kris
/
boringssl
1
0
Atdalīts 0
Kods Problēmas 0 Izmaiņu pieprasījumi 0 Laidieni 0 Vikivietne Aktivitāte
Nevar pievienot vairāk kā 25 tēmas Tēmai ir jāsākas ar burtu vai ciparu, tā var saturēt domu zīmes ('-') un var būt līdz 35 simboliem gara.
4373 Revīzijas
12 Atzari
38 MiB
Koks: a1ce85696d
Atzari Tagi
${ item.name }
Izveidot atzaru ${ searchTerm }
no 'a1ce85696d'
${ noResults }
boringssl/ssl/test/test_config.cc

test_config.cc 12 KiB
Neapstrādāts Parastais skats Vēsture

Move configuration into a dedicated TestConfig struct. This removes some duplicate code in parsing command-line flags and, more importantly, makes configuration available when constructing the SSL_CTX and avoids a number of globals. Change-Id: I26e2d2285b732f855a2c82752bc8e0db480c3b30 Reviewed-on: https://boringssl-review.googlesource.com/1502 Reviewed-by: Adam Langley <agl@google.com>
pirms 10 gadiem
Missing includes for FreeBSD. Change-Id: I4ea02a41ed614047ecda156d0c572b04baa174e6 Reviewed-on: https://boringssl-review.googlesource.com/1852 Reviewed-by: Adam Langley <agl@google.com>
pirms 10 gadiem
Add min_version and max_version APIs. Amend the version negotiation tests to test this new spelling of max_version. min_version will be tested in a follow-up. Change-Id: Ic4bfcd43bc4e5f951140966f64bb5fd3e2472b01 Reviewed-on: https://boringssl-review.googlesource.com/2583 Reviewed-by: Adam Langley <agl@google.com>
pirms 10 gadiem
Move configuration into a dedicated TestConfig struct. This removes some duplicate code in parsing command-line flags and, more importantly, makes configuration available when constructing the SSL_CTX and avoids a number of globals. Change-Id: I26e2d2285b732f855a2c82752bc8e0db480c3b30 Reviewed-on: https://boringssl-review.googlesource.com/1502 Reviewed-by: Adam Langley <agl@google.com>
pirms 10 gadiem
Introduce a mechanism for base64 options. We may wish to pass data to the runner that contains NULs. Change-Id: Id78dad0ad0b5b6d0537481c818e3febdf1740cc9 Reviewed-on: https://boringssl-review.googlesource.com/1603 Reviewed-by: Adam Langley <agl@google.com>
pirms 10 gadiem
Move configuration into a dedicated TestConfig struct. This removes some duplicate code in parsing command-line flags and, more importantly, makes configuration available when constructing the SSL_CTX and avoids a number of globals. Change-Id: I26e2d2285b732f855a2c82752bc8e0db480c3b30 Reviewed-on: https://boringssl-review.googlesource.com/1502 Reviewed-by: Adam Langley <agl@google.com>
pirms 10 gadiem
Add min_version and max_version APIs. Amend the version negotiation tests to test this new spelling of max_version. min_version will be tested in a follow-up. Change-Id: Ic4bfcd43bc4e5f951140966f64bb5fd3e2472b01 Reviewed-on: https://boringssl-review.googlesource.com/2583 Reviewed-by: Adam Langley <agl@google.com>
pirms 10 gadiem
Move configuration into a dedicated TestConfig struct. This removes some duplicate code in parsing command-line flags and, more importantly, makes configuration available when constructing the SSL_CTX and avoids a number of globals. Change-Id: I26e2d2285b732f855a2c82752bc8e0db480c3b30 Reviewed-on: https://boringssl-review.googlesource.com/1502 Reviewed-by: Adam Langley <agl@google.com>
pirms 10 gadiem
Add min_version and max_version APIs. Amend the version negotiation tests to test this new spelling of max_version. min_version will be tested in a follow-up. Change-Id: Ic4bfcd43bc4e5f951140966f64bb5fd3e2472b01 Reviewed-on: https://boringssl-review.googlesource.com/2583 Reviewed-by: Adam Langley <agl@google.com>
pirms 10 gadiem
Move configuration into a dedicated TestConfig struct. This removes some duplicate code in parsing command-line flags and, more importantly, makes configuration available when constructing the SSL_CTX and avoids a number of globals. Change-Id: I26e2d2285b732f855a2c82752bc8e0db480c3b30 Reviewed-on: https://boringssl-review.googlesource.com/1502 Reviewed-by: Adam Langley <agl@google.com>
pirms 10 gadiem
Add min_version and max_version APIs. Amend the version negotiation tests to test this new spelling of max_version. min_version will be tested in a follow-up. Change-Id: Ic4bfcd43bc4e5f951140966f64bb5fd3e2472b01 Reviewed-on: https://boringssl-review.googlesource.com/2583 Reviewed-by: Adam Langley <agl@google.com>
pirms 10 gadiem
Move configuration into a dedicated TestConfig struct. This removes some duplicate code in parsing command-line flags and, more importantly, makes configuration available when constructing the SSL_CTX and avoids a number of globals. Change-Id: I26e2d2285b732f855a2c82752bc8e0db480c3b30 Reviewed-on: https://boringssl-review.googlesource.com/1502 Reviewed-by: Adam Langley <agl@google.com>
pirms 10 gadiem
Add min_version and max_version APIs. Amend the version negotiation tests to test this new spelling of max_version. min_version will be tested in a follow-up. Change-Id: Ic4bfcd43bc4e5f951140966f64bb5fd3e2472b01 Reviewed-on: https://boringssl-review.googlesource.com/2583 Reviewed-by: Adam Langley <agl@google.com>
pirms 10 gadiem
Move configuration into a dedicated TestConfig struct. This removes some duplicate code in parsing command-line flags and, more importantly, makes configuration available when constructing the SSL_CTX and avoids a number of globals. Change-Id: I26e2d2285b732f855a2c82752bc8e0db480c3b30 Reviewed-on: https://boringssl-review.googlesource.com/1502 Reviewed-by: Adam Langley <agl@google.com>
pirms 10 gadiem
Add initial DTLS tests. Change-Id: I7407261bdb2d788c879f2e67e617a615d9ff8f8b Reviewed-on: https://boringssl-review.googlesource.com/1505 Reviewed-by: Adam Langley <agl@google.com>
pirms 10 gadiem
Move configuration into a dedicated TestConfig struct. This removes some duplicate code in parsing command-line flags and, more importantly, makes configuration available when constructing the SSL_CTX and avoids a number of globals. Change-Id: I26e2d2285b732f855a2c82752bc8e0db480c3b30 Reviewed-on: https://boringssl-review.googlesource.com/1502 Reviewed-by: Adam Langley <agl@google.com>
pirms 10 gadiem
Adding TLS 1.3 constants. Constants representing TLS 1.3 are added to allow for future work to be flagged on TLS1_3_VERSION. To prevent BoringSSL from negotiating the non-existent TLS 1.3 version, it is explicitly disabled using SSL_OP_NO_TLSv1_3. Change-Id: Ie5258a916f4c19ef21646c4073d5b4a7974d6f3f Reviewed-on: https://boringssl-review.googlesource.com/8041 Reviewed-by: Adam Langley <agl@google.com>
pirms 8 gadiem
Move configuration into a dedicated TestConfig struct. This removes some duplicate code in parsing command-line flags and, more importantly, makes configuration available when constructing the SSL_CTX and avoids a number of globals. Change-Id: I26e2d2285b732f855a2c82752bc8e0db480c3b30 Reviewed-on: https://boringssl-review.googlesource.com/1502 Reviewed-by: Adam Langley <agl@google.com>
pirms 10 gadiem
Add TLS 1.3 1-RTT. This adds the machinery for doing TLS 1.3 1RTT. Change-Id: I736921ffe9dc6f6e64a08a836df6bb166d20f504 Reviewed-on: https://boringssl-review.googlesource.com/8720 Reviewed-by: David Benjamin <davidben@google.com> Commit-Queue: David Benjamin <davidben@google.com> CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
pirms 8 gadiem
Add a test to ensure False Start occurs. This adds the missing test coverage for 7e3305eebd7fb06d57e7f25b3bbf9c10d526f7d5. Change-Id: I8c9f1dc998afa9bb1f6fb2a7872a651037bb4844 Reviewed-on: https://boringssl-review.googlesource.com/1610 Reviewed-by: Adam Langley <agl@google.com>
pirms 10 gadiem
Add tests for client version negotiation and session resumption. BUG=chromium:417134 Change-Id: If5914be98026d899000fde267b2d329861ca3136 Reviewed-on: https://boringssl-review.googlesource.com/1822 Reviewed-by: Adam Langley <agl@google.com>
pirms 10 gadiem
Add a test that declining ALPN works. Inspired by https://mta.openssl.org/pipermail/openssl-dev/2016-March/006150.html Change-Id: I973b3baf054ed1051002f7bb9941cb1deeb36d78 Reviewed-on: https://boringssl-review.googlesource.com/7504 Reviewed-by: David Benjamin <davidben@google.com>
pirms 8 gadiem
Extended master secret support. This change implements support for the extended master secret. See https://tools.ietf.org/html/draft-ietf-tls-session-hash-01 https://secure-resumption.com/ Change-Id: Ifc7327763149ab0894b4f1d48cdc35e0f1093b93 Reviewed-on: https://boringssl-review.googlesource.com/1930 Reviewed-by: David Benjamin <davidben@chromium.org> Reviewed-by: Adam Langley <agl@google.com>
pirms 10 gadiem
Add tests for OCSP stapling and SCT lists. We forgot to add those when we implemented the features. (Also relevant because they will provide test coverage later for configuring features when using the generic method tables rather than *_client_method.) Change-Id: Ie08b27de893095e01a05a7084775676616459807 Reviewed-on: https://boringssl-review.googlesource.com/2410 Reviewed-by: Adam Langley <agl@google.com>
pirms 10 gadiem
Initialize the record buffers after the handshake check. The new V2ClientHello sniff asserts, for safety, that nothing else has initialized the record layer before it runs. However, OpenSSL allows you to avoid explicitly calling SSL_connect/SSL_accept and instead let SSL_read/SSL_write implicitly handshake for you. This check happens at a fairly low-level in the ssl3_read_bytes function, at which point the record layer has already been initialized. Add some tests to ensure this mode works. (Later we'll lift the handshake check to a higher-level which is probably simpler.) Change-Id: Ibeb7fb78e5eb75af5411ba15799248d94f12820b Reviewed-on: https://boringssl-review.googlesource.com/3334 Reviewed-by: Adam Langley <agl@google.com>
