kris
/
boringssl
1
0
Креирај огранак 0
Код Дискусије 0 Захтеви за спајање 0 Издања 0 Вики Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
490 Комити
12 Гране
38 MiB
Дрво: b0c8db7347
Гране Ознаке
${ item.name }
Create branch ${ searchTerm }
from 'b0c8db7347'
${ noResults }
boringssl/ssl/test/bssl_shim.cc

bssl_shim.cc 17 KiB
Датотека Normal View Историја

Add some basic server tests to runner.go. client_shim.cc and runner.go are generalized to handle both ends. Plumb a bit through the test case to control which and add server versions of all the cipher suite tests. Change-Id: Iab2640b390f7ed7160c9a9bf6bb34b8bec761b2e Reviewed-on: https://boringssl-review.googlesource.com/1091 Reviewed-by: Adam Langley <agl@google.com>
пре 10 година
Windows build fixes. Windows doesn't have ssize_t, sadly. There's SSIZE_T, but defining an OPENSSL_SSIZE_T seems worse than just using an int. Change-Id: I09bb5aa03f96da78b619e551f92ed52ce24d9f3f Reviewed-on: https://boringssl-review.googlesource.com/1352 Reviewed-by: Adam Langley <agl@google.com>
пре 10 година
Add some basic server tests to runner.go. client_shim.cc and runner.go are generalized to handle both ends. Plumb a bit through the test case to control which and add server versions of all the cipher suite tests. Change-Id: Iab2640b390f7ed7160c9a9bf6bb34b8bec761b2e Reviewed-on: https://boringssl-review.googlesource.com/1091 Reviewed-by: Adam Langley <agl@google.com>
пре 10 година
Add test coverage for session resumption with tickets. The shim is now passed two file descriptors. In a session resumption test, the second is used in an abbreviated handshake immediately after the first. Change-Id: I1f348c05f1a8ff2881fb46fc9e869696f74071c6 Reviewed-on: https://boringssl-review.googlesource.com/1291 Reviewed-by: Adam Langley <agl@google.com>
пре 10 година
Port early callback support to CBS. Resolve one of the TODOs since it's quick. Adjust the -expect-server-name test to assert it both in the normal codepath and in the early callback, to provide test coverage for SSL_early_callback_ctx_extension_get. Change-Id: I4d71158b9fd2f4fbb54d3e51184bd25d117bdc91 Reviewed-on: https://boringssl-review.googlesource.com/1120 Reviewed-by: Adam Langley <agl@google.com>
пре 10 година
Windows build fixes. Windows doesn't have ssize_t, sadly. There's SSIZE_T, but defining an OPENSSL_SSIZE_T seems worse than just using an int. Change-Id: I09bb5aa03f96da78b619e551f92ed52ce24d9f3f Reviewed-on: https://boringssl-review.googlesource.com/1352 Reviewed-by: Adam Langley <agl@google.com>
пре 10 година
Add some basic server tests to runner.go. client_shim.cc and runner.go are generalized to handle both ends. Plumb a bit through the test case to control which and add server versions of all the cipher suite tests. Change-Id: Iab2640b390f7ed7160c9a9bf6bb34b8bec761b2e Reviewed-on: https://boringssl-review.googlesource.com/1091 Reviewed-by: Adam Langley <agl@google.com>
пре 10 година
Port early callback support to CBS. Resolve one of the TODOs since it's quick. Adjust the -expect-server-name test to assert it both in the normal codepath and in the early callback, to provide test coverage for SSL_early_callback_ctx_extension_get. Change-Id: I4d71158b9fd2f4fbb54d3e51184bd25d117bdc91 Reviewed-on: https://boringssl-review.googlesource.com/1120 Reviewed-by: Adam Langley <agl@google.com>
пре 10 година
Add test coverage for session resumption with tickets. The shim is now passed two file descriptors. In a session resumption test, the second is used in an abbreviated handshake immediately after the first. Change-Id: I1f348c05f1a8ff2881fb46fc9e869696f74071c6 Reviewed-on: https://boringssl-review.googlesource.com/1291 Reviewed-by: Adam Langley <agl@google.com>
пре 10 година
Test state machine asynchronous behavior. Add a framework for testing the asynchronous codepath. Move some handshake state machine coverage tests to cover a range of record-layer and handshake-layer asynchronicity. This adds tests for the previous two async bugs fixed. Change-Id: I422ef33ba3eeb0ad04766871ed8bc59b677b169e Reviewed-on: https://boringssl-review.googlesource.com/1410 Reviewed-by: Adam Langley <agl@google.com>
пре 10 година
Add initial DTLS tests. Change-Id: I7407261bdb2d788c879f2e67e617a615d9ff8f8b Reviewed-on: https://boringssl-review.googlesource.com/1505 Reviewed-by: Adam Langley <agl@google.com>
пре 10 година
Move configuration into a dedicated TestConfig struct. This removes some duplicate code in parsing command-line flags and, more importantly, makes configuration available when constructing the SSL_CTX and avoids a number of globals. Change-Id: I26e2d2285b732f855a2c82752bc8e0db480c3b30 Reviewed-on: https://boringssl-review.googlesource.com/1502 Reviewed-by: Adam Langley <agl@google.com>
пре 10 година
Test state machine asynchronous behavior. Add a framework for testing the asynchronous codepath. Move some handshake state machine coverage tests to cover a range of record-layer and handshake-layer asynchronicity. This adds tests for the previous two async bugs fixed. Change-Id: I422ef33ba3eeb0ad04766871ed8bc59b677b169e Reviewed-on: https://boringssl-review.googlesource.com/1410 Reviewed-by: Adam Langley <agl@google.com>
пре 10 година
Add test coverage for session resumption with tickets. The shim is now passed two file descriptors. In a session resumption test, the second is used in an abbreviated handshake immediately after the first. Change-Id: I1f348c05f1a8ff2881fb46fc9e869696f74071c6 Reviewed-on: https://boringssl-review.googlesource.com/1291 Reviewed-by: Adam Langley <agl@google.com>
пре 10 година
Move configuration into a dedicated TestConfig struct. This removes some duplicate code in parsing command-line flags and, more importantly, makes configuration available when constructing the SSL_CTX and avoids a number of globals. Change-Id: I26e2d2285b732f855a2c82752bc8e0db480c3b30 Reviewed-on: https://boringssl-review.googlesource.com/1502 Reviewed-by: Adam Langley <agl@google.com>
пре 10 година
Add test coverage for session resumption with tickets. The shim is now passed two file descriptors. In a session resumption test, the second is used in an abbreviated handshake immediately after the first. Change-Id: I1f348c05f1a8ff2881fb46fc9e869696f74071c6 Reviewed-on: https://boringssl-review.googlesource.com/1291 Reviewed-by: Adam Langley <agl@google.com>
пре 10 година
Add some basic server tests to runner.go. client_shim.cc and runner.go are generalized to handle both ends. Plumb a bit through the test case to control which and add server versions of all the cipher suite tests. Change-Id: Iab2640b390f7ed7160c9a9bf6bb34b8bec761b2e Reviewed-on: https://boringssl-review.googlesource.com/1091 Reviewed-by: Adam Langley <agl@google.com>
пре 10 година
Move configuration into a dedicated TestConfig struct. This removes some duplicate code in parsing command-line flags and, more importantly, makes configuration available when constructing the SSL_CTX and avoids a number of globals. Change-Id: I26e2d2285b732f855a2c82752bc8e0db480c3b30 Reviewed-on: https://boringssl-review.googlesource.com/1502 Reviewed-by: Adam Langley <agl@google.com>
пре 10 година
Add basic TLS Channel ID tests. Change-Id: I7ccf2b8282dfa8f3985775e8b67edcf3c2949752 Reviewed-on: https://boringssl-review.googlesource.com/1606 Reviewed-by: Adam Langley <agl@google.com>
пре 10 година
Add a server NPN test. Change-Id: Ib34a24e86bb5de117ecf5609918e130c1ff9532e Reviewed-on: https://boringssl-review.googlesource.com/1161 Reviewed-by: Adam Langley <agl@google.com>
пре 10 година
Port early callback support to CBS. Resolve one of the TODOs since it's quick. Adjust the -expect-server-name test to assert it both in the normal codepath and in the early callback, to provide test coverage for SSL_early_callback_ctx_extension_get. Change-Id: I4d71158b9fd2f4fbb54d3e51184bd25d117bdc91 Reviewed-on: https://boringssl-review.googlesource.com/1120 Reviewed-by: Adam Langley <agl@google.com>
пре 10 година
Add a server NPN test. Change-Id: Ib34a24e86bb5de117ecf5609918e130c1ff9532e Reviewed-on: https://boringssl-review.googlesource.com/1161 Reviewed-by: Adam Langley <agl@google.com>
пре 10 година
Port early callback support to CBS. Resolve one of the TODOs since it's quick. Adjust the -expect-server-name test to assert it both in the normal codepath and in the early callback, to provide test coverage for SSL_early_callback_ctx_extension_get. Change-Id: I4d71158b9fd2f4fbb54d3e51184bd25d117bdc91 Reviewed-on: https://boringssl-review.googlesource.com/1120 Reviewed-by: Adam Langley <agl@google.com>
пре 10 година
Move configuration into a dedicated TestConfig struct. This removes some duplicate code in parsing command-line flags and, more importantly, makes configuration available when constructing the SSL_CTX and avoids a number of globals. Change-Id: I26e2d2285b732f855a2c82752bc8e0db480c3b30 Reviewed-on: https://boringssl-review.googlesource.com/1502 Reviewed-by: Adam Langley <agl@google.com>
пре 10 година
Add a test for certificate types parsing. Change-Id: Icddd39ae183f981f78a65427a4dda34449ca389a Reviewed-on: https://boringssl-review.googlesource.com/1111 Reviewed-by: Adam Langley <agl@google.com>
пре 10 година
Port early callback support to CBS. Resolve one of the TODOs since it's quick. Adjust the -expect-server-name test to assert it both in the normal codepath and in the early callback, to provide test coverage for SSL_early_callback_ctx_extension_get. Change-Id: I4d71158b9fd2f4fbb54d3e51184bd25d117bdc91 Reviewed-on: https://boringssl-review.googlesource.com/1120 Reviewed-by: Adam Langley <agl@google.com>
пре 10 година
Add a test for certificate types parsing. Change-Id: Icddd39ae183f981f78a65427a4dda34449ca389a Reviewed-on: https://boringssl-review.googlesource.com/1111 Reviewed-by: Adam Langley <agl@google.com>
пре 10 година
Port early callback support to CBS. Resolve one of the TODOs since it's quick. Adjust the -expect-server-name test to assert it both in the normal codepath and in the early callback, to provide test coverage for SSL_early_callback_ctx_extension_get. Change-Id: I4d71158b9fd2f4fbb54d3e51184bd25d117bdc91 Reviewed-on: https://boringssl-review.googlesource.com/1120 Reviewed-by: Adam Langley <agl@google.com>
пре 10 година
Add a test for certificate types parsing. Change-Id: Icddd39ae183f981f78a65427a4dda34449ca389a Reviewed-on: https://boringssl-review.googlesource.com/1111 Reviewed-by: Adam Langley <agl@google.com>
пре 10 година
Move configuration into a dedicated TestConfig struct. This removes some duplicate code in parsing command-line flags and, more importantly, makes configuration available when constructing the SSL_CTX and avoids a number of globals. Change-Id: I26e2d2285b732f855a2c82752bc8e0db480c3b30 Reviewed-on: https://boringssl-review.googlesource.com/1502 Reviewed-by: Adam Langley <agl@google.com>
пре 10 година
Add a test for certificate types parsing. Change-Id: Icddd39ae183f981f78a65427a4dda34449ca389a Reviewed-on: https://boringssl-review.googlesource.com/1111 Reviewed-by: Adam Langley <agl@google.com>
пре 10 година
Port early callback support to CBS. Resolve one of the TODOs since it's quick. Adjust the -expect-server-name test to assert it both in the normal codepath and in the early callback, to provide test coverage for SSL_early_callback_ctx_extension_get. Change-Id: I4d71158b9fd2f4fbb54d3e51184bd25d117bdc91 Reviewed-on: https://boringssl-review.googlesource.com/1120 Reviewed-by: Adam Langley <agl@google.com>
