Commit graph

1449 commits

Author SHA1 Message Date
Richard Levitte
e72040c1dc Remove heartbeat support
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1669)
2016-11-13 16:24:02 -05:00
Matthias Kraft
af5883fec9 Solution proposal for issue #1647.
Avoid a memory alignment issue.

Signed-off-by: Matthias Kraft <Matthias.Kraft@softwareag.com>
CLA: trivial
Reviewed-by: Andy Polyakov <appro@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1650)
2016-11-12 22:26:20 -05:00
Matt Caswell
b4eee58a5f Fix test_sslcorrupt when using TLSv1.3
The test loops through all the ciphers, attempting to test each one in turn.
However version negotiation happens before cipher selection, so with TLSv1.3
switched on if we use a non-TLSv1.3 compatible cipher suite we get "no
share cipher".

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-11-10 15:51:11 +00:00
Richard Levitte
cf551a51d2 Link internal tests with static OpenSSL libraries when needed
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1889)
2016-11-10 15:51:43 +01:00
Richard Levitte
42e055e124 Fix no-ct in test/ct_test.c
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1890)
2016-11-10 15:49:22 +01:00
Matt Caswell
f07d639edf Fix the no-tls option
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-11-10 13:04:11 +00:00
Richard Levitte
9d7ce8d42b Fix no-cms (CVE-2016-7053)
Reviewed-by: Matt Caswell <matt@openssl.org>
2016-11-10 13:04:11 +00:00
Andy Polyakov
70d8b304d0 test/evptests.txt: add negative tests for AEAD ciphers.
This is done by taking one vector, "corrupting" last bit of the
tag value and verifying that decrypt fails.

Reviewed-by: Emilia Käsper <emilia@openssl.org>
2016-11-10 13:04:11 +00:00
Andy Polyakov
c5a569927f test: add TLS application data corruption test.
Reviewed-by: Emilia Käsper <emilia@openssl.org>
2016-11-10 13:04:11 +00:00
Dr. Stephen Henson
a378a46985 add test for CVE-2016-7053
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-11-10 13:04:11 +00:00
Andy Polyakov
dca2e0ee17 test/bntest.c: regression test for CVE-2016-7055.
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-11-10 10:30:49 +00:00
Richard Levitte
dfbdf4abb7 Fix the evp_test Ctrl keyword processing
Skip the test if the value after ":" is a disabled algorithm, rather
than failing it

Reviewed-by: Matt Caswell <matt@openssl.org>
2016-11-10 10:19:27 +00:00
Richard Levitte
586b79d888 Fix no-dso (shlibloadtest)
Reviewed-by: Matt Caswell <matt@openssl.org>
2016-11-10 10:12:00 +00:00
Matt Caswell
54682aa357 Give the test with only TLS1.1 and TLS1.0 a better name
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-11-09 16:03:09 +00:00
Matt Caswell
17d01b4201 Add some more version tests
Send a TLS1.4 ClientHello with supported_versions and get TLS1.3
Send a TLS1.3 ClientHello without supported_versions and get TLS1.2

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-11-09 16:03:09 +00:00
Matt Caswell
7b21c00e1c Look at the supported_versions extension even if the server <TLS1.3
If supported_versions is present it takes precedence.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-11-09 16:03:08 +00:00
Matt Caswell
203b1cdf73 Add a test for the supported_versions extension
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-11-09 16:03:08 +00:00
Matt Caswell
cd99883755 Add server side support for supported_versions extension
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-11-09 16:03:08 +00:00
Emilia Kasper
e364c3b24e Add main() test methods to reduce test boilerplate.
Simple tests only need to implement register_tests().
Tests that need a custom main() should implement test_main(). This will
be wrapped in a main() that performs common setup/teardown (currently
crypto-mdebug).

Note that for normal development, enable-asan is usually
sufficient for detecting leaks, and more versatile.

enable-crypto-mdebug is stricter as it will also
insist that all static variables be freed. This is useful for debugging
library init/deinit; however, it also means that test_main() must free
everything it allocates.

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-11-09 16:07:16 +01:00
EasySec
7380737d77 dtl_mtu_test doesn't follow BIO_* conventions and make Windows build fail
Reviewed-by: Kurt Roeckx <kurt@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-11-09 15:54:41 +01:00
Matt Caswell
134bfe56c4 Add a test for the TLS1.3 secret generation
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-11-09 14:08:14 +00:00
Matt Caswell
9b36b7d9bd Add support for initialising WPACKETs from a static buffer
Normally WPACKETs will use a BUF_MEM which can grow as required. Sometimes
though that may be overkill for what is needed - a static buffer may be
sufficient. This adds that capability.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-11-09 10:36:54 +00:00
Matt Caswell
ddd2c38917 Following the changes to HKDF to accept a mode, add some tests for this
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-11-09 10:36:54 +00:00
David Benjamin
f320555735 Improve RSA test coverage.
MD5/SHA1 and MDC-2 have special-case logic beyond the generic DigestInfo
wrapping. Test that each of these works, including hash and length
mismatches (both input and signature). Also add VerifyRecover tests. It
appears 5824cc2981 added support for
VerifyRecover, but forgot to add the test data.

Reviewed-by: Kurt Roeckx <kurt@roeckx.be>
Reviewed-by: Rich Salz <rsalz@openssl.org>

GH: #1474
2016-11-07 21:05:09 +01:00
David Benjamin
608a026494 Implement RSASSA-PKCS1-v1_5 as specified.
RFC 3447, section 8.2.2, steps 3 and 4 states that verifiers must encode
the DigestInfo struct and then compare the result against the public key
operation result. This implies that one and only one encoding is legal.

OpenSSL instead parses with crypto/asn1, then checks that the encoding
round-trips, and allows some variations for the parameter. Sufficient
laxness in this area can allow signature forgeries, as described in
https://www.imperialviolet.org/2014/09/26/pkcs1.html

Although there aren't known attacks against OpenSSL's current scheme,
this change makes OpenSSL implement the algorithm as specified. This
avoids the uncertainty and, more importantly, helps grow a healthy
ecosystem. Laxness beyond the spec, particularly in implementations
which enjoy wide use, risks harm to the ecosystem for all. A signature
producer which only tests against OpenSSL may not notice bugs and
accidentally become widely deployed. Thus implementations have a
responsibility to honor the specification as tightly as is practical.

In some cases, the damage is permanent and the spec deviation and
security risk becomes a tax all implementors must forever pay, but not
here. Both BoringSSL and Go successfully implemented and deployed
RSASSA-PKCS1-v1_5 as specified since their respective beginnings, so
this change should be compatible enough to pin down in future OpenSSL
releases.

See also https://tools.ietf.org/html/draft-thomson-postel-was-wrong-00

As a bonus, by not having to deal with sign/verify differences, this
version is also somewhat clearer. It also more consistently enforces
digest lengths in the verify_recover codepath. The NID_md5_sha1 codepath
wasn't quite doing this right.

