oweals/openssl.git
7 years agox86_64 assembly pack: add AVX512 ChaCha20 and Poly1305 code paths.
Andy Polyakov [Fri, 9 Dec 2016 14:55:17 +0000 (15:55 +0100)]
x86_64 assembly pack: add AVX512 ChaCha20 and Poly1305 code paths.

Reviewed-by: Rich Salz <rsalz@openssl.org>
7 years agopoly1305/poly1305_base2_44.c: add reference base 2^44 implementation.
Andy Polyakov [Fri, 9 Dec 2016 15:01:07 +0000 (16:01 +0100)]
poly1305/poly1305_base2_44.c: add reference base 2^44 implementation.

Reviewed-by: Rich Salz <rsalz@openssl.org>
7 years agoAvoid the call to OPENSSL_malloc with a negative value (then casted to unsigned)
Davide Galassi [Fri, 2 Dec 2016 16:10:37 +0000 (17:10 +0100)]
Avoid the call to OPENSSL_malloc with a negative value (then casted to unsigned)

CLA: trivial
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2021)

7 years agoFix reference to SSL_set_max_proto_version.
Markus Triska [Fri, 9 Dec 2016 17:07:09 +0000 (18:07 +0100)]
Fix reference to SSL_set_max_proto_version.

CLA: trivial
Reviewed-by: Kurt Roeckx <kurt@openssl.org>
Reviewed-by: Andy Polyakov <appro@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2059)

7 years agoAdditional error tests in evp_test.c
Dr. Stephen Henson [Sat, 10 Dec 2016 13:59:29 +0000 (13:59 +0000)]
Additional error tests in evp_test.c

Support checking for errors during test initialisation and parsing.

Add errors and tests for key operation initalisation and ctrl errors.

Reviewed-by: Rich Salz <rsalz@openssl.org>
7 years agoVMS UI_OpenSSL: generate OpenSSL errors when things go wrong.
Richard Levitte [Fri, 9 Dec 2016 22:35:53 +0000 (23:35 +0100)]
VMS UI_OpenSSL: generate OpenSSL errors when things go wrong.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2063)

7 years agoVMS UI_OpenSSL: if the TT device isn't a tty, flag instead of error
Richard Levitte [Fri, 9 Dec 2016 22:32:09 +0000 (23:32 +0100)]
VMS UI_OpenSSL: if the TT device isn't a tty, flag instead of error

On all platforms, if the controlling tty isn't an actual tty, this is
flagged by setting is_a_tty to zero...  except on VMS, where this was
treated as an error.  Change this to behave like the other platforms.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2063)

7 years agoAdd RSA PSS tests
Dr. Stephen Henson [Wed, 7 Dec 2016 23:03:47 +0000 (23:03 +0000)]
Add RSA PSS tests

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2065)

7 years agoCheck input length to pkey_rsa_verify()
Dr. Stephen Henson [Thu, 8 Dec 2016 12:16:02 +0000 (12:16 +0000)]
Check input length to pkey_rsa_verify()

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2065)

7 years agoUpdate client fuzz corpus
Kurt Roeckx [Fri, 9 Dec 2016 19:14:02 +0000 (20:14 +0100)]
Update client fuzz corpus

Reviewed-by: Rich Salz <rsalz@openssl.org>
GH: #2060

7 years agoTest framework: Add the possibility to have a test specific data dir
Richard Levitte [Mon, 5 Dec 2016 14:13:26 +0000 (15:13 +0100)]
Test framework: Add the possibility to have a test specific data dir

This data directory is formed automatically by taking the recipe name
and changing '.t' to '_data'.  Files in there can be reached with the
new function data_file()

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2027)

7 years agoUpdate client fuzzer corpus
Kurt Roeckx [Thu, 8 Dec 2016 23:56:12 +0000 (00:56 +0100)]
Update client fuzzer corpus

Reviewed-by: Rich Salz <rsalz@openssl.org>
GH: #2053

7 years agoRemove extra bang
Richard Levitte [Thu, 8 Dec 2016 19:51:21 +0000 (20:51 +0100)]
Remove extra bang

A bang (!) slipped through in the recent UI cleanup

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2051)

7 years agoOnly call memcpy when the length is larger than 0.
Kurt Roeckx [Thu, 8 Dec 2016 18:20:55 +0000 (19:20 +0100)]
Only call memcpy when the length is larger than 0.

