Kurt Roeckx [Thu, 15 Dec 2016 19:11:18 +0000 (20:11 +0100)]
Make client and server fuzzer support all ciphers
Also send a SNI extension in the client so the fuzzer can react to it.
Reviewed-by: Rich Salz <rsalz@openssl.org>
GH: #2088
Kurt Roeckx [Thu, 15 Dec 2016 19:06:51 +0000 (20:06 +0100)]
Document the recommended parameters for fuzzing
We use those parameters for calculating the coverage.
Reviewed-by: Rich Salz <rsalz@openssl.org>
GH: #2088
Kurt Roeckx [Thu, 15 Dec 2016 19:03:15 +0000 (20:03 +0100)]
Enable TLS1.3 and PEDANTIC in the coverage target
This make sure that the coverage is the same for the fuzzers and this
coverage target
Reviewed-by: Rich Salz <rsalz@openssl.org>
GH: #2088
Kurt Roeckx [Thu, 15 Dec 2016 19:23:52 +0000 (20:23 +0100)]
Don't call memcpy with NULL as source
Calling it with lenght 0 and NULL as source is undefined behaviour.
Reviewed-by: Rich Salz <rsalz@openssl.org>
GH: #2089
Andy Polyakov [Wed, 14 Dec 2016 12:38:04 +0000 (13:38 +0100)]
poly1305/asm/poly1305-x86_64.pl: allow nasm to assemble AVX512 code.
chacha/asm/chacha-x86_64.pl: refine nasm version detection logic.
Reviewed-by: Richard Levitte <levitte@openssl.org>
Andy Polyakov [Wed, 14 Dec 2016 12:34:47 +0000 (13:34 +0100)]
perlasm/x86_64-xlate.pl: add support for AVX512 OPMASK-ing.
Reviewed-by: Richard Levitte <levitte@openssl.org>
Andy Polyakov [Wed, 14 Dec 2016 12:33:40 +0000 (13:33 +0100)]
man3/OPENSSL_ia32cap.pod: clarify AVX512 support in clang context.
Reviewed-by: Richard Levitte <levitte@openssl.org>
Rich Salz [Mon, 28 Nov 2016 20:33:40 +0000 (15:33 -0500)]
CRL critical extension bugfix
More importantly, port CRL test from boringSSL crypto/x509/x509_test.cc
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1775)
Dr. Stephen Henson [Sat, 10 Dec 2016 19:21:01 +0000 (19:21 +0000)]
Add function and reason checking to evp_test
Add options to check the function and reason code matches expected values.
Reviewed-by: Richard Levitte <levitte@openssl.org>
Rich Salz [Tue, 13 Dec 2016 16:52:22 +0000 (11:52 -0500)]
Add X509_VERIFY_PARAM inheritance flag set/get
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2079)
Rich Salz [Mon, 12 Dec 2016 16:14:40 +0000 (11:14 -0500)]
Fix various doc nits.
find-doc-nits warns if you don't give a "what to do flag"
Don't use regexps for section names, just strings: More consistency.
Rename "COMMAND OPTIONS" to OPTIONS.
Fix a couple of other nit-level things.
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2076)
Azat Khuzhin [Tue, 1 Nov 2016 14:35:35 +0000 (17:35 +0300)]
Remove ENGINE_load_dasync() (no OPENSSL_INIT_ENGINE_DASYNC already)
Fixes:
8d00e30f96fb86b20bc992f626b188c3548fc58c ("Don't try to init
dasync internally")
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
CLA: trivial
Dmitry Belyavskiy [Mon, 12 Dec 2016 12:35:09 +0000 (15:35 +0300)]
Typo fixed
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2075)
Paul Hovey [Mon, 5 Dec 2016 22:17:11 +0000 (17:17 -0500)]
updated macro spacing for styling purposes
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
CLA: trivial
Paul Hovey [Mon, 5 Dec 2016 21:57:25 +0000 (16:57 -0500)]
fix undoes errors introduced by https://github.com/openssl/openssl/commit/
fc6076ca272f74eb1364c29e6974ad5da5ef9777?diff=split#diff-1014acebaa2c13d44ca196b9a433ef2eR184
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
CLA: trivial
Benjamin Kaduk [Thu, 8 Dec 2016 18:01:31 +0000 (12:01 -0600)]
Restore the ERR_FATAL_ERROR() macro
Commit
0cd0a820abc6124cf8e176fa92d620a2abf9e419 removed this macro
along with many unused function and reason codes; ERR_FATAL_ERROR()
was not used in the tree, but did have external consumers.
