make the predictable numbers start from 1 There is code that retries calling RAND_bytes() until it gets something other than 0, which just hangs if we always return 0. Reviewed-by: Rich Salz <rsalz@openssl.org> GH: #2041	2016-12-08 19:06:18 +01:00
Kurt Roeckx	231f13370b	Make asn1 fuzzer more reproducible Reviewed-by: Rich Salz <rsalz@openssl.org> GH: #2041	2016-12-08 19:06:17 +01:00
Matt Caswell	7d152a3c4f	Fix the declaration of tls_parse_extension in statem_locl.h Perl changes reviewed by Richard Levitte. Non-perl changes reviewed by Rich Salz Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org>	2016-12-08 17:21:48 +00:00
Matt Caswell	625b0d514e	Fix a travis failure Travis was indicating a bogus uninit var warning. This fixes it. Perl changes reviewed by Richard Levitte. Non-perl changes reviewed by Rich Salz Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org>	2016-12-08 17:21:41 +00:00
Matt Caswell	9615387408	Fix various indentation The indentation was a bit off in some of the perl files following the extensions refactor. Perl changes reviewed by Richard Levitte. Non-perl changes reviewed by Rich Salz Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org>	2016-12-08 17:21:35 +00:00
Matt Caswell	1e566129ad	Move the checkhandshake.pm module into test/testlib Move this module into the same place as other test helper modules. It simplifies the code and keeps like things together. Perl changes reviewed by Richard Levitte. Non-perl changes reviewed by Rich Salz Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org>	2016-12-08 17:21:30 +00:00
Matt Caswell	7fe97c077b	Fix make update issues Various functions got renamed. We need to rename the error codes too. Perl changes reviewed by Richard Levitte. Non-perl changes reviewed by Rich Salz Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org>	2016-12-08 17:21:21 +00:00
Matt Caswell	ecc2f938cf	Fix more style issues following extensions refactor feedback Perl changes reviewed by Richard Levitte. Non-perl changes reviewed by Rich Salz Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org>	2016-12-08 17:21:15 +00:00
Matt Caswell	cbb0954471	Introduce TLSEXT_STATUSTYPE_nothing constant The existing code used the magic number -1 to represent the absence of a status_type in the extension. This commit replaces it with a macro. Perl changes reviewed by Richard Levitte. Non-perl changes reviewed by Rich Salz Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org>	2016-12-08 17:21:09 +00:00
Matt Caswell	d270de322c	Change TLSEXT_IDX_* values into an enum Perl changes reviewed by Richard Levitte. Non-perl changes reviewed by Rich Salz Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org>	2016-12-08 17:21:03 +00:00
Matt Caswell	1266eefdb6	Various style updates following extensions refactor Perl changes reviewed by Richard Levitte. Non-perl changes reviewed by Rich Salz Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org>	2016-12-08 17:20:58 +00:00
Matt Caswell	89247375ef	Fix travis mixed declarations and code error Perl changes reviewed by Richard Levitte. Non-perl changes reviewed by Rich Salz Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org>	2016-12-08 17:20:51 +00:00
Matt Caswell	14d21b690a	Suppress some BoringSSL test failures The external BoringSSL tests had some failures as a result of the extensions refactor. This was due to a deliberate relaxation of the duplicate extensions checking code. We now only check known extensions for duplicates. Unknown extensions are ignored. This is allowed behaviour, so we suppress those BoringSSL tests. Perl changes reviewed by Richard Levitte. Non-perl changes reviewed by Rich Salz Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org>	2016-12-08 17:20:45 +00:00
Matt Caswell	22ab4b7dd3	Correct imports for checkhandshake module Ensure the tests can find the checkhandshake module on all platforms Perl changes reviewed by Richard Levitte. Non-perl changes reviewed by Rich Salz Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org>	2016-12-08 17:20:39 +00:00
Matt Caswell	1b0286a385	Fix a memory leak When we call tls_collect_extensions() we need to free up the raw extensions data later. Perl changes reviewed by Richard Levitte. Non-perl changes reviewed by Rich Salz Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org>	2016-12-08 17:20:34 +00:00
Matt Caswell	7caf619f1a	Add some extra key_share tests Check that the extension framework properly handles extensions specific to a protocol version Perl changes reviewed by Richard Levitte. Non-perl changes reviewed by Rich Salz Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org>	2016-12-08 17:20:28 +00:00
Matt Caswell	a1448c26d2	Remove some spurious whitespace Perl changes reviewed by Richard Levitte. Non-perl changes reviewed by Rich Salz Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org>	2016-12-08 17:20:22 +00:00
Matt Caswell	bc34928188	Add a renegotiation test Make sure we did not break the unsafe legacy reneg checks with the extension work. Perl changes reviewed by Richard Levitte. Non-perl changes reviewed by Rich Salz Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org>	2016-12-08 17:20:16 +00:00
