summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
Diffstat
-rw-r--r--.gitattributes1
-rw-r--r--.github/workflows/ci.yml2
-rw-r--r--.gitmodules4
-rw-r--r--INSTALL.md2
m---------boringssl0
-rw-r--r--test/README-external.md63
-rw-r--r--test/build.info2
-rw-r--r--test/data2.bin245
-rw-r--r--test/ossl_shim/async_bio.cc183
-rw-r--r--test/ossl_shim/async_bio.h39
-rw-r--r--test/ossl_shim/build.info6
-rw-r--r--test/ossl_shim/include/openssl/base.h114
-rw-r--r--test/ossl_shim/ossl_config.json301
-rw-r--r--test/ossl_shim/ossl_shim.cc1312
-rw-r--r--test/ossl_shim/packeted_bio.cc299
-rw-r--r--test/ossl_shim/packeted_bio.h35
-rw-r--r--test/ossl_shim/test_config.cc195
-rw-r--r--test/ossl_shim/test_config.h90
-rw-r--r--test/recipes/95-test_external_boringssl.t30
19 files changed, 60 insertions, 2863 deletions
diff --git a/.gitattributes b/.gitattributes
index 6771355ff7..6bd7389c8a 100644
--- a/.gitattributes
+++ b/.gitattributes
@@ -8,7 +8,6 @@ fuzz/corpora/** export-ignore
Configurations/*.norelease.conf export-ignore
.* export-ignore
util/mktar.sh export-ignore
-boringssl export-ignore
krb5 export-ignore
pyca-cryptography export-ignore
dev export-ignore
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
index 7adc2ab746..ad24aaa5b8 100644
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -200,7 +200,5 @@ jobs:
run: make test TESTS="test_external_gost_engine"
- name: test external krb5
run: make test TESTS="test_external_krb5"
-# - name: test external boringssl
-# run: BORING_RUNNER_DIR=$(pwd)/boringssl/ssl/test/runner make test TESTS="test_external_boringssl"
# - name: test external pyca
# run: make test TESTS="test_external_pyca"
diff --git a/.gitmodules b/.gitmodules
index 637e7ade7e..955140d60d 100644
--- a/.gitmodules
+++ b/.gitmodules
@@ -1,7 +1,3 @@
-[submodule "boringssl"]
- path = boringssl
- url = https://boringssl.googlesource.com/boringssl
-
[submodule "pyca.cryptography"]
path = pyca-cryptography
url = https://github.com/pyca/cryptography.git
diff --git a/INSTALL.md b/INSTALL.md
index d6ef21d20e..14b6118c36 100644
--- a/INSTALL.md
+++ b/INSTALL.md
@@ -692,7 +692,7 @@ Enable building of integration with external test suites.
This is a developer option and may not work on all platforms. The following
external test suites are currently supported:
- - BoringSSL test suite
+ - GOST engine test suite
- Python PYCA/Cryptography test suite
- krb5 test suite
diff --git a/boringssl b/boringssl
deleted file mode 160000
-Subproject 2070f8ad9151dc8f3a73bffaa146b5e6937a583
diff --git a/test/README-external.md b/test/README-external.md
index b06deaac4f..3e10526b85 100644
--- a/test/README-external.md
+++ b/test/README-external.md
@@ -5,69 +5,6 @@ It is possible to integrate external test suites into OpenSSL's `make test`.
This capability is considered a developer option and does not work on all
platforms.
-The BoringSSL test suite
-========================
-
-In order to run the BoringSSL tests with OpenSSL, first checkout the BoringSSL
-source code into an appropriate directory. This can be done in two ways:
-
-1) Separately from the OpenSSL checkout using:
-
- $ git clone https://boringssl.googlesource.com/boringssl boringssl
-
- The BoringSSL tests are only confirmed to work at a specific commit in the
- BoringSSL repository. Later commits may or may not pass the test suite:
-
- $ cd boringssl
- $ git checkout 490469f850e
-
-2) Using the already configured submodule settings in OpenSSL:
-
- $ git submodule update --init
-
-Configure the OpenSSL source code to enable the external tests:
-
- $ cd ../openssl
- $ ./config enable-ssl3 enable-ssl3-method enable-weak-ssl-ciphers \
- enable-external-tests
-
-Note that using other config options than those given above may cause the tests
-to fail.
-
-Run the OpenSSL tests by providing the path to the BoringSSL test runner in the
-`BORING_RUNNER_DIR` environment variable:
-
- $ BORING_RUNNER_DIR=/path/to/boringssl/ssl/test/runner make test
-
-Note that the test suite may change directory while running so the path provided
-should be absolute and not relative to the current working directory.
-
-To see more detailed output you can run just the BoringSSL tests with the
-verbose option:
-
- $ VERBOSE=1 BORING_RUNNER_DIR=/path/to/boringssl/ssl/test/runner make \
- TESTS="test_external_boringssl" test
-
-Test failures and suppressions
-------------------------------
-
-A large number of the BoringSSL tests are known to fail. A test could fail
-because of many possible reasons. For example:
-
-- A bug in OpenSSL
-- Different interpretations of standards
-- Assumptions about the way BoringSSL works that do not apply to OpenSSL
-- The test uses APIs added to BoringSSL that are not present in OpenSSL
-- etc
-
-In order to provide a "clean" baseline run with all the tests passing a config
-file has been provided that suppresses the running of tests that are known to
-fail. These suppressions are held in the file "test/ossl_shim/ossl_config.json"
-within the OpenSSL source code.
-
-The community is encouraged to contribute patches which reduce the number of
-suppressions that are currently present.
-
Python PYCA/Cryptography test suite
===================================
diff --git a/test/build.info b/test/build.info
index 8abb14f634..b31e5dedd5 100644
--- a/test/build.info
+++ b/test/build.info
@@ -1,5 +1,3 @@
-SUBDIRS=ossl_shim
-
# TODO: use ../apps/libapps.a instead of direct ../apps/lib source.
# This can't currently be done, because some of its units drag in too many
# unresolved references that don't apply here.
diff --git a/test/data2.bin b/test/data2.bin
index c4f9691a26..40c1bdad13 100644
--- a/test/data2.bin
+++ b/test/data2.bin
@@ -1,188 +1,61 @@
TEST DATA2
-Running external test suites with OpenSSL
-=========================================
-
-It is possible to integrate external test suites into OpenSSL's "make test".
-This capability is considered a developer option and does not work on all
-platforms.
-
-
-
-The BoringSSL test suite
-========================
-
-In order to run the BoringSSL tests with OpenSSL, first checkout the BoringSSL
-source code into an appropriate directory. This can be done in two ways:
-
-1) Separately from the OpenSSL checkout using:
-
- $ git clone https://boringssl.googlesource.com/boringssl boringssl
-
- The BoringSSL tests are only confirmed to work at a specific commit in the
- BoringSSL repository. Later commits may or may not pass the test suite:
-
- $ cd boringssl
- $ git checkout 490469f850e
-
-2) Using the already configured submodule settings in OpenSSL:
-
- $ git submodule update --init
-
-Configure the OpenSSL source code to enable the external tests:
-
-$ cd ../openssl
-$ ./config enable-ssl3 enable-ssl3-method enable-weak-ssl-ciphers \
- enable-external-tests
-
-Note that using other config options than those given above may cause the tests
-to fail.
-
-Run the OpenSSL tests by providing the path to the BoringSSL test runner in the
-BORING_RUNNER_DIR environment variable:
-
-$ BORING_RUNNER_DIR=/path/to/boringssl/ssl/test/runner make test
-
-Note that the test suite may change directory while running so the path provided
-should be absolute and not relative to the current working directory.
-
-To see more detailed output you can run just the BoringSSL tests with the
-verbose option:
-
-$ VERBOSE=1 BORING_RUNNER_DIR=/path/to/boringssl/ssl/test/runner make \
- TESTS="test_external_boringssl" test
-
-
-Test failures and suppressions
-------------------------------
-
-A large number of the BoringSSL tests are known to fail. A test could fail
-because of many possible reasons. For example:
-
-- A bug in OpenSSL
-- Different interpretations of standards
-- Assumptions about the way BoringSSL works that do not apply to OpenSSL
-- The test uses APIs added to BoringSSL that are not present in OpenSSL
-- etc
-
-In order to provide a "clean" baseline run with all the tests passing a config
-file has been provided that suppresses the running of tests that are known to
-fail. These suppressions are held in the file "test/ossl_shim/ossl_config.json"
-within the OpenSSL source code.
-
-The community is encouraged to contribute patches which reduce the number of
-suppressions that are currently present.
-
-
-Python PYCA/Cryptography test suite
-===================================
-
-This python test suite runs cryptographic tests with a local OpenSSL build as
-the implementation.
-
-First checkout the PYCA/Cryptography module into ./pyca-cryptography using:
-
-$ git submodule update --init
-
-Then configure/build OpenSSL compatible with the python module:
-
-$ ./config shared enable-external-tests
-$ make
-
-The tests will run in a python virtual environment which requires virtualenv
-to be installed.
-
-$ make test VERBOSE=1 TESTS=test_external_pyca
-
-Test failures and suppressions
-------------------------------
-
-Some tests target older (<=1.0.2) versions so will not run. Other tests target
-other crypto implementations so are not relevant. Currently no tests fail.
-
-
-krb5 test suite
-===============
-
-Much like the PYCA/Cryptography test suite, this builds and runs the krb5
-tests against the local OpenSSL build.
-
-You will need a git checkout of krb5 at the top level:
-
-$ git clone https://github.com/krb5/krb5
-
-krb5's master has to pass this same CI, but a known-good version is
-krb5-1.15.1-final if you want to be sure.
-
-$ cd krb5
-$ git checkout krb5-1.15.1-final
-$ cd ..
-
-OpenSSL must be built with external tests enabled:
-
-$ ./config enable-external-tests
-$ make
-
-krb5's tests will then be run as part of the rest of the suite, or can be
-explicitly run (with more debugging):
-
-$ VERBOSE=1 make TESTS=test_external_krb5 test
-
-Test-failures suppressions
---------------------------
-
-krb5 will automatically adapt its test suite to account for the configuration
-of your system. Certain tests may require more installed packages to run. No
-tests are expected to fail.
-
-
-GOST engine test suite
-===============
-
-Much like the PYCA/Cryptography test suite, this builds and runs the GOST engine
-tests against the local OpenSSL build.
-
-You will need a git checkout of gost-engine at the top level:
-
-$ git submodule update --init
-
-Then configure/build OpenSSL enabling external tests:
-
-$ ./config shared enable-external-tests
-$ make
-
-GOST engine requires CMake for the build process.
-
-GOST engine tests will then be run as part of the rest of the suite, or can be
-explicitly run (with more debugging):
-
-$ make test VERBOSE=1 TESTS=test_external_gost_engine
-
-Updating test suites
-====================
-
-To update the commit for any of the above test suites:
-
-- Make sure the submodules are cloned locally:
-
- $ git submodule update --init --recursive
-
-- Enter subdirectory and pull from the repository (use a specific branch/tag if required):
-
- $ cd <submodule-dir>
- $ git pull origin master
-
-- Go to root directory, there should be a new git status:
-
- $ cd ../
- $ git status
- ...
- # modified: <submodule-dir> (new commits)
- ...
-
-- Add/commit/push the update
-
- git add <submodule-dir>
- git commit -m "Updated <submodule> to latest commit"
- git push
-
+This is just some data that is meant to be different from the contents
+of the data.bin file.
+
+Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod
+tempor incididunt ut labore et dolore magna aliqua. Hendrerit dolor magna
+eget est. Integer enim neque volutpat ac tincidunt vitae. Erat imperdiet
+sed euismod nisi porta. Sit amet volutpat consequat mauris nunc.
+Fermentum leo vel orci porta non. Purus viverra accumsan in nisl.
+Volutpat maecenas volutpat blandit aliquam etiam erat velit scelerisque.
+Gravida in fermentum et sollicitudin ac orci phasellus. Ut eu sem integer
+vitae justo eget. Enim tortor at auctor urna nunc id. Laoreet non
+curabitur gravida arcu ac tortor dignissim convallis aenean. A lacus
+vestibulum sed arcu non odio euismod lacinia. In metus vulputate eu
+scelerisque felis imperdiet proin fermentum. Semper quis lectus nulla at
+volutpat diam ut venenatis tellus. Hac habitasse platea dictumst quisque.
+Augue ut lectus arcu bibendum at varius vel pharetra. Nisl nunc mi ipsum
+faucibus vitae aliquet. Nec sagittis aliquam malesuada bibendum arcu
+vitae. Tellus id interdum velit laoreet id donec ultrices.
+
+Eget gravida cum sociis natoque. Nunc vel risus commodo viverra maecenas
+accumsan. Enim lobortis scelerisque fermentum dui faucibus. Quis eleifend
+quam adipiscing vitae. Nec nam aliquam sem et tortor. Pharetra massa
+massa ultricies mi quis hendrerit. Tellus in metus vulputate eu
+scelerisque. Et ultrices neque ornare aenean euismod elementum. Tellus
+mauris a diam maecenas sed enim ut sem viverra. Fermentum leo vel orci
+porta non pulvinar neque. Risus nullam eget felis eget nunc. Sed tempus
+urna et pharetra pharetra massa massa ultricies. Dui sapien eget mi
+proin. Vitae elementum curabitur vitae nunc sed velit dignissim sodales.
+Sed arcu non odio euismod lacinia at. Enim praesent elementum facilisis
+leo vel fringilla. Vel facilisis volutpat est velit egestas dui id ornare
+arcu. Arcu dictum varius duis at. Pretium lectus quam id leo in vitae.
+
+Egestas fringilla phasellus faucibus scelerisque eleifend donec. Ut
+ornare lectus sit amet est placerat in egestas. Viverra ipsum nunc
+aliquet bibendum enim facilisis gravida neque. Commodo ullamcorper a
+lacus vestibulum. Urna molestie at elementum eu. Mi in nulla posuere
+sollicitudin aliquam ultrices sagittis orci a. Orci sagittis eu volutpat
+odio facilisis mauris sit. Volutpat ac tincidunt vitae semper quis.
+Adipiscing elit duis tristique sollicitudin nibh. Dignissim enim sit amet
+venenatis urna cursus. Lacus luctus accumsan tortor posuere ac ut. Eu
+feugiat pretium nibh ipsum consequat nisl. Arcu risus quis varius quam
+quisque id diam. Urna nec tincidunt praesent semper feugiat nibh sed. Sed
+libero enim sed faucibus turpis in eu mi.
+
+Suspendisse faucibus interdum posuere lorem ipsum dolor sit amet. Aliquet
+eget sit amet tellus cras adipiscing enim. Lectus proin nibh nisl
+condimentum id. Et odio pellentesque diam volutpat commodo sed egestas
+egestas. Tempor id eu nisl nunc mi ipsum. Egestas erat imperdiet sed
+euismod nisi porta lorem mollis aliquam. Pretium quam vulputate dignissim
+suspendisse in est. Volutpat commodo sed egestas egestas fringilla. In
+aliquam sem fringilla ut. Viverra accumsan in nisl nisi. Nam at lectus
+urna duis convallis convallis. Tortor posuere ac ut consequat semper.
+Pellentesque habitant morbi tristique senectus et netus et malesuada.
+Aliquet enim tortor at auctor urna nunc id cursus metus. Sit amet luctus
+venenatis lectus magna. A diam maecenas sed enim ut sem viverra aliquet.