пре 10 година
Add some basic server tests to runner.go. client_shim.cc and runner.go are generalized to handle both ends. Plumb a bit through the test case to control which and add server versions of all the cipher suite tests. Change-Id: Iab2640b390f7ed7160c9a9bf6bb34b8bec761b2e Reviewed-on: https://boringssl-review.googlesource.com/1091 Reviewed-by: Adam Langley <agl@google.com>
пре 10 година
Add a server NPN test. Change-Id: Ib34a24e86bb5de117ecf5609918e130c1ff9532e Reviewed-on: https://boringssl-review.googlesource.com/1161 Reviewed-by: Adam Langley <agl@google.com>
пре 10 година
Add tests for the server accepting client certificates. Change-Id: I9acc4363c6b9804d5fe464053393cf16ffb7785c Reviewed-on: https://boringssl-review.googlesource.com/1159 Reviewed-by: Adam Langley <agl@google.com>
пре 10 година
Add a server NPN test. Change-Id: Ib34a24e86bb5de117ecf5609918e130c1ff9532e Reviewed-on: https://boringssl-review.googlesource.com/1161 Reviewed-by: Adam Langley <agl@google.com>
пре 10 година
Fix False Start without session tickets. One of the state transitions wasn't rewritten to CR_CHANGE. Add a test to exercise this codepath. Also SSL_cutthrough_complete references the state. Change-Id: Ib2f7ac5ac3f0348864efa93cf13cfd87454572f0 Reviewed-on: https://boringssl-review.googlesource.com/1337 Reviewed-by: Adam Langley <agl@google.com>
пре 10 година
Move configuration into a dedicated TestConfig struct. This removes some duplicate code in parsing command-line flags and, more importantly, makes configuration available when constructing the SSL_CTX and avoids a number of globals. Change-Id: I26e2d2285b732f855a2c82752bc8e0db480c3b30 Reviewed-on: https://boringssl-review.googlesource.com/1502 Reviewed-by: Adam Langley <agl@google.com>
пре 10 година
Add a server NPN test. Change-Id: Ib34a24e86bb5de117ecf5609918e130c1ff9532e Reviewed-on: https://boringssl-review.googlesource.com/1161 Reviewed-by: Adam Langley <agl@google.com>
пре 10 година
Move configuration into a dedicated TestConfig struct. This removes some duplicate code in parsing command-line flags and, more importantly, makes configuration available when constructing the SSL_CTX and avoids a number of globals. Change-Id: I26e2d2285b732f855a2c82752bc8e0db480c3b30 Reviewed-on: https://boringssl-review.googlesource.com/1502 Reviewed-by: Adam Langley <agl@google.com>
пре 10 година
Add a server NPN test. Change-Id: Ib34a24e86bb5de117ecf5609918e130c1ff9532e Reviewed-on: https://boringssl-review.googlesource.com/1161 Reviewed-by: Adam Langley <agl@google.com>
пре 10 година
Fix False Start without session tickets. One of the state transitions wasn't rewritten to CR_CHANGE. Add a test to exercise this codepath. Also SSL_cutthrough_complete references the state. Change-Id: Ib2f7ac5ac3f0348864efa93cf13cfd87454572f0 Reviewed-on: https://boringssl-review.googlesource.com/1337 Reviewed-by: Adam Langley <agl@google.com>
пре 10 година
Move configuration into a dedicated TestConfig struct. This removes some duplicate code in parsing command-line flags and, more importantly, makes configuration available when constructing the SSL_CTX and avoids a number of globals. Change-Id: I26e2d2285b732f855a2c82752bc8e0db480c3b30 Reviewed-on: https://boringssl-review.googlesource.com/1502 Reviewed-by: Adam Langley <agl@google.com>
пре 10 година
Fix False Start without session tickets. One of the state transitions wasn't rewritten to CR_CHANGE. Add a test to exercise this codepath. Also SSL_cutthrough_complete references the state. Change-Id: Ib2f7ac5ac3f0348864efa93cf13cfd87454572f0 Reviewed-on: https://boringssl-review.googlesource.com/1337 Reviewed-by: Adam Langley <agl@google.com>
пре 10 година
Move configuration into a dedicated TestConfig struct. This removes some duplicate code in parsing command-line flags and, more importantly, makes configuration available when constructing the SSL_CTX and avoids a number of globals. Change-Id: I26e2d2285b732f855a2c82752bc8e0db480c3b30 Reviewed-on: https://boringssl-review.googlesource.com/1502 Reviewed-by: Adam Langley <agl@google.com>
пре 10 година
Fix False Start without session tickets. One of the state transitions wasn't rewritten to CR_CHANGE. Add a test to exercise this codepath. Also SSL_cutthrough_complete references the state. Change-Id: Ib2f7ac5ac3f0348864efa93cf13cfd87454572f0 Reviewed-on: https://boringssl-review.googlesource.com/1337 Reviewed-by: Adam Langley <agl@google.com>
пре 10 година
Add tests for ALPN support. Both as client and as server. Also tests that ALPN causes False Start to kick in. Change-Id: Ib570346f3c511834152cd2df2ef29541946d3ab4 Reviewed-on: https://boringssl-review.googlesource.com/1753 Reviewed-by: Adam Langley <agl@google.com>
пре 10 година
Tidy DTLS cookie callback types. const-correctness, unsigned long -> size_t. Change-Id: Ic0c2685a48a0f98396c5753b6077c6c0c3b92326 Reviewed-on: https://boringssl-review.googlesource.com/1540 Reviewed-by: Adam Langley <agl@google.com>
пре 10 година
Add initial DTLS tests. Change-Id: I7407261bdb2d788c879f2e67e617a615d9ff8f8b Reviewed-on: https://boringssl-review.googlesource.com/1505 Reviewed-by: Adam Langley <agl@google.com>
пре 10 година
Tidy DTLS cookie callback types. const-correctness, unsigned long -> size_t. Change-Id: Ic0c2685a48a0f98396c5753b6077c6c0c3b92326 Reviewed-on: https://boringssl-review.googlesource.com/1540 Reviewed-by: Adam Langley <agl@google.com>
пре 10 година
Add initial DTLS tests. Change-Id: I7407261bdb2d788c879f2e67e617a615d9ff8f8b Reviewed-on: https://boringssl-review.googlesource.com/1505 Reviewed-by: Adam Langley <agl@google.com>
пре 10 година
Move configuration into a dedicated TestConfig struct. This removes some duplicate code in parsing command-line flags and, more importantly, makes configuration available when constructing the SSL_CTX and avoids a number of globals. Change-Id: I26e2d2285b732f855a2c82752bc8e0db480c3b30 Reviewed-on: https://boringssl-review.googlesource.com/1502 Reviewed-by: Adam Langley <agl@google.com>
пре 10 година
Add some basic server tests to runner.go. client_shim.cc and runner.go are generalized to handle both ends. Plumb a bit through the test case to control which and add server versions of all the cipher suite tests. Change-Id: Iab2640b390f7ed7160c9a9bf6bb34b8bec761b2e Reviewed-on: https://boringssl-review.googlesource.com/1091 Reviewed-by: Adam Langley <agl@google.com>
пре 10 година
runner: Implement DHE-RSA. Use it to test DHE-RSA in BoringSSL. Change-Id: I88f7bfa76507a6f60234d61d494c9f94b7df4e0a Reviewed-on: https://boringssl-review.googlesource.com/1377 Reviewed-by: Adam Langley <agl@google.com>
пре 10 година
Add some basic server tests to runner.go. client_shim.cc and runner.go are generalized to handle both ends. Plumb a bit through the test case to control which and add server versions of all the cipher suite tests. Change-Id: Iab2640b390f7ed7160c9a9bf6bb34b8bec761b2e Reviewed-on: https://boringssl-review.googlesource.com/1091 Reviewed-by: Adam Langley <agl@google.com>
пре 10 година
Add initial DTLS tests. Change-Id: I7407261bdb2d788c879f2e67e617a615d9ff8f8b Reviewed-on: https://boringssl-review.googlesource.com/1505 Reviewed-by: Adam Langley <agl@google.com>
пре 10 година
Add some basic server tests to runner.go. client_shim.cc and runner.go are generalized to handle both ends. Plumb a bit through the test case to control which and add server versions of all the cipher suite tests. Change-Id: Iab2640b390f7ed7160c9a9bf6bb34b8bec761b2e Reviewed-on: https://boringssl-review.googlesource.com/1091 Reviewed-by: Adam Langley <agl@google.com>
пре 10 година
Add initial DTLS tests. Change-Id: I7407261bdb2d788c879f2e67e617a615d9ff8f8b Reviewed-on: https://boringssl-review.googlesource.com/1505 Reviewed-by: Adam Langley <agl@google.com>
пре 10 година
Add some basic server tests to runner.go. client_shim.cc and runner.go are generalized to handle both ends. Plumb a bit through the test case to control which and add server versions of all the cipher suite tests. Change-Id: Iab2640b390f7ed7160c9a9bf6bb34b8bec761b2e Reviewed-on: https://boringssl-review.googlesource.com/1091 Reviewed-by: Adam Langley <agl@google.com>
пре 10 година
runner: Implement DHE-RSA. Use it to test DHE-RSA in BoringSSL. Change-Id: I88f7bfa76507a6f60234d61d494c9f94b7df4e0a Reviewed-on: https://boringssl-review.googlesource.com/1377 Reviewed-by: Adam Langley <agl@google.com>
пре 10 година
Add test coverage for session resumption with tickets. The shim is now passed two file descriptors. In a session resumption test, the second is used in an abbreviated handshake immediately after the first. Change-Id: I1f348c05f1a8ff2881fb46fc9e869696f74071c6 Reviewed-on: https://boringssl-review.googlesource.com/1291 Reviewed-by: Adam Langley <agl@google.com>
пре 10 година
Port early callback support to CBS. Resolve one of the TODOs since it's quick. Adjust the -expect-server-name test to assert it both in the normal codepath and in the early callback, to provide test coverage for SSL_early_callback_ctx_extension_get. Change-Id: I4d71158b9fd2f4fbb54d3e51184bd25d117bdc91 Reviewed-on: https://boringssl-review.googlesource.com/1120 Reviewed-by: Adam Langley <agl@google.com>
пре 10 година
Add a server NPN test. Change-Id: Ib34a24e86bb5de117ecf5609918e130c1ff9532e Reviewed-on: https://boringssl-review.googlesource.com/1161 Reviewed-by: Adam Langley <agl@google.com>
пре 10 година
Add tests for ALPN support. Both as client and as server. Also tests that ALPN causes False Start to kick in. Change-Id: Ib570346f3c511834152cd2df2ef29541946d3ab4 Reviewed-on: https://boringssl-review.googlesource.com/1753 Reviewed-by: Adam Langley <agl@google.com>
пре 10 година
Add a server NPN test. Change-Id: Ib34a24e86bb5de117ecf5609918e130c1ff9532e Reviewed-on: https://boringssl-review.googlesource.com/1161 Reviewed-by: Adam Langley <agl@google.com>
пре 10 година
Add initial DTLS tests. Change-Id: I7407261bdb2d788c879f2e67e617a615d9ff8f8b Reviewed-on: https://boringssl-review.googlesource.com/1505 Reviewed-by: Adam Langley <agl@google.com>
пре 10 година
Add basic TLS Channel ID tests. Change-Id: I7ccf2b8282dfa8f3985775e8b67edcf3c2949752 Reviewed-on: https://boringssl-review.googlesource.com/1606 Reviewed-by: Adam Langley <agl@google.com>
пре 10 година
runner: Implement DHE-RSA. Use it to test DHE-RSA in BoringSSL. Change-Id: I88f7bfa76507a6f60234d61d494c9f94b7df4e0a Reviewed-on: https://boringssl-review.googlesource.com/1377 Reviewed-by: Adam Langley <agl@google.com>
пре 10 година
Add test coverage for session resumption with tickets. The shim is now passed two file descriptors. In a session resumption test, the second is used in an abbreviated handshake immediately after the first. Change-Id: I1f348c05f1a8ff2881fb46fc9e869696f74071c6 Reviewed-on: https://boringssl-review.googlesource.com/1291 Reviewed-by: Adam Langley <agl@google.com>
пре 10 година
runner: Implement DHE-RSA. Use it to test DHE-RSA in BoringSSL. Change-Id: I88f7bfa76507a6f60234d61d494c9f94b7df4e0a Reviewed-on: https://boringssl-review.googlesource.com/1377 Reviewed-by: Adam Langley <agl@google.com>
пре 10 година
Add test coverage for session resumption with tickets. The shim is now passed two file descriptors. In a session resumption test, the second is used in an abbreviated handshake immediately after the first. Change-Id: I1f348c05f1a8ff2881fb46fc9e869696f74071c6 Reviewed-on: https://boringssl-review.googlesource.com/1291 Reviewed-by: Adam Langley <agl@google.com>