pirms 9 gadiem
Add tests for installing the certificate on the early callback. Test both asynchronous and synchronous versions. This callback is somewhat different from others. It's NOT called a second time when the handshake is resumed. This appears to be intentional and not a mismerge from the internal patch. The caller is expected to set up any state before resuming the handshake state machine. Also test the early callback returning an error. Change-Id: If5e6eddd7007ea5cdd7533b4238e456106b95cbd Reviewed-on: https://boringssl-review.googlesource.com/3590 Reviewed-by: Adam Langley <agl@google.com>
pirms 9 gadiem
Add a callback for DDoS protection. This callback receives information about the ClientHello and can decide whether or not to allow the handshake to continue. Change-Id: I21be28335fa74fedb5b73a310ee24310670fc923 Reviewed-on: https://boringssl-review.googlesource.com/3721 Reviewed-by: Adam Langley <agl@google.com>
pirms 9 gadiem
Add tests for failing cert_cb. We missed that the TLS 1.3 code was inconsistent with the TLS 1.2 code. Only on the server did we push an error code. But consistency between client and server is probably worthwhile so, fix the 1.2 code to match for now. Change-Id: I17952c72048697dc66eacf0f144a66ced9cb3be8 Reviewed-on: https://boringssl-review.googlesource.com/12260 Reviewed-by: David Benjamin <davidben@google.com> Commit-Queue: David Benjamin <davidben@google.com> CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
pirms 8 gadiem
Test the interaction of SSL_CB_HANDSHAKE_DONE and False Start. Based on whether -false-start is passed, we expect SSL_CB_HANDSHAKE_DONE to or not to fire. Also add a flag that asserts SSL_CB_HANDSHAKE_DONE does *not* fire in any False Start test where the handshake fails after SSL_connect returns. Change-Id: I6c5b960fff15e297531e15b16abe0b98be95bec8 Reviewed-on: https://boringssl-review.googlesource.com/4212 Reviewed-by: Adam Langley <agl@google.com>
pirms 9 gadiem
Add tests for SSL_export_keying_material. Change-Id: Ic4d3ade08aa648ce70ada9981e894b6c1c4197c6 Reviewed-on: https://boringssl-review.googlesource.com/4215 Reviewed-by: Adam Langley <agl@google.com>
pirms 9 gadiem
Add SSL_get_tls_unique. SSL_get_tls_unique returns the tls-unique channel-binding value as defined in https://tools.ietf.org/html/rfc5929#section-3.1. Change-Id: Id9644328a7db8a91cf3ff0deee9dd6ce0d3e00ba Reviewed-on: https://boringssl-review.googlesource.com/4984 Reviewed-by: Adam Langley <agl@google.com>
pirms 9 gadiem
Don't put sessions from renegotiations in the cache. Rather than rely on Chromium to query SSL_initial_handshake_complete in the callback (which didn't work anyway because the callback is called afterwards), move the logic into BoringSSL. BoringSSL already enforces that clients never offer resumptions on renegotiation (it wouldn't work well anyway as client session cache lookup is external), so it's reasonable to also implement in-library that sessions established on a renegotiation are not cached. Add a bunch of tests that new_session_cb is called when expected. BUG=501418 Change-Id: I42d44c82b043af72b60a0f8fdb57799e20f13ed5 Reviewed-on: https://boringssl-review.googlesource.com/5171 Reviewed-by: Adam Langley <agl@google.com>
pirms 9 gadiem
Enabling 0-RTT on new Session Tickets. This adds support for setting 0-RTT mode on tickets minted by BoringSSL, allowing for testing of the initial handshake knowledge. BUG=76 Change-Id: Ic199842c03b5401ef122a537fdb7ed9e9a5c635a Reviewed-on: https://boringssl-review.googlesource.com/12740 Reviewed-by: David Benjamin <davidben@google.com> Commit-Queue: David Benjamin <davidben@google.com> CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
pirms 7 gadiem
Add a test for the ticket callback. Change-Id: I7b2a4f617bd8d49c86fdaaf45bf67e0170bbd44f Reviewed-on: https://boringssl-review.googlesource.com/5230 Reviewed-by: Adam Langley <agl@google.com>
pirms 9 gadiem
Enabling 0-RTT on new Session Tickets. This adds support for setting 0-RTT mode on tickets minted by BoringSSL, allowing for testing of the initial handshake knowledge. BUG=76 Change-Id: Ic199842c03b5401ef122a537fdb7ed9e9a5c635a Reviewed-on: https://boringssl-review.googlesource.com/12740 Reviewed-by: David Benjamin <davidben@google.com> Commit-Queue: David Benjamin <davidben@google.com> CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
pirms 7 gadiem
Implement custom extensions. This change mirrors upstream's custom extension API because we have some internal users that depend on it. Change-Id: I408e442de0a55df7b05c872c953ff048cd406513 Reviewed-on: https://boringssl-review.googlesource.com/5471 Reviewed-by: Adam Langley <agl@google.com>
pirms 9 gadiem
Add tests for bidirectional shutdown. Now that it even works at all (type = 0 bug aside), add tests for it. Test both close_notify being received before and after SSL_shutdown is called. In the latter case, have the peer send some junk to be ignored to test that works. Also test that SSL_shutdown fails on unclean shutdown and that quiet shutdowns ignore it. BUG=526437 Change-Id: Iff13b08feb03e82f21ecab0c66d5f85aec256137 Reviewed-on: https://boringssl-review.googlesource.com/5769 Reviewed-by: Adam Langley <agl@google.com>
pirms 9 gadiem
Wait for CertificateStatus message to verify certificate. Applications may require the stapled OCSP response in order to verify the certificate within the verification callback. Change-Id: I8002e527f90c3ce7b6a66e3203c0a68371aac5ec Reviewed-on: https://boringssl-review.googlesource.com/5730 Reviewed-by: David Benjamin <davidben@chromium.org> Reviewed-by: Adam Langley <agl@google.com>
pirms 9 gadiem
Add tests for SSL_VERIFY_PEER_IF_NO_OBC and fix TLS 1.3. Also mirror the structure of the TLS 1.2 and TLS 1.3 code a bit. Change-Id: I7b34bf30de63fa0bd47a39a90570846fb2314ad5 Reviewed-on: https://boringssl-review.googlesource.com/17539 Reviewed-by: David Benjamin <davidben@google.com>
pirms 7 gadiem
Add SSL_set_renegotiate_mode. Add a slightly richer API. Notably, one can configure ssl_renegotiate_once to only accept the first renego. Also, this API doesn't repeat the mistake I made with SSL_set_reject_peer_renegotiations which is super-confusing with the negation. Change-Id: I7eb5d534e3e6c553b641793f4677fe5a56451c71 Reviewed-on: https://boringssl-review.googlesource.com/6221 Reviewed-by: Adam Langley <agl@google.com>
pirms 9 gadiem
Add ssl_renegotiate_ignore. This option causes clients to ignore HelloRequest messages completely. This can be suitable in cases where a server tries to perform concurrent application data and handshake flow, e.g. because they are trying to “renew” symmetric keys. Change-Id: I2779f7eff30d82163f2c34a625ec91dc34fab548 Reviewed-on: https://boringssl-review.googlesource.com/6431 Reviewed-by: David Benjamin <davidben@chromium.org> Reviewed-by: Adam Langley <agl@google.com>
pirms 9 gadiem
Move curve check out of tls12_check_peer_sigalg. The current check has two problems: - It only runs on the server, where there isn't a curve list at all. This was a mistake in https://boringssl-review.googlesource.com/1843 which flipped it from client-only to server-only. - It only runs in TLS 1.2, so one could bypass it by just negotiating TLS 1.1. Upstream added it as part of their Suite B mode, which requires 1.2. Move it elsewhere. Though we do not check the entire chain, leaving that to the certificate verifier, signatures made by the leaf certificate are made by the SSL/TLS stack, so it's reasonable to check the curve as part of checking suitability of a leaf. Change-Id: I7c12f2a32ba946a20e9ba6c70eff23bebcb60bb2 Reviewed-on: https://boringssl-review.googlesource.com/6414 Reviewed-by: Adam Langley <agl@google.com>
pirms 9 gadiem
Test all supported curves (including those off by default). Change-Id: I54b2b354ab3d227305f829839e82e7ae7292fd7d Reviewed-on: https://boringssl-review.googlesource.com/6774 Reviewed-by: Adam Langley <agl@google.com>
pirms 8 gadiem
Add tests for the old client cert callback. Also add no-certificate cases to the state machine coverage tests. Change-Id: I88a80df6f3ea69aabc978dd356abcb9e309e156f Reviewed-on: https://boringssl-review.googlesource.com/7417 Reviewed-by: Steven Valdez <svaldez@google.com> Reviewed-by: David Benjamin <davidben@google.com>
pirms 8 gadiem
Add SSL_send_fatal_alert. WebRTC want to be able to send a random alert. Add an API for this. Change-Id: Id3113d68f25748729fd9e9a91dbbfa93eead12c3 Reviewed-on: https://boringssl-review.googlesource.com/8950 Reviewed-by: Taylor Brandstetter <deadbeef@webrtc.org> Reviewed-by: Adam Langley <agl@google.com> Commit-Queue: Adam Langley <agl@google.com> CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
pirms 8 gadiem
