From 8beda2c12dc58389dd3c036b0858e15b010567da Mon Sep 17 00:00:00 2001 From: Matt Caswell Date: Wed, 19 Oct 2016 11:03:38 +0100 Subject: [PATCH] Remove unused BoringSSL specific flags We will rely on the -allow-unimplemented feature instead. Reviewed-by: Richard Levitte --- test/ossl_shim/ossl_config.json | 1 + test/ossl_shim/ossl_shim.cc | 84 ++------------------------------- test/ossl_shim/test_config.cc | 37 --------------- test/ossl_shim/test_config.h | 19 -------- 4 files changed, 5 insertions(+), 136 deletions(-) diff --git a/test/ossl_shim/ossl_config.json b/test/ossl_shim/ossl_config.json index 91491abb09..bcfa62a47f 100644 --- a/test/ossl_shim/ossl_config.json +++ b/test/ossl_shim/ossl_config.json @@ -1,3 +1,4 @@ + { "DisabledTests" : { "SkipCertificateStatus":"Test failure - reason unknown", diff --git a/test/ossl_shim/ossl_shim.cc b/test/ossl_shim/ossl_shim.cc index b8c62b0acf..99733f6065 100644 --- a/test/ossl_shim/ossl_shim.cc +++ b/test/ossl_shim/ossl_shim.cc @@ -154,16 +154,6 @@ static bool GetCertificate(SSL *ssl, bssl::UniquePtr *out_x509, bssl::UniquePtr *out_pkey) { const TestConfig *config = GetTestConfig(ssl); - if (!config->digest_prefs.empty()) { - fprintf(stderr, "Digest prefs not supported.\n"); - return false; - } - - if (!config->signing_prefs.empty()) { - fprintf(stderr, "Set signing algorithm prefs not supported\n"); - return false; - } - if (!config->key_file.empty()) { *out_pkey = LoadPrivateKey(config->key_file.c_str()); if (!*out_pkey) { @@ -176,10 +166,6 @@ static bool GetCertificate(SSL *ssl, bssl::UniquePtr *out_x509, return false; } } - if (!config->ocsp_response.empty()) { - fprintf(stderr, "OCSP response not supported.\n"); - return false; - } return true; } @@ -564,11 +550,6 @@ static bssl::UniquePtr SetupCtx(const TestConfig *config) { return nullptr; } - if (!config->cipher_tls10.empty() || !config->cipher_tls11.empty()) { - fprintf(stderr, "version-specific cipher lists not supported.\n"); - return nullptr; - } - DH *tmpdh; if (config->use_sparse_dh_prime) { @@ -655,11 +636,6 @@ static bssl::UniquePtr SetupCtx(const TestConfig *config) { SSL_CTX_set_cert_verify_callback(ssl_ctx.get(), VerifySucceed, NULL); } - if (!config->signed_cert_timestamps.empty()) { - fprintf(stderr, "SCTs not supported.\n"); - return nullptr; - } - if (config->use_null_client_ca_list) { SSL_CTX_set_client_CA_list(ssl_ctx.get(), nullptr); } @@ -806,14 +782,12 @@ static bool CheckHandshakeProperties(SSL *ssl, bool is_resume) { return false; } - bool expect_handshake_done = is_resume || !config->false_start; - if (expect_handshake_done != GetTestState(ssl)->handshake_done) { - fprintf(stderr, "handshake was%s completed\n", - GetTestState(ssl)->handshake_done ? "" : " not"); + if (!GetTestState(ssl)->handshake_done) { + fprintf(stderr, "handshake was not completed\n"); return false; } - if (expect_handshake_done && !config->is_server) { + if (!config->is_server) { bool expect_new_session = !config->expect_no_session && (!SSL_session_reused(ssl) || config->expect_ticket_renewal) && @@ -930,10 +904,6 @@ static bool DoExchange(bssl::UniquePtr *out_session, if (config->verify_peer) { SSL_set_verify(ssl.get(), SSL_VERIFY_PEER, NULL); } - if (config->false_start) { - fprintf(stderr, "False Start not supported\n"); - return false; - } if (config->partial_write) { SSL_set_mode(ssl.get(), SSL_MODE_ENABLE_PARTIAL_WRITE); } @@ -952,14 +922,6 @@ static bool DoExchange(bssl::UniquePtr *out_session, if (config->no_ssl3) { SSL_set_options(ssl.get(), SSL_OP_NO_SSLv3); } - if (!config->expected_channel_id.empty()) { - fprintf(stderr, "Channel ID not supported\n"); - return false; - } - if (!config->send_channel_id.empty()) { - fprintf(stderr, "Channel ID not supported\n"); - return false; - } if (!config->host_name.empty() && !SSL_set_tlsext_host_name(ssl.get(), config->host_name.c_str())) { return false; @@ -982,14 +944,6 @@ static bool DoExchange(bssl::UniquePtr *out_session, SSL_set_tlsext_use_srtp(ssl.get(), config->srtp_profiles.c_str())) { return false; } - if (config->enable_ocsp_stapling) { - fprintf(stderr, "OCSP stapling not supported (with the same API).