openssl
/
openssl
mirror of https://github.com/openssl/openssl
1
0
Fork 0
Code Issues Releases Wiki Activity

Remove the external BoringSSL test 

Fixes #14424

Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14682)
This commit is contained in:
Tomas Mraz 2021-03-25 12:46:29 +01:00
parent 6b2e51dd36
commit cede07dc51
19 changed files with 1 additions and 2678 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
.gitattributes vendored
View File

@ -8,7 +8,6 @@ fuzz/corpora/** export-ignore
Configurations/*.norelease.conf export-ignore
.* export-ignore
util/mktar.sh export-ignore
boringssl export-ignore
krb5 export-ignore
pyca-cryptography export-ignore
dev export-ignore

2
.github/workflows/ci.yml vendored
View File

@ -200,7 +200,5 @@ jobs:
run: make test TESTS="test_external_gost_engine"
- name: test external krb5
run: make test TESTS="test_external_krb5"
# - name: test external boringssl
# run: BORING_RUNNER_DIR=$(pwd)/boringssl/ssl/test/runner make test TESTS="test_external_boringssl"
# - name: test external pyca
# run: make test TESTS="test_external_pyca"

4
.gitmodules vendored
View File

@ -1,7 +1,3 @@
[submodule "boringssl"]
path = boringssl
url = https://boringssl.googlesource.com/boringssl
[submodule "pyca.cryptography"]
path = pyca-cryptography
url = https://github.com/pyca/cryptography.git

2
INSTALL.md
View File

@ -692,7 +692,7 @@ Enable building of integration with external test suites.
This is a developer option and may not work on all platforms. The following
external test suites are currently supported:
- BoringSSL test suite
- GOST engine test suite
- Python PYCA/Cryptography test suite
- krb5 test suite

1
boringssl

@ -1 +0,0 @@
Subproject commit 2070f8ad9151dc8f3a73bffaa146b5e6937a583f

63
test/README-external.md
View File

@ -5,69 +5,6 @@ It is possible to integrate external test suites into OpenSSL's `make test`.
This capability is considered a developer option and does not work on all
platforms.
The BoringSSL test suite
========================
In order to run the BoringSSL tests with OpenSSL, first checkout the BoringSSL
source code into an appropriate directory. This can be done in two ways:
1) Separately from the OpenSSL checkout using:
$ git clone https://boringssl.googlesource.com/boringssl boringssl
The BoringSSL tests are only confirmed to work at a specific commit in the
BoringSSL repository. Later commits may or may not pass the test suite:
$ cd boringssl
$ git checkout 490469f850e
2) Using the already configured submodule settings in OpenSSL:
$ git submodule update --init
Configure the OpenSSL source code to enable the external tests:
$ cd ../openssl
$ ./config enable-ssl3 enable-ssl3-method enable-weak-ssl-ciphers \
enable-external-tests
Note that using other config options than those given above may cause the tests
to fail.
Run the OpenSSL tests by providing the path to the BoringSSL test runner in the
`BORING_RUNNER_DIR` environment variable:
$ BORING_RUNNER_DIR=/path/to/boringssl/ssl/test/runner make test
Note that the test suite may change directory while running so the path provided
should be absolute and not relative to the current working directory.
To see more detailed output you can run just the BoringSSL tests with the
verbose option:
$ VERBOSE=1 BORING_RUNNER_DIR=/path/to/boringssl/ssl/test/runner make \
TESTS="test_external_boringssl" test
Test failures and suppressions
------------------------------
A large number of the BoringSSL tests are known to fail. A test could fail
because of many possible reasons. For example:
- A bug in OpenSSL
- Different interpretations of standards
- Assumptions about the way BoringSSL works that do not apply to OpenSSL
- The test uses APIs added to BoringSSL that are not present in OpenSSL
- etc
In order to provide a "clean" baseline run with all the tests passing a config
file has been provided that suppresses the running of tests that are known to
fail. These suppressions are held in the file "test/ossl_shim/ossl_config.json"
within the OpenSSL source code.
The community is encouraged to contribute patches which reduce the number of
suppressions that are currently present.
Python PYCA/Cryptography test suite
===================================

2
test/build.info
View File

@ -1,5 +1,3 @@
SUBDIRS=ossl_shim
# TODO: use ../apps/libapps.a instead of direct ../apps/lib source.
# This can't currently be done, because some of its units drag in too many
# unresolved references that don't apply here.

BIN
test/data2.bin
View File

Binary file not shown.

183
test/ossl_shim/async_bio.cc
View File

@ -1,183 +0,0 @@
/*
* Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
* in the file LICENSE in the source distribution or at
* https://www.openssl.org/source/license.html
*/
#include "async_bio.h"
#include <errno.h>
#include <string.h>
#include <openssl/bio.h>
#include <openssl/crypto.h>
namespace {
struct AsyncBio {
bool datagram;
bool enforce_write_quota;
size_t read_quota;
size_t write_quota;
};
AsyncBio *GetData(BIO *bio) {
return (AsyncBio *)BIO_get_data(bio);
}
static int AsyncWrite(BIO *bio, const char *in, int inl) {
AsyncBio *a = GetData(bio);
if (a == NULL || BIO_next(bio) == NULL) {
return 0;
}
if (!a->enforce_write_quota) {
return BIO_write(BIO_next(bio), in, inl);
}
BIO_clear_retry_flags(bio);
if (a->write_quota == 0) {
BIO_set_retry_write(bio);
errno = EAGAIN;
return -1;
}
if (!a->datagram && (size_t)inl > a->write_quota) {
inl = a->write_quota;
}
int ret = BIO_write(BIO_next(bio), in, inl);
if (ret <= 0) {
BIO_copy_next_retry(bio);
} else {
a->write_quota -= (a->datagram ? 1 : ret);
}
return ret;
}
static int AsyncRead(BIO *bio, char *out, int outl) {
AsyncBio *a = GetData(bio);
if (a == NULL || BIO_next(bio) == NULL) {
return 0;
}
BIO_clear_retry_flags(bio);
if (a->read_quota == 0) {
BIO_set_retry_read(bio);
errno = EAGAIN;
return -1;
}
if (!a->datagram && (size_t)outl > a->read_quota) {
outl = a->read_quota;
}
int ret = BIO_read(BIO_next(bio), out, outl);
if (ret <= 0) {
BIO_copy_next_retry(bio);
} else {
a->read_quota -= (a->datagram ? 1 : ret);
}
return ret;
}
static long AsyncCtrl(BIO *bio, int cmd, long num, void *ptr) {
if (BIO_next(bio) == NULL) {
return 0;
}
BIO_clear_retry_flags(bio);
int ret = BIO_ctrl(BIO_next(bio), cmd, num, ptr);
BIO_copy_next_retry(bio);
return ret;
}
static int AsyncNew(BIO *bio) {
AsyncBio *a = (AsyncBio *)OPENSSL_malloc(sizeof(*a));
if (a == NULL) {
return 0;
}
memset(a, 0, sizeof(*a));
a->enforce_write_quota = true;
BIO_set_init(bio, 1);
BIO_set_data(bio, a);
return 1;
}
static int AsyncFree(BIO *bio) {
if (bio == NULL) {
return 0;
}
OPENSSL_free(BIO_get_data(bio));
BIO_set_data(bio, NULL);
BIO_set_init(bio, 0);
return 1;
}
static long AsyncCallbackCtrl(BIO *bio, int cmd, BIO_info_cb fp)
{
if (BIO_next(bio) == NULL)
return 0;
return BIO_callback_ctrl(BIO_next(bio), cmd, fp);
}
static BIO_METHOD *g_async_bio_method = NULL;
static const BIO_METHOD *AsyncMethod(void)
{
if (g_async_bio_method == NULL) {
g_async_bio_method = BIO_meth_new(BIO_TYPE_FILTER, "async bio");
if ( g_async_bio_method == NULL
|| !BIO_meth_set_write(g_async_bio_method, AsyncWrite)
|| !BIO_meth_set_read(g_async_bio_method, AsyncRead)
|| !BIO_meth_set_ctrl(g_async_bio_method, AsyncCtrl)
|| !BIO_meth_set_create(g_async_bio_method, AsyncNew)
|| !BIO_meth_set_destroy(g_async_bio_method, AsyncFree)
|| !BIO_meth_set_callback_ctrl(g_async_bio_method, AsyncCallbackCtrl))
return NULL;
}
return g_async_bio_method;
}
} // namespace
bssl::UniquePtr<BIO> AsyncBioCreate() {
return bssl::UniquePtr<BIO>(BIO_new(AsyncMethod()));
}
bssl::UniquePtr<BIO> AsyncBioCreateDatagram() {
bssl::UniquePtr<BIO> ret(BIO_new(AsyncMethod()));
if (!ret) {
return nullptr;
}
GetData(ret.get())->datagram = true;
return ret;
}
void AsyncBioAllowRead(BIO *bio, size_t count) {
AsyncBio *a = GetData(bio);
if (a == NULL) {
return;
}
a->read_quota += count;
}
void AsyncBioAllowWrite(BIO *bio, size_t count) {
AsyncBio *a = GetData(bio);
if (a == NULL) {
return;
}
a->write_quota += count;
}
void AsyncBioEnforceWriteQuota(BIO *bio, bool enforce) {
AsyncBio *a = GetData(bio);
if (a == NULL) {
return;
}
a->enforce_write_quota = enforce;
}