Add tests for SSL_peek. SSL_peek works fine for us, but OpenSSL 1.1.0 regressed this (https://github.com/openssl/openssl/issues/1563), and we don't have tests either. Fix this. SSL_peek can handle all weird events that SSL_read can, so use runner and tell bssl_shim to do a SSL_peek + SSL_peek + SSL_read instead of SSL_read. Then add tests for all the events we may discover. Change-Id: I9e8635e3ca19653a02a883f220ab1332d4412f98 Reviewed-on: https://boringssl-review.googlesource.com/11090 Reviewed-by: Adam Langley <agl@google.com>
pirms 8 gadiem
Implement draft-davidben-tls-grease-01. This GREASEs cipher suites, groups, and extensions. For now, we'll always place them in a hard-coded position. We can experiment with more interesting strategies later. If we add new ciphers and curves, presumably we prefer them over current ones, so place GREASE values at the front. This prevents implementations from parsing only the first value and ignoring the rest. Add two new extensions, one empty and one non-empty. Place the empty one in front (IBM WebSphere can't handle trailing empty extensions) and the non-empty one at the end. Change-Id: If2e009936bc298cedf2a7a593ce7d5d5ddbb841a Reviewed-on: https://boringssl-review.googlesource.com/11241 Reviewed-by: Adam Langley <agl@google.com> Commit-Queue: Adam Langley <agl@google.com> CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
pirms 8 gadiem
Forbid using exporters during a renego. They will get very confused about which key they're using. Any caller using exporters must either (a) leave renegotiation off or (b) be very aware of when renegotiations happen anyway. (You need to somehow coordinate with the peer about which epoch's exporter to use.) Change-Id: I921ad01ac9bdc88f3fd0f8283757ce673a47ec75 Reviewed-on: https://boringssl-review.googlesource.com/12003 Reviewed-by: Adam Langley <agl@google.com>
pirms 8 gadiem
Add |SSL_set_retain_only_sha256_of_client_certs|. Previously the option to retain only the SHA-256 hash of client certificates could only be set at the |SSL_CTX| level. This change makes |SSL| objects inherit the setting from the |SSL_CTX|, but allows it to be overridden on a per-|SSL| basis. Change-Id: Id435934af3d425d5f008d2f3b9751d1d0884ee55 Reviewed-on: https://boringssl-review.googlesource.com/12182 Reviewed-by: David Benjamin <davidben@google.com> Commit-Queue: David Benjamin <davidben@google.com> CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
pirms 8 gadiem
Add a test for renegotiation on busy write buffer. The write path for TLS is going to need some work. There are some fiddly cases when there is a write in progress. Start adding tests to cover this logic. Later I'm hoping we can extend this flag so it drains the unfinished write and thus test the interaction of read/write paths in 0-RTT. (We may discover 1-RTT keys while we're in the middle of writing data.) Change-Id: Iac2c417e4b5e84794fb699dd7cbba26a883b64ef Reviewed-on: https://boringssl-review.googlesource.com/13049 Reviewed-by: Adam Langley <agl@google.com>
pirms 7 gadiem
Report TLS 1.3 as supporting secure renegotiation. TLS 1.3 doesn't support renegotiation in the first place, but so callers don't report TLS 1.3 servers as missing it, always report it as (vacuously) protected against this bug. BUG=chromium:680281 Change-Id: Ibfec03102b2aec7eaa773c331d6844292e7bb685 Reviewed-on: https://boringssl-review.googlesource.com/13046 Reviewed-by: David Benjamin <davidben@google.com> Commit-Queue: David Benjamin <davidben@google.com> CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
pirms 7 gadiem
TLS 1.3 sessions should not be added to the server session cache. Fix this and add a test. Otherwise enabling TLS 1.3 will cause a server to blow through its session cache. Change-Id: I67edbc468faedfd94a6c30cf842af085a6543b50 Reviewed-on: https://boringssl-review.googlesource.com/13501 Reviewed-by: Steven Valdez <svaldez@google.com> Reviewed-by: David Benjamin <davidben@google.com> Commit-Queue: David Benjamin <davidben@google.com> CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
pirms 7 gadiem
Add Data-less Zero-RTT support. This adds support on the server and client to accept data-less early data. The server will still fail to parse early data with any contents, so this should remain disabled. BUG=76 Change-Id: Id85d192d8e0360b8de4b6971511b5e8a0e8012f7 Reviewed-on: https://boringssl-review.googlesource.com/12921 Reviewed-by: David Benjamin <davidben@google.com> Commit-Queue: David Benjamin <davidben@google.com> CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
pirms 7 gadiem
Test the behavior of running SSL_do_handshake twice in a row. BUG=185 Change-Id: I4ce6735ca78cd687538a8c0fdbd78ee97b93585c Reviewed-on: https://boringssl-review.googlesource.com/14382 Reviewed-by: David Benjamin <davidben@google.com> Commit-Queue: David Benjamin <davidben@google.com> CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
pirms 7 gadiem
Add an option to allow unknown ALPN protocols. We received an external request to add an option to undo the check added in 3e51757de2bf9beef7d249f22d255e4dd9ddb012. Change-Id: Ifdd4b07705f2fa3d781d775d5cd139ea72d36734 Reviewed-on: https://boringssl-review.googlesource.com/14644 Reviewed-by: David Benjamin <davidben@google.com> Commit-Queue: David Benjamin <davidben@google.com> CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
pirms 7 gadiem
Support Ed25519 in TLS. This only works at TLS 1.2 and above as, before TLS 1.2, there is no way to advertise support for Ed25519 or negotiate the correct signature algorithm. Add tests for this accordingly. For now, this is disabled by default on the verifying side but may be enabled per SSL_CTX. Notably, projects like Chromium which use an external verifier may need changes elsewhere before they can enable it. (On the signing side, we can assume that if the caller gave us an Ed25519 certificate, they mean for us to use it.) BUG=187 Change-Id: Id25b0a677dcbe205ddd26d8dbba11c04bb520756 Reviewed-on: https://boringssl-review.googlesource.com/14450 Commit-Queue: David Benjamin <davidben@google.com> Reviewed-by: Adam Langley <agl@google.com>
pirms 7 gadiem
Move configuration into a dedicated TestConfig struct. This removes some duplicate code in parsing command-line flags and, more importantly, makes configuration available when constructing the SSL_CTX and avoids a number of globals. Change-Id: I26e2d2285b732f855a2c82752bc8e0db480c3b30 Reviewed-on: https://boringssl-review.googlesource.com/1502 Reviewed-by: Adam Langley <agl@google.com>
pirms 10 gadiem
Add min_version and max_version APIs. Amend the version negotiation tests to test this new spelling of max_version. min_version will be tested in a follow-up. Change-Id: Ic4bfcd43bc4e5f951140966f64bb5fd3e2472b01 Reviewed-on: https://boringssl-review.googlesource.com/2583 Reviewed-by: Adam Langley <agl@google.com>
pirms 10 gadiem
Update TLS fuzzer format with prepended settings. This allows us to fill in holes in our fuzzer coverage, notably client resumption (and thus early data) and server client certificates. The corpora are not refreshed yet. This will be done in upcoming changes. Also add an option for debugging fuzzers. It's very useful to test it on transcripts and make sure that fuzzer mode successfully makes things compatible. Bug: 104 Change-Id: I02f0be4045d1baf68efc9a4157f573df1429575d Reviewed-on: https://boringssl-review.googlesource.com/17531 Reviewed-by: David Benjamin <davidben@google.com> Commit-Queue: David Benjamin <davidben@google.com> CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
pirms 7 gadiem
Adding more options for signing digest fallback. Allow configuring digest preferences for the private key. Some smartcards have limited support for signing digests, notably Windows CAPI keys and old Estonian smartcards. Chromium used the supports_digest hook in SSL_PRIVATE_KEY_METHOD to limit such keys to SHA1. However, detecting those keys was a heuristic, so some SHA256-capable keys authenticating to SHA256-only servers regressed in the switch to BoringSSL. Replace this mechanism with an API to configure digest preference order. This way heuristically-detected SHA1-only keys may be configured by Chromium as SHA1-preferring rather than SHA1-requiring. In doing so, clean up the shared_sigalgs machinery somewhat. BUG=468076 Change-Id: I996a2df213ae4d8b4062f0ab85b15262ca26f3c6 Reviewed-on: https://boringssl-review.googlesource.com/5755 Reviewed-by: Adam Langley <agl@google.com>
pirms 9 gadiem
Move configuration into a dedicated TestConfig struct. This removes some duplicate code in parsing command-line flags and, more importantly, makes configuration available when constructing the SSL_CTX and avoids a number of globals. Change-Id: I26e2d2285b732f855a2c82752bc8e0db480c3b30 Reviewed-on: https://boringssl-review.googlesource.com/1502 Reviewed-by: Adam Langley <agl@google.com>
pirms 10 gadiem
Add basic TLS Channel ID tests. Change-Id: I7ccf2b8282dfa8f3985775e8b67edcf3c2949752 Reviewed-on: https://boringssl-review.googlesource.com/1606 Reviewed-by: Adam Langley <agl@google.com>
pirms 10 gadiem
Improve test coverage for server_name extension. Notably, this would have caught ed8270a55c3845abbc85dfeed358597fef059ea9 (although, apart from staring at code coverage, knowing to set resumeSession on the server test isn't exactly obvious). Perhaps we should systematically set it on all extension server tests; ClientHello extension parsing happens after resumption has been determined and is often sensitive to it. Change-Id: Ie83f294a26881a6a41969e9dbd102d0a93cb68b5 Reviewed-on: https://boringssl-review.googlesource.com/1750 Reviewed-by: Adam Langley <agl@google.com>