Reviewed-by: Kurt Roeckx <kurt@roeckx.be>
Reviewed-by: Rich Salz <rsalz@openssl.org>

GH: #1474
2016-11-07 21:04:54 +01:00
Emilia Kasper
d836d71b2d Simplify tests part 2
1) Remove some unnecessary fixtures
2) Add EXECUTE_TEST_NO_TEARDOWN shorthand when a fixture exists but has
no teardown.
3) Fix return values in ct_test.c (introduced by an earlier refactoring,
oops)

Note that for parameterized tests, the index (test vector) usually holds all the
customization, and there should be no need for a separate test
fixture. The CTS test is an exception: it demonstrates how to combine
customization with parameterization.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-11-07 16:55:16 +01:00
Matt Caswell
8e47ee18c8 Add a test for the wrong version number in a record
Prior to TLS1.3 we check that the received record version number is correct.
In TLS1.3 we need to ignore the record version number. This adds a test to
make sure we do it correctly.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-11-07 15:52:33 +00:00
Matt Caswell
185c29b14e test_sslcbcpadding only makes sense <TLS1.3
We may get failures if we run it in TLS1.3, and it makes no sense anyway
so force TLS1.2

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-11-07 15:52:33 +00:00
Richard Levitte
c76da13cd9 constant time test: include our internal/numbers.h rather than limits.h
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1856)
2016-11-05 11:38:29 +01:00
Richard Levitte
b93cb1657a Correct internal tests sources
The sources for internal tests were sometimes badly formed, assuming
perl variables such as $target{cpuid_asm_src} contains only one file
name.  This change correctly massages all file names in such a
variable.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1850)
2016-11-04 15:37:13 +01:00
Emilia Kasper
308b876da9 Don't create fixtures for simple tests
The test fixtures are (meant to be) useful for sharing common
setup. Don't bother when we don't have any setup/teardown.

This only addresses simple tests. Parameterized tests (ADD_ALL_TESTS)
will be made more user-friendly in a follow-up.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-11-04 15:05:37 +01:00
Emilia Kasper
6ec327eed6 testutil: always print errors on failure
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-11-04 15:05:29 +01:00
Matt Caswell
be2ef0e2e3 Test the size_t constant time functions
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-11-04 12:09:46 +00:00
Matt Caswell
a1ca39c02c Remove an unused field in ossl_shim
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-11-04 10:38:54 +00:00
Matt Caswell
e8585479a1 Add a wildcard exception for TLS13 tests
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-11-04 10:38:54 +00:00
Matt Caswell
92ab7db6f8 Swap header copyrights to standard OpenSSL
As per permission from Google (Emilia).

Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-11-04 10:38:54 +00:00
Matt Caswell
bc708af4b0 Add missing bn.h include
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-11-04 10:38:54 +00:00
Matt Caswell
b289bff830 Update the BoringSSL suppressions file based on the latest shim
The updated shim has the ability to skip tests using unimplemented flags.
This should reduce the number of test failures.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-11-04 10:38:54 +00:00
Matt Caswell
1669b7b587 Rename BoringSSL style OPENSSL_WINDOWS to OPENSSL_SYS_WINDOWS
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-11-04 10:38:54 +00:00
Matt Caswell
1c8235c9b3 Fix a code inconsistency
Move from two ifs to a single one with an &&

Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-11-04 10:38:54 +00:00
Matt Caswell
fc237de7ff Remove some #if 0'd out code
It was only a sanity check anyway, so isn't needed

Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-11-04 10:38:54 +00:00
Matt Caswell
0abcaddfcb Removed scoped_types.h
It is no longer used (replaced with bssl:UniquePtr)

Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-11-04 10:38:54 +00:00
Matt Caswell
aedf33aed5 Remove some flags that are unused in the shim
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-11-04 10:38:54 +00:00
Matt Caswell
06e452fbc1 Use the -allow-unimplemented feature of the BoringSSL runner
That way we can remove flags that we don't support

Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-11-04 10:38:54 +00:00
Matt Caswell
8beda2c12d Remove unused BoringSSL specific flags
We will rely on the -allow-unimplemented feature instead.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-11-04 10:38:54 +00:00
Matt Caswell
5b2d35c344 Remove some unreferenced fields from TestState
They were there for BoringSSL only features which are not relevant to us.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-11-04 10:38:54 +00:00
Matt Caswell
2fd0dfd9f6 Remove some #if 0'd out code
It was just a sanity check and isn't needed

Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-11-04 10:38:54 +00:00
Matt Caswell
da88e88a79 Fix argument order in documentation
git clone has the directory name last

Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-11-04 10:38:54 +00:00
Matt Caswell
d664ff498c Remove test/ossl_shim/Makefile
This Makefile was temporary. Building ossl_shim has now been integrated into
to the build system.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-11-04 10:38:54 +00:00
Matt Caswell
5227337a7c Add documentation on the BoringSSL test suite integration
Added the file README.external which describes how to build and run OpenSSL
to use the BoringSSL test suite. Also updated INSTALL to point to it.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-11-04 10:38:54 +00:00
Matt Caswell
4d040e283e Fix some unused variable warnings in ossl_shim
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-11-04 10:38:54 +00:00
Matt Caswell
9e663b1371 Add a comment to 90-test_external.t to explain why we need filter_run
Also rename executable to cmd...otherwise it breaks!

Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-11-04 10:38:54 +00:00
Richard Levitte
d5df08afb4 Convert 90-test_external.t to using "executable" rather than "system"
Use the newly added "executable" function rather than "system". Also filter
the output to add a prefix to every line so that the "ok" doesn't confuse
Test::More

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
2016-11-04 10:38:54 +00:00
Matt Caswell
ce2596d404 Control building of ossl_shim through Configure
Don't build ossl_shim by default. Switch it on through
enable-external-tests.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-11-04 10:38:54 +00:00
Richard Levitte
cfa7697986 Integrate ossl_shim into the build
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
2016-11-04 10:38:54 +00:00
Matt Caswell
50b014e4c6 Add a shim config file
This just disables all tests that fail at the moment. Over time we will
want to go over these and figure out why they are failing (and fix them if
appropriate)

Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-11-04 10:38:54 +00:00
Matt Caswell
7b73b7beda Rebase shim against latest boringssl code
Numerous conflicts resolved. rebase was against commit 490469f850.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-11-04 10:38:54 +00:00
Matt Caswell
8c6c5077b2 Add a test to call the BoringSSL test suite
This adds a test to the OpenSSL test suite to invoke the BoringSSL test
suite.

It assumes you have already compiled the ossl_shim (see previous commit).
It also assumes that you have an environment variable BORING_RUNNER_DIR
set up to point to the ssl/test/runner directory of a checkout of BoringSSL.

This has only been tested with a very old version of BoringSSL (from commit
f277add6c) - since that was the last known checkout where the shim compiles
successfully. Even with that version of BoringSSL this test will fail. There
are lots of Boring tests that are failing for various reasons. Some might
be due to bugs in OpenSSL, some might be due to features that BoringSSL has
that OpenSSL doesn't, some are due to assumptions about the way BoringSSL
behaves that are not true for OpenSSL etc.

To get the verbose BoringSSL test output, run like this:

VERBOSE=1 BORING_RUNNER_DIR=/path/to/boring/ssl/test/runner make \
TESTS="test_external" test

Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-11-04 10:38:54 +00:00
Matt Caswell
eef977aa0e Integrate BoringSSL shim
The BoringSSL test suite contains numerous tests which OpenSSL does not.

The BoringSSL test runner uses a shim to launch the library and execute the
tests. This is a version of the BoringSSL shim converted to compile against
OpenSSL instead.

This is primarily based on the work of David Benjamin from the BoringSSL
project who did most of the necessary conversion. It also includes a few
other tweaks for opacity changes etc.

This is based on a *very* old version of BoringSSL from commit f277add6c.
That was the last commit known to work with this patched shim. Later
versions may also work but lots of merge conflicts occur when trying to
bring it up to date.

At the moment this has not been integrated into the build system. There is
a very simple standalone makefile in the ossl_shim directory which should
be executed directly before tyring to use the shim.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-11-04 10:38:54 +00:00
Richard Levitte
62dd3351a1 Don't assume to know the shared library extension
test/shlibloadtest.c assumes all Unix style platforms use .so as
shared library extension.  This is not the case for Mac OS X, which
uses .dylib.  Instead of this, have the test recipe find out the
extension from configuration data.