39
test/ossl_shim/async_bio.h
View File

@ -1,39 +0,0 @@
/*
* Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
* in the file LICENSE in the source distribution or at
* https://www.openssl.org/source/license.html
*/
#ifndef OSSL_TEST_SHIM_ASYNC_BIO_H
#define OSSL_TEST_SHIM_ASYNC_BIO_H
#include <openssl/base.h>
#include <openssl/bio.h>
// AsyncBioCreate creates a filter BIO for testing asynchronous state
// machines which consume a stream socket. Reads and writes will fail
// and return EAGAIN unless explicitly allowed. Each async BIO has a
// read quota and a write quota. Initially both are zero. As each is
// incremented, bytes are allowed to flow through the BIO.
bssl::UniquePtr<BIO> AsyncBioCreate();
// AsyncBioCreateDatagram creates a filter BIO for testing for
// asynchronous state machines which consume datagram sockets. The read
// and write quota count in packets rather than bytes.
bssl::UniquePtr<BIO> AsyncBioCreateDatagram();
// AsyncBioAllowRead increments |bio|'s read quota by |count|.
void AsyncBioAllowRead(BIO *bio, size_t count);
// AsyncBioAllowWrite increments |bio|'s write quota by |count|.
void AsyncBioAllowWrite(BIO *bio, size_t count);
// AsyncBioEnforceWriteQuota configures where |bio| enforces its write quota.
void AsyncBioEnforceWriteQuota(BIO *bio, bool enforce);
#endif // OSSL_TEST_SHIM_ASYNC_BIO_H

6
test/ossl_shim/build.info
View File

@ -1,6 +0,0 @@
IF[{- defined $target{CXX} && !$disabled{"external-tests"} -}]
PROGRAMS{noinst}=ossl_shim
SOURCE[ossl_shim]=ossl_shim.cc async_bio.cc packeted_bio.cc test_config.cc
INCLUDE[ossl_shim]=. include ../../include
DEPEND[ossl_shim]=../../libssl ../../libcrypto
ENDIF

114
test/ossl_shim/include/openssl/base.h
View File

@ -1,114 +0,0 @@
/*
* Copyright 1998-2021 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
* in the file LICENSE in the source distribution or at
* https://www.openssl.org/source/license.html
*/
#ifndef OSSL_TEST_SHIM_INCLUDE_OPENSSL_BASE_H
#define OSSL_TEST_SHIM_INCLUDE_OPENSSL_BASE_H
/* Needed for DH functions */
#include "internal/deprecated.h"
/* Needed for BORINGSSL_MAKE_DELETER */
# include <openssl/bio.h>
# include <openssl/evp.h>
# include <openssl/dh.h>
# include <openssl/x509.h>
# include <openssl/ssl.h>
# define OPENSSL_ARRAY_SIZE(array) (sizeof(array) / sizeof((array)[0]))
extern "C++" {
#include <memory>
namespace bssl {
namespace internal {
template <typename T>
struct DeleterImpl {};
template <typename T>
struct Deleter {
void operator()(T *ptr) {
// Rather than specialize Deleter for each type, we specialize
// DeleterImpl. This allows bssl::UniquePtr<T> to be used while only
// including base.h as long as the destructor is not emitted. This matches
// std::unique_ptr's behavior on forward-declared types.
//
// DeleterImpl itself is specialized in the corresponding module's header
// and must be included to release an object. If not included, the compiler
// will error that DeleterImpl<T> does not have a method Free.
DeleterImpl<T>::Free(ptr);
}
};
template <typename T, typename CleanupRet, void (*init)(T *),
CleanupRet (*cleanup)(T *)>
class StackAllocated {
public:
StackAllocated() { init(&ctx_); }
~StackAllocated() { cleanup(&ctx_); }
StackAllocated(const StackAllocated<T, CleanupRet, init, cleanup> &) = delete;
T& operator=(const StackAllocated<T, CleanupRet, init, cleanup> &) = delete;
T *get() { return &ctx_; }
const T *get() const { return &ctx_; }
void Reset() {
cleanup(&ctx_);
init(&ctx_);
}
private:
T ctx_;
};
} // namespace internal
#define BORINGSSL_MAKE_DELETER(type, deleter) \
namespace internal { \
template <> \
struct DeleterImpl<type> { \
static void Free(type *ptr) { deleter(ptr); } \
}; \
}
// This makes a unique_ptr to STACK_OF(type) that owns all elements on the
// stack, i.e. it uses sk_pop_free() to clean up.
#define BORINGSSL_MAKE_STACK_DELETER(type, deleter) \
namespace internal { \
template <> \
struct DeleterImpl<STACK_OF(type)> { \
static void Free(STACK_OF(type) *ptr) { \
sk_##type##_pop_free(ptr, deleter); \
} \
}; \
}
// Holds ownership of heap-allocated BoringSSL structures. Sample usage:
// bssl::UniquePtr<BIO> rsa(RSA_new());
// bssl::UniquePtr<BIO> bio(BIO_new(BIO_s_mem()));
template <typename T>
using UniquePtr = std::unique_ptr<T, internal::Deleter<T>>;
BORINGSSL_MAKE_DELETER(BIO, BIO_free)
BORINGSSL_MAKE_DELETER(EVP_PKEY, EVP_PKEY_free)
BORINGSSL_MAKE_DELETER(DH, DH_free)
BORINGSSL_MAKE_DELETER(X509, X509_free)
BORINGSSL_MAKE_DELETER(SSL, SSL_free)
BORINGSSL_MAKE_DELETER(SSL_CTX, SSL_CTX_free)
BORINGSSL_MAKE_DELETER(SSL_SESSION, SSL_SESSION_free)
} // namespace bssl
} /* extern C++ */
#endif /* OSSL_TEST_SHIM_INCLUDE_OPENSSL_BASE_H */