pirms 10 gadiem
Add tests for ALPN support. Both as client and as server. Also tests that ALPN causes False Start to kick in. Change-Id: Ib570346f3c511834152cd2df2ef29541946d3ab4 Reviewed-on: https://boringssl-review.googlesource.com/1753 Reviewed-by: Adam Langley <agl@google.com>
pirms 10 gadiem
Adding support for sending early data on the client. BUG=76 Change-Id: If58a73da38e46549fd55f84a9104e2dfebfda43f Reviewed-on: https://boringssl-review.googlesource.com/14164 Reviewed-by: Steven Valdez <svaldez@google.com> Reviewed-by: David Benjamin <davidben@google.com> Commit-Queue: Steven Valdez <svaldez@google.com> Commit-Queue: David Benjamin <davidben@google.com> CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
pirms 7 gadiem
Add tests for ALPN support. Both as client and as server. Also tests that ALPN causes False Start to kick in. Change-Id: Ib570346f3c511834152cd2df2ef29541946d3ab4 Reviewed-on: https://boringssl-review.googlesource.com/1753 Reviewed-by: Adam Langley <agl@google.com>
pirms 10 gadiem
Add tests for PSK cipher suites. Only the three plain PSK suites for now. ECDHE_PSK_WITH_AES_128_GCM_SHA256 will be in a follow-up. Change-Id: Iafc116a5b2798c61d90c139b461cf98897ae23b3 Reviewed-on: https://boringssl-review.googlesource.com/2051 Reviewed-by: Adam Langley <agl@google.com>
pirms 10 gadiem
Add DTLS-SRTP tests. Just the negotiation portion as everything else is external. This feature is used in WebRTC. Change-Id: Iccc3983ea99e7d054b59010182f9a56a8099e116 Reviewed-on: https://boringssl-review.googlesource.com/2310 Reviewed-by: Adam Langley <agl@google.com>
pirms 10 gadiem
Test that client cipher preferences are enforced. Change-Id: I6e760cfd785c0c5688da6f7d3d3092a8add40409 Reviewed-on: https://boringssl-review.googlesource.com/4070 Reviewed-by: Adam Langley <agl@google.com>
pirms 9 gadiem
Add tests for SSL_export_keying_material. Change-Id: Ic4d3ade08aa648ce70ada9981e894b6c1c4197c6 Reviewed-on: https://boringssl-review.googlesource.com/4215 Reviewed-by: Adam Langley <agl@google.com>
pirms 9 gadiem
Add runner tests which send intermediate certificates. Certificate chain with intermediate taken from Chromium's tests. Though it doesn't really matter because the runner tests don't verify certificates. BUG=70 Change-Id: I46fd1d4be0f371b5bfd43370b97d2c8053cfad60 Reviewed-on: https://boringssl-review.googlesource.com/12261 CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org> Reviewed-by: Steven Valdez <svaldez@chromium.org> Reviewed-by: David Benjamin <davidben@google.com> Commit-Queue: David Benjamin <davidben@google.com>
pirms 8 gadiem
Add test for |SSL_get_client_CA_list|. Change-Id: Ibea6a9d52b000876740097f98c6891db4772371b Reviewed-on: https://boringssl-review.googlesource.com/14008 Reviewed-by: Adam Langley <agl@google.com> Commit-Queue: Adam Langley <agl@google.com> CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
pirms 7 gadiem
Move configuration into a dedicated TestConfig struct. This removes some duplicate code in parsing command-line flags and, more importantly, makes configuration available when constructing the SSL_CTX and avoids a number of globals. Change-Id: I26e2d2285b732f855a2c82752bc8e0db480c3b30 Reviewed-on: https://boringssl-review.googlesource.com/1502 Reviewed-by: Adam Langley <agl@google.com>
pirms 10 gadiem
Add min_version and max_version APIs. Amend the version negotiation tests to test this new spelling of max_version. min_version will be tested in a follow-up. Change-Id: Ic4bfcd43bc4e5f951140966f64bb5fd3e2472b01 Reviewed-on: https://boringssl-review.googlesource.com/2583 Reviewed-by: Adam Langley <agl@google.com>
pirms 10 gadiem
Introduce a mechanism for base64 options. We may wish to pass data to the runner that contains NULs. Change-Id: Id78dad0ad0b5b6d0537481c818e3febdf1740cc9 Reviewed-on: https://boringssl-review.googlesource.com/1603 Reviewed-by: Adam Langley <agl@google.com>
pirms 10 gadiem
Add basic TLS Channel ID tests. Change-Id: I7ccf2b8282dfa8f3985775e8b67edcf3c2949752 Reviewed-on: https://boringssl-review.googlesource.com/1606 Reviewed-by: Adam Langley <agl@google.com>
pirms 10 gadiem
Add tests for OCSP stapling and SCT lists. We forgot to add those when we implemented the features. (Also relevant because they will provide test coverage later for configuring features when using the generic method tables rather than *_client_method.) Change-Id: Ie08b27de893095e01a05a7084775676616459807 Reviewed-on: https://boringssl-review.googlesource.com/2410 Reviewed-by: Adam Langley <agl@google.com>
pirms 10 gadiem
Server-side OCSP stapling support. This is a simpler implementation than OpenSSL's, lacking responder IDs and request extensions support. This mirrors the client implementation already present. Change-Id: I54592b60e0a708bfb003d491c9250401403c9e69 Reviewed-on: https://boringssl-review.googlesource.com/5700 Reviewed-by: Adam Langley <agl@google.com>
pirms 9 gadiem
Add server-side support for Signed Certificate Timestamps. Change-Id: Ifa44fef160fc9d67771eed165f8fc277f28a0222 Reviewed-on: https://boringssl-review.googlesource.com/5840 Reviewed-by: David Benjamin <davidben@chromium.org> Reviewed-by: Adam Langley <agl@google.com>
pirms 9 gadiem
Add tests which modify the shim ticket. The existing tests for this codepath require us to reconfigure the shim. This will not work when TLS 1.3 cipher configuration is detached from the old cipher language. It also doesn't hit codepaths like sessions containing a TLS 1.3 version but TLS 1.2 cipher. Instead, add some logic to the runner to rewrite tickets and build tests out of that. Change-Id: I57ac5d49c3069497ed9aaf430afc65c631014bf6 Reviewed-on: https://boringssl-review.googlesource.com/12024 Reviewed-by: Adam Langley <agl@google.com>
pirms 8 gadiem
Introduce a mechanism for base64 options. We may wish to pass data to the runner that contains NULs. Change-Id: Id78dad0ad0b5b6d0537481c818e3febdf1740cc9 Reviewed-on: https://boringssl-review.googlesource.com/1603 Reviewed-by: Adam Langley <agl@google.com>
pirms 10 gadiem
Add min_version and max_version APIs. Amend the version negotiation tests to test this new spelling of max_version. min_version will be tested in a follow-up. Change-Id: Ic4bfcd43bc4e5f951140966f64bb5fd3e2472b01 Reviewed-on: https://boringssl-review.googlesource.com/2583 Reviewed-by: Adam Langley <agl@google.com>
pirms 10 gadiem
Use TCP sockets rather than socketpairs in the SSL tests. This involves more synchronization with child exits as the kernel no longer closes the pre-created pipes for free, but it works on Windows. As long as TCP_NODELAY is set, the performance seems comparable. Though it does involve dealing with graceful socket shutdown. I couldn't get that to work on Windows without draining the socket; not even SO_LINGER worked. Current (untested) theory is that Windows refuses to gracefully shutdown a socket if the peer sends data after we've stopped reading. cmd.ExtraFiles doesn't work on Windows; it doesn't use fds natively, so you can't pass fds 4 and 5. (stdin/stdout/stderr are special slots in CreateProcess.) We can instead use the syscall module directly and mark handles as inheritable (and then pass the numerical values out-of-band), but that requires synchronizing all of our shim.Start() calls and assuming no other thread is spawning a process. PROC_THREAD_ATTRIBUTE_HANDLE_LIST fixes threading problems, but requires wrapping more syscalls. exec.Cmd also doesn't let us launch the process ourselves. Plus it still requires every handle in the list be marked inheritable, so it doesn't help if some other thread is launching a process with bInheritHandles TRUE but NOT using PROC_THREAD_ATTRIBUTE_HANDLE_LIST. (Like Go, though we can take syscall.ForkLock there.) http://blogs.msdn.com/b/oldnewthing/archive/2011/12/16/10248328.aspx The more natively Windows option seems to be named pipes, but that too requires wrapping more system calls. (To be fair, that isn't too painful.) They also involve a listening server, so we'd still have to synchronize with shim.Wait() a la net.TCPListener. Then there's DuplicateHandle, but then we need an out-of-band signal. All in all, one cross-platform implementation with a TCP sockets seems simplest. Change-Id: I38233e309a0fa6814baf61e806732138902347c0 Reviewed-on: https://boringssl-review.googlesource.com/3563 Reviewed-by: Adam Langley <agl@google.com>
pirms 9 gadiem
Test resuming renewed sessions. In TLS 1.3 draft 14, due to resumption using a different cipher, this is actually not too hard to mess up. (In fact BoGo didn't quite get it right.) Fortunately, the new cipher suite negotiation in draft 15 should make this reasonable again once we implement it. In the meantime, test it. Change-Id: I2eb948eeaaa051ecacaa9095b66ff149582ea11d Reviewed-on: https://boringssl-review.googlesource.com/10442 Reviewed-by: David Benjamin <davidben@google.com> Commit-Queue: David Benjamin <davidben@google.com> CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
pirms 8 gadiem
Add min_version and max_version APIs. Amend the version negotiation tests to test this new spelling of max_version. min_version will be tested in a follow-up. Change-Id: Ic4bfcd43bc4e5f951140966f64bb5fd3e2472b01 Reviewed-on: https://boringssl-review.googlesource.com/2583 Reviewed-by: Adam Langley <agl@google.com>
