Skip to content

T
Third Party Openssl

OpenHarmony / Third Party Openssl
接近 2 年 前同步成功

通知 12
Star 18
Fork 1
T
Third Party Openssl
切换分支/标签
  1. 20 3月, 2018 2 次提交
  3. 12 3月, 2018 1 次提交
  5. 30 11月, 2017 1 次提交
  7. 04 10月, 2017 1 次提交
    • T
      Session resume broken switching contexts · a84e5c9a
      Todd Short 提交于 
      When an SSL's context is swtiched from a ticket-enabled context to
a ticket-disabled context in the servername callback, no session-id
is generated, so the session can't be resumed.

If a servername callback changes the SSL_OP_NO_TICKET option, check
to see if it's changed to disable, and whether a session ticket is
expected (i.e. the client indicated ticket support and the SSL had
tickets enabled at the time), and whether we already have a previous
session (i.e. s->hit is set).

In this case, clear the ticket-expected flag, remove any ticket data
and generate a session-id in the session.

If the SSL hit (resumed) and switched to a ticket-disabled context,
assume that the resumption was via session-id, and don't bother to
update the session.

Before this fix, the updated unit-tests in 06-sni-ticket.conf would
fail test #4 (server1 = SNI, server2 = no SNI).
Reviewed-by: NRich Salz <rsalz@openssl.org>
Reviewed-by: NRichard Levitte <levitte@openssl.org>
Reviewed-by: NMatt Caswell <matt@openssl.org>
Reviewed-by: NPaul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/1529)
      a84e5c9a
  9. 27 7月, 2017 1 次提交
    • P
      Update the test framework so that the need for test_main is removed. Everything · ad887416
      Pauli 提交于 
      that needed test_main now works using the same infrastructure as tests that used
register_tests.

This meant:
* renaming register_tests to setup_tests and giving it a success/failure return.
* renaming the init_test function to setup_test_framework.
* renaming the finish_test function to pulldown_test_framework.
* adding a user provided global_init function that runs before the test frame
    work is initialised.  It returns a failure indication that stops the stest.
* adding helper functions that permit tests to access their command line args.
* spliting the BIO initialisation and finalisation out from the test setup and
    teardown.
* hiding some of the now test internal functions.
* fix the comments in testutil.h
Reviewed-by: NRichard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3953)
      ad887416
  11. 05 7月, 2017 1 次提交
  13. 23 6月, 2017 1 次提交
  15. 20 6月, 2017 1 次提交
  17. 25 4月, 2017 1 次提交
  19. 04 4月, 2017 1 次提交
  21. 29 3月, 2017 1 次提交
  23. 17 3月, 2017 1 次提交
  25. 03 3月, 2017 2 次提交
  27. 30 1月, 2017 1 次提交
  29. 20 1月, 2017 1 次提交
  31. 15 1月, 2017 2 次提交
  33. 09 1月, 2017 1 次提交
  35. 09 11月, 2016 1 次提交
    • E
      Add main() test methods to reduce test boilerplate. · e364c3b2
      Emilia Kasper 提交于 
      Simple tests only need to implement register_tests().
Tests that need a custom main() should implement test_main(). This will
be wrapped in a main() that performs common setup/teardown (currently
crypto-mdebug).

Note that for normal development, enable-asan is usually
sufficient for detecting leaks, and more versatile.

enable-crypto-mdebug is stricter as it will also
insist that all static variables be freed. This is useful for debugging
library init/deinit; however, it also means that test_main() must free
everything it allocates.
Reviewed-by: NRichard Levitte <levitte@openssl.org>
Reviewed-by: NRich Salz <rsalz@openssl.org>
      e364c3b2
  37. 07 11月, 2016 1 次提交
    • E
      Simplify tests part 2 · d836d71b
      Emilia Kasper 提交于 
      1) Remove some unnecessary fixtures
2) Add EXECUTE_TEST_NO_TEARDOWN shorthand when a fixture exists but has
no teardown.
3) Fix return values in ct_test.c (introduced by an earlier refactoring,
oops)