301
test/ossl_shim/ossl_config.json
View File

@ -1,301 +0,0 @@
{
"DisabledTests" : {
"*TLS13*":"No TLS1.3 support yet",
"FragmentAlert-DTLS":"Test failure - reason unknown",
"FragmentedClientVersion":"Test failure - reason unknown",
"MTU":"Test failure - reason unknown",
"EmptyCertificateList":"Test failure - reason unknown",
"AppDataBeforeHandshake-DTLS":"Test failure - reason unknown",
"AlertAfterChangeCipherSpec":"Test failure - reason unknown",
"AppDataAfterChangeCipherSpec":"Test failure - reason unknown",
"AppDataAfterChangeCipherSpec-Empty":"Test failure - reason unknown",
"AppDataAfterChangeCipherSpec-DTLS":"Test failure - reason unknown",
"AppDataBeforeHandshake-DTLS-Empty":"Test failure - reason unknown",
"AlertAfterChangeCipherSpec-DTLS":"Test failure - reason unknown",
"FragmentMessageLengthMismatch-DTLS":"Test failure - reason unknown",
"SplitFragments-Header-DTLS":"Test failure - reason unknown",
"SplitFragments-Boundary-DTLS":"Test failure - reason unknown",
"SplitFragments-Body-DTLS":"Test failure - reason unknown",
"SendEmptyFragments-DTLS":"Test failure - reason unknown",
"SendInvalidRecordType-DTLS":"Test failure - reason unknown",
"SendInvalidRecordType":"Test failure - reason unknown",
"FragmentMessageTypeMismatch-DTLS":"Test failure - reason unknown",
"SendWarningAlerts-Pass":"Test failure - reason unknown",
"SendWarningAlerts-DTLS-Pass":"Test failure - reason unknown",
"TooManyKeyUpdates":"Test failure - reason unknown",
"Unclean-Shutdown-Alert":"Test failure - reason unknown",
"V2ClientHello-WarningAlertPrefix":"Test failure - reason unknown",
"BadHelloRequest-2":"Test failure - reason unknown",
"DTLS-SendExtraFinished":"Test failure - reason unknown",
"NoNullCompression-TLS12":"Test failure - reason unknown",
"KeyUpdate-Client":"Test failure - reason unknown",
"KeyUpdate-InvalidRequestMode":"Test failure - reason unknown",
"DTLS-SendExtraFinished-Reordered":"Test failure - reason unknown",
"LargeMessage-Reject-DTLS":"Test failure - reason unknown",
"KeyUpdate-Server":"Test failure - reason unknown",
"SSL3-ECDHE-PSK-AES128-CBC-SHA-server":"Test failure - reason unknown",
"SSL3-ECDHE-PSK-AES256-CBC-SHA-server":"Test failure - reason unknown",
"DTLS1-NULL-SHA-server":"Test failure - reason unknown",
"DTLS1-NULL-SHA-client":"Test failure - reason unknown",
"DTLS12-NULL-SHA-client":"Test failure - reason unknown",
"DTLS12-NULL-SHA-server":"Test failure - reason unknown",
"BadECDSA-1-4":"Test failure - reason unknown",
"BadECDSA-3-4":"Test failure - reason unknown",
"BadECDSA-4-1":"Test failure - reason unknown",
"BadECDSA-4-4":"Test failure - reason unknown",
"BadECDSA-4-3":"Test failure - reason unknown",
"SillyDH":"Test failure - reason unknown",
"VersionNegotiationExtension-TLS1-DTLS":"Test failure - reason unknown",
"NoSupportedVersions-DTLS":"Test failure - reason unknown",
"VersionTooLow-DTLS":"Test failure - reason unknown",
"IgnoreClientVersionOrder":"Test failure - reason unknown",
"VersionTooLow":"Test failure - reason unknown",
"MinimumVersion-Server-TLS1-SSL3":"Test failure - reason unknown",
"MinimumVersion-Server2-TLS1-SSL3":"Test failure - reason unknown",
"MinimumVersion-Client2-TLS1-SSL3":"Test failure - reason unknown",
"MinimumVersion-Server2-TLS11-SSL3":"Test failure - reason unknown",
"MinimumVersion-Server-TLS11-SSL3":"Test failure - reason unknown",
"MinimumVersion-Client2-TLS11-SSL3":"Test failure - reason unknown",
"MinimumVersion-Client2-TLS11-TLS1":"Test failure - reason unknown",
"MinimumVersion-Server2-TLS12-SSL3":"Test failure - reason unknown",
"MinimumVersion-Server-TLS12-SSL3":"Test failure - reason unknown",
"MinimumVersion-Client2-TLS12-TLS1":"Test failure - reason unknown",
"MinimumVersion-Client2-TLS12-SSL3":"Test failure - reason unknown",
"MinimumVersion-Client2-TLS12-TLS1-DTLS":"Test failure - reason unknown",
"MinimumVersion-Client2-TLS12-TLS11":"Test failure - reason unknown",
"DuplicateExtensionClient-TLS1":"Test failure - reason unknown",
"DuplicateExtensionServer-TLS1":"Test failure - reason unknown",
"ALPNClient-Mismatch-TLS1":"Test failure - reason unknown",
"UnsolicitedServerNameAck-TLS1":"Test failure - reason unknown",
"ALPNServer-Decline-TLS1":"Test failure - reason unknown",
"ALPNClient-EmptyProtocolName-TLS1":"Test failure - reason unknown",
"NegotiateALPNAndNPN-Swapped-TLS1":"Test failure - reason unknown",
"NegotiateALPNAndNPN-TLS1":"Test failure - reason unknown",
"TicketSessionIDLength-33-TLS1":"Test failure - reason unknown",
"DuplicateExtensionClient-TLS11":"Test failure - reason unknown",
"DuplicateExtensionServer-TLS11":"Test failure - reason unknown",
"UnsolicitedServerNameAck-TLS11":"Test failure - reason unknown",
"ALPNServer-Decline-TLS11":"Test failure - reason unknown",
"ALPNClient-Mismatch-TLS11":"Test failure - reason unknown",
"ALPNClient-EmptyProtocolName-TLS11":"Test failure - reason unknown",
"NegotiateALPNAndNPN-TLS11":"Test failure - reason unknown",
"NegotiateALPNAndNPN-Swapped-TLS11":"Test failure - reason unknown",
"TicketSessionIDLength-33-TLS11":"Test failure - reason unknown",
"DuplicateExtensionServer-TLS12":"Test failure - reason unknown",
"DuplicateExtensionClient-TLS12":"Test failure - reason unknown",
"UnsolicitedServerNameAck-TLS12":"Test failure - reason unknown",
"ALPNServer-Decline-TLS12":"Test failure - reason unknown",
"ALPNClient-Mismatch-TLS12":"Test failure - reason unknown",
"ALPNClient-EmptyProtocolName-TLS12":"Test failure - reason unknown",
"NegotiateALPNAndNPN-TLS12":"Test failure - reason unknown",
"NegotiateALPNAndNPN-Swapped-TLS12":"Test failure - reason unknown",
"TicketSessionIDLength-33-TLS12":"Test failure - reason unknown",
"ClientHelloPadding":"Test failure - reason unknown",
"Resume-Server-UnofferedCipher":"Test failure - reason unknown",
"Resume-Client-CipherMismatch":"Test failure - reason unknown",
"Resume-Server-ExtraIdentityNoBinder":"Test failure - reason unknown",
"Resume-Server-BinderWrongLength":"Test failure - reason unknown",
"Resume-Server-ExtraPSKBinder":"Test failure - reason unknown",
"Resume-Server-NoPSKBinder":"Test failure - reason unknown",
"Resume-Server-PSKBinderFirstExtension":"Test failure - reason unknown",
"Resume-Server-InvalidPSKBinder":"Test failure - reason unknown",
"ExtendedMasterSecret-NoToYes-Client":"Test failure - reason unknown",
