Browse Source

Fix 12 Boring tests involving NULL-SHA ciphersuites

The Boring runner attempts to enable the NULL-SHA ciphersuite using the
cipherstring "DEFAULT:NULL-SHA". However in OpenSSL DEFAULT permanently
switches off NULL ciphersuites, so we fix this up to be "ALL:NULL-SHA"
instead. We can't change the runner so we have to change the shim to
detect this.

(Merged from https://github.com/openssl/openssl/pull/2933)
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Emilia Käsper <emilia@openssl.org>
master
Matt Caswell 5 years ago
parent
commit
64e2b23ce3
2 changed files with 19 additions and 17 deletions
  1. +4
    -16
      test/ossl_shim/ossl_config.json
  2. +15
    -1
      test/ossl_shim/test_config.cc

+ 4
- 16
test/ossl_shim/ossl_config.json View File

@ -36,22 +36,10 @@
"KeyUpdate-Server":"Test failure - reason unknown",
"SSL3-ECDHE-PSK-AES128-CBC-SHA-server":"Test failure - reason unknown",
"SSL3-ECDHE-PSK-AES256-CBC-SHA-server":"Test failure - reason unknown",
"SSL3-NULL-SHA-server":"Test failure - reason unknown",
"SSL3-NULL-SHA-client":"Test failure - reason unknown",
"SSL3-NULL-SHA-LargeRecord":"Test failure - reason unknown",
"SSL3-NULL-SHA-BadRecord":"Test failure - reason unknown",
"TLS1-NULL-SHA-server":"Test failure - reason unknown",
"TLS1-NULL-SHA-LargeRecord":"Test failure - reason unknown",
"TLS1-NULL-SHA-BadRecord":"Test failure - reason unknown",
"TLS11-NULL-SHA-server":"Test failure - reason unknown",
"TLS1-NULL-SHA-client":"Test failure - reason unknown",
"TLS11-NULL-SHA-client":"Test failure - reason unknown",
"TLS11-NULL-SHA-LargeRecord":"Test failure - reason unknown",
"TLS12-NULL-SHA-client":"Test failure - reason unknown",
"TLS12-NULL-SHA-server":"Test failure - reason unknown",
"TLS12-NULL-SHA-LargeRecord":"Test failure - reason unknown",
"TLS11-NULL-SHA-BadRecord":"Test failure - reason unknown",
"TLS12-NULL-SHA-BadRecord":"Test failure - reason unknown",
"DTLS1-NULL-SHA-server":"Test failure - reason unknown",
"DTLS1-NULL-SHA-client":"Test failure - reason unknown",
"DTLS12-NULL-SHA-client":"Test failure - reason unknown",
"DTLS12-NULL-SHA-server":"Test failure - reason unknown",
"BadECDSA-1-4":"Test failure - reason unknown",
"BadECDSA-3-4":"Test failure - reason unknown",
"BadECDSA-4-1":"Test failure - reason unknown",


+ 15
- 1
test/ossl_shim/test_config.cc View File

@ -133,12 +133,26 @@ bool ParseConfig(int argc, char **argv, TestConfig *out_config) {
std::string *string_field = FindField(out_config, kStringFlags, argv[i]);
if (string_field != NULL) {
const char *val;
i++;
if (i >= argc) {
fprintf(stderr, "Missing parameter\n");
return false;
}
string_field->assign(argv[i]);
/*
* Fix up the -cipher argument. runner uses "DEFAULT:NULL-SHA" to enable
* the NULL-SHA cipher. However in OpenSSL "DEFAULT" permanently switches
* off NULL ciphers, so we use "ALL:NULL-SHA" instead.
*/
if (strcmp(argv[i - 1], "-cipher") == 0
&& strcmp(argv[i], "DEFAULT:NULL-SHA") == 0)
val = "ALL:NULL-SHA";
else
val = argv[i];
string_field->assign(val);
continue;
}


Loading…
Cancel
Save