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1844)
2016-11-04 00:19:14 +01:00
Richard Levitte
3b0478fe03 test/shlibloadtest: small fixes
- Make sure to initialise SHLIB variables
- Make sure to make local variables static

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1838)
2016-11-03 16:21:36 +01:00
Richard Levitte
59cec20e78 Finally, add a test recipe for the internal tests
Reviewed-by: Emilia Käsper <emilia@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1789)
2016-11-03 13:15:40 +01:00
Richard Levitte
97f1e97114 Convert mdc2 test print to internal test
Reviewed-by: Emilia Käsper <emilia@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1789)
2016-11-03 13:13:31 +01:00
Richard Levitte
f12d6273a5 Convert x509 selftests to internal test
Reviewed-by: Emilia Käsper <emilia@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1789)
2016-11-03 13:13:31 +01:00
Richard Levitte
f2ae2348ce Convert modes selftests (cts128 and gcm128) to internal test
Reviewed-by: Emilia Käsper <emilia@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1789)
2016-11-03 13:13:31 +01:00
Richard Levitte
2c16617148 Convert asn1 selftests (a_strnid and ameth_lib) into internal test
Reviewed-by: Emilia Käsper <emilia@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1789)
2016-11-03 13:13:31 +01:00
Richard Levitte
b5b7c61fe3 Explain the deal with internal test programs
Reviewed-by: Emilia Käsper <emilia@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1789)
2016-11-03 13:13:31 +01:00
Richard Levitte
aeac218372 Convert poly1305 selftest into internal test
Reviewed-by: Emilia Käsper <emilia@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1789)
2016-11-03 13:13:31 +01:00
Richard Levitte
9c89c8460a test/build.info: typo, $ missing
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1832)
2016-11-03 11:31:12 +01:00
Matt Caswell
b987d748e4 Add a test to dynamically load and unload the libraries
This should demonstrate that the atexit() handling is working properly (or
at least not crashing) on process exit.

Reviewed-by: Tim Hudson <tjh@openssl.org>
2016-11-02 23:32:50 +00:00
Matt Caswell
1f3e70a450 Add a test for unrecognised record types
We should fail if we receive an unrecognised record type

Reviewed-by: Tim Hudson <tjh@openssl.org>
2016-11-02 23:22:48 +00:00
Richard Levitte
2c4a3f938c Test recipes: remove duplicate OpenSSL::Test usage
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1815)
2016-11-02 18:14:04 +01:00
Matt Caswell
7856332e8c Add a read_ahead test
This test checks that read_ahead works correctly when dealing with large
records.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-11-02 16:47:14 +00:00
David Woodhouse
02e22dd444 Add test cases for DTLS_get_data_mtu()
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
2016-11-02 14:00:11 +00:00
David Woodhouse
542dd9c587 Add unit test for ssl_cipher_get_overhead()
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
2016-11-02 14:00:11 +00:00
Matt Caswell
837e591d42 Enable TLSProxy to talk TLS1.3
Now that ossltest knows about a TLS1.3 cipher we can now do TLS1.3 in
TLSProxy

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-11-02 13:28:21 +00:00
Matt Caswell
84a6833658 Update Configure to know about tls1_3
Also we disable TLS1.3 by default (use enable-tls1_3 to re-enable). This is
because this is a WIP and will not be interoperable with any other TLS1.3
implementation.

Finally, we fix some tests that started failing when TLS1.3 was disabled by
default.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-11-02 13:08:21 +00:00
Matt Caswell
582a17d662 Add the SSL_METHOD for TLSv1.3 and all other base changes required
Includes addition of the various options to s_server/s_client. Also adds
one of the new TLS1.3 ciphersuites.

This isn't "real" TLS1.3!! It's identical to TLS1.2 apart from the protocol
and the ciphersuite...and the ciphersuite is just a renamed TLS1.2 one (not
a "real" TLS1.3 ciphersuite).

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-11-02 13:08:21 +00:00
Emilia Kasper
ffd3d0ef34 TEST_check macro: don't end with semi
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-11-02 11:34:25 +01:00
Matt Caswell
a34ac5b8b9 Add a test for BIO_read() returning 0 in SSL_read() (and also for write)
A BIO_read() 0 return indicates that a failure occurred that may be
retryable. An SSL_read() 0 return indicates a non-retryable failure. Check
that if BIO_read() returns 0, SSL_read() returns <0. Same for SSL_write().

The asyncio test filter BIO already returns 0 on a retryable failure so we
build on that.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-10-28 09:13:49 +01:00
Richard Levitte
e972273194 OpenSSL::Test - small fixup
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1686)
2016-10-19 17:14:33 +02:00
Richard Levitte
753663a9e5 OpenSSL::Test cleanup - no forward declarations needed
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1686)
2016-10-19 17:14:33 +02:00
Richard Levitte
28e0f6eb7e Add documentation of internal OpenSSL::Test functions
Also, fix __wrap_cmd so it doesn't return unnecessary empty strings

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1686)
2016-10-19 17:14:33 +02:00
Richard Levitte
9ddf67f34d Make OpenSSL::Test a bit more flexible
So far, apps and test programs, were a bit rigidely accessible as
executables or perl scripts.  But what about scripts in some other
language?  Or what about running entirely external programs?  The
answer is certainly not to add new functions to access scripts for
each language or wrapping all the external program calls in our magic!

Instead, this adds a new functions, cmd(), which is useful to access
executables and scripts in a more generalised manner.  app(), test(),
fuzz(), perlapp() and perltest() are rewritten in terms of cmd(), and
serve as examples how to do something similar for other scripting
languages, or constrain the programs to certain directories.

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1686)
2016-10-19 17:14:33 +02:00
Dr. Stephen Henson
4a4c4bf06d Add memory leak detection to d2i_test
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1707)
2016-10-13 19:26:58 +01:00
FdaSilvaYY
32804b04b8 Fix copy-paste test labels
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-10-13 13:40:19 +02:00
David Benjamin
609b0852e4 Remove trailing whitespace from some files.
The prevailing style seems to not have trailing whitespace, but a few
lines do. This is mostly in the perlasm files, but a few C files got
them after the reformat. This is the result of:

  find . -name '*.pl' | xargs sed -E -i '' -e 's/( |'$'\t'')*$//'
  find . -name '*.c' | xargs sed -E -i '' -e 's/( |'$'\t'')*$//'
  find . -name '*.h' | xargs sed -E -i '' -e 's/( |'$'\t'')*$//'

Then bn_prime.h was excluded since this is a generated file.

Note mkerr.pl has some changes in a heredoc for some help output, but
other lines there lack trailing whitespace too.

Reviewed-by: Kurt Roeckx <kurt@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
2016-10-10 23:36:21 +01:00
Ben Laurie
c1eba83fa0 Don't use DES when disabled.
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-10-02 11:19:29 +01:00
Dr. Stephen Henson
198d805900 Add SRP test vectors from RFC5054
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-10-01 13:46:54 +01:00
Dr. Stephen Henson
adffae15d3 add item list support to d2i_test
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-09-29 16:21:46 +01:00
Matt Caswell
55386bef80 Fix no-dtls
The new large message test in sslapitest needs OPENSSL_NO_DTLS guards

Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-09-29 09:52:31 +01:00
Matt Caswell
f9b1b6644a Add DTLS renegotiation tests
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-09-28 09:15:07 +01:00
Matt Caswell
fe7dd55341 Extend the renegotiation tests
Add the ability to test both server initiated and client initiated reneg.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-09-28 09:15:07 +01:00
Matt Caswell
1329b952a6 Update README.ssltest.md
Add update for testing renegotiation. Also change info on CTLOG_FILE
environment variable - which always seems to be required.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-09-28 09:15:07 +01:00
Matt Caswell
e42c4544c8 Add support for testing renegotiation
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-09-28 09:15:07 +01:00
David Benjamin
243ecf19dd Add missing parameter.
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
2016-09-26 23:10:29 +01:00
David Benjamin
f3ea8d7708 Switch back to assuming TLS 1.2.
The TLSProxy::Record->new call hard-codes a version, like
70-test_sslrecords.t.

