| Commit message (Collapse) | Author | Age | Files | Lines |
| |
|
|
|
|
|
|
| |
If DSA was disabled, caused memory corruption/crashes due to combination of
uninitialized object and the tests not checking return values as carefully
as they should.
|
| |
|
| |
|
| |
|
| |
|
| |
|
|
|
|
|
| |
As long as we support DSS ciphersuites, we should test them,
even if they're deprecated.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Based on build output sent by @noloader.
If RLIMIT_MEMLOCK is not defined, assume regular user is not able to
call mlock. This probably also affected Clang/GCC on Solaris.
Work around resolution issue in SIMD_4x32 where it finds ambiguity
between arg taking uint32_t and __m128i. This is probably some
artifact of how SunCC represents vector types, and seems highly bogus
in general but is easy to work around here. Change constructor taking
a single value to instead be `SIMD_4x32::splat` function. The SIMD
class is internal, so no API implications.
Fix various warnings about lambda functions that were missing return
types and which were not a single return statement. AIUI C++11 doesn't
guarantee that lambda return type will be deduced in that situation,
though in practice every compiler including SunCC seems to handle it.
Disable AVX2 usage, since SunCC's intrinsics seem to be broken - its
_mm_loadu_si256 takes non-const pointer.
Rename a few variables in the tests to avoid shadowed var warnings.
|
| |
|
|
|
|
| |
GH #798
|
|
|
|
|
| |
Moves BSI policy file to test data dir where it can be compared with
what the hardcoded class outputs.
|
|
|
|
|
| |
Initially planned, then decided to skip because supporting it requires
more changes to the TLS handshake code than I want to do right now.
|
|
|
|
|
|
| |
Clean up the ciphersuite generation script a bit.
[ci skip]
|
| |
|
|
|
|
|
|
| |
Disabling SHA-256 in TLS 1.1/1.2 has the effect of disabling the Camellia
ECDH ciphersuites. So the test policy ended up with an empty ciphersuite
list, when negotiating older versions.
|
|
|
|
|
|
| |
Renames a couple of functions for somewhat better name consistency,
eg make_u32bit becomes make_uint32. The old typedefs remain for now
since probably lots of application code uses them.
|
|
|
|
| |
Reported by @neverhub in GH #758 found by libFuzzer
|
| |
|
|\
| |
| |
| |
| |
| | |
Splits up path validation into several sub-functions for easier testing
and creating customized validation code. Much improved OCSP handling
and OCSP tests.
|
| |
| |
| |
| | |
Create empty CRLs so that revocation information is available.
|
| |
| |
| |
| |
| |
| | |
It is the only function in C_M which is called on to process session-specific
(and adversarially provided) inputs, rather than passively returning some credential
which is typically not session specific.
|
|/ |
|
| |
|
|\ |
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Tested against BoringSSL (as client + server) and google.com (as client).
Fix a stupid crashing bug in NewHope's BoringSSL mode.
Remove unneeded error return from curve25519_donna - always returned 0.
Default policy prefers ChaChaPoly1305 over GCM and CECPQ1 over ECDH/DH, which
means the default no-extra-configuration ciphersuite (for Botan client speaking
to Botan server) is a ciphersuite which is both implemented in constant time
on all platforms and (hopefully) provides post quantum security. Good Things.
|
|/
|
|
|
| |
It is allowable to request the maximum length, just not more than it.
Found after about 22K runs of the TLS tests.
|
|
|
|
|
|
|
|
|
| |
There is a simple bit flip corruption test for the TLS stack: we
shouldn't negotiate correctly if any random bit gets flipped. But it
turns out this is not entirely true as the record layer version field
is effectively ignored except for distinguishing TLS vs DTLS. So a small
bitflip in that field is sometimes ignored, causing the test to fail.