Matt Caswell	60ea0034b8	Add more extension tests to test_sslmessages Perl changes reviewed by Richard Levitte. Non-perl changes reviewed by Rich Salz Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org>	2016-12-08 17:20:09 +00:00
Matt Caswell	f50306c298	Merge common code between test_tls13messages and test_sslmessages Perl changes reviewed by Richard Levitte. Non-perl changes reviewed by Rich Salz Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org>	2016-12-08 17:19:58 +00:00
Matt Caswell	6ca94f1058	Add extension tests in test_sslmessages Perl changes reviewed by Richard Levitte. Non-perl changes reviewed by Rich Salz Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org>	2016-12-08 17:19:52 +00:00
Matt Caswell	2de94a3601	Enable status_request test in test_sslmessages The s_server option -status_file has been added so this test can be enabled. Perl changes reviewed by Richard Levitte. Non-perl changes reviewed by Rich Salz Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org>	2016-12-08 17:19:46 +00:00
Matt Caswell	d70bde8805	Fix a bug in TLSProxy where zero length messages were not being recorded Perl changes reviewed by Richard Levitte. Non-perl changes reviewed by Rich Salz Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org>	2016-12-08 17:19:38 +00:00
Matt Caswell	0bfe166b8f	Add a test to check messsages sent are the ones we expect Repeat for various handshake types Perl changes reviewed by Richard Levitte. Non-perl changes reviewed by Rich Salz Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org>	2016-12-08 17:19:28 +00:00
Matt Caswell	efab1586e0	Support renegotiation in TLSProxy Perl changes reviewed by Richard Levitte. Non-perl changes reviewed by Rich Salz Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org>	2016-12-08 17:19:22 +00:00
Matt Caswell	9ce3ed2a58	Add tests for new extension code Extend test_tls13messages to additionally check the expected extensions under different options given to s_client/s_server. Perl changes reviewed by Richard Levitte. Non-perl changes reviewed by Rich Salz Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org>	2016-12-08 17:19:16 +00:00
Matt Caswell	3434f40b6f	Split ServerHello extensions In TLS1.3 some ServerHello extensions remain in the ServerHello, while others move to the EncryptedExtensions message. This commit performs that move. Perl changes reviewed by Richard Levitte. Non-perl changes reviewed by Rich Salz Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org>	2016-12-08 17:19:11 +00:00
Matt Caswell	332eb39088	Move ServerHello extension parsing into the new extension framework Perl changes reviewed by Richard Levitte. Non-perl changes reviewed by Rich Salz Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org>	2016-12-08 17:19:04 +00:00
Matt Caswell	70af3d8ed7	Avoid repeatedly scanning the list of extensions Because extensions were keyed by type which is sparse, we were continually scanning the list to find the one we wanted. The way we stored them also had the side effect that we were running initialisers/finalisers in a different oder to the parsers. In this commit we change things so that we instead key on an index value for each extension. Perl changes reviewed by Richard Levitte. Non-perl changes reviewed by Rich Salz Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org>	2016-12-08 17:18:56 +00:00
Matt Caswell	24b8e4b2c8	Simplify ClientHello extension parsing Remove some functions that are no longer needed now that we have the new extension framework. Perl changes reviewed by Richard Levitte. Non-perl changes reviewed by Rich Salz Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org>	2016-12-08 17:18:51 +00:00
Matt Caswell	02f0274e8c	Move ALPN processing into an extension finalisation function Perl changes reviewed by Richard Levitte. Non-perl changes reviewed by Rich Salz Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org>	2016-12-08 17:18:46 +00:00
Matt Caswell	805a2e9e13	Provide server side extension init and finalisation functions Perl changes reviewed by Richard Levitte. Non-perl changes reviewed by Rich Salz Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org>	2016-12-08 17:18:40 +00:00
Matt Caswell	68db4ddab7	Add an extension initilisation and finalisation capability Perl changes reviewed by Richard Levitte. Non-perl changes reviewed by Rich Salz Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org>	2016-12-08 17:18:35 +00:00
Matt Caswell	ab83e31414	Move client construction of ClientHello extensions into new framework Perl changes reviewed by Richard Levitte. Non-perl changes reviewed by Rich Salz Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org>	2016-12-08 17:18:30 +00:00
Matt Caswell	6dd083fd68	Move client parsing of ServerHello extensions into new framework Perl changes reviewed by Richard Levitte. Non-perl changes reviewed by Rich Salz Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org>	2016-12-08 17:18:25 +00:00
