mirror/openssl
2
0
Fork 0
mirror of https://github.com/openssl/openssl.git synced 2024-11-27 05:21:51 +08:00
Code Issues Packages Projects Releases Wiki Activity
18,611 Commits 33 Branches 385 Tags 484 MiB
8bfa99f04f
Commit Graph

18611 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Kurt Roeckx
e512840d7a Make the predictable numbers start from 1 
There is code that retries calling RAND_bytes() until it gets something
other than 0, which just hangs if we always return 0.

Reviewed-by: Rich Salz <rsalz@openssl.org>
GH: #2041
 2016-12-08 19:06:18 +01:00
Kurt Roeckx
231f13370b Make asn1 fuzzer more reproducible 
Reviewed-by: Rich Salz <rsalz@openssl.org>
GH: #2041
 2016-12-08 19:06:17 +01:00
Matt Caswell
7d152a3c4f Fix the declaration of tls_parse_extension in statem_locl.h 
Perl changes reviewed by Richard Levitte. Non-perl changes reviewed by Rich
Salz

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
 2016-12-08 17:21:48 +00:00
Matt Caswell
625b0d514e Fix a travis failure 
Travis was indicating a bogus uninit var warning. This fixes it.

Perl changes reviewed by Richard Levitte. Non-perl changes reviewed by Rich
Salz

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
 2016-12-08 17:21:41 +00:00
Matt Caswell
9615387408 Fix various indentation 
The indentation was a bit off in some of the perl files following the
extensions refactor.

Perl changes reviewed by Richard Levitte. Non-perl changes reviewed by Rich
Salz

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
 2016-12-08 17:21:35 +00:00
Matt Caswell
1e566129ad Move the checkhandshake.pm module into test/testlib 
Move this module into the same place as other test helper modules. It
simplifies the code and keeps like things together.

Perl changes reviewed by Richard Levitte. Non-perl changes reviewed by Rich
Salz

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
 2016-12-08 17:21:30 +00:00
Matt Caswell
7fe97c077b Fix make update issues 
Various functions got renamed. We need to rename the error codes too.

Perl changes reviewed by Richard Levitte. Non-perl changes reviewed by Rich
Salz

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
 2016-12-08 17:21:21 +00:00
Matt Caswell
ecc2f938cf Fix more style issues following extensions refactor feedback 
Perl changes reviewed by Richard Levitte. Non-perl changes reviewed by Rich
Salz

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
 2016-12-08 17:21:15 +00:00
Matt Caswell
cbb0954471 Introduce TLSEXT_STATUSTYPE_nothing constant 
The existing code used the magic number -1 to represent the absence of
a status_type in the extension. This commit replaces it with a macro.

Perl changes reviewed by Richard Levitte. Non-perl changes reviewed by Rich
Salz

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
 2016-12-08 17:21:09 +00:00
Matt Caswell
d270de322c Change TLSEXT_IDX_* values into an enum 
Perl changes reviewed by Richard Levitte. Non-perl changes reviewed by Rich
Salz

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
 2016-12-08 17:21:03 +00:00
Matt Caswell
1266eefdb6 Various style updates following extensions refactor 
Perl changes reviewed by Richard Levitte. Non-perl changes reviewed by Rich
Salz

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
 2016-12-08 17:20:58 +00:00
Matt Caswell
89247375ef Fix travis mixed declarations and code error 
Perl changes reviewed by Richard Levitte. Non-perl changes reviewed by Rich
Salz

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
 2016-12-08 17:20:51 +00:00
Matt Caswell
14d21b690a Suppress some BoringSSL test failures 
The external BoringSSL tests had some failures as a result of
the extensions refactor. This was due to a deliberate relaxation
of the duplicate extensions checking code. We now only check
known extensions for duplicates. Unknown extensions are ignored.
This is allowed behaviour, so we suppress those BoringSSL tests.

Perl changes reviewed by Richard Levitte. Non-perl changes reviewed by Rich
Salz

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
 2016-12-08 17:20:45 +00:00
Matt Caswell
22ab4b7dd3 Correct imports for checkhandshake module 
Ensure the tests can find the checkhandshake module on all platforms

Perl changes reviewed by Richard Levitte. Non-perl changes reviewed by Rich
Salz

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
 2016-12-08 17:20:39 +00:00
Matt Caswell
1b0286a385 Fix a memory leak 
When we call tls_collect_extensions() we need to free up the raw
extensions data later.

Perl changes reviewed by Richard Levitte. Non-perl changes reviewed by Rich
Salz

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
 2016-12-08 17:20:34 +00:00
Matt Caswell
7caf619f1a Add some extra key_share tests 
Check that the extension framework properly handles extensions specific
to a protocol version

Perl changes reviewed by Richard Levitte. Non-perl changes reviewed by Rich
Salz

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
 2016-12-08 17:20:28 +00:00
Matt Caswell
a1448c26d2 Remove some spurious whitespace 
Perl changes reviewed by Richard Levitte. Non-perl changes reviewed by Rich
Salz

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
 2016-12-08 17:20:22 +00:00
Matt Caswell
bc34928188 Add a renegotiation test 
Make sure we did not break the unsafe legacy reneg checks with the extension
work.

