kris
/
boringssl
1
0
Fork 0
Code Issues 0 Pull Requests 0 Releases 0 Wiki Activity
Browse Source

Test that client cipher preferences are enforced. 

Change-Id: I6e760cfd785c0c5688da6f7d3d3092a8add40409
Reviewed-on: https://boringssl-review.googlesource.com/4070
Reviewed-by: Adam Langley <agl@google.com>
kris/onging/CECPQ3_patch15
David Benjamin 9 years ago
committed by Adam Langley
parent
642f1498d0
commit
67d1fb59ad
6 changed files with 25 additions and 0 deletions
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. +4
    -0
      ssl/test/bssl_shim.cc
  2. +4
    -0
      ssl/test/runner/common.go
  3. +3
    -0
      ssl/test/runner/handshake_server.go
  4. +12
    -0
      ssl/test/runner/runner.go
  5. +1
    -0
      ssl/test/test_config.cc
  6. +1
    -0
      ssl/test/test_config.h

+ 4
- 0
ssl/test/bssl_shim.cc View File

@@ -615,6 +615,10 @@ static bool DoExchange(ScopedSSL_SESSION *out_session, SSL_CTX *ssl_ctx,
if (config->install_ddos_callback) {
SSL_CTX_set_dos_protection_cb(ssl_ctx, DDoSCallback);
}
if (!config->cipher.empty() &&
!SSL_set_cipher_list(ssl.get(), config->cipher.c_str())) {
return false;
}

int sock = Connect(config->port);
if (sock == -1) {


+ 4
- 0
ssl/test/runner/common.go View File

@@ -671,6 +671,10 @@ type ProtocolBugs struct {
// NoSignatureAlgorithmsOnRenego, if true, causes renegotiations to omit
// the signature_algorithms extension.
NoSignatureAlgorithmsOnRenego bool

// IgnorePeerCipherPreferences, if true, causes the peer's cipher
// preferences to be ignored.
IgnorePeerCipherPreferences bool
}

func (c *Config) serverInit() {


+ 3
- 0
ssl/test/runner/handshake_server.go View File

@@ -340,6 +340,9 @@ Curves:
return false, errors.New("tls: fallback SCSV found when not expected")
}

if config.Bugs.IgnorePeerCipherPreferences {
hs.clientHello.cipherSuites = c.config.cipherSuites()
}
var preferenceList, supportedList []uint16
if c.config.PreferServerCipherSuites {
preferenceList = c.config.cipherSuites()


+ 12
- 0
ssl/test/runner/runner.go View File

@@ -892,6 +892,18 @@ var testCases = []testCase{
},
},
},
{
name: "UnsupportedCipherSuite",
config: Config{
CipherSuites: []uint16{TLS_RSA_WITH_RC4_128_SHA},
Bugs: ProtocolBugs{
IgnorePeerCipherPreferences: true,
},
},
flags: []string{"-cipher", "DEFAULT:!RC4"},
shouldFail: true,
expectedError: ":WRONG_CIPHER_RETURNED:",
},
}

func doExchange(test *testCase, config *Config, conn net.Conn, messageLen int, isResume bool) error {


+ 1
- 0
ssl/test/test_config.cc View File

@@ -96,6 +96,7 @@ const Flag<std::string> kStringFlags[] = {
{ "-psk", &TestConfig::psk },
{ "-psk-identity", &TestConfig::psk_identity },
{ "-srtp-profiles", &TestConfig::srtp_profiles },
{ "-cipher", &TestConfig::cipher },
};

const Flag<std::string> kBase64Flags[] = {


+ 1
- 0
ssl/test/test_config.h View File

@@ -73,6 +73,7 @@ struct TestConfig {
bool install_ddos_callback;
bool fail_ddos_callback;
bool fail_second_ddos_callback;
std::string cipher;
};

bool ParseConfig(int argc, char **argv, TestConfig *out_config);


Write Preview
Loading…
Cancel
Save