Remove unused BoringSSL specific flags (8beda2c1) · Commits · CYBER - Cyber Security / TS 103 523 MSP / TLMSP / TLMSP OpenSSL

test/ossl_shim/ossl_config.json

+1 −0

Original line number	Diff line number	Diff line

		{
		"DisabledTests" : {
		"SkipCertificateStatus":"Test failure - reason unknown",

test/ossl_shim/ossl_shim.cc

+4 −80

Original line number	Diff line number	Diff line
		@@ -154,16 +154,6 @@ static bool GetCertificate(SSL ssl, bssl::UniquePtr<X509> out_x509,
		bssl::UniquePtr<EVP_PKEY> *out_pkey) {
		const TestConfig *config = GetTestConfig(ssl);

		if (!config->digest_prefs.empty()) {
		fprintf(stderr, "Digest prefs not supported.\n");
		return false;
		}

		if (!config->signing_prefs.empty()) {
		fprintf(stderr, "Set signing algorithm prefs not supported\n");
		return false;
		}

		if (!config->key_file.empty()) {
		*out_pkey = LoadPrivateKey(config->key_file.c_str());
		if (!*out_pkey) {
		@@ -176,10 +166,6 @@ static bool GetCertificate(SSL ssl, bssl::UniquePtr<X509> out_x509,
		return false;
		}
		}
		if (!config->ocsp_response.empty()) {
		fprintf(stderr, "OCSP response not supported.\n");
		return false;
		}
		return true;
		}

		@@ -564,11 +550,6 @@ static bssl::UniquePtr<SSL_CTX> SetupCtx(const TestConfig *config) {
		return nullptr;
		}

		if (!config->cipher_tls10.empty() \|\| !config->cipher_tls11.empty()) {
		fprintf(stderr, "version-specific cipher lists not supported.\n");
		return nullptr;
		}

		DH *tmpdh;

		if (config->use_sparse_dh_prime) {
		@@ -655,11 +636,6 @@ static bssl::UniquePtr<SSL_CTX> SetupCtx(const TestConfig *config) {
		SSL_CTX_set_cert_verify_callback(ssl_ctx.get(), VerifySucceed, NULL);
		}

		if (!config->signed_cert_timestamps.empty()) {
		fprintf(stderr, "SCTs not supported.\n");
		return nullptr;
		}

		if (config->use_null_client_ca_list) {
		SSL_CTX_set_client_CA_list(ssl_ctx.get(), nullptr);
		}
		@@ -806,14 +782,12 @@ static bool CheckHandshakeProperties(SSL *ssl, bool is_resume) {
		return false;
		}

		bool expect_handshake_done = is_resume \|\| !config->false_start;
		if (expect_handshake_done != GetTestState(ssl)->handshake_done) {
		fprintf(stderr, "handshake was%s completed\n",
		GetTestState(ssl)->handshake_done ? "" : " not");
		if (!GetTestState(ssl)->handshake_done) {
		fprintf(stderr, "handshake was not completed\n");
		return false;
		}