пре 10 година
Test state machine asynchronous behavior. Add a framework for testing the asynchronous codepath. Move some handshake state machine coverage tests to cover a range of record-layer and handshake-layer asynchronicity. This adds tests for the previous two async bugs fixed. Change-Id: I422ef33ba3eeb0ad04766871ed8bc59b677b169e Reviewed-on: https://boringssl-review.googlesource.com/1410 Reviewed-by: Adam Langley <agl@google.com>
пре 10 година
Add some basic server tests to runner.go. client_shim.cc and runner.go are generalized to handle both ends. Plumb a bit through the test case to control which and add server versions of all the cipher suite tests. Change-Id: Iab2640b390f7ed7160c9a9bf6bb34b8bec761b2e Reviewed-on: https://boringssl-review.googlesource.com/1091 Reviewed-by: Adam Langley <agl@google.com>
пре 10 година
Test state machine asynchronous behavior. Add a framework for testing the asynchronous codepath. Move some handshake state machine coverage tests to cover a range of record-layer and handshake-layer asynchronicity. This adds tests for the previous two async bugs fixed. Change-Id: I422ef33ba3eeb0ad04766871ed8bc59b677b169e Reviewed-on: https://boringssl-review.googlesource.com/1410 Reviewed-by: Adam Langley <agl@google.com>
пре 10 година
Add some basic server tests to runner.go. client_shim.cc and runner.go are generalized to handle both ends. Plumb a bit through the test case to control which and add server versions of all the cipher suite tests. Change-Id: Iab2640b390f7ed7160c9a9bf6bb34b8bec761b2e Reviewed-on: https://boringssl-review.googlesource.com/1091 Reviewed-by: Adam Langley <agl@google.com>
пре 10 година
Test state machine asynchronous behavior. Add a framework for testing the asynchronous codepath. Move some handshake state machine coverage tests to cover a range of record-layer and handshake-layer asynchronicity. This adds tests for the previous two async bugs fixed. Change-Id: I422ef33ba3eeb0ad04766871ed8bc59b677b169e Reviewed-on: https://boringssl-review.googlesource.com/1410 Reviewed-by: Adam Langley <agl@google.com>
пре 10 година
Add some basic server tests to runner.go. client_shim.cc and runner.go are generalized to handle both ends. Plumb a bit through the test case to control which and add server versions of all the cipher suite tests. Change-Id: Iab2640b390f7ed7160c9a9bf6bb34b8bec761b2e Reviewed-on: https://boringssl-review.googlesource.com/1091 Reviewed-by: Adam Langley <agl@google.com>
пре 10 година
Add test coverage for session resumption with tickets. The shim is now passed two file descriptors. In a session resumption test, the second is used in an abbreviated handshake immediately after the first. Change-Id: I1f348c05f1a8ff2881fb46fc9e869696f74071c6 Reviewed-on: https://boringssl-review.googlesource.com/1291 Reviewed-by: Adam Langley <agl@google.com>
пре 10 година
Move configuration into a dedicated TestConfig struct. This removes some duplicate code in parsing command-line flags and, more importantly, makes configuration available when constructing the SSL_CTX and avoids a number of globals. Change-Id: I26e2d2285b732f855a2c82752bc8e0db480c3b30 Reviewed-on: https://boringssl-review.googlesource.com/1502 Reviewed-by: Adam Langley <agl@google.com>
пре 10 година
Add test coverage for session resumption with tickets. The shim is now passed two file descriptors. In a session resumption test, the second is used in an abbreviated handshake immediately after the first. Change-Id: I1f348c05f1a8ff2881fb46fc9e869696f74071c6 Reviewed-on: https://boringssl-review.googlesource.com/1291 Reviewed-by: Adam Langley <agl@google.com>
пре 10 година
Add some basic server tests to runner.go. client_shim.cc and runner.go are generalized to handle both ends. Plumb a bit through the test case to control which and add server versions of all the cipher suite tests. Change-Id: Iab2640b390f7ed7160c9a9bf6bb34b8bec761b2e Reviewed-on: https://boringssl-review.googlesource.com/1091 Reviewed-by: Adam Langley <agl@google.com>
пре 10 година
Test state machine asynchronous behavior. Add a framework for testing the asynchronous codepath. Move some handshake state machine coverage tests to cover a range of record-layer and handshake-layer asynchronicity. This adds tests for the previous two async bugs fixed. Change-Id: I422ef33ba3eeb0ad04766871ed8bc59b677b169e Reviewed-on: https://boringssl-review.googlesource.com/1410 Reviewed-by: Adam Langley <agl@google.com>
пре 10 година
Add some basic server tests to runner.go. client_shim.cc and runner.go are generalized to handle both ends. Plumb a bit through the test case to control which and add server versions of all the cipher suite tests. Change-Id: Iab2640b390f7ed7160c9a9bf6bb34b8bec761b2e Reviewed-on: https://boringssl-review.googlesource.com/1091 Reviewed-by: Adam Langley <agl@google.com>
пре 10 година
Move configuration into a dedicated TestConfig struct. This removes some duplicate code in parsing command-line flags and, more importantly, makes configuration available when constructing the SSL_CTX and avoids a number of globals. Change-Id: I26e2d2285b732f855a2c82752bc8e0db480c3b30 Reviewed-on: https://boringssl-review.googlesource.com/1502 Reviewed-by: Adam Langley <agl@google.com>
пре 10 година
Add some basic server tests to runner.go. client_shim.cc and runner.go are generalized to handle both ends. Plumb a bit through the test case to control which and add server versions of all the cipher suite tests. Change-Id: Iab2640b390f7ed7160c9a9bf6bb34b8bec761b2e Reviewed-on: https://boringssl-review.googlesource.com/1091 Reviewed-by: Adam Langley <agl@google.com>
пре 10 година
Move configuration into a dedicated TestConfig struct. This removes some duplicate code in parsing command-line flags and, more importantly, makes configuration available when constructing the SSL_CTX and avoids a number of globals. Change-Id: I26e2d2285b732f855a2c82752bc8e0db480c3b30 Reviewed-on: https://boringssl-review.googlesource.com/1502 Reviewed-by: Adam Langley <agl@google.com>
пре 10 година
Add initial DTLS tests. Change-Id: I7407261bdb2d788c879f2e67e617a615d9ff8f8b Reviewed-on: https://boringssl-review.googlesource.com/1505 Reviewed-by: Adam Langley <agl@google.com>
пре 10 година
Add a test for SSL_OP_TLS_D5_BUG. If this is part of SSL_OP_ALL, we should have a test for it. Change-Id: Ia72422beb2da6434726e78e174f3416f90f7c897 Reviewed-on: https://boringssl-review.googlesource.com/1695 Reviewed-by: Adam Langley <agl@google.com>
пре 10 година
Add basic TLS Channel ID tests. Change-Id: I7ccf2b8282dfa8f3985775e8b67edcf3c2949752 Reviewed-on: https://boringssl-review.googlesource.com/1606 Reviewed-by: Adam Langley <agl@google.com>
пре 10 година
Improve test coverage for server_name extension. Notably, this would have caught ed8270a55c3845abbc85dfeed358597fef059ea9 (although, apart from staring at code coverage, knowing to set resumeSession on the server test isn't exactly obvious). Perhaps we should systematically set it on all extension server tests; ClientHello extension parsing happens after resumption has been determined and is often sensitive to it. Change-Id: Ie83f294a26881a6a41969e9dbd102d0a93cb68b5 Reviewed-on: https://boringssl-review.googlesource.com/1750 Reviewed-by: Adam Langley <agl@google.com>
пре 10 година
Add tests for ALPN support. Both as client and as server. Also tests that ALPN causes False Start to kick in. Change-Id: Ib570346f3c511834152cd2df2ef29541946d3ab4 Reviewed-on: https://boringssl-review.googlesource.com/1753 Reviewed-by: Adam Langley <agl@google.com>
пре 10 година
Add some basic server tests to runner.go. client_shim.cc and runner.go are generalized to handle both ends. Plumb a bit through the test case to control which and add server versions of all the cipher suite tests. Change-Id: Iab2640b390f7ed7160c9a9bf6bb34b8bec761b2e Reviewed-on: https://boringssl-review.googlesource.com/1091 Reviewed-by: Adam Langley <agl@google.com>
пре 10 година
Test state machine asynchronous behavior. Add a framework for testing the asynchronous codepath. Move some handshake state machine coverage tests to cover a range of record-layer and handshake-layer asynchronicity. This adds tests for the previous two async bugs fixed. Change-Id: I422ef33ba3eeb0ad04766871ed8bc59b677b169e Reviewed-on: https://boringssl-review.googlesource.com/1410 Reviewed-by: Adam Langley <agl@google.com>
пре 10 година
Add initial DTLS tests. Change-Id: I7407261bdb2d788c879f2e67e617a615d9ff8f8b Reviewed-on: https://boringssl-review.googlesource.com/1505 Reviewed-by: Adam Langley <agl@google.com>
пре 10 година
Move configuration into a dedicated TestConfig struct. This removes some duplicate code in parsing command-line flags and, more importantly, makes configuration available when constructing the SSL_CTX and avoids a number of globals. Change-Id: I26e2d2285b732f855a2c82752bc8e0db480c3b30 Reviewed-on: https://boringssl-review.googlesource.com/1502 Reviewed-by: Adam Langley <agl@google.com>
пре 10 година
Add initial DTLS tests. Change-Id: I7407261bdb2d788c879f2e67e617a615d9ff8f8b Reviewed-on: https://boringssl-review.googlesource.com/1505 Reviewed-by: Adam Langley <agl@google.com>
пре 10 година
Test state machine asynchronous behavior. Add a framework for testing the asynchronous codepath. Move some handshake state machine coverage tests to cover a range of record-layer and handshake-layer asynchronicity. This adds tests for the previous two async bugs fixed. Change-Id: I422ef33ba3eeb0ad04766871ed8bc59b677b169e Reviewed-on: https://boringssl-review.googlesource.com/1410 Reviewed-by: Adam Langley <agl@google.com>
пре 10 година
Add test coverage for session resumption with tickets. The shim is now passed two file descriptors. In a session resumption test, the second is used in an abbreviated handshake immediately after the first. Change-Id: I1f348c05f1a8ff2881fb46fc9e869696f74071c6 Reviewed-on: https://boringssl-review.googlesource.com/1291 Reviewed-by: Adam Langley <agl@google.com>
пре 10 година
Test state machine asynchronous behavior. Add a framework for testing the asynchronous codepath. Move some handshake state machine coverage tests to cover a range of record-layer and handshake-layer asynchronicity. This adds tests for the previous two async bugs fixed. Change-Id: I422ef33ba3eeb0ad04766871ed8bc59b677b169e Reviewed-on: https://boringssl-review.googlesource.com/1410 Reviewed-by: Adam Langley <agl@google.com>
пре 10 година
Move configuration into a dedicated TestConfig struct. This removes some duplicate code in parsing command-line flags and, more importantly, makes configuration available when constructing the SSL_CTX and avoids a number of globals. Change-Id: I26e2d2285b732f855a2c82752bc8e0db480c3b30 Reviewed-on: https://boringssl-review.googlesource.com/1502 Reviewed-by: Adam Langley <agl@google.com>
пре 10 година
Test state machine asynchronous behavior. Add a framework for testing the asynchronous codepath. Move some handshake state machine coverage tests to cover a range of record-layer and handshake-layer asynchronicity. This adds tests for the previous two async bugs fixed. Change-Id: I422ef33ba3eeb0ad04766871ed8bc59b677b169e Reviewed-on: https://boringssl-review.googlesource.com/1410 Reviewed-by: Adam Langley <agl@google.com>