Add it back to restore the API compatibility and avoid breaking
applications for no internal benefit.
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2049)
Matt Caswell [Tue, 6 Dec 2016 10:49:01 +0000 (10:49 +0000)]
Fix a leak in SSL_clear()
SSL_clear() was resetting numwpipes to 0, but not freeing any allocated
memory for existing write buffers.
Fixes #2026
Reviewed-by: Rich Salz <rsalz@openssl.org>
Andy Polyakov [Fri, 9 Dec 2016 14:26:19 +0000 (15:26 +0100)]
perlasm/x86_64-xlate.pl: refine sign extension in ea package.
$1<<32>>32 worked fine with either 32- or 64-bit perl for a good while,
relying on quirk that [pure] 32-bit perl performed it as $1<<0>>0. But
this apparently changed in some version past minimally required 5.10,
and operation result became 0. Yet, it went unnoticed for another while,
because most perl package providers configure their packages with
-Duse64bitint option.
Reviewed-by: Rich Salz <rsalz@openssl.org>
Andy Polyakov [Fri, 9 Dec 2016 14:55:17 +0000 (15:55 +0100)]
x86_64 assembly pack: add AVX512 ChaCha20 and Poly1305 code paths.
Reviewed-by: Rich Salz <rsalz@openssl.org>
Andy Polyakov [Fri, 9 Dec 2016 15:01:07 +0000 (16:01 +0100)]
poly1305/poly1305_base2_44.c: add reference base 2^44 implementation.
Reviewed-by: Rich Salz <rsalz@openssl.org>
Davide Galassi [Fri, 2 Dec 2016 16:10:37 +0000 (17:10 +0100)]
Avoid the call to OPENSSL_malloc with a negative value (then casted to unsigned)
CLA: trivial
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2021)
Markus Triska [Fri, 9 Dec 2016 17:07:09 +0000 (18:07 +0100)]
Fix reference to SSL_set_max_proto_version.
CLA: trivial
Reviewed-by: Kurt Roeckx <kurt@openssl.org>
Reviewed-by: Andy Polyakov <appro@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2059)
Dr. Stephen Henson [Sat, 10 Dec 2016 13:59:29 +0000 (13:59 +0000)]
Additional error tests in evp_test.c
Support checking for errors during test initialisation and parsing.
Add errors and tests for key operation initalisation and ctrl errors.
Reviewed-by: Rich Salz <rsalz@openssl.org>
Richard Levitte [Fri, 9 Dec 2016 22:35:53 +0000 (23:35 +0100)]
VMS UI_OpenSSL: generate OpenSSL errors when things go wrong.
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2063)
Richard Levitte [Fri, 9 Dec 2016 22:32:09 +0000 (23:32 +0100)]
VMS UI_OpenSSL: if the TT device isn't a tty, flag instead of error
On all platforms, if the controlling tty isn't an actual tty, this is
flagged by setting is_a_tty to zero... except on VMS, where this was
treated as an error. Change this to behave like the other platforms.
