Commit Graph

1277 Commits

Author SHA1 Message Date
Emilia Kasper
b3618f44a7 Test mac-then-encrypt
Verify that the encrypt-then-mac negotiation is handled
correctly. Additionally, when compiled with no-asm, this test ensures
coverage for the constant-time MAC copying code in
ssl3_cbc_copy_mac. The proxy-based CBC padding test covers that as
well but it's nevertheless better to have an explicit handshake test
for mac-then-encrypt.

Reviewed-by: Andy Polyakov <appro@openssl.org>
2016-11-28 12:23:36 +01:00
Dr. Stephen Henson
c6d67f09f3 add CMS SHA1 signing test
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-11-25 20:50:58 +00:00
Andy Polyakov
b47f116b1e test/evptests.txt: add regression test for false carry in ctr128.c.
GH issue #1916 affects only big-endian platforms. TLS is not affected,
because TLS fragment is never big enough.

Reviewed-by: Matt Caswell <matt@openssl.org>
2016-11-25 17:21:30 +01:00
Matt Caswell
f231b4e7a6 Fix a warning about an uninit var
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-11-24 18:02:43 +00:00
Emilia Kasper
ab29eca645 Run BoringSSL tests on Travis
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-11-24 12:21:33 +01:00
Matt Caswell
66889e4399 Fix some defines in ossl_shim
ossl_shim had some TLS1.3 defines that are now in ssl.h so need to be
removed.

Reviewed-by: Emilia Käsper <emilia@openssl.org>
2016-11-23 17:01:33 +00:00
Matt Caswell
5d8ce30634 Fix an uninit variable usage
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-11-23 16:06:46 +00:00
Matt Caswell
fb83f20c30 Update tls13secretstest to use the new simpler test framework
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-11-23 15:44:08 +00:00
Matt Caswell
6530c4909f Fix some style issues with TLSv1.3 state machine PR
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-11-23 15:38:32 +00:00
Matt Caswell
cc24a22b83 Extend test_tls13messages
Add various different handshake types that are possible.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-11-23 15:31:21 +00:00
Matt Caswell
c11237c23e Add a test for the TLSv1.3 state machine
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-11-23 15:31:21 +00:00
Matt Caswell
9970290e1d Fix the tests following the state machine changes for TLSv1.3
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-11-23 15:31:21 +00:00
Matt Caswell
92760c21e6 Update state machine to be closer to TLS1.3
This is a major overhaul of the TLSv1.3 state machine. Currently it still
looks like TLSv1.2. This commit changes things around so that it starts
to look a bit less like TLSv1.2 and bit more like TLSv1.3.

After this commit we have:

ClientHello
+ key_share          ---->
                           ServerHello
                           +key_share
                           {CertificateRequest*}
                           {Certificate*}
                           {CertificateStatus*}
                     <---- {Finished}
{Certificate*}
{CertificateVerify*}
{Finished}           ---->
[ApplicationData]    <---> [Application Data]

Key differences between this intermediate position and the final TLSv1.3
position are:
- No EncryptedExtensions message yet
- No server side CertificateVerify message yet
- CertificateStatus still exists as a separate message
- A number of the messages are still in the TLSv1.2 format
- Still running on the TLSv1.2 record layer

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-11-23 15:31:21 +00:00
Matt Caswell
0d9824c171 Implement tls13_change_cipher_state()
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-11-23 15:31:21 +00:00
Matt Caswell
9362c93ebc Remove old style NewSessionTicket from TLSv1.3
TLSv1.3 has a NewSessionTicket message, but it is *completely* different to
the TLSv1.2 one and may as well have been called something else. This commit
removes the old style NewSessionTicket from TLSv1.3. We will have to add the
new style one back in later.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-11-23 15:31:21 +00:00
Todd Short
024d681e69 Skipping tests in evp_test leaks memory
When configured with "no-mdc2 enable-crypto-mdebug" the evp_test
will leak memory due to skipped tests, and error out.

Also fix a skip condition

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1968)
2016-11-21 16:04:39 -05:00
Kurt Roeckx
beacb0f0c1 Make SSL_read and SSL_write return the old behaviour and document it.
This reverts commit 4880672a9b.