Reviewed-by: Rich Salz <rsalz@openssl.org>
GH: #2050

7 years agoUI code style cleanup
Richard Levitte [Thu, 8 Dec 2016 17:01:04 +0000 (18:01 +0100)]
UI code style cleanup

Mostly condition check changes.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2047)

7 years agoFuzz corpora update
Kurt Roeckx [Wed, 7 Dec 2016 23:40:03 +0000 (00:40 +0100)]
Fuzz corpora update

Reviewed-by: Rich Salz <rsalz@openssl.org>
GH: #2041

7 years agoAnd client fuzzer
Kurt Roeckx [Wed, 7 Dec 2016 22:12:04 +0000 (23:12 +0100)]
And client fuzzer

Reviewed-by: Rich Salz <rsalz@openssl.org>
GH: #2041

7 years agoMake the predictable numbers start from 1
Kurt Roeckx [Wed, 7 Dec 2016 22:05:16 +0000 (23:05 +0100)]
Make the predictable numbers start from 1

There is code that retries calling RAND_bytes() until it gets something
other than 0, which just hangs if we always return 0.

Reviewed-by: Rich Salz <rsalz@openssl.org>
GH: #2041

7 years agoMake asn1 fuzzer more reproducible
Kurt Roeckx [Wed, 7 Dec 2016 22:04:35 +0000 (23:04 +0100)]
Make asn1 fuzzer more reproducible

Reviewed-by: Rich Salz <rsalz@openssl.org>
GH: #2041

7 years agoFix the declaration of tls_parse_extension in statem_locl.h
Matt Caswell [Thu, 8 Dec 2016 11:42:38 +0000 (11:42 +0000)]
Fix the declaration of tls_parse_extension in statem_locl.h

Perl changes reviewed by Richard Levitte. Non-perl changes reviewed by Rich
Salz

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
7 years agoFix a travis failure
Matt Caswell [Thu, 8 Dec 2016 09:48:29 +0000 (09:48 +0000)]
Fix a travis failure

Travis was indicating a bogus uninit var warning. This fixes it.

Perl changes reviewed by Richard Levitte. Non-perl changes reviewed by Rich
Salz

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
7 years agoFix various indentation
Matt Caswell [Thu, 8 Dec 2016 09:44:06 +0000 (09:44 +0000)]
Fix various indentation

The indentation was a bit off in some of the perl files following the
extensions refactor.

Perl changes reviewed by Richard Levitte. Non-perl changes reviewed by Rich
Salz

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
7 years agoMove the checkhandshake.pm module into test/testlib
Matt Caswell [Thu, 8 Dec 2016 00:03:53 +0000 (00:03 +0000)]
Move the checkhandshake.pm module into test/testlib

Move this module into the same place as other test helper modules. It
simplifies the code and keeps like things together.

Perl changes reviewed by Richard Levitte. Non-perl changes reviewed by Rich
Salz

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
7 years agoFix make update issues
Matt Caswell [Wed, 7 Dec 2016 23:50:55 +0000 (23:50 +0000)]
Fix make update issues

Various functions got renamed. We need to rename the error codes too.

Perl changes reviewed by Richard Levitte. Non-perl changes reviewed by Rich
Salz

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
7 years agoFix more style issues following extensions refactor feedback
Matt Caswell [Wed, 7 Dec 2016 23:19:45 +0000 (23:19 +0000)]
Fix more style issues following extensions refactor feedback

Perl changes reviewed by Richard Levitte. Non-perl changes reviewed by Rich
Salz

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
7 years agoIntroduce TLSEXT_STATUSTYPE_nothing constant
Matt Caswell [Wed, 7 Dec 2016 17:27:22 +0000 (17:27 +0000)]
Introduce TLSEXT_STATUSTYPE_nothing constant

The existing code used the magic number -1 to represent the absence of
a status_type in the extension. This commit replaces it with a macro.