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2063)
Dr. Stephen Henson [Wed, 7 Dec 2016 23:03:47 +0000 (23:03 +0000)]
Add RSA PSS tests
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2065)
Dr. Stephen Henson [Thu, 8 Dec 2016 12:16:02 +0000 (12:16 +0000)]
Check input length to pkey_rsa_verify()
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2065)
Kurt Roeckx [Fri, 9 Dec 2016 19:14:02 +0000 (20:14 +0100)]
Update client fuzz corpus
Reviewed-by: Rich Salz <rsalz@openssl.org>
GH: #2060
Richard Levitte [Mon, 5 Dec 2016 14:13:26 +0000 (15:13 +0100)]
Test framework: Add the possibility to have a test specific data dir
This data directory is formed automatically by taking the recipe name
and changing '.t' to '_data'. Files in there can be reached with the
new function data_file()
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2027)
Kurt Roeckx [Thu, 8 Dec 2016 23:56:12 +0000 (00:56 +0100)]
Update client fuzzer corpus
Reviewed-by: Rich Salz <rsalz@openssl.org>
GH: #2053
Richard Levitte [Thu, 8 Dec 2016 19:51:21 +0000 (20:51 +0100)]
Remove extra bang
A bang (!) slipped through in the recent UI cleanup
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2051)
Kurt Roeckx [Thu, 8 Dec 2016 18:20:55 +0000 (19:20 +0100)]
Only call memcpy when the length is larger than 0.
Reviewed-by: Rich Salz <rsalz@openssl.org>
GH: #2050
Richard Levitte [Thu, 8 Dec 2016 17:01:04 +0000 (18:01 +0100)]
UI code style cleanup
Mostly condition check changes.
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2047)
Kurt Roeckx [Wed, 7 Dec 2016 23:40:03 +0000 (00:40 +0100)]
Fuzz corpora update
Reviewed-by: Rich Salz <rsalz@openssl.org>
GH: #2041
Kurt Roeckx [Wed, 7 Dec 2016 22:12:04 +0000 (23:12 +0100)]
And client fuzzer
Reviewed-by: Rich Salz <rsalz@openssl.org>
GH: #2041
Kurt Roeckx [Wed, 7 Dec 2016 22:05:16 +0000 (23:05 +0100)]
Make the predictable numbers start from 1
There is code that retries calling RAND_bytes() until it gets something
other than 0, which just hangs if we always return 0.
Reviewed-by: Rich Salz <rsalz@openssl.org>
GH: #2041
Kurt Roeckx [Wed, 7 Dec 2016 22:04:35 +0000 (23:04 +0100)]
Make asn1 fuzzer more reproducible
Reviewed-by: Rich Salz <rsalz@openssl.org>
GH: #2041
Matt Caswell [Thu, 8 Dec 2016 11:42:38 +0000 (11:42 +0000)]
Fix the declaration of tls_parse_extension in statem_locl.h
Perl changes reviewed by Richard Levitte. Non-perl changes reviewed by Rich
Salz
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
Matt Caswell [Thu, 8 Dec 2016 09:48:29 +0000 (09:48 +0000)]
Fix a travis failure
Travis was indicating a bogus uninit var warning. This fixes it.
Perl changes reviewed by Richard Levitte. Non-perl changes reviewed by Rich
Salz
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
Matt Caswell [Thu, 8 Dec 2016 09:44:06 +0000 (09:44 +0000)]
Fix various indentation
The indentation was a bit off in some of the perl files following the
extensions refactor.
Perl changes reviewed by Richard Levitte. Non-perl changes reviewed by Rich
Salz
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
Matt Caswell [Thu, 8 Dec 2016 00:03:53 +0000 (00:03 +0000)]
Move the checkhandshake.pm module into test/testlib
Move this module into the same place as other test helper modules. It
simplifies the code and keeps like things together.
Perl changes reviewed by Richard Levitte. Non-perl changes reviewed by Rich
Salz
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
Matt Caswell [Wed, 7 Dec 2016 23:50:55 +0000 (23:50 +0000)]
Fix make update issues
Various functions got renamed. We need to rename the error codes too.
Perl changes reviewed by Richard Levitte. Non-perl changes reviewed by Rich
Salz
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
Matt Caswell [Wed, 7 Dec 2016 23:19:45 +0000 (23:19 +0000)]
Fix more style issues following extensions refactor feedback
Perl changes reviewed by Richard Levitte. Non-perl changes reviewed by Rich
Salz
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
Matt Caswell [Wed, 7 Dec 2016 17:27:22 +0000 (17:27 +0000)]
Introduce TLSEXT_STATUSTYPE_nothing constant
The existing code used the magic number -1 to represent the absence of
a status_type in the extension. This commit replaces it with a macro.
