RFC 7301 mandates that the server SHALL respond with a fatal
"no_application_protocol" alert when there is no overlap between
the client's supplied list and the server's list of supported protocols.
In commit 062178678f we changed from
ignoring non-success returns from the supplied alpn_select_cb() to
treating such non-success returns as indicative of non-overlap and
sending the fatal alert.
In effect, this is using the presence of an alpn_select_cb() as a proxy
to attempt to determine whether the application has configured a list
of supported protocols. However, there may be cases in which an
application's architecture leads it to supply an alpn_select_cb() but
have that callback be configured to take no action on connections that
do not have ALPN configured; returning SSL_TLSEXT_ERR_NOACK from
the callback would be the natural way to do so. Unfortunately, the
aforementioned behavior change also treated SSL_TLSEXT_ERR_NOACK as
indicative of no overlap and terminated the connection; this change
supplies special handling for SSL_TLSEXT_ERR_NOACK returns from the
callback. In effect, it provides a way for a callback to obtain the
behavior that would have occurred if no callback was registered at
all, which was not possible prior to this change.
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2570)
Don't compile code that still uses LONG when it's deprecated
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3126)
It's sheer luck that this was used for the first field only which also
has the same type in all data structures, so the offsets were never wrong
Reviewed-by: Andy Polyakov <appro@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3127)
Make sure the server can write normal data after earlier writing early data.
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3091)
Commit 9b5c865df introduced a synthetic delay between arrival of EoED and
CF. We actually want to delay the arrival of CF even further to demonstrate
that we can write early data even when "in init".
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3091)
This test doesn't actually fail completely, but there's no real
pattern to distinguish which data files should be omitted when no-ec2m
is configured and which should not.
Reviewed-by: Andy Polyakov <appro@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3103)
'j' is specified as modifier for "greatest-width integer type", which in
practice means 64 bits on both 32- and 64-bit platforms. Since we rely
on __attribute__((__format__(__printf__,...))) to sanitize BIO_print
format, we can use it to denote [u]int64_t-s in platform-neutral manner.
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3083)
This tests the bug fixed in the previous commit. We introduce a synthetic
delay between the server receiving EoED and CF and check that we can still
send early data.
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3089)
We want to make sure that if we if are using SSL_MODE_AUTO_RETRY then
if SSL_read_early_data() hits EndOfEarlyData then it doesn't auto retry
and end up with normal data. The same issue could occur with read_ahead
which is what we use in this test.
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3077)
Fix some comments too
[skip ci]
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3069)
Remove unnecessary include of apps.h. Tests shouldn't take a
dependency on apps. In this case, there is no dependency, the include
is unnecessary.
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
Also, be less silent when installing, so possible errors are shown.
[extended tests]
Fixes#3005
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3007)
When using run() with capture => 1, there was no way to find out if
the command was successful or not. This change adds a statusvar
option, that must refer to a scalar variable, for example:
my $status = undef;
my @line = run(["whatever"], capture => 1, statusvar => \$status);
$status will be 1 if the command "whatever" was successful, 0
otherwise.
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3004)
The code to do this incorrectly assumed that the protocol version
could be used as a valid cipher suite for the 'openssl cipher'
command. While this is true in some cases, that isn't something to be
trusted. Replace that assumption with code that takes the full
'openssl ciphers' command output and parses it to find the ciphers we
look for.
Reviewed-by: Emilia Käsper <emilia@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2956)
Fix a strict aliasing issue in ui_dup_method_data.
Add test coverage for CRYPTO_dup_ex_data, use OPENSSL_assert.
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2988)
The internals tests for chacha, poly1305 and siphash were erroneously
made conditional on if mdc2 was enabled. Corrected to depend on the
correct algorithms being enabled instead.
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2991)
Add a test recipe (test/recipes/15-test_ecparams.t) which uses 'openssl
ecparam' to check the test vectors.
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2544)
This involves:
- A directory of valid and invalid PEM-encoded curves.
This is non-exhaustive and can be added to.
- A minor patch to 'openssl ecparam' to make it exit non-zero
when curve validation fails.
- A test recipe is added in a separate commit.
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2544)
These were still generated by openssl, but with
the previous commit are corroborated by rustls.
(cherry picked from commit eae1982619e90c6b79a6ebc89603d81c13c81ce8)
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2989)
The documentation of this function states that the password parameter
can be NULL. However, the implementation returns an error in this case
due to the inner workings of the HMAC_Init_ex() function.
With this change, NULL password will be treated as an empty string and
PKCS5_PBKDF2_HMAC() no longer fails on this input.
I have also added two new test cases that tests the handling of the
special values NULL and -1 of the password and passlen parameters,
respectively.
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1692)
At one point the stack was passing a pointer of the element *before* an
array which is undefined.
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2971)
Add ExpectedClientCANames: for client auth this checks to see if the
list of certificate authorities supplied by the server matches the
expected value.
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2969)
Check that we handle changes of ciphersuite between HRR and ServerHello
correctly.
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2895)
