diff options
| author | Matt Caswell <matt@openssl.org> | 2017-03-14 14:16:19 +0000 |
|---|---|---|
| committer | Matt Caswell <matt@openssl.org> | 2017-03-14 14:29:31 +0000 |
| commit | 64e2b23ce3b75fc6c73ac8c979894e190c9e78d1 (patch) | |
| tree | 99c385ea2d250bec56fa655d52edcb85b7151cc0 | |
| parent | 49619ab008a651e49e7524c73ba6fb4b3c96f67f (diff) | |
Fix 12 Boring tests involving NULL-SHA ciphersuites
The Boring runner attempts to enable the NULL-SHA ciphersuite using the
cipherstring "DEFAULT:NULL-SHA". However in OpenSSL DEFAULT permanently
switches off NULL ciphersuites, so we fix this up to be "ALL:NULL-SHA"
instead. We can't change the runner so we have to change the shim to
detect this.
(Merged from https://github.com/openssl/openssl/pull/2933)
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Emilia Käsper <emilia@openssl.org>
| -rw-r--r-- | test/ossl_shim/ossl_config.json | 20 | ||||
| -rw-r--r-- | test/ossl_shim/test_config.cc | 16 |
2 files changed, 19 insertions, 17 deletions
diff --git a/test/ossl_shim/ossl_config.json b/test/ossl_shim/ossl_config.json index e342082603..cdde095347 100644 --- a/test/ossl_shim/ossl_config.json +++ b/test/ossl_shim/ossl_config.json @@ -36,22 +36,10 @@ "KeyUpdate-Server":"Test failure - reason unknown", "SSL3-ECDHE-PSK-AES128-CBC-SHA-server":"Test failure - reason unknown", "SSL3-ECDHE-PSK-AES256-CBC-SHA-server":"Test failure - reason unknown", - "SSL3-NULL-SHA-server":"Test failure - reason unknown", - "SSL3-NULL-SHA-client":"Test failure - reason unknown", - "SSL3-NULL-SHA-LargeRecord":"Test failure - reason unknown", - "SSL3-NULL-SHA-BadRecord":"Test failure - reason unknown", - "TLS1-NULL-SHA-server":"Test failure - reason unknown", - "TLS1-NULL-SHA-LargeRecord":"Test failure - reason unknown", - "TLS1-NULL-SHA-BadRecord":"Test failure - reason unknown", - "TLS11-NULL-SHA-server":"Test failure - reason unknown", - "TLS1-NULL-SHA-client":"Test failure - reason unknown", - "TLS11-NULL-SHA-client":"Test failure - reason unknown", - "TLS11-NULL-SHA-LargeRecord":"Test failure - reason unknown", - "TLS12-NULL-SHA-client":"Test failure - reason unknown", - "TLS12-NULL-SHA-server":"Test failure - reason unknown", - "TLS12-NULL-SHA-LargeRecord":"Test failure - reason unknown", - "TLS11-NULL-SHA-BadRecord":"Test failure - reason unknown", - "TLS12-NULL-SHA-BadRecord":"Test failure - reason unknown", + "DTLS1-NULL-SHA-server":"Test failure - reason unknown", + "DTLS1-NULL-SHA-client":"Test failure - reason unknown", + "DTLS12-NULL-SHA-client":"Test failure - reason unknown", + "DTLS12-NULL-SHA-server":"Test failure - reason unknown", "BadECDSA-1-4":"Test failure - reason unknown", "BadECDSA-3-4":"Test failure - reason unknown", "BadECDSA-4-1":"Test failure - reason unknown", diff --git a/test/ossl_shim/test_config.cc b/test/ossl_shim/test_config.cc index 0fe7ba81a4..6e43c8da77 100644 --- a/test/ossl_shim/test_config.cc +++ b/test/ossl_shim/test_config.cc @@ -133,12 +133,26 @@ bool ParseConfig(int argc, char **argv, TestConfig *out_config) { std::string *string_field = FindField(out_config, kStringFlags, argv[i]); if (string_field != NULL) { + const char *val; + i++; if (i >= argc) { fprintf(stderr, "Missing parameter\n"); return false; } - string_field->assign(argv[i]); + + /* + * Fix up the -cipher argument. runner uses "DEFAULT:NULL-SHA" to enable + * the NULL-SHA cipher. However in OpenSSL "DEFAULT" permanently switches + * off NULL ciphers, so we use "ALL:NULL-SHA" instead. + */ + if (strcmp(argv[i - 1], "-cipher") == 0 + && strcmp(argv[i], "DEFAULT:NULL-SHA") == 0) + val = "ALL:NULL-SHA"; + else + val = argv[i]; + + string_field->assign(val); continue; } |