Fixes: #1903

Reviewed-by: Matt Caswell <matt@openssl.org>

GH: #1931
2016-11-21 21:54:28 +01:00
Dr. Stephen Henson
52fe14e662 Add test to check EVP_PKEY method ordering.
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-11-20 00:22:02 +00:00
Dr. Stephen Henson
d922634d0c Add conversion test for MSBLOB format.
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-11-17 03:53:03 +00:00
Rob Percival
765731a888 Make sure things get deleted when test setup fails in ct_test.c
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1548)
2016-11-16 13:54:17 +00:00
Rob Percival
e2635c49f3 Use valid signature in test_decode_tls_sct()
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1548)
2016-11-16 13:43:36 +00:00
Rob Percival
f7a39a5a3f Construct SCT from base64 in ct_test
This gives better code coverage and is more representative of how a
user would likely construct an SCT (using the base64 returned by a CT log).

Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1548)
2016-11-16 13:43:36 +00:00
Matt Caswell
e304d3e20f Remove a hack from ssl_test_old
ssl_test_old was reaching inside the SSL structure and changing the internal
BIO values. This is completely unneccessary, and was causing an abort in the
test when enabling TLSv1.3.

I also removed the need for ssl_test_old to include ssl_locl.h. This
required the addition of some missing accessors for SSL_COMP name and id
fields.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-11-16 10:27:40 +00:00
Matt Caswell
94ed2c6739 Fixed various style issues in the key_share code
Numerous style issues as well as references to TLS1_3_VERSION instead of
SSL_IS_TLS13(s)

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-11-16 10:09:46 +00:00
Matt Caswell
5a8e54d9dc Add some tests for the key_share extension
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-11-16 10:09:46 +00:00
Matt Caswell
0f1e51ea11 Start using the key_share data to derive the PMS
The previous commits put in place the logic to exchange key_share data. We
now need to do something with that information. In <= TLSv1.2 the equivalent
of the key_share extension is the ServerKeyExchange and ClientKeyExchange
messages. With key_share those two messages are no longer necessary.

The commit removes the SKE and CKE messages from the TLSv1.3 state machine.
TLSv1.3 is completely different to TLSv1.2 in the messages that it sends
and the transitions that are allowed. Therefore, rather than extend the
existing <=TLS1.2 state transition functions, we create a whole new set for
TLSv1.3. Intially these are still based on the TLSv1.2 ones, but over time
they will be amended.

The new TLSv1.3 transitions remove SKE and CKE completely. There's also some
cleanup for some stuff which is not relevant to TLSv1.3 and is easy to
remove, e.g. the DTLS support (we're not doing DTLSv1.3 yet) and NPN.

I also disable EXTMS for TLSv1.3. Using it was causing some added
complexity, so rather than fix it I removed it, since eventually it will not
be needed anyway.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-11-16 10:09:46 +00:00
Rob Percival
ebcb536858 Add test for CT_POLICY_EVAL_CTX default time
Checks that the epoch_time_in_ms field of CT_POLICY_EVAL_CTX is initialized
to approximately the current time (as returned by time()) by default. This
prevents the addition of this field, and its verification during SCT
validation, from breaking existing code that calls SCT_validate directly.

Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1554)
2016-11-15 16:12:41 -05:00
Rob Percival
1fa9ffd934 Check that SCT timestamps are not in the future
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1554)
2016-11-15 16:12:41 -05:00
Richard Levitte
e72040c1dc Remove heartbeat support
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1669)
2016-11-13 16:24:02 -05:00
Matthias Kraft
af5883fec9 Solution proposal for issue #1647.
Avoid a memory alignment issue.

Signed-off-by: Matthias Kraft <Matthias.Kraft@softwareag.com>
CLA: trivial
Reviewed-by: Andy Polyakov <appro@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1650)
2016-11-12 22:26:20 -05:00
Matt Caswell
b4eee58a5f Fix test_sslcorrupt when using TLSv1.3
The test loops through all the ciphers, attempting to test each one in turn.
However version negotiation happens before cipher selection, so with TLSv1.3
switched on if we use a non-TLSv1.3 compatible cipher suite we get "no
share cipher".