		if (expect_handshake_done && !config->is_server) {
		if (!config->is_server) {
		bool expect_new_session =
		!config->expect_no_session &&
		(!SSL_session_reused(ssl) \|\| config->expect_ticket_renewal) &&
		@@ -930,10 +904,6 @@ static bool DoExchange(bssl::UniquePtr<SSL_SESSION> *out_session,
		if (config->verify_peer) {
		SSL_set_verify(ssl.get(), SSL_VERIFY_PEER, NULL);
		}
		if (config->false_start) {
		fprintf(stderr, "False Start not supported\n");
		return false;
		}
		if (config->partial_write) {
		SSL_set_mode(ssl.get(), SSL_MODE_ENABLE_PARTIAL_WRITE);
		}
		@@ -952,14 +922,6 @@ static bool DoExchange(bssl::UniquePtr<SSL_SESSION> *out_session,
		if (config->no_ssl3) {
		SSL_set_options(ssl.get(), SSL_OP_NO_SSLv3);
		}
		if (!config->expected_channel_id.empty()) {
		fprintf(stderr, "Channel ID not supported\n");
		return false;
		}
		if (!config->send_channel_id.empty()) {
		fprintf(stderr, "Channel ID not supported\n");
		return false;
		}
		if (!config->host_name.empty() &&
		!SSL_set_tlsext_host_name(ssl.get(), config->host_name.c_str())) {
		return false;
		@@ -982,14 +944,6 @@ static bool DoExchange(bssl::UniquePtr<SSL_SESSION> *out_session,
		SSL_set_tlsext_use_srtp(ssl.get(), config->srtp_profiles.c_str())) {
		return false;
		}
		if (config->enable_ocsp_stapling) {
		fprintf(stderr, "OCSP stapling not supported (with the same API).\n");
		return false;
		}
		if (config->enable_signed_cert_timestamps) {
		fprintf(stderr, "SCTs not supported (with the same API).\n");
		return false;
		}
		if (config->min_version != 0 &&
		!SSL_set_min_proto_version(ssl.get(), (uint16_t)config->min_version)) {
		return false;
		@@ -1002,28 +956,12 @@ static bool DoExchange(bssl::UniquePtr<SSL_SESSION> *out_session,
		SSL_set_options(ssl.get(), SSL_OP_NO_QUERY_MTU);
		SSL_set_mtu(ssl.get(), config->mtu);
		}
		if (config->install_ddos_callback) {
		fprintf(stderr, "DDoS callback not supported.\n");
		return false;
		}
		if (config->renegotiate_once) {
		fprintf(stderr, "renegotiate_once not supported.\n");
		return false;
		}
		if (config->renegotiate_freely) {
		// This is always on for OpenSSL.
		}
		if (config->renegotiate_ignore) {
		fprintf(stderr, "renegotiate_ignore not supported.\n");
		return false;
		}
		if (!config->check_close_notify) {
		SSL_set_quiet_shutdown(ssl.get(), 1);
		}
		if (config->disable_npn) {
		fprintf(stderr, "SSL_OP_DISABLE_NPN not supported.\n");
		return false;
		}
		if (config->p384_only) {
		int nid = NID_secp384r1;
		if (!SSL_set1_curves(ssl.get(), &nid, 1)) {
		@@ -1039,10 +977,6 @@ static bool DoExchange(bssl::UniquePtr<SSL_SESSION> *out_session,
		return false;
		}
		}
		if (config->initial_timeout_duration_ms > 0) {
		fprintf(stderr, "Setting DTLS initial timeout duration not supported.\n");
		return false;
		}
		if (config->max_cert_list > 0) {
		SSL_set_max_cert_list(ssl.get(), config->max_cert_list);
		}
		@@ -1137,16 +1071,6 @@ static bool DoExchange(bssl::UniquePtr<SSL_SESSION> *out_session,
		}
		}

		if (config->tls_unique) {
		fprintf(stderr, "tls_unique not supported\n");
		return false;
		}

		if (config->send_alert) {
		fprintf(stderr, "Sending an alert not supported\n");
		return false;
		}

		if (config->write_different_record_sizes) {
		if (config->is_dtls) {
		fprintf(stderr, "write_different_record_sizes not supported for DTLS\n");
		@@ -1223,7 +1147,7 @@ static bool DoExchange(bssl::UniquePtr<SSL_SESSION> *out_session,
		}
		}

		if (!config->is_server && !config->false_start &&
		if (!config->is_server &&
		!config->implicit_handshake &&
		// Session tickets are sent post-handshake in TLS 1.3.
		GetProtocolVersion(ssl.get()) < TLS1_3_VERSION &&

