diff options
-rw-r--r-- | .gitattributes | 1 | ||||
-rw-r--r-- | .github/workflows/ci.yml | 2 | ||||
-rw-r--r-- | .gitmodules | 4 | ||||
-rw-r--r-- | INSTALL.md | 2 | ||||
m--------- | boringssl | 0 | ||||
-rw-r--r-- | test/README-external.md | 63 | ||||
-rw-r--r-- | test/build.info | 2 | ||||
-rw-r--r-- | test/data2.bin | 245 | ||||
-rw-r--r-- | test/ossl_shim/async_bio.cc | 183 | ||||
-rw-r--r-- | test/ossl_shim/async_bio.h | 39 | ||||
-rw-r--r-- | test/ossl_shim/build.info | 6 | ||||
-rw-r--r-- | test/ossl_shim/include/openssl/base.h | 114 | ||||
-rw-r--r-- | test/ossl_shim/ossl_config.json | 301 | ||||
-rw-r--r-- | test/ossl_shim/ossl_shim.cc | 1312 | ||||
-rw-r--r-- | test/ossl_shim/packeted_bio.cc | 299 | ||||
-rw-r--r-- | test/ossl_shim/packeted_bio.h | 35 | ||||
-rw-r--r-- | test/ossl_shim/test_config.cc | 195 | ||||
-rw-r--r-- | test/ossl_shim/test_config.h | 90 | ||||
-rw-r--r-- | test/recipes/95-test_external_boringssl.t | 30 |
19 files changed, 60 insertions, 2863 deletions
diff --git a/.gitattributes b/.gitattributes index 6771355ff7..6bd7389c8a 100644 --- a/.gitattributes +++ b/.gitattributes @@ -8,7 +8,6 @@ fuzz/corpora/** export-ignore Configurations/*.norelease.conf export-ignore .* export-ignore util/mktar.sh export-ignore -boringssl export-ignore krb5 export-ignore pyca-cryptography export-ignore dev export-ignore diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 7adc2ab746..ad24aaa5b8 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -200,7 +200,5 @@ jobs: run: make test TESTS="test_external_gost_engine" - name: test external krb5 run: make test TESTS="test_external_krb5" -# - name: test external boringssl -# run: BORING_RUNNER_DIR=$(pwd)/boringssl/ssl/test/runner make test TESTS="test_external_boringssl" # - name: test external pyca # run: make test TESTS="test_external_pyca" diff --git a/.gitmodules b/.gitmodules index 637e7ade7e..955140d60d 100644 --- a/.gitmodules +++ b/.gitmodules @@ -1,7 +1,3 @@ -[submodule "boringssl"] - path = boringssl - url = https://boringssl.googlesource.com/boringssl - [submodule "pyca.cryptography"] path = pyca-cryptography url = https://github.com/pyca/cryptography.git diff --git a/INSTALL.md b/INSTALL.md index d6ef21d20e..14b6118c36 100644 --- a/INSTALL.md +++ b/INSTALL.md @@ -692,7 +692,7 @@ Enable building of integration with external test suites. This is a developer option and may not work on all platforms. The following external test suites are currently supported: - - BoringSSL test suite + - GOST engine test suite - Python PYCA/Cryptography test suite - krb5 test suite diff --git a/boringssl b/boringssl deleted file mode 160000 -Subproject 2070f8ad9151dc8f3a73bffaa146b5e6937a583 diff --git a/test/README-external.md b/test/README-external.md index b06deaac4f..3e10526b85 100644 --- a/test/README-external.md +++ b/test/README-external.md @@ -5,69 +5,6 @@ It is possible to integrate external test suites into OpenSSL's `make test`. This capability is considered a developer option and does not work on all platforms. -The BoringSSL test suite -======================== - -In order to run the BoringSSL tests with OpenSSL, first checkout the BoringSSL -source code into an appropriate directory. This can be done in two ways: - -1) Separately from the OpenSSL checkout using: - - $ git clone https://boringssl.googlesource.com/boringssl boringssl - - The BoringSSL tests are only confirmed to work at a specific commit in the - BoringSSL repository. Later commits may or may not pass the test suite: - - $ cd boringssl - $ git