+Pellentesque sit amet porttitor eget dolor morbi. Eget lorem dolor sed
+viverra ipsum nunc aliquet bibendum enim. Iaculis urna id volutpat lacus
+laoreet non curabitur. Mattis vulputate enim nulla aliquet porttitor
+lacus luctus accumsan tortor.
diff --git a/test/ossl_shim/async_bio.cc b/test/ossl_shim/async_bio.cc
deleted file mode 100644
index b21e5af51b..0000000000
--- a/test/ossl_shim/async_bio.cc
+++ /dev/null
@@ -1,183 +0,0 @@
-/*
- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
- * Licensed under the Apache License 2.0 (the "License"). You may not use
- * this file except in compliance with the License. You can obtain a copy
- * in the file LICENSE in the source distribution or at
- * https://www.openssl.org/source/license.html
- */
-
-#include "async_bio.h"
-
-#include <errno.h>
-#include <string.h>
-
-#include <openssl/bio.h>
-#include <openssl/crypto.h>
-
-
-namespace {
-
-struct AsyncBio {
- bool datagram;
- bool enforce_write_quota;
- size_t read_quota;
- size_t write_quota;
-};
-
-AsyncBio *GetData(BIO *bio) {
- return (AsyncBio *)BIO_get_data(bio);
-}
-
-static int AsyncWrite(BIO *bio, const char *in, int inl) {
- AsyncBio *a = GetData(bio);
- if (a == NULL || BIO_next(bio) == NULL) {
- return 0;
- }
-
- if (!a->enforce_write_quota) {
- return BIO_write(BIO_next(bio), in, inl);
- }
-
- BIO_clear_retry_flags(bio);
-
- if (a->write_quota == 0) {
- BIO_set_retry_write(bio);
- errno = EAGAIN;
- return -1;
- }
-
- if (!a->datagram && (size_t)inl > a->write_quota) {
- inl = a->write_quota;
- }
- int ret = BIO_write(BIO_next(bio), in, inl);
- if (ret <= 0) {
- BIO_copy_next_retry(bio);
- } else {
- a->write_quota -= (a->datagram ? 1 : ret);
- }
- return ret;
-}
-
-static int AsyncRead(BIO *bio, char *out, int outl) {
- AsyncBio *a = GetData(bio);
- if (a == NULL || BIO_next(bio) == NULL) {
- return 0;
- }
-
- BIO_clear_retry_flags(bio);
-
- if (a->read_quota == 0) {
- BIO_set_retry_read(bio);
- errno = EAGAIN;
- return -1;
- }
-
- if (!a->datagram && (size_t)outl > a->read_quota) {
- outl = a->read_quota;
- }
- int ret = BIO_read(BIO_next(bio), out, outl);
- if (ret <= 0) {
- BIO_copy_next_retry(bio);
- } else {
- a->read_quota -= (a->datagram ? 1 : ret);
- }
- return ret;
-}
-
-static long AsyncCtrl(BIO *bio, int cmd, long num, void *ptr) {
- if (BIO_next(bio) == NULL) {
- return 0;
- }
- BIO_clear_retry_flags(bio);
- int ret = BIO_ctrl(BIO_next(bio), cmd, num, ptr);
- BIO_copy_next_retry(bio);
- return ret;
-}
-
-static int AsyncNew(BIO *bio) {
- AsyncBio *a = (AsyncBio *)OPENSSL_malloc(sizeof(*a));
- if (a == NULL) {
- return 0;
- }
- memset(a, 0, sizeof(*a));
- a->enforce_write_quota = true;
- BIO_set_init(bio, 1);
- BIO_set_data(bio, a);
- return 1;
-}
-
-static int AsyncFree(BIO *bio) {
- if (bio == NULL) {
- return 0;
- }
-
- OPENSSL_free(BIO_get_data(bio));
- BIO_set_data(bio, NULL);
- BIO_set_init(bio, 0);
- return 1;
-}
-
-static long AsyncCallbackCtrl(BIO *bio, int cmd, BIO_info_cb fp)
-{
- if (BIO_next(bio) == NULL)
- return 0;
- return BIO_callback_ctrl(BIO_next(bio), cmd, fp);
-}
-
-static BIO_METHOD *g_async_bio_method = NULL;
-
-static const BIO_METHOD *AsyncMethod(void)
-{
- if (g_async_bio_method == NULL) {
- g_async_bio_method = BIO_meth_new(BIO_TYPE_FILTER, "async bio");
- if ( g_async_bio_method == NULL
- || !BIO_meth_set_write(g_async_bio_method, AsyncWrite)
- || !BIO_meth_set_read(g_async_bio_method, AsyncRead)
- || !BIO_meth_set_ctrl(g_async_bio_method, AsyncCtrl)
- || !BIO_meth_set_create(g_async_bio_method, AsyncNew)
- || !BIO_meth_set_destroy(g_async_bio_method, AsyncFree)
- || !BIO_meth_set_callback_ctrl(g_async_bio_method, AsyncCallbackCtrl))
- return NULL;
- }
- return g_async_bio_method;
-}
-
-} // namespace
-
-bssl::UniquePtr<BIO> AsyncBioCreate() {
- return bssl::UniquePtr<BIO>(BIO_new(AsyncMethod()));
-}
-
-bssl::UniquePtr<BIO> AsyncBioCreateDatagram() {
- bssl::UniquePtr<BIO> ret(BIO_new(AsyncMethod()));
- if (!ret) {
- return nullptr;
- }
- GetData(ret.get())->datagram = true;
- return ret;
-}
-
-void AsyncBioAllowRead(BIO *bio, size_t count) {
- AsyncBio *a = GetData(bio);
- if (a == NULL) {
- return;
- }
- a->read_quota += count;
-}
-
-void AsyncBioAllowWrite(BIO *bio, size_t count) {
- AsyncBio *a = GetData(bio);
- if (a == NULL) {
- return;
- }
- a->write_quota += count;
-}
-
-void AsyncBioEnforceWriteQuota(BIO *bio, bool enforce) {
- AsyncBio *a = GetData(bio);
- if (a == NULL) {
- return;
- }
- a->enforce_write_quota = enforce;
-}
diff --git a/test/ossl_shim/async_bio.h b/test/ossl_shim/async_bio.h
deleted file mode 100644
index 0d3b0ebc6e..0000000000
--- a/test/ossl_shim/async_bio.h
+++ /dev/null
@@ -1,39 +0,0 @@
-/*
- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
- * Licensed under the Apache License 2.0 (the "License"). You may not use
- * this file except in compliance with the License. You can obtain a copy
- * in the file LICENSE in the source distribution or at
- * https://www.openssl.org/source/license.html
- */
-
-#ifndef OSSL_TEST_SHIM_ASYNC_BIO_H
-#define OSSL_TEST_SHIM_ASYNC_BIO_H
-
-#include <openssl/base.h>
-#include <openssl/bio.h>
-
-
-// AsyncBioCreate creates a filter BIO for testing asynchronous state
-// machines which consume a stream socket. Reads and writes will fail
-// and return EAGAIN unless explicitly allowed. Each async BIO has a
-// read quota and a write quota. Initially both are zero. As each is
-// incremented, bytes are allowed to flow through the BIO.
-bssl::UniquePtr<BIO> AsyncBioCreate();
-
-// AsyncBioCreateDatagram creates a filter BIO for testing for
-// asynchronous state machines which consume datagram sockets. The read
-// and write quota count in packets rather than bytes.
-bssl::UniquePtr<BIO> AsyncBioCreateDatagram();
-
-// AsyncBioAllowRead increments |bio|'s read quota by |count|.
-void AsyncBioAllowRead(BIO *bio, size_t count);
-
-// AsyncBioAllowWrite increments |bio|'s write quota by |count|.
-void AsyncBioAllowWrite(BIO *bio, size_t count);
-
-// AsyncBioEnforceWriteQuota configures where |bio| enforces its write quota.
-void AsyncBioEnforceWriteQuota(BIO *bio, bool enforce);
-
-
-#endif // OSSL_TEST_SHIM_ASYNC_BIO_H
diff --git a/test/ossl_shim/build.info b/test/ossl_shim/build.info
deleted file mode 100644
index d1dd208408..0000000000
--- a/test/ossl_shim/build.info
+++ /dev/null
@@ -1,6 +0,0 @@
-IF[{- defined $target{CXX} && !$disabled{"external-tests"} -}]
- PROGRAMS{noinst}=ossl_shim
- SOURCE[ossl_shim]=ossl_shim.cc async_bio.cc packeted_bio.cc test_config.cc
- INCLUDE[ossl_shim]=. include ../../include
- DEPEND[ossl_shim]=../../libssl ../../libcrypto
-ENDIF
diff --git a/test/ossl_shim/include/openssl/base.h b/test/ossl_shim/include/openssl/base.h
deleted file mode 100644
index 9b07292673..0000000000
--- a/test/ossl_shim/include/openssl/base.h
+++ /dev/null
@@ -1,114 +0,0 @@
-/*
- * Copyright 1998-2021 The OpenSSL Project Authors. All Rights Reserved.
- *
- * Licensed under the Apache License 2.0 (the "License"). You may not use
- * this file except in compliance with the License. You can obtain a copy
- * in the file LICENSE in the source distribution or at
- * https://www.openssl.org/source/license.html
- */
-
-#ifndef OSSL_TEST_SHIM_INCLUDE_OPENSSL_BASE_H
-#define OSSL_TEST_SHIM_INCLUDE_OPENSSL_BASE_H
-
-/* Needed for DH functions */
-#include "internal/deprecated.h"
-
-/* Needed for BORINGSSL_MAKE_DELETER */
-# include <openssl/bio.h>
-# include <openssl/evp.h>
-# include <openssl/dh.h>
-# include <openssl/x509.h>
-# include <openssl/ssl.h>
-
-# define OPENSSL_ARRAY_SIZE(array) (sizeof(array) / sizeof((array)[0]))
-
-extern "C++" {
-
-#include <memory>
-
-namespace bssl {
-
-namespace internal {
-
-template <typename T>
-struct DeleterImpl {};
-
-template <typename T>
-struct Deleter {
- void operator()(T *ptr) {
- // Rather than specialize Deleter for each type, we specialize
- // DeleterImpl. This allows bssl::UniquePtr<T> to be used while only
- // including base.h as long as the destructor is not emitted. This matches
- // std::unique_ptr's behavior on forward-declared types.
- //
- // DeleterImpl itself is specialized in the corresponding module's header
- // and must be included to release an object. If not included, the compiler
- // will error that DeleterImpl<T> does not have a method Free.
- DeleterImpl<T>::Free(ptr);
- }
-};
-
-template <typename T, typename CleanupRet, void (*init)(T *),
- CleanupRet (*cleanup)(T *)>
-class StackAllocated {
- public:
- StackAllocated() { init(&ctx_); }
- ~StackAllocated() { cleanup(&ctx_); }
-
- StackAllocated(const StackAllocated<T, CleanupRet, init, cleanup> &) = delete;
- T& operator=(const StackAllocated<T, CleanupRet, init, cleanup> &) = delete;
-
- T *get() { return &ctx_; }
- const T *get() const { return &ctx_; }
-
- void Reset() {
- cleanup(&ctx_);
- init(&ctx_);
- }
-
- private:
- T ctx_;
-};
-
-} // namespace internal
-
-#define BORINGSSL_MAKE_DELETER(type, deleter) \
- namespace internal { \
- template <> \
- struct DeleterImpl<type> { \
- static void Free(type *ptr) { deleter(ptr); } \
- }; \
- }
-
-// This makes a unique_ptr to STACK_OF(type) that owns all elements on the
-// stack, i.e. it uses sk_pop_free() to clean up.