"Renegotiate-Server-Forbidden":"Test failure - reason unknown",
"ExtendedMasterSecret-Renego-NoEMS":"Test failure - reason unknown",
"Renegotiate-Client-SwitchVersion":"Test failure - reason unknown",
"Renegotiate-Client-Upgrade":"Test failure - reason unknown",
"Renegotiate-SameClientVersion":"Test failure - reason unknown",
"Renegotiate-Client-Downgrade":"Test failure - reason unknown",
"Renegotiate-Client-SwitchCiphers2":"Test failure - reason unknown",
"Renegotiate-Client-SwitchCiphers":"Test failure - reason unknown",
"Renegotiate-Client-Forbidden-1":"Test failure - reason unknown",
"StrayHelloRequest":"Test failure - reason unknown",
"Renegotiate-Client-Freely-2":"Test failure - reason unknown",
"Renegotiate-Client-NoIgnore":"Test failure - reason unknown",
"StrayHelloRequest-Packed":"Test failure - reason unknown",
"Renegotiate-Client-Freely-1":"Test failure - reason unknown",
"Renegotiation-CertificateChange":"Test failure - reason unknown",
"Renegotiation-CertificateChange-2":"Test failure - reason unknown",
"Renegotiate-Client-SSL3":"Test failure - reason unknown",
"ClientAuth-SHA1-Fallback-ECDSA":"Test failure - reason unknown",
"ClientAuth-SHA1-Fallback-RSA":"Test failure - reason unknown",
"P224-Server":"Test failure - reason unknown",
"RSA-PSS-Large":"Test failure - reason unknown",
"DTLS-Retransmit-Client-1":"Test failure - reason unknown",
"DTLS-Retransmit-Client-2":"Test failure - reason unknown",
"DTLS-Retransmit-Server-1":"Test failure - reason unknown",
"DTLS-Retransmit-Server-2":"Test failure - reason unknown",
"DTLS-Retransmit-Client-3":"Test failure - reason unknown",
"DTLS-Retransmit-Server-3":"Test failure - reason unknown",
"DTLS-Retransmit-Client-4":"Test failure - reason unknown",
"Renegotiate-Client-Packed":"Test failure - reason unknown",
"DTLS-Retransmit-Server-4":"Test failure - reason unknown",
"DTLS-Retransmit-Client-5":"Test failure - reason unknown",
"DTLS-Retransmit-Server-6":"Test failure - reason unknown",
"DTLS-Retransmit-Client-6":"Test failure - reason unknown",
"DTLS-Retransmit-Server-5":"Test failure - reason unknown",
"DTLS-Retransmit-Client-7":"Test failure - reason unknown",
"DTLS-Retransmit-Server-7":"Test failure - reason unknown",
"DTLS-Retransmit-Client-8":"Test failure - reason unknown",
"DTLS-Retransmit-Client-9":"Test failure - reason unknown",
"DTLS-Retransmit-Server-8":"Test failure - reason unknown",
"DTLS-Retransmit-Server-9":"Test failure - reason unknown",
"DTLS-Retransmit-Client-10":"Test failure - reason unknown",
"DTLS-Retransmit-Client-11":"Test failure - reason unknown",
"DTLS-Retransmit-Server-10":"Test failure - reason unknown",
"DTLS-Retransmit-Server-11":"Test failure - reason unknown",
"CustomExtensions-ParseError-Server":"Test failure - reason unknown",
"CustomExtensions-FailAdd-Server":"Test failure - reason unknown",
"CustomExtensions-FailAdd-Client":"Test failure - reason unknown",
"CustomExtensions-ParseError-Client":"Test failure - reason unknown",
"UnknownExtension-Client":"Test failure - reason unknown",
"UnofferedExtension-Client":"Test failure - reason unknown",
"PointFormat-Client-MissingUncompressed":"Test failure - reason unknown",
"PointFormat-Server-MissingUncompressed":"Test failure - reason unknown",
"Basic-Client-RenewTicket-Sync":"Test failure - reason unknown",
"Renegotiate-Client-Sync":"Test failure - reason unknown",
"Shutdown-Shim-Sync":"Test failure - reason unknown",
"Basic-Client-RenewTicket-Sync-SplitHandshakeRecords":"Test failure - reason unknown",
"Renegotiate-Client-Sync-SplitHandshakeRecords":"Test failure - reason unknown",
"Shutdown-Shim-Sync-SplitHandshakeRecords":"Test failure - reason unknown",
"Basic-Client-RenewTicket-Sync-PackHandshakeFlight":"Test failure - reason unknown",
"Renegotiate-Client-Sync-PackHandshakeFlight":"Test failure - reason unknown",
"Shutdown-Shim-Sync-PackHandshakeFlight":"Test failure - reason unknown",
"Basic-Client-RenewTicket-DTLS-Sync":"Test failure - reason unknown",
"Basic-Client-RenewTicket-DTLS-Sync-SplitHandshakeRecords":"Test failure - reason unknown",
"Basic-Server-Implicit-DTLS-Sync-SplitHandshakeRecords":"Test failure - reason unknown",
"ClientAuth-NoCertificate-Server-DTLS-Sync-SplitHandshakeRecords":"Test failure - reason unknown",
"ClientAuth-ECDSA-Client-DTLS-Sync-SplitHandshakeRecords":"Test failure - reason unknown",
"Basic-Server-RSA-DTLS-Sync-SplitHandshakeRecords":"Test failure - reason unknown",
"Basic-Server-ECDHE-RSA-DTLS-Sync-SplitHandshakeRecords":"Test failure - reason unknown",
"Basic-Server-ECDHE-ECDSA-DTLS-Sync-SplitHandshakeRecords":"Test failure - reason unknown",
"Basic-Client-RenewTicket-Async":"Test failure - reason unknown",
"Shutdown-Shim-Async":"Test failure - reason unknown",
"Basic-Client-RenewTicket-Async-SplitHandshakeRecords":"Test failure - reason unknown",
"Shutdown-Shim-Async-SplitHandshakeRecords":"Test failure - reason unknown",
"Basic-Client-RenewTicket-Async-PackHandshakeFlight":"Test failure - reason unknown",
"Shutdown-Shim-Async-PackHandshakeFlight":"Test failure - reason unknown",
"Basic-Client-RenewTicket-DTLS-Async":"Test failure - reason unknown",
"Basic-Client-RenewTicket-DTLS-Async-SplitHandshakeRecords":"Test failure - reason unknown",
"Basic-Server-Implicit-DTLS-Async-SplitHandshakeRecords":"Test failure - reason unknown",
"ClientAuth-NoCertificate-Server-DTLS-Async-SplitHandshakeRecords":"Test failure - reason unknown",
"ClientAuth-ECDSA-Client-DTLS-Async-SplitHandshakeRecords":"Test failure - reason unknown",
"Basic-Server-RSA-DTLS-Async-SplitHandshakeRecords":"Test failure - reason unknown",
"Basic-Server-ECDHE-RSA-DTLS-Async-SplitHandshakeRecords":"Test failure - reason unknown",
"Basic-Server-ECDHE-ECDSA-DTLS-Async-SplitHandshakeRecords":"Test failure - reason unknown",
"SendUnencryptedFinished-DTLS":"Test failure - reason unknown",
"PartialEncryptedExtensionsWithServerHello":"Test failure - reason unknown",
"StrayChangeCipherSpec":"Test failure - reason unknown",
"PartialClientFinishedWithClientHello":"Test failure - reason unknown",
"TrailingMessageData-ClientHello":"Test failure - reason unknown",
"TrailingMessageData-ServerHello":"Test failure - reason unknown",
"TrailingMessageData-ServerCertificate":"Test failure - reason unknown",
"TrailingMessageData-ServerKeyExchange":"Test failure - reason unknown",