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
2016-09-26 23:10:29 +01:00
David Benjamin
3058b74266 Address review comments.
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
2016-09-26 23:10:29 +01:00
David Benjamin
5cf6d7c51f Don't test quite so many of them.
Avoid making the CI blow up.

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
2016-09-26 23:10:29 +01:00
David Benjamin
8523288e6d Test CBC mode padding.
This is a regression test for
https://github.com/openssl/openssl/pull/1431. It tests a
maximally-padded record with each possible invalid offset.

This required fixing a bug in Message.pm where the client sending a
fatal alert followed by close_notify was still treated as success.

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
2016-09-26 23:10:29 +01:00
Matt Caswell
fa454945cf Fix some mem leaks in sslapitest
A mem leak could occur on an error path. Also the mempacket BIO_METHOD
needs to be cleaned up, because of the newly added DTLS test.

Also fixed a double semi-colon in ssltestlib.c

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-09-26 17:26:50 +01:00
David Benjamin
8ff70f3326 Add a basic test for BN_bn2dec.
This would have caught 099e2968ed. This is
a port of the test added in
https://boringssl.googlesource.com/boringssl/+/7c040756178e14a4d181b6d93abb3827c93189c4

Reviewed-by: Emilia Käsper <emilia@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1496)
2016-09-26 11:03:37 -04:00
Matt Caswell
84d5549e69 Add a test for large messages
Ensure that we send a large message during the test suite.

Reviewed-by: Emilia Käsper <emilia@openssl.org>
2016-09-26 08:52:48 +01:00
Rich Salz
f3b3d7f003 Add -Wswitch-enum
Change code so when switching on an enumeration, have case's for all
enumeration values.

Reviewed-by: Andy Polyakov <appro@openssl.org>
2016-09-22 08:36:26 -04:00
Matt Caswell
ba881d3b39 Add some more OCSP testing
Test that the OCSP callbacks work as expected.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-09-22 09:27:45 +01:00
Richard Levitte
780bbb96bf test/x509aux.c: Fix argv loop
There are cases when argc is more trustable than proper argv termination.
Since we trust argc in all other test programs, we might as well treat it
the same way in this program.

Reviewed-by: Matt Caswell <matt@openssl.org>
2016-09-21 16:19:22 +02:00
Matt Caswell
08029dfa03 Convert WPACKET_put_bytes to use convenience macros
All the other functions that take an argument for the number of bytes
use convenience macros for this purpose. We should do the same with
WPACKET_put_bytes().

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-09-20 14:47:44 +01:00
Richard Levitte
057c676afb Fix no-ocsp
Some compilers complain about unused variables, and some tests do
not run well without OCSP.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-09-19 15:08:58 +02:00
Richard Levitte
49681ae147 Test the new SHA256 and SHA512 based password generation options
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-09-14 18:02:29 +02:00
Matt Caswell
869d0a37cf Encourage use of the macros for the various "sub" functions
Don't call WPACKET_sub_memcpy(), WPACKET_sub_allocation_bytes() and
WPACKET_start_sub_packet_len() directly.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-09-14 00:02:34 +01:00
Matt Caswell
c9216d1485 Make wpackettest conform to style rules
Remove extra indentation at the start of an "if".

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-09-14 00:02:34 +01:00
Matt Caswell
b2b3024e0e Add a WPACKET_sub_allocate_bytes() function
Updated the construction code to use the new function. Also added some
convenience macros for WPACKET_sub_memcpy().

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-09-14 00:02:34 +01:00
Richard Levitte
497f3bf9a7 Add a test for 'openssl passwd'
Also, enlarge test group 20 to include openssl commands that aren't
tested otherwise

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-09-14 00:30:50 +02:00
Matt Caswell
de451856f0 Address WPACKET review comments
A few style tweaks here and there. The main change is that curr and
packet_len are now offsets into the buffer to account for the fact that
the pointers can change if the buffer grows. Also dropped support for the
WPACKET_set_packet_len() function. I thought that was going to be needed
but so far it hasn't been. It doesn't really work any more due to the
offsets change.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-09-13 09:41:21 +01:00
Matt Caswell
d6c4cc2939 Add tests for the WPACKET implementation
The tests will only work in no-shared builds because WPACKET is an
internal only API that does not get exported by the shared library.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-09-13 09:41:21 +01:00
Richard Levitte
77a42b5f17 Correct detection of group end in map file when testing symbol presence
Reviewed-by: Matt Caswell <matt@openssl.org>
2016-09-06 00:48:13 +02:00
Richard Levitte
377ab6d183 Move 05-test_fuzz.t to 90-test_fuzz.t
This adheres much better to the documentation in test/README

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-09-01 21:05:34 +02:00
Richard Levitte
a5e1f1230e Revert "Make it possible to disable fuzz testing"
This reverts commit eb40eaed72.

Reviewed-by: Emilia Käsper <emilia@openssl.org>
2016-09-01 20:58:40 +02:00
Richard Levitte
90aeaf6bce Add a more versatile test chooser
So far, the test runner (test/run_tests.pl) could get a list of tests
to run, and if non were given, it assumes all available tests should
be performed.

However, that makes skipping just one or two tests a bit of a pain.
This change makes the possibilities more versatile, run_checker.pl
takes these arguments and will process them in the given order,
starting with an empty set of tests to perform:

    alltests            The current set becomes the whole set of
                        available tests.
    test_xxx            Adds 'test_xxx' to the current set.
    -test_xxx           Removes 'test_xxx' from the current set.  If
                        nothing has been added to the set before this
                        argument, the current set is first initialised
                        to the whole set of available tests, then
                        'test_xxx' is removed from the current set.
    list                Display all available tests, then stop.

If no arguments are given, 'alltests' is assumed.

Reviewed-by: Emilia Käsper <emilia@openssl.org>
2016-09-01 20:58:40 +02:00
Richard Levitte
eb40eaed72 Make it possible to disable fuzz testing
These tests take a very long time on some platforms, and arent't
always strictly necessary.  This makes it possible to turn them
off.  The necessary binaries are still built, though, in case
someone still wants to do a manual run.

Reviewed-by: Andy Polyakov <appro@openssl.org>
2016-08-31 17:43:51 +02:00
Matt Caswell
767ccc3b77 Add some CertStatus tests
The previous commit revealed a long standing problem where CertStatus
processing was broken in DTLS. This would have been revealed by better
testing - so add some!

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-08-30 14:49:10 +01:00
Matt Caswell
bee5ee5f06 Fix uninit read in sslapitest
msan detected an uninit read.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-08-25 15:58:53 +01:00
Andy Polyakov
fb5d9f1db5 Windows: UTF-8 opt-in for command-line arguments and console input.
User can make Windows openssl.exe to treat command-line arguments
and console input as UTF-8 By setting OPENSSL_WIN32_UTF8 environment
variable (to any value). This is likely to be required for data
interchangeability with other OSes and PKCS#12 containers generated
with Windows CryptoAPI.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-08-25 11:56:28 +01:00
Matt Caswell
0a307450bf Fix no-ec2m
The new curves test did not take into account no-ec2m

Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-08-24 14:44:19 +01:00
Rich Salz
d33726b92e To avoid SWEET32 attack, move 3DES to weak
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
2016-08-24 14:05:52 +01:00
Andy Polyakov
652c52a602 80-test_pkcs12.t: skip the test on Windows with non-Greek locale.
Test doesn't work on Windows with non-Greek locale, because of
Win32 perl[!] limitation, not OpenSSL. For example it passes on
Cygwin and MSYS...

Reviewed-by: Matt Caswell <matt@openssl.org>
2016-08-23 21:05:04 +01:00
Matt Caswell
61884b8140 Fix bio_enc_test
There was a block of code at the start that used the Camellia cipher. The
original idea behind this was to fill the buffer with non-zero data so that
oversteps can be detected. However this block failed when using no-camellia.
This has been replaced with a RAND_bytes() call.