Perl changes reviewed by Richard Levitte. Non-perl changes reviewed by Rich
Salz

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
7 years agoChange TLSEXT_IDX_* values into an enum
Matt Caswell [Wed, 7 Dec 2016 17:21:48 +0000 (17:21 +0000)]
Change TLSEXT_IDX_* values into an enum

Perl changes reviewed by Richard Levitte. Non-perl changes reviewed by Rich
Salz

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
7 years agoVarious style updates following extensions refactor
Matt Caswell [Wed, 7 Dec 2016 17:04:46 +0000 (17:04 +0000)]
Various style updates following extensions refactor

Perl changes reviewed by Richard Levitte. Non-perl changes reviewed by Rich
Salz

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
7 years agoFix travis mixed declarations and code error
Matt Caswell [Wed, 7 Dec 2016 12:30:52 +0000 (12:30 +0000)]
Fix travis mixed declarations and code error

Perl changes reviewed by Richard Levitte. Non-perl changes reviewed by Rich
Salz

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
7 years agoSuppress some BoringSSL test failures
Matt Caswell [Tue, 6 Dec 2016 16:37:31 +0000 (16:37 +0000)]
Suppress some BoringSSL test failures

The external BoringSSL tests had some failures as a result of
the extensions refactor. This was due to a deliberate relaxation
of the duplicate extensions checking code. We now only check
known extensions for duplicates. Unknown extensions are ignored.
This is allowed behaviour, so we suppress those BoringSSL tests.

Perl changes reviewed by Richard Levitte. Non-perl changes reviewed by Rich
Salz

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
7 years agoCorrect imports for checkhandshake module
Matt Caswell [Tue, 6 Dec 2016 15:37:18 +0000 (15:37 +0000)]
Correct imports for checkhandshake module

Ensure the tests can find the checkhandshake module on all platforms

Perl changes reviewed by Richard Levitte. Non-perl changes reviewed by Rich
Salz

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
7 years agoFix a memory leak
Matt Caswell [Mon, 5 Dec 2016 17:31:37 +0000 (17:31 +0000)]
Fix a memory leak

When we call tls_collect_extensions() we need to free up the raw
extensions data later.

Perl changes reviewed by Richard Levitte. Non-perl changes reviewed by Rich
Salz

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
7 years agoAdd some extra key_share tests
Matt Caswell [Thu, 1 Dec 2016 12:54:44 +0000 (12:54 +0000)]
Add some extra key_share tests

Check that the extension framework properly handles extensions specific
to a protocol version

Perl changes reviewed by Richard Levitte. Non-perl changes reviewed by Rich
Salz

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
7 years agoRemove some spurious whitespace
Matt Caswell [Wed, 30 Nov 2016 13:46:11 +0000 (13:46 +0000)]
Remove some spurious whitespace

Perl changes reviewed by Richard Levitte. Non-perl changes reviewed by Rich
Salz

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
7 years agoAdd a renegotiation test
Matt Caswell [Wed, 30 Nov 2016 12:54:01 +0000 (12:54 +0000)]
Add a renegotiation test

Make sure we did not break the unsafe legacy reneg checks with the extension
work.

Perl changes reviewed by Richard Levitte. Non-perl changes reviewed by Rich
Salz

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
7 years agoAdd more extension tests to test_sslmessages
Matt Caswell [Wed, 30 Nov 2016 12:04:34 +0000 (12:04 +0000)]
Add more extension tests to test_sslmessages

Perl changes reviewed by Richard Levitte. Non-perl changes reviewed by Rich
Salz

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
7 years agoMerge common code between test_tls13messages and test_sslmessages
Matt Caswell [Tue, 29 Nov 2016 17:34:10 +0000 (17:34 +0000)]
Merge common code between test_tls13messages and test_sslmessages

Perl changes reviewed by Richard Levitte. Non-perl changes reviewed by Rich
Salz

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
7 years agoAdd extension tests in test_sslmessages
Matt Caswell [Tue, 29 Nov 2016 15:57:42 +0000 (15:57 +0000)]
Add extension tests in test_sslmessages

Perl changes reviewed by Richard Levitte. Non-perl changes reviewed by Rich
Salz

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
7 years agoEnable status_request test in test_sslmessages
Matt Caswell [Tue, 29 Nov 2016 14:56:06 +0000 (14:56 +0000)]
Enable status_request test in test_sslmessages

The s_server option -status_file has been added so this test can be
enabled.