\n"); - return false; - } - if (config->enable_signed_cert_timestamps) { - fprintf(stderr, "SCTs not supported (with the same API).\n"); - return false; - } if (config->min_version != 0 && !SSL_set_min_proto_version(ssl.get(), (uint16_t)config->min_version)) { return false; @@ -1002,28 +956,12 @@ static bool DoExchange(bssl::UniquePtr *out_session, SSL_set_options(ssl.get(), SSL_OP_NO_QUERY_MTU); SSL_set_mtu(ssl.get(), config->mtu); } - if (config->install_ddos_callback) { - fprintf(stderr, "DDoS callback not supported.\n"); - return false; - } - if (config->renegotiate_once) { - fprintf(stderr, "renegotiate_once not supported.\n"); - return false; - } if (config->renegotiate_freely) { // This is always on for OpenSSL. } - if (config->renegotiate_ignore) { - fprintf(stderr, "renegotiate_ignore not supported.\n"); - return false; - } if (!config->check_close_notify) { SSL_set_quiet_shutdown(ssl.get(), 1); } - if (config->disable_npn) { - fprintf(stderr, "SSL_OP_DISABLE_NPN not supported.\n"); - return false; - } if (config->p384_only) { int nid = NID_secp384r1; if (!SSL_set1_curves(ssl.get(), &nid, 1)) { @@ -1039,10 +977,6 @@ static bool DoExchange(bssl::UniquePtr *out_session, return false; } } - if (config->initial_timeout_duration_ms > 0) { - fprintf(stderr, "Setting DTLS initial timeout duration not supported.\n"); - return false; - } if (config->max_cert_list > 0) { SSL_set_max_cert_list(ssl.get(), config->max_cert_list); } @@ -1137,16 +1071,6 @@ static bool DoExchange(bssl::UniquePtr *out_session, } } - if (config->tls_unique) { - fprintf(stderr, "tls_unique not supported\n"); - return false; - } - - if (config->send_alert) { - fprintf(stderr, "Sending an alert not supported\n"); - return false; - } - if (config->write_different_record_sizes) { if (config->is_dtls) { fprintf(stderr, "write_different_record_sizes not supported for DTLS\n"); @@ -1223,7 +1147,7 @@ static bool DoExchange(bssl::UniquePtr *out_session, } } - if (!config->is_server && !config->false_start && + if (!config->is_server && !config->implicit_handshake && // Session tickets are sent post-handshake in TLS 1.3. GetProtocolVersion(ssl.get()) < TLS1_3_VERSION && diff --git a/test/ossl_shim/test_config.cc b/test/ossl_shim/test_config.cc index 84f290d2f1..3002137149 100644 --- a/test/ossl_shim/test_config.cc +++ b/test/ossl_shim/test_config.cc @@ -49,7 +49,6 @@ const Flag kBoolFlags[] = { { "-fallback-scsv", &TestConfig::fallback_scsv }, { "-require-any-client-certificate", &TestConfig::require_any_client_certificate }, - { "-false-start", &TestConfig::false_start }, { "-async", &TestConfig::async }, { "-write-different-record-sizes", &TestConfig::write_different_record_sizes }, @@ -60,24 +59,18 @@ const Flag kBoolFlags[] = { { "-no-tls11", &TestConfig::no_tls11 }, { "-no-tls1", &TestConfig::no_tls1 }, { "-no-ssl3", &TestConfig::no_ssl3 }, - { "-enable-channel-id", &TestConfig::enable_channel_id }, { "-shim-writes-first", &TestConfig::shim_writes_first }, { "-expect-session-miss", &TestConfig::expect_session_miss }, { "-decline-alpn", &TestConfig::decline_alpn }, { "-expect-extended-master-secret", &TestConfig::expect_extended_master_secret }, - { "-enable-ocsp-stapling", &TestConfig::enable_ocsp_stapling }, - { "-enable-signed-cert-timestamps", - &TestConfig::enable_signed_cert_timestamps }, { "-implicit-handshake", &TestConfig::implicit_handshake }, { "-use-early-callback", &TestConfig::use_early_callback }, { "-fail-early-callback", &TestConfig::fail_early_callback }, - { "-install-ddos-callback", &TestConfig::install_ddos_callback }, { "-fail-ddos-callback", &TestConfig::fail_ddos_callback }, { "-fail-second-ddos-callback", &TestConfig::fail_second_ddos_callback }, { "-handshake-never-done", &TestConfig::handshake_never_done }, { "-use-export-context", &TestConfig::use_export_context }, - { "-tls-unique", &TestConfig::tls_unique }, { "-expect-ticket-renewal", &TestConfig::expect_ticket_renewal }, { "-expect-no-session", &TestConfig::expect_no_session }, { "-use-ticket-callback", &TestConfig::use_ticket_callback }, @@ -93,30 +86,24 @@ const Flag kBoolFlags[] = { { "-verify-fail", &TestConfig::verify_fail }, { "-verify-peer", &TestConfig::verify_peer }, { "-expect-verify-result", &TestConfig::expect_verify_result }, - { "-renegotiate-once", &TestConfig::renegotiate_once }, { "-renegotiate-freely", &TestConfig::renegotiate_freely }, - { "-renegotiate-ignore", &TestConfig::renegotiate_ignore }, - { "-disable-npn", &TestConfig::disable_npn }, { "-p384-only", &TestConfig::p384_only }, { "-enable-all-curves", &TestConfig::enable_all_curves }, { "-use-sparse-dh-prime", &TestConfig::use_sparse_dh_prime }, { "-use-old-client-cert-callback", &TestConfig::use_old_client_cert_callback }, { "-use-null-client-ca-list", &TestConfig::use_null_client_ca_list }, - { "-send-alert", &TestConfig::send_alert }, { "-peek-then-read", &TestConfig::peek_then_read }, { "-enable-grease", &TestConfig::enable_grease }, }; const Flag kStringFlags[] = { - { "-digest-prefs", &TestConfig::digest_prefs }, { "-key-file", &TestConfig::key_file }, { "-cert-file", &TestConfig::cert_file }, { "-expect-server-name", &TestConfig::expected_server_name }, { "-advertise-npn", &TestConfig::advertise_npn }, { "-expect-next-proto", &TestConfig::expected_next_proto }, { "-select-next-proto", &TestConfig::select_next_proto }, - { "-send-channel-id", &TestConfig::send_channel_id }, { "-host-name", &TestConfig::host_name }, { "-advertise-alpn", &TestConfig::advertise_alpn }, { "-expect-alpn", &TestConfig::expected_alpn }, @@ -126,20 +113,15 @@ const Flag kStringFlags[] = { { "-psk-identity", &TestConfig::psk_identity }, { "-srtp-profiles", &TestConfig::srtp_profiles }, { "-cipher", &TestConfig::cipher }, - { "-cipher-tls10", &TestConfig::cipher_tls10 }, - { "-cipher-tls11", &TestConfig::cipher_tls11 }, { "-export-label", &TestConfig::export_label }, { "-export-context", &TestConfig::export_context }, }; const Flag kBase64Flags[] = { { "-expect-certificate-types", &TestConfig::expected_certificate_types }, - { "-expect-channel-id", &TestConfig::expected_channel_id }, { "-expect-ocsp-response", &TestConfig::expected_ocsp_response }, { "-expect-signed-cert-timestamps", &TestConfig::expected_signed_cert_timestamps }, - { "-ocsp-response", &TestConfig::ocsp_response }, - { "-signed-cert-timestamps", &TestConfig::signed_cert_timestamps }, }; const Flag kIntFlags[] = { @@ -154,14 +136,9 @@ const Flag kIntFlags[] = { &TestConfig::expect_peer_signature_algorithm }, { "-expect-curve-id", &TestConfig::expect_curve_id }, { "-expect-dhe-group-size", &TestConfig::expect_dhe_group_size }, - { "-initial-timeout-duration-ms", &TestConfig::initial_timeout_duration_ms }, { "-max-cert-list", &TestConfig::max_cert_list }, }; -const Flag> kIntVectorFlags[] = { - { "-signing-prefs", &TestConfig::signing_prefs }, -}; - } // namespace bool ParseConfig(int argc, char **argv, TestConfig *out_config) { @@ -213,20 +190,6 @@ bool ParseConfig(int argc, char **argv, TestConfig *out_config) { continue; } - std::vector *int_vector_field = - FindField(out_config, kIntVectorFlags, argv[i]); - if (int_vector_field) { - i++; - if (i >= argc) { - fprintf(stderr, "Missing parameter\n"); - return false; - } - - // Each instance of the flag adds to the list. - int_vector_field->push_back(atoi(argv[i])); - continue; - } - fprintf(stderr, "Unknown argument: %s\n", argv[i]); return false; } diff --git a/test/ossl_shim/test_config.h b/test/ossl_shim/test_config.h index 9f742975b5..eecf171a73 100644 --- a/test/ossl_shim/test_config.h +++ b/test/ossl_shim/test_config.h @@ -25,8 +25,6 @@ struct TestConfig { bool is_dtls = false; int resume_count = 0; bool fallback_scsv = false; - std::string digest_prefs; - std::vector signing_prefs; std::string key_file; std::string cert_file; std::string expected_server_name; @@ -34,7 +32,6 @@ struct TestConfig { bool require_any_client_certificate = false; std::string advertise_npn; std::string expected_next_proto; - bool false_start = false; std::string select_next_proto; bool async = false; bool write_different_record_sizes = false; @@ -45,9 +42,6 @@ struct TestConfig { bool no_tls11 = false; bool no_tls1 = false; bool no_ssl3 = false; - std::string expected_channel_id; - bool enable_channel_id = false; - std::string send_channel_id; bool shim_writes_first = false; std::string host_name; std::string advertise_alpn; @@ -60,9 +54,7 @@ struct TestConfig { std::string psk; std::string psk_identity; std::string srtp_profiles; - bool enable_ocsp_stapling = false; std::string expected_ocsp_response; - bool enable_signed_cert_timestamps = false; std::string expected_signed_cert_timestamps; int min_version = 0; int max_version = 0; @@ -70,18 +62,14 @@ struct TestConfig { bool implicit_handshake = false; bool use_early_callback = false; bool fail_early_callback = false; - bool install_ddos_callback = false; bool fail_ddos_callback = false; bool fail_second_ddos_callback = false; std::string cipher; - std::string cipher_tls10; - std::string cipher_tls11; bool handshake_never_done = false; int export_keying_material = 0; std::string export_label; std::string export_context; bool use_export_context = false; - bool tls_unique = false; bool expect_ticket_renewal = false; bool expect_no_session = false; bool use_ticket_callback = false; @@ -90,18 +78,13 @@ struct TestConfig { bool enable_server_custom_extension = false; bool custom_extension_skip = false; bool custom_extension_fail_add = false; - std::string ocsp_response; bool check_close_notify = false; bool shim_shuts_down = false; bool verify_fail = false; bool verify_peer = false; bool expect_verify_result = false; - std::string signed_cert_timestamps; int expect_total_renegotiations = 0; - bool renegotiate_once = false; bool renegotiate_freely = false; - bool renegotiate_ignore = false; - bool disable_npn = false; int expect_peer_signature_algorithm = 0; bool p384_only = false; bool enable_all_curves = false; @@ -109,9 +92,7 @@ struct TestConfig { int expect_curve_id = 0; int expect_dhe_group_size = 0; bool use_old_client_cert_callback = false; - int initial_timeout_duration_ms = 0; bool use_null_client_ca_list = false; - bool send_alert = false; bool peek_then_read = false; bool enable_grease = false; int max_cert_list = 0; -- 2.25.1