Perl changes reviewed by Richard Levitte. Non-perl changes reviewed by Rich
Salz

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
 2016-12-08 17:20:16 +00:00
Matt Caswell
60ea0034b8 Add more extension tests to test_sslmessages 
Perl changes reviewed by Richard Levitte. Non-perl changes reviewed by Rich
Salz

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
 2016-12-08 17:20:09 +00:00
Matt Caswell
f50306c298 Merge common code between test_tls13messages and test_sslmessages 
Perl changes reviewed by Richard Levitte. Non-perl changes reviewed by Rich
Salz

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
 2016-12-08 17:19:58 +00:00
Matt Caswell
6ca94f1058 Add extension tests in test_sslmessages 
Perl changes reviewed by Richard Levitte. Non-perl changes reviewed by Rich
Salz

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
 2016-12-08 17:19:52 +00:00
Matt Caswell
2de94a3601 Enable status_request test in test_sslmessages 
The s_server option -status_file has been added so this test can be
enabled.

Perl changes reviewed by Richard Levitte. Non-perl changes reviewed by Rich
Salz

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
 2016-12-08 17:19:46 +00:00
Matt Caswell
d70bde8805 Fix a bug in TLSProxy where zero length messages were not being recorded 
Perl changes reviewed by Richard Levitte. Non-perl changes reviewed by Rich
Salz

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
 2016-12-08 17:19:38 +00:00
Matt Caswell
0bfe166b8f Add a test to check messsages sent are the ones we expect 
Repeat for various handshake types

Perl changes reviewed by Richard Levitte. Non-perl changes reviewed by Rich
Salz

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
 2016-12-08 17:19:28 +00:00
Matt Caswell
efab1586e0 Support renegotiation in TLSProxy 
Perl changes reviewed by Richard Levitte. Non-perl changes reviewed by Rich
Salz

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
 2016-12-08 17:19:22 +00:00
Matt Caswell
9ce3ed2a58 Add tests for new extension code 
Extend test_tls13messages to additionally check the expected extensions
under different options given to s_client/s_server.

Perl changes reviewed by Richard Levitte. Non-perl changes reviewed by Rich
Salz

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
 2016-12-08 17:19:16 +00:00
Matt Caswell
3434f40b6f Split ServerHello extensions 
In TLS1.3 some ServerHello extensions remain in the ServerHello, while
others move to the EncryptedExtensions message. This commit performs that
move.

Perl changes reviewed by Richard Levitte. Non-perl changes reviewed by Rich
Salz

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
 2016-12-08 17:19:11 +00:00
Matt Caswell
332eb39088 Move ServerHello extension parsing into the new extension framework 
Perl changes reviewed by Richard Levitte. Non-perl changes reviewed by Rich
Salz

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
 2016-12-08 17:19:04 +00:00
Matt Caswell
70af3d8ed7 Avoid repeatedly scanning the list of extensions 
Because extensions were keyed by type which is sparse, we were continually
scanning the list to find the one we wanted. The way we stored them also
had the side effect that we were running initialisers/finalisers in a
different oder to the parsers. In this commit we change things so that we
instead key on an index value for each extension.

Perl changes reviewed by Richard Levitte. Non-perl changes reviewed by Rich
Salz

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
 2016-12-08 17:18:56 +00:00
Matt Caswell
24b8e4b2c8 Simplify ClientHello extension parsing 
Remove some functions that are no longer needed now that we have the new
extension framework.

Perl changes reviewed by Richard Levitte. Non-perl changes reviewed by Rich
Salz

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
 2016-12-08 17:18:51 +00:00
Matt Caswell
02f0274e8c Move ALPN processing into an extension finalisation function 
Perl changes reviewed by Richard Levitte. Non-perl changes reviewed by Rich
Salz

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
 2016-12-08 17:18:46 +00:00
Matt Caswell
805a2e9e13 Provide server side extension init and finalisation functions 
Perl changes reviewed by Richard Levitte. Non-perl changes reviewed by Rich
Salz

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
 2016-12-08 17:18:40 +00:00
Matt Caswell
68db4ddab7 Add an extension initilisation and finalisation capability 
Perl changes reviewed by Richard Levitte. Non-perl changes reviewed by Rich
Salz

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
 2016-12-08 17:18:35 +00:00
Matt Caswell
ab83e31414 Move client construction of ClientHello extensions into new framework 
Perl changes reviewed by Richard Levitte. Non-perl changes reviewed by Rich
Salz

