Remove OPENSSL_SSL_DEBUG_BROKEN_PROTOCOL.

We patch bugs into the runner implementation for testing, not our own.

Change-Id: I0a8ac73eaeb70db131c01a0fd9c84f258589a884
Reviewed-on: https://boringssl-review.googlesource.com/1845
Reviewed-by: Adam Langley <agl@google.com>
This commit is contained in:
David Benjamin 2014-09-30 17:46:36 -04:00 committed by Adam Langley
parent 5b33a5e0dd
commit ef5c4946f3
4 changed files with 0 additions and 59 deletions

View File

@ -564,9 +564,6 @@ struct ssl_session_st
*/
#define SSL_CERT_FLAG_TLS_STRICT 0x00000001L
/* Perform all sorts of protocol violations for testing purposes */
#define SSL_CERT_FLAG_BROKEN_PROTOCOL 0x10000000
/* Flags for building certificate chains */
/* Treat any existing certificates as untrusted CAs */
#define SSL_BUILD_CHAIN_FLAG_UNTRUSTED 0x1

View File

@ -578,10 +578,6 @@ static void ssl_cipher_apply_rule(unsigned long cipher_id,
{
#ifdef CIPHER_DEBUG
printf("\nName: %s:\nAlgo = %08lx/%08lx/%08lx/%08lx/%08lx Algo_strength = %08lx\n", cp->name, cp->algorithm_mkey, cp->algorithm_auth, cp->algorithm_enc, cp->algorithm_mac, cp->algorithm_ssl, cp->algo_strength);
#endif
#ifdef OPENSSL_SSL_DEBUG_BROKEN_PROTOCOL
if (cipher_id && cipher_id != cp->id)
continue;
#endif
if (alg_mkey && !(alg_mkey & cp->algorithm_mkey))
continue;

View File

@ -2282,14 +2282,6 @@ CERT_PKEY *ssl_get_server_send_pkey(const SSL *s)
c = s->cert;
ssl_set_cert_masks(c, s->s3->tmp.new_cipher);
#ifdef OPENSSL_SSL_DEBUG_BROKEN_PROTOCOL
/* Broken protocol test: return last used certificate: which may
* mismatch the one expected.
*/
if (c->cert_flags & SSL_CERT_FLAG_BROKEN_PROTOCOL)
return c->key;
#endif
i = ssl_get_server_cert_index(s);
/* This may or may not be an error. */
@ -2309,15 +2301,6 @@ EVP_PKEY *ssl_get_sign_pkey(SSL *s,const SSL_CIPHER *cipher, const EVP_MD **pmd)
alg_a = cipher->algorithm_auth;
c=s->cert;
#ifdef OPENSSL_SSL_DEBUG_BROKEN_PROTOCOL
/* Broken protocol test: use last key: which may
* mismatch the one expected.
*/
if (c->cert_flags & SSL_CERT_FLAG_BROKEN_PROTOCOL)
idx = c->key - c->pkeys;
else
#endif
if (alg_a & SSL_aRSA)
{
if (c->pkeys[SSL_PKEY_RSA_SIGN].privatekey != NULL)

View File

@ -2672,32 +2672,6 @@ int tls1_process_sigalgs(SSL *s, const CBS *sigalgs)
tls1_set_shared_sigalgs(s);
#ifdef OPENSSL_SSL_DEBUG_BROKEN_PROTOCOL
if (s->cert->cert_flags & SSL_CERT_FLAG_BROKEN_PROTOCOL)
{
/* Use first set signature preference to force message
* digest, ignoring any peer preferences.
*/
const unsigned char *sigs = NULL;
if (s->server)
sigs = c->conf_sigalgs;
else
sigs = c->client_sigalgs;
if (sigs)
{
idx = tls12_get_pkey_idx(sigs[1]);
md = tls12_get_hash(sigs[0]);
c->pkeys[idx].digest = md;
c->pkeys[idx].valid_flags = CERT_PKEY_EXPLICIT_SIGN;
if (idx == SSL_PKEY_RSA_SIGN)
{
c->pkeys[SSL_PKEY_RSA_ENC].valid_flags = CERT_PKEY_EXPLICIT_SIGN;
c->pkeys[SSL_PKEY_RSA_ENC].digest = md;
}
}
}
#endif
for (i = 0, sigptr = c->shared_sigalgs;
i < c->shared_sigalgslen; i++, sigptr++)
{
@ -2960,15 +2934,6 @@ int tls1_check_chain(SSL *s, X509 *x, EVP_PKEY *pk, STACK_OF(X509) *chain,
/* If no cert or key, forget it */
if (!x || !pk)
goto end;
#ifdef OPENSSL_SSL_DEBUG_BROKEN_PROTOCOL
/* Allow any certificate to pass test */
if (s->cert->cert_flags & SSL_CERT_FLAG_BROKEN_PROTOCOL)
{
rv = CERT_PKEY_STRICT_FLAGS|CERT_PKEY_EXPLICIT_SIGN|CERT_PKEY_VALID|CERT_PKEY_SIGN;
cpk->valid_flags = rv;
return rv;
}
#endif
}
else
{