Perl changes reviewed by Richard Levitte. Non-perl changes reviewed by Rich
Salz
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
Matt Caswell [Wed, 7 Dec 2016 17:21:48 +0000 (17:21 +0000)]
Change TLSEXT_IDX_* values into an enum
Perl changes reviewed by Richard Levitte. Non-perl changes reviewed by Rich
Salz
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
Matt Caswell [Wed, 7 Dec 2016 17:04:46 +0000 (17:04 +0000)]
Various style updates following extensions refactor
Perl changes reviewed by Richard Levitte. Non-perl changes reviewed by Rich
Salz
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
Matt Caswell [Wed, 7 Dec 2016 12:30:52 +0000 (12:30 +0000)]
Fix travis mixed declarations and code error
Perl changes reviewed by Richard Levitte. Non-perl changes reviewed by Rich
Salz
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
Matt Caswell [Tue, 6 Dec 2016 16:37:31 +0000 (16:37 +0000)]
Suppress some BoringSSL test failures
The external BoringSSL tests had some failures as a result of
the extensions refactor. This was due to a deliberate relaxation
of the duplicate extensions checking code. We now only check
known extensions for duplicates. Unknown extensions are ignored.
This is allowed behaviour, so we suppress those BoringSSL tests.
Perl changes reviewed by Richard Levitte. Non-perl changes reviewed by Rich
Salz
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
Matt Caswell [Tue, 6 Dec 2016 15:37:18 +0000 (15:37 +0000)]
Correct imports for checkhandshake module
Ensure the tests can find the checkhandshake module on all platforms
Perl changes reviewed by Richard Levitte. Non-perl changes reviewed by Rich
Salz
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
Matt Caswell [Mon, 5 Dec 2016 17:31:37 +0000 (17:31 +0000)]
Fix a memory leak
When we call tls_collect_extensions() we need to free up the raw
extensions data later.
Perl changes reviewed by Richard Levitte. Non-perl changes reviewed by Rich
Salz
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
Matt Caswell [Thu, 1 Dec 2016 12:54:44 +0000 (12:54 +0000)]
Add some extra key_share tests
Check that the extension framework properly handles extensions specific
to a protocol version
Perl changes reviewed by Richard Levitte. Non-perl changes reviewed by Rich
Salz
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
Matt Caswell [Wed, 30 Nov 2016 13:46:11 +0000 (13:46 +0000)]
Remove some spurious whitespace
Perl changes reviewed by Richard Levitte. Non-perl changes reviewed by Rich
Salz
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
Matt Caswell [Wed, 30 Nov 2016 12:54:01 +0000 (12:54 +0000)]
Add a renegotiation test
Make sure we did not break the unsafe legacy reneg checks with the extension
work.
Perl changes reviewed by Richard Levitte. Non-perl changes reviewed by Rich
Salz
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
Matt Caswell [Wed, 30 Nov 2016 12:04:34 +0000 (12:04 +0000)]
Add more extension tests to test_sslmessages
Perl changes reviewed by Richard Levitte. Non-perl changes reviewed by Rich
Salz
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
Matt Caswell [Tue, 29 Nov 2016 17:34:10 +0000 (17:34 +0000)]
Merge common code between test_tls13messages and test_sslmessages
Perl changes reviewed by Richard Levitte. Non-perl changes reviewed by Rich
Salz
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
Matt Caswell [Tue, 29 Nov 2016 15:57:42 +0000 (15:57 +0000)]
Add extension tests in test_sslmessages
Perl changes reviewed by Richard Levitte. Non-perl changes reviewed by Rich
Salz
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
Matt Caswell [Tue, 29 Nov 2016 14:56:06 +0000 (14:56 +0000)]
Enable status_request test in test_sslmessages
The s_server option -status_file has been added so this test can be
enabled.