pirms 10 gadiem
Add a basic MTU test. The minimum MTU (not consistently enforced) is just under 256, so it's difficult to test everything, but this is a basic test. (E.g., without renego, the only handshake message with encryption is Finished which fits in the MTU.) It tests the server side because the Certificate message is large enough to require fragmentation. Change-Id: Ida11f1057cebae2b800ad13696f98bb3a7fbbc5e Reviewed-on: https://boringssl-review.googlesource.com/2824 Reviewed-by: Adam Langley <agl@google.com>
pirms 9 gadiem
Add tests for SSL_export_keying_material. Change-Id: Ic4d3ade08aa648ce70ada9981e894b6c1c4197c6 Reviewed-on: https://boringssl-review.googlesource.com/4215 Reviewed-by: Adam Langley <agl@google.com>
pirms 9 gadiem
Unbreak SSL_total_renegotiations. The logic to update that got removed in https://boringssl-review.googlesource.com/4825. Add tests. Change-Id: Idc550e8fa3ce6f69a76fa65d7651adde281edba6 Reviewed-on: https://boringssl-review.googlesource.com/6220 Reviewed-by: Matt Braithwaite <mab@google.com> Reviewed-by: Adam Langley <alangley@gmail.com> Reviewed-by: Adam Langley <agl@google.com>
pirms 9 gadiem
Change SignatureAndHashAlgorithm to SignatureScheme in Go. TLS 1.3 defines a new SignatureScheme uint16 enum that is backwards compatible on the wire with TLS1.2's SignatureAndHashAlgorithm. This change updates the go testing code to use a single signatureAlgorithm enum (instead of 2 separate signature and hash enums) in preparation for TLS 1.3. It also unifies all the signing around this new scheme, effectively backporting the change to TLS 1.2. For now, it does not distinguish signature algorithms between 1.2 and 1.3 (RSA-PSS instead of RSA-PKCS1, ECDSA must match curve types). When the C code is ready make a similar change, the Go code will be updated to match. [Originally written by nharper, tweaked significantly by davidben.] Change-Id: If9a315c4670755089ac061e4ec254ef3457a00de Reviewed-on: https://boringssl-review.googlesource.com/8450 Reviewed-by: David Benjamin <davidben@google.com>
pirms 8 gadiem
Add SSL_get_curve_id and SSL_get_dhe_group_size. This replaces the old key_exchange_info APIs and does not require the caller be aware of the mess around SSL_SESSION management. They currently have the same bugs around renegotiation as before, but later work to fix up SSL_SESSION tracking will fix their internals. For consistency with the existing functions, I've kept the public API at 'curve' rather than 'group' for now. I think it's probably better to have only one name with a single explanation in the section header rather than half and half. (I also wouldn't be surprised if the IETF ends up renaming 'group' again to 'key exchange' at some point. We'll see what happens.) Change-Id: I8e90a503bc4045d12f30835c86de64ef9f2d07c8 Reviewed-on: https://boringssl-review.googlesource.com/8565 Reviewed-by: Adam Langley <agl@google.com>
pirms 8 gadiem
Adding a method to change the initial DTLS retransmission timer value. This allows an application to override the default of 1 second, which is what's instructed in RFC 6347 but is not an absolute requirement. Change-Id: I0bbb16e31990fbcab44a29325b6ec7757d5789e5 Reviewed-on: https://boringssl-review.googlesource.com/7930 Reviewed-by: David Benjamin <davidben@google.com>
pirms 8 gadiem
Add tests for very large handshake messages. OpenSSL recently had a regression here (CVE-2016-6309). We're fine, but so that we stay that way, add some tests. Change-Id: I244d7ff327b7aad550f86408c5e5e65e6d1babe5 Reviewed-on: https://boringssl-review.googlesource.com/11321 Reviewed-by: Adam Langley <agl@google.com> Commit-Queue: Adam Langley <agl@google.com> CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
pirms 8 gadiem
Detach TLS 1.3 cipher configuration from the cipher language. TLS 1.3 ciphers are now always enabled and come with a hard-coded preference order. BUG=110 Change-Id: Idd9cb0d75fb6bf2676ecdee27d88893ff974c4a3 Reviewed-on: https://boringssl-review.googlesource.com/12025 Reviewed-by: Adam Langley <agl@google.com>
pirms 8 gadiem
Update to TLS 1.3 draft 18. This is the squash of the following CLs: https://boringssl-review.googlesource.com/c/12021/9 https://boringssl-review.googlesource.com/c/12022/9 https://boringssl-review.googlesource.com/c/12107/19 https://boringssl-review.googlesource.com/c/12141/22 https://boringssl-review.googlesource.com/c/12181/33 The Go portions were written by Nick Harper BUG=112 Change-Id: I375a1fcead493ec3e0282e231ccc8d7c4dde5063 Reviewed-on: https://boringssl-review.googlesource.com/12300 CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org> Reviewed-by: David Benjamin <davidben@google.com> Commit-Queue: David Benjamin <davidben@google.com>
pirms 8 gadiem
Test SSL_set_max_send_fragment. This gives coverage over needing to fragment something over multiple records. Change-Id: I2373613608ef669358d48f4e12f68577fa5a40dc Reviewed-on: https://boringssl-review.googlesource.com/13101 Reviewed-by: Adam Langley <agl@google.com>
pirms 7 gadiem
Export server-side ticket_age skew. We'll measure this value to guide what tolerance to use in the 0-RTT anti-replay mechanism. This also fixes a bug where we were previously minting ticket_age_add-less tickets on the server. Add a check to reject all those tickets. BUG=113 Change-Id: I68e690c0794234234e0d0500b4b9a7f79aea641e Reviewed-on: https://boringssl-review.googlesource.com/14068 Reviewed-by: Steven Valdez <svaldez@google.com> Commit-Queue: Steven Valdez <svaldez@google.com> CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
pirms 7 gadiem
Add min_version and max_version APIs. Amend the version negotiation tests to test this new spelling of max_version. min_version will be tested in a follow-up. Change-Id: Ic4bfcd43bc4e5f951140966f64bb5fd3e2472b01 Reviewed-on: https://boringssl-review.googlesource.com/2583 Reviewed-by: Adam Langley <agl@google.com>
pirms 10 gadiem
Introduce a mechanism for base64 options. We may wish to pass data to the runner that contains NULs. Change-Id: Id78dad0ad0b5b6d0537481c818e3febdf1740cc9 Reviewed-on: https://boringssl-review.googlesource.com/1603 Reviewed-by: Adam Langley <agl@google.com>
pirms 10 gadiem
Add SSL_set_signing_algorithm_prefs. This gives us a sigalg-based API for configuring signing algorithms. Change-Id: Ib746a56ebd1061eadd2620cdb140d5171b59bc02 Reviewed-on: https://boringssl-review.googlesource.com/8784 Reviewed-by: Adam Langley <agl@google.com>
pirms 8 gadiem
Add SSL_CTX_set_verify_algorithm_prefs. When writing tests and BoGo isn't available, it is useful to be able to configure the set of signature algorithms accepted on the verify side. Add an API for this. Change-Id: Ic873189da7f8853e412acd68614df9d9a872a0c8 Reviewed-on: https://boringssl-review.googlesource.com/15125 Reviewed-by: Steven Valdez <svaldez@google.com> Reviewed-by: David Benjamin <davidben@google.com> Commit-Queue: David Benjamin <davidben@google.com> CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
pirms 7 gadiem
Add SSL_set_signing_algorithm_prefs. This gives us a sigalg-based API for configuring signing algorithms. Change-Id: Ib746a56ebd1061eadd2620cdb140d5171b59bc02 Reviewed-on: https://boringssl-review.googlesource.com/8784 Reviewed-by: Adam Langley <agl@google.com>
pirms 8 gadiem
Adding support for sending early data on the client. BUG=76 Change-Id: If58a73da38e46549fd55f84a9104e2dfebfda43f Reviewed-on: https://boringssl-review.googlesource.com/14164 Reviewed-by: Steven Valdez <svaldez@google.com> Reviewed-by: David Benjamin <davidben@google.com> Commit-Queue: Steven Valdez <svaldez@google.com> Commit-Queue: David Benjamin <davidben@google.com> CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
pirms 7 gadiem
Improve TestConfig flags for initial and resumption connections. Change-Id: I97a2920a08f995ea70425ad9126f1dced067f2a4 Reviewed-on: https://boringssl-review.googlesource.com/16084 Reviewed-by: Steven Valdez <svaldez@google.com> Commit-Queue: Steven Valdez <svaldez@google.com> CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
pirms 7 gadiem
Adding support for sending early data on the client. BUG=76 Change-Id: If58a73da38e46549fd55f84a9104e2dfebfda43f Reviewed-on: https://boringssl-review.googlesource.com/14164 Reviewed-by: Steven Valdez <svaldez@google.com> Reviewed-by: David Benjamin <davidben@google.com> Commit-Queue: Steven Valdez <svaldez@google.com> Commit-Queue: David Benjamin <davidben@google.com> CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
pirms 7 gadiem
Move configuration into a dedicated TestConfig struct. This removes some duplicate code in parsing command-line flags and, more importantly, makes configuration available when constructing the SSL_CTX and avoids a number of globals. Change-Id: I26e2d2285b732f855a2c82752bc8e0db480c3b30 Reviewed-on: https://boringssl-review.googlesource.com/1502 Reviewed-by: Adam Langley <agl@google.com>
pirms 10 gadiem
Adding support for sending early data on the client. BUG=76 Change-Id: If58a73da38e46549fd55f84a9104e2dfebfda43f Reviewed-on: https://boringssl-review.googlesource.com/14164 Reviewed-by: Steven Valdez <svaldez@google.com> Reviewed-by: David Benjamin <davidben@google.com> Commit-Queue: Steven Valdez <svaldez@google.com> Commit-Queue: David Benjamin <davidben@google.com> CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
