From 8c2b3bf965b175b799cad0600496f3899a05663d Mon Sep 17 00:00:00 2001 From: David Benjamin Date: Fri, 18 Dec 2015 20:55:44 -0500 Subject: [PATCH] Test all supported curves (including those off by default). Change-Id: I54b2b354ab3d227305f829839e82e7ae7292fd7d Reviewed-on: https://boringssl-review.googlesource.com/6774 Reviewed-by: Adam Langley --- ssl/test/bssl_shim.cc | 9 +++++++++ ssl/test/runner/runner.go | 33 +++++++++++++++++++++++++++++++++ ssl/test/test_config.cc | 1 + ssl/test/test_config.h | 1 + 4 files changed, 44 insertions(+) diff --git a/ssl/test/bssl_shim.cc b/ssl/test/bssl_shim.cc index ee76aea0..13edeede 100644 --- a/ssl/test/bssl_shim.cc +++ b/ssl/test/bssl_shim.cc @@ -1237,6 +1237,15 @@ static bool DoExchange(ScopedSSL_SESSION *out_session, SSL_CTX *ssl_ctx, return false; } } + if (config->enable_all_curves) { + static const int kAllCurves[] = { + NID_secp224r1, NID_X9_62_prime256v1, NID_secp384r1, NID_secp521r1, + }; + if (!SSL_set1_curves(ssl.get(), kAllCurves, + sizeof(kAllCurves) / sizeof(kAllCurves[0]))) { + return false; + } + } int sock = Connect(config->port); if (sock == -1) { diff --git a/ssl/test/runner/runner.go b/ssl/test/runner/runner.go index 59c04fb7..6f2bb4ec 100644 --- a/ssl/test/runner/runner.go +++ b/ssl/test/runner/runner.go @@ -4618,6 +4618,38 @@ func addRSAClientKeyExchangeTests() { } } +var testCurves = []struct { + name string + id CurveID +}{ + {"P-224", CurveP224}, + {"P-256", CurveP256}, + {"P-384", CurveP384}, + {"P-521", CurveP521}, +} + +func addCurveTests() { + for _, curve := range testCurves { + testCases = append(testCases, testCase{ + name: "CurveTest-Client-" + curve.name, + config: Config{ + CipherSuites: []uint16{TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256}, + CurvePreferences: []CurveID{curve.id}, + }, + flags: []string{"-enable-all-curves"}, + }) + testCases = append(testCases, testCase{ + testType: serverTest, + name: "CurveTest-Server-" + curve.name, + config: Config{ + CipherSuites: []uint16{TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256}, + CurvePreferences: []CurveID{curve.id}, + }, + flags: []string{"-enable-all-curves"}, + }) + } +} + func worker(statusChan chan statusMsg, c chan *testCase, shimPath string, wg *sync.WaitGroup) { defer wg.Done() @@ -4715,6 +4747,7 @@ func main() { addTLSUniqueTests() addCustomExtensionTests() addRSAClientKeyExchangeTests() + addCurveTests() for _, async := range []bool{false, true} { for _, splitHandshake := range []bool{false, true} { for _, protocol := range []protocol{tls, dtls} { diff --git a/ssl/test/test_config.cc b/ssl/test/test_config.cc index d2c66f24..46991fac 100644 --- a/ssl/test/test_config.cc +++ b/ssl/test/test_config.cc @@ -96,6 +96,7 @@ const Flag kBoolFlags[] = { { "-renegotiate-ignore", &TestConfig::renegotiate_ignore }, { "-disable-npn", &TestConfig::disable_npn }, { "-p384-only", &TestConfig::p384_only }, + { "-enable-all-curves", &TestConfig::enable_all_curves }, { "-use-sparse-dh-prime", &TestConfig::use_sparse_dh_prime }, }; diff --git a/ssl/test/test_config.h b/ssl/test/test_config.h index 76ac3759..685f92d7 100644 --- a/ssl/test/test_config.h +++ b/ssl/test/test_config.h @@ -99,6 +99,7 @@ struct TestConfig { bool disable_npn = false; int expect_server_key_exchange_hash = 0; bool p384_only = false; + bool enable_all_curves = false; bool use_sparse_dh_prime = false; };