Perl changes reviewed by Richard Levitte. Non-perl changes reviewed by Rich
Salz

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
7 years agoFix a bug in TLSProxy where zero length messages were not being recorded
Matt Caswell [Tue, 22 Nov 2016 16:16:23 +0000 (16:16 +0000)]
Fix a bug in TLSProxy where zero length messages were not being recorded

Perl changes reviewed by Richard Levitte. Non-perl changes reviewed by Rich
Salz

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
7 years agoAdd a test to check messsages sent are the ones we expect
Matt Caswell [Tue, 22 Nov 2016 16:16:11 +0000 (16:16 +0000)]
Add a test to check messsages sent are the ones we expect

Repeat for various handshake types

Perl changes reviewed by Richard Levitte. Non-perl changes reviewed by Rich
Salz

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
7 years agoSupport renegotiation in TLSProxy
Matt Caswell [Tue, 22 Nov 2016 13:43:50 +0000 (13:43 +0000)]
Support renegotiation in TLSProxy

Perl changes reviewed by Richard Levitte. Non-perl changes reviewed by Rich
Salz

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
7 years agoAdd tests for new extension code
Matt Caswell [Mon, 28 Nov 2016 22:39:23 +0000 (22:39 +0000)]
Add tests for new extension code

Extend test_tls13messages to additionally check the expected extensions
under different options given to s_client/s_server.

Perl changes reviewed by Richard Levitte. Non-perl changes reviewed by Rich
Salz

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
7 years agoSplit ServerHello extensions
Matt Caswell [Mon, 28 Nov 2016 16:45:52 +0000 (16:45 +0000)]
Split ServerHello extensions

In TLS1.3 some ServerHello extensions remain in the ServerHello, while
others move to the EncryptedExtensions message. This commit performs that
move.

Perl changes reviewed by Richard Levitte. Non-perl changes reviewed by Rich
Salz

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
7 years agoMove ServerHello extension parsing into the new extension framework
Matt Caswell [Mon, 28 Nov 2016 16:15:51 +0000 (16:15 +0000)]
Move ServerHello extension parsing into the new extension framework

Perl changes reviewed by Richard Levitte. Non-perl changes reviewed by Rich
Salz

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
7 years agoAvoid repeatedly scanning the list of extensions
Matt Caswell [Mon, 28 Nov 2016 09:31:59 +0000 (09:31 +0000)]
Avoid repeatedly scanning the list of extensions

Because extensions were keyed by type which is sparse, we were continually
scanning the list to find the one we wanted. The way we stored them also
had the side effect that we were running initialisers/finalisers in a
different oder to the parsers. In this commit we change things so that we
instead key on an index value for each extension.

Perl changes reviewed by Richard Levitte. Non-perl changes reviewed by Rich
Salz

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
7 years agoSimplify ClientHello extension parsing
Matt Caswell [Sat, 26 Nov 2016 11:45:02 +0000 (11:45 +0000)]
Simplify ClientHello extension parsing

Remove some functions that are no longer needed now that we have the new
extension framework.

Perl changes reviewed by Richard Levitte. Non-perl changes reviewed by Rich
Salz

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
7 years agoMove ALPN processing into an extension finalisation function
Matt Caswell [Sat, 26 Nov 2016 11:22:50 +0000 (11:22 +0000)]
Move ALPN processing into an extension finalisation function

Perl changes reviewed by Richard Levitte. Non-perl changes reviewed by Rich
Salz

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
7 years agoProvide server side extension init and finalisation functions
Matt Caswell [Fri, 25 Nov 2016 23:19:56 +0000 (23:19 +0000)]
Provide server side extension init and finalisation functions

Perl changes reviewed by Richard Levitte. Non-perl changes reviewed by Rich
Salz

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
7 years agoAdd an extension initilisation and finalisation capability
Matt Caswell [Fri, 25 Nov 2016 17:52:35 +0000 (17:52 +0000)]
Add an extension initilisation and finalisation capability

Perl changes reviewed by Richard Levitte. Non-perl changes reviewed by Rich
Salz

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
7 years agoMove client construction of ClientHello extensions into new framework
Matt Caswell [Fri, 25 Nov 2016 16:28:02 +0000 (16:28 +0000)]
Move client construction of ClientHello extensions into new framework