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-11-10 15:51:11 +00:00
Richard Levitte
cf551a51d2 Link internal tests with static OpenSSL libraries when needed
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1889)
2016-11-10 15:51:43 +01:00
Richard Levitte
42e055e124 Fix no-ct in test/ct_test.c
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1890)
2016-11-10 15:49:22 +01:00
Matt Caswell
f07d639edf Fix the no-tls option
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-11-10 13:04:11 +00:00
Richard Levitte
9d7ce8d42b Fix no-cms (CVE-2016-7053)
Reviewed-by: Matt Caswell <matt@openssl.org>
2016-11-10 13:04:11 +00:00
Andy Polyakov
70d8b304d0 test/evptests.txt: add negative tests for AEAD ciphers.
This is done by taking one vector, "corrupting" last bit of the
tag value and verifying that decrypt fails.

Reviewed-by: Emilia Käsper <emilia@openssl.org>
2016-11-10 13:04:11 +00:00
Andy Polyakov
c5a569927f test: add TLS application data corruption test.
Reviewed-by: Emilia Käsper <emilia@openssl.org>
2016-11-10 13:04:11 +00:00
Dr. Stephen Henson
a378a46985 add test for CVE-2016-7053
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-11-10 13:04:11 +00:00
Andy Polyakov
dca2e0ee17 test/bntest.c: regression test for CVE-2016-7055.
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-11-10 10:30:49 +00:00
Richard Levitte
dfbdf4abb7 Fix the evp_test Ctrl keyword processing
Skip the test if the value after ":" is a disabled algorithm, rather
than failing it

Reviewed-by: Matt Caswell <matt@openssl.org>
2016-11-10 10:19:27 +00:00
Richard Levitte
586b79d888 Fix no-dso (shlibloadtest)
Reviewed-by: Matt Caswell <matt@openssl.org>
2016-11-10 10:12:00 +00:00
Matt Caswell
54682aa357 Give the test with only TLS1.1 and TLS1.0 a better name
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-11-09 16:03:09 +00:00
Matt Caswell
17d01b4201 Add some more version tests
Send a TLS1.4 ClientHello with supported_versions and get TLS1.3
Send a TLS1.3 ClientHello without supported_versions and get TLS1.2

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-11-09 16:03:09 +00:00
Matt Caswell
7b21c00e1c Look at the supported_versions extension even if the server <TLS1.3
If supported_versions is present it takes precedence.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-11-09 16:03:08 +00:00
Matt Caswell
203b1cdf73 Add a test for the supported_versions extension
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-11-09 16:03:08 +00:00
Matt Caswell
cd99883755 Add server side support for supported_versions extension
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-11-09 16:03:08 +00:00
Emilia Kasper
e364c3b24e Add main() test methods to reduce test boilerplate.
Simple tests only need to implement register_tests().
Tests that need a custom main() should implement test_main(). This will
be wrapped in a main() that performs common setup/teardown (currently
crypto-mdebug).

Note that for normal development, enable-asan is usually
sufficient for detecting leaks, and more versatile.

enable-crypto-mdebug is stricter as it will also
insist that all static variables be freed. This is useful for debugging
library init/deinit; however, it also means that test_main() must free
everything it allocates.

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-11-09 16:07:16 +01:00
EasySec
7380737d77 dtl_mtu_test doesn't follow BIO_* conventions and make Windows build fail
Reviewed-by: Kurt Roeckx <kurt@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-11-09 15:54:41 +01:00
Matt Caswell
134bfe56c4 Add a test for the TLS1.3 secret generation
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-11-09 14:08:14 +00:00
Matt Caswell
9b36b7d9bd Add support for initialising WPACKETs from a static buffer
Normally WPACKETs will use a BUF_MEM which can grow as required. Sometimes
though that may be overkill for what is needed - a static buffer may be
sufficient. This adds that capability.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-11-09 10:36:54 +00:00