-#define BORINGSSL_MAKE_STACK_DELETER(type, deleter) \
- namespace internal { \
- template <> \
- struct DeleterImpl<STACK_OF(type)> { \
- static void Free(STACK_OF(type) *ptr) { \
- sk_##type##_pop_free(ptr, deleter); \
- } \
- }; \
- }
-
-// Holds ownership of heap-allocated BoringSSL structures. Sample usage:
-// bssl::UniquePtr<BIO> rsa(RSA_new());
-// bssl::UniquePtr<BIO> bio(BIO_new(BIO_s_mem()));
-template <typename T>
-using UniquePtr = std::unique_ptr<T, internal::Deleter<T>>;
-
-BORINGSSL_MAKE_DELETER(BIO, BIO_free)
-BORINGSSL_MAKE_DELETER(EVP_PKEY, EVP_PKEY_free)
-BORINGSSL_MAKE_DELETER(DH, DH_free)
-BORINGSSL_MAKE_DELETER(X509, X509_free)
-BORINGSSL_MAKE_DELETER(SSL, SSL_free)
-BORINGSSL_MAKE_DELETER(SSL_CTX, SSL_CTX_free)
-BORINGSSL_MAKE_DELETER(SSL_SESSION, SSL_SESSION_free)
-
-} // namespace bssl
-
-} /* extern C++ */
-
-
-#endif /* OSSL_TEST_SHIM_INCLUDE_OPENSSL_BASE_H */
diff --git a/test/ossl_shim/ossl_config.json b/test/ossl_shim/ossl_config.json
deleted file mode 100644
index 1e57499065..0000000000
--- a/test/ossl_shim/ossl_config.json
+++ /dev/null
@@ -1,301 +0,0 @@
-
-{
- "DisabledTests" : {
- "*TLS13*":"No TLS1.3 support yet",
- "FragmentAlert-DTLS":"Test failure - reason unknown",
- "FragmentedClientVersion":"Test failure - reason unknown",
- "MTU":"Test failure - reason unknown",
- "EmptyCertificateList":"Test failure - reason unknown",
- "AppDataBeforeHandshake-DTLS":"Test failure - reason unknown",
- "AlertAfterChangeCipherSpec":"Test failure - reason unknown",
- "AppDataAfterChangeCipherSpec":"Test failure - reason unknown",
- "AppDataAfterChangeCipherSpec-Empty":"Test failure - reason unknown",
- "AppDataAfterChangeCipherSpec-DTLS":"Test failure - reason unknown",
- "AppDataBeforeHandshake-DTLS-Empty":"Test failure - reason unknown",
- "AlertAfterChangeCipherSpec-DTLS":"Test failure - reason unknown",
- "FragmentMessageLengthMismatch-DTLS":"Test failure - reason unknown",
- "SplitFragments-Header-DTLS":"Test failure - reason unknown",
- "SplitFragments-Boundary-DTLS":"Test failure - reason unknown",
- "SplitFragments-Body-DTLS":"Test failure - reason unknown",
- "SendEmptyFragments-DTLS":"Test failure - reason unknown",
- "SendInvalidRecordType-DTLS":"Test failure - reason unknown",
- "SendInvalidRecordType":"Test failure - reason unknown",
- "FragmentMessageTypeMismatch-DTLS":"Test failure - reason unknown",
- "SendWarningAlerts-Pass":"Test failure - reason unknown",
- "SendWarningAlerts-DTLS-Pass":"Test failure - reason unknown",
- "TooManyKeyUpdates":"Test failure - reason unknown",
- "Unclean-Shutdown-Alert":"Test failure - reason unknown",
- "V2ClientHello-WarningAlertPrefix":"Test failure - reason unknown",
- "BadHelloRequest-2":"Test failure - reason unknown",
- "DTLS-SendExtraFinished":"Test failure - reason unknown",
- "NoNullCompression-TLS12":"Test failure - reason unknown",
- "KeyUpdate-Client":"Test failure - reason unknown",
- "KeyUpdate-InvalidRequestMode":"Test failure - reason unknown",
- "DTLS-SendExtraFinished-Reordered":"Test failure - reason unknown",
- "LargeMessage-Reject-DTLS":"Test failure - reason unknown",
- "KeyUpdate-Server":"Test failure - reason unknown",
- "SSL3-ECDHE-PSK-AES128-CBC-SHA-server":"Test failure - reason unknown",
- "SSL3-ECDHE-PSK-AES256-CBC-SHA-server":"Test failure - reason unknown",
- "DTLS1-NULL-SHA-server":"Test failure - reason unknown",
- "DTLS1-NULL-SHA-client":"Test failure - reason unknown",
- "DTLS12-NULL-SHA-client":"Test failure - reason unknown",
- "DTLS12-NULL-SHA-server":"Test failure - reason unknown",
- "BadECDSA-1-4":"Test failure - reason unknown",
- "BadECDSA-3-4":"Test failure - reason unknown",
- "BadECDSA-4-1":"Test failure - reason unknown",
- "BadECDSA-4-4":"Test failure - reason unknown",
- "BadECDSA-4-3":"Test failure - reason unknown",
- "SillyDH":"Test failure - reason unknown",
- "VersionNegotiationExtension-TLS1-DTLS":"Test failure - reason unknown",
- "NoSupportedVersions-DTLS":"Test failure - reason unknown",
- "VersionTooLow-DTLS":"Test failure - reason unknown",
- "IgnoreClientVersionOrder":"Test failure - reason unknown",
- "VersionTooLow":"Test failure - reason unknown",
- "MinimumVersion-Server-TLS1-SSL3":"Test failure - reason unknown",
- "MinimumVersion-Server2-TLS1-SSL3":"Test failure - reason unknown",
- "MinimumVersion-Client2-TLS1-SSL3":"Test failure - reason unknown",
- "MinimumVersion-Server2-TLS11-SSL3":"Test failure - reason unknown",
- "MinimumVersion-Server-TLS11-SSL3":"Test failure - reason unknown",
- "MinimumVersion-Client2-TLS11-SSL3":"Test failure - reason unknown",
- "MinimumVersion-Client2-TLS11-TLS1":"Test failure - reason unknown",
- "MinimumVersion-Server2-TLS12-SSL3":"Test failure - reason unknown",
- "MinimumVersion-Server-TLS12-SSL3":"Test failure - reason unknown",
- "MinimumVersion-Client2-TLS12-TLS1":"Test failure - reason unknown",
- "MinimumVersion-Client2-TLS12-SSL3":"Test failure - reason unknown",
- "MinimumVersion-Client2-TLS12-TLS1-DTLS":"Test failure - reason unknown",
- "MinimumVersion-Client2-TLS12-TLS11":"Test failure - reason unknown",
- "DuplicateExtensionClient-TLS1":"Test failure - reason unknown",
- "DuplicateExtensionServer-TLS1":"Test failure - reason unknown",
- "ALPNClient-Mismatch-TLS1":"Test failure - reason unknown",
- "UnsolicitedServerNameAck-TLS1":"Test failure - reason unknown",
- "ALPNServer-Decline-TLS1":"Test failure - reason unknown",
- "ALPNClient-EmptyProtocolName-TLS1":"Test failure - reason unknown",
- "NegotiateALPNAndNPN-Swapped-TLS1":"Test failure - reason unknown",
- "NegotiateALPNAndNPN-TLS1":"Test failure - reason unknown",
- "TicketSessionIDLength-33-TLS1":"Test failure - reason unknown",
- "DuplicateExtensionClient-TLS11":"Test failure - reason unknown",
- "DuplicateExtensionServer-TLS11":"Test failure - reason unknown",
- "UnsolicitedServerNameAck-TLS11":"Test failure - reason unknown",
- "ALPNServer-Decline-TLS11":"Test failure - reason unknown",
- "ALPNClient-Mismatch-TLS11":"Test failure - reason unknown",
- "ALPNClient-EmptyProtocolName-TLS11":"Test failure - reason unknown",
- "NegotiateALPNAndNPN-TLS11":"Test failure - reason unknown",
- "NegotiateALPNAndNPN-Swapped-TLS11":"Test failure - reason unknown",
- "TicketSessionIDLength-33-TLS11":"Test failure - reason unknown",
- "DuplicateExtensionServer-TLS12":"Test failure - reason unknown",
- "DuplicateExtensionClient-TLS12":"Test failure - reason unknown",
- "UnsolicitedServerNameAck-TLS12":"Test failure - reason unknown",
- "ALPNServer-Decline-TLS12":"Test failure - reason unknown",
- "ALPNClient-Mismatch-TLS12":"Test failure - reason unknown",
- "ALPNClient-EmptyProtocolName-TLS12":"Test failure - reason unknown",
- "NegotiateALPNAndNPN-TLS12":"Test failure - reason unknown",
- "NegotiateALPNAndNPN-Swapped-TLS12":"Test failure - reason unknown",
- "TicketSessionIDLength-33-TLS12":"Test failure - reason unknown",
- "ClientHelloPadding":"Test failure - reason unknown",
- "Resume-Server-UnofferedCipher":"Test failure - reason unknown",
- "Resume-Client-CipherMismatch":"Test failure - reason unknown",
- "Resume-Server-ExtraIdentityNoBinder":"Test failure - reason unknown",
- "Resume-Server-BinderWrongLength":"Test failure - reason unknown",
- "Resume-Server-ExtraPSKBinder":"Test failure - reason unknown",
- "Resume-Server-NoPSKBinder":"Test failure - reason unknown",
- "Resume-Server-PSKBinderFirstExtension":"Test failure - reason unknown",
- "Resume-Server-InvalidPSKBinder":"Test failure - reason unknown",
- "ExtendedMasterSecret-NoToYes-Client":"Test failure - reason unknown",
- "Renegotiate-Server-Forbidden":"Test failure - reason unknown",
- "ExtendedMasterSecret-Renego-NoEMS":"Test failure - reason unknown",
- "Renegotiate-Client-SwitchVersion":"Test failure - reason unknown",
- "Renegotiate-Client-Upgrade":"Test failure - reason unknown",
- "Renegotiate-SameClientVersion":"Test failure - reason unknown",
- "Renegotiate-Client-Downgrade":"Test failure - reason unknown",
- "Renegotiate-Client-SwitchCiphers2":"Test failure - reason unknown",
- "Renegotiate-Client-SwitchCiphers":"Test failure - reason unknown",
- "Renegotiate-Client-Forbidden-1":"Test failure - reason unknown",
- "StrayHelloRequest":"Test failure - reason unknown",
- "Renegotiate-Client-Freely-2":"Test failure - reason unknown",
- "Renegotiate-Client-NoIgnore":"Test failure - reason unknown",
- "StrayHelloRequest-Packed":"Test failure - reason unknown",
- "Renegotiate-Client-Freely-1":"Test failure - reason unknown",
- "Renegotiation-CertificateChange":"Test failure - reason unknown",
- "Renegotiation-CertificateChange-2":"Test failure - reason unknown",
- "Renegotiate-Client-SSL3":"Test failure - reason unknown",
- "ClientAuth-SHA1-Fallback-ECDSA":"Test failure - reason unknown",
- "ClientAuth-SHA1-Fallback-RSA":"Test failure - reason unknown",
- "P224-Server":"Test failure - reason unknown",
- "RSA-PSS-Large":"Test failure - reason unknown",
- "DTLS-Retransmit-Client-1":"Test failure - reason unknown",
- "DTLS-Retransmit-Client-2":"Test failure - reason unknown",
- "DTLS-Retransmit-Server-1":"Test failure - reason unknown",
- "DTLS-Retransmit-Server-2":"Test failure - reason unknown",
- "DTLS-Retransmit-Client-3":"Test failure - reason unknown",
- "DTLS-Retransmit-Server-3":"Test failure - reason unknown",
- "DTLS-Retransmit-Client-4":"Test failure - reason unknown",
- "Renegotiate-Client-Packed":"Test failure - reason unknown",
- "DTLS-Retransmit-Server-4":"Test failure - reason unknown",
- "DTLS-Retransmit-Client-5":"Test failure - reason unknown",
- "DTLS-Retransmit-Server-6":"Test failure - reason unknown",
- "DTLS-Retransmit-Client-6":"Test failure - reason unknown",
- "DTLS-Retransmit-Server-5":"Test failure - reason unknown",
- "DTLS-Retransmit-Client-7":"Test failure - reason unknown",
- "DTLS-Retransmit-Server-7":"Test failure - reason unknown",
- "DTLS-Retransmit-Client-8":"Test failure - reason unknown",
- "DTLS-Retransmit-Client-9":"Test failure - reason unknown",
- "DTLS-Retransmit-Server-8":"Test failure - reason unknown",
- "DTLS-Retransmit-Server-9":"Test failure - reason unknown",
- "DTLS-Retransmit-Client-10":"Test failure - reason unknown",
- "DTLS-Retransmit-Client-11":"Test failure - reason unknown",
- "DTLS-Retransmit-Server-10":"Test failure - reason unknown",
- "DTLS-Retransmit-Server-11":"Test failure - reason unknown",
- "CustomExtensions-ParseError-Server":"Test failure - reason unknown",
- "CustomExtensions-FailAdd-Server":"Test failure - reason unknown",
- "CustomExtensions-FailAdd-Client":"Test failure - reason unknown",
- "CustomExtensions-ParseError-Client":"Test failure - reason unknown",
- "UnknownExtension-Client":"Test failure - reason unknown",
- "UnofferedExtension-Client":"Test failure - reason unknown",
- "PointFormat-Client-MissingUncompressed":"Test failure - reason unknown",
- "PointFormat-Server-MissingUncompressed":"Test failure - reason unknown",
- "Basic-Client-RenewTicket-Sync":"Test failure - reason unknown",
- "Renegotiate-Client-Sync":"Test failure - reason unknown",
- "Shutdown-Shim-Sync":"Test failure - reason unknown",
- "Basic-Client-RenewTicket-Sync-SplitHandshakeRecords":"Test failure - reason unknown",
- "Renegotiate-Client-Sync-SplitHandshakeRecords":"Test failure - reason unknown",
- "Shutdown-Shim-Sync-SplitHandshakeRecords":"Test failure - reason unknown",
- "Basic-Client-RenewTicket-Sync-PackHandshakeFlight":"Test failure - reason unknown",
- "Renegotiate-Client-Sync-PackHandshakeFlight":"Test failure - reason unknown",
- "Shutdown-Shim-Sync-PackHandshakeFlight":"Test failure - reason unknown",
- "Basic-Client-RenewTicket-DTLS-Sync":"Test failure - reason unknown",
- "Basic-Client-RenewTicket-DTLS-Sync-SplitHandshakeRecords":"Test failure - reason unknown",
- "Basic-Server-Implicit-DTLS-Sync-SplitHandshakeRecords":"Test failure - reason unknown",
- "ClientAuth-NoCertificate-Server-DTLS-Sync-SplitHandshakeRecords":"Test failure - reason unknown",
- "ClientAuth-ECDSA-Client-DTLS-Sync-SplitHandshakeRecords":"Test failure - reason unknown",
- "Basic-Server-RSA-DTLS-Sync-SplitHandshakeRecords":"Test failure - reason unknown",
- "Basic-Server-ECDHE-RSA-DTLS-Sync-SplitHandshakeRecords":"Test failure - reason unknown",
- "Basic-Server-ECDHE-ECDSA-DTLS-Sync-SplitHandshakeRecords":"Test failure - reason unknown",
- "Basic-Client-RenewTicket-Async":"Test failure - reason unknown",
- "Shutdown-Shim-Async":"Test failure - reason unknown",
- "Basic-Client-RenewTicket-Async-SplitHandshakeRecords":"Test failure - reason unknown",
- "Shutdown-Shim-Async-SplitHandshakeRecords":"Test failure - reason unknown",
- "Basic-Client-RenewTicket-Async-PackHandshakeFlight":"Test failure - reason unknown",
- "Shutdown-Shim-Async-PackHandshakeFlight":"Test failure - reason unknown",
- "Basic-Client-RenewTicket-DTLS-Async":"Test failure - reason unknown",
- "Basic-Client-RenewTicket-DTLS-Async-SplitHandshakeRecords":"Test failure - reason unknown",
- "Basic-Server-Implicit-DTLS-Async-SplitHandshakeRecords":"Test failure - reason unknown",
- "ClientAuth-NoCertificate-Server-DTLS-Async-SplitHandshakeRecords":"Test failure - reason unknown",
- "ClientAuth-ECDSA-Client-DTLS-Async-SplitHandshakeRecords":"Test failure - reason unknown",
- "Basic-Server-RSA-DTLS-Async-SplitHandshakeRecords":"Test failure - reason unknown",
- "Basic-Server-ECDHE-RSA-DTLS-Async-SplitHandshakeRecords":"Test failure - reason unknown",
- "Basic-Server-ECDHE-ECDSA-DTLS-Async-SplitHandshakeRecords":"Test failure - reason unknown",
- "SendUnencryptedFinished-DTLS":"Test failure - reason unknown",
- "PartialEncryptedExtensionsWithServerHello":"Test failure - reason unknown",
- "StrayChangeCipherSpec":"Test failure - reason unknown",
- "PartialClientFinishedWithClientHello":"Test failure - reason unknown",
- "TrailingMessageData-ClientHello":"Test failure - reason unknown",
- "TrailingMessageData-ServerHello":"Test failure - reason unknown",
- "TrailingMessageData-ServerCertificate":"Test failure - reason unknown",
- "TrailingMessageData-ServerKeyExchange":"Test failure - reason unknown",
- "TrailingMessageData-CertificateRequest":"Test failure - reason unknown",
- "TrailingMessageData-ServerHelloDone":"Test failure - reason unknown",