Make sure we modify something in the body instead.
|
|
|
|
|
|
| |
One additional, application-specific curve can be added
at compile time, using the new
configure.py --house-curve=curve.pem,funky311,1.2.3.4,FEFF.
|
|
|
|
|
|
| |
Using sqlite3 for one and memory for another meant only half of
each implementation was tested. Instead use sqlite3 for a while,
then switch to in-memory, to ensure both are covered.
|
|
|
|
|
|
|
|
| |
Otherwise we may end up trying to renegotiate EtM to MtE which is
an error. Only occured sporadically due to low timeout set on session
cache; only if we retried really quickly did it fail.
Feels kind of hacky, but disabling EtM is a corner case anyway.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The client would attempt to resume a session, even if the session was
for a version other than what it wanted to offer. If the server
resumed with the original version, the client would then reject the
'incorrect' version. Instead, if the session is for a version other
than what we want to offer, just start a fresh handshake.
Fix resuming in the EtM case - even if the policy says otherwise,
always resume EtM sessions as EtM. Servers are required to reject a
MtE resumption on an EtM session.
The new client hello already ordered extensions to prevent an empty
extension from ever being last (working around a bug in some dumb
stack somewhere), but this was not true for the resume case. Fix that.
Beef up tests a bit - test ECDSA suites, alerts, and sqlite3 session db.
Sharing the session state across all the tests is what tipped me off
on the resumption bugs in the first place - as usual, what is not tested
does not work correctly.
|
| |
|
|
|
|
|
| |
Client interops with google.com, server not tested against an
independent client yet.
|
|\ |
|
| |
| |
| |
| | |
Remove bogus includes for TLS tests
|
|\ \
| |/
|/| |
|
| | |
|
| |
| |
| |
| | |
Some fixes for missing system_rng in ECIES and tests.
|
|/
|
|
|
|
|
|
| |
Instead the key types exposes operations like `create_encryption_op`
which will return the relevant operation if the algorithm supports it.
Changes pubkey.h interface, now RNG is passed at init time.
Blinder previous created its own RNG, now it takes it from app.
|
|
|
|
|
| |
Now record layer only deals with an AEAD, and the weird complications
of CBC modes mostly hidden in tls_cbc.cpp
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
TLS message parsing:
- CertificateVerify
- HelloVerify
- ClientHello (with extensions)
- ServerHello (with extensions)
- NewSessionTicket
- Alert
TLS message processing:
- HelloVerify
TLS Policy tests
Unit tests with TLS client authentication
Added test_throws method that checks the correct exception message.
|
|
|
|
|
|
| |
Mostly unused args and missing override notations.
Fix DH - load_check calls were commented out for debugging.
|
|\
| |
| |
| | |
which recently landed on master.
|
| | |
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Make TLS::Channel::m_callbacks a reference, so deriving from TLS::Callbacks works
Split out the compat (std::function) based interface to Compat_Callbacks.
This avoids the overhead of empty std::functions when using the virtual
interface, and ensures the virtual interface works since there is no
callback path that does not involve a vtable lookup.
Rename the TLS::Callback functions. Since the idea is that often an owning
class will pass *this as the callbacks argument, it is good to namespace
the virtual functions so as not to conflict with other names chosen by
the class. Specifically, prefixes all cb functions with tls_
Revert changes to use the old style alert callback (with no longer used data/len
params) so no API changes are required for old code. The new Callbacks interface
continues to just receive the alert code itself.
Switch to virtual function interface in CLI tls_client for testing.
Inline tls_server_handshake_state.h - only used in tls_server.cpp
Fix tests - test looked like it was creating a new client object but it
was not actually being used. And when enabled, it failed because the queues
were not being emptied in between. So, fix that.
|
| |
| |
| |
| |
| | |
- Removed proposed wrapper class to logically group TLS session
properties.
|
| |
| |
| |
| |
| | |
- Modified TLS & DTLS tests to use both, legacy constructor and new
virtual callback interface based constructors.
|
| |
| |
| |
| |
| |
| |
| |
| |
| | |
- extracted inner class TLS::Channel::Callbacks to stand-alone class
TLS::Callbacks.
- provided default implementations for TLS::Callbacks members executing
calls to std::function members for backward compatibility.
- applied changes to cli, tests and TLS::Channel related classes to be
compatible with new interface.
|