checkout 490469f850e - -2) Using the already configured submodule settings in OpenSSL: - - $ git submodule update --init - -Configure the OpenSSL source code to enable the external tests: - - $ cd ../openssl - $ ./config enable-ssl3 enable-ssl3-method enable-weak-ssl-ciphers \ - enable-external-tests - -Note that using other config options than those given above may cause the tests -to fail. - -Run the OpenSSL tests by providing the path to the BoringSSL test runner in the -`BORING_RUNNER_DIR` environment variable: - - $ BORING_RUNNER_DIR=/path/to/boringssl/ssl/test/runner make test - -Note that the test suite may change directory while running so the path provided -should be absolute and not relative to the current working directory. - -To see more detailed output you can run just the BoringSSL tests with the -verbose option: - - $ VERBOSE=1 BORING_RUNNER_DIR=/path/to/boringssl/ssl/test/runner make \ - TESTS="test_external_boringssl" test - -Test failures and suppressions ------------------------------- - -A large number of the BoringSSL tests are known to fail. A test could fail -because of many possible reasons. For example: - -- A bug in OpenSSL -- Different interpretations of standards -- Assumptions about the way BoringSSL works that do not apply to OpenSSL -- The test uses APIs added to BoringSSL that are not present in OpenSSL -- etc - -In order to provide a "clean" baseline run with all the tests passing a config -file has been provided that suppresses the running of tests that are known to -fail. These suppressions are held in the file "test/ossl_shim/ossl_config.json" -within the OpenSSL source code. - -The community is encouraged to contribute patches which reduce the number of -suppressions that are currently present. - Python PYCA/Cryptography test suite =================================== diff --git a/test/build.info b/test/build.info index 8abb14f634..b31e5dedd5 100644 --- a/test/build.info +++ b/test/build.info @@ -1,5 +1,3 @@ -SUBDIRS=ossl_shim - # TODO: use ../apps/libapps.a instead of direct ../apps/lib source. # This can't currently be done, because some of its units drag in too many # unresolved references that don't apply here. diff --git a/test/data2.bin b/test/data2.bin index c4f9691a26..40c1bdad13 100644 --- a/test/data2.bin +++ b/test/data2.bin @@ -1,188 +1,61 @@ TEST DATA2 -Running external test suites with OpenSSL -========================================= - -It is possible to integrate external test suites into OpenSSL's "make test". -This capability is considered a developer option and does not work on all -platforms. - - - -The BoringSSL test suite -======================== - -In order to run the BoringSSL tests with OpenSSL, first checkout the BoringSSL -source code into an appropriate directory. This can be done in two ways: - -1) Separately from the OpenSSL checkout using: - - $ git clone https://boringssl.googlesource.com/boringssl boringssl - - The BoringSSL tests are only confirmed to work at a specific commit in the - BoringSSL repository. Later commits may or may not pass the test suite: - - $ cd boringssl - $ git checkout 490469f850e - -2) Using the already configured submodule settings in OpenSSL: - - $ git submodule update --init - -Configure the OpenSSL source code to enable the external tests: - -$ cd ../openssl -$ ./config enable-ssl3 enable-ssl3-method enable-weak-ssl-ciphers \ - enable-external-tests - -Note that using other config options than those given above may cause the tests -to fail. - -Run the OpenSSL tests by providing the