- "TrailingMessageData-ClientKeyExchange":"Test failure - reason unknown",
- "TrailingMessageData-ClientCertificate":"Test failure - reason unknown",
- "TrailingMessageData-CertificateVerify":"Test failure - reason unknown",
- "TrailingMessageData-NextProtocol":"Test failure - reason unknown",
- "TrailingMessageData-NewSessionTicket":"Test failure - reason unknown",
- "TrailingMessageData-ClientFinished":"Test failure - reason unknown",
- "TrailingMessageData-ServerFinished":"Test failure - reason unknown",
- "TrailingMessageData-HelloVerifyRequest-DTLS":"Test failure - reason unknown",
- "TrailingMessageData-ServerHello-DTLS":"Test failure - reason unknown",
- "TrailingMessageData-ServerCertificate-DTLS":"Test failure - reason unknown",
- "TrailingMessageData-ServerKeyExchange-DTLS":"Test failure - reason unknown",
- "TrailingMessageData-CertificateRequest-DTLS":"Test failure - reason unknown",
- "TrailingMessageData-ServerHelloDone-DTLS":"Test failure - reason unknown",
- "TrailingMessageData-ClientCertificate-DTLS":"Test failure - reason unknown",
- "TrailingMessageData-CertificateVerify-DTLS":"Test failure - reason unknown",
- "TrailingMessageData-ClientKeyExchange-DTLS":"Test failure - reason unknown",
- "TrailingMessageData-ClientFinished-DTLS":"Test failure - reason unknown",
- "TrailingMessageData-NewSessionTicket-DTLS":"Test failure - reason unknown",
- "TrailingMessageData-ServerFinished-DTLS":"Test failure - reason unknown",
- "MissingKeyShare-Client":"Test failure - reason unknown",
- "MissingKeyShare-Server":"Test failure - reason unknown",
- "DuplicateKeyShares":"Test failure - reason unknown",
- "SkipEarlyData":"Test failure - reason unknown",
- "SkipEarlyData-OmitEarlyDataExtension":"Test failure - reason unknown",
- "SkipEarlyData-TooMuchData":"Test failure - reason unknown",
- "SkipEarlyData-Interleaved":"Test failure - reason unknown",
- "SkipEarlyData-HRR":"Test failure - reason unknown",
- "SkipEarlyData-HRR-Interleaved":"Test failure - reason unknown",
- "SkipEarlyData-HRR-TooMuchData":"Test failure - reason unknown",
- "SkipEarlyData-HRR-FatalAlert":"Test failure - reason unknown",
- "SkipEarlyData-EarlyDataInTLS12":"Test failure - reason unknown",
- "SkipEarlyData-SecondClientHelloEarlyData":"Test failure - reason unknown",
- "EmptyEncryptedExtensions":"Test failure - reason unknown",
- "EncryptedExtensionsWithKeyShare":"Test failure - reason unknown",
- "UnknownCurve-HelloRetryRequest":"Test failure - reason unknown",
- "UnnecessaryHelloRetryRequest":"Test failure - reason unknown",
- "HelloRetryRequest-Empty":"Test failure - reason unknown",
- "SecondHelloRetryRequest":"Test failure - reason unknown",
- "HelloRetryRequest-DuplicateCurve":"Test failure - reason unknown",
- "HelloRetryRequest-DuplicateCookie":"Test failure - reason unknown",
- "HelloRetryRequest-EmptyCookie":"Test failure - reason unknown",
- "HelloRetryRequest-Unknown":"Test failure - reason unknown",
- "SecondClientHelloMissingKeyShare":"Test failure - reason unknown",
- "SecondClientHelloWrongCurve":"Test failure - reason unknown",
- "HelloRetryRequestVersionMismatch":"Test failure - reason unknown",
- "HelloRetryRequestCurveMismatch":"Test failure - reason unknown",
- "SkipHelloRetryRequest":"Test failure - reason unknown",
- "Peek-Renegotiate":"Test failure - reason unknown",
- "Peek-KeyUpdate":"Test failure - reason unknown",
- "DTLS-Retransmit-Client-12":"Test failure - reason unknown",
- "DTLS-Retransmit-Timeout":"Test failure - reason unknown",
- "DTLS-Retransmit-Server-12":"Test failure - reason unknown",
- "DTLS-Retransmit-Fudge":"Test failure - reason unknown",
- "DTLS-Retransmit-Fragmented":"Test failure - reason unknown",
- "TrailingMessageData-ClientHello-DTLS":"Test failure - reason unknown",
- "SendFallbackSCSV":"Current runner version uses old draft TLSv1.3",
- "VersionNegotiationExtension-TLS11":"Current runner version uses old draft TLSv1.3",
- "VersionNegotiationExtension-TLS1":"Current runner version uses old draft TLSv1.3",
- "VersionNegotiationExtension-SSL3":"Current runner version uses old draft TLSv1.3",
- "ConflictingVersionNegotiation":"Current runner version uses old draft TLSv1.3"
- },
- "ErrorMap" : {
- ":UNEXPECTED_MESSAGE:":"unexpected message",
- ":INAPPROPRIATE_FALLBACK:":"inappropriate fallback",
- ":UNEXPECTED_RECORD:":"unexpected message",
- ":TLSV1_ALERT_RECORD_OVERFLOW:":"tlsv1 alert record overflow",
- ":WRONG_SSL_VERSION:":"no protocols available",
- ":BAD_ALERT:":"invalid alert",
- ":HTTP_REQUEST:":"http request",
- ":HTTPS_PROXY_REQUEST:":"https proxy request",
- ":WRONG_CERTIFICATE_TYPE:":"wrong certificate type",
- ":WRONG_VERSION_NUMBER:":"wrong version number",
- ":DECRYPTION_FAILED_OR_BAD_RECORD_MAC:":"decryption failed or bad record mac",
- ":DIGEST_CHECK_FAILED:":"digest check failed",
- ":TOO_MANY_EMPTY_FRAGMENTS:":"record too small",
- ":TOO_MANY_WARNING_ALERTS:":"too many warn alerts",
- ":DATA_LENGTH_TOO_LONG:":"data length too long",
- ":EXCESSIVE_MESSAGE_SIZE:":"excessive message size",
- ":ENCRYPTED_LENGTH_TOO_LONG:":"packet length too long",
- ":INVALID_COMPRESSION_LIST:":"no compression specified",
- ":NO_SHARED_CIPHER:":"no shared cipher",
- ":WRONG_CIPHER_RETURNED:":"wrong cipher returned",
- ":HANDSHAKE_FAILURE_ON_CLIENT_HELLO:":"sslv3 alert handshake failure",
- ":UNKNOWN_CIPHER_RETURNED:":"unknown cipher returned",
- ":BAD_SIGNATURE:":"bad signature",
- ":BAD_DH_P_LENGTH:":"dh key too small",
- ":PEER_DID_NOT_RETURN_A_CERTIFICATE:":"peer did not return a certificate",
- ":UNSUPPORTED_PROTOCOL:":"unsupported protocol",
- ":PARSE_TLSEXT:":"bad extension",
- ":BAD_SRTP_PROTECTION_PROFILE_LIST:":"bad srtp protection profile list",
- ":OLD_SESSION_VERSION_NOT_RETURNED:":"ssl session version mismatch",
- ":RESUMED_EMS_SESSION_WITHOUT_EMS_EXTENSION:":"inconsistent extms",
- ":RENEGOTIATION_EMS_MISMATCH:":"inconsistent extms",
- ":RENEGOTIATION_MISMATCH:":"renegotiation mismatch",
- ":WRONG_SIGNATURE_TYPE:":"wrong signature type",
- ":BAD_ECC_CERT:":"wrong curve",
- ":WRONG_CURVE:":"wrong curve",
- ":INVALID_ENCODING:":"invalid encoding",
- ":CERTIFICATE_VERIFY_FAILED:":"certificate verify failed",
- ":BAD_CHANGE_CIPHER_SPEC:":"bad change cipher spec",
- ":ECC_CERT_NOT_FOR_SIGNING:":"ecc cert not for signing",
- ":OLD_SESSION_CIPHER_NOT_RETURNED:":"old session cipher not returned",
- ":RESUMED_NON_EMS_SESSION_WITH_EMS_EXTENSION:":"inconsistent extms"
- }
-}
diff --git a/test/ossl_shim/ossl_shim.cc b/test/ossl_shim/ossl_shim.cc
deleted file mode 100644
index 7ea8050ae7..0000000000
--- a/test/ossl_shim/ossl_shim.cc
+++ /dev/null
@@ -1,1312 +0,0 @@
-/*
- * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
- *
- * Licensed under the Apache License 2.0 (the "License"). You may not use
- * this file except in compliance with the License. You can obtain a copy
- * in the file LICENSE in the source distribution or at
- * https://www.openssl.org/source/license.html
- */
-
-#if !defined(__STDC_FORMAT_MACROS)
-#define __STDC_FORMAT_MACROS
-#endif
-
-#include "packeted_bio.h"
-#include <openssl/e_os2.h>
-
-#if !defined(OPENSSL_SYS_WINDOWS)
-#include <arpa/inet.h>
-#include <netinet/in.h>
-#include <netinet/tcp.h>
-#include <signal.h>
-#include <sys/socket.h>
-#include <sys/time.h>
-#include <unistd.h>
-#else
-#include <io.h>
-OPENSSL_MSVC_PRAGMA(warning(push, 3))
-#include <winsock2.h>
-#include <ws2tcpip.h>
-OPENSSL_MSVC_PRAGMA(warning(pop))
-
-OPENSSL_MSVC_PRAGMA(comment(lib, "Ws2_32.lib"))
-#endif
-
-#include <assert.h>
-#include <inttypes.h>
-#include <string.h>
-
-#include <openssl/bio.h>
-#include <openssl/buffer.h>
-#include <openssl/bn.h>
-#include <openssl/core_names.h>
-#include <openssl/crypto.h>
-#include <openssl/dh.h>
-#include <openssl/err.h>
-#include <openssl/evp.h>
-#include <openssl/hmac.h>
-#include <openssl/objects.h>
-#include <openssl/rand.h>
-#include <openssl/ssl.h>
-#include <openssl/x509.h>
-
-#include <memory>
-#include <string>
-#include <vector>
-
-#include "async_bio.h"
-#include "test_config.h"
-
-namespace bssl {
-
-#if !defined(OPENSSL_SYS_WINDOWS)
-static int closesocket(int sock) {
- return close(sock);
-}
-
-static void PrintSocketError(const char *func) {
- perror(func);
-}
-#else
-static void PrintSocketError(const char *func) {
- fprintf(stderr, "%s: %d\n", func, WSAGetLastError());
-}
-#endif
-
-static int Usage(const char *program) {
- fprintf(stderr, "Usage: %s [flags...]\n", program);
- return 1;
-}
-
-struct TestState {
- // async_bio is async BIO which pauses reads and writes.
- BIO *async_bio = nullptr;
- // packeted_bio is the packeted BIO which simulates read timeouts.
- BIO *packeted_bio = nullptr;
- bool cert_ready = false;
- bool handshake_done = false;
- // private_key is the underlying private key used when testing custom keys.
- bssl::UniquePtr<EVP_PKEY> private_key;
- bool got_new_session = false;
- bssl::UniquePtr<SSL_SESSION> new_session;
- bool ticket_decrypt_done = false;
- bool alpn_select_done = false;
-};
-
-static void TestStateExFree(void *parent, void *ptr, CRYPTO_EX_DATA *ad,
- int index, long argl, void *argp) {
- delete ((TestState *)ptr);
-}
-
-static int g_config_index = 0;
-static int g_state_index = 0;
-
-static bool SetTestConfig(SSL *ssl, const TestConfig *config) {
- return SSL_set_ex_data(ssl, g_config_index, (void *)config) == 1;
-}
-
-static const TestConfig *GetTestConfig(const SSL *ssl) {
- return (const TestConfig *)SSL_get_ex_data(ssl, g_config_index);
-}
-
-static bool SetTestState(SSL *ssl, std::unique_ptr<TestState> state) {
- // |SSL_set_ex_data| takes ownership of |state| only on success.
- if (SSL_set_ex_data(ssl, g_state_index, state.get()) == 1) {
- state.release();
- return true;
- }
- return false;
-}
-
-static TestState *GetTestState(const SSL *ssl) {
- return (TestState *)SSL_get_ex_data(ssl, g_state_index);
-}
-
-static bssl::UniquePtr<X509> LoadCertificate(const std::string &file) {
- bssl::UniquePtr<BIO> bio(BIO_new(BIO_s_file()));
- if (!bio || !BIO_read_filename(bio.get(), file.c_str())) {
- return nullptr;
- }
- return bssl::UniquePtr<X509>(PEM_read_bio_X509(bio.get(), NULL, NULL, NULL));
-}
-
-static bssl::UniquePtr<EVP_PKEY> LoadPrivateKey(const std::string &file) {
- bssl::UniquePtr<BIO> bio(BIO_new(BIO_s_file()));
- if (!bio || !BIO_read_filename(bio.get(), file.c_str())) {
- return nullptr;
- }
- return bssl::UniquePtr<EVP_PKEY>(
- PEM_read_bio_PrivateKey(bio.get(), NULL, NULL, NULL));
-}
-
-template<typename T>
-struct Free {
- void operator()(T *buf) {
- free(buf);
- }
-};
-
-static bool GetCertificate(SSL *ssl, bssl::UniquePtr<X509> *out_x509,
- bssl::UniquePtr<EVP_PKEY> *out_pkey) {
- const TestConfig *config = GetTestConfig(ssl);
-
- if (!config->key_file.empty()) {
- *out_pkey = LoadPrivateKey(config->key_file.c_str());
- if (!*out_pkey) {
- return false;
- }
- }
- if (!config->cert_file.empty()) {
- *out_x509 = LoadCertificate(config->cert_file.c_str());
- if (!*out_x509) {
- return false;
- }
- }
- return true;
-}
-
-static bool InstallCertificate(SSL *ssl) {
- bssl::UniquePtr<X509> x509;
- bssl::UniquePtr<EVP_PKEY> pkey;
- if (!GetCertificate(ssl, &x509, &pkey)) {
- return false;
- }
-
- if (pkey && !SSL_use_PrivateKey(ssl, pkey.get())) {
- return false;
- }
-
- if (x509 && !SSL_use_certificate(ssl, x509.get())) {
- return false;
- }
-
- return true;
-}
-
-static int ClientCertCallback(SSL *ssl, X509 **out_x509, EVP_PKEY **out_pkey) {
- if (GetTestConfig(ssl)->async && !GetTestState(ssl)->cert_ready) {
- return -1;
- }
-
- bssl::UniquePtr<X509> x509;
- bssl::UniquePtr<EVP_PKEY> pkey;
- if (!GetCertificate(ssl, &x509, &pkey)) {
- return -1;
- }
-
- // Return zero for no certificate.
- if (!x509) {
- return 0;
- }
-
- // Asynchronous private keys are not supported with client_cert_cb.
- *out_x509 = x509.release();
- *out_pkey = pkey.release();
- return 1;
-}
-
-static int VerifySucceed(X509_STORE_CTX *store_ctx, void *arg) {
- return 1;
-}
-
-static int VerifyFail(X509_STORE_CTX *store_ctx, void *arg) {
- X509_STORE_CTX_set_error(store_ctx, X509_V_ERR_APPLICATION_VERIFICATION);
- return 0;
-}
-
-static int NextProtosAdvertisedCallback(SSL *ssl, const uint8_t **out,
- unsigned int *out_len, void *arg) {
- const TestConfig *config = GetTestConfig(ssl);
- if (config->advertise_npn.empty()) {
- return SSL_TLSEXT_ERR_NOACK;
- }
-
- *out = (const uint8_t*)config->advertise_npn.data();
- *out_len = config->advertise_npn.size();
- return SSL_TLSEXT_ERR_OK;
-}
-
-static int NextProtoSelectCallback(SSL* ssl, uint8_t** out, uint8_t* outlen,
- const uint8_t* in, unsigned inlen, void* arg) {
- const TestConfig *config = GetTestConfig(ssl);
- if (config->select_next_proto.empty()) {
- return SSL_TLSEXT_ERR_NOACK;
- }
-
- *out = (uint8_t*)config->select_next_proto.data();
- *outlen = config->select_next_proto.size();
- return SSL_TLSEXT_ERR_OK;
-}
-
-static int AlpnSelectCallback(SSL* ssl, const uint8_t** out, uint8_t* outlen,
- const uint8_t* in, unsigned inlen, void* arg) {
- if (GetTestState(ssl)->alpn_select_done) {
- fprintf(stderr, "AlpnSelectCallback called after completion.\n");
- exit(1);
- }
-
- GetTestState(ssl)->alpn_select_done = true;
-
- const TestConfig *config = GetTestConfig(ssl);
- if (config->decline_alpn) {
- return SSL_TLSEXT_ERR_NOACK;
- }
-
- if (!config->expected_advertised_alpn.empty() &&
- (config->expected_advertised_alpn.size() != inlen ||
- memcmp(config->expected_advertised_alpn.data(),
- in, inlen) != 0)) {
- fprintf(stderr, "bad ALPN select callback inputs\n");
- exit(1);
- }
-
- *out = (const uint8_t*)config->select_alpn.data();
- *outlen = config->select_alpn.size();
- return SSL_TLSEXT_ERR_OK;
-}
-
-static unsigned PskClientCallback(SSL *ssl, const char *hint,
- char *out_identity,
- unsigned max_identity_len,
- uint8_t *out_psk, unsigned max_psk_len) {
- const TestConfig *config = GetTestConfig(ssl);
-
- if (config->psk_identity.empty()) {
- if (hint != nullptr) {
- fprintf(stderr, "Server PSK hint was non-null.\n");
- return 0;
- }
- } else if (hint == nullptr ||
- strcmp(hint, config->psk_identity.c_str()) != 0) {
- fprintf(stderr, "Server PSK hint did not match.\n");
- return 0;
- }
-
- // Account for the trailing '\0' for the identity.