Perl changes reviewed by Richard Levitte. Non-perl changes reviewed by Rich
Salz
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
Matt Caswell [Tue, 22 Nov 2016 16:16:23 +0000 (16:16 +0000)]
Fix a bug in TLSProxy where zero length messages were not being recorded
Perl changes reviewed by Richard Levitte. Non-perl changes reviewed by Rich
Salz
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
Matt Caswell [Tue, 22 Nov 2016 16:16:11 +0000 (16:16 +0000)]
Add a test to check messsages sent are the ones we expect
Repeat for various handshake types
Perl changes reviewed by Richard Levitte. Non-perl changes reviewed by Rich
Salz
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
Matt Caswell [Tue, 22 Nov 2016 13:43:50 +0000 (13:43 +0000)]
Support renegotiation in TLSProxy
Perl changes reviewed by Richard Levitte. Non-perl changes reviewed by Rich
Salz
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
Matt Caswell [Mon, 28 Nov 2016 22:39:23 +0000 (22:39 +0000)]
Add tests for new extension code
Extend test_tls13messages to additionally check the expected extensions
under different options given to s_client/s_server.
Perl changes reviewed by Richard Levitte. Non-perl changes reviewed by Rich
Salz
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
Matt Caswell [Mon, 28 Nov 2016 16:45:52 +0000 (16:45 +0000)]
Split ServerHello extensions
In TLS1.3 some ServerHello extensions remain in the ServerHello, while
others move to the EncryptedExtensions message. This commit performs that
move.
Perl changes reviewed by Richard Levitte. Non-perl changes reviewed by Rich
Salz
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
Matt Caswell [Mon, 28 Nov 2016 16:15:51 +0000 (16:15 +0000)]
Move ServerHello extension parsing into the new extension framework
Perl changes reviewed by Richard Levitte. Non-perl changes reviewed by Rich
Salz
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
Matt Caswell [Mon, 28 Nov 2016 09:31:59 +0000 (09:31 +0000)]
Avoid repeatedly scanning the list of extensions
Because extensions were keyed by type which is sparse, we were continually
scanning the list to find the one we wanted. The way we stored them also
had the side effect that we were running initialisers/finalisers in a
different oder to the parsers. In this commit we change things so that we
instead key on an index value for each extension.
Perl changes reviewed by Richard Levitte. Non-perl changes reviewed by Rich
Salz
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
Matt Caswell [Sat, 26 Nov 2016 11:45:02 +0000 (11:45 +0000)]
Simplify ClientHello extension parsing
Remove some functions that are no longer needed now that we have the new
extension framework.
Perl changes reviewed by Richard Levitte. Non-perl changes reviewed by Rich
Salz
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
Matt Caswell [Sat, 26 Nov 2016 11:22:50 +0000 (11:22 +0000)]
Move ALPN processing into an extension finalisation function
Perl changes reviewed by Richard Levitte. Non-perl changes reviewed by Rich
Salz
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
Matt Caswell [Fri, 25 Nov 2016 23:19:56 +0000 (23:19 +0000)]
Provide server side extension init and finalisation functions
Perl changes reviewed by Richard Levitte. Non-perl changes reviewed by Rich
Salz
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
Matt Caswell [Fri, 25 Nov 2016 17:52:35 +0000 (17:52 +0000)]
Add an extension initilisation and finalisation capability
Perl changes reviewed by Richard Levitte. Non-perl changes reviewed by Rich
Salz
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
Matt Caswell [Fri, 25 Nov 2016 16:28:02 +0000 (16:28 +0000)]
Move client construction of ClientHello extensions into new framework
Perl changes reviewed by Richard Levitte. Non-perl changes reviewed by Rich
Salz
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
Matt Caswell [Fri, 25 Nov 2016 12:34:29 +0000 (12:34 +0000)]
Move client parsing of ServerHello extensions into new framework
Perl changes reviewed by Richard Levitte. Non-perl changes reviewed by Rich
Salz
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
Matt Caswell [Fri, 25 Nov 2016 10:34:35 +0000 (10:34 +0000)]
Rename some functions
The _clienthello_ in the extensions parsing functions is overly specific.
Better to keep the convention to just _client_
Perl changes reviewed by Richard Levitte. Non-perl changes reviewed by Rich
Salz
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
Matt Caswell [Fri, 25 Nov 2016 10:22:02 +0000 (10:22 +0000)]
Move ServerHello extension construction into the new extensions framework
This lays the foundation for a later move to have the extensions built and
placed into the correct message for TLSv1.3 (e.g. ServerHello or
EncryptedExtensions).