path to the BoringSSL test runner in the -BORING_RUNNER_DIR environment variable: - -$ BORING_RUNNER_DIR=/path/to/boringssl/ssl/test/runner make test - -Note that the test suite may change directory while running so the path provided -should be absolute and not relative to the current working directory. - -To see more detailed output you can run just the BoringSSL tests with the -verbose option: - -$ VERBOSE=1 BORING_RUNNER_DIR=/path/to/boringssl/ssl/test/runner make \ - TESTS="test_external_boringssl" test - - -Test failures and suppressions ------------------------------- - -A large number of the BoringSSL tests are known to fail. A test could fail -because of many possible reasons. For example: - -- A bug in OpenSSL -- Different interpretations of standards -- Assumptions about the way BoringSSL works that do not apply to OpenSSL -- The test uses APIs added to BoringSSL that are not present in OpenSSL -- etc - -In order to provide a "clean" baseline run with all the tests passing a config -file has been provided that suppresses the running of tests that are known to -fail. These suppressions are held in the file "test/ossl_shim/ossl_config.json" -within the OpenSSL source code. - -The community is encouraged to contribute patches which reduce the number of -suppressions that are currently present. - - -Python PYCA/Cryptography test suite -=================================== - -This python test suite runs cryptographic tests with a local OpenSSL build as -the implementation. - -First checkout the PYCA/Cryptography module into ./pyca-cryptography using: - -$ git submodule update --init - -Then configure/build OpenSSL compatible with the python module: - -$ ./config shared enable-external-tests -$ make - -The tests will run in a python virtual environment which requires virtualenv -to be installed. - -$ make test VERBOSE=1 TESTS=test_external_pyca - -Test failures and suppressions ------------------------------- - -Some tests target older (<=1.0.2) versions so will not run. Other tests target -other crypto implementations so are not relevant. Currently no tests fail. - - -krb5 test suite -=============== - -Much like the PYCA/Cryptography test suite, this builds and runs the krb5 -tests against the local OpenSSL build. - -You will need a git checkout of krb5 at the top level: - -$ git clone https://github.com/krb5/krb5 - -krb5's master has to pass this same CI, but a known-good version is -krb5-1.15.1-final if you want to be sure. - -$ cd krb5 -$ git checkout krb5-1.15.1-final -$ cd .. - -OpenSSL must be built with external tests enabled: - -$ ./config enable-external-tests -$ make - -krb5's tests will then be run as part of the rest of the suite, or can be -explicitly run (with more debugging): - -$ VERBOSE=1 make TESTS=test_external_krb5 test - -Test-failures suppressions --------------------------- - -krb5 will automatically adapt its test suite to account for the configuration -of your system. Certain tests may require more installed packages to run. No -tests are expected to fail. - - -GOST engine test suite -=============== - -Much like the PYCA/Cryptography test suite, this builds and runs the GOST engine -tests against the local OpenSSL build. - -You will need a git checkout of gost-engine at the top level: - -$ git submodule update --init - -Then configure/build OpenSSL enabling external tests: - -$ ./config shared enable-external-tests -$ make - -GOST engine requires CMake for the build process. - -GOST engine tests will then be run as part of the rest of the suite, or