- if (config->psk_identity.size() >= max_identity_len ||
- config->psk.size() > max_psk_len) {
- fprintf(stderr, "PSK buffers too small\n");
- return 0;
- }
-
- OPENSSL_strlcpy(out_identity, config->psk_identity.c_str(),
- max_identity_len);
- memcpy(out_psk, config->psk.data(), config->psk.size());
- return config->psk.size();
-}
-
-static unsigned PskServerCallback(SSL *ssl, const char *identity,
- uint8_t *out_psk, unsigned max_psk_len) {
- const TestConfig *config = GetTestConfig(ssl);
-
- if (strcmp(identity, config->psk_identity.c_str()) != 0) {
- fprintf(stderr, "Client PSK identity did not match.\n");
- return 0;
- }
-
- if (config->psk.size() > max_psk_len) {
- fprintf(stderr, "PSK buffers too small\n");
- return 0;
- }
-
- memcpy(out_psk, config->psk.data(), config->psk.size());
- return config->psk.size();
-}
-
-static int CertCallback(SSL *ssl, void *arg) {
- const TestConfig *config = GetTestConfig(ssl);
-
- // Check the CertificateRequest metadata is as expected.
- //
- // TODO(davidben): Test |SSL_get_client_CA_list|.
- if (!SSL_is_server(ssl) &&
- !config->expected_certificate_types.empty()) {
- const uint8_t *certificate_types;
- size_t certificate_types_len =
- SSL_get0_certificate_types(ssl, &certificate_types);
- if (certificate_types_len != config->expected_certificate_types.size() ||
- memcmp(certificate_types,
- config->expected_certificate_types.data(),
- certificate_types_len) != 0) {
- fprintf(stderr, "certificate types mismatch\n");
- return 0;
- }
- }
-
- // The certificate will be installed via other means.
- if (!config->async ||
- config->use_old_client_cert_callback) {
- return 1;
- }
-
- if (!GetTestState(ssl)->cert_ready) {
- return -1;
- }
- if (!InstallCertificate(ssl)) {
- return 0;
- }
- return 1;
-}
-
-static void InfoCallback(const SSL *ssl, int type, int val) {
- if (type == SSL_CB_HANDSHAKE_DONE) {
- if (GetTestConfig(ssl)->handshake_never_done) {
- fprintf(stderr, "Handshake unexpectedly completed.\n");
- // Abort before any expected error code is printed, to ensure the overall
- // test fails.
- abort();
- }
- GetTestState(ssl)->handshake_done = true;
-
- // Callbacks may be called again on a new handshake.
- GetTestState(ssl)->ticket_decrypt_done = false;
- GetTestState(ssl)->alpn_select_done = false;
- }
-}
-
-static int NewSessionCallback(SSL *ssl, SSL_SESSION *session) {
- GetTestState(ssl)->got_new_session = true;
- GetTestState(ssl)->new_session.reset(session);
- return 1;
-}
-
-static int TicketKeyCallback(SSL *ssl, uint8_t *key_name, uint8_t *iv,
- EVP_CIPHER_CTX *ctx, EVP_MAC_CTX *hmac_ctx,
- int encrypt) {
- OSSL_PARAM params[2], *p = params;
-
- if (!encrypt) {
- if (GetTestState(ssl)->ticket_decrypt_done) {
- fprintf(stderr, "TicketKeyCallback called after completion.\n");
- return -1;
- }
-
- GetTestState(ssl)->ticket_decrypt_done = true;
- }
-
- // This is just test code, so use the all-zeros key.
- static const uint8_t kZeros[16] = {0};
-
- if (encrypt) {
- memcpy(key_name, kZeros, sizeof(kZeros));
- RAND_bytes(iv, 16);
- } else if (memcmp(key_name, kZeros, 16) != 0) {
- return 0;
- }
-
- *p++ = OSSL_PARAM_construct_utf8_string(OSSL_MAC_PARAM_DIGEST,
- const_cast<char *>("SHA256"), 0);
- *p = OSSL_PARAM_construct_end();
-
- if (!EVP_CipherInit_ex(ctx, EVP_aes_128_cbc(), NULL, kZeros, iv, encrypt)
- || !EVP_MAC_init(hmac_ctx, kZeros, sizeof(kZeros), params)) {
- return -1;
- }
-
- if (!encrypt) {
- return GetTestConfig(ssl)->renew_ticket ? 2 : 1;
- }
- return 1;
-}
-
-// kCustomExtensionValue is the extension value that the custom extension
-// callbacks will add.
-static const uint16_t kCustomExtensionValue = 1234;
-static void *const kCustomExtensionAddArg =
- reinterpret_cast<void *>(kCustomExtensionValue);
-static void *const kCustomExtensionParseArg =
- reinterpret_cast<void *>(kCustomExtensionValue + 1);
-static const char kCustomExtensionContents[] = "custom extension";
-
-static int CustomExtensionAddCallback(SSL *ssl, unsigned extension_value,
- const uint8_t **out, size_t *out_len,
- int *out_alert_value, void *add_arg) {
- if (extension_value != kCustomExtensionValue ||
- add_arg != kCustomExtensionAddArg) {
- abort();
- }
-
- if (GetTestConfig(ssl)->custom_extension_skip) {
- return 0;
- }
- if (GetTestConfig(ssl)->custom_extension_fail_add) {
- return -1;
- }
-
- *out = reinterpret_cast<const uint8_t*>(kCustomExtensionContents);
- *out_len = sizeof(kCustomExtensionContents) - 1;
-
- return 1;
-}
-
-static void CustomExtensionFreeCallback(SSL *ssl, unsigned extension_value,
- const uint8_t *out, void *add_arg) {
- if (extension_value != kCustomExtensionValue ||
- add_arg != kCustomExtensionAddArg ||
- out != reinterpret_cast<const uint8_t *>(kCustomExtensionContents)) {
- abort();
- }
-}
-
-static int CustomExtensionParseCallback(SSL *ssl, unsigned extension_value,
- const uint8_t *contents,
- size_t contents_len,
- int *out_alert_value, void *parse_arg) {
- if (extension_value != kCustomExtensionValue ||
- parse_arg != kCustomExtensionParseArg) {
- abort();
- }
-
- if (contents_len != sizeof(kCustomExtensionContents) - 1 ||
- memcmp(contents, kCustomExtensionContents, contents_len) != 0) {
- *out_alert_value = SSL_AD_DECODE_ERROR;
- return 0;
- }
-
- return 1;
-}
-
-static int ServerNameCallback(SSL *ssl, int *out_alert, void *arg) {
- // SNI must be accessible from the SNI callback.
- const TestConfig *config = GetTestConfig(ssl);
- const char *server_name = SSL_get_servername(ssl, TLSEXT_NAMETYPE_host_name);
- if (server_name == nullptr ||
- std::string(server_name) != config->expected_server_name) {
- fprintf(stderr, "servername mismatch (got %s; want %s)\n", server_name,
- config->expected_server_name.c_str());
- return SSL_TLSEXT_ERR_ALERT_FATAL;
- }
-
- return SSL_TLSEXT_ERR_OK;
-}
-
-// Connect returns a new socket connected to localhost on |port| or -1 on
-// error.
-static int Connect(uint16_t port) {
- int sock = socket(AF_INET, SOCK_STREAM, 0);
- if (sock == -1) {
- PrintSocketError("socket");
- return -1;
- }
- int nodelay = 1;
- if (setsockopt(sock, IPPROTO_TCP, TCP_NODELAY,
- reinterpret_cast<const char*>(&nodelay), sizeof(nodelay)) != 0) {
- PrintSocketError("setsockopt");
- closesocket(sock);
- return -1;
- }
- sockaddr_in sin;
- memset(&sin, 0, sizeof(sin));
- sin.sin_family = AF_INET;
- sin.sin_port = htons(port);
- if (!inet_pton(AF_INET, "127.0.0.1", &sin.sin_addr)) {
- PrintSocketError("inet_pton");
- closesocket(sock);
- return -1;
- }
- if (connect(sock, reinterpret_cast<const sockaddr*>(&sin),
- sizeof(sin)) != 0) {
- PrintSocketError("connect");
- closesocket(sock);
- return -1;
- }
- return sock;
-}
-
-class SocketCloser {
- public:
- explicit SocketCloser(int sock) : sock_(sock) {}
- ~SocketCloser() {
- // Half-close and drain the socket before releasing it. This seems to be
- // necessary for graceful shutdown on Windows. It will also avoid write
- // failures in the test runner.
-#if defined(OPENSSL_SYS_WINDOWS)
- shutdown(sock_, SD_SEND);
-#else
- shutdown(sock_, SHUT_WR);
-#endif
- while (true) {
- char buf[1024];
- if (recv(sock_, buf, sizeof(buf), 0) <= 0) {
- break;
- }
- }
- closesocket(sock_);
- }
-
- private:
- const int sock_;
-};
-
-static bssl::UniquePtr<SSL_CTX> SetupCtx(const TestConfig *config) {
- const char sess_id_ctx[] = "ossl_shim";
- bssl::UniquePtr<SSL_CTX> ssl_ctx(SSL_CTX_new(
- config->is_dtls ? DTLS_method() : TLS_method()));
- if (!ssl_ctx) {
- return nullptr;
- }
-
- SSL_CTX_set_security_level(ssl_ctx.get(), 0);
-#if 0
- /* Disabled for now until we have some TLS1.3 support */
- // Enable TLS 1.3 for tests.
- if (!config->is_dtls &&
- !SSL_CTX_set_max_proto_version(ssl_ctx.get(), TLS1_3_VERSION)) {
- return nullptr;
- }
-#else
- /* Ensure we don't negotiate TLSv1.3 until we can handle it */
- if (!config->is_dtls &&
- !SSL_CTX_set_max_proto_version(ssl_ctx.get(), TLS1_2_VERSION)) {
- return nullptr;
- }
-#endif
-
- std::string cipher_list = "ALL";
- if (!config->cipher.empty()) {
- cipher_list = config->cipher;
- SSL_CTX_set_options(ssl_ctx.get(), SSL_OP_CIPHER_SERVER_PREFERENCE);
- }
- if (!SSL_CTX_set_cipher_list(ssl_ctx.get(), cipher_list.c_str())) {
- return nullptr;
- }
-
- DH *tmpdh;
-
- if (config->use_sparse_dh_prime) {
- BIGNUM *p, *g;
- p = BN_new();
- g = BN_new();
- tmpdh = DH_new();
- if (p == NULL || g == NULL || tmpdh == NULL) {
- BN_free(p);
- BN_free(g);
- DH_free(tmpdh);
- return nullptr;
- }
- // This prime number is 2^1024 + 643 – a value just above a power of two.
- // Because of its form, values modulo it are essentially certain to be one
- // byte shorter. This is used to test padding of these values.
- if (BN_hex2bn(
- &p,
- "1000000000000000000000000000000000000000000000000000000000000000"
- "0000000000000000000000000000000000000000000000000000000000000000"
- "0000000000000000000000000000000000000000000000000000000000000000"
- "0000000000000000000000000000000000000000000000000000000000000028"
- "3") == 0 ||
- !BN_set_word(g, 2)) {
- BN_free(p);
- BN_free(g);
- DH_free(tmpdh);
- return nullptr;
- }
- DH_set0_pqg(tmpdh, p, NULL, g);
- } else {
- tmpdh = DH_get_2048_256();
- }
-
- bssl::UniquePtr<DH> dh(tmpdh);
-
- if (!dh || !SSL_CTX_set_tmp_dh(ssl_ctx.get(), dh.get())) {
- return nullptr;
- }
-
- SSL_CTX_set_session_cache_mode(ssl_ctx.get(), SSL_SESS_CACHE_BOTH);
-
- if (config->use_old_client_cert_callback) {
- SSL_CTX_set_client_cert_cb(ssl_ctx.get(), ClientCertCallback);
- }
-
- SSL_CTX_set_npn_advertised_cb(
- ssl_ctx.get(), NextProtosAdvertisedCallback, NULL);
- if (!config->select_next_proto.empty()) {
- SSL_CTX_set_next_proto_select_cb(ssl_ctx.get(), NextProtoSelectCallback,
- NULL);
- }
-
- if (!config->select_alpn.empty() || config->decline_alpn) {
- SSL_CTX_set_alpn_select_cb(ssl_ctx.get(), AlpnSelectCallback, NULL);
- }
-
- SSL_CTX_set_info_callback(ssl_ctx.get(), InfoCallback);
- SSL_CTX_sess_set_new_cb(ssl_ctx.get(), NewSessionCallback);
-
- if (config->use_ticket_callback) {
- SSL_CTX_set_tlsext_ticket_key_evp_cb(ssl_ctx.get(), TicketKeyCallback);
- }
-
- if (config->enable_client_custom_extension &&
- !SSL_CTX_add_client_custom_ext(
- ssl_ctx.get(), kCustomExtensionValue, CustomExtensionAddCallback,
- CustomExtensionFreeCallback, kCustomExtensionAddArg,
- CustomExtensionParseCallback, kCustomExtensionParseArg)) {
- return nullptr;
- }
-
- if (config->enable_server_custom_extension &&
- !SSL_CTX_add_server_custom_ext(
- ssl_ctx.get(), kCustomExtensionValue, CustomExtensionAddCallback,
- CustomExtensionFreeCallback, kCustomExtensionAddArg,
- CustomExtensionParseCallback, kCustomExtensionParseArg)) {
- return nullptr;
- }
-
- if (config->verify_fail) {
- SSL_CTX_set_cert_verify_callback(ssl_ctx.get(), VerifyFail, NULL);
- } else {
- SSL_CTX_set_cert_verify_callback(ssl_ctx.get(), VerifySucceed, NULL);
- }
-
- if (config->use_null_client_ca_list) {
- SSL_CTX_set_client_CA_list(ssl_ctx.get(), nullptr);
- }
-
- if (!SSL_CTX_set_session_id_context(ssl_ctx.get(),
- (const unsigned char *)sess_id_ctx,
- sizeof(sess_id_ctx) - 1))
- return nullptr;
-
- if (!config->expected_server_name.empty()) {
- SSL_CTX_set_tlsext_servername_callback(ssl_ctx.get(), ServerNameCallback);
- }
-
- return ssl_ctx;
-}
-
-// RetryAsync is called after a failed operation on |ssl| with return code
-// |ret|. If the operation should be retried, it simulates one asynchronous
-// event and returns true. Otherwise it returns false.
-static bool RetryAsync(SSL *ssl, int ret) {
- // No error; don't retry.
