0d62f26c36
Allow configuring digest preferences for the private key. Some smartcards have limited support for signing digests, notably Windows CAPI keys and old Estonian smartcards. Chromium used the supports_digest hook in SSL_PRIVATE_KEY_METHOD to limit such keys to SHA1. However, detecting those keys was a heuristic, so some SHA256-capable keys authenticating to SHA256-only servers regressed in the switch to BoringSSL. Replace this mechanism with an API to configure digest preference order. This way heuristically-detected SHA1-only keys may be configured by Chromium as SHA1-preferring rather than SHA1-requiring. In doing so, clean up the shared_sigalgs machinery somewhat. BUG=468076 Change-Id: I996a2df213ae4d8b4062f0ab85b15262ca26f3c6 Reviewed-on: https://boringssl-review.googlesource.com/5755 Reviewed-by: Adam Langley <agl@google.com>
106 lines
3.4 KiB
C++
106 lines
3.4 KiB
C++
/* Copyright (c) 2014, Google Inc.
|
|
*
|
|
* Permission to use, copy, modify, and/or distribute this software for any
|
|
* purpose with or without fee is hereby granted, provided that the above
|
|
* copyright notice and this permission notice appear in all copies.
|
|
*
|
|
* THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
|
|
* WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
|
|
* MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
|
|
* SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
|
|
* WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION
|
|
* OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN
|
|
* CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */
|
|
|
|
#ifndef HEADER_TEST_CONFIG
|
|
#define HEADER_TEST_CONFIG
|
|
|
|
#include <string>
|
|
|
|
|
|
struct TestConfig {
|
|
int port = 0;
|
|
bool is_server = false;
|
|
bool is_dtls = false;
|
|
bool resume = false;
|
|
bool fallback_scsv = false;
|
|
std::string digest_prefs;
|
|
std::string key_file;
|
|
std::string cert_file;
|
|
std::string expected_server_name;
|
|
std::string expected_certificate_types;
|
|
bool require_any_client_certificate = false;
|
|
std::string advertise_npn;
|
|
std::string expected_next_proto;
|
|
bool false_start = false;
|
|
std::string select_next_proto;
|
|
bool async = false;
|
|
bool write_different_record_sizes = false;
|
|
bool cbc_record_splitting = false;
|
|
bool partial_write = false;
|
|
bool no_tls12 = false;
|
|
bool no_tls11 = false;
|
|
bool no_tls1 = false;
|
|
bool no_ssl3 = false;
|
|
std::string expected_channel_id;
|
|
std::string send_channel_id;
|
|
bool shim_writes_first = false;
|
|
bool tls_d5_bug = false;
|
|
std::string host_name;
|
|
std::string advertise_alpn;
|
|
std::string expected_alpn;
|
|
std::string expected_advertised_alpn;
|
|
std::string select_alpn;
|
|
bool expect_session_miss = false;
|
|
bool expect_extended_master_secret = false;
|
|
std::string psk;
|
|
std::string psk_identity;
|
|
std::string srtp_profiles;
|
|
bool enable_ocsp_stapling = false;
|
|
std::string expected_ocsp_response;
|
|
bool enable_signed_cert_timestamps = false;
|
|
std::string expected_signed_cert_timestamps;
|
|
int min_version = 0;
|
|
int max_version = 0;
|
|
int mtu = 0;
|
|
bool implicit_handshake = false;
|
|
bool use_early_callback = false;
|
|
bool fail_early_callback = false;
|
|
bool install_ddos_callback = false;
|
|
bool fail_ddos_callback = false;
|
|
bool fail_second_ddos_callback = false;
|
|
std::string cipher;
|
|
std::string cipher_tls10;
|
|
std::string cipher_tls11;
|
|
bool handshake_never_done = false;
|
|
int export_keying_material = 0;
|
|
std::string export_label;
|
|
std::string export_context;
|
|
bool use_export_context = false;
|
|
bool reject_peer_renegotiations = false;
|
|
bool no_legacy_server_connect = false;
|
|
bool tls_unique = false;
|
|
bool use_async_private_key = false;
|
|
bool expect_ticket_renewal = false;
|
|
bool expect_no_session = false;
|
|
bool use_ticket_callback = false;
|
|
bool renew_ticket = false;
|
|
bool enable_client_custom_extension = false;
|
|
bool enable_server_custom_extension = false;
|
|
bool custom_extension_skip = false;
|
|
bool custom_extension_fail_add = false;
|
|
std::string ocsp_response;
|
|
bool check_close_notify = false;
|
|
bool shim_shuts_down = false;
|
|
bool microsoft_big_sslv3_buffer = false;
|
|
bool verify_fail = false;
|
|
bool verify_peer = false;
|
|
bool expect_verify_result = false;
|
|
std::string signed_cert_timestamps;
|
|
};
|
|
|
|
bool ParseConfig(int argc, char **argv, TestConfig *out_config);
|
|
|
|
|
|
#endif // HEADER_TEST_CONFIG
|