can be -explicitly run (with more debugging): - -$ make test VERBOSE=1 TESTS=test_external_gost_engine - -Updating test suites -==================== - -To update the commit for any of the above test suites: - -- Make sure the submodules are cloned locally: - - $ git submodule update --init --recursive - -- Enter subdirectory and pull from the repository (use a specific branch/tag if required): - - $ cd <submodule-dir> - $ git pull origin master - -- Go to root directory, there should be a new git status: - - $ cd ../ - $ git status - ... - # modified: <submodule-dir> (new commits) - ... - -- Add/commit/push the update - - git add <submodule-dir> - git commit -m "Updated <submodule> to latest commit" - git push - +This is just some data that is meant to be different from the contents +of the data.bin file. + +Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod +tempor incididunt ut labore et dolore magna aliqua. Hendrerit dolor magna +eget est. Integer enim neque volutpat ac tincidunt vitae. Erat imperdiet +sed euismod nisi porta. Sit amet volutpat consequat mauris nunc. +Fermentum leo vel orci porta non. Purus viverra accumsan in nisl. +Volutpat maecenas volutpat blandit aliquam etiam erat velit scelerisque. +Gravida in fermentum et sollicitudin ac orci phasellus. Ut eu sem integer +vitae justo eget. Enim tortor at auctor urna nunc id. Laoreet non +curabitur gravida arcu ac tortor dignissim convallis aenean. A lacus +vestibulum sed arcu non odio euismod lacinia. In metus vulputate eu +scelerisque felis imperdiet proin fermentum. Semper quis lectus nulla at +volutpat diam ut venenatis tellus. Hac habitasse platea dictumst quisque. +Augue ut lectus arcu bibendum at varius vel pharetra. Nisl nunc mi ipsum +faucibus vitae aliquet. Nec sagittis aliquam malesuada bibendum arcu +vitae. Tellus id interdum velit laoreet id donec ultrices. + +Eget gravida cum sociis natoque. Nunc vel risus commodo viverra maecenas +accumsan. Enim lobortis scelerisque fermentum dui faucibus. Quis eleifend +quam adipiscing vitae. Nec nam aliquam sem et tortor. Pharetra massa +massa ultricies mi quis hendrerit. Tellus in metus vulputate eu +scelerisque. Et ultrices neque ornare aenean euismod elementum. Tellus +mauris a diam maecenas sed enim ut sem viverra. Fermentum leo vel orci +porta non pulvinar neque. Risus nullam eget felis eget nunc. Sed tempus +urna et pharetra pharetra massa massa ultricies. Dui sapien eget mi +proin. Vitae elementum curabitur vitae nunc sed velit dignissim sodales. +Sed arcu non odio euismod lacinia at. Enim praesent elementum facilisis +leo vel fringilla. Vel facilisis volutpat est velit egestas dui id ornare +arcu. Arcu dictum varius duis at. Pretium lectus quam id leo in vitae. + +Egestas fringilla phasellus faucibus scelerisque eleifend donec. Ut +ornare lectus sit amet est placerat in egestas. Viverra ipsum nunc +aliquet bibendum enim facilisis gravida neque. Commodo ullamcorper a +lacus vestibulum. Urna molestie at elementum eu. Mi in nulla posuere +sollicitudin aliquam ultrices sagittis orci a. Orci sagittis eu volutpat +odio facilisis mauris sit. Volutpat ac tincidunt vitae semper quis. +Adipiscing elit duis tristique sollicitudin nibh. Dignissim enim sit amet +venenatis urna cursus. Lacus luctus accumsan tortor posuere ac ut. Eu +feugiat pretium nibh ipsum consequat nisl. Arcu risus quis varius quam +quisque id diam. Urna nec tincidunt praesent semper feugiat nibh sed. Sed +libero enim sed faucibus turpis in eu mi. + +Suspendisse faucibus interdum posuere lorem