Perl changes reviewed by Richard Levitte. Non-perl changes reviewed by Rich
Salz
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
Matt Caswell [Thu, 24 Nov 2016 22:54:59 +0000 (22:54 +0000)]
Split extensions code into core extensions and server extensions code
Later we will have client extensions code too.
Perl changes reviewed by Richard Levitte. Non-perl changes reviewed by Rich
Salz
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
Matt Caswell [Thu, 24 Nov 2016 18:25:10 +0000 (18:25 +0000)]
Add extensions construction support
Perl changes reviewed by Richard Levitte. Non-perl changes reviewed by Rich
Salz
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
Matt Caswell [Thu, 24 Nov 2016 18:02:12 +0000 (18:02 +0000)]
Continue the extensions refactor
Add support for construction of extensions
Perl changes reviewed by Richard Levitte. Non-perl changes reviewed by Rich
Salz
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
Matt Caswell [Thu, 24 Nov 2016 16:59:48 +0000 (16:59 +0000)]
Refactor ClientHello extension parsing
This builds on the work started in
1ab3836b3 and extends is so that
each extension has its own identified parsing functions, as well as an
allowed context identifying which messages and protocols it is relevant for.
Subsequent commits will do a similar job for the ServerHello extensions.
This will enable us to have common functions for processing extension blocks
no matter which of the multiple messages they are received from. In TLSv1.3
a number of different messages have extension blocks, and some extensions
have moved from one message to another when compared to TLSv1.2.
Perl changes reviewed by Richard Levitte. Non-perl changes reviewed by Rich
Salz
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
Matt Caswell [Thu, 24 Nov 2016 11:14:56 +0000 (11:14 +0000)]
Verify that extensions are used in the correct context
Perl changes reviewed by Richard Levitte. Non-perl changes reviewed by Rich
Salz
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
Matt Caswell [Thu, 24 Nov 2016 11:13:35 +0000 (11:13 +0000)]
Add some missing extensions to SSL_extension_supported()
Perl changes reviewed by Richard Levitte. Non-perl changes reviewed by Rich
Salz
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
Matt Caswell [Wed, 23 Nov 2016 17:38:31 +0000 (17:38 +0000)]
Move tls_collect_extensions() into a separate file
Subsequent commits will pull other extensions code into this file.
Perl changes reviewed by Richard Levitte. Non-perl changes reviewed by Rich
Salz
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
Matt Caswell [Wed, 23 Nov 2016 15:20:22 +0000 (15:20 +0000)]
Add EncryptedExtensions message
At this stage the message is just empty. We need to fill it in with
extension data.
Perl changes reviewed by Richard Levitte. Non-perl changes reviewed by Rich
Salz
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
Matt Caswell [Mon, 7 Nov 2016 13:50:43 +0000 (13:50 +0000)]
Send and Receive a TLSv1.3 format ServerHello
There are some minor differences in the format of a ServerHello in TLSv1.3.
Perl changes reviewed by Richard Levitte. Non-perl changes reviewed by Rich
Salz
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
Richard Levitte [Wed, 7 Dec 2016 19:28:43 +0000 (20:28 +0100)]
UI_OpenSSL()'s session opener fails on MacOS X
If on a non-tty stdin, TTY_get() will fail with errno == ENODEV.
We didn't catch that.
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2039)
Richard Levitte [Thu, 8 Dec 2016 10:16:37 +0000 (11:16 +0100)]
In UI_OpenSSL's open(), generate an error on unknown errno
TTY_get() sometimes surprises us with new errno values to determine if
we have a controling terminal or not. This generated error is a
helpful tool to figure out that this was what happened and what the
unknown value is.
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2043)
Richard Levitte [Thu, 8 Dec 2016 00:27:31 +0000 (01:27 +0100)]
Make sure that password_callback exercises UI
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2040)
Richard Levitte [Wed, 7 Dec 2016 21:44:47 +0000 (22:44 +0100)]
Add a test for the UI API
The best way to test the UI interface is currently by using an openssl
command that uses password_callback. The only one that does this is
'genrsa'.