пре 10 година
Move configuration into a dedicated TestConfig struct. This removes some duplicate code in parsing command-line flags and, more importantly, makes configuration available when constructing the SSL_CTX and avoids a number of globals. Change-Id: I26e2d2285b732f855a2c82752bc8e0db480c3b30 Reviewed-on: https://boringssl-review.googlesource.com/1502 Reviewed-by: Adam Langley <agl@google.com>
пре 10 година
Add some basic server tests to runner.go. client_shim.cc and runner.go are generalized to handle both ends. Plumb a bit through the test case to control which and add server versions of all the cipher suite tests. Change-Id: Iab2640b390f7ed7160c9a9bf6bb34b8bec761b2e Reviewed-on: https://boringssl-review.googlesource.com/1091 Reviewed-by: Adam Langley <agl@google.com>
пре 10 година
Add test coverage for session resumption with tickets. The shim is now passed two file descriptors. In a session resumption test, the second is used in an abbreviated handshake immediately after the first. Change-Id: I1f348c05f1a8ff2881fb46fc9e869696f74071c6 Reviewed-on: https://boringssl-review.googlesource.com/1291 Reviewed-by: Adam Langley <agl@google.com>
пре 10 година
Move configuration into a dedicated TestConfig struct. This removes some duplicate code in parsing command-line flags and, more importantly, makes configuration available when constructing the SSL_CTX and avoids a number of globals. Change-Id: I26e2d2285b732f855a2c82752bc8e0db480c3b30 Reviewed-on: https://boringssl-review.googlesource.com/1502 Reviewed-by: Adam Langley <agl@google.com>
пре 10 година
Add a test that server_name extensions are parsed correctly. Change-Id: Id4025835df49eb498df9a48fc81061541778569b Reviewed-on: https://boringssl-review.googlesource.com/1092 Reviewed-by: Adam Langley <agl@google.com>
пре 10 година
Move configuration into a dedicated TestConfig struct. This removes some duplicate code in parsing command-line flags and, more importantly, makes configuration available when constructing the SSL_CTX and avoids a number of globals. Change-Id: I26e2d2285b732f855a2c82752bc8e0db480c3b30 Reviewed-on: https://boringssl-review.googlesource.com/1502 Reviewed-by: Adam Langley <agl@google.com>
пре 10 година
Add a test that server_name extensions are parsed correctly. Change-Id: Id4025835df49eb498df9a48fc81061541778569b Reviewed-on: https://boringssl-review.googlesource.com/1092 Reviewed-by: Adam Langley <agl@google.com>
пре 10 година
Move configuration into a dedicated TestConfig struct. This removes some duplicate code in parsing command-line flags and, more importantly, makes configuration available when constructing the SSL_CTX and avoids a number of globals. Change-Id: I26e2d2285b732f855a2c82752bc8e0db480c3b30 Reviewed-on: https://boringssl-review.googlesource.com/1502 Reviewed-by: Adam Langley <agl@google.com>
пре 10 година
Add a test that server_name extensions are parsed correctly. Change-Id: Id4025835df49eb498df9a48fc81061541778569b Reviewed-on: https://boringssl-review.googlesource.com/1092 Reviewed-by: Adam Langley <agl@google.com>
пре 10 година
Port early callback support to CBS. Resolve one of the TODOs since it's quick. Adjust the -expect-server-name test to assert it both in the normal codepath and in the early callback, to provide test coverage for SSL_early_callback_ctx_extension_get. Change-Id: I4d71158b9fd2f4fbb54d3e51184bd25d117bdc91 Reviewed-on: https://boringssl-review.googlesource.com/1120 Reviewed-by: Adam Langley <agl@google.com>
пре 10 година
Add a test that server_name extensions are parsed correctly. Change-Id: Id4025835df49eb498df9a48fc81061541778569b Reviewed-on: https://boringssl-review.googlesource.com/1092 Reviewed-by: Adam Langley <agl@google.com>
пре 10 година
Move configuration into a dedicated TestConfig struct. This removes some duplicate code in parsing command-line flags and, more importantly, makes configuration available when constructing the SSL_CTX and avoids a number of globals. Change-Id: I26e2d2285b732f855a2c82752bc8e0db480c3b30 Reviewed-on: https://boringssl-review.googlesource.com/1502 Reviewed-by: Adam Langley <agl@google.com>
пре 10 година
Add a test for certificate types parsing. Change-Id: Icddd39ae183f981f78a65427a4dda34449ca389a Reviewed-on: https://boringssl-review.googlesource.com/1111 Reviewed-by: Adam Langley <agl@google.com>
пре 10 година
Add basic TLS Channel ID tests. Change-Id: I7ccf2b8282dfa8f3985775e8b67edcf3c2949752 Reviewed-on: https://boringssl-review.googlesource.com/1606 Reviewed-by: Adam Langley <agl@google.com>
пре 10 година
Move configuration into a dedicated TestConfig struct. This removes some duplicate code in parsing command-line flags and, more importantly, makes configuration available when constructing the SSL_CTX and avoids a number of globals. Change-Id: I26e2d2285b732f855a2c82752bc8e0db480c3b30 Reviewed-on: https://boringssl-review.googlesource.com/1502 Reviewed-by: Adam Langley <agl@google.com>
пре 10 година
Add a test for certificate types parsing. Change-Id: Icddd39ae183f981f78a65427a4dda34449ca389a Reviewed-on: https://boringssl-review.googlesource.com/1111 Reviewed-by: Adam Langley <agl@google.com>
пре 10 година
Move configuration into a dedicated TestConfig struct. This removes some duplicate code in parsing command-line flags and, more importantly, makes configuration available when constructing the SSL_CTX and avoids a number of globals. Change-Id: I26e2d2285b732f855a2c82752bc8e0db480c3b30 Reviewed-on: https://boringssl-review.googlesource.com/1502 Reviewed-by: Adam Langley <agl@google.com>
пре 10 година
Add a test for certificate types parsing. Change-Id: Icddd39ae183f981f78a65427a4dda34449ca389a Reviewed-on: https://boringssl-review.googlesource.com/1111 Reviewed-by: Adam Langley <agl@google.com>
пре 10 година
Move configuration into a dedicated TestConfig struct. This removes some duplicate code in parsing command-line flags and, more importantly, makes configuration available when constructing the SSL_CTX and avoids a number of globals. Change-Id: I26e2d2285b732f855a2c82752bc8e0db480c3b30 Reviewed-on: https://boringssl-review.googlesource.com/1502 Reviewed-by: Adam Langley <agl@google.com>
пре 10 година
Add a server NPN test. Change-Id: Ib34a24e86bb5de117ecf5609918e130c1ff9532e Reviewed-on: https://boringssl-review.googlesource.com/1161 Reviewed-by: Adam Langley <agl@google.com>
пре 10 година
Move configuration into a dedicated TestConfig struct. This removes some duplicate code in parsing command-line flags and, more importantly, makes configuration available when constructing the SSL_CTX and avoids a number of globals. Change-Id: I26e2d2285b732f855a2c82752bc8e0db480c3b30 Reviewed-on: https://boringssl-review.googlesource.com/1502 Reviewed-by: Adam Langley <agl@google.com>
пре 10 година
Add a server NPN test. Change-Id: Ib34a24e86bb5de117ecf5609918e130c1ff9532e Reviewed-on: https://boringssl-review.googlesource.com/1161 Reviewed-by: Adam Langley <agl@google.com>
пре 10 година
Add tests for ALPN support. Both as client and as server. Also tests that ALPN causes False Start to kick in. Change-Id: Ib570346f3c511834152cd2df2ef29541946d3ab4 Reviewed-on: https://boringssl-review.googlesource.com/1753 Reviewed-by: Adam Langley <agl@google.com>
пре 10 година
Add basic TLS Channel ID tests. Change-Id: I7ccf2b8282dfa8f3985775e8b67edcf3c2949752 Reviewed-on: https://boringssl-review.googlesource.com/1606 Reviewed-by: Adam Langley <agl@google.com>
пре 10 година
Move configuration into a dedicated TestConfig struct. This removes some duplicate code in parsing command-line flags and, more importantly, makes configuration available when constructing the SSL_CTX and avoids a number of globals. Change-Id: I26e2d2285b732f855a2c82752bc8e0db480c3b30 Reviewed-on: https://boringssl-review.googlesource.com/1502 Reviewed-by: Adam Langley <agl@google.com>
пре 10 година
Add initial DTLS tests. Change-Id: I7407261bdb2d788c879f2e67e617a615d9ff8f8b Reviewed-on: https://boringssl-review.googlesource.com/1505 Reviewed-by: Adam Langley <agl@google.com>
пре 10 година
Retry sending record split fragment when SSL write fails. When the write size was exactly SSL3_RT_MAX_PLAIN_LENGTH+1 and record splitting is needed, an extra byte would be added to the max size of the message to be written. This would cause the requested size to not exceed the max. If the SSL_WANT_WRITE error were returned, the next packet would not get the extra byte added to the max packet size since record_split_done is set. Since a different set of arguments (SSL3_RT_MAX_PLAIN_LENGTH+1 vs SSL3_RT_MAX_PLAIN_LENGTH) would be passed to do_ssl3_write, it would return an "SSL3_WRITE_PENDING:bad write retry" error. To avoid a failure in the opposite direction, the max variable increment is removed as well. This can happen when SSL_MODE_ENABLE_PARTIAL_WRITE is not enabled and the call to ssl3_write_bytes contains, e.g., a buffer of 2*SSL3_RT_MAX_PLAIN_LENGTH, where the first call into do_ssl3_write succeeds writing the first SSL3_RT_MAX_PLAIN_LENGTH bytes, but writing the second SSL3_RT_MAX_PLAIN_LENGTH bytes fails. This means the first time the the second section of SSL3_RT_MAX_PLAIN_LENGTH bytes has called do_ssl3_write with "max" bytes, but next call to ssl3_write_bytes in turn calls into do_ssl3_write with "max+1" bytes. Change-Id: Icf8453195c1145a54d31b8e8146801118207df03 Reviewed-on: https://boringssl-review.googlesource.com/1420 Reviewed-by: Kenny Root <kroot@google.com> Reviewed-by: David Benjamin <davidben@chromium.org> Reviewed-by: Adam Langley <agl@google.com>
пре 10 година
Test state machine asynchronous behavior. Add a framework for testing the asynchronous codepath. Move some handshake state machine coverage tests to cover a range of record-layer and handshake-layer asynchronicity. This adds tests for the previous two async bugs fixed. Change-Id: I422ef33ba3eeb0ad04766871ed8bc59b677b169e Reviewed-on: https://boringssl-review.googlesource.com/1410 Reviewed-by: Adam Langley <agl@google.com>
пре 10 година
Retry sending record split fragment when SSL write fails. When the write size was exactly SSL3_RT_MAX_PLAIN_LENGTH+1 and record splitting is needed, an extra byte would be added to the max size of the message to be written. This would cause the requested size to not exceed the max. If the SSL_WANT_WRITE error were returned, the next packet would not get the extra byte added to the max packet size since record_split_done is set. Since a different set of arguments (SSL3_RT_MAX_PLAIN_LENGTH+1 vs SSL3_RT_MAX_PLAIN_LENGTH) would be passed to do_ssl3_write, it would return an "SSL3_WRITE_PENDING:bad write retry" error. To avoid a failure in the opposite direction, the max variable increment is removed as well. This can happen when SSL_MODE_ENABLE_PARTIAL_WRITE is not enabled and the call to ssl3_write_bytes contains, e.g., a buffer of 2*SSL3_RT_MAX_PLAIN_LENGTH, where the first call into do_ssl3_write succeeds writing the first SSL3_RT_MAX_PLAIN_LENGTH bytes, but writing the second SSL3_RT_MAX_PLAIN_LENGTH bytes fails. This means the first time the the second section of SSL3_RT_MAX_PLAIN_LENGTH bytes has called do_ssl3_write with "max" bytes, but next call to ssl3_write_bytes in turn calls into do_ssl3_write with "max+1" bytes. Change-Id: Icf8453195c1145a54d31b8e8146801118207df03 Reviewed-on: https://boringssl-review.googlesource.com/1420 Reviewed-by: Kenny Root <kroot@google.com> Reviewed-by: David Benjamin <davidben@chromium.org> Reviewed-by: Adam Langley <agl@google.com>