ipsum dolor sit amet. Aliquet +eget sit amet tellus cras adipiscing enim. Lectus proin nibh nisl +condimentum id. Et odio pellentesque diam volutpat commodo sed egestas +egestas. Tempor id eu nisl nunc mi ipsum. Egestas erat imperdiet sed +euismod nisi porta lorem mollis aliquam. Pretium quam vulputate dignissim +suspendisse in est. Volutpat commodo sed egestas egestas fringilla. In +aliquam sem fringilla ut. Viverra accumsan in nisl nisi. Nam at lectus +urna duis convallis convallis. Tortor posuere ac ut consequat semper. +Pellentesque habitant morbi tristique senectus et netus et malesuada. +Aliquet enim tortor at auctor urna nunc id cursus metus. Sit amet luctus +venenatis lectus magna. A diam maecenas sed enim ut sem viverra aliquet. +Pellentesque sit amet porttitor eget dolor morbi. Eget lorem dolor sed +viverra ipsum nunc aliquet bibendum enim. Iaculis urna id volutpat lacus +laoreet non curabitur. Mattis vulputate enim nulla aliquet porttitor +lacus luctus accumsan tortor. diff --git a/test/ossl_shim/async_bio.cc b/test/ossl_shim/async_bio.cc deleted file mode 100644 index b21e5af51b..0000000000 --- a/test/ossl_shim/async_bio.cc +++ /dev/null @@ -1,183 +0,0 @@ -/* - * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#include "async_bio.h" - -#include <errno.h> -#include <string.h> - -#include <openssl/bio.h> -#include <openssl/crypto.h> - - -namespace { - -struct AsyncBio { - bool datagram; - bool enforce_write_quota; - size_t read_quota; - size_t write_quota; -}; - -AsyncBio *GetData(BIO *bio) { - return (AsyncBio *)BIO_get_data(bio); -} - -static int AsyncWrite(BIO *bio, const char *in, int inl) { - AsyncBio *a = GetData(bio); - if (a == NULL || BIO_next(bio) == NULL) { - return 0; - } - - if (!a->enforce_write_quota) { - return BIO_write(BIO_next(bio), in, inl); - } - - BIO_clear_retry_flags(bio); - - if (a->write_quota == 0) { - BIO_set_retry_write(bio); - errno = EAGAIN; - return -1; - } - - if (!a->datagram && (size_t)inl > a->write_quota) { - inl = a->write_quota; - } - int ret = BIO_write(BIO_next(bio), in, inl); - if (ret <= 0) { - BIO_copy_next_retry(bio); - } else { - a->write_quota -= (a->datagram ? 1 : ret); - } - return ret; -} - -static int AsyncRead(BIO *bio, char *out, int outl) { - AsyncBio *a = GetData(bio); - if (a == NULL || BIO_next(bio) == NULL) { - return 0; - } - - BIO_clear_retry_flags(bio); - - if (a->read_quota == 0) { - BIO_set_retry_read(bio); - errno = EAGAIN; - return -1; - } - - if (!a->datagram && (size_t)outl > a->read_quota) { - outl = a->read_quota; - } - int ret = BIO_read(BIO_next(bio), out, outl); - if (ret <= 0) { - BIO_copy_next_retry(bio); - } else { - a->read_quota -= (a->datagram ? 1 : ret); - } - return ret; -} - -static long AsyncCtrl(BIO *bio, int cmd, long num, void *ptr) { - if (BIO_next(bio) == NULL) { - return 0; - } - BIO_clear_retry_flags(bio); - int ret = BIO_ctrl(BIO_next(bio), cmd, num, ptr); - BIO_copy_next_retry(bio); - return ret; -} - -static int AsyncNew(BIO *bio) { - AsyncBio *a = (AsyncBio *)OPENSSL_malloc(sizeof(*a)); - if (a == NULL) { - return 0; - } - memset(a, 0, sizeof(*a)); - a->enforce_write_quota = true; - BIO_set_init(bio, 1); - BIO_set_data(bio, a); - return 1; -} - -static int AsyncFree(BIO *bio) { - if (bio == NULL) { - return 0; - } - - OPENSSL_free(BIO_get_data(bio)); - BIO_set_data(bio, NULL); - BIO_set_init(bio, 0); - return 1; -} - -static long AsyncCallbackCtrl(BIO *bio, int cmd, BIO_info_cb fp) -{ - if (BIO_next(bio) == NULL) - return 0; - return BIO_callback_ctrl(BIO_next(bio), cmd, fp); -} - -static