"TrailingMessageData-CertificateRequest":"Test failure - reason unknown",
"TrailingMessageData-ServerHelloDone":"Test failure - reason unknown",
"TrailingMessageData-ClientKeyExchange":"Test failure - reason unknown",
"TrailingMessageData-ClientCertificate":"Test failure - reason unknown",
"TrailingMessageData-CertificateVerify":"Test failure - reason unknown",
"TrailingMessageData-NextProtocol":"Test failure - reason unknown",
"TrailingMessageData-NewSessionTicket":"Test failure - reason unknown",
"TrailingMessageData-ClientFinished":"Test failure - reason unknown",
"TrailingMessageData-ServerFinished":"Test failure - reason unknown",
"TrailingMessageData-HelloVerifyRequest-DTLS":"Test failure - reason unknown",
"TrailingMessageData-ServerHello-DTLS":"Test failure - reason unknown",
"TrailingMessageData-ServerCertificate-DTLS":"Test failure - reason unknown",
"TrailingMessageData-ServerKeyExchange-DTLS":"Test failure - reason unknown",
"TrailingMessageData-CertificateRequest-DTLS":"Test failure - reason unknown",
"TrailingMessageData-ServerHelloDone-DTLS":"Test failure - reason unknown",
"TrailingMessageData-ClientCertificate-DTLS":"Test failure - reason unknown",
"TrailingMessageData-CertificateVerify-DTLS":"Test failure - reason unknown",
"TrailingMessageData-ClientKeyExchange-DTLS":"Test failure - reason unknown",
"TrailingMessageData-ClientFinished-DTLS":"Test failure - reason unknown",
"TrailingMessageData-NewSessionTicket-DTLS":"Test failure - reason unknown",
"TrailingMessageData-ServerFinished-DTLS":"Test failure - reason unknown",
"MissingKeyShare-Client":"Test failure - reason unknown",
"MissingKeyShare-Server":"Test failure - reason unknown",
"DuplicateKeyShares":"Test failure - reason unknown",
"SkipEarlyData":"Test failure - reason unknown",
"SkipEarlyData-OmitEarlyDataExtension":"Test failure - reason unknown",
"SkipEarlyData-TooMuchData":"Test failure - reason unknown",
"SkipEarlyData-Interleaved":"Test failure - reason unknown",
"SkipEarlyData-HRR":"Test failure - reason unknown",
"SkipEarlyData-HRR-Interleaved":"Test failure - reason unknown",
"SkipEarlyData-HRR-TooMuchData":"Test failure - reason unknown",
"SkipEarlyData-HRR-FatalAlert":"Test failure - reason unknown",
"SkipEarlyData-EarlyDataInTLS12":"Test failure - reason unknown",
"SkipEarlyData-SecondClientHelloEarlyData":"Test failure - reason unknown",
"EmptyEncryptedExtensions":"Test failure - reason unknown",
"EncryptedExtensionsWithKeyShare":"Test failure - reason unknown",
"UnknownCurve-HelloRetryRequest":"Test failure - reason unknown",
"UnnecessaryHelloRetryRequest":"Test failure - reason unknown",
"HelloRetryRequest-Empty":"Test failure - reason unknown",
"SecondHelloRetryRequest":"Test failure - reason unknown",
"HelloRetryRequest-DuplicateCurve":"Test failure - reason unknown",
"HelloRetryRequest-DuplicateCookie":"Test failure - reason unknown",
"HelloRetryRequest-EmptyCookie":"Test failure - reason unknown",
"HelloRetryRequest-Unknown":"Test failure - reason unknown",
"SecondClientHelloMissingKeyShare":"Test failure - reason unknown",
"SecondClientHelloWrongCurve":"Test failure - reason unknown",
"HelloRetryRequestVersionMismatch":"Test failure - reason unknown",
"HelloRetryRequestCurveMismatch":"Test failure - reason unknown",
"SkipHelloRetryRequest":"Test failure - reason unknown",
"Peek-Renegotiate":"Test failure - reason unknown",
"Peek-KeyUpdate":"Test failure - reason unknown",
"DTLS-Retransmit-Client-12":"Test failure - reason unknown",
"DTLS-Retransmit-Timeout":"Test failure - reason unknown",
"DTLS-Retransmit-Server-12":"Test failure - reason unknown",
"DTLS-Retransmit-Fudge":"Test failure - reason unknown",
"DTLS-Retransmit-Fragmented":"Test failure - reason unknown",
"TrailingMessageData-ClientHello-DTLS":"Test failure - reason unknown",
"SendFallbackSCSV":"Current runner version uses old draft TLSv1.3",
"VersionNegotiationExtension-TLS11":"Current runner version uses old draft TLSv1.3",
"VersionNegotiationExtension-TLS1":"Current runner version uses old draft TLSv1.3",
"VersionNegotiationExtension-SSL3":"Current runner version uses old draft TLSv1.3",
"ConflictingVersionNegotiation":"Current runner version uses old draft TLSv1.3"
},
"ErrorMap" : {
":UNEXPECTED_MESSAGE:":"unexpected message",
":INAPPROPRIATE_FALLBACK:":"inappropriate fallback",
":UNEXPECTED_RECORD:":"unexpected message",
":TLSV1_ALERT_RECORD_OVERFLOW:":"tlsv1 alert record overflow",
":WRONG_SSL_VERSION:":"no protocols available",
":BAD_ALERT:":"invalid alert",
":HTTP_REQUEST:":"http request",
":HTTPS_PROXY_REQUEST:":"https proxy request",
":WRONG_CERTIFICATE_TYPE:":"wrong certificate type",
":WRONG_VERSION_NUMBER:":"wrong version number",
":DECRYPTION_FAILED_OR_BAD_RECORD_MAC:":"decryption failed or bad record mac",
":DIGEST_CHECK_FAILED:":"digest check failed",
":TOO_MANY_EMPTY_FRAGMENTS:":"record too small",
":TOO_MANY_WARNING_ALERTS:":"too many warn alerts",
":DATA_LENGTH_TOO_LONG:":"data length too long",
":EXCESSIVE_MESSAGE_SIZE:":"excessive message size",
":ENCRYPTED_LENGTH_TOO_LONG:":"packet length too long",
":INVALID_COMPRESSION_LIST:":"no compression specified",
":NO_SHARED_CIPHER:":"no shared cipher",
":WRONG_CIPHER_RETURNED:":"wrong cipher returned",
":HANDSHAKE_FAILURE_ON_CLIENT_HELLO:":"sslv3 alert handshake failure",
":UNKNOWN_CIPHER_RETURNED:":"unknown cipher returned",
":BAD_SIGNATURE:":"bad signature",
":BAD_DH_P_LENGTH:":"dh key too small",
":PEER_DID_NOT_RETURN_A_CERTIFICATE:":"peer did not return a certificate",
":UNSUPPORTED_PROTOCOL:":"unsupported protocol",
":PARSE_TLSEXT:":"bad extension",
":BAD_SRTP_PROTECTION_PROFILE_LIST:":"bad srtp protection profile list",
":OLD_SESSION_VERSION_NOT_RETURNED:":"ssl session version mismatch",
":RESUMED_EMS_SESSION_WITHOUT_EMS_EXTENSION:":"inconsistent extms",
":RENEGOTIATION_EMS_MISMATCH:":"inconsistent extms",
":RENEGOTIATION_MISMATCH:":"renegotiation mismatch",
":WRONG_SIGNATURE_TYPE:":"wrong signature type",
":BAD_ECC_CERT:":"wrong curve",
":WRONG_CURVE:":"wrong curve",
":INVALID_ENCODING:":"invalid encoding",
":CERTIFICATE_VERIFY_FAILED:":"certificate verify failed",
":BAD_CHANGE_CIPHER_SPEC:":"bad change cipher spec",
":ECC_CERT_NOT_FOR_SIGNING:":"ecc cert not for signing",
":OLD_SESSION_CIPHER_NOT_RETURNED:":"old session cipher not returned",
":RESUMED_NON_EMS_SESSION_WITH_EMS_EXTENSION:":"inconsistent extms"
}
}