пре 10 година
Test state machine asynchronous behavior. Add a framework for testing the asynchronous codepath. Move some handshake state machine coverage tests to cover a range of record-layer and handshake-layer asynchronicity. This adds tests for the previous two async bugs fixed. Change-Id: I422ef33ba3eeb0ad04766871ed8bc59b677b169e Reviewed-on: https://boringssl-review.googlesource.com/1410 Reviewed-by: Adam Langley <agl@google.com>
пре 10 година
Retry sending record split fragment when SSL write fails. When the write size was exactly SSL3_RT_MAX_PLAIN_LENGTH+1 and record splitting is needed, an extra byte would be added to the max size of the message to be written. This would cause the requested size to not exceed the max. If the SSL_WANT_WRITE error were returned, the next packet would not get the extra byte added to the max packet size since record_split_done is set. Since a different set of arguments (SSL3_RT_MAX_PLAIN_LENGTH+1 vs SSL3_RT_MAX_PLAIN_LENGTH) would be passed to do_ssl3_write, it would return an "SSL3_WRITE_PENDING:bad write retry" error. To avoid a failure in the opposite direction, the max variable increment is removed as well. This can happen when SSL_MODE_ENABLE_PARTIAL_WRITE is not enabled and the call to ssl3_write_bytes contains, e.g., a buffer of 2*SSL3_RT_MAX_PLAIN_LENGTH, where the first call into do_ssl3_write succeeds writing the first SSL3_RT_MAX_PLAIN_LENGTH bytes, but writing the second SSL3_RT_MAX_PLAIN_LENGTH bytes fails. This means the first time the the second section of SSL3_RT_MAX_PLAIN_LENGTH bytes has called do_ssl3_write with "max" bytes, but next call to ssl3_write_bytes in turn calls into do_ssl3_write with "max+1" bytes. Change-Id: Icf8453195c1145a54d31b8e8146801118207df03 Reviewed-on: https://boringssl-review.googlesource.com/1420 Reviewed-by: Kenny Root <kroot@google.com> Reviewed-by: David Benjamin <davidben@chromium.org> Reviewed-by: Adam Langley <agl@google.com>
пре 10 година
Move configuration into a dedicated TestConfig struct. This removes some duplicate code in parsing command-line flags and, more importantly, makes configuration available when constructing the SSL_CTX and avoids a number of globals. Change-Id: I26e2d2285b732f855a2c82752bc8e0db480c3b30 Reviewed-on: https://boringssl-review.googlesource.com/1502 Reviewed-by: Adam Langley <agl@google.com>
пре 10 година
Retry sending record split fragment when SSL write fails. When the write size was exactly SSL3_RT_MAX_PLAIN_LENGTH+1 and record splitting is needed, an extra byte would be added to the max size of the message to be written. This would cause the requested size to not exceed the max. If the SSL_WANT_WRITE error were returned, the next packet would not get the extra byte added to the max packet size since record_split_done is set. Since a different set of arguments (SSL3_RT_MAX_PLAIN_LENGTH+1 vs SSL3_RT_MAX_PLAIN_LENGTH) would be passed to do_ssl3_write, it would return an "SSL3_WRITE_PENDING:bad write retry" error. To avoid a failure in the opposite direction, the max variable increment is removed as well. This can happen when SSL_MODE_ENABLE_PARTIAL_WRITE is not enabled and the call to ssl3_write_bytes contains, e.g., a buffer of 2*SSL3_RT_MAX_PLAIN_LENGTH, where the first call into do_ssl3_write succeeds writing the first SSL3_RT_MAX_PLAIN_LENGTH bytes, but writing the second SSL3_RT_MAX_PLAIN_LENGTH bytes fails. This means the first time the the second section of SSL3_RT_MAX_PLAIN_LENGTH bytes has called do_ssl3_write with "max" bytes, but next call to ssl3_write_bytes in turn calls into do_ssl3_write with "max+1" bytes. Change-Id: Icf8453195c1145a54d31b8e8146801118207df03 Reviewed-on: https://boringssl-review.googlesource.com/1420 Reviewed-by: Kenny Root <kroot@google.com> Reviewed-by: David Benjamin <davidben@chromium.org> Reviewed-by: Adam Langley <agl@google.com>
пре 10 година
Add some basic server tests to runner.go. client_shim.cc and runner.go are generalized to handle both ends. Plumb a bit through the test case to control which and add server versions of all the cipher suite tests. Change-Id: Iab2640b390f7ed7160c9a9bf6bb34b8bec761b2e Reviewed-on: https://boringssl-review.googlesource.com/1091 Reviewed-by: Adam Langley <agl@google.com>
пре 10 година
Retry sending record split fragment when SSL write fails. When the write size was exactly SSL3_RT_MAX_PLAIN_LENGTH+1 and record splitting is needed, an extra byte would be added to the max size of the message to be written. This would cause the requested size to not exceed the max. If the SSL_WANT_WRITE error were returned, the next packet would not get the extra byte added to the max packet size since record_split_done is set. Since a different set of arguments (SSL3_RT_MAX_PLAIN_LENGTH+1 vs SSL3_RT_MAX_PLAIN_LENGTH) would be passed to do_ssl3_write, it would return an "SSL3_WRITE_PENDING:bad write retry" error. To avoid a failure in the opposite direction, the max variable increment is removed as well. This can happen when SSL_MODE_ENABLE_PARTIAL_WRITE is not enabled and the call to ssl3_write_bytes contains, e.g., a buffer of 2*SSL3_RT_MAX_PLAIN_LENGTH, where the first call into do_ssl3_write succeeds writing the first SSL3_RT_MAX_PLAIN_LENGTH bytes, but writing the second SSL3_RT_MAX_PLAIN_LENGTH bytes fails. This means the first time the the second section of SSL3_RT_MAX_PLAIN_LENGTH bytes has called do_ssl3_write with "max" bytes, but next call to ssl3_write_bytes in turn calls into do_ssl3_write with "max+1" bytes. Change-Id: Icf8453195c1145a54d31b8e8146801118207df03 Reviewed-on: https://boringssl-review.googlesource.com/1420 Reviewed-by: Kenny Root <kroot@google.com> Reviewed-by: David Benjamin <davidben@chromium.org> Reviewed-by: Adam Langley <agl@google.com>
пре 10 година
Add a test to ensure False Start occurs. This adds the missing test coverage for 7e3305eebd7fb06d57e7f25b3bbf9c10d526f7d5. Change-Id: I8c9f1dc998afa9bb1f6fb2a7872a651037bb4844 Reviewed-on: https://boringssl-review.googlesource.com/1610 Reviewed-by: Adam Langley <agl@google.com>
пре 10 година
Retry sending record split fragment when SSL write fails. When the write size was exactly SSL3_RT_MAX_PLAIN_LENGTH+1 and record splitting is needed, an extra byte would be added to the max size of the message to be written. This would cause the requested size to not exceed the max. If the SSL_WANT_WRITE error were returned, the next packet would not get the extra byte added to the max packet size since record_split_done is set. Since a different set of arguments (SSL3_RT_MAX_PLAIN_LENGTH+1 vs SSL3_RT_MAX_PLAIN_LENGTH) would be passed to do_ssl3_write, it would return an "SSL3_WRITE_PENDING:bad write retry" error. To avoid a failure in the opposite direction, the max variable increment is removed as well. This can happen when SSL_MODE_ENABLE_PARTIAL_WRITE is not enabled and the call to ssl3_write_bytes contains, e.g., a buffer of 2*SSL3_RT_MAX_PLAIN_LENGTH, where the first call into do_ssl3_write succeeds writing the first SSL3_RT_MAX_PLAIN_LENGTH bytes, but writing the second SSL3_RT_MAX_PLAIN_LENGTH bytes fails. This means the first time the the second section of SSL3_RT_MAX_PLAIN_LENGTH bytes has called do_ssl3_write with "max" bytes, but next call to ssl3_write_bytes in turn calls into do_ssl3_write with "max+1" bytes. Change-Id: Icf8453195c1145a54d31b8e8146801118207df03 Reviewed-on: https://boringssl-review.googlesource.com/1420 Reviewed-by: Kenny Root <kroot@google.com> Reviewed-by: David Benjamin <davidben@chromium.org> Reviewed-by: Adam Langley <agl@google.com>
пре 10 година
Move configuration into a dedicated TestConfig struct. This removes some duplicate code in parsing command-line flags and, more importantly, makes configuration available when constructing the SSL_CTX and avoids a number of globals. Change-Id: I26e2d2285b732f855a2c82752bc8e0db480c3b30 Reviewed-on: https://boringssl-review.googlesource.com/1502 Reviewed-by: Adam Langley <agl@google.com>
пре 10 година
Retry sending record split fragment when SSL write fails. When the write size was exactly SSL3_RT_MAX_PLAIN_LENGTH+1 and record splitting is needed, an extra byte would be added to the max size of the message to be written. This would cause the requested size to not exceed the max. If the SSL_WANT_WRITE error were returned, the next packet would not get the extra byte added to the max packet size since record_split_done is set. Since a different set of arguments (SSL3_RT_MAX_PLAIN_LENGTH+1 vs SSL3_RT_MAX_PLAIN_LENGTH) would be passed to do_ssl3_write, it would return an "SSL3_WRITE_PENDING:bad write retry" error. To avoid a failure in the opposite direction, the max variable increment is removed as well. This can happen when SSL_MODE_ENABLE_PARTIAL_WRITE is not enabled and the call to ssl3_write_bytes contains, e.g., a buffer of 2*SSL3_RT_MAX_PLAIN_LENGTH, where the first call into do_ssl3_write succeeds writing the first SSL3_RT_MAX_PLAIN_LENGTH bytes, but writing the second SSL3_RT_MAX_PLAIN_LENGTH bytes fails. This means the first time the the second section of SSL3_RT_MAX_PLAIN_LENGTH bytes has called do_ssl3_write with "max" bytes, but next call to ssl3_write_bytes in turn calls into do_ssl3_write with "max+1" bytes. Change-Id: Icf8453195c1145a54d31b8e8146801118207df03 Reviewed-on: https://boringssl-review.googlesource.com/1420 Reviewed-by: Kenny Root <kroot@google.com> Reviewed-by: David Benjamin <davidben@chromium.org> Reviewed-by: Adam Langley <agl@google.com>
пре 10 година
Move configuration into a dedicated TestConfig struct. This removes some duplicate code in parsing command-line flags and, more importantly, makes configuration available when constructing the SSL_CTX and avoids a number of globals. Change-Id: I26e2d2285b732f855a2c82752bc8e0db480c3b30 Reviewed-on: https://boringssl-review.googlesource.com/1502 Reviewed-by: Adam Langley <agl@google.com>
пре 10 година
Retry sending record split fragment when SSL write fails. When the write size was exactly SSL3_RT_MAX_PLAIN_LENGTH+1 and record splitting is needed, an extra byte would be added to the max size of the message to be written. This would cause the requested size to not exceed the max. If the SSL_WANT_WRITE error were returned, the next packet would not get the extra byte added to the max packet size since record_split_done is set. Since a different set of arguments (SSL3_RT_MAX_PLAIN_LENGTH+1 vs SSL3_RT_MAX_PLAIN_LENGTH) would be passed to do_ssl3_write, it would return an "SSL3_WRITE_PENDING:bad write retry" error. To avoid a failure in the opposite direction, the max variable increment is removed as well. This can happen when SSL_MODE_ENABLE_PARTIAL_WRITE is not enabled and the call to ssl3_write_bytes contains, e.g., a buffer of 2*SSL3_RT_MAX_PLAIN_LENGTH, where the first call into do_ssl3_write succeeds writing the first SSL3_RT_MAX_PLAIN_LENGTH bytes, but writing the second SSL3_RT_MAX_PLAIN_LENGTH bytes fails. This means the first time the the second section of SSL3_RT_MAX_PLAIN_LENGTH bytes has called do_ssl3_write with "max" bytes, but next call to ssl3_write_bytes in turn calls into do_ssl3_write with "max+1" bytes. Change-Id: Icf8453195c1145a54d31b8e8146801118207df03 Reviewed-on: https://boringssl-review.googlesource.com/1420 Reviewed-by: Kenny Root <kroot@google.com> Reviewed-by: David Benjamin <davidben@chromium.org> Reviewed-by: Adam Langley <agl@google.com>