Note that for parameterized tests, the index (test vector) usually holds all the
customization, and there should be no need for a separate test
fixture. The CTS test is an exception: it demonstrates how to combine
customization with parameterization.
Reviewed-by: NRichard Levitte <levitte@openssl.org>
      d836d71b
  39. 04 11月, 2016 1 次提交
  41. 18 8月, 2016 1 次提交
  43. 10 8月, 2016 1 次提交
  45. 08 8月, 2016 2 次提交
    • E
      Fix ALPN tests when NPN is off · 7b7cea6d
      Emilia Kasper 提交于 
      OPENSSL_NO_NEXTPROTONEG only disables NPN, not ALPN
Reviewed-by: NRichard Levitte <levitte@openssl.org>
      7b7cea6d
    • E
      Reorganize SSL test structures · 9f48bbac
      Emilia Kasper 提交于 
      Move custom server and client options from the test dictionary to an
"extra" section of each server/client. Rename test expectations to say
"Expected".

This is a big but straightforward change. Primarily, this allows us to
specify multiple server and client contexts without redefining the
custom options for each of them. For example, instead of
"ServerNPNProtocols", "Server2NPNProtocols", "ResumeServerNPNProtocols",
we now have, "NPNProtocols".

This simplifies writing resumption and SNI tests. The first application
will be resumption tests for NPN and ALPN.

Regrouping the options also makes it clearer which options apply to the
server, which apply to the client, which configure the test, and which
are test expectations.
Reviewed-by: NRichard Levitte <levitte@openssl.org>
      9f48bbac
  47. 01 8月, 2016 1 次提交
  49. 21 7月, 2016 1 次提交
  51. 20 7月, 2016 1 次提交
  53. 19 7月, 2016 1 次提交
  55. 28 6月, 2016 1 次提交
    • E
      SSL test framework: port SNI tests · d2b23cd2
      Emilia Kasper 提交于 
      Observe that the old tests were partly ill-defined:
setting sn_server1 but not sn_server2 in ssltest_old.c does not enable
the SNI callback.

Fix this, and also explicitly test both flavours of SNI mismatch (ignore
/ fatal alert). Tests still pass.
Reviewed-by: NRich Salz <rsalz@openssl.org>
      d2b23cd2
  57. 14 6月, 2016 1 次提交
  59. 13 6月, 2016 2 次提交
  61. 10 6月, 2016 1 次提交
    • T
      Fix session ticket and SNI · 5c753de6
      Todd Short 提交于 
      When session tickets are used, it's possible that SNI might swtich the
SSL_CTX on an SSL. Normally, this is not a problem, because the
initial_ctx/session_ctx are used for all session ticket/id processes.

However, when the SNI callback occurs, it's possible that the callback
may update the options in the SSL from the SSL_CTX, and this could
cause SSL_OP_NO_TICKET to be set. If this occurs, then two bad things
can happen:

1. The session ticket TLSEXT may not be written when the ticket expected
flag is set. The state machine transistions to writing the ticket, and
the client responds with an error as its not expecting a ticket.
2. When creating the session ticket, if the ticket key cb returns 0
the crypto/hmac contexts are not initialized, and the code crashes when
trying to encrypt the session ticket.

To fix 1, if the ticket TLSEXT is not written out, clear the expected
ticket flag.
To fix 2, consider a return of 0 from the ticket key cb a recoverable
error, and write a 0 length ticket and continue. The client-side code
can explicitly handle this case.

Fix these two cases, and add unit test code to validate ticket behavior.
Reviewed-by: NEmilia Käsper <emilia@openssl.org>
Reviewed-by: NRich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1098)
      5c753de6
  63. 18 5月, 2016 1 次提交
  65. 13 5月, 2016 1 次提交
    • E
      Remove proxy tests. Add verify callback tests. · a263f320
      Emilia Kasper 提交于 
      The old proxy tests test the implementation of an application proxy
policy callback defined in the test itself, which is not particularly
useful.

It is, however, useful to test cert verify overrides in
general. Therefore, replace these tests with tests for cert verify
callback behaviour.

Also glob the ssl test inputs on the .in files to catch missing
generated files.
Reviewed-by: NRich Salz <rsalz@openssl.org>
      a263f320
  67. 14 4月, 2016 1 次提交
  69. 07 4月, 2016 1 次提交