I also updated the the CTR test section, since it seems to be using a CBC
cipher instead of a CTR cipher.

Reviewed-by: Andy Polyakov <appro@openssl.org>
2016-08-23 09:24:29 +01:00
Kurt Roeckx
b1b22b0b77 Test the support curves in tls
Reviewed-by: Rich Salz <rsalz@openssl.org>
GH: #1472
2016-08-22 22:13:04 +02:00
Matt Caswell
1c55e372b9 Fix no-des
The PKCS12 command line utility is not available if no-des is used.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-08-22 16:39:28 +01:00
Rich Salz
464d59a5bb RT2676: Reject RSA eponent if even or 1
Also, re-organize RSA check to use goto err.
Add a test case.
Try all checks, not just stopping at first (via Richard Levitte)

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-08-22 11:25:12 -04:00
Kazuki Yamaguchi
0110a47036 Fix a memory leak in EC_GROUP_get_ecparameters()
The variable 'buffer', allocated by EC_POINT_point2buf(), isn't
free'd on the success path.

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
2016-08-22 15:10:03 +01:00
Matt Caswell
fe34735c19 Choose a ciphersuite for testing that won't be affected by "no-*" options
The previous ciphersuite broke in no-ec builds.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-08-22 13:52:02 +01:00
Richard Levitte
1c288878af ssltestlib: Tell compiler we don't care about the value when we don't
In mempacket_test_read(), we've already fetched the top value of the
stack, so when we shift the stack, we don't care for the value.  The
compiler needs to be told, or it will complain harshly when we tell it
to be picky.

Reviewed-by: Matt Caswell <matt@openssl.org>
2016-08-22 14:02:31 +02:00
Andy Polyakov
1194ea8dc3 crypto/pkcs12: facilitate accessing data with non-interoperable password.
Originally PKCS#12 subroutines treated password strings as ASCII.
It worked as long as they were pure ASCII, but if there were some
none-ASCII characters result was non-interoperable. But fixing it
poses problem accessing data protected with broken password. In
order to make asscess to old data possible add retry with old-style
password.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-08-22 13:52:59 +02:00
Andy Polyakov
70bf33d182 Add PKCS#12 UTF-8 interoperability test.
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-08-22 13:52:51 +02:00
Andy Polyakov
e6ed2b9108 Add test/bio_enc_test.c.
RT#4628

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-08-21 23:34:26 +02:00
Richard Levitte
0556f2aa43 MEMPACKET is typedef'd in ssltestlib.h, don't do so again in ssltestlib.c
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-08-19 17:17:20 +02:00
Matt Caswell
52a03d2a5e Fix some clang warnings
Clang was complaining about some unused functions. Moving the stack
declaration to the header seems to sort it. Also the certstatus variable
in dtlstest needed to be declared static.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-08-19 13:52:40 +01:00
Matt Caswell
ac9fc67a48 Add DTLS replay protection test
Injects a record from epoch 1 during epoch 0 handshake, with a record
sequence number in the future, to test that the record replay protection
feature works as expected. This is described more fully in the next commit.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-08-19 13:52:40 +01:00
Matt Caswell
6fc1748ec6 Add a DTLS unprocesed records test
Add a test to inject a record from the next epoch during the handshake and
make sure it doesn't get processed immediately.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-08-19 13:52:40 +01:00
Matt Caswell
b4982125e6 Split create_ssl_connection()
Split the create_ssl_connection() helper function into two steps: one to
create the SSL objects, and one to actually create the connection. This
provides the ability to make changes to the SSL object before the
connection is actually made.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-08-19 13:52:40 +01:00
Matt Caswell
d82dec40ba Add a DTLS packet mem BIO
This adds a BIO similar to a normal mem BIO but with datagram awareness.
It also has the capability to inject additional packets at arbitrary
locations into the BIO, for testing purposes.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-08-19 13:52:40 +01:00
Matt Caswell
d9a2e90bce Add a (D)TLS dumper BIO
Dump out the records passed over the BIO. Only works for DTLS at the
moment but could easily be extended to TLS.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-08-19 13:52:40 +01:00
Emilia Kasper
15269e5654 Add more details on how to add a new SSL test
Reviewed-by: Stephen Henson <steve@openssl.org>
2016-08-19 14:50:25 +02:00
Emilia Kasper
dd8e5a5732 Test that the peers send at most one fatal alert
Duplicate alerts have happened, see
70c22888c1

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-08-18 12:49:32 +02:00
Emilia Kasper
6dc9974547 Port multi-buffer tests
Make maximum fragment length configurable and add various fragmentation
tests, in addition to the existing multi-buffer tests.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-08-18 12:46:00 +02:00
FdaSilvaYY
cc69629626 Constify char* input parameters in apps code
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
2016-08-17 17:09:19 +01:00
Matt Caswell
48593cb12a Convert SSL_SESSION* functions to use const getters
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
Reviewed-by: Stephen Henson <steve@openssl.org>
2016-08-16 23:36:28 +01:00
FdaSilvaYY
69b86d4b98 two typo fixes
Reviewed-by: Emilia Käsper <emilia@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1461)
2016-08-16 15:51:58 -04:00
Andy Polyakov
f4941736a9 test/ssl_test.tmpl: make it work with elderly perl.
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-08-16 12:43:44 +02:00
Emilia Kasper
e0421bd8b2 SSL tests: send some application data
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-08-16 11:00:15 +02:00
Matt Caswell
bb982ce753 Remove a stray unneeded line in 70-test_sslrecords.t
Reviewed-by: Tim Hudson <tjh@openssl.org>
2016-08-15 23:14:30 +01:00
Matt Caswell
a2a0c86bb0 Add some SSLv2 ClientHello tests
Test that we handle a TLS ClientHello in an SSLv2 record correctly.

Reviewed-by: Tim Hudson <tjh@openssl.org>
2016-08-15 23:14:30 +01:00
Rob Percival
a1bb7708ce Improves CTLOG_STORE setters
Changes them to have clearer ownership semantics, as suggested in
https://github.com/openssl/openssl/pull/1372#discussion_r73232196.

Reviewed-by: Emilia Käsper <emilia@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1408)
2016-08-15 12:56:47 -04:00
Richard Levitte
a0ef6bb687 Skip the SRP tests in 80-test_ssl_old.t if no TLS versions is enabled
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-08-15 17:16:47 +02:00
Dr. Stephen Henson
10f8d0eaa5 Update X25519 key format in evptests.txt
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-08-13 14:11:05 +01:00
Rich Salz
ce7a2232f8 Check for bad filename in evp_test
Thanks to Brian Carpter for reporting this.

Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
2016-08-12 14:04:53 -04:00
Emilia Kasper
be82f7b320 Don't attempt to load the CT log list with no-ec
In practice, CT isn't really functional without EC anyway, as most logs
use EC keys. So, skip loading the log list with no-ec, and skip CT tests
completely in that conf.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-08-10 18:46:06 +02:00
Rich Salz
2301d91dd5 Change callers to use the new constants.
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1429)
2016-08-10 10:07:37 -04:00
Emilia Kasper
2f35e6a3eb Gracefully free a NULL HANDSHAKE_RESULT
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-08-10 14:41:21 +02:00
Emilia Kasper
d61f00780a Add TEST_check
Like OPENSSL_assert, but also prints the error stack before exiting.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-08-10 14:41:21 +02:00
Emilia Kasper
da085d273c SSL tests: port CT tests, add a few more
This commit only ports existing tests, and adds some coverage for
resumption. We don't appear to have any handshake tests that cover SCT
validation success, and this commit doesn't change that.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-08-10 14:41:21 +02:00
Emilia Kasper
6bd3379a58 SSL test ctx: fix tests
Some failure tests were failing for the wrong reason after the CTX
refactoring. Update those tests.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-08-10 14:41:21 +02:00
David Woodhouse
eb633d03fe Kill PACKET_starts() from bad_dtls_test
As discussed in PR#1409 it can be done differently.