пре 10 година
Add some basic server tests to runner.go. client_shim.cc and runner.go are generalized to handle both ends. Plumb a bit through the test case to control which and add server versions of all the cipher suite tests. Change-Id: Iab2640b390f7ed7160c9a9bf6bb34b8bec761b2e Reviewed-on: https://boringssl-review.googlesource.com/1091 Reviewed-by: Adam Langley <agl@google.com>
пре 10 година
Add test coverage for session resumption with tickets. The shim is now passed two file descriptors. In a session resumption test, the second is used in an abbreviated handshake immediately after the first. Change-Id: I1f348c05f1a8ff2881fb46fc9e869696f74071c6 Reviewed-on: https://boringssl-review.googlesource.com/1291 Reviewed-by: Adam Langley <agl@google.com>
пре 10 година
Add some basic server tests to runner.go. client_shim.cc and runner.go are generalized to handle both ends. Plumb a bit through the test case to control which and add server versions of all the cipher suite tests. Change-Id: Iab2640b390f7ed7160c9a9bf6bb34b8bec761b2e Reviewed-on: https://boringssl-review.googlesource.com/1091 Reviewed-by: Adam Langley <agl@google.com>
пре 10 година
Add test coverage for session resumption with tickets. The shim is now passed two file descriptors. In a session resumption test, the second is used in an abbreviated handshake immediately after the first. Change-Id: I1f348c05f1a8ff2881fb46fc9e869696f74071c6 Reviewed-on: https://boringssl-review.googlesource.com/1291 Reviewed-by: Adam Langley <agl@google.com>
пре 10 година
Windows build fixes. Windows doesn't have ssize_t, sadly. There's SSIZE_T, but defining an OPENSSL_SSIZE_T seems worse than just using an int. Change-Id: I09bb5aa03f96da78b619e551f92ed52ce24d9f3f Reviewed-on: https://boringssl-review.googlesource.com/1352 Reviewed-by: Adam Langley <agl@google.com>
пре 10 година
Add test coverage for session resumption with tickets. The shim is now passed two file descriptors. In a session resumption test, the second is used in an abbreviated handshake immediately after the first. Change-Id: I1f348c05f1a8ff2881fb46fc9e869696f74071c6 Reviewed-on: https://boringssl-review.googlesource.com/1291 Reviewed-by: Adam Langley <agl@google.com>
пре 10 година
Windows build fixes. Windows doesn't have ssize_t, sadly. There's SSIZE_T, but defining an OPENSSL_SSIZE_T seems worse than just using an int. Change-Id: I09bb5aa03f96da78b619e551f92ed52ce24d9f3f Reviewed-on: https://boringssl-review.googlesource.com/1352 Reviewed-by: Adam Langley <agl@google.com>
пре 10 година
Add test coverage for session resumption with tickets. The shim is now passed two file descriptors. In a session resumption test, the second is used in an abbreviated handshake immediately after the first. Change-Id: I1f348c05f1a8ff2881fb46fc9e869696f74071c6 Reviewed-on: https://boringssl-review.googlesource.com/1291 Reviewed-by: Adam Langley <agl@google.com>
пре 10 година
Move configuration into a dedicated TestConfig struct. This removes some duplicate code in parsing command-line flags and, more importantly, makes configuration available when constructing the SSL_CTX and avoids a number of globals. Change-Id: I26e2d2285b732f855a2c82752bc8e0db480c3b30 Reviewed-on: https://boringssl-review.googlesource.com/1502 Reviewed-by: Adam Langley <agl@google.com>
пре 10 година
Add test coverage for session resumption with tickets. The shim is now passed two file descriptors. In a session resumption test, the second is used in an abbreviated handshake immediately after the first. Change-Id: I1f348c05f1a8ff2881fb46fc9e869696f74071c6 Reviewed-on: https://boringssl-review.googlesource.com/1291 Reviewed-by: Adam Langley <agl@google.com>
пре 10 година
Move configuration into a dedicated TestConfig struct. This removes some duplicate code in parsing command-line flags and, more importantly, makes configuration available when constructing the SSL_CTX and avoids a number of globals. Change-Id: I26e2d2285b732f855a2c82752bc8e0db480c3b30 Reviewed-on: https://boringssl-review.googlesource.com/1502 Reviewed-by: Adam Langley <agl@google.com>
пре 10 година
Add test coverage for session resumption with tickets. The shim is now passed two file descriptors. In a session resumption test, the second is used in an abbreviated handshake immediately after the first. Change-Id: I1f348c05f1a8ff2881fb46fc9e869696f74071c6 Reviewed-on: https://boringssl-review.googlesource.com/1291 Reviewed-by: Adam Langley <agl@google.com>
пре 10 година
Move configuration into a dedicated TestConfig struct. This removes some duplicate code in parsing command-line flags and, more importantly, makes configuration available when constructing the SSL_CTX and avoids a number of globals. Change-Id: I26e2d2285b732f855a2c82752bc8e0db480c3b30 Reviewed-on: https://boringssl-review.googlesource.com/1502 Reviewed-by: Adam Langley <agl@google.com>
пре 10 година
Add test coverage for session resumption with tickets. The shim is now passed two file descriptors. In a session resumption test, the second is used in an abbreviated handshake immediately after the first. Change-Id: I1f348c05f1a8ff2881fb46fc9e869696f74071c6 Reviewed-on: https://boringssl-review.googlesource.com/1291 Reviewed-by: Adam Langley <agl@google.com>
пре 10 година
Move configuration into a dedicated TestConfig struct. This removes some duplicate code in parsing command-line flags and, more importantly, makes configuration available when constructing the SSL_CTX and avoids a number of globals. Change-Id: I26e2d2285b732f855a2c82752bc8e0db480c3b30 Reviewed-on: https://boringssl-review.googlesource.com/1502 Reviewed-by: Adam Langley <agl@google.com>
пре 10 година
Add test coverage for session resumption with tickets. The shim is now passed two file descriptors. In a session resumption test, the second is used in an abbreviated handshake immediately after the first. Change-Id: I1f348c05f1a8ff2881fb46fc9e869696f74071c6 Reviewed-on: https://boringssl-review.googlesource.com/1291 Reviewed-by: Adam Langley <agl@google.com>
пре 10 година
Fix (harmless) memory leak in the test harness. Change-Id: Ia0daaaaf464cfa0e9d563d7f376ce2bb2e338685 Reviewed-on: https://boringssl-review.googlesource.com/1560 Reviewed-by: David Benjamin <davidben@chromium.org> Reviewed-by: Adam Langley <agl@google.com>
пре 10 година
Add test coverage for session resumption with tickets. The shim is now passed two file descriptors. In a session resumption test, the second is used in an abbreviated handshake immediately after the first. Change-Id: I1f348c05f1a8ff2881fb46fc9e869696f74071c6 Reviewed-on: https://boringssl-review.googlesource.com/1291 Reviewed-by: Adam Langley <agl@google.com>
пре 10 година
Move configuration into a dedicated TestConfig struct. This removes some duplicate code in parsing command-line flags and, more importantly, makes configuration available when constructing the SSL_CTX and avoids a number of globals. Change-Id: I26e2d2285b732f855a2c82752bc8e0db480c3b30 Reviewed-on: https://boringssl-review.googlesource.com/1502 Reviewed-by: Adam Langley <agl@google.com>
пре 10 година
Add test coverage for session resumption with tickets. The shim is now passed two file descriptors. In a session resumption test, the second is used in an abbreviated handshake immediately after the first. Change-Id: I1f348c05f1a8ff2881fb46fc9e869696f74071c6 Reviewed-on: https://boringssl-review.googlesource.com/1291 Reviewed-by: Adam Langley <agl@google.com>
пре 10 година
Fix (harmless) memory leak in the test harness. Change-Id: Ia0daaaaf464cfa0e9d563d7f376ce2bb2e338685 Reviewed-on: https://boringssl-review.googlesource.com/1560 Reviewed-by: David Benjamin <davidben@chromium.org> Reviewed-by: Adam Langley <agl@google.com>
пре 10 година
Add test coverage for session resumption with tickets. The shim is now passed two file descriptors. In a session resumption test, the second is used in an abbreviated handshake immediately after the first. Change-Id: I1f348c05f1a8ff2881fb46fc9e869696f74071c6 Reviewed-on: https://boringssl-review.googlesource.com/1291 Reviewed-by: Adam Langley <agl@google.com>
пре 10 година
Move configuration into a dedicated TestConfig struct. This removes some duplicate code in parsing command-line flags and, more importantly, makes configuration available when constructing the SSL_CTX and avoids a number of globals. Change-Id: I26e2d2285b732f855a2c82752bc8e0db480c3b30 Reviewed-on: https://boringssl-review.googlesource.com/1502 Reviewed-by: Adam Langley <agl@google.com>
пре 10 година
Fix (harmless) memory leak in the test harness. Change-Id: Ia0daaaaf464cfa0e9d563d7f376ce2bb2e338685 Reviewed-on: https://boringssl-review.googlesource.com/1560 Reviewed-by: David Benjamin <davidben@chromium.org> Reviewed-by: Adam Langley <agl@google.com>
пре 10 година
Add test coverage for session resumption with tickets. The shim is now passed two file descriptors. In a session resumption test, the second is used in an abbreviated handshake immediately after the first. Change-Id: I1f348c05f1a8ff2881fb46fc9e869696f74071c6 Reviewed-on: https://boringssl-review.googlesource.com/1291 Reviewed-by: Adam Langley <agl@google.com>
пре 10 година
Fix (harmless) memory leak in the test harness. Change-Id: Ia0daaaaf464cfa0e9d563d7f376ce2bb2e338685 Reviewed-on: https://boringssl-review.googlesource.com/1560 Reviewed-by: David Benjamin <davidben@chromium.org> Reviewed-by: Adam Langley <agl@google.com>
пре 10 година
Add test coverage for session resumption with tickets. The shim is now passed two file descriptors. In a session resumption test, the second is used in an abbreviated handshake immediately after the first. Change-Id: I1f348c05f1a8ff2881fb46fc9e869696f74071c6 Reviewed-on: https://boringssl-review.googlesource.com/1291 Reviewed-by: Adam Langley <agl@google.com>
пре 10 година
Fix (harmless) memory leak in the test harness. Change-Id: Ia0daaaaf464cfa0e9d563d7f376ce2bb2e338685 Reviewed-on: https://boringssl-review.googlesource.com/1560 Reviewed-by: David Benjamin <davidben@chromium.org> Reviewed-by: Adam Langley <agl@google.com>
пре 10 година
Add test coverage for session resumption with tickets. The shim is now passed two file descriptors. In a session resumption test, the second is used in an abbreviated handshake immediately after the first. Change-Id: I1f348c05f1a8ff2881fb46fc9e869696f74071c6 Reviewed-on: https://boringssl-review.googlesource.com/1291 Reviewed-by: Adam Langley <agl@google.com>
пре 10 година
Fix (harmless) memory leak in the test harness. Change-Id: Ia0daaaaf464cfa0e9d563d7f376ce2bb2e338685 Reviewed-on: https://boringssl-review.googlesource.com/1560 Reviewed-by: David Benjamin <davidben@chromium.org> Reviewed-by: Adam Langley <agl@google.com>
пре 10 година
Add test coverage for session resumption with tickets. The shim is now passed two file descriptors. In a session resumption test, the second is used in an abbreviated handshake immediately after the first. Change-Id: I1f348c05f1a8ff2881fb46fc9e869696f74071c6 Reviewed-on: https://boringssl-review.googlesource.com/1291 Reviewed-by: Adam Langley <agl@google.com>
пре 10 година
 123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578579580581582583584585586587588589590591592593594595596597598599600601602603604605606607608609610611612613614 
  1. /* Copyright (c) 2014, Google Inc.