Matt Caswell	e56c33b98b	Rename some functions The _clienthello_ in the extensions parsing functions is overly specific. Better to keep the convention to just _client_ Perl changes reviewed by Richard Levitte. Non-perl changes reviewed by Rich Salz Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org>	2016-12-08 17:18:18 +00:00
Matt Caswell	7da160b0f4	Move ServerHello extension construction into the new extensions framework This lays the foundation for a later move to have the extensions built and placed into the correct message for TLSv1.3 (e.g. ServerHello or EncryptedExtensions). Perl changes reviewed by Richard Levitte. Non-perl changes reviewed by Rich Salz Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org>	2016-12-08 17:18:12 +00:00
Matt Caswell	25670f3e87	Split extensions code into core extensions and server extensions code Later we will have client extensions code too. Perl changes reviewed by Richard Levitte. Non-perl changes reviewed by Rich Salz Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org>	2016-12-08 17:18:06 +00:00
Matt Caswell	4b299b8e17	Add extensions construction support Perl changes reviewed by Richard Levitte. Non-perl changes reviewed by Rich Salz Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org>	2016-12-08 17:18:00 +00:00
Matt Caswell	224135e96a	Continue the extensions refactor Add support for construction of extensions Perl changes reviewed by Richard Levitte. Non-perl changes reviewed by Rich Salz Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org>	2016-12-08 17:17:53 +00:00
Matt Caswell	6b473acabd	Refactor ClientHello extension parsing This builds on the work started in `1ab3836b3` and extends is so that each extension has its own identified parsing functions, as well as an allowed context identifying which messages and protocols it is relevant for. Subsequent commits will do a similar job for the ServerHello extensions. This will enable us to have common functions for processing extension blocks no matter which of the multiple messages they are received from. In TLSv1.3 a number of different messages have extension blocks, and some extensions have moved from one message to another when compared to TLSv1.2. Perl changes reviewed by Richard Levitte. Non-perl changes reviewed by Rich Salz Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org>	2016-12-08 17:17:45 +00:00
Matt Caswell	fadd9a1e2d	Verify that extensions are used in the correct context Perl changes reviewed by Richard Levitte. Non-perl changes reviewed by Rich Salz Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org>	2016-12-08 17:17:39 +00:00
Matt Caswell	91b60e2ab4	Add some missing extensions to SSL_extension_supported() Perl changes reviewed by Richard Levitte. Non-perl changes reviewed by Rich Salz Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org>	2016-12-08 17:17:33 +00:00
Matt Caswell	ede6f76203	Move tls_collect_extensions() into a separate file Subsequent commits will pull other extensions code into this file. Perl changes reviewed by Richard Levitte. Non-perl changes reviewed by Rich Salz Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org>	2016-12-08 17:17:26 +00:00
Matt Caswell	e46f233444	Add EncryptedExtensions message At this stage the message is just empty. We need to fill it in with extension data. Perl changes reviewed by Richard Levitte. Non-perl changes reviewed by Rich Salz Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org>	2016-12-08 17:17:12 +00:00
Matt Caswell	71728dd8aa	Send and Receive a TLSv1.3 format ServerHello There are some minor differences in the format of a ServerHello in TLSv1.3. Perl changes reviewed by Richard Levitte. Non-perl changes reviewed by Rich Salz Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org>	2016-12-08 17:16:23 +00:00
Richard Levitte	c901bccec6	UI_OpenSSL()'s session opener fails on MacOS X If on a non-tty stdin, TTY_get() will fail with errno == ENODEV. We didn't catch that. Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2039)	2016-12-08 13:37:48 +01:00
Richard Levitte	4984448648	In UI_OpenSSL's open(), generate an error on unknown errno TTY_get() sometimes surprises us with new errno values to determine if we have a controling terminal or not. This generated error is a helpful tool to figure out that this was what happened and what the unknown value is. Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2043)	2016-12-08 13:34:08 +01:00
Richard Levitte	57c0f378b8	Make sure that password_callback exercises UI Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2040)	2016-12-08 10:26:04 +01:00
Richard Levitte	17ac8eaf61	Add a test for the UI API The best way to test the UI interface is currently by using an openssl command that uses password_callback. The only one that does this is 'genrsa'. Since password_callback uses a UI method derived from UI_OpenSSL(), it ensures that one gets tested well enough as well. Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2040)	2016-12-08 00:34:47 +01:00

1 2 3 4 5 ...

18561 commits