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
2016-08-10 12:50:51 +01:00
David Woodhouse
c14e790d6c Fix clienthellotest to use PACKET functions
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
2016-08-10 12:50:51 +01:00
Emilia Kasper
2ac6bdc029 NPN and ALPN: test resumption
In NPN and ALPN, the protocol is renegotiated upon resumption. Test that
resumption picks up changes to the extension.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-08-08 15:14:52 +02:00
Emilia Kasper
7b7cea6d71 Fix ALPN tests when NPN is off
OPENSSL_NO_NEXTPROTONEG only disables NPN, not ALPN

Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-08-08 12:19:31 +02:00
Emilia Kasper
9f48bbacd8 Reorganize SSL test structures
Move custom server and client options from the test dictionary to an
"extra" section of each server/client. Rename test expectations to say
"Expected".

This is a big but straightforward change. Primarily, this allows us to
specify multiple server and client contexts without redefining the
custom options for each of them. For example, instead of
"ServerNPNProtocols", "Server2NPNProtocols", "ResumeServerNPNProtocols",
we now have, "NPNProtocols".

This simplifies writing resumption and SNI tests. The first application
will be resumption tests for NPN and ALPN.

Regrouping the options also makes it clearer which options apply to the
server, which apply to the client, which configure the test, and which
are test expectations.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-08-08 12:06:26 +02:00
klemens
6025001707 spelling fixes, just comments and readme.
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1413)
2016-08-05 19:07:30 -04:00
Richard Levitte
5cdad22f3e Move the building of test/buildtest_*. to be done unconditionally
These were guarded by $disabled{tests}.  However, 'tests' is disabled
if we configure 'no-stdio', which means that we don't detect the lack
of OPENSSL_NO_STDIO guards in our public header files.  So we move the
generation and build of test/buildtest_*.c to be unconditional.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-08-05 21:17:05 +02:00
Richard Levitte
9cc76cc40a VMS: Fix building of bad_dtls_test
Reviewed-by: Tim Hudson <tjh@openssl.org>
2016-08-05 10:14:56 +02:00
David Woodhouse
16938284cf Add basic test for Cisco DTLS1_BAD_VER and record replay handling
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
2016-08-04 20:56:24 +01:00
Richard Levitte
f37c159aed 80-test_ssl_new.t: only skip on $no_tls if no other skip conditions defined
Reviewed-by: Matt Caswell <matt@openssl.org>
2016-08-02 13:27:39 +02:00
Richard Levitte
f4947bf10e In 80-test_ssl_new, more "plan tests" to a more useful position
Reviewed-by: Matt Caswell <matt@openssl.org>
2016-08-02 11:37:38 +02:00
Matt Caswell
ee94aeee7d Fix tests for no-nextprotoneg
Fix the 80-test_ssl_test_ctx and 80-test_ssl_new tests when used with the
no-nextprotoneg option

Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-08-02 10:19:56 +01:00
Ben Laurie
620c6ad312 Fix various no-*s.
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-08-01 11:30:33 +01:00
Andy Polyakov
382bb0b294 test/smcont.txt: trigger assertion in bio_enc.c.
Reviewed-by: Stephen Henson <steve@openssl.org>
2016-07-31 17:03:17 +02:00
Matt Caswell
0fae81501a Fix bogus warnings
Fix some bogus "may be used uninitialized" warnings on some compilers.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-07-30 10:38:28 +01:00
Matt Caswell
65e2d67254 Simplify and rename SSL_set_rbio() and SSL_set_wbio()
SSL_set_rbio() and SSL_set_wbio() are new functions in 1.1.0 and really
should be called SSL_set0_rbio() and SSL_set0_wbio(). The old
implementation was not consistent with what "set0" means though as there
were special cases around what happens if the rbio and wbio are the same.
We were only ever taking one reference on the BIO, and checking everywhere
whether the rbio and wbio are the same so as not to double free.

A better approach is to rename the functions to SSL_set0_rbio() and
SSL_set0_wbio(). If an existing BIO is present it is *always* freed
regardless of whether the rbio and wbio are the same or not. It is
therefore the callers responsibility to ensure that a reference is taken
for *each* usage, i.e. one for the rbio and one for the wbio.

The legacy function SSL_set_bio() takes both the rbio and wbio in one go
and sets them both. We can wrap up the old behaviour in the implementation
of that function, i.e. previously if the rbio and wbio are the same in the
call to this function then the caller only needed to ensure one reference
was passed. This behaviour is retained by internally upping the ref count.

This commit was inspired by BoringSSL commit f715c423224.

RT#4572

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-07-29 14:09:57 +01:00
Matt Caswell
9a7169870e Add some SSL BIO tests
This adds some simple SSL BIO tests that check for pushing and popping of
BIOs into the chain. These tests would have caught the bugs fixed in the
previous three commits, if combined with a crypto-mdebug build.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-07-29 14:09:57 +01:00
Matt Caswell
7fb4c82035 Add a test for SSL_set_bio()
The SSL_set_bio() function has some complicated ownership rules. This adds a
test to make sure it all works as expected.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-07-29 14:09:57 +01:00
Matt Caswell
80f397e2c6 Fix no-tls1_2
Misc fixes impacting no-tls1_2. Also fixes no-dtls1_2.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-07-25 08:24:32 +01:00
Matt Caswell
3e82ae573a Fix no-dtls*
Also fixes some other options like no-dgram and no-sock.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-07-25 08:24:32 +01:00
Matt Caswell
49dadc1cb7 Fix no-ct
Ensure that we don't build/run the ct fuzzing code if no-ct is used.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-07-25 08:18:14 +01:00
Emilia Kasper
d0c4415de5 SSL tests: compress generated output a little
Don't emit duplicate server/client sections when they are
identical. Instead, just point to the same section.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-07-22 15:54:26 +02:00
Emilia Kasper
d972af2b5e Make boolean SSL test conf values case-insensitive
Undo review mistake: I changed the wrong strcmp in a previous pull
request. Add test.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-07-22 15:54:12 +02:00
Emilia Kasper
11279b13f5 Test client-side resumption
Add tests for resuming with a different client version.

This happens in reality when clients persist sessions on disk through
upgrades.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-07-21 15:44:36 +02:00
Emilia Kasper
590ed3d7ea SSL test framework: port resumption tests
Systematically test every server-side version downgrade or upgrade.

Client version upgrade or downgrade could be tested analogously but will
be done in a later change.

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
2016-07-20 13:55:53 +02:00
FdaSilvaYY
e8aa8b6c8f Fix a few if(, for(, while( inside code.
Fix some indentation at the same time

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1292)
2016-07-20 07:21:53 -04:00
FdaSilvaYY
1c72f70df4 Use more X509_REQ_get0_pubkey & X509_get0_pubkey
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1284)
2016-07-20 01:35:38 -04:00
Matt Caswell
df0aa7770e Fix building with no-cms
The new fuzzing code broke no-cms

Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-07-19 14:01:33 +01:00
Emilia Kasper
ce2cdac278 SSL test framework: port NPN and ALPN tests
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-07-19 14:17:48 +02:00
Matt Caswell
eaa776da07 Add more session tests
Add some more tests for sessions following on from the previous commit
to ensure the callbacks are called when appropriate.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-07-19 12:08:49 +01:00
Richard Levitte
7218ae5134 Use _NO_INST in some build.info files
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-07-18 20:49:54 +02:00
Matt Caswell
1b5c44b810 Fix client auth test_ssl_new failures when enabling/disabling protocols
If configuring for anything other than the default TLS protocols then
test failures were occuring.