Perl changes reviewed by Richard Levitte. Non-perl changes reviewed by Rich
Salz

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
7 years agoMove client parsing of ServerHello extensions into new framework
Matt Caswell [Fri, 25 Nov 2016 12:34:29 +0000 (12:34 +0000)]
Move client parsing of ServerHello extensions into new framework

Perl changes reviewed by Richard Levitte. Non-perl changes reviewed by Rich
Salz

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
7 years agoRename some functions
Matt Caswell [Fri, 25 Nov 2016 10:34:35 +0000 (10:34 +0000)]
Rename some functions

The _clienthello_ in the extensions parsing functions is overly specific.
Better to keep the convention to just _client_

Perl changes reviewed by Richard Levitte. Non-perl changes reviewed by Rich
Salz

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
7 years agoMove ServerHello extension construction into the new extensions framework
Matt Caswell [Fri, 25 Nov 2016 10:22:02 +0000 (10:22 +0000)]
Move ServerHello extension construction into the new extensions framework

This lays the foundation for a later move to have the extensions built and
placed into the correct message for TLSv1.3 (e.g. ServerHello or
EncryptedExtensions).

Perl changes reviewed by Richard Levitte. Non-perl changes reviewed by Rich
Salz

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
7 years agoSplit extensions code into core extensions and server extensions code
Matt Caswell [Thu, 24 Nov 2016 22:54:59 +0000 (22:54 +0000)]
Split extensions code into core extensions and server extensions code

Later we will have client extensions code too.

Perl changes reviewed by Richard Levitte. Non-perl changes reviewed by Rich
Salz

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
7 years agoAdd extensions construction support
Matt Caswell [Thu, 24 Nov 2016 18:25:10 +0000 (18:25 +0000)]
Add extensions construction support

Perl changes reviewed by Richard Levitte. Non-perl changes reviewed by Rich
Salz

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
7 years agoContinue the extensions refactor
Matt Caswell [Thu, 24 Nov 2016 18:02:12 +0000 (18:02 +0000)]
Continue the extensions refactor

Add support for construction of extensions

Perl changes reviewed by Richard Levitte. Non-perl changes reviewed by Rich
Salz

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
7 years agoRefactor ClientHello extension parsing
Matt Caswell [Thu, 24 Nov 2016 16:59:48 +0000 (16:59 +0000)]
Refactor ClientHello extension parsing

This builds on the work started in 1ab3836b3 and extends is so that
each extension has its own identified parsing functions, as well as an
allowed context identifying which messages and protocols it is relevant for.
Subsequent commits will do a similar job for the ServerHello extensions.
This will enable us to have common functions for processing extension blocks
no matter which of the multiple messages they are received from. In TLSv1.3
a number of different messages have extension blocks, and some extensions
have moved from one message to another when compared to TLSv1.2.

Perl changes reviewed by Richard Levitte. Non-perl changes reviewed by Rich
Salz

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
7 years agoVerify that extensions are used in the correct context
Matt Caswell [Thu, 24 Nov 2016 11:14:56 +0000 (11:14 +0000)]
Verify that extensions are used in the correct context

Perl changes reviewed by Richard Levitte. Non-perl changes reviewed by Rich
Salz

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
7 years agoAdd some missing extensions to SSL_extension_supported()
Matt Caswell [Thu, 24 Nov 2016 11:13:35 +0000 (11:13 +0000)]
Add some missing extensions to SSL_extension_supported()

Perl changes reviewed by Richard Levitte. Non-perl changes reviewed by Rich
Salz

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
7 years agoMove tls_collect_extensions() into a separate file
Matt Caswell [Wed, 23 Nov 2016 17:38:31 +0000 (17:38 +0000)]
Move tls_collect_extensions() into a separate file

Subsequent commits will pull other extensions code into this file.

Perl changes reviewed by Richard Levitte. Non-perl changes reviewed by Rich
Salz

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
7 years agoAdd EncryptedExtensions message
Matt Caswell [Wed, 23 Nov 2016 15:20:22 +0000 (15:20 +0000)]
Add EncryptedExtensions message

At this stage the message is just empty. We need to fill it in with
extension data.

