Fix 12 Boring tests involving NULL-SHA ciphersuites

The Boring runner attempts to enable the NULL-SHA ciphersuite using the cipherstring "DEFAULT:NULL-SHA". However in OpenSSL DEFAULT permanently switches off NULL ciphersuites, so we fix this up to be "ALL:NULL-SHA" instead. We can't change the runner so we have to change the shim to detect this. (Merged from https://github.com/openssl/openssl/pull/2933) Reviewed-by: N Rich Salz <rsalz@openssl.org> Reviewed-by: N Emilia Käsper <emilia@openssl.org>

Fix 12 Boring tests involving NULL-SHA ciphersuites
The Boring runner attempts to enable the NULL-SHA ciphersuite using the cipherstring "DEFAULT:NULL-SHA". However in OpenSSL DEFAULT permanently switches off NULL ciphersuites, so we fix this up to be "ALL:NULL-SHA" instead. We can't change the runner so we have to change the shim to detect this. (Merged from https://github.com/openssl/openssl/pull/2933) Reviewed-by: N Rich Salz <rsalz@openssl.org> Reviewed-by: N Emilia Käsper <emilia@openssl.org>
64e2b23c · Matt Caswell · 49619ab0 · 64e2b23c · 64e2b23c
显示空白变更内容
内联并排

Showing with 19 addition and 17 deletion

test/ossl_shim/ossl_config.json test/ossl_shim/ossl_config.json +4 -16

test/ossl_shim/test_config.cc test/ossl_shim/test_config.cc +15 -1

未找到文件。
--- a/test/ossl_shim/ossl_config.json
+++ b/test/ossl_shim/ossl_config.json
@@ -36,22 +36,10 @@
        "KeyUpdate-Server":"Test failure - reason unknown",
        "SSL3-ECDHE-PSK-AES128-CBC-SHA-server":"Test failure - reason unknown",
        "SSL3-ECDHE-PSK-AES256-CBC-SHA-server":"Test failure - reason unknown",
-        "SSL3-NULL-SHA-server":"Test failure - reason unknown",
-        "SSL3-NULL-SHA-client":"Test failure - reason unknown",
-        "SSL3-NULL-SHA-LargeRecord":"Test failure - reason unknown",
-        "SSL3-NULL-SHA-BadRecord":"Test failure - reason unknown",
-        "TLS1-NULL-SHA-server":"Test failure - reason unknown",
-        "TLS1-NULL-SHA-LargeRecord":"Test failure - reason unknown",
-        "TLS1-NULL-SHA-BadRecord":"Test failure - reason unknown",
-        "TLS11-NULL-SHA-server":"Test failure - reason unknown",
-        "TLS1-NULL-SHA-client":"Test failure - reason unknown",
-        "TLS11-NULL-SHA-client":"Test failure - reason unknown",
-        "TLS11-NULL-SHA-LargeRecord":"Test failure - reason unknown",
-        "TLS12-NULL-SHA-client":"Test failure - reason unknown",
-        "TLS12-NULL-SHA-server":"Test failure - reason unknown",
-        "TLS12-NULL-SHA-LargeRecord":"Test failure - reason unknown",
-        "TLS11-NULL-SHA-BadRecord":"Test failure - reason unknown",
-        "TLS12-NULL-SHA-BadRecord":"Test failure - reason unknown",
+        "DTLS1-NULL-SHA-server":"Test failure - reason unknown",
+        "DTLS1-NULL-SHA-client":"Test failure - reason unknown",
+        "DTLS12-NULL-SHA-client":"Test failure - reason unknown",
+        "DTLS12-NULL-SHA-server":"Test failure - reason unknown",
        "BadECDSA-1-4":"Test failure - reason unknown",
        "BadECDSA-3-4":"Test failure - reason unknown",
        "BadECDSA-4-1":"Test failure - reason unknown",

--- a/test/ossl_shim/test_config.cc
+++ b/test/ossl_shim/test_config.cc
@@ -133,12 +133,26 @@ bool ParseConfig(int argc, char **argv, TestConfig *out_config) {

    std::string *string_field = FindField(out_config, kStringFlags, argv[i]);
    if (string_field != NULL) {
+      const char *val;
+
      i++;
      if (i >= argc) {
        fprintf(stderr, "Missing parameter\n");
        return false;
      }
-      string_field->assign(argv[i]);
+
+      /*
+       * Fix up the -cipher argument. runner uses "DEFAULT:NULL-SHA" to enable
+       * the NULL-SHA cipher. However in OpenSSL "DEFAULT" permanently switches
+       * off NULL ciphers, so we use "ALL:NULL-SHA" instead.
+       */
+      if (strcmp(argv[i - 1], "-cipher") == 0
+          && strcmp(argv[i], "DEFAULT:NULL-SHA") == 0)
+        val = "ALL:NULL-SHA";
+      else
+        val = argv[i];
+
+      string_field->assign(val);
      continue;
    }