Even if EC and DH are disabled then we may still be able to use TLSv1.3
if we have groups that have been plugged in by an external provider.
Fixes#13767
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13916)
This has as effect that SHA1 and MD5+SHA1 are no longer supported at
security level 1, and that TLS < 1.2 is no longer supported at the
default security level of 1, and that you need to set the security
level to 0 to use TLS < 1.2.
Reviewed-by: Tim Hudson <tjh@openssl.org>
GH: #10787
This fixes only those tests that were failing when network data was
fragmented. Remaining ones might succeed for "wrong reasons". Bunch
of tests have to fail to be considered successful and when data is
fragmented they might fail for reasons other than originally intended.
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5975)
Around 138 distinct errors found and fixed; thanks!
Reviewed-by: Kurt Roeckx <kurt@roeckx.be>
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3459)
An alert message is 2 bytes long. In theory it is permissible in SSLv3 -
TLSv1.2 to fragment such alerts across multiple records (some of which
could be empty). In practice it make no sense to send an empty alert
record, or to fragment one. TLSv1.3 prohibts this altogether and other
libraries (BoringSSL, NSS) do not support this at all. Supporting it adds
significant complexity to the record layer, and its removal is unlikely
to cause inter-operability issues.
The DTLS code for this never worked anyway and it is not supported at a
protocol level for DTLS. Similarly fragmented DTLS handshake records only
work at a protocol level where at least the handshake message header
exists within the record. DTLS code existed for trying to handle fragmented
handshake records smaller than this size. This code didn't work either so
has also been removed.
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3476)
Fix some comments too
[skip ci]
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3069)
Prior to TLS1.3 we check that the received record version number is correct.
In TLS1.3 we need to ignore the record version number. This adds a test to
make sure we do it correctly.
Reviewed-by: Rich Salz <rsalz@openssl.org>
The previous commit fixed a problem where fragmented alerts would cause an
infinite loop. This commit adds a test for these fragmented alerts.
Reviewed-by: Andy Polyakov <appro@openssl.org>
On some platforms we can't startup the TLSProxy due to environmental
problems (e.g. network set up on the build machine). These aren't OpenSSL
problems so we shouldn't treat them as test failures. Just visibly
indicate that we are skipping the test.
We only skip the first time we attempt to start up the proxy. If that works
then everything else should do...if not we should probably investigate and
so report as a failure.
This also removes test_networking...there is a danger that this turns into
a test of user's environmental set up rather than OpenSSL.
Reviewed-by: Richard Levitte <levitte@openssl.org>
The previous commit changed how we handle out-of-context empty records.
This commit adds some tests for the various scenarios. There are three
tests:
1: Check that if we inject an out-of-context empty record then we fail
2: Check that if we inject an in-context empty record then we succeed
3: Check that if we inject too many in-context empty records then we fail.
Reviewed-by: Andy Polyakov <appro@openssl.org>