pirms 7 gadiem
Improve TestConfig flags for initial and resumption connections. Change-Id: I97a2920a08f995ea70425ad9126f1dced067f2a4 Reviewed-on: https://boringssl-review.googlesource.com/16084 Reviewed-by: Steven Valdez <svaldez@google.com> Commit-Queue: Steven Valdez <svaldez@google.com> CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
pirms 7 gadiem
Adding support for sending early data on the client. BUG=76 Change-Id: If58a73da38e46549fd55f84a9104e2dfebfda43f Reviewed-on: https://boringssl-review.googlesource.com/14164 Reviewed-by: Steven Valdez <svaldez@google.com> Reviewed-by: David Benjamin <davidben@google.com> Commit-Queue: Steven Valdez <svaldez@google.com> Commit-Queue: David Benjamin <davidben@google.com> CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
pirms 7 gadiem
Improve TestConfig flags for initial and resumption connections. Change-Id: I97a2920a08f995ea70425ad9126f1dced067f2a4 Reviewed-on: https://boringssl-review.googlesource.com/16084 Reviewed-by: Steven Valdez <svaldez@google.com> Commit-Queue: Steven Valdez <svaldez@google.com> CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
pirms 7 gadiem
Adding support for sending early data on the client. BUG=76 Change-Id: If58a73da38e46549fd55f84a9104e2dfebfda43f Reviewed-on: https://boringssl-review.googlesource.com/14164 Reviewed-by: Steven Valdez <svaldez@google.com> Reviewed-by: David Benjamin <davidben@google.com> Commit-Queue: Steven Valdez <svaldez@google.com> Commit-Queue: David Benjamin <davidben@google.com> CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
pirms 7 gadiem
Move configuration into a dedicated TestConfig struct. This removes some duplicate code in parsing command-line flags and, more importantly, makes configuration available when constructing the SSL_CTX and avoids a number of globals. Change-Id: I26e2d2285b732f855a2c82752bc8e0db480c3b30 Reviewed-on: https://boringssl-review.googlesource.com/1502 Reviewed-by: Adam Langley <agl@google.com>
pirms 10 gadiem
Adding support for sending early data on the client. BUG=76 Change-Id: If58a73da38e46549fd55f84a9104e2dfebfda43f Reviewed-on: https://boringssl-review.googlesource.com/14164 Reviewed-by: Steven Valdez <svaldez@google.com> Reviewed-by: David Benjamin <davidben@google.com> Commit-Queue: Steven Valdez <svaldez@google.com> Commit-Queue: David Benjamin <davidben@google.com> CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
pirms 7 gadiem
Move configuration into a dedicated TestConfig struct. This removes some duplicate code in parsing command-line flags and, more importantly, makes configuration available when constructing the SSL_CTX and avoids a number of globals. Change-Id: I26e2d2285b732f855a2c82752bc8e0db480c3b30 Reviewed-on: https://boringssl-review.googlesource.com/1502 Reviewed-by: Adam Langley <agl@google.com>
pirms 10 gadiem
Adding support for sending early data on the client. BUG=76 Change-Id: If58a73da38e46549fd55f84a9104e2dfebfda43f Reviewed-on: https://boringssl-review.googlesource.com/14164 Reviewed-by: Steven Valdez <svaldez@google.com> Reviewed-by: David Benjamin <davidben@google.com> Commit-Queue: Steven Valdez <svaldez@google.com> Commit-Queue: David Benjamin <davidben@google.com> CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
pirms 7 gadiem
Move configuration into a dedicated TestConfig struct. This removes some duplicate code in parsing command-line flags and, more importantly, makes configuration available when constructing the SSL_CTX and avoids a number of globals. Change-Id: I26e2d2285b732f855a2c82752bc8e0db480c3b30 Reviewed-on: https://boringssl-review.googlesource.com/1502 Reviewed-by: Adam Langley <agl@google.com>
pirms 10 gadiem
Adding support for sending early data on the client. BUG=76 Change-Id: If58a73da38e46549fd55f84a9104e2dfebfda43f Reviewed-on: https://boringssl-review.googlesource.com/14164 Reviewed-by: Steven Valdez <svaldez@google.com> Reviewed-by: David Benjamin <davidben@google.com> Commit-Queue: Steven Valdez <svaldez@google.com> Commit-Queue: David Benjamin <davidben@google.com> CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
pirms 7 gadiem
Add min_version and max_version APIs. Amend the version negotiation tests to test this new spelling of max_version. min_version will be tested in a follow-up. Change-Id: Ic4bfcd43bc4e5f951140966f64bb5fd3e2472b01 Reviewed-on: https://boringssl-review.googlesource.com/2583 Reviewed-by: Adam Langley <agl@google.com>
pirms 10 gadiem
Adding support for sending early data on the client. BUG=76 Change-Id: If58a73da38e46549fd55f84a9104e2dfebfda43f Reviewed-on: https://boringssl-review.googlesource.com/14164 Reviewed-by: Steven Valdez <svaldez@google.com> Reviewed-by: David Benjamin <davidben@google.com> Commit-Queue: Steven Valdez <svaldez@google.com> Commit-Queue: David Benjamin <davidben@google.com> CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
pirms 7 gadiem
Add min_version and max_version APIs. Amend the version negotiation tests to test this new spelling of max_version. min_version will be tested in a follow-up. Change-Id: Ic4bfcd43bc4e5f951140966f64bb5fd3e2472b01 Reviewed-on: https://boringssl-review.googlesource.com/2583 Reviewed-by: Adam Langley <agl@google.com>
pirms 10 gadiem
Adding support for sending early data on the client. BUG=76 Change-Id: If58a73da38e46549fd55f84a9104e2dfebfda43f Reviewed-on: https://boringssl-review.googlesource.com/14164 Reviewed-by: Steven Valdez <svaldez@google.com> Reviewed-by: David Benjamin <davidben@google.com> Commit-Queue: Steven Valdez <svaldez@google.com> Commit-Queue: David Benjamin <davidben@google.com> CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
pirms 7 gadiem
Add min_version and max_version APIs. Amend the version negotiation tests to test this new spelling of max_version. min_version will be tested in a follow-up. Change-Id: Ic4bfcd43bc4e5f951140966f64bb5fd3e2472b01 Reviewed-on: https://boringssl-review.googlesource.com/2583 Reviewed-by: Adam Langley <agl@google.com>
pirms 10 gadiem
Adding support for sending early data on the client. BUG=76 Change-Id: If58a73da38e46549fd55f84a9104e2dfebfda43f Reviewed-on: https://boringssl-review.googlesource.com/14164 Reviewed-by: Steven Valdez <svaldez@google.com> Reviewed-by: David Benjamin <davidben@google.com> Commit-Queue: Steven Valdez <svaldez@google.com> Commit-Queue: David Benjamin <davidben@google.com> CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
pirms 7 gadiem
Improve TestConfig flags for initial and resumption connections. Change-Id: I97a2920a08f995ea70425ad9126f1dced067f2a4 Reviewed-on: https://boringssl-review.googlesource.com/16084 Reviewed-by: Steven Valdez <svaldez@google.com> Commit-Queue: Steven Valdez <svaldez@google.com> CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
pirms 7 gadiem
Adding support for sending early data on the client. BUG=76 Change-Id: If58a73da38e46549fd55f84a9104e2dfebfda43f Reviewed-on: https://boringssl-review.googlesource.com/14164 Reviewed-by: Steven Valdez <svaldez@google.com> Reviewed-by: David Benjamin <davidben@google.com> Commit-Queue: Steven Valdez <svaldez@google.com> Commit-Queue: David Benjamin <davidben@google.com> CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
pirms 7 gadiem
Add SSL_set_signing_algorithm_prefs. This gives us a sigalg-based API for configuring signing algorithms. Change-Id: Ib746a56ebd1061eadd2620cdb140d5171b59bc02 Reviewed-on: https://boringssl-review.googlesource.com/8784 Reviewed-by: Adam Langley <agl@google.com>
pirms 8 gadiem
Adding support for sending early data on the client. BUG=76 Change-Id: If58a73da38e46549fd55f84a9104e2dfebfda43f Reviewed-on: https://boringssl-review.googlesource.com/14164 Reviewed-by: Steven Valdez <svaldez@google.com> Reviewed-by: David Benjamin <davidben@google.com> Commit-Queue: Steven Valdez <svaldez@google.com> Commit-Queue: David Benjamin <davidben@google.com> CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
pirms 7 gadiem
Improve TestConfig flags for initial and resumption connections. Change-Id: I97a2920a08f995ea70425ad9126f1dced067f2a4 Reviewed-on: https://boringssl-review.googlesource.com/16084 Reviewed-by: Steven Valdez <svaldez@google.com> Commit-Queue: Steven Valdez <svaldez@google.com> CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
pirms 7 gadiem
Add SSL_set_signing_algorithm_prefs. This gives us a sigalg-based API for configuring signing algorithms. Change-Id: Ib746a56ebd1061eadd2620cdb140d5171b59bc02 Reviewed-on: https://boringssl-review.googlesource.com/8784 Reviewed-by: Adam Langley <agl@google.com>
pirms 8 gadiem
Move configuration into a dedicated TestConfig struct. This removes some duplicate code in parsing command-line flags and, more importantly, makes configuration available when constructing the SSL_CTX and avoids a number of globals. Change-Id: I26e2d2285b732f855a2c82752bc8e0db480c3b30 Reviewed-on: https://boringssl-review.googlesource.com/1502 Reviewed-by: Adam Langley <agl@google.com>
pirms 10 gadiem
 123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318 
  1. /* Copyright (c) 2014, Google Inc.