Since password_callback uses a UI method derived from UI_OpenSSL(), it
ensures that one gets tested well enough as well.
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2040)
Richard Levitte [Wed, 7 Dec 2016 15:36:44 +0000 (16:36 +0100)]
UI_process() didn't generate errors
Since there are many parts of UI_process() that can go wrong, it isn't
very helpful to only return -1 with no further explanation. With this
change, the error message will at least show which part went wrong.
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2037)
Kurt Roeckx [Sat, 3 Dec 2016 15:57:04 +0000 (16:57 +0100)]
Also set the CXXFLAG to the user supplied flags
Reviewed-by: Rich Salz <rsalz@openssl.org>
GH: #2025
Kurt Roeckx [Sat, 3 Dec 2016 13:37:16 +0000 (14:37 +0100)]
travis: Use no-shared for the FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION targets
Reviewed-by: Rich Salz <rsalz@openssl.org>
GH: #2025
Matt Caswell [Mon, 5 Dec 2016 10:27:04 +0000 (10:27 +0000)]
Change various repeated wr[someindex]/pkt[someindex] references to a pointer
Improves the readability of the code, and reduces the liklihood of errors.
Also made a few minor style changes.
Reviewed-by: Rich Salz <rsalz@openssl.org>
Matt Caswell [Fri, 2 Dec 2016 11:10:16 +0000 (11:10 +0000)]
Various style fixes from the TLSv1.3 record changes review
Reviewed-by: Rich Salz <rsalz@openssl.org>
Matt Caswell [Fri, 2 Dec 2016 11:09:16 +0000 (11:09 +0000)]
Change various repeated rr[someindex] references to a pointer
Improves the readability of the code, and reduces the liklihood of errors.
Reviewed-by: Rich Salz <rsalz@openssl.org>
Matt Caswell [Thu, 1 Dec 2016 10:20:59 +0000 (10:20 +0000)]
Ensure compressdata is always initialised
Reviewed-by: Rich Salz <rsalz@openssl.org>
Matt Caswell [Mon, 21 Nov 2016 17:11:51 +0000 (17:11 +0000)]
Add a TLS1.3 TODO for the msg callback
At the moment the msg callback only received the record header with the
outer record type in it. We never pass the inner record type - we probably
need to at some point.
Reviewed-by: Rich Salz <rsalz@openssl.org>
Matt Caswell [Mon, 21 Nov 2016 16:22:00 +0000 (16:22 +0000)]
Add more TLS1.3 record tests
Add some tests for the new record construction
Reviewed-by: Rich Salz <rsalz@openssl.org>
Matt Caswell [Fri, 18 Nov 2016 23:44:09 +0000 (23:44 +0000)]
Update the record layer to use TLSv1.3 style record construction
Reviewed-by: Rich Salz <rsalz@openssl.org>
Matt Caswell [Fri, 18 Nov 2016 17:06:14 +0000 (17:06 +0000)]
Convert TLS Record receipt to use PACKET
Reviewed-by: Rich Salz <rsalz@openssl.org>
Matt Caswell [Fri, 18 Nov 2016 16:35:46 +0000 (16:35 +0000)]
Convert TLS record construction to use WPACKET
Reviewed-by: Rich Salz <rsalz@openssl.org>
Matt Caswell [Fri, 18 Nov 2016 16:34:01 +0000 (16:34 +0000)]
Add an ability to find out the current write location from a WPACKET
Reviewed-by: Rich Salz <rsalz@openssl.org>
Viktor Dukhovni [Fri, 25 Nov 2016 05:38:04 +0000 (00:38 -0500)]
Restore last-resort expired untrusted intermediate issuers
Reviewed-by: Matt Caswell <matt@openssl.org>
Kurt Roeckx [Fri, 2 Dec 2016 18:49:34 +0000 (19:49 +0100)]
Run a some tests with -DFUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION
The fuzzers use -DFUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION, and actually
get different results based on that. We should have at least some
targets that actually fully use the fuzz corpora.
Reviewed-by: Rich Salz <rsalz@openssl.org>
GH: #2023