Reviewed-by: Emilia Käsper <emilia@openssl.org>
2016-07-18 14:30:14 +01:00
Matt Caswell
10e6d23549 Fix SSLv3 ClientAuth alert checking
In TLS during ClientAuth if the CA is not recognised you should get an
UnknownCA alert. In SSLv3 this does not exist and you should get a
BadCertificate alert.

Reviewed-by: Emilia Käsper <emilia@openssl.org>
2016-07-18 14:30:14 +01:00
Matt Caswell
78cbe94f89 Fix Client Auth tests
The Client Auth tests were not correctly setting the Protocol, so that this
aspect had no effect. It was testing the same thing lots of times for
TLSv1.2 every time.

Reviewed-by: Emilia Käsper <emilia@openssl.org>
2016-07-18 14:30:14 +01:00
Dr. Stephen Henson
d166ed8c11 check return values for EVP_Digest*() APIs
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-07-15 14:09:05 +01:00
Viktor Dukhovni
5ae4ceb92c Perform DANE-EE(3) name checks by default
In light of potential UKS (unknown key share) attacks on some
applications, primarily browsers, despite RFC761, name checks are
by default applied with DANE-EE(3) TLSA records.  Applications for
which UKS is not a problem can optionally disable DANE-EE(3) name
checks via the new SSL_CTX_dane_set_flags() and friends.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-07-12 10:16:34 -04:00
Dr. Stephen Henson
d83b7e1a58 Extend mkcert.sh to support nameConstraints generation and more complex
subject alternate names.

Add nameConstraints tests incluing DNS, IP and email tests both in
subject alt name extension and subject name.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-07-11 23:30:04 +01:00
Rich Salz
cc75cbc4ed Platform sanity test
Replace nptest with sanity test.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-07-08 15:56:55 -04:00
Andy Polyakov
f1f5ee17b6 include/openssl: don't include <windows.h> in public headers.
If application uses any of Windows-specific interfaces, make it
application developer's respondibility to include <windows.h>.
Rationale is that <windows.h> is quite "toxic" and is sensitive
to inclusion order (most notably in relation to <winsock2.h>).
It's only natural to give complete control to the application developer.

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
2016-07-08 11:49:44 +02:00
Matt Caswell
fe964f0c88 Use the SSL_METHODs passed to create_ssl_ctx_pair()
Don't use hardcoded SSL_METHODs!

Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-07-01 23:23:16 +01:00
Richard Levitte
0483f58652 Simplify INCLUDE statements in build.info files
Now that INCLUDE considers both the source and build trees, no need
for the rel2abs perl fragment hacks any more.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-07-01 18:36:08 +02:00
Kurt Roeckx
a05b0bcf87 Re-add x509 and crl fuzzer
Reviewed-by: Rich Salz <rsalz@openssl.org>

GH: #1276
2016-07-01 17:02:33 +02:00
Ben Laurie
90d28f0519 Run the fuzzing corpora as tests.
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-07-01 13:45:45 +01:00
Kurt Cancemi
8a3c000c8f Fix hmac test case 6
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1267)
2016-06-30 08:52:37 -04:00
FdaSilvaYY
6b4a77f56e Whitespace cleanup in apps
Reviewed-by: Andy Polyakov <appro@openssl.org>
Reviewed-by: Kurt Roeckx <kurt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1264)
2016-06-29 09:56:39 -04:00
FdaSilvaYY
9d22666eb8 Spelling
Reviewed-by: Andy Polyakov <appro@openssl.org>
Reviewed-by: Kurt Roeckx <kurt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1264)
2016-06-29 09:56:39 -04:00
Emilia Kasper
d2b23cd2b0 SSL test framework: port SNI tests
Observe that the old tests were partly ill-defined:
setting sn_server1 but not sn_server2 in ssltest_old.c does not enable
the SNI callback.

Fix this, and also explicitly test both flavours of SNI mismatch (ignore
/ fatal alert). Tests still pass.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-06-28 17:26:24 +02:00
Matt Caswell
c3fd55d4a6 Add a test for fragmented alerts
The previous commit fixed a problem where fragmented alerts would cause an
infinite loop. This commit adds a test for these fragmented alerts.

Reviewed-by: Andy Polyakov <appro@openssl.org>
2016-06-27 14:51:03 +01:00
Matt Caswell
a6211814c4 Add a getter to obtain the HMAC_CTX md
As a result of opaque HMAC_CTX apps need a getter for the HMAC_CTX md.

GitHub Issue #1152

Reviewed-by: Tim Hudson <tjh@openssl.org>
2016-06-24 13:22:40 +01:00
Rich Salz
fe2d149119 RT2867: des_ede3_cfb1 ignored "size in bits" flag
Code and tests by Steve.

Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-06-23 10:03:50 -04:00
Viktor Dukhovni
615dd78b72 Drop extraneous printf argument in mkcert.sh
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-06-23 23:40:29 +10:00
Dr. Stephen Henson
b58614d7f5 Fix generation of expired CA certificate.
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-06-22 23:23:09 +01:00
Richard Levitte
768a3eca39 OpenSSL::Test: Fix directory calculations in __cwd()
The previous fix contained a mistake, where any absolute path in
%directories would be cleared away instead of just being left alone.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-06-22 22:24:07 +02:00
Andy Polyakov
eeac54ef6d crypto/cryptlib.c: omit OPENSSL_ia32cap_loc().
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-06-22 20:20:37 +02:00
Richard Levitte
3da9eeb158 OpenSSL::Test: Fix directory calculations in __cwd()
We recalculate the location of the directories we keep track of.
However, we did so after having moved to the new directory already, so
the data we did the calculations from were possibly not quite correct.

This change moves the calculations to happen before moving to the new
directory.

This issue is sporadic, and possibly dependent on the platform.

Reviewed-by: Matt Caswell <matt@openssl.org>
2016-06-21 14:52:34 +02:00
Richard Levitte
aa951ef3d7 Add verification of proxy certs to 25-test_verify.t
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Stephen Henson <steve@openssl.org>
2016-06-20 21:34:37 +02:00
Richard Levitte
8dfb2021d1 Create some proxy certificates
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Stephen Henson <steve@openssl.org>
2016-06-20 21:34:37 +02:00
Richard Levitte
71c8cd2085 Make it possible to generate proxy certs with test/certs/mkcert.sh
This extends 'req' to take more than one DN component, and to take
them as full DN components and not just CN values.  All other commands
are changed to pass "CN = $cn" instead of just a CN value.

This adds 'genpc', which differs from the other 'gen*' commands by not
calling 'req', and expect the result from 'req' to come through stdin.

Finally, test/certs/setup.sh gets the commands needed to generate a
few proxy certificates.

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Stephen Henson <steve@openssl.org>
2016-06-20 21:34:37 +02:00
Emilia Kasper
9267c11bb5 Make DSA_SIG and ECDSA_SIG getters const.
Reorder arguments to follow convention.

Also allow r/s to be NULL in DSA_SIG_get0, similarly to ECDSA_SIG_get0.

This complements GH1193 which adds non-const setters.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-06-20 14:58:36 +02:00
Rob Percival
876a1a83ad Tests should check validation status directly
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
2016-06-20 11:54:56 +01:00
Rob Percival
4fc31f7583 Test SCT lists
This encompasses what was previously tested.

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
2016-06-20 11:31:04 +01:00
FdaSilvaYY
93b8981d89 Useless includes
Reviewed-by: Kurt Roeckx <kurt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1168)
2016-06-18 16:30:24 -04:00
Rich Salz
d3b64b89ed Fix GCC build; make update; fix number re-use
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-06-16 15:48:03 -04:00
Matt Caswell
b02b574317 Skip the TLSProxy tests if environmental problems are an issue
On some platforms we can't startup the TLSProxy due to environmental
problems (e.g. network set up on the build machine). These aren't OpenSSL
problems so we shouldn't treat them as test failures. Just visibly
indicate that we are skipping the test.