  2.  *

  3.  * Permission to use, copy, modify, and/or distribute this software for any

  4.  * purpose with or without fee is hereby granted, provided that the above

  5.  * copyright notice and this permission notice appear in all copies.

  6.  *

  7.  * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES

  8.  * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF

  9.  * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY

  10.  * SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES

  11.  * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION

  12.  * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN

  13.  * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */

  14. 

  15. #include "test_config.h"

  16. 

  17. #include <stdio.h>

  18. #include <stdlib.h>

  19. #include <string.h>

  20. 

  21. #include <memory>

  22. 

  23. #include <openssl/base64.h>

  24. 

  25. namespace {

  26. 

  27. template <typename T>

  28. struct Flag {

  29.   const char *flag;

  30.   T TestConfig::*member;

  31. };

  32. 

  33. // FindField looks for the flag in |flags| that matches |flag|. If one is found,

  34. // it returns a pointer to the corresponding field in |config|. Otherwise, it

  35. // returns NULL.

  36. template<typename T, size_t N>

  37. T *FindField(TestConfig *config, const Flag<T> (&flags)[N], const char *flag) {

  38.   for (size_t i = 0; i < N; i++) {

  39.     if (strcmp(flag, flags[i].flag) == 0) {

  40.       return &(config->*(flags[i].member));

  41.     }

  42.   }

  43.   return NULL;

  44. }

  45. 

  46. const Flag<bool> kBoolFlags[] = {

  47.   { "-server", &TestConfig::is_server },

  48.   { "-dtls", &TestConfig::is_dtls },

  49.   { "-fallback-scsv", &TestConfig::fallback_scsv },

  50.   { "-require-any-client-certificate",

  51.     &TestConfig::require_any_client_certificate },

  52.   { "-false-start", &TestConfig::false_start },

  53.   { "-async", &TestConfig::async },

  54.   { "-write-different-record-sizes",

  55.     &TestConfig::write_different_record_sizes },

  56.   { "-cbc-record-splitting", &TestConfig::cbc_record_splitting },

  57.   { "-partial-write", &TestConfig::partial_write },

  58.   { "-no-tls13", &TestConfig::no_tls13 },

  59.   { "-no-tls12", &TestConfig::no_tls12 },

  60.   { "-no-tls11", &TestConfig::no_tls11 },

  61.   { "-no-tls1", &TestConfig::no_tls1 },

  62.   { "-no-ssl3", &TestConfig::no_ssl3 },

  63.   { "-enable-channel-id", &TestConfig::enable_channel_id },

  64.   { "-shim-writes-first", &TestConfig::shim_writes_first },

  65.   { "-expect-session-miss", &TestConfig::expect_session_miss },

  66.   { "-decline-alpn", &TestConfig::decline_alpn },

  67.   { "-expect-extended-master-secret",

  68.     &TestConfig::expect_extended_master_secret },

  69.   { "-enable-ocsp-stapling", &TestConfig::enable_ocsp_stapling },

  70.   { "-enable-signed-cert-timestamps",

  71.     &TestConfig::enable_signed_cert_timestamps },

  72.   { "-implicit-handshake", &TestConfig::implicit_handshake },

  73.   { "-use-early-callback", &TestConfig::use_early_callback },

  74.   { "-fail-early-callback", &TestConfig::fail_early_callback },

  75.   { "-install-ddos-callback", &TestConfig::install_ddos_callback },

  76.   { "-fail-ddos-callback", &TestConfig::fail_ddos_callback },

  77.   { "-fail-second-ddos-callback", &TestConfig::fail_second_ddos_callback },

  78.   { "-fail-cert-callback", &TestConfig::fail_cert_callback },

  79.   { "-handshake-never-done", &TestConfig::handshake_never_done },

  80.   { "-use-export-context", &TestConfig::use_export_context },

  81.   { "-tls-unique", &TestConfig::tls_unique },

  82.   { "-expect-ticket-renewal", &TestConfig::expect_ticket_renewal },

  83.   { "-expect-no-session", &TestConfig::expect_no_session },

  84.   { "-expect-early-data-info", &TestConfig::expect_early_data_info },

  85.   { "-use-ticket-callback", &TestConfig::use_ticket_callback },

  86.   { "-renew-ticket", &TestConfig::renew_ticket },

  87.   { "-enable-early-data", &TestConfig::enable_early_data },

  88.   { "-enable-client-custom-extension",

  89.     &TestConfig::enable_client_custom_extension },

  90.   { "-enable-server-custom-extension",

  91.     &TestConfig::enable_server_custom_extension },

  92.   { "-custom-extension-skip", &TestConfig::custom_extension_skip },

  93.   { "-custom-extension-fail-add", &TestConfig::custom_extension_fail_add },

  94.   { "-check-close-notify", &TestConfig::check_close_notify },

  95.   { "-shim-shuts-down", &TestConfig::shim_shuts_down },

  96.   { "-verify-fail", &TestConfig::verify_fail },

  97.   { "-verify-peer", &TestConfig::verify_peer },

  98.   { "-verify-peer-if-no-obc", &TestConfig::verify_peer_if_no_obc },

  99.   { "-expect-verify-result", &TestConfig::expect_verify_result },

  100.   { "-renegotiate-once", &TestConfig::renegotiate_once },

  101.   { "-renegotiate-freely", &TestConfig::renegotiate_freely },

  102.   { "-renegotiate-ignore", &TestConfig::renegotiate_ignore },

  103.   { "-p384-only", &TestConfig::p384_only },

  104.   { "-enable-all-curves", &TestConfig::enable_all_curves },

  105.   { "-use-old-client-cert-callback",

  106.     &TestConfig::use_old_client_cert_callback },

  107.   { "-send-alert", &TestConfig::send_alert },

  108.   { "-peek-then-read", &TestConfig::peek_then_read },

  109.   { "-enable-grease", &TestConfig::enable_grease },

  110.   { "-use-exporter-between-reads", &TestConfig::use_exporter_between_reads },

  111.   { "-retain-only-sha256-client-cert-initial",

  112.     &TestConfig::retain_only_sha256_client_cert_initial },

  113.   { "-retain-only-sha256-client-cert-resume",

  114.     &TestConfig::retain_only_sha256_client_cert_resume },

  115.   { "-expect-sha256-client-cert-initial",

  116.     &TestConfig::expect_sha256_client_cert_initial },

  117.   { "-expect-sha256-client-cert-resume",

  118.     &TestConfig::expect_sha256_client_cert_resume },

  119.   { "-read-with-unfinished-write", &TestConfig::read_with_unfinished_write },

  120.   { "-expect-secure-renegotiation",

  121.     &TestConfig::expect_secure_renegotiation },

  122.   { "-expect-no-secure-renegotiation",

  123.     &TestConfig::expect_no_secure_renegotiation },

  124.   { "-expect-session-id", &TestConfig::expect_session_id },

  125.   { "-expect-no-session-id", &TestConfig::expect_no_session_id },

  126.   { "-expect-accept-early-data", &TestConfig::expect_accept_early_data },

  127.   { "-expect-reject-early-data", &TestConfig::expect_reject_early_data },

  128.   { "-no-op-extra-handshake", &TestConfig::no_op_extra_handshake },

  129.   { "-handshake-twice", &TestConfig::handshake_twice },

  130.   { "-allow-unknown-alpn-protos", &TestConfig::allow_unknown_alpn_protos },

  131.   { "-enable-ed25519", &TestConfig::enable_ed25519 },

  132. };

  133. 