- if (ret >= 0) {
- return false;
- }
-
- TestState *test_state = GetTestState(ssl);
- assert(GetTestConfig(ssl)->async);
-
- if (test_state->packeted_bio != nullptr &&
- PacketedBioAdvanceClock(test_state->packeted_bio)) {
- // The DTLS retransmit logic silently ignores write failures. So the test
- // may progress, allow writes through synchronously.
- AsyncBioEnforceWriteQuota(test_state->async_bio, false);
- int timeout_ret = DTLSv1_handle_timeout(ssl);
- AsyncBioEnforceWriteQuota(test_state->async_bio, true);
-
- if (timeout_ret < 0) {
- fprintf(stderr, "Error retransmitting.\n");
- return false;
- }
- return true;
- }
-
- // See if we needed to read or write more. If so, allow one byte through on
- // the appropriate end to maximally stress the state machine.
- switch (SSL_get_error(ssl, ret)) {
- case SSL_ERROR_WANT_READ:
- AsyncBioAllowRead(test_state->async_bio, 1);
- return true;
- case SSL_ERROR_WANT_WRITE:
- AsyncBioAllowWrite(test_state->async_bio, 1);
- return true;
- case SSL_ERROR_WANT_X509_LOOKUP:
- test_state->cert_ready = true;
- return true;
- default:
- return false;
- }
-}
-
-// DoRead reads from |ssl|, resolving any asynchronous operations. It returns
-// the result value of the final |SSL_read| call.
-static int DoRead(SSL *ssl, uint8_t *out, size_t max_out) {
- const TestConfig *config = GetTestConfig(ssl);
- TestState *test_state = GetTestState(ssl);
- int ret;
- do {
- if (config->async) {
- // The DTLS retransmit logic silently ignores write failures. So the test
- // may progress, allow writes through synchronously. |SSL_read| may
- // trigger a retransmit, so disconnect the write quota.
- AsyncBioEnforceWriteQuota(test_state->async_bio, false);
- }
- ret = config->peek_then_read ? SSL_peek(ssl, out, max_out)
- : SSL_read(ssl, out, max_out);
- if (config->async) {
- AsyncBioEnforceWriteQuota(test_state->async_bio, true);
- }
- } while (config->async && RetryAsync(ssl, ret));
-
- if (config->peek_then_read && ret > 0) {
- std::unique_ptr<uint8_t[]> buf(new uint8_t[static_cast<size_t>(ret)]);
-
- // SSL_peek should synchronously return the same data.
- int ret2 = SSL_peek(ssl, buf.get(), ret);
- if (ret2 != ret ||
- memcmp(buf.get(), out, ret) != 0) {
- fprintf(stderr, "First and second SSL_peek did not match.\n");
- return -1;
- }
-
- // SSL_read should synchronously return the same data and consume it.
- ret2 = SSL_read(ssl, buf.get(), ret);
- if (ret2 != ret ||
- memcmp(buf.get(), out, ret) != 0) {
- fprintf(stderr, "SSL_peek and SSL_read did not match.\n");
- return -1;
- }
- }
-
- return ret;
-}
-
-// WriteAll writes |in_len| bytes from |in| to |ssl|, resolving any asynchronous
-// operations. It returns the result of the final |SSL_write| call.
-static int WriteAll(SSL *ssl, const uint8_t *in, size_t in_len) {
- const TestConfig *config = GetTestConfig(ssl);
- int ret;
- do {
- ret = SSL_write(ssl, in, in_len);
- if (ret > 0) {
- in += ret;
- in_len -= ret;
- }
- } while ((config->async && RetryAsync(ssl, ret)) || (ret > 0 && in_len > 0));
- return ret;
-}
-
-// DoShutdown calls |SSL_shutdown|, resolving any asynchronous operations. It
-// returns the result of the final |SSL_shutdown| call.
-static int DoShutdown(SSL *ssl) {
- const TestConfig *config = GetTestConfig(ssl);
- int ret;
- do {
- ret = SSL_shutdown(ssl);
- } while (config->async && RetryAsync(ssl, ret));
- return ret;
-}
-
-static uint16_t GetProtocolVersion(const SSL *ssl) {
- uint16_t version = SSL_version(ssl);
- if (!SSL_is_dtls(ssl)) {
- return version;
- }
- return 0x0201 + ~version;
-}
-
-// CheckHandshakeProperties checks, immediately after |ssl| completes its
-// initial handshake (or False Starts), whether all the properties are
-// consistent with the test configuration and invariants.
-static bool CheckHandshakeProperties(SSL *ssl, bool is_resume) {
- const TestConfig *config = GetTestConfig(ssl);
-
- if (SSL_get_current_cipher(ssl) == nullptr) {
- fprintf(stderr, "null cipher after handshake\n");
- return false;
- }
-
- if (is_resume &&
- (!!SSL_session_reused(ssl) == config->expect_session_miss)) {
- fprintf(stderr, "session was%s reused\n",
- SSL_session_reused(ssl) ? "" : " not");
- return false;
- }
-
- if (!GetTestState(ssl)->handshake_done) {
- fprintf(stderr, "handshake was not completed\n");
- return false;
- }
-
- if (!config->is_server) {
- bool expect_new_session =
- !config->expect_no_session &&
- (!SSL_session_reused(ssl) || config->expect_ticket_renewal) &&
- // Session tickets are sent post-handshake in TLS 1.3.
- GetProtocolVersion(ssl) < TLS1_3_VERSION;
- if (expect_new_session != GetTestState(ssl)->got_new_session) {
- fprintf(stderr,
- "new session was%s cached, but we expected the opposite\n",
- GetTestState(ssl)->got_new_session ? "" : " not");
- return false;
- }
- }
-
- if (!config->expected_server_name.empty()) {
- const char *server_name =
- SSL_get_servername(ssl, TLSEXT_NAMETYPE_host_name);
- if (server_name == nullptr ||
- std::string(server_name) != config->expected_server_name) {
- fprintf(stderr, "servername mismatch (got %s; want %s)\n",
- server_name, config->expected_server_name.c_str());
- return false;
- }
- }
-
- if (!config->expected_next_proto.empty()) {
- const uint8_t *next_proto;
- unsigned next_proto_len;
- SSL_get0_next_proto_negotiated(ssl, &next_proto, &next_proto_len);
- if (next_proto_len != config->expected_next_proto.size() ||
- memcmp(next_proto, config->expected_next_proto.data(),
- next_proto_len) != 0) {
- fprintf(stderr, "negotiated next proto mismatch\n");
- return false;
- }
- }
-
- if (!config->expected_alpn.empty()) {
- const uint8_t *alpn_proto;
- unsigned alpn_proto_len;
- SSL_get0_alpn_selected(ssl, &alpn_proto, &alpn_proto_len);
- if (alpn_proto_len != config->expected_alpn.size() ||
- memcmp(alpn_proto, config->expected_alpn.data(),
- alpn_proto_len) != 0) {
- fprintf(stderr, "negotiated alpn proto mismatch\n");
- return false;
- }
- }
-
- if (config->expect_extended_master_secret) {
- if (!SSL_get_extms_support(ssl)) {
- fprintf(stderr, "No EMS for connection when expected");
- return false;
- }
- }
-
- if (config->expect_verify_result) {
- int expected_verify_result = config->verify_fail ?
- X509_V_ERR_APPLICATION_VERIFICATION :
- X509_V_OK;
-
- if (SSL_get_verify_result(ssl) != expected_verify_result) {
- fprintf(stderr, "Wrong certificate verification result\n");
- return false;
- }
- }
-
- if (!config->psk.empty()) {
- if (SSL_get_peer_cert_chain(ssl) != nullptr) {
- fprintf(stderr, "Received peer certificate on a PSK cipher.\n");
- return false;
- }
- } else if (!config->is_server || config->require_any_client_certificate) {
- if (SSL_get0_peer_certificate(ssl) == nullptr) {
- fprintf(stderr, "Received no peer certificate but expected one.\n");
- return false;
- }
- }
-
- return true;
-}
-
-// DoExchange runs a test SSL exchange against the peer. On success, it returns
-// true and sets |*out_session| to the negotiated SSL session. If the test is a
-// resumption attempt, |is_resume| is true and |session| is the session from the
-// previous exchange.
-static bool DoExchange(bssl::UniquePtr<SSL_SESSION> *out_session,
- SSL_CTX *ssl_ctx, const TestConfig *config,
- bool is_resume, SSL_SESSION *session) {
- bssl::UniquePtr<SSL> ssl(SSL_new(ssl_ctx));
- if (!ssl) {
- return false;
- }
-
- if (!SetTestConfig(ssl.get(), config) ||
- !SetTestState(ssl.get(), std::unique_ptr<TestState>(new TestState))) {
- return false;
- }
-
- if (config->fallback_scsv &&
- !SSL_set_mode(ssl.get(), SSL_MODE_SEND_FALLBACK_SCSV)) {
- return false;
- }
- // Install the certificate synchronously if nothing else will handle it.
- if (!config->use_old_client_cert_callback &&
- !config->async &&
- !InstallCertificate(ssl.get())) {
- return false;
- }
- SSL_set_cert_cb(ssl.get(), CertCallback, nullptr);
- if (config->require_any_client_certificate) {
- SSL_set_verify(ssl.get(), SSL_VERIFY_PEER|SSL_VERIFY_FAIL_IF_NO_PEER_CERT,
- NULL);
- }
- if (config->verify_peer) {
- SSL_set_verify(ssl.get(), SSL_VERIFY_PEER, NULL);
- }
- if (config->partial_write) {
- SSL_set_mode(ssl.get(), SSL_MODE_ENABLE_PARTIAL_WRITE);
- }
- if (config->no_tls13) {
- SSL_set_options(ssl.get(), SSL_OP_NO_TLSv1_3);
- }
- if (config->no_tls12) {
- SSL_set_options(ssl.get(), SSL_OP_NO_TLSv1_2);
- }
- if (config->no_tls11) {
- SSL_set_options(ssl.get(), SSL_OP_NO_TLSv1_1);
- }
- if (config->no_tls1) {
- SSL_set_options(ssl.get(), SSL_OP_NO_TLSv1);
- }
- if (config->no_ssl3) {
- SSL_set_options(ssl.get(), SSL_OP_NO_SSLv3);
- }
- if (!config->host_name.empty() &&
- !SSL_set_tlsext_host_name(ssl.get(), config->host_name.c_str())) {
- return false;
- }
- if (!config->advertise_alpn.empty() &&
- SSL_set_alpn_protos(ssl.get(),
- (const uint8_t *)config->advertise_alpn.data(),
- config->advertise_alpn.size()) != 0) {
- return false;
- }
- if (!config->psk.empty()) {
- SSL_set_psk_client_callback(ssl.get(), PskClientCallback);
- SSL_set_psk_server_callback(ssl.get(), PskServerCallback);
- }
- if (!config->psk_identity.empty() &&
- !SSL_use_psk_identity_hint(ssl.get(), config->psk_identity.c_str())) {
- return false;
- }
- if (!config->srtp_profiles.empty() &&
- SSL_set_tlsext_use_srtp(ssl.get(), config->srtp_profiles.c_str())) {
- return false;
- }
- if (config->min_version != 0 &&
- !SSL_set_min_proto_version(ssl.get(), (uint16_t)config->min_version)) {
- return false;
- }
- if (config->max_version != 0 &&
- !SSL_set_max_proto_version(ssl.get(), (uint16_t)config->max_version)) {
- return false;
- }
- if (config->mtu != 0) {
- SSL_set_options(ssl.get(), SSL_OP_NO_QUERY_MTU);
- SSL_set_mtu(ssl.get(), config->mtu);
- }
- if (config->renegotiate_freely) {
- // This is always on for OpenSSL.
- }
- if (!config->check_close_notify) {
- SSL_set_quiet_shutdown(ssl.get(), 1);
- }
- if (config->p384_only) {
- int nid = NID_secp384r1;
- if (!SSL_set1_curves(ssl.get(), &nid, 1)) {
- return false;
- }
- }
- if (config->enable_all_curves) {
- static const int kAllCurves[] = {
- NID_X25519, NID_X9_62_prime256v1, NID_X448, NID_secp521r1, NID_secp384r1
- };
- if (!SSL_set1_curves(ssl.get(), kAllCurves,
- OPENSSL_ARRAY_SIZE(kAllCurves))) {
- return false;
- }
- }
- if (config->max_cert_list > 0) {
- SSL_set_max_cert_list(ssl.get(), config->max_cert_list);
- }
-
- if (!config->async) {
- SSL_set_mode(ssl.get(), SSL_MODE_AUTO_RETRY);
- }
-
- int sock = Connect(config->port);
- if (sock == -1) {
- return false;
- }
- SocketCloser closer(sock);
-
- bssl::UniquePtr<BIO> bio(BIO_new_socket(sock, BIO_NOCLOSE));
- if (!bio) {
- return false;
- }
- if (config->is_dtls) {
- bssl::UniquePtr<BIO> packeted = PacketedBioCreate(!config->async);
- if (!packeted) {
- return false;
- }
- GetTestState(ssl.get())->packeted_bio = packeted.get();
- BIO_push(packeted.get(), bio.release());
- bio = std::move(packeted);
- }
- if (config->async) {
- bssl::UniquePtr<BIO> async_scoped =
- config->is_dtls ? AsyncBioCreateDatagram() : AsyncBioCreate();
- if (!async_scoped) {
- return false;
- }
- BIO_push(async_scoped.get(), bio.release());
- GetTestState(ssl.get())->async_bio = async_scoped.get();
- bio = std::move(async_scoped);
- }
- SSL_set_bio(ssl.get(), bio.get(), bio.get());
- bio.release(); // SSL_set_bio takes ownership.
-
- if (session != NULL) {
- if (!config->is_server) {
- if (SSL_set_session(ssl.get(), session) != 1) {
- return false;
- }
- }
- }
-
-#if 0
- // KNOWN BUG: OpenSSL's SSL_get_current_cipher behaves incorrectly when
- // offering resumption.
- if (SSL_get_current_cipher(ssl.get()) != nullptr) {
- fprintf(stderr, "non-null cipher before handshake\n");
- return false;
- }
-#endif
-
- int ret;
- if (config->implicit_handshake) {
- if (config->is_server) {
- SSL_set_accept_state(ssl.get());
- } else {
- SSL_set_connect_state(ssl.get());
- }
- } else {
- do {
- if (config->is_server) {
- ret = SSL_accept(ssl.get());
- } else {
- ret = SSL_connect(ssl.get());
- }
- } while (config->async && RetryAsync(ssl.get(), ret));
- if (ret != 1 ||
- !CheckHandshakeProperties(ssl.get(), is_resume)) {
- fprintf(stderr, "resumption check failed\n");
- return false;
- }
-
- // Reset the state to assert later that the callback isn't called in
- // renegotiations.
- GetTestState(ssl.get())->got_new_session = false;
- }
-
- if (config->export_keying_material > 0) {
- std::vector<uint8_t> result(
- static_cast<size_t>(config->export_keying_material));
- if (SSL_export_keying_material(
- ssl.get(), result.data(), result.size(),
- config->export_label.data(), config->export_label.size(),
- reinterpret_cast<const uint8_t*>(config->export_context.data()),
- config->export_context.size(), config->use_export_context) != 1) {
- fprintf(stderr, "failed to export keying material\n");
- return false;
- }
- if (WriteAll(ssl.get(), result.data(), result.size()) < 0) {
- fprintf(stderr, "writing exported key material failed\n");
- return false;
- }
- }
-
- if (config->write_different_record_sizes) {
- if (config->is_dtls) {
- fprintf(stderr, "write_different_record_sizes not supported for DTLS\n");
- return false;
- }
- // This mode writes a number of different record sizes in an attempt to
- // trip up the CBC record splitting code.