Perl changes reviewed by Richard Levitte. Non-perl changes reviewed by Rich
Salz

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
7 years agoSend and Receive a TLSv1.3 format ServerHello
Matt Caswell [Mon, 7 Nov 2016 13:50:43 +0000 (13:50 +0000)]
Send and Receive a TLSv1.3 format ServerHello

There are some minor differences in the format of a ServerHello in TLSv1.3.

Perl changes reviewed by Richard Levitte. Non-perl changes reviewed by Rich
Salz

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
7 years agoUI_OpenSSL()'s session opener fails on MacOS X
Richard Levitte [Wed, 7 Dec 2016 19:28:43 +0000 (20:28 +0100)]
UI_OpenSSL()'s session opener fails on MacOS X

If on a non-tty stdin, TTY_get() will fail with errno == ENODEV.
We didn't catch that.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2039)

7 years agoIn UI_OpenSSL's open(), generate an error on unknown errno
Richard Levitte [Thu, 8 Dec 2016 10:16:37 +0000 (11:16 +0100)]
In UI_OpenSSL's open(), generate an error on unknown errno

TTY_get() sometimes surprises us with new errno values to determine if
we have a controling terminal or not.  This generated error is a
helpful tool to figure out that this was what happened and what the
unknown value is.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2043)

7 years agoMake sure that password_callback exercises UI
Richard Levitte [Thu, 8 Dec 2016 00:27:31 +0000 (01:27 +0100)]
Make sure that password_callback exercises UI

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2040)

7 years agoAdd a test for the UI API
Richard Levitte [Wed, 7 Dec 2016 21:44:47 +0000 (22:44 +0100)]
Add a test for the UI API

The best way to test the UI interface is currently by using an openssl
command that uses password_callback.  The only one that does this is
'genrsa'.
Since password_callback uses a UI method derived from UI_OpenSSL(), it
ensures that one gets tested well enough as well.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2040)

7 years agoUI_process() didn't generate errors
Richard Levitte [Wed, 7 Dec 2016 15:36:44 +0000 (16:36 +0100)]
UI_process() didn't generate errors

Since there are many parts of UI_process() that can go wrong, it isn't
very helpful to only return -1 with no further explanation.  With this
change, the error message will at least show which part went wrong.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2037)

7 years agoAlso set the CXXFLAG to the user supplied flags
Kurt Roeckx [Sat, 3 Dec 2016 15:57:04 +0000 (16:57 +0100)]
Also set the CXXFLAG to the user supplied flags

Reviewed-by: Rich Salz <rsalz@openssl.org>
GH: #2025

7 years agotravis: Use no-shared for the FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION targets
Kurt Roeckx [Sat, 3 Dec 2016 13:37:16 +0000 (14:37 +0100)]
travis: Use no-shared for the FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION targets

Reviewed-by: Rich Salz <rsalz@openssl.org>
GH: #2025

7 years agoChange various repeated wr[someindex]/pkt[someindex] references to a pointer
Matt Caswell [Mon, 5 Dec 2016 10:27:04 +0000 (10:27 +0000)]
Change various repeated wr[someindex]/pkt[someindex] references to a pointer

Improves the readability of the code, and reduces the liklihood of errors.
Also made a few minor style changes.

Reviewed-by: Rich Salz <rsalz@openssl.org>
7 years agoVarious style fixes from the TLSv1.3 record changes review
Matt Caswell [Fri, 2 Dec 2016 11:10:16 +0000 (11:10 +0000)]
Various style fixes from the TLSv1.3 record changes review

Reviewed-by: Rich Salz <rsalz@openssl.org>
7 years agoChange various repeated rr[someindex] references to a pointer
Matt Caswell [Fri, 2 Dec 2016 11:09:16 +0000 (11:09 +0000)]
Change various repeated rr[someindex] references to a pointer

Improves the readability of the code, and reduces the liklihood of errors.

Reviewed-by: Rich Salz <rsalz@openssl.org>
7 years agoEnsure compressdata is always initialised
Matt Caswell [Thu, 1 Dec 2016 10:20:59 +0000 (10:20 +0000)]
Ensure compressdata is always initialised

Reviewed-by: Rich Salz <rsalz@openssl.org>
7 years agoAdd a TLS1.3 TODO for the msg callback
Matt Caswell [Mon, 21 Nov 2016 17:11:51 +0000 (17:11 +0000)]
Add a TLS1.3 TODO for the msg callback

At the moment the msg callback only received the record header with the
outer record type in it. We never pass the inner record type - we probably
need to at some point.

