openbsd/src/regress/lib/libssl/dtls, branch OPENBSD_7_4A mirror of https://github.com/libressl/openbsd.git
https://git.lua4.win/openbsd/atom?h=OPENBSD_7_42022-11-26T16:08:57+00:00Make internal header file names consistent2022-11-26T16:08:57+00:00tb2022-11-26T16:08:57+00:00urn:sha1:81d98bf600a381a625eb11b39a725b08c0ba547f
Libcrypto currently has a mess of *_lcl.h, *_locl.h, and *_local.h names
used for internal headers. Move all these headers we inherited from
OpenSSL to *_local.h, reserving the name *_internal.h for our own code.
Similarly, move dtls_locl.h and ssl_locl.h to dtls_local and ssl_local.h.
constant_time_locl.h is moved to constant_time.h since it's special.
Adjust all .c files in libcrypto, libssl and regress.
The diff is mechanical with the exception of tls13_quic.c, where
#include <ssl_locl.h> was fixed manually.
discussed with jsing,
no objection bcook
dtlstest: Ensure the timeouts are at least 10 ms. This makes these tests2022-10-26T20:31:38+00:00tb2022-10-26T20:31:38+00:00urn:sha1:57a8a8babc40c12a8a3e3df0ab3af104466786c3
a bit less flaky if the machine is otherwise under load.
from jsing
Revise for SSL_CTX_INTERNAL and SSL_INTERNAL removal.2022-10-02T16:38:23+00:00jsing2022-10-02T16:38:23+00:00urn:sha1:41318db5497cddfa4935c4ea48bcb2eb5786375eLet dtlstest peek into bio_local.h2022-01-07T09:07:00+00:00tb2022-01-07T09:07:00+00:00urn:sha1:35600605034020e8f443db7cdf35f56886b8993dzap trailing whitespace2021-06-19T18:28:51+00:00tb2021-06-19T18:28:51+00:00urn:sha1:3dff8b873ade1177bb431599f1abd7bcf7a54330Add DTLS test cases that use non-zero initial epochs.2021-06-19T17:11:34+00:00jsing2021-06-19T17:11:34+00:00urn:sha1:492739de48b5f88922597744dbedc8e7b0b5c386
In particular, test handling of 0xfffe and 0xffff - the latter results in
wrapping to zero for the next epoch. One of these tests triggers a known
bug in libssl, which will be fixed following this commit.
Add more complex DTLS tests for delay/reordering.2021-06-19T16:29:51+00:00jsing2021-06-19T16:29:51+00:00urn:sha1:21f2881bcbde69800c9bdf12b8cbf600540e04b0
These tests exercise the various queues and delayed processing that exists
in the DTLS code.
Expand comment that details why two DTLS tests currently fail.2021-06-19T15:52:41+00:00jsing2021-06-19T15:52:41+00:00urn:sha1:80619541756202355d5003f68af0c6603b651bb5
Two tests currently fail (and are disabled) due to a flaw in the DTLSv1.0
specification - this flaw was addressed in DTLSv1.2, however our DTLS
server code still needs to support the fix.
Quoting RFC 6347 section 4.2.4:
"This requirement applies to DTLS 1.0 as well, and though not explicit in
[DTLS1], it was always required for the state machine to function
correctly."
In otherwords, both the original DTLS implementation and the DTLSv1.0
specification have a broken state machine, resulting in possible dead lock.
Provide the ability to delay/reorder DTLS packets.2021-06-19T15:33:37+00:00jsing2021-06-19T15:33:37+00:00urn:sha1:03e245321646ba94158722be283f080d7603563a
Add a test that delays the client CCS, resulting in it arriving after the
client Finished message.
Remove SSL_CTX_set_read_ahead() calls - it is now the default for DTLS.2021-06-18T18:26:38+00:00jsing2021-06-18T18:26:38+00:00urn:sha1:776b08f0c2202d8c1d0802fa6b82cd98ea3ed941