BIO_METHOD *g_async_bio_method = NULL; - -static const BIO_METHOD *AsyncMethod(void) -{ - if (g_async_bio_method == NULL) { - g_async_bio_method = BIO_meth_new(BIO_TYPE_FILTER, "async bio"); - if ( g_async_bio_method == NULL - || !BIO_meth_set_write(g_async_bio_method, AsyncWrite) - || !BIO_meth_set_read(g_async_bio_method, AsyncRead) - || !BIO_meth_set_ctrl(g_async_bio_method, AsyncCtrl) - || !BIO_meth_set_create(g_async_bio_method, AsyncNew) - || !BIO_meth_set_destroy(g_async_bio_method, AsyncFree) - || !BIO_meth_set_callback_ctrl(g_async_bio_method, AsyncCallbackCtrl)) - return NULL; - } - return g_async_bio_method; -} - -} // namespace - -bssl::UniquePtr<BIO> AsyncBioCreate() { - return bssl::UniquePtr<BIO>(BIO_new(AsyncMethod())); -} - -bssl::UniquePtr<BIO> AsyncBioCreateDatagram() { - bssl::UniquePtr<BIO> ret(BIO_new(AsyncMethod())); - if (!ret) { - return nullptr; - } - GetData(ret.get())->datagram = true; - return ret; -} - -void AsyncBioAllowRead(BIO *bio, size_t count) { - AsyncBio *a = GetData(bio); - if (a == NULL) { - return; - } - a->read_quota += count; -} - -void AsyncBioAllowWrite(BIO *bio, size_t count) { - AsyncBio *a = GetData(bio); - if (a == NULL) { - return; - } - a->write_quota += count; -} - -void AsyncBioEnforceWriteQuota(BIO *bio, bool enforce) { - AsyncBio *a = GetData(bio); - if (a == NULL) { - return; - } - a->enforce_write_quota = enforce; -} diff --git a/test/ossl_shim/async_bio.h b/test/ossl_shim/async_bio.h deleted file mode 100644 index 0d3b0ebc6e..0000000000 --- a/test/ossl_shim/async_bio.h +++ /dev/null @@ -1,39 +0,0 @@ -/* - * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#ifndef OSSL_TEST_SHIM_ASYNC_BIO_H -#define OSSL_TEST_SHIM_ASYNC_BIO_H - -#include <openssl/base.h> -#include <openssl/bio.h> - - -// AsyncBioCreate creates a filter BIO for testing asynchronous state -// machines which consume a stream socket. Reads and writes will fail -// and return EAGAIN unless explicitly allowed. Each async BIO has a -// read quota and a write quota. Initially both are zero. As each is -// incremented, bytes are allowed to flow through the BIO. -bssl::UniquePtr<BIO> AsyncBioCreate(); - -// AsyncBioCreateDatagram creates a filter BIO for testing for -// asynchronous state machines which consume datagram sockets. The read -// and write quota count in packets rather than bytes. -bssl::UniquePtr<BIO> AsyncBioCreateDatagram(); - -// AsyncBioAllowRead increments |bio|'s read quota by |count|. -void AsyncBioAllowRead(BIO *bio, size_t count); - -// AsyncBioAllowWrite increments |bio|'s write quota by |count|. -void AsyncBioAllowWrite(BIO *bio, size_t count); - -// AsyncBioEnforceWriteQuota configures where |bio| enforces its write quota. -void AsyncBioEnforceWriteQuota(BIO *bio, bool enforce); - - -#endif // OSSL_TEST_SHIM_ASYNC_BIO_H diff --git a/test/ossl_shim/build.info b/test/ossl_shim/build.info deleted file mode 100644 index d1dd208408..0000000000 --- a/test/ossl_shim/build.info +++ /dev/null @@ -1,6 +0,0 @@ -IF[{- defined $target{CXX} && !