Commit graph

32 commits

Author SHA1 Message Date
Matt Caswell
10a1ec4833 Fix BoringSSL alert related test failures
Commit bd990e2535 changed our handling of alerts. Some of the BoringSSl
tests were expecting specific errors to be created if bad alerts were sent.
Those errors have now changed as a result of that commit, so the BoringSSL
test config needs to be updated to match.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3549)
2017-05-25 15:38:22 +01:00
FdaSilvaYY
69687aa829 More typo fixes
Fix some comments too
[skip ci]

Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3069)
2017-03-29 07:14:29 +02:00
Matt Caswell
f81f279a73 Re-enable some BoringSSL tests
The previous 2 commits fixed some issues in the Boring tests. This
re-enables those tests.

[extended tests]

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2942)
2017-03-14 23:15:21 +00:00
Matt Caswell
162e120711 SSL_get_peer_cert_chain() does not work after a resumption
After a resumption it is documented that SSL_get_peer_cert_chain() will
return NULL. In BoringSSL it still returns the chain. We don't support that
so we should update the shim to call SSL_get_peer_certificate() instead
when checking whether a peer certificate is available.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2942)
2017-03-14 23:15:21 +00:00
Matt Caswell
e29d7cea33 Ensure we set the session id context in ossl_shim
OpenSSL requires that we set the session id context. BoringSSL apparently
does not require this, so wasn't setting it.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2942)
2017-03-14 23:15:21 +00:00
Matt Caswell
64e2b23ce3 Fix 12 Boring tests involving NULL-SHA ciphersuites
The Boring runner attempts to enable the NULL-SHA ciphersuite using the
cipherstring "DEFAULT:NULL-SHA". However in OpenSSL DEFAULT permanently
switches off NULL ciphersuites, so we fix this up to be "ALL:NULL-SHA"
instead. We can't change the runner so we have to change the shim to
detect this.

(Merged from https://github.com/openssl/openssl/pull/2933)
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Emilia Käsper <emilia@openssl.org>
2017-03-14 14:29:31 +00:00
Matt Caswell
4b5f7e7555 Update ossl_config.json for later BoringSSL commit
Update the list of suppressions so that we can run a later BoringSSL set
of tests. This also adds an ErrorMap to greatly reduce the number of
failing tests. The remaining tests that still fail are just disabled for
now.

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2930)
2017-03-14 12:12:13 +00:00
Matt Caswell
2256f456bc Make the Boring tests pass
The boring tests are currently failing because they send a PSK extension
which isn't in the last place. This is not allowed in the latest TLS1.3
specs. However the Boring tests we have are based on an old commit that
pre-date when that rule first appeared.

The proper solution is to update the tests to a later commit. But for now
to get travis to go green we disable the failing tests.

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2928)
2017-03-14 09:59:51 +00:00
Rich Salz
aff8c126fd Move extension data into sub-structs
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2052)
2017-01-09 22:26:47 -05:00
Matt Caswell
14d21b690a Suppress some BoringSSL test failures
The external BoringSSL tests had some failures as a result of
the extensions refactor. This was due to a deliberate relaxation
of the duplicate extensions checking code. We now only check
known extensions for duplicates. Unknown extensions are ignored.
This is allowed behaviour, so we suppress those BoringSSL tests.

Perl changes reviewed by Richard Levitte. Non-perl changes reviewed by Rich
Salz

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-12-08 17:20:45 +00:00
Matt Caswell
66889e4399 Fix some defines in ossl_shim
ossl_shim had some TLS1.3 defines that are now in ssl.h so need to be
removed.

Reviewed-by: Emilia Käsper <emilia@openssl.org>
2016-11-23 17:01:33 +00:00
Matt Caswell
a1ca39c02c Remove an unused field in ossl_shim
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-11-04 10:38:54 +00:00
Matt Caswell
e8585479a1 Add a wildcard exception for TLS13 tests
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-11-04 10:38:54 +00:00
Matt Caswell
92ab7db6f8 Swap header copyrights to standard OpenSSL
As per permission from Google (Emilia).

Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-11-04 10:38:54 +00:00
Matt Caswell
bc708af4b0 Add missing bn.h include
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-11-04 10:38:54 +00:00
Matt Caswell
b289bff830 Update the BoringSSL suppressions file based on the latest shim
The updated shim has the ability to skip tests using unimplemented flags.
This should reduce the number of test failures.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-11-04 10:38:54 +00:00
Matt Caswell
1669b7b587 Rename BoringSSL style OPENSSL_WINDOWS to OPENSSL_SYS_WINDOWS
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-11-04 10:38:54 +00:00
Matt Caswell
1c8235c9b3 Fix a code inconsistency
Move from two ifs to a single one with an &&

Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-11-04 10:38:54 +00:00
Matt Caswell
fc237de7ff Remove some #if 0'd out code
It was only a sanity check anyway, so isn't needed

Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-11-04 10:38:54 +00:00
Matt Caswell
0abcaddfcb Removed scoped_types.h
It is no longer used (replaced with bssl:UniquePtr)

Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-11-04 10:38:54 +00:00
Matt Caswell
aedf33aed5 Remove some flags that are unused in the shim
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-11-04 10:38:54 +00:00
Matt Caswell
06e452fbc1 Use the -allow-unimplemented feature of the BoringSSL runner
That way we can remove flags that we don't support

Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-11-04 10:38:54 +00:00
Matt Caswell
8beda2c12d Remove unused BoringSSL specific flags
We will rely on the -allow-unimplemented feature instead.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-11-04 10:38:54 +00:00
Matt Caswell
5b2d35c344 Remove some unreferenced fields from TestState
They were there for BoringSSL only features which are not relevant to us.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-11-04 10:38:54 +00:00
Matt Caswell
2fd0dfd9f6 Remove some #if 0'd out code
It was just a sanity check and isn't needed

Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-11-04 10:38:54 +00:00
Matt Caswell
d664ff498c Remove test/ossl_shim/Makefile
This Makefile was temporary. Building ossl_shim has now been integrated into
to the build system.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-11-04 10:38:54 +00:00
Matt Caswell
4d040e283e Fix some unused variable warnings in ossl_shim
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-11-04 10:38:54 +00:00
Matt Caswell
ce2596d404 Control building of ossl_shim through Configure
Don't build ossl_shim by default. Switch it on through
enable-external-tests.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-11-04 10:38:54 +00:00
Richard Levitte
cfa7697986 Integrate ossl_shim into the build
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
2016-11-04 10:38:54 +00:00
Matt Caswell
50b014e4c6 Add a shim config file
This just disables all tests that fail at the moment. Over time we will
want to go over these and figure out why they are failing (and fix them if
appropriate)

Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-11-04 10:38:54 +00:00
Matt Caswell
7b73b7beda Rebase shim against latest boringssl code
Numerous conflicts resolved. rebase was against commit 490469f850.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-11-04 10:38:54 +00:00
Matt Caswell
eef977aa0e Integrate BoringSSL shim
The BoringSSL test suite contains numerous tests which OpenSSL does not.

The BoringSSL test runner uses a shim to launch the library and execute the
tests. This is a version of the BoringSSL shim converted to compile against
OpenSSL instead.

This is primarily based on the work of David Benjamin from the BoringSSL
project who did most of the necessary conversion. It also includes a few
other tweaks for opacity changes etc.

This is based on a *very* old version of BoringSSL from commit f277add6c.
That was the last commit known to work with this patched shim. Later
versions may also work but lots of merge conflicts occur when trying to
bring it up to date.

At the moment this has not been integrated into the build system. There is
a very simple standalone makefile in the ossl_shim directory which should
be executed directly before tyring to use the shim.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-11-04 10:38:54 +00:00