  2.  *

  3.  * Permission to use, copy, modify, and/or distribute this software for any

  4.  * purpose with or without fee is hereby granted, provided that the above

  5.  * copyright notice and this permission notice appear in all copies.

  6.  *

  7.  * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES

  8.  * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF

  9.  * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY

  10.  * SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES

  11.  * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION

  12.  * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN

  13.  * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */

  14. 

  15. #include <openssl/base.h>

  16. 

  17. #if !defined(OPENSSL_WINDOWS)

  18. #include <arpa/inet.h>

  19. #include <netinet/in.h>

  20. #include <signal.h>

  21. #include <sys/socket.h>

  22. #include <unistd.h>

  23. #endif

  24. 

  25. #include <sys/types.h>

  26. 

  27. #include <openssl/bio.h>

  28. #include <openssl/bytestring.h>

  29. #include <openssl/ssl.h>

  30. 

  31. #include "async_bio.h"

  32. #include "packeted_bio.h"

  33. #include "test_config.h"

  34. 

  35. static int usage(const char *program) {

  36.   fprintf(stderr, "Usage: %s [flags...]\n",

  37.           program);

  38.   return 1;

  39. }

  40. 

  41. static int g_ex_data_index = 0;

  42. 

  43. static void SetConfigPtr(SSL *ssl, const TestConfig *config) {

  44.   SSL_set_ex_data(ssl, g_ex_data_index, (void *)config);

  45. }

  46. 

  47. static const TestConfig *GetConfigPtr(SSL *ssl) {

  48.   return (const TestConfig *)SSL_get_ex_data(ssl, g_ex_data_index);

  49. }

  50. 

  51. static EVP_PKEY *LoadPrivateKey(const std::string &file) {

  52.   BIO *bio = BIO_new(BIO_s_file());

  53.   if (bio == NULL) {

  54.     return NULL;

  55.   }

  56.   if (!BIO_read_filename(bio, file.c_str())) {

  57.     BIO_free(bio);

  58.     return NULL;

  59.   }

  60.   EVP_PKEY *pkey = PEM_read_bio_PrivateKey(bio, NULL, NULL, NULL);

  61.   BIO_free(bio);

  62.   return pkey;

  63. }

  64. 

  65. static int early_callback_called = 0;

  66. 

  67. static int select_certificate_callback(const struct ssl_early_callback_ctx *ctx) {

  68.   early_callback_called = 1;

  69. 

  70.   const TestConfig *config = GetConfigPtr(ctx->ssl);

  71. 

  72.   if (config->expected_server_name.empty()) {

  73.     return 1;

  74.   }

  75. 

  76.   const uint8_t *extension_data;

  77.   size_t extension_len;

  78.   CBS extension, server_name_list, host_name;

  79.   uint8_t name_type;

  80. 

  81.   if (!SSL_early_callback_ctx_extension_get(ctx, TLSEXT_TYPE_server_name,

  82.                                             &extension_data,

  83.                                             &extension_len)) {

  84.     fprintf(stderr, "Could not find server_name extension.\n");

  85.     return -1;

  86.   }

  87. 

  88.   CBS_init(&extension, extension_data, extension_len);

  89.   if (!CBS_get_u16_length_prefixed(&extension, &server_name_list) ||

  90.       CBS_len(&extension) != 0 ||

  91.       !CBS_get_u8(&server_name_list, &name_type) ||

  92.       name_type != TLSEXT_NAMETYPE_host_name ||

  93.       !CBS_get_u16_length_prefixed(&server_name_list, &host_name) ||

  94.       CBS_len(&server_name_list) != 0) {

  95.     fprintf(stderr, "Could not decode server_name extension.\n");

  96.     return -1;

  97.   }

  98. 

  99.   if (!CBS_mem_equal(&host_name,

  100.                      (const uint8_t*)config->expected_server_name.data(),

  101.                      config->expected_server_name.size())) {

  102.     fprintf(stderr, "Server name mismatch.\n");

  103.   }

  104. 

  105.   return 1;

  106. }

  107. 

  108. static int skip_verify(int preverify_ok, X509_STORE_CTX *store_ctx) {

  109.   return 1;

  110. }

  111. 

  112. static int next_protos_advertised_callback(SSL *ssl,

  113.                                            const uint8_t **out,

  114.                                            unsigned int *out_len,

  115.                                            void *arg) {

  116.   const TestConfig *config = GetConfigPtr(ssl);

  117.   if (config->advertise_npn.empty())

  118.     return SSL_TLSEXT_ERR_NOACK;

  119. 

  120.   // TODO(davidben): Support passing byte strings with NULs to the

  121.   // test shim.

  122.   *out = (const uint8_t*)config->advertise_npn.data();

  123.   *out_len = config->advertise_npn.size();

  124.   return SSL_TLSEXT_ERR_OK;

  125. }

  126. 

  127. static int next_proto_select_callback(SSL* ssl,

  128.                                       uint8_t** out,

  129.                                       uint8_t* outlen,

  130.                                       const uint8_t* in,

  131.                                       unsigned inlen,

  132.                                       void* arg) {

  133.   const TestConfig *config = GetConfigPtr(ssl);

  134.   if (config->select_next_proto.empty())

  135.     return SSL_TLSEXT_ERR_NOACK;

  136. 

  137.   *out = (uint8_t*)config->select_next_proto.data();

  138.   *outlen = config->select_next_proto.size();

  139.   return SSL_TLSEXT_ERR_OK;

  140. }

  141. 

  142. static int alpn_select_callback(SSL* ssl,

  143.                                 const uint8_t** out,

  144.                                 uint8_t* outlen,

  145.                                 const uint8_t* in,

  146.                                 unsigned inlen,

  147.                                 void* arg) {

  148.   const TestConfig *config = GetConfigPtr(ssl);

  149.   if (config->select_alpn.empty())

  150.     return SSL_TLSEXT_ERR_NOACK;

  151. 

  152.   if (!config->expected_advertised_alpn.empty() &&

  153.       (config->expected_advertised_alpn.size() != inlen ||

  154.        memcmp(config->expected_advertised_alpn.data(),

  155.               in, inlen) != 0)) {

  156.     fprintf(stderr, "bad ALPN select callback inputs\n");

  157.     exit(1);

  158.   }

  159. 

  160.   *out = (const uint8_t*)config->select_alpn.data();

  161.   *outlen = config->select_alpn.size();

  162.   return SSL_TLSEXT_ERR_OK;

  163. }

  164. 

  165. static int cookie_generate_callback(SSL *ssl, uint8_t *cookie, size_t *cookie_len) {

  166.   *cookie_len = 32;

  167.   memset(cookie, 42, *cookie_len);

  168.   return 1;

  169. }

  170. 

  171. static int cookie_verify_callback(SSL *ssl, const uint8_t *cookie, size_t cookie_len) {

  172.   if (cookie_len != 32) {

  173.     fprintf(stderr, "Cookie length mismatch.\n");

  174.     return 0;

  175.   }

  176.   for (size_t i = 0; i < cookie_len; i++) {

  177.     if (cookie[i] != 42) {

  178.       fprintf(stderr, "Cookie mismatch.\n");

  179.       return 0;

  180.     }

  181.   }

  182.   return 1;

  183. }

  184. 

  185. static SSL_CTX *setup_ctx(const TestConfig *config) {

  186.   SSL_CTX *ssl_ctx = NULL;

  187.   DH *dh = NULL;

  188. 

  189.   const SSL_METHOD *method;

  190.   if (config->is_dtls) {

  191.     // TODO(davidben): Get DTLS 1.2 working and test the version negotiation

  192.     // codepath. This doesn't currently work because

  193.     // - Session resumption is broken: https://crbug.com/403378

  194.     // - DTLS hasn't been updated for EVP_AEAD.

  195.     if (config->is_server) {

  196.       method = DTLSv1_server_method();

  197.     } else {

  198.       method = DTLSv1_client_method();

  199.     }

  200.   } else {

  201.     if (config->is_server) {

  202.       method = SSLv23_server_method();

  203.     } else {

  204.       method = SSLv23_client_method();

  205.     }

  206.   }

  207.   ssl_ctx = SSL_CTX_new(method);

  208.   if (ssl_ctx == NULL) {

  209.     goto err;

  210.   }

  211. 

  212.   if (config->is_dtls) {

  213.     // DTLS needs read-ahead to function on a datagram BIO.

  214.     //

  215.     // TODO(davidben): this should not be necessary. DTLS code should only

  216.     // expect a datagram BIO.

  217.     SSL_CTX_set_read_ahead(ssl_ctx, 1);

  218.   }

  219. 

  220.   if (!SSL_CTX_set_ecdh_auto(ssl_ctx, 1)) {

  221.     goto err;

  222.   }

  223. 

  224.   if (!SSL_CTX_set_cipher_list(ssl_ctx, "ALL")) {

  225.     goto err;

  226.   }

  227. 

  228.   dh = DH_get_2048_256(NULL);

  229.   if (!SSL_CTX_set_tmp_dh(ssl_ctx, dh)) {

  230.     goto err;

  231.   }

  232. 

  233.   SSL_CTX_set_session_cache_mode(ssl_ctx, SSL_SESS_CACHE_BOTH);

  234. 

  235.   ssl_ctx->select_certificate_cb = select_certificate_callback;

  236. 

  237.   SSL_CTX_set_next_protos_advertised_cb(

  238.       ssl_ctx, next_protos_advertised_callback, NULL);

  239.   if (!config->select_next_proto.empty()) {

  240.     SSL_CTX_set_next_proto_select_cb(ssl_ctx, next_proto_select_callback, NULL);

  241.   }

  242. 

  243.   if (!config->select_alpn.empty()) {

  244.     SSL_CTX_set_alpn_select_cb(ssl_ctx, alpn_select_callback, NULL);

  245.   }

  246. 

  247.   SSL_CTX_set_cookie_generate_cb(ssl_ctx, cookie_generate_callback);

  248.   SSL_CTX_set_cookie_verify_cb(ssl_ctx, cookie_verify_callback);

  249. 

  250.   ssl_ctx->tlsext_channel_id_enabled_new = 1;

  251. 

  252.   DH_free(dh);

  253.   return ssl_ctx;

  254. 

  255.  err:

  256.   if (dh != NULL) {

  257.     DH_free(dh);

  258.   }

  259.   if (ssl_ctx != NULL) {

  260.     SSL_CTX_free(ssl_ctx);

  261.   }

  262.   return NULL;

  263. }

  264. 

  265. static int retry_async(SSL *ssl, int ret, BIO *bio) {

  266.   // No error; don't retry.

  267.   if (ret >= 0) {

  268.     return 0;

  269.   }

  270.   // See if we needed to read or write more. If so, allow one byte through on

  271.   // the appropriate end to maximally stress the state machine.

  272.   int err = SSL_get_error(ssl, ret);

  273.   if (err == SSL_ERROR_WANT_READ) {

  274.     async_bio_allow_read(bio, 1);

  275.     return 1;

  276.   } else if (err == SSL_ERROR_WANT_WRITE) {

  277.     async_bio_allow_write(bio, 1);

  278.     return 1;

  279.   }

  280.   return 0;

  281. }

  282. 

  283. static int do_exchange(SSL_SESSION **out_session,

  284.                        SSL_CTX *ssl_ctx,

  285.                        const TestConfig *config,

  286.                        bool is_resume,

  287.                        int fd,

  288.                        SSL_SESSION *session) {

  289.   early_callback_called = 0;

  290. 

  291.   SSL *ssl = SSL_new(ssl_ctx);

  292.   if (ssl == NULL) {

  293.     BIO_print_errors_fp(stdout);

  294.     return 1;

  295.   }

  296. 

  297.   SetConfigPtr(ssl, config);

  298. 