1312
test/ossl_shim/ossl_shim.cc
View File

File diff suppressed because it is too large Load Diff

299
test/ossl_shim/packeted_bio.cc
View File

@ -1,299 +0,0 @@
/*
* Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
* in the file LICENSE in the source distribution or at
* https://www.openssl.org/source/license.html
*/
#include "packeted_bio.h"
#include <assert.h>
#include <limits.h>
#include <stdio.h>
#include <string.h>
#include <openssl/crypto.h>
namespace {
const uint8_t kOpcodePacket = 'P';
const uint8_t kOpcodeTimeout = 'T';
const uint8_t kOpcodeTimeoutAck = 't';
struct PacketedBio {
explicit PacketedBio(bool advance_clock_arg)
: advance_clock(advance_clock_arg) {
memset(&timeout, 0, sizeof(timeout));
memset(&clock, 0, sizeof(clock));
memset(&read_deadline, 0, sizeof(read_deadline));
}
bool HasTimeout() const {
return timeout.tv_sec != 0 || timeout.tv_usec != 0;
}
bool CanRead() const {
if (read_deadline.tv_sec == 0 && read_deadline.tv_usec == 0) {
return true;
}
if (clock.tv_sec == read_deadline.tv_sec) {
return clock.tv_usec < read_deadline.tv_usec;
}
return clock.tv_sec < read_deadline.tv_sec;
}
timeval timeout;
timeval clock;
timeval read_deadline;
bool advance_clock;
};
PacketedBio *GetData(BIO *bio) {
return (PacketedBio *)BIO_get_data(bio);
}
const PacketedBio *GetData(const BIO *bio) {
return GetData(const_cast<BIO*>(bio));
}
// ReadAll reads |len| bytes from |bio| into |out|. It returns 1 on success and
// 0 or -1 on error.
static int ReadAll(BIO *bio, uint8_t *out, size_t len) {
while (len > 0) {
int chunk_len = INT_MAX;
if (len <= INT_MAX) {
chunk_len = (int)len;
}
int ret = BIO_read(bio, out, chunk_len);
if (ret <= 0) {
return ret;
}
out += ret;
len -= ret;
}
return 1;
}
static int PacketedWrite(BIO *bio, const char *in, int inl) {
if (BIO_next(bio) == NULL) {
return 0;
}
BIO_clear_retry_flags(bio);
// Write the header.
uint8_t header[5];
header[0] = kOpcodePacket;
header[1] = (inl >> 24) & 0xff;
header[2] = (inl >> 16) & 0xff;
header[3] = (inl >> 8) & 0xff;
header[4] = inl & 0xff;
int ret = BIO_write(BIO_next(bio), header, sizeof(header));
if (ret <= 0) {
BIO_copy_next_retry(bio);
return ret;
}
// Write the buffer.
ret = BIO_write(BIO_next(bio), in, inl);
if (ret < 0 || (inl > 0 && ret == 0)) {
BIO_copy_next_retry(bio);
return ret;
}
assert(ret == inl);
return ret;
}
static int PacketedRead(BIO *bio, char *out, int outl) {
PacketedBio *data = GetData(bio);
if (BIO_next(bio) == NULL) {
return 0;
}
BIO_clear_retry_flags(bio);
for (;;) {
// Check if the read deadline has passed.
if (!data->CanRead()) {
BIO_set_retry_read(bio);
return -1;
}
// Read the opcode.
uint8_t opcode;
int ret = ReadAll(BIO_next(bio), &opcode, sizeof(opcode));
if (ret <= 0) {
BIO_copy_next_retry(bio);
return ret;
}
if (opcode == kOpcodeTimeout) {
// The caller is required to advance any pending timeouts before
// continuing.
if (data->HasTimeout()) {
fprintf(stderr, "Unprocessed timeout!\n");
return -1;
}
// Process the timeout.
uint8_t buf[8];
ret = ReadAll(BIO_next(bio), buf, sizeof(buf));
if (ret <= 0) {
BIO_copy_next_retry(bio);
return ret;
}
uint64_t timeout = (static_cast<uint64_t>(buf[0]) << 56) |
(static_cast<uint64_t>(buf[1]) << 48) |
(static_cast<uint64_t>(buf[2]) << 40) |
(static_cast<uint64_t>(buf[3]) << 32) |
(static_cast<uint64_t>(buf[4]) << 24) |
(static_cast<uint64_t>(buf[5]) << 16) |
(static_cast<uint64_t>(buf[6]) << 8) |
static_cast<uint64_t>(buf[7]);
timeout /= 1000; // Convert nanoseconds to microseconds.
data->timeout.tv_usec = timeout % 1000000;
data->timeout.tv_sec = timeout / 1000000;
// Send an ACK to the peer.
ret = BIO_write(BIO_next(bio), &kOpcodeTimeoutAck, 1);
if (ret <= 0) {
return ret;
}
assert(ret == 1);
if (!data->advance_clock) {
// Signal to the caller to retry the read, after advancing the clock.
BIO_set_retry_read(bio);
return -1;
}
PacketedBioAdvanceClock(bio);
continue;
}
if (opcode != kOpcodePacket) {
fprintf(stderr, "Unknown opcode, %u\n", opcode);
return -1;
}
// Read the length prefix.
uint8_t len_bytes[4];
ret = ReadAll(BIO_next(bio), len_bytes, sizeof(len_bytes));
if (ret <= 0) {
BIO_copy_next_retry(bio);
return ret;
}
uint32_t len = (len_bytes[0] << 24) | (len_bytes[1] << 16) |
(len_bytes[2] << 8) | len_bytes[3];
uint8_t *buf = (uint8_t *)OPENSSL_malloc(len);
if (buf == NULL) {
return -1;
}
ret = ReadAll(BIO_next(bio), buf, len);
if (ret <= 0) {
fprintf(stderr, "Packeted BIO was truncated\n");
return -1;
}
if (outl > (int)len) {
outl = len;
}
memcpy(out, buf, outl);
OPENSSL_free(buf);
return outl;
}
}
static long PacketedCtrl(BIO *bio, int cmd, long num, void *ptr) {
if (cmd == BIO_CTRL_DGRAM_SET_NEXT_TIMEOUT) {
memcpy(&GetData(bio)->read_deadline, ptr, sizeof(timeval));
return 1;
}
if (BIO_next(bio) == NULL) {
return 0;
}
BIO_clear_retry_flags(bio);
int ret = BIO_ctrl(BIO_next(bio), cmd, num, ptr);
BIO_copy_next_retry(bio);
return ret;
}
static int PacketedNew(BIO *bio) {
BIO_set_init(bio, 1);
return 1;
}
static int PacketedFree(BIO *bio) {
if (bio == NULL) {
return 0;
}
delete GetData(bio);
BIO_set_init(bio, 0);
return 1;
}
static long PacketedCallbackCtrl(BIO *bio, int cmd, BIO_info_cb fp)
{
if (BIO_next(bio) == NULL)
return 0;
return BIO_callback_ctrl(BIO_next(bio), cmd, fp);
}
static BIO_METHOD *g_packeted_bio_method = NULL;
static const BIO_METHOD *PacketedMethod(void)
{
if (g_packeted_bio_method == NULL) {
g_packeted_bio_method = BIO_meth_new(BIO_TYPE_FILTER, "packeted bio");
if ( g_packeted_bio_method == NULL
|| !BIO_meth_set_write(g_packeted_bio_method, PacketedWrite)
|| !BIO_meth_set_read(g_packeted_bio_method, PacketedRead)
|| !BIO_meth_set_ctrl(g_packeted_bio_method, PacketedCtrl)
|| !BIO_meth_set_create(g_packeted_bio_method, PacketedNew)
|| !BIO_meth_set_destroy(g_packeted_bio_method, PacketedFree)
|| !BIO_meth_set_callback_ctrl(g_packeted_bio_method,
PacketedCallbackCtrl))
return NULL;
}
return g_packeted_bio_method;
}
} // namespace
bssl::UniquePtr<BIO> PacketedBioCreate(bool advance_clock) {
bssl::UniquePtr<BIO> bio(BIO_new(PacketedMethod()));
if (!bio) {
return nullptr;
}
BIO_set_data(bio.get(), new PacketedBio(advance_clock));
return bio;
}
timeval PacketedBioGetClock(const BIO *bio) {
return GetData(bio)->clock;
}
bool PacketedBioAdvanceClock(BIO *bio) {
PacketedBio *data = GetData(bio);
if (data == nullptr) {
return false;
}
if (!data->HasTimeout()) {
return false;
}
data->clock.tv_usec += data->timeout.tv_usec;
data->clock.tv_sec += data->clock.tv_usec / 1000000;
data->clock.tv_usec %= 1000000;
data->clock.tv_sec += data->timeout.tv_sec;
memset(&data->timeout, 0, sizeof(data->timeout));
return true;
}