Reviewed-by: Rich Salz <rsalz@openssl.org>
7 years agoAdd more TLS1.3 record tests
Matt Caswell [Mon, 21 Nov 2016 16:22:00 +0000 (16:22 +0000)]
Add more TLS1.3 record tests

Add some tests for the new record construction

Reviewed-by: Rich Salz <rsalz@openssl.org>
7 years agoUpdate the record layer to use TLSv1.3 style record construction
Matt Caswell [Fri, 18 Nov 2016 23:44:09 +0000 (23:44 +0000)]
Update the record layer to use TLSv1.3 style record construction

Reviewed-by: Rich Salz <rsalz@openssl.org>
7 years agoConvert TLS Record receipt to use PACKET
Matt Caswell [Fri, 18 Nov 2016 17:06:14 +0000 (17:06 +0000)]
Convert TLS Record receipt to use PACKET

Reviewed-by: Rich Salz <rsalz@openssl.org>
7 years agoConvert TLS record construction to use WPACKET
Matt Caswell [Fri, 18 Nov 2016 16:35:46 +0000 (16:35 +0000)]
Convert TLS record construction to use WPACKET

Reviewed-by: Rich Salz <rsalz@openssl.org>
7 years agoAdd an ability to find out the current write location from a WPACKET
Matt Caswell [Fri, 18 Nov 2016 16:34:01 +0000 (16:34 +0000)]
Add an ability to find out the current write location from a WPACKET

Reviewed-by: Rich Salz <rsalz@openssl.org>
7 years agoRestore last-resort expired untrusted intermediate issuers
Viktor Dukhovni [Fri, 25 Nov 2016 05:38:04 +0000 (00:38 -0500)]
Restore last-resort expired untrusted intermediate issuers

Reviewed-by: Matt Caswell <matt@openssl.org>
7 years agoRun a some tests with -DFUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION
Kurt Roeckx [Fri, 2 Dec 2016 18:49:34 +0000 (19:49 +0100)]
Run a some tests with -DFUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION

The fuzzers use -DFUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION, and actually
get different results based on that. We should have at least some
targets that actually fully use the fuzz corpora.

Reviewed-by: Rich Salz <rsalz@openssl.org>
GH: #2023

7 years agoMake the fuzzers more reproducible
Kurt Roeckx [Fri, 2 Dec 2016 18:34:54 +0000 (19:34 +0100)]
Make the fuzzers more reproducible

We want to be in the same global state each time we come in
FuzzerTestOneInput(). There are various reasons why we might not be that
include:
- Initialization that happens on first use. This is mostly the
  RUN_ONCE() things, or loading of error strings.
- Results that get cached. For instance a stack that is sorted, RSA
  blinding that has been set up, ...

So I try to trigger as much as possible in FuzzerInitialize(), and for
things I didn't find out how to trigger this it needs to happen in
FuzzerTestOneInput().

Reviewed-by: Rich Salz <rsalz@openssl.org>
GH: #2023

7 years agoMove libfuzzer sanitizer options to README
Kurt Roeckx [Fri, 2 Dec 2016 18:26:31 +0000 (19:26 +0100)]
Move libfuzzer sanitizer options to README

This is something you might want to change depending on the version to
use, there is no point in us fixing this to something.

Reviewed-by: Rich Salz <rsalz@openssl.org>
GH: #2023

7 years agoCMS fuzzer: also use id2
Kurt Roeckx [Sat, 19 Nov 2016 16:50:33 +0000 (17:50 +0100)]
CMS fuzzer: also use id2

Reviewed-by: Rich Salz <rsalz@openssl.org>
GH: #2023

7 years agoMake the random number generator predictable when fuzzing.
Kurt Roeckx [Sat, 19 Nov 2016 16:20:34 +0000 (17:20 +0100)]
Make the random number generator predictable when fuzzing.