  134. const Flag<std::string> kStringFlags[] = {

  135.   { "-write-settings", &TestConfig::write_settings },

  136.   { "-digest-prefs", &TestConfig::digest_prefs },

  137.   { "-key-file", &TestConfig::key_file },

  138.   { "-cert-file", &TestConfig::cert_file },

  139.   { "-expect-server-name", &TestConfig::expected_server_name },

  140.   { "-advertise-npn", &TestConfig::advertise_npn },

  141.   { "-expect-next-proto", &TestConfig::expected_next_proto },

  142.   { "-select-next-proto", &TestConfig::select_next_proto },

  143.   { "-send-channel-id", &TestConfig::send_channel_id },

  144.   { "-host-name", &TestConfig::host_name },

  145.   { "-advertise-alpn", &TestConfig::advertise_alpn },

  146.   { "-expect-alpn", &TestConfig::expected_alpn },

  147.   { "-expect-late-alpn", &TestConfig::expected_late_alpn },

  148.   { "-expect-advertised-alpn", &TestConfig::expected_advertised_alpn },

  149.   { "-select-alpn", &TestConfig::select_alpn },

  150.   { "-psk", &TestConfig::psk },

  151.   { "-psk-identity", &TestConfig::psk_identity },

  152.   { "-srtp-profiles", &TestConfig::srtp_profiles },

  153.   { "-cipher", &TestConfig::cipher },

  154.   { "-export-label", &TestConfig::export_label },

  155.   { "-export-context", &TestConfig::export_context },

  156.   { "-expect-peer-cert-file", &TestConfig::expect_peer_cert_file },

  157.   { "-use-client-ca-list", &TestConfig::use_client_ca_list },

  158.   { "-expect-client-ca-list", &TestConfig::expected_client_ca_list },

  159. };

  160. 

  161. const Flag<std::string> kBase64Flags[] = {

  162.   { "-expect-certificate-types", &TestConfig::expected_certificate_types },

  163.   { "-expect-channel-id", &TestConfig::expected_channel_id },

  164.   { "-expect-ocsp-response", &TestConfig::expected_ocsp_response },

  165.   { "-expect-signed-cert-timestamps",

  166.     &TestConfig::expected_signed_cert_timestamps },

  167.   { "-ocsp-response", &TestConfig::ocsp_response },

  168.   { "-signed-cert-timestamps", &TestConfig::signed_cert_timestamps },

  169.   { "-ticket-key", &TestConfig::ticket_key },

  170. };

  171. 

  172. const Flag<int> kIntFlags[] = {

  173.   { "-port", &TestConfig::port },

  174.   { "-resume-count", &TestConfig::resume_count },

  175.   { "-min-version", &TestConfig::min_version },

  176.   { "-max-version", &TestConfig::max_version },

  177.   { "-mtu", &TestConfig::mtu },

  178.   { "-export-keying-material", &TestConfig::export_keying_material },

  179.   { "-expect-total-renegotiations", &TestConfig::expect_total_renegotiations },

  180.   { "-expect-peer-signature-algorithm",

  181.     &TestConfig::expect_peer_signature_algorithm },

  182.   { "-expect-curve-id", &TestConfig::expect_curve_id },

  183.   { "-initial-timeout-duration-ms", &TestConfig::initial_timeout_duration_ms },

  184.   { "-max-cert-list", &TestConfig::max_cert_list },

  185.   { "-expect-cipher-aes", &TestConfig::expect_cipher_aes },

  186.   { "-expect-cipher-no-aes", &TestConfig::expect_cipher_no_aes },

  187.   { "-resumption-delay", &TestConfig::resumption_delay },

  188.   { "-max-send-fragment", &TestConfig::max_send_fragment },

  189.   { "-read-size", &TestConfig::read_size },

  190.   { "-expect-ticket-age-skew", &TestConfig::expect_ticket_age_skew },

  191. };

  192. 

  193. const Flag<std::vector<int>> kIntVectorFlags[] = {

  194.   { "-signing-prefs", &TestConfig::signing_prefs },

  195.   { "-verify-prefs", &TestConfig::verify_prefs },

  196. };

  197. 

  198. bool ParseFlag(char *flag, int argc, char **argv, int *i,

  199.                bool skip, TestConfig *out_config) {

  200.   bool *bool_field = FindField(out_config, kBoolFlags, flag);

  201.   if (bool_field != NULL) {

  202.     if (!skip) {

  203.       *bool_field = true;

  204.     }

  205.     return true;

  206.   }

  207. 

  208.   std::string *string_field = FindField(out_config, kStringFlags, flag);

  209.   if (string_field != NULL) {

  210.     *i = *i + 1;

  211.     if (*i >= argc) {

  212.       fprintf(stderr, "Missing parameter\n");

  213.       return false;

  214.     }

  215.     if (!skip) {

  216.       string_field->assign(argv[*i]);

  217.     }

  218.     return true;

  219.   }

  220. 

  221.   std::string *base64_field = FindField(out_config, kBase64Flags, flag);

  222.   if (base64_field != NULL) {

  223.     *i = *i + 1;

  224.     if (*i >= argc) {

  225.       fprintf(stderr, "Missing parameter\n");

  226.       return false;

  227.     }

  228.     size_t len;

  229.     if (!EVP_DecodedLength(&len, strlen(argv[*i]))) {

  230.       fprintf(stderr, "Invalid base64: %s\n", argv[*i]);

  231.       return false;

  232.     }

  233.     std::unique_ptr<uint8_t[]> decoded(new uint8_t[len]);

  234.     if (!EVP_DecodeBase64(decoded.get(), &len, len,

  235.                           reinterpret_cast<const uint8_t *>(argv[*i]),

  236.                           strlen(argv[*i]))) {

  237.       fprintf(stderr, "Invalid base64: %s\n", argv[*i]);

  238.       return false;

  239.     }

  240.     if (!skip) {

  241.       base64_field->assign(reinterpret_cast<const char *>(decoded.get()),

  242.                            len);

  243.     }

  244.     return true;

  245.   }

  246. 

  247.   int *int_field = FindField(out_config, kIntFlags, flag);

  248.   if (int_field) {

  249.     *i = *i + 1;

  250.     if (*i >= argc) {

  251.       fprintf(stderr, "Missing parameter\n");

  252.       return false;

  253.     }

  254.     if (!skip) {

  255.       *int_field = atoi(argv[*i]);

  256.     }

  257.     return true;

  258.   }

  259. 

  260.   std::vector<int> *int_vector_field =

  261.       FindField(out_config, kIntVectorFlags, flag);

  262.   if (int_vector_field) {

  263.     *i = *i + 1;

  264.     if (*i >= argc) {

  265.       fprintf(stderr, "Missing parameter\n");

  266.       return false;

  267.     }

  268. 

  269.     // Each instance of the flag adds to the list.

  270.     if (!skip) {

  271.       int_vector_field->push_back(atoi(argv[*i]));

  272.     }

  273.     return true;

  274.   }

  275. 

  276.   fprintf(stderr, "Unknown argument: %s\n", flag);

  277.   return false;

  278. }

  279. 

  280. const char kInit[] = "-on-initial";

  281. const char kResume[] = "-on-resume";

  282. const char kRetry[] = "-on-retry";

  283. 

  284. }  // namespace

  285. 

  286. bool ParseConfig(int argc, char **argv,

  287.                  TestConfig *out_initial,

  288.                  TestConfig *out_resume,

  289.                  TestConfig *out_retry) {

  290.   for (int i = 0; i < argc; i++) {

  291.     bool skip = false;

  292.     char *flag = argv[i];

  293.     if (strncmp(flag, kInit, strlen(kInit)) == 0) {

  294.       if (!ParseFlag(flag + strlen(kInit), argc, argv, &i, skip, out_initial)) {

  295.         return false;

  296.       }

  297.     } else if (strncmp(flag, kResume, strlen(kResume)) == 0) {

  298.       if (!ParseFlag(flag + strlen(kResume), argc, argv, &i, skip,

  299.                      out_resume)) {

  300.         return false;

  301.       }

  302.     } else if (strncmp(flag, kRetry, strlen(kRetry)) == 0) {

  303.       if (!ParseFlag(flag + strlen(kRetry), argc, argv, &i, skip, out_retry)) {

  304.         return false;

  305.       }

  306.     } else {

  307.       int i_init = i;

  308.       int i_resume = i;

  309.       if (!ParseFlag(flag, argc, argv, &i_init, skip, out_initial) ||

  310.           !ParseFlag(flag, argc, argv, &i_resume, skip, out_resume) ||

  311.           !ParseFlag(flag, argc, argv, &i, skip, out_retry)) {

  312.         return false;

  313.       }

  314.     }

  315.   }

  316. 

  317.   return true;

  318. }