- static const size_t kBufLen = 32769;
- std::unique_ptr<uint8_t[]> buf(new uint8_t[kBufLen]);
- memset(buf.get(), 0x42, kBufLen);
- static const size_t kRecordSizes[] = {
- 0, 1, 255, 256, 257, 16383, 16384, 16385, 32767, 32768, 32769};
- for (size_t i = 0; i < OPENSSL_ARRAY_SIZE(kRecordSizes); i++) {
- const size_t len = kRecordSizes[i];
- if (len > kBufLen) {
- fprintf(stderr, "Bad kRecordSizes value.\n");
- return false;
- }
- if (WriteAll(ssl.get(), buf.get(), len) < 0) {
- return false;
- }
- }
- } else {
- if (config->shim_writes_first) {
- if (WriteAll(ssl.get(), reinterpret_cast<const uint8_t *>("hello"),
- 5) < 0) {
- fprintf(stderr, "shim_writes_first write failed\n");
- return false;
- }
- }
- if (!config->shim_shuts_down) {
- for (;;) {
- static const size_t kBufLen = 16384;
- std::unique_ptr<uint8_t[]> buf(new uint8_t[kBufLen]);
-
- // Read only 512 bytes at a time in TLS to ensure records may be
- // returned in multiple reads.
- int n = DoRead(ssl.get(), buf.get(), config->is_dtls ? kBufLen : 512);
- int err = SSL_get_error(ssl.get(), n);
- if (err == SSL_ERROR_ZERO_RETURN ||
- (n == 0 && err == SSL_ERROR_SYSCALL)) {
- if (n != 0) {
- fprintf(stderr, "Invalid SSL_get_error output\n");
- return false;
- }
- // Stop on either clean or unclean shutdown.
- break;
- } else if (err != SSL_ERROR_NONE) {
- if (n > 0) {
- fprintf(stderr, "Invalid SSL_get_error output\n");
- return false;
- }
- fprintf(stderr, "Unexpected entry in error queue\n");
- return false;
- }
- // Successfully read data.
- if (n <= 0) {
- fprintf(stderr, "Invalid SSL_get_error output\n");
- return false;
- }
-
- // After a successful read, with or without False Start, the handshake
- // must be complete.
- if (!GetTestState(ssl.get())->handshake_done) {
- fprintf(stderr, "handshake was not completed after SSL_read\n");
- return false;
- }
-
- for (int i = 0; i < n; i++) {
- buf[i] ^= 0xff;
- }
- if (WriteAll(ssl.get(), buf.get(), n) < 0) {
- fprintf(stderr, "write of inverted bitstream failed\n");
- return false;
- }
- }
- }
- }
-
- if (!config->is_server &&
- !config->implicit_handshake &&
- // Session tickets are sent post-handshake in TLS 1.3.
- GetProtocolVersion(ssl.get()) < TLS1_3_VERSION &&
- GetTestState(ssl.get())->got_new_session) {
- fprintf(stderr, "new session was established after the handshake\n");
- return false;
- }
-
- if (GetProtocolVersion(ssl.get()) >= TLS1_3_VERSION && !config->is_server) {
- bool expect_new_session =
- !config->expect_no_session && !config->shim_shuts_down;
- if (expect_new_session != GetTestState(ssl.get())->got_new_session) {
- fprintf(stderr,
- "new session was%s cached, but we expected the opposite\n",
- GetTestState(ssl.get())->got_new_session ? "" : " not");
- return false;
- }
- }
-
- if (out_session) {
- *out_session = std::move(GetTestState(ssl.get())->new_session);
- }
-
- ret = DoShutdown(ssl.get());
-
- if (config->shim_shuts_down && config->check_close_notify) {
- // We initiate shutdown, so |SSL_shutdown| will return in two stages. First
- // it returns zero when our close_notify is sent, then one when the peer's
- // is received.
- if (ret != 0) {
- fprintf(stderr, "Unexpected SSL_shutdown result: %d != 0\n", ret);
- return false;
- }
- ret = DoShutdown(ssl.get());
- }
-
- if (ret != 1) {
- fprintf(stderr, "Unexpected SSL_shutdown result: %d != 1\n", ret);
- return false;
- }
-
- if (SSL_total_renegotiations(ssl.get()) !=
- config->expect_total_renegotiations) {
- fprintf(stderr, "Expected %d renegotiations, got %ld\n",
- config->expect_total_renegotiations,
- SSL_total_renegotiations(ssl.get()));
- return false;
- }
-
- return true;
-}
-
-class StderrDelimiter {
- public:
- ~StderrDelimiter() { fprintf(stderr, "--- DONE ---\n"); }
-};
-
-static int Main(int argc, char **argv) {
- // To distinguish ASan's output from ours, add a trailing message to stderr.
- // Anything following this line will be considered an error.
- StderrDelimiter delimiter;
-
-#if defined(OPENSSL_SYS_WINDOWS)
- /* Initialize Winsock. */
- WORD wsa_version = MAKEWORD(2, 2);
- WSADATA wsa_data;
- int wsa_err = WSAStartup(wsa_version, &wsa_data);
- if (wsa_err != 0) {
- fprintf(stderr, "WSAStartup failed: %d\n", wsa_err);
- return 1;
- }
- if (wsa_data.wVersion != wsa_version) {
- fprintf(stderr, "Didn't get expected version: %x\n", wsa_data.wVersion);
- return 1;
- }
-#else
- signal(SIGPIPE, SIG_IGN);
-#endif
-
- OPENSSL_init_crypto(0, NULL);
- OPENSSL_init_ssl(0, NULL);
- g_config_index = SSL_get_ex_new_index(0, NULL, NULL, NULL, NULL);
- g_state_index = SSL_get_ex_new_index(0, NULL, NULL, NULL, TestStateExFree);
- if (g_config_index < 0 || g_state_index < 0) {
- return 1;
- }
-
- TestConfig config;
- if (!ParseConfig(argc - 1, argv + 1, &config)) {
- return Usage(argv[0]);
- }
-
- bssl::UniquePtr<SSL_CTX> ssl_ctx = SetupCtx(&config);
- if (!ssl_ctx) {
- ERR_print_errors_fp(stderr);
- return 1;
- }
-
- bssl::UniquePtr<SSL_SESSION> session;
- for (int i = 0; i < config.resume_count + 1; i++) {
- bool is_resume = i > 0;
- if (is_resume && !config.is_server && !session) {
- fprintf(stderr, "No session to offer.\n");
- return 1;
- }
-
- bssl::UniquePtr<SSL_SESSION> offer_session = std::move(session);
- if (!DoExchange(&session, ssl_ctx.get(), &config, is_resume,
- offer_session.get())) {
- fprintf(stderr, "Connection %d failed.\n", i + 1);
- ERR_print_errors_fp(stderr);
- return 1;
- }
- }
-
- return 0;
-}
-
-} // namespace bssl
-
-int main(int argc, char **argv) {
- return bssl::Main(argc, argv);
-}
diff --git a/test/ossl_shim/packeted_bio.cc b/test/ossl_shim/packeted_bio.cc
deleted file mode 100644
index b5286d3e7c..0000000000
--- a/test/ossl_shim/packeted_bio.cc
+++ /dev/null
@@ -1,299 +0,0 @@
-/*
- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
- * Licensed under the Apache License 2.0 (the "License"). You may not use
- * this file except in compliance with the License. You can obtain a copy
- * in the file LICENSE in the source distribution or at
- * https://www.openssl.org/source/license.html
- */
-
-#include "packeted_bio.h"
-
-#include <assert.h>
-#include <limits.h>
-#include <stdio.h>
-#include <string.h>
-
-#include <openssl/crypto.h>
-
-
-namespace {
-
-const uint8_t kOpcodePacket = 'P';
-const uint8_t kOpcodeTimeout = 'T';
-const uint8_t kOpcodeTimeoutAck = 't';
-
-struct PacketedBio {
- explicit PacketedBio(bool advance_clock_arg)
- : advance_clock(advance_clock_arg) {
- memset(&timeout, 0, sizeof(timeout));
- memset(&clock, 0, sizeof(clock));
- memset(&read_deadline, 0, sizeof(read_deadline));
- }
-
- bool HasTimeout() const {
- return timeout.tv_sec != 0 || timeout.tv_usec != 0;
- }
-
- bool CanRead() const {
- if (read_deadline.tv_sec == 0 && read_deadline.tv_usec == 0) {
- return true;
- }
-
- if (clock.tv_sec == read_deadline.tv_sec) {
- return clock.tv_usec < read_deadline.tv_usec;
- }
- return clock.tv_sec < read_deadline.tv_sec;
- }
-
- timeval timeout;
- timeval clock;
- timeval read_deadline;
- bool advance_clock;
-};
-
-PacketedBio *GetData(BIO *bio) {
- return (PacketedBio *)BIO_get_data(bio);
-}
-
-const PacketedBio *GetData(const BIO *bio) {
- return GetData(const_cast<BIO*>(bio));
-}
-
-// ReadAll reads |len| bytes from |bio| into |out|. It returns 1 on success and
-// 0 or -1 on error.
-static int ReadAll(BIO *bio, uint8_t *out, size_t len) {
- while (len > 0) {
- int chunk_len = INT_MAX;
- if (len <= INT_MAX) {
- chunk_len = (int)len;
- }
- int ret = BIO_read(bio, out, chunk_len);
- if (ret <= 0) {
- return ret;
- }
- out += ret;
- len -= ret;
- }
- return 1;
-}
-
-static int PacketedWrite(BIO *bio, const char *in, int inl) {
- if (BIO_next(bio) == NULL) {
- return 0;
- }
-
- BIO_clear_retry_flags(bio);
-
- // Write the header.
- uint8_t header[5];
- header[0] = kOpcodePacket;
- header[1] = (inl >> 24) & 0xff;
- header[2] = (inl >> 16) & 0xff;
- header[3] = (inl >> 8) & 0xff;
- header[4] = inl & 0xff;
- int ret = BIO_write(BIO_next(bio), header, sizeof(header));
- if (ret <= 0) {
- BIO_copy_next_retry(bio);
- return ret;
- }
-
- // Write the buffer.
- ret = BIO_write(BIO_next(bio), in, inl);
- if (ret < 0 || (inl > 0 && ret == 0)) {
- BIO_copy_next_retry(bio);
- return ret;
- }
- assert(ret == inl);
- return ret;
-}
-
-static int PacketedRead(BIO *bio, char *out, int outl) {
- PacketedBio *data = GetData(bio);
- if (BIO_next(bio) == NULL) {
- return 0;
- }
-
- BIO_clear_retry_flags(bio);
-
- for (;;) {
- // Check if the read deadline has passed.
- if (!data->CanRead()) {
- BIO_set_retry_read(bio);
- return -1;
- }
-
- // Read the opcode.
- uint8_t opcode;
- int ret = ReadAll(BIO_next(bio), &opcode, sizeof(opcode));
- if (ret <= 0) {
- BIO_copy_next_retry(bio);
- return ret;
- }
-
- if (opcode == kOpcodeTimeout) {
- // The caller is required to advance any pending timeouts before
- // continuing.
- if (data->HasTimeout()) {
- fprintf(stderr, "Unprocessed timeout!\n");
- return -1;
- }
-
- // Process the timeout.
- uint8_t buf[8];
- ret = ReadAll(BIO_next(bio), buf, sizeof(buf));
- if (ret <= 0) {
- BIO_copy_next_retry(bio);
- return ret;
- }
- uint64_t timeout = (static_cast<uint64_t>(buf[0]) << 56) |
- (static_cast<uint64_t>(buf[1]) << 48) |
- (static_cast<uint64_t>(buf[2]) << 40) |
- (static_cast<uint64_t>(buf[3]) << 32) |
- (static_cast<uint64_t>(buf[4]) << 24) |
- (static_cast<uint64_t>(buf[5]) << 16) |
- (static_cast<uint64_t>(buf[6]) << 8) |
- static_cast<uint64_t>(buf[7]);
- timeout /= 1000; // Convert nanoseconds to microseconds.
-
- data->timeout.tv_usec = timeout % 1000000;
- data->timeout.tv_sec = timeout / 1000000;
-
- // Send an ACK to the peer.
- ret = BIO_write(BIO_next(bio), &kOpcodeTimeoutAck, 1);
- if (ret <= 0) {
- return ret;
- }
- assert(ret == 1);
-
- if (!data->advance_clock) {
- // Signal to the caller to retry the read, after advancing the clock.
- BIO_set_retry_read(bio);
- return -1;
- }
-
- PacketedBioAdvanceClock(bio);
- continue;
- }
-
- if (opcode != kOpcodePacket) {
- fprintf(stderr, "Unknown opcode, %u\n", opcode);
- return -1;
- }
-
- // Read the length prefix.
- uint8_t len_bytes[4];
- ret = ReadAll(BIO_next(bio), len_bytes, sizeof(len_bytes));
- if (ret <= 0) {
- BIO_copy_next_retry(bio);
- return ret;
- }
-
- uint32_t len = (len_bytes[0] << 24) | (len_bytes[1] << 16) |
- (len_bytes[2] << 8) | len_bytes[3];
- uint8_t *buf = (uint8_t *)OPENSSL_malloc(len);
- if (buf == NULL) {
- return -1;
- }
- ret = ReadAll(BIO_next(bio), buf, len);
- if (ret <= 0) {
- fprintf(stderr, "Packeted BIO was truncated\n");
- return -1;
- }
-
- if (outl > (int)len) {
- outl = len;
- }
- memcpy(out, buf, outl);
- OPENSSL_free(buf);
- return outl;
- }
-}
-
-static long PacketedCtrl(BIO *bio, int cmd, long num, void *ptr) {
- if (cmd == BIO_CTRL_DGRAM_SET_NEXT_TIMEOUT) {
- memcpy(&GetData(bio)->read_deadline, ptr, sizeof(timeval));
- return 1;
- }
-
- if (BIO_next(bio) == NULL) {
- return 0;
- }
- BIO_clear_retry_flags(bio);
- int ret = BIO_ctrl(BIO_next(bio), cmd, num, ptr);
- BIO_copy_next_retry(bio);
- return ret;
-}
-
-static int PacketedNew(BIO *bio) {
- BIO_set_init(bio, 1);
- return 1;
-}
-
-static int PacketedFree(BIO *bio) {
- if (bio == NULL) {
- return 0;
- }
-
- delete GetData(bio);
- BIO_set_init(bio, 0);
- return 1;
-}
-
-static long PacketedCallbackCtrl(BIO *bio, int cmd, BIO_info_cb fp)
-{
- if (BIO_next(bio) == NULL)
- return 0;
- return BIO_callback_ctrl(BIO_next(bio), cmd, fp);
-}
-
-static BIO_METHOD *g_packeted_bio_method = NULL;
-
-static const BIO_METHOD *PacketedMethod(void)
-{
- if (g_packeted_bio_method == NULL) {
- g_packeted_bio_method = BIO_meth_new(BIO_TYPE_FILTER, "packeted bio");
- if ( g_packeted_bio_method == NULL
- || !BIO_meth_set_write(g_packeted_bio_method, PacketedWrite)
- || !BIO_meth_set_read(g_packeted_bio_method, PacketedRead)
- || !BIO_meth_set_ctrl(g_packeted_bio_method, PacketedCtrl)
- || !BIO_meth_set_create(g_packeted_bio_method, PacketedNew)
- || !BIO_meth_set_destroy(g_packeted_bio_method, PacketedFree)
- || !BIO_meth_set_callback_ctrl(g_packeted_bio_method,
- PacketedCallbackCtrl))
- return NULL;
- }
- return g_packeted_bio_method;
-}
-} // namespace
-
-bssl::UniquePtr<BIO> PacketedBioCreate(bool advance_clock) {
- bssl::UniquePtr<BIO> bio(BIO_new(PacketedMethod()));
- if (!bio) {
- return nullptr;
- }
- BIO_set_data(bio.get(), new PacketedBio(advance_clock));
- return bio;
-}
-
-timeval PacketedBioGetClock(const BIO *bio) {
- return GetData(bio)->clock;
-}
-
-bool PacketedBioAdvanceClock(BIO *bio) {
- PacketedBio *data = GetData(bio);
- if (data == nullptr) {
- return false;
- }
-
- if (!data->HasTimeout()) {
- return false;
- }
-
- data->clock.tv_usec += data->timeout.tv_usec;
- data->clock.tv_sec += data->clock.tv_usec / 1000000;
- data->clock.tv_usec %= 1000000;
- data->clock.tv_sec += data->timeout.tv_sec;
- memset(&data->timeout, 0, sizeof(data->timeout));
- return true;
-}
diff --git a/test/ossl_shim/packeted_bio.h b/test/ossl_shim/packeted_bio.h
deleted file mode 100644
index 27678bd7e6..0000000000
--- a/test/ossl_shim/packeted_bio.h
+++ /dev/null
@@ -1,35 +0,0 @@
-/*
- * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
- *
- * Licensed under the Apache License 2.0 (the "License"). You may not use
- * this file except in compliance with the License. You can obtain a copy
- * in the file LICENSE in the source distribution or at
- * https://www.openssl.org/source/license.html
- */
-
-#ifndef OSSL_TEST_SHIM_PACKETED_BIO_H
-#define OSSL_TEST_SHIM_PACKETED_BIO_H
-
-#include <openssl/base.h>
-#include <openssl/bio.h>
-
-// PacketedBioCreate creates a filter BIO which implements a reliable in-order
-// blocking datagram socket. It internally maintains a clock and honors
-// |BIO_CTRL_DGRAM_SET_NEXT_TIMEOUT| based on it.
