Commit 64e2b23c authored by Matt Caswell's avatar Matt Caswell
Browse files

Fix 12 Boring tests involving NULL-SHA ciphersuites 

The Boring runner attempts to enable the NULL-SHA ciphersuite using the
cipherstring "DEFAULT:NULL-SHA". However in OpenSSL DEFAULT permanently
switches off NULL ciphersuites, so we fix this up to be "ALL:NULL-SHA"
instead. We can't change the runner so we have to change the shim to
detect this.

(Merged from https://github.com/openssl/openssl/pull/2933

)
Reviewed-by: default avatarRich Salz <rsalz@openssl.org>
Reviewed-by: default avatarEmilia Käsper <emilia@openssl.org>
parent 49619ab0

test/ossl_shim/ossl_config.json

+4 −16
Original line number Diff line number Diff line
@@ -36,22 +36,10 @@ 
        "KeyUpdate-Server":"Test failure - reason unknown",

        "SSL3-ECDHE-PSK-AES128-CBC-SHA-server":"Test failure - reason unknown",

        "SSL3-ECDHE-PSK-AES256-CBC-SHA-server":"Test failure - reason unknown",

        "SSL3-NULL-SHA-server":"Test failure - reason unknown",

        "SSL3-NULL-SHA-client":"Test failure - reason unknown",

        "SSL3-NULL-SHA-LargeRecord":"Test failure - reason unknown",

        "SSL3-NULL-SHA-BadRecord":"Test failure - reason unknown",

        "TLS1-NULL-SHA-server":"Test failure - reason unknown",

        "TLS1-NULL-SHA-LargeRecord":"Test failure - reason unknown",

        "TLS1-NULL-SHA-BadRecord":"Test failure - reason unknown",

        "TLS11-NULL-SHA-server":"Test failure - reason unknown",

        "TLS1-NULL-SHA-client":"Test failure - reason unknown",

        "TLS11-NULL-SHA-client":"Test failure - reason unknown",

        "TLS11-NULL-SHA-LargeRecord":"Test failure - reason unknown",

        "TLS12-NULL-SHA-client":"Test failure - reason unknown",

        "TLS12-NULL-SHA-server":"Test failure - reason unknown",

        "TLS12-NULL-SHA-LargeRecord":"Test failure - reason unknown",

        "TLS11-NULL-SHA-BadRecord":"Test failure - reason unknown",

        "TLS12-NULL-SHA-BadRecord":"Test failure - reason unknown",

        "DTLS1-NULL-SHA-server":"Test failure - reason unknown",

        "DTLS1-NULL-SHA-client":"Test failure - reason unknown",

        "DTLS12-NULL-SHA-client":"Test failure - reason unknown",

        "DTLS12-NULL-SHA-server":"Test failure - reason unknown",

        "BadECDSA-1-4":"Test failure - reason unknown",

        "BadECDSA-3-4":"Test failure - reason unknown",

        "BadECDSA-4-1":"Test failure - reason unknown",

test/ossl_shim/test_config.cc

+15 −1
Original line number Diff line number Diff line
@@ -133,12 +133,26 @@ bool ParseConfig(int argc, char **argv, TestConfig *out_config) { 


    std::string *string_field = FindField(out_config, kStringFlags, argv[i]);

    if (string_field != NULL) {

      const char *val;



      i++;

      if (i >= argc) {

        fprintf(stderr, "Missing parameter\n");

        return false;

      }

      string_field->assign(argv[i]);



      /*

       * Fix up the -cipher argument. runner uses "DEFAULT:NULL-SHA" to enable

       * the NULL-SHA cipher. However in OpenSSL "DEFAULT" permanently switches

       * off NULL ciphers, so we use "ALL:NULL-SHA" instead.

       */

      if (strcmp(argv[i - 1], "-cipher") == 0

          && strcmp(argv[i], "DEFAULT:NULL-SHA") == 0)

        val = "ALL:NULL-SHA";

      else

        val = argv[i];



      string_field->assign(val);

      continue;

    }