$disabled{"external-tests"} -}] - PROGRAMS{noinst}=ossl_shim - SOURCE[ossl_shim]=ossl_shim.cc async_bio.cc packeted_bio.cc test_config.cc - INCLUDE[ossl_shim]=. include ../../include - DEPEND[ossl_shim]=../../libssl ../../libcrypto -ENDIF diff --git a/test/ossl_shim/include/openssl/base.h b/test/ossl_shim/include/openssl/base.h deleted file mode 100644 index 9b07292673..0000000000 --- a/test/ossl_shim/include/openssl/base.h +++ /dev/null @@ -1,114 +0,0 @@ -/* - * Copyright 1998-2021 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#ifndef OSSL_TEST_SHIM_INCLUDE_OPENSSL_BASE_H -#define OSSL_TEST_SHIM_INCLUDE_OPENSSL_BASE_H - -/* Needed for DH functions */ -#include "internal/deprecated.h" - -/* Needed for BORINGSSL_MAKE_DELETER */ -# include <openssl/bio.h> -# include <openssl/evp.h> -# include <openssl/dh.h> -# include <openssl/x509.h> -# include <openssl/ssl.h> - -# define OPENSSL_ARRAY_SIZE(array) (sizeof(array) / sizeof((array)[0])) - -extern "C++" { - -#include <memory> - -namespace bssl { - -namespace internal { - -template <typename T> -struct DeleterImpl {}; - -template <typename T> -struct Deleter { - void operator()(T *ptr) { - // Rather than specialize Deleter for each type, we specialize - // DeleterImpl. This allows bssl::UniquePtr<T> to be used while only - // including base.h as long as the destructor is not emitted. This matches - // std::unique_ptr's behavior on forward-declared types. - // - // DeleterImpl itself is specialized in the corresponding module's header - // and must be included to release an object. If not included, the compiler - // will error that DeleterImpl<T> does not have a method Free. - DeleterImpl<T>::Free(ptr); - } -}; - -template <typename T, typename CleanupRet, void (*init)(T *), - CleanupRet (*cleanup)(T *)> -class StackAllocated { - public: - StackAllocated() { init(&ctx_); } - ~StackAllocated() { cleanup(&ctx_); } - - StackAllocated(const StackAllocated<T, CleanupRet, init, cleanup> &) = delete; - T& operator=(const StackAllocated<T, CleanupRet, init, cleanup> &) = delete; - - T *get() { return &ctx_; } - const T *get() const { return &ctx_; } - - void Reset() { - cleanup(&ctx_); - init(&ctx_); - } - - private: - T ctx_; -}; - -} // namespace internal - -#define BORINGSSL_MAKE_DELETER(type, deleter) \ - namespace internal { \ - template <> \ - struct DeleterImpl<type> { \ - static void Free(type *ptr) { deleter(ptr); } \ - }; \ - } - -// This makes a unique_ptr to STACK_OF(type) that owns all elements on the -// stack, i.e. it uses sk_pop_free() to clean up. -#define BORINGSSL_MAKE_STACK_DELETER(type, deleter) \ - namespace internal { \ - template <> \ - struct DeleterImpl<STACK_OF(type)> { \ - static void Free(STACK_OF(type) *ptr) { \ - sk_##type##_pop_free(ptr, deleter); \ - } \ - }; \ - } - -// Holds ownership of heap-allocated BoringSSL structures. Sample usage: -// bssl::UniquePtr<BIO> rsa(RSA_new()); -// bssl::UniquePtr<BIO> bio(BIO_new(BIO_s_mem())); -template <typename T> -using UniquePtr = std::unique_ptr<T, internal::Deleter<T>>; - -BORINGSSL_MAKE_DELETER(BIO, BIO_free) -BORINGSSL_MAKE_DELETER(EVP_PKEY, EVP_PKEY_free) -BORINGSSL_MAKE_DELETER(DH, DH_free) -BORINGSSL_MAKE_DELETER(X509, X509_free) -BORINGSSL_MAKE_DELETER(SSL, SSL_free) -BORINGSSL_MAKE_DELETER(SSL_CTX, SSL_CTX_free) -BORINGSSL_MAKE_DELETER(SSL_SESSION, SSL_SESSION_free) - -} // namespace bssl - -} /* extern C++ */ - - -#endif /* OSSL_TEST_SHIM_INCLUDE_OPENSSL_BASE_H */ diff --git a/test/ossl_shim/ossl_config.json b/test/ossl_shim/ossl_config.json deleted file mode 100644 index 1e57499065..0000000000 --- a/test/ossl_shim/ossl_config.json +++ /dev/null @@ -1,301 +0,0 @@ - -{ - "DisabledTests" : { - "*TLS13*":"No TLS1.3 support yet", - "FragmentAlert-DTLS":"Test failure - reason unknown", - "FragmentedClientVersion":"Test failure - reason unknown", - "MTU":"Test failure - reason unknown", - "EmptyCertificateList":"Test failure - reason unknown", - "AppDataBeforeHandshake-DTLS":"Test failure - reason unknown", - "AlertAfterChangeCipherSpec":"Test failure - reason unknown", - "AppDataAfterChangeCipherSpec":"Test failure - reason unknown", - "AppDataAfterChangeCipherSpec-Empty":"Test failure - reason unknown", - "AppDataAfterChangeCipherSpec-DTLS":"Test failure - reason unknown", - "AppDataBeforeHandshake-DTLS-Empty":"Test failure - reason unknown", - "AlertAfterChangeCipherSpec-DTLS":"Test failure - reason unknown", - "FragmentMessageLengthMismatch-DTLS":"Test failure - reason unknown", - "SplitFragments-Header-DTLS":"Test failure - reason unknown", - "SplitFragments-Boundary-DTLS":"Test failure - reason unknown", - "SplitFragments-Body-DTLS":"Test failure - reason unknown", - "SendEmptyFragments-DTLS":"Test failure - reason unknown", - "SendInvalidRecordType-DTLS":"Test failure - reason unknown", - "SendInvalidRecordType":"Test failure - reason unknown", - "FragmentMessageTypeMismatch-DTLS":"Test failure - reason unknown", - "SendWarningAlerts-Pass":"Test failure - reason unknown", - "SendWarningAlerts-DTLS-Pass":"Test failure - reason unknown", - "TooManyKeyUpdates":"Test failure - reason unknown", - "Unclean-Shutdown-Alert":"Test failure - reason unknown", - "V2ClientHello-WarningAlertPrefix":"Test failure - reason unknown", - "BadHelloRequest-2":"Test failure - reason unknown", - "DTLS-SendExtraFinished":"Test failure - reason unknown", - "NoNullCompression-TLS12":"Test failure - reason unknown", - "KeyUpdate-Client":"Test failure - reason unknown", - "KeyUpdate-InvalidRequestMode":"Test failure - reason unknown", - "DTLS-SendExtraFinished-Reordered":"Test failure - reason unknown", - "LargeMessage-Reject-DTLS":"Test failure - reason unknown", - "KeyUpdate-Server":"Test failure - reason unknown", - "SSL3-ECDHE-PSK-AES128-CBC-SHA-server":"Test failure - reason unknown", - "SSL3-ECDHE-PSK-AES256-CBC-SHA-server":"Test failure - reason unknown", - "DTLS1-NULL-SHA-server":"Test failure - reason unknown", - "DTLS1-NULL-SHA-client":"Test failure - reason unknown", - "DTLS12-NULL-SHA-client":"Test failure - reason unknown", - "DTLS12-NULL-SHA-server":"Test failure - reason unknown", - "BadECDSA-1-4":"Test failure - reason unknown", - "BadECDSA-3-4":"Test failure - reason unknown", - "BadECDSA-4-1":"Test failure - reason unknown", - "BadECDSA-4-4":"Test failure - reason unknown", - "BadECDSA-4-3":"Test failure - reason unknown", - "SillyDH":"Test failure - reason unknown", - "VersionNegotiationExtension-TLS1-DTLS":"Test failure - reason unknown", - "NoSupportedVersions-DTLS":"Test failure - reason unknown", - "VersionTooLow-DTLS":"Test failure - reason unknown", - "IgnoreClientVersionOrder":"Test failure - reason unknown", - "VersionTooLow":"Test failure - reason unknown", - "MinimumVersion-Server-TLS1-SSL3":"Test failure - reason unknown", - "MinimumVersion-Server2-TLS1-SSL3":"Test failure - reason unknown", - "MinimumVersion-Client2-TLS1-SSL3":"Test failure - reason unknown", - "MinimumVersion-Server2-TLS11-SSL3":"Test failure - reason unknown", - "MinimumVersion-Server-TLS11-SSL3":"Test failure - reason unknown", - "MinimumVersion-Client2-TLS11-SSL3":"Test failure - reason unknown", - "MinimumVersion-Client2-TLS11-TLS1":"Test failure - reason unknown", - "MinimumVersion-Server2-TLS12-SSL3":"Test failure - reason unknown", - "MinimumVersion-Server-TLS12-SSL3":"Test failure - reason unknown", - "MinimumVersion-Client2-TLS12-TLS1":"Test failure - reason unknown", - "MinimumVersion-Client2-TLS12-SSL3":"Test failure - reason unknown", - "MinimumVersion-Client2-TLS12-TLS1-DTLS":"Test failure - reason unknown", - "MinimumVersion-Clie |