-//
-// During a |BIO_read|, the peer may signal the filter BIO to simulate a
-// timeout. If |advance_clock| is true, it automatically advances the clock and
-// continues reading, subject to the read deadline. Otherwise, it fails
-// immediately. The caller must then call |PacketedBioAdvanceClock| before
-// retrying |BIO_read|.
-bssl::UniquePtr<BIO> PacketedBioCreate(bool advance_clock);
-
-// PacketedBioGetClock returns the current time for |bio|.
-timeval PacketedBioGetClock(const BIO *bio);
-
-// PacketedBioAdvanceClock advances |bio|'s internal clock and returns true if
-// there is a pending timeout. Otherwise, it returns false.
-bool PacketedBioAdvanceClock(BIO *bio);
-
-
-#endif // OSSL_TEST_SHIM_PACKETED_BIO_H
diff --git a/test/ossl_shim/test_config.cc b/test/ossl_shim/test_config.cc
deleted file mode 100644
index a37d010d7a..0000000000
--- a/test/ossl_shim/test_config.cc
+++ /dev/null
@@ -1,195 +0,0 @@
-/*
- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
- * Licensed under the Apache License 2.0 (the "License"). You may not use
- * this file except in compliance with the License. You can obtain a copy
- * in the file LICENSE in the source distribution or at
- * https://www.openssl.org/source/license.html
- */
-
-#include "test_config.h"
-
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-
-#include <memory>
-
-#include <openssl/evp.h>
-
-namespace {
-
-template <typename T>
-struct Flag {
- const char *flag;
- T TestConfig::*member;
-};
-
-// FindField looks for the flag in |flags| that matches |flag|. If one is found,
-// it returns a pointer to the corresponding field in |config|. Otherwise, it
-// returns NULL.
-template<typename T, size_t N>
-T *FindField(TestConfig *config, const Flag<T> (&flags)[N], const char *flag) {
- for (size_t i = 0; i < N; i++) {
- if (strcmp(flag, flags[i].flag) == 0) {
- return &(config->*(flags[i].member));
- }
- }
- return NULL;
-}
-
-const Flag<bool> kBoolFlags[] = {
- { "-server", &TestConfig::is_server },
- { "-dtls", &TestConfig::is_dtls },
- { "-fallback-scsv", &TestConfig::fallback_scsv },
- { "-require-any-client-certificate",
- &TestConfig::require_any_client_certificate },
- { "-async", &TestConfig::async },
- { "-write-different-record-sizes",
- &TestConfig::write_different_record_sizes },
- { "-partial-write", &TestConfig::partial_write },
- { "-no-tls13", &TestConfig::no_tls13 },
- { "-no-tls12", &TestConfig::no_tls12 },
- { "-no-tls11", &TestConfig::no_tls11 },
- { "-no-tls1", &TestConfig::no_tls1 },
- { "-no-ssl3", &TestConfig::no_ssl3 },
- { "-shim-writes-first", &TestConfig::shim_writes_first },
- { "-expect-session-miss", &TestConfig::expect_session_miss },
- { "-decline-alpn", &TestConfig::decline_alpn },
- { "-expect-extended-master-secret",
- &TestConfig::expect_extended_master_secret },
- { "-implicit-handshake", &TestConfig::implicit_handshake },
- { "-handshake-never-done", &TestConfig::handshake_never_done },
- { "-use-export-context", &TestConfig::use_export_context },
- { "-expect-ticket-renewal", &TestConfig::expect_ticket_renewal },
- { "-expect-no-session", &TestConfig::expect_no_session },
- { "-use-ticket-callback", &TestConfig::use_ticket_callback },
- { "-renew-ticket", &TestConfig::renew_ticket },
- { "-enable-client-custom-extension",
- &TestConfig::enable_client_custom_extension },
- { "-enable-server-custom-extension",
- &TestConfig::enable_server_custom_extension },
- { "-custom-extension-skip", &TestConfig::custom_extension_skip },
- { "-custom-extension-fail-add", &TestConfig::custom_extension_fail_add },
- { "-check-close-notify", &TestConfig::check_close_notify },
- { "-shim-shuts-down", &TestConfig::shim_shuts_down },
- { "-verify-fail", &TestConfig::verify_fail },
- { "-verify-peer", &TestConfig::verify_peer },
- { "-expect-verify-result", &TestConfig::expect_verify_result },
- { "-renegotiate-freely", &TestConfig::renegotiate_freely },
- { "-p384-only", &TestConfig::p384_only },
- { "-enable-all-curves", &TestConfig::enable_all_curves },
- { "-use-sparse-dh-prime", &TestConfig::use_sparse_dh_prime },
- { "-use-old-client-cert-callback",
- &TestConfig::use_old_client_cert_callback },
- { "-use-null-client-ca-list", &TestConfig::use_null_client_ca_list },
- { "-peek-then-read", &TestConfig::peek_then_read },
-};
-
-const Flag<std::string> kStringFlags[] = {
- { "-key-file", &TestConfig::key_file },
- { "-cert-file", &TestConfig::cert_file },
- { "-expect-server-name", &TestConfig::expected_server_name },
- { "-advertise-npn", &TestConfig::advertise_npn },
- { "-expect-next-proto", &TestConfig::expected_next_proto },
- { "-select-next-proto", &TestConfig::select_next_proto },
- { "-host-name", &TestConfig::host_name },
- { "-advertise-alpn", &TestConfig::advertise_alpn },
- { "-expect-alpn", &TestConfig::expected_alpn },
- { "-expect-advertised-alpn", &TestConfig::expected_advertised_alpn },
- { "-select-alpn", &TestConfig::select_alpn },
- { "-psk", &TestConfig::psk },
- { "-psk-identity", &TestConfig::psk_identity },
- { "-srtp-profiles", &TestConfig::srtp_profiles },
- { "-cipher", &TestConfig::cipher },
- { "-export-label", &TestConfig::export_label },
- { "-export-context", &TestConfig::export_context },
-};
-
-const Flag<std::string> kBase64Flags[] = {
- { "-expect-certificate-types", &TestConfig::expected_certificate_types },
-};
-
-const Flag<int> kIntFlags[] = {
- { "-port", &TestConfig::port },
- { "-resume-count", &TestConfig::resume_count },
- { "-min-version", &TestConfig::min_version },
- { "-max-version", &TestConfig::max_version },
- { "-mtu", &TestConfig::mtu },
- { "-export-keying-material", &TestConfig::export_keying_material },
- { "-expect-total-renegotiations", &TestConfig::expect_total_renegotiations },
- { "-max-cert-list", &TestConfig::max_cert_list },
-};
-
-} // namespace
-
-bool ParseConfig(int argc, char **argv, TestConfig *out_config) {
- for (int i = 0; i < argc; i++) {
- bool *bool_field = FindField(out_config, kBoolFlags, argv[i]);
- if (bool_field != NULL) {
- *bool_field = true;
- continue;
- }
-
- std::string *string_field = FindField(out_config, kStringFlags, argv[i]);
- if (string_field != NULL) {
- const char *val;
-
- i++;
- if (i >= argc) {
- fprintf(stderr, "Missing parameter\n");
- return false;
- }
-
- /*
- * Fix up the -cipher argument. runner uses "DEFAULT:NULL-SHA" to enable
- * the NULL-SHA cipher. However in OpenSSL "DEFAULT" permanently switches
- * off NULL ciphers, so we use "ALL:NULL-SHA" instead.
- */
- if (strcmp(argv[i - 1], "-cipher") == 0
- && strcmp(argv[i], "DEFAULT:NULL-SHA") == 0)
- val = "ALL:NULL-SHA";
- else
- val = argv[i];
-
- string_field->assign(val);
- continue;
- }
-
- std::string *base64_field = FindField(out_config, kBase64Flags, argv[i]);
- if (base64_field != NULL) {
- i++;
- if (i >= argc) {
- fprintf(stderr, "Missing parameter\n");
- return false;
- }
- std::unique_ptr<uint8_t[]> decoded(new uint8_t[strlen(argv[i])]);
- int len = EVP_DecodeBlock(decoded.get(),
- reinterpret_cast<const uint8_t *>(argv[i]),
- strlen(argv[i]));
- if (len < 0) {
- fprintf(stderr, "Invalid base64: %s\n", argv[i]);
- return false;
- }
- base64_field->assign(reinterpret_cast<const char *>(decoded.get()), len);
- continue;
- }
-
- int *int_field = FindField(out_config, kIntFlags, argv[i]);
- if (int_field) {
- i++;
- if (i >= argc) {
- fprintf(stderr, "Missing parameter\n");
- return false;
- }
- *int_field = atoi(argv[i]);
- continue;
- }
-
- fprintf(stderr, "Unknown argument: %s\n", argv[i]);
- exit(89);
- return false;
- }
-
- return true;
-}
diff --git a/test/ossl_shim/test_config.h b/test/ossl_shim/test_config.h
deleted file mode 100644
index 6dc7319485..0000000000
--- a/test/ossl_shim/test_config.h
+++ /dev/null
@@ -1,90 +0,0 @@
-/*
- * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved.
- *
- * Licensed under the Apache License 2.0 (the "License"). You may not use
- * this file except in compliance with the License. You can obtain a copy
- * in the file LICENSE in the source distribution or at
- * https://www.openssl.org/source/license.html
- */
-
-#ifndef OSSL_TEST_SHIM_TEST_CONFIG_H
-#define OSSL_TEST_SHIM_TEST_CONFIG_H
-
-#include <string>
-#include <vector>
-
-#include <openssl/configuration.h>
-
-
-struct TestConfig {
- int port = 0;
- bool is_server = false;
- bool is_dtls = false;
- int resume_count = 0;
- bool fallback_scsv = false;
- std::string key_file;
- std::string cert_file;
- std::string expected_server_name;
- std::string expected_certificate_types;
- bool require_any_client_certificate = false;
- std::string advertise_npn;
- std::string expected_next_proto;
- std::string select_next_proto;
- bool async = false;
- bool write_different_record_sizes = false;
- bool partial_write = false;
- bool no_tls13 = false;
- bool no_tls12 = false;
- bool no_tls11 = false;
- bool no_tls1 = false;
- bool no_ssl3 = false;
- bool shim_writes_first = false;
- std::string host_name;
- std::string advertise_alpn;
- std::string expected_alpn;
- std::string expected_advertised_alpn;
- std::string select_alpn;
- bool decline_alpn = false;
- bool expect_session_miss = false;
- bool expect_extended_master_secret = false;
- std::string psk;
- std::string psk_identity;
- std::string srtp_profiles;
- int min_version = 0;
- int max_version = 0;
- int mtu = 0;
- bool implicit_handshake = false;
- std::string cipher;
- bool handshake_never_done = false;
- int export_keying_material = 0;
- std::string export_label;
- std::string export_context;
- bool use_export_context = false;
- bool expect_ticket_renewal = false;
- bool expect_no_session = false;
- bool use_ticket_callback = false;
- bool renew_ticket = false;
- bool enable_client_custom_extension = false;
- bool enable_server_custom_extension = false;
- bool custom_extension_skip = false;
- bool custom_extension_fail_add = false;
- bool check_close_notify = false;
- bool shim_shuts_down = false;
- bool verify_fail = false;
- bool verify_peer = false;
- bool expect_verify_result = false;
- int expect_total_renegotiations = 0;
- bool renegotiate_freely = false;
- bool p384_only = false;
- bool enable_all_curves = false;
- bool use_sparse_dh_prime = false;
- bool use_old_client_cert_callback = false;
- bool use_null_client_ca_list = false;
- bool peek_then_read = false;
- int max_cert_list = 0;
-};
-
-bool ParseConfig(int argc, char **argv, TestConfig *out_config);
-
-
-#endif // OSSL_TEST_SHIM_TEST_CONFIG_H
diff --git a/test/recipes/95-test_external_boringssl.t b/test/recipes/95-test_external_boringssl.t
deleted file mode 100644
index ea607935aa..0000000000
--- a/test/recipes/95-test_external_boringssl.t
+++ /dev/null
@@ -1,30 +0,0 @@
-#! /usr/bin/env perl
-# Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.
-#
-# Licensed under the Apache License 2.0 (the "License"). You may not use
-# this file except in compliance with the License. You can obtain a copy
-# in the file LICENSE in the source distribution or at
-# https://www.openssl.org/source/license.html
-
-
-use OpenSSL::Test;
-use OpenSSL::Test::Utils;
-use OpenSSL::Test qw/:DEFAULT bldtop_file srctop_file cmdstr/;
-
-setup("test_external_boringssl");
-
-plan skip_all => "No external tests in this configuration"
- if disabled("external-tests");
-plan skip_all => "BoringSSL runner not detected"
- if !$ENV{BORING_RUNNER_DIR};
-
-plan tests => 1;
-
-indir $ENV{BORING_RUNNER_DIR} => sub {
- ok(run(cmd(["go", "test", "-shim-path",
- bldtop_file("test", "ossl_shim", "ossl_shim"),
- "-shim-config",
- srctop_file("test", "ossl_shim", "ossl_config.json"),
- "-pipe", "-allow-unimplemented"]), prefix => "go test: "),
- "running BoringSSL tests");
-}, create => 0, cleanup => 0;
generated by cgit v1.2.3 (git 2.25.1) at 2024-09-06 18:51:09 +0000