Reviewed-by: Rich Salz <rsalz@openssl.org>
GH: #2023

7 years agoUse 8bit-counters when using libfuzzer
Kurt Roeckx [Sat, 19 Nov 2016 16:15:43 +0000 (17:15 +0100)]
Use 8bit-counters when using libfuzzer

Reviewed-by: Rich Salz <rsalz@openssl.org>
GH: #2023

7 years agobndiv fuzzer: move new and free calls to the init and cleanup function.
Kurt Roeckx [Sat, 19 Nov 2016 20:00:21 +0000 (21:00 +0100)]
bndiv fuzzer: move new and free calls to the init and cleanup function.

Reviewed-by: Rich Salz <rsalz@openssl.org>
GH: #2023

7 years agobignum fuzzer: move new and free calls to the init and cleanup function.
Kurt Roeckx [Sat, 19 Nov 2016 18:26:19 +0000 (19:26 +0100)]
bignum fuzzer: move new and free calls to the init and cleanup function.

Reviewed-by: Rich Salz <rsalz@openssl.org>
GH: #2023

7 years agoasn1parse: create the out bio during init, free it during cleanup
Kurt Roeckx [Sat, 19 Nov 2016 16:24:39 +0000 (17:24 +0100)]
asn1parse: create the out bio during init, free it during cleanup

Reviewed-by: Rich Salz <rsalz@openssl.org>
GH: #2023

7 years agoAdd a FuzzerClean() function
Kurt Roeckx [Sat, 19 Nov 2016 16:13:10 +0000 (17:13 +0100)]
Add a FuzzerClean() function

This allows to free everything we allocated, so we can detect memory
leaks.

Reviewed-by: Rich Salz <rsalz@openssl.org>
GH: #2023

7 years agoFuzzerInitialize always exists
Kurt Roeckx [Sat, 19 Nov 2016 16:12:11 +0000 (17:12 +0100)]
FuzzerInitialize always exists

There was a time it could be NULL, but that was changed to always have it.

Reviewed-by: Rich Salz <rsalz@openssl.org>
GH: #2023

7 years agoFix formatting of fuzzers
Kurt Roeckx [Sat, 19 Nov 2016 16:10:35 +0000 (17:10 +0100)]
Fix formatting of fuzzers

Reviewed-by: Rich Salz <rsalz@openssl.org>
GH: #2023

7 years agoFix a typo in bio_read_intern
Matt Caswell [Thu, 1 Dec 2016 13:24:09 +0000 (13:24 +0000)]
Fix a typo in bio_read_intern

Reviewed-by: Stephen Henson <steve@openssl.org>
7 years agoMake refdata in tls13encryptest static
Matt Caswell [Wed, 30 Nov 2016 10:57:10 +0000 (10:57 +0000)]
Make refdata in tls13encryptest static

Reviewed-by: Rich Salz <rsalz@openssl.org>
7 years agoConvert tls13encryptiontest so that we pass around a pointer not an index
Matt Caswell [Wed, 30 Nov 2016 10:53:57 +0000 (10:53 +0000)]
Convert tls13encryptiontest so that we pass around a pointer not an index

We also split the long string literals into 3 to avoid problems where we
go over the 509 character limit.

Reviewed-by: Rich Salz <rsalz@openssl.org>
7 years agoFix some style issues in the TLSv1.3 nonce construction code
Matt Caswell [Tue, 29 Nov 2016 23:27:27 +0000 (23:27 +0000)]
Fix some style issues in the TLSv1.3 nonce construction code

Reviewed-by: Rich Salz <rsalz@openssl.org>
7 years agoFix a double free in tls13encryptiontest
Matt Caswell [Tue, 22 Nov 2016 10:12:55 +0000 (10:12 +0000)]
Fix a double free in tls13encryptiontest

Reviewed-by: Rich Salz <rsalz@openssl.org>
7 years agoFix a travis compilation error
Matt Caswell [Mon, 21 Nov 2016 17:26:22 +0000 (17:26 +0000)]
Fix a travis compilation error

Reviewed-by: Rich Salz <rsalz@openssl.org>
7 years agoAdd a test for TLSv1.3 encryption using the new nonce construction
Matt Caswell [Thu, 17 Nov 2016 22:58:46 +0000 (22:58 +0000)]
Add a test for TLSv1.3 encryption using the new nonce construction

Reviewed-by: Rich Salz <rsalz@openssl.org>