We only skip the first time we attempt to start up the proxy. If that works
then everything else should do...if not we should probably investigate and
so report as a failure.

This also removes test_networking...there is a danger that this turns into
a test of user's environmental set up rather than OpenSSL.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-06-16 16:32:14 +01:00
Matt Caswell
b84e12266f Fix the build and tests following constification of DH, DSA, RSA
Misc fixes following the constification of the DH, DSA and RSA
getters.

Reviewed-by: Stephen Henson <steve@openssl.org>
2016-06-16 13:34:44 +01:00
Andy Polyakov
cc77d0d84a modes/asm/ghashp8-ppc.pl: improve performance by 2.7x.
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-06-14 23:28:39 +02:00
Andy Polyakov
74daca72a5 test/evptests.txt: add more XTS tests.
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-06-14 23:19:41 +02:00
Richard Levitte
a8c82fa00f Shorten some symbol names
VMS C doesn't allow symbols longer than 31 characters.  We do the
automatic shortening with the library files, but not otherwise (to
make sure to work the VMS C magic).

For consistency, I shortened other similar symbols in the same manner.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-06-14 00:44:29 +02:00
Matt Caswell
c887104f4a Update sslapitest to use the test framework
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-06-13 17:35:18 +01:00
Matt Caswell
2cb4b5f63a Add some session API tests
This commit adds some session API tests, and in particular tests the
modified behaviour of SSL_set_session() introduced in the last commit. To
do this I have factored out some common code from the asynciotest into a
new ssltestlib.c file. I've also renamed getsettest to sslapitest as this
more closely matches what it now is!

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-06-13 17:35:18 +01:00
Emilia Kasper
b02929802c SSL test: only write out server2 when testing SNI
The SNI tests introduced a redundant "server2" section into every test
configuration. Copy this automatically from "server" unless testing SNI,
to reduce noise in the generated confs.

Also remove duplicate SSL_TEST_CTX_create (merge conflict error).

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-06-13 18:31:33 +02:00
Matt Caswell
25b9d11c00 Handle inability to create AFALG socket
Some Linux platforms have a suitably recent kernel to support AFALG, but
apparently you still can't actually create an afalg socket. This extends
the afalg_chk_platform() function to additionally check whether we can
create an AFALG socket. We also amend the afalgtest to not report a
failure to load the engine as a test failure. A failure to load is almost
certainly due to platform environmental issues, and not an OpenSSL problem.

RT 4434

Reviewed-by: Andy Polyakov <appro@openssl.org>
2016-06-13 17:28:40 +01:00
Emilia Kasper
74726750ef Port DTLS version negotiation tests
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-06-13 16:13:13 +02:00
Emilia Kasper
81fc33c951 Clean up following new SNI tests
- Only send SNI in SNI tests. This allows us to test handshakes without
  the SNI extension as well.
- Move all handshake-specific machinery to handshake_helper.c
- Use enum types to represent the enum everywhere
  (Resorting to plain ints can end in sign mismatch when the enum is
  represented by an unsigned type.)

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-06-13 16:03:06 +02:00
Rich Salz
a7be5759cf RT3809: basicConstraints is critical
This is really a security bugfix, not enhancement any more.
Everyone knows critical extensions.

Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
2016-06-13 09:18:22 -04:00
Matt Caswell
73159f403e Fix no-dtls* builds
Most of the no-dtls* builds were failing due to one test which had an
incorrect "skip" condition.

Reviewed-by: Andy Polyakov <appro@openssl.org>
2016-06-10 15:53:21 +01:00
Emilia Kasper
1e2012b7ff RT 4242: reject invalid EC point coordinates
We already test in EC_POINT_oct2point that points are on the curve. To
be on the safe side, move this check to
EC_POINT_set_affine_coordinates_* so as to also check point coordinates
received through some other method.

We do not check projective coordinates, though, as
- it's unlikely that applications would be receiving this primarily
  internal representation from untrusted sources, and
- it's possible that the projective setters are used in a setting where
  performance matters.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-06-09 23:58:20 +02:00
Todd Short
5c753de668 Fix session ticket and SNI
When session tickets are used, it's possible that SNI might swtich the
SSL_CTX on an SSL. Normally, this is not a problem, because the
initial_ctx/session_ctx are used for all session ticket/id processes.

However, when the SNI callback occurs, it's possible that the callback
may update the options in the SSL from the SSL_CTX, and this could
cause SSL_OP_NO_TICKET to be set. If this occurs, then two bad things
can happen:

1. The session ticket TLSEXT may not be written when the ticket expected
flag is set. The state machine transistions to writing the ticket, and
the client responds with an error as its not expecting a ticket.
2. When creating the session ticket, if the ticket key cb returns 0
the crypto/hmac contexts are not initialized, and the code crashes when
trying to encrypt the session ticket.

To fix 1, if the ticket TLSEXT is not written out, clear the expected
ticket flag.
To fix 2, consider a return of 0 from the ticket key cb a recoverable
error, and write a 0 length ticket and continue. The client-side code
can explicitly handle this case.

Fix these two cases, and add unit test code to validate ticket behavior.

Reviewed-by: Emilia Käsper <emilia@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1098)
2016-06-09 13:07:51 -04:00
Jeffrey Walton
2a7de0fd5d Fixes to get -ansi working
Various fixes to get the following to compile:

./config no-asm -ansi -D_DEFAULT_SOURCE

RT4479
RT4480

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
2016-06-08 20:18:04 +01:00
Rich Salz
e417070c9f Add some accessor API's
GH1098: Add X509_get_pathlen() (and a test)
GH1097:  Add SSL_is_dtls() function.

Documented.

Reviewed-by: Matt Caswell <matt@openssl.org>
2016-06-08 11:37:06 -04:00
Matt Caswell
4f0c475719 Add empty record tests
The previous commit changed how we handle out-of-context empty records.
This commit adds some tests for the various scenarios. There are three
tests:
1: Check that if we inject an out-of-context empty record then we fail
2: Check that if we inject an in-context empty record then we succeed
3: Check that if we inject too many in-context empty records then we fail.

Reviewed-by: Andy Polyakov <appro@openssl.org>
2016-06-07 22:07:36 +01:00
Matt Caswell
f44310e9ce Add a BN_mod_word test()
The previous commit fixed a bug with BN_mod_word() which would have been
caught if we had a test for it. This commit adds one.

Reviewed-by: Andy Polyakov <appro@openssl.org>
2016-06-07 21:55:31 +01:00
Matt Caswell
8f09ba471c Add an SSL get/set test
We just do the getters/setter for tlsext_status_type. This could be extended
for others in the future.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-06-07 17:05:52 +01:00
Richard Levitte
81b538e51e tests: fix the shutting up of the shell
If we're going to redirect STDERR and STDOUT, it's better to do it by
the book.  This fix is a straight copy of examples in the perlfunc
manual.

Reviewed-by: Matt Caswell <matt@openssl.org>
2016-06-06 15:51:35 +02:00
Matt Caswell
5584f65a10 Deprecate the flags that switch off constant time
The flags RSA_FLAG_NO_CONSTTIME, DSA_FLAG_NO_EXP_CONSTTIME and
DH_FLAG_NO_EXP_CONSTTIME which previously provided the ability to switch
off the constant time implementation for RSA, DSA and DH have been made
no-ops and deprecated.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-06-06 11:09:06 +01:00
Richard Levitte
78e91586fb tests: Shut the shell up unless verbose
In rare cases, the shell we run test programs in may have complaints.
Shut those up unless testing verbosely.

Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
2016-06-06 10:03:01 +02:00
Viktor Dukhovni
501d53c600 Silence misleading test_abort stderr output
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-06-05 12:06:02 -04:00