35
test/ossl_shim/packeted_bio.h
View File

@ -1,35 +0,0 @@
/*
* Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
* in the file LICENSE in the source distribution or at
* https://www.openssl.org/source/license.html
*/
#ifndef OSSL_TEST_SHIM_PACKETED_BIO_H
#define OSSL_TEST_SHIM_PACKETED_BIO_H
#include <openssl/base.h>
#include <openssl/bio.h>
// PacketedBioCreate creates a filter BIO which implements a reliable in-order
// blocking datagram socket. It internally maintains a clock and honors
// |BIO_CTRL_DGRAM_SET_NEXT_TIMEOUT| based on it.
//
// During a |BIO_read|, the peer may signal the filter BIO to simulate a
// timeout. If |advance_clock| is true, it automatically advances the clock and
// continues reading, subject to the read deadline. Otherwise, it fails
// immediately. The caller must then call |PacketedBioAdvanceClock| before
// retrying |BIO_read|.
bssl::UniquePtr<BIO> PacketedBioCreate(bool advance_clock);
// PacketedBioGetClock returns the current time for |bio|.
timeval PacketedBioGetClock(const BIO *bio);
// PacketedBioAdvanceClock advances |bio|'s internal clock and returns true if
// there is a pending timeout. Otherwise, it returns false.
bool PacketedBioAdvanceClock(BIO *bio);
#endif // OSSL_TEST_SHIM_PACKETED_BIO_H