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
 2016-12-08 17:18:30 +00:00
Matt Caswell
6dd083fd68 Move client parsing of ServerHello extensions into new framework 
Perl changes reviewed by Richard Levitte. Non-perl changes reviewed by Rich
Salz

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
 2016-12-08 17:18:25 +00:00
Matt Caswell
e56c33b98b Rename some functions 
The _clienthello_ in the extensions parsing functions is overly specific.
Better to keep the convention to just _client_

Perl changes reviewed by Richard Levitte. Non-perl changes reviewed by Rich
Salz

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
 2016-12-08 17:18:18 +00:00
Matt Caswell
7da160b0f4 Move ServerHello extension construction into the new extensions framework 
This lays the foundation for a later move to have the extensions built and
placed into the correct message for TLSv1.3 (e.g. ServerHello or
EncryptedExtensions).

Perl changes reviewed by Richard Levitte. Non-perl changes reviewed by Rich
Salz

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
 2016-12-08 17:18:12 +00:00
Matt Caswell
25670f3e87 Split extensions code into core extensions and server extensions code 
Later we will have client extensions code too.

Perl changes reviewed by Richard Levitte. Non-perl changes reviewed by Rich
Salz

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
 2016-12-08 17:18:06 +00:00
Matt Caswell
4b299b8e17 Add extensions construction support 
Perl changes reviewed by Richard Levitte. Non-perl changes reviewed by Rich
Salz

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
 2016-12-08 17:18:00 +00:00
Matt Caswell
224135e96a Continue the extensions refactor 
Add support for construction of extensions

Perl changes reviewed by Richard Levitte. Non-perl changes reviewed by Rich
Salz

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
 2016-12-08 17:17:53 +00:00
Matt Caswell
6b473acabd Refactor ClientHello extension parsing 
This builds on the work started in 1ab3836b3 and extends is so that
each extension has its own identified parsing functions, as well as an
allowed context identifying which messages and protocols it is relevant for.
Subsequent commits will do a similar job for the ServerHello extensions.
This will enable us to have common functions for processing extension blocks
no matter which of the multiple messages they are received from. In TLSv1.3
a number of different messages have extension blocks, and some extensions
have moved from one message to another when compared to TLSv1.2.

Perl changes reviewed by Richard Levitte. Non-perl changes reviewed by Rich
Salz

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
 2016-12-08 17:17:45 +00:00
Matt Caswell
fadd9a1e2d Verify that extensions are used in the correct context 
Perl changes reviewed by Richard Levitte. Non-perl changes reviewed by Rich
Salz

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
 2016-12-08 17:17:39 +00:00
Matt Caswell
91b60e2ab4 Add some missing extensions to SSL_extension_supported() 
Perl changes reviewed by Richard Levitte. Non-perl changes reviewed by Rich
Salz

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
 2016-12-08 17:17:33 +00:00
Matt Caswell
ede6f76203 Move tls_collect_extensions() into a separate file 
Subsequent commits will pull other extensions code into this file.

Perl changes reviewed by Richard Levitte. Non-perl changes reviewed by Rich
Salz

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
 2016-12-08 17:17:26 +00:00
Matt Caswell
e46f233444 Add EncryptedExtensions message 
At this stage the message is just empty. We need to fill it in with
extension data.

Perl changes reviewed by Richard Levitte. Non-perl changes reviewed by Rich
Salz

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
 2016-12-08 17:17:12 +00:00
Matt Caswell
71728dd8aa Send and Receive a TLSv1.3 format ServerHello 
There are some minor differences in the format of a ServerHello in TLSv1.3.

Perl changes reviewed by Richard Levitte. Non-perl changes reviewed by Rich
Salz

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
 2016-12-08 17:16:23 +00:00
Richard Levitte
c901bccec6 UI_OpenSSL()'s session opener fails on MacOS X 
If on a non-tty stdin, TTY_get() will fail with errno == ENODEV.
We didn't catch that.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2039)
 2016-12-08 13:37:48 +01:00
Richard Levitte
4984448648 In UI_OpenSSL's open(), generate an error on unknown errno 
TTY_get() sometimes surprises us with new errno values to determine if
we have a controling terminal or not.  This generated error is a
helpful tool to figure out that this was what happened and what the
unknown value is.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2043)
 2016-12-08 13:34:08 +01:00
Richard Levitte
57c0f378b8 Make sure that password_callback exercises UI 
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2040)
 2016-12-08 10:26:04 +01:00
Richard Levitte
17ac8eaf61 Add a test for the UI API 
The best way to test the UI interface is currently by using an openssl
command that uses password_callback.  The only one that does this is
'genrsa'.
Since password_callback uses a UI method derived from UI_OpenSSL(), it
ensures that one gets tested well enough as well.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2040)
 2016-12-08 00:34:47 +01:00