test/ossl_shim/test_config.cc

+0 −37

Original line number	Diff line number	Diff line
		@@ -49,7 +49,6 @@ const Flag<bool> kBoolFlags[] = {
		{ "-fallback-scsv", &TestConfig::fallback_scsv },
		{ "-require-any-client-certificate",
		&TestConfig::require_any_client_certificate },
		{ "-false-start", &TestConfig::false_start },
		{ "-async", &TestConfig::async },
		{ "-write-different-record-sizes",
		&TestConfig::write_different_record_sizes },
		@@ -60,24 +59,18 @@ const Flag<bool> kBoolFlags[] = {
		{ "-no-tls11", &TestConfig::no_tls11 },
		{ "-no-tls1", &TestConfig::no_tls1 },
		{ "-no-ssl3", &TestConfig::no_ssl3 },
		{ "-enable-channel-id", &TestConfig::enable_channel_id },
		{ "-shim-writes-first", &TestConfig::shim_writes_first },
		{ "-expect-session-miss", &TestConfig::expect_session_miss },
		{ "-decline-alpn", &TestConfig::decline_alpn },
		{ "-expect-extended-master-secret",
		&TestConfig::expect_extended_master_secret },
		{ "-enable-ocsp-stapling", &TestConfig::enable_ocsp_stapling },
		{ "-enable-signed-cert-timestamps",
		&TestConfig::enable_signed_cert_timestamps },
		{ "-implicit-handshake", &TestConfig::implicit_handshake },
		{ "-use-early-callback", &TestConfig::use_early_callback },
		{ "-fail-early-callback", &TestConfig::fail_early_callback },
		{ "-install-ddos-callback", &TestConfig::install_ddos_callback },
		{ "-fail-ddos-callback", &TestConfig::fail_ddos_callback },
		{ "-fail-second-ddos-callback", &TestConfig::fail_second_ddos_callback },
		{ "-handshake-never-done", &TestConfig::handshake_never_done },
		{ "-use-export-context", &TestConfig::use_export_context },
		{ "-tls-unique", &TestConfig::tls_unique },
		{ "-expect-ticket-renewal", &TestConfig::expect_ticket_renewal },
		{ "-expect-no-session", &TestConfig::expect_no_session },
		{ "-use-ticket-callback", &TestConfig::use_ticket_callback },
		@@ -93,30 +86,24 @@ const Flag<bool> kBoolFlags[] = {
		{ "-verify-fail", &TestConfig::verify_fail },
		{ "-verify-peer", &TestConfig::verify_peer },
		{ "-expect-verify-result", &TestConfig::expect_verify_result },
		{ "-renegotiate-once", &TestConfig::renegotiate_once },
		{ "-renegotiate-freely", &TestConfig::renegotiate_freely },
		{ "-renegotiate-ignore", &TestConfig::renegotiate_ignore },
		{ "-disable-npn", &TestConfig::disable_npn },
		{ "-p384-only", &TestConfig::p384_only },
		{ "-enable-all-curves", &TestConfig::enable_all_curves },
		{ "-use-sparse-dh-prime", &TestConfig::use_sparse_dh_prime },
		{ "-use-old-client-cert-callback",
		&TestConfig::use_old_client_cert_callback },
		{ "-use-null-client-ca-list", &TestConfig::use_null_client_ca_list },
		{ "-send-alert", &TestConfig::send_alert },
		{ "-peek-then-read", &TestConfig::peek_then_read },
		{ "-enable-grease", &TestConfig::enable_grease },
		};

		const Flag<std::string> kStringFlags[] = {
		{ "-digest-prefs", &TestConfig::digest_prefs },
		{ "-key-file", &TestConfig::key_file },
		{ "-cert-file", &TestConfig::cert_file },
		{ "-expect-server-name", &TestConfig::expected_server_name },
		{ "-advertise-npn", &TestConfig::advertise_npn },
		{ "-expect-next-proto", &TestConfig::expected_next_proto },
		{ "-select-next-proto", &TestConfig::select_next_proto },
		{ "-send-channel-id", &TestConfig::send_channel_id },
		{ "-host-name", &TestConfig::host_name },
		{ "-advertise-alpn", &TestConfig::advertise_alpn },
		{ "-expect-alpn", &TestConfig::expected_alpn },
		@@ -126,20 +113,15 @@ const Flag<std::string> kStringFlags[] = {
		{ "-psk-identity", &TestConfig::psk_identity },
		{ "-srtp-profiles", &TestConfig::srtp_profiles },
		{ "-cipher", &TestConfig::cipher },
		{ "-cipher-tls10", &TestConfig::cipher_tls10 },
		{ "-cipher-tls11", &TestConfig::cipher_tls11 },
		{ "-export-label", &TestConfig::export_label },
		{ "-export-context", &TestConfig::export_context },
		};

		const Flag<std::string> kBase64Flags[] = {
		{ "-expect-certificate-types", &TestConfig::expected_certificate_types },
		{ "-expect-channel-id", &TestConfig::expected_channel_id },
		{ "-expect-ocsp-response", &TestConfig::expected_ocsp_response },
		{ "-expect-signed-cert-timestamps",
		&TestConfig::expected_signed_cert_timestamps },
		{ "-ocsp-response", &TestConfig::ocsp_response },
		{ "-signed-cert-timestamps", &TestConfig::signed_cert_timestamps },
		};

		const Flag<int> kIntFlags[] = {
		@@ -154,14 +136,9 @@ const Flag<int> kIntFlags[] = {
		&TestConfig::expect_peer_signature_algorithm },
		{ "-expect-curve-id", &TestConfig::expect_curve_id },
		{ "-expect-dhe-group-size", &TestConfig::expect_dhe_group_size },
		{ "-initial-timeout-duration-ms", &TestConfig::initial_timeout_duration_ms },
		{ "-max-cert-list", &TestConfig::max_cert_list },
		};

		const Flag<std::vector<int>> kIntVectorFlags[] = {
		{ "-signing-prefs", &TestConfig::signing_prefs },
		};