195
test/ossl_shim/test_config.cc
View File

@ -1,195 +0,0 @@
/*
* Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
* in the file LICENSE in the source distribution or at
* https://www.openssl.org/source/license.html
*/
#include "test_config.h"
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <memory>
#include <openssl/evp.h>
namespace {
template <typename T>
struct Flag {
const char *flag;
T TestConfig::*member;
};
// FindField looks for the flag in |flags| that matches |flag|. If one is found,
// it returns a pointer to the corresponding field in |config|. Otherwise, it
// returns NULL.
template<typename T, size_t N>
T *FindField(TestConfig *config, const Flag<T> (&flags)[N], const char *flag) {
for (size_t i = 0; i < N; i++) {
if (strcmp(flag, flags[i].flag) == 0) {
return &(config->*(flags[i].member));
}
}
return NULL;
}
const Flag<bool> kBoolFlags[] = {
{ "-server", &TestConfig::is_server },
{ "-dtls", &TestConfig::is_dtls },
{ "-fallback-scsv", &TestConfig::fallback_scsv },
{ "-require-any-client-certificate",
&TestConfig::require_any_client_certificate },
{ "-async", &TestConfig::async },
{ "-write-different-record-sizes",
&TestConfig::write_different_record_sizes },
{ "-partial-write", &TestConfig::partial_write },
{ "-no-tls13", &TestConfig::no_tls13 },
{ "-no-tls12", &TestConfig::no_tls12 },
{ "-no-tls11", &TestConfig::no_tls11 },
{ "-no-tls1", &TestConfig::no_tls1 },
{ "-no-ssl3", &TestConfig::no_ssl3 },
{ "-shim-writes-first", &TestConfig::shim_writes_first },
{ "-expect-session-miss", &TestConfig::expect_session_miss },
{ "-decline-alpn", &TestConfig::decline_alpn },
{ "-expect-extended-master-secret",
&TestConfig::expect_extended_master_secret },
{ "-implicit-handshake", &TestConfig::implicit_handshake },
{ "-handshake-never-done", &TestConfig::handshake_never_done },
{ "-use-export-context", &TestConfig::use_export_context },
{ "-expect-ticket-renewal", &TestConfig::expect_ticket_renewal },
{ "-expect-no-session", &TestConfig::expect_no_session },
{ "-use-ticket-callback", &TestConfig::use_ticket_callback },
{ "-renew-ticket", &TestConfig::renew_ticket },
{ "-enable-client-custom-extension",
&TestConfig::enable_client_custom_extension },
{ "-enable-server-custom-extension",
&TestConfig::enable_server_custom_extension },
{ "-custom-extension-skip", &TestConfig::custom_extension_skip },
{ "-custom-extension-fail-add", &TestConfig::custom_extension_fail_add },
{ "-check-close-notify", &TestConfig::check_close_notify },
{ "-shim-shuts-down", &TestConfig::shim_shuts_down },
{ "-verify-fail", &TestConfig::verify_fail },
{ "-verify-peer", &TestConfig::verify_peer },
{ "-expect-verify-result", &TestConfig::expect_verify_result },
{ "-renegotiate-freely", &TestConfig::renegotiate_freely },
{ "-p384-only", &TestConfig::p384_only },
{ "-enable-all-curves", &TestConfig::enable_all_curves },
{ "-use-sparse-dh-prime", &TestConfig::use_sparse_dh_prime },
{ "-use-old-client-cert-callback",
&TestConfig::use_old_client_cert_callback },
{ "-use-null-client-ca-list", &TestConfig::use_null_client_ca_list },
{ "-peek-then-read", &TestConfig::peek_then_read },
};
const Flag<std::string> kStringFlags[] = {
{ "-key-file", &TestConfig::key_file },
{ "-cert-file", &TestConfig::cert_file },
{ "-expect-server-name", &TestConfig::expected_server_name },
{ "-advertise-npn", &TestConfig::advertise_npn },
{ "-expect-next-proto", &TestConfig::expected_next_proto },
{ "-select-next-proto", &TestConfig::select_next_proto },
{ "-host-name", &TestConfig::host_name },
{ "-advertise-alpn", &TestConfig::advertise_alpn },
{ "-expect-alpn", &TestConfig::expected_alpn },
{ "-expect-advertised-alpn", &TestConfig::expected_advertised_alpn },
{ "-select-alpn", &TestConfig::select_alpn },
{ "-psk", &TestConfig::psk },
{ "-psk-identity", &TestConfig::psk_identity },
{ "-srtp-profiles", &TestConfig::srtp_profiles },
{ "-cipher", &TestConfig::cipher },
{ "-export-label", &TestConfig::export_label },
{ "-export-context", &TestConfig::export_context },
};
const Flag<std::string> kBase64Flags[] = {
{ "-expect-certificate-types", &TestConfig::expected_certificate_types },
};
const Flag<int> kIntFlags[] = {
{ "-port", &TestConfig::port },
{ "-resume-count", &TestConfig::resume_count },
{ "-min-version", &TestConfig::min_version },
{ "-max-version", &TestConfig::max_version },
{ "-mtu", &TestConfig::mtu },
{ "-export-keying-material", &TestConfig::export_keying_material },
{ "-expect-total-renegotiations", &TestConfig::expect_total_renegotiations },
{ "-max-cert-list", &TestConfig::max_cert_list },
};
} // namespace
bool ParseConfig(int argc, char **argv, TestConfig *out_config) {
for (int i = 0; i < argc; i++) {
bool *bool_field = FindField(out_config, kBoolFlags, argv[i]);
if (bool_field != NULL) {
*bool_field = true;
continue;
}
std::string *string_field = FindField(out_config, kStringFlags, argv[i]);
if (string_field != NULL) {
const char *val;
i++;
if (i >= argc) {
fprintf(stderr, "Missing parameter\n");
return false;
}
/*
* Fix up the -cipher argument. runner uses "DEFAULT:NULL-SHA" to enable
* the NULL-SHA cipher. However in OpenSSL "DEFAULT" permanently switches
* off NULL ciphers, so we use "ALL:NULL-SHA" instead.
*/
if (strcmp(argv[i - 1], "-cipher") == 0
&& strcmp(argv[i], "DEFAULT:NULL-SHA") == 0)
val = "ALL:NULL-SHA";
else
val = argv[i];
string_field->assign(val);
continue;
}
std::string *base64_field = FindField(out_config, kBase64Flags, argv[i]);
if (base64_field != NULL) {
i++;
if (i >= argc) {
fprintf(stderr, "Missing parameter\n");
return false;
}
std::unique_ptr<uint8_t[]> decoded(new uint8_t[strlen(argv[i])]);
int len = EVP_DecodeBlock(decoded.get(),
reinterpret_cast<const uint8_t *>(argv[i]),
strlen(argv[i]));
if (len < 0) {
fprintf(stderr, "Invalid base64: %s\n", argv[i]);
return false;
}
base64_field->assign(reinterpret_cast<const char *>(decoded.get()), len);
continue;
}
int *int_field = FindField(out_config, kIntFlags, argv[i]);
if (int_field) {
i++;
if (i >= argc) {
fprintf(stderr, "Missing parameter\n");
return false;
}
*int_field = atoi(argv[i]);
continue;
}
fprintf(stderr, "Unknown argument: %s\n", argv[i]);
exit(89);
return false;
}
return true;
}

90
test/ossl_shim/test_config.h
View File

@ -1,90 +0,0 @@
/*
* Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
* in the file LICENSE in the source distribution or at
* https://www.openssl.org/source/license.html
*/
#ifndef OSSL_TEST_SHIM_TEST_CONFIG_H
#define OSSL_TEST_SHIM_TEST_CONFIG_H
#include <string>
#include <vector>
#include <openssl/configuration.h>
struct TestConfig {
int port = 0;
bool is_server = false;
bool is_dtls = false;
int resume_count = 0;
bool fallback_scsv = false;
std::string key_file;
std::string cert_file;
std::string expected_server_name;
std::string expected_certificate_types;
bool require_any_client_certificate = false;
std::string advertise_npn;
std::string expected_next_proto;
std::string select_next_proto;
bool async = false;
bool write_different_record_sizes = false;
bool partial_write = false;
bool no_tls13 = false;
bool no_tls12 = false;
bool no_tls11 = false;
bool no_tls1 = false;
bool no_ssl3 = false;
bool shim_writes_first = false;
std::string host_name;
std::string advertise_alpn;
std::string expected_alpn;
std::string expected_advertised_alpn;
std::string select_alpn;
bool decline_alpn = false;
bool expect_session_miss = false;
bool expect_extended_master_secret = false;
std::string psk;
std::string psk_identity;
std::string srtp_profiles;
int min_version = 0;
int max_version = 0;
int mtu = 0;
bool implicit_handshake = false;
std::string cipher;
bool handshake_never_done = false;
int export_keying_material = 0;
std::string export_label;
std::string export_context;
bool use_export_context = false;
bool expect_ticket_renewal = false;
bool expect_no_session = false;
bool use_ticket_callback = false;
bool renew_ticket = false;
bool enable_client_custom_extension = false;
bool enable_server_custom_extension = false;
bool custom_extension_skip = false;
bool custom_extension_fail_add = false;
bool check_close_notify = false;
bool shim_shuts_down = false;
bool verify_fail = false;
bool verify_peer = false;
bool expect_verify_result = false;
int expect_total_renegotiations = 0;
bool renegotiate_freely = false;
bool p384_only = false;
bool enable_all_curves = false;
bool use_sparse_dh_prime = false;
bool use_old_client_cert_callback = false;
bool use_null_client_ca_list = false;
bool peek_then_read = false;
int max_cert_list = 0;
};
bool ParseConfig(int argc, char **argv, TestConfig *out_config);
#endif // OSSL_TEST_SHIM_TEST_CONFIG_H

30
test/recipes/95-test_external_boringssl.t
View File

@ -1,30 +0,0 @@
#! /usr/bin/env perl
# Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.
#
# Licensed under the Apache License 2.0 (the "License"). You may not use
# this file except in compliance with the License. You can obtain a copy
# in the file LICENSE in the source distribution or at
# https://www.openssl.org/source/license.html
use OpenSSL::Test;
use OpenSSL::Test::Utils;
use OpenSSL::Test qw/:DEFAULT bldtop_file srctop_file cmdstr/;
setup("test_external_boringssl");
plan skip_all => "No external tests in this configuration"
if disabled("external-tests");
plan skip_all => "BoringSSL runner not detected"
if !$ENV{BORING_RUNNER_DIR};
plan tests => 1;
indir $ENV{BORING_RUNNER_DIR} => sub {
ok(run(cmd(["go", "test", "-shim-path",
bldtop_file("test", "ossl_shim", "ossl_shim"),
"-shim-config",
srctop_file("test", "ossl_shim", "ossl_config.json"),
"-pipe", "-allow-unimplemented"]), prefix => "go test: "),
"running BoringSSL tests");
}, create => 0, cleanup => 0;