  299.   if (config->fallback_scsv) {

  300.     if (!SSL_enable_fallback_scsv(ssl)) {

  301.       BIO_print_errors_fp(stdout);

  302.       return 1;

  303.     }

  304.   }

  305.   if (!config->key_file.empty()) {

  306.     if (!SSL_use_PrivateKey_file(ssl, config->key_file.c_str(),

  307.                                  SSL_FILETYPE_PEM)) {

  308.       BIO_print_errors_fp(stdout);

  309.       return 1;

  310.     }

  311.   }

  312.   if (!config->cert_file.empty()) {

  313.     if (!SSL_use_certificate_file(ssl, config->cert_file.c_str(),

  314.                                   SSL_FILETYPE_PEM)) {

  315.       BIO_print_errors_fp(stdout);

  316.       return 1;

  317.     }

  318.   }

  319.   if (config->require_any_client_certificate) {

  320.     SSL_set_verify(ssl, SSL_VERIFY_PEER|SSL_VERIFY_FAIL_IF_NO_PEER_CERT,

  321.                    skip_verify);

  322.   }

  323.   if (config->false_start) {

  324.     SSL_set_mode(ssl, SSL_MODE_HANDSHAKE_CUTTHROUGH);

  325.   }

  326.   if (config->cbc_record_splitting) {

  327.     SSL_set_mode(ssl, SSL_MODE_CBC_RECORD_SPLITTING);

  328.   }

  329.   if (config->partial_write) {

  330.     SSL_set_mode(ssl, SSL_MODE_ENABLE_PARTIAL_WRITE);

  331.   }

  332.   if (config->no_tls12) {

  333.     SSL_set_options(ssl, SSL_OP_NO_TLSv1_2);

  334.   }

  335.   if (config->no_tls11) {

  336.     SSL_set_options(ssl, SSL_OP_NO_TLSv1_1);

  337.   }

  338.   if (config->no_tls1) {

  339.     SSL_set_options(ssl, SSL_OP_NO_TLSv1);

  340.   }

  341.   if (config->no_ssl3) {

  342.     SSL_set_options(ssl, SSL_OP_NO_SSLv3);

  343.   }

  344.   if (config->cookie_exchange) {

  345.     SSL_set_options(ssl, SSL_OP_COOKIE_EXCHANGE);

  346.   }

  347.   if (config->tls_d5_bug) {

  348.     SSL_set_options(ssl, SSL_OP_TLS_D5_BUG);

  349.   }

  350.   if (!config->expected_channel_id.empty()) {

  351.     SSL_enable_tls_channel_id(ssl);

  352.   }

  353.   if (!config->send_channel_id.empty()) {

  354.     EVP_PKEY *pkey = LoadPrivateKey(config->send_channel_id);

  355.     if (pkey == NULL) {

  356.       BIO_print_errors_fp(stdout);

  357.       return 1;

  358.     }

  359.     SSL_enable_tls_channel_id(ssl);

  360.     if (!SSL_set1_tls_channel_id(ssl, pkey)) {

  361.       EVP_PKEY_free(pkey);

  362.       BIO_print_errors_fp(stdout);

  363.       return 1;

  364.     }

  365.     EVP_PKEY_free(pkey);

  366.   }

  367.   if (!config->host_name.empty()) {

  368.     SSL_set_tlsext_host_name(ssl, config->host_name.c_str());

  369.   }

  370.   if (!config->advertise_alpn.empty()) {

  371.     SSL_set_alpn_protos(ssl, (const uint8_t *)config->advertise_alpn.data(),

  372.                         config->advertise_alpn.size());

  373.   }

  374. 

  375.   BIO *bio = BIO_new_fd(fd, 1 /* take ownership */);

  376.   if (bio == NULL) {

  377.     BIO_print_errors_fp(stdout);

  378.     return 1;

  379.   }

  380.   if (config->is_dtls) {

  381.     BIO *packeted = packeted_bio_create();

  382.     BIO_push(packeted, bio);

  383.     bio = packeted;

  384.   }

  385.   if (config->async) {

  386.     BIO *async =

  387.         config->is_dtls ? async_bio_create_datagram() : async_bio_create();

  388.     BIO_push(async, bio);

  389.     bio = async;

  390.   }

  391.   SSL_set_bio(ssl, bio, bio);

  392. 

  393.   if (session != NULL) {

  394.     if (SSL_set_session(ssl, session) != 1) {

  395.       fprintf(stderr, "failed to set session\n");

  396.       return 2;

  397.     }

  398.   }

  399. 

  400.   int ret;

  401.   do {

  402.     if (config->is_server) {

  403.       ret = SSL_accept(ssl);

  404.     } else {

  405.       ret = SSL_connect(ssl);

  406.     }

  407.   } while (config->async && retry_async(ssl, ret, bio));

  408.   if (ret != 1) {

  409.     SSL_free(ssl);

  410.     BIO_print_errors_fp(stdout);

  411.     return 2;

  412.   }

  413. 

  414.   if (is_resume && !SSL_session_reused(ssl)) {

  415.     fprintf(stderr, "session was not reused\n");

  416.     return 2;

  417.   }

  418. 

  419.   if (!config->expected_server_name.empty()) {

  420.     const char *server_name =

  421.         SSL_get_servername(ssl, TLSEXT_NAMETYPE_host_name);

  422.     if (server_name != config->expected_server_name) {

  423.       fprintf(stderr, "servername mismatch (got %s; want %s)\n",

  424.               server_name, config->expected_server_name.c_str());

  425.       return 2;

  426.     }

  427. 

  428.     if (!early_callback_called) {

  429.       fprintf(stderr, "early callback not called\n");

  430.       return 2;

  431.     }

  432.   }

  433. 

  434.   if (!config->expected_certificate_types.empty()) {

  435.     uint8_t *certificate_types;

  436.     int num_certificate_types =

  437.         SSL_get0_certificate_types(ssl, &certificate_types);

  438.     if (num_certificate_types !=

  439.         (int)config->expected_certificate_types.size() ||

  440.         memcmp(certificate_types,

  441.                config->expected_certificate_types.data(),

  442.                num_certificate_types) != 0) {

  443.       fprintf(stderr, "certificate types mismatch\n");

  444.       return 2;

  445.     }

  446.   }

  447. 

  448.   if (!config->expected_next_proto.empty()) {

  449.     const uint8_t *next_proto;

  450.     unsigned next_proto_len;

  451.     SSL_get0_next_proto_negotiated(ssl, &next_proto, &next_proto_len);

  452.     if (next_proto_len != config->expected_next_proto.size() ||

  453.         memcmp(next_proto, config->expected_next_proto.data(),

  454.                next_proto_len) != 0) {

  455.       fprintf(stderr, "negotiated next proto mismatch\n");

  456.       return 2;

  457.     }

  458.   }

  459. 

  460.   if (!config->expected_alpn.empty()) {

  461.     const uint8_t *alpn_proto;

  462.     unsigned alpn_proto_len;

  463.     SSL_get0_alpn_selected(ssl, &alpn_proto, &alpn_proto_len);

  464.     if (alpn_proto_len != config->expected_alpn.size() ||

  465.         memcmp(alpn_proto, config->expected_alpn.data(),

  466.                alpn_proto_len) != 0) {

  467.       fprintf(stderr, "negotiated alpn proto mismatch\n");

  468.       return 2;

  469.     }

  470.   }

  471. 

  472.   if (!config->expected_channel_id.empty()) {

  473.     uint8_t channel_id[64];

  474.     if (!SSL_get_tls_channel_id(ssl, channel_id, sizeof(channel_id))) {

  475.       fprintf(stderr, "no channel id negotiated\n");

  476.       return 2;

  477.     }

  478.     if (config->expected_channel_id.size() != 64 ||

  479.         memcmp(config->expected_channel_id.data(),

  480.                channel_id, 64) != 0) {

  481.       fprintf(stderr, "channel id mismatch\n");

  482.       return 2;

  483.     }

  484.   }

  485. 

  486.   if (config->write_different_record_sizes) {

  487.     if (config->is_dtls) {

  488.       fprintf(stderr, "write_different_record_sizes not supported for DTLS\n");

  489.       return 6;

  490.     }

  491.     // This mode writes a number of different record sizes in an attempt to

  492.     // trip up the CBC record splitting code.

  493.     uint8_t buf[32769];

  494.     memset(buf, 0x42, sizeof(buf));

  495.     static const size_t kRecordSizes[] = {

  496.         0, 1, 255, 256, 257, 16383, 16384, 16385, 32767, 32768, 32769};

  497.     for (size_t i = 0; i < sizeof(kRecordSizes) / sizeof(kRecordSizes[0]);

  498.          i++) {

  499.       int w;

  500.       const size_t len = kRecordSizes[i];

  501.       size_t off = 0;

  502. 

  503.       if (len > sizeof(buf)) {

  504.         fprintf(stderr, "Bad kRecordSizes value.\n");

  505.         return 5;

  506.       }

  507. 

  508.       do {

  509.         w = SSL_write(ssl, buf + off, len - off);

  510.         if (w > 0) {

  511.           off += (size_t) w;

  512.         }

  513.       } while ((config->async && retry_async(ssl, w, bio)) ||

  514.                (w > 0 && off < len));

  515. 

  516.       if (w < 0 || off != len) {

  517.         SSL_free(ssl);

  518.         BIO_print_errors_fp(stdout);

  519.         return 4;

  520.       }

  521.     }

  522.   } else {

  523.     if (config->shim_writes_first) {

  524.       int w;

  525.       do {

  526.         w = SSL_write(ssl, "hello", 5);

  527.       } while (config->async && retry_async(ssl, w, bio));

  528.     }

  529.     for (;;) {

  530.       uint8_t buf[512];

  531.       int n;

  532.       do {

  533.         n = SSL_read(ssl, buf, sizeof(buf));

  534.       } while (config->async && retry_async(ssl, n, bio));

  535.       if (n < 0) {

  536.         SSL_free(ssl);

  537.         BIO_print_errors_fp(stdout);

  538.         return 3;

  539.       } else if (n == 0) {

  540.         break;

  541.       } else {

  542.         for (int i = 0; i < n; i++) {

  543.           buf[i] ^= 0xff;

  544.         }

  545.         int w;

  546.         do {

  547.           w = SSL_write(ssl, buf, n);

  548.         } while (config->async && retry_async(ssl, w, bio));

  549.         if (w != n) {

  550.           SSL_free(ssl);

  551.           BIO_print_errors_fp(stdout);

  552.           return 4;

  553.         }

  554.       }

  555.     }

  556.   }

  557. 

  558.   if (out_session) {

  559.     *out_session = SSL_get1_session(ssl);

  560.   }

  561. 

  562.   SSL_shutdown(ssl);

  563.   SSL_free(ssl);

  564.   return 0;

  565. }

  566. 

  567. int main(int argc, char **argv) {

  568. #if !defined(OPENSSL_WINDOWS)

  569.   signal(SIGPIPE, SIG_IGN);

  570. #endif

  571. 

  572.   if (!SSL_library_init()) {

  573.     return 1;

  574.   }

  575.   g_ex_data_index = SSL_get_ex_new_index(0, NULL, NULL, NULL, NULL);

  576. 

  577.   TestConfig config;

  578.   if (!ParseConfig(argc - 1, argv + 1, &config)) {

  579.     return usage(argv[0]);

  580.   }

  581. 

  582.   SSL_CTX *ssl_ctx = setup_ctx(&config);

  583.   if (ssl_ctx == NULL) {

  584.     BIO_print_errors_fp(stdout);

  585.     return 1;

  586.   }

  587. 

  588.   SSL_SESSION *session = NULL;

  589.   int ret = do_exchange(&session,

  590.                         ssl_ctx, &config,

  591.                         false /* is_resume */,

  592.                         3 /* fd */, NULL /* session */);

  593.   if (ret != 0) {

  594.     goto out;

  595.   }

  596. 

  597.   if (config.resume) {

  598.     ret = do_exchange(NULL,

  599.                       ssl_ctx, &config,

  600.                       true /* is_resume */,

  601.                       4 /* fd */,

  602.                       config.is_server ? NULL : session);

  603.     if (ret != 0) {

  604.       goto out;

  605.     }

  606.   }

  607. 

  608.   ret = 0;

  609. 

  610. out:

  611.   SSL_SESSION_free(session);

  612.   SSL_CTX_free(ssl_ctx);

  613.   return ret;

  614. }