		} // namespace

		bool ParseConfig(int argc, char *argv, TestConfig out_config) {
		@@ -213,20 +190,6 @@ bool ParseConfig(int argc, char *argv, TestConfig out_config) {
		continue;
		}

		std::vector<int> *int_vector_field =
		FindField(out_config, kIntVectorFlags, argv[i]);
		if (int_vector_field) {
		i++;
		if (i >= argc) {
		fprintf(stderr, "Missing parameter\n");
		return false;
		}

		// Each instance of the flag adds to the list.
		int_vector_field->push_back(atoi(argv[i]));
		continue;
		}

		fprintf(stderr, "Unknown argument: %s\n", argv[i]);
		return false;
		}

test/ossl_shim/test_config.h

+0 −19

Original line number	Diff line number	Diff line
		@@ -25,8 +25,6 @@ struct TestConfig {
		bool is_dtls = false;
		int resume_count = 0;
		bool fallback_scsv = false;
		std::string digest_prefs;
		std::vector<int> signing_prefs;
		std::string key_file;
		std::string cert_file;
		std::string expected_server_name;
		@@ -34,7 +32,6 @@ struct TestConfig {
		bool require_any_client_certificate = false;
		std::string advertise_npn;
		std::string expected_next_proto;
		bool false_start = false;
		std::string select_next_proto;
		bool async = false;
		bool write_different_record_sizes = false;
		@@ -45,9 +42,6 @@ struct TestConfig {
		bool no_tls11 = false;
		bool no_tls1 = false;
		bool no_ssl3 = false;
		std::string expected_channel_id;
		bool enable_channel_id = false;
		std::string send_channel_id;
		bool shim_writes_first = false;
		std::string host_name;
		std::string advertise_alpn;
		@@ -60,9 +54,7 @@ struct TestConfig {
		std::string psk;
		std::string psk_identity;
		std::string srtp_profiles;
		bool enable_ocsp_stapling = false;
		std::string expected_ocsp_response;
		bool enable_signed_cert_timestamps = false;
		std::string expected_signed_cert_timestamps;
		int min_version = 0;
		int max_version = 0;
		@@ -70,18 +62,14 @@ struct TestConfig {
		bool implicit_handshake = false;
		bool use_early_callback = false;
		bool fail_early_callback = false;
		bool install_ddos_callback = false;
		bool fail_ddos_callback = false;
		bool fail_second_ddos_callback = false;
		std::string cipher;
		std::string cipher_tls10;
		std::string cipher_tls11;
		bool handshake_never_done = false;
		int export_keying_material = 0;
		std::string export_label;
		std::string export_context;
		bool use_export_context = false;
		bool tls_unique = false;
		bool expect_ticket_renewal = false;
		bool expect_no_session = false;
		bool use_ticket_callback = false;
		@@ -90,18 +78,13 @@ struct TestConfig {
		bool enable_server_custom_extension = false;
		bool custom_extension_skip = false;
		bool custom_extension_fail_add = false;
		std::string ocsp_response;
		bool check_close_notify = false;
		bool shim_shuts_down = false;
		bool verify_fail = false;
		bool verify_peer = false;
		bool expect_verify_result = false;
		std::string signed_cert_timestamps;
		int expect_total_renegotiations = 0;
		bool renegotiate_once = false;
		bool renegotiate_freely = false;
		bool renegotiate_ignore = false;
		bool disable_npn = false;
		int expect_peer_signature_algorithm = 0;
		bool p384_only = false;
		bool enable_all_curves = false;
		@@ -109,9 +92,7 @@ struct TestConfig {
		int expect_curve_id = 0;
		int expect_dhe_group_size = 0;
		bool use_old_client_cert_callback = false;
		int initial_timeout_duration_ms = 0;
		bool use_null_client_ca_list = false;
		bool send_alert = false;
		bool peek_then_read = false;
		bool enable_grease = false;
		int max_cert_list = 0;