| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
|
| |
The new certificates are more representative of the real world. The old
certificates use weak algorithms and expire in the very near future. Most
of our regress has already been switched over, this changes the remainder.
Thanks to Bernhard M. Wiedemann for reminding us of the upcoming expiry.
ok tb@
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Libcrypto currently has a mess of *_lcl.h, *_locl.h, and *_local.h names
used for internal headers. Move all these headers we inherited from
OpenSSL to *_local.h, reserving the name *_internal.h for our own code.
Similarly, move dtls_locl.h and ssl_locl.h to dtls_local and ssl_local.h.
constant_time_locl.h is moved to constant_time.h since it's special.
Adjust all .c files in libcrypto, libssl and regress.
The diff is mechanical with the exception of tls13_quic.c, where
#include <ssl_locl.h> was fixed manually.
discussed with jsing,
no objection bcook
|
| |
|
|
|
|
| |
a bit less flaky if the machine is otherwise under load.
from jsing
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
|
| |
In particular, test handling of 0xfffe and 0xffff - the latter results in
wrapping to zero for the next epoch. One of these tests triggers a known
bug in libssl, which will be fixed following this commit.
|
| |
|
|
|
| |
These tests exercise the various queues and delayed processing that exists
in the DTLS code.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Two tests currently fail (and are disabled) due to a flaw in the DTLSv1.0
specification - this flaw was addressed in DTLSv1.2, however our DTLS
server code still needs to support the fix.
Quoting RFC 6347 section 4.2.4:
"This requirement applies to DTLS 1.0 as well, and though not explicit in
[DTLS1], it was always required for the state machine to function
correctly."
In otherwords, both the original DTLS implementation and the DTLSv1.0
specification have a broken state machine, resulting in possible dead lock.
|
| |
|
|
|
| |
Add a test that delays the client CCS, resulting in it arriving after the
client Finished message.
|
| | |
|
| |
|
|
| |
discussed and input from jsing@
|
| |
|
|
| |
This allows us to drop the server messages that we intend on dropping.
|
| | |
|
| | |
|
| |
|
|
|
| |
gcc emits a signed vs unsigned comparison warning which breaks the build
due to -Werror.
|
| |
|
|
|
|
|
|
|
| |
Provide a BIO that can drop specific messages in order to trigger and test
DTLS timeouts and retransmissions. Note that the SSL buffering BIO (bbio)
has to be removed to ensure that handshake messages are sent individually.
This would have detected the recent DTLS breakage with retransmissions for
a flight that includes a CCS.
|
| |
|
|
|
| |
In particular, ensure we clear events when the client or server side has
completed and fix timeouts to ensure we use a non-zero timeout if present.
|
|
|
Test the operation of a DTLS client and server, with and without cookies,
using the default MTU and a specifically lowered MTU.
Further regress tests will be built on this to exercise other parts of the
DTLS code base (such as retransmission, fragmentation and reassembly).
|
